]> git.saurik.com Git - apple/javascriptcore.git/blobdiff - jit/JITArithmetic.cpp
projects / apple / javascriptcore.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
JavaScriptCore-7601.1.46.3.tar.gz
[apple/javascriptcore.git] / jit / JITArithmetic.cpp
diff --git a/jit/JITArithmetic.cpp b/jit/JITArithmetic.cpp
index cd39b3ad01c1ff45e15551efbbe01f0c12b633fc..167e4130159ca1856192c5e4ed1ebf0ebcee26f6 100644 (file)
--- a/jit/JITArithmetic.cpp
+++ b/jit/JITArithmetic.cpp
@@ -24,717 +24,366 @@
  */
 
 #include "config.h"
  */
 
 #include "config.h"
-#include "JIT.h"
 
 #if ENABLE(JIT)
 
 #if ENABLE(JIT)
+#include "JIT.h"
 
 #include "CodeBlock.h"
 
 #include "CodeBlock.h"
-#include "JITInlineMethods.h"
-#include "JITStubCall.h"
+#include "JITInlines.h"
+#include "JITOperations.h"
 #include "JITStubs.h"
 #include "JSArray.h"
 #include "JSFunction.h"
 #include "Interpreter.h"
 #include "JITStubs.h"
 #include "JSArray.h"
 #include "JSFunction.h"
 #include "Interpreter.h"
+#include "JSCInlines.h"
 #include "ResultType.h"
 #include "SamplingTool.h"
 #include "ResultType.h"
 #include "SamplingTool.h"
+#include "SlowPathCall.h"
 
 
-#ifndef NDEBUG
-#include <stdio.h>
-#endif
-
-using namespace std;
 
 namespace JSC {
 
 
 namespace JSC {
 
-#if !USE(JSVALUE32_64)
-
-void JIT::emit_op_lshift(Instruction* currentInstruction)
+void JIT::emit_op_jless(Instruction* currentInstruction)
 {
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-    emitGetVirtualRegisters(op1, regT0, op2, regT2);
-    // FIXME: would we be better using 'emitJumpSlowCaseIfNotImmediateIntegers'? - we *probably* ought to be consistent.
-    emitJumpSlowCaseIfNotImmediateInteger(regT0);
-    emitJumpSlowCaseIfNotImmediateInteger(regT2);
-    emitFastArithImmToInt(regT0);
-    emitFastArithImmToInt(regT2);
-    lshift32(regT2, regT0);
-#if USE(JSVALUE32)
-    addSlowCase(branchAdd32(Overflow, regT0, regT0));
-    signExtend32ToPtr(regT0, regT0);
-#endif
-    emitFastArithReTagImmediate(regT0, regT0);
-    emitPutVirtualRegister(result);
+    emit_compareAndJump(op_jless, op1, op2, target, LessThan);
 }
 
 }
 
-void JIT::emitSlow_op_lshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emit_op_jlesseq(Instruction* currentInstruction)
 {
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-#if USE(JSVALUE64)
-    UNUSED_PARAM(op1);
-    UNUSED_PARAM(op2);
-    linkSlowCase(iter);
-    linkSlowCase(iter);
-#else
-    // If we are limited to 32-bit immediates there is a third slow case, which required the operands to have been reloaded.
-    Jump notImm1 = getSlowCase(iter);
-    Jump notImm2 = getSlowCase(iter);
-    linkSlowCase(iter);
-    emitGetVirtualRegisters(op1, regT0, op2, regT2);
-    notImm1.link(this);
-    notImm2.link(this);
-#endif
-    JITStubCall stubCall(this, cti_op_lshift);
-    stubCall.addArgument(regT0);
-    stubCall.addArgument(regT2);
-    stubCall.call(result);
+    emit_compareAndJump(op_jlesseq, op1, op2, target, LessThanOrEqual);
 }
 
 }
 
-void JIT::emit_op_rshift(Instruction* currentInstruction)
+void JIT::emit_op_jgreater(Instruction* currentInstruction)
 {
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-    if (isOperandConstantImmediateInt(op2)) {
-        // isOperandConstantImmediateInt(op2) => 1 SlowCase
-        emitGetVirtualRegister(op1, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        // Mask with 0x1f as per ecma-262 11.7.2 step 7.
-        rshift32(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
-    } else {
-        emitGetVirtualRegisters(op1, regT0, op2, regT2);
-        if (supportsFloatingPointTruncate()) {
-            Jump lhsIsInt = emitJumpIfImmediateInteger(regT0);
-#if USE(JSVALUE64)
-            // supportsFloatingPoint() && USE(JSVALUE64) => 3 SlowCases
-            addSlowCase(emitJumpIfNotImmediateNumber(regT0));
-            addPtr(tagTypeNumberRegister, regT0);
-            movePtrToDouble(regT0, fpRegT0);
-            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
-#else
-            // supportsFloatingPoint() && !USE(JSVALUE64) => 5 SlowCases (of which 1 IfNotJSCell)
-            emitJumpSlowCaseIfNotJSCell(regT0, op1);
-            addSlowCase(checkStructure(regT0, m_globalData->numberStructure.get()));
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
-            addSlowCase(branchAdd32(Overflow, regT0, regT0));
-#endif
-            lhsIsInt.link(this);
-            emitJumpSlowCaseIfNotImmediateInteger(regT2);
-        } else {
-            // !supportsFloatingPoint() => 2 SlowCases
-            emitJumpSlowCaseIfNotImmediateInteger(regT0);
-            emitJumpSlowCaseIfNotImmediateInteger(regT2);
-        }
-        emitFastArithImmToInt(regT2);
-        rshift32(regT2, regT0);
-#if USE(JSVALUE32)
-        signExtend32ToPtr(regT0, regT0);
-#endif
-    }
-#if USE(JSVALUE64)
-    emitFastArithIntToImmNoCheck(regT0, regT0);
-#else
-    orPtr(Imm32(JSImmediate::TagTypeNumber), regT0);
-#endif
-    emitPutVirtualRegister(result);
+    emit_compareAndJump(op_jgreater, op1, op2, target, GreaterThan);
 }
 
 }
 
-void JIT::emitSlow_op_rshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emit_op_jgreatereq(Instruction* currentInstruction)
 {
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-    JITStubCall stubCall(this, cti_op_rshift);
+    emit_compareAndJump(op_jgreatereq, op1, op2, target, GreaterThanOrEqual);
+}
 
 
-    if (isOperandConstantImmediateInt(op2)) {
-        linkSlowCase(iter);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-    } else {
-        if (supportsFloatingPointTruncate()) {
-#if USE(JSVALUE64)
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-#else
-            linkSlowCaseIfNotJSCell(iter, op1);
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-#endif
-            // We're reloading op1 to regT0 as we can no longer guarantee that
-            // we have not munged the operand.  It may have already been shifted
-            // correctly, but it still will not have been tagged.
-            stubCall.addArgument(op1, regT0);
-            stubCall.addArgument(regT2);
-        } else {
-            linkSlowCase(iter);
-            linkSlowCase(iter);
-            stubCall.addArgument(regT0);
-            stubCall.addArgument(regT2);
-        }
-    }
+void JIT::emit_op_jnless(Instruction* currentInstruction)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-    stubCall.call(result);
+    emit_compareAndJump(op_jnless, op1, op2, target, GreaterThanOrEqual);
 }
 
 }
 
-void JIT::emit_op_urshift(Instruction* currentInstruction)
+void JIT::emit_op_jnlesseq(Instruction* currentInstruction)
 {
 {
-    unsigned dst = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-    // Slow case of urshift makes assumptions about what registers hold the
-    // shift arguments, so any changes must be updated there as well.
-    if (isOperandConstantImmediateInt(op2)) {
-        emitGetVirtualRegister(op1, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        emitFastArithImmToInt(regT0);
-        int shift = getConstantOperand(op2).asInt32();
-        if (shift)
-            urshift32(Imm32(shift & 0x1f), regT0);
-        // unsigned shift < 0 or shift = k*2^32 may result in (essentially)
-        // a toUint conversion, which can result in a value we can represent
-        // as an immediate int.
-        if (shift < 0 || !(shift & 31))
-            addSlowCase(branch32(LessThan, regT0, Imm32(0)));
-#if USE(JSVALUE32)
-        addSlowCase(branchAdd32(Overflow, regT0, regT0));
-        signExtend32ToPtr(regT0, regT0);
-#endif
-        emitFastArithReTagImmediate(regT0, regT0);
-        emitPutVirtualRegister(dst, regT0);
-        return;
-    }
-    emitGetVirtualRegisters(op1, regT0, op2, regT1);
-    if (!isOperandConstantImmediateInt(op1))
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-    emitJumpSlowCaseIfNotImmediateInteger(regT1);
-    emitFastArithImmToInt(regT0);
-    emitFastArithImmToInt(regT1);
-    urshift32(regT1, regT0);
-    addSlowCase(branch32(LessThan, regT0, Imm32(0)));
-#if USE(JSVALUE32)
-    addSlowCase(branchAdd32(Overflow, regT0, regT0));
-    signExtend32ToPtr(regT0, regT0);
-#endif
-    emitFastArithReTagImmediate(regT0, regT0);
-    emitPutVirtualRegister(dst, regT0);
+    emit_compareAndJump(op_jnlesseq, op1, op2, target, GreaterThan);
 }
 
