First draft of the sh4 port

src/sh4/ic-sh4.cc

-// Copyright 2012 the V8 project authors. All rights reserved.
+// Copyright 2011-2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
 //       with the distribution.
 //     * Neither the name of Google Inc. nor the names of its
 //       contributors may be used to endorse or promote products derived
 //       from this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "v8.h"
 
-#if defined(V8_TARGET_ARCH_ARM)
+#if defined(V8_TARGET_ARCH_SH4)
 
-#include "assembler-arm.h"
+#include "assembler-sh4.h"
 #include "code-stubs.h"
 #include "codegen.h"
 #include "disasm.h"
 #include "ic-inl.h"
 #include "runtime.h"
 #include "stub-cache.h"
 
 namespace v8 {
 namespace internal {
 
 
 // ----------------------------------------------------------------------------
 // Static IC stub generators.
 //
 
 #define __ ACCESS_MASM(masm)
 
+  // ARM to SH4 mapping
+#include "map-sh4.h"
 
 static void GenerateGlobalInstanceTypeCheck(MacroAssembler* masm,
                                             Register type,
                                             Label* global_object) {
   // Register usage:
   //   type: holds the receiver instance type on entry.
-  __ cmp(type, Operand(JS_GLOBAL_OBJECT_TYPE));
-  __ b(eq, global_object);
-  __ cmp(type, Operand(JS_BUILTINS_OBJECT_TYPE));
-  __ b(eq, global_object);
-  __ cmp(type, Operand(JS_GLOBAL_PROXY_TYPE));
-  __ b(eq, global_object);
+  __ cmpeq(type, Operand(JS_GLOBAL_OBJECT_TYPE));
+  __ bt(global_object);
+  __ cmpeq(type, Operand(JS_BUILTINS_OBJECT_TYPE));
+  __ bt(global_object);
+  __ cmpeq(type, Operand(JS_GLOBAL_PROXY_TYPE));
+  __ bt(global_object);
 }
 
 
 // Generated code falls through if the receiver is a regular non-global
 // JS object with slow properties and no interceptors.
 static void GenerateStringDictionaryReceiverCheck(MacroAssembler* masm,
                                                   Register receiver,
                                                   Register elements,
                                                   Register t0,
                                                   Register t1,
                                                   Label* miss) {
   // Register usage:
   //   receiver: holds the receiver on entry and is unchanged.
   //   elements: holds the property dictionary on fall through.
   // Scratch registers:
   //   t0: used to holds the receiver map.
   //   t1: used to holds the receiver instance type, receiver bit mask and
   //       elements map.
 
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, miss);
 
   // Check that the receiver is a valid JS object.
-  __ CompareObjectType(receiver, t0, t1, FIRST_SPEC_OBJECT_TYPE);
-  __ b(lt, miss);
+  __ CompareObjectType(receiver, t0, t1, FIRST_SPEC_OBJECT_TYPE, ge);
+  __ bf(miss);
 
   // If this assert fails, we have to check upper bound too.
   STATIC_ASSERT(LAST_TYPE == LAST_SPEC_OBJECT_TYPE);
 
   GenerateGlobalInstanceTypeCheck(masm, t1, miss);
 
   // Check that the global object does not require access checks.
   __ ldrb(t1, FieldMemOperand(t0, Map::kBitFieldOffset));
   __ tst(t1, Operand((1 << Map::kIsAccessCheckNeeded) |
                      (1 << Map::kHasNamedInterceptor)));
-  __ b(ne, miss);
+  __ bf(miss);
 
   __ ldr(elements, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
   __ ldr(t1, FieldMemOperand(elements, HeapObject::kMapOffset));
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
-  __ cmp(t1, ip);
-  __ b(ne, miss);
+  __ cmpeq(t1, ip);
+  __ bf(miss);
 }
 
 
 // Helper function used from LoadIC/CallIC GenerateNormal.
 //
 // elements: Property dictionary. It is not clobbered if a jump to the miss
 //           label is done.
 // name:     Property name. It is not clobbered if a jump to the miss label is
 //           done
 // result:   Register for the result. It is only updated if a jump to the miss
@@ skipping 78 matching lines @@
   // is a normal property that is not read only.
   __ bind(&done);  // scratch2 == elements + 4 * index
   const int kElementsStartOffset = StringDictionary::kHeaderSize +
       StringDictionary::kElementsStartIndex * kPointerSize;
   const int kDetailsOffset = kElementsStartOffset + 2 * kPointerSize;
   const int kTypeAndReadOnlyMask =
       (PropertyDetails::TypeField::kMask |
        PropertyDetails::AttributesField::encode(READ_ONLY)) << kSmiTagSize;
   __ ldr(scratch1, FieldMemOperand(scratch2, kDetailsOffset));
   __ tst(scratch1, Operand(kTypeAndReadOnlyMask));
-  __ b(ne, miss);
+  __ bf(miss);
 
