2  * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. 
   3  * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca> 
   5  * Redistribution and use in source and binary forms, with or without 
   6  * modification, are permitted provided that the following conditions 
   9  * 1.  Redistributions of source code must retain the above copyright 
  10  *     notice, this list of conditions and the following disclaimer. 
  11  * 2.  Redistributions in binary form must reproduce the above copyright 
  12  *     notice, this list of conditions and the following disclaimer in the 
  13  *     documentation and/or other materials provided with the distribution. 
  14  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of 
  15  *     its contributors may be used to endorse or promote products derived 
  16  *     from this software without specific prior written permission. 
  18  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 
  19  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
  20  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
  21  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 
  22  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
  23  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
  24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
  25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
  26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 
  27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  31 #include "Interpreter.h" 
  33 #include "Arguments.h" 
  34 #include "BatchedTransitionOptimizer.h" 
  35 #include "CodeBlock.h" 
  36 #include "DebuggerCallFrame.h" 
  37 #include "EvalCodeCache.h" 
  38 #include "ExceptionHelpers.h" 
  39 #include "CallFrame.h" 
  40 #include "GlobalEvalFunction.h" 
  41 #include "JSActivation.h" 
  43 #include "JSByteArray.h" 
  44 #include "JSFunction.h" 
  45 #include "JSNotAnObject.h" 
  46 #include "JSPropertyNameIterator.h" 
  47 #include "JSStaticScopeObject.h" 
  49 #include "ObjectPrototype.h" 
  52 #include "RegExpObject.h" 
  53 #include "RegExpPrototype.h" 
  55 #include "Collector.h" 
  57 #include "Operations.h" 
  58 #include "SamplingTool.h" 
  66 #include "AssemblerBuffer.h" 
  70 #include <mach/mach.h> 
  89 // Preferred number of milliseconds between each timeout check 
  90 static const int preferredScriptCheckTimeInterval 
= 1000; 
  92 static ALWAYS_INLINE 
unsigned bytecodeOffsetForPC(CallFrame
* callFrame
, CodeBlock
* codeBlock
, void* pc
) 
  95     return codeBlock
->getBytecodeIndex(callFrame
, pc
); 
  97     UNUSED_PARAM(callFrame
); 
  98     return static_cast<Instruction
*>(pc
) - codeBlock
->instructions().begin(); 
 102 // Returns the depth of the scope chain within a given call frame. 
 103 static int depth(CodeBlock
* codeBlock
, ScopeChain
& sc
) 
 105     if (!codeBlock
->needsFullScopeChain()) 
 107     return sc
.localDepth(); 
 110 static inline bool jsLess(CallFrame
* callFrame
, JSValuePtr v1
, JSValuePtr v2
) 
 112     if (JSValuePtr::areBothInt32Fast(v1
, v2
)) 
 113         return v1
.getInt32Fast() < v2
.getInt32Fast(); 
 117     if (v1
.getNumber(n1
) && v2
.getNumber(n2
)) 
 120     Interpreter
* interpreter 
= callFrame
->interpreter(); 
 121     if (interpreter
->isJSString(v1
) && interpreter
->isJSString(v2
)) 
 122         return asString(v1
)->value() < asString(v2
)->value(); 
 126     bool wasNotString1 
= v1
.getPrimitiveNumber(callFrame
, n1
, p1
); 
 127     bool wasNotString2 
= v2
.getPrimitiveNumber(callFrame
, n2
, p2
); 
 129     if (wasNotString1 
| wasNotString2
) 
 132     return asString(p1
)->value() < asString(p2
)->value(); 
 135 static inline bool jsLessEq(CallFrame
* callFrame
, JSValuePtr v1
, JSValuePtr v2
) 
 137     if (JSValuePtr::areBothInt32Fast(v1
, v2
)) 
 138         return v1
.getInt32Fast() <= v2
.getInt32Fast(); 
 142     if (v1
.getNumber(n1
) && v2
.getNumber(n2
)) 
 145     Interpreter
* interpreter 
= callFrame
->interpreter(); 
 146     if (interpreter
->isJSString(v1
) && interpreter
->isJSString(v2
)) 
 147         return !(asString(v2
)->value() < asString(v1
)->value()); 
 151     bool wasNotString1 
= v1
.getPrimitiveNumber(callFrame
, n1
, p1
); 
 152     bool wasNotString2 
= v2
.getPrimitiveNumber(callFrame
, n2
, p2
); 
 154     if (wasNotString1 
| wasNotString2
) 
 157     return !(asString(p2
)->value() < asString(p1
)->value()); 
 160 static NEVER_INLINE JSValuePtr 
jsAddSlowCase(CallFrame
* callFrame
, JSValuePtr v1
, JSValuePtr v2
) 
 162     // exception for the Date exception in defaultValue() 
 163     JSValuePtr p1 
= v1
.toPrimitive(callFrame
); 
 164     JSValuePtr p2 
= v2
.toPrimitive(callFrame
); 
 166     if (p1
.isString() || p2
.isString()) { 
 167         RefPtr
<UString::Rep
> value 
= concatenate(p1
.toString(callFrame
).rep(), p2
.toString(callFrame
).rep()); 
 169             return throwOutOfMemoryError(callFrame
); 
 170         return jsString(callFrame
, value
.release()); 
 173     return jsNumber(callFrame
, p1
.toNumber(callFrame
) + p2
.toNumber(callFrame
)); 
 176 // Fast-path choices here are based on frequency data from SunSpider: 
 177 //    <times> Add case: <t1> <t2> 
 178 //    --------------------------- 
 179 //    5626160 Add case: 3 3 (of these, 3637690 are for immediate values) 
 180 //    247412  Add case: 5 5 
 181 //    20900   Add case: 5 6 
 182 //    13962   Add case: 5 3 
 183 //    4000    Add case: 3 5 
 185 static ALWAYS_INLINE JSValuePtr 
jsAdd(CallFrame
* callFrame
, JSValuePtr v1
, JSValuePtr v2
) 
 190     bool rightIsNumber 
= v2
.getNumber(right
); 
 191     if (rightIsNumber 
&& v1
.getNumber(left
)) 
 192         return jsNumber(callFrame
, left 
+ right
); 
 194     bool leftIsString 
= v1
.isString(); 
 195     if (leftIsString 
&& v2
.isString()) { 
 196         RefPtr
<UString::Rep
> value 
= concatenate(asString(v1
)->value().rep(), asString(v2
)->value().rep()); 
 198             return throwOutOfMemoryError(callFrame
); 
 199         return jsString(callFrame
, value
.release()); 
 202     if (rightIsNumber 
& leftIsString
) { 
 203         RefPtr
<UString::Rep
> value 
= v2
.isInt32Fast() ? 
 204             concatenate(asString(v1
)->value().rep(), v2
.getInt32Fast()) : 
 205             concatenate(asString(v1
)->value().rep(), right
); 
 208             return throwOutOfMemoryError(callFrame
); 
 209         return jsString(callFrame
, value
.release()); 
 212     // All other cases are pretty uncommon 
 213     return jsAddSlowCase(callFrame
, v1
, v2
); 
 216 static JSValuePtr 
jsTypeStringForValue(CallFrame
* callFrame
, JSValuePtr v
) 
 219         return jsNontrivialString(callFrame
, "undefined"); 
 221         return jsNontrivialString(callFrame
, "boolean"); 
 223         return jsNontrivialString(callFrame
, "number"); 
 225         return jsNontrivialString(callFrame
, "string"); 
 227         // Return "undefined" for objects that should be treated 
 228         // as null when doing comparisons. 
 229         if (asObject(v
)->structure()->typeInfo().masqueradesAsUndefined()) 
 230             return jsNontrivialString(callFrame
, "undefined"); 
 232         if (asObject(v
)->getCallData(callData
) != CallTypeNone
) 
 233             return jsNontrivialString(callFrame
, "function"); 
 235     return jsNontrivialString(callFrame
, "object"); 
 238 static bool jsIsObjectType(JSValuePtr v
) 
 243     JSType type 
= asCell(v
)->structure()->typeInfo().type(); 
 244     if (type 
== NumberType 
|| type 
== StringType
) 
 246     if (type 
== ObjectType
) { 
 247         if (asObject(v
)->structure()->typeInfo().masqueradesAsUndefined()) 
 250         if (asObject(v
)->getCallData(callData
) != CallTypeNone
) 
 256 static bool jsIsFunctionType(JSValuePtr v
) 
 260         if (asObject(v
)->getCallData(callData
) != CallTypeNone
) 
 266 NEVER_INLINE 
bool Interpreter::resolve(CallFrame
* callFrame
, Instruction
* vPC
, JSValuePtr
& exceptionValue
) 
 268     int dst 
= (vPC 
+ 1)->u
.operand
; 
 269     int property 
= (vPC 
+ 2)->u
.operand
; 
 271     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 272     ScopeChainIterator iter 
= scopeChain
->begin(); 
 273     ScopeChainIterator end 
= scopeChain
->end(); 
 276     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 277     Identifier
& ident 
= codeBlock
->identifier(property
); 
 280         PropertySlot 
slot(o
); 
 281         if (o
->getPropertySlot(callFrame
, ident
, slot
)) { 
 282             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
 283             exceptionValue 
= callFrame
->globalData().exception
; 
 286             callFrame
[dst
] = JSValuePtr(result
); 
 289     } while (++iter 
!= end
); 
 290     exceptionValue 
= createUndefinedVariableError(callFrame
, ident
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 294 NEVER_INLINE 
bool Interpreter::resolveSkip(CallFrame
* callFrame
, Instruction
* vPC
, JSValuePtr
& exceptionValue
) 
 296     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 298     int dst 
= (vPC 
+ 1)->u
.operand
; 
 299     int property 
= (vPC 
+ 2)->u
.operand
; 
 300     int skip 
= (vPC 
+ 3)->u
.operand 
+ codeBlock
->needsFullScopeChain(); 
 302     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 303     ScopeChainIterator iter 
= scopeChain
->begin(); 
 304     ScopeChainIterator end 
= scopeChain
->end(); 
 310     Identifier
& ident 
= codeBlock
->identifier(property
); 
 313         PropertySlot 
slot(o
); 
 314         if (o
->getPropertySlot(callFrame
, ident
, slot
)) { 
 315             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
 316             exceptionValue 
= callFrame
->globalData().exception
; 
 319             callFrame
[dst
] = JSValuePtr(result
); 
 322     } while (++iter 
!= end
); 
 323     exceptionValue 
= createUndefinedVariableError(callFrame
, ident
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 327 NEVER_INLINE 
bool Interpreter::resolveGlobal(CallFrame
* callFrame
, Instruction
* vPC
, JSValuePtr
& exceptionValue
) 
 329     int dst 
= (vPC 
+ 1)->u
.operand
; 
 330     JSGlobalObject
* globalObject 
= static_cast<JSGlobalObject
*>((vPC 
+ 2)->u
.jsCell
); 
 331     ASSERT(globalObject
->isGlobalObject()); 
 332     int property 
= (vPC 
+ 3)->u
.operand
; 
 333     Structure
* structure 
= (vPC 
+ 4)->u
.structure
; 
 334     int offset 
= (vPC 
+ 5)->u
.operand
; 
 336     if (structure 
== globalObject
->structure()) { 
 337         callFrame
[dst
] = JSValuePtr(globalObject
->getDirectOffset(offset
)); 
 341     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 342     Identifier
& ident 
= codeBlock
->identifier(property
); 
 343     PropertySlot 
slot(globalObject
); 
 344     if (globalObject
->getPropertySlot(callFrame
, ident
, slot
)) { 
 345         JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
 346         if (slot
.isCacheable() && !globalObject
->structure()->isDictionary()) { 
 347             if (vPC
[4].u
.structure
) 
 348                 vPC
[4].u
.structure
->deref(); 
 349             globalObject
->structure()->ref(); 
 350             vPC
[4] = globalObject
->structure(); 
 351             vPC
[5] = slot
.cachedOffset(); 
 352             callFrame
[dst
] = JSValuePtr(result
); 
 356         exceptionValue 
= callFrame
->globalData().exception
; 
 359         callFrame
[dst
] = JSValuePtr(result
); 
 363     exceptionValue 
= createUndefinedVariableError(callFrame
, ident
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 367 static ALWAYS_INLINE JSValuePtr 
inlineResolveBase(CallFrame
* callFrame
, Identifier
& property
, ScopeChainNode
* scopeChain
) 
 369     ScopeChainIterator iter 
= scopeChain
->begin(); 
 370     ScopeChainIterator next 
= iter
; 
 372     ScopeChainIterator end 
= scopeChain
->end(); 
 379         if (next 
== end 
|| base
->getPropertySlot(callFrame
, property
, slot
)) 
 386     ASSERT_NOT_REACHED(); 
 390 NEVER_INLINE 
void Interpreter::resolveBase(CallFrame
* callFrame
, Instruction
* vPC
) 
 392     int dst 
= (vPC 
+ 1)->u
.operand
; 
 393     int property 
= (vPC 
+ 2)->u
.operand
; 
 394     callFrame
[dst
] = JSValuePtr(inlineResolveBase(callFrame
, callFrame
->codeBlock()->identifier(property
), callFrame
->scopeChain())); 
 397 NEVER_INLINE 
bool Interpreter::resolveBaseAndProperty(CallFrame
* callFrame
, Instruction
* vPC
, JSValuePtr
& exceptionValue
) 
 399     int baseDst 
= (vPC 
+ 1)->u
.operand
; 
 400     int propDst 
= (vPC 
+ 2)->u
.operand
; 
 401     int property 
= (vPC 
+ 3)->u
.operand
; 
 403     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 404     ScopeChainIterator iter 
= scopeChain
->begin(); 
 405     ScopeChainIterator end 
= scopeChain
->end(); 
 407     // FIXME: add scopeDepthIsZero optimization 
 411     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 412     Identifier
& ident 
= codeBlock
->identifier(property
); 
 416         PropertySlot 
slot(base
); 
 417         if (base
->getPropertySlot(callFrame
, ident
, slot
)) { 
 418             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
 419             exceptionValue 
= callFrame
->globalData().exception
; 
 422             callFrame
[propDst
] = JSValuePtr(result
); 
 423             callFrame
[baseDst
] = JSValuePtr(base
); 
 427     } while (iter 
!= end
); 
 429     exceptionValue 
= createUndefinedVariableError(callFrame
, ident
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 433 NEVER_INLINE 
bool Interpreter::resolveBaseAndFunc(CallFrame
* callFrame
, Instruction
* vPC
, JSValuePtr
& exceptionValue
) 
 435     int baseDst 
= (vPC 
+ 1)->u
.operand
; 
 436     int funcDst 
= (vPC 
+ 2)->u
.operand
; 
 437     int property 
= (vPC 
+ 3)->u
.operand
; 
 439     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 440     ScopeChainIterator iter 
= scopeChain
->begin(); 
 441     ScopeChainIterator end 
= scopeChain
->end(); 
 443     // FIXME: add scopeDepthIsZero optimization 
 447     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 448     Identifier
& ident 
= codeBlock
->identifier(property
); 
 452         PropertySlot 
slot(base
); 
 453         if (base
->getPropertySlot(callFrame
, ident
, slot
)) {             
 454             // ECMA 11.2.3 says that if we hit an activation the this value should be null. 
 455             // However, section 10.2.3 says that in the case where the value provided 
 456             // by the caller is null, the global object should be used. It also says 
 457             // that the section does not apply to internal functions, but for simplicity 
 458             // of implementation we use the global object anyway here. This guarantees 
 459             // that in host objects you always get a valid object for this. 
 460             // We also handle wrapper substitution for the global object at the same time. 
 461             JSObject
* thisObj 
= base
->toThisObject(callFrame
); 
 462             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
 463             exceptionValue 
= callFrame
->globalData().exception
; 
 467             callFrame
[baseDst
] = JSValuePtr(thisObj
); 
 468             callFrame
[funcDst
] = JSValuePtr(result
); 
 472     } while (iter 
!= end
); 
 474     exceptionValue 
= createUndefinedVariableError(callFrame
, ident
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 478 ALWAYS_INLINE CallFrame
* Interpreter::slideRegisterWindowForCall(CodeBlock
* newCodeBlock
, RegisterFile
* registerFile
, CallFrame
* callFrame
, size_t registerOffset
, int argc
) 
 480     Register
* r 
= callFrame
->registers(); 
 481     Register
* newEnd 
= r 
+ registerOffset 
+ newCodeBlock
->m_numCalleeRegisters
; 
 483     if (LIKELY(argc 
== newCodeBlock
->m_numParameters
)) { // correct number of arguments 
 484         if (UNLIKELY(!registerFile
->grow(newEnd
))) 
 487     } else if (argc 
< newCodeBlock
->m_numParameters
) { // too few arguments -- fill in the blanks 
 488         size_t omittedArgCount 
= newCodeBlock
->m_numParameters 
- argc
; 
 489         registerOffset 
+= omittedArgCount
; 
 490         newEnd 
+= omittedArgCount
; 
 491         if (!registerFile
->grow(newEnd
)) 
 495         Register
* argv 
= r 
- RegisterFile::CallFrameHeaderSize 
- omittedArgCount
; 
 496         for (size_t i 
= 0; i 
< omittedArgCount
; ++i
) 
 497             argv
[i
] = jsUndefined(); 
 498     } else { // too many arguments -- copy expected arguments, leaving the extra arguments behind 
 499         size_t numParameters 
= newCodeBlock
->m_numParameters
; 
 500         registerOffset 
+= numParameters
; 
 501         newEnd 
+= numParameters
; 
 503         if (!registerFile
->grow(newEnd
)) 
 507         Register
* argv 
= r 
- RegisterFile::CallFrameHeaderSize 
- numParameters 
- argc
; 
 508         for (size_t i 
= 0; i 
< numParameters
; ++i
) 
 509             argv
[i 
+ argc
] = argv
[i
]; 
 512     return CallFrame::create(r
); 
 515 static NEVER_INLINE 
bool isNotObject(CallFrame
* callFrame
, bool forInstanceOf
, CodeBlock
* codeBlock
, const Instruction
* vPC
, JSValuePtr value
, JSValuePtr
& exceptionData
) 
 517     if (value
.isObject()) 
 519     exceptionData 
= createInvalidParamError(callFrame
, forInstanceOf 
? "instanceof" : "in" , value
, vPC 
- codeBlock
->instructions().begin(), codeBlock
); 
 523 NEVER_INLINE JSValuePtr 
Interpreter::callEval(CallFrame
* callFrame
, RegisterFile
* registerFile
, Register
* argv
, int argc
, int registerOffset
, JSValuePtr
& exceptionValue
) 
 526         return jsUndefined(); 
 528     JSValuePtr program 
= argv
[1].jsValue(callFrame
); 
 530     if (!program
.isString()) 
 533     UString programSource 
= asString(program
)->value(); 
 535     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 536     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 537     RefPtr
<EvalNode
> evalNode 
= codeBlock
->evalCodeCache().get(callFrame
, programSource
, scopeChain
, exceptionValue
); 
 539     JSValuePtr result 
= jsUndefined(); 
 541         result 
= callFrame
->globalData().interpreter
->execute(evalNode
.get(), callFrame
, callFrame
->thisValue().toThisObject(callFrame
), callFrame
->registers() - registerFile
->start() + registerOffset
, scopeChain
, &exceptionValue
); 
 546 Interpreter::Interpreter() 
 549     , m_ctiArrayLengthTrampoline(0) 
 550     , m_ctiStringLengthTrampoline(0) 
 551     , m_ctiVirtualCallPreLink(0) 
 552     , m_ctiVirtualCallLink(0) 
 553     , m_ctiVirtualCall(0) 
 557     , m_timeAtLastCheckTimeout(0) 
 559     , m_timeoutCheckCount(0) 
 560     , m_ticksUntilNextTimeoutCheck(initialTickCountThreshold
) 
 563     privateExecute(InitializeAndReturn
, 0, 0, 0); 
 565     // Bizarrely, calling fastMalloc here is faster than allocating space on the stack. 
 566     void* storage 
= fastMalloc(sizeof(CollectorBlock
)); 
 568     JSCell
* jsArray 
= new (storage
) JSArray(JSArray::createStructure(jsNull())); 
 569     m_jsArrayVptr 
= jsArray
->vptr(); 
 572     JSCell
* jsByteArray 
= new (storage
) JSByteArray(JSByteArray::VPtrStealingHack
); 
 573     m_jsByteArrayVptr 
= jsByteArray
->vptr(); 
 574     jsByteArray
->~JSCell(); 
 576     JSCell
* jsString 
= new (storage
) JSString(JSString::VPtrStealingHack
); 
 577     m_jsStringVptr 
= jsString
->vptr(); 
 580     JSCell
* jsFunction 
= new (storage
) JSFunction(JSFunction::createStructure(jsNull())); 
 581     m_jsFunctionVptr 
= jsFunction
->vptr(); 
 582     jsFunction
->~JSCell(); 
 587 void Interpreter::initialize(JSGlobalData
* globalData
) 
 590     JIT::compileCTIMachineTrampolines(globalData
); 
 592     UNUSED_PARAM(globalData
); 
 596 Interpreter::~Interpreter() 
 602 void Interpreter::dumpCallFrame(CallFrame
* callFrame
) 
 604     callFrame
->codeBlock()->dump(callFrame
); 
 605     dumpRegisters(callFrame
); 
 608 void Interpreter::dumpRegisters(CallFrame
* callFrame
) 
 610     printf("Register frame: \n\n"); 
 611     printf("----------------------------------------------------\n"); 
 612     printf("            use            |   address  |   value   \n"); 
 613     printf("----------------------------------------------------\n"); 
 615     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 616     RegisterFile
* registerFile 
= &callFrame
->scopeChain()->globalObject()->globalData()->interpreter
->registerFile(); 
 620     if (codeBlock
->codeType() == GlobalCode
) { 
 621         it 
= registerFile
->lastGlobal(); 
 622         end 
= it 
+ registerFile
->numGlobals(); 
 624             printf("[global var]               | %10p | %10p \n", it
, (*it
).v()); 
 627         printf("----------------------------------------------------\n"); 
 630     it 
= callFrame
->registers() - RegisterFile::CallFrameHeaderSize 
- codeBlock
->m_numParameters
; 
 631     printf("[this]                     | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 632     end 
= it 
+ max(codeBlock
->m_numParameters 
- 1, 0); // - 1 to skip "this" 
 635             printf("[param]                    | %10p | %10p \n", it
, (*it
).v()); 
 639     printf("----------------------------------------------------\n"); 
 641     printf("[CodeBlock]                | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 642     printf("[ScopeChain]               | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 643     printf("[CallerRegisters]          | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 644     printf("[ReturnPC]                 | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 645     printf("[ReturnValueRegister]      | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 646     printf("[ArgumentCount]            | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 647     printf("[Callee]                   | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 648     printf("[OptionalCalleeArguments]  | %10p | %10p \n", it
, (*it
).v()); ++it
; 
 649     printf("----------------------------------------------------\n"); 
 651     int registerCount 
= 0; 
 653     end 
= it 
+ codeBlock
->m_numVars
; 
 656             printf("[r%2d]                      | %10p | %10p \n", registerCount
, it
, (*it
).v()); 
 661     printf("----------------------------------------------------\n"); 
 663     end 
= it 
+ codeBlock
->m_numConstants
; 
 666             printf("[r%2d]                      | %10p | %10p \n", registerCount
, it
, (*it
).v()); 
 671     printf("----------------------------------------------------\n"); 
 673     end 
= it 
+ codeBlock
->m_numCalleeRegisters 
- codeBlock
->m_numConstants 
- codeBlock
->m_numVars
; 
 676             printf("[r%2d]                      | %10p | %10p \n", registerCount
, it
, (*it
).v()); 
 681     printf("----------------------------------------------------\n"); 
 686 bool Interpreter::isOpcode(Opcode opcode
) 
 688 #if HAVE(COMPUTED_GOTO) 
 689     return opcode 
!= HashTraits
<Opcode
>::emptyValue() 
 690         && !HashTraits
<Opcode
>::isDeletedValue(opcode
) 
 691         && m_opcodeIDTable
.contains(opcode
); 
 693     return opcode 
>= 0 && opcode 
<= op_end
; 
 697 NEVER_INLINE 
bool Interpreter::unwindCallFrame(CallFrame
*& callFrame
, JSValuePtr exceptionValue
, unsigned& bytecodeOffset
, CodeBlock
*& codeBlock
) 
 699     CodeBlock
* oldCodeBlock 
= codeBlock
; 
 700     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 702     if (Debugger
* debugger 
= callFrame
->dynamicGlobalObject()->debugger()) { 
 703         DebuggerCallFrame 
debuggerCallFrame(callFrame
, exceptionValue
); 
 704         if (callFrame
->callee()) 
 705             debugger
->returnEvent(debuggerCallFrame
, codeBlock
->ownerNode()->sourceID(), codeBlock
->ownerNode()->lastLine()); 
 707             debugger
->didExecuteProgram(debuggerCallFrame
, codeBlock
->ownerNode()->sourceID(), codeBlock
->ownerNode()->lastLine()); 
 710     if (Profiler
* profiler 
= *Profiler::enabledProfilerReference()) { 
 711         if (callFrame
->callee()) 
 712             profiler
->didExecute(callFrame
, callFrame
->callee()); 
 714             profiler
->didExecute(callFrame
, codeBlock
->ownerNode()->sourceURL(), codeBlock
->ownerNode()->lineNo()); 
 717     // If this call frame created an activation or an 'arguments' object, tear it off. 
 718     if (oldCodeBlock
->codeType() == FunctionCode 
&& oldCodeBlock
->needsFullScopeChain()) { 
 719         while (!scopeChain
->object
->isObject(&JSActivation::info
)) 
 720             scopeChain 
= scopeChain
->pop(); 
 721         static_cast<JSActivation
*>(scopeChain
->object
)->copyRegisters(callFrame
->optionalCalleeArguments()); 
 722     } else if (Arguments
* arguments 
= callFrame
->optionalCalleeArguments()) { 
 723         if (!arguments
->isTornOff()) 
 724             arguments
->copyRegisters(); 
 727     if (oldCodeBlock
->needsFullScopeChain()) 
 730     void* returnPC 
= callFrame
->returnPC(); 
 731     callFrame 
= callFrame
->callerFrame(); 
 732     if (callFrame
->hasHostCallFrameFlag()) 
 735     codeBlock 
= callFrame
->codeBlock(); 
 736     bytecodeOffset 
= bytecodeOffsetForPC(callFrame
, codeBlock
, returnPC
); 
 740 NEVER_INLINE HandlerInfo
* Interpreter::throwException(CallFrame
*& callFrame
, JSValuePtr
& exceptionValue
, unsigned bytecodeOffset
, bool explicitThrow
) 
 742     // Set up the exception object 
 744     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
 745     if (exceptionValue
.isObject()) { 
 746         JSObject
* exception 
= asObject(exceptionValue
); 
 747         if (exception
->isNotAnObjectErrorStub()) { 
 748             exception 
= createNotAnObjectError(callFrame
, static_cast<JSNotAnObjectErrorStub
*>(exception
), bytecodeOffset
, codeBlock
); 
 749             exceptionValue 
= exception
; 
 751             if (!exception
->hasProperty(callFrame
, Identifier(callFrame
, "line")) &&  
 752                 !exception
->hasProperty(callFrame
, Identifier(callFrame
, "sourceId")) &&  
 753                 !exception
->hasProperty(callFrame
, Identifier(callFrame
, "sourceURL")) &&  
 754                 !exception
->hasProperty(callFrame
, Identifier(callFrame
, expressionBeginOffsetPropertyName
)) &&  
 755                 !exception
->hasProperty(callFrame
, Identifier(callFrame
, expressionCaretOffsetPropertyName
)) &&  
 756                 !exception
->hasProperty(callFrame
, Identifier(callFrame
, expressionEndOffsetPropertyName
))) { 
 761                     int line 
= codeBlock
->expressionRangeForBytecodeOffset(callFrame
, bytecodeOffset
, divotPoint
, startOffset
, endOffset
); 
 762                     exception
->putWithAttributes(callFrame
, Identifier(callFrame
, "line"), jsNumber(callFrame
, line
), ReadOnly 
| DontDelete
); 
 764                     // We only hit this path for error messages and throw statements, which don't have a specific failure position 
 765                     // So we just give the full range of the error/throw statement. 
 766                     exception
->putWithAttributes(callFrame
, Identifier(callFrame
, expressionBeginOffsetPropertyName
), jsNumber(callFrame
, divotPoint 
- startOffset
), ReadOnly 
| DontDelete
); 
 767                     exception
->putWithAttributes(callFrame
, Identifier(callFrame
, expressionEndOffsetPropertyName
), jsNumber(callFrame
, divotPoint 
+ endOffset
), ReadOnly 
| DontDelete
); 
 769                     exception
->putWithAttributes(callFrame
, Identifier(callFrame
, "line"), jsNumber(callFrame
, codeBlock
->lineNumberForBytecodeOffset(callFrame
, bytecodeOffset
)), ReadOnly 
| DontDelete
); 
 770                 exception
->putWithAttributes(callFrame
, Identifier(callFrame
, "sourceId"), jsNumber(callFrame
, codeBlock
->ownerNode()->sourceID()), ReadOnly 
| DontDelete
); 
 771                 exception
->putWithAttributes(callFrame
, Identifier(callFrame
, "sourceURL"), jsOwnedString(callFrame
, codeBlock
->ownerNode()->sourceURL()), ReadOnly 
| DontDelete
); 
 774             if (exception
->isWatchdogException()) { 
 775                 while (unwindCallFrame(callFrame
, exceptionValue
, bytecodeOffset
, codeBlock
)) { 
 776                     // Don't need handler checks or anything, we just want to unroll all the JS callframes possible. 