 }
 
-void JIT::emitSlow_op_urshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emit_op_jngreater(Instruction* currentInstruction)
 {
 {
-    unsigned dst = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-    if (isOperandConstantImmediateInt(op2)) {
-        int shift = getConstantOperand(op2).asInt32();
-        // op1 = regT0
-        linkSlowCase(iter); // int32 check
-#if USE(JSVALUE64)
-        if (supportsFloatingPointTruncate()) {
-            JumpList failures;
-            failures.append(emitJumpIfNotImmediateNumber(regT0)); // op1 is not a double
-            addPtr(tagTypeNumberRegister, regT0);
-            movePtrToDouble(regT0, fpRegT0);
-            failures.append(branchTruncateDoubleToInt32(fpRegT0, regT0));
-            if (shift)
-                urshift32(Imm32(shift & 0x1f), regT0);
-            if (shift < 0 || !(shift & 31))
-                failures.append(branch32(LessThan, regT0, Imm32(0)));
-            emitFastArithReTagImmediate(regT0, regT0);
-            emitPutVirtualRegister(dst, regT0);
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_rshift));
-            failures.link(this);
-        }
-#endif // JSVALUE64
-        if (shift < 0 || !(shift & 31))
-            linkSlowCase(iter); // failed to box in hot path
-#if USE(JSVALUE32)
-        linkSlowCase(iter); // Couldn't box result
-#endif
-    } else {
-        // op1 = regT0
-        // op2 = regT1
-        if (!isOperandConstantImmediateInt(op1)) {
-            linkSlowCase(iter); // int32 check -- op1 is not an int
-#if USE(JSVALUE64)
-            if (supportsFloatingPointTruncate()) {
-                JumpList failures;
-                failures.append(emitJumpIfNotImmediateNumber(regT0)); // op1 is not a double
-                addPtr(tagTypeNumberRegister, regT0);
-                movePtrToDouble(regT0, fpRegT0);
-                failures.append(branchTruncateDoubleToInt32(fpRegT0, regT0));
-                failures.append(emitJumpIfNotImmediateInteger(regT1)); // op2 is not an int
-                emitFastArithImmToInt(regT1);
-                urshift32(regT1, regT0);
-                failures.append(branch32(LessThan, regT0, Imm32(0)));
-                emitFastArithReTagImmediate(regT0, regT0);
-                emitPutVirtualRegister(dst, regT0);
-                emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_rshift));
-                failures.link(this);
-            }
-#endif
-        }
-        
-        linkSlowCase(iter); // int32 check - op2 is not an int
-        linkSlowCase(iter); // Can't represent unsigned result as an immediate
-#if USE(JSVALUE32)
-        linkSlowCase(iter); // Couldn't box result
-#endif
-    }
-    
-    JITStubCall stubCall(this, cti_op_urshift);
-    stubCall.addArgument(op1, regT0);
-    stubCall.addArgument(op2, regT1);
-    stubCall.call(dst);
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emit_compareAndJump(op_jngreater, op1, op2, target, LessThanOrEqual);
 }
 
 }
 
-void JIT::emit_op_jnless(Instruction* currentInstruction)
+void JIT::emit_op_jngreatereq(Instruction* currentInstruction)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
     unsigned target = currentInstruction[3].u.operand;
 
     unsigned target = currentInstruction[3].u.operand;
 
-    // We generate inline code for the following cases in the fast path:
-    // - int immediate to constant int immediate
-    // - constant int immediate to int immediate
-    // - int immediate to int immediate
+    emit_compareAndJump(op_jngreatereq, op1, op2, target, LessThan);
+}
 
 
-    if (isOperandConstantImmediateChar(op1)) {
-        emitGetVirtualRegister(op2, regT0);
-        addSlowCase(emitJumpIfNotJSCell(regT0));
-        JumpList failures;
-        emitLoadCharacterString(regT0, regT0, failures);
-        addSlowCase(failures);
-        addJump(branch32(LessThanOrEqual, regT0, Imm32(asString(getConstantOperand(op1))->tryGetValue()[0])), target);
-        return;
-    }
-    if (isOperandConstantImmediateChar(op2)) {
-        emitGetVirtualRegister(op1, regT0);
-        addSlowCase(emitJumpIfNotJSCell(regT0));
-        JumpList failures;
-        emitLoadCharacterString(regT0, regT0, failures);
-        addSlowCase(failures);
-        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(asString(getConstantOperand(op2))->tryGetValue()[0])), target);
-        return;
-    }
-    if (isOperandConstantImmediateInt(op2)) {
-        emitGetVirtualRegister(op1, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-        int32_t op2imm = getConstantOperandImmediateInt(op2);
-#else
-        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
-#endif
-        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(op2imm)), target);
-    } else if (isOperandConstantImmediateInt(op1)) {
-        emitGetVirtualRegister(op2, regT1);
-        emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(JSVALUE64)
-        int32_t op1imm = getConstantOperandImmediateInt(op1);
-#else
-        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
-#endif
-        addJump(branch32(LessThanOrEqual, regT1, Imm32(op1imm)), target);
-    } else {
-        emitGetVirtualRegisters(op1, regT0, op2, regT1);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+void JIT::emitSlow_op_jless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-        addJump(branch32(GreaterThanOrEqual, regT0, regT1), target);
-    }
+    emit_compareAndJumpSlow(op1, op2, target, DoubleLessThan, operationCompareLess, false, iter);
 }
 
 }
 
-void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_jlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
     unsigned target = currentInstruction[3].u.operand;
 
     unsigned target = currentInstruction[3].u.operand;
 
-    // We generate inline code for the following cases in the slow path:
-    // - floating-point number to constant int immediate
-    // - constant int immediate to floating-point number
-    // - floating-point number to floating-point number.
-    if (isOperandConstantImmediateChar(op1) || isOperandConstantImmediateChar(op2)) {
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(op1, regT0);
-        stubCall.addArgument(op2, regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(Zero, regT0), target);
-        return;
-    }
-
-    if (isOperandConstantImmediateInt(op2)) {
-        linkSlowCase(iter);
+    emit_compareAndJumpSlow(op1, op2, target, DoubleLessThanOrEqual, operationCompareLessEq, false, iter);
+}
 
 
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
-            addPtr(tagTypeNumberRegister, regT0);
-            movePtrToDouble(regT0, fpRegT0);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
+void JIT::emitSlow_op_jgreater(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-            Jump fail2 = checkStructure(regT0, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-#endif
+    emit_compareAndJumpSlow(op1, op2, target, DoubleGreaterThan, operationCompareGreater, false, iter);
+}
 
 
-            int32_t op2imm = getConstantOperand(op2).asInt32();;
+void JIT::emitSlow_op_jgreatereq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-            move(Imm32(op2imm), regT1);
-            convertInt32ToDouble(regT1, fpRegT1);
+    emit_compareAndJumpSlow(op1, op2, target, DoubleGreaterThanOrEqual, operationCompareGreaterEq, false, iter);
+}
 
 
-            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqualOrUnordered, fpRegT1, fpRegT0), target);
+void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+    emit_compareAndJumpSlow(op1, op2, target, DoubleGreaterThanOrEqualOrUnordered, operationCompareLess, true, iter);
+}
 
 
-#if USE(JSVALUE64)
-            fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            fail2.link(this);
-#endif
-        }
+void JIT::emitSlow_op_jnlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(Zero, regT0), target);
+    emit_compareAndJumpSlow(op1, op2, target, DoubleGreaterThanOrUnordered, operationCompareLessEq, true, iter);
+}
 
 
-    } else if (isOperandConstantImmediateInt(op1)) {
-        linkSlowCase(iter);
+void JIT::emitSlow_op_jngreater(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1 = emitJumpIfNotJSCell(regT1);
+    emit_compareAndJumpSlow(op1, op2, target, DoubleLessThanOrEqualOrUnordered, operationCompareGreater, true, iter);
+}
 
 
-            Jump fail2 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
+void JIT::emitSlow_op_jngreatereq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op1 = currentInstruction[1].u.operand;
+    int op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
 
 
-            int32_t op1imm = getConstantOperand(op1).asInt32();;
+    emit_compareAndJumpSlow(op1, op2, target, DoubleLessThanOrUnordered, operationCompareGreaterEq, true, iter);
+}
 
 
-            move(Imm32(op1imm), regT0);
-            convertInt32ToDouble(regT0, fpRegT0);
+#if USE(JSVALUE64)
 
 
-            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqualOrUnordered, fpRegT1, fpRegT0), target);
+void JIT::emit_op_negate(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+    emitGetVirtualRegister(src, regT0);
 
 
-#if USE(JSVALUE64)
-            fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1.link(this);
-            fail2.link(this);
-#endif
-        }
+    Jump srcNotInt = emitJumpIfNotImmediateInteger(regT0);
+    addSlowCase(branchTest32(Zero, regT0, TrustedImm32(0x7fffffff)));
+    neg32(regT0);
+    emitFastArithReTagImmediate(regT0, regT0);
 
 
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(Zero, regT0), target);
+    Jump end = jump();
 
 
-    } else {
-        linkSlowCase(iter);
+    srcNotInt.link(this);
+    emitJumpSlowCaseIfNotImmediateNumber(regT0);
 
 
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
-            Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
-            Jump fail3 = emitJumpIfImmediateInteger(regT1);
-            addPtr(tagTypeNumberRegister, regT0);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT0, fpRegT0);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
-
-            Jump fail2;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2 = emitJumpIfNotJSCell(regT1);
+    move(TrustedImm64((int64_t)0x8000000000000000ull), regT1);
+    xor64(regT1, regT0);
 
 
-            Jump fail3 = checkStructure(regT0, m_globalData->numberStructure.get());
-            Jump fail4 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
+    end.link(this);
+    emitPutVirtualRegister(dst);
+}
 
 
-            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqualOrUnordered, fpRegT1, fpRegT0), target);
+void JIT::emitSlow_op_negate(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter); // 0x7fffffff check
+    linkSlowCase(iter); // double check
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_negate);
+    slowPathCall.call();
+}
 
 
-#if USE(JSVALUE64)
-            fail1.link(this);
-            fail2.link(this);
-            fail3.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2.link(this);
-            fail3.link(this);
-            fail4.link(this);
-#endif
-        }
+void JIT::emit_op_lshift(Instruction* currentInstruction)
+{
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
 
-        linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(Zero, regT0), target);
-    }
+    emitGetVirtualRegisters(op1, regT0, op2, regT2);
+    // FIXME: would we be better using 'emitJumpSlowCaseIfNotImmediateIntegers'? - we *probably* ought to be consistent.
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT2);
+    emitFastArithImmToInt(regT0);
+    emitFastArithImmToInt(regT2);
+    lshift32(regT2, regT0);
+    emitFastArithReTagImmediate(regT0, regT0);
+    emitPutVirtualRegister(result);
 }
 