   // Store the value at the masked, scaled index and return.
   const int kValueOffset = kElementsStartOffset + kPointerSize;
   __ add(scratch2, scratch2, Operand(kValueOffset - kHeapObjectTag));
   __ str(value, MemOperand(scratch2));
 
   // Update the write barrier. Make sure not to clobber the value.
   __ mov(scratch1, value);
   __ RecordWrite(
       elements, scratch2, scratch1, kLRHasNotBeenSaved, kDontSaveFPRegs);
@@ skipping 63 matching lines @@
   __ ldrb(scratch, FieldMemOperand(map, Map::kBitFieldOffset));
   __ tst(scratch,
          Operand((1 << Map::kIsAccessCheckNeeded) | (1 << interceptor_bit)));
   __ b(ne, slow);
   // Check that the object is some kind of JS object EXCEPT JS Value type.
   // In the case that the object is a value-wrapper object,
   // we enter the runtime system to make sure that indexing into string
   // objects work as intended.
   ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE);
   __ ldrb(scratch, FieldMemOperand(map, Map::kInstanceTypeOffset));
-  __ cmp(scratch, Operand(JS_OBJECT_TYPE));
-  __ b(lt, slow);
+  __ cmpge(scratch, Operand(JS_OBJECT_TYPE));
+  __ bf(slow);
 }
 
 
 // Loads an indexed element from a fast case array.
 // If not_fast_array is NULL, doesn't perform the elements map check.
 static void GenerateFastArrayLoad(MacroAssembler* masm,
                                   Register receiver,
                                   Register key,
                                   Register elements,
                                   Register scratch1,
@@ skipping 28 matching lines @@
     // Check that the object is in fast mode and writable.
     __ ldr(scratch1, FieldMemOperand(elements, HeapObject::kMapOffset));
     __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
     __ cmp(scratch1, ip);
     __ b(ne, not_fast_array);
   } else {
     __ AssertFastElements(elements);
   }
   // Check that the key (index) is within bounds.
   __ ldr(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset));
-  __ cmp(key, Operand(scratch1));
-  __ b(hs, out_of_range);
+  __ cmphs(key, scratch1);
+  __ bt(out_of_range);
   // Fast case: Do the load.
   __ add(scratch1, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
   // The key is a smi.
   STATIC_ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
-  __ ldr(scratch2,
-         MemOperand(scratch1, key, LSL, kPointerSizeLog2 - kSmiTagSize));
+  __ lsl(scratch2, key, Operand(kPointerSizeLog2 - kSmiTagSize));
+  __ ldr(scratch2, MemOperand(scratch1, scratch2));
   __ LoadRoot(ip, Heap::kTheHoleValueRootIndex);
   __ cmp(scratch2, ip);
   // In case the loaded value is the_hole we have to consult GetProperty
   // to ensure the prototype chain is searched.
   __ b(eq, out_of_range);
   __ mov(result, scratch2);
 }
 
 
 // Checks whether a key is an array index string or a symbol string.
 // Falls through if a key is a symbol.
 static void GenerateKeyStringCheck(MacroAssembler* masm,
                                    Register key,
                                    Register map,
                                    Register hash,
                                    Label* index_string,
                                    Label* not_symbol) {
   // The key is not a smi.
   // Is it a string?
-  __ CompareObjectType(key, map, hash, FIRST_NONSTRING_TYPE);
-  __ b(ge, not_symbol);
+  __ CompareObjectType(key, map, hash, FIRST_NONSTRING_TYPE, ge);
+  __ bt(not_symbol);
 
   // Is the string an array index, with cached numeric value?
   __ ldr(hash, FieldMemOperand(key, String::kHashFieldOffset));
   __ tst(hash, Operand(String::kContainsCachedArrayIndexMask));
   __ b(eq, index_string);
 
   // Is the string a symbol?
   // map: key map
   __ ldrb(hash, FieldMemOperand(map, Map::kInstanceTypeOffset));
   STATIC_ASSERT(kSymbolTag != 0);
@@ skipping 25 matching lines @@
                                          argc);
   Isolate::Current()->stub_cache()->GenerateProbe(
       masm, flags, r1, r2, r3, r4, r5, r6);
 
   // If the stub cache probing failed, the receiver might be a value.
   // For value objects, we use the map of the prototype objects for
   // the corresponding JSValue for the cache and that is what we need
   // to probe.
   //
   // Check for number.
-  __ JumpIfSmi(r1, &number);
-  __ CompareObjectType(r1, r3, r3, HEAP_NUMBER_TYPE);
-  __ b(ne, &non_number);
+  __ JumpIfSmi(r1, &number, Label::kNear);
+  __ CompareObjectType(r1, r3, r3, HEAP_NUMBER_TYPE, eq);
+  __ bf_near(&non_number);
   __ bind(&number);
   StubCompiler::GenerateLoadGlobalFunctionPrototype(
       masm, Context::NUMBER_FUNCTION_INDEX, r1);
   __ b(&probe);
 
