Experimental parser: merge r19949

src/a64/builtins-a64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 131 matching lines @@
   if (FLAG_debug_code) {
     // Initial map for the builtin Array functions should be maps.
     __ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset));
     __ Tst(x10, kSmiTagMask);
     __ Assert(ne, kUnexpectedInitialMapForArrayFunction);
     __ CompareObjectType(x10, x11, x12, MAP_TYPE);
     __ Assert(eq, kUnexpectedInitialMapForArrayFunction);
   }
 
   // Run the native code for the Array function called as a normal function.
-  Handle<Object> undefined_sentinel(
-      masm->isolate()->heap()->undefined_value(),
-      masm->isolate());
-  __ Mov(x2, Operand(undefined_sentinel));
+  Handle<Object> megamorphic_sentinel =
+      TypeFeedbackInfo::MegamorphicSentinel(masm->isolate());
+  __ Mov(x2, Operand(megamorphic_sentinel));
   ArrayConstructorStub stub(masm->isolate());
   __ TailCallStub(&stub);
 }
 
 
 void Builtins::Generate_StringConstructCode(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- x0                     : number of arguments
   //  -- x1                     : constructor function
   //  -- lr                     : return address
@@ skipping 10 matching lines @@
     __ LoadGlobalFunction(Context::STRING_FUNCTION_INDEX, x10);
     __ Cmp(function, x10);
     __ Assert(eq, kUnexpectedStringFunction);
   }
 
   // Load the first arguments in x0 and get rid of the rest.
   Label no_arguments;
   __ Cbz(argc, &no_arguments);
   // First args = sp[(argc - 1) * 8].
   __ Sub(argc, argc, 1);
-  __ Claim(argc, kXRegSizeInBytes);
+  __ Claim(argc, kXRegSize);
   // jssp now point to args[0], load and drop args[0] + receiver.
-  // TODO(jbramley): Consider adding ClaimAndPoke.
-  __ Ldr(argc, MemOperand(jssp, 2 * kPointerSize, PostIndex));
+  Register arg = argc;
+  __ Ldr(arg, MemOperand(jssp, 2 * kPointerSize, PostIndex));
+  argc = NoReg;
 
   Register argument = x2;
   Label not_cached, argument_is_string;
-  __ LookupNumberStringCache(argc,       // Input.
+  __ LookupNumberStringCache(arg,        // Input.
                              argument,   // Result.
                              x10,        // Scratch.
                              x11,        // Scratch.
                              x12,        // Scratch.
                              &not_cached);
   __ IncrementCounter(counters->string_ctor_cached_number(), 1, x10, x11);
   __ Bind(&argument_is_string);
 
   // ----------- S t a t e -------------
   //  -- x2     : argument converted to string
@@ skipping 27 matching lines @@
 
   // Ensure the object is fully initialized.
   STATIC_ASSERT(JSValue::kSize == (4 * kPointerSize));
 
   __ Ret();
 
   // The argument was not found in the number to string cache. Check
   // if it's a string already before calling the conversion builtin.
   Label convert_argument;
   __ Bind(&not_cached);
-  __ JumpIfSmi(argc, &convert_argument);
+  __ JumpIfSmi(arg, &convert_argument);
 
   // Is it a String?
   __ Ldr(x10, FieldMemOperand(x0, HeapObject::kMapOffset));
   __ Ldrb(x11, FieldMemOperand(x10, Map::kInstanceTypeOffset));
   __ Tbnz(x11, MaskToBit(kIsNotStringMask), &convert_argument);
-  __ Mov(argument, argc);
+  __ Mov(argument, arg);
   __ IncrementCounter(counters->string_ctor_string_value(), 1, x10, x11);
   __ B(&argument_is_string);
 
   // Invoke the conversion builtin and put the result into x2.
   __ Bind(&convert_argument);
   __ Push(function);  // Preserve the function.
   __ IncrementCounter(counters->string_ctor_conversions(), 1, x10, x11);
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
-    __ Push(argc);
+    __ Push(arg);
     __ InvokeBuiltin(Builtins::TO_STRING, CALL_FUNCTION);
   }
   __ Pop(function);
   __ Mov(argument, x0);
   __ B(&argument_is_string);
 
