Merge 6800:7180 from the bleeding edge branch to the experimental/gc branch.

src/x64/codegen-x64.cc

-// Copyright 2010 the V8 project authors. All rights reserved.
+// Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
 //       with the distribution.
@@ skipping 596 matching lines @@
     LoadFromSlotCheckForArguments(variable->AsSlot(), INSIDE_TYPEOF);
   } else {
     // Anything else can be handled normally.
     Load(expr);
   }
 }
 
 
 ArgumentsAllocationMode CodeGenerator::ArgumentsMode() {
   if (scope()->arguments() == NULL) return NO_ARGUMENTS_ALLOCATION;
-  ASSERT(scope()->arguments_shadow() != NULL);
+
+  // In strict mode there is no need for shadow arguments.
+  ASSERT(scope()->arguments_shadow() != NULL || scope()->is_strict_mode());
   // We don't want to do lazy arguments allocation for functions that
   // have heap-allocated contexts, because it interfers with the
   // uninitialized const tracking in the context objects.
-  return (scope()->num_heap_slots() > 0)
+  return (scope()->num_heap_slots() > 0 || scope()->is_strict_mode())
       ? EAGER_ARGUMENTS_ALLOCATION
       : LAZY_ARGUMENTS_ALLOCATION;
 }
 
 
 Result CodeGenerator::StoreArgumentsObject(bool initial) {
   ArgumentsAllocationMode mode = ArgumentsMode();
   ASSERT(mode != NO_ARGUMENTS_ALLOCATION);
 
   Comment cmnt(masm_, "[ store arguments object");
   if (mode == LAZY_ARGUMENTS_ALLOCATION && initial) {
     // When using lazy arguments allocation, we store the arguments marker value
     // as a sentinel indicating that the arguments object hasn't been
     // allocated yet.
     frame_->Push(Factory::arguments_marker());
   } else {
     ArgumentsAccessStub stub(ArgumentsAccessStub::NEW_OBJECT);
     frame_->PushFunction();
     frame_->PushReceiverSlotAddress();
     frame_->Push(Smi::FromInt(scope()->num_parameters()));
     Result result = frame_->CallStub(&stub, 3);
     frame_->Push(&result);
   }
 
   Variable* arguments = scope()->arguments();
   Variable* shadow = scope()->arguments_shadow();
   ASSERT(arguments != NULL && arguments->AsSlot() != NULL);
-  ASSERT(shadow != NULL && shadow->AsSlot() != NULL);
+  ASSERT((shadow != NULL && shadow->AsSlot() != NULL) ||
+         scope()->is_strict_mode());
+
   JumpTarget done;
   bool skip_arguments = false;
   if (mode == LAZY_ARGUMENTS_ALLOCATION && !initial) {
     // We have to skip storing into the arguments slot if it has
     // already been written to. This can happen if the a function
     // has a local variable named 'arguments'.
     LoadFromSlot(arguments->AsSlot(), NOT_INSIDE_TYPEOF);
     Result probe = frame_->Pop();
     if (probe.is_constant()) {
       // We have to skip updating the arguments object if it has
       // been assigned a proper value.
       skip_arguments = !probe.handle()->IsArgumentsMarker();
     } else {
       __ CompareRoot(probe.reg(), Heap::kArgumentsMarkerRootIndex);
       probe.Unuse();
       done.Branch(not_equal);
     }
   }
   if (!skip_arguments) {
     StoreToSlot(arguments->AsSlot(), NOT_CONST_INIT);
     if (mode == LAZY_ARGUMENTS_ALLOCATION) done.Bind();
   }
-  StoreToSlot(shadow->AsSlot(), NOT_CONST_INIT);
+  if (shadow != NULL) {
+    StoreToSlot(shadow->AsSlot(), NOT_CONST_INIT);
+  }
   return frame_->Pop();
 }
 
 //------------------------------------------------------------------------------
 // CodeGenerator implementation of variables, lookups, and stores.
 
