My approach here will be to beef up B3 to the point where the FTL B3 binary snippet code generators don't have to do weird things with scratch registers and tag registers. We can already use patchpoint constraints to force the tag registers to contain tag values. We just would use ValueRep::reg(...). This will actually do the Right Thing, since the tag values are already forced into registers. So, this will probably just force B3 to use the JSC tag registers to hold the tag values. Even if this doesn't quite happen and B3 emits some mov's to put the tag values into the tag registers, the ValueRep::reg() constraint will ensure that as far as the snippet knows, the tag registers will already have the tags and not anything else. The scratch register is the only issue. We currently have no way of requesting scratch registers from B3 patchpoints. We should fix that!

Created attachment 268239 [details] the patch

Attachment 268239 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:7562: Place brace on its own line for function definitions. [whitespace/braces] [4] ERROR: Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:7575: Place brace on its own line for function definitions. [whitespace/braces] [4] Total errors found: 2 in 12 files If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 268239 [details] the patch r=me

Landed in http://trac.webkit.org/changeset/194561