VM: New calling convention for generated code.

runtime/vm/stub_code_arm.cc

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "vm/globals.h"
 #if defined(TARGET_ARCH_ARM)
 
 #include "vm/assembler.h"
 #include "vm/code_generator.h"
 #include "vm/cpu.h"
@@ skipping 24 matching lines @@
 //   SP : address of last argument in argument array.
 //   SP + 4*R4 - 4 : address of first argument in argument array.
 //   SP + 4*R4 : address of return value.
 //   R5 : address of the runtime function to call.
 //   R4 : number of arguments to the call.
 void StubCode::GenerateCallToRuntimeStub(Assembler* assembler) {
   const intptr_t thread_offset = NativeArguments::thread_offset();
   const intptr_t argc_tag_offset = NativeArguments::argc_tag_offset();
   const intptr_t argv_offset = NativeArguments::argv_offset();
   const intptr_t retval_offset = NativeArguments::retval_offset();
-  const intptr_t exitframe_last_param_slot_from_fp = 2;
 
   __ EnterStubFrame();
 
-  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R9)) != 0);
-  __ LoadIsolate(R9);
+  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R7)) != 0);
+  __ LoadIsolate(R7);
 
   // Save exit frame information to enable stack walking as we are about
   // to transition to Dart VM C++ code.
   __ StoreToOffset(kWord, FP, THR, Thread::top_exit_frame_info_offset());
 
 #if defined(DEBUG)
   { Label ok;
     // Check that we are always entering from Dart code.
-    __ LoadFromOffset(kWord, R6, R9, Isolate::vm_tag_offset());
+    __ LoadFromOffset(kWord, R6, R7, Isolate::vm_tag_offset());
     __ CompareImmediate(R6, VMTag::kDartTagId);
     __ b(&ok, EQ);
     __ Stop("Not coming from Dart code.");
     __ Bind(&ok);
   }
 #endif
 
   // Mark that the isolate is executing VM code.
-  __ StoreToOffset(kWord, R5, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R5, R7, Isolate::vm_tag_offset());
 
   // Reserve space for arguments and align frame before entering C++ world.
   // NativeArguments are passed in registers.
   ASSERT(sizeof(NativeArguments) == 4 * kWordSize);
   __ ReserveAlignedFrameSpace(0);
 
   // Pass NativeArguments structure by value and call runtime.
   // Registers R0, R1, R2, and R3 are used.
 
   ASSERT(thread_offset == 0 * kWordSize);
   // Set thread in NativeArgs.
   __ mov(R0, Operand(THR));
 
   // There are no runtime calls to closures, so we do not need to set the tag
   // bits kClosureFunctionBit and kInstanceFunctionBit in argc_tag_.
   ASSERT(argc_tag_offset == 1 * kWordSize);
   __ mov(R1, Operand(R4));  // Set argc in NativeArguments.
 
   ASSERT(argv_offset == 2 * kWordSize);
   __ add(R2, FP, Operand(R4, LSL, 2));  // Compute argv.
   // Set argv in NativeArguments.
-  __ AddImmediate(R2, exitframe_last_param_slot_from_fp * kWordSize);
+  __ AddImmediate(R2, kParamEndSlotFromFp * kWordSize);
 
   ASSERT(retval_offset == 3 * kWordSize);
   __ add(R3, R2, Operand(kWordSize));  // Retval is next to 1st argument.
 
   // Call runtime or redirection via simulator.
   __ blx(R5);
 
   // Mark that the isolate is executing Dart code.
   __ LoadImmediate(R2, VMTag::kDartTagId);
-  __ StoreToOffset(kWord, R2, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R2, R7, Isolate::vm_tag_offset());
 
   // Reset exit frame information in Isolate structure.
   __ LoadImmediate(R2, 0);
   __ StoreToOffset(kWord, R2, THR, Thread::top_exit_frame_info_offset());
 
   __ LeaveStubFrame();
   __ Ret();
 }
 
 
@@ skipping 23 matching lines @@
 //   R2 : address of first argument in argument array.
 //   R1 : argc_tag including number of arguments and function kind.
 void StubCode::GenerateCallNativeCFunctionStub(Assembler* assembler) {
   const intptr_t thread_offset = NativeArguments::thread_offset();
   const intptr_t argc_tag_offset = NativeArguments::argc_tag_offset();
   const intptr_t argv_offset = NativeArguments::argv_offset();
   const intptr_t retval_offset = NativeArguments::retval_offset();
 
   __ EnterStubFrame();
 
-  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R9)) != 0);
-  __ LoadIsolate(R9);
+  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R7)) != 0);
+  __ LoadIsolate(R7);
 
   // Save exit frame information to enable stack walking as we are about
   // to transition to native code.
   __ StoreToOffset(kWord, FP, THR, Thread::top_exit_frame_info_offset());
 
 #if defined(DEBUG)
   { Label ok;
     // Check that we are always entering from Dart code.
-    __ LoadFromOffset(kWord, R6, R9, Isolate::vm_tag_offset());
+    __ LoadFromOffset(kWord, R6, R7, Isolate::vm_tag_offset());
     __ CompareImmediate(R6, VMTag::kDartTagId);
     __ b(&ok, EQ);
     __ Stop("Not coming from Dart code.");
     __ Bind(&ok);
   }
 #endif
 
   // Mark that the isolate is executing Native code.
-  __ StoreToOffset(kWord, R5, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R5, R7, Isolate::vm_tag_offset());
 
   // Reserve space for the native arguments structure passed on the stack (the
   // outgoing pointer parameter to the native arguments structure is passed in
   // R0) and align frame before entering the C++ world.
   __ ReserveAlignedFrameSpace(sizeof(NativeArguments));
 
   // Initialize NativeArguments structure and call native function.
   // Registers R0, R1, R2, and R3 are used.
 
