The Tor Browser: js/src/jit/BaselineIC.h@6474c204b198 (annotated)

js/src/jit/BaselineIC.h@6474c204b198 (annotated)

js/src/jit/BaselineIC.h

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef jit_BaselineIC_h
 #define jit_BaselineIC_h
 #ifdef JS_ION
 #include "mozilla/Assertions.h"
 #include "jscntxt.h"
 #include "jscompartment.h"
 #include "jsgc.h"
 #include "jsopcode.h"
 #include "jit/BaselineJIT.h"
 #include "jit/BaselineRegisters.h"
 namespace js {
 namespace jit {
 //
 // Baseline Inline Caches are polymorphic caches that aggressively
 // share their stub code.
 //
 // Every polymorphic site contains a linked list of stubs which are
 // specific to that site.  These stubs are composed of a |StubData|
 // structure that stores parametrization information (e.g.
 // the shape pointer for a shape-check-and-property-get stub), any
 // dynamic information (e.g. use counts), a pointer to the stub code,
 // and a pointer to the next stub state in the linked list.
 //
 // Every BaselineScript keeps an table of |CacheDescriptor| data
 // structures, which store the following:
 //      A pointer to the first StubData in the cache.
 //      The bytecode PC of the relevant IC.
 //      The machine-code PC where the call to the stubcode returns.
 //
 // A diagram:
 //
 //        Control flow                  Pointers
 //      =======#                     ----.     .---->
 //             #                         |     |
 //             #======>                  \-----/
 //
 //
 //                                   .---------------------------------------.
 //                                   |         .-------------------------.   |
 //                                   |         |         .----.          |   |
 //         Baseline                  |         |         |    |          |   |
 //         JIT Code              0   ^     1   ^     2   ^    |          |   |
 //     +--------------+    .-->+-----+   +-----+   +-----+    |          |   |
 //     |              |  #=|==>|     |==>|     |==>| FB  |    |          |   |
 //     |              |  # |   +-----+   +-----+   +-----+    |          |   |
 //     |              |  # |      #         #         #       |          |   |
 //     |==============|==# |      #         #         #       |          |   |
 //     |=== IC =======|    |      #         #         #       |          |   |
 //  .->|==============|<===|======#=========#=========#       |          |   |
 //  |  |              |    |                                  |          |   |
 //  |  |              |    |                                  |          |   |
 //  |  |              |    |                                  |          |   |
 //  |  |              |    |                                  v          |   |
 //  |  |              |    |                              +---------+    |   |
 //  |  |              |    |                              | Fallback|    |   |
 //  |  |              |    |                              | Stub    |    |   |
 //  |  |              |    |                              | Code    |    |   |
 //  |  |              |    |                              +---------+    |   |
 //  |  +--------------+    |                                             |   |
 //  |         |_______     |                              +---------+    |   |
 //  |                |     |                              | Stub    |<---/   |
 //  |        IC      |     \--.                           | Code    |        |
 //  |    Descriptor  |        |                           +---------+        |
 //  |      Table     v        |                                              |
 //  |  +-----------------+    |                           +---------+        |
 //  \--| Ins | PC | Stub |----/                           | Stub    |<-------/
 //     +-----------------+                                | Code    |
 //     |       ...       |                                +---------+
 //     +-----------------+
 //                                                          Shared
 //                                                          Stub Code
 //
 //
 // Type ICs
 // ========
 //
 // Type ICs are otherwise regular ICs that are actually nested within
 // other IC chains.  They serve to optimize locations in the code where the
 // baseline compiler would have otherwise had to perform a type Monitor operation
 // (e.g. the result of GetProp, GetElem, etc.), or locations where the baseline
 // compiler would have had to modify a heap typeset using the type of an input
 // value (e.g. SetProp, SetElem, etc.)
 //
 // There are two kinds of Type ICs: Monitor and Update.
 //
 // Note that type stub bodies are no-ops.  The stubs only exist for their
 // guards, and their existence simply signifies that the typeset (implicit)
 // that is being checked already contains that type.
 //
 // TypeMonitor ICs
 // ---------------
 // Monitor ICs are shared between stubs in the general IC, and monitor the resulting
 // types of getter operations (call returns, getprop outputs, etc.)
 //
 //        +-----------+     +-----------+     +-----------+     +-----------+
 //   ---->| Stub 1    |---->| Stub 2    |---->| Stub 3    |---->| FB Stub   |
 //        +-----------+     +-----------+     +-----------+     +-----------+
 //             |                  |                 |                  |
 //             |------------------/-----------------/                  |
 //             v                                                       |
 //        +-----------+     +-----------+     +-----------+            |
 //        | Type 1    |---->| Type 2    |---->| Type FB   |            |
 //        +-----------+     +-----------+     +-----------+            |
 //             |                 |                  |                  |
 //  <----------/-----------------/------------------/------------------/
 //                r e t u r n    p a t h
 //
 // After an optimized IC stub successfully executes, it passes control to the type stub
 // chain to check the resulting type.  If no type stub succeeds, and the monitor fallback
 // stub is reached, the monitor fallback stub performs a manual monitor, and also adds the
 // appropriate type stub to the chain.
 //
 // The IC's main fallback, in addition to generating new mainline stubs, also generates
 // type stubs as reflected by its returned value.
 //
 // NOTE: The type IC chain returns directly to the mainline code, not back to the
 // stub it was entered from.  Thus, entering a type IC is a matter of a |jump|, not
 // a |call|.  This allows us to safely call a VM Monitor function from within the monitor IC's
 // fallback chain, since the return address (needed for stack inspection) is preserved.
 //
 //
 // TypeUpdate ICs
 // --------------
 // Update ICs update heap typesets and monitor the input types of setter operations
 // (setelem, setprop inputs, etc.).  Unlike monitor ICs, they are not shared
 // between stubs on an IC, but instead are kept track of on a per-stub basis.
 //
 // This is because the main stubs for the operation will each identify a potentially
 // different TypeObject to update.  New input types must be tracked on a typeobject-to-
 // typeobject basis.
 //
 // Type-update ICs cannot be called in tail position (they must return to the
 // the stub that called them so that the stub may continue to perform its original
 // purpose).  This means that any VMCall to perform a manual type update from C++ must be
 // done from within the main IC stub.  This necessitates that the stub enter a
 // "BaselineStub" frame before making the call.
 //
 // If the type-update IC chain could itself make the VMCall, then the BaselineStub frame
 // must be entered before calling the type-update chain, and exited afterward.  This
 // is very expensive for a common case where we expect the type-update fallback to not
 // be called.  To avoid the cost of entering and exiting a BaselineStub frame when
 // using the type-update IC chain, we design the chain to not perform any VM-calls
 // in its fallback.
 //
 // Instead, the type-update IC chain is responsible for returning 1 or 0, depending
 // on if a type is represented in the chain or not.  The fallback stub simply returns
 // 0, and all other optimized stubs return 1.
 // If the chain returns 1, then the IC stub goes ahead and performs its operation.
 // If the chain returns 0, then the IC stub performs a call to the fallback function
 // inline (doing the requisite BaselineStub frame enter/exit).
 // This allows us to avoid the expensive subfram enter/exit in the common case.
 //
 //                                 r e t u r n    p a t h
 //   <--------------.-----------------.-----------------.-----------------.
 //                  |                 |                 |                 |
 //        +-----------+     +-----------+     +-----------+     +-----------+
 //   ---->| Stub 1    |---->| Stub 2    |---->| Stub 3    |---->| FB Stub   |
 //        +-----------+     +-----------+     +-----------+     +-----------+
 //          |   ^             |   ^             |   ^
 //          |   |             |   |             |   |
 //          |   |             |   |             |   |----------------.
 //          |   |             |   |             v   |1               |0
 //          |   |             |   |         +-----------+    +-----------+
 //          |   |             |   |         | Type 3.1  |--->|    FB 3   |
 //          |   |             |   |         +-----------+    +-----------+
 //          |   |             |   |
 //          |   |             |   \-------------.-----------------.
 //          |   |             |   |             |                 |
 //          |   |             v   |1            |1                |0
 //          |   |         +-----------+     +-----------+     +-----------+
 //          |   |         | Type 2.1  |---->| Type 2.2  |---->|    FB 2   |
 //          |   |         +-----------+     +-----------+     +-----------+
 //          |   |
 //          |   \-------------.-----------------.
 //          |   |             |                 |
 //          v   |1            |1                |0
 //     +-----------+     +-----------+     +-----------+
 //     | Type 1.1  |---->| Type 1.2  |---->|   FB 1    |
 //     +-----------+     +-----------+     +-----------+
 //
 class ICStub;
 class ICFallbackStub;
 //
 // An entry in the Baseline IC descriptor table.
 //
 class ICEntry
 {
   private:
     // A pointer to the baseline IC stub for this instruction.
     ICStub *firstStub_;
     // Offset from the start of the JIT code where the IC
     // load and call instructions are.
     uint32_t returnOffset_;
     // The PC of this IC's bytecode op within the JSScript.
     uint32_t pcOffset_ : 29;
   public:
     enum Kind {
         // A for-op IC entry.
         Kind_Op = 0,
         // A non-op IC entry.
         Kind_NonOp,
         // A fake IC entry for returning from a callVM.
         Kind_CallVM,
         // A fake IC entry for returning from DebugTrapHandler.
         Kind_DebugTrap,
         // A fake IC entry for returning from a callVM to
         // Debug{Prologue,Epilogue}.
         Kind_DebugPrologue,
         Kind_DebugEpilogue
     };
   private:
     // What this IC is for.
     Kind kind_ : 3;
     // Set the kind and asserts that it's sane.
     void setKind(Kind kind) {
         kind_ = kind;
         MOZ_ASSERT(this->kind() == kind);
     }
   public:
     ICEntry(uint32_t pcOffset, Kind kind)
       : firstStub_(nullptr), returnOffset_(), pcOffset_(pcOffset)
     {
         // The offset must fit in at least 29 bits, since we shave off 3 for
         // the Kind enum.
         MOZ_ASSERT(pcOffset_ == pcOffset);
         JS_STATIC_ASSERT(BaselineScript::MAX_JSSCRIPT_LENGTH < 0x1fffffffu);
         MOZ_ASSERT(pcOffset <= BaselineScript::MAX_JSSCRIPT_LENGTH);
         setKind(kind);
     }
     CodeOffsetLabel returnOffset() const {
         return CodeOffsetLabel(returnOffset_);
     }
     void setReturnOffset(CodeOffsetLabel offset) {
         JS_ASSERT(offset.offset() <= (size_t) UINT32_MAX);
         returnOffset_ = (uint32_t) offset.offset();
     }
     void fixupReturnOffset(MacroAssembler &masm) {
         CodeOffsetLabel offset = returnOffset();
         offset.fixup(&masm);
         JS_ASSERT(offset.offset() <= UINT32_MAX);
         returnOffset_ = (uint32_t) offset.offset();
     }
     uint32_t pcOffset() const {
         return pcOffset_;
     }
     jsbytecode *pc(JSScript *script) const {
         return script->offsetToPC(pcOffset_);
     }
     Kind kind() const {
         // MSVC compiles enums as signed.
         return (Kind)(kind_ & 0x7);
     }
     bool isForOp() const {
         return kind() == Kind_Op;
     }
     void setForDebugPrologue() {
         MOZ_ASSERT(kind() == Kind_CallVM);
         setKind(Kind_DebugPrologue);
     }
     void setForDebugEpilogue() {
         MOZ_ASSERT(kind() == Kind_CallVM);
         setKind(Kind_DebugEpilogue);
     }
     bool hasStub() const {
         return firstStub_ != nullptr;
     }
     ICStub *firstStub() const {
         JS_ASSERT(hasStub());
         return firstStub_;
     }
     ICFallbackStub *fallbackStub() const;
     void setFirstStub(ICStub *stub) {
         firstStub_ = stub;
     }
     static inline size_t offsetOfFirstStub() {
         return offsetof(ICEntry, firstStub_);
     }
     inline ICStub **addressOfFirstStub() {
         return &firstStub_;
     }
 };
 // List of baseline IC stub kinds.
 #define IC_STUB_KIND_LIST(_)    \
     _(UseCount_Fallback)        \
                                 \
     _(Profiler_Fallback)        \
     _(Profiler_PushFunction)    \
                                 \
     _(TypeMonitor_Fallback)     \
     _(TypeMonitor_SingleObject) \
     _(TypeMonitor_TypeObject)   \
     _(TypeMonitor_PrimitiveSet) \
                                 \
     _(TypeUpdate_Fallback)      \
     _(TypeUpdate_SingleObject)  \
     _(TypeUpdate_TypeObject)    \
     _(TypeUpdate_PrimitiveSet)  \
                                 \
     _(This_Fallback)            \
                                 \
     _(NewArray_Fallback)        \
     _(NewObject_Fallback)       \
                                 \
     _(Compare_Fallback)         \
     _(Compare_Int32)            \
     _(Compare_Double)           \
     _(Compare_NumberWithUndefined) \
     _(Compare_String)           \
     _(Compare_Boolean)          \
     _(Compare_Object)           \
     _(Compare_ObjectWithUndefined) \
     _(Compare_Int32WithBoolean) \
                                 \
     _(ToBool_Fallback)          \
     _(ToBool_Int32)             \
     _(ToBool_String)            \
     _(ToBool_NullUndefined)     \
     _(ToBool_Double)            \
     _(ToBool_Object)            \
                                 \
     _(ToNumber_Fallback)        \
                                 \
     _(BinaryArith_Fallback)     \
     _(BinaryArith_Int32)        \
     _(BinaryArith_Double)       \
     _(BinaryArith_StringConcat) \
     _(BinaryArith_StringObjectConcat) \
     _(BinaryArith_BooleanWithInt32) \
     _(BinaryArith_DoubleWithInt32) \
                                 \
     _(UnaryArith_Fallback)      \
     _(UnaryArith_Int32)         \
     _(UnaryArith_Double)        \
                                 \
     _(Call_Fallback)            \
     _(Call_Scripted)            \
     _(Call_AnyScripted)         \
     _(Call_Native)              \
     _(Call_ScriptedApplyArray)  \
     _(Call_ScriptedApplyArguments) \
     _(Call_ScriptedFunCall)     \
                                 \
     _(GetElem_Fallback)         \
     _(GetElem_NativeSlot)       \
     _(GetElem_NativePrototypeSlot) \
     _(GetElem_NativePrototypeCallNative) \
     _(GetElem_NativePrototypeCallScripted) \
     _(GetElem_String)           \
     _(GetElem_Dense)            \
     _(GetElem_TypedArray)       \
     _(GetElem_Arguments)        \
                                 \
     _(SetElem_Fallback)         \
     _(SetElem_Dense)            \
     _(SetElem_DenseAdd)         \
     _(SetElem_TypedArray)       \
                                 \
     _(In_Fallback)              \
                                 \
     _(GetName_Fallback)         \
     _(GetName_Global)           \
     _(GetName_Scope0)           \
     _(GetName_Scope1)           \
     _(GetName_Scope2)           \
     _(GetName_Scope3)           \
     _(GetName_Scope4)           \
     _(GetName_Scope5)           \
     _(GetName_Scope6)           \
                                 \
     _(BindName_Fallback)        \
                                 \
     _(GetIntrinsic_Fallback)    \
     _(GetIntrinsic_Constant)    \
                                 \
     _(GetProp_Fallback)         \
     _(GetProp_ArrayLength)      \
     _(GetProp_TypedArrayLength) \
     _(GetProp_Primitive)        \
     _(GetProp_StringLength)     \
     _(GetProp_Native)           \
     _(GetProp_NativePrototype)  \
     _(GetProp_CallScripted)     \
     _(GetProp_CallNative)       \
     _(GetProp_CallNativePrototype)\
     _(GetProp_CallDOMProxyNative)\
     _(GetProp_CallDOMProxyWithGenerationNative)\
     _(GetProp_DOMProxyShadowed) \
     _(GetProp_ArgumentsLength)  \
                                 \
     _(SetProp_Fallback)         \
     _(SetProp_Native)           \
     _(SetProp_NativeAdd)        \
     _(SetProp_CallScripted)     \
     _(SetProp_CallNative)       \
                                 \
     _(TableSwitch)              \
                                 \
     _(IteratorNew_Fallback)     \
     _(IteratorMore_Fallback)    \
     _(IteratorMore_Native)      \
     _(IteratorNext_Fallback)    \
     _(IteratorNext_Native)      \
     _(IteratorClose_Fallback)   \
                                 \
     _(InstanceOf_Fallback)      \
                                 \
     _(TypeOf_Fallback)          \
     _(TypeOf_Typed)             \
                                 \
     _(Rest_Fallback)            \
                                 \
     _(RetSub_Fallback)          \
     _(RetSub_Resume)
 #define FORWARD_DECLARE_STUBS(kindName) class IC##kindName;
     IC_STUB_KIND_LIST(FORWARD_DECLARE_STUBS)
 #undef FORWARD_DECLARE_STUBS
 class ICMonitoredStub;
 class ICMonitoredFallbackStub;
 class ICUpdatedStub;
 // Constant iterator that traverses arbitrary chains of ICStubs.
 // No requirements are made of the ICStub used to construct this
 // iterator, aside from that the stub be part of a nullptr-terminated
 // chain.
 // The iterator is considered to be at its end once it has been
 // incremented _past_ the last stub.  Thus, if 'atEnd()' returns
 // true, the '*' and '->' operations are not valid.
 class ICStubConstIterator
 {
     friend class ICStub;
     friend class ICFallbackStub;
   private:
     ICStub *currentStub_;
   public:
     ICStubConstIterator(ICStub *currentStub) : currentStub_(currentStub) {}
     static ICStubConstIterator StartingAt(ICStub *stub) {
         return ICStubConstIterator(stub);
     }
     static ICStubConstIterator End(ICStub *stub) {
         return ICStubConstIterator(nullptr);
     }
     bool operator ==(const ICStubConstIterator &other) const {
         return currentStub_ == other.currentStub_;
     }
     bool operator !=(const ICStubConstIterator &other) const {
         return !(*this == other);
     }
     ICStubConstIterator &operator++();
     ICStubConstIterator operator++(int) {
         ICStubConstIterator oldThis(*this);
         ++(*this);
         return oldThis;
     }
     ICStub *operator *() const {
         JS_ASSERT(currentStub_);
         return currentStub_;
     }
     ICStub *operator ->() const {
         JS_ASSERT(currentStub_);
         return currentStub_;
     }
     bool atEnd() const {
         return currentStub_ == nullptr;
     }
 };
 // Iterator that traverses "regular" IC chains that start at an ICEntry
 // and are terminated with an ICFallbackStub.
 //
 // The iterator is considered to be at its end once it is _at_ the
 // fallback stub.  Thus, unlike the ICStubConstIterator, operators
 // '*' and '->' are valid even if 'atEnd()' returns true - they
 // will act on the fallback stub.
 //
 // This iterator also allows unlinking of stubs being traversed.
 // Note that 'unlink' does not implicitly advance the iterator -
 // it must be advanced explicitly using '++'.
 class ICStubIterator
 {
     friend class ICFallbackStub;
   private:
     ICEntry *icEntry_;
     ICFallbackStub *fallbackStub_;
     ICStub *previousStub_;
     ICStub *currentStub_;
     bool unlinked_;
     ICStubIterator(ICFallbackStub *fallbackStub, bool end=false);
   public:
     bool operator ==(const ICStubIterator &other) const {
         // == should only ever be called on stubs from the same chain.