   // Check for string.
   __ bind(&non_number);
-  __ cmp(r3, Operand(FIRST_NONSTRING_TYPE));
-  __ b(hs, &non_string);
+  __ cmphs(r3, Operand(FIRST_NONSTRING_TYPE));
+  __ bt_near(&non_string);
   StubCompiler::GenerateLoadGlobalFunctionPrototype(
       masm, Context::STRING_FUNCTION_INDEX, r1);
   __ b(&probe);
 
   // Check for boolean.
   __ bind(&non_string);
   __ LoadRoot(ip, Heap::kTrueValueRootIndex);
   __ cmp(r1, ip);
   __ b(eq, &boolean);
   __ LoadRoot(ip, Heap::kFalseValueRootIndex);
@@ skipping 15 matching lines @@
 static void GenerateFunctionTailCall(MacroAssembler* masm,
                                      int argc,
                                      Label* miss,
                                      Register scratch) {
   // r1: function
 
   // Check that the value isn't a smi.
   __ JumpIfSmi(r1, miss);
 
   // Check that the value is a JSFunction.
-  __ CompareObjectType(r1, scratch, scratch, JS_FUNCTION_TYPE);
-  __ b(ne, miss);
+  __ CompareObjectType(r1, scratch, scratch, JS_FUNCTION_TYPE, eq);
+  __ bf(miss);
 
   // Invoke the function.
   ParameterCount actual(argc);
   __ InvokeFunction(r1, actual, JUMP_FUNCTION,
                     NullCallWrapper(), CALL_AS_METHOD);
 }
 
 
 void CallICBase::GenerateNormal(MacroAssembler* masm, int argc) {
   // ----------- S t a t e -------------
@@ skipping 43 matching lines @@
     __ Push(r3, r2);
 
     // Call the entry.
     __ mov(r0, Operand(2));
     __ mov(r1, Operand(ExternalReference(IC_Utility(id), isolate)));
 
     CEntryStub stub(1);
     __ CallStub(&stub);
 
     // Move result to r1 and leave the internal frame.
-    __ mov(r1, Operand(r0));
+    __ mov(r1, r0);
   }
 
   // Check if the receiver is a global object of some sort.
   // This can happen only for regular CallIC but not KeyedCallIC.
   if (id == IC::kCallIC_Miss) {
     Label invoke, global;
     __ ldr(r2, MemOperand(sp, argc * kPointerSize));  // receiver
-    __ JumpIfSmi(r2, &invoke);
-    __ CompareObjectType(r2, r3, r3, JS_GLOBAL_OBJECT_TYPE);
-    __ b(eq, &global);
-    __ cmp(r3, Operand(JS_BUILTINS_OBJECT_TYPE));
-    __ b(ne, &invoke);
+    __ JumpIfSmi(r2, &invoke, Label::kNear);
+    __ CompareObjectType(r2, r3, r3, JS_GLOBAL_OBJECT_TYPE, eq);
+    __ bt_near(&global);
+    __ cmpeq(r3, Operand(JS_BUILTINS_OBJECT_TYPE));
+    __ bf_near(&invoke);
 
     // Patch the receiver on the stack.
     __ bind(&global);
     __ ldr(r2, FieldMemOperand(r2, GlobalObject::kGlobalReceiverOffset));
     __ str(r2, MemOperand(sp, argc * kPointerSize));
     __ bind(&invoke);
   }
 
   // Invoke the function.
   CallKind call_kind = CallICBase::Contextual::decode(extra_state)
@@ skipping 57 matching lines @@
   GenerateFunctionTailCall(masm, argc, &slow_call, r0);
 
   __ bind(&check_number_dictionary);
   // r2: key
   // r3: elements map
   // r4: elements
   // Check whether the elements is a number dictionary.
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
   __ cmp(r3, ip);
   __ b(ne, &slow_load);
-  __ mov(r0, Operand(r2, ASR, kSmiTagSize));
+  __ asr(r0, r2, Operand(kSmiTagSize));
   // r0: untagged index
   __ LoadFromNumberDictionary(&slow_load, r4, r2, r1, r0, r3, r5);
   __ IncrementCounter(counters->keyed_call_generic_smi_dict(), 1, r0, r3);
   __ jmp(&do_call);
 
   __ bind(&slow_load);
   // This branch is taken when calling KeyedCallIC_Miss is neither required
   // nor beneficial.
   __ IncrementCounter(counters->keyed_call_generic_slow_load(), 1, r0, r3);
   {
@@ skipping 140 matching lines @@
                                                 Register scratch3,
                                                 Label* unmapped_case,
                                                 Label* slow_case) {
   Heap* heap = masm->isolate()->heap();
 
   // Check that the receiver is a JSObject. Because of the map check
   // later, we do not need to check for interceptors or whether it
   // requires access checks.
   __ JumpIfSmi(object, slow_case);
   // Check that the object is some kind of JSObject.
-  __ CompareObjectType(object, scratch1, scratch2, FIRST_JS_RECEIVER_TYPE);
-  __ b(lt, slow_case);
+  __ CompareObjectType(object, scratch1, scratch2, FIRST_JS_RECEIVER_TYPE, ge);
+  __ bf(slow_case);
 
