Add argument_count bytecode for concat
https://bugs.webkit.org/show_bug.cgi?id=158358
Reviewed by Geoffrey Garen.
This patch adds a new argument count bytecode. Normally, we would
just make sure that the argument.length bytecode was fast enough
that we shouldn't need such an bytecode. However, for the case of
Array.prototype.concat the overhead of the arguments object
allocation in the LLInt was too high and caused regressions.
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getArgumentCount):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_argument_count):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* tests/stress/argument-count-bytecode.js: Added.
(inlineCount):
(inlineCount1):
(inlineCount2):
(inlineCountVarArgs):
(assert):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@201668 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index ca53ea7..eabec3c 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,44 @@
+2016-06-03 Keith Miller <keith_miller@apple.com>
+
+ Add argument_count bytecode for concat
+ https://bugs.webkit.org/show_bug.cgi?id=158358
+
+ Reviewed by Geoffrey Garen.
+
+ This patch adds a new argument count bytecode. Normally, we would
+ just make sure that the argument.length bytecode was fast enough
+ that we shouldn't need such an bytecode. However, for the case of
+ Array.prototype.concat the overhead of the arguments object
+ allocation in the LLInt was too high and caused regressions.
+
+ * bytecode/BytecodeIntrinsicRegistry.h:
+ * bytecode/BytecodeList.json:
+ * bytecode/BytecodeUseDef.h:
+ (JSC::computeUsesForBytecodeOffset):
+ (JSC::computeDefsForBytecodeOffset):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dumpBytecode):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getArgumentCount):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::capabilityLevel):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_argument_count):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * tests/stress/argument-count-bytecode.js: Added.
+ (inlineCount):
+ (inlineCount1):
+ (inlineCount2):
+ (inlineCountVarArgs):
+ (assert):
+
2016-06-03 Geoffrey Garen <ggaren@apple.com>
Clients of PolymorphicAccess::addCases shouldn't have to malloc
diff --git a/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h b/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
index bbe9a91..93e9680 100644
--- a/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
+++ b/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
@@ -40,6 +40,7 @@
class Identifier;
#define JSC_COMMON_BYTECODE_INTRINSIC_FUNCTIONS_EACH_NAME(macro) \
+ macro(argumentCount) \
macro(assert) \
macro(isObject) \
macro(tryGetById) \
diff --git a/Source/JavaScriptCore/bytecode/BytecodeList.json b/Source/JavaScriptCore/bytecode/BytecodeList.json
index 483be64..8e9805a 100644
--- a/Source/JavaScriptCore/bytecode/BytecodeList.json
+++ b/Source/JavaScriptCore/bytecode/BytecodeList.json
@@ -9,6 +9,7 @@
{ "name" : "op_create_scoped_arguments", "length" : 3 },
{ "name" : "op_create_cloned_arguments", "length" : 2 },
{ "name" : "op_create_this", "length" : 5 },
+ { "name" : "op_argument_count", "length" : 2 },
{ "name" : "op_to_this", "length" : 4 },
{ "name" : "op_check_tdz", "length" : 2 },
{ "name" : "op_new_object", "length" : 4 },
diff --git a/Source/JavaScriptCore/bytecode/BytecodeUseDef.h b/Source/JavaScriptCore/bytecode/BytecodeUseDef.h
index 17bb58b..c37a79c 100644
--- a/Source/JavaScriptCore/bytecode/BytecodeUseDef.h
+++ b/Source/JavaScriptCore/bytecode/BytecodeUseDef.h
@@ -53,6 +53,7 @@
case op_jmp:
case op_new_object:
case op_enter:
+ case op_argument_count:
case op_catch:
case op_profile_control_flow:
case op_create_direct_arguments:
@@ -362,6 +363,7 @@
#undef LLINT_HELPER_OPCODES
return;
// These all have a single destination for the first argument.
