Experimental parser: merge r19949

src/a64/code-stubs-a64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 169 matching lines @@
     Isolate* isolate,
     CodeStubInterfaceDescriptor* descriptor) {
   // x1: receiver
   static Register registers[] = { x1 };
   descriptor->register_param_count_ = sizeof(registers) / sizeof(registers[0]);
   descriptor->register_params_ = registers;
   descriptor->deoptimization_handler_ = NULL;
 }
 
 
+void StringLengthStub::InitializeInterfaceDescriptor(
+    Isolate* isolate,
+    CodeStubInterfaceDescriptor* descriptor) {
+  static Register registers[] = { x0, x2 };
+  descriptor->register_param_count_ = 2;
+  descriptor->register_params_ = registers;
+  descriptor->deoptimization_handler_ = NULL;
+}
+
+
+void KeyedStringLengthStub::InitializeInterfaceDescriptor(
+    Isolate* isolate,
+    CodeStubInterfaceDescriptor* descriptor) {
+  static Register registers[] = { x1, x0 };
+  descriptor->register_param_count_ = 2;
+  descriptor->register_params_ = registers;
+  descriptor->deoptimization_handler_ = NULL;
+}
+
+
 void KeyedStoreFastElementStub::InitializeInterfaceDescriptor(
     Isolate* isolate,
     CodeStubInterfaceDescriptor* descriptor) {
   // x2: receiver
   // x1: key
   // x0: value
   static Register registers[] = { x2, x1, x0 };
   descriptor->register_param_count_ = sizeof(registers) / sizeof(registers[0]);
   descriptor->register_params_ = registers;
   descriptor->deoptimization_handler_ =
@@ skipping 975 matching lines @@
   // Handle double (heap number) exponents.
   if (exponent_type_ != INTEGER) {
     // Detect integer exponents stored as doubles and handle those in the
     // integer fast-path.
     __ TryConvertDoubleToInt64(exponent_integer, exponent_double,
                                scratch0_double, &exponent_is_integer);
 
     if (exponent_type_ == ON_STACK) {
       FPRegister  half_double = d3;
       FPRegister  minus_half_double = d4;
-      FPRegister  zero_double = d5;
       // Detect square root case. Crankshaft detects constant +/-0.5 at compile
       // time and uses DoMathPowHalf instead. We then skip this check for
       // non-constant cases of +/-0.5 as these hardly occur.
 
       __ Fmov(minus_half_double, -0.5);
       __ Fmov(half_double, 0.5);
       __ Fcmp(minus_half_double, exponent_double);
       __ Fccmp(half_double, exponent_double, NZFlag, ne);
       // Condition flags at this point:
       //    0.5;  nZCv    // Identified by eq && pl
@@ skipping 12 matching lines @@
       //    exponent == -0.5:             The result is +0.
       //  (base == +0) || (base == -0)
       //    exponent == 0.5:              The result is +0.
       //    exponent == -0.5:             The result is +INFINITY.
       //  (base < 0) && base.isFinite():  The result is NaN.
       //
       // Fsqrt (and Fdiv for the -0.5 case) can handle all of those except
       // where base is -INFINITY or -0.
 
       // Add +0 to base. This has no effect other than turning -0 into +0.
-      __ Fmov(zero_double, 0.0);
-      __ Fadd(base_double, base_double, zero_double);
+      __ Fadd(base_double, base_double, fp_zero);
       // The operation -0+0 results in +0 in all cases except where the
       // FPCR rounding mode is 'round towards minus infinity' (RM). The
       // A64 simulator does not currently simulate FPCR (where the rounding
       // mode is set), so test the operation with some debug code.
       if (masm->emit_debug_code()) {
-        Register temp = masm->Tmp1();
-        //  d5  zero_double   The value +0.0 as a double.
-        __ Fneg(scratch0_double, zero_double);
+        UseScratchRegisterScope temps(masm);
+        Register temp = temps.AcquireX();
+        __ Fneg(scratch0_double, fp_zero);
         // Verify that we correctly generated +0.0 and -0.0.
         //  bits(+0.0) = 0x0000000000000000
         //  bits(-0.0) = 0x8000000000000000
-        __ Fmov(temp, zero_double);
+        __ Fmov(temp, fp_zero);
         __ CheckRegisterIsClear(temp, kCouldNotGenerateZero);
         __ Fmov(temp, scratch0_double);
         __ Eor(temp, temp, kDSignMask);
         __ CheckRegisterIsClear(temp, kCouldNotGenerateNegativeZero);
         // Check that -0.0 + 0.0 == +0.0.
-        __ Fadd(scratch0_double, scratch0_double, zero_double);
+        __ Fadd(scratch0_double, scratch0_double, fp_zero);
         __ Fmov(temp, scratch0_double);
         __ CheckRegisterIsClear(temp, kExpectedPositiveZero);
       }
 
       // If base is -INFINITY, make it +INFINITY.
       //  * Calculate base - base: All infinities will become NaNs since both
       //    -INFINITY+INFINITY and +INFINITY-INFINITY are NaN in A64.
       //  * If the result is NaN, calculate abs(base).
       __ Fsub(scratch0_double, base_double, base_double);
       __ Fcmp(scratch0_double, 0.0);
@@ skipping 245 matching lines @@
 
   // Store the return address on the stack, in the space previously allocated
   // by EnterExitFrame. The return address is queried by
   // ExitFrame::GetStateForFramePointer.
   Label return_location;
   __ Adr(x12, &return_location);
   __ Poke(x12, 0);
   if (__ emit_debug_code()) {
     // Verify that the slot below fp[kSPOffset]-8 points to the return location
     // (currently in x12).
-    Register temp = masm->Tmp1();
+    UseScratchRegisterScope temps(masm);
+    Register temp = temps.AcquireX();
     __ Ldr(temp, MemOperand(fp, ExitFrameConstants::kSPOffset));
-    __ Ldr(temp, MemOperand(temp, -static_cast<int64_t>(kXRegSizeInBytes)));
+    __ Ldr(temp, MemOperand(temp, -static_cast<int64_t>(kXRegSize)));
     __ Cmp(temp, x12);
     __ Check(eq, kReturnAddressNotFoundInFrame);
   }
 
   // Call the builtin.
   __ Blr(target);
   __ Bind(&return_location);
   const Register& result = x0;
 
   if (always_allocate) {
@@ skipping 268 matching lines @@
   //
   // We must not write to jssp until after the PushCalleeSavedRegisters()
   // call, since jssp is itself a callee-saved register.
   __ SetStackPointer(csp);
   __ PushCalleeSavedRegisters();
   __ Mov(jssp, csp);
   __ SetStackPointer(jssp);
 
   ProfileEntryHookStub::MaybeCallEntryHook(masm);
 
+  // Set up the reserved register for 0.0.
+  __ Fmov(fp_zero, 0.0);
+
   // Build an entry frame (see layout below).
   Isolate* isolate = masm->isolate();
 