   // Load the empty string into x2, remove the receiver from the
   // stack, and jump back to the case where the argument is a string.
   __ Bind(&no_arguments);
   __ LoadRoot(argument, Heap::kempty_stringRootIndex);
@@ skipping 140 matching lines @@
       Register new_obj = x4;
       __ Ldrb(obj_size, FieldMemOperand(init_map, Map::kInstanceSizeOffset));
       __ Allocate(obj_size, new_obj, x10, x11, &rt_call, SIZE_IN_WORDS);
 
       // Allocated the JSObject, now initialize the fields. Map is set to
       // initial map and properties and elements are set to empty fixed array.
       // NB. the object pointer is not tagged, so MemOperand is used.
       Register empty = x5;
       __ LoadRoot(empty, Heap::kEmptyFixedArrayRootIndex);
       __ Str(init_map, MemOperand(new_obj, JSObject::kMapOffset));
-      __ Str(empty, MemOperand(new_obj, JSObject::kPropertiesOffset));
-      __ Str(empty, MemOperand(new_obj, JSObject::kElementsOffset));
+      STATIC_ASSERT(JSObject::kElementsOffset ==
+          (JSObject::kPropertiesOffset + kPointerSize));
+      __ Stp(empty, empty, MemOperand(new_obj, JSObject::kPropertiesOffset));
 
       Register first_prop = x5;
       __ Add(first_prop, new_obj, JSObject::kHeaderSize);
 
       // Fill all of the in-object properties with the appropriate filler.
-      Register obj_end = x6;
-      __ Add(obj_end, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
       Register undef = x7;
       __ LoadRoot(undef, Heap::kUndefinedValueRootIndex);
 
       // Obtain number of pre-allocated property fields and in-object
       // properties.
       Register prealloc_fields = x10;
       Register inobject_props = x11;
       Register inst_sizes = x11;
       __ Ldr(inst_sizes, FieldMemOperand(init_map, Map::kInstanceSizesOffset));
       __ Ubfx(prealloc_fields, inst_sizes,
               Map::kPreAllocatedPropertyFieldsByte * kBitsPerByte,
               kBitsPerByte);
       __ Ubfx(inobject_props, inst_sizes,
               Map::kInObjectPropertiesByte * kBitsPerByte, kBitsPerByte);
 
+      // Calculate number of property fields in the object.
+      Register prop_fields = x6;
+      __ Sub(prop_fields, obj_size, JSObject::kHeaderSize / kPointerSize);
+
       if (count_constructions) {
+        // Fill the pre-allocated fields with undef.
+        __ FillFields(first_prop, prealloc_fields, undef);
+
         // Register first_non_prealloc is the offset of the first field after
         // pre-allocated fields.
         Register first_non_prealloc = x12;
         __ Add(first_non_prealloc, first_prop,
                Operand(prealloc_fields, LSL, kPointerSizeLog2));
 
+        first_prop = NoReg;
+
         if (FLAG_debug_code) {
+          Register obj_end = x5;
+          __ Add(obj_end, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
           __ Cmp(first_non_prealloc, obj_end);
           __ Assert(le, kUnexpectedNumberOfPreAllocatedPropertyFields);
         }
-        __ InitializeFieldsWithFiller(first_prop, first_non_prealloc, undef);
-        // To allow for truncation.
-        __ LoadRoot(x12, Heap::kOnePointerFillerMapRootIndex);
-        __ InitializeFieldsWithFiller(first_prop, obj_end, x12);
+
+        // Fill the remaining fields with one pointer filler map.
+        Register one_pointer_filler = x5;
+        Register non_prealloc_fields = x6;
+        __ LoadRoot(one_pointer_filler, Heap::kOnePointerFillerMapRootIndex);
+        __ Sub(non_prealloc_fields, prop_fields, prealloc_fields);
+        __ FillFields(first_non_prealloc, non_prealloc_fields,
+                      one_pointer_filler);
+        prop_fields = NoReg;
       } else {
-        __ InitializeFieldsWithFiller(first_prop, obj_end, undef);
+        // Fill all of the property fields with undef.
+        __ FillFields(first_prop, prop_fields, undef);
+        first_prop = NoReg;
+        prop_fields = NoReg;
       }
 
