/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- * vim: set ts=8 sts=4 et sw=4 tw=99: * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "jit/BaselineCacheIR.h" #include "jit/CacheIR.h" #include "jit/Linker.h" #include "jit/SharedICHelpers.h" #include "jit/MacroAssembler-inl.h" using namespace js; using namespace js::jit; // OperandLocation represents the location of an OperandId. The operand is // either in a register or on the stack, and is either boxed or unboxed. class OperandLocation { public: enum Kind { Uninitialized = 0, PayloadReg, ValueReg, PayloadStack, ValueStack, }; private: Kind kind_; union Data { struct { Register reg; JSValueType type; } payloadReg; ValueOperand valueReg; struct { uint32_t stackPushed; JSValueType type; } payloadStack; uint32_t valueStackPushed; Data() : valueStackPushed(0) {} }; Data data_; public: OperandLocation() : kind_(Uninitialized) {} Kind kind() const { return kind_; } void setUninitialized() { kind_ = Uninitialized; } ValueOperand valueReg() const { MOZ_ASSERT(kind_ == ValueReg); return data_.valueReg; } Register payloadReg() const { MOZ_ASSERT(kind_ == PayloadReg); return data_.payloadReg.reg; } uint32_t payloadStack() const { MOZ_ASSERT(kind_ == PayloadStack); return data_.payloadStack.stackPushed; } uint32_t valueStack() const { MOZ_ASSERT(kind_ == ValueStack); return data_.valueStackPushed; } JSValueType payloadType() const { if (kind_ == PayloadReg) return data_.payloadReg.type; MOZ_ASSERT(kind_ == PayloadStack); return data_.payloadStack.type; } void setPayloadReg(Register reg, JSValueType type) { kind_ = PayloadReg; data_.payloadReg.reg = reg; data_.payloadReg.type = type; } void setValueReg(ValueOperand reg) { kind_ = ValueReg; data_.valueReg = reg; } void setPayloadStack(uint32_t stackPushed, JSValueType type) { kind_ = PayloadStack; data_.payloadStack.stackPushed = stackPushed; data_.payloadStack.type = type; } void setValueStack(uint32_t stackPushed) { kind_ = ValueStack; data_.valueStackPushed = stackPushed; } bool aliasesReg(Register reg) { if (kind_ == PayloadReg) return payloadReg() == reg; if (kind_ == ValueReg) return valueReg().aliases(reg); return false; } bool aliasesReg(ValueOperand reg) { #if defined(JS_NUNBOX32) return aliasesReg(reg.typeReg()) || aliasesReg(reg.payloadReg()); #else return aliasesReg(reg.valueReg()); #endif } bool operator==(const OperandLocation& other) const { if (kind_ != other.kind_) return false; switch (kind()) { case Uninitialized: return true; case PayloadReg: return payloadReg() == other.payloadReg() && payloadType() == other.payloadType(); case ValueReg: return valueReg() == other.valueReg(); case PayloadStack: return payloadStack() == other.payloadStack() && payloadType() == other.payloadType(); case ValueStack: return valueStack() == other.valueStack(); } MOZ_CRASH("Invalid OperandLocation kind"); } bool operator!=(const OperandLocation& other) const { return !operator==(other); } }; // Class to track and allocate registers while emitting IC code. class MOZ_RAII CacheRegisterAllocator { // The original location of the inputs to the cache. Vector<OperandLocation, 4, SystemAllocPolicy> origInputLocations_; // The current location of each operand. Vector<OperandLocation, 8, SystemAllocPolicy> operandLocations_; // The registers allocated while emitting the current CacheIR op. // This prevents us from allocating a register and then immediately // clobbering it for something else, while we're still holding on to it. LiveGeneralRegisterSet currentOpRegs_; // Registers that are currently unused and available. AllocatableGeneralRegisterSet availableRegs_; // The number of bytes pushed on the native stack. uint32_t stackPushed_; // The index of the CacheIR instruction we're currently emitting. uint32_t currentInstruction_; const CacheIRWriter& writer_; CacheRegisterAllocator(const CacheRegisterAllocator&) = delete; CacheRegisterAllocator& operator=(const CacheRegisterAllocator&) = delete; public: friend class AutoScratchRegister; explicit CacheRegisterAllocator(const