   // Build an entry frame.
   int marker = is_construct ? StackFrame::ENTRY_CONSTRUCT : StackFrame::ENTRY;
   int64_t bad_frame_pointer = -1L;  // Bad frame pointer to fail if it is used.
   __ Mov(x13, bad_frame_pointer);
   __ Mov(x12, Operand(Smi::FromInt(marker)));
   __ Mov(x11, Operand(ExternalReference(Isolate::kCEntryFPAddress, isolate)));
   __ Ldr(x10, MemOperand(x11));
@@ skipping 33 matching lines @@
   // Jump to a faked try block that does the invoke, with a faked catch
   // block that sets the pending exception.
   __ B(&invoke);
 
   // Prevent the constant pool from being emitted between the record of the
   // handler_entry position and the first instruction of the sequence here.
   // There is no risk because Assembler::Emit() emits the instruction before
   // checking for constant pool emission, but we do not want to depend on
   // that.
   {
-    Assembler::BlockConstPoolScope block_const_pool(masm);
+    Assembler::BlockPoolsScope block_pools(masm);
     __ bind(&handler_entry);
     handler_offset_ = handler_entry.pos();
     // Caught exception: Store result (exception) in the pending exception
     // field in the JSEnv and return a failure sentinel. Coming in here the
     // fp will be invalid because the PushTryHandler below sets it to 0 to
     // signal the existence of the JSEntry frame.
     // TODO(jbramley): Do this in the Assembler.
     __ Mov(x10, Operand(ExternalReference(Isolate::kPendingExceptionAddress,
            isolate)));
   }
@@ skipping 102 matching lines @@
   }
 
   StubCompiler::GenerateLoadFunctionPrototype(masm, receiver, x10, x11, &miss);
 
   __ Bind(&miss);
   StubCompiler::TailCallBuiltin(masm,
                                 BaseLoadStoreStubCompiler::MissBuiltin(kind()));
 }
 
 
-void StringLengthStub::Generate(MacroAssembler* masm) {
-  Label miss;
-  Register receiver;
-  if (kind() == Code::KEYED_LOAD_IC) {
-    // ----------- S t a t e -------------
-    //  -- lr    : return address
-    //  -- x1    : receiver
-    //  -- x0    : key
-    // -----------------------------------
-    Register key = x0;
-    receiver = x1;
-    __ Cmp(key, Operand(masm->isolate()->factory()->length_string()));
-    __ B(ne, &miss);
-  } else {
-    ASSERT(kind() == Code::LOAD_IC);
-    // ----------- S t a t e -------------
-    //  -- lr    : return address
-    //  -- x2    : name
-    //  -- x0    : receiver
-    //  -- sp[0] : receiver
-    // -----------------------------------
-    receiver = x0;
-  }
-
-  StubCompiler::GenerateLoadStringLength(masm, receiver, x10, x11, &miss);
-
-  __ Bind(&miss);
-  StubCompiler::TailCallBuiltin(masm,
-                                BaseLoadStoreStubCompiler::MissBuiltin(kind()));
-}
-
-
 void StoreArrayLengthStub::Generate(MacroAssembler* masm) {
   ASM_LOCATION("StoreArrayLengthStub::Generate");
   // This accepts as a receiver anything JSArray::SetElementsLength accepts
   // (currently anything except for external arrays which means anything with
   // elements of FixedArray type).  Value must be a number, but only smis are
   // accepted as the most common case.
   Label miss;
 
   Register receiver;
   Register value;
@@ skipping 282 matching lines @@
   __ Ret();
 
   // Slow case: handle non-smi or out-of-bounds access to arguments by calling
   // the runtime system.
   __ Bind(&slow);
   __ Push(key);
   __ TailCallRuntime(Runtime::kGetArgumentsProperty, 1, 1);
 }
 
 
-void ArgumentsAccessStub::GenerateNewNonStrictSlow(MacroAssembler* masm) {
+void ArgumentsAccessStub::GenerateNewSloppySlow(MacroAssembler* masm) {
   // Stack layout on entry.
   //  jssp[0]:  number of parameters (tagged)
   //  jssp[8]:  address of receiver argument
   //  jssp[16]: function
 
   // Check if the calling frame is an arguments adaptor frame.
   Label runtime;
   Register caller_fp = x10;
   __ Ldr(caller_fp, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));
   // Load and untag the context.
   STATIC_ASSERT((kSmiShift / kBitsPerByte) == 4);
   __ Ldr(w11, MemOperand(caller_fp, StandardFrameConstants::kContextOffset +
                          (kSmiShift / kBitsPerByte)));
   __ Cmp(w11, StackFrame::ARGUMENTS_ADAPTOR);
   __ B(ne, &runtime);
 
   // Patch the arguments.length and parameters pointer in the current frame.
   __ Ldr(x11, MemOperand(caller_fp,
                          ArgumentsAdaptorFrameConstants::kLengthOffset));
-  __ Poke(x11, 0 * kXRegSizeInBytes);
+  __ Poke(x11, 0 * kXRegSize);
   __ Add(x10, caller_fp, Operand::UntagSmiAndScale(x11, kPointerSizeLog2));
   __ Add(x10, x10, Operand(StandardFrameConstants::kCallerSPOffset));
-  __ Poke(x10, 1 * kXRegSizeInBytes);
+  __ Poke(x10, 1 * kXRegSize);
 
   __ Bind(&runtime);
   __ TailCallRuntime(Runtime::kNewArgumentsFast, 3, 1);
 }
 
 
-void ArgumentsAccessStub::GenerateNewNonStrictFast(MacroAssembler* masm) {
+void ArgumentsAccessStub::GenerateNewSloppyFast(MacroAssembler* masm) {
   // Stack layout on entry.
   //  jssp[0]:  number of parameters (tagged)
   //  jssp[8]:  address of receiver argument
   //  jssp[16]: function
   //
   // Returns pointer to result object in x0.
 
   // Note: arg_count_smi is an alias of param_count_smi.
   Register arg_count_smi = x3;
   Register param_count_smi = x3;
@@ skipping 65 matching lines @@
   __ Mov(size, Operand(mapped_params, LSL, kPointerSizeLog2));
   __ Add(size, size, kParameterMapHeaderSize);
 
   // If there are no mapped parameters, set the running size total to zero.
   // Otherwise, use the parameter map size calculated earlier.
   __ Cmp(mapped_params, 0);
   __ CzeroX(size, eq);
 
   // 2. Add the size of the backing store and arguments object.
   __ Add(size, size, Operand(arg_count, LSL, kPointerSizeLog2));
-  __ Add(size, size, FixedArray::kHeaderSize + Heap::kArgumentsObjectSize);
+  __ Add(size, size,
+         FixedArray::kHeaderSize + Heap::kSloppyArgumentsObjectSize);
 
   // Do the allocation of all three objects in one go. Assign this to x0, as it
   // will be returned to the caller.
   Register alloc_obj = x0;
   __ Allocate(size, alloc_obj, x11, x12, &runtime, TAG_OBJECT);
 
   // Get the arguments boilerplate from the current (global) context.
 