   ASSERT(thread_offset == 0 * kWordSize);
   // Set thread in NativeArgs.
   __ mov(R0, Operand(THR));
 
   // There are no native calls to closures, so we do not need to set the tag
   // bits kClosureFunctionBit and kInstanceFunctionBit in argc_tag_.
   ASSERT(argc_tag_offset == 1 * kWordSize);
   // Set argc in NativeArguments: R1 already contains argc.
 
   ASSERT(argv_offset == 2 * kWordSize);
   // Set argv in NativeArguments: R2 already contains argv.
 
   ASSERT(retval_offset == 3 * kWordSize);
-  __ add(R3, FP, Operand(3 * kWordSize));  // Set retval in NativeArgs.
+  // Set retval in NativeArgs.
+  __ add(R3, FP, Operand(kCallerSpSlotFromFp * kWordSize));
 
   // Passing the structure by value as in runtime calls would require changing
   // Dart API for native functions.
   // For now, space is reserved on the stack and we pass a pointer to it.
   __ stm(IA, SP,  (1 << R0) | (1 << R1) | (1 << R2) | (1 << R3));
   __ mov(R0, Operand(SP));  // Pass the pointer to the NativeArguments.
 
   __ mov(R1, Operand(R5));  // Pass the function entrypoint to call.
   // Call native function invocation wrapper or redirection via simulator.
 #if defined(USING_SIMULATOR)
   uword entry = reinterpret_cast<uword>(NativeEntry::NativeCallWrapper);
-  entry = Simulator::RedirectExternalReference(
-      entry, Simulator::kNativeCall, NativeEntry::kNumCallWrapperArguments);
-  __ LoadImmediate(R2, entry);
+  const ExternalLabel label(Simulator::RedirectExternalReference(
+      entry, Simulator::kNativeCall, NativeEntry::kNumCallWrapperArguments));
+  __ LoadExternalLabel(R2, &label, kNotPatchable);
   __ blx(R2);
 #else
-  __ BranchLink(&NativeEntry::NativeCallWrapperLabel(), kNotPatchable);
+  __ LoadExternalLabel(
+      LR, &NativeEntry::NativeCallWrapperLabel(), kNotPatchable);
+  __ blx(LR);
 #endif
 
   // Mark that the isolate is executing Dart code.
   __ LoadImmediate(R2, VMTag::kDartTagId);
-  __ StoreToOffset(kWord, R2, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R2, R7, Isolate::vm_tag_offset());
 
   // Reset exit frame information in Isolate structure.
   __ LoadImmediate(R2, 0);
   __ StoreToOffset(kWord, R2, THR, Thread::top_exit_frame_info_offset());
 
   __ LeaveStubFrame();
   __ Ret();
 }
 
 
 // Input parameters:
 //   LR : return address.
 //   SP : address of return value.
 //   R5 : address of the native function to call.
 //   R2 : address of first argument in argument array.
 //   R1 : argc_tag including number of arguments and function kind.
 void StubCode::GenerateCallBootstrapCFunctionStub(Assembler* assembler) {
   const intptr_t thread_offset = NativeArguments::thread_offset();
   const intptr_t argc_tag_offset = NativeArguments::argc_tag_offset();
   const intptr_t argv_offset = NativeArguments::argv_offset();
   const intptr_t retval_offset = NativeArguments::retval_offset();
 
   __ EnterStubFrame();
 
-  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R9)) != 0);
-  __ LoadIsolate(R9);
+  COMPILE_ASSERT((kAbiPreservedCpuRegs & (1 << R7)) != 0);
+  __ LoadIsolate(R7);
 
   // Save exit frame information to enable stack walking as we are about
   // to transition to native code.
   __ StoreToOffset(kWord, FP, THR, Thread::top_exit_frame_info_offset());
 
 #if defined(DEBUG)
   { Label ok;
     // Check that we are always entering from Dart code.
-    __ LoadFromOffset(kWord, R6, R9, Isolate::vm_tag_offset());
+    __ LoadFromOffset(kWord, R6, R7, Isolate::vm_tag_offset());
     __ CompareImmediate(R6, VMTag::kDartTagId);
     __ b(&ok, EQ);
     __ Stop("Not coming from Dart code.");
     __ Bind(&ok);
   }
 #endif
 
   // Mark that the isolate is executing Native code.
-  __ StoreToOffset(kWord, R5, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R5, R7, Isolate::vm_tag_offset());
 
   // Reserve space for the native arguments structure passed on the stack (the
   // outgoing pointer parameter to the native arguments structure is passed in
   // R0) and align frame before entering the C++ world.
   __ ReserveAlignedFrameSpace(sizeof(NativeArguments));
 
   // Initialize NativeArguments structure and call native function.
   // Registers R0, R1, R2, and R3 are used.
 
   ASSERT(thread_offset == 0 * kWordSize);
   // Set thread in NativeArgs.
   __ mov(R0, Operand(THR));
 
   // There are no native calls to closures, so we do not need to set the tag
   // bits kClosureFunctionBit and kInstanceFunctionBit in argc_tag_.
   ASSERT(argc_tag_offset == 1 * kWordSize);
   // Set argc in NativeArguments: R1 already contains argc.
 
   ASSERT(argv_offset == 2 * kWordSize);
   // Set argv in NativeArguments: R2 already contains argv.
 
   ASSERT(retval_offset == 3 * kWordSize);
-  __ add(R3, FP, Operand(3 * kWordSize));  // Set retval in NativeArgs.
+  // Set retval in NativeArgs.
+  __ add(R3, FP, Operand(kCallerSpSlotFromFp * kWordSize));
 
   // Passing the structure by value as in runtime calls would require changing
   // Dart API for native functions.
   // For now, space is reserved on the stack and we pass a pointer to it.
   __ stm(IA, SP,  (1 << R0) | (1 << R1) | (1 << R2) | (1 << R3));
   __ mov(R0, Operand(SP));  // Pass the pointer to the NativeArguments.
 