       // Add the object tag to make the JSObject real, so that we can continue
       // and jump into the continuation code at any time from now on. Any
       // failures need to undo the allocation, so that the heap is in a
       // consistent state and verifiable.
       __ Add(new_obj, new_obj, kHeapObjectTag);
 
       // Check if a non-empty properties array is needed. Continue with
       // allocated object if not, or fall through to runtime call if it is.
       Register element_count = x3;
-      __ Ldrb(x3, FieldMemOperand(init_map, Map::kUnusedPropertyFieldsOffset));
+      __ Ldrb(element_count,
+              FieldMemOperand(init_map, Map::kUnusedPropertyFieldsOffset));
       // The field instance sizes contains both pre-allocated property fields
       // and in-object properties.
-      __ Add(x3, x3, prealloc_fields);
-      __ Subs(element_count, x3, inobject_props);
+      __ Add(element_count, element_count, prealloc_fields);
+      __ Subs(element_count, element_count, inobject_props);
 
       // Done if no extra properties are to be allocated.
       __ B(eq, &allocated);
       __ Assert(pl, kPropertyAllocationCountFailed);
 
       // Scale the number of elements by pointer size and add the header for
       // FixedArrays to the start of the next object calculation from above.
       Register new_array = x5;
       Register array_size = x6;
       __ Add(array_size, element_count, FixedArray::kHeaderSize / kPointerSize);
       __ Allocate(array_size, new_array, x11, x12, &undo_allocation,
                   static_cast<AllocationFlags>(RESULT_CONTAINS_TOP |
                                                SIZE_IN_WORDS));
 
       Register array_map = x10;
       __ LoadRoot(array_map, Heap::kFixedArrayMapRootIndex);
       __ Str(array_map, MemOperand(new_array, FixedArray::kMapOffset));
       __ SmiTag(x0, element_count);
       __ Str(x0, MemOperand(new_array, FixedArray::kLengthOffset));
 
       // Initialize the fields to undefined.
       Register elements = x10;
-      Register elements_end  = x11;
       __ Add(elements, new_array, FixedArray::kHeaderSize);
-      __ Add(elements_end, elements,
-             Operand(element_count, LSL, kPointerSizeLog2));
-      __ InitializeFieldsWithFiller(elements, elements_end, undef);
+      __ FillFields(elements, element_count, undef);
 
       // Store the initialized FixedArray into the properties field of the
       // JSObject.
       __ Add(new_array, new_array, kHeapObjectTag);
       __ Str(new_array, FieldMemOperand(new_obj, JSObject::kPropertiesOffset));
 
       // Continue with JSObject being successfully allocated.
       __ B(&allocated);
 
       // Undo the setting of the new top so that the heap is verifiable. For
@@ skipping 13 matching lines @@
     // x4: JSObject
     __ Bind(&allocated);
     __ Push(x4, x4);
 
     // Reload the number of arguments from the stack.
     // Set it up in x0 for the function call below.
     // jssp[0]: receiver
     // jssp[1]: receiver
     // jssp[2]: constructor function
     // jssp[3]: number of arguments (smi-tagged)
-    __ Peek(constructor, 2 * kXRegSizeInBytes);  // Load constructor.
-    __ Peek(argc, 3 * kXRegSizeInBytes);  // Load number of arguments.
+    __ Peek(constructor, 2 * kXRegSize);  // Load constructor.
+    __ Peek(argc, 3 * kXRegSize);  // Load number of arguments.
     __ SmiUntag(argc);
 
     // Set up pointer to last argument.
     __ Add(x2, fp, StandardFrameConstants::kCallerSPOffset);
 
     // Copy arguments and receiver to the expression stack.
     // Copy 2 values every loop to use ldp/stp.
     // x0: number of arguments
     // x1: constructor function
     // x2: address of last argument (caller sp)
@@ skipping 63 matching lines @@
     __ Bind(&use_receiver);
     __ Peek(x0, 0);
 
     // Remove the receiver from the stack, remove caller arguments, and
     // return.
     __ Bind(&exit);
     // x0: result
     // jssp[0]: receiver (newly allocated object)
     // jssp[1]: constructor function
     // jssp[2]: number of arguments (smi-tagged)
-    __ Peek(x1, 2 * kXRegSizeInBytes);
+    __ Peek(x1, 2 * kXRegSize);
 