+ case op_argument_count:
case op_to_index_string:
case op_get_enumerable_length:
case op_has_indexed_property:
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index a648ae6..57f315f 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -818,6 +818,11 @@
out.printf("%s", registerName(r0).data());
break;
}
+ case op_argument_count: {
+ int r0 = (++it)->u.operand;
+ printLocationOpAndRegisterOperand(out, exec, location, it, "argument_count", r0);
+ break;
+ }
case op_copy_rest: {
int r0 = (++it)->u.operand;
int r1 = (++it)->u.operand;
diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index a40259b..dfb4167 100644
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -854,6 +854,13 @@
return (this->*m_emitter)(generator, dst);
}
+RegisterID* BytecodeIntrinsicNode::emit_intrinsic_argumentCount(BytecodeGenerator& generator, RegisterID* dst)
+{
+ ASSERT(!m_args->m_listNode);
+
+ return generator.emitUnaryNoDstOp(op_argument_count, generator.finalDestination(dst));
+}
+
RegisterID* BytecodeIntrinsicNode::emit_intrinsic_assert(BytecodeGenerator& generator, RegisterID* dst)
{
#ifndef NDEBUG
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
index 4010c12..35f6f43 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
@@ -1973,7 +1973,7 @@
forNode(node).setType(m_graph, SpecFunction);
break;
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
forNode(node).setType(SpecInt32Only);
break;
diff --git a/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp b/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp
index 75c21b3..fce2afc 100644
--- a/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp
+++ b/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp
@@ -76,7 +76,7 @@
Node* argumentCount;
if (!inlineCallFrame)
- argumentCount = insertionSet.insertNode(nodeIndex, SpecInt32Only, GetArgumentCount, origin);
+ argumentCount = insertionSet.insertNode(nodeIndex, SpecInt32Only, GetArgumentCountIncludingThis, origin);
else {
VirtualRegister argumentCountRegister(inlineCallFrame->stackOffset + JSStack::ArgumentCount);
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
index 482bd0b..bb3be17 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
@@ -196,6 +196,7 @@
Terminality handleVarargsCall(Instruction* pc, NodeType op, CallMode);
void emitFunctionChecks(CallVariant, Node* callTarget, VirtualRegister thisArgumnt);
void emitArgumentPhantoms(int registerOffset, int argumentCountIncludingThis);
+ Node* getArgumentCount();
unsigned inliningCost(CallVariant, int argumentCountIncludingThis, CallMode); // Return UINT_MAX if it's not an inlining candidate. By convention, intrinsics have a cost of 1.
// Handle inlining. Return true if it succeeded, false if we need to plant a call.
bool handleInlining(Node* callTargetNode, int resultOperand, const CallLinkStatus&, int registerOffset, VirtualRegister thisArgument, VirtualRegister argumentsArgument, unsigned argumentsOffset, int argumentCountIncludingThis, unsigned nextOffset, NodeType callOp, InlineCallFrame::Kind, SpeculatedType prediction);
@@ -1322,6 +1323,19 @@
addToGraph(CheckCell, OpInfo(m_graph.freeze(calleeCell)), callTargetForCheck, thisArgument);
}
+Node* ByteCodeParser::getArgumentCount()
+{
+ Node* argumentCount;
+ if (m_inlineStackTop->m_inlineCallFrame) {
+ if (m_inlineStackTop->m_inlineCallFrame->isVarargs())
+ argumentCount = get(VirtualRegister(JSStack::ArgumentCount));
+ else
+ argumentCount = jsConstant(m_graph.freeze(jsNumber(m_inlineStackTop->m_inlineCallFrame->arguments.size()))->value());
+ } else
+ argumentCount = addToGraph(GetArgumentCountIncludingThis, OpInfo(0), OpInfo(SpecInt32Only));
+ return argumentCount;
+}
+
void ByteCodeParser::emitArgumentPhantoms(int registerOffset, int argumentCountIncludingThis)
{
for (int i = 0; i < argumentCountIncludingThis; ++i)
@@ -4886,7 +4900,14 @@
set(VirtualRegister(currentInstruction[1].u.operand), result);
NEXT_OPCODE(op_get_scope);
}
-
+
+ case op_argument_count: {
+ Node* sub = addToGraph(ArithSub, OpInfo(Arith::Unchecked), OpInfo(SpecInt32Only), getArgumentCount(), addToGraph(JSConstant, OpInfo(m_constantOne)));
+
+ set(VirtualRegister(currentInstruction[1].u.operand), sub);
+ NEXT_OPCODE(op_argument_count);
+ }
+
case op_create_direct_arguments: {
noticeArgumentsUse();
Node* createArguments = addToGraph(CreateDirectArguments);
diff --git a/Source/JavaScriptCore/dfg/DFGCapabilities.cpp b/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
