| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/js/src/jit/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 368 kB |
|
SSL CacheIRCompiler.cppSprache: C |
|||||||||||||||
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- * vim: set ts=8 sts=2 et sw=2 tw=80: * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "jit/CacheIRCompiler.h" #include "mozilla/ArrayUtils.h" #include "mozilla/FunctionTypeTraits.h" #include "mozilla/MaybeOneOf.h" #include "mozilla/ScopeExit.h" #include <type_traits> #include <utility> #include "jslibmath.h" #include "jsmath.h" #include "builtin/DataViewObject.h" #include "builtin/Object.h" #include "gc/GCEnum.h" #include "jit/BaselineCacheIRCompiler.h" #include "jit/CacheIRGenerator.h" #include "jit/IonCacheIRCompiler.h" #include "jit/JitFrames.h" #include "jit/JitRuntime.h" #include "jit/JitZone.h" #include "jit/SharedICHelpers.h" #include "jit/SharedICRegisters.h" #include "jit/VMFunctions.h" #include "js/friend/DOMProxy.h" // JS::ExpandoAndGeneration #include "js/friend/XrayJitInfo.h" // js::jit::GetXrayJitInfo #include "js/ScalarType.h" // js::Scalar::Type #include "js/SweepingAPI.h" #include "proxy/DOMProxy.h" #include "proxy/Proxy.h" #include "proxy/ScriptedProxyHandler.h" #include "vm/ArgumentsObject.h" #include "vm/ArrayBufferObject.h" #include "vm/ArrayBufferViewObject.h" #include "vm/BigIntType.h" #include "vm/FunctionFlags.h" // js::FunctionFlags #include "vm/GeneratorObject.h" #include "vm/GetterSetter.h" #include "vm/Interpreter.h" #include "vm/TypeofEqOperand.h" // TypeofEqOperand #include "vm/Uint8Clamped.h" #include "builtin/Boolean-inl.h" #include "jit/MacroAssembler-inl.h" #include "jit/SharedICHelpers-inl.h" #include "jit/VMFunctionList-inl.h" using namespace js; using namespace js::jit; using mozilla::Maybe; using JS::ExpandoAndGeneration; ValueOperand CacheRegisterAllocator::useValueRegister(MacroAssembler& masm, ValOperandId op) { OperandLocation& loc = operandLocations_[op.id()]; switch (loc.kind()) { case OperandLocation::ValueReg: currentOpRegs_.add(loc.valueReg()); return loc.valueReg(); case OperandLocation::ValueStack: { ValueOperand reg = allocateValueRegister(masm); popValue(masm, &loc, reg); return reg; } case OperandLocation::BaselineFrame: { ValueOperand reg = allocateValueRegister(masm); Address addr = addressOf(masm, loc.baselineFrameSlot()); masm.loadValue(addr, reg); loc.setValueReg(reg); return reg; } case OperandLocation::Constant: { ValueOperand reg = allocateValueRegister(masm); masm.moveValue(loc.constant(), reg); loc.setValueReg(reg); return reg; } case OperandLocation::PayloadReg: { // Temporarily add the payload register to currentOpRegs_ so // allocateValueRegister will stay away from it. currentOpRegs_.add(loc.payloadReg()); ValueOperand reg = allocateValueRegister(masm); masm.tagValue(loc.payloadType(), loc.payloadReg(), reg); currentOpRegs_.take(loc.payloadReg()); availableRegs_.add(loc.payloadReg()); loc.setValueReg(reg); return reg; } case OperandLocation::PayloadStack: { ValueOperand reg = allocateValueRegister(masm); popPayload(masm, &loc, reg.scratchReg()); masm.tagValue(loc.payloadType(), reg.scratchReg(), reg); loc.setValueReg(reg); return reg; } case OperandLocation::DoubleReg: { ValueOperand reg = allocateValueRegister(masm); { ScratchDoubleScope fpscratch(masm); masm.boxDouble(loc.doubleReg(), reg, fpscratch); } loc.setValueReg(reg); return reg; } case OperandLocation::Uninitialized: break; } MOZ_CRASH(); } // Load a value operand directly into a float register. Caller must have // guarded isNumber on the provided val. void CacheRegisterAllocator::ensureDoubleRegister(MacroAssembler& masm, NumberOperandId op, FloatRegister dest) const { // If AutoScratchFloatRegister is active, we have to add sizeof(double) to // any stack slot offsets below. int32_t stackOffset = hasAutoScratchFloatRegisterSpill() ? sizeof(double) : 0; const OperandLocation& loc = operandLocations_[op.id()]; Label failure, done; switch (loc.kind()) { case OperandLocation::ValueReg: { masm.ensureDouble(loc.valueReg(), dest, &failure); break; } case OperandLocation::ValueStack: { Address addr = valueAddress(masm, &loc); addr.offset += stackOffset; masm.ensureDouble(addr, dest, &failure); break; } case OperandLocation::BaselineFrame: { Address addr = addressOf(masm, loc.baselineFrameSlot()); addr.offset += stackOffset; masm.ensureDouble(addr, dest, &failure); break; } case OperandLocation::DoubleReg: { masm.moveDouble(loc.doubleReg(), dest); return; } case OperandLocation::Constant: { MOZ_ASSERT(loc.constant().isNumber(), "Caller must ensure the operand is a number value"); masm.loadConstantDouble(loc.constant().toNumber(), dest); return; } case OperandLocation::PayloadReg: { // Doubles can't be stored in payload registers, so this must be an int32. MOZ_ASSERT(loc.payloadType() == JSVAL_TYPE_INT32, "Caller must ensure the operand is a number value"); masm.convertInt32ToDouble(loc.payloadReg(), dest); return; } case OperandLocation::PayloadStack: { // Doubles can't be stored in payload registers, so this must be an int32. MOZ_ASSERT(loc.payloadType() == JSVAL_TYPE_INT32, "Caller must ensure the operand is a number value"); MOZ_ASSERT(loc.payloadStack() <= stackPushed_); Address addr = payloadAddress(masm, &loc); addr.offset += stackOffset; masm.convertInt32ToDouble(addr, dest); return; } case OperandLocation::Uninitialized: MOZ_CRASH("Unhandled operand type in ensureDoubleRegister"); return; } masm.jump(&done); masm.bind(&failure); masm.assumeUnreachable( "Missing guard allowed non-number to hit ensureDoubleRegister"); masm.bind(&done); } void CacheRegisterAllocator::copyToScratchRegister(MacroAssembler& masm, TypedOperandId typedId, Register dest) const { // If AutoScratchFloatRegister is active, we have to add sizeof(double) to // any stack slot offsets below. int32_t stackOffset = hasAutoScratchFloatRegisterSpill() ? sizeof(double) : 0; const OperandLocation& loc = operandLocations_[typedId.id()]; switch (loc.kind()) { case OperandLocation::ValueReg: { masm.unboxNonDouble(loc.valueReg(), dest, typedId.type()); break; } case OperandLocation::ValueStack: { Address addr = valueAddress(masm, &loc); addr.offset += stackOffset; masm.unboxNonDouble(addr, dest, typedId.type()); break; } case OperandLocation::BaselineFrame: { Address addr = addressOf(masm, loc.baselineFrameSlot()); addr.offset += stackOffset; masm.unboxNonDouble(addr, dest, typedId.type()); break; } case OperandLocation::PayloadReg: { MOZ_ASSERT(loc.payloadType() == typedId.type()); masm.mov(loc.payloadReg(), dest); return; } case OperandLocation::PayloadStack: { MOZ_ASSERT(loc.payloadType() == typedId.type()); MOZ_ASSERT(loc.payloadStack() <= stackPushed_); Address addr = payloadAddress(masm, &loc); addr.offset += stackOffset; masm.loadPtr(addr, dest); return; } case OperandLocation::DoubleReg: case OperandLocation::Constant: case OperandLocation::Uninitialized: MOZ_CRASH("Unhandled operand location"); } } void CacheRegisterAllocator::copyToScratchValueRegister( MacroAssembler& masm, ValOperandId valId, ValueOperand dest) const { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); const OperandLocation& loc = operandLocations_[valId.id()]; switch (loc.kind()) { case OperandLocation::ValueReg: masm.moveValue(loc.valueReg(), dest); break; case OperandLocation::ValueStack: { Address addr = valueAddress(masm, &loc); masm.loadValue(addr, dest); break; } case OperandLocation::BaselineFrame: { Address addr = addressOf(masm, loc.baselineFrameSlot()); masm.loadValue(addr, dest); break; } case