 }
 
-void JIT::emit_op_jless(Instruction* currentInstruction)
+void JIT::emitSlow_op_lshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
-    unsigned target = currentInstruction[3].u.operand;
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_lshift);
+    slowPathCall.call();
+}
 
 
-    // We generate inline code for the following cases in the fast path:
-    // - int immediate to constant int immediate
-    // - constant int immediate to int immediate
-    // - int immediate to int immediate
+void JIT::emit_op_rshift(Instruction* currentInstruction)
+{
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
 
-    if (isOperandConstantImmediateChar(op1)) {
-        emitGetVirtualRegister(op2, regT0);
-        addSlowCase(emitJumpIfNotJSCell(regT0));
-        JumpList failures;
-        emitLoadCharacterString(regT0, regT0, failures);
-        addSlowCase(failures);
-        addJump(branch32(GreaterThan, regT0, Imm32(asString(getConstantOperand(op1))->tryGetValue()[0])), target);
-        return;
-    }
-    if (isOperandConstantImmediateChar(op2)) {
-        emitGetVirtualRegister(op1, regT0);
-        addSlowCase(emitJumpIfNotJSCell(regT0));
-        JumpList failures;
-        emitLoadCharacterString(regT0, regT0, failures);
-        addSlowCase(failures);
-        addJump(branch32(LessThan, regT0, Imm32(asString(getConstantOperand(op2))->tryGetValue()[0])), target);
-        return;
-    }
     if (isOperandConstantImmediateInt(op2)) {
     if (isOperandConstantImmediateInt(op2)) {
+        // isOperandConstantImmediateInt(op2) => 1 SlowCase
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-        int32_t op2imm = getConstantOperandImmediateInt(op2);
-#else
-        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
-#endif
-        addJump(branch32(LessThan, regT0, Imm32(op2imm)), target);
-    } else if (isOperandConstantImmediateInt(op1)) {
-        emitGetVirtualRegister(op2, regT1);
-        emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(JSVALUE64)
-        int32_t op1imm = getConstantOperandImmediateInt(op1);
-#else
-        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
-#endif
-        addJump(branch32(GreaterThan, regT1, Imm32(op1imm)), target);
+        // Mask with 0x1f as per ecma-262 11.7.2 step 7.
+        rshift32(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
     } else {
     } else {
-        emitGetVirtualRegisters(op1, regT0, op2, regT1);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT1);
-
-        addJump(branch32(LessThan, regT0, regT1), target);
+        emitGetVirtualRegisters(op1, regT0, op2, regT2);
+        if (supportsFloatingPointTruncate()) {
+            Jump lhsIsInt = emitJumpIfImmediateInteger(regT0);
+            // supportsFloatingPoint() && USE(JSVALUE64) => 3 SlowCases
+            addSlowCase(emitJumpIfNotImmediateNumber(regT0));
+            add64(tagTypeNumberRegister, regT0);
+            move64ToDouble(regT0, fpRegT0);
+            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
+            lhsIsInt.link(this);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
+        } else {
+            // !supportsFloatingPoint() => 2 SlowCases
+            emitJumpSlowCaseIfNotImmediateInteger(regT0);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
+        }
+        emitFastArithImmToInt(regT2);
+        rshift32(regT2, regT0);
     }
     }
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+    emitPutVirtualRegister(result);
 }
 
 }
 
-void JIT::emitSlow_op_jless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_rshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
-    unsigned target = currentInstruction[3].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
 
-    // We generate inline code for the following cases in the slow path:
-    // - floating-point number to constant int immediate
-    // - constant int immediate to floating-point number
-    // - floating-point number to floating-point number.
-    if (isOperandConstantImmediateChar(op1) || isOperandConstantImmediateChar(op2)) {
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(op1, regT0);
-        stubCall.addArgument(op2, regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
-        return;
-    }
-
-    if (isOperandConstantImmediateInt(op2)) {
+    if (isOperandConstantImmediateInt(op2))
         linkSlowCase(iter);
 
         linkSlowCase(iter);
 
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
-            addPtr(tagTypeNumberRegister, regT0);
-            movePtrToDouble(regT0, fpRegT0);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
-
-            Jump fail2 = checkStructure(regT0, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-#endif
-
-            int32_t op2imm = getConstantOperand(op2).asInt32();
-
-            move(Imm32(op2imm), regT1);
-            convertInt32ToDouble(regT1, fpRegT1);
-
-            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT0, fpRegT1), target);
-
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
-
-#if USE(JSVALUE64)
-            fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            fail2.link(this);
-#endif
+    else {
+        if (supportsFloatingPointTruncate()) {
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+        } else {
+            linkSlowCase(iter);
+            linkSlowCase(iter);
         }
         }
+    }
 
 
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
-
-    } else if (isOperandConstantImmediateInt(op1)) {
-        linkSlowCase(iter);
-
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1 = emitJumpIfNotJSCell(regT1);
-
-            Jump fail2 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
-
-            int32_t op1imm = getConstantOperand(op1).asInt32();
-
-            move(Imm32(op1imm), regT0);
-            convertInt32ToDouble(regT0, fpRegT0);
-
-            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT0, fpRegT1), target);
-
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
-
-#if USE(JSVALUE64)
-            fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1.link(this);
-            fail2.link(this);
-#endif
-        }
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_rshift);
+    slowPathCall.call();
+}
 
 
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
+void JIT::emit_op_urshift(Instruction* currentInstruction)
+{
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
 
+    if (isOperandConstantImmediateInt(op2)) {
+        // isOperandConstantImmediateInt(op2) => 1 SlowCase
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        // Mask with 0x1f as per ecma-262 11.7.2 step 7.
+        urshift32(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
     } else {
     } else {
-        linkSlowCase(iter);
-
-        if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
-            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
-            Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
-            Jump fail3 = emitJumpIfImmediateInteger(regT1);
-            addPtr(tagTypeNumberRegister, regT0);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT0, fpRegT0);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
-
-            Jump fail2;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2 = emitJumpIfNotJSCell(regT1);
-
-            Jump fail3 = checkStructure(regT0, m_globalData->numberStructure.get());
-            Jump fail4 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
-
-            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT0, fpRegT1), target);
-
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
-
-#if USE(JSVALUE64)
-            fail1.link(this);
-            fail2.link(this);
-            fail3.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2.link(this);
-            fail3.link(this);
-            fail4.link(this);
-#endif
+        emitGetVirtualRegisters(op1, regT0, op2, regT2);
+        if (supportsFloatingPointTruncate()) {
+            Jump lhsIsInt = emitJumpIfImmediateInteger(regT0);
+            // supportsFloatingPoint() && USE(JSVALUE64) => 3 SlowCases
+            addSlowCase(emitJumpIfNotImmediateNumber(regT0));
+            add64(tagTypeNumberRegister, regT0);
+            move64ToDouble(regT0, fpRegT0);
+            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
+            lhsIsInt.link(this);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
+        } else {
+            // !supportsFloatingPoint() => 2 SlowCases
+            emitJumpSlowCaseIfNotImmediateInteger(regT0);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
         }
         }
+        emitFastArithImmToInt(regT2);
+        urshift32(regT2, regT0);
+    }
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+    emitPutVirtualRegister(result);
+}
 
 
+void JIT::emitSlow_op_urshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2))
         linkSlowCase(iter);
         linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jless);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
+
+    else {
+        if (supportsFloatingPointTruncate()) {
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+        } else {
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+        }
     }
     }
+
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_urshift);
+    slowPathCall.call();
 }
 
 }
 
-void JIT::emit_op_jlesseq(Instruction* currentInstruction, bool invert)
+void JIT::emit_op_unsigned(Instruction* currentInstruction)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
-    unsigned target = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    
+    emitGetVirtualRegister(op1, regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    addSlowCase(branch32(LessThan, regT0, TrustedImm32(0)));
+    emitFastArithReTagImmediate(regT0, regT0);
+    emitPutVirtualRegister(result, regT0);
+}
+
+void JIT::emitSlow_op_unsigned(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_unsigned);
+    slowPathCall.call();
+}
 
 
+void JIT::emit_compareAndJump(OpcodeID, int op1, int op2, unsigned target, RelationalCondition condition)
+{
     // We generate inline code for the following cases in the fast path:
     // - int immediate to constant int immediate
     // - constant int immediate to int immediate
     // We generate inline code for the following cases in the fast path:
     // - int immediate to constant int immediate
     // - constant int immediate to int immediate
@@ -746,7 +395,7 @@ void JIT::emit_op_jlesseq(Instruction* currentInstruction, bool invert)
         JumpList failures;
         emitLoadCharacterString(regT0, regT0, failures);
         addSlowCase(failures);
         JumpList failures;
         emitLoadCharacterString(regT0, regT0, failures);
         addSlowCase(failures);
-        addJump(branch32(invert ? LessThan : GreaterThanOrEqual, regT0, Imm32(asString(getConstantOperand(op1))->tryGetValue()[0])), target);
+        addJump(branch32(commute(condition), regT0, Imm32(asString(getConstantOperand(op1))->tryGetValue()[0])), target);
         return;
     }
     if (isOperandConstantImmediateChar(op2)) {
         return;
     }
     if (isOperandConstantImmediateChar(op2)) {
@@ -755,57 +404,52 @@ void JIT::emit_op_jlesseq(Instruction* currentInstruction, bool invert)
         JumpList failures;
         emitLoadCharacterString(regT0, regT0, failures);
         addSlowCase(failures);
         JumpList failures;
         emitLoadCharacterString(regT0, regT0, failures);
         addSlowCase(failures);
-        addJump(branch32(invert ? GreaterThan : LessThanOrEqual, regT0, Imm32(asString(getConstantOperand(op2))->tryGetValue()[0])), target);
+        addJump(branch32(condition, regT0, Imm32(asString(getConstantOperand(op2))->tryGetValue()[0])), target);
         return;
     }
     if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         return;
     }
     if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
         int32_t op2imm = getConstantOperandImmediateInt(op2);
         int32_t op2imm = getConstantOperandImmediateInt(op2);
-#else
-        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
-#endif
-        addJump(branch32(invert ? GreaterThan : LessThanOrEqual, regT0, Imm32(op2imm)), target);
+        addJump(branch32(condition, regT0, Imm32(op2imm)), target);
     } else if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
     } else if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(JSVALUE64)
         int32_t op1imm = getConstantOperandImmediateInt(op1);
         int32_t op1imm = getConstantOperandImmediateInt(op1);
-#else
-        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
-#endif
-        addJump(branch32(invert ? LessThan : GreaterThanOrEqual, regT1, Imm32(op1imm)), target);
+        addJump(branch32(commute(condition), regT1, Imm32(op1imm)), target);
     } else {
         emitGetVirtualRegisters(op1, regT0, op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
 