     // Leave construct frame.
   }
 
   __ DropBySMI(x1);
   __ Drop(1);
   __ IncrementCounter(isolate->counters()->constructed_objects(), 1, x1, x2);
   __ Ret();
 }
 
@@ skipping 71 matching lines @@
     __ Mov(x22, x19);
     __ Mov(x23, x19);
     __ Mov(x24, x19);
     __ Mov(x25, x19);
     // Don't initialize the reserved registers.
     // x26 : root register (root).
     // x27 : context pointer (cp).
     // x28 : JS stack pointer (jssp).
     // x29 : frame pointer (fp).
 
-    // TODO(alexandre): Revisit the MAsm function invocation mechanisms.
-    // Currently there is a mix of statically and dynamically allocated
-    // registers.
     __ Mov(x0, argc);
     if (is_construct) {
       // No type feedback cell is available.
-      Handle<Object> undefined_sentinel(
-          masm->isolate()->heap()->undefined_value(), masm->isolate());
-      __ Mov(x2, Operand(undefined_sentinel));
+      Handle<Object> megamorphic_sentinel =
+          TypeFeedbackInfo::MegamorphicSentinel(masm->isolate());
+      __ Mov(x2, Operand(megamorphic_sentinel));
 
       CallConstructStub stub(NO_CALL_FUNCTION_FLAGS);
       __ CallStub(&stub);
     } else {
       ParameterCount actual(x0);
       __ InvokeFunction(function, actual, CALL_FUNCTION, NullCallWrapper());
     }
     // Exit the JS internal frame and remove the parameters (except function),
     // and return.
   }
@@ skipping 282 matching lines @@
     __ Cbnz(argc, &done);
     __ LoadRoot(scratch1, Heap::kUndefinedValueRootIndex);
     __ Push(scratch1);
     __ Mov(argc, 1);
     __ Bind(&done);
   }
 
   // 2. Get the function to call (passed as receiver) from the stack, check
   //    if it is a function.
   Label slow, non_function;
-  __ Peek(function, Operand(argc, LSL, kXRegSizeInBytesLog2));
+  __ Peek(function, Operand(argc, LSL, kXRegSizeLog2));
   __ JumpIfSmi(function, &non_function);
   __ JumpIfNotObjectType(function, scratch1, receiver_type,
                          JS_FUNCTION_TYPE, &slow);
 
   // 3a. Patch the first argument if necessary when calling a function.
   Label shift_arguments;
   __ Mov(call_type, static_cast<int>(call_type_JS_func));
   { Label convert_to_object, use_global_receiver, patch_receiver;
     // Change context eagerly in case we need the global receiver.
     __ Ldr(cp, FieldMemOperand(function, JSFunction::kContextOffset));
 
     // Do not transform the receiver for strict mode functions.
     // Also do not transform the receiver for native (Compilerhints already in
     // x3).
     __ Ldr(scratch1,
            FieldMemOperand(function, JSFunction::kSharedFunctionInfoOffset));
     __ Ldr(scratch2.W(),
            FieldMemOperand(scratch1, SharedFunctionInfo::kCompilerHintsOffset));
     __ TestAndBranchIfAnySet(
         scratch2.W(),
         (1 << SharedFunctionInfo::kStrictModeFunction) |
         (1 << SharedFunctionInfo::kNative),
         &shift_arguments);
 
-    // Compute the receiver in non-strict mode.
+    // Compute the receiver in sloppy mode.
     Register receiver = x2;
     __ Sub(scratch1, argc, 1);
-    __ Peek(receiver, Operand(scratch1, LSL, kXRegSizeInBytesLog2));
+    __ Peek(receiver, Operand(scratch1, LSL, kXRegSizeLog2));
     __ JumpIfSmi(receiver, &convert_to_object);
 
     __ JumpIfRoot(receiver, Heap::kUndefinedValueRootIndex,
                   &use_global_receiver);
     __ JumpIfRoot(receiver, Heap::kNullValueRootIndex, &use_global_receiver);
 
     STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
     __ JumpIfObjectType(receiver, scratch1, scratch2,
                         FIRST_SPEC_OBJECT_TYPE, &shift_arguments, ge);
 