OperandLocation::Constant: masm.moveValue(loc.constant(), dest); break; case OperandLocation::PayloadReg: masm.tagValue(loc.payloadType(), loc.payloadReg(), dest); break; case OperandLocation::PayloadStack: { Address addr = payloadAddress(masm, &loc); masm.loadPtr(addr, dest.scratchReg()); masm.tagValue(loc.payloadType(), dest.scratchReg(), dest); break; } case OperandLocation::DoubleReg: { ScratchDoubleScope fpscratch(masm); masm.boxDouble(loc.doubleReg(), dest, fpscratch); break; } case OperandLocation::Uninitialized: MOZ_CRASH(); } } Register CacheRegisterAllocator::useRegister(MacroAssembler& masm, TypedOperandId typedId) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); OperandLocation& loc = operandLocations_[typedId.id()]; switch (loc.kind()) { case OperandLocation::PayloadReg: currentOpRegs_.add(loc.payloadReg()); return loc.payloadReg(); case OperandLocation::ValueReg: { // It's possible the value is still boxed: as an optimization, we unbox // the first time we use a value as object. ValueOperand val = loc.valueReg(); availableRegs_.add(val); Register reg = val.scratchReg(); availableRegs_.take(reg); masm.unboxNonDouble(val, reg, typedId.type()); loc.setPayloadReg(reg, typedId.type()); currentOpRegs_.add(reg); return reg; } case OperandLocation::PayloadStack: { Register reg = allocateRegister(masm); popPayload(masm, &loc, reg); return reg; } case OperandLocation::ValueStack: { // The value is on the stack, but boxed. If it's on top of the stack we // unbox it and then remove it from the stack, else we just unbox. Register reg = allocateRegister(masm); if (loc.valueStack() == stackPushed_) { masm.unboxNonDouble(Address(masm.getStackPointer(), 0), reg, typedId.type()); masm.addToStackPtr(Imm32(sizeof(js::Value))); MOZ_ASSERT(stackPushed_ >= sizeof(js::Value)); stackPushed_ -= sizeof(js::Value); } else { MOZ_ASSERT(loc.valueStack() < stackPushed_); masm.unboxNonDouble( Address(masm.getStackPointer(), stackPushed_ - loc.valueStack()), reg, typedId.type()); } loc.setPayloadReg(reg, typedId.type()); return reg; } case OperandLocation::BaselineFrame: { Register reg = allocateRegister(masm); Address addr = addressOf(masm, loc.baselineFrameSlot()); masm.unboxNonDouble(addr, reg, typedId.type()); loc.setPayloadReg(reg, typedId.type()); return reg; }; case OperandLocation::Constant: { Value v = loc.constant(); Register reg = allocateRegister(masm); if (v.isString()) { masm.movePtr(ImmGCPtr(v.toString()), reg); } else if (v.isSymbol()) { masm.movePtr(ImmGCPtr(v.toSymbol()), reg); } else if (v.isBigInt()) { masm.movePtr(ImmGCPtr(v.toBigInt()), reg); } else if (v.isBoolean()) { masm.movePtr(ImmWord(v.toBoolean() ? 1 : 0), reg); } else { MOZ_CRASH("Unexpected Value"); } loc.setPayloadReg(reg, v.extractNonDoubleType()); return reg; } case OperandLocation::DoubleReg: case OperandLocation::Uninitialized: break; } MOZ_CRASH(); } ConstantOrRegister CacheRegisterAllocator::useConstantOrRegister( MacroAssembler& masm, ValOperandId val) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); OperandLocation& loc = operandLocations_[val.id()]; switch (loc.kind()) { case OperandLocation::Constant: return loc.constant(); case OperandLocation::PayloadReg: case OperandLocation::PayloadStack: { JSValueType payloadType = loc.payloadType(); Register reg = useRegister(masm, TypedOperandId(val, payloadType)); return TypedOrValueRegister(MIRTypeFromValueType(payloadType), AnyRegister(reg)); } case OperandLocation::ValueReg: case OperandLocation::ValueStack: case OperandLocation::BaselineFrame: return TypedOrValueRegister(useValueRegister(masm, val)); case OperandLocation::DoubleReg: return TypedOrValueRegister(MIRType::Double, AnyRegister(loc.doubleReg())); case OperandLocation::Uninitialized: break; } MOZ_CRASH(); } Register CacheRegisterAllocator::defineRegister(MacroAssembler& masm, TypedOperandId typedId) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); OperandLocation& loc = operandLocations_[typedId.id()]; MOZ_ASSERT(loc.kind() == OperandLocation::Uninitialized); Register reg = allocateRegister(masm); loc.setPayloadReg(reg, typedId.type()); return reg; } ValueOperand CacheRegisterAllocator::defineValueRegister(MacroAssembler& masm, ValOperandId val) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); OperandLocation& loc = operandLocations_[val.id()]; MOZ_ASSERT(loc.kind() == OperandLocation::Uninitialized); ValueOperand reg = allocateValueRegister(masm); loc.setValueReg(reg); return reg; } void CacheRegisterAllocator::freeDeadOperandLocations(MacroAssembler& masm) { // See if any operands are dead so we can reuse their registers. Note that // we skip the input operands, as those are also used by failure paths, and // we currently don't track those uses. for (size_t i = writer_.numInputOperands(); i < operandLocations_.length(); i++) { if (!writer_.operandIsDead(i, currentInstruction_)) { continue; } OperandLocation& loc = operandLocations_[i]; switch (loc.kind()) { case OperandLocation::PayloadReg: availableRegs_.add(loc.payloadReg()); break; case OperandLocation::ValueReg: availableRegs_.add(loc.valueReg()); break; case OperandLocation::PayloadStack: masm.propagateOOM(freePayloadSlots_.append(loc.payloadStack())); break; case OperandLocation::ValueStack: masm.propagateOOM(freeValueSlots_.append(loc.valueStack())); break; case OperandLocation::Uninitialized: case OperandLocation::BaselineFrame: case OperandLocation::Constant: case OperandLocation::DoubleReg: break; } loc.setUninitialized(); } } void CacheRegisterAllocator::discardStack(MacroAssembler& masm) { // This should only be called when we are no longer using the operands, // as we're discarding everything from the native stack. Set all operand // locations to Uninitialized to catch bugs. for (size_t i = 0; i < operandLocations_.length(); i++) { operandLocations_[i].setUninitialized(); } if (stackPushed_ > 0) { masm.addToStackPtr(Imm32(stackPushed_)); stackPushed_ = 0; } freePayloadSlots_.clear(); freeValueSlots_.clear(); } Register CacheRegisterAllocator::allocateRegister(MacroAssembler& masm) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); if (availableRegs_.empty()) { freeDeadOperandLocations(masm); } if (availableRegs_.empty()) { // Still no registers available, try to spill unused operands to // the stack. for (size_t i = 0; i < operandLocations_.length(); i++) { OperandLocation& loc = operandLocations_[i]; if (loc.kind() == OperandLocation::PayloadReg) { Register reg = loc.payloadReg(); if (currentOpRegs_.has(reg)) { continue; } spillOperandToStack(masm, &loc); availableRegs_.add(reg); break; // We got a register, so break out of the loop. } if (loc.kind() == OperandLocation::ValueReg) { ValueOperand reg = loc.valueReg(); if (currentOpRegs_.aliases(reg)) { continue; } spillOperandToStack(masm, &loc); availableRegs_.add(reg); break; // Break out of the loop. } } } if (availableRegs_.empty() && !availableRegsAfterSpill_.empty()) { Register reg = availableRegsAfterSpill_.takeAny(); masm.push(reg); stackPushed_ += sizeof(uintptr_t); masm.propagateOOM(spilledRegs_.append(SpilledRegister(reg, stackPushed_))); availableRegs_.add(reg); } // At this point, there must be a free register. MOZ_RELEASE_ASSERT(!availableRegs_.empty()); Register reg = availableRegs_.takeAny(); currentOpRegs_.add(reg); return reg; } void CacheRegisterAllocator::allocateFixedRegister(MacroAssembler& masm, Register reg) { MOZ_ASSERT(!addedFailurePath_); MOZ_ASSERT(!hasAutoScratchFloatRegisterSpill()); // Fixed registers should be allocated first, to ensure they're // still available. MOZ_ASSERT(!currentOpRegs_.has(reg), "Register is in use"); freeDeadOperandLocations(masm); if (availableRegs_.has(reg)) { availableRegs_.take(reg); currentOpRegs_.add(reg); return; } // Register may be available only after spilling contents. if (availableRegsAfterSpill_.has(reg)) { availableRegsAfterSpill_.take(reg); masm.push(reg); stackPushed_ += sizeof(uintptr_t); masm.propagateOOM(spilledRegs_.append(SpilledRegister(reg, stackPushed_))); currentOpRegs_.add(reg); return; } // The register must be used by some operand. Spill it to the stack. for (size_t i = 0; i < operandLocations_.length(); i++) { OperandLocation& loc = operandLocations_[i]; if (loc.kind() == OperandLocation::PayloadReg) { if (loc.payloadReg() != reg) { continue; } spillOperandToStackOrRegister(masm, &loc); currentOpRegs_.add(reg); return; } if (loc.kind() == OperandLocation::ValueReg) { if (!loc.valueReg().aliases(reg)) { continue; } ValueOperand valueReg = loc.valueReg(); spillOperandToStackOrRegister(masm, &loc); availableRegs_.add(valueReg); availableRegs_.take(reg); currentOpRegs_.add(reg); return; } } MOZ_CRASH("Invalid register"); } void CacheRegisterAllocator::allocateFixedValueRegister(MacroAssembler& masm, ValueOperand reg) { #ifdef JS_NUNBOX32 allocateFixedRegister(masm, reg.payloadReg()); allocateFixedRegister(masm, reg.typeReg()); #else allocateFixedRegister(masm, reg.valueReg()); #endif } #ifdef JS_NUNBOX32 // Possible miscompilation in clang-12 (bug 1689641) MOZ_NEVER_INLINE #endif ValueOperand CacheRegisterAllocator::allocateValueRegister( MacroAssembler& masm) { #ifdef JS_NUNBOX32 Register reg1 = allocateRegister(masm); Register reg2 = allocateRegister(masm); return ValueOperand(reg1, reg2); #else Register reg = allocateRegister(masm); return ValueOperand(reg); #endif } bool CacheRegisterAllocator::init() { if (!origInputLocations_.resize(writer_.numInputOperands())) { return false; } if (!operandLocations_.resize(writer_.numOperandIds())) { return false; } return true; } void CacheRegisterAllocator::initAvailableRegsAfterSpill() { // Registers not in availableRegs_ and not used by input operands are // available after being spilled. availableRegsAfterSpill_.set() = GeneralRegisterSet::Intersect( GeneralRegisterSet::Not(availableRegs_.set()), GeneralRegisterSet::Not(inputRegisterSet())); } void CacheRegisterAllocator::fixupAliasedInputs(MacroAssembler& masm) { // If IC inputs alias each other, make sure they are stored in different // locations so we don't have to deal with this complexity in the rest of // the allocator. // // Note that this can happen in IonMonkey with something like |o.foo = o| // or |o[i] = i|. size_t numInputs = writer_.numInputOperands(); MOZ_ASSERT(origInputLocations_.length() == numInputs); for (size_t i = 1; i < numInputs; i++) { OperandLocation& loc1 = operandLocations_[i]; if (!loc1.isInRegister()) { continue; } for (size_t j = 0; j < i; j++) { OperandLocation& loc2 = operandLocations_[j]; if (!loc1.aliasesReg(loc2)) { continue; } // loc1 and loc2 alias so we spill one of them. If one is a // ValueReg and the other is a PayloadReg, we have to spill the // PayloadReg: spilling the ValueReg instead would leave its type // register unallocated on 32-bit platforms. if (loc1.kind() == OperandLocation::ValueReg) { spillOperandToStack(masm, &loc2); } else { MOZ_ASSERT(loc1.kind() == OperandLocation::PayloadReg); spillOperandToStack(masm, &loc1); break; // Spilled loc1, so nothing else will alias it. } } } #ifdef DEBUG assertValidState(); #endif } GeneralRegisterSet CacheRegisterAllocator::inputRegisterSet() const { MOZ_ASSERT(origInputLocations_.length() == writer_.numInputOperands()); AllocatableGeneralRegisterSet result; for (size_t i = 0; i < writer_.numInputOperands(); i++) { const OperandLocation& loc = operandLocations_[i]; MOZ_ASSERT(loc == origInputLocations_[i]); switch (loc.kind()) { case OperandLocation::PayloadReg: result.addUnchecked(loc.payloadReg()); continue; case OperandLocation::ValueReg: result.addUnchecked(loc.valueReg()); continue; case OperandLocation::PayloadStack: case OperandLocation::ValueStack: case OperandLocation::BaselineFrame: case OperandLocation::Constant: case OperandLocation::DoubleReg: continue; case OperandLocation::Uninitialized: break; } MOZ_CRASH("Invalid kind"); } return result.set(); } JSValueType CacheRegisterAllocator::knownType(ValOperandId val) const { const OperandLocation& loc = operandLocations_[val.id()]; switch (loc.kind()) { case OperandLocation::ValueReg: case OperandLocation::ValueStack: case OperandLocation::BaselineFrame: return JSVAL_TYPE_UNKNOWN; case OperandLocation::PayloadStack: case OperandLocation::PayloadReg: return loc.payloadType(); case OperandLocation::Constant: return loc.constant().isDouble() ? JSVAL_TYPE_DOUBLE : loc.constant().extractNonDoubleType(); case OperandLocation::DoubleReg: return JSVAL_TYPE_DOUBLE; case OperandLocation::Uninitialized: break; } MOZ_CRASH("Invalid kind"); } void CacheRegisterAllocator::initInputLocation( size_t i, const TypedOrValueRegister& reg) { if (reg.hasValue()) { initInputLocation(i, reg.valueReg()); } else if (reg.typedReg().isFloat()) { MOZ_ASSERT(reg.type() == MIRType::Double); initInputLocation(i, reg.typedReg().fpu()); } else { initInputLocation(i, reg.typedReg().gpr(), ValueTypeFromMIRType(reg.type())); } } void CacheRegisterAllocator::initInputLocation( size_t i, const ConstantOrRegister& value) { if (value.constant()) { initInputLocation(i, value.value()); } else { initInputLocation(i, value.reg()); } } void CacheRegisterAllocator::spillOperandToStack(MacroAssembler& masm, OperandLocation* loc) { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); if (loc->kind() == OperandLocation::ValueReg) { if (!freeValueSlots_.empty()) { uint32_t stackPos = freeValueSlots_.popCopy(); MOZ_ASSERT(stackPos <= stackPushed_); masm.storeValue(loc->valueReg(), Address(masm.getStackPointer(), stackPushed_ - stackPos)); loc->setValueStack(stackPos); return; } stackPushed_ += sizeof(js::Value); masm.pushValue(loc->valueReg()); loc->setValueStack(stackPushed_); return; } MOZ_ASSERT(loc->kind() == OperandLocation::PayloadReg); if (!freePayloadSlots_.empty()) { uint32_t stackPos = freePayloadSlots_.popCopy(); MOZ_ASSERT(stackPos <= stackPushed_); masm.storePtr(loc->payloadReg(), Address(masm.getStackPointer(), stackPushed_ - stackPos)); loc->setPayloadStack(stackPos, loc->payloadType()); return; } stackPushed_ += sizeof(uintptr_t); masm.push(loc->payloadReg()); loc->setPayloadStack(stackPushed_, loc->payloadType()); } void CacheRegisterAllocator::spillOperandToStackOrRegister( MacroAssembler& masm, OperandLocation* loc) { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); // If enough registers are available, use them. if (loc->kind() == OperandLocation::ValueReg) { static const size_t BoxPieces = sizeof(Value) / sizeof(uintptr_t); if (availableRegs_.set().size() >= BoxPieces) { ValueOperand reg = availableRegs_.takeAnyValue(); masm.moveValue(loc->valueReg(), reg); loc->setValueReg(reg); return; } } else { MOZ_ASSERT(loc->kind() == OperandLocation::PayloadReg); if (!availableRegs_.empty()) { Register reg = availableRegs_.takeAny(); masm.movePtr(loc->payloadReg(), reg); loc->setPayloadReg(reg, loc->payloadType()); return; } } // Not enough registers available, spill to the stack. spillOperandToStack(masm, loc); } void CacheRegisterAllocator::popPayload(MacroAssembler& masm, OperandLocation* loc, Register dest) { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); MOZ_ASSERT(stackPushed_ >= sizeof(uintptr_t)); // The payload is on the stack. If it's on top of the stack we can just // pop it, else we emit a load. if (loc->payloadStack() == stackPushed_) { masm.pop(dest); stackPushed_ -= sizeof(uintptr_t); } else { MOZ_ASSERT(loc->payloadStack() < stackPushed_); masm.loadPtr(payloadAddress(masm, loc), dest); masm.propagateOOM(freePayloadSlots_.append(loc->payloadStack())); } loc->setPayloadReg(dest, loc->payloadType()); } Address CacheRegisterAllocator::valueAddress(MacroAssembler& masm, const OperandLocation* loc) const { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); return Address(masm.getStackPointer(), stackPushed_ - loc->valueStack()); } Address CacheRegisterAllocator::payloadAddress( MacroAssembler& masm, const OperandLocation* loc) const { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); return Address(masm.getStackPointer(), stackPushed_ - loc->payloadStack()); } void CacheRegisterAllocator::popValue(MacroAssembler& masm, OperandLocation* loc, ValueOperand dest) { MOZ_ASSERT(loc >= operandLocations_.begin() && loc < operandLocations_.end()); MOZ_ASSERT(stackPushed_ >= sizeof(js::Value)); // The Value is on the stack. If it's on top of the stack we can just // pop it, else we emit a load. if (loc->valueStack() == stackPushed_) { masm.popValue(dest); stackPushed_ -= sizeof(js::Value); } else { MOZ_ASSERT(loc->valueStack() < stackPushed_); masm.loadValue( Address(masm.getStackPointer(), stackPushed_ - loc->valueStack()), dest); masm.propagateOOM(freeValueSlots_.append(loc->valueStack())); } loc->setValueReg(dest); } #ifdef DEBUG void CacheRegisterAllocator::assertValidState() const { // Assert different operands don't have aliasing storage. We depend on this // when spilling registers, for instance. if (!JitOptions.fullDebugChecks) { return; } for (size_t i = 0; i < operandLocations_.length(); i++) { const auto& loc1 = operandLocations_[i]; if (loc1.isUninitialized()) { continue; } for (size_t j = 0; j < i; j++) { const auto& loc2 = operandLocations_[j]; if (loc2.isUninitialized()) { continue; } MOZ_ASSERT(!loc1.aliasesReg(loc2)); } } } #endif bool OperandLocation::aliasesReg(const OperandLocation& other) const { MOZ_ASSERT(&other != this); switch (other.kind_) { case PayloadReg: return aliasesReg(other.payloadReg()); case ValueReg: return aliasesReg(other.valueReg()); case PayloadStack: case ValueStack: case BaselineFrame: case Constant: case DoubleReg: return false; case Uninitialized: break; } MOZ_CRASH("Invalid kind"); } void CacheRegisterAllocator::restoreInputState(MacroAssembler& masm, bool shouldDiscardStack) { size_t numInputOperands = origInputLocations_.length(); MOZ_ASSERT(writer_.numInputOperands() == numInputOperands); for (size_t j = 0; j < numInputOperands; j++) { const OperandLocation& dest = origInputLocations_[j]; OperandLocation& cur = operandLocations_[j]; if (dest == cur) { continue; } auto autoAssign = mozilla::MakeScopeExit([&] { cur = dest; }); // We have a cycle if a destination register will be used later // as source register. If that happens, just push the current value // on the stack and later get it from there. for (size_t k = j + 1; k < numInputOperands; k++) { OperandLocation& laterSource = operandLocations_[k]; if (dest.aliasesReg(laterSource)) { spillOperandToStack(masm, &laterSource); } } if (dest.kind() == OperandLocation::ValueReg) { // We have to restore a Value register. switch (cur.kind()) { case OperandLocation::ValueReg: masm.moveValue(cur.valueReg(), dest.valueReg()); continue; case OperandLocation::PayloadReg: masm.tagValue(cur.payloadType(), cur.payloadReg(), dest.valueReg()); continue; case OperandLocation::PayloadStack: { Register scratch = dest.valueReg().scratchReg(); popPayload(masm, &cur, scratch); masm.tagValue(cur.payloadType(), scratch, dest.valueReg()); continue; } case OperandLocation::ValueStack: popValue(masm, &cur, dest.valueReg()); continue; case OperandLocation::DoubleReg: masm.boxDouble(cur.doubleReg(), dest.valueReg(), cur.doubleReg()); continue; case OperandLocation::Constant: case OperandLocation::BaselineFrame: case OperandLocation::Uninitialized: break; } } else if (dest.kind() == OperandLocation::PayloadReg) { // We have to restore a payload register. switch (cur.kind()) { case OperandLocation::ValueReg: MOZ_ASSERT(dest.payloadType() != JSVAL_TYPE_DOUBLE); masm.unboxNonDouble(cur.valueReg(), dest.payloadReg(), dest.payloadType()); continue; case OperandLocation::PayloadReg: MOZ_ASSERT(cur.payloadType() == dest.payloadType()); masm.mov(cur.payloadReg(), dest.payloadReg()); continue; case OperandLocation::PayloadStack: { MOZ_ASSERT(cur.payloadType() == dest.payloadType()); popPayload(masm, &cur, dest.payloadReg()); continue; } case OperandLocation::ValueStack: MOZ_ASSERT(stackPushed_ >= sizeof(js::Value)); MOZ_ASSERT(cur.valueStack() <= stackPushed_); MOZ_ASSERT(dest.payloadType() != JSVAL_TYPE_DOUBLE); masm.unboxNonDouble( Address(masm.getStackPointer(), stackPushed_ - cur.valueStack()), dest.payloadReg(), dest.payloadType()); continue; case OperandLocation::Constant: case OperandLocation::BaselineFrame: case OperandLocation::DoubleReg: case OperandLocation::Uninitialized: break; } } else if (dest.kind() == OperandLocation::Constant || dest.kind() == OperandLocation::BaselineFrame || dest.kind() == OperandLocation::DoubleReg) { // Nothing to do. continue; } MOZ_CRASH("Invalid kind"); } for (const SpilledRegister& spill : spilledRegs_) { MOZ_ASSERT(stackPushed_ >= sizeof(uintptr_t)); if (spill.stackPushed == stackPushed_) { masm.pop(spill.reg); stackPushed_ -= sizeof(uintptr_t); } else { MOZ_ASSERT(spill.stackPushed < stackPushed_); masm.loadPtr( Address(masm.getStackPointer(), stackPushed_ - spill.stackPushed), spill.reg); } } if (shouldDiscardStack) { discardStack(masm); } } size_t CacheIRStubInfo::stubDataSize() const { size_t field = 0; size_t size = 0; while (true) { StubField::Type type = fieldType(field++); if (type == StubField::Type::Limit) { return size; } size += StubField::sizeInBytes(type); } } template <typename T> static GCPtr<T>* AsGCPtr(void* ptr) { return static_cast<GCPtr<T>*>(ptr); } void CacheIRStubInfo::replaceStubRawWord(uint8_t* stubData, uint32_t offset, uintptr_t oldWord, uintptr_t newWord) const { MOZ_ASSERT(uintptr_t(stubData + offset) % sizeof(uintptr_t) == 0); uintptr_t* addr = reinterpret_cast<uintptr_t*>(stubData + offset); MOZ_ASSERT(*addr == oldWord); *addr = newWord; } void CacheIRStubInfo::replaceStubRawValueBits(uint8_t* stubData, uint32_t offset, uint64_t oldBits, uint64_t newBits) const { MOZ_ASSERT(uint64_t(stubData + offset) % sizeof(uint64_t) == 0); uint64_t* addr = reinterpret_cast<uint64_t*>(stubData + offset); MOZ_ASSERT(*addr == oldBits); *addr = newBits; } template <class Stub, StubField::Type type> typename MapStubFieldToType<type>::WrappedType& CacheIRStubInfo::getStubField( Stub* stub, uint32_t offset) const { uint8_t* stubData = (uint8_t*)stub + stubDataOffset_; MOZ_ASSERT(uintptr_t(stubData + offset) % sizeof(uintptr_t) == 0); using WrappedType = typename MapStubFieldToType<type>::WrappedType; return *reinterpret_cast<WrappedType*>(stubData + offset); } #define INSTANTIATE_GET_STUB_FIELD(Type) \ template typename MapStubFieldToType<Type>::WrappedType& \ CacheIRStubInfo::getStubField<ICCacheIRStub, Type>(ICCacheIRStub * stub, \ uint32_t