     } else {
         emitGetVirtualRegisters(op1, regT0, op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
 
-        addJump(branch32(invert ? GreaterThan : LessThanOrEqual, regT0, regT1), target);
+        addJump(branch32(condition, regT0, regT1), target);
     }
 }
 
     }
 }
 
-void JIT::emitSlow_op_jlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter, bool invert)
+void JIT::emit_compareAndJumpSlow(int op1, int op2, unsigned target, DoubleCondition condition, size_t (JIT_OPERATION *operation)(ExecState*, EncodedJSValue, EncodedJSValue), bool invert, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned op1 = currentInstruction[1].u.operand;
-    unsigned op2 = currentInstruction[2].u.operand;
-    unsigned target = currentInstruction[3].u.operand;
-
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jlesseq), OPCODE_LENGTH_op_jlesseq_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jnless), OPCODE_LENGTH_op_jnless_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jnlesseq), OPCODE_LENGTH_op_jnlesseq_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jgreater), OPCODE_LENGTH_op_jgreater_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jgreatereq), OPCODE_LENGTH_op_jgreatereq_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jngreater), OPCODE_LENGTH_op_jngreater_equals_op_jless);
+    COMPILE_ASSERT(OPCODE_LENGTH(op_jless) == OPCODE_LENGTH(op_jngreatereq), OPCODE_LENGTH_op_jngreatereq_equals_op_jless);
+    
     // We generate inline code for the following cases in the slow path:
     // - floating-point number to constant int immediate
     // - constant int immediate to floating-point number
     // - floating-point number to floating-point number.
     // We generate inline code for the following cases in the slow path:
     // - floating-point number to constant int immediate
     // - constant int immediate to floating-point number
     // - floating-point number to floating-point number.
-
     if (isOperandConstantImmediateChar(op1) || isOperandConstantImmediateChar(op2)) {
         linkSlowCase(iter);
         linkSlowCase(iter);
         linkSlowCase(iter);
         linkSlowCase(iter);
     if (isOperandConstantImmediateChar(op1) || isOperandConstantImmediateChar(op2)) {
         linkSlowCase(iter);
         linkSlowCase(iter);
         linkSlowCase(iter);
         linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jlesseq);
-        stubCall.addArgument(op1, regT0);
-        stubCall.addArgument(op2, regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, regT0), target);
+
+        emitGetVirtualRegister(op1, argumentGPR0);
+        emitGetVirtualRegister(op2, argumentGPR1);
+        callOperation(operation, argumentGPR0, argumentGPR1);
+        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, returnValueGPR), target);
         return;
     }
 
         return;
     }
 
@@ -813,179 +457,98 @@ void JIT::emitSlow_op_jlesseq(Instruction* currentInstruction, Vector<SlowCaseEn
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
-            addPtr(tagTypeNumberRegister, regT0);
-            movePtrToDouble(regT0, fpRegT0);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
+            add64(tagTypeNumberRegister, regT0);
+            move64ToDouble(regT0, fpRegT0);
 
 
-            Jump fail2 = checkStructure(regT0, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-#endif
-
-            int32_t op2imm = getConstantOperand(op2).asInt32();;
+            int32_t op2imm = getConstantOperand(op2).asInt32();
 
             move(Imm32(op2imm), regT1);
             convertInt32ToDouble(regT1, fpRegT1);
 
 
             move(Imm32(op2imm), regT1);
             convertInt32ToDouble(regT1, fpRegT1);
 
-            emitJumpSlowToHot(branchDouble(invert ? DoubleLessThanOrUnordered : DoubleGreaterThanOrEqual, fpRegT1, fpRegT0), target);
+            emitJumpSlowToHot(branchDouble(condition, fpRegT0, fpRegT1), target);
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jless));
 
 
-#if USE(JSVALUE64)
             fail1.link(this);
             fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            fail2.link(this);
-#endif
         }
 
         }
 
-        JITStubCall stubCall(this, cti_op_jlesseq);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, regT0), target);
-
+        emitGetVirtualRegister(op2, regT1);
+        callOperation(operation, regT0, regT1);
+        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, returnValueGPR), target);
     } else if (isOperandConstantImmediateInt(op1)) {
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
     } else if (isOperandConstantImmediateInt(op1)) {
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
             Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1 = emitJumpIfNotJSCell(regT1);
-
-            Jump fail2 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
+            add64(tagTypeNumberRegister, regT1);
+            move64ToDouble(regT1, fpRegT1);
 
 
-            int32_t op1imm = getConstantOperand(op1).asInt32();;
+            int32_t op1imm = getConstantOperand(op1).asInt32();
 
             move(Imm32(op1imm), regT0);
             convertInt32ToDouble(regT0, fpRegT0);
 
 
             move(Imm32(op1imm), regT0);
             convertInt32ToDouble(regT0, fpRegT0);
 
-            emitJumpSlowToHot(branchDouble(invert ? DoubleLessThanOrUnordered : DoubleGreaterThanOrEqual, fpRegT1, fpRegT0), target);
+            emitJumpSlowToHot(branchDouble(condition, fpRegT0, fpRegT1), target);
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jless));
 
 
-#if USE(JSVALUE64)
             fail1.link(this);
             fail1.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail1.link(this);
-            fail2.link(this);
-#endif
         }
 
         }
 
-        JITStubCall stubCall(this, cti_op_jlesseq);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, regT0), target);
-
+        emitGetVirtualRegister(op1, regT2);
+        callOperation(operation, regT2, regT1);
+        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, returnValueGPR), target);
     } else {
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
     } else {
         linkSlowCase(iter);
 
         if (supportsFloatingPoint()) {
-#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
             Jump fail3 = emitJumpIfImmediateInteger(regT1);
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
             Jump fail3 = emitJumpIfImmediateInteger(regT1);
-            addPtr(tagTypeNumberRegister, regT0);
-            addPtr(tagTypeNumberRegister, regT1);
-            movePtrToDouble(regT0, fpRegT0);
-            movePtrToDouble(regT1, fpRegT1);
-#else
-            Jump fail1;
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1 = emitJumpIfNotJSCell(regT0);
-
-            Jump fail2;
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2 = emitJumpIfNotJSCell(regT1);
+            add64(tagTypeNumberRegister, regT0);
+            add64(tagTypeNumberRegister, regT1);
+            move64ToDouble(regT0, fpRegT0);
+            move64ToDouble(regT1, fpRegT1);
 
 
-            Jump fail3 = checkStructure(regT0, m_globalData->numberStructure.get());
-            Jump fail4 = checkStructure(regT1, m_globalData->numberStructure.get());
-            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-#endif
+            emitJumpSlowToHot(branchDouble(condition, fpRegT0, fpRegT1), target);
 
 
-            emitJumpSlowToHot(branchDouble(invert ? DoubleLessThanOrUnordered : DoubleGreaterThanOrEqual, fpRegT1, fpRegT0), target);
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jless));
 
 
-            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
-
-#if USE(JSVALUE64)
             fail1.link(this);
             fail2.link(this);
             fail3.link(this);
             fail1.link(this);
             fail2.link(this);
             fail3.link(this);
-#else
-            if (!m_codeBlock->isKnownNotImmediate(op1))
-                fail1.link(this);
-            if (!m_codeBlock->isKnownNotImmediate(op2))
-                fail2.link(this);
-            fail3.link(this);
-            fail4.link(this);
-#endif
         }
 
         linkSlowCase(iter);
         }
 
         linkSlowCase(iter);
-        JITStubCall stubCall(this, cti_op_jlesseq);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(regT1);
-        stubCall.call();
-        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, regT0), target);
+        callOperation(operation, regT0, regT1);
+        emitJumpSlowToHot(branchTest32(invert ? Zero : NonZero, returnValueGPR), target);
     }
 }
 
