VM: New calling convention for generated code.

runtime/vm/stub_code_x64.cc

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "vm/globals.h"
 #if defined(TARGET_ARCH_X64)
 
 #include "vm/assembler.h"
 #include "vm/compiler.h"
 #include "vm/dart_entry.h"
@@ skipping 259 matching lines @@
 
 
 // Input parameters:
 //   R10: arguments descriptor array.
 void StubCode::GenerateCallStaticFunctionStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ pushq(R10);  // Preserve arguments descriptor array.
   // Setup space on stack for return value.
   __ PushObject(Object::null_object(), PP);
   __ CallRuntime(kPatchStaticCallRuntimeEntry, 0);
-  __ popq(RAX);  // Get Code object result.
+  __ popq(CODE_REG);  // Get Code object result.
   __ popq(R10);  // Restore arguments descriptor array.
   // Remove the stub frame as we are about to jump to the dart function.
   __ LeaveStubFrame();
 
-  __ movq(RBX, FieldAddress(RAX, Code::instructions_offset()));
+  __ movq(RBX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RBX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RBX);
 }
 
 
 // Called from a static call only when an invalid code has been entered
 // (invalid because its function was optimized or deoptimized).
 // R10: arguments descriptor array.
 void StubCode::GenerateFixCallersTargetStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ pushq(R10);  // Preserve arguments descriptor array.
   // Setup space on stack for return value.
   __ PushObject(Object::null_object(), PP);
   __ CallRuntime(kFixCallersTargetRuntimeEntry, 0);
-  __ popq(RAX);  // Get Code object.
+  __ popq(CODE_REG);  // Get Code object.
   __ popq(R10);  // Restore arguments descriptor array.
-  __ movq(RAX, FieldAddress(RAX, Code::instructions_offset()));
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ LeaveStubFrame();
   __ jmp(RAX);
   __ int3();
 }
 
 
 // Called from object allocate instruction when the allocation stub has been
 // disabled.
 void StubCode::GenerateFixAllocationStubTargetStub(Assembler* assembler) {
   __ EnterStubFrame();
   // Setup space on stack for return value.
   __ PushObject(Object::null_object(), PP);
   __ CallRuntime(kFixAllocationStubTargetRuntimeEntry, 0);
-  __ popq(RAX);  // Get Code object.
-  __ movq(RAX, FieldAddress(RAX, Code::instructions_offset()));
+  __ popq(CODE_REG);  // Get Code object.
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ LeaveStubFrame();
   __ jmp(RAX);
   __ int3();
 }
 
 
 // Called from array allocate instruction when the allocation stub has been
 // disabled.
 // R10: length (preserved).
 // RBX: element type (preserved).
 void StubCode::GenerateFixAllocateArrayStubTargetStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ pushq(R10);       // Preserve length.
   __ pushq(RBX);       // Preserve element type.
   // Setup space on stack for return value.
   __ PushObject(Object::null_object(), PP);
   __ CallRuntime(kFixAllocationStubTargetRuntimeEntry, 0);
-  __ popq(RAX);  // Get Code object.
+  __ popq(CODE_REG);  // Get Code object.
   __ popq(RBX);   // Restore element type.
   __ popq(R10);   // Restore length.
-  __ movq(RAX, FieldAddress(RAX, Code::instructions_offset()));
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ LeaveStubFrame();
   __ jmp(RAX);
   __ int3();
 }
 
 
 // Input parameters:
 //   R10: smi-tagged argument count, may be zero.
 //   RBP[kParamEndSlotFromFp + 1]: last argument.
 static void PushArgumentsArray(Assembler* assembler) {
   StubCode* stub_code = Isolate::Current()->stub_code();
 
   __ LoadObject(R12, Object::null_object(), PP);
   // Allocate array to store arguments of caller.
   __ movq(RBX, R12);  // Null element type for raw Array.
   const Code& array_stub = Code::Handle(stub_code->GetAllocateArrayStub());
-  const ExternalLabel array_label(array_stub.EntryPoint());
-  __ call(&array_label);
+  __ Call(array_stub, PP);
   __ SmiUntag(R10);
   // RAX: newly allocated array.
   // R10: length of the array (was preserved by the stub).
   __ pushq(RAX);  // Array is in RAX and on top of stack.
   __ leaq(R12, Address(RBP, R10, TIMES_8, kParamEndSlotFromFp * kWordSize));
   __ leaq(RBX, FieldAddress(RAX, Array::data_offset()));
   // R12: address of first argument on stack.
   // RBX: address of first argument in array.
   Label loop, loop_condition;
 #if defined(DEBUG)
   static const bool kJumpLength = Assembler::kFarJump;
 #else
   static const bool kJumpLength = Assembler::kNearJump;
 #endif  // DEBUG
   __ jmp(&loop_condition, kJumpLength);
   __ Bind(&loop);
   __ movq(RDI, Address(R12, 0));
   // No generational barrier needed, since array is in new space.
   __ InitializeFieldNoBarrier(RAX, Address(RBX, 0), RDI);
   __ addq(RBX, Immediate(kWordSize));
   __ subq(R12, Immediate(kWordSize));
   __ Bind(&loop_condition);
   __ decq(R10);
   __ j(POSITIVE, &loop, Assembler::kNearJump);
 }
 
 
 DECLARE_LEAF_RUNTIME_ENTRY(intptr_t, DeoptimizeCopyFrame,
-                           intptr_t deopt_reason,
-                           uword saved_registers_address);
+                           uword saved_registers_address,
+                           uword is_lazy_deopt);
 
 DECLARE_LEAF_RUNTIME_ENTRY(void, DeoptimizeFillFrame, uword last_fp);
 
 
+enum DeoptStubKind {
+  kLazyDeopt,
+  kEagerDeopt
+};
+
 // Used by eager and lazy deoptimization. Preserve result in RAX if necessary.
 // This stub translates optimized frame into unoptimized frame. The optimized
 // frame can contain values in registers and on stack, the unoptimized
 // frame contains all values on stack.
 // Deoptimization occurs in following steps:
 // - Push all registers that can contain values.
 // - Call C routine to copy the stack and saved registers into temporary buffer.
 // - Adjust caller's frame to correct unoptimized frame size.
 // - Fill the unoptimized frame.
 // - Materialize objects that require allocation (e.g. Double instances).
 // GC can occur only after frame is fully rewritten.
 // Stack after EnterDartFrame(0, PP, kNoRegister) below:
 //   +------------------+
 //   | Saved PP         | <- PP
 //   +------------------+
 //   | PC marker        | <- TOS
 //   +------------------+
 //   | Saved FP         | <- FP of stub
 //   +------------------+
 //   | return-address   |  (deoptimization point)
 //   +------------------+
 //   | ...              | <- SP of optimized frame
 //
 // Parts of the code cannot GC, part of the code can GC.
 static void GenerateDeoptimizationSequence(Assembler* assembler,
-                                           bool preserve_result) {
+                                           DeoptStubKind kind) {
   // DeoptimizeCopyFrame expects a Dart frame, i.e. EnterDartFrame(0), but there
   // is no need to set the correct PC marker or load PP, since they get patched.
-  __ EnterFrame(0);
-  __ pushq(Immediate(0));
-  __ pushq(PP);
+  __ EnterDartFrame(0, kNoRegister);
 
   // The code in this frame may not cause GC. kDeoptimizeCopyFrameRuntimeEntry
   // and kDeoptimizeFillFrameRuntimeEntry are leaf runtime calls.
   const intptr_t saved_result_slot_from_fp =
       kFirstLocalSlotFromFp + 1 - (kNumberOfCpuRegisters - RAX);
   // Result in RAX is preserved as part of pushing all registers below.
 