   // Check that the key is a positive smi.
   __ tst(key, Operand(0x80000001));
   __ b(ne, slow_case);
 
   // Load the elements into scratch1 and check its map.
   Handle<Map> arguments_map(heap->non_strict_arguments_elements_map());
   __ ldr(scratch1, FieldMemOperand(object, JSObject::kElementsOffset));
   __ CheckMap(scratch1, scratch2, arguments_map, slow_case, DONT_DO_SMI_CHECK);
 
   // Check if element is in the range of mapped arguments. If not, jump
   // to the unmapped lookup with the parameter map in scratch1.
   __ ldr(scratch2, FieldMemOperand(scratch1, FixedArray::kLengthOffset));
   __ sub(scratch2, scratch2, Operand(Smi::FromInt(2)));
-  __ cmp(key, Operand(scratch2));
-  __ b(cs, unmapped_case);
+  __ cmphs(key, scratch2);
+  __ b(t, unmapped_case);
 
   // Load element index and check whether it is the hole.
   const int kOffset =
       FixedArray::kHeaderSize + 2 * kPointerSize - kHeapObjectTag;
 
   __ mov(scratch3, Operand(kPointerSize >> 1));
   __ mul(scratch3, key, scratch3);
   __ add(scratch3, scratch3, Operand(kOffset));
 
   __ ldr(scratch2, MemOperand(scratch1, scratch3));
@@ skipping 21 matching lines @@
   // second element of the parameter_map. The parameter_map register
   // must be loaded with the parameter map of the arguments object and is
   // overwritten.
   const int kBackingStoreOffset = FixedArray::kHeaderSize + kPointerSize;
   Register backing_store = parameter_map;
   __ ldr(backing_store, FieldMemOperand(parameter_map, kBackingStoreOffset));
   Handle<Map> fixed_array_map(masm->isolate()->heap()->fixed_array_map());
   __ CheckMap(backing_store, scratch, fixed_array_map, slow_case,
               DONT_DO_SMI_CHECK);
   __ ldr(scratch, FieldMemOperand(backing_store, FixedArray::kLengthOffset));
-  __ cmp(key, Operand(scratch));
-  __ b(cs, slow_case);
+  __ cmphs(key, scratch);
+  __ b(t, slow_case);
   __ mov(scratch, Operand(kPointerSize >> 1));
   __ mul(scratch, key, scratch);
   __ add(scratch,
          scratch,
          Operand(FixedArray::kHeaderSize - kHeapObjectTag));
   return MemOperand(backing_store, scratch);
 }
 
 
 void KeyedLoadIC::GenerateNonStrictArguments(MacroAssembler* masm) {
@@ skipping 148 matching lines @@
 
   __ bind(&check_number_dictionary);
   __ ldr(r4, FieldMemOperand(receiver, JSObject::kElementsOffset));
   __ ldr(r3, FieldMemOperand(r4, JSObject::kMapOffset));
 
   // Check whether the elements is a number dictionary.
   // r0: key
   // r3: elements map
   // r4: elements
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
-  __ cmp(r3, ip);
-  __ b(ne, &slow);
-  __ mov(r2, Operand(r0, ASR, kSmiTagSize));
+  __ cmpeq(r3, ip);
+  __ bf(&slow);
+  __ asr(r2, r0, Operand(kSmiTagSize));
   __ LoadFromNumberDictionary(&slow, r4, r0, r0, r2, r3, r5);
   __ Ret();
 
   // Slow case, key and receiver still in r0 and r1.
   __ bind(&slow);
   __ IncrementCounter(isolate->counters()->keyed_load_generic_slow(),
                       1, r2, r3);
   GenerateRuntimeGetProperty(masm);
 
   __ bind(&check_string);
   GenerateKeyStringCheck(masm, key, r2, r3, &index_string, &slow);
 
   GenerateKeyedLoadReceiverCheck(
       masm, receiver, r2, r3, Map::kHasNamedInterceptor, &slow);
 
   // If the receiver is a fast-case object, check the keyed lookup
   // cache. Otherwise probe the dictionary.
   __ ldr(r3, FieldMemOperand(r1, JSObject::kPropertiesOffset));
   __ ldr(r4, FieldMemOperand(r3, HeapObject::kMapOffset));
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
   __ cmp(r4, ip);
-  __ b(eq, &probe_dictionary);
+  __ bt(&probe_dictionary);
 