         JS_ASSERT(icEntry_ == other.icEntry_);
         JS_ASSERT(fallbackStub_ == other.fallbackStub_);
         return currentStub_ == other.currentStub_;
     }
     bool operator !=(const ICStubIterator &other) const {
         return !(*this == other);
     }
     ICStubIterator &operator++();
     ICStubIterator operator++(int) {
         ICStubIterator oldThis(*this);
         ++(*this);
         return oldThis;
     }
     ICStub *operator *() const {
         return currentStub_;
     }
     ICStub *operator ->() const {
         return currentStub_;
     }
     bool atEnd() const {
         return currentStub_ == (ICStub *) fallbackStub_;
     }
     void unlink(JSContext *cx);
 };
 //
 // Base class for all IC stubs.
 //
 class ICStub
 {
     friend class ICFallbackStub;
   public:
     enum Kind {
         INVALID = 0,
 #define DEF_ENUM_KIND(kindName) kindName,
         IC_STUB_KIND_LIST(DEF_ENUM_KIND)
 #undef DEF_ENUM_KIND
         LIMIT
     };
     static inline bool IsValidKind(Kind k) {
         return (k > INVALID) && (k < LIMIT);
     }
     static const char *KindString(Kind k) {
         switch(k) {
 #define DEF_KIND_STR(kindName) case kindName: return #kindName;
             IC_STUB_KIND_LIST(DEF_KIND_STR)
 #undef DEF_KIND_STR
           default:
             MOZ_ASSUME_UNREACHABLE("Invalid kind.");
         }
     }
     enum Trait {
         Regular             = 0x0,
         Fallback            = 0x1,
         Monitored           = 0x2,
         MonitoredFallback   = 0x3,
         Updated             = 0x4
     };
     void markCode(JSTracer *trc, const char *name);
     void updateCode(JitCode *stubCode);
     void trace(JSTracer *trc);
   protected:
     // The raw jitcode to call for this stub.
     uint8_t *stubCode_;
     // Pointer to next IC stub.  This is null for the last IC stub, which should
     // either be a fallback or inert IC stub.
     ICStub *next_;
     // A 16-bit field usable by subtypes of ICStub for subtype-specific small-info
     uint16_t extra_;
     // The kind of the stub.
     //  High bit is 'isFallback' flag.
     //  Second high bit is 'isMonitored' flag.
     Trait trait_ : 3;
     Kind kind_ : 13;
     inline ICStub(Kind kind, JitCode *stubCode)
       : stubCode_(stubCode->raw()),
         next_(nullptr),
         extra_(0),
         trait_(Regular),
         kind_(kind)
     {
         JS_ASSERT(stubCode != nullptr);
     }
     inline ICStub(Kind kind, Trait trait, JitCode *stubCode)
       : stubCode_(stubCode->raw()),
         next_(nullptr),
         extra_(0),
         trait_(trait),
         kind_(kind)
     {
         JS_ASSERT(stubCode != nullptr);
     }
     inline Trait trait() const {
         // Workaround for MSVC reading trait_ as signed value.
         return (Trait)(trait_ & 0x7);
     }
   public:
     inline Kind kind() const {
         return static_cast<Kind>(kind_);
     }
     inline bool isFallback() const {
         return trait() == Fallback || trait() == MonitoredFallback;
     }
     inline bool isMonitored() const {
         return trait() == Monitored;
     }
     inline bool isUpdated() const {
         return trait() == Updated;
     }
     inline bool isMonitoredFallback() const {
         return trait() == MonitoredFallback;
     }
     inline const ICFallbackStub *toFallbackStub() const {
         JS_ASSERT(isFallback());
         return reinterpret_cast<const ICFallbackStub *>(this);
     }
     inline ICFallbackStub *toFallbackStub() {
         JS_ASSERT(isFallback());
         return reinterpret_cast<ICFallbackStub *>(this);
     }
     inline const ICMonitoredStub *toMonitoredStub() const {
         JS_ASSERT(isMonitored());
         return reinterpret_cast<const ICMonitoredStub *>(this);
     }
     inline ICMonitoredStub *toMonitoredStub() {
         JS_ASSERT(isMonitored());
         return reinterpret_cast<ICMonitoredStub *>(this);
     }
     inline const ICMonitoredFallbackStub *toMonitoredFallbackStub() const {
         JS_ASSERT(isMonitoredFallback());
         return reinterpret_cast<const ICMonitoredFallbackStub *>(this);
     }
     inline ICMonitoredFallbackStub *toMonitoredFallbackStub() {
         JS_ASSERT(isMonitoredFallback());
         return reinterpret_cast<ICMonitoredFallbackStub *>(this);
     }
     inline const ICUpdatedStub *toUpdatedStub() const {
         JS_ASSERT(isUpdated());
         return reinterpret_cast<const ICUpdatedStub *>(this);
     }
     inline ICUpdatedStub *toUpdatedStub() {
         JS_ASSERT(isUpdated());
         return reinterpret_cast<ICUpdatedStub *>(this);
     }
 #define KIND_METHODS(kindName)   \
     inline bool is##kindName() const { return kind() == kindName; } \
     inline const IC##kindName *to##kindName() const { \
         JS_ASSERT(is##kindName()); \
         return reinterpret_cast<const IC##kindName *>(this); \
     } \
     inline IC##kindName *to##kindName() { \
         JS_ASSERT(is##kindName()); \
         return reinterpret_cast<IC##kindName *>(this); \
     }
     IC_STUB_KIND_LIST(KIND_METHODS)
 #undef KIND_METHODS
     inline ICStub *next() const {
         return next_;
     }
     inline bool hasNext() const {
         return next_ != nullptr;
     }
     inline void setNext(ICStub *stub) {
         // Note: next_ only needs to be changed under the compilation lock for
         // non-type-monitor/update ICs.
         next_ = stub;
     }
     inline ICStub **addressOfNext() {
         return &next_;
     }
     inline JitCode *jitCode() {
         return JitCode::FromExecutable(stubCode_);
     }
     inline uint8_t *rawStubCode() const {
         return stubCode_;
     }
     // This method is not valid on TypeUpdate stub chains!
     inline ICFallbackStub *getChainFallback() {
         ICStub *lastStub = this;
         while (lastStub->next_)
             lastStub = lastStub->next_;
         JS_ASSERT(lastStub->isFallback());
         return lastStub->toFallbackStub();
     }
     inline ICStubConstIterator beginHere() {
         return ICStubConstIterator::StartingAt(this);
     }
     static inline size_t offsetOfNext() {
         return offsetof(ICStub, next_);
     }
     static inline size_t offsetOfStubCode() {
         return offsetof(ICStub, stubCode_);
     }
     static inline size_t offsetOfExtra() {
         return offsetof(ICStub, extra_);
     }
     static bool CanMakeCalls(ICStub::Kind kind) {
         JS_ASSERT(IsValidKind(kind));
         switch (kind) {
           case Call_Fallback:
           case Call_Scripted:
           case Call_AnyScripted:
           case Call_Native:
           case Call_ScriptedApplyArray:
           case Call_ScriptedApplyArguments:
           case Call_ScriptedFunCall:
           case UseCount_Fallback:
           case GetElem_NativeSlot:
           case GetElem_NativePrototypeSlot:
           case GetElem_NativePrototypeCallNative:
           case GetElem_NativePrototypeCallScripted:
           case GetProp_CallScripted:
           case GetProp_CallNative:
           case GetProp_CallNativePrototype:
           case GetProp_CallDOMProxyNative:
           case GetProp_CallDOMProxyWithGenerationNative:
           case GetProp_DOMProxyShadowed:
           case SetProp_CallScripted:
           case SetProp_CallNative:
           case RetSub_Fallback:
           // These two fallback stubs don't actually make non-tail calls,
           // but the fallback code for the bailout path needs to pop the stub frame
           // pushed during the bailout.
           case GetProp_Fallback:
           case SetProp_Fallback:
 #if JS_HAS_NO_SUCH_METHOD
           case GetElem_Dense:
           case GetElem_Arguments:
           case GetProp_NativePrototype:
           case GetProp_Native:
 #endif
             return true;
           default:
             return false;
         }
     }
     // Optimized stubs get purged on GC.  But some stubs can be active on the
     // stack during GC - specifically the ones that can make calls.  To ensure
     // that these do not get purged, all stubs that can make calls are allocated
     // in the fallback stub space.
     bool allocatedInFallbackSpace() const {
         JS_ASSERT(next());
         return CanMakeCalls(kind());
     }
 };
 class ICFallbackStub : public ICStub
 {
     friend class ICStubConstIterator;
   protected:
     // Fallback stubs need these fields to easily add new stubs to
     // the linked list of stubs for an IC.
     // The IC entry for this linked list of stubs.
     ICEntry *icEntry_;
     // The number of stubs kept in the IC entry.
     uint32_t numOptimizedStubs_;
     // A pointer to the location stub pointer that needs to be
     // changed to add a new "last" stub immediately before the fallback
     // stub.  This'll start out pointing to the icEntry's "firstStub_"
     // field, and as new stubs are addd, it'll point to the current
     // last stub's "next_" field.
     ICStub **lastStubPtrAddr_;
     ICFallbackStub(Kind kind, JitCode *stubCode)
       : ICStub(kind, ICStub::Fallback, stubCode),
         icEntry_(nullptr),
         numOptimizedStubs_(0),
         lastStubPtrAddr_(nullptr) {}
     ICFallbackStub(Kind kind, Trait trait, JitCode *stubCode)
       : ICStub(kind, trait, stubCode),
         icEntry_(nullptr),
         numOptimizedStubs_(0),
         lastStubPtrAddr_(nullptr)
     {
         JS_ASSERT(trait == ICStub::Fallback ||
                   trait == ICStub::MonitoredFallback);
     }
   public:
     inline ICEntry *icEntry() const {
         return icEntry_;
     }
     inline size_t numOptimizedStubs() const {
         return (size_t) numOptimizedStubs_;
     }
     // The icEntry and lastStubPtrAddr_ fields can't be initialized when the stub is
     // created since the stub is created at compile time, and we won't know the IC entry
     // address until after compile when the BaselineScript is created.  This method
     // allows these fields to be fixed up at that point.
     void fixupICEntry(ICEntry *icEntry) {
         JS_ASSERT(icEntry_ == nullptr);
         JS_ASSERT(lastStubPtrAddr_ == nullptr);
         icEntry_ = icEntry;
         lastStubPtrAddr_ = icEntry_->addressOfFirstStub();
     }
     // Add a new stub to the IC chain terminated by this fallback stub.
     void addNewStub(ICStub *stub) {
         JS_ASSERT(*lastStubPtrAddr_ == this);
         JS_ASSERT(stub->next() == nullptr);
         stub->setNext(this);
         *lastStubPtrAddr_ = stub;
         lastStubPtrAddr_ = stub->addressOfNext();
         numOptimizedStubs_++;
     }
     ICStubConstIterator beginChainConst() const {
         return ICStubConstIterator(icEntry_->firstStub());
     }
     ICStubIterator beginChain() {
         return ICStubIterator(this);
     }
     bool hasStub(ICStub::Kind kind) const {
         for (ICStubConstIterator iter = beginChainConst(); !iter.atEnd(); iter++) {
             if (iter->kind() == kind)
                 return true;
         }
         return false;
     }
     unsigned numStubsWithKind(ICStub::Kind kind) const {
         unsigned count = 0;
         for (ICStubConstIterator iter = beginChainConst(); !iter.atEnd(); iter++) {
             if (iter->kind() == kind)
                 count++;
         }
         return count;
     }
     void unlinkStub(Zone *zone, ICStub *prev, ICStub *stub);
     void unlinkStubsWithKind(JSContext *cx, ICStub::Kind kind);
 };
 // Monitored stubs are IC stubs that feed a single resulting value out to a
 // type monitor operation.
 class ICMonitoredStub : public ICStub
 {
   protected:
     // Pointer to the start of the type monitoring stub chain.
     ICStub *firstMonitorStub_;
     ICMonitoredStub(Kind kind, JitCode *stubCode, ICStub *firstMonitorStub);
   public:
     inline void updateFirstMonitorStub(ICStub *monitorStub) {
         // This should only be called once: when the first optimized monitor stub
         // is added to the type monitor IC chain.
         JS_ASSERT(firstMonitorStub_ && firstMonitorStub_->isTypeMonitor_Fallback());
         firstMonitorStub_ = monitorStub;
     }
     inline void resetFirstMonitorStub(ICStub *monitorFallback) {
         JS_ASSERT(monitorFallback->isTypeMonitor_Fallback());
         firstMonitorStub_ = monitorFallback;
     }
     inline ICStub *firstMonitorStub() const {
         return firstMonitorStub_;
     }
     static inline size_t offsetOfFirstMonitorStub() {
         return offsetof(ICMonitoredStub, firstMonitorStub_);
     }
 };
 // Monitored fallback stubs - as the name implies.
 class ICMonitoredFallbackStub : public ICFallbackStub
 {
   protected:
     // Pointer to the fallback monitor stub.
     ICTypeMonitor_Fallback *fallbackMonitorStub_;
     ICMonitoredFallbackStub(Kind kind, JitCode *stubCode)
       : ICFallbackStub(kind, ICStub::MonitoredFallback, stubCode),
         fallbackMonitorStub_(nullptr) {}
   public:
     bool initMonitoringChain(JSContext *cx, ICStubSpace *space);
     bool addMonitorStubForValue(JSContext *cx, JSScript *script, HandleValue val);
     inline ICTypeMonitor_Fallback *fallbackMonitorStub() const {
         return fallbackMonitorStub_;
     }
     static inline size_t offsetOfFallbackMonitorStub() {
         return offsetof(ICMonitoredFallbackStub, fallbackMonitorStub_);
     }
 };
 // Updated stubs are IC stubs that use a TypeUpdate IC to track
 // the status of heap typesets that need to be updated.
 class ICUpdatedStub : public ICStub
 {
   protected:
     // Pointer to the start of the type updating stub chain.
     ICStub *firstUpdateStub_;
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     uint32_t numOptimizedStubs_;
     ICUpdatedStub(Kind kind, JitCode *stubCode)
       : ICStub(kind, ICStub::Updated, stubCode),
         firstUpdateStub_(nullptr),
         numOptimizedStubs_(0)
     {}
   public:
     bool initUpdatingChain(JSContext *cx, ICStubSpace *space);
     bool addUpdateStubForValue(JSContext *cx, HandleScript script, HandleObject obj, HandleId id,
                                HandleValue val);
     void addOptimizedUpdateStub(ICStub *stub) {
         if (firstUpdateStub_->isTypeUpdate_Fallback()) {
             stub->setNext(firstUpdateStub_);
             firstUpdateStub_ = stub;
         } else {
             ICStub *iter = firstUpdateStub_;
             JS_ASSERT(iter->next() != nullptr);
             while (!iter->next()->isTypeUpdate_Fallback())
                 iter = iter->next();
             JS_ASSERT(iter->next()->next() == nullptr);
             stub->setNext(iter->next());
             iter->setNext(stub);
         }
         numOptimizedStubs_++;
     }
     inline ICStub *firstUpdateStub() const {
         return firstUpdateStub_;
     }
     bool hasTypeUpdateStub(ICStub::Kind kind) {
         ICStub *stub = firstUpdateStub_;
         do {
             if (stub->kind() == kind)
                 return true;
             stub = stub->next();
         } while (stub);
         return false;
     }
     inline uint32_t numOptimizedStubs() const {
         return numOptimizedStubs_;
     }
     static inline size_t offsetOfFirstUpdateStub() {
         return offsetof(ICUpdatedStub, firstUpdateStub_);
     }
 };
 // Base class for stubcode compilers.
 class ICStubCompiler
 {
     // Prevent GC in the middle of stub compilation.
     js::gc::AutoSuppressGC suppressGC;
   protected:
     JSContext *cx;
     ICStub::Kind kind;
 #ifdef DEBUG
     bool entersStubFrame_;
 #endif
     // By default the stubcode key is just the kind.
     virtual int32_t getKey() const {
         return static_cast<int32_t>(kind);
     }
     virtual bool generateStubCode(MacroAssembler &masm) = 0;
     virtual bool postGenerateStubCode(MacroAssembler &masm, Handle<JitCode *> genCode) {
         return true;
     }
     JitCode *getStubCode();
     ICStubCompiler(JSContext *cx, ICStub::Kind kind)
       : suppressGC(cx), cx(cx), kind(kind)
 #ifdef DEBUG
       , entersStubFrame_(false)
 #endif
     {}
     // Emits a tail call to a VMFunction wrapper.
     bool tailCallVM(const VMFunction &fun, MacroAssembler &masm);
     // Emits a normal (non-tail) call to a VMFunction wrapper.
     bool callVM(const VMFunction &fun, MacroAssembler &masm);
     // Emits a call to a type-update IC, assuming that the value to be
     // checked is already in R0.
     bool callTypeUpdateIC(MacroAssembler &masm, uint32_t objectOffset);
     // A stub frame is used when a stub wants to call into the VM without
     // performing a tail call. This is required for the return address
     // to pc mapping to work.
     void enterStubFrame(MacroAssembler &masm, Register scratch);
     void leaveStubFrame(MacroAssembler &masm, bool calledIntoIon = false);
     void leaveStubFrameHead(MacroAssembler &masm, bool calledIntoIon = false);
     void leaveStubFrameCommonTail(MacroAssembler &masm);
     // Some stubs need to emit SPS profiler updates.  This emits the guarding
     // jitcode for those stubs.  If profiling is not enabled, jumps to the
     // given label.
     void guardProfilingEnabled(MacroAssembler &masm, Register scratch, Label *skip);
     // Higher-level helper to emit an update to the profiler pseudo-stack.
     void emitProfilingUpdate(MacroAssembler &masm, Register pcIdx, Register scratch,
                              uint32_t stubPcOffset);
     void emitProfilingUpdate(MacroAssembler &masm, GeneralRegisterSet regs, uint32_t stubPcOffset);
     inline GeneralRegisterSet availableGeneralRegs(size_t numInputs) const {
         GeneralRegisterSet regs(GeneralRegisterSet::All());
         JS_ASSERT(!regs.has(BaselineStackReg));
 #if defined(JS_CODEGEN_ARM)
         JS_ASSERT(!regs.has(BaselineTailCallReg));
         regs.take(BaselineSecondScratchReg);
 #elif defined(JS_CODEGEN_MIPS)
         JS_ASSERT(!regs.has(BaselineTailCallReg));
         JS_ASSERT(!regs.has(BaselineSecondScratchReg));
 #endif
         regs.take(BaselineFrameReg);
         regs.take(BaselineStubReg);
 #ifdef JS_CODEGEN_X64
         regs.take(ExtractTemp0);
         regs.take(ExtractTemp1);
 #endif
         switch (numInputs) {
           case 0:
             break;
           case 1:
             regs.take(R0);
             break;
           case 2:
             regs.take(R0);
             regs.take(R1);
             break;
           default:
             MOZ_ASSUME_UNREACHABLE("Invalid numInputs");
         }
         return regs;
     }
 #ifdef JSGC_GENERATIONAL
     inline bool emitPostWriteBarrierSlot(MacroAssembler &masm, Register obj, ValueOperand val,
                                          Register scratch, GeneralRegisterSet saveRegs);
 #endif
   public:
     virtual ICStub *getStub(ICStubSpace *space) = 0;
     ICStubSpace *getStubSpace(JSScript *script) {
         if (ICStub::CanMakeCalls(kind))
             return script->baselineScript()->fallbackStubSpace();
         return script->zone()->jitZone()->optimizedStubSpace();
     }
 };
 // Base class for stub compilers that can generate multiple stubcodes.