     __ Bind(&convert_to_object);
 
     {
       // Enter an internal frame in order to preserve argument count.
       FrameScope scope(masm, StackFrame::INTERNAL);
       __ SmiTag(argc);
 
       __ Push(argc, receiver);
       __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
       __ Mov(receiver, x0);
 
       __ Pop(argc);
       __ SmiUntag(argc);
 
       // Exit the internal frame.
     }
 
     // Restore the function and flag in the registers.
-    __ Peek(function, Operand(argc, LSL, kXRegSizeInBytesLog2));
+    __ Peek(function, Operand(argc, LSL, kXRegSizeLog2));
     __ Mov(call_type, static_cast<int>(call_type_JS_func));
     __ B(&patch_receiver);
 
     __ Bind(&use_global_receiver);
     __ Ldr(receiver, GlobalObjectMemOperand());
     __ Ldr(receiver,
            FieldMemOperand(receiver, GlobalObject::kGlobalReceiverOffset));
 
 
     __ Bind(&patch_receiver);
     __ Sub(scratch1, argc, 1);
-    __ Poke(receiver, Operand(scratch1, LSL, kXRegSizeInBytesLog2));
+    __ Poke(receiver, Operand(scratch1, LSL, kXRegSizeLog2));
 
     __ B(&shift_arguments);
   }
 
   // 3b. Check for function proxy.
   __ Bind(&slow);
   __ Mov(call_type, static_cast<int>(call_type_func_proxy));
   __ Cmp(receiver_type, JS_FUNCTION_PROXY_TYPE);
   __ B(eq, &shift_arguments);
   __ Bind(&non_function);
   __ Mov(call_type, static_cast<int>(call_type_non_func));
 
   // 3c. Patch the first argument when calling a non-function.  The
   //     CALL_NON_FUNCTION builtin expects the non-function callee as
   //     receiver, so overwrite the first argument which will ultimately
   //     become the receiver.
   // call type (0: JS function, 1: function proxy, 2: non-function)
   __ Sub(scratch1, argc, 1);
-  __ Poke(function, Operand(scratch1, LSL, kXRegSizeInBytesLog2));
+  __ Poke(function, Operand(scratch1, LSL, kXRegSizeLog2));
 
   // 4. Shift arguments and return address one slot down on the stack
   //    (overwriting the original receiver).  Adjust argument count to make
   //    the original first argument the new receiver.
   // call type (0: JS function, 1: function proxy, 2: non-function)
   __ Bind(&shift_arguments);
   { Label loop;
     // Calculate the copy start address (destination). Copy end address is jssp.
     __ Add(scratch2, jssp, Operand(argc, LSL, kPointerSizeLog2));
     __ Sub(scratch1, scratch2, kPointerSize);
@@ skipping 118 matching lines @@
                                JSFunction::kSharedFunctionInfoOffset));
 
     // Compute and push the receiver.
     // Do not transform the receiver for strict mode functions.
     Label convert_receiver_to_object, use_global_receiver;
     __ Ldr(w10, FieldMemOperand(x2, SharedFunctionInfo::kCompilerHintsOffset));
     __ Tbnz(x10, SharedFunctionInfo::kStrictModeFunction, &push_receiver);
     // Do not transform the receiver for native functions.
     __ Tbnz(x10, SharedFunctionInfo::kNative, &push_receiver);
 
-    // Compute the receiver in non-strict mode.
+    // Compute the receiver in sloppy mode.
     __ JumpIfSmi(receiver, &convert_receiver_to_object);
     __ JumpIfRoot(receiver, Heap::kNullValueRootIndex, &use_global_receiver);
     __ JumpIfRoot(receiver, Heap::kUndefinedValueRootIndex,
                   &use_global_receiver);
 
     // Check if the receiver is already a JavaScript object.
     STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
     __ JumpIfObjectType(receiver, x10, x11, FIRST_SPEC_OBJECT_TYPE,
                         &push_receiver, ge);
 