   // Push registers in their enumeration order: lowest register number at
   // lowest address.
   for (intptr_t i = kNumberOfCpuRegisters - 1; i >= 0; i--) {
     __ pushq(static_cast<Register>(i));
   }
   __ subq(RSP, Immediate(kNumberOfXmmRegisters * kFpuRegisterSize));
   intptr_t offset = 0;
   for (intptr_t reg_idx = 0; reg_idx < kNumberOfXmmRegisters; ++reg_idx) {
     XmmRegister xmm_reg = static_cast<XmmRegister>(reg_idx);
     __ movups(Address(RSP, offset), xmm_reg);
     offset += kFpuRegisterSize;
   }
 
   // Pass address of saved registers block.
   __ movq(CallingConventions::kArg1Reg, RSP);
+  __ movq(CallingConventions::kArg2Reg, Immediate(kind == kLazyDeopt ? 1 : 0));
   __ ReserveAlignedFrameSpace(0);  // Ensure stack is aligned before the call.
-  __ CallRuntime(kDeoptimizeCopyFrameRuntimeEntry, 1);
+  __ CallRuntime(kDeoptimizeCopyFrameRuntimeEntry, 2);
   // Result (RAX) is stack-size (FP - SP) in bytes.
 
-  if (preserve_result) {
+  if (kind == kLazyDeopt) {
     // Restore result into RBX temporarily.
     __ movq(RBX, Address(RBP, saved_result_slot_from_fp * kWordSize));
   }
 
   // There is a Dart Frame on the stack. We must restore PP and leave frame.
+  __ RestoreCodePointer();
   __ LeaveDartFrame();
 
   __ popq(RCX);   // Preserve return address.
   __ movq(RSP, RBP);  // Discard optimized frame.
   __ subq(RSP, RAX);  // Reserve space for deoptimized frame.
   __ pushq(RCX);  // Restore return address.
 
   // DeoptimizeFillFrame expects a Dart frame, i.e. EnterDartFrame(0), but there
   // is no need to set the correct PC marker or load PP, since they get patched.
-  __ EnterFrame(0);
-  __ pushq(Immediate(0));
-  __ pushq(PP);
+  __ EnterDartFrame(0, kNoRegister);
 
-  if (preserve_result) {
+  if (kind == kLazyDeopt) {
     __ pushq(RBX);  // Preserve result as first local.
   }
   __ ReserveAlignedFrameSpace(0);
   // Pass last FP as a parameter.
   __ movq(CallingConventions::kArg1Reg, RBP);
   __ CallRuntime(kDeoptimizeFillFrameRuntimeEntry, 1);
-  if (preserve_result) {
+  if (kind == kLazyDeopt) {
     // Restore result into RBX.
     __ movq(RBX, Address(RBP, kFirstLocalSlotFromFp * kWordSize));
   }
   // Code above cannot cause GC.
   // There is a Dart Frame on the stack. We must restore PP and leave frame.
+  __ RestoreCodePointer();
   __ LeaveDartFrame();
 
   // Frame is fully rewritten at this point and it is safe to perform a GC.
   // Materialize any objects that were deferred by FillFrame because they
   // require allocation.
   // Enter stub frame with loading PP. The caller's PP is not materialized yet.
   __ EnterStubFrame();
-  if (preserve_result) {
+  if (kind == kLazyDeopt) {
     __ pushq(Immediate(0));  // Workaround for dropped stack slot during GC.
     __ pushq(RBX);  // Preserve result, it will be GC-d here.
   }
   __ pushq(Immediate(Smi::RawValue(0)));  // Space for the result.
   __ CallRuntime(kDeoptimizeMaterializeRuntimeEntry, 0);
   // Result tells stub how many bytes to remove from the expression stack
   // of the bottom-most frame. They were used as materialization arguments.
   __ popq(RBX);
   __ SmiUntag(RBX);
-  if (preserve_result) {
+  if (kind == kLazyDeopt) {
     __ popq(RAX);  // Restore result.
     __ Drop(1);  // Workaround for dropped stack slot during GC.
   }
   __ LeaveStubFrame();
 
   __ popq(RCX);  // Pop return address.
   __ addq(RSP, RBX);  // Remove materialization arguments.
   __ pushq(RCX);  // Push return address.
   __ ret();
 }
 
 
 // TOS: return address + call-instruction-size (5 bytes).
 // RAX: result, must be preserved
 void StubCode::GenerateDeoptimizeLazyStub(Assembler* assembler) {
   // Correct return address to point just after the call that is being
   // deoptimized.
   __ popq(RBX);
   __ subq(RBX, Immediate(ShortCallPattern::InstructionLength()));
   __ pushq(RBX);
-  GenerateDeoptimizationSequence(assembler, true);  // Preserve RAX.
+  GenerateDeoptimizationSequence(assembler, kLazyDeopt);
 }
 
 
 void StubCode::GenerateDeoptimizeStub(Assembler* assembler) {
-  GenerateDeoptimizationSequence(assembler, false);  // Don't preserve RAX.
+  GenerateDeoptimizationSequence(assembler, kEagerDeopt);
 }
 
 
 void StubCode::GenerateMegamorphicMissStub(Assembler* assembler) {
   __ EnterStubFrame();
   // Load the receiver into RAX.  The argument count in the arguments
   // descriptor in R10 is a smi.
   __ movq(RAX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
   // Three words (saved pp, saved fp, stub's pc marker)
   // in the stack above the return address.
   __ movq(RAX, Address(RSP, RAX, TIMES_4,
                        kSavedAboveReturnAddress * kWordSize));
   // Preserve IC data and arguments descriptor.
   __ pushq(RBX);
   __ pushq(R10);
 
   // Space for the result of the runtime call.
   __ PushObject(Object::null_object(), PP);
   __ pushq(RAX);  // Receiver.
   __ pushq(RBX);  // IC data.
   __ pushq(R10);  // Arguments descriptor.
   __ CallRuntime(kMegamorphicCacheMissHandlerRuntimeEntry, 3);
   // Discard arguments.
   __ popq(RAX);
   __ popq(RAX);
   __ popq(RAX);
   __ popq(RAX);  // Return value from the runtime call (function).
   __ popq(R10);  // Restore arguments descriptor.
   __ popq(RBX);  // Restore IC data.
+  __ RestoreCodePointer();
   __ LeaveStubFrame();
 