   // Call native function or redirection via simulator.
   __ blx(R5);
 
   // Mark that the isolate is executing Dart code.
   __ LoadImmediate(R2, VMTag::kDartTagId);
-  __ StoreToOffset(kWord, R2, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R2, R7, Isolate::vm_tag_offset());
 
   // Reset exit frame information in Isolate structure.
   __ LoadImmediate(R2, 0);
   __ StoreToOffset(kWord, R2, THR, Thread::top_exit_frame_info_offset());
 
   __ LeaveStubFrame();
   __ Ret();
 }
 
 
 // Input parameters:
 //   R4: arguments descriptor array.
 void StubCode::GenerateCallStaticFunctionStub(Assembler* assembler) {
   // Create a stub frame as we are pushing some objects on the stack before
   // calling into the runtime.
   __ EnterStubFrame();
   // Setup space on stack for return value and preserve arguments descriptor.
   __ LoadObject(R0, Object::null_object());
   __ PushList((1 << R0) | (1 << R4));
   __ CallRuntime(kPatchStaticCallRuntimeEntry, 0);
   // Get Code object result and restore arguments descriptor array.
   __ PopList((1 << R0) | (1 << R4));
   // Remove the stub frame.
   __ LeaveStubFrame();
   // Jump to the dart function.
+  __ mov(CODE_REG, Operand(R0));
   __ ldr(R0, FieldAddress(R0, Code::entry_point_offset()));
   __ bx(R0);
 }
 
 
 // Called from a static call only when an invalid code has been entered
 // (invalid because its function was optimized or deoptimized).
 // R4: arguments descriptor array.
 void StubCode::GenerateFixCallersTargetStub(Assembler* assembler) {
+  // Load code pointer to this stub from the thread:
+  // The one that is passed in, is not correct - it points to the code object
+  // that needs to be replaced.
+  __ ldr(CODE_REG, Address(THR, Thread::fix_callers_target_code_offset()));
   // Create a stub frame as we are pushing some objects on the stack before
   // calling into the runtime.
   __ EnterStubFrame();
   // Setup space on stack for return value and preserve arguments descriptor.
   __ LoadObject(R0, Object::null_object());
   __ PushList((1 << R0) | (1 << R4));
   __ CallRuntime(kFixCallersTargetRuntimeEntry, 0);
   // Get Code object result and restore arguments descriptor array.
   __ PopList((1 << R0) | (1 << R4));
   // Remove the stub frame.
   __ LeaveStubFrame();
   // Jump to the dart function.
+  __ mov(CODE_REG, Operand(R0));
   __ ldr(R0, FieldAddress(R0, Code::entry_point_offset()));
   __ bx(R0);
 }
 
 
 // Called from object allocate instruction when the allocation stub has been
 // disabled.
 void StubCode::GenerateFixAllocationStubTargetStub(Assembler* assembler) {
+  // Load code pointer to this stub from the thread:
+  // The one that is passed in, is not correct - it points to the code object
+  // that needs to be replaced.
+  __ ldr(CODE_REG, Address(THR, Thread::fix_allocation_stub_code_offset()));
   __ EnterStubFrame();
   // Setup space on stack for return value.
   __ LoadObject(R0, Object::null_object());
   __ Push(R0);
   __ CallRuntime(kFixAllocationStubTargetRuntimeEntry, 0);
   // Get Code object result.
   __ Pop(R0);
   // Remove the stub frame.
   __ LeaveStubFrame();
   // Jump to the dart function.
+  __ mov(CODE_REG, Operand(R0));
   __ ldr(R0, FieldAddress(R0, Code::entry_point_offset()));
   __ bx(R0);
 }
 
 
 // Input parameters:
 //   R2: smi-tagged argument count, may be zero.
 //   FP[kParamEndSlotFromFp + 1]: last argument.
 static void PushArgumentsArray(Assembler* assembler) {
   // Allocate array to store arguments of caller.
@@ skipping 33 matching lines @@
 // - Materialize objects that require allocation (e.g. Double instances).
 // GC can occur only after frame is fully rewritten.
 // Stack after EnterFrame(...) below:
 //   +------------------+
 //   | Saved PP         | <- TOS
 //   +------------------+
 //   | Saved FP         | <- FP of stub
 //   +------------------+
 //   | Saved LR         |  (deoptimization point)
 //   +------------------+
-//   | PC marker        |
+//   | pc marker        |
+//   +------------------+
+//   | Saved CODE_REG   |
 //   +------------------+
 //   | ...              | <- SP of optimized frame
 //
 // Parts of the code cannot GC, part of the code can GC.
 static void GenerateDeoptimizationSequence(Assembler* assembler,
-                                           bool preserve_result) {
+                                           DeoptStubKind kind) {
   // DeoptimizeCopyFrame expects a Dart frame, i.e. EnterDartFrame(0), but there
   // is no need to set the correct PC marker or load PP, since they get patched.
 
   // IP has the potentially live LR value. LR was clobbered by the call with
   // the return address, so move it into IP to set up the Dart frame.
   __ eor(IP, IP, Operand(LR));
   __ eor(LR, IP, Operand(LR));
   __ eor(IP, IP, Operand(LR));
 
-  // Set up the frame manually. We can't use EnterFrame because we can't
-  // clobber LR (or any other register) with 0, yet.
-  __ sub(SP, SP, Operand(kWordSize));  // Make room for PC marker of 0.
-  __ Push(IP);  // Push return address.
-  __ Push(FP);
-  __ mov(FP, Operand(SP));
-  __ Push(PP);
-
+  // Set up the frame manually with return address now stored in IP.
+  __ EnterFrame((1 << PP) | (1 << CODE_REG) | (1 << FP) | (1 << IP), 0);
   __ LoadPoolPointer();
 
-  // Now that IP holding the return address has been written to the stack,
-  // we can clobber it with 0 to write the null PC marker.
-  __ mov(IP, Operand(0));
-  __ str(IP, Address(SP, +3 * kWordSize));
-
   // The code in this frame may not cause GC. kDeoptimizeCopyFrameRuntimeEntry
   // and kDeoptimizeFillFrameRuntimeEntry are leaf runtime calls.
   const intptr_t saved_result_slot_from_fp =
       kFirstLocalSlotFromFp + 1 - (kNumberOfCpuRegisters - R0);
   // Result in R0 is preserved as part of pushing all registers below.
 
