First draft of the sh4 port

src/sh4/builtins-sh4.cc

-// Copyright 2012 the V8 project authors. All rights reserved.
+// Copyright 2011-2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
 //       with the distribution.
 //     * Neither the name of Google Inc. nor the names of its
 //       contributors may be used to endorse or promote products derived
 //       from this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "v8.h"
 
-#if defined(V8_TARGET_ARCH_ARM)
+#if defined(V8_TARGET_ARCH_SH4)
 
 #include "codegen.h"
 #include "debug.h"
 #include "deoptimizer.h"
 #include "full-codegen.h"
 #include "runtime.h"
 
 namespace v8 {
 namespace internal {
 
 
 #define __ ACCESS_MASM(masm)
 
 
+// Define register map
+#include "map-sh4.h"
+
+
 void Builtins::Generate_Adaptor(MacroAssembler* masm,
                                 CFunctionId id,
                                 BuiltinExtraArguments extra_args) {
   // ----------- S t a t e -------------
   //  -- r0                 : number of arguments excluding receiver
   //  -- r1                 : called function (only guaranteed when
   //                          extra_args requires it)
   //  -- cp                 : context
   //  -- sp[0]              : last argument
   //  -- ...
@@ skipping 123 matching lines @@
     for (int i = 0; i < initial_capacity; i++) {
       __ str(scratch3, MemOperand(scratch1, kPointerSize, PostIndex));
     }
   } else {
     Label loop, entry;
     __ add(scratch2, scratch1, Operand(initial_capacity * kPointerSize));
     __ b(&entry);
     __ bind(&loop);
     __ str(scratch3, MemOperand(scratch1, kPointerSize, PostIndex));
     __ bind(&entry);
-    __ cmp(scratch1, scratch2);
-    __ b(lt, &loop);
+    __ cmpge(scratch1, scratch2);
+    __ bf(&loop);
   }
 }
 
 // Allocate a JSArray with the number of elements stored in a register. The
 // register array_function holds the built-in Array function and the register
 // array_size holds the size of the array as a smi. The allocated array is put
 // into the result register and beginning and end of the FixedArray elements
 // storage is put into registers elements_array_storage and elements_array_end
 // (see  below for when that is not the case). If the parameter fill_with_holes
 // is true the allocated elements backing store is filled with the hole values
@@ skipping 16 matching lines @@
   if (FLAG_debug_code) {  // Assert that array size is not zero.
     __ tst(array_size, array_size);
     __ Assert(ne, "array size is unexpectedly 0");
   }
 
   // Allocate the JSArray object together with space for a FixedArray with the
   // requested number of elements.
   STATIC_ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
   __ mov(elements_array_end,
          Operand((JSArray::kSize + FixedArray::kHeaderSize) / kPointerSize));
+  __ asr(scratch1, array_size, Operand(kSmiTagSize));
   __ add(elements_array_end,
          elements_array_end,
-         Operand(array_size, ASR, kSmiTagSize));
+         scratch1);
   __ AllocateInNewSpace(
       elements_array_end,
       result,
       scratch1,
       scratch2,
       gc_required,
       static_cast<AllocationFlags>(TAG_OBJECT | SIZE_IN_WORDS));
 
   // Allocated the JSArray. Now initialize the fields except for the elements
   // array.
@@ skipping 31 matching lines @@
   STATIC_ASSERT(kSmiTag == 0);
   ASSERT_EQ(1 * kPointerSize, FixedArray::kLengthOffset);
   __ str(array_size,
          MemOperand(elements_array_storage, kPointerSize, PostIndex));
 
   // Calculate elements array and elements array end.
   // result: JSObject
   // elements_array_storage: elements array element storage
   // array_size: smi-tagged size of elements array
   STATIC_ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
+  __ lsl(elements_array_end, array_size,
+         Operand(kPointerSizeLog2 - kSmiTagSize));
   __ add(elements_array_end,
          elements_array_storage,
-         Operand(array_size, LSL, kPointerSizeLog2 - kSmiTagSize));
+         elements_array_end);
 
   // Fill the allocated FixedArray with the hole value if requested.
   // result: JSObject
   // elements_array_storage: elements array element storage
   // elements_array_end: start of next object
   if (fill_with_hole) {
     Label loop, entry;
     __ LoadRoot(scratch1, Heap::kTheHoleValueRootIndex);
-    __ jmp(&entry);
+    __ jmp_near(&entry);
     __ bind(&loop);
     __ str(scratch1,
            MemOperand(elements_array_storage, kPointerSize, PostIndex));
     __ bind(&entry);
-    __ cmp(elements_array_storage, elements_array_end);
-    __ b(lt, &loop);
+    __ cmpge(elements_array_storage, elements_array_end);
+    __ bf(&loop);
   }
 }
 
 // Create a new array for the built-in Array function. This function allocates
 // the JSArray object and the FixedArray elements array and initializes these.
 // If the Array cannot be constructed in native code the runtime is called. This
 // function assumes the following state:
 //   r0: argc
 //   r1: constructor (built-in Array function)
 //   lr: return address
@@ skipping 20 matching lines @@
                        r1,
                        r2,
                        r3,
                        r4,
                        r5,
                        call_generic_code);
   __ IncrementCounter(counters->array_function_native(), 1, r3, r4);
   // Set up return value, remove receiver from stack and return.
   __ mov(r0, r2);
   __ add(sp, sp, Operand(kPointerSize));
-  __ Jump(lr);
+  __ Ret();
 
   // Check for one argument. Bail out if argument is not smi or if it is
   // negative.
   __ bind(&argc_one_or_more);
   __ cmp(r0, Operand(1));
   __ b(ne, &argc_two_or_more);
   STATIC_ASSERT(kSmiTag == 0);
   __ ldr(r2, MemOperand(sp));  // Get the argument from the stack.
   __ tst(r2, r2);
   __ b(ne, &not_empty_array);
   __ Drop(1);  // Adjust stack.
   __ mov(r0, Operand(0));  // Treat this as a call with argc of zero.
   __ b(&empty_array);
 
   __ bind(&not_empty_array);
-  __ and_(r3, r2, Operand(kIntptrSignBit | kSmiTagMask), SetCC);
+  __ land(r3, r2, Operand(kIntptrSignBit | kSmiTagMask));
+  __ cmp(r3, Operand(0));
   __ b(ne, call_generic_code);
 
   // Handle construction of an empty array of a certain size. Bail out if size
   // is too large to actually allocate an elements array.
   STATIC_ASSERT(kSmiTag == 0);
-  __ cmp(r2, Operand(JSObject::kInitialMaxFastElementArray << kSmiTagSize));
-  __ b(ge, call_generic_code);
+  __ cmpge(r2, Operand(JSObject::kInitialMaxFastElementArray << kSmiTagSize));
+  __ bt(call_generic_code);
 
   // r0: argc
   // r1: constructor
   // r2: array_size (smi)
   // sp[0]: argument
   AllocateJSArray(masm,
                   r1,
                   r2,
                   r3,
                   r4,
                   r5,
                   r6,
                   r7,
                   true,
                   call_generic_code);
   __ IncrementCounter(counters->array_function_native(), 1, r2, r4);
-  // Set up return value, remove receiver and argument from stack and return.
+  // Setup return value, remove receiver and argument from stack and return.
   __ mov(r0, r3);
   __ add(sp, sp, Operand(2 * kPointerSize));
-  __ Jump(lr);
+  __ Ret();
 
   // Handle construction of an array from a list of arguments.
   __ bind(&argc_two_or_more);
-  __ mov(r2, Operand(r0, LSL, kSmiTagSize));  // Convet argc to a smi.
+  __ lsl(r2, r0, Operand(kSmiTagSize));  // Convet argc to a smi.
 