-  __ movq(RCX, FieldAddress(RAX, Function::instructions_offset()));
+  __ movq(CODE_REG, FieldAddress(RAX, Function::code_offset()));
+  __ movq(RCX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RCX);
 }
 
 
 // Called for inline allocation of arrays.
 // Input parameters:
 //   R10 : Array length as Smi.
 //   RBX : array element type (either NULL or an instantiated type).
 // NOTE: R10 cannot be clobbered here as the caller relies on it being saved.
@@ skipping 115 matching lines @@
   __ pushq(R10);  // Array length as Smi.
   __ pushq(RBX);  // Element type.
   __ CallRuntime(kAllocateArrayRuntimeEntry, 2);
   __ popq(RAX);  // Pop element type argument.
   __ popq(R10);  // Pop array length argument.
   __ popq(RAX);  // Pop return value from return slot.
   __ LeaveStubFrame();
   __ ret();
   *patch_code_pc_offset = assembler->CodeSize();
   StubCode* stub_code = Isolate::Current()->stub_code();
-  __ JmpPatchable(&stub_code->FixAllocateArrayStubTargetLabel(), new_pp);
+  __ JmpPatchable(Code::Handle(
+      stub_code->FixAllocateArrayStubTargetCode()), new_pp);
 }
 
 
 // Called when invoking Dart code from C++ (VM code).
 // Input parameters:
 //   RSP : points to return address.
-//   RDI : entrypoint of the Dart function to call.
+//   RDI : target code
 //   RSI : arguments descriptor array.
 //   RDX : arguments array.
 //   RCX : current thread.
 void StubCode::GenerateInvokeDartCodeStub(Assembler* assembler) {
   // Save frame pointer coming in.
   __ EnterFrame(0);
 
-  const Register kEntryPointReg = CallingConventions::kArg1Reg;
-  const Register kArgDescReg    = CallingConventions::kArg2Reg;
-  const Register kArgsReg       = CallingConventions::kArg3Reg;
-  const Register kThreadReg     = CallingConventions::kArg4Reg;
+  const Register kStubCodeReg   = CallingConventions::kArg1Reg;
+  const Register kTargetCodeReg = CallingConventions::kArg2Reg;
+  const Register kArgDescReg    = CallingConventions::kArg3Reg;
+  const Register kArgsReg       = CallingConventions::kArg4Reg;
+
+  // Set up THR, which caches the current thread in Dart code.
+#if defined(_WIN64)
+  __ movq(THR, Address(RSP, 5 * kWordSize));
+#else
+  const Register kThreadReg     = CallingConventions::kArg5Reg;
+  if (THR != kThreadReg) {
+    __ movq(THR, kThreadReg);
+  }
+#endif
 
   // At this point, the stack looks like:
   // | saved RBP                                      | <-- RBP
   // | saved PC (return to DartEntry::InvokeFunction) |
 
-  const intptr_t kInitialOffset = 1;
-  // Save arguments descriptor array.
-  const intptr_t kArgumentsDescOffset = -(kInitialOffset) * kWordSize;
+  const intptr_t kArgumentsDescOffset = -1 * kWordSize;
+  const intptr_t kCodePointerOffset = -2 * kWordSize;
   __ pushq(kArgDescReg);
+  __ pushq(Address(kStubCodeReg, VMHandles::kOffsetOfRawPtrInHandle));
 
   // Save C++ ABI callee-saved registers.
   __ PushRegisters(CallingConventions::kCalleeSaveCpuRegisters,
                    CallingConventions::kCalleeSaveXmmRegisters);
 
   // We now load the pool pointer(PP) as we are about to invoke dart code and we
   // could potentially invoke some intrinsic functions which need the PP to be
   // set up.
+  __ movq(CODE_REG, Address(kStubCodeReg, VMHandles::kOffsetOfRawPtrInHandle));
   __ LoadPoolPointer(PP);
 
   // If any additional (or fewer) values are pushed, the offsets in
   // kExitLinkSlotFromEntryFp will need to be changed.
 
-  // Set up THR, which caches the current thread in Dart code.
-  if (THR != kThreadReg) {
-    __ movq(THR, kThreadReg);
-  }
   // Load Isolate pointer into kIsolateReg.
   const Register kIsolateReg = RBX;
   __ LoadIsolate(kIsolateReg);
 
   // Save the current VMTag on the stack.
   __ movq(RAX, Address(kIsolateReg, Isolate::vm_tag_offset()));
   __ pushq(RAX);
 
   // Mark that the isolate is executing Dart code.
   __ movq(Address(kIsolateReg, Isolate::vm_tag_offset()),
           Immediate(VMTag::kDartTagId));
 
   // Save top resource and top exit frame info. Use RAX as a temporary register.
   // StackFrameIterator reads the top exit frame info saved in this frame.
   __ movq(RAX, Address(kIsolateReg, Isolate::top_resource_offset()));
   __ pushq(RAX);
   __ movq(Address(kIsolateReg, Isolate::top_resource_offset()),
           Immediate(0));
   __ movq(RAX, Address(kIsolateReg, Isolate::top_exit_frame_info_offset()));
   // The constant kExitLinkSlotFromEntryFp must be kept in sync with the
   // code below.
   __ pushq(RAX);
 #if defined(DEBUG)
   {
     Label ok;
     __ leaq(RAX, Address(RBP, kExitLinkSlotFromEntryFp * kWordSize));
     __ cmpq(RAX, RSP);
     __ j(EQUAL, &ok);
+    __ int3();
     __ Stop("kExitLinkSlotFromEntryFp mismatch");
     __ Bind(&ok);
   }
 #endif
   __ movq(Address(kIsolateReg, Isolate::top_exit_frame_info_offset()),
           Immediate(0));
 
   // Load arguments descriptor array into R10, which is passed to Dart code.
   __ movq(R10, Address(kArgDescReg, VMHandles::kOffsetOfRawPtrInHandle));
 
-  // Push arguments. At this point we only need to preserve kEntryPointReg.
-  ASSERT(kEntryPointReg != RDX);
+  // Push arguments. At this point we only need to preserve kTargetCodeReg.
+  ASSERT(kTargetCodeReg != RDX);
 
   // Load number of arguments into RBX.
   __ movq(RBX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
   __ SmiUntag(RBX);
 
   // Compute address of 'arguments array' data area into RDX.
   __ movq(RDX, Address(kArgsReg, VMHandles::kOffsetOfRawPtrInHandle));
   __ leaq(RDX, FieldAddress(RDX, Array::data_offset()));
 
   // Set up arguments for the Dart call.
   Label push_arguments;
   Label done_push_arguments;
   __ testq(RBX, RBX);  // check if there are arguments.
   __ j(ZERO, &done_push_arguments, Assembler::kNearJump);
   __ movq(RAX, Immediate(0));
   __ Bind(&push_arguments);
   __ pushq(Address(RDX, RAX, TIMES_8, 0));
   __ incq(RAX);
   __ cmpq(RAX, RBX);
   __ j(LESS, &push_arguments, Assembler::kNearJump);
   __ Bind(&done_push_arguments);
 