   // Push registers in their enumeration order: lowest register number at
   // lowest address.
-  __ PushList(kAllCpuRegistersList);
+  for (intptr_t i = kNumberOfCpuRegisters - 1; i >= 0; --i) {
+    if (i == CODE_REG) {
+      // Save the original value of CODE_REG pushed before invoking this stub
+      // instead of the value used to call this stub.
+      COMPILE_ASSERT(IP > CODE_REG);  // Assert IP is pushed first.
+      __ ldr(IP, Address(FP, kCallerSpSlotFromFp * kWordSize));
+      __ Push(IP);
+    } else {
+      __ Push(static_cast<Register>(i));
+    }
+  }
 
   if (TargetCPUFeatures::vfp_supported()) {
     ASSERT(kFpuRegisterSize == 4 * kWordSize);
     if (kNumberOfDRegisters > 16) {
       __ vstmd(DB_W, SP, D16, kNumberOfDRegisters - 16);
       __ vstmd(DB_W, SP, D0, 16);
     } else {
       __ vstmd(DB_W, SP, D0, kNumberOfDRegisters);
     }
   } else {
     __ AddImmediate(SP, SP, -kNumberOfFpuRegisters * kFpuRegisterSize);
   }
 
   __ mov(R0, Operand(SP));  // Pass address of saved registers block.
+  __ mov(R1, Operand(kind == kLazyDeopt ? 1 : 0));
   __ ReserveAlignedFrameSpace(0);
-  __ CallRuntime(kDeoptimizeCopyFrameRuntimeEntry, 1);
+  __ CallRuntime(kDeoptimizeCopyFrameRuntimeEntry, 2);
   // Result (R0) is stack-size (FP - SP) in bytes.
 
+  const bool preserve_result = (kind == kLazyDeopt);
   if (preserve_result) {
     // Restore result into R1 temporarily.
     __ ldr(R1, Address(FP, saved_result_slot_from_fp * kWordSize));
   }
 
+  __ RestoreCodePointer();
   __ LeaveDartFrame();
   __ sub(SP, FP, Operand(R0));
 
   // DeoptimizeFillFrame expects a Dart frame, i.e. EnterDartFrame(0), but there
   // is no need to set the correct PC marker or load PP, since they get patched.
   __ EnterStubFrame();
   __ mov(R0, Operand(FP));  // Get last FP address.
   if (preserve_result) {
     __ Push(R1);  // Preserve result as first local.
   }
   __ ReserveAlignedFrameSpace(0);
   __ CallRuntime(kDeoptimizeFillFrameRuntimeEntry, 1);  // Pass last FP in R0.
   if (preserve_result) {
     // Restore result into R1.
     __ ldr(R1, Address(FP, kFirstLocalSlotFromFp * kWordSize));
   }
   // Code above cannot cause GC.
+  __ RestoreCodePointer();
   __ LeaveStubFrame();
 
   // Frame is fully rewritten at this point and it is safe to perform a GC.
   // Materialize any objects that were deferred by FillFrame because they
   // require allocation.
   // Enter stub frame with loading PP. The caller's PP is not materialized yet.
   __ EnterStubFrame();
   if (preserve_result) {
     __ Push(R1);  // Preserve result, it will be GC-d here.
   }
   __ PushObject(Smi::ZoneHandle());  // Space for the result.
   __ CallRuntime(kDeoptimizeMaterializeRuntimeEntry, 0);
   // Result tells stub how many bytes to remove from the expression stack
   // of the bottom-most frame. They were used as materialization arguments.
   __ Pop(R1);
   if (preserve_result) {
     __ Pop(R0);  // Restore result.
   }
   __ LeaveStubFrame();
   // Remove materialization arguments.
   __ add(SP, SP, Operand(R1, ASR, kSmiTagSize));
   __ Ret();
 }
 
 
 void StubCode::GenerateDeoptimizeLazyStub(Assembler* assembler) {
   // Correct return address to point just after the call that is being
   // deoptimized.
-  __ AddImmediate(LR, -CallPattern::LengthInBytes());
-  GenerateDeoptimizationSequence(assembler, true);  // Preserve R0.
+  __ AddImmediate(LR, -CallPattern::DeoptCallPatternLengthInBytes());
+  // Push zap value instead of CODE_REG for lazy deopt.
+  __ LoadImmediate(IP, 0xf1f1f1f1);
+  __ Push(IP);
+  GenerateDeoptimizationSequence(assembler, kLazyDeopt);
 }
 
 
 void StubCode::GenerateDeoptimizeStub(Assembler* assembler) {
-  GenerateDeoptimizationSequence(assembler, false);  // Don't preserve R0.
+  GenerateDeoptimizationSequence(assembler, kEagerDeopt);
 }
 
 
 static void GenerateDispatcherCode(Assembler* assembler,
                                    Label* call_target_function) {
   __ Comment("NoSuchMethodDispatch");
   // When lazily generated invocation dispatchers are disabled, the
   // miss-handler may return null.
   __ CompareObject(R0, Object::null_object());
   __ b(call_target_function, NE);
@@ skipping 35 matching lines @@
   __ LoadObject(IP, Object::null_object());
   __ PushList((1 << R4) | (1 << R5) | (1 << R6) | (1 << IP));
   __ CallRuntime(kMegamorphicCacheMissHandlerRuntimeEntry, 3);
   // Remove arguments.
   __ Drop(3);
   __ Pop(R0);  // Get result into R0 (target function).
 