   //   x0   alloc_obj     pointer to allocated objects (param map, backing
   //                      store, arguments)
   //   x1   mapped_params number of mapped parameters, min(params, args)
   //   x2   arg_count     number of function arguments
   //   x3   arg_count_smi number of function arguments (smi)
   //   x4   function      function pointer
   //   x7   param_count   number of function parameters
   //   x11  args_offset   offset to args (or aliased args) boilerplate (uninit)
   //   x14  recv_arg      pointer to receiver arguments
 
   Register global_object = x10;
   Register global_ctx = x10;
   Register args_offset = x11;
   Register aliased_args_offset = x10;
   __ Ldr(global_object, GlobalObjectMemOperand());
   __ Ldr(global_ctx, FieldMemOperand(global_object,
                                      GlobalObject::kNativeContextOffset));
 
-  __ Ldr(args_offset, ContextMemOperand(global_ctx,
-                                        Context::ARGUMENTS_BOILERPLATE_INDEX));
+  __ Ldr(args_offset,
+         ContextMemOperand(global_ctx,
+                           Context::SLOPPY_ARGUMENTS_BOILERPLATE_INDEX));
   __ Ldr(aliased_args_offset,
          ContextMemOperand(global_ctx,
                            Context::ALIASED_ARGUMENTS_BOILERPLATE_INDEX));
   __ Cmp(mapped_params, 0);
   __ CmovX(args_offset, aliased_args_offset, ne);
 
   // Copy the JS object part.
   __ CopyFields(alloc_obj, args_offset, CPURegList(x10, x12, x13),
                 JSObject::kHeaderSize / kPointerSize);
 
@@ skipping 18 matching lines @@
   //   x1   mapped_params number of mapped parameters, min(params, args)
   //   x2   arg_count     number of function arguments
   //   x3   arg_count_smi number of function arguments (smi)
   //   x4   function      function pointer
   //   x5   elements      pointer to parameter map or backing store (uninit)
   //   x6   backing_store pointer to backing store (uninit)
   //   x7   param_count   number of function parameters
   //   x14  recv_arg      pointer to receiver arguments
 
   Register elements = x5;
-  __ Add(elements, alloc_obj, Heap::kArgumentsObjectSize);
+  __ Add(elements, alloc_obj, Heap::kSloppyArgumentsObjectSize);
   __ Str(elements, FieldMemOperand(alloc_obj, JSObject::kElementsOffset));
 
   // Initialize parameter map. If there are no mapped arguments, we're done.
   Label skip_parameter_map;
   __ Cmp(mapped_params, 0);
   // Set up backing store address, because it is needed later for filling in
   // the unmapped arguments.
   Register backing_store = x6;
   __ CmovX(backing_store, elements, eq);
   __ B(eq, &skip_parameter_map);
 
-  __ LoadRoot(x10, Heap::kNonStrictArgumentsElementsMapRootIndex);
+  __ LoadRoot(x10, Heap::kSloppyArgumentsElementsMapRootIndex);
   __ Str(x10, FieldMemOperand(elements, FixedArray::kMapOffset));
   __ Add(x10, mapped_params, 2);
   __ SmiTag(x10);
   __ Str(x10, FieldMemOperand(elements, FixedArray::kLengthOffset));
   __ Str(cp, FieldMemOperand(elements,
                              FixedArray::kHeaderSize + 0 * kPointerSize));
   __ Add(x10, elements, Operand(mapped_params, LSL, kPointerSizeLog2));
   __ Add(x10, x10, kParameterMapHeaderSize);
   __ Str(x10, FieldMemOperand(elements,
                               FixedArray::kHeaderSize + 1 * kPointerSize));
@@ skipping 132 matching lines @@
   __ Add(x10, caller_fp, Operand(param_count, LSL, kPointerSizeLog2));
   __ Add(params, x10, StandardFrameConstants::kCallerSPOffset);
 
   // Try the new space allocation. Start out with computing the size of the
   // arguments object and the elements array in words.
   Register size = x10;
   __ Bind(&try_allocate);
   __ Add(size, param_count, FixedArray::kHeaderSize / kPointerSize);
   __ Cmp(param_count, 0);
   __ CzeroX(size, eq);
-  __ Add(size, size, Heap::kArgumentsObjectSizeStrict / kPointerSize);
+  __ Add(size, size, Heap::kStrictArgumentsObjectSize / kPointerSize);
 
   // Do the allocation of both objects in one go. Assign this to x0, as it will
   // be returned to the caller.
   Register alloc_obj = x0;
   __ Allocate(size, alloc_obj, x11, x12, &runtime,
               static_cast<AllocationFlags>(TAG_OBJECT | SIZE_IN_WORDS));
 
   // Get the arguments boilerplate from the current (native) context.
   Register global_object = x10;
   Register global_ctx = x10;
   Register args_offset = x4;
   __ Ldr(global_object, GlobalObjectMemOperand());
   __ Ldr(global_ctx, FieldMemOperand(global_object,
                                      GlobalObject::kNativeContextOffset));
   __ Ldr(args_offset,
          ContextMemOperand(global_ctx,
-                           Context::STRICT_MODE_ARGUMENTS_BOILERPLATE_INDEX));
+                           Context::STRICT_ARGUMENTS_BOILERPLATE_INDEX));
 
   //   x0   alloc_obj         pointer to allocated objects: parameter array and
   //                          arguments object
   //   x1   param_count_smi   number of parameters passed to function (smi)
   //   x2   params            pointer to parameters
   //   x3   function          function pointer
   //   x4   args_offset       offset to arguments boilerplate
   //   x13  param_count       number of parameters passed to function
 
   // Copy the JS object part.
   __ CopyFields(alloc_obj, args_offset, CPURegList(x5, x6, x7),
                 JSObject::kHeaderSize / kPointerSize);
 
   // Set the smi-tagged length as an in-object property.
   STATIC_ASSERT(Heap::kArgumentsLengthIndex == 0);
   const int kLengthOffset = JSObject::kHeaderSize +
                             Heap::kArgumentsLengthIndex * kPointerSize;
   __ Str(param_count_smi, FieldMemOperand(alloc_obj, kLengthOffset));
 
   // If there are no actual arguments, we're done.
   Label done;
   __ Cbz(param_count, &done);
 
   // Set up the elements pointer in the allocated arguments object and
   // initialize the header in the elements fixed array.
   Register elements = x5;
-  __ Add(elements, alloc_obj, Heap::kArgumentsObjectSizeStrict);
+  __ Add(elements, alloc_obj, Heap::kStrictArgumentsObjectSize);
   __ Str(elements, FieldMemOperand(alloc_obj, JSObject::kElementsOffset));
   __ LoadRoot(x10, Heap::kFixedArrayMapRootIndex);
   __ Str(x10, FieldMemOperand(elements, FixedArray::kMapOffset));
   __ Str(param_count_smi, FieldMemOperand(elements, FixedArray::kLengthOffset));
 