 Reference::Reference(CodeGenerator* cgen,
                      Expression* expression,
                      bool  persist_after_get)
     : cgen_(cgen),
@@ skipping 73 matching lines @@
   // The value to convert should be popped from the frame.
   Result value = frame_->Pop();
   value.ToRegister();
 
   if (value.is_number()) {
     // Fast case if TypeInfo indicates only numbers.
     if (FLAG_debug_code) {
       __ AbortIfNotNumber(value.reg());
     }
     // Smi => false iff zero.
-    __ SmiCompare(value.reg(), Smi::FromInt(0));
+    __ Cmp(value.reg(), Smi::FromInt(0));
     if (value.is_smi()) {
       value.Unuse();
       dest->Split(not_zero);
     } else {
       dest->false_target()->Branch(equal);
       Condition is_smi = masm_->CheckSmi(value.reg());
       dest->true_target()->Branch(is_smi);
       __ xorpd(xmm0, xmm0);
       __ ucomisd(xmm0, FieldOperand(value.reg(), HeapNumber::kValueOffset));
       value.Unuse();
       dest->Split(not_zero);
     }
   } else {
     // Fast case checks.
     // 'false' => false.
     __ CompareRoot(value.reg(), Heap::kFalseValueRootIndex);
     dest->false_target()->Branch(equal);
 
     // 'true' => true.
     __ CompareRoot(value.reg(), Heap::kTrueValueRootIndex);
     dest->true_target()->Branch(equal);
 
     // 'undefined' => false.
     __ CompareRoot(value.reg(), Heap::kUndefinedValueRootIndex);
     dest->false_target()->Branch(equal);
 
     // Smi => false iff zero.
-    __ SmiCompare(value.reg(), Smi::FromInt(0));
+    __ Cmp(value.reg(), Smi::FromInt(0));
     dest->false_target()->Branch(equal);
     Condition is_smi = masm_->CheckSmi(value.reg());
     dest->true_target()->Branch(is_smi);
 
     // Call the stub for all other cases.
     frame_->Push(&value);  // Undo the Pop() from above.
     ToBooleanStub stub;
     Result temp = frame_->CallStub(&stub, 1);
     // Convert the result to a condition code.
     __ testq(temp.reg(), temp.reg());
@@ skipping 221 matching lines @@
                              operands_type);
     answer = GenerateGenericBinaryOpStubCall(&stub, &left, &right);
   } else if (right_is_smi_constant) {
     answer = ConstantSmiBinaryOperation(expr, &left, right.handle(),
                                         false, overwrite_mode);
   } else if (left_is_smi_constant) {
     answer = ConstantSmiBinaryOperation(expr, &right, left.handle(),
                                         true, overwrite_mode);
   } else {
     // Set the flags based on the operation, type and loop nesting level.
-    // Bit operations always assume they likely operate on Smis. Still only
+    // Bit operations always assume they likely operate on smis. Still only
     // generate the inline Smi check code if this operation is part of a loop.
     // For all other operations only inline the Smi check code for likely smis
     // if the operation is part of a loop.
     if (loop_nesting() > 0 &&
         (Token::IsBitOp(op) ||
          operands_type.IsInteger32() ||
          expr->type()->IsLikelySmi())) {
       answer = LikelySmiBinaryOperation(expr, &left, &right, overwrite_mode);
     } else {
       GenericBinaryOpStub stub(op,
@@ skipping 1051 matching lines @@
       is_string.Bind(&left_side);
       // left_side is a sequential ASCII string.
       ASSERT(left_side.reg().is(left_reg));
       right_side = Result(right_val);
       Result temp2 = allocator_->Allocate();
       ASSERT(temp2.is_valid());
       // Test string equality and comparison.
       if (cc == equal) {
         Label comparison_done;
         __ SmiCompare(FieldOperand(left_side.reg(), String::kLengthOffset),
-                Smi::FromInt(1));
+                      Smi::FromInt(1));
         __ j(not_equal, &comparison_done);
         uint8_t char_value =
             static_cast<uint8_t>(String::cast(*right_val)->Get(0));
         __ cmpb(FieldOperand(left_side.reg(), SeqAsciiString::kHeaderSize),
                 Immediate(char_value));
         __ bind(&comparison_done);
       } else {
         __ movq(temp2.reg(),
                 FieldOperand(left_side.reg(), String::kLengthOffset));
         __ SmiSubConstant(temp2.reg(), temp2.reg(), Smi::FromInt(1));
@@ skipping 165 matching lines @@
     // Since one side is a constant Smi, conversion order does not matter.
     if (left_side_constant_smi) {
       Result* temp = left_side;
       left_side = right_side;
       right_side = temp;
       cc = ReverseCondition(cc);
       // This may re-introduce greater or less_equal as the value of cc.
       // CompareStub and the inline code both support all values of cc.
     }
     // Implement comparison against a constant Smi, inlining the case
-    // where both sides are Smis.
+    // where both sides are smis.
     left_side->ToRegister();
     Register left_reg = left_side->reg();
     Smi* constant_smi = Smi::cast(*right_side->handle());
 