 783     if (Debugger
* debugger 
= callFrame
->dynamicGlobalObject()->debugger()) { 
 784         DebuggerCallFrame 
debuggerCallFrame(callFrame
, exceptionValue
); 
 785         debugger
->exception(debuggerCallFrame
, codeBlock
->ownerNode()->sourceID(), codeBlock
->lineNumberForBytecodeOffset(callFrame
, bytecodeOffset
)); 
 788     // If we throw in the middle of a call instruction, we need to notify 
 789     // the profiler manually that the call instruction has returned, since 
 790     // we'll never reach the relevant op_profile_did_call. 
 791     if (Profiler
* profiler 
= *Profiler::enabledProfilerReference()) { 
 793         if (isCallBytecode(codeBlock
->instructions()[bytecodeOffset
].u
.opcode
)) 
 794             profiler
->didExecute(callFrame
, callFrame
[codeBlock
->instructions()[bytecodeOffset 
+ 2].u
.operand
].jsValue(callFrame
)); 
 795         else if (codeBlock
->instructions()[bytecodeOffset 
+ 8].u
.opcode 
== getOpcode(op_construct
)) 
 796             profiler
->didExecute(callFrame
, callFrame
[codeBlock
->instructions()[bytecodeOffset 
+ 10].u
.operand
].jsValue(callFrame
)); 
 798         int functionRegisterIndex
; 
 799         if (codeBlock
->functionRegisterForBytecodeOffset(bytecodeOffset
, functionRegisterIndex
)) 
 800             profiler
->didExecute(callFrame
, callFrame
[functionRegisterIndex
].jsValue(callFrame
)); 
 804     // Calculate an exception handler vPC, unwinding call frames as necessary. 
 806     HandlerInfo
* handler 
= 0; 
 807     while (!(handler 
= codeBlock
->handlerForBytecodeOffset(bytecodeOffset
))) { 
 808         if (!unwindCallFrame(callFrame
, exceptionValue
, bytecodeOffset
, codeBlock
)) 
 812     // Now unwind the scope chain within the exception handler's call frame. 
 814     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
 815     ScopeChain 
sc(scopeChain
); 
 816     int scopeDelta 
= depth(codeBlock
, sc
) - handler
->scopeDepth
; 
 817     ASSERT(scopeDelta 
>= 0); 
 819         scopeChain 
= scopeChain
->pop(); 
 820     callFrame
->setScopeChain(scopeChain
); 
 825 JSValuePtr 
Interpreter::execute(ProgramNode
* programNode
, CallFrame
* callFrame
, ScopeChainNode
* scopeChain
, JSObject
* thisObj
, JSValuePtr
* exception
) 
 827     ASSERT(!scopeChain
->globalData
->exception
); 
 829     if (m_reentryDepth 
>= MaxReentryDepth
) { 
 830         *exception 
= createStackOverflowError(callFrame
); 
 834     CodeBlock
* codeBlock 
= &programNode
->bytecode(scopeChain
); 
 836     Register
* oldEnd 
= m_registerFile
.end(); 
 837     Register
* newEnd 
= oldEnd 
+ codeBlock
->m_numParameters 
+ RegisterFile::CallFrameHeaderSize 
+ codeBlock
->m_numCalleeRegisters
; 
 838     if (!m_registerFile
.grow(newEnd
)) { 
 839         *exception 
= createStackOverflowError(callFrame
); 
 843     DynamicGlobalObjectScope 
globalObjectScope(callFrame
, scopeChain
->globalObject()); 
 845     JSGlobalObject
* lastGlobalObject 
= m_registerFile
.globalObject(); 
 846     JSGlobalObject
* globalObject 
= callFrame
->dynamicGlobalObject(); 
 847     globalObject
->copyGlobalsTo(m_registerFile
); 
 849     CallFrame
* newCallFrame 
= CallFrame::create(oldEnd 
+ codeBlock
->m_numParameters 
+ RegisterFile::CallFrameHeaderSize
); 
 850     newCallFrame
[codeBlock
->thisRegister()] = JSValuePtr(thisObj
); 
 851     newCallFrame
->init(codeBlock
, 0, scopeChain
, CallFrame::noCaller(), 0, 0, 0); 
 853     if (codeBlock
->needsFullScopeChain()) 
 856     Profiler
** profiler 
= Profiler::enabledProfilerReference(); 
 858         (*profiler
)->willExecute(newCallFrame
, programNode
->sourceURL(), programNode
->lineNo()); 
 862         SamplingTool::CallRecord 
callRecord(m_sampler
); 
 866         if (!codeBlock
->jitCode()) 
 867             JIT::compile(scopeChain
->globalData
, codeBlock
); 
 868         result 
= JIT::execute(codeBlock
->jitCode(), &m_registerFile
, newCallFrame
, scopeChain
->globalData
, exception
); 
 870         result 
= privateExecute(Normal
, &m_registerFile
, newCallFrame
, exception
); 
 876         (*profiler
)->didExecute(callFrame
, programNode
->sourceURL(), programNode
->lineNo()); 
 878     if (m_reentryDepth 
&& lastGlobalObject 
&& globalObject 
!= lastGlobalObject
) 
 879         lastGlobalObject
->copyGlobalsTo(m_registerFile
); 
 881     m_registerFile
.shrink(oldEnd
); 
 886 JSValuePtr 
Interpreter::execute(FunctionBodyNode
* functionBodyNode
, CallFrame
* callFrame
, JSFunction
* function
, JSObject
* thisObj
, const ArgList
& args
, ScopeChainNode
* scopeChain
, JSValuePtr
* exception
) 
 888     ASSERT(!scopeChain
->globalData
->exception
); 
 890     if (m_reentryDepth 
>= MaxReentryDepth
) { 
 891         *exception 
= createStackOverflowError(callFrame
); 
 895     Register
* oldEnd 
= m_registerFile
.end(); 
 896     int argc 
= 1 + args
.size(); // implicit "this" parameter 
 898     if (!m_registerFile
.grow(oldEnd 
+ argc
)) { 
 899         *exception 
= createStackOverflowError(callFrame
); 
 903     DynamicGlobalObjectScope 
globalObjectScope(callFrame
, callFrame
->globalData().dynamicGlobalObject 
? callFrame
->globalData().dynamicGlobalObject 
: scopeChain
->globalObject()); 
 905     CallFrame
* newCallFrame 
= CallFrame::create(oldEnd
); 
 907     newCallFrame
[0] = JSValuePtr(thisObj
); 
 908     ArgList::const_iterator end 
= args
.end(); 
 909     for (ArgList::const_iterator it 
= args
.begin(); it 
!= end
; ++it
) 
 910         newCallFrame
[++dst
] = *it
; 
 912     CodeBlock
* codeBlock 
= &functionBodyNode
->bytecode(scopeChain
); 
 913     newCallFrame 
= slideRegisterWindowForCall(codeBlock
, &m_registerFile
, newCallFrame
, argc 
+ RegisterFile::CallFrameHeaderSize
, argc
); 
 914     if (UNLIKELY(!newCallFrame
)) { 
 915         *exception 
= createStackOverflowError(callFrame
); 
 916         m_registerFile
.shrink(oldEnd
); 
 919     // a 0 codeBlock indicates a built-in caller 
 920     newCallFrame
->init(codeBlock
, 0, scopeChain
, callFrame
->addHostCallFrameFlag(), 0, argc
, function
); 
 922     Profiler
** profiler 
= Profiler::enabledProfilerReference(); 
 924         (*profiler
)->willExecute(callFrame
, function
); 
 928         SamplingTool::CallRecord 
callRecord(m_sampler
); 
 932         if (!codeBlock
->jitCode()) 
 933             JIT::compile(scopeChain
->globalData
, codeBlock
); 
 934         result 
= JIT::execute(codeBlock
->jitCode(), &m_registerFile
, newCallFrame
, scopeChain
->globalData
, exception
); 
 936         result 
= privateExecute(Normal
, &m_registerFile
, newCallFrame
, exception
); 
 942         (*profiler
)->didExecute(callFrame
, function
); 
 944     m_registerFile
.shrink(oldEnd
); 
 948 JSValuePtr 
Interpreter::execute(EvalNode
* evalNode
, CallFrame
* callFrame
, JSObject
* thisObj
, ScopeChainNode
* scopeChain
, JSValuePtr
* exception
) 
 950     return execute(evalNode
, callFrame
, thisObj
, m_registerFile
.size() + evalNode
->bytecode(scopeChain
).m_numParameters 
+ RegisterFile::CallFrameHeaderSize
, scopeChain
, exception
); 
 953 JSValuePtr 
Interpreter::execute(EvalNode
* evalNode
, CallFrame
* callFrame
, JSObject
* thisObj
, int globalRegisterOffset
, ScopeChainNode
* scopeChain
, JSValuePtr
* exception
) 
 955     ASSERT(!scopeChain
->globalData
->exception
); 
 957     if (m_reentryDepth 
>= MaxReentryDepth
) { 
 958         *exception 
= createStackOverflowError(callFrame
); 
 962     DynamicGlobalObjectScope 
globalObjectScope(callFrame
, callFrame
->globalData().dynamicGlobalObject 
? callFrame
->globalData().dynamicGlobalObject 
: scopeChain
->globalObject()); 
 964     EvalCodeBlock
* codeBlock 
= &evalNode
->bytecode(scopeChain
); 
 966     JSVariableObject
* variableObject
; 
 967     for (ScopeChainNode
* node 
= scopeChain
; ; node 
= node
->next
) { 
 969         if (node
->object
->isVariableObject()) { 
 970             variableObject 
= static_cast<JSVariableObject
*>(node
->object
); 
 975     { // Scope for BatchedTransitionOptimizer 
 977         BatchedTransitionOptimizer 
optimizer(variableObject
); 
 979         const DeclarationStacks::VarStack
& varStack 
= codeBlock
->ownerNode()->varStack(); 
 980         DeclarationStacks::VarStack::const_iterator varStackEnd 
= varStack
.end(); 
 981         for (DeclarationStacks::VarStack::const_iterator it 
= varStack
.begin(); it 
!= varStackEnd
; ++it
) { 
 982             const Identifier
& ident 
= (*it
).first
; 
 983             if (!variableObject
->hasProperty(callFrame
, ident
)) { 
 984                 PutPropertySlot slot
; 
 985                 variableObject
->put(callFrame
, ident
, jsUndefined(), slot
); 
 989         const DeclarationStacks::FunctionStack
& functionStack 
= codeBlock
->ownerNode()->functionStack(); 
 990         DeclarationStacks::FunctionStack::const_iterator functionStackEnd 
= functionStack
.end(); 
 991         for (DeclarationStacks::FunctionStack::const_iterator it 
= functionStack
.begin(); it 
!= functionStackEnd
; ++it
) { 
 992             PutPropertySlot slot
; 
 993             variableObject
->put(callFrame
, (*it
)->m_ident
, (*it
)->makeFunction(callFrame
, scopeChain
), slot
); 
 998     Register
* oldEnd 
= m_registerFile
.end(); 
 999     Register
* newEnd 
= m_registerFile
.start() + globalRegisterOffset 
+ codeBlock
->m_numCalleeRegisters
; 
1000     if (!m_registerFile
.grow(newEnd
)) { 
1001         *exception 
= createStackOverflowError(callFrame
); 
1005     CallFrame
* newCallFrame 
= CallFrame::create(m_registerFile
.start() + globalRegisterOffset
); 
1007     // a 0 codeBlock indicates a built-in caller 
1008     newCallFrame
[codeBlock
->thisRegister()] = JSValuePtr(thisObj
); 
1009     newCallFrame
->init(codeBlock
, 0, scopeChain
, callFrame
->addHostCallFrameFlag(), 0, 0, 0); 
1011     if (codeBlock
->needsFullScopeChain()) 
1014     Profiler
** profiler 
= Profiler::enabledProfilerReference(); 
1016         (*profiler
)->willExecute(newCallFrame
, evalNode
->sourceURL(), evalNode
->lineNo()); 
1020         SamplingTool::CallRecord 
callRecord(m_sampler
); 
1024         if (!codeBlock
->jitCode()) 
1025             JIT::compile(scopeChain
->globalData
, codeBlock
); 
1026         result 
= JIT::execute(codeBlock
->jitCode(), &m_registerFile
, newCallFrame
, scopeChain
->globalData
, exception
); 
1028         result 
= privateExecute(Normal
, &m_registerFile
, newCallFrame
, exception
); 
1034         (*profiler
)->didExecute(callFrame
, evalNode
->sourceURL(), evalNode
->lineNo()); 
1036     m_registerFile
.shrink(oldEnd
); 
1040 NEVER_INLINE 
void Interpreter::debug(CallFrame
* callFrame
, DebugHookID debugHookID
, int firstLine
, int lastLine
) 
1042     Debugger
* debugger 
= callFrame
->dynamicGlobalObject()->debugger(); 
1046     switch (debugHookID
) { 
1047         case DidEnterCallFrame
: 
1048             debugger
->callEvent(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), firstLine
); 
1050         case WillLeaveCallFrame
: 
1051             debugger
->returnEvent(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), lastLine
); 
1053         case WillExecuteStatement
: 
1054             debugger
->atStatement(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), firstLine
); 
1056         case WillExecuteProgram
: 
1057             debugger
->willExecuteProgram(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), firstLine
); 
1059         case DidExecuteProgram
: 
1060             debugger
->didExecuteProgram(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), lastLine
); 
1062         case DidReachBreakpoint
: 
1063             debugger
->didReachBreakpoint(callFrame
, callFrame
->codeBlock()->ownerNode()->sourceID(), lastLine
); 
1068 void Interpreter::resetTimeoutCheck() 
1070     m_ticksUntilNextTimeoutCheck 
= initialTickCountThreshold
; 
1071     m_timeAtLastCheckTimeout 
= 0; 
1072     m_timeExecuting 
= 0; 
1075 // Returns the time the current thread has spent executing, in milliseconds. 
1076 static inline unsigned getCPUTime() 
1078 #if PLATFORM(DARWIN) 
1079     mach_msg_type_number_t infoCount 
= THREAD_BASIC_INFO_COUNT
; 
1080     thread_basic_info_data_t info
; 
1082     // Get thread information 
1083     mach_port_t threadPort 
= mach_thread_self(); 
1084     thread_info(threadPort
, THREAD_BASIC_INFO
, reinterpret_cast<thread_info_t
>(&info
), &infoCount
); 
1085     mach_port_deallocate(mach_task_self(), threadPort
); 
1087     unsigned time 
= info
.user_time
.seconds 
* 1000 + info
.user_time
.microseconds 
/ 1000; 
1088     time 
+= info
.system_time
.seconds 
* 1000 + info
.system_time
.microseconds 
/ 1000; 
1091 #elif HAVE(SYS_TIME_H) 
1092     // FIXME: This should probably use getrusage with the RUSAGE_THREAD flag. 
1094     gettimeofday(&tv
, 0); 
1095     return tv
.tv_sec 
* 1000 + tv
.tv_usec 
/ 1000; 
1097     QDateTime t 
= QDateTime::currentDateTime(); 
1098     return t
.toTime_t() * 1000 + t
.time().msec(); 
1099 #elif PLATFORM(WIN_OS) 
1102         unsigned long long fileTimeAsLong
; 
1103     } userTime
, kernelTime
; 
1105     // GetThreadTimes won't accept NULL arguments so we pass these even though 
1106     // they're not used. 
1107     FILETIME creationTime
, exitTime
; 
1109     GetThreadTimes(GetCurrentThread(), &creationTime
, &exitTime
, &kernelTime
.fileTime
, &userTime
.fileTime
); 
1111     return userTime
.fileTimeAsLong 
/ 10000 + kernelTime
.fileTimeAsLong 
/ 10000; 
1113 #error Platform does not have getCurrentTime function 
1117 // We have to return a JSValue here, gcc seems to produce worse code if  
1118 // we attempt to return a bool 
1119 ALWAYS_INLINE 
bool Interpreter::checkTimeout(JSGlobalObject
* globalObject
) 
1121     unsigned currentTime 
= getCPUTime(); 
1123     if (!m_timeAtLastCheckTimeout
) { 
1124         // Suspicious amount of looping in a script -- start timing it 
1125         m_timeAtLastCheckTimeout 
= currentTime
; 
1129     unsigned timeDiff 
= currentTime 
- m_timeAtLastCheckTimeout
; 
1134     m_timeExecuting 
+= timeDiff
; 
1135     m_timeAtLastCheckTimeout 
= currentTime
; 
1137     // Adjust the tick threshold so we get the next checkTimeout call in the interval specified in  
1138     // preferredScriptCheckTimeInterval 
1139     m_ticksUntilNextTimeoutCheck 
= static_cast<unsigned>((static_cast<float>(preferredScriptCheckTimeInterval
) / timeDiff
) * m_ticksUntilNextTimeoutCheck
); 
1140     // If the new threshold is 0 reset it to the default threshold. This can happen if the timeDiff is higher than the 
1141     // preferred script check time interval. 
1142     if (m_ticksUntilNextTimeoutCheck 
== 0) 
1143         m_ticksUntilNextTimeoutCheck 
= initialTickCountThreshold
; 
1145     if (globalObject
->shouldInterruptScriptBeforeTimeout()) 
1148     if (m_timeoutTime 
&& m_timeExecuting 
> m_timeoutTime
) { 
1149         if (globalObject
->shouldInterruptScript()) 
1152         resetTimeoutCheck(); 
1158 NEVER_INLINE ScopeChainNode
* Interpreter::createExceptionScope(CallFrame
* callFrame
, const Instruction
* vPC
) 
1160     int dst 
= (++vPC
)->u
.operand
; 
1161     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
1162     Identifier
& property 
= codeBlock
->identifier((++vPC
)->u
.operand
); 
1163     JSValuePtr value 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1164     JSObject
* scope 
= new (callFrame
) JSStaticScopeObject(callFrame
, property
, value
, DontDelete
); 
1165     callFrame
[dst
] = JSValuePtr(scope
); 
1167     return callFrame
->scopeChain()->push(scope
); 
1170 NEVER_INLINE 
void Interpreter::tryCachePutByID(CallFrame
* callFrame
, CodeBlock
* codeBlock
, Instruction
* vPC
, JSValuePtr baseValue
, const PutPropertySlot
& slot
) 
1172     // Recursive invocation may already have specialized this instruction. 
1173     if (vPC
[0].u
.opcode 
!= getOpcode(op_put_by_id
)) 
1176     if (!baseValue
.isCell()) 
1179     // Uncacheable: give up. 
1180     if (!slot
.isCacheable()) { 
1181         vPC
[0] = getOpcode(op_put_by_id_generic
); 
1185     JSCell
* baseCell 
= asCell(baseValue
); 
1186     Structure
* structure 
= baseCell
->structure(); 
1188     if (structure
->isDictionary()) { 
1189         vPC
[0] = getOpcode(op_put_by_id_generic
); 
1193     // Cache miss: record Structure to compare against next time. 
1194     Structure
* lastStructure 
= vPC
[4].u
.structure
; 
1195     if (structure 
!= lastStructure
) { 
1196         // First miss: record Structure to compare against next time. 
1197         if (!lastStructure
) { 
1202         // Second miss: give up. 
1203         vPC
[0] = getOpcode(op_put_by_id_generic
); 
1207     // Cache hit: Specialize instruction and ref Structures. 
1209     // If baseCell != slot.base(), then baseCell must be a proxy for another object. 
1210     if (baseCell 
!= slot
.base()) { 
1211         vPC
[0] = getOpcode(op_put_by_id_generic
); 
1215     // Structure transition, cache transition info 
1216     if (slot
.type() == PutPropertySlot::NewProperty
) { 
1217         vPC
[0] = getOpcode(op_put_by_id_transition
); 
1218         vPC
[4] = structure
->previousID(); 
1220         vPC
[6] = structure
->prototypeChain(callFrame
); 
1221         vPC
[7] = slot
.cachedOffset(); 
1222         codeBlock
->refStructures(vPC
); 
1226     vPC
[0] = getOpcode(op_put_by_id_replace
); 
1227     vPC
[5] = slot
.cachedOffset(); 
1228     codeBlock
->refStructures(vPC
); 
1231 NEVER_INLINE 
void Interpreter::uncachePutByID(CodeBlock
* codeBlock
, Instruction
* vPC
) 
1233     codeBlock
->derefStructures(vPC
); 
1234     vPC
[0] = getOpcode(op_put_by_id
); 
1238 static size_t countPrototypeChainEntriesAndCheckForProxies(CallFrame
* callFrame
, JSValuePtr baseValue
, const PropertySlot
& slot
) 
1240     JSCell
* cell 
= asCell(baseValue
); 
1243     while (slot
.slotBase() != cell
) { 
1244         JSValuePtr v 
= cell
->structure()->prototypeForLookup(callFrame
); 
1246         // If we didn't find slotBase in baseValue's prototype chain, then baseValue 
1247         // must be a proxy for another object. 
1254         // Since we're accessing a prototype in a loop, it's a good bet that it 
1255         // should not be treated as a dictionary. 
1256         if (cell
->structure()->isDictionary())  
1257             asObject(cell
)->setStructure(Structure::fromDictionaryTransition(cell
->structure()));  
1266 NEVER_INLINE 
void Interpreter::tryCacheGetByID(CallFrame
* callFrame
, CodeBlock
* codeBlock
, Instruction
* vPC
, JSValuePtr baseValue
, const Identifier
& propertyName
, const PropertySlot
& slot
) 
1268     // Recursive invocation may already have specialized this instruction. 
1269     if (vPC
[0].u
.opcode 
!= getOpcode(op_get_by_id
)) 
1272     // FIXME: Cache property access for immediates. 
1273     if (!baseValue
.isCell()) { 
1274         vPC
[0] = getOpcode(op_get_by_id_generic
); 
1278     if (isJSArray(baseValue
) && propertyName 
== callFrame
->propertyNames().length
) { 
1279         vPC
[0] = getOpcode(op_get_array_length
); 
1283     if (isJSString(baseValue
) && propertyName 
== callFrame
->propertyNames().length
) { 
1284         vPC
[0] = getOpcode(op_get_string_length
); 
1288     // Uncacheable: give up. 
1289     if (!slot
.isCacheable()) { 
1290         vPC
[0] = getOpcode(op_get_by_id_generic
); 
1294     Structure
* structure 
= asCell(baseValue
)->structure(); 
1296     if (structure
->isDictionary()) { 
1297         vPC
[0] = getOpcode(op_get_by_id_generic
); 
1302     Structure
* lastStructure 
= vPC
[4].u
.structure
; 
1303     if (structure 
!= lastStructure
) { 
1304         // First miss: record Structure to compare against next time. 
1305         if (!lastStructure
) { 
1310         // Second miss: give up. 
1311         vPC
[0] = getOpcode(op_get_by_id_generic
); 
1315     // Cache hit: Specialize instruction and ref Structures. 
1317     if (slot
.slotBase() == baseValue
) { 
1318         vPC
[0] = getOpcode(op_get_by_id_self
); 
1319         vPC
[5] = slot
.cachedOffset(); 
1321         codeBlock
->refStructures(vPC
); 
1325     if (slot
.slotBase() == structure
->prototypeForLookup(callFrame
)) { 
1326         ASSERT(slot
.slotBase().isObject()); 
1328         JSObject
* baseObject 
= asObject(slot
.slotBase()); 
1330         // Since we're accessing a prototype in a loop, it's a good bet that it 
1331         // should not be treated as a dictionary. 
1332         if (baseObject
->structure()->isDictionary()) 
1333             baseObject
->setStructure(Structure::fromDictionaryTransition(baseObject
->structure())); 
1335         vPC
[0] = getOpcode(op_get_by_id_proto
); 
1336         vPC
[5] = baseObject
->structure(); 
1337         vPC
[6] = slot
.cachedOffset(); 
1339         codeBlock
->refStructures(vPC
); 
1343     size_t count 
= countPrototypeChainEntriesAndCheckForProxies(callFrame
, baseValue
, slot
); 
1345         vPC
[0] = getOpcode(op_get_by_id_generic
); 
1349     vPC
[0] = getOpcode(op_get_by_id_chain
); 
1351     vPC
[5] = structure
->prototypeChain(callFrame
); 
1353     vPC
[7] = slot
.cachedOffset(); 
1354     codeBlock
->refStructures(vPC
); 
1357 NEVER_INLINE 
void Interpreter::uncacheGetByID(CodeBlock
* codeBlock
, Instruction
* vPC
) 
1359     codeBlock
->derefStructures(vPC
); 
1360     vPC
[0] = getOpcode(op_get_by_id
); 
1364 JSValuePtr 
Interpreter::privateExecute(ExecutionFlag flag
, RegisterFile
* registerFile
, CallFrame
* callFrame
, JSValuePtr
* exception
) 
1366     // One-time initialization of our address tables. We have to put this code 
1367     // here because our labels are only in scope inside this function. 
1368     if (flag 
== InitializeAndReturn
) { 
1369         #if HAVE(COMPUTED_GOTO) 
1370             #define ADD_BYTECODE(id, length) m_opcodeTable[id] = &&id; 
1371                 FOR_EACH_OPCODE_ID(ADD_BYTECODE
); 
1374             #define ADD_OPCODE_ID(id, length) m_opcodeIDTable.add(&&id, id); 
1375                 FOR_EACH_OPCODE_ID(ADD_OPCODE_ID
); 
1376             #undef ADD_OPCODE_ID 
1377             ASSERT(m_opcodeIDTable
.size() == numOpcodeIDs
); 
1378         #endif // HAVE(COMPUTED_GOTO) 
1383     // Currently with CTI enabled we never interpret functions 
1384     ASSERT_NOT_REACHED(); 
1387     JSGlobalData
* globalData 
= &callFrame
->globalData(); 
1388     JSValuePtr exceptionValue 
= noValue(); 
1389     HandlerInfo
* handler 
= 0; 
1391     Instruction
* vPC 
= callFrame
->codeBlock()->instructions().begin(); 
1392     Profiler
** enabledProfilerReference 
= Profiler::enabledProfilerReference(); 
1393     unsigned tickCount 
= m_ticksUntilNextTimeoutCheck 
+ 1; 
1395 #define CHECK_FOR_EXCEPTION() \ 
1397         if (UNLIKELY(globalData->exception != noValue())) { \ 
1398             exceptionValue = globalData->exception; \ 
1403 #if ENABLE(OPCODE_STATS) 
1404     OpcodeStats::resetLastInstruction(); 
1407 #define CHECK_FOR_TIMEOUT() \ 
1408     if (!--tickCount) { \ 
1409         if (checkTimeout(callFrame->dynamicGlobalObject())) { \ 
1410             exceptionValue = jsNull(); \ 
1413         tickCount = m_ticksUntilNextTimeoutCheck; \ 
1416 #if ENABLE(OPCODE_SAMPLING) 
1417     #define SAMPLE(codeBlock, vPC) m_sampler->sample(codeBlock, vPC) 
1418     #define CTI_SAMPLER ARG_globalData->interpreter->sampler() 
1420     #define SAMPLE(codeBlock, vPC) 
1421     #define CTI_SAMPLER 0 
1424 #if HAVE(COMPUTED_GOTO) 
1425     #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto *vPC->u.opcode 
1426 #if ENABLE(OPCODE_STATS) 
1427     #define DEFINE_OPCODE(opcode) opcode: OpcodeStats::recordInstruction(opcode); 
1429     #define DEFINE_OPCODE(opcode) opcode: 
1433     #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto interpreterLoopStart 
1434 #if ENABLE(OPCODE_STATS) 
1435     #define DEFINE_OPCODE(opcode) case opcode: OpcodeStats::recordInstruction(opcode); 
1437     #define DEFINE_OPCODE(opcode) case opcode: 
1439     while (1) { // iterator loop begins 
1440     interpreterLoopStart
:; 
1441     switch (vPC
->u
.opcode
) 
1444     DEFINE_OPCODE(op_new_object
) { 
1445         /* new_object dst(r) 
1447            Constructs a new empty Object instance using the original 
1448            constructor, and puts the result in register dst. 
1450         int dst 
= (++vPC
)->u
.operand
; 
1451         callFrame
[dst
] = JSValuePtr(constructEmptyObject(callFrame
)); 
1456     DEFINE_OPCODE(op_new_array
) { 
1457         /* new_array dst(r) firstArg(r) argCount(n) 
1459            Constructs a new Array instance using the original 
1460            constructor, and puts the result in register dst. 
1461            The array will contain argCount elements with values 
1462            taken from registers starting at register firstArg. 
1464         int dst 
= (++vPC
)->u
.operand
; 
1465         int firstArg 
= (++vPC
)->u
.operand
; 
1466         int argCount 
= (++vPC
)->u
.operand
; 
1467         ArgList 
args(callFrame
->registers() + firstArg
, argCount
); 
1468         callFrame
[dst
] = JSValuePtr(constructArray(callFrame
, args
)); 
1473     DEFINE_OPCODE(op_new_regexp
) { 
1474         /* new_regexp dst(r) regExp(re) 
1476            Constructs a new RegExp instance using the original 
1477            constructor from regexp regExp, and puts the result in 
1480         int dst 
= (++vPC
)->u
.operand
; 
1481         int regExp 
= (++vPC
)->u
.operand
; 
1482         callFrame
[dst
] = JSValuePtr(new (globalData
) RegExpObject(callFrame
->scopeChain()->globalObject()->regExpStructure(), callFrame
->codeBlock()->regexp(regExp
))); 
1487     DEFINE_OPCODE(op_mov
) { 
1488         /* mov dst(r) src(r) 
1490            Copies register src to register dst. 
1492         int dst 
= (++vPC
)->u
.operand
; 
1493         int src 
= (++vPC
)->u
.operand
; 
1494         callFrame
[dst
] = callFrame
[src
]; 
1499     DEFINE_OPCODE(op_eq
) { 
1500         /* eq dst(r) src1(r) src2(r) 
1502            Checks whether register src1 and register src2 are equal, 
1503            as with the ECMAScript '==' operator, and puts the result 
1504            as a boolean in register dst. 
