[JSC] Redesign CallIC (relanding)

https://bugs.webkit.org/show_bug.cgi?id=267681 rdar://120794646 Reviewed by Justin Michaud. This patch redesigns our CallIC, both RepatchingIC and DataIC. 1. We remove awkward slow path for CallIC. All CallIC thunks (virtual, poly, defaultCall etc.) are the same calling convension and it should be possible to be launched from the normal call dispatching path. This significantly eliminates the code bloat in JIT since we no longer need to generate tail-call sequence twice, one for dispatch and one for slow path. Now, all thunks are called after tail-call setup is done. It also eliminates tail-call sequence from poly IC repatching thunk. 2. CallLinkInfo::unlinkOrUpgrade is introduced. Previously, we always just invalidate CallLinkInfo when a new code is installed, like tiering up. But for DataIC, we can just replace the current code with the newly introduced one. This keeps DataIC working without reinitialization. 3. Removal of slow path makes it possible to use simplified virtual call path. We created new virtual call thunk and use it. 4. We simplify CodeBlock::noticeIncomingCall. The existing logic does not work well with tail-call, and it makes code much more complicated, while it does not offer benefit in benchmarks. 5. We fix LayoutTests/svg/animations/svglength-element-removed-crash.svg. This test is completely wrong: it does not account conservative GC, so it is extremely flaky with the changes in JSC side. * JSTests/stress/tail-call-stacks.js: Added. (shouldBe): (testTarget): (t1): (t2): (t3): (t4): (t5): (run): * LayoutTests/inspector/unit-tests/array-utilities-expected.txt: * LayoutTests/inspector/unit-tests/set-utilities-expected.txt: * LayoutTests/js/caller-property-expected.txt: * LayoutTests/js/script-tests/caller-property.js: * LayoutTests/svg/animations/svglength-element-removed-crash-expected.txt: * LayoutTests/svg/animations/svglength-element-removed-crash.svg: * Source/JavaScriptCore/assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::transfer32): (JSC::MacroAssemblerARM64::transfer64): (JSC::MacroAssemblerARM64::transferPtr): * Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::transfer32): (JSC::MacroAssemblerARMv7::transferPtr): * Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h: (JSC::MacroAssemblerRISCV64::transfer32): (JSC::MacroAssemblerRISCV64::transfer64): (JSC::MacroAssemblerRISCV64::transferPtr): * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::transfer32): (JSC::MacroAssemblerX86_64::transfer64): (JSC::MacroAssemblerX86_64::transferPtr): * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::unlinkOrUpgradeImpl): (JSC::CallLinkInfo::setMonomorphicCallee): (JSC::CallLinkInfo::visitWeak): (JSC::CallLinkInfo::revertCallToStub): (JSC::BaselineCallLinkInfo::initialize): (JSC::CallLinkInfo::retrieveCaller): (JSC::CallLinkInfo::reset): (JSC::CallLinkInfo::revertCall): (JSC::CallLinkInfo::setVirtualCall): (JSC::OptimizingCallLinkInfo::setSlowPathCallDestination): (JSC::CallLinkInfo::emitFastPathImpl): (JSC::CallLinkInfo::emitDataICFastPath): (JSC::CallLinkInfo::emitTailCallDataICFastPath): (JSC::CallLinkInfo::setStub): (JSC::CallLinkInfo::emitSlowPathImpl): (JSC::CallLinkInfo::emitDataICSlowPath): (JSC::CallLinkInfo::emitFastPath): (JSC::CallLinkInfo::emitTailCallFastPath): (JSC::CallLinkInfo::emitSlowPath): (JSC::CallLinkInfo::emitTailCallSlowPath): (JSC::OptimizingCallLinkInfo::emitFastPath): (JSC::OptimizingCallLinkInfo::emitTailCallFastPath): (JSC::OptimizingCallLinkInfo::emitSlowPath): (JSC::OptimizingCallLinkInfo::emitTailCallSlowPath): (JSC::OptimizingCallLinkInfo::setDirectCallTarget): (JSC::OptimizingCallLinkInfo::initializeFromDFGUnlinkedCallLinkInfo): (JSC::CallLinkInfo::unlinkImpl): Deleted. (JSC::CallLinkInfo::setSlowPathCallDestination): Deleted. (JSC::OptimizingCallLinkInfo::setFrameShuffleData): Deleted. * Source/JavaScriptCore/bytecode/CallLinkInfo.h: (JSC::CallLinkInfo::isLinked const): (JSC::CallLinkInfo::mode const): (JSC::CallLinkInfo::owner const): (JSC::CallLinkInfo::CallLinkInfo): (JSC::BaselineUnlinkedCallLinkInfo::setUpCall): (JSC::CallLinkInfo::offsetOfSlowPathCallDestination): Deleted. (JSC::BaselineUnlinkedCallLinkInfo::setFrameShuffleData): Deleted. (JSC::CallLinkInfo::calleeGPR const): Deleted. * Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp: (JSC::CallLinkInfoBase::unlinkOrUpgrade): (JSC::CallLinkInfoBase::unlink): Deleted. * Source/JavaScriptCore/bytecode/CallLinkInfoBase.h: * Source/JavaScriptCore/bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFromCallLinkInfo): * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::finishCreation): (JSC::CodeBlock::~CodeBlock): (JSC::CodeBlock::linkIncomingCall): (JSC::CodeBlock::unlinkOrUpgradeIncomingCalls): (JSC::CodeBlock::noticeIncomingCall): (JSC::CodeBlock::unlinkIncomingCalls): Deleted. * Source/JavaScriptCore/bytecode/CodeBlock.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateImpl): (JSC::InlineCacheCompiler::emitProxyObjectAccess): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::linkSlowFor): (JSC::linkMonomorphicCall): (JSC::linkDirectCall): (JSC::linkPolymorphicCall): (JSC::linkSlowPathTo): Deleted. (JSC::revertCall): Deleted. (JSC::unlinkCall): Deleted. (JSC::linkVirtualFor): Deleted. * Source/JavaScriptCore/bytecode/Repatch.h: * Source/JavaScriptCore/bytecode/RepatchInlines.h: (JSC::throwNotAFunctionErrorFromCallIC): (JSC::throwNotAConstructorErrorFromCallIC): (JSC::handleHostCall): (JSC::linkFor): (JSC::virtualForWithFunction): * Source/JavaScriptCore/dfg/DFGJITCode.cpp: (JSC::DFG::JITData::tryInitialize): * Source/JavaScriptCore/dfg/DFGJITCode.h: (JSC::DFG::UnlinkedCallLinkInfo::setUpCall): (JSC::DFG::UnlinkedCallLinkInfo::setFrameShuffleData): Deleted. * Source/JavaScriptCore/dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::addCallLinkInfo): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/ftl/FTLState.cpp: (JSC::FTL::State::addCallLinkInfo): * Source/JavaScriptCore/interpreter/CachedCall.h: (JSC::CachedCall::unlinkOrUpgradeImpl): (JSC::CachedCall::unlinkImpl): Deleted. * Source/JavaScriptCore/interpreter/Interpreter.cpp: (JSC::GetStackTraceFunctor::GetStackTraceFunctor): (JSC::Interpreter::getStackTrace): (JSC::Interpreter::prepareForCachedCall): * Source/JavaScriptCore/interpreter/Interpreter.h: * Source/JavaScriptCore/jit/BaselineJITRegisters.h: * Source/JavaScriptCore/jit/CCallHelpers.h: * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITCall.cpp: (JSC::JIT::compileSetupFrame): (JSC::JIT::compileTailCall): (JSC::JIT::compileOpCall): (JSC::JIT::compileOpCallSlowCase): * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/jit/JITOperations.h: * Source/JavaScriptCore/jit/JITStubRoutine.cpp: (JSC::JITStubRoutine::operator delete): * Source/JavaScriptCore/jit/JITStubRoutine.h: (JSC::JITStubRoutine::destroy): * Source/JavaScriptCore/jit/JITThunks.h: * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp: (JSC::PolymorphicCallNode::unlinkOrUpgradeImpl): (JSC::PolymorphicCallNode::clear): (JSC::PolymorphicCallNode::owner): (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine): (JSC::PolymorphicCallStubRoutine::upgradeIfPossible): (JSC::PolymorphicCallStubRoutine::variants const): (JSC::PolymorphicCallStubRoutine::edges