     if (left_side->is_smi()) {
       if (FLAG_debug_code) {
         __ AbortIfNotSmi(left_reg);
       }
       // Test smi equality and comparison by signed int comparison.
-      // Both sides are smis, so we can use an Immediate.
       __ SmiCompare(left_reg, constant_smi);
       left_side->Unuse();
       right_side->Unuse();
       dest->Split(cc);
     } else {
       // Only the case where the left side could possibly be a non-smi is left.
       JumpTarget is_smi;
       if (cc == equal) {
         // We can do the equality comparison before the smi check.
-        __ SmiCompare(left_reg, constant_smi);
+        __ Cmp(left_reg, constant_smi);
         dest->true_target()->Branch(equal);
         Condition left_is_smi = masm_->CheckSmi(left_reg);
         dest->false_target()->Branch(left_is_smi);
       } else {
         // Do the smi check, then the comparison.
         Condition left_is_smi = masm_->CheckSmi(left_reg);
         is_smi.Branch(left_is_smi, left_side, right_side);
       }
 
       // Jump or fall through to here if we are comparing a non-smi to a
@@ skipping 240 matching lines @@
       __ movq(rdi, Operand(rsp, 2 * kPointerSize));
       is_smi = masm_->CheckSmi(rdi);
       __ j(is_smi, &build_args);
       __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rcx);
       __ j(not_equal, &build_args);
 
       // Copy the arguments to this function possibly from the
       // adaptor frame below it.
       Label invoke, adapted;
       __ movq(rdx, Operand(rbp, StandardFrameConstants::kCallerFPOffset));
-      __ SmiCompare(Operand(rdx, StandardFrameConstants::kContextOffset),
-                    Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
+      __ Cmp(Operand(rdx, StandardFrameConstants::kContextOffset),
+             Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
       __ j(equal, &adapted);
 
       // No arguments adaptor frame. Copy fixed number of arguments.
       __ Set(rax, scope()->num_parameters());
       for (int i = 0; i < scope()->num_parameters(); i++) {
         __ push(frame_->ParameterAt(i));
       }
       __ jmp(&invoke);
 
       // Arguments adaptor frame present. Copy arguments from there, but
@@ skipping 156 matching lines @@
 void CodeGenerator::DeclareGlobals(Handle<FixedArray> pairs) {
   // Call the runtime to declare the globals.  The inevitable call
   // will sync frame elements to memory anyway, so we do it eagerly to
   // allow us to push the arguments directly into place.
   frame_->SyncRange(0, frame_->element_count() - 1);
 
   __ movq(kScratchRegister, pairs, RelocInfo::EMBEDDED_OBJECT);
   frame_->EmitPush(rsi);  // The context is the first argument.
   frame_->EmitPush(kScratchRegister);
   frame_->EmitPush(Smi::FromInt(is_eval() ? 1 : 0));
-  Result ignored = frame_->CallRuntime(Runtime::kDeclareGlobals, 3);
+  frame_->EmitPush(Smi::FromInt(strict_mode_flag()));
+  Result ignored = frame_->CallRuntime(Runtime::kDeclareGlobals, 4);
   // Return value is ignored.
 }
 
 
 void CodeGenerator::VisitDeclaration(Declaration* node) {
   Comment cmnt(masm_, "[ Declaration");
   Variable* var = node->proxy()->var();
   ASSERT(var != NULL);  // must have been resolved
   Slot* slot = var->AsSlot();
 
@@ skipping 1082 matching lines @@
   __ cmpq(rcx, rdx);
   end_del_check.Branch(equal);
 
   // Convert the entry to a string (or null if it isn't a property anymore).
   frame_->EmitPush(frame_->ElementAt(4));  // push enumerable
   frame_->EmitPush(rbx);  // push entry
   frame_->InvokeBuiltin(Builtins::FILTER_KEY, CALL_FUNCTION, 2);
   __ movq(rbx, rax);
 