   // r0: argc
   // r1: constructor
   // r2: array_size (smi)
   // sp[0]: last argument
   AllocateJSArray(masm,
                   r1,
                   r2,
                   r3,
                   r4,
@@ skipping 16 matching lines @@
   Label loop, entry;
   __ mov(r7, sp);
   __ jmp(&entry);
   __ bind(&loop);
   __ ldr(r2, MemOperand(r7, kPointerSize, PostIndex));
   if (FLAG_smi_only_arrays) {
     __ JumpIfNotSmi(r2, &has_non_smi_element);
   }
   __ str(r2, MemOperand(r5, -kPointerSize, PreIndex));
   __ bind(&entry);
-  __ cmp(r4, r5);
-  __ b(lt, &loop);
+  __ cmpge(r4, r5);
+  __ bf(&loop);
 
   __ bind(&finish);
   __ mov(sp, r7);
 
   // Remove caller arguments and receiver from the stack, setup return value and
   // return.
   // r0: argc
   // r3: JSArray
   // sp[0]: receiver
   __ add(sp, sp, Operand(kPointerSize));
   __ mov(r0, r3);
-  __ Jump(lr);
+  __ Ret();
 
   __ bind(&has_non_smi_element);
   // Double values are handled by the runtime.
   __ CheckMap(
       r2, r9, Heap::kHeapNumberMapRootIndex, &not_double, DONT_DO_SMI_CHECK);
   __ bind(&cant_transition_map);
   __ UndoAllocationInNewSpace(r3, r4);
   __ b(call_generic_code);
 
   __ bind(&not_double);
@@ skipping 12 matching lines @@
                       r9,
                       kLRHasNotBeenSaved,
                       kDontSaveFPRegs,
                       EMIT_REMEMBERED_SET,
                       OMIT_SMI_CHECK);
   Label loop2;
   __ sub(r7, r7, Operand(kPointerSize));
   __ bind(&loop2);
   __ ldr(r2, MemOperand(r7, kPointerSize, PostIndex));
   __ str(r2, MemOperand(r5, -kPointerSize, PreIndex));
-  __ cmp(r4, r5);
-  __ b(lt, &loop2);
+  __ cmpge(r4, r5);
+  __ bf(&loop2);
   __ b(&finish);
 }
 
 
 void Builtins::Generate_InternalArrayCode(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0     : number of arguments
   //  -- lr     : return address
   //  -- sp[...]: constructor arguments
   // -----------------------------------
   Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
 
   // Get the InternalArray function.
   GenerateLoadInternalArrayFunction(masm, r1);
 
   if (FLAG_debug_code) {
     // Initial map for the builtin InternalArray functions should be maps.
     __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
     __ tst(r2, Operand(kSmiTagMask));
     __ Assert(ne, "Unexpected initial map for InternalArray function");
-    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
+    __ CompareObjectType(r2, r3, r4, MAP_TYPE, eq);
     __ Assert(eq, "Unexpected initial map for InternalArray function");
   }
 
   // Run the native code for the InternalArray function called as a normal
   // function.
   ArrayNativeCode(masm, &generic_array_code);
 
   // Jump to the generic array code if the specialized code cannot handle the
   // construction.
   __ bind(&generic_array_code);
@@ skipping 13 matching lines @@
   Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
 
   // Get the Array function.
   GenerateLoadArrayFunction(masm, r1);
 
   if (FLAG_debug_code) {
     // Initial map for the builtin Array functions should be maps.
     __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
     __ tst(r2, Operand(kSmiTagMask));
     __ Assert(ne, "Unexpected initial map for Array function");
-    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
+    __ CompareObjectType(r2, r3, r4, MAP_TYPE, eq);
     __ Assert(eq, "Unexpected initial map for Array function");
   }
 
   // Run the native code for the Array function called as a normal function.
   ArrayNativeCode(masm, &generic_array_code);
 
   // Jump to the generic array code if the specialized code cannot handle
   // the construction.
   __ bind(&generic_array_code);
 
@@ skipping 12 matching lines @@
   // -----------------------------------
   Label generic_constructor;
 
   if (FLAG_debug_code) {
     // The array construct code is only set for the builtin and internal
     // Array functions which always have a map.
     // Initial map for the builtin Array function should be a map.
     __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
     __ tst(r2, Operand(kSmiTagMask));
     __ Assert(ne, "Unexpected initial map for Array function");
-    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
+    __ CompareObjectType(r2, r3, r4, MAP_TYPE, eq);
     __ Assert(eq, "Unexpected initial map for Array function");
   }
 
   // Run the native code for the Array function called as a constructor.
   ArrayNativeCode(masm, &generic_constructor);
 
   // Jump to the generic construct code in case the specialized code cannot
   // handle the construction.
   __ bind(&generic_constructor);
   Handle<Code> generic_construct_stub =
       masm->isolate()->builtins()->JSConstructStubGeneric();
   __ Jump(generic_construct_stub, RelocInfo::CODE_TARGET);
 }
 
 
 void Builtins::Generate_StringConstructCode(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0                     : number of arguments
   //  -- r1                     : constructor function
   //  -- lr                     : return address
   //  -- sp[(argc - n - 1) * 4] : arg[n] (zero based)
   //  -- sp[argc * 4]           : receiver
   // -----------------------------------
   Counters* counters = masm->isolate()->counters();
   __ IncrementCounter(counters->string_ctor_calls(), 1, r2, r3);
 
   Register function = r1;
   if (FLAG_debug_code) {
     __ LoadGlobalFunction(Context::STRING_FUNCTION_INDEX, r2);
-    __ cmp(function, Operand(r2));
+    __ cmp(function, r2);
     __ Assert(eq, "Unexpected String function");
   }
 
   // Load the first arguments in r0 and get rid of the rest.
   Label no_arguments;
   __ cmp(r0, Operand(0, RelocInfo::NONE));
   __ b(eq, &no_arguments);
   // First args = sp[(argc - 1) * 4].
   __ sub(r0, r0, Operand(1));
-  __ ldr(r0, MemOperand(sp, r0, LSL, kPointerSizeLog2, PreIndex));
+  __ lsl(r0, r0, Operand(kPointerSizeLog2));
+  __ ldr(r0, MemOperand(sp, r0));
   // sp now point to args[0], drop args[0] + receiver.
   __ Drop(2);
 