index 8eaba38..2267c3e 100644
--- a/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
@@ -106,6 +106,7 @@
switch (opcodeID) {
case op_enter:
case op_to_this:
+ case op_argument_count:
case op_check_tdz:
case op_create_this:
case op_bitand:
diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h b/Source/JavaScriptCore/dfg/DFGClobberize.h
index e670e5b..110f91b 100644
--- a/Source/JavaScriptCore/dfg/DFGClobberize.h
+++ b/Source/JavaScriptCore/dfg/DFGClobberize.h
@@ -502,7 +502,7 @@
def(HeapLocation(StackLoc, AbstractHeap(Stack, JSStack::Callee)), LazyNode(node));
return;
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
read(AbstractHeap(Stack, JSStack::ArgumentCount));
def(HeapLocation(StackPayloadLoc, AbstractHeap(Stack, JSStack::ArgumentCount)), LazyNode(node));
return;
diff --git a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
index 3936d26..d718b4d 100644
--- a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
+++ b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
@@ -50,7 +50,7 @@
case LazyJSConstant:
case Identity:
case GetCallee:
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
case GetRestLength:
case GetLocal:
case SetLocal:
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index 377a02a..a36c3a4 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
@@ -1508,7 +1508,7 @@
case DoubleConstant:
case GetLocal:
case GetCallee:
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
case GetRestLength:
case Flush:
case PhantomLocal:
diff --git a/Source/JavaScriptCore/dfg/DFGMayExit.cpp b/Source/JavaScriptCore/dfg/DFGMayExit.cpp
index aee1cff..570b10a 100644
--- a/Source/JavaScriptCore/dfg/DFGMayExit.cpp
+++ b/Source/JavaScriptCore/dfg/DFGMayExit.cpp
@@ -71,7 +71,7 @@
case KillStack:
case GetStack:
case GetCallee:
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
case GetRestLength:
case GetScope:
case PhantomLocal:
diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h
index 0608102..66d9e0c 100644
--- a/Source/JavaScriptCore/dfg/DFGNodeType.h
+++ b/Source/JavaScriptCore/dfg/DFGNodeType.h
@@ -53,7 +53,7 @@
macro(ToThis, NodeResultJS) \
macro(CreateThis, NodeResultJS) /* Note this is not MustGenerate since we're returning it anyway. */ \
macro(GetCallee, NodeResultJS) \
- macro(GetArgumentCount, NodeResultInt32) \
+ macro(GetArgumentCountIncludingThis, NodeResultInt32) \
\
/* Nodes for local variable access. These nodes are linked together using Phi nodes. */\
/* Any two nodes that are part of the same Phi graph will share the same */\
diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
index a06dd4d..30c3f83 100644
--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
@@ -737,7 +737,7 @@
break;
}
- case GetArgumentCount: {
+ case GetArgumentCountIncludingThis: {
setPrediction(SpecInt32Only);
break;
}
diff --git a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
index 627d797..4c1c623 100644
--- a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
+++ b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
@@ -142,7 +142,7 @@
case ToThis:
case CreateThis:
case GetCallee:
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
case GetRestLength:
case GetLocal:
case SetLocal:
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
index 50e78d3..6b3862a 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
@@ -4070,7 +4070,7 @@
break;
}
- case GetArgumentCount: {
+ case GetArgumentCountIncludingThis: {
GPRTemporary result(this);
m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
int32Result(result.gpr(), node);
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
index 0d01802..744139b 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
@@ -4007,7 +4007,7 @@
break;
}
- case GetArgumentCount: {
+ case GetArgumentCountIncludingThis: {
GPRTemporary result(this);
m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
int32Result(result.gpr(), node);
diff --git a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
index 21aee05..a371e66 100644
--- a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
+++ b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
@@ -160,7 +160,7 @@
case GetExecutable:
case GetScope:
case GetCallee:
- case GetArgumentCount:
+ case GetArgumentCountIncludingThis:
case ToString:
case CallStringConstructor:
case MakeRope:
diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
index 34a84e5..7456462 100644
--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