   // Restore IC data and arguments descriptor.
   __ PopList((1 << R4) | (1 << R5));
 
+  __ RestoreCodePointer();
   __ LeaveStubFrame();
 
   if (!FLAG_lazy_dispatchers) {
     Label call_target_function;
     GenerateDispatcherCode(assembler, &call_target_function);
     __ Bind(&call_target_function);
   }
 
   // Tail-call to target function.
+  __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
   __ ldr(R2, FieldAddress(R0, Function::entry_point_offset()));
   __ bx(R2);
 }
 
 
 // Called for inline allocation of arrays.
 // Input parameters:
 //   LR: return address.
 //   R1: array element type (either NULL or an instantiated type).
 //   R2: array length as Smi (must be preserved).
@@ skipping 18 matching lines @@
   const intptr_t max_len =
       reinterpret_cast<int32_t>(Smi::New(Array::kMaxElements));
   __ CompareImmediate(R3, max_len);
   __ b(&slow_case, GT);
 
   const intptr_t cid = kArrayCid;
   __ MaybeTraceAllocation(cid, R4, &slow_case,
                           /* inline_isolate = */ false);
 
   const intptr_t fixed_size = sizeof(RawArray) + kObjectAlignment - 1;
-  __ LoadImmediate(R9, fixed_size);
-  __ add(R9, R9, Operand(R3, LSL, 1));  // R3 is  a Smi.
+  __ LoadImmediate(R5, fixed_size);
+  __ add(R5, R5, Operand(R3, LSL, 1));  // R3 is  a Smi.
   ASSERT(kSmiTagShift == 1);
-  __ bic(R9, R9, Operand(kObjectAlignment - 1));
+  __ bic(R5, R5, Operand(kObjectAlignment - 1));
 
-  // R9: Allocation size.
+  // R5: Allocation size.
   Heap::Space space = Heap::SpaceForAllocation(cid);
   __ LoadIsolate(R6);
   __ ldr(R6, Address(R6, Isolate::heap_offset()));
   // Potential new object start.
   __ ldr(R0, Address(R6, Heap::TopOffset(space)));
-  __ adds(R7, R0, Operand(R9));  // Potential next object start.
+  __ adds(R7, R0, Operand(R5));  // Potential next object start.
   __ b(&slow_case, CS);  // Branch if unsigned overflow.
 
   // Check if the allocation fits into the remaining space.
   // R0: potential new object start.
   // R7: potential next object start.
-  // R9: allocation size.
+  // R5: allocation size.
   __ ldr(R3, Address(R6, Heap::EndOffset(space)));
   __ cmp(R7, Operand(R3));
   __ b(&slow_case, CS);
 
   // Successfully allocated the object(s), now update top to point to
   // next object start and initialize the object.
   __ LoadAllocationStatsAddress(R3, cid, /* inline_isolate = */ false);
   __ str(R7, Address(R6, Heap::TopOffset(space)));
   __ add(R0, R0, Operand(kHeapObjectTag));
 
   // Initialize the tags.
   // R0: new object start as a tagged pointer.
   // R3: allocation stats address.
   // R7: new object end address.
-  // R9: allocation size.
+  // R5: allocation size.
   {
     const intptr_t shift = RawObject::kSizeTagPos - kObjectAlignmentLog2;
 
-    __ CompareImmediate(R9, RawObject::SizeTag::kMaxSizeTag);
-    __ mov(R6, Operand(R9, LSL, shift), LS);
+    __ CompareImmediate(R5, RawObject::SizeTag::kMaxSizeTag);
+    __ mov(R6, Operand(R5, LSL, shift), LS);
     __ mov(R6, Operand(0), HI);
 
     // Get the class index and insert it into the tags.
     // R6: size and bit tags.
     __ LoadImmediate(TMP, RawObject::ClassIdTag::encode(cid));
     __ orr(R6, R6, Operand(TMP));
     __ str(R6, FieldAddress(R0, Array::tags_offset()));  // Store tags.
   }
 
   // R0: new object start as a tagged pointer.
   // R7: new object end address.
   // Store the type argument field.
   __ InitializeFieldNoBarrier(R0,
                               FieldAddress(R0, Array::type_arguments_offset()),
                               R1);
 
   // Set the length field.
   __ InitializeFieldNoBarrier(R0,
                               FieldAddress(R0, Array::length_offset()),
                               R2);
 
   // Initialize all array elements to raw_null.
   // R0: new object start as a tagged pointer.
   // R3: allocation stats address.
   // R4, R5: null
   // R6: iterator which initially points to the start of the variable
   // data area to be initialized.
   // R7: new object end address.
-  // R9: allocation size.
+  // R5: allocation size.
+  __ IncrementAllocationStatsWithSize(R3, R5, space);
 
   __ LoadObject(R4, Object::null_object());
   __ mov(R5, Operand(R4));
   __ AddImmediate(R6, R0, sizeof(RawArray) - kHeapObjectTag);
   __ InitializeFieldsNoBarrier(R0, R6, R7, R4, R5);
-  __ IncrementAllocationStatsWithSize(R3, R9, space);
   __ Ret();  // Returns the newly allocated object in R0.
   // Unable to allocate the array using the fast inline code, just call
   // into the runtime.
   __ Bind(&slow_case);
 
   // Create a stub frame as we are pushing some objects on the stack before
   // calling into the runtime.
   __ EnterStubFrame();
   __ LoadObject(IP, Object::null_object());
   // Setup space on stack for return value.
   // Push array length as Smi and element type.
   __ PushList((1 << R1) | (1 << R2) | (1 << IP));
   __ CallRuntime(kAllocateArrayRuntimeEntry, 2);
   // Pop arguments; result is popped in IP.
   __ PopList((1 << R1) | (1 << R2) | (1 << IP));  // R2 is restored.
   __ mov(R0, Operand(IP));
   __ LeaveStubFrame();
   __ Ret();
 }
 