   Register argument = r2;
   Label not_cached, argument_is_string;
   NumberToStringStub::GenerateLookupNumberStringCache(
       masm,
       r0,        // Input.
       argument,  // Result.
       r3,        // Scratch.
@@ skipping 88 matching lines @@
     __ CallRuntime(Runtime::kNewStringWrapper, 1);
   }
   __ Ret();
 }
 
 
 static void GenerateTailCallToSharedCode(MacroAssembler* masm) {
   __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(r2, FieldMemOperand(r2, SharedFunctionInfo::kCodeOffset));
   __ add(r2, r2, Operand(Code::kHeaderSize - kHeapObjectTag));
-  __ mov(pc, r2);
+  __ jmp(r2);
 }
 
 
 void Builtins::Generate_InRecompileQueue(MacroAssembler* masm) {
   GenerateTailCallToSharedCode(masm);
 }
 
 
 void Builtins::Generate_ParallelRecompile(MacroAssembler* masm) {
   {
@@ skipping 32 matching lines @@
   // Should never count constructions for api objects.
   ASSERT(!is_api_function || !count_constructions);
 
   Isolate* isolate = masm->isolate();
 
   // Enter a construct frame.
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
     // Preserve the two incoming parameters on the stack.
-    __ mov(r0, Operand(r0, LSL, kSmiTagSize));
+    __ lsl(r0, r0, Operand(kSmiTagSize));
     __ push(r0);  // Smi-tagged arguments count.
     __ push(r1);  // Constructor function.
 
     // Try to allocate the object without transitioning into C code. If any of
     // the preconditions is not met, the code bails out to the runtime call.
     Label rt_call, allocated;
     if (FLAG_inline_new) {
       Label undo_allocation;
 #ifdef ENABLE_DEBUGGER_SUPPORT
       ExternalReference debug_step_in_fp =
           ExternalReference::debug_step_in_fp_address(isolate);
       __ mov(r2, Operand(debug_step_in_fp));
       __ ldr(r2, MemOperand(r2));
       __ tst(r2, r2);
       __ b(ne, &rt_call);
 #endif
 
-      // Load the initial map and verify that it is in fact a map.
-      // r1: constructor function
-      __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
-      __ JumpIfSmi(r2, &rt_call);
-      __ CompareObjectType(r2, r3, r4, MAP_TYPE);
-      __ b(ne, &rt_call);
+    // Load the initial map and verify that it is in fact a map.
+    // r1: constructor function
+    __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
+    __ JumpIfSmi(r2, &rt_call);
+    __ CompareObjectType(r2, r3, r4, MAP_TYPE, eq);
+    __ b(ne, &rt_call);
 
-      // Check that the constructor is not constructing a JSFunction (see
-      // comments in Runtime_NewObject in runtime.cc). In which case the
-      // initial map's instance type would be JS_FUNCTION_TYPE.
-      // r1: constructor function
-      // r2: initial map
-      __ CompareInstanceType(r2, r3, JS_FUNCTION_TYPE);
-      __ b(eq, &rt_call);
+    // Check that the constructor is not constructing a JSFunction (see comments
+    // in Runtime_NewObject in runtime.cc). In which case the initial map's
+    // instance type would be JS_FUNCTION_TYPE.
+    // r1: constructor function
+    // r2: initial map
+    __ CompareInstanceType(r2, r3, JS_FUNCTION_TYPE, eq);
+    __ b(eq, &rt_call);
 
       if (count_constructions) {
         Label allocate;
         // Decrease generous allocation count.
         __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
         MemOperand constructor_count =
             FieldMemOperand(r3, SharedFunctionInfo::kConstructionCountOffset);
         __ ldrb(r4, constructor_count);
-        __ sub(r4, r4, Operand(1), SetCC);
+        __ sub(r4, r4, Operand(1));
+        __ cmpeq(r4, Operand(0));
         __ strb(r4, constructor_count);
         __ b(ne, &allocate);
 
         __ Push(r1, r2);
 
         __ push(r1);  // constructor
         // The call will replace the stub, so the countdown is only done once.
         __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
 
         __ pop(r2);
@@ skipping 22 matching lines @@
       __ str(r6, MemOperand(r5, kPointerSize, PostIndex));
       ASSERT_EQ(2 * kPointerSize, JSObject::kElementsOffset);
       __ str(r6, MemOperand(r5, kPointerSize, PostIndex));
 
       // Fill all the in-object properties with the appropriate filler.
       // r1: constructor function
       // r2: initial map
       // r3: object size (in words)
       // r4: JSObject (not tagged)
       // r5: First in-object property of JSObject (not tagged)
-      __ add(r6, r4, Operand(r3, LSL, kPointerSizeLog2));  // End of object.
+      __ lsl(r6, r3, Operand(kPointerSizeLog2));
+      __ add(r6, r4, r6);  // End of object.
       ASSERT_EQ(3 * kPointerSize, JSObject::kHeaderSize);
       __ LoadRoot(r7, Heap::kUndefinedValueRootIndex);
       if (count_constructions) {
         __ ldr(r0, FieldMemOperand(r2, Map::kInstanceSizesOffset));
         __ Ubfx(r0, r0, Map::kPreAllocatedPropertyFieldsByte * kBitsPerByte,
                 kBitsPerByte);
-        __ add(r0, r5, Operand(r0, LSL, kPointerSizeLog2));
+        __ lsl(r0, r0, Operand(kPointerSizeLog2));
+        __ add(r0, r5, r0);
         // r0: offset of first field after pre-allocated fields
         if (FLAG_debug_code) {
-          __ cmp(r0, r6);
-          __ Assert(le, "Unexpected number of pre-allocated property fields.");
+          __ cmpgt(r0, r6);
+          __ Assert(ne, "Unexpected number of pre-allocated property fields.");
         }
         __ InitializeFieldsWithFiller(r5, r0, r7);
         // To allow for truncation.
         __ LoadRoot(r7, Heap::kOnePointerFillerMapRootIndex);
       }
       __ InitializeFieldsWithFiller(r5, r6, r7);
 
       // Add the object tag to make the JSObject real, so that we can continue
       // and jump into the continuation code at any time from now on. Any
       // failures need to undo the allocation, so that the heap is in a
       // consistent state and verifiable.
       __ add(r4, r4, Operand(kHeapObjectTag));
 
       // Check if a non-empty properties array is needed. Continue with
       // allocated object if not fall through to runtime call if it is.
       // r1: constructor function
       // r4: JSObject
       // r5: start of next object (not tagged)
       __ ldrb(r3, FieldMemOperand(r2, Map::kUnusedPropertyFieldsOffset));
       // The field instance sizes contains both pre-allocated property fields
       // and in-object properties.
       __ ldr(r0, FieldMemOperand(r2, Map::kInstanceSizesOffset));
       __ Ubfx(r6, r0, Map::kPreAllocatedPropertyFieldsByte * kBitsPerByte,
               kBitsPerByte);
-      __ add(r3, r3, Operand(r6));
+      __ add(r3, r3, r6);
       __ Ubfx(r6, r0, Map::kInObjectPropertiesByte * kBitsPerByte,
               kBitsPerByte);
-      __ sub(r3, r3, Operand(r6), SetCC);
+      __ sub(r3, r3, r6);
+      __ cmpeq(r6, Operand(0));
 