@@ skipping 86 matching lines @@
 static void LeaveArgumentsAdaptorFrame(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- x0 : result being passed through
   // -----------------------------------
   // Get the number of arguments passed (as a smi), tear down the frame and
   // then drop the parameters and the receiver.
   __ Ldr(x10, MemOperand(fp, -(StandardFrameConstants::kFixedFrameSizeFromFp +
                                kPointerSize)));
   __ Mov(jssp, fp);
   __ Pop(fp, lr);
-  __ DropBySMI(x10, kXRegSizeInBytes);
+  __ DropBySMI(x10, kXRegSize);
   __ Drop(1);
 }
 
 
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
   ASM_LOCATION("Builtins::Generate_ArgumentsAdaptorTrampoline");
   // ----------- S t a t e -------------
   //  -- x0 : actual number of arguments
   //  -- x1 : function (passed through to callee)
   //  -- x2 : expected number of arguments
   // -----------------------------------
 
+  Register argc_actual = x0;  // Excluding the receiver.
+  Register argc_expected = x2;  // Excluding the receiver.
+  Register function = x1;
+  Register code_entry = x3;
+
   Label invoke, dont_adapt_arguments;
 
   Label enough, too_few;
-  __ Ldr(x3, FieldMemOperand(x1, JSFunction::kCodeEntryOffset));
-  __ Cmp(x0, x2);
+  __ Ldr(code_entry, FieldMemOperand(function, JSFunction::kCodeEntryOffset));
+  __ Cmp(argc_actual, argc_expected);
   __ B(lt, &too_few);
-  __ Cmp(x2, SharedFunctionInfo::kDontAdaptArgumentsSentinel);
+  __ Cmp(argc_expected, SharedFunctionInfo::kDontAdaptArgumentsSentinel);
   __ B(eq, &dont_adapt_arguments);
 
   {  // Enough parameters: actual >= expected
     EnterArgumentsAdaptorFrame(masm);
 
-    // Calculate copy start address into x10 and end address into x11.
-    // x0: actual number of arguments
-    // x1: function
-    // x2: expected number of arguments
-    // x3: code entry to call
-    __ Add(x10, fp, Operand(x0, LSL, kPointerSizeLog2));
-    // Adjust for return address and receiver
-    __ Add(x10, x10, 2 * kPointerSize);
-    __ Sub(x11, x10, Operand(x2, LSL, kPointerSizeLog2));
+    Register copy_start = x10;
+    Register copy_end = x11;
+    Register copy_to = x12;
+    Register scratch1 = x13, scratch2 = x14;
+
+    __ Lsl(argc_expected, argc_expected, kPointerSizeLog2);
+
+    // Adjust for fp, lr, and the receiver.
+    __ Add(copy_start, fp, 3 * kPointerSize);
+    __ Add(copy_start, copy_start, Operand(argc_actual, LSL, kPointerSizeLog2));
+    __ Sub(copy_end, copy_start, argc_expected);
+    __ Sub(copy_end, copy_end, kPointerSize);
+    __ Mov(copy_to, jssp);
+
+    // Claim space for the arguments, the receiver, and one extra slot.
+    // The extra slot ensures we do not write under jssp. It will be popped
+    // later.
+    __ Add(scratch1, argc_expected, 2 * kPointerSize);
+    __ Claim(scratch1, 1);
 
     // Copy the arguments (including the receiver) to the new stack frame.
-    // x0: actual number of arguments
-    // x1: function
-    // x2: expected number of arguments
-    // x3: code entry to call
-    // x10: copy start address
-    // x11: copy end address
+    Label copy_2_by_2;
+    __ Bind(&copy_2_by_2);
+    __ Ldp(scratch1, scratch2,
+           MemOperand(copy_start, - 2 * kPointerSize, PreIndex));
+    __ Stp(scratch1, scratch2,
+           MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
+    __ Cmp(copy_start, copy_end);
+    __ B(hi, &copy_2_by_2);
 
-    // TODO(all): Should we push values 2 by 2?
-    Label copy;
-    __ Bind(&copy);
-    __ Cmp(x10, x11);
-    __ Ldr(x12, MemOperand(x10, -kPointerSize, PostIndex));
-    __ Push(x12);
-    __ B(gt, &copy);
+    // Correct the space allocated for the extra slot.
+    __ Drop(1);
 
     __ B(&invoke);
   }
 
   {  // Too few parameters: Actual < expected
     __ Bind(&too_few);
     EnterArgumentsAdaptorFrame(masm);
 