   // Call the Dart code entrypoint.
-  __ call(kEntryPointReg);  // R10 is the arguments descriptor array.
+  __ movq(CODE_REG,
+          Address(kTargetCodeReg, VMHandles::kOffsetOfRawPtrInHandle));
+  __ movq(kTargetCodeReg, FieldAddress(CODE_REG, Code::instructions_offset()));
+  __ addq(kTargetCodeReg,
+          Immediate(Instructions::HeaderSize() - kHeapObjectTag));
+  __ call(kTargetCodeReg);  // R10 is the arguments descriptor array.
+
+  // If we arrived here from JumpToExceptionHandler then PP would not be
+  // set correctly. Reload it from the code object.
+  // TODO(vegorov): set PP in the JumpToExceptionHandler to avoid reloading.
+  __ movq(CODE_REG, Address(RBP, kCodePointerOffset));
+  __ LoadPoolPointer(PP);
 
   // Read the saved arguments descriptor array to obtain the number of passed
   // arguments.
   __ movq(kArgDescReg, Address(RBP, kArgumentsDescOffset));
   __ movq(R10, Address(kArgDescReg, VMHandles::kOffsetOfRawPtrInHandle));
   __ movq(RDX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
   // Get rid of arguments pushed on the stack.
   __ leaq(RSP, Address(RSP, RDX, TIMES_4, 0));  // RDX is a Smi.
 
   // Restore the saved top exit frame info and top resource back into the
@@ skipping 15 matching lines @@
   __ ret();
 }
 
 
 // Called for inline allocation of contexts.
 // Input:
 // R10: number of context variables.
 // Output:
 // RAX: new allocated RawContext object.
 void StubCode::GenerateAllocateContextStub(Assembler* assembler) {
-  __ LoadObject(R12, Object::null_object(), PP);
+  __ LoadObject(R9, Object::null_object(), PP);
   if (FLAG_inline_alloc) {
     Label slow_case;
     Isolate* isolate = Isolate::Current();
     Heap* heap = isolate->heap();
     // First compute the rounded instance size.
     // R10: number of context variables.
     intptr_t fixed_size = (sizeof(RawContext) + kObjectAlignment - 1);
     __ leaq(R13, Address(R10, TIMES_8, fixed_size));
     __ andq(R13, Immediate(-kObjectAlignment));
 
@@ skipping 57 matching lines @@
     // RAX: new object.
     // R10: number of context variables as integer value (not object).
     __ movq(FieldAddress(RAX, Context::num_variables_offset()), R10);
 
     // Setup the parent field.
     // RAX: new object.
     // R10: number of context variables.
     // No generational barrier needed, since we are storing null.
     __ InitializeFieldNoBarrier(RAX,
                                 FieldAddress(RAX, Context::parent_offset()),
-                                R12);
+                                R9);
 
     // Initialize the context variables.
     // RAX: new object.
     // R10: number of context variables.
     {
       Label loop, entry;
       __ leaq(R13, FieldAddress(RAX, Context::variable_offset(0)));
 #if defined(DEBUG)
       static const bool kJumpLength = Assembler::kFarJump;
 #else
       static const bool kJumpLength = Assembler::kNearJump;
 #endif  // DEBUG
       __ jmp(&entry, kJumpLength);
       __ Bind(&loop);
       __ decq(R10);
       // No generational barrier needed, since we are storing null.
       __ InitializeFieldNoBarrier(RAX,
                                   Address(R13, R10, TIMES_8, 0),
-                                  R12);
+                                  R9);
       __ Bind(&entry);
       __ cmpq(R10, Immediate(0));
       __ j(NOT_EQUAL, &loop, Assembler::kNearJump);
     }
 
     // Done allocating and initializing the context.
     // RAX: new object.
     __ ret();
 
     __ Bind(&slow_case);
   }
   // Create a stub frame.
   __ EnterStubFrame();
-  __ pushq(R12);  // Setup space on stack for the return value.
+  __ pushq(R9);  // Setup space on stack for the return value.
   __ SmiTag(R10);
   __ pushq(R10);  // Push number of context variables.
   __ CallRuntime(kAllocateContextRuntimeEntry, 1);  // Allocate context.
   __ popq(RAX);  // Pop number of context variables argument.
   __ popq(RAX);  // Pop the new context object.
   // RAX: new object
   // Restore the frame pointer.
   __ LeaveStubFrame();
   __ ret();
 }
@@ skipping 80 matching lines @@
   // The generated code is different if the class is parameterized.
   const bool is_cls_parameterized = cls.NumTypeArguments() > 0;
   ASSERT(!is_cls_parameterized ||
          (cls.type_arguments_field_offset() != Class::kNoTypeArguments));
   // kInlineInstanceSize is a constant used as a threshold for determining
   // when the object initialization should be done as a loop or as
   // straight line code.
   const int kInlineInstanceSize = 12;  // In words.
   const intptr_t instance_size = cls.instance_size();
   ASSERT(instance_size > 0);
-  __ LoadObject(R12, Object::null_object(), PP);
+  __ LoadObject(R9, Object::null_object(), PP);
   if (is_cls_parameterized) {
     __ movq(RDX, Address(RSP, kObjectTypeArgumentsOffset));
     // RDX: instantiated type arguments.
   }
   if (FLAG_inline_alloc && Heap::IsAllocatableInNewSpace(instance_size)) {
     Label slow_case;
     // Allocate the object and update top to point to
     // next object start and initialize the allocated object.
     // RDX: instantiated type arguments (if is_cls_parameterized).
     Heap* heap = Isolate::Current()->heap();
@@ skipping 23 matching lines @@
     tags = RawObject::SizeTag::update(instance_size, tags);
     ASSERT(cls.id() != kIllegalCid);
     tags = RawObject::ClassIdTag::update(cls.id(), tags);
     __ movq(Address(RAX, Instance::tags_offset()), Immediate(tags));
     __ addq(RAX, Immediate(kHeapObjectTag));
 