       // Done if no extra properties are to be allocated.
       __ b(eq, &allocated);
-      __ Assert(pl, "Property allocation count failed.");
+      __ cmpge(r6, Operand(0));
+      __ Assert(eq, "Property allocation count failed.");
 
       // Scale the number of elements by pointer size and add the header for
       // FixedArrays to the start of the next object calculation from above.
       // r1: constructor
       // r3: number of elements in properties array
       // r4: JSObject
       // r5: start of next object
       __ add(r0, r3, Operand(FixedArray::kHeaderSize / kPointerSize));
       __ AllocateInNewSpace(
           r0,
           r5,
           r6,
           r2,
           &undo_allocation,
           static_cast<AllocationFlags>(RESULT_CONTAINS_TOP | SIZE_IN_WORDS));
 
       // Initialize the FixedArray.
       // r1: constructor
       // r3: number of elements in properties array
       // r4: JSObject
       // r5: FixedArray (not tagged)
       __ LoadRoot(r6, Heap::kFixedArrayMapRootIndex);
       __ mov(r2, r5);
       ASSERT_EQ(0 * kPointerSize, JSObject::kMapOffset);
       __ str(r6, MemOperand(r2, kPointerSize, PostIndex));
       ASSERT_EQ(1 * kPointerSize, FixedArray::kLengthOffset);
-      __ mov(r0, Operand(r3, LSL, kSmiTagSize));
+      __ lsl(r0, r3, Operand(kSmiTagSize));
       __ str(r0, MemOperand(r2, kPointerSize, PostIndex));
 
       // Initialize the fields to undefined.
       // r1: constructor function
       // r2: First element of FixedArray (not tagged)
       // r3: number of elements in properties array
       // r4: JSObject
       // r5: FixedArray (not tagged)
-      __ add(r6, r2, Operand(r3, LSL, kPointerSizeLog2));  // End of object.
+      __ lsl(r6, r3, Operand(kPointerSizeLog2));
+      __ add(r6, r2, r6);  // End of object.
       ASSERT_EQ(2 * kPointerSize, FixedArray::kHeaderSize);
       { Label loop, entry;
         if (count_constructions) {
           __ LoadRoot(r7, Heap::kUndefinedValueRootIndex);
         } else if (FLAG_debug_code) {
-          __ LoadRoot(r8, Heap::kUndefinedValueRootIndex);
-          __ cmp(r7, r8);
+          __ LoadRoot(cp, Heap::kUndefinedValueRootIndex);
+          __ cmp(r7, cp);
           __ Assert(eq, "Undefined value not loaded.");
         }
         __ b(&entry);
         __ bind(&loop);
         __ str(r7, MemOperand(r2, kPointerSize, PostIndex));
         __ bind(&entry);
-        __ cmp(r2, r6);
-        __ b(lt, &loop);
+        __ cmpge(r2, r6);
+        __ bf(&loop);
       }
 
       // Store the initialized FixedArray into the properties field of
       // the JSObject
       // r1: constructor function
       // r4: JSObject
       // r5: FixedArray (not tagged)
       __ add(r5, r5, Operand(kHeapObjectTag));  // Add the heap tag.
       __ str(r5, FieldMemOperand(r4, JSObject::kPropertiesOffset));
 
@@ skipping 28 matching lines @@
     // sp[1]: receiver
     // sp[2]: constructor function
     // sp[3]: number of arguments (smi-tagged)
     __ ldr(r1, MemOperand(sp, 2 * kPointerSize));
     __ ldr(r3, MemOperand(sp, 3 * kPointerSize));
 
     // Set up pointer to last argument.
     __ add(r2, fp, Operand(StandardFrameConstants::kCallerSPOffset));
 
     // Set up number of arguments for function call below
-    __ mov(r0, Operand(r3, LSR, kSmiTagSize));
+    __ lsr(r0, r3, Operand(kSmiTagSize));
 
     // Copy arguments and receiver to the expression stack.
     // r0: number of arguments
     // r1: constructor function
     // r2: address of last argument (caller sp)
     // r3: number of arguments (smi-tagged)
     // sp[0]: receiver
     // sp[1]: receiver
     // sp[2]: constructor function
     // sp[3]: number of arguments (smi-tagged)
     Label loop, entry;
     __ b(&entry);
     __ bind(&loop);
-    __ ldr(ip, MemOperand(r2, r3, LSL, kPointerSizeLog2 - 1));
+    __ lsl(ip, r3, Operand(kPointerSizeLog2 - 1));
+    __ ldr(ip, MemOperand(r2, ip));
     __ push(ip);
     __ bind(&entry);
-    __ sub(r3, r3, Operand(2), SetCC);
-    __ b(ge, &loop);
+    __ sub(r3, r3, Operand(2));
+    __ cmpge(r3, Operand(0));
+    __ bt(&loop);
 
     // Call the function.
     // r0: number of arguments
     // r1: constructor function
     if (is_api_function) {
       __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
       Handle<Code> code =
           masm->isolate()->builtins()->HandleApiCallConstruct();
       ParameterCount expected(0);
       __ InvokeCode(code, expected, expected,
@@ skipping 23 matching lines @@
 
     // If the result is a smi, it is *not* an object in the ECMA sense.
     // r0: result
     // sp[0]: receiver (newly allocated object)
     // sp[1]: constructor function
     // sp[2]: number of arguments (smi-tagged)
     __ JumpIfSmi(r0, &use_receiver);
 
     // If the type of the result (stored in its map) is less than
     // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
-    __ CompareObjectType(r0, r3, r3, FIRST_SPEC_OBJECT_TYPE);
-    __ b(ge, &exit);
+    __ CompareObjectType(r0, r3, r3, FIRST_SPEC_OBJECT_TYPE, ge);
+    __ bt(&exit);
 
     // Throw away the result of the constructor invocation and use the
     // on-stack receiver as the result.
     __ bind(&use_receiver);
     __ ldr(r0, MemOperand(sp));
 
     // Remove receiver from the stack, remove caller arguments, and
     // return.
     __ bind(&exit);
     // r0: result
     // sp[0]: receiver (newly allocated object)
     // sp[1]: constructor function
     // sp[2]: number of arguments (smi-tagged)
     __ ldr(r1, MemOperand(sp, 2 * kPointerSize));
 