     }
 }
 
-void JIT::emit_op_jnlesseq(Instruction* currentInstruction)
-{
-    emit_op_jlesseq(currentInstruction, true);
-}
-
-void JIT::emitSlow_op_jnlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    emitSlow_op_jlesseq(currentInstruction, iter, true);
-}
-
 void JIT::emit_op_bitand(Instruction* currentInstruction)
 {
 void JIT::emit_op_bitand(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
     if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
 
     if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
         int32_t imm = getConstantOperandImmediateInt(op1);
         int32_t imm = getConstantOperandImmediateInt(op1);
-        andPtr(Imm32(imm), regT0);
+        and64(Imm32(imm), regT0);
         if (imm >= 0)
             emitFastArithIntToImmNoCheck(regT0, regT0);
         if (imm >= 0)
             emitFastArithIntToImmNoCheck(regT0, regT0);
-#else
-        andPtr(Imm32(static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)))), regT0);
-#endif
     } else if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
     } else if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
         int32_t imm = getConstantOperandImmediateInt(op2);
         int32_t imm = getConstantOperandImmediateInt(op2);
-        andPtr(Imm32(imm), regT0);
+        and64(Imm32(imm), regT0);
         if (imm >= 0)
             emitFastArithIntToImmNoCheck(regT0, regT0);
         if (imm >= 0)
             emitFastArithIntToImmNoCheck(regT0, regT0);
-#else
-        andPtr(Imm32(static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)))), regT0);
-#endif
     } else {
         emitGetVirtualRegisters(op1, regT0, op2, regT1);
     } else {
         emitGetVirtualRegisters(op1, regT0, op2, regT1);
-        andPtr(regT1, regT0);
+        and64(regT1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
     }
     emitPutVirtualRegister(result);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
     }
     emitPutVirtualRegister(result);
@@ -993,149 +556,48 @@ void JIT::emit_op_bitand(Instruction* currentInstruction)
 
 void JIT::emitSlow_op_bitand(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 
 void JIT::emitSlow_op_bitand(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    linkSlowCase(iter);
-    if (isOperandConstantImmediateInt(op1)) {
-        JITStubCall stubCall(this, cti_op_bitand);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT0);
-        stubCall.call(result);
-    } else if (isOperandConstantImmediateInt(op2)) {
-        JITStubCall stubCall(this, cti_op_bitand);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call(result);
-    } else {
-        JITStubCall stubCall(this, cti_op_bitand);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT1);
-        stubCall.call(result);
-    }
-}
-
-void JIT::emit_op_post_inc(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned srcDst = currentInstruction[2].u.operand;
-
-    emitGetVirtualRegister(srcDst, regT0);
-    move(regT0, regT1);
-    emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-    addSlowCase(branchAdd32(Overflow, Imm32(1), regT1));
-    emitFastArithIntToImmNoCheck(regT1, regT1);
-#else
-    addSlowCase(branchAdd32(Overflow, Imm32(1 << JSImmediate::IntegerPayloadShift), regT1));
-    signExtend32ToPtr(regT1, regT1);
-#endif
-    emitPutVirtualRegister(srcDst, regT1);
-    emitPutVirtualRegister(result);
-}
-
-void JIT::emitSlow_op_post_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned srcDst = currentInstruction[2].u.operand;
-
-    linkSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, cti_op_post_inc);
-    stubCall.addArgument(regT0);
-    stubCall.addArgument(Imm32(srcDst));
-    stubCall.call(result);
-}
-
-void JIT::emit_op_post_dec(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned srcDst = currentInstruction[2].u.operand;
-
-    emitGetVirtualRegister(srcDst, regT0);
-    move(regT0, regT1);
-    emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-    addSlowCase(branchSub32(Zero, Imm32(1), regT1));
-    emitFastArithIntToImmNoCheck(regT1, regT1);
-#else
-    addSlowCase(branchSub32(Zero, Imm32(1 << JSImmediate::IntegerPayloadShift), regT1));
-    signExtend32ToPtr(regT1, regT1);
-#endif
-    emitPutVirtualRegister(srcDst, regT1);
-    emitPutVirtualRegister(result);
-}
-
-void JIT::emitSlow_op_post_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned srcDst = currentInstruction[2].u.operand;
 
 
-    linkSlowCase(iter);
-    linkSlowCase(iter);
-    JITStubCall stubCall(this, cti_op_post_dec);
-    stubCall.addArgument(regT0);
-    stubCall.addArgument(Imm32(srcDst));
-    stubCall.call(result);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_bitand);
+    slowPathCall.call();
 }
 
 }
 
-void JIT::emit_op_pre_inc(Instruction* currentInstruction)
+void JIT::emit_op_inc(Instruction* currentInstruction)
 {
 {
-    unsigned srcDst = currentInstruction[1].u.operand;
+    int srcDst = currentInstruction[1].u.operand;
 
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
 
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    addSlowCase(branchAdd32(Overflow, TrustedImm32(1), regT0));
     emitFastArithIntToImmNoCheck(regT0, regT0);
     emitFastArithIntToImmNoCheck(regT0, regT0);
-#else
-    addSlowCase(branchAdd32(Overflow, Imm32(1 << JSImmediate::IntegerPayloadShift), regT0));
-    signExtend32ToPtr(regT0, regT0);
-#endif
     emitPutVirtualRegister(srcDst);
 }
 
     emitPutVirtualRegister(srcDst);
 }
 
-void JIT::emitSlow_op_pre_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned srcDst = currentInstruction[1].u.operand;
-
-    Jump notImm = getSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
-    emitGetVirtualRegister(srcDst, regT0);
-    notImm.link(this);
-    JITStubCall stubCall(this, cti_op_pre_inc);
-    stubCall.addArgument(regT0);
-    stubCall.call(srcDst);
+    linkSlowCase(iter);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_inc);
+    slowPathCall.call();
 }
 
 }
 
-void JIT::emit_op_pre_dec(Instruction* currentInstruction)
+void JIT::emit_op_dec(Instruction* currentInstruction)
 {
 {
-    unsigned srcDst = currentInstruction[1].u.operand;
+    int srcDst = currentInstruction[1].u.operand;
 
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
 
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(JSVALUE64)
-    addSlowCase(branchSub32(Zero, Imm32(1), regT0));
+    addSlowCase(branchSub32(Overflow, TrustedImm32(1), regT0));
     emitFastArithIntToImmNoCheck(regT0, regT0);
     emitFastArithIntToImmNoCheck(regT0, regT0);
-#else
-    addSlowCase(branchSub32(Zero, Imm32(1 << JSImmediate::IntegerPayloadShift), regT0));
-    signExtend32ToPtr(regT0, regT0);
-#endif
     emitPutVirtualRegister(srcDst);
 }
 
     emitPutVirtualRegister(srcDst);
 }
 
-void JIT::emitSlow_op_pre_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 {
-    unsigned srcDst = currentInstruction[1].u.operand;
-
-    Jump notImm = getSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
-    emitGetVirtualRegister(srcDst, regT0);
-    notImm.link(this);
-    JITStubCall stubCall(this, cti_op_pre_dec);
-    stubCall.addArgument(regT0);
-    stubCall.call(srcDst);
+    linkSlowCase(iter);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_dec);
+    slowPathCall.call();
 }
 
 /* ------------------------------ BEGIN: OP_MOD ------------------------------ */
 }
 
 /* ------------------------------ BEGIN: OP_MOD ------------------------------ */
@@ -1144,124 +606,106 @@ void JIT::emitSlow_op_pre_dec(Instruction* currentInstruction, Vector<SlowCaseEn
 
 void JIT::emit_op_mod(Instruction* currentInstruction)
 {
 
 void JIT::emit_op_mod(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
 
 
-    emitGetVirtualRegisters(op1, X86Registers::eax, op2, X86Registers::ecx);
-    emitJumpSlowCaseIfNotImmediateInteger(X86Registers::eax);
-    emitJumpSlowCaseIfNotImmediateInteger(X86Registers::ecx);
-#if USE(JSVALUE64)
-    addSlowCase(branchPtr(Equal, X86Registers::ecx, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0)))));
-    m_assembler.cdq();
-    m_assembler.idivl_r(X86Registers::ecx);
-#else
-    emitFastArithDeTagImmediate(X86Registers::eax);
-    addSlowCase(emitFastArithDeTagImmediateJumpIfZero(X86Registers::ecx));
+    // Make sure registers are correct for x86 IDIV instructions.
+    ASSERT(regT0 == X86Registers::eax);
+    ASSERT(regT1 == X86Registers::edx);
+    ASSERT(regT2 == X86Registers::ecx);
+
+    emitGetVirtualRegisters(op1, regT3, op2, regT2);
+    emitJumpSlowCaseIfNotImmediateInteger(regT3);
+    emitJumpSlowCaseIfNotImmediateInteger(regT2);
+
+    move(regT3, regT0);
+    addSlowCase(branchTest32(Zero, regT2));
+    Jump denominatorNotNeg1 = branch32(NotEqual, regT2, TrustedImm32(-1));
+    addSlowCase(branch32(Equal, regT0, TrustedImm32(-2147483647-1)));
+    denominatorNotNeg1.link(this);
     m_assembler.cdq();
     m_assembler.cdq();
-    m_assembler.idivl_r(X86Registers::ecx);
-    signExtend32ToPtr(X86Registers::edx, X86Registers::edx);
-#endif
-    emitFastArithReTagImmediate(X86Registers::edx, X86Registers::eax);
+    m_assembler.idivl_r(regT2);
+    Jump numeratorPositive = branch32(GreaterThanOrEqual, regT3, TrustedImm32(0));
+    addSlowCase(branchTest32(Zero, regT1));
+    numeratorPositive.link(this);
+    emitFastArithReTagImmediate(regT1, regT0);
     emitPutVirtualRegister(result);
 }
 
 void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
     emitPutVirtualRegister(result);
 }
 
 void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-
-#if USE(JSVALUE64)
     linkSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
-#else
-    Jump notImm1 = getSlowCase(iter);
-    Jump notImm2 = getSlowCase(iter);
     linkSlowCase(iter);
     linkSlowCase(iter);
-    emitFastArithReTagImmediate(X86Registers::eax, X86Registers::eax);
-    emitFastArithReTagImmediate(X86Registers::ecx, X86Registers::ecx);
-    notImm1.link(this);
-    notImm2.link(this);
-#endif
-    JITStubCall stubCall(this, cti_op_mod);
-    stubCall.addArgument(X86Registers::eax);
-    stubCall.addArgument(X86Registers::ecx);
-    stubCall.call(result);
+    linkSlowCase(iter);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mod);
+    slowPathCall.call();
 }
 
 #else // CPU(X86) || CPU(X86_64)
 
 void JIT::emit_op_mod(Instruction* currentInstruction)
 {
 }
 
 #else // CPU(X86) || CPU(X86_64)
 
 void JIT::emit_op_mod(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-#if ENABLE(JIT_OPTIMIZE_MOD)
-    emitGetVirtualRegisters(op1, regT0, op2, regT2);
-    emitJumpSlowCaseIfNotImmediateInteger(regT0);
-    emitJumpSlowCaseIfNotImmediateInteger(regT2);
-
-    addSlowCase(branch32(Equal, regT2, Imm32(1)));
-
-    emitNakedCall(m_globalData->jitStubs.ctiSoftModulo());
-
-    emitPutVirtualRegister(result, regT0);
-#else
-    JITStubCall stubCall(this, cti_op_mod);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
-#endif
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mod);
+    slowPathCall.call();
 }
 