1506         int dst 
= (++vPC
)->u
.operand
; 
1507         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1508         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1509         if (JSFastMath::canDoFastBitwiseOperations(src1
, src2
)) 
1510             callFrame
[dst
] = JSFastMath::equal(src1
, src2
); 
1512             JSValuePtr result 
= jsBoolean(JSValuePtr::equalSlowCase(callFrame
, src1
, src2
)); 
1513             CHECK_FOR_EXCEPTION(); 
1514             callFrame
[dst
] = result
; 
1520     DEFINE_OPCODE(op_eq_null
) { 
1521         /* eq_null dst(r) src(r) 
1523            Checks whether register src is null, as with the ECMAScript '!=' 
1524            operator, and puts the result as a boolean in register dst. 
1526         int dst 
= (++vPC
)->u
.operand
; 
1527         JSValuePtr src 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1529         if (src
.isUndefinedOrNull()) { 
1530             callFrame
[dst
] = jsBoolean(true); 
1535         callFrame
[dst
] = jsBoolean(src
.isCell() && src
.asCell()->structure()->typeInfo().masqueradesAsUndefined()); 
1539     DEFINE_OPCODE(op_neq
) { 
1540         /* neq dst(r) src1(r) src2(r) 
1542            Checks whether register src1 and register src2 are not 
1543            equal, as with the ECMAScript '!=' operator, and puts the 
1544            result as a boolean in register dst. 
1546         int dst 
= (++vPC
)->u
.operand
; 
1547         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1548         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1549         if (JSFastMath::canDoFastBitwiseOperations(src1
, src2
)) 
1550             callFrame
[dst
] = JSFastMath::notEqual(src1
, src2
); 
1552             JSValuePtr result 
= jsBoolean(!JSValuePtr::equalSlowCase(callFrame
, src1
, src2
)); 
1553             CHECK_FOR_EXCEPTION(); 
1554             callFrame
[dst
] = result
; 
1560     DEFINE_OPCODE(op_neq_null
) { 
1561         /* neq_null dst(r) src(r) 
1563            Checks whether register src is not null, as with the ECMAScript '!=' 
1564            operator, and puts the result as a boolean in register dst. 
1566         int dst 
= (++vPC
)->u
.operand
; 
1567         JSValuePtr src 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1569         if (src
.isUndefinedOrNull()) { 
1570             callFrame
[dst
] = jsBoolean(false); 
1575         callFrame
[dst
] = jsBoolean(!src
.isCell() || !asCell(src
)->structure()->typeInfo().masqueradesAsUndefined()); 
1579     DEFINE_OPCODE(op_stricteq
) { 
1580         /* stricteq dst(r) src1(r) src2(r) 
1582            Checks whether register src1 and register src2 are strictly 
1583            equal, as with the ECMAScript '===' operator, and puts the 
1584            result as a boolean in register dst. 
1586         int dst 
= (++vPC
)->u
.operand
; 
1587         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1588         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1589         callFrame
[dst
] = jsBoolean(JSValuePtr::strictEqual(src1
, src2
)); 
1594     DEFINE_OPCODE(op_nstricteq
) { 
1595         /* nstricteq dst(r) src1(r) src2(r) 
1597            Checks whether register src1 and register src2 are not 
1598            strictly equal, as with the ECMAScript '!==' operator, and 
1599            puts the result as a boolean in register dst. 
1601         int dst 
= (++vPC
)->u
.operand
; 
1602         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1603         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1604         callFrame
[dst
] = jsBoolean(!JSValuePtr::strictEqual(src1
, src2
)); 
1609     DEFINE_OPCODE(op_less
) { 
1610         /* less dst(r) src1(r) src2(r) 
1612            Checks whether register src1 is less than register src2, as 
1613            with the ECMAScript '<' operator, and puts the result as 
1614            a boolean in register dst. 
1616         int dst 
= (++vPC
)->u
.operand
; 
1617         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1618         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1619         JSValuePtr result 
= jsBoolean(jsLess(callFrame
, src1
, src2
)); 
1620         CHECK_FOR_EXCEPTION(); 
1621         callFrame
[dst
] = result
; 
1626     DEFINE_OPCODE(op_lesseq
) { 
1627         /* lesseq dst(r) src1(r) src2(r) 
1629            Checks whether register src1 is less than or equal to 
1630            register src2, as with the ECMAScript '<=' operator, and 
1631            puts the result as a boolean in register dst. 
1633         int dst 
= (++vPC
)->u
.operand
; 
1634         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1635         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1636         JSValuePtr result 
= jsBoolean(jsLessEq(callFrame
, src1
, src2
)); 
1637         CHECK_FOR_EXCEPTION(); 
1638         callFrame
[dst
] = result
; 
1643     DEFINE_OPCODE(op_pre_inc
) { 
1644         /* pre_inc srcDst(r) 
1646            Converts register srcDst to number, adds one, and puts the result 
1647            back in register srcDst. 
1649         int srcDst 
= (++vPC
)->u
.operand
; 
1650         JSValuePtr v 
= callFrame
[srcDst
].jsValue(callFrame
); 
1651         if (JSFastMath::canDoFastAdditiveOperations(v
)) 
1652             callFrame
[srcDst
] = JSValuePtr(JSFastMath::incImmediateNumber(v
)); 
1654             JSValuePtr result 
= jsNumber(callFrame
, v
.toNumber(callFrame
) + 1); 
1655             CHECK_FOR_EXCEPTION(); 
1656             callFrame
[srcDst
] = result
; 
1662     DEFINE_OPCODE(op_pre_dec
) { 
1663         /* pre_dec srcDst(r) 
1665            Converts register srcDst to number, subtracts one, and puts the result 
1666            back in register srcDst. 
1668         int srcDst 
= (++vPC
)->u
.operand
; 
1669         JSValuePtr v 
= callFrame
[srcDst
].jsValue(callFrame
); 
1670         if (JSFastMath::canDoFastAdditiveOperations(v
)) 
1671             callFrame
[srcDst
] = JSValuePtr(JSFastMath::decImmediateNumber(v
)); 
1673             JSValuePtr result 
= jsNumber(callFrame
, v
.toNumber(callFrame
) - 1); 
1674             CHECK_FOR_EXCEPTION(); 
1675             callFrame
[srcDst
] = result
; 
1681     DEFINE_OPCODE(op_post_inc
) { 
1682         /* post_inc dst(r) srcDst(r) 
1684            Converts register srcDst to number. The number itself is 
1685            written to register dst, and the number plus one is written 
1686            back to register srcDst. 
1688         int dst 
= (++vPC
)->u
.operand
; 
1689         int srcDst 
= (++vPC
)->u
.operand
; 
1690         JSValuePtr v 
= callFrame
[srcDst
].jsValue(callFrame
); 
1691         if (JSFastMath::canDoFastAdditiveOperations(v
)) { 
1693             callFrame
[srcDst
] = JSValuePtr(JSFastMath::incImmediateNumber(v
)); 
1695             JSValuePtr number 
= callFrame
[srcDst
].jsValue(callFrame
).toJSNumber(callFrame
); 
1696             CHECK_FOR_EXCEPTION(); 
1697             callFrame
[dst
] = number
; 
1698             callFrame
[srcDst
] = JSValuePtr(jsNumber(callFrame
, number
.uncheckedGetNumber() + 1)); 
1704     DEFINE_OPCODE(op_post_dec
) { 
1705         /* post_dec dst(r) srcDst(r) 
1707            Converts register srcDst to number. The number itself is 
1708            written to register dst, and the number minus one is written 
1709            back to register srcDst. 
1711         int dst 
= (++vPC
)->u
.operand
; 
1712         int srcDst 
= (++vPC
)->u
.operand
; 
1713         JSValuePtr v 
= callFrame
[srcDst
].jsValue(callFrame
); 
1714         if (JSFastMath::canDoFastAdditiveOperations(v
)) { 
1716             callFrame
[srcDst
] = JSValuePtr(JSFastMath::decImmediateNumber(v
)); 
1718             JSValuePtr number 
= callFrame
[srcDst
].jsValue(callFrame
).toJSNumber(callFrame
); 
1719             CHECK_FOR_EXCEPTION(); 
1720             callFrame
[dst
] = number
; 
1721             callFrame
[srcDst
] = JSValuePtr(jsNumber(callFrame
, number
.uncheckedGetNumber() - 1)); 
1727     DEFINE_OPCODE(op_to_jsnumber
) { 
1728         /* to_jsnumber dst(r) src(r) 
1730            Converts register src to number, and puts the result 
1733         int dst 
= (++vPC
)->u
.operand
; 
1734         int src 
= (++vPC
)->u
.operand
; 
1736         JSValuePtr srcVal 
= callFrame
[src
].jsValue(callFrame
); 
1738         if (LIKELY(srcVal
.isNumber())) 
1739             callFrame
[dst
] = callFrame
[src
]; 
1741             JSValuePtr result 
= srcVal
.toJSNumber(callFrame
); 
1742             CHECK_FOR_EXCEPTION(); 
1743             callFrame
[dst
] = result
; 
1749     DEFINE_OPCODE(op_negate
) { 
1750         /* negate dst(r) src(r) 
1752            Converts register src to number, negates it, and puts the 
1753            result in register dst. 
1755         int dst 
= (++vPC
)->u
.operand
; 
1756         JSValuePtr src 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1759         if (src
.getNumber(v
)) 
1760             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, -v
)); 
1762             JSValuePtr result 
= jsNumber(callFrame
, -src
.toNumber(callFrame
)); 
1763             CHECK_FOR_EXCEPTION(); 
1764             callFrame
[dst
] = result
; 
1769     DEFINE_OPCODE(op_add
) { 
1770         /* add dst(r) src1(r) src2(r) 
1772            Adds register src1 and register src2, and puts the result 
1773            in register dst. (JS add may be string concatenation or 
1774            numeric add, depending on the types of the operands.) 
1776         int dst 
= (++vPC
)->u
.operand
; 
1777         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1778         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1779         if (JSFastMath::canDoFastAdditiveOperations(src1
, src2
)) 
1780             callFrame
[dst
] = JSValuePtr(JSFastMath::addImmediateNumbers(src1
, src2
)); 
1782             JSValuePtr result 
= jsAdd(callFrame
, src1
, src2
); 
1783             CHECK_FOR_EXCEPTION(); 
1784             callFrame
[dst
] = result
; 
1789     DEFINE_OPCODE(op_mul
) { 
1790         /* mul dst(r) src1(r) src2(r) 
1792            Multiplies register src1 and register src2 (converted to 
1793            numbers), and puts the product in register dst. 
1795         int dst 
= (++vPC
)->u
.operand
; 
1796         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1797         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1800         if (JSValuePtr::areBothInt32Fast(src1
, src2
)) { 
1801             int32_t left 
= src1
.getInt32Fast(); 
1802             int32_t right 
= src2
.getInt32Fast(); 
1803             if ((left 
| right
) >> 15 == 0) 
1804                 callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
* right
)); 
1806                 callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, static_cast<double>(left
) * static_cast<double>(right
))); 
1807         } else if (src1
.getNumber(left
) && src2
.getNumber(right
)) 
1808             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
* right
)); 
1810             JSValuePtr result 
= jsNumber(callFrame
, src1
.toNumber(callFrame
) * src2
.toNumber(callFrame
)); 
1811             CHECK_FOR_EXCEPTION(); 
1812             callFrame
[dst
] = result
; 
1818     DEFINE_OPCODE(op_div
) { 
1819         /* div dst(r) dividend(r) divisor(r) 
1821            Divides register dividend (converted to number) by the 
1822            register divisor (converted to number), and puts the 
1823            quotient in register dst. 
1825         int dst 
= (++vPC
)->u
.operand
; 
1826         JSValuePtr dividend 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1827         JSValuePtr divisor 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1830         if (dividend
.getNumber(left
) && divisor
.getNumber(right
)) 
1831             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
/ right
)); 
1833             JSValuePtr result 
= jsNumber(callFrame
, dividend
.toNumber(callFrame
) / divisor
.toNumber(callFrame
)); 
1834             CHECK_FOR_EXCEPTION(); 
1835             callFrame
[dst
] = result
; 
1840     DEFINE_OPCODE(op_mod
) { 
1841         /* mod dst(r) dividend(r) divisor(r) 
1843            Divides register dividend (converted to number) by 
1844            register divisor (converted to number), and puts the 
1845            remainder in register dst. 
1847         int dst 
= (++vPC
)->u
.operand
; 
1848         int dividend 
= (++vPC
)->u
.operand
; 
1849         int divisor 
= (++vPC
)->u
.operand
; 
1851         JSValuePtr dividendValue 
= callFrame
[dividend
].jsValue(callFrame
); 
1852         JSValuePtr divisorValue 
= callFrame
[divisor
].jsValue(callFrame
); 
1854         if (JSValuePtr::areBothInt32Fast(dividendValue
, divisorValue
) && divisorValue 
!= js0()) { 
1855             // We expect the result of the modulus of a number that was representable as an int32 to also be representable 
1857             JSValuePtr result 
= JSValuePtr::makeInt32Fast(dividendValue
.getInt32Fast() % divisorValue
.getInt32Fast()); 
1859             callFrame
[dst
] = result
; 
1864         double d 
= dividendValue
.toNumber(callFrame
); 
1865         JSValuePtr result 
= jsNumber(callFrame
, fmod(d
, divisorValue
.toNumber(callFrame
))); 
1866         CHECK_FOR_EXCEPTION(); 
1867         callFrame
[dst
] = result
; 
1871     DEFINE_OPCODE(op_sub
) { 
1872         /* sub dst(r) src1(r) src2(r) 
1874            Subtracts register src2 (converted to number) from register 
1875            src1 (converted to number), and puts the difference in 
1878         int dst 
= (++vPC
)->u
.operand
; 
1879         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1880         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1883         if (JSFastMath::canDoFastAdditiveOperations(src1
, src2
)) 
1884             callFrame
[dst
] = JSValuePtr(JSFastMath::subImmediateNumbers(src1
, src2
)); 
1885         else if (src1
.getNumber(left
) && src2
.getNumber(right
)) 
1886             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
- right
)); 
1888             JSValuePtr result 
= jsNumber(callFrame
, src1
.toNumber(callFrame
) - src2
.toNumber(callFrame
)); 
1889             CHECK_FOR_EXCEPTION(); 
1890             callFrame
[dst
] = result
; 
1895     DEFINE_OPCODE(op_lshift
) { 
1896         /* lshift dst(r) val(r) shift(r) 
1898            Performs left shift of register val (converted to int32) by 
1899            register shift (converted to uint32), and puts the result 
1902         int dst 
= (++vPC
)->u
.operand
; 
1903         JSValuePtr val 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1904         JSValuePtr shift 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1907         if (JSValuePtr::areBothInt32Fast(val
, shift
)) 
1908             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, val
.getInt32Fast() << (shift
.getInt32Fast() & 0x1f))); 
1909         else if (val
.numberToInt32(left
) && shift
.numberToUInt32(right
)) 
1910             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
<< (right 
& 0x1f))); 
1912             JSValuePtr result 
= jsNumber(callFrame
, (val
.toInt32(callFrame
)) << (shift
.toUInt32(callFrame
) & 0x1f)); 
1913             CHECK_FOR_EXCEPTION(); 
1914             callFrame
[dst
] = result
; 
1920     DEFINE_OPCODE(op_rshift
) { 
1921         /* rshift dst(r) val(r) shift(r) 
1923            Performs arithmetic right shift of register val (converted 
1924            to int32) by register shift (converted to 
1925            uint32), and puts the result in register dst. 
1927         int dst 
= (++vPC
)->u
.operand
; 
1928         JSValuePtr val 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1929         JSValuePtr shift 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1932         if (JSFastMath::canDoFastRshift(val
, shift
)) 
1933             callFrame
[dst
] = JSValuePtr(JSFastMath::rightShiftImmediateNumbers(val
, shift
)); 
1934         else if (val
.numberToInt32(left
) && shift
.numberToUInt32(right
)) 
1935             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
>> (right 
& 0x1f))); 
1937             JSValuePtr result 
= jsNumber(callFrame
, (val
.toInt32(callFrame
)) >> (shift
.toUInt32(callFrame
) & 0x1f)); 
1938             CHECK_FOR_EXCEPTION(); 
1939             callFrame
[dst
] = result
; 
1945     DEFINE_OPCODE(op_urshift
) { 
1946         /* rshift dst(r) val(r) shift(r) 
1948            Performs logical right shift of register val (converted 
1949            to uint32) by register shift (converted to 
1950            uint32), and puts the result in register dst. 
1952         int dst 
= (++vPC
)->u
.operand
; 
1953         JSValuePtr val 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1954         JSValuePtr shift 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1955         if (JSFastMath::canDoFastUrshift(val
, shift
)) 
1956             callFrame
[dst
] = JSValuePtr(JSFastMath::rightShiftImmediateNumbers(val
, shift
)); 
1958             JSValuePtr result 
= jsNumber(callFrame
, (val
.toUInt32(callFrame
)) >> (shift
.toUInt32(callFrame
) & 0x1f)); 
1959             CHECK_FOR_EXCEPTION(); 
1960             callFrame
[dst
] = result
; 
1966     DEFINE_OPCODE(op_bitand
) { 
1967         /* bitand dst(r) src1(r) src2(r) 
1969            Computes bitwise AND of register src1 (converted to int32) 
1970            and register src2 (converted to int32), and puts the result 
1973         int dst 
= (++vPC
)->u
.operand
; 
1974         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1975         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
1978         if (JSFastMath::canDoFastBitwiseOperations(src1
, src2
)) 
1979             callFrame
[dst
] = JSValuePtr(JSFastMath::andImmediateNumbers(src1
, src2
)); 
1980         else if (src1
.numberToInt32(left
) && src2
.numberToInt32(right
)) 
1981             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
& right
)); 
1983             JSValuePtr result 
= jsNumber(callFrame
, src1
.toInt32(callFrame
) & src2
.toInt32(callFrame
)); 
1984             CHECK_FOR_EXCEPTION(); 
1985             callFrame
[dst
] = result
; 
1991     DEFINE_OPCODE(op_bitxor
) { 
1992         /* bitxor dst(r) src1(r) src2(r) 
1994            Computes bitwise XOR of register src1 (converted to int32) 
1995            and register src2 (converted to int32), and puts the result 
1998         int dst 
= (++vPC
)->u
.operand
; 
1999         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
2000         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
2003         if (JSFastMath::canDoFastBitwiseOperations(src1
, src2
)) 
2004             callFrame
[dst
] = JSValuePtr(JSFastMath::xorImmediateNumbers(src1
, src2
)); 
2005         else if (src1
.numberToInt32(left
) && src2
.numberToInt32(right
)) 
2006             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
^ right
)); 
2008             JSValuePtr result 
= jsNumber(callFrame
, src1
.toInt32(callFrame
) ^ src2
.toInt32(callFrame
)); 
2009             CHECK_FOR_EXCEPTION(); 
2010             callFrame
[dst
] = result
; 
2016     DEFINE_OPCODE(op_bitor
) { 
2017         /* bitor dst(r) src1(r) src2(r) 
2019            Computes bitwise OR of register src1 (converted to int32) 
2020            and register src2 (converted to int32), and puts the 
2021            result in register dst. 
2023         int dst 
= (++vPC
)->u
.operand
; 
2024         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
2025         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
2028         if (JSFastMath::canDoFastBitwiseOperations(src1
, src2
)) 
2029             callFrame
[dst
] = JSValuePtr(JSFastMath::orImmediateNumbers(src1
, src2
)); 
2030         else if (src1
.numberToInt32(left
) && src2
.numberToInt32(right
)) 
2031             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, left 
| right
)); 
2033             JSValuePtr result 
= jsNumber(callFrame
, src1
.toInt32(callFrame
) | src2
.toInt32(callFrame
)); 
2034             CHECK_FOR_EXCEPTION(); 
2035             callFrame
[dst
] = result
; 
2041     DEFINE_OPCODE(op_bitnot
) { 
2042         /* bitnot dst(r) src(r) 
2044            Computes bitwise NOT of register src1 (converted to int32), 
2045            and puts the result in register dst. 
2047         int dst 
= (++vPC
)->u
.operand
; 
2048         JSValuePtr src 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
2050         if (src
.numberToInt32(value
)) 
2051             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, ~value
)); 
2053             JSValuePtr result 
= jsNumber(callFrame
, ~src
.toInt32(callFrame
)); 
2054             CHECK_FOR_EXCEPTION(); 
2055             callFrame
[dst
] = result
; 
2060     DEFINE_OPCODE(op_not
) { 
2061         /* not dst(r) src(r) 
2063            Computes logical NOT of register src (converted to 
2064            boolean), and puts the result in register dst. 
2066         int dst 
= (++vPC
)->u
.operand
; 
2067         int src 
= (++vPC
)->u
.operand
; 
2068         JSValuePtr result 
= jsBoolean(!callFrame
[src
].jsValue(callFrame
).toBoolean(callFrame
)); 
2069         CHECK_FOR_EXCEPTION(); 
2070         callFrame
[dst
] = result
; 
2075     DEFINE_OPCODE(op_instanceof
) { 
2076         /* instanceof dst(r) value(r) constructor(r) constructorProto(r) 
2078            Tests whether register value is an instance of register 
2079            constructor, and puts the boolean result in register 
2080            dst. Register constructorProto must contain the "prototype" 
2081            property (not the actual prototype) of the object in 
2082            register constructor. This lookup is separated so that 
2083            polymorphic inline caching can apply. 
2085            Raises an exception if register constructor is not an 
2088         int dst 
= vPC
[1].u
.operand
; 
2089         int value 
= vPC
[2].u
.operand
; 
2090         int base 
= vPC
[3].u
.operand
; 
2091         int baseProto 
= vPC
[4].u
.operand
; 
2093         JSValuePtr baseVal 
= callFrame
[base
].jsValue(callFrame
); 
2095         if (isNotObject(callFrame
, true, callFrame
->codeBlock(), vPC
, baseVal
, exceptionValue
)) 
2098         JSObject
* baseObj 
= asObject(baseVal
); 
2099         callFrame
[dst
] = jsBoolean(baseObj
->structure()->typeInfo().implementsHasInstance() ? baseObj
->hasInstance(callFrame
, callFrame
[value
].jsValue(callFrame
), callFrame
[baseProto
].jsValue(callFrame
)) : false); 
2104     DEFINE_OPCODE(op_typeof
) { 
2105         /* typeof dst(r) src(r) 
2107            Determines the type string for src according to ECMAScript 
2108            rules, and puts the result in register dst. 
2110         int dst 
= (++vPC
)->u
.operand
; 
2111         int src 
= (++vPC
)->u
.operand
; 
2112         callFrame
[dst
] = JSValuePtr(jsTypeStringForValue(callFrame
, callFrame
[src
].jsValue(callFrame
))); 
2117     DEFINE_OPCODE(op_is_undefined
) { 
2118         /* is_undefined dst(r) src(r) 
2120            Determines whether the type string for src according to 
2121            the ECMAScript rules is "undefined", and puts the result 
2124         int dst 
= (++vPC
)->u
.operand
; 
2125         int src 
= (++vPC
)->u
.operand
; 
2126         JSValuePtr v 
= callFrame
[src
].jsValue(callFrame
); 
2127         callFrame
[dst
] = jsBoolean(v
.isCell() ? v
.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v
.isUndefined()); 
2132     DEFINE_OPCODE(op_is_boolean
) { 
2133         /* is_boolean dst(r) src(r) 
2135            Determines whether the type string for src according to 
2136            the ECMAScript rules is "boolean", and puts the result 
2139         int dst 
= (++vPC
)->u
.operand
; 
2140         int src 
= (++vPC
)->u
.operand
; 
2141         callFrame
[dst
] = jsBoolean(callFrame
[src
].jsValue(callFrame
).isBoolean()); 
2146     DEFINE_OPCODE(op_is_number
) { 
2147         /* is_number dst(r) src(r) 
2149            Determines whether the type string for src according to 
2150            the ECMAScript rules is "number", and puts the result 
2153         int dst 
= (++vPC
)->u
.operand
; 
2154         int src 
= (++vPC
)->u
.operand
; 
2155         callFrame
[dst
] = jsBoolean(callFrame
[src
].jsValue(callFrame
).isNumber()); 
2160     DEFINE_OPCODE(op_is_string
) { 
2161         /* is_string dst(r) src(r) 
2163            Determines whether the type string for src according to 
2164            the ECMAScript rules is "string", and puts the result 
2167         int dst 
= (++vPC
)->u
.operand
; 
2168         int src 
= (++vPC
)->u
.operand
; 
2169         callFrame
[dst
] = jsBoolean(callFrame
[src
].jsValue(callFrame
).isString()); 
2174     DEFINE_OPCODE(op_is_object
) { 
2175         /* is_object dst(r) src(r) 
2177            Determines whether the type string for src according to 
2178            the ECMAScript rules is "object", and puts the result 
2181         int dst 
= (++vPC
)->u
.operand
; 
2182         int src 
= (++vPC
)->u
.operand
; 
2183         callFrame
[dst
] = jsBoolean(jsIsObjectType(callFrame
[src
].jsValue(callFrame
))); 
2188     DEFINE_OPCODE(op_is_function
) { 
2189         /* is_function dst(r) src(r) 
2191            Determines whether the type string for src according to 
2192            the ECMAScript rules is "function", and puts the result 
2195         int dst 
= (++vPC
)->u
.operand
; 
2196         int src 
= (++vPC
)->u
.operand
; 
2197         callFrame
[dst
] = jsBoolean(jsIsFunctionType(callFrame
[src
].jsValue(callFrame
))); 
2202     DEFINE_OPCODE(op_in
) { 
2203         /* in dst(r) property(r) base(r) 
2205            Tests whether register base has a property named register 
2206            property, and puts the boolean result in register dst. 
2208            Raises an exception if register constructor is not an 
2211         int dst 
= (++vPC
)->u
.operand
; 
2212         int property 
= (++vPC
)->u
.operand
; 
2213         int base 
= (++vPC
)->u
.operand
; 
2215         JSValuePtr baseVal 
= callFrame
[base
].jsValue(callFrame
); 
2216         if (isNotObject(callFrame
, false, callFrame
->codeBlock(), vPC
, baseVal
, exceptionValue
)) 
2219         JSObject
* baseObj 
= asObject(baseVal
); 
2221         JSValuePtr propName 
= callFrame
[property
].jsValue(callFrame
); 
2224         if (propName
.getUInt32(i
)) 
2225             callFrame
[dst
] = jsBoolean(baseObj
->hasProperty(callFrame
, i
)); 
2227             Identifier 
property(callFrame
, propName
.toString(callFrame
)); 
2228             CHECK_FOR_EXCEPTION(); 
2229             callFrame
[dst
] = jsBoolean(baseObj
->hasProperty(callFrame
, property
)); 
2235     DEFINE_OPCODE(op_resolve
) { 
2236         /* resolve dst(r) property(id) 
2238            Looks up the property named by identifier property in the 
2239            scope chain, and writes the resulting value to register 
2240            dst. If the property is not found, raises an exception. 
2242         if (UNLIKELY(!resolve(callFrame
, vPC
, exceptionValue
))) 
2248     DEFINE_OPCODE(op_resolve_skip
) { 
2249         /* resolve_skip dst(r) property(id) skip(n) 
2251          Looks up the property named by identifier property in the 
2252          scope chain skipping the top 'skip' levels, and writes the resulting 
2253          value to register dst. If the property is not found, raises an exception. 
2255         if (UNLIKELY(!resolveSkip(callFrame
, vPC
, exceptionValue
))) 
2262     DEFINE_OPCODE(op_resolve_global
) { 
2263         /* resolve_skip dst(r) globalObject(c) property(id) structure(sID) offset(n) 
2265            Performs a dynamic property lookup for the given property, on the provided 
2266            global object.  If structure matches the Structure of the global then perform 
2267            a fast lookup using the case offset, otherwise fall back to a full resolve and 
2268            cache the new structure and offset 
2270         if (UNLIKELY(!resolveGlobal(callFrame
, vPC
, exceptionValue
))) 
2277     DEFINE_OPCODE(op_get_global_var
) { 
2278         /* get_global_var dst(r) globalObject(c) index(n) 
2280            Gets the global var at global slot index and places it in register dst. 
2282         int dst 
= (++vPC
)->u
.operand
; 
2283         JSGlobalObject
* scope 
= static_cast<JSGlobalObject
*>((++vPC
)->u
.jsCell
); 
2284         ASSERT(scope
->isGlobalObject()); 
2285         int index 
= (++vPC
)->u
.operand
; 
2287         callFrame
[dst
] = scope
->registerAt(index
); 
2291     DEFINE_OPCODE(op_put_global_var
) { 
2292         /* put_global_var globalObject(c) index(n) value(r) 
2294            Puts value into global slot index. 
2296         JSGlobalObject
* scope 
= static_cast<JSGlobalObject
*>((++vPC
)->u
.jsCell
); 
2297         ASSERT(scope
->isGlobalObject()); 
2298         int index 
= (++vPC
)->u
.operand
; 
2299         int value 
= (++vPC
)->u
.operand
; 
2301         scope
->registerAt(index
) = JSValuePtr(callFrame
[value
].jsValue(callFrame
)); 
2305     DEFINE_OPCODE(op_get_scoped_var
) { 
2306         /* get_scoped_var dst(r) index(n) skip(n) 
2308          Loads the contents of the index-th local from the scope skip nodes from 
2309          the top of the scope chain, and places it in register dst 
2311         int dst 
= (++vPC
)->u
.operand
; 
2312         int index 
= (++vPC
)->u
.operand
; 
2313         int skip 
= (++vPC
)->u
.operand 
+ callFrame
->codeBlock()->needsFullScopeChain(); 
2315         ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
2316         ScopeChainIterator iter 
= scopeChain
->begin(); 
2317         ScopeChainIterator end 
= scopeChain
->end(); 
2318         ASSERT(iter 
!= end
); 
2321             ASSERT(iter 
!= end
); 
2324         ASSERT((*iter
)->isVariableObject()); 
2325         JSVariableObject
* scope 
= static_cast<JSVariableObject
*>(*iter
); 
2326         callFrame
[dst
] = scope
->registerAt(index
); 
2330     DEFINE_OPCODE(op_put_scoped_var
) { 
2331         /* put_scoped_var index(n) skip(n) value(r) 
2334         int index 
= (++vPC
)->u
.operand
; 
2335         int skip 
= (++vPC
)->u
.operand 
+ callFrame
->codeBlock()->needsFullScopeChain(); 
2336         int value 
= (++vPC
)->u
.operand
; 
2338         ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
2339         ScopeChainIterator iter 
= scopeChain
->begin(); 
2340         ScopeChainIterator end 
= scopeChain
->end(); 
2341         ASSERT(iter 
!= end
); 
2344             ASSERT(iter 
!= end
); 
2347         ASSERT((*iter
)->isVariableObject()); 
2348         JSVariableObject
* scope 
= static_cast<JSVariableObject
*>(*iter
); 
2349         scope
->registerAt(index
) = JSValuePtr(callFrame
[value
].jsValue(callFrame
)); 
2353     DEFINE_OPCODE(op_resolve_base
) { 
2354         /* resolve_base dst(r) property(id) 
2356            Searches the scope chain for an object containing 
2357            identifier property, and if one is found, writes it to 
2358            register dst. If none is found, the outermost scope (which 
2359            will be the global object) is stored in register dst. 