   //   x0   alloc_obj         pointer to allocated objects: parameter array and
   //                          arguments object
   //   x1   param_count_smi   number of parameters passed to function (smi)
   //   x2   params            pointer to parameters
   //   x3   function          function pointer
@@ skipping 444 matching lines @@
   // iterates down to zero (inclusive).
   __ Add(last_match_offsets,
          last_match_info_elements,
          RegExpImpl::kFirstCaptureOffset - kHeapObjectTag);
   __ Bind(&next_capture);
   __ Subs(number_of_capture_registers, number_of_capture_registers, 2);
   __ B(mi, &done);
   // Read two 32 bit values from the static offsets vector buffer into
   // an X register
   __ Ldr(current_offset,
-         MemOperand(offsets_vector_index, kWRegSizeInBytes * 2, PostIndex));
+         MemOperand(offsets_vector_index, kWRegSize * 2, PostIndex));
   // Store the smi values in the last match info.
   __ SmiTag(x10, current_offset);
   // Clearing the 32 bottom bits gives us a Smi.
   STATIC_ASSERT(kSmiShift == 32);
   __ And(x11, current_offset, ~kWRegMask);
   __ Stp(x10,
          x11,
-         MemOperand(last_match_offsets, kXRegSizeInBytes * 2, PostIndex));
+         MemOperand(last_match_offsets, kXRegSize * 2, PostIndex));
   __ B(&next_capture);
   __ Bind(&done);
 
   // Return last match info.
   __ Peek(x0, kLastMatchInfoOffset);
   __ PopCPURegList(used_callee_saved_registers);
   // Drop the 4 arguments of the stub from the stack.
   __ Drop(4);
   __ Ret();
 
@@ skipping 70 matching lines @@
 
   // (9) Sliced string. Replace subject with parent.
   __ Ldr(sliced_string_offset,
          UntagSmiFieldMemOperand(subject, SlicedString::kOffsetOffset));
   __ Ldr(subject, FieldMemOperand(subject, SlicedString::kParentOffset));
   __ B(&check_underlying);    // Go to (4).
 #endif
 }
 
 
-// TODO(jbramley): Don't use static registers here, but take them as arguments.
-static void GenerateRecordCallTarget(MacroAssembler* masm) {
+static void GenerateRecordCallTarget(MacroAssembler* masm,
+                                     Register argc,
+                                     Register function,
+                                     Register feedback_vector,
+                                     Register index,
+                                     Register scratch1,
+                                     Register scratch2) {
   ASM_LOCATION("GenerateRecordCallTarget");
+  ASSERT(!AreAliased(scratch1, scratch2,
+                     argc, function, feedback_vector, index));
   // Cache the called function in a feedback vector slot. Cache states are
   // uninitialized, monomorphic (indicated by a JSFunction), and megamorphic.
-  //  x0 : number of arguments to the construct function
-  //  x1 : the function to call
-  //  x2 : feedback vector
-  //  x3 : slot in feedback vector (smi)
+  //  argc :            number of arguments to the construct function
+  //  function :        the function to call
+  //  feedback_vector : the feedback vector
+  //  index :           slot in feedback vector (smi)
   Label initialize, done, miss, megamorphic, not_array_function;
 
   ASSERT_EQ(*TypeFeedbackInfo::MegamorphicSentinel(masm->isolate()),
-            masm->isolate()->heap()->undefined_value());
+            masm->isolate()->heap()->megamorphic_symbol());
   ASSERT_EQ(*TypeFeedbackInfo::UninitializedSentinel(masm->isolate()),
-            masm->isolate()->heap()->the_hole_value());
+            masm->isolate()->heap()->uninitialized_symbol());
 
   // Load the cache state.
-  __ Add(x4, x2, Operand::UntagSmiAndScale(x3, kPointerSizeLog2));
-  __ Ldr(x4, FieldMemOperand(x4, FixedArray::kHeaderSize));
+  __ Add(scratch1, feedback_vector,
+         Operand::UntagSmiAndScale(index, kPointerSizeLog2));
+  __ Ldr(scratch1, FieldMemOperand(scratch1, FixedArray::kHeaderSize));
 
   // A monomorphic cache hit or an already megamorphic state: invoke the
   // function without changing the state.
-  __ Cmp(x4, x1);
+  __ Cmp(scratch1, function);
   __ B(eq, &done);
 
   // If we came here, we need to see if we are the array function.
   // If we didn't have a matching function, and we didn't find the megamorph
   // sentinel, then we have in the slot either some other function or an
-  // AllocationSite. Do a map check on the object in ecx.
-  __ Ldr(x5, FieldMemOperand(x4, AllocationSite::kMapOffset));
-  __ JumpIfNotRoot(x5, Heap::kAllocationSiteMapRootIndex, &miss);
+  // AllocationSite. Do a map check on the object in scratch1 register.
+  __ Ldr(scratch2, FieldMemOperand(scratch1, AllocationSite::kMapOffset));
+  __ JumpIfNotRoot(scratch2, Heap::kAllocationSiteMapRootIndex, &miss);
 
   // Make sure the function is the Array() function
-  __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, x4);
-  __ Cmp(x1, x4);
+  __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, scratch1);
+  __ Cmp(function, scratch1);
   __ B(ne, &megamorphic);
   __ B(&done);
 
   __ Bind(&miss);
 
   // A monomorphic miss (i.e, here the cache is not uninitialized) goes
   // megamorphic.
-  __ JumpIfRoot(x4, Heap::kTheHoleValueRootIndex, &initialize);
+  __ JumpIfRoot(scratch1, Heap::kUninitializedSymbolRootIndex, &initialize);
   // MegamorphicSentinel is an immortal immovable object (undefined) so no
   // write-barrier is needed.
   __ Bind(&megamorphic);
-  __ Add(x4, x2, Operand::UntagSmiAndScale(x3, kPointerSizeLog2));
-  __ LoadRoot(x10, Heap::kUndefinedValueRootIndex);
-  __ Str(x10, FieldMemOperand(x4, FixedArray::kHeaderSize));
+  __ Add(scratch1, feedback_vector,
+         Operand::UntagSmiAndScale(index, kPointerSizeLog2));
+  __ LoadRoot(scratch2, Heap::kMegamorphicSymbolRootIndex);
+  __ Str(scratch2, FieldMemOperand(scratch1, FixedArray::kHeaderSize));
   __ B(&done);
 
   // An uninitialized cache is patched with the function or sentinel to
   // indicate the ElementsKind if function is the Array constructor.
   __ Bind(&initialize);
   // Make sure the function is the Array() function
-  __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, x4);
-  __ Cmp(x1, x4);
+  __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, scratch1);
+  __ Cmp(function, scratch1);
   __ B(ne, &not_array_function);
 