 }
 
-void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&)
 {
 {
-#if ENABLE(JIT_OPTIMIZE_MOD)
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-    linkSlowCase(iter);
-    linkSlowCase(iter);
-    linkSlowCase(iter);
-    JITStubCall stubCall(this, cti_op_mod);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
-#else
-    ASSERT_NOT_REACHED();
-#endif
+    UNREACHABLE_FOR_PLATFORM();
 }
 
 #endif // CPU(X86) || CPU(X86_64)
 
 /* ------------------------------ END: OP_MOD ------------------------------ */
 
 }
 
 #endif // CPU(X86) || CPU(X86_64)
 
 /* ------------------------------ END: OP_MOD ------------------------------ */
 
-#if USE(JSVALUE64)
-
 /* ------------------------------ BEGIN: USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
 
 /* ------------------------------ BEGIN: USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
 
-void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned, unsigned op1, unsigned op2, OperandTypes)
+void JIT::compileBinaryArithOp(OpcodeID opcodeID, int, int op1, int op2, OperandTypes)
 {
     emitGetVirtualRegisters(op1, regT0, op2, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT1);
 {
     emitGetVirtualRegisters(op1, regT0, op2, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT1);
+    RareCaseProfile* profile = m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
     if (opcodeID == op_add)
         addSlowCase(branchAdd32(Overflow, regT1, regT0));
     else if (opcodeID == op_sub)
         addSlowCase(branchSub32(Overflow, regT1, regT0));
     else {
         ASSERT(opcodeID == op_mul);
     if (opcodeID == op_add)
         addSlowCase(branchAdd32(Overflow, regT1, regT0));
     else if (opcodeID == op_sub)
         addSlowCase(branchSub32(Overflow, regT1, regT0));
     else {
         ASSERT(opcodeID == op_mul);
-        addSlowCase(branchMul32(Overflow, regT1, regT0));
-        addSlowCase(branchTest32(Zero, regT0));
+        if (shouldEmitProfiling()) {
+            // We want to be able to measure if this is taking the slow case just
+            // because of negative zero. If this produces positive zero, then we
+            // don't want the slow case to be taken because that will throw off
+            // speculative compilation.
+            move(regT0, regT2);
+            addSlowCase(branchMul32(Overflow, regT1, regT2));
+            JumpList done;
+            done.append(branchTest32(NonZero, regT2));
+            Jump negativeZero = branch32(LessThan, regT0, TrustedImm32(0));
+            done.append(branch32(GreaterThanOrEqual, regT1, TrustedImm32(0)));
+            negativeZero.link(this);
+            // We only get here if we have a genuine negative zero. Record this,
+            // so that the speculative JIT knows that we failed speculation
+            // because of a negative zero.
+            add32(TrustedImm32(1), AbsoluteAddress(&profile->m_counter));
+            addSlowCase(jump());
+            done.link(this);
+            move(regT2, regT0);
+        } else {
+            addSlowCase(branchMul32(Overflow, regT1, regT0));
+            addSlowCase(branchTest32(Zero, regT0));
+        }
     }
     emitFastArithIntToImmNoCheck(regT0, regT0);
 }
 
     }
     emitFastArithIntToImmNoCheck(regT0, regT0);
 }
 
-void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, unsigned result, unsigned op1, unsigned op2, OperandTypes types, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase)
+void JIT::compileBinaryArithOpSlowCase(Instruction* currentInstruction, OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, int result, int op1, int op2, OperandTypes types, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase)
 {
     // We assume that subtracting TagTypeNumber is equivalent to adding DoubleEncodeOffset.
 {
     // We assume that subtracting TagTypeNumber is equivalent to adding DoubleEncodeOffset.
-    COMPILE_ASSERT(((JSImmediate::TagTypeNumber + JSImmediate::DoubleEncodeOffset) == 0), TagTypeNumber_PLUS_DoubleEncodeOffset_EQUALS_0);
+    COMPILE_ASSERT(((TagTypeNumber + DoubleEncodeOffset) == 0), TagTypeNumber_PLUS_DoubleEncodeOffset_EQUALS_0);
 
     Jump notImm1;
     Jump notImm2;
 
     Jump notImm1;
     Jump notImm2;
@@ -1277,17 +721,11 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
     linkSlowCase(iter); // Integer overflow case - we could handle this in JIT code, but this is likely rare.
     if (opcodeID == op_mul && !op1HasImmediateIntFastCase && !op2HasImmediateIntFastCase) // op_mul has an extra slow case to handle 0 * negative number.
         linkSlowCase(iter);
     linkSlowCase(iter); // Integer overflow case - we could handle this in JIT code, but this is likely rare.
     if (opcodeID == op_mul && !op1HasImmediateIntFastCase && !op2HasImmediateIntFastCase) // op_mul has an extra slow case to handle 0 * negative number.
         linkSlowCase(iter);
-    emitGetVirtualRegister(op1, regT0);
 
     Label stubFunctionCall(this);
 
     Label stubFunctionCall(this);
-    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
-    if (op1HasImmediateIntFastCase || op2HasImmediateIntFastCase) {
-        emitGetVirtualRegister(op1, regT0);
-        emitGetVirtualRegister(op2, regT1);
-    }
-    stubCall.addArgument(regT0);
-    stubCall.addArgument(regT1);
-    stubCall.call(result);
+
+    JITSlowPathCall slowPathCall(this, currentInstruction, opcodeID == op_add ? slow_path_add : opcodeID == op_sub ? slow_path_sub : slow_path_mul);
+    slowPathCall.call();
     Jump end = jump();
 
     if (op1HasImmediateIntFastCase) {
     Jump end = jump();
 
     if (op1HasImmediateIntFastCase) {
@@ -1296,16 +734,16 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         emitGetVirtualRegister(op1, regT1);
         convertInt32ToDouble(regT1, fpRegT1);
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         emitGetVirtualRegister(op1, regT1);
         convertInt32ToDouble(regT1, fpRegT1);
-        addPtr(tagTypeNumberRegister, regT0);
-        movePtrToDouble(regT0, fpRegT2);
+        add64(tagTypeNumberRegister, regT0);
+        move64ToDouble(regT0, fpRegT2);
     } else if (op2HasImmediateIntFastCase) {
         notImm1.link(this);
         if (!types.first().definitelyIsNumber())
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         emitGetVirtualRegister(op2, regT1);
         convertInt32ToDouble(regT1, fpRegT1);
     } else if (op2HasImmediateIntFastCase) {
         notImm1.link(this);
         if (!types.first().definitelyIsNumber())
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         emitGetVirtualRegister(op2, regT1);
         convertInt32ToDouble(regT1, fpRegT1);
-        addPtr(tagTypeNumberRegister, regT0);
-        movePtrToDouble(regT0, fpRegT2);
+        add64(tagTypeNumberRegister, regT0);
+        move64ToDouble(regT0, fpRegT2);
     } else {
         // if we get here, eax is not an int32, edx not yet checked.
         notImm1.link(this);
     } else {
         // if we get here, eax is not an int32, edx not yet checked.
         notImm1.link(this);
@@ -1313,8 +751,8 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         if (!types.second().definitelyIsNumber())
             emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
             emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
         if (!types.second().definitelyIsNumber())
             emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
-        addPtr(tagTypeNumberRegister, regT0);
-        movePtrToDouble(regT0, fpRegT1);
+        add64(tagTypeNumberRegister, regT0);
+        move64ToDouble(regT0, fpRegT1);
         Jump op2isDouble = emitJumpIfNotImmediateInteger(regT1);
         convertInt32ToDouble(regT1, fpRegT2);
         Jump op2wasInteger = jump();
         Jump op2isDouble = emitJumpIfNotImmediateInteger(regT1);
         convertInt32ToDouble(regT1, fpRegT2);
         Jump op2wasInteger = jump();
@@ -1325,8 +763,8 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
             emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
         convertInt32ToDouble(regT0, fpRegT1);
         op2isDouble.link(this);
             emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
         convertInt32ToDouble(regT0, fpRegT1);
         op2isDouble.link(this);
-        addPtr(tagTypeNumberRegister, regT1);
-        movePtrToDouble(regT1, fpRegT2);
+        add64(tagTypeNumberRegister, regT1);
+        move64ToDouble(regT1, fpRegT2);
         op2wasInteger.link(this);
     }
 
         op2wasInteger.link(this);
     }
 
@@ -1340,8 +778,8 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
         ASSERT(opcodeID == op_div);
         divDouble(fpRegT2, fpRegT1);
     }
         ASSERT(opcodeID == op_div);
         divDouble(fpRegT2, fpRegT1);
     }
-    moveDoubleToPtr(fpRegT1, regT0);
-    subPtr(tagTypeNumberRegister, regT0);
+    moveDoubleTo64(fpRegT1, regT0);
+    sub64(tagTypeNumberRegister, regT0);
     emitPutVirtualRegister(result, regT0);
 
     end.link(this);
     emitPutVirtualRegister(result, regT0);
 
     end.link(this);
@@ -1349,29 +787,28 @@ void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>:
 
 void JIT::emit_op_add(Instruction* currentInstruction)
 {
 
 void JIT::emit_op_add(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        JITStubCall stubCall(this, cti_op_add);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call(result);
+        addSlowCase();
+        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_add);
+        slowPathCall.call();
         return;
     }
 
     if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         return;
     }
 
     if (isOperandConstantImmediateInt(op1)) {
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op1)), regT0));
-        emitFastArithIntToImmNoCheck(regT0, regT0);
+        addSlowCase(branchAdd32(Overflow, regT0, Imm32(getConstantOperandImmediateInt(op1)), regT1));
+        emitFastArithIntToImmNoCheck(regT1, regT0);
     } else if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
     } else if (isOperandConstantImmediateInt(op2)) {
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op2)), regT0));
-        emitFastArithIntToImmNoCheck(regT0, regT0);
+        addSlowCase(branchAdd32(Overflow, regT0, Imm32(getConstantOperandImmediateInt(op2)), regT1));
+        emitFastArithIntToImmNoCheck(regT1, regT0);
     } else
         compileBinaryArithOp(op_add, result, op1, op2, types);
 