offset) const; INSTANTIATE_GET_STUB_FIELD(StubField::Type::Shape) INSTANTIATE_GET_STUB_FIELD(StubField::Type::WeakShape) INSTANTIATE_GET_STUB_FIELD(StubField::Type::WeakGetterSetter) INSTANTIATE_GET_STUB_FIELD(StubField::Type::JSObject) INSTANTIATE_GET_STUB_FIELD(StubField::Type::WeakObject) INSTANTIATE_GET_STUB_FIELD(StubField::Type::Symbol) INSTANTIATE_GET_STUB_FIELD(StubField::Type::String) INSTANTIATE_GET_STUB_FIELD(StubField::Type::WeakBaseScript) INSTANTIATE_GET_STUB_FIELD(StubField::Type::Value) INSTANTIATE_GET_STUB_FIELD(StubField::Type::Id) #undef INSTANTIATE_GET_STUB_FIELD template <class Stub, class T> T* CacheIRStubInfo::getPtrStubField(Stub* stub, uint32_t offset) const { uint8_t* stubData = (uint8_t*)stub + stubDataOffset_; MOZ_ASSERT(uintptr_t(stubData + offset) % sizeof(uintptr_t) == 0); return *reinterpret_cast<T**>(stubData + offset); } template gc::AllocSite* CacheIRStubInfo::getPtrStubField(ICCacheIRStub* stub, uint32_t offset) const; template <StubField::Type type, typename V> static void InitWrappedPtr(void* ptr, V val) { using RawType = typename MapStubFieldToType<type>::RawType; using WrappedType = typename MapStubFieldToType<type>::WrappedType; auto* wrapped = static_cast<WrappedType*>(ptr); new (wrapped) WrappedType(mozilla::BitwiseCast<RawType>(val)); } static void InitWordStubField(StubField::Type type, void* dest, uintptr_t value) { MOZ_ASSERT(StubField::sizeIsWord(type)); MOZ_ASSERT((uintptr_t(dest) % sizeof(uintptr_t)) == 0, "Unaligned stub field"); switch (type) { case StubField::Type::RawInt32: case StubField::Type::RawPointer: case StubField::Type::AllocSite: *static_cast<uintptr_t*>(dest) = value; break; case StubField::Type::Shape: InitWrappedPtr<StubField::Type::Shape>(dest, value); break; case StubField::Type::WeakShape: // No read barrier required to copy weak pointer. InitWrappedPtr<StubField::Type::WeakShape>(dest, value); break; case StubField::Type::WeakGetterSetter: // No read barrier required to copy weak pointer. InitWrappedPtr<StubField::Type::WeakGetterSetter>(dest, value); break; case StubField::Type::JSObject: InitWrappedPtr<StubField::Type::JSObject>(dest, value); break; case StubField::Type::WeakObject: // No read barrier required to copy weak pointer. InitWrappedPtr<StubField::Type::WeakObject>(dest, value); break; case StubField::Type::Symbol: InitWrappedPtr<StubField::Type::Symbol>(dest, value); break; case StubField::Type::String: InitWrappedPtr<StubField::Type::String>(dest, value); break; case StubField::Type::WeakBaseScript: // No read barrier required to copy weak pointer. InitWrappedPtr<StubField::Type::WeakBaseScript>(dest, value); break; case StubField::Type::JitCode: InitWrappedPtr<StubField::Type::JitCode>(dest, value); break; case StubField::Type::Id: AsGCPtr<jsid>(dest)->init(jsid::fromRawBits(value)); break; case StubField::Type::RawInt64: case StubField::Type::Double: case StubField::Type::Value: case StubField::Type::Limit: MOZ_CRASH("Invalid type"); } } static void InitInt64StubField(StubField::Type type, void* dest, uint64_t value) { MOZ_ASSERT(StubField::sizeIsInt64(type)); MOZ_ASSERT((uintptr_t(dest) % sizeof(uint64_t)) == 0, "Unaligned stub field"); switch (type) { case StubField::Type::RawInt64: case StubField::Type::Double: *static_cast<uint64_t*>(dest) = value; break; case StubField::Type::Value: AsGCPtr<Value>(dest)->init(Value::fromRawBits(value)); break; case StubField::Type::RawInt32: case StubField::Type::RawPointer: case StubField::Type::AllocSite: case StubField::Type::Shape: case StubField::Type::WeakShape: case StubField::Type::WeakGetterSetter: case StubField::Type::JSObject: case StubField::Type::WeakObject: case StubField::Type::Symbol: case StubField::Type::String: case StubField::Type::WeakBaseScript: case StubField::Type::JitCode: case StubField::Type::Id: case StubField::Type::Limit: MOZ_CRASH("Invalid type"); } } void CacheIRWriter::copyStubData(uint8_t* dest) const { MOZ_ASSERT(!failed()); for (const StubField& field : stubFields_) { if (field.sizeIsWord()) { InitWordStubField(field.type(), dest, field.asWord()); dest += sizeof(uintptr_t); } else { InitInt64StubField(field.type(), dest, field.asInt64()); dest += sizeof(uint64_t); } } } ICCacheIRStub* ICCacheIRStub::clone(JSRuntime* rt, ICStubSpace& newSpace) { const CacheIRStubInfo* info = stubInfo(); MOZ_ASSERT(info->makesGCCalls()); size_t bytesNeeded = info->stubDataOffset() + info->stubDataSize(); AutoEnterOOMUnsafeRegion oomUnsafe; void* newStubMem = newSpace.alloc(bytesNeeded); if (!newStubMem) { oomUnsafe.crash("ICCacheIRStub::clone"); } ICCacheIRStub* newStub = new (newStubMem) ICCacheIRStub(*this); const uint8_t* src = this->stubDataStart(); uint8_t* dest = newStub->stubDataStart(); // Because this can be called during sweeping when discarding JIT code, we // have to lock the store buffer gc::AutoLockStoreBuffer lock(rt); uint32_t field = 0; while (true) { StubField::Type type = info->fieldType(field); if (type == StubField::Type::Limit) { break; // Done. } if (StubField::sizeIsWord(type)) { const uintptr_t* srcField = reinterpret_cast<const uintptr_t*>(src); InitWordStubField(type, dest, *srcField); src += sizeof(uintptr_t); dest += sizeof(uintptr_t); } else { const uint64_t* srcField = reinterpret_cast<const uint64_t*>(src); InitInt64StubField(type, dest, *srcField); src += sizeof(uint64_t); dest += sizeof(uint64_t); } field++; } return newStub; } template <typename T> static inline bool ShouldTraceWeakEdgeInStub(JSTracer* trc) { if constexpr (std::is_same_v<T, IonICStub>) { // 'Weak' edges are traced strongly in IonICs. return true; } else { static_assert(std::is_same_v<T, ICCacheIRStub>); return trc->traceWeakEdges(); } } template <typename T> void jit::TraceCacheIRStub(JSTracer* trc, T* stub, const CacheIRStubInfo* stubInfo) { using Type = StubField::Type; uint32_t field = 0; size_t offset = 0; while (true) { Type fieldType = stubInfo->fieldType(field); switch (fieldType) { case Type::RawInt32: case Type::RawPointer: case Type::RawInt64: case Type::Double: break; case Type::Shape: { // For CCW IC stubs, we can store same-zone but cross-compartment // shapes. Use TraceSameZoneCrossCompartmentEdge to not assert in the // GC. Note: CacheIRWriter::writeShapeField asserts we never store // cross-zone shapes. GCPtr<Shape*>& shapeField = stubInfo->getStubField<T, Type::Shape>(stub, offset); TraceSameZoneCrossCompartmentEdge(trc, &shapeField, "cacheir-shape"); break; } case Type::WeakShape: if (ShouldTraceWeakEdgeInStub<T>(trc)) { WeakHeapPtr<Shape*>& shapeField = stubInfo->getStubField<T, Type::WeakShape>(stub, offset); if (shapeField) { TraceSameZoneCrossCompartmentEdge(trc, &shapeField, "cacheir-weak-shape"); } } break; case Type::WeakGetterSetter: if (ShouldTraceWeakEdgeInStub<T>(trc)) { TraceNullableEdge( trc, &stubInfo->getStubField<T, Type::WeakGetterSetter>(stub, offset), "cacheir-weak-getter-setter"); } break; case Type::JSObject: { TraceEdge(trc, &stubInfo->getStubField<T, Type::JSObject>(stub, offset), "cacheir-object"); break; } case Type::WeakObject: if (ShouldTraceWeakEdgeInStub<T>(trc)) { TraceNullableEdge( trc, &stubInfo->getStubField<T, Type::WeakObject>(stub, offset), "cacheir-weak-object"); } break; case Type::Symbol: TraceEdge(trc, &stubInfo->getStubField<T, Type::Symbol>(stub, offset), "cacheir-symbol"); break; case Type::String: TraceEdge(trc, &stubInfo->getStubField<T, Type::String>(stub, offset), "cacheir-string"); break; case Type::WeakBaseScript: if (ShouldTraceWeakEdgeInStub<T>(trc)) { TraceNullableEdge( trc, &stubInfo->getStubField<T, Type::WeakBaseScript>(stub, offset), "cacheir-weak-script"); } break; case Type::JitCode: TraceEdge(trc, &stubInfo->getStubField<T, Type::JitCode>(stub, offset), "cacheir-jitcode"); break; case