     // Initialize the remaining words of the object.
     // RAX: new object (tagged).
     // RBX: next object start.
     // RDX: new object type arguments (if is_cls_parameterized).
-    // R12: raw null.
+    // R9: raw null.
     // First try inlining the initialization without a loop.
     if (instance_size < (kInlineInstanceSize * kWordSize)) {
       // Check if the object contains any non-header fields.
       // Small objects are initialized using a consecutive set of writes.
       for (intptr_t current_offset = Instance::NextFieldOffset();
            current_offset < instance_size;
            current_offset += kWordSize) {
         __ InitializeFieldNoBarrier(RAX,
                                     FieldAddress(RAX, current_offset),
-                                    R12);
+                                    R9);
       }
     } else {
       __ leaq(RCX, FieldAddress(RAX, Instance::NextFieldOffset()));
       // Loop until the whole object is initialized.
       // RAX: new object (tagged).
       // RBX: next object start.
       // RCX: next word to be initialized.
       // RDX: new object type arguments (if is_cls_parameterized).
       Label init_loop;
       Label done;
       __ Bind(&init_loop);
       __ cmpq(RCX, RBX);
 #if defined(DEBUG)
       static const bool kJumpLength = Assembler::kFarJump;
 #else
       static const bool kJumpLength = Assembler::kNearJump;
 #endif  // DEBUG
       __ j(ABOVE_EQUAL, &done, kJumpLength);
-      __ InitializeFieldNoBarrier(RAX, Address(RCX, 0), R12);
+      __ InitializeFieldNoBarrier(RAX, Address(RCX, 0), R9);
       __ addq(RCX, Immediate(kWordSize));
       __ jmp(&init_loop, Assembler::kNearJump);
       __ Bind(&done);
     }
     if (is_cls_parameterized) {
       // RDX: new object type arguments.
       // Set the type arguments in the new object.
       intptr_t offset = cls.type_arguments_field_offset();
       __ InitializeFieldNoBarrier(RAX, FieldAddress(RAX, offset), RDX);
     }
     // Done allocating and initializing the instance.
     // RAX: new object (tagged).
     __ ret();
 
     __ Bind(&slow_case);
   }
   // If is_cls_parameterized:
   // RDX: new object type arguments.
   // Create a stub frame.
   __ EnterStubFrame();  // Uses PP to access class object.
-  __ pushq(R12);  // Setup space on stack for return value.
+  __ pushq(R9);  // Setup space on stack for return value.
   __ PushObject(cls, PP);  // Push class of object to be allocated.
   if (is_cls_parameterized) {
     __ pushq(RDX);  // Push type arguments of object to be allocated.
   } else {
-    __ pushq(R12);  // Push null type arguments.
+    __ pushq(R9);  // Push null type arguments.
   }
   __ CallRuntime(kAllocateObjectRuntimeEntry, 2);  // Allocate object.
   __ popq(RAX);  // Pop argument (type arguments of object).
   __ popq(RAX);  // Pop argument (class of object).
   __ popq(RAX);  // Pop result (newly allocated object).
   // RAX: new object
   // Restore the frame pointer.
   __ LeaveStubFrame();
   __ ret();
   *patch_code_pc_offset = assembler->CodeSize();
   StubCode* stub_code = Isolate::Current()->stub_code();
-  __ JmpPatchable(&stub_code->FixAllocationStubTargetLabel(), new_pp);
+  __ JmpPatchable(Code::Handle(
+      stub_code->FixAllocationStubTargetCode()), new_pp);
 }
 
 
 // Called for invoking "dynamic noSuchMethod(Invocation invocation)" function
 // from the entry code of a dart function after an error in passed argument
 // name or number is detected.
 // Input parameters:
 //   RSP : points to return address.
 //   RSP + 8 : address of last argument.
 //   R10 : arguments descriptor array.
@@ skipping 65 matching lines @@
                           Label* not_smi_or_overflow,
                           bool should_update_result_range) {
   __ Comment("Fast Smi op");
   if (FLAG_throw_on_javascript_int_overflow) {
     // The overflow check is more complex than implemented below.
     return;
   }
   ASSERT(num_args == 2);
   __ movq(RCX, Address(RSP, + 1 * kWordSize));  // Right
   __ movq(RAX, Address(RSP, + 2 * kWordSize));  // Left.
-  __ movq(R12, RCX);
-  __ orq(R12, RAX);
-  __ testq(R12, Immediate(kSmiTagMask));
+  __ movq(R13, RCX);
+  __ orq(R13, RAX);
+  __ testq(R13, Immediate(kSmiTagMask));
   __ j(NOT_ZERO, not_smi_or_overflow);
   switch (kind) {
     case Token::kADD: {
       __ addq(RAX, RCX);
       __ j(OVERFLOW, not_smi_or_overflow);
       break;
     }
     case Token::kSUB: {
       __ subq(RAX, RCX);
       __ j(OVERFLOW, not_smi_or_overflow);
@@ skipping 15 matching lines @@
 
 
   if (should_update_result_range) {
     Label done;
     __ movq(RSI, RAX);
     __ UpdateRangeFeedback(RSI, 2, RBX, RCX, &done);
     __ Bind(&done);
   }
 
   // RBX: IC data object (preserved).
-  __ movq(R12, FieldAddress(RBX, ICData::ic_data_offset()));
-  // R12: ic_data_array with check entries: classes and target functions.
-  __ leaq(R12, FieldAddress(R12, Array::data_offset()));
-  // R12: points directly to the first ic data array element.
+  __ movq(R13, FieldAddress(RBX, ICData::ic_data_offset()));
+  // R13: ic_data_array with check entries: classes and target functions.
+  __ leaq(R13, FieldAddress(R13, Array::data_offset()));
+  // R13: points directly to the first ic data array element.
 #if defined(DEBUG)
   // Check that first entry is for Smi/Smi.
   Label error, ok;
   const Immediate& imm_smi_cid =
       Immediate(reinterpret_cast<intptr_t>(Smi::New(kSmiCid)));
-  __ cmpq(Address(R12, 0 * kWordSize), imm_smi_cid);
+  __ cmpq(Address(R13, 0 * kWordSize), imm_smi_cid);
   __ j(NOT_EQUAL, &error, Assembler::kNearJump);
-  __ cmpq(Address(R12, 1 * kWordSize), imm_smi_cid);
+  __ cmpq(Address(R13, 1 * kWordSize), imm_smi_cid);
   __ j(EQUAL, &ok, Assembler::kNearJump);
   __ Bind(&error);
   __ Stop("Incorrect IC data");
   __ Bind(&ok);
 #endif
 
   if (FLAG_optimization_counter_threshold >= 0) {
     const intptr_t count_offset = ICData::CountIndexFor(num_args) * kWordSize;
     // Update counter.
-    __ movq(R8, Address(R12, count_offset));
+    __ movq(R8, Address(R13, count_offset));
     __ addq(R8, Immediate(Smi::RawValue(1)));
-    __ movq(R13, Immediate(Smi::RawValue(Smi::kMaxValue)));
-    __ cmovnoq(R13, R8);
-    __ StoreIntoSmiField(Address(R12, count_offset), R13);
+    __ movq(R9, Immediate(Smi::RawValue(Smi::kMaxValue)));
+    __ cmovnoq(R9, R8);
+    __ StoreIntoSmiField(Address(R13, count_offset), R9);
   }
 
   __ ret();
 }
 
 
 // Generate inline cache check for 'num_args'.
 //  RBX: Inline cache data object.
 //  TOS(0): return address
 // Control flow:
@@ skipping 55 matching lines @@
         range_collection_mode == kCollectRanges);
   }
   __ Bind(&not_smi_or_overflow);
 
   __ Comment("Extract ICData initial values and receiver cid");
   // Load arguments descriptor into R10.
   __ movq(R10, FieldAddress(RBX, ICData::arguments_descriptor_offset()));
   // Loop that checks if there is an IC data match.
   Label loop, update, test, found;
   // RBX: IC data object (preserved).
-  __ movq(R12, FieldAddress(RBX, ICData::ic_data_offset()));
-  // R12: ic_data_array with check entries: classes and target functions.
-  __ leaq(R12, FieldAddress(R12, Array::data_offset()));
-  // R12: points directly to the first ic data array element.
+  __ movq(R13, FieldAddress(RBX, ICData::ic_data_offset()));
+  // R13: ic_data_array with check entries: classes and target functions.
+  __ leaq(R13, FieldAddress(R13, Array::data_offset()));
+  // R13: points directly to the first ic data array element.
 