const): (JSC::PolymorphicCallStubRoutine::clearCallNodesFor): (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternalImpl): (JSC::PolymorphicCallStubRoutine::destroy): (JSC::PolymorphicCallNode::unlinkImpl): Deleted. (JSC::PolymorphicCallNode::clearCallLinkInfo): Deleted. * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h: * Source/JavaScriptCore/jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::polymorphicThunkFor): (JSC::polymorphicRepatchThunk): (JSC::slowPathFor): Deleted. (JSC::linkCallThunkGenerator): Deleted. (JSC::linkPolymorphicCallThunkGenerator): Deleted. * Source/JavaScriptCore/jit/ThunkGenerators.h: * Source/JavaScriptCore/llint/LLIntData.cpp: (JSC::LLInt::initialize): * Source/JavaScriptCore/llint/LLIntEntrypoint.cpp: (JSC::LLInt::defaultCall): * Source/JavaScriptCore/llint/LLIntEntrypoint.h: * Source/JavaScriptCore/llint/LLIntSlowPaths.cpp: (JSC::LLInt::llint_default_call): (JSC::LLInt::llint_virtual_call): (JSC::LLInt::llint_link_call): Deleted. * Source/JavaScriptCore/llint/LLIntSlowPaths.h: * Source/JavaScriptCore/llint/LLIntThunks.cpp: (JSC::LLInt::defaultCallThunk): * Source/JavaScriptCore/llint/LLIntThunks.h: * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/llint/LowLevelInterpreter.cpp: (JSC::CLoop::execute): * Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm: * Source/JavaScriptCore/llint/LowLevelInterpreter64.asm: * Source/JavaScriptCore/offlineasm/cloop.rb: * Source/JavaScriptCore/runtime/AggregateError.cpp: (JSC::createAggregateError): * Source/JavaScriptCore/runtime/ArityCheckMode.h: * Source/JavaScriptCore/runtime/Error.cpp: (JSC::createError): (JSC::createEvalError): (JSC::createRangeError): (JSC::createReferenceError): (JSC::createSyntaxError): (JSC::createTypeError): (JSC::createURIError): (JSC::createGetterTypeError): (JSC::getStackTrace): (JSC::getBytecodeIndex): (JSC::addErrorInfo): * Source/JavaScriptCore/runtime/Error.h: * Source/JavaScriptCore/runtime/ErrorInstance.cpp: (JSC::ErrorInstance::create): (JSC::appendSourceToErrorMessage): (JSC::ErrorInstance::finishCreation): * Source/JavaScriptCore/runtime/ErrorInstance.h: (JSC::ErrorInstance::create): * Source/JavaScriptCore/runtime/ExceptionHelpers.cpp: (JSC::notAFunctionSourceAppender): (JSC::constructErrorMessage): (JSC::createError): * Source/JavaScriptCore/runtime/ExceptionHelpers.h: * Source/JavaScriptCore/runtime/Gate.h: * Source/JavaScriptCore/runtime/JSCConfig.h: * Source/JavaScriptCore/runtime/NullSetterFunction.cpp: (JSC::NullSetterFunctionInternal::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/runtime/Options.cpp: (JSC::Options::notifyOptionsChanged): * Source/JavaScriptCore/runtime/ScriptExecutable.cpp: (JSC::ScriptExecutable::installCode): * Source/JavaScriptCore/runtime/StackFrame.cpp: (JSC::StackFrame::StackFrame): (JSC::StackFrame::functionName const): * Source/JavaScriptCore/runtime/StackFrame.h: * Source/JavaScriptCore/runtime/VM.cpp: (JSC::VM::getCTILinkCall): Deleted. * Source/JavaScriptCore/runtime/VM.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyCompileError.cpp: (JSC::createJSWebAssemblyCompileError): * Source/JavaScriptCore/wasm/js/JSWebAssemblyLinkError.cpp: (JSC::createJSWebAssemblyLinkError): * Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp: (JSC::JSWebAssemblyModule::clearJSCallICs): * Source/JavaScriptCore/wasm/js/JSWebAssemblyRuntimeError.cpp: (JSC::createJSWebAssemblyRuntimeError): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): Canonical link: https://commits.webkit.org/273190@main
WebKit · Jan 18, 2024 · 65c8acc · 65c8acc
1 parent f7d8a27
commit 65c8acc
Show file tree