   // If the property has been removed while iterating, we just skip it.
-  __ SmiCompare(rbx, Smi::FromInt(0));
+  __ Cmp(rbx, Smi::FromInt(0));
   node->continue_target()->Branch(equal);
 
   end_del_check.Bind();
   // Store the entry in the 'each' expression and take another spin in the
   // loop.  rdx: i'th entry of the enum cache (or string there of)
   frame_->EmitPush(rbx);
   { Reference each(this, node->each());
     // Loading a reference may leave the frame in an unspilled state.
     frame_->SpillAll();
     if (!each.is_illegal()) {
@@ skipping 734 matching lines @@
       // context slot declaration, but we cannot initialize it at the same
       // time, because the const declaration may be at the end of the eval
       // code (sigh...) and the const variable may have been used before
       // (where its value is 'undefined'). Thus, we can only do the
       // initialization when we actually encounter the expression and when
       // the expression operands are defined and valid, and thus we need the
       // split into 2 operations: declaration of the context slot followed
       // by initialization.
       value = frame_->CallRuntime(Runtime::kInitializeConstContextSlot, 3);
     } else {
-      value = frame_->CallRuntime(Runtime::kStoreContextSlot, 3);
+      frame_->Push(Smi::FromInt(strict_mode_flag()));
+      value = frame_->CallRuntime(Runtime::kStoreContextSlot, 4);
     }
     // Storing a variable must keep the (new) value on the expression
     // stack. This is necessary for compiling chained assignment
     // expressions.
     frame_->Push(&value);
   } else {
     ASSERT(!slot->var()->is_dynamic());
 
     JumpTarget exit;
     if (init_state == CONST_INIT) {
@@ skipping 292 matching lines @@
           break;
         }
         // Fall through
       }
       case ObjectLiteral::Property::PROTOTYPE: {
         // Duplicate the object as an argument to the runtime call.
         frame_->Dup();
         Load(property->key());
         Load(property->value());
         if (property->emit_store()) {
+          frame_->Push(Smi::FromInt(NONE));   // PropertyAttributes
           // Ignore the result.
-          Result ignored = frame_->CallRuntime(Runtime::kSetProperty, 3);
+          Result ignored = frame_->CallRuntime(Runtime::kSetProperty, 4);
         } else {
           frame_->Drop(3);
         }
         break;
       }
       case ObjectLiteral::Property::SETTER: {
         // Duplicate the object as an argument to the runtime call.
         frame_->Dup();
         Load(property->key());
         frame_->Push(Smi::FromInt(1));
@@ skipping 1257 matching lines @@
 
 void CodeGenerator::GenerateIsConstructCall(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 0);
 
   // Get the frame pointer for the calling frame.
   Result fp = allocator()->Allocate();
   __ movq(fp.reg(), Operand(rbp, StandardFrameConstants::kCallerFPOffset));
 
   // Skip the arguments adaptor frame if it exists.
   Label check_frame_marker;
-  __ SmiCompare(Operand(fp.reg(), StandardFrameConstants::kContextOffset),
-                Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
+  __ Cmp(Operand(fp.reg(), StandardFrameConstants::kContextOffset),
+         Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
   __ j(not_equal, &check_frame_marker);
   __ movq(fp.reg(), Operand(fp.reg(), StandardFrameConstants::kCallerFPOffset));
 
   // Check the marker in the calling frame.
   __ bind(&check_frame_marker);
-  __ SmiCompare(Operand(fp.reg(), StandardFrameConstants::kMarkerOffset),
-                Smi::FromInt(StackFrame::CONSTRUCT));
+  __ Cmp(Operand(fp.reg(), StandardFrameConstants::kMarkerOffset),
+         Smi::FromInt(StackFrame::CONSTRUCT));
   fp.Unuse();
   destination()->Split(equal);
 }
 
 
 void CodeGenerator::GenerateArgumentsLength(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 0);
 
   Result fp = allocator_->Allocate();
   Result result = allocator_->Allocate();
   ASSERT(fp.is_valid() && result.is_valid());
 
   Label exit;
 
   // Get the number of formal parameters.
   __ Move(result.reg(), Smi::FromInt(scope()->num_parameters()));
 