 // These compilers need access to the JSOp they are compiling for.
 class ICMultiStubCompiler : public ICStubCompiler
 {
   protected:
     JSOp op;
     // Stub keys for multi-stub kinds are composed of both the kind
     // and the op they are compiled for.
     virtual int32_t getKey() const {
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(op) << 16);
     }
     ICMultiStubCompiler(JSContext *cx, ICStub::Kind kind, JSOp op)
       : ICStubCompiler(cx, kind), op(op) {}
 };
 // UseCount_Fallback
 // A UseCount IC chain has only the fallback stub.
 class ICUseCount_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICUseCount_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::UseCount_Fallback, stubCode)
     { }
   public:
     static inline ICUseCount_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICUseCount_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::UseCount_Fallback)
         { }
         ICUseCount_Fallback *getStub(ICStubSpace *space) {
             return ICUseCount_Fallback::New(space, getStubCode());
         }
     };
 };
 // Profiler_Fallback
 class ICProfiler_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICProfiler_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::Profiler_Fallback, stubCode)
     { }
   public:
     static inline ICProfiler_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICProfiler_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::Profiler_Fallback)
         { }
         ICProfiler_Fallback *getStub(ICStubSpace *space) {
             return ICProfiler_Fallback::New(space, getStubCode());
         }
     };
 };
 // Profiler_PushFunction
 class ICProfiler_PushFunction : public ICStub
 {
     friend class ICStubSpace;
   protected:
     const char *str_;
     HeapPtrScript script_;
     ICProfiler_PushFunction(JitCode *stubCode, const char *str, HandleScript script);
   public:
     static inline ICProfiler_PushFunction *New(ICStubSpace *space, JitCode *code,
                                                const char *str, HandleScript script)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICProfiler_PushFunction>(code, str, script);
     }
     HeapPtrScript &script() {
         return script_;
     }
     static size_t offsetOfStr() {
         return offsetof(ICProfiler_PushFunction, str_);
     }
     static size_t offsetOfScript() {
         return offsetof(ICProfiler_PushFunction, script_);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         const char *str_;
         RootedScript script_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, const char *str, HandleScript script)
           : ICStubCompiler(cx, ICStub::Profiler_PushFunction),
             str_(str),
             script_(cx, script)
         { }
         ICProfiler_PushFunction *getStub(ICStubSpace *space) {
             return ICProfiler_PushFunction::New(space, getStubCode(), str_, script_);
         }
     };
 };
 // TypeCheckPrimitiveSetStub
 //   Base class for IC stubs (TypeUpdate or TypeMonitor) that check that a given
 //   value's type falls within a set of primitive types.
 class TypeCheckPrimitiveSetStub : public ICStub
 {
     friend class ICStubSpace;
   protected:
     inline static uint16_t TypeToFlag(JSValueType type) {
         return 1u << static_cast<unsigned>(type);
     }
     inline static uint16_t ValidFlags() {
         return ((TypeToFlag(JSVAL_TYPE_OBJECT) << 1) - 1) & ~TypeToFlag(JSVAL_TYPE_MAGIC);
     }
     TypeCheckPrimitiveSetStub(Kind kind, JitCode *stubCode, uint16_t flags)
         : ICStub(kind, stubCode)
     {
         JS_ASSERT(kind == TypeMonitor_PrimitiveSet || kind == TypeUpdate_PrimitiveSet);
         JS_ASSERT(flags && !(flags & ~ValidFlags()));
         extra_ = flags;
     }
     TypeCheckPrimitiveSetStub *updateTypesAndCode(uint16_t flags, JitCode *code) {
         JS_ASSERT(flags && !(flags & ~ValidFlags()));
         if (!code)
             return nullptr;
         extra_ = flags;
         updateCode(code);
         return this;
     }
   public:
     uint16_t typeFlags() const {
         return extra_;
     }
     bool containsType(JSValueType type) const {
         JS_ASSERT(type <= JSVAL_TYPE_OBJECT);
         JS_ASSERT(type != JSVAL_TYPE_MAGIC);
         return extra_ & TypeToFlag(type);
     }
     ICTypeMonitor_PrimitiveSet *toMonitorStub() {
         return toTypeMonitor_PrimitiveSet();
     }
     ICTypeUpdate_PrimitiveSet *toUpdateStub() {
         return toTypeUpdate_PrimitiveSet();
     }
     class Compiler : public ICStubCompiler {
       protected:
         TypeCheckPrimitiveSetStub *existingStub_;
         uint16_t flags_;
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(flags_) << 16);
         }
       public:
         Compiler(JSContext *cx, Kind kind, TypeCheckPrimitiveSetStub *existingStub,
                  JSValueType type)
           : ICStubCompiler(cx, kind),
             existingStub_(existingStub),
             flags_((existingStub ? existingStub->typeFlags() : 0) | TypeToFlag(type))
         {
             JS_ASSERT_IF(existingStub_, flags_ != existingStub_->typeFlags());
         }
         TypeCheckPrimitiveSetStub *updateStub() {
             JS_ASSERT(existingStub_);
             return existingStub_->updateTypesAndCode(flags_, getStubCode());
         }
     };
 };
 // TypeMonitor
 // The TypeMonitor fallback stub is not always a regular fallback stub. When
 // used for monitoring the values pushed by a bytecode it doesn't hold a
 // pointer to the IC entry, but rather back to the main fallback stub for the
 // IC (from which a pointer to the IC entry can be retrieved). When monitoring
 // the types of 'this', arguments or other values with no associated IC, there
 // is no main fallback stub, and the IC entry is referenced directly.
 class ICTypeMonitor_Fallback : public ICStub
 {
     friend class ICStubSpace;
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     // Pointer to the main fallback stub for the IC or to the main IC entry,
     // depending on hasFallbackStub.
     union {
         ICMonitoredFallbackStub *mainFallbackStub_;
         ICEntry *icEntry_;
     };
     // Pointer to the first monitor stub.
     ICStub *firstMonitorStub_;
     // Address of the last monitor stub's field pointing to this
     // fallback monitor stub.  This will get updated when new
     // monitor stubs are created and added.
     ICStub **lastMonitorStubPtrAddr_;
     // Count of optimized type monitor stubs in this chain.
     uint32_t numOptimizedMonitorStubs_ : 8;
     // Whether this has a fallback stub referring to the IC entry.
     bool hasFallbackStub_ : 1;
     // Index of 'this' or argument which is being monitored, or BYTECODE_INDEX
     // if this is monitoring the types of values pushed at some bytecode.
     uint32_t argumentIndex_ : 23;
     static const uint32_t BYTECODE_INDEX = (1 << 23) - 1;
     ICTypeMonitor_Fallback(JitCode *stubCode, ICMonitoredFallbackStub *mainFallbackStub,
                            uint32_t argumentIndex)
       : ICStub(ICStub::TypeMonitor_Fallback, stubCode),
         mainFallbackStub_(mainFallbackStub),
         firstMonitorStub_(thisFromCtor()),
         lastMonitorStubPtrAddr_(nullptr),
         numOptimizedMonitorStubs_(0),
         hasFallbackStub_(mainFallbackStub != nullptr),
         argumentIndex_(argumentIndex)
     { }
     ICTypeMonitor_Fallback *thisFromCtor() {
         return this;
     }
     void addOptimizedMonitorStub(ICStub *stub) {
         stub->setNext(this);
         JS_ASSERT((lastMonitorStubPtrAddr_ != nullptr) ==
                   (numOptimizedMonitorStubs_ || !hasFallbackStub_));
         if (lastMonitorStubPtrAddr_)
             *lastMonitorStubPtrAddr_ = stub;
         if (numOptimizedMonitorStubs_ == 0) {
             JS_ASSERT(firstMonitorStub_ == this);
             firstMonitorStub_ = stub;
         } else {
             JS_ASSERT(firstMonitorStub_ != nullptr);
         }
         lastMonitorStubPtrAddr_ = stub->addressOfNext();
         numOptimizedMonitorStubs_++;
     }
   public:
     static inline ICTypeMonitor_Fallback *New(
         ICStubSpace *space, JitCode *code, ICMonitoredFallbackStub *mainFbStub,
         uint32_t argumentIndex)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeMonitor_Fallback>(code, mainFbStub, argumentIndex);
     }
     bool hasStub(ICStub::Kind kind) {
         ICStub *stub = firstMonitorStub_;
         do {
             if (stub->kind() == kind)
                 return true;
             stub = stub->next();
         } while (stub);
         return false;
     }
     inline ICFallbackStub *mainFallbackStub() const {
         JS_ASSERT(hasFallbackStub_);
         return mainFallbackStub_;
     }
     inline ICEntry *icEntry() const {
         return hasFallbackStub_ ? mainFallbackStub()->icEntry() : icEntry_;
     }
     inline ICStub *firstMonitorStub() const {
         return firstMonitorStub_;
     }
     static inline size_t offsetOfFirstMonitorStub() {
         return offsetof(ICTypeMonitor_Fallback, firstMonitorStub_);
     }
     inline uint32_t numOptimizedMonitorStubs() const {
         return numOptimizedMonitorStubs_;
     }
     inline bool monitorsThis() const {
         return argumentIndex_ == 0;
     }
     inline bool monitorsArgument(uint32_t *pargument) const {
         if (argumentIndex_ > 0 && argumentIndex_ < BYTECODE_INDEX) {
             *pargument = argumentIndex_ - 1;
             return true;
         }
         return false;
     }
     inline bool monitorsBytecode() const {
         return argumentIndex_ == BYTECODE_INDEX;
     }
     // Fixup the IC entry as for a normal fallback stub, for this/arguments.
     void fixupICEntry(ICEntry *icEntry) {
         JS_ASSERT(!hasFallbackStub_);
         JS_ASSERT(icEntry_ == nullptr);
         JS_ASSERT(lastMonitorStubPtrAddr_ == nullptr);
         icEntry_ = icEntry;
         lastMonitorStubPtrAddr_ = icEntry_->addressOfFirstStub();
     }
     // Create a new monitor stub for the type of the given value, and
     // add it to this chain.
     bool addMonitorStubForValue(JSContext *cx, JSScript *script, HandleValue val);
     void resetMonitorStubChain(Zone *zone);
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
         ICMonitoredFallbackStub *mainFallbackStub_;
         uint32_t argumentIndex_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICMonitoredFallbackStub *mainFallbackStub)
           : ICStubCompiler(cx, ICStub::TypeMonitor_Fallback),
             mainFallbackStub_(mainFallbackStub),
             argumentIndex_(BYTECODE_INDEX)
         { }
         Compiler(JSContext *cx, uint32_t argumentIndex)
           : ICStubCompiler(cx, ICStub::TypeMonitor_Fallback),
             mainFallbackStub_(nullptr),
             argumentIndex_(argumentIndex)
         { }
         ICTypeMonitor_Fallback *getStub(ICStubSpace *space) {
             return ICTypeMonitor_Fallback::New(space, getStubCode(), mainFallbackStub_,
                                                argumentIndex_);
         }
     };
 };
 class ICTypeMonitor_PrimitiveSet : public TypeCheckPrimitiveSetStub
 {
     friend class ICStubSpace;
     ICTypeMonitor_PrimitiveSet(JitCode *stubCode, uint16_t flags)
         : TypeCheckPrimitiveSetStub(TypeMonitor_PrimitiveSet, stubCode, flags)
     {}
   public:
     static inline ICTypeMonitor_PrimitiveSet *New(ICStubSpace *space, JitCode *code,
                                                   uint16_t flags)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeMonitor_PrimitiveSet>(code, flags);
     }
     class Compiler : public TypeCheckPrimitiveSetStub::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICTypeMonitor_PrimitiveSet *existingStub, JSValueType type)
           : TypeCheckPrimitiveSetStub::Compiler(cx, TypeMonitor_PrimitiveSet, existingStub, type)
         {}
         ICTypeMonitor_PrimitiveSet *updateStub() {
             TypeCheckPrimitiveSetStub *stub =
                 this->TypeCheckPrimitiveSetStub::Compiler::updateStub();
             if (!stub)
                 return nullptr;
             return stub->toMonitorStub();
         }
         ICTypeMonitor_PrimitiveSet *getStub(ICStubSpace *space) {
             JS_ASSERT(!existingStub_);
             return ICTypeMonitor_PrimitiveSet::New(space, getStubCode(), flags_);
         }
     };
 };
 class ICTypeMonitor_SingleObject : public ICStub
 {
     friend class ICStubSpace;
     HeapPtrObject obj_;
     ICTypeMonitor_SingleObject(JitCode *stubCode, HandleObject obj);
   public:
     static inline ICTypeMonitor_SingleObject *New(
             ICStubSpace *space, JitCode *code, HandleObject obj)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeMonitor_SingleObject>(code, obj);
     }
     HeapPtrObject &object() {
         return obj_;
     }
     static size_t offsetOfObject() {
         return offsetof(ICTypeMonitor_SingleObject, obj_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         HandleObject obj_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleObject obj)
           : ICStubCompiler(cx, TypeMonitor_SingleObject),
             obj_(obj)
         { }
         ICTypeMonitor_SingleObject *getStub(ICStubSpace *space) {
             return ICTypeMonitor_SingleObject::New(space, getStubCode(), obj_);
         }
     };
 };
 class ICTypeMonitor_TypeObject : public ICStub
 {
     friend class ICStubSpace;
     HeapPtrTypeObject type_;
     ICTypeMonitor_TypeObject(JitCode *stubCode, HandleTypeObject type);
   public:
     static inline ICTypeMonitor_TypeObject *New(
             ICStubSpace *space, JitCode *code, HandleTypeObject type)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeMonitor_TypeObject>(code, type);
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     static size_t offsetOfType() {
         return offsetof(ICTypeMonitor_TypeObject, type_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         HandleTypeObject type_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleTypeObject type)
           : ICStubCompiler(cx, TypeMonitor_TypeObject),
             type_(type)
         { }
         ICTypeMonitor_TypeObject *getStub(ICStubSpace *space) {
             return ICTypeMonitor_TypeObject::New(space, getStubCode(), type_);
         }
     };
 };
 // TypeUpdate
 extern const VMFunction DoTypeUpdateFallbackInfo;
 // The TypeUpdate fallback is not a regular fallback, since it just
 // forwards to a different entry point in the main fallback stub.
 class ICTypeUpdate_Fallback : public ICStub
 {
     friend class ICStubSpace;
     ICTypeUpdate_Fallback(JitCode *stubCode)
       : ICStub(ICStub::TypeUpdate_Fallback, stubCode)
     {}
   public:
     static inline ICTypeUpdate_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeUpdate_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::TypeUpdate_Fallback)
         { }
         ICTypeUpdate_Fallback *getStub(ICStubSpace *space) {
             return ICTypeUpdate_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICTypeUpdate_PrimitiveSet : public TypeCheckPrimitiveSetStub
 {
     friend class ICStubSpace;
     ICTypeUpdate_PrimitiveSet(JitCode *stubCode, uint16_t flags)
         : TypeCheckPrimitiveSetStub(TypeUpdate_PrimitiveSet, stubCode, flags)
     {}
   public:
     static inline ICTypeUpdate_PrimitiveSet *New(ICStubSpace *space, JitCode *code,
                                                  uint16_t flags)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeUpdate_PrimitiveSet>(code, flags);
     }
     class Compiler : public TypeCheckPrimitiveSetStub::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICTypeUpdate_PrimitiveSet *existingStub, JSValueType type)
           : TypeCheckPrimitiveSetStub::Compiler(cx, TypeUpdate_PrimitiveSet, existingStub, type)
         {}
         ICTypeUpdate_PrimitiveSet *updateStub() {
             TypeCheckPrimitiveSetStub *stub =
                 this->TypeCheckPrimitiveSetStub::Compiler::updateStub();
             if (!stub)
                 return nullptr;
             return stub->toUpdateStub();
         }
         ICTypeUpdate_PrimitiveSet *getStub(ICStubSpace *space) {
             JS_ASSERT(!existingStub_);
             return ICTypeUpdate_PrimitiveSet::New(space, getStubCode(), flags_);
         }
     };
 };
 // Type update stub to handle a singleton object.
 class ICTypeUpdate_SingleObject : public ICStub
 {
     friend class ICStubSpace;
     HeapPtrObject obj_;
     ICTypeUpdate_SingleObject(JitCode *stubCode, HandleObject obj);
   public:
     static inline ICTypeUpdate_SingleObject *New(ICStubSpace *space, JitCode *code,
                                                  HandleObject obj)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeUpdate_SingleObject>(code, obj);
     }
     HeapPtrObject &object() {
         return obj_;
     }
     static size_t offsetOfObject() {
         return offsetof(ICTypeUpdate_SingleObject, obj_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         HandleObject obj_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleObject obj)
           : ICStubCompiler(cx, TypeUpdate_SingleObject),
             obj_(obj)
         { }
         ICTypeUpdate_SingleObject *getStub(ICStubSpace *space) {
             return ICTypeUpdate_SingleObject::New(space, getStubCode(), obj_);
         }
     };
 };
 // Type update stub to handle a single TypeObject.