   // The target function is the Array constructor,
   // Create an AllocationSite if we don't already have it, store it in the slot.
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
     CreateAllocationSiteStub create_stub;
 
     // Arguments register must be smi-tagged to call out.
-    __ SmiTag(x0);
-    __ Push(x0, x1, x2, x3);
+    __ SmiTag(argc);
+    __ Push(argc, function, feedback_vector, index);
 
+    // CreateAllocationSiteStub expect the feedback vector in x2 and the slot
+    // index in x3.
+    ASSERT(feedback_vector.Is(x2) && index.Is(x3));
     __ CallStub(&create_stub);
 
-    __ Pop(x3, x2, x1, x0);
-    __ SmiUntag(x0);
+    __ Pop(index, feedback_vector, function, argc);
+    __ SmiUntag(argc);
   }
   __ B(&done);
 
   __ Bind(&not_array_function);
   // An uninitialized cache is patched with the function.
 
-  __ Add(x4, x2, Operand::UntagSmiAndScale(x3, kPointerSizeLog2));
-  // TODO(all): Does the value need to be left in x4? If not, FieldMemOperand
-  // could be used to avoid this add.
-  __ Add(x4, x4, FixedArray::kHeaderSize - kHeapObjectTag);
-  __ Str(x1, MemOperand(x4, 0));
+  __ Add(scratch1, feedback_vector,
+         Operand::UntagSmiAndScale(index, kPointerSizeLog2));
+  __ Add(scratch1, scratch1, FixedArray::kHeaderSize - kHeapObjectTag);
+  __ Str(function, MemOperand(scratch1, 0));
 
-  __ Push(x4, x2, x1);
-  __ RecordWrite(x2, x4, x1, kLRHasNotBeenSaved, kDontSaveFPRegs,
-                 EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
-  __ Pop(x1, x2, x4);
-
-  // TODO(all): Are x4, x2 and x1 outputs? This isn't clear.
+  __ Push(function);
+  __ RecordWrite(feedback_vector, scratch1, function, kLRHasNotBeenSaved,
+                 kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
+  __ Pop(function);
 
   __ Bind(&done);
 }
 
 
 void CallFunctionStub::Generate(MacroAssembler* masm) {
   ASM_LOCATION("CallFunctionStub::Generate");
   // x1  function    the function to call
   // x2 : feedback vector
-  // x3 : slot in feedback vector (smi) (if x2 is not undefined)
+  // x3 : slot in feedback vector (smi) (if x2 is not the megamorphic symbol)
   Register function = x1;
   Register cache_cell = x2;
   Register slot = x3;
   Register type = x4;
   Label slow, non_function, wrap, cont;
 
   // TODO(jbramley): This function has a lot of unnamed registers. Name them,
   // and tidy things up a bit.
 
   if (NeedsChecks()) {
     // Check that the function is really a JavaScript function.
     __ JumpIfSmi(function, &non_function);
 
     // Goto slow case if we do not have a function.
     __ JumpIfNotObjectType(function, x10, type, JS_FUNCTION_TYPE, &slow);
 
     if (RecordCallTarget()) {
-      GenerateRecordCallTarget(masm);
+      GenerateRecordCallTarget(masm, x0, function, cache_cell, slot, x4, x5);
     }
   }
 
   // Fast-case: Invoke the function now.
   // x1  function  pushed function
   ParameterCount actual(argc_);
 
   if (CallAsMethod()) {
     if (NeedsChecks()) {
       // Do not transform the receiver for strict mode functions.
       __ Ldr(x3, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset));
       __ Ldr(w4, FieldMemOperand(x3, SharedFunctionInfo::kCompilerHintsOffset));
       __ Tbnz(w4, SharedFunctionInfo::kStrictModeFunction, &cont);
 
       // Do not transform the receiver for native (Compilerhints already in x3).
       __ Tbnz(w4, SharedFunctionInfo::kNative, &cont);
     }
 
-    // Compute the receiver in non-strict mode.
+    // Compute the receiver in sloppy mode.
     __ Peek(x3, argc_ * kPointerSize);
 
     if (NeedsChecks()) {
       __ JumpIfSmi(x3, &wrap);
       __ JumpIfObjectType(x3, x10, type, FIRST_SPEC_OBJECT_TYPE, &wrap, lt);
     } else {
       __ B(&wrap);
     }
 
     __ Bind(&cont);
   }
   __ InvokeFunction(function,
                     actual,
                     JUMP_FUNCTION,
                     NullCallWrapper());
 
   if (NeedsChecks()) {
     // Slow-case: Non-function called.
     __ Bind(&slow);
     if (RecordCallTarget()) {
       // If there is a call target cache, mark it megamorphic in the
       // non-function case. MegamorphicSentinel is an immortal immovable object
-      // (undefined) so no write barrier is needed.
+      // (megamorphic symbol) so no write barrier is needed.
       ASSERT_EQ(*TypeFeedbackInfo::MegamorphicSentinel(masm->isolate()),
-                masm->isolate()->heap()->undefined_value());
+                masm->isolate()->heap()->megamorphic_symbol());
       __ Add(x12, cache_cell, Operand::UntagSmiAndScale(slot,
                                                         kPointerSizeLog2));
-      __ LoadRoot(x11, Heap::kUndefinedValueRootIndex);
+      __ LoadRoot(x11, Heap::kMegamorphicSymbolRootIndex);
       __ Str(x11, FieldMemOperand(x12, FixedArray::kHeaderSize));
     }
     // Check for function proxy.
     // x10 : function type.
     __ CompareAndBranch(type, JS_FUNCTION_PROXY_TYPE, ne, &non_function);
     __ Push(function);  // put proxy as additional argument
     __ Mov(x0, argc_ + 1);
     __ Mov(x2, 0);
     __ GetBuiltinFunction(x1, Builtins::CALL_FUNCTION_PROXY);
     {
       Handle<Code> adaptor =
           masm->isolate()->builtins()->ArgumentsAdaptorTrampoline();
       __ Jump(adaptor, RelocInfo::CODE_TARGET);
     }
 
     // CALL_NON_FUNCTION expects the non-function callee as receiver (instead
     // of the original receiver from the call site).
     __ Bind(&non_function);
-    __ Poke(function, argc_ * kXRegSizeInBytes);
+    __ Poke(function, argc_ * kXRegSize);
     __ Mov(x0, argc_);  // Set up the number of arguments.
     __ Mov(x2, 0);
     __ GetBuiltinFunction(function, Builtins::CALL_NON_FUNCTION);
     __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
             RelocInfo::CODE_TARGET);
   }
 
   if (CallAsMethod()) {
     __ Bind(&wrap);
     // Wrap the receiver and patch it back onto the stack.
     { FrameScope frame_scope(masm, StackFrame::INTERNAL);
       __ Push(x1, x3);
       __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
       __ Pop(x1);
     }
     __ Poke(x0, argc_ * kPointerSize);
     __ B(&cont);
   }
 }
 
 
 void CallConstructStub::Generate(MacroAssembler* masm) {
   ASM_LOCATION("CallConstructStub::Generate");
   // x0 : number of arguments
   // x1 : the function to call
   // x2 : feedback vector
-  // x3 : slot in feedback vector (smi) (if r2 is not undefined)
+  // x3 : slot in feedback vector (smi) (if r2 is not the megamorphic symbol)
   Register function = x1;
   Label slow, non_function_call;
 