CacheIRWriter& writer) : stackPushed_(0), currentInstruction_(0), writer_(writer) {} MOZ_MUST_USE bool init(const AllocatableGeneralRegisterSet& available) { availableRegs_ = available; if (!origInputLocations_.resize(writer_.numInputOperands())) return false; if (!operandLocations_.resize(writer_.numOperandIds())) return false; return true; } OperandLocation operandLocation(size_t i) const { return operandLocations_[i]; } OperandLocation origInputLocation(size_t i) const { return origInputLocations_[i]; } void initInputLocation(size_t i, ValueOperand reg) { origInputLocations_[i].setValueReg(reg); operandLocations_[i] = origInputLocations_[i]; } void nextOp() { currentOpRegs_.clear(); currentInstruction_++; } uint32_t stackPushed() const { return stackPushed_; } // Allocates a new register. Register allocateRegister(MacroAssembler& masm); ValueOperand allocateValueRegister(MacroAssembler& masm); // Returns the register for the given operand. If the operand is currently // not in a register, it will load it into one. ValueOperand useRegister(MacroAssembler& masm, ValOperandId val); Register useRegister(MacroAssembler& masm, ObjOperandId obj); // Allocates an output register for the given operand. Register defineRegister(MacroAssembler& masm, ObjOperandId obj); }; // RAII class to put a scratch register back in the allocator's availableRegs // set when we're done with it. class MOZ_RAII AutoScratchRegister { CacheRegisterAllocator& alloc_; Register reg_; public: AutoScratchRegister(CacheRegisterAllocator& alloc, MacroAssembler& masm) : alloc_(alloc) { reg_ = alloc.allocateRegister(masm); MOZ_ASSERT(alloc_.currentOpRegs_.has(reg_)); } ~AutoScratchRegister() { MOZ_ASSERT(alloc_.currentOpRegs_.has(reg_)); alloc_.availableRegs_.add(reg_); } operator Register() const { return reg_; } }; // The FailurePath class stores everything we need to generate a failure path // at the end of the IC code. The failure path restores the input registers, if // needed, and jumps to the next stub. class FailurePath { Vector<OperandLocation, 4, SystemAllocPolicy> inputs_; NonAssertingLabel label_; uint32_t stackPushed_; public: FailurePath() = default; FailurePath(FailurePath&& other) : inputs_(Move(other.inputs_)), label_(other.label_), stackPushed_(other.stackPushed_) {} Label* label() { return &label_; } void setStackPushed(uint32_t i) { stackPushed_ = i; } uint32_t stackPushed() const { return stackPushed_; } bool appendInput(OperandLocation loc) { return inputs_.append(loc); } OperandLocation input(size_t i) const { return inputs_[i]; } // If canShareFailurePath(other) returns true, the same machine code will // be emitted for two failure paths, so we can share them. bool canShareFailurePath(const FailurePath& other) const { if (stackPushed_ != other.stackPushed_) return false; MOZ_ASSERT(inputs_.length() == other.inputs_.length()); for (size_t i = 0; i < inputs_.length(); i++) { if (inputs_[i] != other.inputs_[i]) return false; } return true; } }; // Base class for BaselineCacheIRCompiler and IonCacheIRCompiler. class MOZ_RAII CacheIRCompiler { protected: JSContext* cx_; CacheIRReader reader; const CacheIRWriter& writer_; MacroAssembler masm; CacheRegisterAllocator allocator; Vector<FailurePath, 4, SystemAllocPolicy> failurePaths; CacheIRCompiler(JSContext* cx, const CacheIRWriter& writer) : cx_(cx), reader(writer), writer_(writer), allocator(writer_) {} void emitFailurePath(size_t i); }; void CacheIRCompiler::emitFailurePath(size_t i) { FailurePath& failure = failurePaths[i]; masm.bind(failure.label()); uint32_t stackPushed = failure.stackPushed(); size_t numInputOperands = writer_.numInputOperands(); for (size_t j = 0; j < numInputOperands; j++) { OperandLocation orig = allocator.origInputLocation(j); OperandLocation cur = failure.input(j); MOZ_ASSERT(orig.kind() == OperandLocation::ValueReg); // We have a cycle if a destination register will be used later // as source register. If that happens, just push the current value // on the stack and later get it from there. for (size_t k = j + 1; k < numInputOperands; k++) { OperandLocation laterSource = failure.input(k); switch (laterSource.kind()) { case OperandLocation::ValueReg: if (orig.aliasesReg(laterSource.valueReg())) { stackPushed += sizeof(js::Value); masm.pushValue(laterSource.valueReg()); laterSource.setValueStack(stackPushed); } break; case OperandLocation::PayloadReg: if (orig.aliasesReg(laterSource.payloadReg())) { stackPushed += sizeof(uintptr_t); masm.push(laterSource.payloadReg()); laterSource.setPayloadStack(stackPushed, laterSource.payloadType()); } break; case OperandLocation::PayloadStack: case OperandLocation::ValueStack: case OperandLocation::Uninitialized: break; } } switch (cur.kind()) { case OperandLocation::ValueReg: masm.moveValue(cur.valueReg(), orig.valueReg()); break; case OperandLocation::PayloadReg: masm.tagValue(cur.payloadType(), cur.payloadReg(), orig.valueReg()); break; case OperandLocation::PayloadStack: { MOZ_ASSERT(stackPushed >= sizeof(uintptr_t)); Register scratch = orig.valueReg().scratchReg(); if (cur.payloadStack() == stackPushed) { masm.pop(scratch); stackPushed -= sizeof(uintptr_t); } else { MOZ_ASSERT(cur.payloadStack() < stackPushed); masm.loadPtr(Address(masm.getStackPointer(), stackPushed - cur.payloadStack()), scratch); } masm.tagValue(cur.payloadType(), scratch, orig.valueReg()); break; } case OperandLocation::ValueStack: MOZ_ASSERT(stackPushed >= sizeof(js::Value)); if (cur.valueStack() == stackPushed) { masm.popValue(orig.valueReg()); stackPushed -= sizeof(js::Value); } else { MOZ_ASSERT(cur.valueStack() < stackPushed); masm.loadValue(Address(masm.getStackPointer(), stackPushed - cur.valueStack()), orig.valueReg()); } break; default: MOZ_CRASH(); } } if (stackPushed > 0) masm.addToStackPtr(Imm32(stackPushed)); } // BaselineCacheIRCompiler compiles CacheIR to BaselineIC native code. class MOZ_RAII BaselineCacheIRCompiler : public CacheIRCompiler { uint32_t stubDataOffset_; public: BaselineCacheIRCompiler(JSContext* cx, const CacheIRWriter& writer, uint32_t stubDataOffset) : CacheIRCompiler(cx, writer), stubDataOffset_(stubDataOffset) {} MOZ_MUST_USE bool init(CacheKind kind); JitCode* compile(); private: #define DEFINE_OP(op) MOZ_MUST_USE bool emit##op(); CACHE_IR_OPS(DEFINE_OP) #undef DEFINE_OP Address stubAddress(uint32_t offset) const { return Address(ICStubReg, stubDataOffset_ + offset * sizeof(uintptr_t)); } bool addFailurePath(FailurePath** failure) { FailurePath newFailure; for (size_t i = 0; i < writer_.numInputOperands(); i++) { if (!newFailure.appendInput(allocator.operandLocation(i))) return false; } newFailure.setStackPushed(allocator.stackPushed()); // Reuse the previous failure path if the current one is the same, to // avoid emitting duplicate code. if (failurePaths.length() > 0 && failurePaths.back().canShareFailurePath(newFailure)) { *failure = &failurePaths.back(); return true; } if (!failurePaths.append(Move(newFailure))) return false; *failure = &failurePaths.back(); return true; } void emitEnterTypeMonitorIC() { if (allocator.stackPushed() > 0) masm.addToStackPtr(Imm32(allocator.stackPushed())); EmitEnterTypeMonitorIC(masm); } void emitReturnFromIC() { if (allocator.stackPushed() > 0) masm.addToStackPtr(Imm32(allocator.stackPushed())); EmitReturnFromIC(masm); } }; JitCode* BaselineCacheIRCompiler::compile() { #ifndef JS_USE_LINK_REGISTER // The first value contains the return addres, // which we pull into ICTailCallReg for tail calls. masm.adjustFrame(sizeof(intptr_t)); #endif #ifdef JS_CODEGEN_ARM masm.setSecondScratchReg(BaselineSecondScratchReg); #endif do { switch (reader.readOp()) { #define DEFINE_OP(op) \ case CacheOp::op: \ if (!emit##op()) \ return nullptr; \ break; CACHE_IR_OPS(DEFINE_OP) #undef DEFINE_OP default: MOZ_CRASH("Invalid op"); } allocator.nextOp(); } while (reader.more()); // Done emitting the main IC code. Now emit the failure paths. for (size_t i = 0; i < failurePaths.length(); i++) { emitFailurePath(i); EmitStubGuardFailure(masm); } Linker linker(masm); AutoFlushICache