   // Check if the calling frame is an arguments adaptor frame.
   __ movq(fp.reg(), Operand(rbp, StandardFrameConstants::kCallerFPOffset));
-  __ SmiCompare(Operand(fp.reg(), StandardFrameConstants::kContextOffset),
-                Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
+  __ Cmp(Operand(fp.reg(), StandardFrameConstants::kContextOffset),
+         Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
   __ j(not_equal, &exit);
 
   // Arguments adaptor case: Read the arguments length from the
   // adaptor frame.
   __ movq(result.reg(),
           Operand(fp.reg(), ArgumentsAdaptorFrameConstants::kLengthOffset));
 
   __ bind(&exit);
   result.set_type_info(TypeInfo::Smi());
   if (FLAG_debug_code) {
@@ skipping 538 matching lines @@
   frame_->Spill(index1.reg());
   frame_->Spill(index2.reg());
 
   DeferredSwapElements* deferred = new DeferredSwapElements(object.reg(),
                                                             index1.reg(),
                                                             index2.reg());
 
   // Fetch the map and check if array is in fast case.
   // Check that object doesn't require security checks and
   // has no indexed interceptor.
-  __ CmpObjectType(object.reg(), FIRST_JS_OBJECT_TYPE, tmp1.reg());
-  deferred->Branch(below);
+  __ CmpObjectType(object.reg(), JS_ARRAY_TYPE, tmp1.reg());
+  deferred->Branch(not_equal);
   __ testb(FieldOperand(tmp1.reg(), Map::kBitFieldOffset),
            Immediate(KeyedLoadIC::kSlowCaseBitFieldMask));
   deferred->Branch(not_zero);
 
   // Check the object's elements are in fast case and writable.
   __ movq(tmp1.reg(), FieldOperand(object.reg(), JSObject::kElementsOffset));
   __ CompareRoot(FieldOperand(tmp1.reg(), HeapObject::kMapOffset),
                  Heap::kFixedArrayMapRootIndex);
   deferred->Branch(not_equal);
 
@@ skipping 21 matching lines @@
                                     FixedArray::kHeaderSize));
 
   // Swap elements.
   __ movq(object.reg(), Operand(index1.reg(), 0));
   __ movq(tmp2.reg(), Operand(index2.reg(), 0));
   __ movq(Operand(index2.reg(), 0), object.reg());
   __ movq(Operand(index1.reg(), 0), tmp2.reg());
 
   Label done;
   __ InNewSpace(tmp1.reg(), tmp2.reg(), equal, &done);
-  // Possible optimization: do a check that both values are Smis
+  // Possible optimization: do a check that both values are smis
   // (or them and test against Smi mask.)
 
   __ movq(tmp2.reg(), tmp1.reg());
   __ RecordWriteHelper(tmp1.reg(), index1.reg(), object.reg(), kDontSaveFPRegs);
   __ RecordWriteHelper(tmp2.reg(), index2.reg(), object.reg(), kDontSaveFPRegs);
   __ bind(&done);
 
   deferred->BindExit();
   frame_->Push(Factory::undefined_value());
 }
@@ skipping 192 matching lines @@
   answer = frame()->CallRuntime(Runtime::kMath_pow_cfunction, 2);
 
   done.Bind(&answer);
   frame()->Push(&answer);
 }
 
 
 void CodeGenerator::GenerateMathSin(ZoneList<Expression*>* args) {
   ASSERT_EQ(args->length(), 1);
   Load(args->at(0));
-  TranscendentalCacheStub stub(TranscendentalCache::SIN);
+  TranscendentalCacheStub stub(TranscendentalCache::SIN,
+                               TranscendentalCacheStub::TAGGED);
   Result result = frame_->CallStub(&stub, 1);
   frame_->Push(&result);
 }
 
 
 void CodeGenerator::GenerateMathCos(ZoneList<Expression*>* args) {
   ASSERT_EQ(args->length(), 1);
   Load(args->at(0));
-  TranscendentalCacheStub stub(TranscendentalCache::COS);
+  TranscendentalCacheStub stub(TranscendentalCache::COS,
+                               TranscendentalCacheStub::TAGGED);
   Result result = frame_->CallStub(&stub, 1);
   frame_->Push(&result);
 }
 
 
 void CodeGenerator::GenerateMathLog(ZoneList<Expression*>* args) {
   ASSERT_EQ(args->length(), 1);
   Load(args->at(0));
-  TranscendentalCacheStub stub(TranscendentalCache::LOG);
+  TranscendentalCacheStub stub(TranscendentalCache::LOG,
+                               TranscendentalCacheStub::TAGGED);
   Result result = frame_->CallStub(&stub, 1);
   frame_->Push(&result);
 }
 