Hide file tree

Showing 81 changed files with 1,540 additions and 1,247 deletions.
diff --git a/JSTests/stress/tail-call-stacks.js b/JSTests/stress/tail-call-stacks.js
@@ -0,0 +1,34 @@
+"use strict";
+
+function shouldBe(actual, expected) {
+    if (actual !== expected)
+        throw new Error('bad value: ' + actual);
+}
+
+function testTarget(func) {
+    return func();
+}
+noInline(testTarget);
+
+function t1() { }
+function t2() { }
+function t3() { }
+function t4() { }
+function t5() { }
+
+function run() {
+    testTarget(t1);
+    testTarget(t2);
+    testTarget(t3);
+    testTarget(t4);
+    testTarget(t5);
+    try {
+        testTarget(undefined);
+    } catch (error) {
+        var stack = error.stack.split('\n')
+        shouldBe(stack[0].includes("testTarget"), true);
+    }
+}
+
+for (var i = 0; i < 10000; ++i)
+    run();
diff --git a/LayoutTests/inspector/unit-tests/array-utilities-expected.txt b/LayoutTests/inspector/unit-tests/array-utilities-expected.txt
@@ -186,5 +186,5 @@ Node:
 
 Object (doesn't have [Symbol.iterator]):
 PASS: Should produce an exception.
-TypeError: undefined is not a function
+TypeError: undefined is not a function (near '...item of iterable...')
 
diff --git a/LayoutTests/inspector/unit-tests/set-utilities-expected.txt b/LayoutTests/inspector/unit-tests/set-utilities-expected.txt
@@ -49,7 +49,7 @@ Node:
 
 Object (doesn't have [Symbol.iterator]):
 PASS: Should produce an exception.
-TypeError: undefined is not a function
+TypeError: undefined is not a function (near '...item of iterable...')
 
 -- Running test case: Set.prototype.take
 PASS: Set can take `key`.

diff --git a/LayoutTests/js/caller-property-expected.txt b/LayoutTests/js/caller-property-expected.txt
@@ -24,7 +24,7 @@ PASS nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, {}), {})) is nonStrict
 PASS nonStrictCaller(new Proxy(boundNonStrictCallee, {})) is nonStrictCaller
 PASS nonStrictCaller(new Proxy(nonStrictCallee, Reflect)) is nonStrictCaller
 PASS nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, Reflect), {})) is nonStrictCaller
-PASS nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, {}), Reflect)) is null
+PASS nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, {}), Reflect)) is nonStrictCaller
 PASS nonStrictGetter(nonStrictAccessor) threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
 PASS nonStrictGetter(strictAccessor) threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
 PASS strictGetter(nonStrictAccessor) threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..

diff --git a/LayoutTests/js/script-tests/caller-property.js b/LayoutTests/js/script-tests/caller-property.js
@@ -50,7 +50,7 @@ shouldBe("nonStrictCaller(new Proxy(boundNonStrictCallee, {}))", "nonStrictCalle
 
 shouldBe("nonStrictCaller(new Proxy(nonStrictCallee, Reflect))", "nonStrictCaller"); // tail call
 shouldBe("nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, Reflect), {}))", "nonStrictCaller"); // tail call
-shouldBe("nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, {}), Reflect))", "null"); // no tail call in Proxy's [[Call]]
+shouldBe("nonStrictCaller(new Proxy(new Proxy(nonStrictCallee, {}), Reflect))", "nonStrictCaller"); // tail call
 