 class ICTypeUpdate_TypeObject : public ICStub
 {
     friend class ICStubSpace;
     HeapPtrTypeObject type_;
     ICTypeUpdate_TypeObject(JitCode *stubCode, HandleTypeObject type);
   public:
     static inline ICTypeUpdate_TypeObject *New(ICStubSpace *space, JitCode *code,
                                                HandleTypeObject type)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeUpdate_TypeObject>(code, type);
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     static size_t offsetOfType() {
         return offsetof(ICTypeUpdate_TypeObject, type_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         HandleTypeObject type_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleTypeObject type)
           : ICStubCompiler(cx, TypeUpdate_TypeObject),
             type_(type)
         { }
         ICTypeUpdate_TypeObject *getStub(ICStubSpace *space) {
             return ICTypeUpdate_TypeObject::New(space, getStubCode(), type_);
         }
     };
 };
 // This
 //      JSOP_THIS
 class ICThis_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICThis_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::This_Fallback, stubCode) {}
   public:
     static inline ICThis_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICThis_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::This_Fallback) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICThis_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICNewArray_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     HeapPtrObject templateObject_;
     ICNewArray_Fallback(JitCode *stubCode, JSObject *templateObject)
       : ICFallbackStub(ICStub::NewArray_Fallback, stubCode), templateObject_(templateObject)
     {}
   public:
     static inline ICNewArray_Fallback *New(ICStubSpace *space, JitCode *code,
                                            JSObject *templateObject) {
         if (!code)
             return nullptr;
         return space->allocate<ICNewArray_Fallback>(code, templateObject);
     }
     class Compiler : public ICStubCompiler {
         RootedObject templateObject;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSObject *templateObject)
           : ICStubCompiler(cx, ICStub::NewArray_Fallback),
             templateObject(cx, templateObject)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICNewArray_Fallback::New(space, getStubCode(), templateObject);
         }
     };
     HeapPtrObject &templateObject() {
         return templateObject_;
     }
 };
 class ICNewObject_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     HeapPtrObject templateObject_;
     ICNewObject_Fallback(JitCode *stubCode, JSObject *templateObject)
       : ICFallbackStub(ICStub::NewObject_Fallback, stubCode), templateObject_(templateObject)
     {}
   public:
     static inline ICNewObject_Fallback *New(ICStubSpace *space, JitCode *code,
                                             JSObject *templateObject) {
         if (!code)
             return nullptr;
         return space->allocate<ICNewObject_Fallback>(code, templateObject);
     }
     class Compiler : public ICStubCompiler {
         RootedObject templateObject;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSObject *templateObject)
           : ICStubCompiler(cx, ICStub::NewObject_Fallback),
             templateObject(cx, templateObject)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICNewObject_Fallback::New(space, getStubCode(), templateObject);
         }
     };
     HeapPtrObject &templateObject() {
         return templateObject_;
     }
 };
 // Compare
 //      JSOP_LT
 //      JSOP_GT
 class ICCompare_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICCompare_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::Compare_Fallback, stubCode) {}
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICCompare_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::Compare_Fallback) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICCompare_Int32 : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_Int32(JitCode *stubCode)
       : ICStub(ICStub::Compare_Int32, stubCode) {}
   public:
     static inline ICCompare_Int32 *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Int32>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Int32, op) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Int32::New(space, getStubCode());
         }
     };
 };
 class ICCompare_Double : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_Double(JitCode *stubCode)
       : ICStub(ICStub::Compare_Double, stubCode)
     {}
   public:
     static inline ICCompare_Double *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Double>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Double, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Double::New(space, getStubCode());
         }
     };
 };
 class ICCompare_NumberWithUndefined : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_NumberWithUndefined(JitCode *stubCode, bool lhsIsUndefined)
       : ICStub(ICStub::Compare_NumberWithUndefined, stubCode)
     {
         extra_ = lhsIsUndefined;
     }
   public:
     static inline ICCompare_NumberWithUndefined *New(ICStubSpace *space, JitCode *code, bool lhsIsUndefined) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_NumberWithUndefined>(code, lhsIsUndefined);
     }
     bool lhsIsUndefined() {
         return extra_;
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
         bool lhsIsUndefined;
       public:
         Compiler(JSContext *cx, JSOp op, bool lhsIsUndefined)
           : ICMultiStubCompiler(cx, ICStub::Compare_NumberWithUndefined, op),
             lhsIsUndefined(lhsIsUndefined)
         {}
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind)
                  | (static_cast<int32_t>(op) << 16)
                  | (static_cast<int32_t>(lhsIsUndefined) << 24);
         }
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_NumberWithUndefined::New(space, getStubCode(), lhsIsUndefined);
         }
     };
 };
 class ICCompare_String : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_String(JitCode *stubCode)
       : ICStub(ICStub::Compare_String, stubCode)
     {}
   public:
     static inline ICCompare_String *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_String>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_String, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_String::New(space, getStubCode());
         }
     };
 };
 class ICCompare_Boolean : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_Boolean(JitCode *stubCode)
       : ICStub(ICStub::Compare_Boolean, stubCode)
     {}
   public:
     static inline ICCompare_Boolean *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Boolean>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Boolean, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Boolean::New(space, getStubCode());
         }
     };
 };
 class ICCompare_Object : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_Object(JitCode *stubCode)
       : ICStub(ICStub::Compare_Object, stubCode)
     {}
   public:
     static inline ICCompare_Object *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Object>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Object, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Object::New(space, getStubCode());
         }
     };
 };
 class ICCompare_ObjectWithUndefined : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_ObjectWithUndefined(JitCode *stubCode)
       : ICStub(ICStub::Compare_ObjectWithUndefined, stubCode)
     {}
   public:
     static inline ICCompare_ObjectWithUndefined *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_ObjectWithUndefined>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
         bool lhsIsUndefined;
         bool compareWithNull;
       public:
         Compiler(JSContext *cx, JSOp op, bool lhsIsUndefined, bool compareWithNull)
           : ICMultiStubCompiler(cx, ICStub::Compare_ObjectWithUndefined, op),
             lhsIsUndefined(lhsIsUndefined),
             compareWithNull(compareWithNull)
         {}
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind)
                  | (static_cast<int32_t>(op) << 16)
                  | (static_cast<int32_t>(lhsIsUndefined) << 24)
                  | (static_cast<int32_t>(compareWithNull) << 25);
         }
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_ObjectWithUndefined::New(space, getStubCode());
         }
     };
 };
 class ICCompare_Int32WithBoolean : public ICStub
 {
     friend class ICStubSpace;
     ICCompare_Int32WithBoolean(JitCode *stubCode, bool lhsIsInt32)
       : ICStub(ICStub::Compare_Int32WithBoolean, stubCode)
     {
         extra_ = lhsIsInt32;
     }
   public:
     static inline ICCompare_Int32WithBoolean *New(ICStubSpace *space, JitCode *code,
                                                   bool lhsIsInt32)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCompare_Int32WithBoolean>(code, lhsIsInt32);
     }
     bool lhsIsInt32() const {
         return extra_;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         JSOp op_;
         bool lhsIsInt32_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return (static_cast<int32_t>(kind) | (static_cast<int32_t>(op_) << 16) |
                     (static_cast<int32_t>(lhsIsInt32_) << 24));
         }
       public:
         Compiler(JSContext *cx, JSOp op, bool lhsIsInt32)
           : ICStubCompiler(cx, ICStub::Compare_Int32WithBoolean),
             op_(op),
             lhsIsInt32_(lhsIsInt32)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICCompare_Int32WithBoolean::New(space, getStubCode(), lhsIsInt32_);
         }
     };
 };
 // ToBool
 //      JSOP_IFNE
 class ICToBool_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICToBool_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::ToBool_Fallback, stubCode) {}
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICToBool_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_Fallback) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICToBool_Int32 : public ICStub
 {
     friend class ICStubSpace;
     ICToBool_Int32(JitCode *stubCode)
       : ICStub(ICStub::ToBool_Int32, stubCode) {}
   public:
     static inline ICToBool_Int32 *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_Int32>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_Int32) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_Int32::New(space, getStubCode());
         }
     };
 };
 class ICToBool_String : public ICStub
 {
     friend class ICStubSpace;
     ICToBool_String(JitCode *stubCode)
       : ICStub(ICStub::ToBool_String, stubCode) {}
   public:
     static inline ICToBool_String *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_String>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_String) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_String::New(space, getStubCode());
         }
     };
 };
 class ICToBool_NullUndefined : public ICStub
 {
     friend class ICStubSpace;
     ICToBool_NullUndefined(JitCode *stubCode)
       : ICStub(ICStub::ToBool_NullUndefined, stubCode) {}
   public:
     static inline ICToBool_NullUndefined *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_NullUndefined>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_NullUndefined) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_NullUndefined::New(space, getStubCode());
         }
     };
 };
 class ICToBool_Double : public ICStub
 {
     friend class ICStubSpace;
     ICToBool_Double(JitCode *stubCode)
       : ICStub(ICStub::ToBool_Double, stubCode) {}
   public:
     static inline ICToBool_Double *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_Double>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_Double) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_Double::New(space, getStubCode());
         }
     };
 };
 class ICToBool_Object : public ICStub
 {
     friend class ICStubSpace;
     ICToBool_Object(JitCode *stubCode)
       : ICStub(ICStub::ToBool_Object, stubCode) {}
   public:
     static inline ICToBool_Object *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToBool_Object>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToBool_Object) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToBool_Object::New(space, getStubCode());
         }
     };
 };
 // ToNumber
 //     JSOP_POS
 class ICToNumber_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICToNumber_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::ToNumber_Fallback, stubCode) {}
   public:
     static inline ICToNumber_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICToNumber_Fallback>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::ToNumber_Fallback) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICToNumber_Fallback::New(space, getStubCode());
         }
     };
 };
 // BinaryArith
 //      JSOP_ADD
 //      JSOP_BITAND, JSOP_BITXOR, JSOP_BITOR
 //      JSOP_LSH, JSOP_RSH, JSOP_URSH
 class ICBinaryArith_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICBinaryArith_Fallback(JitCode *stubCode)
       : ICFallbackStub(BinaryArith_Fallback, stubCode)
     {
         extra_ = 0;
     }
     static const uint16_t SAW_DOUBLE_RESULT_BIT = 0x1;
     static const uint16_t UNOPTIMIZABLE_OPERANDS_BIT = 0x2;
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICBinaryArith_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_Fallback>(code);
     }
     bool sawDoubleResult() const {
         return extra_ & SAW_DOUBLE_RESULT_BIT;
     }
     void setSawDoubleResult() {
         extra_ |= SAW_DOUBLE_RESULT_BIT;
     }
     bool hadUnoptimizableOperands() const {
         return extra_ & UNOPTIMIZABLE_OPERANDS_BIT;
     }
     void noteUnoptimizableOperands() {
         extra_ |= UNOPTIMIZABLE_OPERANDS_BIT;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::BinaryArith_Fallback) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICBinaryArith_Int32 : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_Int32(JitCode *stubCode, bool allowDouble)
       : ICStub(BinaryArith_Int32, stubCode)
     {
         extra_ = allowDouble;
     }
   public:
     static inline ICBinaryArith_Int32 *New(ICStubSpace *space, JitCode *code, bool allowDouble) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_Int32>(code, allowDouble);
     }
     bool allowDouble() const {
         return extra_;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         JSOp op_;
         bool allowDouble_;
         bool generateStubCode(MacroAssembler &masm);
         // Stub keys shift-stubs need to encode the kind, the JSOp and if we allow doubles.
         virtual int32_t getKey() const {
             return (static_cast<int32_t>(kind) | (static_cast<int32_t>(op_) << 16) |
                     (static_cast<int32_t>(allowDouble_) << 24));
         }
       public:
         Compiler(JSContext *cx, JSOp op, bool allowDouble)
           : ICStubCompiler(cx, ICStub::BinaryArith_Int32),
             op_(op), allowDouble_(allowDouble) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_Int32::New(space, getStubCode(), allowDouble_);
         }
     };
 };
 class ICBinaryArith_StringConcat : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_StringConcat(JitCode *stubCode)
       : ICStub(BinaryArith_StringConcat, stubCode)
     {}
   public:
     static inline ICBinaryArith_StringConcat *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_StringConcat>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::BinaryArith_StringConcat)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_StringConcat::New(space, getStubCode());
         }
     };
 };
 class ICBinaryArith_StringObjectConcat : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_StringObjectConcat(JitCode *stubCode, bool lhsIsString)
       : ICStub(BinaryArith_StringObjectConcat, stubCode)
     {
         extra_ = lhsIsString;
     }
   public:
     static inline ICBinaryArith_StringObjectConcat *New(ICStubSpace *space, JitCode *code,
                                                         bool lhsIsString) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_StringObjectConcat>(code, lhsIsString);
     }
     bool lhsIsString() const {
         return extra_;
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool lhsIsString_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(lhsIsString_) << 16);
         }
       public:
         Compiler(JSContext *cx, bool lhsIsString)
           : ICStubCompiler(cx, ICStub::BinaryArith_StringObjectConcat),
             lhsIsString_(lhsIsString)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_StringObjectConcat::New(space, getStubCode(), lhsIsString_);
         }
     };
 };
 class ICBinaryArith_Double : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_Double(JitCode *stubCode)
       : ICStub(BinaryArith_Double, stubCode)
     {}
   public:
     static inline ICBinaryArith_Double *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_Double>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::BinaryArith_Double, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_Double::New(space, getStubCode());
         }
     };
 };
 class ICBinaryArith_BooleanWithInt32 : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_BooleanWithInt32(JitCode *stubCode, bool lhsIsBool, bool rhsIsBool)
       : ICStub(BinaryArith_BooleanWithInt32, stubCode)
     {
         JS_ASSERT(lhsIsBool || rhsIsBool);
         extra_ = 0;
         if (lhsIsBool)
             extra_ |= 1;
         if (rhsIsBool)
             extra_ |= 2;
     }
   public:
     static inline ICBinaryArith_BooleanWithInt32 *New(ICStubSpace *space, JitCode *code,
                                                       bool lhsIsBool, bool rhsIsBool) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_BooleanWithInt32>(code, lhsIsBool, rhsIsBool);
     }
     bool lhsIsBoolean() const {
         return extra_ & 1;
     }
     bool rhsIsBoolean() const {
         return extra_ & 2;
     }
     class Compiler : public ICStubCompiler {
       protected:
         JSOp op_;
         bool lhsIsBool_;
         bool rhsIsBool_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(op_) << 16) |
                    (static_cast<int32_t>(lhsIsBool_) << 24) |
                    (static_cast<int32_t>(rhsIsBool_) << 25);
         }
       public:
         Compiler(JSContext *cx, JSOp op, bool lhsIsBool, bool rhsIsBool)
           : ICStubCompiler(cx, ICStub::BinaryArith_BooleanWithInt32),
             op_(op), lhsIsBool_(lhsIsBool), rhsIsBool_(rhsIsBool)
         {
             JS_ASSERT(op_ == JSOP_ADD || op_ == JSOP_SUB || op_ == JSOP_BITOR ||
                       op_ == JSOP_BITAND || op_ == JSOP_BITXOR);
             JS_ASSERT(lhsIsBool_ || rhsIsBool_);
         }
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_BooleanWithInt32::New(space, getStubCode(),
                                                        lhsIsBool_, rhsIsBool_);
         }
     };
 };
 class ICBinaryArith_DoubleWithInt32 : public ICStub
 {
     friend class ICStubSpace;
     ICBinaryArith_DoubleWithInt32(JitCode *stubCode, bool lhsIsDouble)
       : ICStub(BinaryArith_DoubleWithInt32, stubCode)
     {
         extra_ = lhsIsDouble;
     }
   public:
     static inline ICBinaryArith_DoubleWithInt32 *New(ICStubSpace *space, JitCode *code,
                                                      bool lhsIsDouble) {
         if (!code)
             return nullptr;
         return space->allocate<ICBinaryArith_DoubleWithInt32>(code, lhsIsDouble);
     }
     bool lhsIsDouble() const {
         return extra_;
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool lhsIsDouble_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(op) << 16) |
                    (static_cast<int32_t>(lhsIsDouble_) << 24);
         }
       public:
         Compiler(JSContext *cx, JSOp op, bool lhsIsDouble)
           : ICMultiStubCompiler(cx, ICStub::BinaryArith_DoubleWithInt32, op),
             lhsIsDouble_(lhsIsDouble)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICBinaryArith_DoubleWithInt32::New(space, getStubCode(), lhsIsDouble_);
         }
     };
 };
 // UnaryArith
 //     JSOP_BITNOT
 //     JSOP_NEG
 class ICUnaryArith_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICUnaryArith_Fallback(JitCode *stubCode)
       : ICFallbackStub(UnaryArith_Fallback, stubCode)
     {
         extra_ = 0;
     }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICUnaryArith_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICUnaryArith_Fallback>(code);
     }
     bool sawDoubleResult() {
         return extra_;
     }
     void setSawDoubleResult() {
         extra_ = 1;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::UnaryArith_Fallback)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICUnaryArith_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICUnaryArith_Int32 : public ICStub
 {
     friend class ICStubSpace;
     ICUnaryArith_Int32(JitCode *stubCode)
       : ICStub(UnaryArith_Int32, stubCode)
     {}
   public:
     static inline ICUnaryArith_Int32 *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICUnaryArith_Int32>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::UnaryArith_Int32, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICUnaryArith_Int32::New(space, getStubCode());
         }
     };
 };
 class ICUnaryArith_Double : public ICStub
 {
     friend class ICStubSpace;
     ICUnaryArith_Double(JitCode *stubCode)
       : ICStub(UnaryArith_Double, stubCode)
     {}
   public:
     static inline ICUnaryArith_Double *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICUnaryArith_Double>(code);
     }
     class Compiler : public ICMultiStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::UnaryArith_Double, op)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICUnaryArith_Double::New(space, getStubCode());
         }
     };
 };
 // GetElem
 //      JSOP_GETELEM
 class ICGetElem_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
     ICGetElem_Fallback(JitCode *stubCode)
       : ICMonitoredFallbackStub(ICStub::GetElem_Fallback, stubCode)
     { }
     static const uint16_t EXTRA_NON_NATIVE = 0x1;
     static const uint16_t EXTRA_NEGATIVE_INDEX = 0x2;
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 16;
     static inline ICGetElem_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_Fallback>(code);
     }
     void noteNonNativeAccess() {
         extra_ |= EXTRA_NON_NATIVE;
     }
     bool hasNonNativeAccess() const {
         return extra_ & EXTRA_NON_NATIVE;
     }
     void noteNegativeIndex() {
         extra_ |= EXTRA_NEGATIVE_INDEX;
     }
     bool hasNegativeIndex() const {
         return extra_ & EXTRA_NEGATIVE_INDEX;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetElem_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             ICGetElem_Fallback *stub = ICGetElem_Fallback::New(space, getStubCode());
             if (!stub)
                 return nullptr;
             if (!stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 class ICGetElemNativeStub : public ICMonitoredStub
 {
   public:
     enum AccessType { FixedSlot = 0, DynamicSlot, NativeGetter, ScriptedGetter };
   protected:
     HeapPtrShape shape_;
     HeapPtrPropertyName name_;
     static const unsigned NEEDS_ATOMIZE_SHIFT = 0;
     static const uint16_t NEEDS_ATOMIZE_MASK = 0x1;
     static const unsigned ACCESSTYPE_SHIFT = 1;
     static const uint16_t ACCESSTYPE_MASK = 0x3;
     ICGetElemNativeStub(ICStub::Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                         HandleShape shape, HandlePropertyName name, AccessType acctype,
                         bool needsAtomize);
     ~ICGetElemNativeStub();
   public:
     HeapPtrShape &shape() {
         return shape_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetElemNativeStub, shape_);
     }
     HeapPtrPropertyName &name() {
         return name_;
     }
     static size_t offsetOfName() {
         return offsetof(ICGetElemNativeStub, name_);
     }
     AccessType accessType() const {
         return static_cast<AccessType>((extra_ >> ACCESSTYPE_SHIFT) & ACCESSTYPE_MASK);
     }
     bool needsAtomize() const {
         return (extra_ >> NEEDS_ATOMIZE_SHIFT) & NEEDS_ATOMIZE_MASK;
     }
 };
 class ICGetElemNativeSlotStub : public ICGetElemNativeStub
 {
   protected:
     uint32_t offset_;
     ICGetElemNativeSlotStub(ICStub::Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                             HandleShape shape, HandlePropertyName name,
                             AccessType acctype, bool needsAtomize, uint32_t offset)
       : ICGetElemNativeStub(kind, stubCode, firstMonitorStub, shape, name, acctype, needsAtomize),
         offset_(offset)
     {
         JS_ASSERT(kind == GetElem_NativeSlot || kind == GetElem_NativePrototypeSlot);
         JS_ASSERT(acctype == FixedSlot || acctype == DynamicSlot);
     }
   public:
     uint32_t offset() const {
         return offset_;
     }
     static size_t offsetOfOffset() {
         return offsetof(ICGetElemNativeSlotStub, offset_);
     }
 };
 class ICGetElemNativeGetterStub : public ICGetElemNativeStub
 {
   protected:
     HeapPtrFunction getter_;
     uint32_t pcOffset_;
     ICGetElemNativeGetterStub(ICStub::Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                             HandleShape shape, HandlePropertyName name, AccessType acctype,
                             bool needsAtomize, HandleFunction getter, uint32_t pcOffset);
   public:
     HeapPtrFunction &getter() {
         return getter_;
     }
     static size_t offsetOfGetter() {
         return offsetof(ICGetElemNativeGetterStub, getter_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICGetElemNativeGetterStub, pcOffset_);
     }
 };
 class ICGetElem_NativeSlot : public ICGetElemNativeSlotStub
 {
     friend class ICStubSpace;
     ICGetElem_NativeSlot(JitCode *stubCode, ICStub *firstMonitorStub,
                          HandleShape shape, HandlePropertyName name,
                          AccessType acctype, bool needsAtomize, uint32_t offset)
       : ICGetElemNativeSlotStub(ICStub::GetElem_NativeSlot, stubCode, firstMonitorStub, shape,
                                 name, acctype, needsAtomize, offset)
     {}
   public:
     static inline ICGetElem_NativeSlot *New(ICStubSpace *space, JitCode *code,
                                             ICStub *firstMonitorStub,
                                             HandleShape shape, HandlePropertyName name,
                                             AccessType acctype, bool needsAtomize, uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_NativeSlot>(code, firstMonitorStub, shape, name,
                                                      acctype, needsAtomize, offset);
     }
 };
 class ICGetElem_NativePrototypeSlot : public ICGetElemNativeSlotStub
 {
     friend class ICStubSpace;
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
     ICGetElem_NativePrototypeSlot(JitCode *stubCode, ICStub *firstMonitorStub,
                                   HandleShape shape, HandlePropertyName name,
                                   AccessType acctype, bool needsAtomize, uint32_t offset,
                                   HandleObject holder, HandleShape holderShape);
   public:
     static inline ICGetElem_NativePrototypeSlot *New(ICStubSpace *space, JitCode *code,
                                                      ICStub *firstMonitorStub,
                                                      HandleShape shape, HandlePropertyName name,
                                                      AccessType acctype, bool needsAtomize,
                                                      uint32_t offset, HandleObject holder,
                                                      HandleShape holderShape)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_NativePrototypeSlot>(
                     code, firstMonitorStub, shape, name, acctype, needsAtomize, offset, holder,
                     holderShape);
     }
     HeapPtrObject &holder() {
         return holder_;
     }
     static size_t offsetOfHolder() {
         return offsetof(ICGetElem_NativePrototypeSlot, holder_);
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICGetElem_NativePrototypeSlot, holderShape_);
     }
 };
 class ICGetElemNativePrototypeCallStub : public ICGetElemNativeGetterStub
 {
     friend class ICStubSpace;
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
   protected:
     ICGetElemNativePrototypeCallStub(ICStub::Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                                      HandleShape shape, HandlePropertyName name,
                                      AccessType acctype, bool needsAtomize, HandleFunction getter,
                                      uint32_t pcOffset, HandleObject holder,
                                      HandleShape holderShape);
   public:
     HeapPtrObject &holder() {
         return holder_;
     }
     static size_t offsetOfHolder() {
         return offsetof(ICGetElemNativePrototypeCallStub, holder_);
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICGetElemNativePrototypeCallStub, holderShape_);
     }
 };
 class ICGetElem_NativePrototypeCallNative : public ICGetElemNativePrototypeCallStub
 {
     friend class ICStubSpace;
     ICGetElem_NativePrototypeCallNative(JitCode *stubCode, ICStub *firstMonitorStub,
                                         HandleShape shape, HandlePropertyName name,
                                         AccessType acctype, bool needsAtomize,
                                         HandleFunction getter, uint32_t pcOffset,
                                         HandleObject holder, HandleShape holderShape)
       : ICGetElemNativePrototypeCallStub(GetElem_NativePrototypeCallNative,
                                          stubCode, firstMonitorStub, shape, name,
                                          acctype, needsAtomize, getter, pcOffset, holder,
                                          holderShape)
     {}
   public:
     static inline ICGetElem_NativePrototypeCallNative *New(
                     ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                     HandleShape shape, HandlePropertyName name, AccessType acctype,
                     bool needsAtomize, HandleFunction getter, uint32_t pcOffset,
                     HandleObject holder, HandleShape holderShape)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_NativePrototypeCallNative>(
                         code, firstMonitorStub, shape, name, acctype, needsAtomize, getter,
                         pcOffset, holder, holderShape);
     }
 };
 class ICGetElem_NativePrototypeCallScripted : public ICGetElemNativePrototypeCallStub
 {
     friend class ICStubSpace;
     ICGetElem_NativePrototypeCallScripted(JitCode *stubCode, ICStub *firstMonitorStub,
                                         HandleShape shape, HandlePropertyName name,
                                         AccessType acctype, bool needsAtomize,
                                         HandleFunction getter, uint32_t pcOffset,
                                         HandleObject holder, HandleShape holderShape)
       : ICGetElemNativePrototypeCallStub(GetElem_NativePrototypeCallScripted,
                                          stubCode, firstMonitorStub, shape, name,
                                          acctype, needsAtomize, getter, pcOffset, holder,
                                          holderShape)
     {}
   public:
     static inline ICGetElem_NativePrototypeCallScripted *New(
                     ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                     HandleShape shape, HandlePropertyName name, AccessType acctype,
                     bool needsAtomize, HandleFunction getter, uint32_t pcOffset,
                     HandleObject holder, HandleShape holderShape)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_NativePrototypeCallScripted>(
                         code, firstMonitorStub, shape, name, acctype, needsAtomize, getter,
                         pcOffset, holder, holderShape);
     }
 };
 // Compiler for GetElem_NativeSlot and GetElem_NativePrototypeSlot stubs.