2361         resolveBase(callFrame
, vPC
); 
2366     DEFINE_OPCODE(op_resolve_with_base
) { 
2367         /* resolve_with_base baseDst(r) propDst(r) property(id) 
2369            Searches the scope chain for an object containing 
2370            identifier property, and if one is found, writes it to 
2371            register srcDst, and the retrieved property value to register 
2372            propDst. If the property is not found, raises an exception. 
2374            This is more efficient than doing resolve_base followed by 
2375            resolve, or resolve_base followed by get_by_id, as it 
2376            avoids duplicate hash lookups. 
2378         if (UNLIKELY(!resolveBaseAndProperty(callFrame
, vPC
, exceptionValue
))) 
2384     DEFINE_OPCODE(op_resolve_func
) { 
2385         /* resolve_func baseDst(r) funcDst(r) property(id) 
2387            Searches the scope chain for an object containing 
2388            identifier property, and if one is found, writes the 
2389            appropriate object to use as "this" when calling its 
2390            properties to register baseDst; and the retrieved property 
2391            value to register propDst. If the property is not found, 
2392            raises an exception. 
2394            This differs from resolve_with_base, because the 
2395            global this value will be substituted for activations or 
2396            the global object, which is the right behavior for function 
2397            calls but not for other property lookup. 
2399         if (UNLIKELY(!resolveBaseAndFunc(callFrame
, vPC
, exceptionValue
))) 
2405     DEFINE_OPCODE(op_get_by_id
) { 
2406         /* get_by_id dst(r) base(r) property(id) structure(sID) nop(n) nop(n) nop(n) 
2408            Generic property access: Gets the property named by identifier 
2409            property from the value base, and puts the result in register dst. 
2411         int dst 
= vPC
[1].u
.operand
; 
2412         int base 
= vPC
[2].u
.operand
; 
2413         int property 
= vPC
[3].u
.operand
; 
2415         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
2416         Identifier
& ident 
= codeBlock
->identifier(property
); 
2417         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2418         PropertySlot 
slot(baseValue
); 
2419         JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
2420         CHECK_FOR_EXCEPTION(); 
2422         tryCacheGetByID(callFrame
, codeBlock
, vPC
, baseValue
, ident
, slot
); 
2424         callFrame
[dst
] = result
; 
2428     DEFINE_OPCODE(op_get_by_id_self
) { 
2429         /* op_get_by_id_self dst(r) base(r) property(id) structure(sID) offset(n) nop(n) nop(n) 
2431            Cached property access: Attempts to get a cached property from the 
2432            value base. If the cache misses, op_get_by_id_self reverts to 
2435         int base 
= vPC
[2].u
.operand
; 
2436         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2438         if (LIKELY(baseValue
.isCell())) { 
2439             JSCell
* baseCell 
= asCell(baseValue
); 
2440             Structure
* structure 
= vPC
[4].u
.structure
; 
2442             if (LIKELY(baseCell
->structure() == structure
)) { 
2443                 ASSERT(baseCell
->isObject()); 
2444                 JSObject
* baseObject 
= asObject(baseCell
); 
2445                 int dst 
= vPC
[1].u
.operand
; 
2446                 int offset 
= vPC
[5].u
.operand
; 
2448                 ASSERT(baseObject
->get(callFrame
, callFrame
->codeBlock()->identifier(vPC
[3].u
.operand
)) == baseObject
->getDirectOffset(offset
)); 
2449                 callFrame
[dst
] = JSValuePtr(baseObject
->getDirectOffset(offset
)); 
2456         uncacheGetByID(callFrame
->codeBlock(), vPC
); 
2459     DEFINE_OPCODE(op_get_by_id_proto
) { 
2460         /* op_get_by_id_proto dst(r) base(r) property(id) structure(sID) prototypeStructure(sID) offset(n) nop(n) 
2462            Cached property access: Attempts to get a cached property from the 
2463            value base's prototype. If the cache misses, op_get_by_id_proto 
2464            reverts to op_get_by_id. 
2466         int base 
= vPC
[2].u
.operand
; 
2467         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2469         if (LIKELY(baseValue
.isCell())) { 
2470             JSCell
* baseCell 
= asCell(baseValue
); 
2471             Structure
* structure 
= vPC
[4].u
.structure
; 
2473             if (LIKELY(baseCell
->structure() == structure
)) { 
2474                 ASSERT(structure
->prototypeForLookup(callFrame
).isObject()); 
2475                 JSObject
* protoObject 
= asObject(structure
->prototypeForLookup(callFrame
)); 
2476                 Structure
* prototypeStructure 
= vPC
[5].u
.structure
; 
2478                 if (LIKELY(protoObject
->structure() == prototypeStructure
)) { 
2479                     int dst 
= vPC
[1].u
.operand
; 
2480                     int offset 
= vPC
[6].u
.operand
; 
2482                     ASSERT(protoObject
->get(callFrame
, callFrame
->codeBlock()->identifier(vPC
[3].u
.operand
)) == protoObject
->getDirectOffset(offset
)); 
2483                     callFrame
[dst
] = JSValuePtr(protoObject
->getDirectOffset(offset
)); 
2491         uncacheGetByID(callFrame
->codeBlock(), vPC
); 
2494     DEFINE_OPCODE(op_get_by_id_self_list
) { 
2495         // Polymorphic self access caching currently only supported when JITting. 
2496         ASSERT_NOT_REACHED(); 
2497         // This case of the switch must not be empty, else (op_get_by_id_self_list == op_get_by_id_chain)! 
2501     DEFINE_OPCODE(op_get_by_id_proto_list
) { 
2502         // Polymorphic prototype access caching currently only supported when JITting. 
2503         ASSERT_NOT_REACHED(); 
2504         // This case of the switch must not be empty, else (op_get_by_id_proto_list == op_get_by_id_chain)! 
2508     DEFINE_OPCODE(op_get_by_id_chain
) { 
2509         /* op_get_by_id_chain dst(r) base(r) property(id) structure(sID) structureChain(chain) count(n) offset(n) 
2511            Cached property access: Attempts to get a cached property from the 
2512            value base's prototype chain. If the cache misses, op_get_by_id_chain 
2513            reverts to op_get_by_id. 
2515         int base 
= vPC
[2].u
.operand
; 
2516         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2518         if (LIKELY(baseValue
.isCell())) { 
2519             JSCell
* baseCell 
= asCell(baseValue
); 
2520             Structure
* structure 
= vPC
[4].u
.structure
; 
2522             if (LIKELY(baseCell
->structure() == structure
)) { 
2523                 RefPtr
<Structure
>* it 
= vPC
[5].u
.structureChain
->head(); 
2524                 size_t count 
= vPC
[6].u
.operand
; 
2525                 RefPtr
<Structure
>* end 
= it 
+ count
; 
2528                     JSObject
* baseObject 
= asObject(baseCell
->structure()->prototypeForLookup(callFrame
)); 
2530                     if (UNLIKELY(baseObject
->structure() != (*it
).get())) 
2534                         int dst 
= vPC
[1].u
.operand
; 
2535                         int offset 
= vPC
[7].u
.operand
; 
2537                         ASSERT(baseObject
->get(callFrame
, callFrame
->codeBlock()->identifier(vPC
[3].u
.operand
)) == baseObject
->getDirectOffset(offset
)); 
2538                         callFrame
[dst
] = JSValuePtr(baseObject
->getDirectOffset(offset
)); 
2544                     // Update baseCell, so that next time around the loop we'll pick up the prototype's prototype. 
2545                     baseCell 
= baseObject
; 
2550         uncacheGetByID(callFrame
->codeBlock(), vPC
); 
2553     DEFINE_OPCODE(op_get_by_id_generic
) { 
2554         /* op_get_by_id_generic dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n) 
2556            Generic property access: Gets the property named by identifier 
2557            property from the value base, and puts the result in register dst. 
2559         int dst 
= vPC
[1].u
.operand
; 
2560         int base 
= vPC
[2].u
.operand
; 
2561         int property 
= vPC
[3].u
.operand
; 
2563         Identifier
& ident 
= callFrame
->codeBlock()->identifier(property
); 
2564         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2565         PropertySlot 
slot(baseValue
); 
2566         JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
2567         CHECK_FOR_EXCEPTION(); 
2569         callFrame
[dst
] = result
; 
2573     DEFINE_OPCODE(op_get_array_length
) { 
2574         /* op_get_array_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n) 
2576            Cached property access: Gets the length of the array in register base, 
2577            and puts the result in register dst. If register base does not hold 
2578            an array, op_get_array_length reverts to op_get_by_id. 
2581         int base 
= vPC
[2].u
.operand
; 
2582         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2583         if (LIKELY(isJSArray(baseValue
))) { 
2584             int dst 
= vPC
[1].u
.operand
; 
2585             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, asArray(baseValue
)->length())); 
2590         uncacheGetByID(callFrame
->codeBlock(), vPC
); 
2593     DEFINE_OPCODE(op_get_string_length
) { 
2594         /* op_get_string_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n) 
2596            Cached property access: Gets the length of the string in register base, 
2597            and puts the result in register dst. If register base does not hold 
2598            a string, op_get_string_length reverts to op_get_by_id. 
2601         int base 
= vPC
[2].u
.operand
; 
2602         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2603         if (LIKELY(isJSString(baseValue
))) { 
2604             int dst 
= vPC
[1].u
.operand
; 
2605             callFrame
[dst
] = JSValuePtr(jsNumber(callFrame
, asString(baseValue
)->value().size())); 
2610         uncacheGetByID(callFrame
->codeBlock(), vPC
); 
2613     DEFINE_OPCODE(op_put_by_id
) { 
2614         /* put_by_id base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n) 
2616            Generic property access: Sets the property named by identifier 
2617            property, belonging to register base, to register value. 
2619            Unlike many opcodes, this one does not write any output to 
2623         int base 
= vPC
[1].u
.operand
; 
2624         int property 
= vPC
[2].u
.operand
; 
2625         int value 
= vPC
[3].u
.operand
; 
2627         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
2628         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2629         Identifier
& ident 
= codeBlock
->identifier(property
); 
2630         PutPropertySlot slot
; 
2631         baseValue
.put(callFrame
, ident
, callFrame
[value
].jsValue(callFrame
), slot
); 
2632         CHECK_FOR_EXCEPTION(); 
2634         tryCachePutByID(callFrame
, codeBlock
, vPC
, baseValue
, slot
); 
2639     DEFINE_OPCODE(op_put_by_id_transition
) { 
2640         /* op_put_by_id_transition base(r) property(id) value(r) oldStructure(sID) newStructure(sID) structureChain(chain) offset(n) 
2642            Cached property access: Attempts to set a new property with a cached transition 
2643            property named by identifier property, belonging to register base, 
2644            to register value. If the cache misses, op_put_by_id_transition 
2645            reverts to op_put_by_id_generic. 
2647            Unlike many opcodes, this one does not write any output to 
2650         int base 
= vPC
[1].u
.operand
; 
2651         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2653         if (LIKELY(baseValue
.isCell())) { 
2654             JSCell
* baseCell 
= asCell(baseValue
); 
2655             Structure
* oldStructure 
= vPC
[4].u
.structure
; 
2656             Structure
* newStructure 
= vPC
[5].u
.structure
; 
2658             if (LIKELY(baseCell
->structure() == oldStructure
)) { 
2659                 ASSERT(baseCell
->isObject()); 
2660                 JSObject
* baseObject 
= asObject(baseCell
); 
2662                 RefPtr
<Structure
>* it 
= vPC
[6].u
.structureChain
->head(); 
2664                 JSValuePtr proto 
= baseObject
->structure()->prototypeForLookup(callFrame
); 
2665                 while (!proto
.isNull()) { 
2666                     if (UNLIKELY(asObject(proto
)->structure() != (*it
).get())) { 
2667                         uncachePutByID(callFrame
->codeBlock(), vPC
); 
2671                     proto 
= asObject(proto
)->structure()->prototypeForLookup(callFrame
); 
2674                 baseObject
->transitionTo(newStructure
); 
2676                 int value 
= vPC
[3].u
.operand
; 
2677                 unsigned offset 
= vPC
[7].u
.operand
; 
2678                 ASSERT(baseObject
->offsetForLocation(baseObject
->getDirectLocation(callFrame
->codeBlock()->identifier(vPC
[2].u
.operand
))) == offset
); 
2679                 baseObject
->putDirectOffset(offset
, callFrame
[value
].jsValue(callFrame
)); 
2686         uncachePutByID(callFrame
->codeBlock(), vPC
); 
2689     DEFINE_OPCODE(op_put_by_id_replace
) { 
2690         /* op_put_by_id_replace base(r) property(id) value(r) structure(sID) offset(n) nop(n) nop(n) 
2692            Cached property access: Attempts to set a pre-existing, cached 
2693            property named by identifier property, belonging to register base, 
2694            to register value. If the cache misses, op_put_by_id_replace 
2695            reverts to op_put_by_id. 
2697            Unlike many opcodes, this one does not write any output to 
2700         int base 
= vPC
[1].u
.operand
; 
2701         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2703         if (LIKELY(baseValue
.isCell())) { 
2704             JSCell
* baseCell 
= asCell(baseValue
); 
2705             Structure
* structure 
= vPC
[4].u
.structure
; 
2707             if (LIKELY(baseCell
->structure() == structure
)) { 
2708                 ASSERT(baseCell
->isObject()); 
2709                 JSObject
* baseObject 
= asObject(baseCell
); 
2710                 int value 
= vPC
[3].u
.operand
; 
2711                 unsigned offset 
= vPC
[5].u
.operand
; 
2713                 ASSERT(baseObject
->offsetForLocation(baseObject
->getDirectLocation(callFrame
->codeBlock()->identifier(vPC
[2].u
.operand
))) == offset
); 
2714                 baseObject
->putDirectOffset(offset
, callFrame
[value
].jsValue(callFrame
)); 
2721         uncachePutByID(callFrame
->codeBlock(), vPC
); 
2724     DEFINE_OPCODE(op_put_by_id_generic
) { 
2725         /* op_put_by_id_generic base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n) 
2727            Generic property access: Sets the property named by identifier 
2728            property, belonging to register base, to register value. 
2730            Unlike many opcodes, this one does not write any output to 
2733         int base 
= vPC
[1].u
.operand
; 
2734         int property 
= vPC
[2].u
.operand
; 
2735         int value 
= vPC
[3].u
.operand
; 
2737         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2738         Identifier
& ident 
= callFrame
->codeBlock()->identifier(property
); 
2739         PutPropertySlot slot
; 
2740         baseValue
.put(callFrame
, ident
, callFrame
[value
].jsValue(callFrame
), slot
); 
2741         CHECK_FOR_EXCEPTION(); 
2746     DEFINE_OPCODE(op_del_by_id
) { 
2747         /* del_by_id dst(r) base(r) property(id) 
2749            Converts register base to Object, deletes the property 
2750            named by identifier property from the object, and writes a 
2751            boolean indicating success (if true) or failure (if false) 
2754         int dst 
= (++vPC
)->u
.operand
; 
2755         int base 
= (++vPC
)->u
.operand
; 
2756         int property 
= (++vPC
)->u
.operand
; 
2758         JSObject
* baseObj 
= callFrame
[base
].jsValue(callFrame
).toObject(callFrame
); 
2759         Identifier
& ident 
= callFrame
->codeBlock()->identifier(property
); 
2760         JSValuePtr result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, ident
)); 
2761         CHECK_FOR_EXCEPTION(); 
2762         callFrame
[dst
] = result
; 
2766     DEFINE_OPCODE(op_get_by_val
) { 
2767         /* get_by_val dst(r) base(r) property(r) 
2769            Converts register base to Object, gets the property named 
2770            by register property from the object, and puts the result 
2771            in register dst. property is nominally converted to string 
2772            but numbers are treated more efficiently. 
2774         int dst 
= (++vPC
)->u
.operand
; 
2775         int base 
= (++vPC
)->u
.operand
; 
2776         int property 
= (++vPC
)->u
.operand
; 
2778         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2779         JSValuePtr subscript 
= callFrame
[property
].jsValue(callFrame
); 
2783         if (LIKELY(subscript
.isUInt32Fast())) { 
2784             uint32_t i 
= subscript
.getUInt32Fast(); 
2785             if (isJSArray(baseValue
)) { 
2786                 JSArray
* jsArray 
= asArray(baseValue
); 
2787                 if (jsArray
->canGetIndex(i
)) 
2788                     result 
= jsArray
->getIndex(i
); 
2790                     result 
= jsArray
->JSArray::get(callFrame
, i
); 
2791             } else if (isJSString(baseValue
) && asString(baseValue
)->canGetIndex(i
)) 
2792                 result 
= asString(baseValue
)->getIndex(&callFrame
->globalData(), i
); 
2793             else if (isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) 
2794                 result 
= asByteArray(baseValue
)->getIndex(callFrame
, i
); 
2796                 result 
= baseValue
.get(callFrame
, i
); 
2798             Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
2799             result 
= baseValue
.get(callFrame
, property
); 
2802         CHECK_FOR_EXCEPTION(); 
2803         callFrame
[dst
] = result
; 
2807     DEFINE_OPCODE(op_put_by_val
) { 
2808         /* put_by_val base(r) property(r) value(r) 
2810            Sets register value on register base as the property named 
2811            by register property. Base is converted to object 
2812            first. register property is nominally converted to string 
2813            but numbers are treated more efficiently. 
2815            Unlike many opcodes, this one does not write any output to 
2818         int base 
= (++vPC
)->u
.operand
; 
2819         int property 
= (++vPC
)->u
.operand
; 
2820         int value 
= (++vPC
)->u
.operand
; 
2822         JSValuePtr baseValue 
= callFrame
[base
].jsValue(callFrame
); 
2823         JSValuePtr subscript 
= callFrame
[property
].jsValue(callFrame
); 
2825         if (LIKELY(subscript
.isUInt32Fast())) { 
2826             uint32_t i 
= subscript
.getUInt32Fast(); 
2827             if (isJSArray(baseValue
)) { 
2828                 JSArray
* jsArray 
= asArray(baseValue
); 
2829                 if (jsArray
->canSetIndex(i
)) 
2830                     jsArray
->setIndex(i
, callFrame
[value
].jsValue(callFrame
)); 
2832                     jsArray
->JSArray::put(callFrame
, i
, callFrame
[value
].jsValue(callFrame
)); 
2833             } else if (isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) { 
2834                 JSByteArray
* jsByteArray 
= asByteArray(baseValue
); 
2836                 JSValuePtr jsValue 
= callFrame
[value
].jsValue(callFrame
); 
2837                 if (jsValue
.isInt32Fast()) 
2838                     jsByteArray
->setIndex(i
, jsValue
.getInt32Fast()); 
2839                 else if (jsValue
.getNumber(dValue
)) 
2840                     jsByteArray
->setIndex(i
, dValue
); 
2842                     baseValue
.put(callFrame
, i
, jsValue
); 
2844                 baseValue
.put(callFrame
, i
, callFrame
[value
].jsValue(callFrame
)); 
2846             Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
2847             if (!globalData
->exception
) { // Don't put to an object if toString threw an exception. 
2848                 PutPropertySlot slot
; 
2849                 baseValue
.put(callFrame
, property
, callFrame
[value
].jsValue(callFrame
), slot
); 
2853         CHECK_FOR_EXCEPTION(); 
2857     DEFINE_OPCODE(op_del_by_val
) { 
2858         /* del_by_val dst(r) base(r) property(r) 
2860            Converts register base to Object, deletes the property 
2861            named by register property from the object, and writes a 
2862            boolean indicating success (if true) or failure (if false) 
2865         int dst 
= (++vPC
)->u
.operand
; 
2866         int base 
= (++vPC
)->u
.operand
; 
2867         int property 
= (++vPC
)->u
.operand
; 
2869         JSObject
* baseObj 
= callFrame
[base
].jsValue(callFrame
).toObject(callFrame
); // may throw 
2871         JSValuePtr subscript 
= callFrame
[property
].jsValue(callFrame
); 
2874         if (subscript
.getUInt32(i
)) 
2875             result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, i
)); 
2877             CHECK_FOR_EXCEPTION(); 
2878             Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
2879             CHECK_FOR_EXCEPTION(); 
2880             result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, property
)); 
2883         CHECK_FOR_EXCEPTION(); 
2884         callFrame
[dst
] = result
; 
2888     DEFINE_OPCODE(op_put_by_index
) { 
2889         /* put_by_index base(r) property(n) value(r) 
2891            Sets register value on register base as the property named 
2892            by the immediate number property. Base is converted to 
2895            Unlike many opcodes, this one does not write any output to 
2898            This opcode is mainly used to initialize array literals. 
2900         int base 
= (++vPC
)->u
.operand
; 
2901         unsigned property 
= (++vPC
)->u
.operand
; 
2902         int value 
= (++vPC
)->u
.operand
; 
2904         callFrame
[base
].jsValue(callFrame
).put(callFrame
, property
, callFrame
[value
].jsValue(callFrame
)); 
2909     DEFINE_OPCODE(op_loop
) { 
2910         /* loop target(offset) 
2912            Jumps unconditionally to offset target from the current 
2915            Additionally this loop instruction may terminate JS execution is 
2916            the JS timeout is reached. 
2918 #if ENABLE(OPCODE_STATS) 
2919         OpcodeStats::resetLastInstruction(); 
2921         int target 
= (++vPC
)->u
.operand
; 
2922         CHECK_FOR_TIMEOUT(); 
2926     DEFINE_OPCODE(op_jmp
) { 
2927         /* jmp target(offset) 
2929            Jumps unconditionally to offset target from the current 
2932 #if ENABLE(OPCODE_STATS) 
2933         OpcodeStats::resetLastInstruction(); 
2935         int target 
= (++vPC
)->u
.operand
; 
2940     DEFINE_OPCODE(op_loop_if_true
) { 
2941         /* loop_if_true cond(r) target(offset) 
2943            Jumps to offset target from the current instruction, if and 
2944            only if register cond converts to boolean as true. 
2946            Additionally this loop instruction may terminate JS execution is 
2947            the JS timeout is reached. 
2949         int cond 
= (++vPC
)->u
.operand
; 
2950         int target 
= (++vPC
)->u
.operand
; 
2951         if (callFrame
[cond
].jsValue(callFrame
).toBoolean(callFrame
)) { 
2953             CHECK_FOR_TIMEOUT(); 
2960     DEFINE_OPCODE(op_jtrue
) { 
2961         /* jtrue cond(r) target(offset) 
2963            Jumps to offset target from the current instruction, if and 
2964            only if register cond converts to boolean as true. 
2966         int cond 
= (++vPC
)->u
.operand
; 
2967         int target 
= (++vPC
)->u
.operand
; 
2968         if (callFrame
[cond
].jsValue(callFrame
).toBoolean(callFrame
)) { 
2976     DEFINE_OPCODE(op_jfalse
) { 
2977         /* jfalse cond(r) target(offset) 
2979            Jumps to offset target from the current instruction, if and 
2980            only if register cond converts to boolean as false. 
2982         int cond 
= (++vPC
)->u
.operand
; 
2983         int target 
= (++vPC
)->u
.operand
; 
2984         if (!callFrame
[cond
].jsValue(callFrame
).toBoolean(callFrame
)) { 
2992     DEFINE_OPCODE(op_jeq_null
) { 
2993         /* jeq_null src(r) target(offset) 
2995            Jumps to offset target from the current instruction, if and 
2996            only if register src is null. 
2998         int src 
= (++vPC
)->u
.operand
; 
2999         int target 
= (++vPC
)->u
.operand
; 
3000         JSValuePtr srcValue 
= callFrame
[src
].jsValue(callFrame
); 
3002         if (srcValue
.isUndefinedOrNull() || (srcValue
.isCell() && srcValue
.asCell()->structure()->typeInfo().masqueradesAsUndefined())) { 
3010     DEFINE_OPCODE(op_jneq_null
) { 
3011         /* jneq_null src(r) target(offset) 
3013            Jumps to offset target from the current instruction, if and 
3014            only if register src is not null. 
3016         int src 
= (++vPC
)->u
.operand
; 
3017         int target 
= (++vPC
)->u
.operand
; 
3018         JSValuePtr srcValue 
= callFrame
[src
].jsValue(callFrame
); 
3020         if (!srcValue
.isUndefinedOrNull() || (srcValue
.isCell() && !srcValue
.asCell()->structure()->typeInfo().masqueradesAsUndefined())) { 
3028     DEFINE_OPCODE(op_loop_if_less
) { 
3029         /* loop_if_less src1(r) src2(r) target(offset) 
3031            Checks whether register src1 is less than register src2, as 
3032            with the ECMAScript '<' operator, and then jumps to offset 
3033            target from the current instruction, if and only if the  
3034            result of the comparison is true. 
3036            Additionally this loop instruction may terminate JS execution is 
3037            the JS timeout is reached. 
3039         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3040         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3041         int target 
= (++vPC
)->u
.operand
; 
3043         bool result 
= jsLess(callFrame
, src1
, src2
); 
3044         CHECK_FOR_EXCEPTION(); 
3048             CHECK_FOR_TIMEOUT(); 
3055     DEFINE_OPCODE(op_loop_if_lesseq
) { 
3056         /* loop_if_lesseq src1(r) src2(r) target(offset) 
3058            Checks whether register src1 is less than or equal to register 
3059            src2, as with the ECMAScript '<=' operator, and then jumps to 
3060            offset target from the current instruction, if and only if the  
3061            result of the comparison is true. 
3063            Additionally this loop instruction may terminate JS execution is 
3064            the JS timeout is reached. 
3066         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3067         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3068         int target 
= (++vPC
)->u
.operand
; 
3070         bool result 
= jsLessEq(callFrame
, src1
, src2
); 
3071         CHECK_FOR_EXCEPTION(); 
3075             CHECK_FOR_TIMEOUT(); 
3082     DEFINE_OPCODE(op_jnless
) { 
3083         /* jnless src1(r) src2(r) target(offset) 
3085            Checks whether register src1 is less than register src2, as 
3086            with the ECMAScript '<' operator, and then jumps to offset 
3087            target from the current instruction, if and only if the  
3088            result of the comparison is false. 
3090         JSValuePtr src1 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3091         JSValuePtr src2 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3092         int target 
= (++vPC
)->u
.operand
; 
3094         bool result 
= jsLess(callFrame
, src1
, src2
); 
3095         CHECK_FOR_EXCEPTION(); 
3105     DEFINE_OPCODE(op_switch_imm
) { 
3106         /* switch_imm tableIndex(n) defaultOffset(offset) scrutinee(r) 
3108            Performs a range checked switch on the scrutinee value, using 
3109            the tableIndex-th immediate switch jump table.  If the scrutinee value 
3110            is an immediate number in the range covered by the referenced jump 
3111            table, and the value at jumpTable[scrutinee value] is non-zero, then 
3112            that value is used as the jump offset, otherwise defaultOffset is used. 
3114         int tableIndex 
= (++vPC
)->u
.operand
; 
3115         int defaultOffset 
= (++vPC
)->u
.operand
; 
3116         JSValuePtr scrutinee 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3117         if (scrutinee
.isInt32Fast()) 
3118             vPC 
+= callFrame
->codeBlock()->immediateSwitchJumpTable(tableIndex
).offsetForValue(scrutinee
.getInt32Fast(), defaultOffset
); 
3121             if (scrutinee
.numberToInt32(value
)) 
3122                 vPC 
+= callFrame
->codeBlock()->immediateSwitchJumpTable(tableIndex
).offsetForValue(value
, defaultOffset
); 
3124                 vPC 
+= defaultOffset
; 
3128     DEFINE_OPCODE(op_switch_char
) { 
3129         /* switch_char tableIndex(n) defaultOffset(offset) scrutinee(r) 
3131            Performs a range checked switch on the scrutinee value, using 
3132            the tableIndex-th character switch jump table.  If the scrutinee value 
3133            is a single character string in the range covered by the referenced jump 
3134            table, and the value at jumpTable[scrutinee value] is non-zero, then 
3135            that value is used as the jump offset, otherwise defaultOffset is used. 