   // Check that the function is not a smi.
   __ JumpIfSmi(function, &non_function_call);
   // Check that the function is a JSFunction.
   Register object_type = x10;
   __ JumpIfNotObjectType(function, object_type, object_type, JS_FUNCTION_TYPE,
                          &slow);
 
   if (RecordCallTarget()) {
-    GenerateRecordCallTarget(masm);
+    GenerateRecordCallTarget(masm, x0, function, x2, x3, x4, x5);
   }
 
   // Jump to the function-specific construct stub.
   Register jump_reg = x4;
   Register shared_func_info = jump_reg;
   Register cons_stub = jump_reg;
   Register cons_stub_code = jump_reg;
   __ Ldr(shared_func_info,
          FieldMemOperand(function, JSFunction::kSharedFunctionInfoOffset));
   __ Ldr(cons_stub,
@@ skipping 1130 matching lines @@
   __ Cmp(allocation_top, x10);
   __ B(hi, &call_builtin);
 
   // We fit and could grow elements.
   // Update new_space_allocation_top.
   __ Str(allocation_top, MemOperand(allocation_top_addr));
   // Push the argument.
   __ Str(argument, MemOperand(end_elements));
   // Fill the rest with holes.
   __ LoadRoot(x10, Heap::kTheHoleValueRootIndex);
-  for (int i = 1; i < kAllocationDelta; i++) {
-    // TODO(all): Try to use stp here.
-    __ Str(x10, MemOperand(end_elements, i * kPointerSize));
-  }
+  ASSERT(kAllocationDelta == 4);
+  __ Stp(x10, x10, MemOperand(end_elements, 1 * kPointerSize));
+  __ Stp(x10, x10, MemOperand(end_elements, 3 * kPointerSize));
 
   // Update elements' and array's sizes.
   __ Str(length, FieldMemOperand(receiver, JSArray::kLengthOffset));
   __ Add(elements_length,
          elements_length,
          Operand(Smi::FromInt(kAllocationDelta)));
   __ Str(elements_length,
          FieldMemOperand(elements, FixedArray::kLengthOffset));
 
   // Elements are in new space, so write barrier is not required.
@@ skipping 55 matching lines @@
 
     __ CheckPageFlagSet(regs_.object(),
                         value,
                         1 << MemoryChunk::SCAN_ON_SCAVENGE,
                         &dont_need_remembered_set);
 
     // First notify the incremental marker if necessary, then update the
     // remembered set.
     CheckNeedsToInformIncrementalMarker(
         masm, kUpdateRememberedSetOnNoNeedToInformIncrementalMarker, mode);
-    InformIncrementalMarker(masm, mode);
+    InformIncrementalMarker(masm);
     regs_.Restore(masm);  // Restore the extra scratch registers we used.
+
     __ RememberedSetHelper(object_,
                            address_,
-                           value_,
+                           value_,            // scratch1
                            save_fp_regs_mode_,
                            MacroAssembler::kReturnAtEnd);
 
     __ Bind(&dont_need_remembered_set);
   }
 
   CheckNeedsToInformIncrementalMarker(
       masm, kReturnOnNoNeedToInformIncrementalMarker, mode);
-  InformIncrementalMarker(masm, mode);
+  InformIncrementalMarker(masm);
   regs_.Restore(masm);  // Restore the extra scratch registers we used.
   __ Ret();
 }
 
 
-void RecordWriteStub::InformIncrementalMarker(MacroAssembler* masm, Mode mode) {
+void RecordWriteStub::InformIncrementalMarker(MacroAssembler* masm) {
   regs_.SaveCallerSaveRegisters(masm, save_fp_regs_mode_);
   Register address =
     x0.Is(regs_.address()) ? regs_.scratch0() : regs_.address();
   ASSERT(!address.Is(regs_.object()));
   ASSERT(!address.Is(x0));
   __ Mov(address, regs_.address());
   __ Mov(x0, regs_.object());
   __ Mov(x1, address);
   __ Mov(x2, Operand(ExternalReference::isolate_address(masm->isolate())));
 
   AllowExternalCallThatCantCauseGC scope(masm);
-  ExternalReference function = (mode == INCREMENTAL_COMPACTION)
-      ? ExternalReference::incremental_evacuation_record_write_function(
-          masm->isolate())
-      : ExternalReference::incremental_marking_record_write_function(
+  ExternalReference function =
+      ExternalReference::incremental_marking_record_write_function(
           masm->isolate());
   __ CallCFunction(function, 3, 0);
 
   regs_.RestoreCallerSaveRegisters(masm, save_fp_regs_mode_);
 }
 
 
 void RecordWriteStub::CheckNeedsToInformIncrementalMarker(
     MacroAssembler* masm,
     OnNoNeedToInformIncrementalMarker on_no_need,
@@ skipping 12 matching lines @@
          MemOperand(mem_chunk, MemoryChunk::kWriteBarrierCounterOffset));
   __ B(mi, &need_incremental);
 
   // If the object is not black we don't have to inform the incremental marker.
   __ JumpIfBlack(regs_.object(), regs_.scratch0(), regs_.scratch1(), &on_black);
 
   regs_.Restore(masm);  // Restore the extra scratch registers we used.
   if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
     __ RememberedSetHelper(object_,
                            address_,
-                           value_,
+                           value_,            // scratch1
                            save_fp_regs_mode_,
                            MacroAssembler::kReturnAtEnd);
   } else {
     __ Ret();
   }
 
   __ Bind(&on_black);
   // Get the value from the slot.
   Register value = regs_.scratch0();
   __ Ldr(value, MemOperand(regs_.address()));
@@ skipping 22 matching lines @@
                     regs_.object(),    // Scratch.
                     regs_.address(),   // Scratch.
                     regs_.scratch2(),  // Scratch.
                     &need_incremental_pop_scratch);
   __ Pop(regs_.object(), regs_.address());
 
   regs_.Restore(masm);  // Restore the extra scratch registers we used.
   if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
     __ RememberedSetHelper(object_,
                            address_,
-                           value_,
+                           value_,            // scratch1
                            save_fp_regs_mode_,
                            MacroAssembler::kReturnAtEnd);
   } else {
     __ Ret();
   }
 