 class ICGetElemNativeCompiler : public ICStubCompiler
 {
     bool isCallElem_;
     ICStub *firstMonitorStub_;
     HandleObject obj_;
     HandleObject holder_;
     HandlePropertyName name_;
     ICGetElemNativeStub::AccessType acctype_;
     bool needsAtomize_;
     uint32_t offset_;
     HandleFunction getter_;
     uint32_t pcOffset_;
     bool emitCallNative(MacroAssembler &masm, Register objReg);
     bool emitCallScripted(MacroAssembler &masm, Register objReg);
     bool generateStubCode(MacroAssembler &masm);
   protected:
     virtual int32_t getKey() const {
 #if JS_HAS_NO_SUCH_METHOD
         return static_cast<int32_t>(kind) |
                (static_cast<int32_t>(isCallElem_) << 16) |
                (static_cast<int32_t>(needsAtomize_) << 17) |
                (static_cast<int32_t>(acctype_) << 18);
 #else
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(needsAtomize_) << 16) |
                (static_cast<int32_t>(acctype_) << 17);
 #endif
     }
   public:
     ICGetElemNativeCompiler(JSContext *cx, ICStub::Kind kind, bool isCallElem,
                             ICStub *firstMonitorStub, HandleObject obj, HandleObject holder,
                             HandlePropertyName name, ICGetElemNativeStub::AccessType acctype,
                             bool needsAtomize, uint32_t offset)
       : ICStubCompiler(cx, kind),
         isCallElem_(isCallElem),
         firstMonitorStub_(firstMonitorStub),
         obj_(obj),
         holder_(holder),
         name_(name),
         acctype_(acctype),
         needsAtomize_(needsAtomize),
         offset_(offset),
         getter_(js::NullPtr()),
         pcOffset_(0)
     {}
     ICGetElemNativeCompiler(JSContext *cx, ICStub::Kind kind, ICStub *firstMonitorStub,
                             HandleObject obj, HandleObject holder, HandlePropertyName name,
                             ICGetElemNativeStub::AccessType acctype, bool needsAtomize,
                             HandleFunction getter, uint32_t pcOffset, bool isCallElem)
       : ICStubCompiler(cx, kind),
         isCallElem_(false),
         firstMonitorStub_(firstMonitorStub),
         obj_(obj),
         holder_(holder),
         name_(name),
         acctype_(acctype),
         needsAtomize_(needsAtomize),
         offset_(0),
         getter_(getter),
         pcOffset_(pcOffset)
     {}
     ICStub *getStub(ICStubSpace *space) {
         RootedShape shape(cx, obj_->lastProperty());
         if (kind == ICStub::GetElem_NativeSlot) {
             JS_ASSERT(obj_ == holder_);
             return ICGetElem_NativeSlot::New(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     offset_);
         }
         JS_ASSERT(obj_ != holder_);
         RootedShape holderShape(cx, holder_->lastProperty());
         if (kind == ICStub::GetElem_NativePrototypeSlot) {
             return ICGetElem_NativePrototypeSlot::New(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     offset_, holder_, holderShape);
         }
         if (kind == ICStub::GetElem_NativePrototypeCallNative) {
             return ICGetElem_NativePrototypeCallNative::New(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     getter_, pcOffset_, holder_, holderShape);
         }
         JS_ASSERT(kind == ICStub::GetElem_NativePrototypeCallScripted);
         if (kind == ICStub::GetElem_NativePrototypeCallScripted) {
             return ICGetElem_NativePrototypeCallScripted::New(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     getter_, pcOffset_, holder_, holderShape);
         }
         MOZ_ASSUME_UNREACHABLE("Invalid kind.");
         return nullptr;
     }
 };
 class ICGetElem_String : public ICStub
 {
     friend class ICStubSpace;
     ICGetElem_String(JitCode *stubCode)
       : ICStub(ICStub::GetElem_String, stubCode) {}
   public:
     static inline ICGetElem_String *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_String>(code);
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetElem_String) {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetElem_String::New(space, getStubCode());
         }
     };
 };
 class ICGetElem_Dense : public ICMonitoredStub
 {
     friend class ICStubSpace;
     HeapPtrShape shape_;
     ICGetElem_Dense(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape);
   public:
     static inline ICGetElem_Dense *New(ICStubSpace *space, JitCode *code,
                                        ICStub *firstMonitorStub, HandleShape shape)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_Dense>(code, firstMonitorStub, shape);
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetElem_Dense, shape_);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     class Compiler : public ICStubCompiler {
       ICStub *firstMonitorStub_;
       RootedShape shape_;
       bool isCallElem_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
 #if JS_HAS_NO_SUCH_METHOD
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(isCallElem_) << 16);
 #else
             return static_cast<int32_t>(kind);
 #endif
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, Shape *shape, bool isCallElem)
           : ICStubCompiler(cx, ICStub::GetElem_Dense),
             firstMonitorStub_(firstMonitorStub),
             shape_(cx, shape),
             isCallElem_(isCallElem)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetElem_Dense::New(space, getStubCode(), firstMonitorStub_, shape_);
         }
     };
 };
 class ICGetElem_TypedArray : public ICStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     HeapPtrShape shape_;
     ICGetElem_TypedArray(JitCode *stubCode, HandleShape shape, uint32_t type);
   public:
     static inline ICGetElem_TypedArray *New(ICStubSpace *space, JitCode *code,
                                             HandleShape shape, uint32_t type)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_TypedArray>(code, shape, type);
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetElem_TypedArray, shape_);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     class Compiler : public ICStubCompiler {
       RootedShape shape_;
       uint32_t type_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(type_) << 16);
         }
       public:
         Compiler(JSContext *cx, Shape *shape, uint32_t type)
           : ICStubCompiler(cx, ICStub::GetElem_TypedArray),
             shape_(cx, shape),
             type_(type)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetElem_TypedArray::New(space, getStubCode(), shape_, type_);
         }
     };
 };
 class ICGetElem_Arguments : public ICMonitoredStub
 {
     friend class ICStubSpace;
   public:
     enum Which { Normal, Strict, Magic };
   private:
     ICGetElem_Arguments(JitCode *stubCode, ICStub *firstMonitorStub, Which which)
       : ICMonitoredStub(ICStub::GetElem_Arguments, stubCode, firstMonitorStub)
     {
         extra_ = static_cast<uint16_t>(which);
     }
   public:
     static inline ICGetElem_Arguments *New(ICStubSpace *space, JitCode *code,
                                            ICStub *firstMonitorStub, Which which)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetElem_Arguments>(code, firstMonitorStub, which);
     }
     Which which() const {
         return static_cast<Which>(extra_);
     }
     class Compiler : public ICStubCompiler {
       ICStub *firstMonitorStub_;
       Which which_;
       bool isCallElem_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
 #if JS_HAS_NO_SUCH_METHOD
             return static_cast<int32_t>(kind) |
                    static_cast<int32_t>(isCallElem_ << 16) |
                    (static_cast<int32_t>(which_) << 17);
 #else
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(which_) << 16);
 #endif
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, Which which, bool isCallElem)
           : ICStubCompiler(cx, ICStub::GetElem_Arguments),
             firstMonitorStub_(firstMonitorStub),
             which_(which),
             isCallElem_(isCallElem)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetElem_Arguments::New(space, getStubCode(), firstMonitorStub_, which_);
         }
     };
 };
 // SetElem
 //      JSOP_SETELEM
 //      JSOP_INITELEM
 class ICSetElem_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICSetElem_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::SetElem_Fallback, stubCode)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICSetElem_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICSetElem_Fallback>(code);
     }
     void noteArrayWriteHole() {
         extra_ = 1;
     }
     bool hasArrayWriteHole() const {
         return extra_;
     }
     // Compiler for this stub kind.
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::SetElem_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICSetElem_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICSetElem_Dense : public ICUpdatedStub
 {
     friend class ICStubSpace;
     HeapPtrShape shape_;
     HeapPtrTypeObject type_;
     ICSetElem_Dense(JitCode *stubCode, HandleShape shape, HandleTypeObject type);
   public:
     static inline ICSetElem_Dense *New(ICStubSpace *space, JitCode *code, HandleShape shape,
                                        HandleTypeObject type) {
         if (!code)
             return nullptr;
         return space->allocate<ICSetElem_Dense>(code, shape, type);
     }
     static size_t offsetOfShape() {
         return offsetof(ICSetElem_Dense, shape_);
     }
     static size_t offsetOfType() {
         return offsetof(ICSetElem_Dense, type_);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     class Compiler : public ICStubCompiler {
         RootedShape shape_;
         // Compiler is only live on stack during compilation, it should
         // outlive any RootedTypeObject it's passed.  So it can just
         // use the handle.
         HandleTypeObject type_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, Shape *shape, HandleTypeObject type)
           : ICStubCompiler(cx, ICStub::SetElem_Dense),
             shape_(cx, shape),
             type_(type)
         {}
         ICUpdatedStub *getStub(ICStubSpace *space) {
             ICSetElem_Dense *stub = ICSetElem_Dense::New(space, getStubCode(), shape_, type_);
             if (!stub || !stub->initUpdatingChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 template <size_t ProtoChainDepth> class ICSetElem_DenseAddImpl;
 class ICSetElem_DenseAdd : public ICUpdatedStub
 {
     friend class ICStubSpace;
   public:
     static const size_t MAX_PROTO_CHAIN_DEPTH = 4;
   protected:
     HeapPtrTypeObject type_;
     ICSetElem_DenseAdd(JitCode *stubCode, types::TypeObject *type, size_t protoChainDepth);
   public:
     static size_t offsetOfType() {
         return offsetof(ICSetElem_DenseAdd, type_);
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     size_t protoChainDepth() const {
         MOZ_ASSERT(extra_ <= MAX_PROTO_CHAIN_DEPTH);
         return extra_;
     }
     template <size_t ProtoChainDepth>
     ICSetElem_DenseAddImpl<ProtoChainDepth> *toImplUnchecked() {
         return static_cast<ICSetElem_DenseAddImpl<ProtoChainDepth> *>(this);
     }
     template <size_t ProtoChainDepth>
     ICSetElem_DenseAddImpl<ProtoChainDepth> *toImpl() {
         JS_ASSERT(ProtoChainDepth == protoChainDepth());
         return toImplUnchecked<ProtoChainDepth>();
     }
 };
 template <size_t ProtoChainDepth>
 class ICSetElem_DenseAddImpl : public ICSetElem_DenseAdd
 {
     friend class ICStubSpace;
     static const size_t NumShapes = ProtoChainDepth + 1;
     mozilla::Array<HeapPtrShape, NumShapes> shapes_;
     ICSetElem_DenseAddImpl(JitCode *stubCode, types::TypeObject *type,
                            const AutoShapeVector *shapes)
       : ICSetElem_DenseAdd(stubCode, type, ProtoChainDepth)
     {
         JS_ASSERT(shapes->length() == NumShapes);
         for (size_t i = 0; i < NumShapes; i++)
             shapes_[i].init((*shapes)[i]);
     }
   public:
     static inline ICSetElem_DenseAddImpl *New(ICStubSpace *space, JitCode *code,
                                               types::TypeObject *type,
                                               const AutoShapeVector *shapes)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetElem_DenseAddImpl<ProtoChainDepth> >(code, type, shapes);
     }
     void traceShapes(JSTracer *trc) {
         for (size_t i = 0; i < NumShapes; i++)
             MarkShape(trc, &shapes_[i], "baseline-setelem-denseadd-stub-shape");
     }
     Shape *shape(size_t i) const {
         JS_ASSERT(i < NumShapes);
         return shapes_[i];
     }
     static size_t offsetOfShape(size_t idx) {
         return offsetof(ICSetElem_DenseAddImpl, shapes_) + idx * sizeof(HeapPtrShape);
     }
 };
 class ICSetElemDenseAddCompiler : public ICStubCompiler {
     RootedObject obj_;
     size_t protoChainDepth_;
     bool generateStubCode(MacroAssembler &masm);
   protected:
     virtual int32_t getKey() const {
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(protoChainDepth_) << 16);
     }
   public:
     ICSetElemDenseAddCompiler(JSContext *cx, HandleObject obj, size_t protoChainDepth)
         : ICStubCompiler(cx, ICStub::SetElem_DenseAdd),
           obj_(cx, obj),
           protoChainDepth_(protoChainDepth)
     {}
     template <size_t ProtoChainDepth>
     ICUpdatedStub *getStubSpecific(ICStubSpace *space, const AutoShapeVector *shapes);
     ICUpdatedStub *getStub(ICStubSpace *space);
 };
 class ICSetElem_TypedArray : public ICStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     HeapPtrShape shape_;
     ICSetElem_TypedArray(JitCode *stubCode, HandleShape shape, uint32_t type,
                          bool expectOutOfBounds);
   public:
     static inline ICSetElem_TypedArray *New(ICStubSpace *space, JitCode *code,
                                             HandleShape shape, uint32_t type,
                                             bool expectOutOfBounds)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetElem_TypedArray>(code, shape, type, expectOutOfBounds);
     }
     uint32_t type() const {
         return extra_ & 0xff;
     }
     bool expectOutOfBounds() const {
         return (extra_ >> 8) & 1;
     }
     static size_t offsetOfShape() {
         return offsetof(ICSetElem_TypedArray, shape_);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     class Compiler : public ICStubCompiler {
         RootedShape shape_;
         uint32_t type_;
         bool expectOutOfBounds_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(type_) << 16) |
                    (static_cast<int32_t>(expectOutOfBounds_) << 24);
         }
       public:
         Compiler(JSContext *cx, Shape *shape, uint32_t type, bool expectOutOfBounds)
           : ICStubCompiler(cx, ICStub::SetElem_TypedArray),
             shape_(cx, shape),
             type_(type),
             expectOutOfBounds_(expectOutOfBounds)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICSetElem_TypedArray::New(space, getStubCode(), shape_, type_,
                                              expectOutOfBounds_);
         }
     };
 };
 // In
 //      JSOP_IN
 class ICIn_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICIn_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::In_Fallback, stubCode)
     { }
   public:
     static inline ICIn_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIn_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::In_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIn_Fallback::New(space, getStubCode());
         }
     };
 };
 // GetName
 //      JSOP_NAME
 //      JSOP_GETGNAME
 class ICGetName_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
     ICGetName_Fallback(JitCode *stubCode)
       : ICMonitoredFallbackStub(ICStub::GetName_Fallback, stubCode)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICGetName_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetName_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetName_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             ICGetName_Fallback *stub = ICGetName_Fallback::New(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 // Optimized GETGNAME/CALLGNAME stub.
 class ICGetName_Global : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     HeapPtrShape shape_;
     uint32_t slot_;
     ICGetName_Global(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape, uint32_t slot);
   public:
     static inline ICGetName_Global *New(ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                                         HandleShape shape, uint32_t slot)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetName_Global>(code, firstMonitorStub, shape, slot);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetName_Global, shape_);
     }
     static size_t offsetOfSlot() {
         return offsetof(ICGetName_Global, slot_);
     }
     class Compiler : public ICStubCompiler {
         ICStub *firstMonitorStub_;
         RootedShape shape_;
         uint32_t slot_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, Shape *shape, uint32_t slot)
           : ICStubCompiler(cx, ICStub::GetName_Global),
             firstMonitorStub_(firstMonitorStub),
             shape_(cx, shape),
             slot_(slot)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetName_Global::New(space, getStubCode(), firstMonitorStub_, shape_, slot_);
         }
     };
 };
 // Optimized GETNAME/CALLNAME stub, making a variable number of hops to get an
 // 'own' property off some scope object. Unlike GETPROP on an object's
 // prototype, there is no teleporting optimization to take advantage of and
 // shape checks are required all along the scope chain.