     // Leave construct frame.
   }
 
-  __ add(sp, sp, Operand(r1, LSL, kPointerSizeLog2 - 1));
+  __ lsl(ip, r1, Operand(kPointerSizeLog2 - 1));
+  __ add(sp, sp, ip);
   __ add(sp, sp, Operand(kPointerSize));
   __ IncrementCounter(isolate->counters()->constructed_objects(), 1, r1, r2);
-  __ Jump(lr);
+  __ rts();
 }
 
 
 void Builtins::Generate_JSConstructStubCountdown(MacroAssembler* masm) {
   Generate_JSConstructStubHelper(masm, false, true);
 }
 
 
 void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
   Generate_JSConstructStubHelper(masm, false, false);
 }
 
 
 void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
   Generate_JSConstructStubHelper(masm, true, false);
 }
 
 
 static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
                                              bool is_construct) {
   // Called from Generate_JS_Entry
   // r0: code entry
   // r1: function
   // r2: receiver
   // r3: argc
-  // r4: argv
+  // r4: argv (JSEntryStub does set it)
   // r5-r7, cp may be clobbered
 
   // Clear the context before we push it when entering the internal frame.
   __ mov(cp, Operand(0, RelocInfo::NONE));
 
   // Enter an internal frame.
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
 
     // Set up the context from the function argument.
     __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
 
     __ InitializeRootRegister();
 
     // Push the function and the receiver onto the stack.
     __ push(r1);
     __ push(r2);
 
     // Copy arguments to the stack in a loop.
     // r1: function
     // r3: argc
     // r4: argv, i.e. points to first arg
     Label loop, entry;
-    __ add(r2, r4, Operand(r3, LSL, kPointerSizeLog2));
+    __ lsl(r2, r3, Operand(kPointerSizeLog2));
+    __ add(r2, r4, r2);
     // r2 points past last arg.
-    __ b(&entry);
+    __ b_near(&entry);
     __ bind(&loop);
     __ ldr(r0, MemOperand(r4, kPointerSize, PostIndex));  // read next parameter
     __ ldr(r0, MemOperand(r0));  // dereference handle
     __ push(r0);  // push parameter
     __ bind(&entry);
     __ cmp(r4, r2);
     __ b(ne, &loop);
 
     // Initialize all JavaScript callee-saved registers, since they will be seen
     // by the garbage collector as part of handlers.
     __ LoadRoot(r4, Heap::kUndefinedValueRootIndex);
-    __ mov(r5, Operand(r4));
-    __ mov(r6, Operand(r4));
-    __ mov(r7, Operand(r4));
-    if (kR9Available == 1) {
-      __ mov(r9, Operand(r4));
-    }
+    __ mov(sh4_r5, r4);
+    __ mov(sh4_r6, r4);
+    __ mov(sh4_r7, r4);
+    __ mov(sh4_r8, r4);
+    __ mov(sh4_r9, r4);
 
     // Invoke the code and pass argc as r0.
-    __ mov(r0, Operand(r3));
+    __ mov(r0, r3);
+
+    // r0: argc
+    // r1: function
     if (is_construct) {
       CallConstructStub stub(NO_CALL_FUNCTION_FLAGS);
       __ CallStub(&stub);
     } else {
       ParameterCount actual(r0);
       __ InvokeFunction(r1, actual, CALL_FUNCTION,
                         NullCallWrapper(), CALL_AS_METHOD);
     }
     // Exit the JS frame and remove the parameters (except function), and
     // return.
     // Respect ABI stack constraint.
   }
-  __ Jump(lr);
+  __ rts();
 
   // r0: result
 }
 
 
 void Builtins::Generate_JSEntryTrampoline(MacroAssembler* masm) {
   Generate_JSEntryTrampolineHelper(masm, false);
 }
 
 
@@ skipping 69 matching lines @@
     __ push(r0);
     __ CallRuntime(Runtime::kNotifyDeoptimized, 1);
   }
 
   // Get the full codegen state from the stack and untag it -> r6.
   __ ldr(r6, MemOperand(sp, 0 * kPointerSize));
   __ SmiUntag(r6);
   // Switch on the state.
   Label with_tos_register, unknown_state;
   __ cmp(r6, Operand(FullCodeGenerator::NO_REGISTERS));
-  __ b(ne, &with_tos_register);
+  __ b(ne, &with_tos_register, Label::kNear);
   __ add(sp, sp, Operand(1 * kPointerSize));  // Remove state.
   __ Ret();
 
   __ bind(&with_tos_register);
   __ ldr(r0, MemOperand(sp, 1 * kPointerSize));
   __ cmp(r6, Operand(FullCodeGenerator::TOS_REG));
-  __ b(ne, &unknown_state);
+  __ b(ne, &unknown_state, Label::kNear);
   __ add(sp, sp, Operand(2 * kPointerSize));  // Remove state.
   __ Ret();
 
   __ bind(&unknown_state);
   __ stop("no cases left");
 }
 
 
 void Builtins::Generate_NotifyDeoptimized(MacroAssembler* masm) {
   Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::EAGER);
 }
 
 
 void Builtins::Generate_NotifyLazyDeoptimized(MacroAssembler* masm) {
   Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::LAZY);
 }
 
 
 void Builtins::Generate_NotifyOSR(MacroAssembler* masm) {
   // For now, we are relying on the fact that Runtime::NotifyOSR
   // doesn't do any garbage collection which allows us to save/restore
   // the registers without worrying about which of them contain
   // pointers. This seems a bit fragile.
-  __ stm(db_w, sp, kJSCallerSaved | kCalleeSaved | lr.bit() | fp.bit());
+  __ Push(pr, fp);
+  __ pushm(kJSCallerSaved | kCalleeSaved);
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
     __ CallRuntime(Runtime::kNotifyOSR, 0);
   }
-  __ ldm(ia_w, sp, kJSCallerSaved | kCalleeSaved | lr.bit() | fp.bit());
+  __ popm(kJSCallerSaved | kCalleeSaved);
+  __ Pop(pr, fp);
   __ Ret();
 }
 
 
 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
-  CpuFeatures::TryForceFeatureScope scope(VFP3);
-  if (!CPU::SupportsCrankshaft()) {
-    __ Abort("Unreachable code: Cannot optimize without VFP3 support.");
-    return;
-  }
-
-  // Lookup the function in the JavaScript frame and push it as an
-  // argument to the on-stack replacement function.
-  __ ldr(r0, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
-  {
-    FrameScope scope(masm, StackFrame::INTERNAL);
-    __ push(r0);
-    __ CallRuntime(Runtime::kCompileForOnStackReplacement, 1);
-  }
-
-  // If the result was -1 it means that we couldn't optimize the
-  // function. Just return and continue in the unoptimized version.
-  Label skip;
-  __ cmp(r0, Operand(Smi::FromInt(-1)));
-  __ b(ne, &skip);
-  __ Ret();
-
-  __ bind(&skip);
-  // Untag the AST id and push it on the stack.
-  __ SmiUntag(r0);
-  __ push(r0);
-
-  // Generate the code for doing the frame-to-frame translation using
-  // the deoptimizer infrastructure.
-  Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR);
-  generator.Generate();
+  __ UNIMPLEMENTED_BREAK();
 }
 
 
 void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
   // 1. Make sure we have at least one argument.
   // r0: actual number of arguments
   { Label done;
-    __ cmp(r0, Operand(0));
-    __ b(ne, &done);
+    __ tst(r0, r0);
+    __ b(ne, &done, Label::kNear);
     __ LoadRoot(r2, Heap::kUndefinedValueRootIndex);
     __ push(r2);
     __ add(r0, r0, Operand(1));
     __ bind(&done);
   }
 