   // Get the receiver's class ID (first read number of arguments from
   // arguments descriptor array and then access the receiver from the stack).
   __ movq(RAX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
-  __ movq(R13, Address(RSP, RAX, TIMES_4, 0));  // RAX (argument count) is Smi.
-  __ LoadTaggedClassIdMayBeSmi(RAX, R13);
+  __ movq(R9, Address(RSP, RAX, TIMES_4, 0));  // RAX (argument count) is Smi.
+  __ LoadTaggedClassIdMayBeSmi(RAX, R9);
   // RAX: receiver's class ID as smi.
-  __ movq(R13, Address(R12, 0));  // First class ID (Smi) to check.
+  __ movq(R9, Address(R13, 0));  // First class ID (Smi) to check.
   __ jmp(&test);
 
   __ Comment("ICData loop");
   __ Bind(&loop);
   for (int i = 0; i < num_args; i++) {
     if (i > 0) {
       // If not the first, load the next argument's class ID.
       __ movq(RAX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
-      __ movq(R13, Address(RSP, RAX, TIMES_4, - i * kWordSize));
-      __ LoadTaggedClassIdMayBeSmi(RAX, R13);
+      __ movq(R9, Address(RSP, RAX, TIMES_4, - i * kWordSize));
+      __ LoadTaggedClassIdMayBeSmi(RAX, R9);
       // RAX: next argument class ID (smi).
-      __ movq(R13, Address(R12, i * kWordSize));
-      // R13: next class ID to check (smi).
+      __ movq(R9, Address(R13, i * kWordSize));
+      // R9: next class ID to check (smi).
     }
-    __ cmpq(RAX, R13);  // Class id match?
+    __ cmpq(RAX, R9);  // Class id match?
     if (i < (num_args - 1)) {
       __ j(NOT_EQUAL, &update);  // Continue.
     } else {
       // Last check, all checks before matched.
       __ j(EQUAL, &found);  // Break.
     }
   }
   __ Bind(&update);
   // Reload receiver class ID.  It has not been destroyed when num_args == 1.
   if (num_args > 1) {
     __ movq(RAX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
-    __ movq(R13, Address(RSP, RAX, TIMES_4, 0));
-    __ LoadTaggedClassIdMayBeSmi(RAX, R13);
+    __ movq(R9, Address(RSP, RAX, TIMES_4, 0));
+    __ LoadTaggedClassIdMayBeSmi(RAX, R9);
   }
 
   const intptr_t entry_size = ICData::TestEntryLengthFor(num_args) * kWordSize;
-  __ addq(R12, Immediate(entry_size));  // Next entry.
-  __ movq(R13, Address(R12, 0));  // Next class ID.
+  __ addq(R13, Immediate(entry_size));  // Next entry.
+  __ movq(R9, Address(R13, 0));  // Next class ID.
 
   __ Bind(&test);
-  __ cmpq(R13, Immediate(Smi::RawValue(kIllegalCid)));  // Done?
+  __ cmpq(R9, Immediate(Smi::RawValue(kIllegalCid)));  // Done?
   __ j(NOT_EQUAL, &loop, Assembler::kNearJump);
 
   __ Comment("IC miss");
-  __ LoadObject(R12, Object::null_object(), PP);
+  __ LoadObject(R13, Object::null_object(), PP);
   // Compute address of arguments (first read number of arguments from
   // arguments descriptor array and then compute address on the stack).
   __ movq(RAX, FieldAddress(R10, ArgumentsDescriptor::count_offset()));
   __ leaq(RAX, Address(RSP, RAX, TIMES_4, 0));  // RAX is Smi.
   __ EnterStubFrame();
   __ pushq(R10);  // Preserve arguments descriptor array.
   __ pushq(RBX);  // Preserve IC data object.
-  __ pushq(R12);  // Setup space on stack for result (target code object).
+  __ pushq(R13);  // Setup space on stack for result (target code object).
   // Push call arguments.
   for (intptr_t i = 0; i < num_args; i++) {
     __ movq(RCX, Address(RAX, -kWordSize * i));
     __ pushq(RCX);
   }
   __ pushq(RBX);  // Pass IC data object.
   __ CallRuntime(handle_ic_miss, num_args + 1);
   // Remove the call arguments pushed earlier, including the IC data object.
   for (intptr_t i = 0; i < num_args + 1; i++) {
     __ popq(RAX);
   }
   __ popq(RAX);  // Pop returned function object into RAX.
   __ popq(RBX);  // Restore IC data array.
   __ popq(R10);  // Restore arguments descriptor array.
+  if (range_collection_mode == kCollectRanges) {
+    __ RestoreCodePointer();
+  }
   __ LeaveStubFrame();
   Label call_target_function;
   __ jmp(&call_target_function);
 
   __ Bind(&found);
-  // R12: Pointer to an IC data check group.
+  // R13: Pointer to an IC data check group.
   const intptr_t target_offset = ICData::TargetIndexFor(num_args) * kWordSize;
   const intptr_t count_offset = ICData::CountIndexFor(num_args) * kWordSize;
-  __ movq(RAX, Address(R12, target_offset));
+  __ movq(RAX, Address(R13, target_offset));
 
   if (FLAG_optimization_counter_threshold >= 0) {
     // Update counter.
     __ Comment("Update caller's counter");
-    __ movq(R8, Address(R12, count_offset));
+    __ movq(R8, Address(R13, count_offset));
     __ addq(R8, Immediate(Smi::RawValue(1)));
-    __ movq(R13, Immediate(Smi::RawValue(Smi::kMaxValue)));
-    __ cmovnoq(R13, R8);
-    __ StoreIntoSmiField(Address(R12, count_offset), R13);
+    __ movq(R9, Immediate(Smi::RawValue(Smi::kMaxValue)));
+    __ cmovnoq(R9, R8);
+    __ StoreIntoSmiField(Address(R13, count_offset), R9);
   }
 
   __ Comment("Call target");
   __ Bind(&call_target_function);
   // RAX: Target function.
   Label is_compiled;
-  __ movq(RCX, FieldAddress(RAX, Function::instructions_offset()));
-  __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   if (range_collection_mode == kCollectRanges) {
+    __ movq(R13, FieldAddress(RAX, Function::code_offset()));
+    __ movq(RCX, FieldAddress(R13, Code::instructions_offset()));
+    __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
     __ movq(R8, Address(RSP, + 1 * kWordSize));
     if (num_args == 2) {
-      __ movq(R13, Address(RSP, + 2 * kWordSize));
+      __ movq(R9, Address(RSP, + 2 * kWordSize));
     }
     __ EnterStubFrame();
     __ pushq(RBX);
     if (num_args == 2) {
-      __ pushq(R13);
+      __ pushq(R9);
     }
     __ pushq(R8);
+    __ movq(CODE_REG, R13);
     __ call(RCX);
 