 
 // Called when invoking Dart code from C++ (VM code).
 // Input parameters:
 //   LR : points to return address.
-//   R0 : entrypoint of the Dart function to call.
+//   R0 : code object of the Dart function to call.
 //   R1 : arguments descriptor array.
 //   R2 : arguments array.
 //   R3 : current thread.
 void StubCode::GenerateInvokeDartCodeStub(Assembler* assembler) {
   // Save frame pointer coming in.
   __ EnterFrame((1 << FP) | (1 << LR), 0);
 
+  // Push code object to PC marker slot.
+  __ ldr(IP, Address(R3, Thread::invoke_dart_code_stub_offset()));
+  __ Push(IP);
+
   // Save new context and C++ ABI callee-saved registers.
   __ PushList(kAbiPreservedCpuRegs);
 
   const DRegister firstd = EvenDRegisterOf(kAbiFirstPreservedFpuReg);
   if (TargetCPUFeatures::vfp_supported()) {
     ASSERT(2 * kAbiPreservedFpuRegCount < 16);
     // Save FPU registers. 2 D registers per Q register.
     __ vstmd(DB_W, SP, firstd, 2 * kAbiPreservedFpuRegCount);
   } else {
     __ sub(SP, SP, Operand(kAbiPreservedFpuRegCount * kFpuRegisterSize));
   }
 
-  // We now load the pool pointer(PP) as we are about to invoke dart code and we
-  // could potentially invoke some intrinsic functions which need the PP to be
-  // set up.
-  __ LoadPoolPointer();
-
   // Set up THR, which caches the current thread in Dart code.
   if (THR != R3) {
     __ mov(THR, Operand(R3));
   }
-  __ LoadIsolate(R9);
+  __ LoadIsolate(R7);
 
   // Save the current VMTag on the stack.
-  __ LoadFromOffset(kWord, R5, R9, Isolate::vm_tag_offset());
+  __ LoadFromOffset(kWord, R5, R7, Isolate::vm_tag_offset());
   __ Push(R5);
 
   // Mark that the isolate is executing Dart code.
   __ LoadImmediate(R5, VMTag::kDartTagId);
-  __ StoreToOffset(kWord, R5, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R5, R7, Isolate::vm_tag_offset());
 
   // Save top resource and top exit frame info. Use R4-6 as temporary registers.
   // StackFrameIterator reads the top exit frame info saved in this frame.
   __ LoadFromOffset(kWord, R5, THR, Thread::top_exit_frame_info_offset());
   __ LoadFromOffset(kWord, R4, THR, Thread::top_resource_offset());
   __ LoadImmediate(R6, 0);
   __ StoreToOffset(kWord, R6, THR, Thread::top_resource_offset());
   __ StoreToOffset(kWord, R6, THR, Thread::top_exit_frame_info_offset());
 
   // kExitLinkSlotFromEntryFp must be kept in sync with the code below.
   __ Push(R4);
-  ASSERT(kExitLinkSlotFromEntryFp == -26);
+  ASSERT(kExitLinkSlotFromEntryFp == -27);
   __ Push(R5);
 
   // Load arguments descriptor array into R4, which is passed to Dart code.
   __ ldr(R4, Address(R1, VMHandles::kOffsetOfRawPtrInHandle));
 
   // Load number of arguments into R5.
   __ ldr(R5, FieldAddress(R4, ArgumentsDescriptor::count_offset()));
   __ SmiUntag(R5);
 
   // Compute address of 'arguments array' data area into R2.
   __ ldr(R2, Address(R2, VMHandles::kOffsetOfRawPtrInHandle));
   __ AddImmediate(R2, R2, Array::data_offset() - kHeapObjectTag);
 
   // Set up arguments for the Dart call.
   Label push_arguments;
   Label done_push_arguments;
   __ CompareImmediate(R5, 0);  // check if there are arguments.
   __ b(&done_push_arguments, EQ);
   __ LoadImmediate(R1, 0);
   __ Bind(&push_arguments);
   __ ldr(R3, Address(R2));
   __ Push(R3);
   __ AddImmediate(R2, kWordSize);
   __ AddImmediate(R1, 1);
   __ cmp(R1, Operand(R5));
   __ b(&push_arguments, LT);
   __ Bind(&done_push_arguments);
 
   // Call the Dart code entrypoint.
+  __ LoadImmediate(PP, 0);  // GC safe value into PP.
+  __ ldr(CODE_REG, Address(R0, VMHandles::kOffsetOfRawPtrInHandle));
+  __ ldr(R0, FieldAddress(CODE_REG, Code::entry_point_offset()));
   __ blx(R0);  // R4 is the arguments descriptor array.
 
   // Get rid of arguments pushed on the stack.
   __ AddImmediate(SP, FP, kExitLinkSlotFromEntryFp * kWordSize);
 
-  __ LoadIsolate(R9);
+  __ LoadIsolate(R7);
   // Restore the saved top exit frame info and top resource back into the
   // Isolate structure. Uses R5 as a temporary register for this.
   __ Pop(R5);
   __ StoreToOffset(kWord, R5, THR, Thread::top_exit_frame_info_offset());
   __ Pop(R5);
   __ StoreToOffset(kWord, R5, THR, Thread::top_resource_offset());
 
   // Restore the current VMTag from the stack.
   __ Pop(R4);
-  __ StoreToOffset(kWord, R4, R9, Isolate::vm_tag_offset());
+  __ StoreToOffset(kWord, R4, R7, Isolate::vm_tag_offset());
 
   // Restore C++ ABI callee-saved registers.
   if (TargetCPUFeatures::vfp_supported()) {
     // Restore FPU registers. 2 D registers per Q register.
     __ vldmd(IA_W, SP, firstd, 2 * kAbiPreservedFpuRegCount);
   } else {
     __ AddImmediate(SP, kAbiPreservedFpuRegCount * kFpuRegisterSize);
   }
   // Restore CPU registers.
   __ PopList(kAbiPreservedCpuRegs);
@@ skipping 198 matching lines @@
   // Restore callee-saved registers, tear down frame.
   __ LeaveCallRuntimeFrame();
   __ Ret();
 }
 