afc("getStubCode"); Rooted<JitCode*> newStubCode(cx_, linker.newCode<NoGC>(cx_, BASELINE_CODE)); if (!newStubCode) { cx_->recoverFromOutOfMemory(); return nullptr; } // All barriers are emitted off-by-default, enable them if needed. if (cx_->zone()->needsIncrementalBarrier()) newStubCode->togglePreBarriers(true, DontReprotect); return newStubCode; } ValueOperand CacheRegisterAllocator::useRegister(MacroAssembler& masm, ValOperandId op) { OperandLocation& loc = operandLocations_[op.id()]; switch (loc.kind()) { case OperandLocation::ValueReg: currentOpRegs_.add(loc.valueReg()); return loc.valueReg(); case OperandLocation::ValueStack: { // The Value is on the stack. If it's on top of the stack, unbox and // then pop it. If we need the registers later, we can always spill // back. If it's not on the top of the stack, just unbox. ValueOperand reg = allocateValueRegister(masm); if (loc.valueStack() == stackPushed_) { masm.popValue(reg); MOZ_ASSERT(stackPushed_ >= sizeof(js::Value)); stackPushed_ -= sizeof(js::Value); } else { MOZ_ASSERT(loc.valueStack() < stackPushed_); masm.loadValue(Address(masm.getStackPointer(), stackPushed_ - loc.valueStack()), reg); } loc.setValueReg(reg); return reg; } // The operand should never be unboxed. case OperandLocation::PayloadStack: case OperandLocation::PayloadReg: case OperandLocation::Uninitialized: break; } MOZ_CRASH(); } Register CacheRegisterAllocator::useRegister(MacroAssembler& masm, ObjOperandId op) { OperandLocation& loc = operandLocations_[op.id()]; switch (loc.kind()) { case OperandLocation::PayloadReg: currentOpRegs_.add(loc.payloadReg()); return loc.payloadReg(); case OperandLocation::ValueReg: { // It's possible the value is still boxed: as an optimization, we unbox // the first time we use a value as object. ValueOperand val = loc.valueReg(); availableRegs_.add(val); Register reg = val.scratchReg(); availableRegs_.take(reg); masm.unboxObject(val, reg); loc.setPayloadReg(reg, JSVAL_TYPE_OBJECT); currentOpRegs_.add(reg); return reg; } case OperandLocation::PayloadStack: { // The payload is on the stack. If it's on top of the stack we can just // pop it, else we emit a load. Register reg = allocateRegister(masm); if (loc.payloadStack() == stackPushed_) { masm.pop(reg); MOZ_ASSERT(stackPushed_ >= sizeof(uintptr_t)); stackPushed_ -= sizeof(uintptr_t); } else { MOZ_ASSERT(loc.payloadStack() < stackPushed_); masm.loadPtr(Address(masm.getStackPointer(), stackPushed_ - loc.payloadStack()), reg); } loc.setPayloadReg(reg, loc.payloadType()); return reg; } case OperandLocation::ValueStack: { // The value is on the stack, but boxed. If it's on top of the stack we // unbox it and then remove it from the stack, else we just unbox. Register reg = allocateRegister(masm); if (loc.valueStack() == stackPushed_) { masm.unboxObject(Address(masm.getStackPointer(), 0), reg); masm.addToStackPtr(Imm32(sizeof(js::Value))); MOZ_ASSERT(stackPushed_ >= sizeof(js::Value)); stackPushed_ -= sizeof(js::Value); } else { MOZ_ASSERT(loc.valueStack() < stackPushed_); masm.unboxObject(Address(masm.getStackPointer(), stackPushed_ - loc.valueStack()), reg); } loc.setPayloadReg(reg, JSVAL_TYPE_OBJECT); return reg; } case OperandLocation::Uninitialized: break; } MOZ_CRASH(); } Register CacheRegisterAllocator::defineRegister(MacroAssembler& masm, ObjOperandId op) { OperandLocation& loc = operandLocations_[op.id()]; MOZ_ASSERT(loc.kind() == OperandLocation::Uninitialized); Register reg = allocateRegister(masm); loc.setPayloadReg(reg, JSVAL_TYPE_OBJECT); return reg; } Register CacheRegisterAllocator::allocateRegister(MacroAssembler& masm) { if (availableRegs_.empty()) { // No registers available. See if any operands are dead so we can reuse // their registers. Note that we skip the input operands, as those are // also used by failure paths, and we currently don't track those uses. for (size_t i = writer_.numInputOperands(); i < operandLocations_.length(); i++) { if (!writer_.operandIsDead(i, currentInstruction_)) continue; OperandLocation& loc = operandLocations_[i]; switch (loc.kind()) { case OperandLocation::PayloadReg: availableRegs_.add(loc.payloadReg()); break; case OperandLocation::ValueReg: availableRegs_.add(loc.valueReg()); break; case OperandLocation::Uninitialized: case OperandLocation::PayloadStack: case OperandLocation::ValueStack: break; } loc.setUninitialized(); } } if (availableRegs_.empty()) { // Still no registers available, try to spill unused operands to // the stack. for (size_t i = 0; i < operandLocations_.length(); i++) { OperandLocation& loc = operandLocations_[i]; if (loc.kind() == OperandLocation::PayloadReg) { Register reg = loc.payloadReg(); if (currentOpRegs_.has(reg)) continue; masm.push(reg); stackPushed_ += sizeof(uintptr_t); loc.setPayloadStack(stackPushed_, loc.payloadType()); availableRegs_.add(reg); break; // We got a register, so break out of the loop. } if (loc.kind() == OperandLocation::ValueReg) { ValueOperand reg = loc.valueReg(); if (currentOpRegs_.aliases(reg)) continue; masm.pushValue(reg); stackPushed_ += sizeof(js::Value); loc.setValueStack(stackPushed_); availableRegs_.add(reg); break; // Break out of the loop. } } } // At this point, there must be a free register. (Ion ICs don't have as // many registers available, so once we support Ion code generation, we may // have to spill some unrelated registers.) MOZ_RELEASE_ASSERT(!availableRegs_.empty()); Register reg = availableRegs_.takeAny(); currentOpRegs_.add(reg); return reg; } ValueOperand CacheRegisterAllocator::allocateValueRegister(MacroAssembler& masm) { #ifdef JS_NUNBOX32 Register reg1 = allocateRegister(masm); Register reg2 = allocateRegister(masm); return ValueOperand(reg1, reg2); #else Register reg = allocateRegister(masm); return ValueOperand(reg); #endif } bool BaselineCacheIRCompiler::emitGuardIsObject() { ValueOperand input = allocator.useRegister(masm, reader.valOperandId()); FailurePath* failure; if (!addFailurePath(&failure)) return false; masm.branchTestObject(Assembler::NotEqual, input, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardType() { ValueOperand input = allocator.useRegister(masm, reader.valOperandId()); JSValueType type = reader.valueType(); FailurePath* failure; if (!addFailurePath(&failure)) return false; switch (type) { case JSVAL_TYPE_STRING: masm.branchTestString(Assembler::NotEqual, input, failure->label()); break; case JSVAL_TYPE_SYMBOL: masm.branchTestSymbol(Assembler::NotEqual, input, failure->label()); break; case JSVAL_TYPE_DOUBLE: masm.branchTestNumber(Assembler::NotEqual, input, failure->label()); break; case JSVAL_TYPE_BOOLEAN: masm.branchTestBoolean(Assembler::NotEqual, input, failure->label()); break; default: MOZ_CRASH("Unexpected type"); } return true; } bool BaselineCacheIRCompiler::emitGuardShape() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address addr(stubAddress(reader.stubOffset())); masm.loadPtr(addr, scratch); masm.branchTestObjShape(Assembler::NotEqual, obj, scratch, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardGroup() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address addr(stubAddress(reader.stubOffset())); masm.loadPtr(addr, scratch); masm.branchTestObjGroup(Assembler::NotEqual, obj, scratch, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardProto() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address addr(stubAddress(reader.stubOffset())); masm.loadObjProto(obj, scratch); masm.branchPtr(Assembler::NotEqual, addr, scratch, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardClass() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; const Class* clasp = nullptr; switch (reader.guardClassKind()) { case GuardClassKind::Array: clasp = &ArrayObject::class_; break; case GuardClassKind::MappedArguments: clasp = &MappedArgumentsObject::class_; break; case GuardClassKind::UnmappedArguments: clasp = &UnmappedArgumentsObject::class_; break; } MOZ_ASSERT(clasp); masm.branchTestObjClass(Assembler::NotEqual, obj, scratch, clasp, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardSpecificObject() { Register obj = allocator.useRegister(masm, reader.objOperandId()); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address addr(stubAddress(reader.stubOffset())); masm.branchPtr(Assembler::NotEqual, addr, obj, failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardNoUnboxedExpando() { Register obj = allocator.useRegister(masm, reader.objOperandId()); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address expandoAddr(obj, UnboxedPlainObject::offsetOfExpando()); masm.branchPtr(Assembler::NotEqual, expandoAddr, ImmWord(0), failure->label()); return true; } bool BaselineCacheIRCompiler::emitGuardAndLoadUnboxedExpando() { Register obj = allocator.useRegister(masm, reader.objOperandId()); Register output = allocator.defineRegister(masm, reader.objOperandId()); FailurePath* failure; if (!addFailurePath(&failure)) return false; Address expandoAddr(obj, UnboxedPlainObject::offsetOfExpando()); masm.loadPtr(expandoAddr, output); masm.branchTestPtr(Assembler::Zero, output, output, failure->label()); return true; } bool BaselineCacheIRCompiler::emitLoadFixedSlotResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); masm.load32(stubAddress(reader.stubOffset()), scratch); masm.loadValue(BaseIndex(obj, scratch, TimesOne), R0); emitEnterTypeMonitorIC(); return true; } bool BaselineCacheIRCompiler::emitLoadDynamicSlotResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); // We're about to return, so it's safe to clobber obj now. masm.load32(stubAddress(reader.stubOffset()), scratch); masm.loadPtr(Address(obj, NativeObject::offsetOfSlots()), obj); masm.loadValue(BaseIndex(obj, scratch, TimesOne), R0); emitEnterTypeMonitorIC(); return true; } bool BaselineCacheIRCompiler::emitLoadUnboxedPropertyResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); JSValueType fieldType = reader.valueType(); Address fieldOffset(stubAddress(reader.stubOffset())); masm.load32(fieldOffset, scratch); masm.loadUnboxedProperty(BaseIndex(obj, scratch, TimesOne), fieldType, R0); if (fieldType == JSVAL_TYPE_OBJECT) emitEnterTypeMonitorIC(); else emitReturnFromIC(); return true; } bool BaselineCacheIRCompiler::emitGuardNoDetachedTypedObjects() { FailurePath* failure; if (!addFailurePath(&failure)) return false; CheckForTypedObjectWithDetachedStorage(cx_, masm, failure->label()); return true; } bool BaselineCacheIRCompiler::emitLoadTypedObjectResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); TypedThingLayout layout = reader.typedThingLayout(); uint32_t typeDescr = reader.typeDescrKey(); Address fieldOffset(stubAddress(reader.stubOffset())); // Get the object's data pointer. LoadTypedThingData(masm, layout, obj, scratch1); // Get the address being written to. masm.load32(fieldOffset, scratch2); masm.addPtr(scratch2, scratch1); // Only monitor the result if the type produced by this stub might vary. bool monitorLoad; if (SimpleTypeDescrKeyIsScalar(typeDescr)) { Scalar::Type type = ScalarTypeFromSimpleTypeDescrKey(typeDescr); monitorLoad = type == Scalar::Uint32; masm.loadFromTypedArray(type, Address(scratch1, 0), R0, /* allowDouble = */ true, scratch2, nullptr); } else { ReferenceTypeDescr::Type type = ReferenceTypeFromSimpleTypeDescrKey(typeDescr); monitorLoad = type != ReferenceTypeDescr::TYPE_STRING; switch (type) { case ReferenceTypeDescr::TYPE_ANY: masm.loadValue(Address(scratch1, 0), R0); break; case ReferenceTypeDescr::TYPE_OBJECT: { Label notNull, done; masm.loadPtr(Address(scratch1, 0), scratch1); masm.branchTestPtr(Assembler::NonZero, scratch1, scratch1, ¬Null); masm.moveValue(NullValue(), R0); masm.jump(&done); masm.bind(¬Null); masm.tagValue(JSVAL_TYPE_OBJECT, scratch1, R0); masm.bind(&done); break; } case ReferenceTypeDescr::TYPE_STRING: masm.loadPtr(Address(scratch1, 0), scratch1); masm.tagValue(JSVAL_TYPE_STRING, scratch1, R0); break; default: MOZ_CRASH("Invalid ReferenceTypeDescr"); } } if (monitorLoad) emitEnterTypeMonitorIC(); else emitReturnFromIC(); return true; } bool BaselineCacheIRCompiler::emitLoadUndefinedResult() { masm.moveValue(UndefinedValue(), R0); // Normally for this op, the result