     } else
         compileBinaryArithOp(op_add, result, op1, op2, types);
 
@@ -1380,38 +817,44 @@ void JIT::emit_op_add(Instruction* currentInstruction)
 
 void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 
 void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
-    if (!types.first().mightBeNumber() || !types.second().mightBeNumber())
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
+        linkDummySlowCase(iter);
         return;
         return;
+    }
 
     bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1);
     bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2);
 
     bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1);
     bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2);
-    compileBinaryArithOpSlowCase(op_add, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand), op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
+    compileBinaryArithOpSlowCase(currentInstruction, op_add, iter, result, op1, op2, types, op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
 }
 
 void JIT::emit_op_mul(Instruction* currentInstruction)
 {
 }
 
 void JIT::emit_op_mul(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     // For now, only plant a fast int case if the constant operand is greater than zero.
     int32_t value;
     if (isOperandConstantImmediateInt(op1) && ((value = getConstantOperandImmediateInt(op1)) > 0)) {
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     // For now, only plant a fast int case if the constant operand is greater than zero.
     int32_t value;
     if (isOperandConstantImmediateInt(op1) && ((value = getConstantOperandImmediateInt(op1)) > 0)) {
+        // Add a special fast case profile because the DFG JIT will expect one.
+        m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
-        emitFastArithReTagImmediate(regT0, regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT1));
+        emitFastArithReTagImmediate(regT1, regT0);
     } else if (isOperandConstantImmediateInt(op2) && ((value = getConstantOperandImmediateInt(op2)) > 0)) {
     } else if (isOperandConstantImmediateInt(op2) && ((value = getConstantOperandImmediateInt(op2)) > 0)) {
+        // Add a special fast case profile because the DFG JIT will expect one.
+        m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
-        emitFastArithReTagImmediate(regT0, regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT1));
+        emitFastArithReTagImmediate(regT1, regT0);
     } else
         compileBinaryArithOp(op_mul, result, op1, op2, types);
 
     } else
         compileBinaryArithOp(op_mul, result, op1, op2, types);
 
@@ -1420,27 +863,27 @@ void JIT::emit_op_mul(Instruction* currentInstruction)
 
 void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 
 void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1) && getConstantOperandImmediateInt(op1) > 0;
     bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2) && getConstantOperandImmediateInt(op2) > 0;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1) && getConstantOperandImmediateInt(op1) > 0;
     bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2) && getConstantOperandImmediateInt(op2) > 0;
-    compileBinaryArithOpSlowCase(op_mul, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand), op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
+    compileBinaryArithOpSlowCase(currentInstruction, op_mul, iter, result, op1, op2, types, op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
 }
 
 void JIT::emit_op_div(Instruction* currentInstruction)
 {
 }
 
 void JIT::emit_op_div(Instruction* currentInstruction)
 {
-    unsigned dst = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int dst = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (isOperandConstantImmediateDouble(op1)) {
         emitGetVirtualRegister(op1, regT0);
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (isOperandConstantImmediateDouble(op1)) {
         emitGetVirtualRegister(op1, regT0);
-        addPtr(tagTypeNumberRegister, regT0);
-        movePtrToDouble(regT0, fpRegT0);
+        add64(tagTypeNumberRegister, regT0);
+        move64ToDouble(regT0, fpRegT0);
     } else if (isOperandConstantImmediateInt(op1)) {
         emitLoadInt32ToDouble(op1, fpRegT0);
     } else {
     } else if (isOperandConstantImmediateInt(op1)) {
         emitLoadInt32ToDouble(op1, fpRegT0);
     } else {
@@ -1451,15 +894,15 @@ void JIT::emit_op_div(Instruction* currentInstruction)
         convertInt32ToDouble(regT0, fpRegT0);
         Jump skipDoubleLoad = jump();
         notInt.link(this);
         convertInt32ToDouble(regT0, fpRegT0);
         Jump skipDoubleLoad = jump();
         notInt.link(this);
-        addPtr(tagTypeNumberRegister, regT0);
-        movePtrToDouble(regT0, fpRegT0);
+        add64(tagTypeNumberRegister, regT0);
+        move64ToDouble(regT0, fpRegT0);
         skipDoubleLoad.link(this);
     }
 
     if (isOperandConstantImmediateDouble(op2)) {
         emitGetVirtualRegister(op2, regT1);
         skipDoubleLoad.link(this);
     }
 
     if (isOperandConstantImmediateDouble(op2)) {
         emitGetVirtualRegister(op2, regT1);
-        addPtr(tagTypeNumberRegister, regT1);
-        movePtrToDouble(regT1, fpRegT1);
+        add64(tagTypeNumberRegister, regT1);
+        move64ToDouble(regT1, fpRegT1);
     } else if (isOperandConstantImmediateInt(op2)) {
         emitLoadInt32ToDouble(op2, fpRegT1);
     } else {
     } else if (isOperandConstantImmediateInt(op2)) {
         emitLoadInt32ToDouble(op2, fpRegT1);
     } else {
@@ -1470,29 +913,50 @@ void JIT::emit_op_div(Instruction* currentInstruction)
         convertInt32ToDouble(regT1, fpRegT1);
         Jump skipDoubleLoad = jump();
         notInt.link(this);
         convertInt32ToDouble(regT1, fpRegT1);
         Jump skipDoubleLoad = jump();
         notInt.link(this);
-        addPtr(tagTypeNumberRegister, regT1);
-        movePtrToDouble(regT1, fpRegT1);
+        add64(tagTypeNumberRegister, regT1);
+        move64ToDouble(regT1, fpRegT1);
         skipDoubleLoad.link(this);
     }
     divDouble(fpRegT1, fpRegT0);
         skipDoubleLoad.link(this);
     }
     divDouble(fpRegT1, fpRegT0);
-
-    // Double result.
-    moveDoubleToPtr(fpRegT0, regT0);
-    subPtr(tagTypeNumberRegister, regT0);
+    
+    // Is the result actually an integer? The DFG JIT would really like to know. If it's
+    // not an integer, we increment a count. If this together with the slow case counter
+    // are below threshold then the DFG JIT will compile this division with a specualtion
+    // that the remainder is zero.
+    
+    // As well, there are cases where a double result here would cause an important field
+    // in the heap to sometimes have doubles in it, resulting in double predictions getting
+    // propagated to a use site where it might cause damage (such as the index to an array
+    // access). So if we are DFG compiling anything in the program, we want this code to
+    // ensure that it produces integers whenever possible.
+    
+    JumpList notInteger;
+    branchConvertDoubleToInt32(fpRegT0, regT0, notInteger, fpRegT1);
+    // If we've got an integer, we might as well make that the result of the division.
+    emitFastArithReTagImmediate(regT0, regT0);
+    Jump isInteger = jump();
+    notInteger.link(this);
+    moveDoubleTo64(fpRegT0, regT0);
+    Jump doubleZero = branchTest64(Zero, regT0);
+    add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter));
+    sub64(tagTypeNumberRegister, regT0);
+    Jump trueDouble = jump();
+    doubleZero.link(this);
+    move(tagTypeNumberRegister, regT0);
+    trueDouble.link(this);
+    isInteger.link(this);
 
     emitPutVirtualRegister(dst, regT0);
 }
 
 void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 
     emitPutVirtualRegister(dst, regT0);
 }
 
 void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
     if (types.first().definitelyIsNumber() && types.second().definitelyIsNumber()) {
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
     if (types.first().definitelyIsNumber() && types.second().definitelyIsNumber()) {
-#ifndef NDEBUG
-        breakpoint();
-#endif
+        if (!ASSERT_DISABLED)
+            abortWithReason(JITDivOperandsAreNotNumbers);
         return;
     }
     if (!isOperandConstantImmediateDouble(op1) && !isOperandConstantImmediateInt(op1)) {
         return;
     }
     if (!isOperandConstantImmediateDouble(op1) && !isOperandConstantImmediateInt(op1)) {
@@ -1504,17 +968,15 @@ void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>
             linkSlowCase(iter);
     }
     // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
             linkSlowCase(iter);
     }
     // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
-    JITStubCall stubCall(this, cti_op_div);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_div);
+    slowPathCall.call();
 }
 
 void JIT::emit_op_sub(Instruction* currentInstruction)
 {
 }
 
 void JIT::emit_op_sub(Instruction* currentInstruction)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     compileBinaryArithOp(op_sub, result, op1, op2, types);
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     compileBinaryArithOp(op_sub, result, op1, op2, types);
@@ -1523,318 +985,17 @@ void JIT::emit_op_sub(Instruction* currentInstruction)
 