 template <size_t NumHops>
 class ICGetName_Scope : public ICMonitoredStub
 {
     friend class ICStubSpace;
     static const size_t MAX_HOPS = 6;
     mozilla::Array<HeapPtrShape, NumHops + 1> shapes_;
     uint32_t offset_;
     ICGetName_Scope(JitCode *stubCode, ICStub *firstMonitorStub,
                     AutoShapeVector *shapes, uint32_t offset);
     static Kind GetStubKind() {
         return (Kind) (GetName_Scope0 + NumHops);
     }
   public:
     static inline ICGetName_Scope *New(ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                                        AutoShapeVector *shapes, uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetName_Scope<NumHops> >(code, firstMonitorStub, shapes, offset);
     }
     void traceScopes(JSTracer *trc) {
         for (size_t i = 0; i < NumHops + 1; i++)
             MarkShape(trc, &shapes_[i], "baseline-scope-stub-shape");
     }
     static size_t offsetOfShape(size_t index) {
         JS_ASSERT(index <= NumHops);
         return offsetof(ICGetName_Scope, shapes_) + (index * sizeof(HeapPtrShape));
     }
     static size_t offsetOfOffset() {
         return offsetof(ICGetName_Scope, offset_);
     }
     class Compiler : public ICStubCompiler {
         ICStub *firstMonitorStub_;
         AutoShapeVector *shapes_;
         bool isFixedSlot_;
         uint32_t offset_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
       protected:
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(isFixedSlot_) << 16);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub,
                  AutoShapeVector *shapes, bool isFixedSlot, uint32_t offset)
           : ICStubCompiler(cx, GetStubKind()),
             firstMonitorStub_(firstMonitorStub),
             shapes_(shapes),
             isFixedSlot_(isFixedSlot),
             offset_(offset)
         {
         }
         ICStub *getStub(ICStubSpace *space) {
             return ICGetName_Scope::New(space, getStubCode(), firstMonitorStub_, shapes_, offset_);
         }
     };
 };
 // BindName
 //      JSOP_BINDNAME
 class ICBindName_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICBindName_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::BindName_Fallback, stubCode)
     { }
   public:
     static inline ICBindName_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICBindName_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::BindName_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICBindName_Fallback::New(space, getStubCode());
         }
     };
 };
 // GetIntrinsic
 //      JSOP_GETINTRINSIC
 class ICGetIntrinsic_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
     ICGetIntrinsic_Fallback(JitCode *stubCode)
       : ICMonitoredFallbackStub(ICStub::GetIntrinsic_Fallback, stubCode)
     { }
   public:
     static inline ICGetIntrinsic_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetIntrinsic_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetIntrinsic_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             ICGetIntrinsic_Fallback *stub = ICGetIntrinsic_Fallback::New(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 // Stub that loads the constant result of a GETINTRINSIC operation.
 class ICGetIntrinsic_Constant : public ICStub
 {
     friend class ICStubSpace;
     HeapValue value_;
     ICGetIntrinsic_Constant(JitCode *stubCode, HandleValue value);
     ~ICGetIntrinsic_Constant();
   public:
     static inline ICGetIntrinsic_Constant *New(ICStubSpace *space, JitCode *code,
                                                HandleValue value)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetIntrinsic_Constant>(code, value);
     }
     HeapValue &value() {
         return value_;
     }
     static size_t offsetOfValue() {
         return offsetof(ICGetIntrinsic_Constant, value_);
     }
     class Compiler : public ICStubCompiler {
         bool generateStubCode(MacroAssembler &masm);
         HandleValue value_;
       public:
         Compiler(JSContext *cx, HandleValue value)
           : ICStubCompiler(cx, ICStub::GetIntrinsic_Constant),
             value_(value)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetIntrinsic_Constant::New(space, getStubCode(), value_);
         }
     };
 };
 class ICGetProp_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
     ICGetProp_Fallback(JitCode *stubCode)
       : ICMonitoredFallbackStub(ICStub::GetProp_Fallback, stubCode)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICGetProp_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_Fallback>(code);
     }
     static const size_t UNOPTIMIZABLE_ACCESS_BIT = 0;
     static const size_t ACCESSED_GETTER_BIT = 1;
     void noteUnoptimizableAccess() {
         extra_ |= (1u << UNOPTIMIZABLE_ACCESS_BIT);
     }
     bool hadUnoptimizableAccess() const {
         return extra_ & (1u << UNOPTIMIZABLE_ACCESS_BIT);
     }
     void noteAccessedGetter() {
         extra_ |= (1u << ACCESSED_GETTER_BIT);
     }
     bool hasAccessedGetter() const {
         return extra_ & (1u << ACCESSED_GETTER_BIT);
     }
     class Compiler : public ICStubCompiler {
       protected:
         uint32_t returnFromIonOffset_;
         uint32_t returnFromStubOffset_;
         bool generateStubCode(MacroAssembler &masm);
         bool postGenerateStubCode(MacroAssembler &masm, Handle<JitCode *> code);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetProp_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             ICGetProp_Fallback *stub = ICGetProp_Fallback::New(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 // Stub for accessing a dense array's length.
 class ICGetProp_ArrayLength : public ICStub
 {
     friend class ICStubSpace;
     ICGetProp_ArrayLength(JitCode *stubCode)
       : ICStub(GetProp_ArrayLength, stubCode)
     {}
   public:
     static inline ICGetProp_ArrayLength *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_ArrayLength>(code);
     }
     class Compiler : public ICStubCompiler {
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetProp_ArrayLength)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetProp_ArrayLength::New(space, getStubCode());
         }
     };
 };
 // Stub for accessing a typed array's length.
 class ICGetProp_TypedArrayLength : public ICStub
 {
     friend class ICStubSpace;
     ICGetProp_TypedArrayLength(JitCode *stubCode)
       : ICStub(GetProp_TypedArrayLength, stubCode)
     {}
   public:
     static inline ICGetProp_TypedArrayLength *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_TypedArrayLength>(code);
     }
     class Compiler : public ICStubCompiler {
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetProp_TypedArrayLength)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetProp_TypedArrayLength::New(space, getStubCode());
         }
     };
 };
 // Stub for accessing a property on a primitive's prototype.
 class ICGetProp_Primitive : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     // Shape of String.prototype/Number.prototype to check for.
     HeapPtrShape protoShape_;
     // Fixed or dynamic slot offset.
     uint32_t offset_;
     ICGetProp_Primitive(JitCode *stubCode, ICStub *firstMonitorStub,
                         HandleShape protoShape, uint32_t offset);
   public:
     static inline ICGetProp_Primitive *New(ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                                            HandleShape protoShape, uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_Primitive>(code, firstMonitorStub, protoShape, offset);
     }
     HeapPtrShape &protoShape() {
         return protoShape_;
     }
     static size_t offsetOfProtoShape() {
         return offsetof(ICGetProp_Primitive, protoShape_);
     }
     static size_t offsetOfOffset() {
         return offsetof(ICGetProp_Primitive, offset_);
     }
     class Compiler : public ICStubCompiler {
         ICStub *firstMonitorStub_;
         JSValueType primitiveType_;
         RootedObject prototype_;
         bool isFixedSlot_;
         uint32_t offset_;
         bool generateStubCode(MacroAssembler &masm);
       protected:
         virtual int32_t getKey() const {
             static_assert(sizeof(JSValueType) == 1, "JSValueType should fit in one byte");
             return static_cast<int32_t>(kind)
                 | (static_cast<int32_t>(isFixedSlot_) << 16)
                 | (static_cast<int32_t>(primitiveType_) << 24);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, JSValueType primitiveType,
                  HandleObject prototype, bool isFixedSlot, uint32_t offset)
           : ICStubCompiler(cx, ICStub::GetProp_Primitive),
             firstMonitorStub_(firstMonitorStub),
             primitiveType_(primitiveType),
             prototype_(cx, prototype),
             isFixedSlot_(isFixedSlot),
             offset_(offset)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape protoShape(cx, prototype_->lastProperty());
             return ICGetProp_Primitive::New(space, getStubCode(), firstMonitorStub_,
                                             protoShape, offset_);
         }
     };
 };
 // Stub for accessing a string's length.
 class ICGetProp_StringLength : public ICStub
 {
     friend class ICStubSpace;
     ICGetProp_StringLength(JitCode *stubCode)
       : ICStub(GetProp_StringLength, stubCode)
     {}
   public:
     static inline ICGetProp_StringLength *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_StringLength>(code);
     }
     class Compiler : public ICStubCompiler {
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::GetProp_StringLength)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetProp_StringLength::New(space, getStubCode());
         }
     };
 };
 // Base class for GetProp_Native and GetProp_NativePrototype stubs.
 class ICGetPropNativeStub : public ICMonitoredStub
 {
     // Object shape (lastProperty).
     HeapPtrShape shape_;
     // Fixed or dynamic slot offset.
     uint32_t offset_;
   protected:
     ICGetPropNativeStub(ICStub::Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                         HandleShape shape, uint32_t offset);
   public:
     HeapPtrShape &shape() {
         return shape_;
     }
     uint32_t offset() const {
         return offset_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetPropNativeStub, shape_);
     }
     static size_t offsetOfOffset() {
         return offsetof(ICGetPropNativeStub, offset_);
     }
 };
 // Stub for accessing an own property on a native object.
 class ICGetProp_Native : public ICGetPropNativeStub
 {
     friend class ICStubSpace;
     ICGetProp_Native(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape,
                      uint32_t offset)
       : ICGetPropNativeStub(GetProp_Native, stubCode, firstMonitorStub, shape, offset)
     {}
   public:
     static inline ICGetProp_Native *New(ICStubSpace *space, JitCode *code,
                                         ICStub *firstMonitorStub, HandleShape shape,
                                         uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_Native>(code, firstMonitorStub, shape, offset);
     }
 };
 // Stub for accessing a property on a native object's prototype. Note that due to
 // the shape teleporting optimization, we only have to guard on the object's shape
 // and the holder's shape.
 class ICGetProp_NativePrototype : public ICGetPropNativeStub
 {
     friend class ICStubSpace;
   protected:
     // Holder and its shape.
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
     ICGetProp_NativePrototype(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape,
                               uint32_t offset, HandleObject holder, HandleShape holderShape);
   public:
     static inline ICGetProp_NativePrototype *New(ICStubSpace *space, JitCode *code,
                                                  ICStub *firstMonitorStub, HandleShape shape,
                                                  uint32_t offset, HandleObject holder,
                                                  HandleShape holderShape)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_NativePrototype>(code, firstMonitorStub, shape, offset,
                                                           holder, holderShape);
     }
   public:
     HeapPtrObject &holder() {
         return holder_;
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     static size_t offsetOfHolder() {
         return offsetof(ICGetProp_NativePrototype, holder_);
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICGetProp_NativePrototype, holderShape_);
     }
 };
 // Compiler for GetProp_Native and GetProp_NativePrototype stubs.
 class ICGetPropNativeCompiler : public ICStubCompiler
 {
     bool isCallProp_;
     ICStub *firstMonitorStub_;
     HandleObject obj_;
     HandleObject holder_;
     HandlePropertyName propName_;
     bool isFixedSlot_;
     uint32_t offset_;
     bool generateStubCode(MacroAssembler &masm);
   protected:
     virtual int32_t getKey() const {
 #if JS_HAS_NO_SUCH_METHOD
         return static_cast<int32_t>(kind) |
                (static_cast<int32_t>(isCallProp_) << 16) |
                (static_cast<int32_t>(isFixedSlot_) << 17);
 #else
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(isFixedSlot_) << 16);
 #endif
     }
   public:
     ICGetPropNativeCompiler(JSContext *cx, ICStub::Kind kind, bool isCallProp,
                             ICStub *firstMonitorStub, HandleObject obj, HandleObject holder,
                             HandlePropertyName propName, bool isFixedSlot, uint32_t offset)
       : ICStubCompiler(cx, kind),
         isCallProp_(isCallProp),
         firstMonitorStub_(firstMonitorStub),
         obj_(obj),
         holder_(holder),
         propName_(propName),
         isFixedSlot_(isFixedSlot),
         offset_(offset)
     {}
     ICStub *getStub(ICStubSpace *space) {
         RootedShape shape(cx, obj_->lastProperty());
         if (kind == ICStub::GetProp_Native) {
             JS_ASSERT(obj_ == holder_);
             return ICGetProp_Native::New(space, getStubCode(), firstMonitorStub_, shape, offset_);
         }
         JS_ASSERT(obj_ != holder_);
         JS_ASSERT(kind == ICStub::GetProp_NativePrototype);
         RootedShape holderShape(cx, holder_->lastProperty());
         return ICGetProp_NativePrototype::New(space, getStubCode(), firstMonitorStub_, shape,
                                               offset_, holder_, holderShape);
     }
 };
 class ICGetPropCallGetter : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     // We don't strictly need this for own property getters, but we need it to do
     // Ion optimizations, so we should keep it around.
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
     // Function to call.
     HeapPtrFunction getter_;
     // PC offset of call
     uint32_t pcOffset_;
     ICGetPropCallGetter(Kind kind, JitCode *stubCode, ICStub *firstMonitorStub, HandleObject holder,
                         HandleShape holderShape, HandleFunction getter, uint32_t pcOffset);
   public:
     HeapPtrObject &holder() {
         return holder_;
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     HeapPtrFunction &getter() {
         return getter_;
     }
     static size_t offsetOfHolder() {
         return offsetof(ICGetPropCallGetter, holder_);
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICGetPropCallGetter, holderShape_);
     }
     static size_t offsetOfGetter() {
         return offsetof(ICGetPropCallGetter, getter_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICGetPropCallGetter, pcOffset_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         ICStub *firstMonitorStub_;
         RootedObject holder_;
         RootedFunction getter_;
         uint32_t pcOffset_;
       public:
         Compiler(JSContext *cx, ICStub::Kind kind, ICStub *firstMonitorStub,
                  HandleObject holder, HandleFunction getter, uint32_t pcOffset)
           : ICStubCompiler(cx, kind),
             firstMonitorStub_(firstMonitorStub),
             holder_(cx, holder),
             getter_(cx, getter),
             pcOffset_(pcOffset)
         {
             JS_ASSERT(kind == ICStub::GetProp_CallScripted ||
                       kind == ICStub::GetProp_CallNative ||
                       kind == ICStub::GetProp_CallNativePrototype);
         }
     };
 };
 // Stub for calling a getter (native or scripted) on a native object when the getter is kept on
 // the proto-chain.
 class ICGetPropCallPrototypeGetter : public ICGetPropCallGetter
 {
     friend class ICStubSpace;
   protected:
     // shape of receiver object.
     HeapPtrShape receiverShape_;
     ICGetPropCallPrototypeGetter(Kind kind, JitCode *stubCode, ICStub *firstMonitorStub,
                                  HandleShape receiverShape,
                                  HandleObject holder, HandleShape holderShape,
                                  HandleFunction getter, uint32_t pcOffset);
   public:
     HeapPtrShape &receiverShape() {
         return receiverShape_;
     }
     static size_t offsetOfReceiverShape() {
         return offsetof(ICGetPropCallPrototypeGetter, receiverShape_);
     }
     class Compiler : public ICGetPropCallGetter::Compiler {
       protected:
         RootedObject receiver_;
       public:
         Compiler(JSContext *cx, ICStub::Kind kind, ICStub *firstMonitorStub,
                  HandleObject obj, HandleObject holder, HandleFunction getter, uint32_t pcOffset)
           : ICGetPropCallGetter::Compiler(cx, kind, firstMonitorStub, holder, getter, pcOffset),
             receiver_(cx, obj)
         {
             JS_ASSERT(kind == ICStub::GetProp_CallScripted ||
                       kind == ICStub::GetProp_CallNativePrototype);
         }
     };
 };
 // Stub for calling a scripted getter on a native object when the getter is kept on the
 // proto-chain.
 class ICGetProp_CallScripted : public ICGetPropCallPrototypeGetter
 {
     friend class ICStubSpace;
   protected:
     ICGetProp_CallScripted(JitCode *stubCode, ICStub *firstMonitorStub,
                            HandleShape receiverShape, HandleObject holder, HandleShape holderShape,
                            HandleFunction getter, uint32_t pcOffset)
       : ICGetPropCallPrototypeGetter(GetProp_CallScripted, stubCode, firstMonitorStub,
                                      receiverShape, holder, holderShape, getter, pcOffset)
     {}
   public:
     static inline ICGetProp_CallScripted *New(
                 ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                 HandleShape receiverShape, HandleObject holder, HandleShape holderShape,
                 HandleFunction getter, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_CallScripted>(code, firstMonitorStub,
                                                        receiverShape, holder, holderShape, getter,
                                                        pcOffset);
     }
     class Compiler : public ICGetPropCallPrototypeGetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, HandleObject obj,
                  HandleObject holder, HandleFunction getter, uint32_t pcOffset)
           : ICGetPropCallPrototypeGetter::Compiler(cx, ICStub::GetProp_CallScripted,
                                                    firstMonitorStub, obj, holder,
                                                    getter, pcOffset)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape receiverShape(cx, receiver_->lastProperty());
             RootedShape holderShape(cx, holder_->lastProperty());
             return ICGetProp_CallScripted::New(space, getStubCode(), firstMonitorStub_, receiverShape,
                                                holder_, holderShape, getter_, pcOffset_);
         }
     };
 };
 // Stub for calling an own native getter on a native object.
 class ICGetProp_CallNative : public ICGetPropCallGetter
 {
     friend class ICStubSpace;
   protected:
     ICGetProp_CallNative(JitCode *stubCode, ICStub *firstMonitorStub, HandleObject obj,
                             HandleShape shape, HandleFunction getter, uint32_t pcOffset)
       : ICGetPropCallGetter(GetProp_CallNative, stubCode, firstMonitorStub, obj, shape,
                             getter, pcOffset)
     { }
   public:
     static inline ICGetProp_CallNative *New(ICStubSpace *space, JitCode *code,
                                             ICStub *firstMonitorStub, HandleObject obj,
                                             HandleShape shape, HandleFunction getter,
                                             uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_CallNative>(code, firstMonitorStub, obj, shape,
                                                      getter, pcOffset);
     }
     class Compiler : public ICGetPropCallGetter::Compiler
     {
         bool inputDefinitelyObject_;
       protected:
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) |
                    (static_cast<int32_t>(inputDefinitelyObject_) << 16);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, HandleObject obj,
                  HandleFunction getter, uint32_t pcOffset, bool inputDefinitelyObject = false)
           : ICGetPropCallGetter::Compiler(cx, ICStub::GetProp_CallNative, firstMonitorStub,
                                           obj, getter, pcOffset),
             inputDefinitelyObject_(inputDefinitelyObject)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape shape(cx, holder_->lastProperty());
             return ICGetProp_CallNative::New(space, getStubCode(), firstMonitorStub_, holder_,
                                              shape, getter_, pcOffset_);
         }
     };
 };
 // Stub for calling an native getter on a native object when the getter is kept on the proto-chain.
 class ICGetProp_CallNativePrototype : public ICGetPropCallPrototypeGetter
 {
     friend class ICStubSpace;
   protected:
     ICGetProp_CallNativePrototype(JitCode *stubCode, ICStub *firstMonitorStub,
                          HandleShape receiverShape, HandleObject holder, HandleShape holderShape,
                          HandleFunction getter, uint32_t pcOffset)
       : ICGetPropCallPrototypeGetter(GetProp_CallNativePrototype, stubCode, firstMonitorStub,
                                      receiverShape, holder, holderShape, getter, pcOffset)
     {}
   public:
     static inline ICGetProp_CallNativePrototype *New(
                 ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                 HandleShape receiverShape, HandleObject holder, HandleShape holderShape,
                 HandleFunction getter, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_CallNativePrototype>(code, firstMonitorStub,
                                                               receiverShape, holder, holderShape,
                                                               getter, pcOffset);
     }
     class Compiler : public ICGetPropCallPrototypeGetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, HandleObject obj,
                  HandleObject holder, HandleFunction getter, uint32_t pcOffset)
           : ICGetPropCallPrototypeGetter::Compiler(cx, ICStub::GetProp_CallNativePrototype,
                                                    firstMonitorStub, obj, holder,
                                                    getter, pcOffset)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape receiverShape(cx, receiver_->lastProperty());
             RootedShape holderShape(cx, holder_->lastProperty());
             return ICGetProp_CallNativePrototype::New(space, getStubCode(), firstMonitorStub_, receiverShape,
                                                       holder_, holderShape, getter_, pcOffset_);
         }
     };
 };
 class ICGetPropCallDOMProxyNativeStub : public ICMonitoredStub
 {
   friend class ICStubSpace;
   protected:
     // Shape of the DOMProxy
     HeapPtrShape shape_;
     // Proxy handler to check against.