 // Check that .caller throws as expected, over an accessor call. (per https://tc39.github.io/ecma262/#sec-forbidden-extensions)
 function getFooGetter(x) { return Object.getOwnPropertyDescriptor(x, 'foo').get; }

diff --git a/LayoutTests/svg/animations/svglength-element-removed-crash-expected.txt b/LayoutTests/svg/animations/svglength-element-removed-crash-expected.txt
@@ -1 +1,5 @@
-PASS x = 10
+PASS x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10 x = 10
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/svg/animations/svglength-element-removed-crash.svg b/LayoutTests/svg/animations/svglength-element-removed-crash.svg
diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h b/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
@@ -2130,6 +2130,23 @@ class MacroAssemblerARM64 : public AbstractMacroAssembler<Assembler> {
         transfer64(src, dest);
     }
 
+    void transfer32(BaseIndex src, BaseIndex dest)
+    {
+        load32(src, getCachedDataTempRegisterIDAndInvalidate());
+        store32(getCachedDataTempRegisterIDAndInvalidate(), dest);
+    }
+
+    void transfer64(BaseIndex src, BaseIndex dest)
+    {
+        load64(src, getCachedDataTempRegisterIDAndInvalidate());
+        store64(getCachedDataTempRegisterIDAndInvalidate(), dest);
+    }
+
+    void transferPtr(BaseIndex src, BaseIndex dest)
+    {
+        transfer64(src, dest);
+    }
+
     DataLabel32 store64WithAddressOffsetPatch(RegisterID src, Address address)
     {
         DataLabel32 label(this);

diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h b/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
@@ -1317,6 +1317,17 @@ class MacroAssemblerARMv7 : public AbstractMacroAssembler<Assembler> {
         transfer32(src, dest);
     }
 
+    void transfer32(BaseIndex src, BaseIndex dest)
+    {
+        load32(src, dataTempRegister);
+        store32(dataTempRegister, dest);
+    }
+
+    void transferPtr(BaseIndex src, BaseIndex dest)
+    {
+        transfer32(src, dest);
+    }
+
     void storeCond8(RegisterID src, Address addr, RegisterID result)
     {
         ASSERT(!addr.offset);

diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h b/Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h
@@ -1256,6 +1256,25 @@ class MacroAssemblerRISCV64 : public AbstractMacroAssembler<Assembler> {
         transfer64(src, dest);
     }
 
+    void transfer32(BaseIndex src, BaseIndex dest)
+    {
+        auto temp = temps<Data>();
+        load32(src, temp.data());
+        store32(temp.data(), dest);
+    }
+
+    void transfer64(BaseIndex src, BaseIndex dest)
+    {
+        auto temp = temps<Data>();
+        load64(src, temp.data());
+        store64(temp.data(), dest);
+    }
+
+    void transferPtr(BaseIndex src, BaseIndex dest)
+    {
+        transfer64(src, dest);
+    }
+
     void storePair32(RegisterID src1, RegisterID src2, RegisterID dest)
     {
         storePair32(src1, src2, dest, TrustedImm32(0));

diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h b/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
@@ -1265,6 +1265,23 @@ class MacroAssemblerX86_64 : public MacroAssemblerX86Common {
         transfer64(src, dest);
     }
 
+    void transfer32(BaseIndex src, BaseIndex dest)
+    {
+        load32(src, scratchRegister());
+        store32(scratchRegister(), dest);
+    }
+
+    void transfer64(BaseIndex src, BaseIndex dest)
+    {
+        load64(src, scratchRegister());
+        store64(scratchRegister(), dest);
+    }
+
+    void transferPtr(BaseIndex src, BaseIndex dest)
+    {
+        transfer64(src, dest);
+    }
+
     DataLabel32 store64WithAddressOffsetPatch(RegisterID src, Address address)
     {
         padBeforePatch();