 
 // Called for inline allocation of objects.
 // Input parameters:
 //   LR : return address.
 //   SP + 0 : type arguments object (only if class is parameterized).
-// Returns patch_code_pc offset where patching code for disabling the stub
-// has been generated (similar to regularly generated Dart code).
-void StubCode::GenerateAllocationStubForClass(
-    Assembler* assembler, const Class& cls,
-    uword* entry_patch_offset, uword* patch_code_pc_offset) {
-  *entry_patch_offset = assembler->CodeSize();
+void StubCode::GenerateAllocationStubForClass(Assembler* assembler,
+                                              const Class& cls) {
+  // Must load pool pointer before being able to patch.
+  Register new_pp = R7;
+  __ LoadPoolPointer(new_pp);
   // The generated code is different if the class is parameterized.
   const bool is_cls_parameterized = cls.NumTypeArguments() > 0;
   ASSERT(!is_cls_parameterized ||
          (cls.type_arguments_field_offset() != Class::kNoTypeArguments));
   // kInlineInstanceSize is a constant used as a threshold for determining
   // when the object initialization should be done as a loop or as
   // straight line code.
   const int kInlineInstanceSize = 12;
   const intptr_t instance_size = cls.instance_size();
   ASSERT(instance_size > 0);
@@ skipping 105 matching lines @@
     // Push null type arguments.
     __ Push(R2);
   }
   __ CallRuntime(kAllocateObjectRuntimeEntry, 2);  // Allocate object.
   __ Drop(2);  // Pop arguments.
   __ Pop(R0);  // Pop result (newly allocated object).
   // R0: new object
   // Restore the frame pointer.
   __ LeaveStubFrame();
   __ Ret();
-  *patch_code_pc_offset = assembler->CodeSize();
-  __ BranchPatchable(*StubCode::FixAllocationStubTarget_entry());
 }
 
 
 // Called for invoking "dynamic noSuchMethod(Invocation invocation)" function
 // from the entry code of a dart function after an error in passed argument
 // name or number is detected.
 // Input parameters:
 //  LR : return address.
 //  SP : address of last argument.
 //  R4: arguments descriptor array.
@@ skipping 134 matching lines @@
 // - Check if 'num_args' (including receiver) match any IC data group.
 // - Match found -> jump to target.
 // - Match not found -> jump to IC miss.
 void StubCode::GenerateNArgsCheckInlineCacheStub(
     Assembler* assembler,
     intptr_t num_args,
     const RuntimeEntry& handle_ic_miss,
     Token::Kind kind,
     RangeCollectionMode range_collection_mode,
     bool optimized) {
+  __ CheckCodePointer();
   ASSERT(num_args > 0);
 #if defined(DEBUG)
   { Label ok;
     // Check that the IC data array has NumArgsTested() == num_args.
     // 'NumArgsTested' is stored in the least significant bits of 'state_bits'.
     __ ldr(R6, FieldAddress(R5, ICData::state_bits_offset()));
     ASSERT(ICData::NumArgsTestedShift() == 0);  // No shift needed.
     __ and_(R6, R6, Operand(ICData::NumArgsTestedMask()));
     __ CompareImmediate(R6, num_args);
     __ b(&ok, EQ);
@@ skipping 104 matching lines @@
     __ Push(IP);
   }
   // Pass IC data object.
   __ Push(R5);
   __ CallRuntime(handle_ic_miss, num_args + 1);
   // Remove the call arguments pushed earlier, including the IC data object.
   __ Drop(num_args + 1);
   // Pop returned function object into R0.
   // Restore arguments descriptor array and IC data array.
   __ PopList((1 << R0) | (1 << R4) | (1 << R5));
+  if (range_collection_mode == kCollectRanges) {
+    __ RestoreCodePointer();
+  }
   __ LeaveStubFrame();
   Label call_target_function;
   if (!FLAG_lazy_dispatchers) {
     GenerateDispatcherCode(assembler, &call_target_function);
   } else {
     __ b(&call_target_function);
   }
 
   __ Bind(&found);
   // R6: pointer to an IC data check group.
@@ skipping 17 matching lines @@
     __ ldr(R1, Address(SP, 0 * kWordSize));
     if (num_args == 2) {
       __ ldr(R3, Address(SP, 1 * kWordSize));
     }
     __ EnterStubFrame();
     if (num_args == 2) {
       __ PushList((1 << R1) | (1 << R3) | (1 << R5));
     } else {
       __ PushList((1 << R1) | (1 << R5));
     }
+    __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
     __ blx(R2);
 
     Label done;
     __ ldr(R5, Address(FP, kFirstLocalSlotFromFp * kWordSize));
     __ UpdateRangeFeedback(R0, 2, R5, R1, R4, &done);
     __ Bind(&done);
+    __ RestoreCodePointer();
     __ LeaveStubFrame();
     __ Ret();
   } else {
+    __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
     __ bx(R2);
   }
 
   if (FLAG_support_debugger && !optimized) {
     __ Bind(&stepping);
     __ EnterStubFrame();
     __ Push(R5);  // Preserve IC data.
     __ CallRuntime(kSingleStepHandlerRuntimeEntry, 0);
     __ Pop(R5);
+    __ RestoreCodePointer();
     __ LeaveStubFrame();
     __ b(&done_stepping);
   }
 }
 
 
 // Use inline cache data array to invoke the target or continue in inline
 // cache miss handler. Stub for 1-argument check (receiver class).
 //  LR: return address.
 //  R5: inline cache data object.
@@ skipping 130 matching lines @@
     __ adds(R1, R1, Operand(Smi::RawValue(1)));
     __ LoadImmediate(R1, Smi::RawValue(Smi::kMaxValue), VS);  // Overflow.
     __ StoreIntoSmiField(Address(R6, count_offset), R1);
   }
 
   // Load arguments descriptor into R4.
   __ ldr(R4, FieldAddress(R5, ICData::arguments_descriptor_offset()));
 