 void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
 
 void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-
-    compileBinaryArithOpSlowCase(op_sub, iter, result, op1, op2, types, false, false);
-}
-
-#else // USE(JSVALUE64)
-
-/* ------------------------------ BEGIN: !USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
-
-void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes types)
-{
-    Structure* numberStructure = m_globalData->numberStructure.get();
-    Jump wasJSNumberCell1;
-    Jump wasJSNumberCell2;
-
-    emitGetVirtualRegisters(src1, regT0, src2, regT1);
-
-    if (types.second().isReusable() && supportsFloatingPoint()) {
-        ASSERT(types.second().mightBeNumber());
-
-        // Check op2 is a number
-        Jump op2imm = emitJumpIfImmediateInteger(regT1);
-        if (!types.second().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(regT1, src2);
-            addSlowCase(checkStructure(regT1, numberStructure));
-        }
-
-        // (1) In this case src2 is a reusable number cell.
-        //     Slow case if src1 is not a number type.
-        Jump op1imm = emitJumpIfImmediateInteger(regT0);
-        if (!types.first().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(regT0, src1);
-            addSlowCase(checkStructure(regT0, numberStructure));
-        }
-
-        // (1a) if we get here, src1 is also a number cell
-        loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-        Jump loadedDouble = jump();
-        // (1b) if we get here, src1 is an immediate
-        op1imm.link(this);
-        emitFastArithImmToInt(regT0);
-        convertInt32ToDouble(regT0, fpRegT0);
-        // (1c)
-        loadedDouble.link(this);
-        if (opcodeID == op_add)
-            addDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-        else if (opcodeID == op_sub)
-            subDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-        else {
-            ASSERT(opcodeID == op_mul);
-            mulDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-        }
-
-        // Store the result to the JSNumberCell and jump.
-        storeDouble(fpRegT0, Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)));
-        move(regT1, regT0);
-        emitPutVirtualRegister(dst);
-        wasJSNumberCell2 = jump();
-
-        // (2) This handles cases where src2 is an immediate number.
-        //     Two slow cases - either src1 isn't an immediate, or the subtract overflows.
-        op2imm.link(this);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-    } else if (types.first().isReusable() && supportsFloatingPoint()) {
-        ASSERT(types.first().mightBeNumber());
-
-        // Check op1 is a number
-        Jump op1imm = emitJumpIfImmediateInteger(regT0);
-        if (!types.first().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(regT0, src1);
-            addSlowCase(checkStructure(regT0, numberStructure));
-        }
-
-        // (1) In this case src1 is a reusable number cell.
-        //     Slow case if src2 is not a number type.
-        Jump op2imm = emitJumpIfImmediateInteger(regT1);
-        if (!types.second().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(regT1, src2);
-            addSlowCase(checkStructure(regT1, numberStructure));
-        }
-
-        // (1a) if we get here, src2 is also a number cell
-        loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
-        Jump loadedDouble = jump();
-        // (1b) if we get here, src2 is an immediate
-        op2imm.link(this);
-        emitFastArithImmToInt(regT1);
-        convertInt32ToDouble(regT1, fpRegT1);
-        // (1c)
-        loadedDouble.link(this);
-        loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
-        if (opcodeID == op_add)
-            addDouble(fpRegT1, fpRegT0);
-        else if (opcodeID == op_sub)
-            subDouble(fpRegT1, fpRegT0);
-        else {
-            ASSERT(opcodeID == op_mul);
-            mulDouble(fpRegT1, fpRegT0);
-        }
-        storeDouble(fpRegT0, Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)));
-        emitPutVirtualRegister(dst);
-
-        // Store the result to the JSNumberCell and jump.
-        storeDouble(fpRegT0, Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)));
-        emitPutVirtualRegister(dst);
-        wasJSNumberCell1 = jump();
-
-        // (2) This handles cases where src1 is an immediate number.
-        //     Two slow cases - either src2 isn't an immediate, or the subtract overflows.
-        op1imm.link(this);
-        emitJumpSlowCaseIfNotImmediateInteger(regT1);
-    } else
-        emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
-
-    if (opcodeID == op_add) {
-        emitFastArithDeTagImmediate(regT0);
-        addSlowCase(branchAdd32(Overflow, regT1, regT0));
-    } else  if (opcodeID == op_sub) {
-        addSlowCase(branchSub32(Overflow, regT1, regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitFastArithReTagImmediate(regT0, regT0);
-    } else {
-        ASSERT(opcodeID == op_mul);
-        // convert eax & edx from JSImmediates to ints, and check if either are zero
-        emitFastArithImmToInt(regT1);
-        Jump op1Zero = emitFastArithDeTagImmediateJumpIfZero(regT0);
-        Jump op2NonZero = branchTest32(NonZero, regT1);
-        op1Zero.link(this);
-        // if either input is zero, add the two together, and check if the result is < 0.
-        // If it is, we have a problem (N < 0), (N * 0) == -0, not representatble as a JSImmediate.
-        move(regT0, regT2);
-        addSlowCase(branchAdd32(Signed, regT1, regT2));
-        // Skip the above check if neither input is zero
-        op2NonZero.link(this);
-        addSlowCase(branchMul32(Overflow, regT1, regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitFastArithReTagImmediate(regT0, regT0);
-    }
-    emitPutVirtualRegister(dst);
-
-    if (types.second().isReusable() && supportsFloatingPoint())
-        wasJSNumberCell2.link(this);
-    else if (types.first().isReusable() && supportsFloatingPoint())
-        wasJSNumberCell1.link(this);
-}
-
-void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, unsigned dst, unsigned src1, unsigned src2, OperandTypes types)
-{
-    linkSlowCase(iter);
-    if (types.second().isReusable() && supportsFloatingPoint()) {
-        if (!types.first().definitelyIsNumber()) {
-            linkSlowCaseIfNotJSCell(iter, src1);
-            linkSlowCase(iter);
-        }
-        if (!types.second().definitelyIsNumber()) {
-            linkSlowCaseIfNotJSCell(iter, src2);
-            linkSlowCase(iter);
-        }
-    } else if (types.first().isReusable() && supportsFloatingPoint()) {
-        if (!types.first().definitelyIsNumber()) {
-            linkSlowCaseIfNotJSCell(iter, src1);
-            linkSlowCase(iter);
-        }
-        if (!types.second().definitelyIsNumber()) {
-            linkSlowCaseIfNotJSCell(iter, src2);
-            linkSlowCase(iter);
-        }
-    }
-    linkSlowCase(iter);
-
-    // additional entry point to handle -0 cases.
-    if (opcodeID == op_mul)
-        linkSlowCase(iter);
-
-    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
-    stubCall.addArgument(src1, regT2);
-    stubCall.addArgument(src2, regT2);
-    stubCall.call(dst);
-}
-
-void JIT::emit_op_add(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-
-    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        JITStubCall stubCall(this, cti_op_add);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call(result);
-        return;
-    }
-
-    if (isOperandConstantImmediateInt(op1)) {
-        emitGetVirtualRegister(op2, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op1) << JSImmediate::IntegerPayloadShift), regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitPutVirtualRegister(result);
-    } else if (isOperandConstantImmediateInt(op2)) {
-        emitGetVirtualRegister(op1, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op2) << JSImmediate::IntegerPayloadShift), regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitPutVirtualRegister(result);
-    } else {
-        compileBinaryArithOp(op_add, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
-    }
-}
-
-void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-    if (!types.first().mightBeNumber() || !types.second().mightBeNumber())
-        return;
-
-    if (isOperandConstantImmediateInt(op1)) {
-        Jump notImm = getSlowCase(iter);
-        linkSlowCase(iter);
-        sub32(Imm32(getConstantOperandImmediateInt(op1) << JSImmediate::IntegerPayloadShift), regT0);
-        notImm.link(this);
-        JITStubCall stubCall(this, cti_op_add);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(regT0);
-        stubCall.call(result);
-    } else if (isOperandConstantImmediateInt(op2)) {
-        Jump notImm = getSlowCase(iter);
-        linkSlowCase(iter);
-        sub32(Imm32(getConstantOperandImmediateInt(op2) << JSImmediate::IntegerPayloadShift), regT0);
-        notImm.link(this);
-        JITStubCall stubCall(this, cti_op_add);
-        stubCall.addArgument(regT0);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call(result);
-    } else {
-        OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-        ASSERT(types.first().mightBeNumber() && types.second().mightBeNumber());
-        compileBinaryArithOpSlowCase(op_add, iter, result, op1, op2, types);
-    }
-}
-
-void JIT::emit_op_mul(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    // For now, only plant a fast int case if the constant operand is greater than zero.
-    int32_t value;
-    if (isOperandConstantImmediateInt(op1) && ((value = getConstantOperandImmediateInt(op1)) > 0)) {
-        emitGetVirtualRegister(op2, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        emitFastArithDeTagImmediate(regT0);
-        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitFastArithReTagImmediate(regT0, regT0);
-        emitPutVirtualRegister(result);
-    } else if (isOperandConstantImmediateInt(op2) && ((value = getConstantOperandImmediateInt(op2)) > 0)) {
-        emitGetVirtualRegister(op1, regT0);
-        emitJumpSlowCaseIfNotImmediateInteger(regT0);
-        emitFastArithDeTagImmediate(regT0);
-        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
-        signExtend32ToPtr(regT0, regT0);
-        emitFastArithReTagImmediate(regT0, regT0);
-        emitPutVirtualRegister(result);
-    } else
-        compileBinaryArithOp(op_mul, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
-}
-
-void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    if ((isOperandConstantImmediateInt(op1) && (getConstantOperandImmediateInt(op1) > 0))
-        || (isOperandConstantImmediateInt(op2) && (getConstantOperandImmediateInt(op2) > 0))) {
-        linkSlowCase(iter);
-        linkSlowCase(iter);
-        // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
-        JITStubCall stubCall(this, cti_op_mul);
-        stubCall.addArgument(op1, regT2);
-        stubCall.addArgument(op2, regT2);
-        stubCall.call(result);
-    } else
-        compileBinaryArithOpSlowCase(op_mul, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
-}
-
-void JIT::emit_op_sub(Instruction* currentInstruction)
-{
-    compileBinaryArithOp(op_sub, currentInstruction[1].u.operand, currentInstruction[2].u.operand, currentInstruction[3].u.operand, OperandTypes::fromInt(currentInstruction[4].u.operand));
-}
 
 
-void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    compileBinaryArithOpSlowCase(op_sub, iter, currentInstruction[1].u.operand, currentInstruction[2].u.operand, currentInstruction[3].u.operand, OperandTypes::fromInt(currentInstruction[4].u.operand));
+    compileBinaryArithOpSlowCase(currentInstruction, op_sub, iter, result, op1, op2, types, false, false);
 }
 
 }
 
-#endif // USE(JSVALUE64)
-
 /* ------------------------------ END: OP_ADD, OP_SUB, OP_MUL ------------------------------ */
 
 /* ------------------------------ END: OP_ADD, OP_SUB, OP_MUL ------------------------------ */
 
-#endif // !USE(JSVALUE32_64)
+#endif // USE(JSVALUE64)
 
 } // namespace JSC
 
 
 } // namespace JSC
 
mirror of JavaScriptCore