3137         int tableIndex 
= (++vPC
)->u
.operand
; 
3138         int defaultOffset 
= (++vPC
)->u
.operand
; 
3139         JSValuePtr scrutinee 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3140         if (!scrutinee
.isString()) 
3141             vPC 
+= defaultOffset
; 
3143             UString::Rep
* value 
= asString(scrutinee
)->value().rep(); 
3144             if (value
->size() != 1) 
3145                 vPC 
+= defaultOffset
; 
3147                 vPC 
+= callFrame
->codeBlock()->characterSwitchJumpTable(tableIndex
).offsetForValue(value
->data()[0], defaultOffset
); 
3151     DEFINE_OPCODE(op_switch_string
) { 
3152         /* switch_string tableIndex(n) defaultOffset(offset) scrutinee(r) 
3154            Performs a sparse hashmap based switch on the value in the scrutinee 
3155            register, using the tableIndex-th string switch jump table.  If the  
3156            scrutinee value is a string that exists as a key in the referenced  
3157            jump table, then the value associated with the string is used as the  
3158            jump offset, otherwise defaultOffset is used. 
3160         int tableIndex 
= (++vPC
)->u
.operand
; 
3161         int defaultOffset 
= (++vPC
)->u
.operand
; 
3162         JSValuePtr scrutinee 
= callFrame
[(++vPC
)->u
.operand
].jsValue(callFrame
); 
3163         if (!scrutinee
.isString()) 
3164             vPC 
+= defaultOffset
; 
3166             vPC 
+= callFrame
->codeBlock()->stringSwitchJumpTable(tableIndex
).offsetForValue(asString(scrutinee
)->value().rep(), defaultOffset
); 
3169     DEFINE_OPCODE(op_new_func
) { 
3170         /* new_func dst(r) func(f) 
3172            Constructs a new Function instance from function func and 
3173            the current scope chain using the original Function 
3174            constructor, using the rules for function declarations, and 
3175            puts the result in register dst. 
3177         int dst 
= (++vPC
)->u
.operand
; 
3178         int func 
= (++vPC
)->u
.operand
; 
3180         callFrame
[dst
] = callFrame
->codeBlock()->function(func
)->makeFunction(callFrame
, callFrame
->scopeChain()); 
3185     DEFINE_OPCODE(op_new_func_exp
) { 
3186         /* new_func_exp dst(r) func(f) 
3188            Constructs a new Function instance from function func and 
3189            the current scope chain using the original Function 
3190            constructor, using the rules for function expressions, and 
3191            puts the result in register dst. 
3193         int dst 
= (++vPC
)->u
.operand
; 
3194         int func 
= (++vPC
)->u
.operand
; 
3196         callFrame
[dst
] = callFrame
->codeBlock()->functionExpression(func
)->makeFunction(callFrame
, callFrame
->scopeChain()); 
3201     DEFINE_OPCODE(op_call_eval
) { 
3202         /* call_eval dst(r) func(r) argCount(n) registerOffset(n) 
3204            Call a function named "eval" with no explicit "this" value 
3205            (which may therefore be the eval operator). If register 
3206            thisVal is the global object, and register func contains 
3207            that global object's original global eval function, then 
3208            perform the eval operator in local scope (interpreting 
3209            the argument registers as for the "call" 
3210            opcode). Otherwise, act exactly as the "call" opcode would. 
3213         int dst 
= vPC
[1].u
.operand
; 
3214         int func 
= vPC
[2].u
.operand
; 
3215         int argCount 
= vPC
[3].u
.operand
; 
3216         int registerOffset 
= vPC
[4].u
.operand
; 
3218         JSValuePtr funcVal 
= callFrame
[func
].jsValue(callFrame
); 
3220         Register
* newCallFrame 
= callFrame
->registers() + registerOffset
; 
3221         Register
* argv 
= newCallFrame 
- RegisterFile::CallFrameHeaderSize 
- argCount
; 
3222         JSValuePtr thisValue 
= argv
[0].jsValue(callFrame
); 
3223         JSGlobalObject
* globalObject 
= callFrame
->scopeChain()->globalObject(); 
3225         if (thisValue 
== globalObject 
&& funcVal 
== globalObject
->evalFunction()) { 
3226             JSValuePtr result 
= callEval(callFrame
, registerFile
, argv
, argCount
, registerOffset
, exceptionValue
); 
3229             callFrame
[dst
] = result
; 
3235         // We didn't find the blessed version of eval, so process this 
3236         // instruction as a normal function call. 
3237         // fall through to op_call 
3239     DEFINE_OPCODE(op_call
) { 
3240         /* call dst(r) func(r) argCount(n) registerOffset(n) 
3242            Perform a function call. 
3244            registerOffset is the distance the callFrame pointer should move 
3245            before the VM initializes the new call frame's header. 
3247            dst is where op_ret should store its result. 
3250         int dst 
= vPC
[1].u
.operand
; 
3251         int func 
= vPC
[2].u
.operand
; 
3252         int argCount 
= vPC
[3].u
.operand
; 
3253         int registerOffset 
= vPC
[4].u
.operand
; 
3255         JSValuePtr v 
= callFrame
[func
].jsValue(callFrame
); 
3258         CallType callType 
= v
.getCallData(callData
); 
3260         if (callType 
== CallTypeJS
) { 
3261             ScopeChainNode
* callDataScopeChain 
= callData
.js
.scopeChain
; 
3262             FunctionBodyNode
* functionBodyNode 
= callData
.js
.functionBody
; 
3263             CodeBlock
* newCodeBlock 
= &functionBodyNode
->bytecode(callDataScopeChain
); 
3265             CallFrame
* previousCallFrame 
= callFrame
; 
3267             callFrame 
= slideRegisterWindowForCall(newCodeBlock
, registerFile
, callFrame
, registerOffset
, argCount
); 
3268             if (UNLIKELY(!callFrame
)) { 
3269                 callFrame 
= previousCallFrame
; 
3270                 exceptionValue 
= createStackOverflowError(callFrame
); 
3274             callFrame
->init(newCodeBlock
, vPC 
+ 5, callDataScopeChain
, previousCallFrame
, dst
, argCount
, asFunction(v
)); 
3275             vPC 
= newCodeBlock
->instructions().begin(); 
3277 #if ENABLE(OPCODE_STATS) 
3278             OpcodeStats::resetLastInstruction(); 
3284         if (callType 
== CallTypeHost
) { 
3285             ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
3286             CallFrame
* newCallFrame 
= CallFrame::create(callFrame
->registers() + registerOffset
); 
3287             newCallFrame
->init(0, vPC 
+ 5, scopeChain
, callFrame
, dst
, argCount
, 0); 
3289             Register
* thisRegister 
= newCallFrame
->registers() - RegisterFile::CallFrameHeaderSize 
- argCount
; 
3290             ArgList 
args(thisRegister 
+ 1, argCount 
- 1); 
3292             // FIXME: All host methods should be calling toThisObject, but this is not presently the case. 
3293             JSValuePtr thisValue 
= thisRegister
->jsValue(callFrame
); 
3294             if (thisValue 
== jsNull()) 
3295                 thisValue 
= callFrame
->globalThisValue(); 
3297             JSValuePtr returnValue
; 
3299                 SamplingTool::HostCallRecord 
callRecord(m_sampler
); 
3300                 returnValue 
= callData
.native
.function(newCallFrame
, asObject(v
), thisValue
, args
); 
3302             CHECK_FOR_EXCEPTION(); 
3304             callFrame
[dst
] = JSValuePtr(returnValue
); 
3310         ASSERT(callType 
== CallTypeNone
); 
3312         exceptionValue 
= createNotAFunctionError(callFrame
, v
, vPC 
- callFrame
->codeBlock()->instructions().begin(), callFrame
->codeBlock()); 
3315     DEFINE_OPCODE(op_tear_off_activation
) { 
3316         /* tear_off_activation activation(r) 
3318            Copy all locals and parameters to new memory allocated on 
3319            the heap, and make the passed activation use this memory 
3320            in the future when looking up entries in the symbol table. 
3321            If there is an 'arguments' object, then it will also use 
3322            this memory for storing the named parameters, but not any 
3325            This opcode should only be used immediately before op_ret. 
3328         int src 
= (++vPC
)->u
.operand
; 
3329         ASSERT(callFrame
->codeBlock()->needsFullScopeChain()); 
3331         asActivation(callFrame
[src
].getJSValue())->copyRegisters(callFrame
->optionalCalleeArguments()); 
3336     DEFINE_OPCODE(op_tear_off_arguments
) { 
3337         /* tear_off_arguments 
3339            Copy all arguments to new memory allocated on the heap, 
3340            and make the 'arguments' object use this memory in the 
3341            future when looking up named parameters, but not any 
3342            extra arguments. If an activation object exists for the 
3343            current function context, then the tear_off_activation 
3344            opcode should be used instead. 
3346            This opcode should only be used immediately before op_ret. 
3349         ASSERT(callFrame
->codeBlock()->usesArguments() && !callFrame
->codeBlock()->needsFullScopeChain()); 
3351         callFrame
->optionalCalleeArguments()->copyRegisters(); 
3356     DEFINE_OPCODE(op_ret
) { 
3359            Return register result as the return value of the current 
3360            function call, writing it into the caller's expected return 
3361            value register. In addition, unwind one call frame and 
3362            restore the scope chain, code block instruction pointer and 
3363            register base to those of the calling function. 
3366         int result 
= (++vPC
)->u
.operand
; 
3368         if (callFrame
->codeBlock()->needsFullScopeChain()) 
3369             callFrame
->scopeChain()->deref(); 
3371         JSValuePtr returnValue 
= callFrame
[result
].jsValue(callFrame
); 
3373         vPC 
= callFrame
->returnPC(); 
3374         int dst 
= callFrame
->returnValueRegister(); 
3375         callFrame 
= callFrame
->callerFrame(); 
3377         if (callFrame
->hasHostCallFrameFlag()) 
3380         callFrame
[dst
] = JSValuePtr(returnValue
); 
3384     DEFINE_OPCODE(op_enter
) { 
3387            Initializes local variables to undefined and fills constant 
3388            registers with their values. If the code block requires an 
3389            activation, enter_with_activation should be used instead. 
3391            This opcode should only be used at the beginning of a code 
3396         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
3398         for (size_t count 
= codeBlock
->m_numVars
; i 
< count
; ++i
) 
3399             callFrame
[i
] = jsUndefined(); 
3401         for (size_t count 
= codeBlock
->numberOfConstantRegisters(), j 
= 0; j 
< count
; ++i
, ++j
) 
3402             callFrame
[i
] = codeBlock
->constantRegister(j
); 
3407     DEFINE_OPCODE(op_enter_with_activation
) { 
3408         /* enter_with_activation dst(r) 
3410            Initializes local variables to undefined, fills constant 
3411            registers with their values, creates an activation object, 
3412            and places the new activation both in dst and at the top 
3413            of the scope chain. If the code block does not require an 
3414            activation, enter should be used instead. 
3416            This opcode should only be used at the beginning of a code 
3421         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
3423         for (size_t count 
= codeBlock
->m_numVars
; i 
< count
; ++i
) 
3424             callFrame
[i
] = jsUndefined(); 
3426         for (size_t count 
= codeBlock
->numberOfConstantRegisters(), j 
= 0; j 
< count
; ++i
, ++j
) 
3427             callFrame
[i
] = codeBlock
->constantRegister(j
); 
3429         int dst 
= (++vPC
)->u
.operand
; 
3430         JSActivation
* activation 
= new (globalData
) JSActivation(callFrame
, static_cast<FunctionBodyNode
*>(codeBlock
->ownerNode())); 
3431         callFrame
[dst
] = activation
; 
3432         callFrame
->setScopeChain(callFrame
->scopeChain()->copy()->push(activation
)); 
3437     DEFINE_OPCODE(op_convert_this
) { 
3438         /* convert_this this(r) 
3440            Takes the value in the 'this' register, converts it to a 
3441            value that is suitable for use as the 'this' value, and 
3442            stores it in the 'this' register. This opcode is emitted 
3443            to avoid doing the conversion in the caller unnecessarily. 
3445            This opcode should only be used at the beginning of a code 
3449         int thisRegister 
= (++vPC
)->u
.operand
; 
3450         JSValuePtr thisVal 
= callFrame
[thisRegister
].getJSValue(); 
3451         if (thisVal
.needsThisConversion()) 
3452             callFrame
[thisRegister
] = JSValuePtr(thisVal
.toThisObject(callFrame
)); 
3457     DEFINE_OPCODE(op_create_arguments
) { 
3460            Creates the 'arguments' object and places it in both the 
3461            'arguments' call frame slot and the local 'arguments' 
3464            This opcode should only be used at the beginning of a code 
3468         Arguments
* arguments 
= new (globalData
) Arguments(callFrame
); 
3469         callFrame
->setCalleeArguments(arguments
); 
3470         callFrame
[RegisterFile::ArgumentsRegister
] = arguments
; 
3475     DEFINE_OPCODE(op_construct
) { 
3476         /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r) 
3478            Invoke register "func" as a constructor. For JS 
3479            functions, the calling convention is exactly as for the 
3480            "call" opcode, except that the "this" value is a newly 
3481            created Object. For native constructors, no "this" 
3482            value is passed. In either case, the argCount and registerOffset 
3483            registers are interpreted as for the "call" opcode. 
3485            Register proto must contain the prototype property of 
3486            register func. This is to enable polymorphic inline 
3487            caching of this lookup. 
3490         int dst 
= vPC
[1].u
.operand
; 
3491         int func 
= vPC
[2].u
.operand
; 
3492         int argCount 
= vPC
[3].u
.operand
; 
3493         int registerOffset 
= vPC
[4].u
.operand
; 
3494         int proto 
= vPC
[5].u
.operand
; 
3495         int thisRegister 
= vPC
[6].u
.operand
; 
3497         JSValuePtr v 
= callFrame
[func
].jsValue(callFrame
); 
3499         ConstructData constructData
; 
3500         ConstructType constructType 
= v
.getConstructData(constructData
); 
3502         if (constructType 
== ConstructTypeJS
) { 
3503             ScopeChainNode
* callDataScopeChain 
= constructData
.js
.scopeChain
; 
3504             FunctionBodyNode
* functionBodyNode 
= constructData
.js
.functionBody
; 
3505             CodeBlock
* newCodeBlock 
= &functionBodyNode
->bytecode(callDataScopeChain
); 
3507             Structure
* structure
; 
3508             JSValuePtr prototype 
= callFrame
[proto
].jsValue(callFrame
); 
3509             if (prototype
.isObject()) 
3510                 structure 
= asObject(prototype
)->inheritorID(); 
3512                 structure 
= callDataScopeChain
->globalObject()->emptyObjectStructure(); 
3513             JSObject
* newObject 
= new (globalData
) JSObject(structure
); 
3515             callFrame
[thisRegister
] = JSValuePtr(newObject
); // "this" value 
3517             CallFrame
* previousCallFrame 
= callFrame
; 
3519             callFrame 
= slideRegisterWindowForCall(newCodeBlock
, registerFile
, callFrame
, registerOffset
, argCount
); 
3520             if (UNLIKELY(!callFrame
)) { 
3521                 callFrame 
= previousCallFrame
; 
3522                 exceptionValue 
= createStackOverflowError(callFrame
); 
3526             callFrame
->init(newCodeBlock
, vPC 
+ 7, callDataScopeChain
, previousCallFrame
, dst
, argCount
, asFunction(v
)); 
3527             vPC 
= newCodeBlock
->instructions().begin(); 
3529 #if ENABLE(OPCODE_STATS) 
3530             OpcodeStats::resetLastInstruction(); 
3536         if (constructType 
== ConstructTypeHost
) { 
3537             ArgList 
args(callFrame
->registers() + thisRegister 
+ 1, argCount 
- 1); 
3539             ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
3540             CallFrame
* newCallFrame 
= CallFrame::create(callFrame
->registers() + registerOffset
); 
3541             newCallFrame
->init(0, vPC 
+ 7, scopeChain
, callFrame
, dst
, argCount
, 0); 
3543             JSValuePtr returnValue
; 
3545                 SamplingTool::HostCallRecord 
callRecord(m_sampler
); 
3546                 returnValue 
= constructData
.native
.function(newCallFrame
, asObject(v
), args
); 
3548             CHECK_FOR_EXCEPTION(); 
3549             callFrame
[dst
] = JSValuePtr(returnValue
); 
3555         ASSERT(constructType 
== ConstructTypeNone
); 
3557         exceptionValue 
= createNotAConstructorError(callFrame
, v
, vPC 
- callFrame
->codeBlock()->instructions().begin(), callFrame
->codeBlock()); 
3560     DEFINE_OPCODE(op_construct_verify
) { 
3561         /* construct_verify dst(r) override(r) 
3563            Verifies that register dst holds an object. If not, moves 
3564            the object in register override to register dst. 
3567         int dst 
= vPC
[1].u
.operand
;; 
3568         if (LIKELY(callFrame
[dst
].jsValue(callFrame
).isObject())) { 
3573         int override 
= vPC
[2].u
.operand
; 
3574         callFrame
[dst
] = callFrame
[override
]; 
3579     DEFINE_OPCODE(op_push_scope
) { 
3580         /* push_scope scope(r) 
3582            Converts register scope to object, and pushes it onto the top 
3583            of the current scope chain.  The contents of the register scope 
3584            are replaced by the result of toObject conversion of the scope. 
3586         int scope 
= (++vPC
)->u
.operand
; 
3587         JSValuePtr v 
= callFrame
[scope
].jsValue(callFrame
); 
3588         JSObject
* o 
= v
.toObject(callFrame
); 
3589         CHECK_FOR_EXCEPTION(); 
3591         callFrame
[scope
] = JSValuePtr(o
); 
3592         callFrame
->setScopeChain(callFrame
->scopeChain()->push(o
)); 
3597     DEFINE_OPCODE(op_pop_scope
) { 
3600            Removes the top item from the current scope chain. 
3602         callFrame
->setScopeChain(callFrame
->scopeChain()->pop()); 
3607     DEFINE_OPCODE(op_get_pnames
) { 
3608         /* get_pnames dst(r) base(r) 
3610            Creates a property name list for register base and puts it 
3611            in register dst. This is not a true JavaScript value, just 
3612            a synthetic value used to keep the iteration state in a 
3615         int dst 
= (++vPC
)->u
.operand
; 
3616         int base 
= (++vPC
)->u
.operand
; 
3618         callFrame
[dst
] = JSPropertyNameIterator::create(callFrame
, callFrame
[base
].jsValue(callFrame
)); 
3622     DEFINE_OPCODE(op_next_pname
) { 
3623         /* next_pname dst(r) iter(r) target(offset) 
3625            Tries to copies the next name from property name list in 
3626            register iter. If there are names left, then copies one to 
3627            register dst, and jumps to offset target. If there are none 
3628            left, invalidates the iterator and continues to the next 
3631         int dst 
= (++vPC
)->u
.operand
; 
3632         int iter 
= (++vPC
)->u
.operand
; 
3633         int target 
= (++vPC
)->u
.operand
; 
3635         JSPropertyNameIterator
* it 
= callFrame
[iter
].propertyNameIterator(); 
3636         if (JSValuePtr temp 
= it
->next(callFrame
)) { 
3637             CHECK_FOR_TIMEOUT(); 
3638             callFrame
[dst
] = JSValuePtr(temp
); 
3647     DEFINE_OPCODE(op_jmp_scopes
) { 
3648         /* jmp_scopes count(n) target(offset) 
3650            Removes the a number of items from the current scope chain 
3651            specified by immediate number count, then jumps to offset 
3654         int count 
= (++vPC
)->u
.operand
; 
3655         int target 
= (++vPC
)->u
.operand
; 
3657         ScopeChainNode
* tmp 
= callFrame
->scopeChain(); 
3660         callFrame
->setScopeChain(tmp
); 
3665 #if HAVE(COMPUTED_GOTO) 
3667     goto *(&&skip_new_scope
); 
3669     DEFINE_OPCODE(op_push_new_scope
) { 
3670         /* new_scope dst(r) property(id) value(r) 
3672            Constructs a new StaticScopeObject with property set to value.  That scope 
3673            object is then pushed onto the ScopeChain.  The scope object is then stored 
3676         callFrame
->setScopeChain(createExceptionScope(callFrame
, vPC
)); 
3681 #if HAVE(COMPUTED_GOTO) 
3684     DEFINE_OPCODE(op_catch
) { 
3687            Retrieves the VMs current exception and puts it in register 
3688            ex. This is only valid after an exception has been raised, 
3689            and usually forms the beginning of an exception handler. 
3691         ASSERT(exceptionValue
); 
3692         ASSERT(!globalData
->exception
); 
3693         int ex 
= (++vPC
)->u
.operand
; 
3694         callFrame
[ex
] = exceptionValue
; 
3695         exceptionValue 
= noValue(); 
3700     DEFINE_OPCODE(op_throw
) { 
3703            Throws register ex as an exception. This involves three 
3704            steps: first, it is set as the current exception in the 
3705            VM's internal state, then the stack is unwound until an 
3706            exception handler or a native code boundary is found, and 
3707            then control resumes at the exception handler if any or 
3708            else the script returns control to the nearest native caller. 
3711         int ex 
= (++vPC
)->u
.operand
; 
3712         exceptionValue 
= callFrame
[ex
].jsValue(callFrame
); 
3714         handler 
= throwException(callFrame
, exceptionValue
, vPC 
- callFrame
->codeBlock()->instructions().begin(), true); 
3716             *exception 
= exceptionValue
; 
3720         vPC 
= callFrame
->codeBlock()->instructions().begin() + handler
->target
; 
3723     DEFINE_OPCODE(op_unexpected_load
) { 
3724         /* unexpected_load load dst(r) src(k) 
3726            Copies constant src to register dst. 
3728         int dst 
= (++vPC
)->u
.operand
; 
3729         int src 
= (++vPC
)->u
.operand
; 
3730         callFrame
[dst
] = JSValuePtr(callFrame
->codeBlock()->unexpectedConstant(src
)); 
3735     DEFINE_OPCODE(op_new_error
) { 
3736         /* new_error dst(r) type(n) message(k) 
3738            Constructs a new Error instance using the original 
3739            constructor, using immediate number n as the type and 
3740            constant message as the message string. The result is 
3741            written to register dst. 
3743         int dst 
= (++vPC
)->u
.operand
; 
3744         int type 
= (++vPC
)->u
.operand
; 
3745         int message 
= (++vPC
)->u
.operand
; 
3747         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
3748         callFrame
[dst
] = JSValuePtr(Error::create(callFrame
, (ErrorType
)type
, codeBlock
->unexpectedConstant(message
).toString(callFrame
), codeBlock
->lineNumberForBytecodeOffset(callFrame
, vPC 
- codeBlock
->instructions().begin()), codeBlock
->ownerNode()->sourceID(), codeBlock
->ownerNode()->sourceURL())); 
3753     DEFINE_OPCODE(op_end
) { 
3756            Return register result as the value of a global or eval 
3757            program. Return control to the calling native code. 
3760         if (callFrame
->codeBlock()->needsFullScopeChain()) { 
3761             ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
3762             ASSERT(scopeChain
->refCount 
> 1); 
3763             scopeChain
->deref(); 
3765         int result 
= (++vPC
)->u
.operand
; 
3766         return callFrame
[result
].jsValue(callFrame
); 
3768     DEFINE_OPCODE(op_put_getter
) { 
3769         /* put_getter base(r) property(id) function(r) 
3771            Sets register function on register base as the getter named 
3772            by identifier property. Base and function are assumed to be 
3773            objects as this op should only be used for getters defined 
3774            in object literal form. 
3776            Unlike many opcodes, this one does not write any output to 
3779         int base 
= (++vPC
)->u
.operand
; 
3780         int property 
= (++vPC
)->u
.operand
; 
3781         int function 
= (++vPC
)->u
.operand
; 
3783         ASSERT(callFrame
[base
].jsValue(callFrame
).isObject()); 
3784         JSObject
* baseObj 
= asObject(callFrame
[base
].jsValue(callFrame
)); 
3785         Identifier
& ident 
= callFrame
->codeBlock()->identifier(property
); 
3786         ASSERT(callFrame
[function
].jsValue(callFrame
).isObject()); 
3787         baseObj
->defineGetter(callFrame
, ident
, asObject(callFrame
[function
].jsValue(callFrame
))); 
3792     DEFINE_OPCODE(op_put_setter
) { 
3793         /* put_setter base(r) property(id) function(r) 
3795            Sets register function on register base as the setter named 
3796            by identifier property. Base and function are assumed to be 
3797            objects as this op should only be used for setters defined 
3798            in object literal form. 
3800            Unlike many opcodes, this one does not write any output to 
3803         int base 
= (++vPC
)->u
.operand
; 
3804         int property 
= (++vPC
)->u
.operand
; 
3805         int function 
= (++vPC
)->u
.operand
; 
3807         ASSERT(callFrame
[base
].jsValue(callFrame
).isObject()); 
3808         JSObject
* baseObj 
= asObject(callFrame
[base
].jsValue(callFrame
)); 
3809         Identifier
& ident 
= callFrame
->codeBlock()->identifier(property
); 
3810         ASSERT(callFrame
[function
].jsValue(callFrame
).isObject()); 
3811         baseObj
->defineSetter(callFrame
, ident
, asObject(callFrame
[function
].jsValue(callFrame
))); 
3816     DEFINE_OPCODE(op_jsr
) { 
3817         /* jsr retAddrDst(r) target(offset) 
3819            Places the address of the next instruction into the retAddrDst 
3820            register and jumps to offset target from the current instruction. 
3822         int retAddrDst 
= (++vPC
)->u
.operand
; 
3823         int target 
= (++vPC
)->u
.operand
; 
3824         callFrame
[retAddrDst
] = vPC 
+ 1; 
3829     DEFINE_OPCODE(op_sret
) { 
3830         /* sret retAddrSrc(r) 
3832          Jumps to the address stored in the retAddrSrc register. This 
3833          differs from op_jmp because the target address is stored in a 
3834          register, not as an immediate. 
3836         int retAddrSrc 
= (++vPC
)->u
.operand
; 
3837         vPC 
= callFrame
[retAddrSrc
].vPC(); 
3840     DEFINE_OPCODE(op_debug
) { 
3841         /* debug debugHookID(n) firstLine(n) lastLine(n) 
3843          Notifies the debugger of the current state of execution. This opcode 
3844          is only generated while the debugger is attached. 
3846         int debugHookID 
= (++vPC
)->u
.operand
; 
3847         int firstLine 
= (++vPC
)->u
.operand
; 
3848         int lastLine 
= (++vPC
)->u
.operand
; 
3850         debug(callFrame
, static_cast<DebugHookID
>(debugHookID
), firstLine
, lastLine
); 
3855     DEFINE_OPCODE(op_profile_will_call
) { 
3856         /* op_profile_will_call function(r) 
3858          Notifies the profiler of the beginning of a function call. This opcode 
3859          is only generated if developer tools are enabled. 
3861         int function 
= vPC
[1].u
.operand
; 
3863         if (*enabledProfilerReference
) 
3864             (*enabledProfilerReference
)->willExecute(callFrame
, callFrame
[function
].jsValue(callFrame
)); 
3869     DEFINE_OPCODE(op_profile_did_call
) { 
3870         /* op_profile_did_call function(r) 
3872          Notifies the profiler of the end of a function call. This opcode 
3873          is only generated if developer tools are enabled. 
3875         int function 
= vPC
[1].u
.operand
; 
3877         if (*enabledProfilerReference
) 
3878             (*enabledProfilerReference
)->didExecute(callFrame
, callFrame
[function
].jsValue(callFrame
)); 
3884         globalData
->exception 
= noValue(); 
3886             // The exceptionValue is a lie! (GCC produces bad code for reasons I  
3887             // cannot fathom if we don't assign to the exceptionValue before branching) 
3888             exceptionValue 
= createInterruptedExecutionException(globalData
); 
3890         handler 
= throwException(callFrame
, exceptionValue
, vPC 
- callFrame
->codeBlock()->instructions().begin(), false); 
3892             *exception 
= exceptionValue
; 
3896         vPC 
= callFrame
->codeBlock()->instructions().begin() + handler
->target
; 
3900 #if !HAVE(COMPUTED_GOTO) 
3901     } // iterator loop ends 
3903     #undef NEXT_INSTRUCTION 
3904     #undef DEFINE_OPCODE 
3905     #undef CHECK_FOR_EXCEPTION 
3906     #undef CHECK_FOR_TIMEOUT 
3909 JSValuePtr 
Interpreter::retrieveArguments(CallFrame
* callFrame
, JSFunction
* function
) const 
3911     CallFrame
* functionCallFrame 
= findFunctionCallFrame(callFrame
, function
); 
3912     if (!functionCallFrame
) 
3915     CodeBlock
* codeBlock 
= functionCallFrame
->codeBlock(); 
3916     if (codeBlock
->usesArguments()) { 
3917         ASSERT(codeBlock
->codeType() == FunctionCode
); 
3918         SymbolTable
& symbolTable 
= codeBlock
->symbolTable(); 
3919         int argumentsIndex 
= symbolTable
.get(functionCallFrame
->propertyNames().arguments
.ustring().rep()).getIndex(); 
3920         return functionCallFrame
[argumentsIndex
].jsValue(callFrame
); 
3923     Arguments
* arguments 
= functionCallFrame
->optionalCalleeArguments(); 
3925         arguments 
= new (functionCallFrame
) Arguments(functionCallFrame
); 
3926         arguments
->copyRegisters(); 
3927         callFrame
->setCalleeArguments(arguments
); 
3933 JSValuePtr 
Interpreter::retrieveCaller(CallFrame
* callFrame
, InternalFunction
* function
) const 
3935     CallFrame
* functionCallFrame 
= findFunctionCallFrame(callFrame
, function
); 
3936     if (!functionCallFrame
) 
3939     CallFrame
* callerFrame 
= functionCallFrame
->callerFrame(); 
3940     if (callerFrame
->hasHostCallFrameFlag()) 
3943     JSValuePtr caller 
= callerFrame
->callee(); 
3950 void Interpreter::retrieveLastCaller(CallFrame
* callFrame
, int& lineNumber
, intptr_t& sourceID
, UString
& sourceURL
, JSValuePtr
& function
) const 
3952     function 
= noValue(); 
3954     sourceURL 
= UString(); 
3956     CallFrame
* callerFrame 
= callFrame
->callerFrame(); 
3957     if (callerFrame
->hasHostCallFrameFlag()) 
3960     CodeBlock
* callerCodeBlock 
= callerFrame
->codeBlock(); 
3961     if (!callerCodeBlock
) 
3964     unsigned bytecodeOffset 
= bytecodeOffsetForPC(callerFrame
, callerCodeBlock
, callFrame
->returnPC()); 
3965     lineNumber 
= callerCodeBlock
->lineNumberForBytecodeOffset(callerFrame
, bytecodeOffset 
- 1); 
3966     sourceID 
= callerCodeBlock
->ownerNode()->sourceID(); 
3967     sourceURL 
= callerCodeBlock
->ownerNode()->sourceURL(); 
3968     function 
= callerFrame
->callee(); 
3971 CallFrame
* Interpreter::findFunctionCallFrame(CallFrame
* callFrame
, InternalFunction
* function
) 
3973     for (CallFrame
* candidate 
= callFrame
; candidate
; candidate 
= candidate
->callerFrame()->removeHostCallFrameFlag()) { 
3974         if (candidate
->callee() == function
) 
3982 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) 
3984 NEVER_INLINE 
void Interpreter::tryCTICachePutByID(CallFrame
* callFrame
, CodeBlock
* codeBlock
, void* returnAddress
, JSValuePtr baseValue
, const PutPropertySlot
& slot
) 
3986     // The interpreter checks for recursion here; I do not believe this can occur in CTI. 