   // Load the map of the receiver, compute the keyed lookup cache hash
   // based on 32 bits of the map pointer and the string hash.
   __ ldr(r2, FieldMemOperand(r1, HeapObject::kMapOffset));
-  __ mov(r3, Operand(r2, ASR, KeyedLookupCache::kMapHashShift));
+  __ asr(r3, r2, Operand(KeyedLookupCache::kMapHashShift));
   __ ldr(r4, FieldMemOperand(r0, String::kHashFieldOffset));
-  __ eor(r3, r3, Operand(r4, ASR, String::kHashShift));
+  __ asr(r4, r4, Operand(String::kHashShift));
+  __ eor(r3, r3, r4);
   int mask = KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask;
-  __ And(r3, r3, Operand(mask));
+  __ land(r3, r3, Operand(mask));
 
   // Load the key (consisting of map and symbol) from the cache and
   // check for match.
   Label load_in_object_property;
   static const int kEntriesPerBucket = KeyedLookupCache::kEntriesPerBucket;
   Label hit_on_nth_entry[kEntriesPerBucket];
   ExternalReference cache_keys =
       ExternalReference::keyed_lookup_cache_keys(isolate);
 
   __ mov(r4, Operand(cache_keys));
-  __ add(r4, r4, Operand(r3, LSL, kPointerSizeLog2 + 1));
+  __ lsl(r5, r3, Operand(kPointerSizeLog2 + 1));
+  __ add(r4, r4, r5);
 
   for (int i = 0; i < kEntriesPerBucket - 1; i++) {
     Label try_next_entry;
     // Load map and move r4 to next entry.
     __ ldr(r5, MemOperand(r4, kPointerSize * 2, PostIndex));
     __ cmp(r2, r5);
     __ b(ne, &try_next_entry);
     __ ldr(r5, MemOperand(r4, -kPointerSize));  // Load symbol
     __ cmp(r0, r5);
     __ b(eq, &hit_on_nth_entry[i]);
     __ bind(&try_next_entry);
   }
 
   // Last entry: Load map and move r4 to symbol.
   __ ldr(r5, MemOperand(r4, kPointerSize, PostIndex));
   __ cmp(r2, r5);
   __ b(ne, &slow);
   __ ldr(r5, MemOperand(r4));
-  __ cmp(r0, r5);
-  __ b(ne, &slow);
+  __ cmpeq(r0, r5);
+  __ bf(&slow);
 
   // Get field offset.
   // r0     : key
   // r1     : receiver
   // r2     : receiver's map
   // r3     : lookup cache index
   ExternalReference cache_field_offsets =
       ExternalReference::keyed_lookup_cache_field_offsets(isolate);
 
   // Hit on nth entry.
   for (int i = kEntriesPerBucket - 1; i >= 0; i--) {
     __ bind(&hit_on_nth_entry[i]);
     __ mov(r4, Operand(cache_field_offsets));
     if (i != 0) {
       __ add(r3, r3, Operand(i));
     }
-    __ ldr(r5, MemOperand(r4, r3, LSL, kPointerSizeLog2));
+    __ lsl(r6, r3, Operand(kPointerSizeLog2));
+    __ ldr(r5, MemOperand(r4, r6));
     __ ldrb(r6, FieldMemOperand(r2, Map::kInObjectPropertiesOffset));
-    __ sub(r5, r5, r6, SetCC);
-    __ b(ge, &property_array_property);
+    __ sub(r5, r5, r6);
+    __ cmpge(r5, Operand(0));
+    __ bt(&property_array_property);
     if (i != 0) {
       __ jmp(&load_in_object_property);
     }
   }
 
   // Load in-object property.
   __ bind(&load_in_object_property);
   __ ldrb(r6, FieldMemOperand(r2, Map::kInstanceSizeOffset));
   __ add(r6, r6, r5);  // Index from start of object.
   __ sub(r1, r1, Operand(kHeapObjectTag));  // Remove the heap tag.
-  __ ldr(r0, MemOperand(r1, r6, LSL, kPointerSizeLog2));
+  __ lsl(r0, r6, Operand(kPointerSizeLog2));
+  __ ldr(r0, MemOperand(r1, r0));
   __ IncrementCounter(isolate->counters()->keyed_load_generic_lookup_cache(),
                       1, r2, r3);
   __ Ret();
 
   // Load property array property.
   __ bind(&property_array_property);
   __ ldr(r1, FieldMemOperand(r1, JSObject::kPropertiesOffset));
   __ add(r1, r1, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ ldr(r0, MemOperand(r1, r5, LSL, kPointerSizeLog2));
+  __ lsl(r0, r5, Operand(kPointerSizeLog2));
+  __ ldr(r0, MemOperand(r1, r0));
   __ IncrementCounter(isolate->counters()->keyed_load_generic_lookup_cache(),
                       1, r2, r3);
   __ Ret();
 
   // Do a quick inline probe of the receiver's dictionary, if it
   // exists.
   __ bind(&probe_dictionary);
   // r1: receiver
   // r0: key
   // r3: elements
@@ skipping 47 matching lines @@
 
 void KeyedLoadIC::GenerateIndexedInterceptor(MacroAssembler* masm) {
   // ---------- S t a t e --------------
   //  -- lr     : return address
   //  -- r0     : key
   //  -- r1     : receiver
   // -----------------------------------
   Label slow;
 