would have to be monitored by TI. // However, since this stub ALWAYS returns UndefinedValue(), and we can be sure // that undefined is already registered with the type-set, this can be avoided. emitReturnFromIC(); return true; } bool BaselineCacheIRCompiler::emitLoadInt32ArrayLengthResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); masm.load32(Address(scratch, ObjectElements::offsetOfLength()), scratch); // Guard length fits in an int32. masm.branchTest32(Assembler::Signed, scratch, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, R0); // The int32 type was monitored when attaching the stub, so we can // just return. emitReturnFromIC(); return true; } bool BaselineCacheIRCompiler::emitLoadArgumentsObjectLengthResult() { Register obj = allocator.useRegister(masm, reader.objOperandId()); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) return false; // Get initial length value. masm.unboxInt32(Address(obj, ArgumentsObject::getInitialLengthSlotOffset()), scratch); // Test if length has been overridden. masm.branchTest32(Assembler::NonZero, scratch, Imm32(ArgumentsObject::LENGTH_OVERRIDDEN_BIT), failure->label()); // Shift out arguments length and return it. No need to type monitor // because this stub always returns int32. masm.rshiftPtr(Imm32(ArgumentsObject::PACKED_BITS_COUNT), scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, R0); emitReturnFromIC(); return true; } bool BaselineCacheIRCompiler::emitLoadObject() { Register reg = allocator.defineRegister(masm, reader.objOperandId()); masm.loadPtr(stubAddress(reader.stubOffset()), reg); return true; } bool BaselineCacheIRCompiler::emitLoadProto() { Register obj = allocator.useRegister(masm, reader.objOperandId()); Register reg = allocator.defineRegister(masm, reader.objOperandId()); masm.loadObjProto(obj, reg); return true; } bool BaselineCacheIRCompiler::init(CacheKind kind) { size_t numInputs = writer_.numInputOperands(); if (!allocator.init(ICStubCompiler::availableGeneralRegs(numInputs))) return false; MOZ_ASSERT(numInputs == 1); allocator.initInputLocation(0, R0); return true; } template <typename T> static GCPtr<T>* AsGCPtr(uintptr_t* ptr) { return reinterpret_cast<GCPtr<T>*>(ptr); } template<class T> GCPtr<T>& CacheIRStubInfo::getStubField(ICStub* stub, uint32_t field) const { uint8_t* stubData = (uint8_t*)stub + stubDataOffset_; MOZ_ASSERT(uintptr_t(stubData) % sizeof(uintptr_t) == 0); return *AsGCPtr<T>((uintptr_t*)stubData + field); } template GCPtr<Shape*>& CacheIRStubInfo::getStubField(ICStub* stub, uint32_t offset) const; template GCPtr<ObjectGroup*>& CacheIRStubInfo::getStubField(ICStub* stub, uint32_t offset) const; template GCPtr<JSObject*>& CacheIRStubInfo::getStubField(ICStub* stub, uint32_t offset) const; template <typename T> static void InitGCPtr(uintptr_t* ptr, uintptr_t val) { AsGCPtr<T*>(ptr)->init((T*)val); } void CacheIRWriter::copyStubData(uint8_t* dest) const { uintptr_t* destWords = reinterpret_cast<uintptr_t*>(dest); for (size_t i = 0; i < stubFields_.length(); i++) { switch (stubFields_[i].gcType) { case StubField::GCType::NoGCThing: destWords[i] = stubFields_[i].word; continue; case StubField::GCType::Shape: InitGCPtr<Shape>(destWords + i, stubFields_[i].word); continue; case StubField::GCType::JSObject: InitGCPtr<JSObject>(destWords + i, stubFields_[i].word); continue; case StubField::GCType::ObjectGroup: InitGCPtr<ObjectGroup>(destWords + i, stubFields_[i].word); continue; case StubField::GCType::Limit: break; } MOZ_CRASH(); } } HashNumber CacheIRStubKey::hash(const CacheIRStubKey::Lookup& l) { HashNumber hash = mozilla::HashBytes(l.code, l.length); return mozilla::AddToHash(hash, uint32_t(l.kind)); } bool CacheIRStubKey::match(const CacheIRStubKey& entry, const CacheIRStubKey::Lookup& l) { if (entry.stubInfo->kind() != l.kind) return false; if (entry.stubInfo->codeLength() != l.length) return false; if (!mozilla::PodEqual(entry.stubInfo->code(), l.code, l.length)) return false; return true; } CacheIRReader::CacheIRReader(const