 
 // Generates the Math.sqrt method. Please note - this function assumes that
 // the callsite has executed ToNumber on the argument.
 void CodeGenerator::GenerateMathSqrt(ZoneList<Expression*>* args) {
   ASSERT(args->length() == 1);
   Load(args->at(0));
@@ skipping 170 matching lines @@
       Load(property->key());
       frame_->Push(Smi::FromInt(strict_mode_flag()));
       Result answer = frame_->InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION, 3);
       frame_->Push(&answer);
       return;
     }
 
     Variable* variable = node->expression()->AsVariableProxy()->AsVariable();
     if (variable != NULL) {
       // Delete of an unqualified identifier is disallowed in strict mode
-      // so this code can only be reached in non-strict mode.
-      ASSERT(strict_mode_flag() == kNonStrictMode);
+      // but "delete this" is.
+      ASSERT(strict_mode_flag() == kNonStrictMode || variable->is_this());
       Slot* slot = variable->AsSlot();
       if (variable->is_global()) {
         LoadGlobal();
         frame_->Push(variable->name());
         frame_->Push(Smi::FromInt(kNonStrictMode));
         Result answer = frame_->InvokeBuiltin(Builtins::DELETE,
                                               CALL_FUNCTION, 3);
         frame_->Push(&answer);
-        return;
 
       } else if (slot != NULL && slot->type() == Slot::LOOKUP) {
         // Call the runtime to delete from the context holding the named
         // variable.  Sync the virtual frame eagerly so we can push the
         // arguments directly into place.
         frame_->SyncRange(0, frame_->element_count() - 1);
         frame_->EmitPush(rsi);
         frame_->EmitPush(variable->name());
         Result answer = frame_->CallRuntime(Runtime::kDeleteContextSlot, 2);
         frame_->Push(&answer);
-        return;
+      } else {
+        // Default: Result of deleting non-global, not dynamically
+        // introduced variables is false.
+        frame_->Push(Factory::false_value());
       }
-
-      // Default: Result of deleting non-global, not dynamically
-      // introduced variables is false.
-      frame_->Push(Factory::false_value());
-
     } else {
       // Default: Result of deleting expressions is true.
       Load(node->expression());  // may have side-effects
       frame_->SetElementAt(0, Factory::true_value());
     }
 
   } else if (op == Token::TYPEOF) {
     // Special case for loading the typeof expression; see comment on
     // LoadTypeofExpression().
     LoadTypeofExpression(node->expression());
@@ skipping 665 matching lines @@
 bool CodeGenerator::HasValidEntryRegisters() {
   return (allocator()->count(rax) == (frame()->is_used(rax) ? 1 : 0))
       && (allocator()->count(rbx) == (frame()->is_used(rbx) ? 1 : 0))
       && (allocator()->count(rcx) == (frame()->is_used(rcx) ? 1 : 0))
       && (allocator()->count(rdx) == (frame()->is_used(rdx) ? 1 : 0))
       && (allocator()->count(rdi) == (frame()->is_used(rdi) ? 1 : 0))
       && (allocator()->count(r8) == (frame()->is_used(r8) ? 1 : 0))
       && (allocator()->count(r9) == (frame()->is_used(r9) ? 1 : 0))
       && (allocator()->count(r11) == (frame()->is_used(r11) ? 1 : 0))
       && (allocator()->count(r14) == (frame()->is_used(r14) ? 1 : 0))
-      && (allocator()->count(r12) == (frame()->is_used(r12) ? 1 : 0));
+      && (allocator()->count(r15) == (frame()->is_used(r15) ? 1 : 0));
 }
 #endif
 
 
 