   // 2. Get the function to call (passed as receiver) from the stack, check
   //    if it is a function.
   // r0: actual number of arguments
   Label slow, non_function;
-  __ ldr(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
+  __ lsl(r1, r0, Operand(kPointerSizeLog2));
+  __ ldr(r1, MemOperand(sp, r1));
   __ JumpIfSmi(r1, &non_function);
-  __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE);
+  __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE, eq);
   __ b(ne, &slow);
 
   // 3a. Patch the first argument if necessary when calling a function.
   // r0: actual number of arguments
   // r1: function
   Label shift_arguments;
   __ mov(r4, Operand(0, RelocInfo::NONE));  // indicate regular JS_FUNCTION
   { Label convert_to_object, use_global_receiver, patch_receiver;
     // Change context eagerly in case we need the global receiver.
     __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
 
     // Do not transform the receiver for strict mode functions.
     __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
     __ ldr(r3, FieldMemOperand(r2, SharedFunctionInfo::kCompilerHintsOffset));
     __ tst(r3, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
                              kSmiTagSize)));
     __ b(ne, &shift_arguments);
 
     // Do not transform the receiver for native (Compilerhints already in r3).
     __ tst(r3, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
     __ b(ne, &shift_arguments);
 
     // Compute the receiver in non-strict mode.
-    __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));
+    __ lsl(r2, r0, Operand(kPointerSizeLog2));
+    __ add(r2, sp, r2);
     __ ldr(r2, MemOperand(r2, -kPointerSize));
     // r0: actual number of arguments
     // r1: function
     // r2: first argument
-    __ JumpIfSmi(r2, &convert_to_object);
+    __ JumpIfSmi(r2, &convert_to_object, Label::kNear);
 
     __ LoadRoot(r3, Heap::kUndefinedValueRootIndex);
     __ cmp(r2, r3);
     __ b(eq, &use_global_receiver);
     __ LoadRoot(r3, Heap::kNullValueRootIndex);
     __ cmp(r2, r3);
     __ b(eq, &use_global_receiver);
 
     STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
-    __ CompareObjectType(r2, r3, r3, FIRST_SPEC_OBJECT_TYPE);
-    __ b(ge, &shift_arguments);
+    __ CompareObjectType(r2, r3, r3, FIRST_SPEC_OBJECT_TYPE, ge);
+    __ bt(&shift_arguments);
 
     __ bind(&convert_to_object);
 
     {
       // Enter an internal frame in order to preserve argument count.
       FrameScope scope(masm, StackFrame::INTERNAL);
-      __ mov(r0, Operand(r0, LSL, kSmiTagSize));  // Smi-tagged.
+      __ lsl(r0, r0, Operand(kSmiTagSize));     // Smi-tagged.
       __ push(r0);
 
       __ push(r2);
       __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
       __ mov(r2, r0);
 
       __ pop(r0);
-      __ mov(r0, Operand(r0, ASR, kSmiTagSize));
+      __ asr(r0, r0, Operand(kSmiTagSize));
 
       // Exit the internal frame.
     }
 
-    // Restore the function to r1, and the flag to r4.
-    __ ldr(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
+    // Restore the function to r1.
+    __ lsl(r1, r0, Operand(kPointerSizeLog2));
+    __ ldr(r1, MemOperand(sp, r1));
     __ mov(r4, Operand(0, RelocInfo::NONE));
-    __ jmp(&patch_receiver);
+    __ jmp_near(&patch_receiver);
 
     // Use the global receiver object from the called function as the
     // receiver.
     __ bind(&use_global_receiver);
     const int kGlobalIndex =
         Context::kHeaderSize + Context::GLOBAL_OBJECT_INDEX * kPointerSize;
     __ ldr(r2, FieldMemOperand(cp, kGlobalIndex));
     __ ldr(r2, FieldMemOperand(r2, GlobalObject::kNativeContextOffset));
     __ ldr(r2, FieldMemOperand(r2, kGlobalIndex));
     __ ldr(r2, FieldMemOperand(r2, GlobalObject::kGlobalReceiverOffset));
 
     __ bind(&patch_receiver);
-    __ add(r3, sp, Operand(r0, LSL, kPointerSizeLog2));
+    __ lsl(r3, r0, Operand(kPointerSizeLog2));
+    __ add(r3, sp, r3);
     __ str(r2, MemOperand(r3, -kPointerSize));
 
     __ jmp(&shift_arguments);
   }
 
   // 3b. Check for function proxy.
   __ bind(&slow);
   __ mov(r4, Operand(1, RelocInfo::NONE));  // indicate function proxy
   __ cmp(r2, Operand(JS_FUNCTION_PROXY_TYPE));
   __ b(eq, &shift_arguments);
   __ bind(&non_function);
   __ mov(r4, Operand(2, RelocInfo::NONE));  // indicate non-function
 
   // 3c. Patch the first argument when calling a non-function.  The
   //     CALL_NON_FUNCTION builtin expects the non-function callee as
   //     receiver, so overwrite the first argument which will ultimately
   //     become the receiver.
   // r0: actual number of arguments
   // r1: function
   // r4: call type (0: JS function, 1: function proxy, 2: non-function)
-  __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));
+  __ lsl(r2, r0, Operand(kPointerSizeLog2));
+  __ add(r2, sp, r2);
   __ str(r1, MemOperand(r2, -kPointerSize));
 
   // 4. Shift arguments and return address one slot down on the stack
   //    (overwriting the original receiver).  Adjust argument count to make
   //    the original first argument the new receiver.
   // r0: actual number of arguments
   // r1: function
   // r4: call type (0: JS function, 1: function proxy, 2: non-function)
   __ bind(&shift_arguments);
   { Label loop;
     // Calculate the copy start address (destination). Copy end address is sp.
-    __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));
+    __ lsl(r2, r0, Operand(kPointerSizeLog2));
+    __ add(r2, sp, r2);
 
     __ bind(&loop);
     __ ldr(ip, MemOperand(r2, -kPointerSize));
     __ str(ip, MemOperand(r2));
     __ sub(r2, r2, Operand(kPointerSize));
     __ cmp(r2, sp);
     __ b(ne, &loop);
     // Adjust the actual number of arguments and remove the top element
     // (which is a copy of the last argument).
     __ sub(r0, r0, Operand(1));
     __ pop();
   }
 