   // Check that the receiver isn't a smi.
-  __ JumpIfSmi(r1, &slow);
+  __ JumpIfSmi(r1, &slow, Label::kNear);
 
   // Check that the key is an array index, that is Uint32.
   __ tst(r0, Operand(kSmiTagMask | kSmiSignMask));
-  __ b(ne, &slow);
+  __ bf_near(&slow);
 
   // Get the map of the receiver.
   __ ldr(r2, FieldMemOperand(r1, HeapObject::kMapOffset));
 
   // Check that it has indexed interceptor and access checks
   // are not enabled for this object.
   __ ldrb(r3, FieldMemOperand(r2, Map::kBitFieldOffset));
-  __ and_(r3, r3, Operand(kSlowCaseBitFieldMask));
-  __ cmp(r3, Operand(1 << Map::kHasIndexedInterceptor));
-  __ b(ne, &slow);
+  __ land(r3, r3, Operand(kSlowCaseBitFieldMask));
+  __ cmpeq(r3, Operand(1 << Map::kHasIndexedInterceptor));
+  __ bf_near(&slow);
 
   // Everything is fine, call runtime.
   __ Push(r1, r0);  // Receiver, key.
 
   // Perform tail call to the entry.
   __ TailCallExternalReference(
       ExternalReference(IC_Utility(kKeyedLoadPropertyWithInterceptor),
                         masm->isolate()),
       2,
       1);
@@ skipping 133 matching lines @@
   Label non_smi_value;
   __ JumpIfNotSmi(value, &non_smi_value);
 
   if (increment_length == kIncrementLength) {
     // Add 1 to receiver->length.
     __ add(scratch_value, key, Operand(Smi::FromInt(1)));
     __ str(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
   }
   // It's irrelevant whether array is smi-only or not when writing a smi.
   __ add(address, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ add(address, address, Operand(key, LSL, kPointerSizeLog2 - kSmiTagSize));
+  __ lsl(scratch_value, address, Operand(kPointerSizeLog2 - kSmiTagSize));
+  __ add(address, address, scratch_value);
   __ str(value, MemOperand(address));
   __ Ret();
 
   __ bind(&non_smi_value);
   // Escape to elements kind transition case.
   __ CheckFastObjectElements(receiver_map, scratch_value,
                              &transition_smi_elements);
 
   // Fast elements array, store the value to the elements backing store.
   __ bind(&finish_object_store);
   if (increment_length == kIncrementLength) {
     // Add 1 to receiver->length.
     __ add(scratch_value, key, Operand(Smi::FromInt(1)));
     __ str(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
   }
   __ add(address, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ add(address, address, Operand(key, LSL, kPointerSizeLog2 - kSmiTagSize));
+  __ lsl(scratch_value, key, Operand(kPointerSizeLog2 - kSmiTagSize));
+  __ add(address, address, scratch_value);
   __ str(value, MemOperand(address));
   // Update write barrier for the elements array address.
   __ mov(scratch_value, value);  // Preserve the value which is returned.
   __ RecordWrite(elements,
                  address,
                  scratch_value,
                  kLRHasNotBeenSaved,
                  kDontSaveFPRegs,
                  EMIT_REMEMBERED_SET,
                  OMIT_SMI_CHECK);
@@ skipping 84 matching lines @@
   // Register usage.
   Register value = r0;
   Register key = r1;
   Register receiver = r2;
   Register receiver_map = r3;
   Register elements_map = r6;
   Register elements = r7;  // Elements array of the receiver.
   // r4 and r5 are used as general scratch registers.
 
   // Check that the key is a smi.
-  __ JumpIfNotSmi(key, &slow);
+  __ JumpIfNotSmi(key, &slow, Label::kNear);
   // Check that the object isn't a smi.
-  __ JumpIfSmi(receiver, &slow);
+  __ JumpIfSmi(receiver, &slow, Label::kNear);
   // Get the map of the object.
   __ ldr(receiver_map, FieldMemOperand(receiver, HeapObject::kMapOffset));
   // Check that the receiver does not require access checks.  We need
   // to do this because this generic stub does not perform map checks.
   __ ldrb(ip, FieldMemOperand(receiver_map, Map::kBitFieldOffset));
   __ tst(ip, Operand(1 << Map::kIsAccessCheckNeeded));
-  __ b(ne, &slow);
+  __ bf_near(&slow);
   // Check if the object is a JS array or not.
   __ ldrb(r4, FieldMemOperand(receiver_map, Map::kInstanceTypeOffset));
   __ cmp(r4, Operand(JS_ARRAY_TYPE));
   __ b(eq, &array);
   // Check that the object is some kind of JSObject.
-  __ cmp(r4, Operand(FIRST_JS_OBJECT_TYPE));
-  __ b(lt, &slow);
+  __ cmpge(r4, Operand(FIRST_JS_OBJECT_TYPE));
+  __ bf_near(&slow);
 