 // Emit a LoadIC call to get the value from receiver and leave it in
 // dst.  The receiver register is restored after the call.
 class DeferredReferenceGetNamedValue: public DeferredCode {
  public:
   DeferredReferenceGetNamedValue(Register dst,
@@ skipping 102 matching lines @@
   __ IncrementCounter(&Counters::keyed_load_inline_miss, 1);
 
   if (!dst_.is(rax)) __ movq(dst_, rax);
 }
 
 
 class DeferredReferenceSetKeyedValue: public DeferredCode {
  public:
   DeferredReferenceSetKeyedValue(Register value,
                                  Register key,
-                                 Register receiver)
-      : value_(value), key_(key), receiver_(receiver) {
+                                 Register receiver,
+                                 StrictModeFlag strict_mode)
+      : value_(value),
+        key_(key),
+        receiver_(receiver),
+        strict_mode_(strict_mode) {
     set_comment("[ DeferredReferenceSetKeyedValue");
   }
 
   virtual void Generate();
 
   Label* patch_site() { return &patch_site_; }
 
  private:
   Register value_;
   Register key_;
   Register receiver_;
   Label patch_site_;
+  StrictModeFlag strict_mode_;
 };
 
 
 void DeferredReferenceSetKeyedValue::Generate() {
   __ IncrementCounter(&Counters::keyed_store_inline_miss, 1);
   // Move value, receiver, and key to registers rax, rdx, and rcx, as
   // the IC stub expects.
   // Move value to rax, using xchg if the receiver or key is in rax.
   if (!value_.is(rax)) {
     if (!receiver_.is(rax) && !key_.is(rax)) {
@@ skipping 31 matching lines @@
       __ movq(rcx, key_);
     }
   } else if (key_.is(rcx)) {
     __ movq(rdx, receiver_);
   } else {
     __ movq(rcx, key_);
     __ movq(rdx, receiver_);
   }
 
   // Call the IC stub.
-  Handle<Code> ic(Builtins::builtin(Builtins::KeyedStoreIC_Initialize));
+  Handle<Code> ic(Builtins::builtin(
+      (strict_mode_ == kStrictMode) ? Builtins::KeyedStoreIC_Initialize_Strict
+                                    : Builtins::KeyedStoreIC_Initialize));
   __ Call(ic, RelocInfo::CODE_TARGET);
   // The delta from the start of the map-compare instructions (initial movq)
   // to the test instruction.  We use masm_-> directly here instead of the
   // __ macro because the macro sometimes uses macro expansion to turn
   // into something that can't return a value.  This is encountered
   // when doing generated code coverage tests.
   int delta_to_patch_site = masm_->SizeOfCodeGeneratedSince(patch_site());
   // Here we use masm_-> instead of the __ macro because this is the
   // instruction that gets patched and coverage code gets in the way.
   masm_->testl(rax, Immediate(-delta_to_patch_site));
@@ skipping 46 matching lines @@
     DeferredReferenceGetNamedValue* deferred =
         new DeferredReferenceGetNamedValue(result.reg(), receiver.reg(), name);
 
     // Check that the receiver is a heap object.
     __ JumpIfSmi(receiver.reg(), deferred->entry_label());
 
     __ bind(deferred->patch_site());
     // This is the map check instruction that will be patched (so we can't
     // use the double underscore macro that may insert instructions).
     // Initially use an invalid map to force a failure.
-    masm()->Move(kScratchRegister, Factory::null_value());
+    masm()->movq(kScratchRegister, Factory::null_value(),
+                 RelocInfo::EMBEDDED_OBJECT);
     masm()->cmpq(FieldOperand(receiver.reg(), HeapObject::kMapOffset),
                  kScratchRegister);
     // This branch is always a forwards branch so it's always a fixed
     // size which allows the assert below to succeed and patching to work.
     // Don't use deferred->Branch(...), since that might add coverage code.
     masm()->j(not_equal, deferred->entry_label());
 
     // The delta from the patch label to the load offset must be
     // statically known.
     ASSERT(masm()->SizeOfCodeGeneratedSince(deferred->patch_site()) ==
@@ skipping 55 matching lines @@
     Condition is_smi = masm()->CheckSmi(receiver.reg());
     slow.Branch(is_smi, &value, &receiver);
 
     // This is the map check instruction that will be patched.
     // Initially use an invalid map to force a failure. The exact
     // instruction sequence is important because we use the
     // kOffsetToStoreInstruction constant for patching. We avoid using
     // the __ macro for the following two instructions because it
     // might introduce extra instructions.
     __ bind(&patch_site);
-    masm()->Move(kScratchRegister, Factory::null_value());
+    masm()->movq(kScratchRegister, Factory::null_value(),
+                 RelocInfo::EMBEDDED_OBJECT);
     masm()->cmpq(FieldOperand(receiver.reg(), HeapObject::kMapOffset),
                  kScratchRegister);
     // This branch is always a forwards branch so it's always a fixed size
     // which allows the assert below to succeed and patching to work.
     slow.Branch(not_equal, &value, &receiver);
 