3988     if (!baseValue
.isCell()) 
3991     // Uncacheable: give up. 
3992     if (!slot
.isCacheable()) { 
3993         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_put_by_id_generic
)); 
3997     JSCell
* baseCell 
= asCell(baseValue
); 
3998     Structure
* structure 
= baseCell
->structure(); 
4000     if (structure
->isDictionary()) { 
4001         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_put_by_id_generic
)); 
4005     // If baseCell != base, then baseCell must be a proxy for another object. 
4006     if (baseCell 
!= slot
.base()) { 
4007         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_put_by_id_generic
)); 
4011     StructureStubInfo
* stubInfo 
= &codeBlock
->getStubInfo(returnAddress
); 
4013     // Cache hit: Specialize instruction and ref Structures. 
4015     // Structure transition, cache transition info 
4016     if (slot
.type() == PutPropertySlot::NewProperty
) { 
4017         StructureChain
* prototypeChain 
= structure
->prototypeChain(callFrame
); 
4018         stubInfo
->initPutByIdTransition(structure
->previousID(), structure
, prototypeChain
); 
4019         JIT::compilePutByIdTransition(callFrame
->scopeChain()->globalData
, codeBlock
, stubInfo
, structure
->previousID(), structure
, slot
.cachedOffset(), prototypeChain
, returnAddress
);  
4023     stubInfo
->initPutByIdReplace(structure
); 
4025 #if USE(CTI_REPATCH_PIC) 
4026     UNUSED_PARAM(callFrame
); 
4027     JIT::patchPutByIdReplace(stubInfo
, structure
, slot
.cachedOffset(), returnAddress
); 
4029     JIT::compilePutByIdReplace(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, structure
, slot
.cachedOffset(), returnAddress
); 
4033 NEVER_INLINE 
void Interpreter::tryCTICacheGetByID(CallFrame
* callFrame
, CodeBlock
* codeBlock
, void* returnAddress
, JSValuePtr baseValue
, const Identifier
& propertyName
, const PropertySlot
& slot
) 
4035     // FIXME: Write a test that proves we need to check for recursion here just 
4036     // like the interpreter does, then add a check for recursion. 
4038     // FIXME: Cache property access for immediates. 
4039     if (!baseValue
.isCell()) { 
4040         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_get_by_id_generic
)); 
4044     if (isJSArray(baseValue
) && propertyName 
== callFrame
->propertyNames().length
) { 
4045 #if USE(CTI_REPATCH_PIC) 
4046         JIT::compilePatchGetArrayLength(callFrame
->scopeChain()->globalData
, codeBlock
, returnAddress
); 
4048         ctiPatchCallByReturnAddress(returnAddress
, m_ctiArrayLengthTrampoline
); 
4052     if (isJSString(baseValue
) && propertyName 
== callFrame
->propertyNames().length
) { 
4053         // The tradeoff of compiling an patched inline string length access routine does not seem 
4054         // to pay off, so we currently only do this for arrays. 
4055         ctiPatchCallByReturnAddress(returnAddress
, m_ctiStringLengthTrampoline
); 
4059     // Uncacheable: give up. 
4060     if (!slot
.isCacheable()) { 
4061         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_get_by_id_generic
)); 
4065     JSCell
* baseCell 
= asCell(baseValue
); 
4066     Structure
* structure 
= baseCell
->structure(); 
4068     if (structure
->isDictionary()) { 
4069         ctiPatchCallByReturnAddress(returnAddress
, reinterpret_cast<void*>(cti_op_get_by_id_generic
)); 
4073     // In the interpreter the last structure is trapped here; in CTI we use the 
4074     // *_second method to achieve a similar (but not quite the same) effect. 
4076     StructureStubInfo
* stubInfo 
= &codeBlock
->getStubInfo(returnAddress
); 
4078     // Cache hit: Specialize instruction and ref Structures. 
4080     if (slot
.slotBase() == baseValue
) { 
4081         // set this up, so derefStructures can do it's job. 
4082         stubInfo
->initGetByIdSelf(structure
); 
4084 #if USE(CTI_REPATCH_PIC) 
4085         JIT::patchGetByIdSelf(stubInfo
, structure
, slot
.cachedOffset(), returnAddress
); 
4087         JIT::compileGetByIdSelf(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, structure
, slot
.cachedOffset(), returnAddress
); 
4092     if (slot
.slotBase() == structure
->prototypeForLookup(callFrame
)) { 
4093         ASSERT(slot
.slotBase().isObject()); 
4095         JSObject
* slotBaseObject 
= asObject(slot
.slotBase()); 
4097         // Since we're accessing a prototype in a loop, it's a good bet that it 
4098         // should not be treated as a dictionary. 
4099         if (slotBaseObject
->structure()->isDictionary())  
4100             slotBaseObject
->setStructure(Structure::fromDictionaryTransition(slotBaseObject
->structure()));  
4102         stubInfo
->initGetByIdProto(structure
, slotBaseObject
->structure()); 
4104         JIT::compileGetByIdProto(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, structure
, slotBaseObject
->structure(), slot
.cachedOffset(), returnAddress
); 
4108     size_t count 
= countPrototypeChainEntriesAndCheckForProxies(callFrame
, baseValue
, slot
); 
4110         stubInfo
->opcodeID 
= op_get_by_id_generic
; 
4114     StructureChain
* prototypeChain 
= structure
->prototypeChain(callFrame
);  
4115     stubInfo
->initGetByIdChain(structure
, prototypeChain
);  
4116     JIT::compileGetByIdChain(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, structure
, prototypeChain
, count
, slot
.cachedOffset(), returnAddress
);  
4121 #if USE(JIT_STUB_ARGUMENT_VA_LIST) 
4122 #define SETUP_VA_LISTL_ARGS va_list vl_args; va_start(vl_args, args) 
4123 #else // JIT_STUB_ARGUMENT_REGISTER or JIT_STUB_ARGUMENT_STACK 
4124 #define SETUP_VA_LISTL_ARGS 
4131 static void jscGeneratedNativeCode()  
4133     // When executing a CTI function (which might do an allocation), we hack the return address 
4134     // to pretend to be executing this function, to keep stack logging tools from blowing out 
4141     ALWAYS_INLINE 
StackHack(void** location
)  
4143         returnAddressLocation 
= location
; 
4144         savedReturnAddress 
= *returnAddressLocation
; 
4145         ctiSetReturnAddress(returnAddressLocation
, reinterpret_cast<void*>(jscGeneratedNativeCode
)); 
4147     ALWAYS_INLINE 
~StackHack()  
4149         ctiSetReturnAddress(returnAddressLocation
, savedReturnAddress
); 
4152     void** returnAddressLocation
; 
4153     void* savedReturnAddress
; 
4156 #define BEGIN_STUB_FUNCTION() SETUP_VA_LISTL_ARGS; StackHack stackHack(&STUB_RETURN_ADDRESS_SLOT) 
4157 #define STUB_SET_RETURN_ADDRESS(address) stackHack.savedReturnAddress = address 
4158 #define STUB_RETURN_ADDRESS stackHack.savedReturnAddress 
4162 #define BEGIN_STUB_FUNCTION() SETUP_VA_LISTL_ARGS 
4163 #define STUB_SET_RETURN_ADDRESS(address) ctiSetReturnAddress(&STUB_RETURN_ADDRESS_SLOT, address); 
4164 #define STUB_RETURN_ADDRESS STUB_RETURN_ADDRESS_SLOT 
4168 // The reason this is not inlined is to avoid having to do a PIC branch 
4169 // to get the address of the ctiVMThrowTrampoline function. It's also 
4170 // good to keep the code size down by leaving as much of the exception 
4171 // handling code out of line as possible. 
4172 static NEVER_INLINE 
void returnToThrowTrampoline(JSGlobalData
* globalData
, void* exceptionLocation
, void*& returnAddressSlot
) 
4174     ASSERT(globalData
->exception
); 
4175     globalData
->exceptionLocation 
= exceptionLocation
; 
4176     ctiSetReturnAddress(&returnAddressSlot
, reinterpret_cast<void*>(ctiVMThrowTrampoline
)); 
4179 static NEVER_INLINE 
void throwStackOverflowError(CallFrame
* callFrame
, JSGlobalData
* globalData
, void* exceptionLocation
, void*& returnAddressSlot
) 
4181     globalData
->exception 
= createStackOverflowError(callFrame
); 
4182     returnToThrowTrampoline(globalData
, exceptionLocation
, returnAddressSlot
); 
4185 #define VM_THROW_EXCEPTION() \ 
4187         VM_THROW_EXCEPTION_AT_END(); \ 
4190 #define VM_THROW_EXCEPTION_2() \ 
4192         VM_THROW_EXCEPTION_AT_END(); \ 
4193         RETURN_PAIR(0, 0); \ 
4195 #define VM_THROW_EXCEPTION_AT_END() \ 
4196     returnToThrowTrampoline(ARG_globalData, STUB_RETURN_ADDRESS, STUB_RETURN_ADDRESS) 
4198 #define CHECK_FOR_EXCEPTION() \ 
4200         if (UNLIKELY(ARG_globalData->exception != noValue())) \ 
4201             VM_THROW_EXCEPTION(); \ 
4203 #define CHECK_FOR_EXCEPTION_AT_END() \ 
4205         if (UNLIKELY(ARG_globalData->exception != noValue())) \ 
4206             VM_THROW_EXCEPTION_AT_END(); \ 
4208 #define CHECK_FOR_EXCEPTION_VOID() \ 
4210         if (UNLIKELY(ARG_globalData->exception != noValue())) { \ 
4211             VM_THROW_EXCEPTION_AT_END(); \ 
4216 JSObject
* Interpreter::cti_op_convert_this(STUB_ARGS
) 
4218     BEGIN_STUB_FUNCTION(); 
4220     JSValuePtr v1 
= ARG_src1
; 
4221     CallFrame
* callFrame 
= ARG_callFrame
; 
4223     JSObject
* result 
= v1
.toThisObject(callFrame
); 
4224     CHECK_FOR_EXCEPTION_AT_END(); 
4228 void Interpreter::cti_op_end(STUB_ARGS
) 
4230     BEGIN_STUB_FUNCTION(); 
4232     ScopeChainNode
* scopeChain 
= ARG_callFrame
->scopeChain(); 
4233     ASSERT(scopeChain
->refCount 
> 1); 
4234     scopeChain
->deref(); 
4237 JSValueEncodedAsPointer
* Interpreter::cti_op_add(STUB_ARGS
) 
4239     BEGIN_STUB_FUNCTION(); 
4241     JSValuePtr v1 
= ARG_src1
; 
4242     JSValuePtr v2 
= ARG_src2
; 
4247     bool rightIsNumber 
= v2
.getNumber(right
); 
4248     if (rightIsNumber 
&& v1
.getNumber(left
)) 
4249         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
+ right
)); 
4251     CallFrame
* callFrame 
= ARG_callFrame
; 
4253     bool leftIsString 
= v1
.isString(); 
4254     if (leftIsString 
&& v2
.isString()) { 
4255         RefPtr
<UString::Rep
> value 
= concatenate(asString(v1
)->value().rep(), asString(v2
)->value().rep()); 
4256         if (UNLIKELY(!value
)) { 
4257             throwOutOfMemoryError(callFrame
); 
4258             VM_THROW_EXCEPTION(); 
4261         return JSValuePtr::encode(jsString(ARG_globalData
, value
.release())); 
4264     if (rightIsNumber 
& leftIsString
) { 
4265         RefPtr
<UString::Rep
> value 
= v2
.isInt32Fast() ? 
4266             concatenate(asString(v1
)->value().rep(), v2
.getInt32Fast()) : 
4267             concatenate(asString(v1
)->value().rep(), right
); 
4269         if (UNLIKELY(!value
)) { 
4270             throwOutOfMemoryError(callFrame
); 
4271             VM_THROW_EXCEPTION(); 
4273         return JSValuePtr::encode(jsString(ARG_globalData
, value
.release())); 
4276     // All other cases are pretty uncommon 
4277     JSValuePtr result 
= jsAddSlowCase(callFrame
, v1
, v2
); 
4278     CHECK_FOR_EXCEPTION_AT_END(); 
4279     return JSValuePtr::encode(result
); 
4282 JSValueEncodedAsPointer
* Interpreter::cti_op_pre_inc(STUB_ARGS
) 
4284     BEGIN_STUB_FUNCTION(); 
4286     JSValuePtr v 
= ARG_src1
; 
4288     CallFrame
* callFrame 
= ARG_callFrame
; 
4289     JSValuePtr result 
= jsNumber(ARG_globalData
, v
.toNumber(callFrame
) + 1); 
4290     CHECK_FOR_EXCEPTION_AT_END(); 
4291     return JSValuePtr::encode(result
); 
4294 int Interpreter::cti_timeout_check(STUB_ARGS
) 
4296     BEGIN_STUB_FUNCTION(); 
4297     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
4299     if (interpreter
->checkTimeout(ARG_callFrame
->dynamicGlobalObject())) { 
4300         ARG_globalData
->exception 
= createInterruptedExecutionException(ARG_globalData
); 
4301         VM_THROW_EXCEPTION_AT_END(); 
4304     return interpreter
->m_ticksUntilNextTimeoutCheck
; 
4307 void Interpreter::cti_register_file_check(STUB_ARGS
) 
4309     BEGIN_STUB_FUNCTION(); 
4311     if (LIKELY(ARG_registerFile
->grow(ARG_callFrame 
+ ARG_callFrame
->codeBlock()->m_numCalleeRegisters
))) 
4314     // Rewind to the previous call frame because op_call already optimistically 
4315     // moved the call frame forward. 
4316     CallFrame
* oldCallFrame 
= ARG_callFrame
->callerFrame(); 
4317     ARG_setCallFrame(oldCallFrame
); 
4318     throwStackOverflowError(oldCallFrame
, ARG_globalData
, oldCallFrame
->returnPC(), STUB_RETURN_ADDRESS
); 
4321 int Interpreter::cti_op_loop_if_less(STUB_ARGS
) 
4323     BEGIN_STUB_FUNCTION(); 
4325     JSValuePtr src1 
= ARG_src1
; 
4326     JSValuePtr src2 
= ARG_src2
; 
4327     CallFrame
* callFrame 
= ARG_callFrame
; 
4329     bool result 
= jsLess(callFrame
, src1
, src2
); 
4330     CHECK_FOR_EXCEPTION_AT_END(); 
4334 int Interpreter::cti_op_loop_if_lesseq(STUB_ARGS
) 
4336     BEGIN_STUB_FUNCTION(); 
4338     JSValuePtr src1 
= ARG_src1
; 
4339     JSValuePtr src2 
= ARG_src2
; 
4340     CallFrame
* callFrame 
= ARG_callFrame
; 
4342     bool result 
= jsLessEq(callFrame
, src1
, src2
); 
4343     CHECK_FOR_EXCEPTION_AT_END(); 
4347 JSObject
* Interpreter::cti_op_new_object(STUB_ARGS
) 
4349     BEGIN_STUB_FUNCTION(); 
4351     return constructEmptyObject(ARG_callFrame
); 
4354 void Interpreter::cti_op_put_by_id_generic(STUB_ARGS
) 
4356     BEGIN_STUB_FUNCTION(); 
4358     PutPropertySlot slot
; 
4359     ARG_src1
.put(ARG_callFrame
, *ARG_id2
, ARG_src3
, slot
); 
4360     CHECK_FOR_EXCEPTION_AT_END(); 
4363 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_generic(STUB_ARGS
) 
4365     BEGIN_STUB_FUNCTION(); 
4367     CallFrame
* callFrame 
= ARG_callFrame
; 
4368     Identifier
& ident 
= *ARG_id2
; 
4370     JSValuePtr baseValue 
= ARG_src1
; 
4371     PropertySlot 
slot(baseValue
); 
4372     JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
4374     CHECK_FOR_EXCEPTION_AT_END(); 
4375     return JSValuePtr::encode(result
); 
4378 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) 
4380 void Interpreter::cti_op_put_by_id(STUB_ARGS
) 
4382     BEGIN_STUB_FUNCTION(); 
4384     CallFrame
* callFrame 
= ARG_callFrame
; 
4385     Identifier
& ident 
= *ARG_id2
; 
4387     PutPropertySlot slot
; 
4388     ARG_src1
.put(callFrame
, ident
, ARG_src3
, slot
); 
4390     ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_put_by_id_second
)); 
4392     CHECK_FOR_EXCEPTION_AT_END(); 
4395 void Interpreter::cti_op_put_by_id_second(STUB_ARGS
) 
4397     BEGIN_STUB_FUNCTION(); 
4399     PutPropertySlot slot
; 
4400     ARG_src1
.put(ARG_callFrame
, *ARG_id2
, ARG_src3
, slot
); 
4401     ARG_globalData
->interpreter
->tryCTICachePutByID(ARG_callFrame
, ARG_callFrame
->codeBlock(), STUB_RETURN_ADDRESS
, ARG_src1
, slot
); 
4402     CHECK_FOR_EXCEPTION_AT_END(); 
4405 void Interpreter::cti_op_put_by_id_fail(STUB_ARGS
) 
4407     BEGIN_STUB_FUNCTION(); 
4409     CallFrame
* callFrame 
= ARG_callFrame
; 
4410     Identifier
& ident 
= *ARG_id2
; 
4412     PutPropertySlot slot
; 
4413     ARG_src1
.put(callFrame
, ident
, ARG_src3
, slot
); 
4415     CHECK_FOR_EXCEPTION_AT_END(); 
4418 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id(STUB_ARGS
) 
4420     BEGIN_STUB_FUNCTION(); 
4422     CallFrame
* callFrame 
= ARG_callFrame
; 
4423     Identifier
& ident 
= *ARG_id2
; 
4425     JSValuePtr baseValue 
= ARG_src1
; 
4426     PropertySlot 
slot(baseValue
); 
4427     JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
4429     ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_second
)); 
4431     CHECK_FOR_EXCEPTION_AT_END(); 
4432     return JSValuePtr::encode(result
); 
4435 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_second(STUB_ARGS
) 
4437     BEGIN_STUB_FUNCTION(); 
4439     CallFrame
* callFrame 
= ARG_callFrame
; 
4440     Identifier
& ident 
= *ARG_id2
; 
4442     JSValuePtr baseValue 
= ARG_src1
; 
4443     PropertySlot 
slot(baseValue
); 
4444     JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
4446     ARG_globalData
->interpreter
->tryCTICacheGetByID(callFrame
, callFrame
->codeBlock(), STUB_RETURN_ADDRESS
, baseValue
, ident
, slot
); 
4448     CHECK_FOR_EXCEPTION_AT_END(); 
4449     return JSValuePtr::encode(result
); 
4452 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_self_fail(STUB_ARGS
) 
4454     BEGIN_STUB_FUNCTION(); 
4456     CallFrame
* callFrame 
= ARG_callFrame
; 
4457     Identifier
& ident 
= *ARG_id2
; 
4459     JSValuePtr baseValue 
= ARG_src1
; 
4460     PropertySlot 
slot(baseValue
); 
4461     JSValuePtr result 
= baseValue
.get(callFrame
, ident
, slot
); 
4463     CHECK_FOR_EXCEPTION(); 
4465     if (baseValue
.isCell() 
4466         && slot
.isCacheable() 
4467         && !asCell(baseValue
)->structure()->isDictionary() 
4468         && slot
.slotBase() == baseValue
) { 
4470         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4471         StructureStubInfo
* stubInfo 
= &codeBlock
->getStubInfo(STUB_RETURN_ADDRESS
); 
4473         ASSERT(slot
.slotBase().isObject()); 
4475         PolymorphicAccessStructureList
* polymorphicStructureList
; 
4478         if (stubInfo
->opcodeID 
== op_get_by_id_self
) { 
4479             ASSERT(!stubInfo
->stubRoutine
); 
4480             polymorphicStructureList 
= new PolymorphicAccessStructureList(0, stubInfo
->u
.getByIdSelf
.baseObjectStructure
); 
4481             stubInfo
->initGetByIdSelfList(polymorphicStructureList
, 2); 
4483             polymorphicStructureList 
= stubInfo
->u
.getByIdSelfList
.structureList
; 
4484             listIndex 
= stubInfo
->u
.getByIdSelfList
.listSize
; 
4485             stubInfo
->u
.getByIdSelfList
.listSize
++; 
4488         JIT::compileGetByIdSelfList(callFrame
->scopeChain()->globalData
, codeBlock
, stubInfo
, polymorphicStructureList
, listIndex
, asCell(baseValue
)->structure(), slot
.cachedOffset()); 
4490         if (listIndex 
== (POLYMORPHIC_LIST_CACHE_SIZE 
- 1)) 
4491             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_generic
)); 
4493         ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_generic
)); 
4495     return JSValuePtr::encode(result
); 
4498 static PolymorphicAccessStructureList
* getPolymorphicAccessStructureListSlot(StructureStubInfo
* stubInfo
, int& listIndex
) 
4500     PolymorphicAccessStructureList
* prototypeStructureList 
= 0; 
4503     switch (stubInfo
->opcodeID
) { 
4504     case op_get_by_id_proto
: 
4505         prototypeStructureList 
= new PolymorphicAccessStructureList(stubInfo
->stubRoutine
, stubInfo
->u
.getByIdProto
.baseObjectStructure
, stubInfo
->u
.getByIdProto
.prototypeStructure
); 
4506         stubInfo
->stubRoutine 
= 0; 
4507         stubInfo
->initGetByIdProtoList(prototypeStructureList
, 2); 
4509     case op_get_by_id_chain
: 
4510         prototypeStructureList 
= new PolymorphicAccessStructureList(stubInfo
->stubRoutine
, stubInfo
->u
.getByIdChain
.baseObjectStructure
, stubInfo
->u
.getByIdChain
.chain
); 
4511         stubInfo
->stubRoutine 
= 0; 
4512         stubInfo
->initGetByIdProtoList(prototypeStructureList
, 2); 
4514     case op_get_by_id_proto_list
: 
4515         prototypeStructureList 
= stubInfo
->u
.getByIdProtoList
.structureList
; 
4516         listIndex 
= stubInfo
->u
.getByIdProtoList
.listSize
; 
4517         stubInfo
->u
.getByIdProtoList
.listSize
++; 
4520         ASSERT_NOT_REACHED(); 
4523     ASSERT(listIndex 
< POLYMORPHIC_LIST_CACHE_SIZE
); 
4524     return prototypeStructureList
; 
4527 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_proto_list(STUB_ARGS
) 
4529     BEGIN_STUB_FUNCTION(); 
4531     CallFrame
* callFrame 
= ARG_callFrame
; 
4533     JSValuePtr baseValue 
= ARG_src1
; 
4534     PropertySlot 
slot(baseValue
); 
4535     JSValuePtr result 
= baseValue
.get(callFrame
, *ARG_id2
, slot
); 
4537     CHECK_FOR_EXCEPTION(); 
4539     if (!baseValue
.isCell() || !slot
.isCacheable() || asCell(baseValue
)->structure()->isDictionary()) { 
4540         ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail
)); 
4541         return JSValuePtr::encode(result
); 
4544     Structure
* structure 
= asCell(baseValue
)->structure(); 
4545     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4546     StructureStubInfo
* stubInfo 
= &codeBlock
->getStubInfo(STUB_RETURN_ADDRESS
); 
4548     ASSERT(slot
.slotBase().isObject()); 
4549     JSObject
* slotBaseObject 
= asObject(slot
.slotBase()); 
4551     if (slot
.slotBase() == baseValue
) 
4552         ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail
)); 
4553     else if (slot
.slotBase() == asCell(baseValue
)->structure()->prototypeForLookup(callFrame
)) { 
4554         // Since we're accessing a prototype in a loop, it's a good bet that it 
4555         // should not be treated as a dictionary. 