CacheIRStubInfo* stubInfo) : CacheIRReader(stubInfo->code(), stubInfo->code() + stubInfo->codeLength()) {} CacheIRStubInfo* CacheIRStubInfo::New(CacheKind kind, uint32_t stubDataOffset, const CacheIRWriter& writer) { size_t numStubFields = writer.numStubFields(); size_t bytesNeeded = sizeof(CacheIRStubInfo) + writer.codeLength() + (numStubFields + 1); // +1 for the GCType::Limit terminator. uint8_t* p = js_pod_malloc<uint8_t>(bytesNeeded); if (!p) return nullptr; // Copy the CacheIR code. uint8_t* codeStart = p + sizeof(CacheIRStubInfo); mozilla::PodCopy(codeStart, writer.codeStart(), writer.codeLength()); static_assert(uint32_t(StubField::GCType::Limit) <= UINT8_MAX, "All StubField::GCTypes must fit in uint8_t"); // Copy the GC types of the stub fields. uint8_t* gcTypes = codeStart + writer.codeLength(); for (size_t i = 0; i < numStubFields; i++) gcTypes[i] = uint8_t(writer.stubFieldGCType(i)); gcTypes[numStubFields] = uint8_t(StubField::GCType::Limit); return new(p) CacheIRStubInfo(kind, stubDataOffset, codeStart, writer.codeLength(), gcTypes); } static const size_t MaxOptimizedCacheIRStubs = 16; ICStub* jit::AttachBaselineCacheIRStub(JSContext* cx, const CacheIRWriter& writer, CacheKind kind, ICFallbackStub* stub) { // We shouldn't GC or report OOM (or any other exception) here. AutoAssertNoPendingException aanpe(cx); JS::AutoCheckCannotGC nogc; if (writer.failed()) return nullptr; // Just a sanity check: the caller should ensure we don't attach an // unlimited number of stubs. MOZ_ASSERT(stub->numOptimizedStubs() < MaxOptimizedCacheIRStubs); MOZ_ASSERT(kind == CacheKind::GetProp); uint32_t stubDataOffset = sizeof(ICCacheIR_Monitored); JitCompartment* jitCompartment = cx->compartment()->jitCompartment(); // Check if we already have JitCode for this stub. CacheIRStubInfo* stubInfo; CacheIRStubKey::Lookup lookup(kind, writer.codeStart(), writer.codeLength()); JitCode* code = jitCompartment->getCacheIRStubCode(lookup, &stubInfo); if (!code) { // We have to generate stub code. JitContext jctx(cx, nullptr); BaselineCacheIRCompiler comp(cx, writer, stubDataOffset); if (!comp.init(kind)) return nullptr; code = comp.compile(); if (!code) return nullptr; // Allocate the shared CacheIRStubInfo. Note that the putCacheIRStubCode // call below will transfer ownership to the stub code HashMap, so we // don't have to worry about freeing it below. MOZ_ASSERT(!stubInfo); stubInfo = CacheIRStubInfo::New(kind, stubDataOffset, writer); if (!stubInfo) return nullptr; CacheIRStubKey key(stubInfo); if (!jitCompartment->putCacheIRStubCode(lookup, key, code)) return nullptr; } // We got our shared stub code and stub info. Time to allocate and attach a // new stub. MOZ_ASSERT(code); MOZ_ASSERT(stubInfo); MOZ_ASSERT(stub->isMonitoredFallback()); size_t bytesNeeded = stubInfo->stubDataOffset() + writer.stubDataSize(); // For now, no stubs can make calls so they are all allocated in the // optimized stub space. void* newStub = cx->zone()->jitZone()->optimizedStubSpace()->alloc(bytesNeeded); if (!newStub) return nullptr; ICStub* monitorStub = stub->toMonitoredFallbackStub()->fallbackMonitorStub()->firstMonitorStub(); new(newStub) ICCacheIR_Monitored(code, monitorStub, stubInfo); writer.copyStubData((uint8_t*)newStub + stubInfo->stubDataOffset()); stub->addNewStub((ICStub*)newStub); return (ICStub*)newStub; } void jit::TraceBaselineCacheIRStub(JSTracer* trc, ICStub* stub, const CacheIRStubInfo* stubInfo) { uint32_t field = 0; while (true) { switch (stubInfo->gcType(field)) { case StubField::GCType::NoGCThing: break; case StubField::GCType::Shape: TraceNullableEdge(trc, &stubInfo->getStubField<Shape*>(stub, field), "baseline-cacheir-shape"); break; case StubField::GCType::ObjectGroup: TraceNullableEdge(trc, &stubInfo->getStubField<ObjectGroup*>(stub, field), "baseline-cacheir-group"); break; case StubField::GCType::JSObject: TraceNullableEdge(trc, &stubInfo->getStubField<JSObject*>(stub, field), "baseline-cacheir-object"); break; case StubField::GCType::Limit: return; // Done. default: MOZ_CRASH(); } field++; } }