     BaseProxyHandler *proxyHandler_;
     // Object shape of expected expando object. (nullptr if no expando object should be there)
     HeapPtrShape expandoShape_;
     // Holder and its shape.
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
     // Function to call.
     HeapPtrFunction getter_;
     // PC offset of call
     uint32_t pcOffset_;
     ICGetPropCallDOMProxyNativeStub(ICStub::Kind kind, JitCode *stubCode,
                                     ICStub *firstMonitorStub, HandleShape shape,
                                     BaseProxyHandler *proxyHandler, HandleShape expandoShape,
                                     HandleObject holder, HandleShape holderShape,
                                     HandleFunction getter, uint32_t pcOffset);
   public:
     HeapPtrShape &shape() {
         return shape_;
     }
     HeapPtrShape &expandoShape() {
         return expandoShape_;
     }
     HeapPtrObject &holder() {
         return holder_;
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     HeapPtrFunction &getter() {
         return getter_;
     }
     uint32_t pcOffset() const {
         return pcOffset_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, shape_);
     }
     static size_t offsetOfProxyHandler() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, proxyHandler_);
     }
     static size_t offsetOfExpandoShape() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, expandoShape_);
     }
     static size_t offsetOfHolder() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, holder_);
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, holderShape_);
     }
     static size_t offsetOfGetter() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, getter_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICGetPropCallDOMProxyNativeStub, pcOffset_);
     }
 };
 class ICGetProp_CallDOMProxyNative : public ICGetPropCallDOMProxyNativeStub
 {
     friend class ICStubSpace;
     ICGetProp_CallDOMProxyNative(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape,
                                  BaseProxyHandler *proxyHandler, HandleShape expandoShape,
                                  HandleObject holder, HandleShape holderShape,
                                  HandleFunction getter, uint32_t pcOffset)
       : ICGetPropCallDOMProxyNativeStub(ICStub::GetProp_CallDOMProxyNative, stubCode,
                                         firstMonitorStub, shape, proxyHandler, expandoShape,
                                         holder, holderShape, getter, pcOffset)
     {}
   public:
     static inline ICGetProp_CallDOMProxyNative *New(
             ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
             HandleShape shape, BaseProxyHandler *proxyHandler,
             HandleShape expandoShape, HandleObject holder, HandleShape holderShape,
             HandleFunction getter, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_CallDOMProxyNative>(code, firstMonitorStub, shape,
                                                    proxyHandler, expandoShape, holder,
                                                    holderShape, getter, pcOffset);
     }
 };
 class ICGetProp_CallDOMProxyWithGenerationNative : public ICGetPropCallDOMProxyNativeStub
 {
   protected:
     ExpandoAndGeneration *expandoAndGeneration_;
     uint32_t generation_;
   public:
     ICGetProp_CallDOMProxyWithGenerationNative(JitCode *stubCode, ICStub *firstMonitorStub,
                                                HandleShape shape, BaseProxyHandler *proxyHandler,
                                                ExpandoAndGeneration *expandoAndGeneration,
                                                uint32_t generation, HandleShape expandoShape,
                                                HandleObject holder, HandleShape holderShape,
                                                HandleFunction getter, uint32_t pcOffset)
       : ICGetPropCallDOMProxyNativeStub(ICStub::GetProp_CallDOMProxyWithGenerationNative,
                                         stubCode, firstMonitorStub, shape, proxyHandler,
                                         expandoShape, holder, holderShape, getter, pcOffset),
         expandoAndGeneration_(expandoAndGeneration),
         generation_(generation)
     {
     }
     static inline ICGetProp_CallDOMProxyWithGenerationNative *New(
             ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
             HandleShape shape, BaseProxyHandler *proxyHandler,
             ExpandoAndGeneration *expandoAndGeneration, uint32_t generation,
             HandleShape expandoShape, HandleObject holder, HandleShape holderShape,
             HandleFunction getter, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_CallDOMProxyWithGenerationNative>(code, firstMonitorStub,
                                                    shape, proxyHandler, expandoAndGeneration,
                                                    generation, expandoShape, holder, holderShape,
                                                    getter, pcOffset);
     }
     void *expandoAndGeneration() const {
         return expandoAndGeneration_;
     }
     uint32_t generation() const {
         return generation_;
     }
     void setGeneration(uint32_t value) {
         generation_ = value;
     }
     static size_t offsetOfInternalStruct() {
         return offsetof(ICGetProp_CallDOMProxyWithGenerationNative, expandoAndGeneration_);
     }
     static size_t offsetOfGeneration() {
         return offsetof(ICGetProp_CallDOMProxyWithGenerationNative, generation_);
     }
 };
 class ICGetPropCallDOMProxyNativeCompiler : public ICStubCompiler {
     ICStub *firstMonitorStub_;
     Rooted<ProxyObject*> proxy_;
     RootedObject holder_;
     RootedFunction getter_;
     uint32_t pcOffset_;
     bool generateStubCode(MacroAssembler &masm, Address* internalStructAddr,
                           Address* generationAddr);
     bool generateStubCode(MacroAssembler &masm);
   public:
     ICGetPropCallDOMProxyNativeCompiler(JSContext *cx, ICStub::Kind kind,
                                         ICStub *firstMonitorStub, Handle<ProxyObject*> proxy,
                                         HandleObject holder, HandleFunction getter,
                                         uint32_t pcOffset);
     ICStub *getStub(ICStubSpace *space);
 };
 class ICGetProp_DOMProxyShadowed : public ICMonitoredStub
 {
   friend class ICStubSpace;
   protected:
     HeapPtrShape shape_;
     BaseProxyHandler *proxyHandler_;
     HeapPtrPropertyName name_;
     uint32_t pcOffset_;
     ICGetProp_DOMProxyShadowed(JitCode *stubCode, ICStub *firstMonitorStub, HandleShape shape,
                                BaseProxyHandler *proxyHandler, HandlePropertyName name,
                                uint32_t pcOffset);
   public:
     static inline ICGetProp_DOMProxyShadowed *New(ICStubSpace *space, JitCode *code,
                                                   ICStub *firstMonitorStub, HandleShape shape,
                                                   BaseProxyHandler *proxyHandler,
                                                   HandlePropertyName name, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_DOMProxyShadowed>(code, firstMonitorStub, shape,
                                                            proxyHandler, name, pcOffset);
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     HeapPtrPropertyName &name() {
         return name_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICGetProp_DOMProxyShadowed, shape_);
     }
     static size_t offsetOfProxyHandler() {
         return offsetof(ICGetProp_DOMProxyShadowed, proxyHandler_);
     }
     static size_t offsetOfName() {
         return offsetof(ICGetProp_DOMProxyShadowed, name_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICGetProp_DOMProxyShadowed, pcOffset_);
     }
     class Compiler : public ICStubCompiler {
         ICStub *firstMonitorStub_;
         Rooted<ProxyObject*> proxy_;
         RootedPropertyName name_;
         uint32_t pcOffset_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, Handle<ProxyObject*> proxy,
                  HandlePropertyName name, uint32_t pcOffset)
           : ICStubCompiler(cx, ICStub::GetProp_CallNative),
             firstMonitorStub_(firstMonitorStub),
             proxy_(cx, proxy),
             name_(cx, name),
             pcOffset_(pcOffset)
         {}
         ICStub *getStub(ICStubSpace *space);
     };
 };
 class ICGetProp_ArgumentsLength : public ICStub
 {
   friend class ICStubSpace;
   public:
     enum Which { Normal, Strict, Magic };
   protected:
     ICGetProp_ArgumentsLength(JitCode *stubCode)
       : ICStub(ICStub::GetProp_ArgumentsLength, stubCode)
     { }
   public:
     static inline ICGetProp_ArgumentsLength *New(ICStubSpace *space, JitCode *code)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICGetProp_ArgumentsLength>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         Which which_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(which_) << 16);
         }
       public:
         Compiler(JSContext *cx, Which which)
           : ICStubCompiler(cx, ICStub::GetProp_ArgumentsLength),
             which_(which)
         {}
         ICStub *getStub(ICStubSpace *space) {
             return ICGetProp_ArgumentsLength::New(space, getStubCode());
         }
     };
 };
 // SetProp
 //     JSOP_SETPROP
 //     JSOP_SETNAME
 //     JSOP_SETGNAME
 //     JSOP_INITPROP
 class ICSetProp_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICSetProp_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::SetProp_Fallback, stubCode)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICSetProp_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICSetProp_Fallback>(code);
     }
     static const size_t UNOPTIMIZABLE_ACCESS_BIT = 0;
     void noteUnoptimizableAccess() {
         extra_ |= (1u << UNOPTIMIZABLE_ACCESS_BIT);
     }
     bool hadUnoptimizableAccess() const {
         return extra_ & (1u << UNOPTIMIZABLE_ACCESS_BIT);
     }
     class Compiler : public ICStubCompiler {
       protected:
         uint32_t returnFromIonOffset_;
         uint32_t returnFromStubOffset_;
         bool generateStubCode(MacroAssembler &masm);
         bool postGenerateStubCode(MacroAssembler &masm, Handle<JitCode *> code);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::SetProp_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICSetProp_Fallback::New(space, getStubCode());
         }
     };
 };
 // Optimized SETPROP/SETGNAME/SETNAME stub.
 class ICSetProp_Native : public ICUpdatedStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     HeapPtrTypeObject type_;
     HeapPtrShape shape_;
     uint32_t offset_;
     ICSetProp_Native(JitCode *stubCode, HandleTypeObject type, HandleShape shape, uint32_t offset);
   public:
     static inline ICSetProp_Native *New(ICStubSpace *space, JitCode *code, HandleTypeObject type,
                                         HandleShape shape, uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetProp_Native>(code, type, shape, offset);
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     HeapPtrShape &shape() {
         return shape_;
     }
     static size_t offsetOfType() {
         return offsetof(ICSetProp_Native, type_);
     }
     static size_t offsetOfShape() {
         return offsetof(ICSetProp_Native, shape_);
     }
     static size_t offsetOfOffset() {
         return offsetof(ICSetProp_Native, offset_);
     }
     class Compiler : public ICStubCompiler {
         RootedObject obj_;
         bool isFixedSlot_;
         uint32_t offset_;
       protected:
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(isFixedSlot_) << 16);
         }
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleObject obj, bool isFixedSlot, uint32_t offset)
           : ICStubCompiler(cx, ICStub::SetProp_Native),
             obj_(cx, obj),
             isFixedSlot_(isFixedSlot),
             offset_(offset)
         {}
         ICUpdatedStub *getStub(ICStubSpace *space);
     };
 };
 template <size_t ProtoChainDepth> class ICSetProp_NativeAddImpl;
 class ICSetProp_NativeAdd : public ICUpdatedStub
 {
   public:
     static const size_t MAX_PROTO_CHAIN_DEPTH = 4;
   protected: // Protected to silence Clang warning.
     HeapPtrTypeObject type_;
     HeapPtrShape newShape_;
     uint32_t offset_;
     ICSetProp_NativeAdd(JitCode *stubCode, HandleTypeObject type, size_t protoChainDepth,
                         HandleShape newShape, uint32_t offset);
   public:
     size_t protoChainDepth() const {
         return extra_;
     }
     HeapPtrTypeObject &type() {
         return type_;
     }
     HeapPtrShape &newShape() {
         return newShape_;
     }
     template <size_t ProtoChainDepth>
     ICSetProp_NativeAddImpl<ProtoChainDepth> *toImpl() {
         JS_ASSERT(ProtoChainDepth == protoChainDepth());
         return static_cast<ICSetProp_NativeAddImpl<ProtoChainDepth> *>(this);
     }
     static size_t offsetOfType() {
         return offsetof(ICSetProp_NativeAdd, type_);
     }
     static size_t offsetOfNewShape() {
         return offsetof(ICSetProp_NativeAdd, newShape_);
     }
     static size_t offsetOfOffset() {
         return offsetof(ICSetProp_NativeAdd, offset_);
     }
 };
 template <size_t ProtoChainDepth>
 class ICSetProp_NativeAddImpl : public ICSetProp_NativeAdd
 {
     friend class ICStubSpace;
     static const size_t NumShapes = ProtoChainDepth + 1;
     mozilla::Array<HeapPtrShape, NumShapes> shapes_;
     ICSetProp_NativeAddImpl(JitCode *stubCode, HandleTypeObject type,
                             const AutoShapeVector *shapes,
                             HandleShape newShape, uint32_t offset);
   public:
     static inline ICSetProp_NativeAddImpl *New(
             ICStubSpace *space, JitCode *code, HandleTypeObject type,
             const AutoShapeVector *shapes, HandleShape newShape, uint32_t offset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetProp_NativeAddImpl<ProtoChainDepth> >(
                             code, type, shapes, newShape, offset);
     }
     void traceShapes(JSTracer *trc) {
         for (size_t i = 0; i < NumShapes; i++)
             MarkShape(trc, &shapes_[i], "baseline-setpropnativeadd-stub-shape");
     }
     static size_t offsetOfShape(size_t idx) {
         return offsetof(ICSetProp_NativeAddImpl, shapes_) + (idx * sizeof(HeapPtrShape));
     }
 };
 class ICSetPropNativeAddCompiler : public ICStubCompiler {
     RootedObject obj_;
     RootedShape oldShape_;
     size_t protoChainDepth_;
     bool isFixedSlot_;
     uint32_t offset_;
   protected:
     virtual int32_t getKey() const {
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(isFixedSlot_) << 16) |
                (static_cast<int32_t>(protoChainDepth_) << 20);
     }
     bool generateStubCode(MacroAssembler &masm);
   public:
     ICSetPropNativeAddCompiler(JSContext *cx, HandleObject obj, HandleShape oldShape,
                                size_t protoChainDepth, bool isFixedSlot, uint32_t offset);
     template <size_t ProtoChainDepth>
     ICUpdatedStub *getStubSpecific(ICStubSpace *space, const AutoShapeVector *shapes)
     {
         RootedTypeObject type(cx, obj_->getType(cx));
         if (!type)
             return nullptr;
         RootedShape newShape(cx, obj_->lastProperty());
         return ICSetProp_NativeAddImpl<ProtoChainDepth>::New(
                     space, getStubCode(), type, shapes, newShape, offset_);
     }
     ICUpdatedStub *getStub(ICStubSpace *space);
 };
 // Base stub for calling a setters on a native object.
 class ICSetPropCallSetter : public ICStub
 {
     friend class ICStubSpace;
   protected:
     // Object shape (lastProperty).
     HeapPtrShape shape_;
     // Holder and shape.
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
     // Function to call.
     HeapPtrFunction setter_;
     // PC of call, for profiler
     uint32_t pcOffset_;
     ICSetPropCallSetter(Kind kind, JitCode *stubCode, HandleShape shape, HandleObject holder,
                         HandleShape holderShape, HandleFunction setter, uint32_t pcOffset);
   public:
     HeapPtrShape &shape() {
         return shape_;
     }
     HeapPtrObject &holder() {
         return holder_;
     }
     HeapPtrShape &holderShape() {
         return holderShape_;
     }
     HeapPtrFunction &setter() {
         return setter_;
     }
     static size_t offsetOfShape() {
         return offsetof(ICSetPropCallSetter, shape_);
     }
     static size_t offsetOfHolder() {
         return offsetof(ICSetPropCallSetter, holder_);
     }
     static size_t offsetOfHolderShape() {
         return offsetof(ICSetPropCallSetter, holderShape_);
     }
     static size_t offsetOfSetter() {
         return offsetof(ICSetPropCallSetter, setter_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICSetPropCallSetter, pcOffset_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         RootedObject obj_;
         RootedObject holder_;
         RootedFunction setter_;
         uint32_t pcOffset_;
       public:
         Compiler(JSContext *cx, ICStub::Kind kind, HandleObject obj, HandleObject holder,
                  HandleFunction setter, uint32_t pcOffset)
           : ICStubCompiler(cx, kind),
             obj_(cx, obj),
             holder_(cx, holder),
             setter_(cx, setter),
             pcOffset_(pcOffset)
         {
             JS_ASSERT(kind == ICStub::SetProp_CallScripted || kind == ICStub::SetProp_CallNative);
         }
     };
 };
 // Stub for calling a scripted setter on a native object.
 class ICSetProp_CallScripted : public ICSetPropCallSetter
 {
     friend class ICStubSpace;
   protected:
     ICSetProp_CallScripted(JitCode *stubCode, HandleShape shape, HandleObject holder,
                            HandleShape holderShape, HandleFunction setter, uint32_t pcOffset)
       : ICSetPropCallSetter(SetProp_CallScripted, stubCode, shape, holder, holderShape,
                             setter, pcOffset)
     {}
   public:
     static inline ICSetProp_CallScripted *New(ICStubSpace *space, JitCode *code,
                                               HandleShape shape, HandleObject holder,
                                               HandleShape holderShape, HandleFunction setter,
                                               uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetProp_CallScripted>(code, shape, holder, holderShape, setter,
                                                        pcOffset);
     }
     class Compiler : public ICSetPropCallSetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleObject obj, HandleObject holder, HandleFunction setter,
                  uint32_t pcOffset)
           : ICSetPropCallSetter::Compiler(cx, ICStub::SetProp_CallScripted,
                                           obj, holder, setter, pcOffset)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape shape(cx, obj_->lastProperty());
             RootedShape holderShape(cx, holder_->lastProperty());
             return ICSetProp_CallScripted::New(space, getStubCode(), shape, holder_, holderShape,
                                                setter_, pcOffset_);
         }
     };
 };
 // Stub for calling a native setter on a native object.