     // The delta from the patch label to the store offset must be
     // statically known.
     ASSERT(masm()->SizeOfCodeGeneratedSince(&patch_site) ==
            StoreIC::kOffsetToStoreInstruction);
@@ skipping 180 matching lines @@
     bool value_is_constant = result.is_constant();
 
     // Make sure that value, key and receiver are in registers.
     result.ToRegister();
     key.ToRegister();
     receiver.ToRegister();
 
     DeferredReferenceSetKeyedValue* deferred =
         new DeferredReferenceSetKeyedValue(result.reg(),
                                            key.reg(),
-                                           receiver.reg());
+                                           receiver.reg(),
+                                           strict_mode_flag());
 
     // Check that the receiver is not a smi.
     __ JumpIfSmi(receiver.reg(), deferred->entry_label());
 
     // Check that the key is a smi.
     if (!key.is_smi()) {
       __ JumpIfNotSmi(key.reg(), deferred->entry_label());
     } else if (FLAG_debug_code) {
       __ AbortIfNotSmi(key.reg());
     }
 
     // Check that the receiver is a JSArray.
     __ CmpObjectType(receiver.reg(), JS_ARRAY_TYPE, kScratchRegister);
     deferred->Branch(not_equal);
 
-    // Check that the key is within bounds.  Both the key and the length of
-    // the JSArray are smis. Use unsigned comparison to handle negative keys.
-    __ SmiCompare(FieldOperand(receiver.reg(), JSArray::kLengthOffset),
-                  key.reg());
-    deferred->Branch(below_equal);
-
     // Get the elements array from the receiver and check that it is not a
     // dictionary.
     __ movq(tmp.reg(),
             FieldOperand(receiver.reg(), JSArray::kElementsOffset));
 
     // Check whether it is possible to omit the write barrier. If the elements
     // array is in new space or the value written is a smi we can safely update
     // the elements array without write barrier.
     Label in_new_space;
     __ InNewSpace(tmp.reg(), tmp2.reg(), equal, &in_new_space);
     if (!value_is_constant) {
       __ JumpIfNotSmi(result.reg(), deferred->entry_label());
     }
 
     __ bind(&in_new_space);
 
     // Bind the deferred code patch site to be able to locate the fixed
     // array map comparison.  When debugging, we patch this comparison to
     // always fail so that we will hit the IC call in the deferred code
     // which will allow the debugger to break for fast case stores.
     __ bind(deferred->patch_site());
     // Avoid using __ to ensure the distance from patch_site
     // to the map address is always the same.
     masm()->movq(kScratchRegister, Factory::fixed_array_map(),
                RelocInfo::EMBEDDED_OBJECT);
     __ cmpq(FieldOperand(tmp.reg(), HeapObject::kMapOffset),
             kScratchRegister);
     deferred->Branch(not_equal);
 
+    // Check that the key is within bounds.  Both the key and the length of
+    // the JSArray are smis (because the fixed array check above ensures the
+    // elements are in fast case). Use unsigned comparison to handle negative
+    // keys.
+    __ SmiCompare(FieldOperand(receiver.reg(), JSArray::kLengthOffset),
+                  key.reg());
+    deferred->Branch(below_equal);
+
     // Store the value.
     SmiIndex index =
         masm()->SmiToIndex(kScratchRegister, key.reg(), kPointerSizeLog2);
     __ movq(FieldOperand(tmp.reg(),
                          index.reg,
                          index.scale,
                          FixedArray::kHeaderSize),
             result.reg());
     __ IncrementCounter(&Counters::keyed_store_inline, 1);
 
     deferred->BindExit();
   } else {
-    result = frame()->CallKeyedStoreIC();
+    result = frame()->CallKeyedStoreIC(strict_mode_flag());
     // Make sure that we do not have a test instruction after the
     // call.  A test instruction after the call is used to
     // indicate that we have generated an inline version of the
     // keyed store.
     __ nop();
   }
   ASSERT(frame()->height() == original_height - 3);
   return result;
 }
 
@@ skipping 258 matching lines @@
 }
 
 #endif
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_X64