-    // Calculate copy start address into x10 and copy end address into x11.
-    // x0: actual number of arguments
-    // x1: function
-    // x2: expected number of arguments
-    // x3: code entry to call
-    // Adjust for return address.
-    __ Add(x11, fp, 1 * kPointerSize);
-    __ Add(x10, x11, Operand(x0, LSL, kPointerSizeLog2));
-    __ Add(x10, x10, 1 * kPointerSize);
+    Register copy_from = x10;
+    Register copy_end = x11;
+    Register copy_to = x12;
+    Register scratch1 = x13, scratch2 = x14;
+
+    __ Lsl(argc_expected, argc_expected, kPointerSizeLog2);
+    __ Lsl(argc_actual, argc_actual, kPointerSizeLog2);
+
+    // Adjust for fp, lr, and the receiver.
+    __ Add(copy_from, fp, 3 * kPointerSize);
+    __ Add(copy_from, copy_from, argc_actual);
+    __ Mov(copy_to, jssp);
+    __ Sub(copy_end, copy_to, 1 * kPointerSize);   // Adjust for the receiver.
+    __ Sub(copy_end, copy_end, argc_actual);
+
+    // Claim space for the arguments, the receiver, and one extra slot.
+    // The extra slot ensures we do not write under jssp. It will be popped
+    // later.
+    __ Add(scratch1, argc_expected, 2 * kPointerSize);
+    __ Claim(scratch1, 1);
 
     // Copy the arguments (including the receiver) to the new stack frame.
-    // x0: actual number of arguments
-    // x1: function
-    // x2: expected number of arguments
-    // x3: code entry to call
-    // x10: copy start address
-    // x11: copy end address
-    Label copy;
-    __ Bind(&copy);
-    __ Ldr(x12, MemOperand(x10, -kPointerSize, PostIndex));
-    __ Push(x12);
-    __ Cmp(x10, x11);  // Compare before moving to next argument.
-    __ B(ne, &copy);
+    Label copy_2_by_2;
+    __ Bind(&copy_2_by_2);
+    __ Ldp(scratch1, scratch2,
+           MemOperand(copy_from, - 2 * kPointerSize, PreIndex));
+    __ Stp(scratch1, scratch2,
+           MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
+    __ Cmp(copy_to, copy_end);
+    __ B(hi, &copy_2_by_2);
+
+    __ Mov(copy_to, copy_end);
 
     // Fill the remaining expected arguments with undefined.
-    // x0: actual number of arguments
-    // x1: function
-    // x2: expected number of arguments
-    // x3: code entry to call
-    __ LoadRoot(x10, Heap::kUndefinedValueRootIndex);
-    __ Sub(x11, fp, Operand(x2, LSL, kPointerSizeLog2));
-    // Adjust for the arguments adaptor frame and already pushed receiver.
-    __ Sub(x11, x11,
-           StandardFrameConstants::kFixedFrameSizeFromFp + (2 * kPointerSize));
+    __ LoadRoot(scratch1, Heap::kUndefinedValueRootIndex);
+    __ Add(copy_end, jssp, kPointerSize);
 
-    // TODO(all): Optimize this to use ldp?
     Label fill;
     __ Bind(&fill);
-    __ Push(x10);
-    __ Cmp(jssp, x11);
-    __ B(ne, &fill);
+    __ Stp(scratch1, scratch1,
+           MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
+    __ Cmp(copy_to, copy_end);
+    __ B(hi, &fill);
+
+    // Correct the space allocated for the extra slot.
+    __ Drop(1);
   }
 
   // Arguments have been adapted. Now call the entry point.
   __ Bind(&invoke);
-  __ Call(x3);
+  __ Call(code_entry);
 
   // Store offset of return address for deoptimizer.
   masm->isolate()->heap()->SetArgumentsAdaptorDeoptPCOffset(masm->pc_offset());
 
   // Exit frame and return.
   LeaveArgumentsAdaptorFrame(masm);
   __ Ret();
 
   // Call the entry point without adapting the arguments.
   __ Bind(&dont_adapt_arguments);
-  __ Jump(x3);
+  __ Jump(code_entry);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_ARM