   // Object case: Check key against length in the elements array.
   __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
   // Check array bounds. Both the key and the length of FixedArray are smis.
   __ ldr(ip, FieldMemOperand(elements, FixedArray::kLengthOffset));
-  __ cmp(key, Operand(ip));
-  __ b(lo, &fast_object);
+  __ cmphs(key, ip);
+  __ bf(&fast_object);
 
   // Slow case, handle jump to runtime.
   __ bind(&slow);
   // Entry registers are intact.
   // r0: value.
   // r1: key.
   // r2: receiver.
   GenerateRuntimeSetProperty(masm, strict_mode);
 
   // Extra capacity case: Check if there is extra capacity to
   // perform the store and update the length. Used for adding one
   // element to the array by writing to array[array.length].
   __ bind(&extra);
   // Condition code from comparing key and array length is still available.
-  __ b(ne, &slow);  // Only support writing to writing to array[array.length].
+  __ ldr(ip, FieldMemOperand(elements, FixedArray::kLengthOffset));
+  __ cmpeq(key, ip);
+  __ bf(&slow);  // Only support writing to writing to array[array.length].
   // Check for room in the elements backing store.
   // Both the key and the length of FixedArray are smis.
   __ ldr(ip, FieldMemOperand(elements, FixedArray::kLengthOffset));
-  __ cmp(key, Operand(ip));
-  __ b(hs, &slow);
+  __ cmphs(key, ip);
+  __ bt(&slow);
   __ ldr(elements_map, FieldMemOperand(elements, HeapObject::kMapOffset));
   __ cmp(elements_map,
          Operand(masm->isolate()->factory()->fixed_array_map()));
   __ b(ne, &check_if_double_array);
   __ jmp(&fast_object_grow);
 
   __ bind(&check_if_double_array);
   __ cmp(elements_map,
          Operand(masm->isolate()->factory()->fixed_double_array_map()));
   __ b(ne, &slow);
   __ jmp(&fast_double_grow);
 
   // Array case: Get the length and the elements array from the JS
   // array. Check that the array is in fast mode (and writable); if it
   // is the length is always a smi.
   __ bind(&array);
   __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
 
   // Check the key against the length in the array.
   __ ldr(ip, FieldMemOperand(receiver, JSArray::kLengthOffset));
-  __ cmp(key, Operand(ip));
-  __ b(hs, &extra);
+  __ cmphs(key, ip);
+  __ bt(&extra);
+  // Fall through to fast case.
 
   KeyedStoreGenerateGenericHelper(masm, &fast_object, &fast_double,
                                   &slow, kCheckMap, kDontIncrementLength,
                                   value, key, receiver, receiver_map,
                                   elements_map, elements);
   KeyedStoreGenerateGenericHelper(masm, &fast_object_grow, &fast_double_grow,
                                   &slow, kDontCheckMap, kIncrementLength,
                                   value, key, receiver, receiver_map,
                                   elements_map, elements);
 }
@@ skipping 53 matching lines @@
   Label miss;
 
   Register receiver = r1;
   Register value = r0;
   Register scratch = r3;
 
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, &miss);
 
   // Check that the object is a JS array.
-  __ CompareObjectType(receiver, scratch, scratch, JS_ARRAY_TYPE);
-  __ b(ne, &miss);
+  __ CompareObjectType(receiver, scratch, scratch, JS_ARRAY_TYPE, eq);
+  __ bf(&miss);
 
   // Check that elements are FixedArray.
   // We rely on StoreIC_ArrayLength below to deal with all types of
   // fast elements (including COW).
   __ ldr(scratch, FieldMemOperand(receiver, JSArray::kElementsOffset));
-  __ CompareObjectType(scratch, scratch, scratch, FIXED_ARRAY_TYPE);
+  __ CompareObjectType(scratch, scratch, scratch, FIXED_ARRAY_TYPE, eq);
   __ b(ne, &miss);
 
   // Check that the array has fast properties, otherwise the length
   // property might have been redefined.
   __ ldr(scratch, FieldMemOperand(receiver, JSArray::kPropertiesOffset));
   __ ldr(scratch, FieldMemOperand(scratch, FixedArray::kMapOffset));
   __ CompareRoot(scratch, Heap::kHashTableMapRootIndex);
   __ b(eq, &miss);
 
   // Check that value is a smi.
@@ skipping 106 matching lines @@
 
   // Activate inlined smi code.
   if (previous_state == UNINITIALIZED) {
     PatchInlinedSmiCode(address(), ENABLE_INLINED_SMI_CHECK);
   }
 }
 
 
 void PatchInlinedSmiCode(Address address, InlinedSmiCheck check) {
   Address cmp_instruction_address =
-      Assembler::return_address_from_call_start(address);
+      address + Assembler::kCallTargetAddressOffset;
 
-  // If the instruction following the call is not a cmp rx, #yyy, nothing
+  // If the instruction following the call is not a cmp #ii, rx, nothing
   // was inlined.
   Instr instr = Assembler::instr_at(cmp_instruction_address);
   if (!Assembler::IsCmpImmediate(instr)) {
     return;
   }
 