   // 5a. Call non-function via tail call to CALL_NON_FUNCTION builtin,
   //     or a function proxy via CALL_FUNCTION_PROXY.
   // r0: actual number of arguments
   // r1: function
   // r4: call type (0: JS function, 1: function proxy, 2: non-function)
   { Label function, non_proxy;
     __ tst(r4, r4);
-    __ b(eq, &function);
+    __ b(eq, &function, Label::kNear);
     // Expected number of arguments is 0 for CALL_NON_FUNCTION.
     __ mov(r2, Operand(0, RelocInfo::NONE));
     __ SetCallKind(r5, CALL_AS_METHOD);
     __ cmp(r4, Operand(1));
     __ b(ne, &non_proxy);
 
     __ push(r1);  // re-add proxy object as additional argument
     __ add(r0, r0, Operand(1));
     __ GetBuiltinEntry(r3, Builtins::CALL_FUNCTION_PROXY);
     __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
             RelocInfo::CODE_TARGET);
 
     __ bind(&non_proxy);
     __ GetBuiltinEntry(r3, Builtins::CALL_NON_FUNCTION);
-    __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
+    __ jmp(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
             RelocInfo::CODE_TARGET);
     __ bind(&function);
   }
 
   // 5b. Get the code to call from the function and check that the number of
   //     expected arguments matches what we're providing.  If so, jump
   //     (tail-call) to the code in register edx without checking arguments.
   // r0: actual number of arguments
   // r1: function
+  Label end;
   __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(r2,
          FieldMemOperand(r3, SharedFunctionInfo::kFormalParameterCountOffset));
-  __ mov(r2, Operand(r2, ASR, kSmiTagSize));
+  __ asr(r2, r2, Operand(kSmiTagSize));
   __ ldr(r3, FieldMemOperand(r1, JSFunction::kCodeEntryOffset));
   __ SetCallKind(r5, CALL_AS_METHOD);
   __ cmp(r2, r0);  // Check formal and actual parameter counts.
-  __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
-          RelocInfo::CODE_TARGET,
-          ne);
-
+  __ bt_near(&end);
+  __ jmp(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
+          RelocInfo::CODE_TARGET);
+  __ bind(&end);
   ParameterCount expected(0);
   __ InvokeCode(r3, expected, expected, JUMP_FUNCTION,
                 NullCallWrapper(), CALL_AS_METHOD);
 }
 
 
 void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
   const int kIndexOffset    = -5 * kPointerSize;
   const int kLimitOffset    = -4 * kPointerSize;
   const int kArgsOffset     =  2 * kPointerSize;
@@ skipping 11 matching lines @@
 
     // Check the stack for overflow. We are not trying to catch
     // interruptions (e.g. debug break and preemption) here, so the "real stack
     // limit" is checked.
     Label okay;
     __ LoadRoot(r2, Heap::kRealStackLimitRootIndex);
     // Make r2 the space we have left. The stack might already be overflowed
     // here which will cause r2 to become negative.
     __ sub(r2, sp, r2);
     // Check if the arguments will overflow the stack.
-    __ cmp(r2, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));
-    __ b(gt, &okay);  // Signed comparison.
+    __ lsl(ip, r0, Operand(kPointerSizeLog2 - kSmiTagSize));
+    __ cmpgt(r2, ip);
+    __ bt_near(&okay);  // Signed comparison.
 
     // Out of stack space.
     __ ldr(r1, MemOperand(fp, kFunctionOffset));
     __ push(r1);
     __ push(r0);
     __ InvokeBuiltin(Builtins::APPLY_OVERFLOW, CALL_FUNCTION);
     // End of stack check.
 
     // Push current limit and index.
     __ bind(&okay);
     __ push(r0);  // limit
     __ mov(r1, Operand(0, RelocInfo::NONE));  // initial index
     __ push(r1);
 
     // Get the receiver.
     __ ldr(r0, MemOperand(fp, kRecvOffset));
 
     // Check that the function is a JS function (otherwise it must be a proxy).
     Label push_receiver;
     __ ldr(r1, MemOperand(fp, kFunctionOffset));
-    __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE);
-    __ b(ne, &push_receiver);
+    __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE, eq);
+    __ bf(&push_receiver);
 
     // Change context eagerly to get the right global object if necessary.
     __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
     // Load the shared function info while the function is still in r1.
     __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
 
     // Compute the receiver.
     // Do not transform the receiver for strict mode functions.
     Label call_to_object, use_global_receiver;
     __ ldr(r2, FieldMemOperand(r2, SharedFunctionInfo::kCompilerHintsOffset));
@@ skipping 10 matching lines @@
     __ LoadRoot(r1, Heap::kNullValueRootIndex);
     __ cmp(r0, r1);
     __ b(eq, &use_global_receiver);
     __ LoadRoot(r1, Heap::kUndefinedValueRootIndex);
     __ cmp(r0, r1);
     __ b(eq, &use_global_receiver);
 
     // Check if the receiver is already a JavaScript object.
     // r0: receiver
     STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
-    __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE);
-    __ b(ge, &push_receiver);
+    __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE, ge);
+    __ bt(&push_receiver);
 
     // Convert the receiver to a regular object.
     // r0: receiver
     __ bind(&call_to_object);
     __ push(r0);
     __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
     __ b(&push_receiver);
 
     // Use the current global receiver object as the receiver.
     __ bind(&use_global_receiver);
     const int kGlobalOffset =
         Context::kHeaderSize + Context::GLOBAL_OBJECT_INDEX * kPointerSize;
     __ ldr(r0, FieldMemOperand(cp, kGlobalOffset));
-    __ ldr(r0, FieldMemOperand(r0, GlobalObject::kNativeContextOffset));
+    __ ldr(r0, FieldMemOperand(r0, GlobalObject::kGlobalContextOffset));
     __ ldr(r0, FieldMemOperand(r0, kGlobalOffset));
     __ ldr(r0, FieldMemOperand(r0, GlobalObject::kGlobalReceiverOffset));
 
     // Push the receiver.
     // r0: receiver
     __ bind(&push_receiver);
     __ push(r0);
 
     // Copy all arguments from the array to the stack.
     Label entry, loop;
     __ ldr(r0, MemOperand(fp, kIndexOffset));
-    __ b(&entry);
+    __ b_near(&entry);
 
     // Load the current argument from the arguments array and push it to the
     // stack.
     // r0: current argument index
     __ bind(&loop);
     __ ldr(r1, MemOperand(fp, kArgsOffset));
     __ push(r1);
     __ push(r0);
 
     // Call the runtime to access the property in the arguments array.
     __ CallRuntime(Runtime::kGetProperty, 2);
     __ push(r0);
 
     // Use inline caching to access the arguments.
     __ ldr(r0, MemOperand(fp, kIndexOffset));
     __ add(r0, r0, Operand(1 << kSmiTagSize));
     __ str(r0, MemOperand(fp, kIndexOffset));
 
     // Test if the copy loop has finished copying all the elements from the
     // arguments object.
     __ bind(&entry);
     __ ldr(r1, MemOperand(fp, kLimitOffset));
     __ cmp(r0, r1);
     __ b(ne, &loop);
 