     Label done;
     __ movq(RDX, RAX);
     __ movq(RBX, Address(RBP, kFirstLocalSlotFromFp * kWordSize));
     __ UpdateRangeFeedback(RDX, 2, RBX, RCX, &done);
     __ Bind(&done);
     __ LeaveStubFrame();
     __ ret();
   } else {
+    __ movq(CODE_REG, FieldAddress(RAX, Function::code_offset()));
+    __ movq(RCX, FieldAddress(CODE_REG, Code::instructions_offset()));
+    __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
     __ jmp(RCX);
   }
 
   if (FLAG_support_debugger && !optimized) {
     __ Bind(&stepping);
     __ EnterStubFrame();
     __ pushq(RBX);
     __ CallRuntime(kSingleStepHandlerRuntimeEntry, 0);
     __ popq(RBX);
+    __ RestoreCodePointer();
     __ LeaveStubFrame();
     __ jmp(&done_stepping);
   }
 }
 
 
 // Use inline cache data array to invoke the target or continue in inline
 // cache miss handler. Stub for 1-argument check (receiver class).
 //  RBX: Inline cache data object.
 //  TOS(0): Return address.
@@ skipping 148 matching lines @@
     __ movq(R13, Immediate(Smi::RawValue(Smi::kMaxValue)));
     __ cmovnoq(R13, R8);
     __ StoreIntoSmiField(Address(R12, count_offset), R13);
   }
 
   // Load arguments descriptor into R10.
   __ movq(R10, FieldAddress(RBX, ICData::arguments_descriptor_offset()));
 
   // Get function and call it, if possible.
   __ movq(RAX, Address(R12, target_offset));
-  __ movq(RCX, FieldAddress(RAX, Function::instructions_offset()));
+  __ movq(CODE_REG, FieldAddress(RAX, Function::code_offset()));
+  __ movq(RCX, FieldAddress(CODE_REG, Code::instructions_offset()));
   // RCX: Target instructions.
   __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RCX);
 
   if (FLAG_support_debugger) {
     __ Bind(&stepping);
     __ EnterStubFrame();
     __ pushq(RBX);  // Preserve IC data object.
     __ CallRuntime(kSingleStepHandlerRuntimeEntry, 0);
     __ popq(RBX);
@@ skipping 32 matching lines @@
   __ EnterStubFrame();
   __ pushq(R10);  // Preserve arguments descriptor array.
   __ pushq(RBX);  // Preserve IC data object.
   __ pushq(RAX);  // Pass function.
   __ CallRuntime(kCompileFunctionRuntimeEntry, 1);
   __ popq(RAX);  // Restore function.
   __ popq(RBX);  // Restore IC data array.
   __ popq(R10);  // Restore arguments descriptor array.
   __ LeaveStubFrame();
 
-  __ movq(RAX, FieldAddress(RAX, Function::instructions_offset()));
+  __ movq(CODE_REG, FieldAddress(RAX, Function::code_offset()));
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RAX);
 }
 
 
 // RBX: Contains an ICData.
 // TOS(0): return address (Dart code).
 void StubCode::GenerateICCallBreakpointStub(Assembler* assembler) {
   __ EnterStubFrame();
   // Preserve IC data.
   __ pushq(RBX);
   // Room for result. Debugger stub returns address of the
   // unpatched runtime stub.
   __ LoadObject(R12, Object::null_object(), PP);
   __ pushq(R12);  // Room for result.
   __ CallRuntime(kBreakpointRuntimeHandlerRuntimeEntry, 0);
-  __ popq(RAX);  // Address of original.
+  __ popq(CODE_REG);  // Address of original.
   __ popq(RBX);  // Restore IC data.
   __ LeaveStubFrame();
+
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
+  __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RAX);   // Jump to original stub.
 }
 
 
 //  TOS(0): return address (Dart code).
 void StubCode::GenerateRuntimeCallBreakpointStub(Assembler* assembler) {
   __ EnterStubFrame();
   // Room for result. Debugger stub returns address of the
   // unpatched runtime stub.
   __ LoadObject(R12, Object::null_object(), PP);
   __ pushq(R12);  // Room for result.
   __ CallRuntime(kBreakpointRuntimeHandlerRuntimeEntry, 0);
-  __ popq(RAX);  // Address of original.
+  __ popq(CODE_REG);  // Address of original.
   __ LeaveStubFrame();
+
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
+  __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RAX);   // Jump to original stub.
 }
 
 
 // Called only from unoptimized code.
 void StubCode::GenerateDebugStepCheckStub(Assembler* assembler) {
   // Check single stepping.
   Label stepping, done_stepping;
   __ LoadIsolate(RAX);
   __ movzxb(RAX, Address(RAX, Isolate::single_step_offset()));
@@ skipping 15 matching lines @@
 // TOS + 1: instantiator type arguments (can be NULL).
 // TOS + 2: instance.
 // TOS + 3: SubtypeTestCache.
 // Result in RCX: null -> not found, otherwise result (true or false).
 static void GenerateSubtypeNTestCacheStub(Assembler* assembler, int n) {
   ASSERT((1 <= n) && (n <= 3));
   const intptr_t kInstantiatorTypeArgumentsInBytes = 1 * kWordSize;
   const intptr_t kInstanceOffsetInBytes = 2 * kWordSize;
   const intptr_t kCacheOffsetInBytes = 3 * kWordSize;
   __ movq(RAX, Address(RSP, kInstanceOffsetInBytes));
-  __ LoadObject(R12, Object::null_object(), PP);
+  __ LoadObject(R9, Object::null_object(), PP);
   if (n > 1) {
     __ LoadClass(R10, RAX, kNoRegister);
     // Compute instance type arguments into R13.
     Label has_no_type_arguments;
-    __ movq(R13, R12);
+    __ movq(R13, R9);
     __ movl(RDI, FieldAddress(R10,
         Class::type_arguments_field_offset_in_words_offset()));
     __ cmpl(RDI, Immediate(Class::kNoTypeArguments));
     __ j(EQUAL, &has_no_type_arguments, Assembler::kNearJump);
     __ movq(R13, FieldAddress(RAX, RDI, TIMES_8, 0));
     __ Bind(&has_no_type_arguments);
   }
   __ LoadClassId(R10, RAX);
   // RAX: instance, R10: instance class id.
   // R13: instance type arguments or null, used only if n > 1.
   __ movq(RDX, Address(RSP, kCacheOffsetInBytes));
   // RDX: SubtypeTestCache.
   __ movq(RDX, FieldAddress(RDX, SubtypeTestCache::cache_offset()));
   __ addq(RDX, Immediate(Array::data_offset() - kHeapObjectTag));
   // RDX: Entry start.
   // R10: instance class id.
   // R13: instance type arguments.
   Label loop, found, not_found, next_iteration;
   __ SmiTag(R10);
   __ Bind(&loop);
   __ movq(RDI, Address(RDX, kWordSize * SubtypeTestCache::kInstanceClassId));
-  __ cmpq(RDI, R12);
+  __ cmpq(RDI, R9);
   __ j(EQUAL, &not_found, Assembler::kNearJump);
   __ cmpq(RDI, R10);
   if (n == 1) {
     __ j(EQUAL, &found, Assembler::kNearJump);
   } else {
     __ j(NOT_EQUAL, &next_iteration, Assembler::kNearJump);
     __ movq(RDI,
         Address(RDX, kWordSize * SubtypeTestCache::kInstanceTypeArguments));
     __ cmpq(RDI, R13);
     if (n == 2) {
       __ j(EQUAL, &found, Assembler::kNearJump);
     } else {
       __ j(NOT_EQUAL, &next_iteration, Assembler::kNearJump);
       __ movq(RDI,
           Address(RDX,
                   kWordSize * SubtypeTestCache::kInstantiatorTypeArguments));
       __ cmpq(RDI, Address(RSP, kInstantiatorTypeArgumentsInBytes));
       __ j(EQUAL, &found, Assembler::kNearJump);
     }
   }
 