@@ -776,8 +776,8 @@
case GetCallee:
compileGetCallee();
break;
- case GetArgumentCount:
- compileGetArgumentCount();
+ case GetArgumentCountIncludingThis:
+ compileGetArgumentCountIncludingThis();
break;
case GetScope:
compileGetScope();
@@ -4670,7 +4670,7 @@
setJSValue(m_out.loadPtr(addressFor(JSStack::Callee)));
}
- void compileGetArgumentCount()
+ void compileGetArgumentCountIncludingThis()
{
setInt32(m_out.load32(payloadFor(JSStack::ArgumentCount)));
}
diff --git a/Source/JavaScriptCore/jit/JIT.cpp b/Source/JavaScriptCore/jit/JIT.cpp
index 30497ab..95b1ac1 100644
--- a/Source/JavaScriptCore/jit/JIT.cpp
+++ b/Source/JavaScriptCore/jit/JIT.cpp
@@ -223,6 +223,7 @@
DEFINE_OP(op_create_direct_arguments)
DEFINE_OP(op_create_scoped_arguments)
DEFINE_OP(op_create_cloned_arguments)
+ DEFINE_OP(op_argument_count)
DEFINE_OP(op_copy_rest)
DEFINE_OP(op_get_rest_length)
DEFINE_OP(op_check_tdz)
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index 77910b1..82e831e 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -491,6 +491,7 @@
void emit_op_create_direct_arguments(Instruction*);
void emit_op_create_scoped_arguments(Instruction*);
void emit_op_create_cloned_arguments(Instruction*);
+ void emit_op_argument_count(Instruction*);
void emit_op_copy_rest(Instruction*);
void emit_op_get_rest_length(Instruction*);
void emit_op_check_tdz(Instruction*);
diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp
index 932a957..e38fd16 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp
@@ -1419,6 +1419,16 @@
slowPathCall.call();
}
+void JIT::emit_op_argument_count(Instruction* currentInstruction)
+{
+ int dst = currentInstruction[1].u.operand;
+ load32(payloadFor(JSStack::ArgumentCount), regT0);
+ sub32(TrustedImm32(1), regT0);
+ JSValueRegs result = JSValueRegs::withTwoAvailableRegs(regT0, regT1);
+ boxInt32(regT0, result);
+ emitPutVirtualRegister(dst, result);
+}
+
void JIT::emit_op_copy_rest(Instruction* currentInstruction)
{
JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_copy_rest);
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
index f5f7560..f43000a 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
@@ -677,6 +677,17 @@
dispatch(1)
+_llint_op_argument_count:
+ traceExecution()
+ loadisFromInstruction(1, t2)
+ loadi PayloadOffset + ArgumentCount[cfr], t0
+ subi 1, t0
+ move Int32Tag, t1
+ storei t1, TagOffset[cfr, t2, 8]
+ storei t0, PayloadOffset[cfr, t2, 8]
+ dispatch(2)
+
+
_llint_op_get_scope:
traceExecution()
loadi Callee + PayloadOffset[cfr], t0
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
index b9c17a5..2802353 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
@@ -584,6 +584,16 @@
dispatch(1)
+_llint_op_argument_count:
+ traceExecution()
+ loadisFromInstruction(1, t1)
+ loadi PayloadOffset + ArgumentCount[cfr], t0
+ subi 1, t0
+ orq TagTypeNumber, t0
+ storeq t0, [cfr, t1, 8]
+ dispatch(2)
+
+
_llint_op_get_scope:
traceExecution()
loadp Callee[cfr], t0
diff --git a/Source/JavaScriptCore/tests/stress/argument-count-bytecode.js b/Source/JavaScriptCore/tests/stress/argument-count-bytecode.js
new file mode 100644
index 0000000..b19b82f
--- /dev/null
+++ b/Source/JavaScriptCore/tests/stress/argument-count-bytecode.js
@@ -0,0 +1,38 @@
+count = createBuiltin("(function () { return @argumentCount(); })");
+countNoInline = createBuiltin("(function () { return @argumentCount(); })");
+noInline(countNoInline);
+
+
+function inlineCount() { return count(); }
+noInline(inlineCount);
+
+function inlineCount1() { return count(1); }
+noInline(inlineCount1);
+
+function inlineCount2() { return count(1,2); }
+noInline(inlineCount2);
+
+function inlineCountVarArgs(list) { return count(...list); }
+noInline(inlineCountVarArgs);
+
+function assert(condition, message) {
+ if (!condition)
+ throw new Error(message);
+}
+
+for (i = 0; i < 1000000; i++) {
+ assert(count(1,1,2) === 3, i);
+ assert(count() === 0, i);
+ assert(count(1) === 1, i);
+ assert(count(...[1,2,3,4,5]) === 5, i);
+ assert(count(...[]) === 0, i);
+ assert(inlineCount() === 0, i);
+ assert(inlineCount1() === 1, i);
+ assert(inlineCount2() === 2, i);
+ assert(inlineCountVarArgs([1,2,3,4]) === 4, i);
+ assert(inlineCountVarArgs([]) === 0, i);
+ // Insert extra junk so that inlineCountVarArgs.arguments.length !== count.arguments.length
+ assert(inlineCountVarArgs([1], 2, 4) === 1, i);
+ assert(countNoInline(4) === 1, i)
+ assert(countNoInline() === 0, i);
+}