 class ICSetProp_CallNative : public ICSetPropCallSetter
 {
     friend class ICStubSpace;
   protected:
     ICSetProp_CallNative(JitCode *stubCode, HandleShape shape, HandleObject holder,
                            HandleShape holderShape, HandleFunction setter, uint32_t pcOffset)
       : ICSetPropCallSetter(SetProp_CallNative, stubCode, shape, holder, holderShape,
                             setter, pcOffset)
     {}
   public:
     static inline ICSetProp_CallNative *New(ICStubSpace *space, JitCode *code,
                                             HandleShape shape, HandleObject holder,
                                             HandleShape holderShape, HandleFunction setter,
                                             uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICSetProp_CallNative>(code, shape, holder, holderShape, setter,
                                                      pcOffset);
     }
     class Compiler : public ICSetPropCallSetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, HandleObject obj, HandleObject holder, HandleFunction setter,
                  uint32_t pcOffset)
           : ICSetPropCallSetter::Compiler(cx, ICStub::SetProp_CallNative,
                                           obj, holder, setter, pcOffset)
         {}
         ICStub *getStub(ICStubSpace *space) {
             RootedShape shape(cx, obj_->lastProperty());
             RootedShape holderShape(cx, holder_->lastProperty());
             return ICSetProp_CallNative::New(space, getStubCode(), shape, holder_, holderShape,
                                                setter_, pcOffset_);
         }
     };
 };
 // Call
 //      JSOP_CALL
 //      JSOP_FUNAPPLY
 //      JSOP_FUNCALL
 //      JSOP_NEW
 class ICCallStubCompiler : public ICStubCompiler
 {
   protected:
     ICCallStubCompiler(JSContext *cx, ICStub::Kind kind)
       : ICStubCompiler(cx, kind)
     { }
     enum FunApplyThing {
         FunApply_MagicArgs,
         FunApply_Array
     };
     void pushCallArguments(MacroAssembler &masm, GeneralRegisterSet regs, Register argcReg);
     Register guardFunApply(MacroAssembler &masm, GeneralRegisterSet regs, Register argcReg,
                            bool checkNative, FunApplyThing applyThing, Label *failure);
     void pushCallerArguments(MacroAssembler &masm, GeneralRegisterSet regs);
     void pushArrayArguments(MacroAssembler &masm, Address arrayVal, GeneralRegisterSet regs);
 };
 class ICCall_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
   public:
     static const unsigned CONSTRUCTING_FLAG = 0x0001;
     static const uint32_t MAX_OPTIMIZED_STUBS = 16;
     static const uint32_t MAX_SCRIPTED_STUBS = 7;
     static const uint32_t MAX_NATIVE_STUBS = 7;
   private:
     ICCall_Fallback(JitCode *stubCode, bool isConstructing)
       : ICMonitoredFallbackStub(ICStub::Call_Fallback, stubCode)
     {
         extra_ = 0;
         if (isConstructing)
             extra_ |= CONSTRUCTING_FLAG;
     }
   public:
     static inline ICCall_Fallback *New(ICStubSpace *space, JitCode *code, bool isConstructing)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_Fallback>(code, isConstructing);
     }
     bool isConstructing() const {
         return extra_ & CONSTRUCTING_FLAG;
     }
     unsigned scriptedStubCount() const {
         return numStubsWithKind(Call_Scripted);
     }
     bool scriptedStubsAreGeneralized() const {
         return hasStub(Call_AnyScripted);
     }
     unsigned nativeStubCount() const {
         return numStubsWithKind(Call_Native);
     }
     bool nativeStubsAreGeneralized() const {
         // Return hasStub(Call_AnyNative) after Call_AnyNative stub is added.
         return false;
     }
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
         bool isConstructing_;
         uint32_t returnFromIonOffset_;
         uint32_t returnFromStubOffset_;
         bool generateStubCode(MacroAssembler &masm);
         bool postGenerateStubCode(MacroAssembler &masm, Handle<JitCode *> code);
       public:
         Compiler(JSContext *cx, bool isConstructing)
           : ICCallStubCompiler(cx, ICStub::Call_Fallback),
             isConstructing_(isConstructing)
         { }
         ICStub *getStub(ICStubSpace *space) {
             ICCall_Fallback *stub = ICCall_Fallback::New(space, getStubCode(), isConstructing_);
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 class ICCall_Scripted : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     HeapPtrScript calleeScript_;
     HeapPtrObject templateObject_;
     uint32_t pcOffset_;
     ICCall_Scripted(JitCode *stubCode, ICStub *firstMonitorStub,
                     HandleScript calleeScript, HandleObject templateObject,
                     uint32_t pcOffset);
   public:
     static inline ICCall_Scripted *New(
             ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
             HandleScript calleeScript, HandleObject templateObject,
             uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_Scripted>(code, firstMonitorStub,
                                                 calleeScript, templateObject, pcOffset);
     }
     HeapPtrScript &calleeScript() {
         return calleeScript_;
     }
     HeapPtrObject &templateObject() {
         return templateObject_;
     }
     static size_t offsetOfCalleeScript() {
         return offsetof(ICCall_Scripted, calleeScript_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_Scripted, pcOffset_);
     }
 };
 class ICCall_AnyScripted : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     uint32_t pcOffset_;
     ICCall_AnyScripted(JitCode *stubCode, ICStub *firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_AnyScripted, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     { }
   public:
     static inline ICCall_AnyScripted *New(ICStubSpace *space, JitCode *code,
                                           ICStub *firstMonitorStub, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_AnyScripted>(code, firstMonitorStub, pcOffset);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_AnyScripted, pcOffset_);
     }
 };
 // Compiler for Call_Scripted and Call_AnyScripted stubs.
 class ICCallScriptedCompiler : public ICCallStubCompiler {
   protected:
     ICStub *firstMonitorStub_;
     bool isConstructing_;
     RootedScript calleeScript_;
     RootedObject templateObject_;
     uint32_t pcOffset_;
     bool generateStubCode(MacroAssembler &masm);
     virtual int32_t getKey() const {
         return static_cast<int32_t>(kind) | (static_cast<int32_t>(isConstructing_) << 16);
     }
   public:
     ICCallScriptedCompiler(JSContext *cx, ICStub *firstMonitorStub,
                            HandleScript calleeScript, HandleObject templateObject,
                            bool isConstructing, uint32_t pcOffset)
       : ICCallStubCompiler(cx, ICStub::Call_Scripted),
         firstMonitorStub_(firstMonitorStub),
         isConstructing_(isConstructing),
         calleeScript_(cx, calleeScript),
         templateObject_(cx, templateObject),
         pcOffset_(pcOffset)
     { }
     ICCallScriptedCompiler(JSContext *cx, ICStub *firstMonitorStub, bool isConstructing,
                            uint32_t pcOffset)
       : ICCallStubCompiler(cx, ICStub::Call_AnyScripted),
         firstMonitorStub_(firstMonitorStub),
         isConstructing_(isConstructing),
         calleeScript_(cx, nullptr),
         templateObject_(cx, nullptr),
         pcOffset_(pcOffset)
     { }
     ICStub *getStub(ICStubSpace *space) {
         if (calleeScript_) {
             return ICCall_Scripted::New(space, getStubCode(), firstMonitorStub_,
                                         calleeScript_, templateObject_,
                                         pcOffset_);
         }
         return ICCall_AnyScripted::New(space, getStubCode(), firstMonitorStub_, pcOffset_);
     }
 };
 class ICCall_Native : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     HeapPtrFunction callee_;
     HeapPtrObject templateObject_;
     uint32_t pcOffset_;
 #ifdef JS_ARM_SIMULATOR
     void *native_;
 #endif
     ICCall_Native(JitCode *stubCode, ICStub *firstMonitorStub,
                   HandleFunction callee, HandleObject templateObject,
                   uint32_t pcOffset);
   public:
     static inline ICCall_Native *New(ICStubSpace *space, JitCode *code, ICStub *firstMonitorStub,
                                      HandleFunction callee, HandleObject templateObject,
                                      uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_Native>(code, firstMonitorStub,
                                               callee, templateObject, pcOffset);
     }
     HeapPtrFunction &callee() {
         return callee_;
     }
     HeapPtrObject &templateObject() {
         return templateObject_;
     }
     static size_t offsetOfCallee() {
         return offsetof(ICCall_Native, callee_);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_Native, pcOffset_);
     }
 #ifdef JS_ARM_SIMULATOR
     static size_t offsetOfNative() {
         return offsetof(ICCall_Native, native_);
     }
 #endif
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
         ICStub *firstMonitorStub_;
         bool isConstructing_;
         RootedFunction callee_;
         RootedObject templateObject_;
         uint32_t pcOffset_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(isConstructing_) << 16);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub,
                  HandleFunction callee, HandleObject templateObject,
                  bool isConstructing, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_Native),
             firstMonitorStub_(firstMonitorStub),
             isConstructing_(isConstructing),
             callee_(cx, callee),
             templateObject_(cx, templateObject),
             pcOffset_(pcOffset)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICCall_Native::New(space, getStubCode(), firstMonitorStub_,
                                       callee_, templateObject_, pcOffset_);
         }
     };
 };
 class ICCall_ScriptedApplyArray : public ICMonitoredStub
 {
     friend class ICStubSpace;
   public:
     // The maximum length of an inlineable funcall array.
     // Keep this small to avoid controllable stack overflows by attackers passing large
     // arrays to fun.apply.
     static const uint32_t MAX_ARGS_ARRAY_LENGTH = 16;
   protected:
     uint32_t pcOffset_;
     ICCall_ScriptedApplyArray(JitCode *stubCode, ICStub *firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedApplyArray, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
   public:
     static inline ICCall_ScriptedApplyArray *New(ICStubSpace *space, JitCode *code,
                                                  ICStub *firstMonitorStub, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_ScriptedApplyArray>(code, firstMonitorStub, pcOffset);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedApplyArray, pcOffset_);
     }
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
         ICStub *firstMonitorStub_;
         uint32_t pcOffset_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedApplyArray),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICCall_ScriptedApplyArray::New(space, getStubCode(), firstMonitorStub_,
                                                       pcOffset_);
         }
     };
 };
 class ICCall_ScriptedApplyArguments : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     uint32_t pcOffset_;
     ICCall_ScriptedApplyArguments(JitCode *stubCode, ICStub *firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedApplyArguments, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
   public:
     static inline ICCall_ScriptedApplyArguments *New(ICStubSpace *space, JitCode *code,
                                                      ICStub *firstMonitorStub, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_ScriptedApplyArguments>(code, firstMonitorStub, pcOffset);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedApplyArguments, pcOffset_);
     }
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
         ICStub *firstMonitorStub_;
         uint32_t pcOffset_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedApplyArguments),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICCall_ScriptedApplyArguments::New(space, getStubCode(), firstMonitorStub_,
                                                       pcOffset_);
         }
     };
 };
 // Handles calls of the form |fun.call(...)| where fun is a scripted function.
 class ICCall_ScriptedFunCall : public ICMonitoredStub
 {
     friend class ICStubSpace;
   protected:
     uint32_t pcOffset_;
     ICCall_ScriptedFunCall(JitCode *stubCode, ICStub *firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedFunCall, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
   public:
     static inline ICCall_ScriptedFunCall *New(ICStubSpace *space, JitCode *code,
                                               ICStub *firstMonitorStub, uint32_t pcOffset)
     {
         if (!code)
             return nullptr;
         return space->allocate<ICCall_ScriptedFunCall>(code, firstMonitorStub, pcOffset);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedFunCall, pcOffset_);
     }
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
         ICStub *firstMonitorStub_;
         uint32_t pcOffset_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind);
         }
       public:
         Compiler(JSContext *cx, ICStub *firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedFunCall),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICCall_ScriptedFunCall::New(space, getStubCode(), firstMonitorStub_,
                                                pcOffset_);
         }
     };
 };
 // Stub for performing a TableSwitch, updating the IC's return address to jump
 // to whatever point the switch is branching to.
 class ICTableSwitch : public ICStub
 {
     friend class ICStubSpace;
   protected: // Protected to silence Clang warning.
     void **table_;
     int32_t min_;
     int32_t length_;
     void *defaultTarget_;
     ICTableSwitch(JitCode *stubCode, void **table,
                   int32_t min, int32_t length, void *defaultTarget)
       : ICStub(TableSwitch, stubCode), table_(table),
         min_(min), length_(length), defaultTarget_(defaultTarget)
     {}
   public:
     static inline ICTableSwitch *New(ICStubSpace *space, JitCode *code, void **table,
                                      int32_t min, int32_t length, void *defaultTarget) {
         if (!code)
             return nullptr;
         return space->allocate<ICTableSwitch>(code, table, min, length, defaultTarget);
     }
     void fixupJumpTable(JSScript *script, BaselineScript *baseline);
     class Compiler : public ICStubCompiler {
         bool generateStubCode(MacroAssembler &masm);
         jsbytecode *pc_;
       public:
         Compiler(JSContext *cx, jsbytecode *pc)
           : ICStubCompiler(cx, ICStub::TableSwitch), pc_(pc)
         {}
         ICStub *getStub(ICStubSpace *space);
     };
 };
 // IC for constructing an iterator from an input value.
 class ICIteratorNew_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICIteratorNew_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::IteratorNew_Fallback, stubCode)
     { }
   public:
     static inline ICIteratorNew_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorNew_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorNew_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorNew_Fallback::New(space, getStubCode());
         }
     };
 };
 // IC for testing if there are more values in an iterator.
 class ICIteratorMore_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICIteratorMore_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::IteratorMore_Fallback, stubCode)
     { }
   public:
     static inline ICIteratorMore_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorMore_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorMore_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorMore_Fallback::New(space, getStubCode());
         }
     };
 };
 // IC for testing if there are more values in a native iterator.
 class ICIteratorMore_Native : public ICStub
 {
     friend class ICStubSpace;
     ICIteratorMore_Native(JitCode *stubCode)
       : ICStub(ICStub::IteratorMore_Native, stubCode)
     { }
   public:
     static inline ICIteratorMore_Native *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorMore_Native>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorMore_Native)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorMore_Native::New(space, getStubCode());
         }
     };
 };
 // IC for getting the next value in an iterator.
 class ICIteratorNext_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICIteratorNext_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::IteratorNext_Fallback, stubCode)
     { }
   public:
     static inline ICIteratorNext_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorNext_Fallback>(code);
     }
     void setHasNonStringResult() {
         JS_ASSERT(extra_ == 0);
         extra_ = 1;
     }
     bool hasNonStringResult() const {
         return extra_;
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorNext_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorNext_Fallback::New(space, getStubCode());
         }
     };
 };
 // IC for getting the next value in a native iterator.
 class ICIteratorNext_Native : public ICStub
 {
     friend class ICStubSpace;
     ICIteratorNext_Native(JitCode *stubCode)
       : ICStub(ICStub::IteratorNext_Native, stubCode)
     { }
   public:
     static inline ICIteratorNext_Native *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorNext_Native>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorNext_Native)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorNext_Native::New(space, getStubCode());
         }
     };
 };
 // IC for closing an iterator.
 class ICIteratorClose_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICIteratorClose_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::IteratorClose_Fallback, stubCode)
     { }
   public:
     static inline ICIteratorClose_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICIteratorClose_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::IteratorClose_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICIteratorClose_Fallback::New(space, getStubCode());
         }
     };
 };
 // InstanceOf
 //      JSOP_INSTANCEOF
 class ICInstanceOf_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICInstanceOf_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::InstanceOf_Fallback, stubCode)
     { }
   public:
     static inline ICInstanceOf_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICInstanceOf_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::InstanceOf_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICInstanceOf_Fallback::New(space, getStubCode());
         }
     };
 };
 // TypeOf
 //      JSOP_TYPEOF
 //      JSOP_TYPEOFEXPR
 class ICTypeOf_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICTypeOf_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::TypeOf_Fallback, stubCode)
     { }
   public:
     static inline ICTypeOf_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeOf_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::TypeOf_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICTypeOf_Fallback::New(space, getStubCode());
         }
     };
 };
 class ICTypeOf_Typed : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICTypeOf_Typed(JitCode *stubCode, JSType type)
       : ICFallbackStub(ICStub::TypeOf_Typed, stubCode)
     {
         extra_ = uint16_t(type);
         JS_ASSERT(JSType(extra_) == type);
     }
   public:
     static inline ICTypeOf_Typed *New(ICStubSpace *space, JitCode *code, JSType type) {
         if (!code)
             return nullptr;
         return space->allocate<ICTypeOf_Typed>(code, type);
     }
     JSType type() const {
         return JSType(extra_);
     }
     class Compiler : public ICStubCompiler {
       protected:
         JSType type_;
         RootedString typeString_;
         bool generateStubCode(MacroAssembler &masm);
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind) | (static_cast<int32_t>(type_) << 16);
         }
       public:
         Compiler(JSContext *cx, JSType type, HandleString string)
           : ICStubCompiler(cx, ICStub::TypeOf_Typed),
             type_(type),
             typeString_(cx, string)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICTypeOf_Typed::New(space, getStubCode(), type_);
         }
     };
 };
 class ICRest_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     HeapPtrObject templateObject_;
     ICRest_Fallback(JitCode *stubCode, JSObject *templateObject)
       : ICFallbackStub(ICStub::Rest_Fallback, stubCode), templateObject_(templateObject)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICRest_Fallback *New(ICStubSpace *space, JitCode *code,
                                        JSObject *templateObject) {
         if (!code)
             return nullptr;
         return space->allocate<ICRest_Fallback>(code, templateObject);
     }
     HeapPtrObject &templateObject() {
         return templateObject_;
     }
     class Compiler : public ICStubCompiler {
       protected:
         RootedObject templateObject;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, JSObject *templateObject)
           : ICStubCompiler(cx, ICStub::Rest_Fallback),
             templateObject(cx, templateObject)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICRest_Fallback::New(space, getStubCode(), templateObject);
         }
     };
 };
 // Stub for JSOP_RETSUB ("returning" from a |finally| block).
 class ICRetSub_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
     ICRetSub_Fallback(JitCode *stubCode)
       : ICFallbackStub(ICStub::RetSub_Fallback, stubCode)
     { }
   public:
     static const uint32_t MAX_OPTIMIZED_STUBS = 8;
     static inline ICRetSub_Fallback *New(ICStubSpace *space, JitCode *code) {
         if (!code)
             return nullptr;
         return space->allocate<ICRetSub_Fallback>(code);
     }
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx)
           : ICStubCompiler(cx, ICStub::RetSub_Fallback)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICRetSub_Fallback::New(space, getStubCode());
         }
     };
 };
 // Optimized JSOP_RETSUB stub. Every stub maps a single pc offset to its
 // native code address.
 class ICRetSub_Resume : public ICStub
 {
     friend class ICStubSpace;
   protected:
     uint32_t pcOffset_;
     uint8_t *addr_;
     ICRetSub_Resume(JitCode *stubCode, uint32_t pcOffset, uint8_t *addr)
       : ICStub(ICStub::RetSub_Resume, stubCode),
         pcOffset_(pcOffset),
         addr_(addr)
     { }
   public:
     static ICRetSub_Resume *New(ICStubSpace *space, JitCode *code, uint32_t pcOffset,
                                 uint8_t *addr) {
         if (!code)
             return nullptr;
         return space->allocate<ICRetSub_Resume>(code, pcOffset, addr);
     }
     static size_t offsetOfPCOffset() {
         return offsetof(ICRetSub_Resume, pcOffset_);
     }
     static size_t offsetOfAddr() {
         return offsetof(ICRetSub_Resume, addr_);
     }
     class Compiler : public ICStubCompiler {
         uint32_t pcOffset_;
         uint8_t *addr_;
         bool generateStubCode(MacroAssembler &masm);
       public:
         Compiler(JSContext *cx, uint32_t pcOffset, uint8_t *addr)
           : ICStubCompiler(cx, ICStub::RetSub_Resume),
             pcOffset_(pcOffset),
             addr_(addr)
         { }
         ICStub *getStub(ICStubSpace *space) {
             return ICRetSub_Resume::New(space, getStubCode(), pcOffset_, addr_);
         }
     };
 };
 } // namespace jit
 } // namespace js
 #endif // JS_ION
 #endif /* jit_BaselineIC_h */

The Tor Browser / annotate

js/src/jit/BaselineIC.h@6474c204b198 (annotated)

js/src/jit/BaselineIC.h