   __ Bind(&next_iteration);
   __ addq(RDX, Immediate(kWordSize * SubtypeTestCache::kTestEntryLength));
   __ jmp(&loop, Assembler::kNearJump);
   // Fall through to not found.
   __ Bind(&not_found);
-  __ movq(RCX, R12);
+  __ movq(RCX, R9);
   __ ret();
 
   __ Bind(&found);
   __ movq(RCX, Address(RDX, kWordSize * SubtypeTestCache::kTestResult));
   __ ret();
 }
 
 
 // Used to check class and type arguments. Arguments passed on stack:
 // TOS + 0: return address.
@@ skipping 82 matching lines @@
 // RDI: function to be reoptimized.
 // R10: argument descriptor (preserved).
 void StubCode::GenerateOptimizeFunctionStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ LoadObject(R12, Object::null_object(), PP);
   __ pushq(R10);
   __ pushq(R12);  // Setup space on stack for return value.
   __ pushq(RDI);
   __ CallRuntime(kOptimizeInvokedFunctionRuntimeEntry, 1);
   __ popq(RAX);  // Disard argument.
-  __ popq(RAX);  // Get Code object.
+  __ popq(CODE_REG);  // Get Code object.
   __ popq(R10);  // Restore argument descriptor.
-  __ movq(RAX, FieldAddress(RAX, Code::instructions_offset()));
+  __ movq(RAX, FieldAddress(CODE_REG, Code::instructions_offset()));
   __ addq(RAX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ LeaveStubFrame();
   __ jmp(RAX);
   __ int3();
 }
 
 
 DECLARE_LEAF_RUNTIME_ENTRY(intptr_t,
                            BigintCompare,
                            RawBigint* left,
@@ skipping 15 matching lines @@
   // If any of the arguments is Smi do reference compare.
   __ testq(left, Immediate(kSmiTagMask));
   __ j(ZERO, &reference_compare);
   __ testq(right, Immediate(kSmiTagMask));
   __ j(ZERO, &reference_compare);
 
   // Value compare for two doubles.
   __ CompareClassId(left, kDoubleCid);
   __ j(NOT_EQUAL, &check_mint, Assembler::kNearJump);
   __ CompareClassId(right, kDoubleCid);
-  __ j(NOT_EQUAL, &done, Assembler::kNearJump);
+  __ j(NOT_EQUAL, &done, Assembler::kFarJump);
 
   // Double values bitwise compare.
   __ movq(left, FieldAddress(left, Double::value_offset()));
   __ cmpq(left, FieldAddress(right, Double::value_offset()));
-  __ jmp(&done, Assembler::kNearJump);
+  __ jmp(&done, Assembler::kFarJump);
 
   __ Bind(&check_mint);
   __ CompareClassId(left, kMintCid);
   __ j(NOT_EQUAL, &check_bigint, Assembler::kNearJump);
   __ CompareClassId(right, kMintCid);
-  __ j(NOT_EQUAL, &done, Assembler::kNearJump);
+  __ j(NOT_EQUAL, &done, Assembler::kFarJump);
   __ movq(left, FieldAddress(left, Mint::value_offset()));
   __ cmpq(left, FieldAddress(right, Mint::value_offset()));
-  __ jmp(&done, Assembler::kNearJump);
+  __ jmp(&done, Assembler::kFarJump);
 
   __ Bind(&check_bigint);
   __ CompareClassId(left, kBigintCid);
-  __ j(NOT_EQUAL, &reference_compare, Assembler::kNearJump);
+  __ j(NOT_EQUAL, &reference_compare, Assembler::kFarJump);
   __ CompareClassId(right, kBigintCid);
-  __ j(NOT_EQUAL, &done, Assembler::kNearJump);
+  __ j(NOT_EQUAL, &done, Assembler::kFarJump);
   __ EnterStubFrame();
   __ ReserveAlignedFrameSpace(0);
   __ movq(CallingConventions::kArg1Reg, left);
   __ movq(CallingConventions::kArg2Reg, right);
   __ CallRuntime(kBigintCompareRuntimeEntry, 2);
   // Result in RAX, 0 means equal.
   __ LeaveStubFrame();
   __ cmpq(RAX, Immediate(0));
   __ jmp(&done);
 
@@ skipping 82 matching lines @@
   __ j(ZERO, &call_target_function, Assembler::kNearJump);
   __ cmpq(RDX, RAX);
   __ j(NOT_EQUAL, &update, Assembler::kNearJump);
 
   __ Bind(&call_target_function);
   // Call the target found in the cache.  For a class id match, this is a
   // proper target for the given name and arguments descriptor.  If the
   // illegal class id was found, the target is a cache miss handler that can
   // be invoked as a normal Dart function.
   __ movq(RAX, FieldAddress(RDI, RCX, TIMES_8, base + kWordSize));
-  __ movq(target, FieldAddress(RAX, Function::instructions_offset()));
+  __ movq(CODE_REG, FieldAddress(RAX, Function::code_offset()));
+  __ movq(target, FieldAddress(CODE_REG, Code::instructions_offset()));
   // TODO(srdjan): Evaluate performance impact of moving the instruction below
   // to the call site, instead of having it here.
   __ AddImmediate(
       target, Immediate(Instructions::HeaderSize() - kHeapObjectTag), PP);
 }
 
 
 // Called from megamorphic calls.
 //  RDI: receiver.
 //  RBX: lookup cache.
 // Result:
 //  RCX: entry point.
 void StubCode::GenerateMegamorphicLookupStub(Assembler* assembler) {
   EmitMegamorphicLookup(assembler, RDI, RBX, RCX);
   __ ret();
 }
 
 }  // namespace dart
 
 #endif  // defined TARGET_ARCH_X64