   __ Bind(&need_incremental_pop_scratch);
   __ Pop(regs_.object(), regs_.address());
 
   __ Bind(&need_incremental);
@@ skipping 12 matching lines @@
   // See RecordWriteStub::Patch for details.
   {
     InstructionAccurateScope scope(masm, 2);
     __ adr(xzr, &skip_to_incremental_noncompacting);
     __ adr(xzr, &skip_to_incremental_compacting);
   }
 
   if (remembered_set_action_ == EMIT_REMEMBERED_SET) {
     __ RememberedSetHelper(object_,
                            address_,
-                           value_,
+                           value_,            // scratch1
                            save_fp_regs_mode_,
                            MacroAssembler::kReturnAtEnd);
   }
   __ Ret();
 
   __ Bind(&skip_to_incremental_noncompacting);
   GenerateIncremental(masm, INCREMENTAL);
 
   __ Bind(&skip_to_incremental_compacting);
   GenerateIncremental(masm, INCREMENTAL_COMPACTION);
@@ skipping 56 matching lines @@
 
   __ Bind(&double_elements);
   __ Ldr(x10, FieldMemOperand(array, JSObject::kElementsOffset));
   __ StoreNumberToDoubleElements(value, index_smi, x10, x11, d0, d1,
                                  &slow_elements);
   __ Ret();
 }
 
 
 void StubFailureTrampolineStub::Generate(MacroAssembler* masm) {
-  // TODO(jbramley): The ARM code leaves the (shifted) offset in r1. Why?
-  CEntryStub ces(1, kSaveFPRegs);
+  CEntryStub ces(1, fp_registers_ ? kSaveFPRegs : kDontSaveFPRegs);
   __ Call(ces.GetCode(masm->isolate()), RelocInfo::CODE_TARGET);
   int parameter_count_offset =
       StubFailureTrampolineFrame::kCallerStackParameterCountFrameOffset;
   __ Ldr(x1, MemOperand(fp, parameter_count_offset));
   if (function_mode_ == JS_FUNCTION_STUB_MODE) {
     __ Add(x1, x1, 1);
   }
   masm->LeaveFrame(StackFrame::STUB_FAILURE_TRAMPOLINE);
   __ Drop(x1);
   // Return to IC Miss stub, continuation still on stack.
   __ Ret();
 }
 
 
 void ProfileEntryHookStub::MaybeCallEntryHook(MacroAssembler* masm) {
   if (masm->isolate()->function_entry_hook() != NULL) {
     // TODO(all): This needs to be reliably consistent with
     // kReturnAddressDistanceFromFunctionStart in ::Generate.
-    Assembler::BlockConstPoolScope no_const_pools(masm);
+    Assembler::BlockPoolsScope no_pools(masm);
     ProfileEntryHookStub stub;
     __ Push(lr);
     __ CallStub(&stub);
     __ Pop(lr);
   }
 }
 
 
 void ProfileEntryHookStub::Generate(MacroAssembler* masm) {
   MacroAssembler::NoUseRealAbortsScope no_use_real_aborts(masm);
   // The entry hook is a "BumpSystemStackPointer" instruction (sub), followed by
   // a "Push lr" instruction, followed by a call.
-  // TODO(jbramley): Verify that this call is always made with relocation.
   static const int kReturnAddressDistanceFromFunctionStart =
       Assembler::kCallSizeWithRelocation + (2 * kInstructionSize);
 
   // Save all kCallerSaved registers (including lr), since this can be called
   // from anywhere.
   // TODO(jbramley): What about FP registers?
   __ PushCPURegList(kCallerSaved);
   ASSERT(kCallerSaved.IncludesAliasOf(lr));
   const int kNumSavedRegs = kCallerSaved.Count();
 
@@ skipping 101 matching lines @@
       __ Add(scratch2, scratch2, Operand(
           NameDictionary::GetProbeOffset(i) << Name::kHashShift));
     }
     __ And(scratch2, scratch1, Operand(scratch2, LSR, Name::kHashShift));
 
     // Scale the index by multiplying by the element size.
     ASSERT(NameDictionary::kEntrySize == 3);
     __ Add(scratch2, scratch2, Operand(scratch2, LSL, 1));
 
     // Check if the key is identical to the name.
+    UseScratchRegisterScope temps(masm);
+    Register scratch3 = temps.AcquireX();
     __ Add(scratch2, elements, Operand(scratch2, LSL, kPointerSizeLog2));
-    // TODO(jbramley): We need another scratch here, but some callers can't
-    // provide a scratch3 so we have to use Tmp1(). We should find a clean way
-    // to make it unavailable to the MacroAssembler for a short time.
-    __ Ldr(__ Tmp1(), FieldMemOperand(scratch2, kElementsStartOffset));
-    __ Cmp(name, __ Tmp1());
+    __ Ldr(scratch3, FieldMemOperand(scratch2, kElementsStartOffset));
+    __ Cmp(name, scratch3);
     __ B(eq, done);
   }
 
   // The inlined probes didn't find the entry.
   // Call the complete stub to scan the whole dictionary.
 
-  CPURegList spill_list(CPURegister::kRegister, kXRegSize, 0, 6);
+  CPURegList spill_list(CPURegister::kRegister, kXRegSizeInBits, 0, 6);
   spill_list.Combine(lr);
   spill_list.Remove(scratch1);
   spill_list.Remove(scratch2);
 
   __ PushCPURegList(spill_list);
 
   if (name.is(x0)) {
     ASSERT(!elements.is(x1));
     __ Mov(x1, name);
     __ Mov(x0, elements);
@@ skipping 59 matching lines @@
     __ JumpIfRoot(entity_name, Heap::kTheHoleValueRootIndex, &good);
 
     // Check if the entry name is not a unique name.
     __ Ldr(entity_name, FieldMemOperand(entity_name, HeapObject::kMapOffset));
     __ Ldrb(entity_name,
             FieldMemOperand(entity_name, Map::kInstanceTypeOffset));
     __ JumpIfNotUniqueName(entity_name, miss);
     __ Bind(&good);
   }
 
-  CPURegList spill_list(CPURegister::kRegister, kXRegSize, 0, 6);
+  CPURegList spill_list(CPURegister::kRegister, kXRegSizeInBits, 0, 6);
   spill_list.Combine(lr);
   spill_list.Remove(scratch0);  // Scratch registers don't need to be preserved.
 