   // The delta to the start of the map check instruction and the
   // condition code uses at the patched jump.
-  int delta = Assembler::GetCmpImmediateRawImmediate(instr);
-  delta +=
-      Assembler::GetCmpImmediateRegister(instr).code() * kOff12Mask;
-  // If the delta is 0 the instruction is cmp r0, #0 which also signals that
+  int delta = Assembler::GetCmpImmediateAsUnsigned(instr);
+  // TODO(stm): is this needed for ST40 ?
+  // delta += Assembler::GetCmpImmediateRegister(instr).code() * kOff12Mask
+
+  // If the delta is 0 the instruction is cmp #0, r0 which also signals that
   // nothing was inlined.
   if (delta == 0) {
     return;
   }
 
 #ifdef DEBUG
   if (FLAG_trace_ic) {
     PrintF("[  patching ic at %p, cmp=%p, delta=%d\n",
            address, cmp_instruction_address, delta);
   }
 #endif
 
   Address patch_address =
-      cmp_instruction_address - delta * Instruction::kInstrSize;
+      cmp_instruction_address - delta * Assembler::kInstrSize;
   Instr instr_at_patch = Assembler::instr_at(patch_address);
+#ifdef DEBUG
+  Instr instr_before_patch =
+    Assembler::instr_at(patch_address - Assembler::kInstrSize);
+#endif
   Instr branch_instr =
-      Assembler::instr_at(patch_address + Instruction::kInstrSize);
-  // This is patching a conditional "jump if not smi/jump if smi" site.
-  // Enabling by changing from
-  //   cmp rx, rx
-  //   b eq/ne, <target>
-  // to
-  //   tst rx, #kSmiTagMask
-  //   b ne/eq, <target>
-  // and vice-versa to be disabled again.
-  CodePatcher patcher(patch_address, 2);
-  Register reg = Assembler::GetRn(instr_at_patch);
-  if (check == ENABLE_INLINED_SMI_CHECK) {
-    ASSERT(Assembler::IsCmpRegister(instr_at_patch));
-    ASSERT_EQ(Assembler::GetRn(instr_at_patch).code(),
-              Assembler::GetRm(instr_at_patch).code());
-    patcher.masm()->tst(reg, Operand(kSmiTagMask));
+      Assembler::instr_at(patch_address + Assembler::kInstrSize);
+  ASSERT(Assembler::IsCmpRegister(instr_at_patch));
+  ASSERT_EQ(Assembler::GetRn(instr_at_patch).code(),
+            Assembler::GetRm(instr_at_patch).code());
+  ASSERT(Assembler::IsMovImmediate(instr_before_patch));
+  ASSERT_EQ(Assembler::GetRn(instr_before_patch).code(), sh4_ip.code());
+  ASSERT(Assembler::IsBranch(branch_instr));
+  if (Assembler::GetCondition(branch_instr) == f) {
+    // This is patching a "jump if not smi" site to be active.
+    // Changing
+    //   mov #kSmiTagMask, sh4_ip
+    //   cmp rx, rx
+    //   bf <skip>        // actually a bt <target>
+    //   ...
+    //   bra <target>
+    //   skip:
+    // to
+    //   mov #kSmiTagMask, sh4_ip
+    //   tst rx, sh4_ip
+    //   bt <skip>       // actually implements a bf <target>
+    //   ...
+    CodePatcher patcher(patch_address, 2);
+    Register reg = Assembler::GetRn(instr_at_patch);
+    patcher.masm()->tst(reg, sh4_ip);
+    patcher.EmitCondition(t);
   } else {
-    ASSERT(check == DISABLE_INLINED_SMI_CHECK);
-    ASSERT(Assembler::IsTstImmediate(instr_at_patch));
-    patcher.masm()->cmp(reg, reg);
-  }
-  ASSERT(Assembler::IsBranch(branch_instr));
-  if (Assembler::GetCondition(branch_instr) == eq) {
-    patcher.EmitCondition(ne);
-  } else {
-    ASSERT(Assembler::GetCondition(branch_instr) == ne);
-    patcher.EmitCondition(eq);
+    ASSERT(Assembler::GetCondition(branch_instr) == t);
+    // This is patching a "jump if smi" site to be active.
+    // Changing
+    //   mov #kSmiTagMask, sh4_ip
+    //   cmp rx, rx
+    //   bt <skip>        // actually a bf <target>
+    //   ...
+    //   bra <target>
+    //   skip:
+    // to
+    //   mov #kSmiTagMask, sh4_ip
+    //   tst rx, sh4_ip
+    //   bf <target>
+    //   ...
+    CodePatcher patcher(patch_address, 2);
+    Register reg = Assembler::GetRn(instr_at_patch);
+    patcher.masm()->tst(reg, sh4_ip);
+    patcher.EmitCondition(f);
   }
 }
 
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_ARM