   // Get function and call it, if possible.
   __ LoadFromOffset(kWord, R0, R6, target_offset);
+  __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
   __ ldr(R2, FieldAddress(R0, Function::entry_point_offset()));
   __ bx(R2);
 
   if (FLAG_support_debugger) {
     __ Bind(&stepping);
     __ EnterStubFrame();
     __ Push(R5);  // Preserve IC data.
     __ CallRuntime(kSingleStepHandlerRuntimeEntry, 0);
     __ Pop(R5);
+    __ RestoreCodePointer();
     __ LeaveStubFrame();
     __ b(&done_stepping);
   }
 }
 
 
 void StubCode::GenerateOneArgUnoptimizedStaticCallStub(Assembler* assembler) {
   GenerateUsageCounterIncrement(assembler, R6);
   GenerateNArgsCheckInlineCacheStub(
       assembler, 1, kStaticCallMissHandlerOneArgRuntimeEntry, Token::kILLEGAL,
@@ skipping 16 matching lines @@
 void StubCode::GenerateLazyCompileStub(Assembler* assembler) {
   // Preserve arg desc. and IC data object.
   __ EnterStubFrame();
   __ PushList((1 << R4) | (1 << R5));
   __ Push(R0);  // Pass function.
   __ CallRuntime(kCompileFunctionRuntimeEntry, 1);
   __ Pop(R0);  // Restore argument.
   __ PopList((1 << R4) | (1 << R5));  // Restore arg desc. and IC data.
   __ LeaveStubFrame();
 
+  __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
   __ ldr(R2, FieldAddress(R0, Function::entry_point_offset()));
   __ bx(R2);
 }
 
 
 // R5: Contains an ICData.
 void StubCode::GenerateICCallBreakpointStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ LoadObject(R0, Object::null_object());
   // Preserve arguments descriptor and make room for result.
   __ PushList((1 << R0) | (1 << R5));
   __ CallRuntime(kBreakpointRuntimeHandlerRuntimeEntry, 0);
   __ PopList((1 << R0) | (1 << R5));
   __ LeaveStubFrame();
+  __ mov(CODE_REG, Operand(R0));
+  __ ldr(R0, FieldAddress(CODE_REG, Code::entry_point_offset()));
   __ bx(R0);
 }
 
 
 void StubCode::GenerateRuntimeCallBreakpointStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ LoadObject(R0, Object::null_object());
   // Make room for result.
   __ PushList((1 << R0));
   __ CallRuntime(kBreakpointRuntimeHandlerRuntimeEntry, 0);
-  __ PopList((1 << R0));
+  __ PopList((1 << CODE_REG));
   __ LeaveStubFrame();
+  __ ldr(R0, FieldAddress(CODE_REG, Code::entry_point_offset()));
   __ bx(R0);
 }
 
 
 // Called only from unoptimized code. All relevant registers have been saved.
 void StubCode::GenerateDebugStepCheckStub(
     Assembler* assembler) {
   // Check single stepping.
   Label stepping, done_stepping;
   __ LoadIsolate(R1);
@@ skipping 159 matching lines @@
 void StubCode::GenerateOptimizeFunctionStub(Assembler* assembler) {
   __ EnterStubFrame();
   __ Push(R4);
   __ LoadObject(IP, Object::null_object());
   __ Push(IP);  // Setup space on stack for return value.
   __ Push(R6);
   __ CallRuntime(kOptimizeInvokedFunctionRuntimeEntry, 1);
   __ Pop(R0);  // Discard argument.
   __ Pop(R0);  // Get Code object
   __ Pop(R4);  // Restore argument descriptor.
+  __ LeaveStubFrame();
+  __ mov(CODE_REG, Operand(R0));
   __ ldr(R0, FieldAddress(R0, Code::entry_point_offset()));
-  __ LeaveStubFrame();
   __ bx(R0);
   __ bkpt(0);
 }
 
 
 // Does identical check (object references are equal or not equal) with special
 // checks for boxed numbers.
 // LR: return address.
 // Return Zero condition flag set if equal.
 // Note: A Mint cannot contain a value that would fit in Smi, a Bigint
@@ skipping 81 matching lines @@
   const Register right = R0;
   __ ldr(left, Address(SP, 1 * kWordSize));
   __ ldr(right, Address(SP, 0 * kWordSize));
   GenerateIdenticalWithNumberCheckStub(assembler, left, right, temp);
   __ Ret();
 
   if (FLAG_support_debugger) {
     __ Bind(&stepping);
     __ EnterStubFrame();
     __ CallRuntime(kSingleStepHandlerRuntimeEntry, 0);
+    __ RestoreCodePointer();
     __ LeaveStubFrame();
     __ b(&done_stepping);
   }
 }
 
 
 // Called from optimized code only.
 // LR: return address.
 // SP + 4: left operand.
 // SP + 0: right operand.
@@ skipping 39 matching lines @@
   __ cmp(R4, Operand(R0));
   __ b(&update, NE);
 
   __ Bind(&call_target_function);
   // Call the target found in the cache.  For a class id match, this is a
   // proper target for the given name and arguments descriptor.  If the
   // illegal class id was found, the target is a cache miss handler that can
   // be invoked as a normal Dart function.
   __ add(IP, R2, Operand(R3, LSL, 2));
   __ ldr(R0, FieldAddress(IP, base + kWordSize));
+  __ ldr(CODE_REG, FieldAddress(R0, Function::code_offset()));
   __ ldr(target, FieldAddress(R0, Function::entry_point_offset()));
 }
 
 
 // Called from megamorphic calls.
 //  R0: receiver.
 //  R1: lookup cache.
 // Result:
 //  R1: entry point.
 void StubCode::GenerateMegamorphicLookupStub(Assembler* assembler) {
   EmitMegamorphicLookup(assembler, R0, R1, R1);
   __ Ret();
 }
 
 }  // namespace dart
 
 #endif  // defined TARGET_ARCH_ARM