   __ PushCPURegList(spill_list);
 
   __ Ldr(x0, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
   __ Mov(x1, Operand(name));
   NameDictionaryLookupStub stub(NEGATIVE_LOOKUP);
   __ CallStub(&stub);
   // Move stub return value to scratch0. Note that scratch0 is not included in
@@ skipping 189 matching lines @@
     __ Add(x11, x11, Operand(Smi::FromInt(kFastElementsKindPackedToHoley)));
     __ Str(x11, FieldMemOperand(allocation_site,
                                 AllocationSite::kTransitionInfoOffset));
 
     __ Bind(&normal_sequence);
     int last_index =
         GetSequenceIndexFromFastElementsKind(TERMINAL_FAST_ELEMENTS_KIND);
     for (int i = 0; i <= last_index; ++i) {
       Label next;
       ElementsKind candidate_kind = GetFastElementsKindFromSequenceIndex(i);
-      // TODO(jbramley): Is this the best way to handle this? Can we make the
-      // tail calls conditional, rather than hopping over each one?
       __ CompareAndBranch(kind, candidate_kind, ne, &next);
       ArraySingleArgumentConstructorStub stub(candidate_kind);
       __ TailCallStub(&stub);
       __ Bind(&next);
     }
 
     // If we reached this point there is a problem.
     __ Abort(kUnexpectedElementsKindInArrayConstructor);
   } else {
     UNREACHABLE();
@@ skipping 73 matching lines @@
     UNREACHABLE();
   }
 }
 
 
 void ArrayConstructorStub::Generate(MacroAssembler* masm) {
   ASM_LOCATION("ArrayConstructorStub::Generate");
   // ----------- S t a t e -------------
   //  -- x0 : argc (only if argument_count_ == ANY)
   //  -- x1 : constructor
-  //  -- x2 : feedback vector (fixed array or undefined)
+  //  -- x2 : feedback vector (fixed array or the megamorphic symbol)
   //  -- x3 : slot index (if x2 is fixed array)
   //  -- sp[0] : return address
   //  -- sp[4] : last argument
   // -----------------------------------
   Register constructor = x1;
   Register feedback_vector = x2;
   Register slot_index = x3;
 
+  ASSERT_EQ(*TypeFeedbackInfo::MegamorphicSentinel(masm->isolate()),
+            masm->isolate()->heap()->megamorphic_symbol());
+
   if (FLAG_debug_code) {
     // The array construct code is only set for the global and natives
     // builtin Array functions which always have maps.
 
     Label unexpected_map, map_ok;
     // Initial map for the builtin Array function should be a map.
     __ Ldr(x10, FieldMemOperand(constructor,
                                 JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi.
     __ JumpIfSmi(x10, &unexpected_map);
     __ JumpIfObjectType(x10, x10, x11, MAP_TYPE, &map_ok);
     __ Bind(&unexpected_map);
     __ Abort(kUnexpectedInitialMapForArrayFunction);
     __ Bind(&map_ok);
 
-    // In feedback_vector, we expect either undefined or a valid fixed array.
+    // In feedback_vector, we expect either the megamorphic symbol or a valid
+    // fixed array.
     Label okay_here;
     Handle<Map> fixed_array_map = masm->isolate()->factory()->fixed_array_map();
-    __ JumpIfRoot(feedback_vector, Heap::kUndefinedValueRootIndex, &okay_here);
+    __ JumpIfRoot(feedback_vector, Heap::kMegamorphicSymbolRootIndex,
+                  &okay_here);
     __ Ldr(x10, FieldMemOperand(feedback_vector, FixedArray::kMapOffset));
     __ Cmp(x10, Operand(fixed_array_map));
     __ Assert(eq, kExpectedFixedArrayInFeedbackVector);
 
     // slot_index should be a smi if we don't have undefined in feedback_vector.
     __ AssertSmi(slot_index);
 
     __ Bind(&okay_here);
   }
 
   Register allocation_site = x2;  // Overwrites feedback_vector.
   Register kind = x3;
   Label no_info;
   // Get the elements kind and case on that.
-  __ JumpIfRoot(feedback_vector, Heap::kUndefinedValueRootIndex, &no_info);
+  __ JumpIfRoot(feedback_vector, Heap::kMegamorphicSymbolRootIndex, &no_info);
   __ Add(feedback_vector, feedback_vector,
          Operand::UntagSmiAndScale(slot_index, kPointerSizeLog2));
   __ Ldr(allocation_site, FieldMemOperand(feedback_vector,
                                           FixedArray::kHeaderSize));
 
-  // If the feedback vector is undefined, or contains anything other than an
-  // AllocationSite, call an array constructor that doesn't use AllocationSites.
+  // If the feedback vector is the megamorphic symbol, or contains anything
+  // other than an AllocationSite, call an array constructor that doesn't
+  // use AllocationSites.
   __ Ldr(x10, FieldMemOperand(allocation_site, AllocationSite::kMapOffset));
   __ JumpIfNotRoot(x10, Heap::kAllocationSiteMapRootIndex, &no_info);
 
   __ Ldrsw(kind,
            UntagSmiFieldMemOperand(allocation_site,
                                    AllocationSite::kTransitionInfoOffset));
   __ And(kind, kind, AllocationSite::ElementsKindBits::kMask);
   GenerateDispatchToArrayStub(masm, DONT_OVERRIDE);
 
   __ Bind(&no_info);
@@ skipping 160 matching lines @@
   const int kCallApiFunctionSpillSpace = 4;
 
   FrameScope frame_scope(masm, StackFrame::MANUAL);
   __ EnterExitFrame(false, x10, kApiStackSpace + kCallApiFunctionSpillSpace);
 
   // TODO(all): Optimize this with stp and suchlike.
   ASSERT(!AreAliased(x0, api_function_address));
   // x0 = FunctionCallbackInfo&
   // Arguments is after the return address.
   __ Add(x0, masm->StackPointer(), 1 * kPointerSize);
-  // FunctionCallbackInfo::implicit_args_
-  __ Str(args, MemOperand(x0, 0 * kPointerSize));
-  // FunctionCallbackInfo::values_
+  // FunctionCallbackInfo::implicit_args_ and FunctionCallbackInfo::values_
   __ Add(x10, args, Operand((FCA::kArgsLength - 1 + argc) * kPointerSize));
-  __ Str(x10, MemOperand(x0, 1 * kPointerSize));
-  // FunctionCallbackInfo::length_ = argc
+  __ Stp(args, x10, MemOperand(x0, 0 * kPointerSize));
+  // FunctionCallbackInfo::length_ = argc and
+  // FunctionCallbackInfo::is_construct_call = 0
   __ Mov(x10, argc);
-  __ Str(x10, MemOperand(x0, 2 * kPointerSize));
-  // FunctionCallbackInfo::is_construct_call = 0
-  __ Str(xzr, MemOperand(x0, 3 * kPointerSize));
+  __ Stp(x10, xzr, MemOperand(x0, 2 * kPointerSize));
 
   const int kStackUnwindSpace = argc + FCA::kArgsLength + 1;
   Address thunk_address = FUNCTION_ADDR(&InvokeFunctionCallback);
   ExternalReference::Type thunk_type = ExternalReference::PROFILING_API_CALL;
   ApiFunction thunk_fun(thunk_address);
   ExternalReference thunk_ref = ExternalReference(&thunk_fun, thunk_type,
       masm->isolate());
 
   AllowExternalCallThatCantCauseGC scope(masm);
   MemOperand context_restore_operand(
@@ skipping 61 matching lines @@
                               MemOperand(fp, 6 * kPointerSize),
                               NULL);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_A64