     // Invoke the function.
     Label call_proxy;
     ParameterCount actual(r0);
-    __ mov(r0, Operand(r0, ASR, kSmiTagSize));
+    __ asr(r0, r0, Operand(kSmiTagSize));
     __ ldr(r1, MemOperand(fp, kFunctionOffset));
-    __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE);
-    __ b(ne, &call_proxy);
+    __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE, eq);
+    __ bf(&call_proxy);
     __ InvokeFunction(r1, actual, CALL_FUNCTION,
                       NullCallWrapper(), CALL_AS_METHOD);
 
     frame_scope.GenerateLeaveFrame();
     __ add(sp, sp, Operand(3 * kPointerSize));
-    __ Jump(lr);
+    __ rts();
 
     // Invoke the function proxy.
     __ bind(&call_proxy);
     __ push(r1);  // add function proxy as last argument
     __ add(r0, r0, Operand(1));
     __ mov(r2, Operand(0, RelocInfo::NONE));
     __ SetCallKind(r5, CALL_AS_METHOD);
     __ GetBuiltinEntry(r3, Builtins::CALL_FUNCTION_PROXY);
     __ Call(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
             RelocInfo::CODE_TARGET);
 
     // Tear down the internal frame and remove function, receiver and args.
   }
   __ add(sp, sp, Operand(3 * kPointerSize));
-  __ Jump(lr);
+  __ rts();
 }
 
 
 static void EnterArgumentsAdaptorFrame(MacroAssembler* masm) {
-  __ mov(r0, Operand(r0, LSL, kSmiTagSize));
+  __ lsl(r0, r0, Operand(kSmiTagSize));
   __ mov(r4, Operand(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
-  __ stm(db_w, sp, r0.bit() | r1.bit() | r4.bit() | fp.bit() | lr.bit());
+  __ push(pr);
+  __ Push(fp, r4, r1, r0);
   __ add(fp, sp, Operand(3 * kPointerSize));
 }
 
 
 static void LeaveArgumentsAdaptorFrame(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0 : result being passed through
   // -----------------------------------
   // Get the number of arguments passed (as a smi), tear down the frame and
   // then tear down the parameters.
   __ ldr(r1, MemOperand(fp, -3 * kPointerSize));
   __ mov(sp, fp);
-  __ ldm(ia_w, sp, fp.bit() | lr.bit());
-  __ add(sp, sp, Operand(r1, LSL, kPointerSizeLog2 - kSmiTagSize));
+  __ Pop(pr, fp);
+  __ lsl(ip, r1, Operand(kPointerSizeLog2 - kSmiTagSize));
+  __ add(sp, sp, ip);
   __ add(sp, sp, Operand(kPointerSize));  // adjust for receiver
 }
 
 
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0 : actual number of arguments
   //  -- r1 : function (passed through to callee)
   //  -- r2 : expected number of arguments
   //  -- r3 : code entry to call
   //  -- r5 : call kind information
   // -----------------------------------
 
   Label invoke, dont_adapt_arguments;
 
   Label enough, too_few;
-  __ cmp(r0, r2);
-  __ b(lt, &too_few);
+  __ cmpge(r0, r2);
+  __ bf(&too_few);
   __ cmp(r2, Operand(SharedFunctionInfo::kDontAdaptArgumentsSentinel));
   __ b(eq, &dont_adapt_arguments);
 
   {  // Enough parameters: actual >= expected
     __ bind(&enough);
     EnterArgumentsAdaptorFrame(masm);
 
     // Calculate copy start address into r0 and copy end address into r2.
     // r0: actual number of arguments as a smi
     // r1: function
     // r2: expected number of arguments
     // r3: code entry to call
-    __ add(r0, fp, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));
+    __ lsl(r0, r0, Operand(kPointerSizeLog2 - kSmiTagSize));
+    __ add(r0, fp, r0);
     // adjust for return address and receiver
     __ add(r0, r0, Operand(2 * kPointerSize));
-    __ sub(r2, r0, Operand(r2, LSL, kPointerSizeLog2));
+    __ lsl(r2, r2, Operand(kPointerSizeLog2));
+    __ sub(r2, r0, r2);
 
     // Copy the arguments (including the receiver) to the new stack frame.
     // r0: copy start address
     // r1: function
     // r2: copy end address
     // r3: code entry to call
 
     Label copy;
     __ bind(&copy);
     __ ldr(ip, MemOperand(r0, 0));
     __ push(ip);
     __ cmp(r0, r2);  // Compare before moving to next argument.
     __ sub(r0, r0, Operand(kPointerSize));
     __ b(ne, &copy);
 
     __ b(&invoke);
   }
 
   {  // Too few parameters: Actual < expected
     __ bind(&too_few);
     EnterArgumentsAdaptorFrame(masm);
 
     // Calculate copy start address into r0 and copy end address is fp.
     // r0: actual number of arguments as a smi
     // r1: function
     // r2: expected number of arguments
     // r3: code entry to call
-    __ add(r0, fp, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));
+    __ lsl(r0, r0, Operand(kPointerSizeLog2 - kSmiTagSize));
+    __ add(r0, fp, r0);
 
     // Copy the arguments (including the receiver) to the new stack frame.
     // r0: copy start address
     // r1: function
     // r2: expected number of arguments
     // r3: code entry to call
     Label copy;
     __ bind(&copy);
     // Adjust load for return address and receiver.
     __ ldr(ip, MemOperand(r0, 2 * kPointerSize));
     __ push(ip);
     __ cmp(r0, fp);  // Compare before moving to next argument.
     __ sub(r0, r0, Operand(kPointerSize));
     __ b(ne, &copy);
 
     // Fill the remaining expected arguments with undefined.
     // r1: function
     // r2: expected number of arguments
     // r3: code entry to call
     __ LoadRoot(ip, Heap::kUndefinedValueRootIndex);
-    __ sub(r2, fp, Operand(r2, LSL, kPointerSizeLog2));
+    __ lsl(r2, r2, Operand(kPointerSizeLog2));
+    __ sub(r2, fp, r2);
     __ sub(r2, r2, Operand(4 * kPointerSize));  // Adjust for frame.
 
     Label fill;
     __ bind(&fill);
     __ push(ip);
     __ cmp(sp, r2);
     __ b(ne, &fill);
   }
 
   // Call the entry point.
   __ bind(&invoke);
-  __ Call(r3);
+  __ jsr(r3);
 
   // Store offset of return address for deoptimizer.
   masm->isolate()->heap()->SetArgumentsAdaptorDeoptPCOffset(masm->pc_offset());
 
   // Exit frame and return.
   LeaveArgumentsAdaptorFrame(masm);
-  __ Jump(lr);
+  __ rts();
 
 
   // -------------------------------------------
   // Dont adapt arguments.
   // -------------------------------------------
   __ bind(&dont_adapt_arguments);
-  __ Jump(r3);
+  __ jmp(r3);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
-#endif  // V8_TARGET_ARCH_ARM
+#endif  // V8_TARGET_ARCH_SH4