4556         if (slotBaseObject
->structure()->isDictionary())  
4557             slotBaseObject
->setStructure(Structure::fromDictionaryTransition(slotBaseObject
->structure()));  
4560         PolymorphicAccessStructureList
* prototypeStructureList 
= getPolymorphicAccessStructureListSlot(stubInfo
, listIndex
); 
4562         JIT::compileGetByIdProtoList(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, prototypeStructureList
, listIndex
, structure
, slotBaseObject
->structure(), slot
.cachedOffset()); 
4564         if (listIndex 
== (POLYMORPHIC_LIST_CACHE_SIZE 
- 1)) 
4565             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full
)); 
4566     } else if (size_t count 
= countPrototypeChainEntriesAndCheckForProxies(callFrame
, baseValue
, slot
)) { 
4568         PolymorphicAccessStructureList
* prototypeStructureList 
= getPolymorphicAccessStructureListSlot(stubInfo
, listIndex
); 
4570         JIT::compileGetByIdChainList(callFrame
->scopeChain()->globalData
, callFrame
, codeBlock
, stubInfo
, prototypeStructureList
, listIndex
, structure
, structure
->prototypeChain(callFrame
), count
, slot
.cachedOffset());  
4572         if (listIndex 
== (POLYMORPHIC_LIST_CACHE_SIZE 
- 1)) 
4573             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full
)); 
4575         ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail
)); 
4577     return JSValuePtr::encode(result
); 
4580 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_proto_list_full(STUB_ARGS
) 
4582     BEGIN_STUB_FUNCTION(); 
4584     JSValuePtr baseValue 
= ARG_src1
; 
4585     PropertySlot 
slot(baseValue
); 
4586     JSValuePtr result 
= baseValue
.get(ARG_callFrame
, *ARG_id2
, slot
); 
4588     CHECK_FOR_EXCEPTION_AT_END(); 
4589     return JSValuePtr::encode(result
); 
4592 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_proto_fail(STUB_ARGS
) 
4594     BEGIN_STUB_FUNCTION(); 
4596     JSValuePtr baseValue 
= ARG_src1
; 
4597     PropertySlot 
slot(baseValue
); 
4598     JSValuePtr result 
= baseValue
.get(ARG_callFrame
, *ARG_id2
, slot
); 
4600     CHECK_FOR_EXCEPTION_AT_END(); 
4601     return JSValuePtr::encode(result
); 
4604 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_array_fail(STUB_ARGS
) 
4606     BEGIN_STUB_FUNCTION(); 
4608     JSValuePtr baseValue 
= ARG_src1
; 
4609     PropertySlot 
slot(baseValue
); 
4610     JSValuePtr result 
= baseValue
.get(ARG_callFrame
, *ARG_id2
, slot
); 
4612     CHECK_FOR_EXCEPTION_AT_END(); 
4613     return JSValuePtr::encode(result
); 
4616 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_id_string_fail(STUB_ARGS
) 
4618     BEGIN_STUB_FUNCTION(); 
4620     JSValuePtr baseValue 
= ARG_src1
; 
4621     PropertySlot 
slot(baseValue
); 
4622     JSValuePtr result 
= baseValue
.get(ARG_callFrame
, *ARG_id2
, slot
); 
4624     CHECK_FOR_EXCEPTION_AT_END(); 
4625     return JSValuePtr::encode(result
); 
4630 JSValueEncodedAsPointer
* Interpreter::cti_op_instanceof(STUB_ARGS
) 
4632     BEGIN_STUB_FUNCTION(); 
4634     CallFrame
* callFrame 
= ARG_callFrame
; 
4635     JSValuePtr value 
= ARG_src1
; 
4636     JSValuePtr baseVal 
= ARG_src2
; 
4637     JSValuePtr proto 
= ARG_src3
; 
4639     // at least one of these checks must have failed to get to the slow case 
4640     ASSERT(!value
.isCell() || !baseVal
.isCell() || !proto
.isCell() 
4641            || !value
.isObject() || !baseVal
.isObject() || !proto
.isObject()  
4642            || (asObject(baseVal
)->structure()->typeInfo().flags() & (ImplementsHasInstance 
| OverridesHasInstance
)) != ImplementsHasInstance
); 
4644     if (!baseVal
.isObject()) { 
4645         CallFrame
* callFrame 
= ARG_callFrame
; 
4646         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4647         unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
4648         ARG_globalData
->exception 
= createInvalidParamError(callFrame
, "instanceof", baseVal
, vPCIndex
, codeBlock
); 
4649         VM_THROW_EXCEPTION(); 
4652     if (!asObject(baseVal
)->structure()->typeInfo().implementsHasInstance()) 
4653         return JSValuePtr::encode(jsBoolean(false)); 
4655     if (!proto
.isObject()) { 
4656         throwError(callFrame
, TypeError
, "instanceof called on an object with an invalid prototype property."); 
4657         VM_THROW_EXCEPTION(); 
4660     if (!value
.isObject()) 
4661         return JSValuePtr::encode(jsBoolean(false)); 
4663     JSValuePtr result 
= jsBoolean(asObject(baseVal
)->hasInstance(callFrame
, value
, proto
)); 
4664     CHECK_FOR_EXCEPTION_AT_END(); 
4666     return JSValuePtr::encode(result
); 
4669 JSValueEncodedAsPointer
* Interpreter::cti_op_del_by_id(STUB_ARGS
) 
4671     BEGIN_STUB_FUNCTION(); 
4673     CallFrame
* callFrame 
= ARG_callFrame
; 
4675     JSObject
* baseObj 
= ARG_src1
.toObject(callFrame
); 
4677     JSValuePtr result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, *ARG_id2
)); 
4678     CHECK_FOR_EXCEPTION_AT_END(); 
4679     return JSValuePtr::encode(result
); 
4682 JSValueEncodedAsPointer
* Interpreter::cti_op_mul(STUB_ARGS
) 
4684     BEGIN_STUB_FUNCTION(); 
4686     JSValuePtr src1 
= ARG_src1
; 
4687     JSValuePtr src2 
= ARG_src2
; 
4691     if (src1
.getNumber(left
) && src2
.getNumber(right
)) 
4692         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
* right
)); 
4694     CallFrame
* callFrame 
= ARG_callFrame
; 
4695     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toNumber(callFrame
) * src2
.toNumber(callFrame
)); 
4696     CHECK_FOR_EXCEPTION_AT_END(); 
4697     return JSValuePtr::encode(result
); 
4700 JSObject
* Interpreter::cti_op_new_func(STUB_ARGS
) 
4702     BEGIN_STUB_FUNCTION(); 
4704     return ARG_func1
->makeFunction(ARG_callFrame
, ARG_callFrame
->scopeChain()); 
4707 void* Interpreter::cti_op_call_JSFunction(STUB_ARGS
) 
4709     BEGIN_STUB_FUNCTION(); 
4713     ASSERT(ARG_src1
.getCallData(callData
) == CallTypeJS
); 
4716     ScopeChainNode
* callDataScopeChain 
= asFunction(ARG_src1
)->m_scopeChain
.node(); 
4717     CodeBlock
* newCodeBlock 
= &asFunction(ARG_src1
)->body()->bytecode(callDataScopeChain
); 
4719     if (!newCodeBlock
->jitCode()) 
4720         JIT::compile(ARG_globalData
, newCodeBlock
); 
4722     return newCodeBlock
; 
4725 VoidPtrPair 
Interpreter::cti_op_call_arityCheck(STUB_ARGS
) 
4727     BEGIN_STUB_FUNCTION(); 
4729     CallFrame
* callFrame 
= ARG_callFrame
; 
4730     CodeBlock
* newCodeBlock 
= ARG_codeBlock4
; 
4731     int argCount 
= ARG_int3
; 
4733     ASSERT(argCount 
!= newCodeBlock
->m_numParameters
); 
4735     CallFrame
* oldCallFrame 
= callFrame
->callerFrame(); 
4737     if (argCount 
> newCodeBlock
->m_numParameters
) { 
4738         size_t numParameters 
= newCodeBlock
->m_numParameters
; 
4739         Register
* r 
= callFrame
->registers() + numParameters
; 
4741         Register
* argv 
= r 
- RegisterFile::CallFrameHeaderSize 
- numParameters 
- argCount
; 
4742         for (size_t i 
= 0; i 
< numParameters
; ++i
) 
4743             argv
[i 
+ argCount
] = argv
[i
]; 
4745         callFrame 
= CallFrame::create(r
); 
4746         callFrame
->setCallerFrame(oldCallFrame
); 
4748         size_t omittedArgCount 
= newCodeBlock
->m_numParameters 
- argCount
; 
4749         Register
* r 
= callFrame
->registers() + omittedArgCount
; 
4750         Register
* newEnd 
= r 
+ newCodeBlock
->m_numCalleeRegisters
; 
4751         if (!ARG_registerFile
->grow(newEnd
)) { 
4752             // Rewind to the previous call frame because op_call already optimistically 
4753             // moved the call frame forward. 
4754             ARG_setCallFrame(oldCallFrame
); 
4755             throwStackOverflowError(oldCallFrame
, ARG_globalData
, ARG_returnAddress2
, STUB_RETURN_ADDRESS
); 
4759         Register
* argv 
= r 
- RegisterFile::CallFrameHeaderSize 
- omittedArgCount
; 
4760         for (size_t i 
= 0; i 
< omittedArgCount
; ++i
) 
4761             argv
[i
] = jsUndefined(); 
4763         callFrame 
= CallFrame::create(r
); 
4764         callFrame
->setCallerFrame(oldCallFrame
); 
4767     RETURN_PAIR(newCodeBlock
, callFrame
); 
4770 void* Interpreter::cti_vm_dontLazyLinkCall(STUB_ARGS
) 
4772     BEGIN_STUB_FUNCTION(); 
4774     JSFunction
* callee 
= asFunction(ARG_src1
); 
4775     CodeBlock
* codeBlock 
= &callee
->body()->bytecode(callee
->m_scopeChain
.node()); 
4776     if (!codeBlock
->jitCode()) 
4777         JIT::compile(ARG_globalData
, codeBlock
); 
4779     ctiPatchCallByReturnAddress(ARG_returnAddress2
, ARG_globalData
->interpreter
->m_ctiVirtualCallLink
); 
4781     return codeBlock
->jitCode(); 
4784 void* Interpreter::cti_vm_lazyLinkCall(STUB_ARGS
) 
4786     BEGIN_STUB_FUNCTION(); 
4788     JSFunction
* callee 
= asFunction(ARG_src1
); 
4789     CodeBlock
* codeBlock 
= &callee
->body()->bytecode(callee
->m_scopeChain
.node()); 
4790     if (!codeBlock
->jitCode()) 
4791         JIT::compile(ARG_globalData
, codeBlock
); 
4793     CallLinkInfo
* callLinkInfo 
= &ARG_callFrame
->callerFrame()->codeBlock()->getCallLinkInfo(ARG_returnAddress2
); 
4794     JIT::linkCall(callee
, codeBlock
, codeBlock
->jitCode(), callLinkInfo
, ARG_int3
); 
4796     return codeBlock
->jitCode(); 
4799 JSObject
* Interpreter::cti_op_push_activation(STUB_ARGS
) 
4801     BEGIN_STUB_FUNCTION(); 
4803     JSActivation
* activation 
= new (ARG_globalData
) JSActivation(ARG_callFrame
, static_cast<FunctionBodyNode
*>(ARG_callFrame
->codeBlock()->ownerNode())); 
4804     ARG_callFrame
->setScopeChain(ARG_callFrame
->scopeChain()->copy()->push(activation
)); 
4808 JSValueEncodedAsPointer
* Interpreter::cti_op_call_NotJSFunction(STUB_ARGS
) 
4810     BEGIN_STUB_FUNCTION(); 
4812     JSValuePtr funcVal 
= ARG_src1
; 
4815     CallType callType 
= funcVal
.getCallData(callData
); 
4817     ASSERT(callType 
!= CallTypeJS
); 
4819     if (callType 
== CallTypeHost
) { 
4820         int registerOffset 
= ARG_int2
; 
4821         int argCount 
= ARG_int3
; 
4822         CallFrame
* previousCallFrame 
= ARG_callFrame
; 
4823         CallFrame
* callFrame 
= CallFrame::create(previousCallFrame
->registers() + registerOffset
); 
4825         callFrame
->init(0, static_cast<Instruction
*>(STUB_RETURN_ADDRESS
), previousCallFrame
->scopeChain(), previousCallFrame
, 0, argCount
, 0); 
4826         ARG_setCallFrame(callFrame
); 
4828         Register
* argv 
= ARG_callFrame
->registers() - RegisterFile::CallFrameHeaderSize 
- argCount
; 
4829         ArgList 
argList(argv 
+ 1, argCount 
- 1); 
4831         JSValuePtr returnValue
; 
4833             SamplingTool::HostCallRecord 
callRecord(CTI_SAMPLER
); 
4835             // FIXME: All host methods should be calling toThisObject, but this is not presently the case. 
4836             JSValuePtr thisValue 
= argv
[0].jsValue(callFrame
); 
4837             if (thisValue 
== jsNull()) 
4838                 thisValue 
= callFrame
->globalThisValue(); 
4840             returnValue 
= callData
.native
.function(callFrame
, asObject(funcVal
), thisValue
, argList
); 
4842         ARG_setCallFrame(previousCallFrame
); 
4843         CHECK_FOR_EXCEPTION(); 
4845         return JSValuePtr::encode(returnValue
); 
4848     ASSERT(callType 
== CallTypeNone
); 
4850     CallFrame
* callFrame 
= ARG_callFrame
; 
4851     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4852     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
4853     ARG_globalData
->exception 
= createNotAFunctionError(ARG_callFrame
, funcVal
, vPCIndex
, codeBlock
); 
4854     VM_THROW_EXCEPTION(); 
4857 void Interpreter::cti_op_create_arguments(STUB_ARGS
) 
4859     BEGIN_STUB_FUNCTION(); 
4861     Arguments
* arguments 
= new (ARG_globalData
) Arguments(ARG_callFrame
); 
4862     ARG_callFrame
->setCalleeArguments(arguments
); 
4863     ARG_callFrame
[RegisterFile::ArgumentsRegister
] = arguments
; 
4866 void Interpreter::cti_op_create_arguments_no_params(STUB_ARGS
) 
4868     BEGIN_STUB_FUNCTION(); 
4870     Arguments
* arguments 
= new (ARG_globalData
) Arguments(ARG_callFrame
, Arguments::NoParameters
); 
4871     ARG_callFrame
->setCalleeArguments(arguments
); 
4872     ARG_callFrame
[RegisterFile::ArgumentsRegister
] = arguments
; 
4875 void Interpreter::cti_op_tear_off_activation(STUB_ARGS
) 
4877     BEGIN_STUB_FUNCTION(); 
4879     ASSERT(ARG_callFrame
->codeBlock()->needsFullScopeChain()); 
4880     asActivation(ARG_src1
)->copyRegisters(ARG_callFrame
->optionalCalleeArguments()); 
4883 void Interpreter::cti_op_tear_off_arguments(STUB_ARGS
) 
4885     BEGIN_STUB_FUNCTION(); 
4887     ASSERT(ARG_callFrame
->codeBlock()->usesArguments() && !ARG_callFrame
->codeBlock()->needsFullScopeChain()); 
4888     ARG_callFrame
->optionalCalleeArguments()->copyRegisters(); 
4891 void Interpreter::cti_op_profile_will_call(STUB_ARGS
) 
4893     BEGIN_STUB_FUNCTION(); 
4895     ASSERT(*ARG_profilerReference
); 
4896     (*ARG_profilerReference
)->willExecute(ARG_callFrame
, ARG_src1
); 
4899 void Interpreter::cti_op_profile_did_call(STUB_ARGS
) 
4901     BEGIN_STUB_FUNCTION(); 
4903     ASSERT(*ARG_profilerReference
); 
4904     (*ARG_profilerReference
)->didExecute(ARG_callFrame
, ARG_src1
); 
4907 void Interpreter::cti_op_ret_scopeChain(STUB_ARGS
) 
4909     BEGIN_STUB_FUNCTION(); 
4911     ASSERT(ARG_callFrame
->codeBlock()->needsFullScopeChain()); 
4912     ARG_callFrame
->scopeChain()->deref(); 
4915 JSObject
* Interpreter::cti_op_new_array(STUB_ARGS
) 
4917     BEGIN_STUB_FUNCTION(); 
4919     ArgList 
argList(&ARG_callFrame
->registers()[ARG_int1
], ARG_int2
); 
4920     return constructArray(ARG_callFrame
, argList
); 
4923 JSValueEncodedAsPointer
* Interpreter::cti_op_resolve(STUB_ARGS
) 
4925     BEGIN_STUB_FUNCTION(); 
4927     CallFrame
* callFrame 
= ARG_callFrame
; 
4928     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
4930     ScopeChainIterator iter 
= scopeChain
->begin(); 
4931     ScopeChainIterator end 
= scopeChain
->end(); 
4932     ASSERT(iter 
!= end
); 
4934     Identifier
& ident 
= *ARG_id1
; 
4936         JSObject
* o 
= *iter
; 
4937         PropertySlot 
slot(o
); 
4938         if (o
->getPropertySlot(callFrame
, ident
, slot
)) { 
4939             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
4940             CHECK_FOR_EXCEPTION_AT_END(); 
4941             return JSValuePtr::encode(result
); 
4943     } while (++iter 
!= end
); 
4945     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4946     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
4947     ARG_globalData
->exception 
= createUndefinedVariableError(callFrame
, ident
, vPCIndex
, codeBlock
); 
4948     VM_THROW_EXCEPTION(); 
4951 JSObject
* Interpreter::cti_op_construct_JSConstruct(STUB_ARGS
) 
4953     BEGIN_STUB_FUNCTION(); 
4956     ConstructData constructData
; 
4957     ASSERT(asFunction(ARG_src1
)->getConstructData(constructData
) == ConstructTypeJS
); 
4960     Structure
* structure
; 
4961     if (ARG_src4
.isObject()) 
4962         structure 
= asObject(ARG_src4
)->inheritorID(); 
4964         structure 
= asFunction(ARG_src1
)->m_scopeChain
.node()->globalObject()->emptyObjectStructure(); 
4965     return new (ARG_globalData
) JSObject(structure
); 
4968 JSValueEncodedAsPointer
* Interpreter::cti_op_construct_NotJSConstruct(STUB_ARGS
) 
4970     BEGIN_STUB_FUNCTION(); 
4972     CallFrame
* callFrame 
= ARG_callFrame
; 
4974     JSValuePtr constrVal 
= ARG_src1
; 
4975     int argCount 
= ARG_int3
; 
4976     int thisRegister 
= ARG_int5
; 
4978     ConstructData constructData
; 
4979     ConstructType constructType 
= constrVal
.getConstructData(constructData
); 
4981     if (constructType 
== ConstructTypeHost
) { 
4982         ArgList 
argList(callFrame
->registers() + thisRegister 
+ 1, argCount 
- 1); 
4984         JSValuePtr returnValue
; 
4986             SamplingTool::HostCallRecord 
callRecord(CTI_SAMPLER
); 
4987             returnValue 
= constructData
.native
.function(callFrame
, asObject(constrVal
), argList
); 
4989         CHECK_FOR_EXCEPTION(); 
4991         return JSValuePtr::encode(returnValue
); 
4994     ASSERT(constructType 
== ConstructTypeNone
); 
4996     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
4997     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
4998     ARG_globalData
->exception 
= createNotAConstructorError(callFrame
, constrVal
, vPCIndex
, codeBlock
); 
4999     VM_THROW_EXCEPTION(); 
5002 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_val(STUB_ARGS
) 
5004     BEGIN_STUB_FUNCTION(); 
5006     CallFrame
* callFrame 
= ARG_callFrame
; 
5007     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
5009     JSValuePtr baseValue 
= ARG_src1
; 
5010     JSValuePtr subscript 
= ARG_src2
; 
5014     if (LIKELY(subscript
.isUInt32Fast())) { 
5015         uint32_t i 
= subscript
.getUInt32Fast(); 
5016         if (interpreter
->isJSArray(baseValue
)) { 
5017             JSArray
* jsArray 
= asArray(baseValue
); 
5018             if (jsArray
->canGetIndex(i
)) 
5019                 result 
= jsArray
->getIndex(i
); 
5021                 result 
= jsArray
->JSArray::get(callFrame
, i
); 
5022         } else if (interpreter
->isJSString(baseValue
) && asString(baseValue
)->canGetIndex(i
)) 
5023             result 
= asString(baseValue
)->getIndex(ARG_globalData
, i
); 
5024         else if (interpreter
->isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) { 
5025             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks. 
5026             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_val_byte_array
)); 
5027             return JSValuePtr::encode(asByteArray(baseValue
)->getIndex(callFrame
, i
)); 
5029             result 
= baseValue
.get(callFrame
, i
); 
5031         Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
5032         result 
= baseValue
.get(callFrame
, property
); 
5035     CHECK_FOR_EXCEPTION_AT_END(); 
5036     return JSValuePtr::encode(result
); 
5039 JSValueEncodedAsPointer
* Interpreter::cti_op_get_by_val_byte_array(STUB_ARGS
) 
5041     BEGIN_STUB_FUNCTION(); 
5043     CallFrame
* callFrame 
= ARG_callFrame
; 
5044     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
5046     JSValuePtr baseValue 
= ARG_src1
; 
5047     JSValuePtr subscript 
= ARG_src2
; 
5051     if (LIKELY(subscript
.isUInt32Fast())) { 
5052         uint32_t i 
= subscript
.getUInt32Fast(); 
5053         if (interpreter
->isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) { 
5054             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks. 
5055             return JSValuePtr::encode(asByteArray(baseValue
)->getIndex(callFrame
, i
)); 
5058         result 
= baseValue
.get(callFrame
, i
); 
5059         if (!interpreter
->isJSByteArray(baseValue
)) 
5060             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_get_by_val
)); 
5062         Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
5063         result 
= baseValue
.get(callFrame
, property
); 
5066     CHECK_FOR_EXCEPTION_AT_END(); 
5067     return JSValuePtr::encode(result
); 
5070 VoidPtrPair 
Interpreter::cti_op_resolve_func(STUB_ARGS
) 
5072     BEGIN_STUB_FUNCTION(); 
5074     CallFrame
* callFrame 
= ARG_callFrame
; 
5075     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
5077     ScopeChainIterator iter 
= scopeChain
->begin(); 
5078     ScopeChainIterator end 
= scopeChain
->end(); 
5080     // FIXME: add scopeDepthIsZero optimization 
5082     ASSERT(iter 
!= end
); 
5084     Identifier
& ident 
= *ARG_id1
; 
5088         PropertySlot 
slot(base
); 
5089         if (base
->getPropertySlot(callFrame
, ident
, slot
)) {             
5090             // ECMA 11.2.3 says that if we hit an activation the this value should be null. 
5091             // However, section 10.2.3 says that in the case where the value provided 
5092             // by the caller is null, the global object should be used. It also says 
5093             // that the section does not apply to internal functions, but for simplicity 
5094             // of implementation we use the global object anyway here. This guarantees 
5095             // that in host objects you always get a valid object for this. 
5096             // We also handle wrapper substitution for the global object at the same time. 
5097             JSObject
* thisObj 
= base
->toThisObject(callFrame
); 
5098             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
5099             CHECK_FOR_EXCEPTION_AT_END(); 
5101             RETURN_PAIR(thisObj
, JSValuePtr::encode(result
)); 
5104     } while (iter 
!= end
); 
5106     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5107     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5108     ARG_globalData
->exception 
= createUndefinedVariableError(callFrame
, ident
, vPCIndex
, codeBlock
); 
5109     VM_THROW_EXCEPTION_2(); 
5112 JSValueEncodedAsPointer
* Interpreter::cti_op_sub(STUB_ARGS
) 
5114     BEGIN_STUB_FUNCTION(); 
5116     JSValuePtr src1 
= ARG_src1
; 
5117     JSValuePtr src2 
= ARG_src2
; 
5121     if (src1
.getNumber(left
) && src2
.getNumber(right
)) 
5122         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
- right
)); 
5124     CallFrame
* callFrame 
= ARG_callFrame
; 
5125     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toNumber(callFrame
) - src2
.toNumber(callFrame
)); 
5126     CHECK_FOR_EXCEPTION_AT_END(); 
5127     return JSValuePtr::encode(result
); 
5130 void Interpreter::cti_op_put_by_val(STUB_ARGS
) 
5132     BEGIN_STUB_FUNCTION(); 
5134     CallFrame
* callFrame 
= ARG_callFrame
; 
5135     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
5137     JSValuePtr baseValue 
= ARG_src1
; 
5138     JSValuePtr subscript 
= ARG_src2
; 
5139     JSValuePtr value 
= ARG_src3
; 
5141     if (LIKELY(subscript
.isUInt32Fast())) { 
5142         uint32_t i 
= subscript
.getUInt32Fast(); 
5143         if (interpreter
->isJSArray(baseValue
)) { 
5144             JSArray
* jsArray 
= asArray(baseValue
); 
5145             if (jsArray
->canSetIndex(i
)) 
5146                 jsArray
->setIndex(i
, value
); 
5148                 jsArray
->JSArray::put(callFrame
, i
, value
); 
5149         } else if (interpreter
->isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) { 
5150             JSByteArray
* jsByteArray 
= asByteArray(baseValue
); 
5151             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_put_by_val_byte_array
)); 
5152             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks. 
5153             if (value
.isInt32Fast()) { 
5154                 jsByteArray
->setIndex(i
, value
.getInt32Fast()); 
5158                 if (value
.getNumber(dValue
)) { 
5159                     jsByteArray
->setIndex(i
, dValue
); 
5164             baseValue
.put(callFrame
, i
, value
); 
5166             baseValue
.put(callFrame
, i
, value
); 
5168         Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
5169         if (!ARG_globalData
->exception
) { // Don't put to an object if toString threw an exception. 
5170             PutPropertySlot slot
; 
5171             baseValue
.put(callFrame
, property
, value
, slot
); 
5175     CHECK_FOR_EXCEPTION_AT_END(); 
5178 void Interpreter::cti_op_put_by_val_array(STUB_ARGS
) 
5180     BEGIN_STUB_FUNCTION(); 
5182     CallFrame
* callFrame 
= ARG_callFrame
; 
5184     JSValuePtr baseValue 
= ARG_src1
; 
5186     JSValuePtr value 
= ARG_src3
; 
5188     ASSERT(ARG_globalData
->interpreter
->isJSArray(baseValue
)); 
5191         asArray(baseValue
)->JSArray::put(callFrame
, i
, value
); 
5193         // This should work since we're re-boxing an immediate unboxed in JIT code. 
5194         ASSERT(JSValuePtr::makeInt32Fast(i
)); 
5195         Identifier 
property(callFrame
, JSValuePtr::makeInt32Fast(i
).toString(callFrame
)); 
5196         // FIXME: can toString throw an exception here? 
5197         if (!ARG_globalData
->exception
) { // Don't put to an object if toString threw an exception. 
5198             PutPropertySlot slot
; 
5199             baseValue
.put(callFrame
, property
, value
, slot
); 
5203     CHECK_FOR_EXCEPTION_AT_END(); 
5206 void Interpreter::cti_op_put_by_val_byte_array(STUB_ARGS
) 
5208     BEGIN_STUB_FUNCTION(); 
5210     CallFrame
* callFrame 
= ARG_callFrame
; 
5211     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
5213     JSValuePtr baseValue 
= ARG_src1
; 
5214     JSValuePtr subscript 
= ARG_src2
; 
5215     JSValuePtr value 
= ARG_src3
; 
5217     if (LIKELY(subscript
.isUInt32Fast())) { 
5218         uint32_t i 
= subscript
.getUInt32Fast(); 
5219         if (interpreter
->isJSByteArray(baseValue
) && asByteArray(baseValue
)->canAccessIndex(i
)) { 
5220             JSByteArray
* jsByteArray 
= asByteArray(baseValue
); 
5222             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks. 
5223             if (value
.isInt32Fast()) { 
5224                 jsByteArray
->setIndex(i
, value
.getInt32Fast()); 
5228                 if (value
.getNumber(dValue
)) { 
5229                     jsByteArray
->setIndex(i
, dValue
); 
5235         if (!interpreter
->isJSByteArray(baseValue
)) 
5236             ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS
, reinterpret_cast<void*>(cti_op_put_by_val
)); 
5237         baseValue
.put(callFrame
, i
, value
); 
5239         Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
5240         if (!ARG_globalData
->exception
) { // Don't put to an object if toString threw an exception. 