diff --git a/Source/JavaScriptCore/bytecode/BytecodeList.rb b/Source/JavaScriptCore/bytecode/BytecodeList.rb
@@ -1396,7 +1396,7 @@
 op :llint_native_construct_trampoline
 op :llint_internal_function_call_trampoline
 op :llint_internal_function_construct_trampoline
-op :llint_link_call_trampoline
+op :llint_default_call_trampoline
 op :llint_virtual_call_trampoline
 op :llint_virtual_construct_trampoline
 op :llint_virtual_tail_call_trampoline
@@ -1412,45 +1412,24 @@
 op :op_construct_return_location
 op :op_call_varargs_return_location
 op :op_construct_varargs_return_location
-op :op_call_varargs_slow_return_location
-op :op_construct_varargs_slow_return_location
 op :op_get_by_id_return_location
 op :op_get_by_val_return_location
 op :op_put_by_id_return_location
 op :op_put_by_val_return_location
 op :op_iterator_open_return_location
 op :op_iterator_next_return_location
+op :op_call_direct_eval_slow_return_location
 op :wasm_function_prologue
 op :wasm_function_prologue_simd
 
-op :op_call_slow_return_location
-op :op_call_ignore_result_slow_return_location
-op :op_construct_slow_return_location
-op :op_iterator_open_slow_return_location
-op :op_iterator_next_slow_return_location
-op :op_tail_call_slow_return_location
-op :op_tail_call_forward_arguments_slow_return_location
-op :op_tail_call_varargs_slow_return_location
-op :op_call_direct_eval_slow_return_location
-
 op :js_trampoline_op_call
 op :js_trampoline_op_call_ignore_result
 op :js_trampoline_op_construct
 op :js_trampoline_op_call_varargs
 op :js_trampoline_op_construct_varargs
 op :js_trampoline_op_iterator_next
 op :js_trampoline_op_iterator_open
-op :js_trampoline_op_call_slow
-op :js_trampoline_op_call_ignore_result_slow
-op :js_trampoline_op_tail_call_slow
-op :js_trampoline_op_construct_slow
-op :js_trampoline_op_call_varargs_slow
-op :js_trampoline_op_tail_call_varargs_slow
-op :js_trampoline_op_tail_call_forward_arguments_slow
-op :js_trampoline_op_construct_varargs_slow
 op :js_trampoline_op_call_direct_eval_slow
-op :js_trampoline_op_iterator_next_slow
-op :js_trampoline_op_iterator_open_slow
 op :js_trampoline_llint_function_for_call_arity_check_untag
 op :js_trampoline_llint_function_for_call_arity_check_tag
 op :js_trampoline_llint_function_for_construct_arity_check_untag
@@ -1493,36 +1472,6 @@
 op :llint_cloop_did_return_from_js_23
 op :llint_cloop_did_return_from_js_24
 op :llint_cloop_did_return_from_js_25
-op :llint_cloop_did_return_from_js_26
-op :llint_cloop_did_return_from_js_27
-op :llint_cloop_did_return_from_js_28
-op :llint_cloop_did_return_from_js_29
-op :llint_cloop_did_return_from_js_30
-op :llint_cloop_did_return_from_js_31
-op :llint_cloop_did_return_from_js_32
-op :llint_cloop_did_return_from_js_33
-op :llint_cloop_did_return_from_js_34
-op :llint_cloop_did_return_from_js_35
-op :llint_cloop_did_return_from_js_36
-op :llint_cloop_did_return_from_js_37
-op :llint_cloop_did_return_from_js_38
-op :llint_cloop_did_return_from_js_39
-op :llint_cloop_did_return_from_js_40
-op :llint_cloop_did_return_from_js_41
-op :llint_cloop_did_return_from_js_42
-op :llint_cloop_did_return_from_js_43
-op :llint_cloop_did_return_from_js_44
-op :llint_cloop_did_return_from_js_45
-op :llint_cloop_did_return_from_js_46
-op :llint_cloop_did_return_from_js_47
-op :llint_cloop_did_return_from_js_48
-op :llint_cloop_did_return_from_js_49
-op :llint_cloop_did_return_from_js_50
-op :llint_cloop_did_return_from_js_51
-op :llint_cloop_did_return_from_js_52
-op :llint_cloop_did_return_from_js_53
-op :llint_cloop_did_return_from_js_54
-op :llint_cloop_did_return_from_js_55
 
 end_section :CLoopReturnHelpers