5 files changed, 56 insertions, 32 deletions

diff --git a/Source/JavaScriptCore/bytecode/ArrayProfile.h b/Source/JavaScriptCore/bytecode/ArrayProfile.h
index 5a656e2dd..312473f3c 100644
--- a/Source/JavaScriptCore/bytecode/ArrayProfile.h
+++ b/Source/JavaScriptCore/bytecode/ArrayProfile.h
@@ -35,16 +35,16 @@ namespace JSC {
 
 class LLIntOffsetsExtractor;
 
+// This is a bitfield where each bit represents an IndexingType that we have seen.
+// There are 17 indexing types (0 to 16, inclusive), so 32 bits is more than enough.
 typedef unsigned ArrayModes;
 
-static const unsigned IsNotArray = 1;
-static const unsigned IsJSArray  = 2;
+#define asArrayModes(type) \
+    (1 << static_cast<unsigned>(type))
 
 inline ArrayModes arrayModeFromStructure(Structure* structure)
 {
-    if (structure->classInfo() == &JSArray::s_info)
-        return IsJSArray;
-    return IsNotArray;
+    return asArrayModes(structure->indexingTypeIncludingHistory());
 }
 
 class ArrayProfile {
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index d79a37668..6b31be221 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -291,10 +291,14 @@ void CodeBlock::printGetByIdCacheStatus(ExecState* exec, int location)
     UNUSED_PARAM(ident); // tell the compiler to shut up in certain platform configurations.
     
 #if ENABLE(LLINT)
-    Structure* structure = instruction[4].u.structure.get();
-    dataLog(" llint(");
-    dumpStructure("struct", exec, structure, ident);
-    dataLog(")");
+    if (exec->interpreter()->getOpcodeID(instruction[0].u.opcode) == op_get_array_length)
+        dataLog(" llint(array_length)");
+    else {
+        Structure* structure = instruction[4].u.structure.get();
+        dataLog(" llint(");
+        dumpStructure("struct", exec, structure, ident);
+        dataLog(")");
+    }
 #endif
 
 #if ENABLE(JIT)
@@ -1001,6 +1005,22 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             it++;
             break;
         }
+        case op_init_global_const: {
+            WriteBarrier<Unknown>* registerPointer = (++it)->u.registerPointer;
+            int r0 = (++it)->u.operand;
+            dataLog("[%4d] init_global_const\t g%d(%p), %s", location, m_globalObject->findRegisterIndex(registerPointer), registerPointer, registerName(exec, r0).data());
+            dumpBytecodeCommentAndNewLine(location);
+            break;
+        }
+        case op_init_global_const_check: {
+            WriteBarrier<Unknown>* registerPointer = (++it)->u.registerPointer;
+            int r0 = (++it)->u.operand;
+            dataLog("[%4d] init_global_const_check\t g%d(%p), %s", location, m_globalObject->findRegisterIndex(registerPointer), registerPointer, registerName(exec, r0).data());
+            dumpBytecodeCommentAndNewLine(location);
+            it++;
+            it++;
+            break;
+        }
         case op_resolve_base: {
             int r0 = (++it)->u.operand;
             int id0 = (++it)->u.operand;
@@ -2081,6 +2101,8 @@ void CodeBlock::finalizeUnconditionally()
                 curInstruction[7].u.structureChain.clear();
                 curInstruction[0].u.opcode = interpreter->getOpcode(op_put_by_id);
                 break;
+            case op_get_array_length:
+                break;
             default:
                 ASSERT_NOT_REACHED();
             }
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index 1d56999ff..07d1e0a06 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -547,29 +547,16 @@ namespace JSC {
             return needsFullScopeChain() && codeType() != GlobalCode;
         }
         
-        bool argumentsAreCaptured() const
-        {
-            return needsActivation() || usesArguments();
-        }
-        
-        bool argumentIsCaptured(int) const
-        {
-            return argumentsAreCaptured();
-        }
-        
-        bool localIsCaptured(InlineCallFrame* inlineCallFrame, int operand) const
-        {
-            if (!inlineCallFrame)
-                return operand < m_numCapturedVars;
-            
-            return inlineCallFrame->capturedVars.get(operand);
-        }
-        
-        bool isCaptured(InlineCallFrame* inlineCallFrame, int operand) const
+        bool isCaptured(int operand, InlineCallFrame* inlineCallFrame = 0) const
         {
+            if (inlineCallFrame && !operandIsArgument(operand))
+                return inlineCallFrame->capturedVars.get(operand);
+
+            // Our estimate of argument capture is conservative.
             if (operandIsArgument(operand))
-                return argumentIsCaptured(operandToArgument(operand));
-            return localIsCaptured(inlineCallFrame, operand);
+                return needsActivation() || usesArguments();
+
+            return operand < m_numCapturedVars;
         }
 
         CodeType codeType() const { return m_codeType; }
diff --git a/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp b/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp
index 8f2a46879..e44568a26 100644
--- a/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp
+++ b/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp
@@ -43,6 +43,9 @@ GetByIdStatus GetByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned
     
     if (instruction[0].u.opcode == LLInt::getOpcode(llint_op_method_check))
         instruction++;
+    
+    if (instruction[0].u.opcode == LLInt::getOpcode(llint_op_get_array_length))
+        return GetByIdStatus(NoInformation, false);
 
     Structure* structure = instruction[4].u.structure.get();
     if (!structure)
diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h
index 5cbae8a09..87b100056 100644
--- a/Source/JavaScriptCore/bytecode/Opcode.h
+++ b/Source/JavaScriptCore/bytecode/Opcode.h
@@ -39,7 +39,7 @@
 
 namespace JSC {
 
-    #define FOR_EACH_OPCODE_ID(macro) \
+    #define FOR_EACH_CORE_OPCODE_ID_WITH_EXTENSION(macro, extension__) \
         macro(op_enter, 1) \
         macro(op_create_activation, 2) \
         macro(op_init_lazy_reg, 2) \
@@ -105,6 +105,8 @@ namespace JSC {
         macro(op_get_global_var_watchable, 5) /* has value profiling */ \
         macro(op_put_global_var, 3) \
         macro(op_put_global_var_check, 5) \
+        macro(op_init_global_const, 3) \
+        macro(op_init_global_const_check, 5) \
         macro(op_resolve_base, 5) /* has value profiling */ \
         macro(op_ensure_property_exists, 3) \
         macro(op_resolve_with_base, 5) /* has value profiling */ \
@@ -200,10 +202,20 @@ namespace JSC {
         macro(op_profile_will_call, 2) \
         macro(op_profile_did_call, 2) \
         \
-        FOR_EACH_LLINT_OPCODE_EXTENSION(macro) \
+        extension__ \
         \
         macro(op_end, 2) // end must be the last opcode in the list
 
+    #define FOR_EACH_CORE_OPCODE_ID(macro) \
+        FOR_EACH_CORE_OPCODE_ID_WITH_EXTENSION(macro, /* No extension */ )
+
+    #define FOR_EACH_OPCODE_ID(macro) \
+        FOR_EACH_CORE_OPCODE_ID_WITH_EXTENSION( \
+            macro, \
+            FOR_EACH_LLINT_OPCODE_EXTENSION(macro) \
+        )
+
+
     #define OPCODE_ID_ENUM(opcode, length) opcode,
         typedef enum { FOR_EACH_OPCODE_ID(OPCODE_ID_ENUM) } OpcodeID;
     #undef OPCODE_ID_ENUM