5241             PutPropertySlot slot
; 
5242             baseValue
.put(callFrame
, property
, value
, slot
); 
5246     CHECK_FOR_EXCEPTION_AT_END(); 
5249 JSValueEncodedAsPointer
* Interpreter::cti_op_lesseq(STUB_ARGS
) 
5251     BEGIN_STUB_FUNCTION(); 
5253     CallFrame
* callFrame 
= ARG_callFrame
; 
5254     JSValuePtr result 
= jsBoolean(jsLessEq(callFrame
, ARG_src1
, ARG_src2
)); 
5255     CHECK_FOR_EXCEPTION_AT_END(); 
5256     return JSValuePtr::encode(result
); 
5259 int Interpreter::cti_op_loop_if_true(STUB_ARGS
) 
5261     BEGIN_STUB_FUNCTION(); 
5263     JSValuePtr src1 
= ARG_src1
; 
5265     CallFrame
* callFrame 
= ARG_callFrame
; 
5267     bool result 
= src1
.toBoolean(callFrame
); 
5268     CHECK_FOR_EXCEPTION_AT_END(); 
5272 JSValueEncodedAsPointer
* Interpreter::cti_op_negate(STUB_ARGS
) 
5274     BEGIN_STUB_FUNCTION(); 
5276     JSValuePtr src 
= ARG_src1
; 
5279     if (src
.getNumber(v
)) 
5280         return JSValuePtr::encode(jsNumber(ARG_globalData
, -v
)); 
5282     CallFrame
* callFrame 
= ARG_callFrame
; 
5283     JSValuePtr result 
= jsNumber(ARG_globalData
, -src
.toNumber(callFrame
)); 
5284     CHECK_FOR_EXCEPTION_AT_END(); 
5285     return JSValuePtr::encode(result
); 
5288 JSValueEncodedAsPointer
* Interpreter::cti_op_resolve_base(STUB_ARGS
) 
5290     BEGIN_STUB_FUNCTION(); 
5292     return JSValuePtr::encode(inlineResolveBase(ARG_callFrame
, *ARG_id1
, ARG_callFrame
->scopeChain())); 
5295 JSValueEncodedAsPointer
* Interpreter::cti_op_resolve_skip(STUB_ARGS
) 
5297     BEGIN_STUB_FUNCTION(); 
5299     CallFrame
* callFrame 
= ARG_callFrame
; 
5300     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
5302     int skip 
= ARG_int2
; 
5304     ScopeChainIterator iter 
= scopeChain
->begin(); 
5305     ScopeChainIterator end 
= scopeChain
->end(); 
5306     ASSERT(iter 
!= end
); 
5309         ASSERT(iter 
!= end
); 
5311     Identifier
& ident 
= *ARG_id1
; 
5313         JSObject
* o 
= *iter
; 
5314         PropertySlot 
slot(o
); 
5315         if (o
->getPropertySlot(callFrame
, ident
, slot
)) { 
5316             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
5317             CHECK_FOR_EXCEPTION_AT_END(); 
5318             return JSValuePtr::encode(result
); 
5320     } while (++iter 
!= end
); 
5322     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5323     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5324     ARG_globalData
->exception 
= createUndefinedVariableError(callFrame
, ident
, vPCIndex
, codeBlock
); 
5325     VM_THROW_EXCEPTION(); 
5328 JSValueEncodedAsPointer
* Interpreter::cti_op_resolve_global(STUB_ARGS
) 
5330     BEGIN_STUB_FUNCTION(); 
5332     CallFrame
* callFrame 
= ARG_callFrame
; 
5333     JSGlobalObject
* globalObject 
= asGlobalObject(ARG_src1
); 
5334     Identifier
& ident 
= *ARG_id2
; 
5335     unsigned globalResolveInfoIndex 
= ARG_int3
; 
5336     ASSERT(globalObject
->isGlobalObject()); 
5338     PropertySlot 
slot(globalObject
); 
5339     if (globalObject
->getPropertySlot(callFrame
, ident
, slot
)) { 
5340         JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
5341         if (slot
.isCacheable() && !globalObject
->structure()->isDictionary()) { 
5342             GlobalResolveInfo
& globalResolveInfo 
= callFrame
->codeBlock()->globalResolveInfo(globalResolveInfoIndex
); 
5343             if (globalResolveInfo
.structure
) 
5344                 globalResolveInfo
.structure
->deref(); 
5345             globalObject
->structure()->ref(); 
5346             globalResolveInfo
.structure 
= globalObject
->structure(); 
5347             globalResolveInfo
.offset 
= slot
.cachedOffset(); 
5348             return JSValuePtr::encode(result
); 
5351         CHECK_FOR_EXCEPTION_AT_END(); 
5352         return JSValuePtr::encode(result
); 
5355     unsigned vPCIndex 
= callFrame
->codeBlock()->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5356     ARG_globalData
->exception 
= createUndefinedVariableError(callFrame
, ident
, vPCIndex
, callFrame
->codeBlock()); 
5357     VM_THROW_EXCEPTION(); 
5360 JSValueEncodedAsPointer
* Interpreter::cti_op_div(STUB_ARGS
) 
5362     BEGIN_STUB_FUNCTION(); 
5364     JSValuePtr src1 
= ARG_src1
; 
5365     JSValuePtr src2 
= ARG_src2
; 
5369     if (src1
.getNumber(left
) && src2
.getNumber(right
)) 
5370         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
/ right
)); 
5372     CallFrame
* callFrame 
= ARG_callFrame
; 
5373     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toNumber(callFrame
) / src2
.toNumber(callFrame
)); 
5374     CHECK_FOR_EXCEPTION_AT_END(); 
5375     return JSValuePtr::encode(result
); 
5378 JSValueEncodedAsPointer
* Interpreter::cti_op_pre_dec(STUB_ARGS
) 
5380     BEGIN_STUB_FUNCTION(); 
5382     JSValuePtr v 
= ARG_src1
; 
5384     CallFrame
* callFrame 
= ARG_callFrame
; 
5385     JSValuePtr result 
= jsNumber(ARG_globalData
, v
.toNumber(callFrame
) - 1); 
5386     CHECK_FOR_EXCEPTION_AT_END(); 
5387     return JSValuePtr::encode(result
); 
5390 int Interpreter::cti_op_jless(STUB_ARGS
) 
5392     BEGIN_STUB_FUNCTION(); 
5394     JSValuePtr src1 
= ARG_src1
; 
5395     JSValuePtr src2 
= ARG_src2
; 
5396     CallFrame
* callFrame 
= ARG_callFrame
; 
5398     bool result 
= jsLess(callFrame
, src1
, src2
); 
5399     CHECK_FOR_EXCEPTION_AT_END(); 
5403 JSValueEncodedAsPointer
* Interpreter::cti_op_not(STUB_ARGS
) 
5405     BEGIN_STUB_FUNCTION(); 
5407     JSValuePtr src 
= ARG_src1
; 
5409     CallFrame
* callFrame 
= ARG_callFrame
; 
5411     JSValuePtr result 
= jsBoolean(!src
.toBoolean(callFrame
)); 
5412     CHECK_FOR_EXCEPTION_AT_END(); 
5413     return JSValuePtr::encode(result
); 
5416 int Interpreter::cti_op_jtrue(STUB_ARGS
) 
5418     BEGIN_STUB_FUNCTION(); 
5420     JSValuePtr src1 
= ARG_src1
; 
5422     CallFrame
* callFrame 
= ARG_callFrame
; 
5424     bool result 
= src1
.toBoolean(callFrame
); 
5425     CHECK_FOR_EXCEPTION_AT_END(); 
5429 VoidPtrPair 
Interpreter::cti_op_post_inc(STUB_ARGS
) 
5431     BEGIN_STUB_FUNCTION(); 
5433     JSValuePtr v 
= ARG_src1
; 
5435     CallFrame
* callFrame 
= ARG_callFrame
; 
5437     JSValuePtr number 
= v
.toJSNumber(callFrame
); 
5438     CHECK_FOR_EXCEPTION_AT_END(); 
5440     RETURN_PAIR(JSValuePtr::encode(number
), JSValuePtr::encode(jsNumber(ARG_globalData
, number
.uncheckedGetNumber() + 1))); 
5443 JSValueEncodedAsPointer
* Interpreter::cti_op_eq(STUB_ARGS
) 
5445     BEGIN_STUB_FUNCTION(); 
5447     JSValuePtr src1 
= ARG_src1
; 
5448     JSValuePtr src2 
= ARG_src2
; 
5450     CallFrame
* callFrame 
= ARG_callFrame
; 
5452     ASSERT(!JSValuePtr::areBothInt32Fast(src1
, src2
)); 
5453     JSValuePtr result 
= jsBoolean(JSValuePtr::equalSlowCaseInline(callFrame
, src1
, src2
)); 
5454     CHECK_FOR_EXCEPTION_AT_END(); 
5455     return JSValuePtr::encode(result
); 
5458 JSValueEncodedAsPointer
* Interpreter::cti_op_lshift(STUB_ARGS
) 
5460     BEGIN_STUB_FUNCTION(); 
5462     JSValuePtr val 
= ARG_src1
; 
5463     JSValuePtr shift 
= ARG_src2
; 
5467     if (JSValuePtr::areBothInt32Fast(val
, shift
)) 
5468         return JSValuePtr::encode(jsNumber(ARG_globalData
, val
.getInt32Fast() << (shift
.getInt32Fast() & 0x1f))); 
5469     if (val
.numberToInt32(left
) && shift
.numberToUInt32(right
)) 
5470         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
<< (right 
& 0x1f))); 
5472     CallFrame
* callFrame 
= ARG_callFrame
; 
5473     JSValuePtr result 
= jsNumber(ARG_globalData
, (val
.toInt32(callFrame
)) << (shift
.toUInt32(callFrame
) & 0x1f)); 
5474     CHECK_FOR_EXCEPTION_AT_END(); 
5475     return JSValuePtr::encode(result
); 
5478 JSValueEncodedAsPointer
* Interpreter::cti_op_bitand(STUB_ARGS
) 
5480     BEGIN_STUB_FUNCTION(); 
5482     JSValuePtr src1 
= ARG_src1
; 
5483     JSValuePtr src2 
= ARG_src2
; 
5487     if (src1
.numberToInt32(left
) && src2
.numberToInt32(right
)) 
5488         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
& right
)); 
5490     CallFrame
* callFrame 
= ARG_callFrame
; 
5491     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toInt32(callFrame
) & src2
.toInt32(callFrame
)); 
5492     CHECK_FOR_EXCEPTION_AT_END(); 
5493     return JSValuePtr::encode(result
); 
5496 JSValueEncodedAsPointer
* Interpreter::cti_op_rshift(STUB_ARGS
) 
5498     BEGIN_STUB_FUNCTION(); 
5500     JSValuePtr val 
= ARG_src1
; 
5501     JSValuePtr shift 
= ARG_src2
; 
5505     if (JSFastMath::canDoFastRshift(val
, shift
)) 
5506         return JSValuePtr::encode(JSFastMath::rightShiftImmediateNumbers(val
, shift
)); 
5507     if (val
.numberToInt32(left
) && shift
.numberToUInt32(right
)) 
5508         return JSValuePtr::encode(jsNumber(ARG_globalData
, left 
>> (right 
& 0x1f))); 
5510     CallFrame
* callFrame 
= ARG_callFrame
; 
5511     JSValuePtr result 
= jsNumber(ARG_globalData
, (val
.toInt32(callFrame
)) >> (shift
.toUInt32(callFrame
) & 0x1f)); 
5512     CHECK_FOR_EXCEPTION_AT_END(); 
5513     return JSValuePtr::encode(result
); 
5516 JSValueEncodedAsPointer
* Interpreter::cti_op_bitnot(STUB_ARGS
) 
5518     BEGIN_STUB_FUNCTION(); 
5520     JSValuePtr src 
= ARG_src1
; 
5523     if (src
.numberToInt32(value
)) 
5524         return JSValuePtr::encode(jsNumber(ARG_globalData
, ~value
)); 
5526     CallFrame
* callFrame 
= ARG_callFrame
; 
5527     JSValuePtr result 
= jsNumber(ARG_globalData
, ~src
.toInt32(callFrame
)); 
5528     CHECK_FOR_EXCEPTION_AT_END(); 
5529     return JSValuePtr::encode(result
); 
5532 VoidPtrPair 
Interpreter::cti_op_resolve_with_base(STUB_ARGS
) 
5534     BEGIN_STUB_FUNCTION(); 
5536     CallFrame
* callFrame 
= ARG_callFrame
; 
5537     ScopeChainNode
* scopeChain 
= callFrame
->scopeChain(); 
5539     ScopeChainIterator iter 
= scopeChain
->begin(); 
5540     ScopeChainIterator end 
= scopeChain
->end(); 
5542     // FIXME: add scopeDepthIsZero optimization 
5544     ASSERT(iter 
!= end
); 
5546     Identifier
& ident 
= *ARG_id1
; 
5550         PropertySlot 
slot(base
); 
5551         if (base
->getPropertySlot(callFrame
, ident
, slot
)) { 
5552             JSValuePtr result 
= slot
.getValue(callFrame
, ident
); 
5553             CHECK_FOR_EXCEPTION_AT_END(); 
5555             RETURN_PAIR(base
, JSValuePtr::encode(result
)); 
5558     } while (iter 
!= end
); 
5560     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5561     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5562     ARG_globalData
->exception 
= createUndefinedVariableError(callFrame
, ident
, vPCIndex
, codeBlock
); 
5563     VM_THROW_EXCEPTION_2(); 
5566 JSObject
* Interpreter::cti_op_new_func_exp(STUB_ARGS
) 
5568     BEGIN_STUB_FUNCTION(); 
5570     return ARG_funcexp1
->makeFunction(ARG_callFrame
, ARG_callFrame
->scopeChain()); 
5573 JSValueEncodedAsPointer
* Interpreter::cti_op_mod(STUB_ARGS
) 
5575     BEGIN_STUB_FUNCTION(); 
5577     JSValuePtr dividendValue 
= ARG_src1
; 
5578     JSValuePtr divisorValue 
= ARG_src2
; 
5580     CallFrame
* callFrame 
= ARG_callFrame
; 
5581     double d 
= dividendValue
.toNumber(callFrame
); 
5582     JSValuePtr result 
= jsNumber(ARG_globalData
, fmod(d
, divisorValue
.toNumber(callFrame
))); 
5583     CHECK_FOR_EXCEPTION_AT_END(); 
5584     return JSValuePtr::encode(result
); 
5587 JSValueEncodedAsPointer
* Interpreter::cti_op_less(STUB_ARGS
) 
5589     BEGIN_STUB_FUNCTION(); 
5591     CallFrame
* callFrame 
= ARG_callFrame
; 
5592     JSValuePtr result 
= jsBoolean(jsLess(callFrame
, ARG_src1
, ARG_src2
)); 
5593     CHECK_FOR_EXCEPTION_AT_END(); 
5594     return JSValuePtr::encode(result
); 
5597 JSValueEncodedAsPointer
* Interpreter::cti_op_neq(STUB_ARGS
) 
5599     BEGIN_STUB_FUNCTION(); 
5601     JSValuePtr src1 
= ARG_src1
; 
5602     JSValuePtr src2 
= ARG_src2
; 
5604     ASSERT(!JSValuePtr::areBothInt32Fast(src1
, src2
)); 
5606     CallFrame
* callFrame 
= ARG_callFrame
; 
5607     JSValuePtr result 
= jsBoolean(!JSValuePtr::equalSlowCaseInline(callFrame
, src1
, src2
)); 
5608     CHECK_FOR_EXCEPTION_AT_END(); 
5609     return JSValuePtr::encode(result
); 
5612 VoidPtrPair 
Interpreter::cti_op_post_dec(STUB_ARGS
) 
5614     BEGIN_STUB_FUNCTION(); 
5616     JSValuePtr v 
= ARG_src1
; 
5618     CallFrame
* callFrame 
= ARG_callFrame
; 
5620     JSValuePtr number 
= v
.toJSNumber(callFrame
); 
5621     CHECK_FOR_EXCEPTION_AT_END(); 
5623     RETURN_PAIR(JSValuePtr::encode(number
), JSValuePtr::encode(jsNumber(ARG_globalData
, number
.uncheckedGetNumber() - 1))); 
5626 JSValueEncodedAsPointer
* Interpreter::cti_op_urshift(STUB_ARGS
) 
5628     BEGIN_STUB_FUNCTION(); 
5630     JSValuePtr val 
= ARG_src1
; 
5631     JSValuePtr shift 
= ARG_src2
; 
5633     CallFrame
* callFrame 
= ARG_callFrame
; 
5635     if (JSFastMath::canDoFastUrshift(val
, shift
)) 
5636         return JSValuePtr::encode(JSFastMath::rightShiftImmediateNumbers(val
, shift
)); 
5638         JSValuePtr result 
= jsNumber(ARG_globalData
, (val
.toUInt32(callFrame
)) >> (shift
.toUInt32(callFrame
) & 0x1f)); 
5639         CHECK_FOR_EXCEPTION_AT_END(); 
5640         return JSValuePtr::encode(result
); 
5644 JSValueEncodedAsPointer
* Interpreter::cti_op_bitxor(STUB_ARGS
) 
5646     BEGIN_STUB_FUNCTION(); 
5648     JSValuePtr src1 
= ARG_src1
; 
5649     JSValuePtr src2 
= ARG_src2
; 
5651     CallFrame
* callFrame 
= ARG_callFrame
; 
5653     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toInt32(callFrame
) ^ src2
.toInt32(callFrame
)); 
5654     CHECK_FOR_EXCEPTION_AT_END(); 
5655     return JSValuePtr::encode(result
); 
5658 JSObject
* Interpreter::cti_op_new_regexp(STUB_ARGS
) 
5660     BEGIN_STUB_FUNCTION(); 
5662     return new (ARG_globalData
) RegExpObject(ARG_callFrame
->lexicalGlobalObject()->regExpStructure(), ARG_regexp1
); 
5665 JSValueEncodedAsPointer
* Interpreter::cti_op_bitor(STUB_ARGS
) 
5667     BEGIN_STUB_FUNCTION(); 
5669     JSValuePtr src1 
= ARG_src1
; 
5670     JSValuePtr src2 
= ARG_src2
; 
5672     CallFrame
* callFrame 
= ARG_callFrame
; 
5674     JSValuePtr result 
= jsNumber(ARG_globalData
, src1
.toInt32(callFrame
) | src2
.toInt32(callFrame
)); 
5675     CHECK_FOR_EXCEPTION_AT_END(); 
5676     return JSValuePtr::encode(result
); 
5679 JSValueEncodedAsPointer
* Interpreter::cti_op_call_eval(STUB_ARGS
) 
5681     BEGIN_STUB_FUNCTION(); 
5683     CallFrame
* callFrame 
= ARG_callFrame
; 
5684     RegisterFile
* registerFile 
= ARG_registerFile
; 
5686     Interpreter
* interpreter 
= ARG_globalData
->interpreter
; 
5688     JSValuePtr funcVal 
= ARG_src1
; 
5689     int registerOffset 
= ARG_int2
; 
5690     int argCount 
= ARG_int3
; 
5692     Register
* newCallFrame 
= callFrame
->registers() + registerOffset
; 
5693     Register
* argv 
= newCallFrame 
- RegisterFile::CallFrameHeaderSize 
- argCount
; 
5694     JSValuePtr thisValue 
= argv
[0].jsValue(callFrame
); 
5695     JSGlobalObject
* globalObject 
= callFrame
->scopeChain()->globalObject(); 
5697     if (thisValue 
== globalObject 
&& funcVal 
== globalObject
->evalFunction()) { 
5698         JSValuePtr exceptionValue 
= noValue(); 
5699         JSValuePtr result 
= interpreter
->callEval(callFrame
, registerFile
, argv
, argCount
, registerOffset
, exceptionValue
); 
5700         if (UNLIKELY(exceptionValue 
!= noValue())) { 
5701             ARG_globalData
->exception 
= exceptionValue
; 
5702             VM_THROW_EXCEPTION_AT_END(); 
5704         return JSValuePtr::encode(result
); 
5707     return JSValuePtr::encode(jsImpossibleValue()); 
5710 JSValueEncodedAsPointer
* Interpreter::cti_op_throw(STUB_ARGS
) 
5712     BEGIN_STUB_FUNCTION(); 
5714     CallFrame
* callFrame 
= ARG_callFrame
; 
5715     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5717     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5719     JSValuePtr exceptionValue 
= ARG_src1
; 
5720     ASSERT(exceptionValue
); 
5722     HandlerInfo
* handler 
= ARG_globalData
->interpreter
->throwException(callFrame
, exceptionValue
, vPCIndex
, true); 
5725         *ARG_exception 
= exceptionValue
; 
5726         return JSValuePtr::encode(jsNull()); 
5729     ARG_setCallFrame(callFrame
); 
5730     void* catchRoutine 
= handler
->nativeCode
; 
5731     ASSERT(catchRoutine
); 
5732     STUB_SET_RETURN_ADDRESS(catchRoutine
); 
5733     return JSValuePtr::encode(exceptionValue
); 
5736 JSPropertyNameIterator
* Interpreter::cti_op_get_pnames(STUB_ARGS
) 
5738     BEGIN_STUB_FUNCTION(); 
5740     return JSPropertyNameIterator::create(ARG_callFrame
, ARG_src1
); 
5743 JSValueEncodedAsPointer
* Interpreter::cti_op_next_pname(STUB_ARGS
) 
5745     BEGIN_STUB_FUNCTION(); 
5747     JSPropertyNameIterator
* it 
= ARG_pni1
; 
5748     JSValuePtr temp 
= it
->next(ARG_callFrame
); 
5751     return JSValuePtr::encode(temp
); 
5754 JSObject
* Interpreter::cti_op_push_scope(STUB_ARGS
) 
5756     BEGIN_STUB_FUNCTION(); 
5758     JSObject
* o 
= ARG_src1
.toObject(ARG_callFrame
); 
5759     CHECK_FOR_EXCEPTION(); 
5760     ARG_callFrame
->setScopeChain(ARG_callFrame
->scopeChain()->push(o
)); 
5764 void Interpreter::cti_op_pop_scope(STUB_ARGS
) 
5766     BEGIN_STUB_FUNCTION(); 
5768     ARG_callFrame
->setScopeChain(ARG_callFrame
->scopeChain()->pop()); 
5771 JSValueEncodedAsPointer
* Interpreter::cti_op_typeof(STUB_ARGS
) 
5773     BEGIN_STUB_FUNCTION(); 
5775     return JSValuePtr::encode(jsTypeStringForValue(ARG_callFrame
, ARG_src1
)); 
5778 JSValueEncodedAsPointer
* Interpreter::cti_op_is_undefined(STUB_ARGS
) 
5780     BEGIN_STUB_FUNCTION(); 
5782     JSValuePtr v 
= ARG_src1
; 
5783     return JSValuePtr::encode(jsBoolean(v
.isCell() ? v
.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v
.isUndefined())); 
5786 JSValueEncodedAsPointer
* Interpreter::cti_op_is_boolean(STUB_ARGS
) 
5788     BEGIN_STUB_FUNCTION(); 
5790     return JSValuePtr::encode(jsBoolean(ARG_src1
.isBoolean())); 
5793 JSValueEncodedAsPointer
* Interpreter::cti_op_is_number(STUB_ARGS
) 
5795     BEGIN_STUB_FUNCTION(); 
5797     return JSValuePtr::encode(jsBoolean(ARG_src1
.isNumber())); 
5800 JSValueEncodedAsPointer
* Interpreter::cti_op_is_string(STUB_ARGS
) 
5802     BEGIN_STUB_FUNCTION(); 
5804     return JSValuePtr::encode(jsBoolean(ARG_globalData
->interpreter
->isJSString(ARG_src1
))); 
5807 JSValueEncodedAsPointer
* Interpreter::cti_op_is_object(STUB_ARGS
) 
5809     BEGIN_STUB_FUNCTION(); 
5811     return JSValuePtr::encode(jsBoolean(jsIsObjectType(ARG_src1
))); 
5814 JSValueEncodedAsPointer
* Interpreter::cti_op_is_function(STUB_ARGS
) 
5816     BEGIN_STUB_FUNCTION(); 
5818     return JSValuePtr::encode(jsBoolean(jsIsFunctionType(ARG_src1
))); 
5821 JSValueEncodedAsPointer
* Interpreter::cti_op_stricteq(STUB_ARGS
) 
5823     BEGIN_STUB_FUNCTION(); 
5825     JSValuePtr src1 
= ARG_src1
; 
5826     JSValuePtr src2 
= ARG_src2
; 
5828     return JSValuePtr::encode(jsBoolean(JSValuePtr::strictEqual(src1
, src2
))); 
5831 JSValueEncodedAsPointer
* Interpreter::cti_op_nstricteq(STUB_ARGS
) 
5833     BEGIN_STUB_FUNCTION(); 
5835     JSValuePtr src1 
= ARG_src1
; 
5836     JSValuePtr src2 
= ARG_src2
; 
5838     return JSValuePtr::encode(jsBoolean(!JSValuePtr::strictEqual(src1
, src2
))); 
5841 JSValueEncodedAsPointer
* Interpreter::cti_op_to_jsnumber(STUB_ARGS
) 
5843     BEGIN_STUB_FUNCTION(); 
5845     JSValuePtr src 
= ARG_src1
; 
5846     CallFrame
* callFrame 
= ARG_callFrame
; 
5848     JSValuePtr result 
= src
.toJSNumber(callFrame
); 
5849     CHECK_FOR_EXCEPTION_AT_END(); 
5850     return JSValuePtr::encode(result
); 
5853 JSValueEncodedAsPointer
* Interpreter::cti_op_in(STUB_ARGS
) 
5855     BEGIN_STUB_FUNCTION(); 
5857     CallFrame
* callFrame 
= ARG_callFrame
; 
5858     JSValuePtr baseVal 
= ARG_src2
; 
5860     if (!baseVal
.isObject()) { 
5861         CallFrame
* callFrame 
= ARG_callFrame
; 
5862         CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5863         unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, STUB_RETURN_ADDRESS
); 
5864         ARG_globalData
->exception 
= createInvalidParamError(callFrame
, "in", baseVal
, vPCIndex
, codeBlock
); 
5865         VM_THROW_EXCEPTION(); 
5868     JSValuePtr propName 
= ARG_src1
; 
5869     JSObject
* baseObj 
= asObject(baseVal
); 
5872     if (propName
.getUInt32(i
)) 
5873         return JSValuePtr::encode(jsBoolean(baseObj
->hasProperty(callFrame
, i
))); 
5875     Identifier 
property(callFrame
, propName
.toString(callFrame
)); 
5876     CHECK_FOR_EXCEPTION(); 
5877     return JSValuePtr::encode(jsBoolean(baseObj
->hasProperty(callFrame
, property
))); 
5880 JSObject
* Interpreter::cti_op_push_new_scope(STUB_ARGS
) 
5882     BEGIN_STUB_FUNCTION(); 
5884     JSObject
* scope 
= new (ARG_globalData
) JSStaticScopeObject(ARG_callFrame
, *ARG_id1
, ARG_src2
, DontDelete
); 
5886     CallFrame
* callFrame 
= ARG_callFrame
; 
5887     callFrame
->setScopeChain(callFrame
->scopeChain()->push(scope
)); 
5891 void Interpreter::cti_op_jmp_scopes(STUB_ARGS
) 
5893     BEGIN_STUB_FUNCTION(); 
5895     unsigned count 
= ARG_int1
; 
5896     CallFrame
* callFrame 
= ARG_callFrame
; 
5898     ScopeChainNode
* tmp 
= callFrame
->scopeChain(); 
5901     callFrame
->setScopeChain(tmp
); 
5904 void Interpreter::cti_op_put_by_index(STUB_ARGS
) 
5906     BEGIN_STUB_FUNCTION(); 
5908     CallFrame
* callFrame 
= ARG_callFrame
; 
5909     unsigned property 
= ARG_int2
; 
5911     ARG_src1
.put(callFrame
, property
, ARG_src3
); 
5914 void* Interpreter::cti_op_switch_imm(STUB_ARGS
) 
5916     BEGIN_STUB_FUNCTION(); 
5918     JSValuePtr scrutinee 
= ARG_src1
; 
5919     unsigned tableIndex 
= ARG_int2
; 
5920     CallFrame
* callFrame 
= ARG_callFrame
; 
5921     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5923     if (scrutinee
.isInt32Fast()) 
5924         return codeBlock
->immediateSwitchJumpTable(tableIndex
).ctiForValue(scrutinee
.getInt32Fast()); 
5927         if (scrutinee
.numberToInt32(value
)) 
5928             return codeBlock
->immediateSwitchJumpTable(tableIndex
).ctiForValue(value
); 
5930             return codeBlock
->immediateSwitchJumpTable(tableIndex
).ctiDefault
; 
5934 void* Interpreter::cti_op_switch_char(STUB_ARGS
) 
5936     BEGIN_STUB_FUNCTION(); 
5938     JSValuePtr scrutinee 
= ARG_src1
; 
5939     unsigned tableIndex 
= ARG_int2
; 
5940     CallFrame
* callFrame 
= ARG_callFrame
; 
5941     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5943     void* result 
= codeBlock
->characterSwitchJumpTable(tableIndex
).ctiDefault
; 
5945     if (scrutinee
.isString()) { 
5946         UString::Rep
* value 
= asString(scrutinee
)->value().rep(); 
5947         if (value
->size() == 1) 
5948             result 
= codeBlock
->characterSwitchJumpTable(tableIndex
).ctiForValue(value
->data()[0]); 
5954 void* Interpreter::cti_op_switch_string(STUB_ARGS
) 
5956     BEGIN_STUB_FUNCTION(); 
5958     JSValuePtr scrutinee 
= ARG_src1
; 
5959     unsigned tableIndex 
= ARG_int2
; 
5960     CallFrame
* callFrame 
= ARG_callFrame
; 
5961     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
5963     void* result 
= codeBlock
->stringSwitchJumpTable(tableIndex
).ctiDefault
; 
5965     if (scrutinee
.isString()) { 
5966         UString::Rep
* value 
= asString(scrutinee
)->value().rep(); 
5967         result 
= codeBlock
->stringSwitchJumpTable(tableIndex
).ctiForValue(value
); 
5973 JSValueEncodedAsPointer
* Interpreter::cti_op_del_by_val(STUB_ARGS
) 
5975     BEGIN_STUB_FUNCTION(); 
5977     CallFrame
* callFrame 
= ARG_callFrame
; 
5979     JSValuePtr baseValue 
= ARG_src1
; 
5980     JSObject
* baseObj 
= baseValue
.toObject(callFrame
); // may throw 
5982     JSValuePtr subscript 
= ARG_src2
; 
5985     if (subscript
.getUInt32(i
)) 
5986         result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, i
)); 
5988         CHECK_FOR_EXCEPTION(); 
5989         Identifier 
property(callFrame
, subscript
.toString(callFrame
)); 
5990         CHECK_FOR_EXCEPTION(); 
5991         result 
= jsBoolean(baseObj
->deleteProperty(callFrame
, property
)); 
5994     CHECK_FOR_EXCEPTION_AT_END(); 
5995     return JSValuePtr::encode(result
); 
5998 void Interpreter::cti_op_put_getter(STUB_ARGS
) 
6000     BEGIN_STUB_FUNCTION(); 
6002     CallFrame
* callFrame 
= ARG_callFrame
; 
6004     ASSERT(ARG_src1
.isObject()); 
6005     JSObject
* baseObj 
= asObject(ARG_src1
); 
6006     ASSERT(ARG_src3
.isObject()); 
6007     baseObj
->defineGetter(callFrame
, *ARG_id2
, asObject(ARG_src3
)); 
6010 void Interpreter::cti_op_put_setter(STUB_ARGS
) 
6012     BEGIN_STUB_FUNCTION(); 
6014     CallFrame
* callFrame 
= ARG_callFrame
; 
6016     ASSERT(ARG_src1
.isObject()); 
6017     JSObject
* baseObj 
= asObject(ARG_src1
); 
6018     ASSERT(ARG_src3
.isObject()); 
6019     baseObj
->defineSetter(callFrame
, *ARG_id2
, asObject(ARG_src3
)); 
6022 JSObject
* Interpreter::cti_op_new_error(STUB_ARGS
) 
6024     BEGIN_STUB_FUNCTION(); 
6026     CallFrame
* callFrame 
= ARG_callFrame
; 
6027     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
6028     unsigned type 
= ARG_int1
; 
6029     JSValuePtr message 
= ARG_src2
; 
6030     unsigned bytecodeOffset 
= ARG_int3
; 
6032     unsigned lineNumber 
= codeBlock
->lineNumberForBytecodeOffset(callFrame
, bytecodeOffset
); 
6033     return Error::create(callFrame
, static_cast<ErrorType
>(type
), message
.toString(callFrame
), lineNumber
, codeBlock
->ownerNode()->sourceID(), codeBlock
->ownerNode()->sourceURL()); 
6036 void Interpreter::cti_op_debug(STUB_ARGS
) 
6038     BEGIN_STUB_FUNCTION(); 
6040     CallFrame
* callFrame 
= ARG_callFrame
; 
6042     int debugHookID 
= ARG_int1
; 
6043     int firstLine 
= ARG_int2
; 
6044     int lastLine 
= ARG_int3
; 
6046     ARG_globalData
->interpreter
->debug(callFrame
, static_cast<DebugHookID
>(debugHookID
), firstLine
, lastLine
); 
6049 JSValueEncodedAsPointer
* Interpreter::cti_vm_throw(STUB_ARGS
) 
6051     BEGIN_STUB_FUNCTION(); 
6053     CallFrame
* callFrame 
= ARG_callFrame
; 
6054     CodeBlock
* codeBlock 
= callFrame
->codeBlock(); 
6055     JSGlobalData
* globalData 
= ARG_globalData
; 
6057     unsigned vPCIndex 
= codeBlock
->getBytecodeIndex(callFrame
, globalData
->exceptionLocation
); 
6059     JSValuePtr exceptionValue 
= globalData
->exception
; 
6060     ASSERT(exceptionValue
); 
6061     globalData
->exception 
= noValue(); 
6063     HandlerInfo
* handler 
= globalData
->interpreter
->throwException(callFrame
, exceptionValue
, vPCIndex
, false); 
6066         *ARG_exception 
= exceptionValue
; 
6067         return JSValuePtr::encode(jsNull()); 
6070     ARG_setCallFrame(callFrame
); 
6071     void* catchRoutine 
= handler
->nativeCode
; 
6072     ASSERT(catchRoutine
); 
6073     STUB_SET_RETURN_ADDRESS(catchRoutine
); 
6074     return JSValuePtr::encode(exceptionValue
); 
6077 #undef STUB_RETURN_ADDRESS 
6078 #undef STUB_SET_RETURN_ADDRESS 
6079 #undef BEGIN_STUB_FUNCTION 
6080 #undef CHECK_FOR_EXCEPTION 
6081 #undef CHECK_FOR_EXCEPTION_AT_END 
6082 #undef CHECK_FOR_EXCEPTION_VOID 
6083 #undef VM_THROW_EXCEPTION 
6084 #undef VM_THROW_EXCEPTION_2 
6085 #undef VM_THROW_EXCEPTION_AT_END 
6087 #endif // ENABLE(JIT)