Type::Id: TraceEdge(trc, &stubInfo->getStubField<T, Type::Id>(stub, offset), "cacheir-id"); break; case Type::Value: TraceEdge(trc, &stubInfo->getStubField<T, Type::Value>(stub, offset), "cacheir-value"); break; case Type::AllocSite: { gc::AllocSite* site = stubInfo->getPtrStubField<T, gc::AllocSite>(stub, offset); site->trace(trc); break; } case Type::Limit: return; // Done. } field++; offset += StubField::sizeInBytes(fieldType); } } template void jit::TraceCacheIRStub(JSTracer* trc, ICCacheIRStub* stub, const CacheIRStubInfo* stubInfo); template void jit::TraceCacheIRStub(JSTracer* trc, IonICStub* stub, const CacheIRStubInfo* stubInfo); template <typename T> bool jit::TraceWeakCacheIRStub(JSTracer* trc, T* stub, const CacheIRStubInfo* stubInfo) { using Type = StubField::Type; // Trace all fields before returning because this stub can be traced again // later through TraceBaselineStubFrame. bool isDead = false; uint32_t field = 0; size_t offset = 0; while (true) { Type fieldType = stubInfo->fieldType(field); switch (fieldType) { case Type::WeakShape: { WeakHeapPtr<Shape*>& shapeField = stubInfo->getStubField<T, Type::WeakShape>(stub, offset); auto r = TraceWeakEdge(trc, &shapeField, "cacheir-weak-shape"); if (r.isDead()) { isDead = true; } break; } case Type::WeakObject: { WeakHeapPtr<JSObject*>& objectField = stubInfo->getStubField<T, Type::WeakObject>(stub, offset); auto r = TraceWeakEdge(trc, &objectField, "cacheir-weak-object"); if (r.isDead()) { isDead = true; } break; } case Type::WeakBaseScript: { WeakHeapPtr<BaseScript*>& scriptField = stubInfo->getStubField<T, Type::WeakBaseScript>(stub, offset); auto r = TraceWeakEdge(trc, &scriptField, "cacheir-weak-script"); if (r.isDead()) { isDead = true; } break; } case Type::WeakGetterSetter: { WeakHeapPtr<GetterSetter*>& getterSetterField = stubInfo->getStubField<T, Type::WeakGetterSetter>(stub, offset); auto r = TraceWeakEdge(trc, &getterSetterField, "cacheir-weak-getter-setter"); if (r.isDead()) { isDead = true; } break; } case Type::Limit: // Done. return !isDead; case Type::RawInt32: case Type::RawPointer: case Type::Shape: case Type::JSObject: case Type::Symbol: case Type::String: case Type::JitCode: case Type::Id: case Type::AllocSite: case Type::RawInt64: case Type::Value: case Type::Double: break; // Skip non-weak fields. } field++; offset += StubField::sizeInBytes(fieldType); } } template bool jit::TraceWeakCacheIRStub(JSTracer* trc, ICCacheIRStub* stub, const CacheIRStubInfo* stubInfo); template bool jit::TraceWeakCacheIRStub(JSTracer* trc, IonICStub* stub, const CacheIRStubInfo* stubInfo); bool CacheIRWriter::stubDataEquals(const uint8_t* stubData) const { MOZ_ASSERT(!failed()); const uintptr_t* stubDataWords = reinterpret_cast<const uintptr_t*>(stubData); for (const StubField& field : stubFields_) { if (field.sizeIsWord()) { if (field.asWord() != *stubDataWords) { return false; } stubDataWords++; continue; } if (field.asInt64() != *reinterpret_cast<const uint64_t*>(stubDataWords)) { return false; } stubDataWords += sizeof(uint64_t) / sizeof(uintptr_t); } return true; } bool CacheIRWriter::stubDataEqualsIgnoring(const uint8_t* stubData, uint32_t ignoreOffset) const { MOZ_ASSERT(!failed()); uint32_t offset = 0; for (const StubField& field : stubFields_) { if (offset != ignoreOffset) { if (field.sizeIsWord()) { uintptr_t raw = *reinterpret_cast<const uintptr_t*>(stubData + offset); if (field.asWord() != raw) { return false; } } else { uint64_t raw = *reinterpret_cast<const uint64_t*>(stubData + offset); if (field.asInt64() != raw) { return false; } } } offset += StubField::sizeInBytes(field.type()); } return true; } HashNumber CacheIRStubKey::hash(const CacheIRStubKey::Lookup& l) { HashNumber hash = mozilla::HashBytes(l.code, l.length); hash = mozilla::AddToHash(hash, uint32_t(l.kind)); hash = mozilla::AddToHash(hash, uint32_t(l.engine)); return hash; } bool CacheIRStubKey::match(const CacheIRStubKey& entry, const CacheIRStubKey::Lookup& l) { if (entry.stubInfo->kind() != l.kind) { return false; } if (entry.stubInfo->engine() != l.engine) { return false; } if (entry.stubInfo->codeLength() != l.length) { return false; } if (!mozilla::ArrayEqual(entry.stubInfo->code(), l.code, l.length)) { return false; } return true; } CacheIRReader::CacheIRReader(const CacheIRStubInfo* stubInfo) : CacheIRReader(stubInfo->code(), stubInfo->code() + stubInfo->codeLength()) {} CacheIRStubInfo* CacheIRStubInfo::New(CacheKind kind, ICStubEngine engine, bool makesGCCalls, uint32_t stubDataOffset, const CacheIRWriter& writer) { size_t numStubFields = writer.numStubFields(); size_t bytesNeeded = sizeof(CacheIRStubInfo) + writer.codeLength() + (numStubFields + 1); // +1 for the GCType::Limit terminator. uint8_t* p = js_pod_malloc<uint8_t>(bytesNeeded); if (!p) { return nullptr; } // Copy the CacheIR code. uint8_t* codeStart = p + sizeof(CacheIRStubInfo); mozilla::PodCopy(codeStart, writer.codeStart(), writer.codeLength()); static_assert(sizeof(StubField::Type) == sizeof(uint8_t), "StubField::Type must fit in uint8_t"); // Copy the stub field types. uint8_t* fieldTypes = codeStart + writer.codeLength(); for (size_t i = 0; i < numStubFields; i++) { fieldTypes[i] = uint8_t(writer.stubFieldType(i)); } fieldTypes[numStubFields] = uint8_t(StubField::Type::Limit); return new (p) CacheIRStubInfo(kind, engine, makesGCCalls, stubDataOffset, writer.codeLength()); } bool OperandLocation::operator==(const OperandLocation& other) const { if (kind_ != other.kind_) { return false; } switch (kind()) { case Uninitialized: return true; case PayloadReg: return payloadReg() == other.payloadReg() && payloadType() == other.payloadType(); case ValueReg: return valueReg() == other.valueReg(); case PayloadStack: return payloadStack() == other.payloadStack() && payloadType() == other.payloadType(); case ValueStack: return valueStack() == other.valueStack(); case BaselineFrame: return baselineFrameSlot() == other.baselineFrameSlot(); case Constant: return constant() == other.constant(); case DoubleReg: return doubleReg() == other.doubleReg(); } MOZ_CRASH("Invalid OperandLocation kind"); } AutoOutputRegister::AutoOutputRegister(CacheIRCompiler& compiler) : output_(compiler.outputUnchecked_.ref()), alloc_(compiler.allocator) { if (output_.hasValue()) { alloc_.allocateFixedValueRegister(compiler.masm, output_.valueReg()); } else if (!output_.typedReg().isFloat()) { alloc_.allocateFixedRegister(compiler.masm, output_.typedReg().gpr()); } } AutoOutputRegister::~AutoOutputRegister() { if (output_.hasValue()) { alloc_.releaseValueRegister(output_.valueReg()); } else if (!output_.typedReg().isFloat()) { alloc_.releaseRegister(output_.typedReg().gpr()); } } bool FailurePath::canShareFailurePath(const FailurePath& other) const { if (stackPushed_ != other.stackPushed_) { return false; } if (spilledRegs_.length() != other.spilledRegs_.length()) { return false; } for (size_t i = 0; i < spilledRegs_.length(); i++) { if (spilledRegs_[i] != other.spilledRegs_[i]) { return false; } } MOZ_ASSERT(inputs_.length() == other.inputs_.length()); for (size_t i = 0; i < inputs_.length(); i++) { if (inputs_[i] != other.inputs_[i]) { return false; } } return true; } bool CacheIRCompiler::addFailurePath(FailurePath** failure) { #ifdef DEBUG allocator.setAddedFailurePath(); #endif MOZ_ASSERT(!allocator.hasAutoScratchFloatRegisterSpill()); FailurePath newFailure; for (size_t i = 0; i < writer_.numInputOperands(); i++) { if (!newFailure.appendInput(allocator.operandLocation(i))) { return false; } } if (!newFailure.setSpilledRegs(allocator.spilledRegs())) { return false; } newFailure.setStackPushed(allocator.stackPushed()); // Reuse the previous failure path if the current one is the same, to // avoid emitting duplicate code. if (failurePaths.length() > 0 && failurePaths.back().canShareFailurePath(newFailure)) { *failure = &failurePaths.back(); return true; } if (!failurePaths.append(std::move(newFailure))) { return false; } *failure = &failurePaths.back(); return true; } bool CacheIRCompiler::emitFailurePath(size_t index) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); FailurePath& failure = failurePaths[index]; allocator.setStackPushed(failure.stackPushed()); for (size_t i = 0; i < writer_.numInputOperands(); i++) { allocator.setOperandLocation(i, failure.input(i)); } if (!allocator.setSpilledRegs(failure.spilledRegs())) { return false; } masm.bind(failure.label()); allocator.restoreInputState(masm); return true; } bool CacheIRCompiler::emitGuardIsNumber(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); JSValueType knownType = allocator.knownType(inputId); // Doubles and ints are numbers! if (knownType == JSVAL_TYPE_DOUBLE || knownType == JSVAL_TYPE_INT32) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestNumber(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToObject(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_OBJECT) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestObject(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsNullOrUndefined(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); JSValueType knownType = allocator.knownType(inputId); if (knownType == JSVAL_TYPE_UNDEFINED || knownType == JSVAL_TYPE_NULL) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label success; masm.branchTestNull(Assembler::Equal, input, &success); masm.branchTestUndefined(Assembler::NotEqual, input, failure->label()); masm.bind(&success); return true; } bool CacheIRCompiler::emitGuardIsNull(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); JSValueType knownType = allocator.knownType(inputId); if (knownType == JSVAL_TYPE_NULL) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestNull(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsUndefined(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); JSValueType knownType = allocator.knownType(inputId); if (knownType == JSVAL_TYPE_UNDEFINED) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestUndefined(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsNotUninitializedLexical(ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand val = allocator.useValueRegister(masm, valId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestMagicValue(Assembler::Equal, val, JS_UNINITIALIZED_LEXICAL, failure->label()); return true; } bool CacheIRCompiler::emitGuardBooleanToInt32(ValOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register output = allocator.defineRegister(masm, resultId); if (allocator.knownType(inputId) == JSVAL_TYPE_BOOLEAN) { Register input = allocator.useRegister(masm, BooleanOperandId(inputId.id())); masm.move32(input, output); return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.fallibleUnboxBoolean(input, output, failure->label()); return true; } bool CacheIRCompiler::emitGuardToString(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_STRING) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestString(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToSymbol(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_SYMBOL) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestSymbol(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToBigInt(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_BIGINT) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestBigInt(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToBoolean(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_BOOLEAN) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestBoolean(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToInt32(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSVAL_TYPE_INT32) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestInt32(Assembler::NotEqual, input, failure->label()); return true; } bool CacheIRCompiler::emitGuardToNonGCThing(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestGCThing(Assembler::Equal, input, failure->label()); return true; } // Infallible |emitDouble| emitters can use this implementation to avoid // generating extra clean-up instructions to restore the scratch float register. // To select this function simply omit the |Label* fail| parameter for the // emitter lambda function. template <typename EmitDouble> static std::enable_if_t<mozilla::FunctionTypeTraits<EmitDouble>::arity == 1, void> EmitGuardDouble(CacheIRCompiler* compiler, MacroAssembler& masm, ValueOperand input, FailurePath* failure, EmitDouble emitDouble) { AutoScratchFloatRegister floatReg(compiler); masm.unboxDouble(input, floatReg); emitDouble(floatReg.get()); } template <typename EmitDouble> static std::enable_if_t<mozilla::FunctionTypeTraits<EmitDouble>::arity == 2, void> EmitGuardDouble(CacheIRCompiler* compiler, MacroAssembler& masm, ValueOperand input, FailurePath* failure, EmitDouble emitDouble) { AutoScratchFloatRegister floatReg(compiler, failure); masm.unboxDouble(input, floatReg); emitDouble(floatReg.get(), floatReg.failure()); } template <typename EmitInt32, typename EmitDouble> static void EmitGuardInt32OrDouble(CacheIRCompiler* compiler, MacroAssembler& masm, ValueOperand input, Register output, FailurePath* failure, EmitInt32 emitInt32, EmitDouble emitDouble) { Label done; { ScratchTagScope tag(masm, input); masm.splitTagForTest(input, tag); Label notInt32; masm.branchTestInt32(Assembler::NotEqual, tag, ¬Int32); { ScratchTagScopeRelease _(&tag); masm.unboxInt32(input, output); emitInt32(); masm.jump(&done); } masm.bind(¬Int32); masm.branchTestDouble(Assembler::NotEqual, tag, failure->label()); { ScratchTagScopeRelease _(&tag); EmitGuardDouble(compiler, masm, input, failure, emitDouble); } } masm.bind(&done); } bool CacheIRCompiler::emitGuardToInt32Index(ValOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register output = allocator.defineRegister(masm, resultId); if (allocator.knownType(inputId) == JSVAL_TYPE_INT32) { Register input = allocator.useRegister(masm, Int32OperandId(inputId.id())); masm.move32(input, output); return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } EmitGuardInt32OrDouble( this, masm, input, output, failure, []() { // No-op if the value is already an int32. }, [&](FloatRegister floatReg, Label* fail) { // ToPropertyKey(-0.0) is "0", so we can truncate -0.0 to 0 here. masm.convertDoubleToInt32(floatReg, output, fail, false); }); return true; } bool CacheIRCompiler::emitInt32ToIntPtr(Int32OperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); masm.move32SignExtendToPtr(input, output); return true; } bool CacheIRCompiler::emitGuardNumberToIntPtrIndex(NumberOperandId inputId, bool supportOOB, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure = nullptr; if (!supportOOB) { if (!addFailurePath(&failure)) { return false; } } AutoScratchFloatRegister floatReg(this, failure); allocator.ensureDoubleRegister(masm, inputId, floatReg); // ToPropertyKey(-0.0) is "0", so we can truncate -0.0 to 0 here. if (supportOOB) { Label done, fail; masm.convertDoubleToPtr(floatReg, output, &fail, false); masm.jump(&done); // Substitute the invalid index with an arbitrary out-of-bounds index. masm.bind(&fail); masm.movePtr(ImmWord(-1), output); masm.bind(&done); } else { masm.convertDoubleToPtr(floatReg, output, floatReg.failure(), false); } return true; } static void TruncateDoubleModUint32(MacroAssembler& masm, FloatRegister floatReg, Register result, const LiveRegisterSet& liveVolatileRegs) { Label truncateABICall; masm.branchTruncateDoubleMaybeModUint32(floatReg, result, &truncateABICall); if (truncateABICall.used()) { Label done; masm.jump(&done); masm.bind(&truncateABICall); LiveRegisterSet save = liveVolatileRegs; save.takeUnchecked(floatReg); // Bug 1451976 save.takeUnchecked(floatReg.asSingle()); masm.PushRegsInMask(save); using Fn = int32_t (*)(double); masm.setupUnalignedABICall(result); masm.passABIArg(floatReg, ABIType::Float64); masm.callWithABI<Fn, JS::ToInt32>(ABIType::General, CheckUnsafeCallWithABI::DontCheckOther); masm.storeCallInt32Result(result); LiveRegisterSet ignore; ignore.add(result); masm.PopRegsInMaskIgnore(save, ignore); masm.bind(&done); } } bool CacheIRCompiler::emitGuardToInt32ModUint32(ValOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register output = allocator.defineRegister(masm, resultId); if (allocator.knownType(inputId) == JSVAL_TYPE_INT32) { ConstantOrRegister input = allocator.useConstantOrRegister(masm, inputId); if (input.constant()) { masm.move32(Imm32(input.value().toInt32()), output); } else { MOZ_ASSERT(input.reg().type() == MIRType::Int32); masm.move32(input.reg().typedReg().gpr(), output); } return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } EmitGuardInt32OrDouble( this, masm, input, output, failure, []() { // No-op if the value is already an int32. }, [&](FloatRegister floatReg) { TruncateDoubleModUint32(masm, floatReg, output, liveVolatileRegs()); }); return true; } bool CacheIRCompiler::emitGuardToUint8Clamped(ValOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register output = allocator.defineRegister(masm, resultId); if (allocator.knownType(inputId) == JSVAL_TYPE_INT32) { ConstantOrRegister input = allocator.useConstantOrRegister(masm, inputId); if (input.constant()) { masm.move32(Imm32(ClampDoubleToUint8(input.value().toInt32())), output); } else { MOZ_ASSERT(input.reg().type() == MIRType::Int32); masm.move32(input.reg().typedReg().gpr(), output); masm.clampIntToUint8(output); } return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } EmitGuardInt32OrDouble( this, masm, input, output, failure, [&]() { // |output| holds the unboxed int32 value. masm.clampIntToUint8(output); }, [&](FloatRegister floatReg) { masm.clampDoubleToUint8(floatReg, output); }); return true; } bool CacheIRCompiler::emitGuardNonDoubleType(ValOperandId inputId, ValueType type) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (allocator.knownType(inputId) == JSValueType(type)) { return true; } ValueOperand input = allocator.useValueRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } switch (type) { case ValueType::String: masm.branchTestString(Assembler::NotEqual, input, failure->label()); break; case ValueType::Symbol: masm.branchTestSymbol(Assembler::NotEqual, input, failure->label()); break; case ValueType::BigInt: masm.branchTestBigInt(Assembler::NotEqual, input, failure->label()); break; case ValueType::Int32: masm.branchTestInt32(Assembler::NotEqual, input, failure->label()); break; case ValueType::Boolean: masm.branchTestBoolean(Assembler::NotEqual, input, failure->label()); break; case ValueType::Undefined: masm.branchTestUndefined(Assembler::NotEqual, input, failure->label()); break; case ValueType::Null: masm.branchTestNull(Assembler::NotEqual, input, failure->label()); break; case ValueType::Double: case ValueType::Magic: case ValueType::PrivateGCThing: case ValueType::Object: #ifdef ENABLE_RECORD_TUPLE case ValueType::ExtendedPrimitive: #endif MOZ_CRASH("unexpected type"); } return true; } static const JSClass* ClassFor(JSContext* cx, GuardClassKind kind) { switch (kind) { case GuardClassKind::Array: case GuardClassKind::PlainObject: case GuardClassKind::FixedLengthArrayBuffer: case GuardClassKind::ResizableArrayBuffer: case GuardClassKind::FixedLengthSharedArrayBuffer: case GuardClassKind::GrowableSharedArrayBuffer: case GuardClassKind::FixedLengthDataView: case GuardClassKind::ResizableDataView: case GuardClassKind::MappedArguments: case GuardClassKind::UnmappedArguments: case GuardClassKind::Set: case GuardClassKind::Map: case GuardClassKind::BoundFunction: case GuardClassKind::Date: return ClassFor(kind); case GuardClassKind::WindowProxy: return cx->runtime()->maybeWindowProxyClass(); case GuardClassKind::JSFunction: MOZ_CRASH("must be handled by caller"); } MOZ_CRASH("unexpected kind"); } bool CacheIRCompiler::emitGuardClass(ObjOperandId objId, GuardClassKind kind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } if (kind == GuardClassKind::JSFunction) { if (objectGuardNeedsSpectreMitigations(objId)) { masm.branchTestObjIsFunction(Assembler::NotEqual, obj, scratch, obj, failure->label()); } else { masm.branchTestObjIsFunctionNoSpectreMitigations( Assembler::NotEqual, obj, scratch, failure->label()); } return true; } const JSClass* clasp = ClassFor(cx_, kind); MOZ_ASSERT(clasp); if (objectGuardNeedsSpectreMitigations(objId)) { masm.branchTestObjClass(Assembler::NotEqual, obj, clasp, scratch, obj, failure->label()); } else { masm.branchTestObjClassNoSpectreMitigations(Assembler::NotEqual, obj, clasp, scratch, failure->label()); } return true; } bool CacheIRCompiler::emitGuardEitherClass(ObjOperandId objId, GuardClassKind kind1, GuardClassKind kind2) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // We don't yet need this case, so it's unsupported for now. MOZ_ASSERT(kind1 != GuardClassKind::JSFunction && kind2 != GuardClassKind::JSFunction); const JSClass* clasp1 = ClassFor(cx_, kind1); MOZ_ASSERT(clasp1); const JSClass* clasp2 = ClassFor(cx_, kind2); MOZ_ASSERT(clasp2); if (objectGuardNeedsSpectreMitigations(objId)) { masm.branchTestObjClass(Assembler::NotEqual, obj, {clasp1, clasp2}, scratch, obj, failure->label()); } else { masm.branchTestObjClassNoSpectreMitigations( Assembler::NotEqual, obj, {clasp1, clasp2}, scratch, failure->label()); } return true; } bool CacheIRCompiler::emitGuardNullProto(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadObjProto(obj, scratch); masm.branchTestPtr(Assembler::NonZero, scratch, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsExtensible(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfObjectNotExtensible(obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardDynamicSlotIsSpecificObject( ObjOperandId objId, ObjOperandId expectedId, uint32_t slotOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register expectedObject = allocator.useRegister(masm, expectedId); // Allocate registers before the failure path to make sure they're registered // by addFailurePath. AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Guard on the expected object. StubFieldOffset slot(slotOffset, StubField::Type::RawInt32); masm.loadPtr(Address(obj, NativeObject::offsetOfSlots()), scratch1); emitLoadStubField(slot, scratch2); BaseObjectSlotIndex expectedSlot(scratch1, scratch2); masm.fallibleUnboxObject(expectedSlot, scratch1, failure->label()); masm.branchPtr(Assembler::NotEqual, expectedObject, scratch1, failure->label()); return true; } bool CacheIRCompiler::emitGuardDynamicSlotIsNotObject(ObjOperandId objId, uint32_t slotOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Guard that the slot isn't an object. StubFieldOffset slot(slotOffset, StubField::Type::RawInt32); masm.loadPtr(Address(obj, NativeObject::offsetOfSlots()), scratch1); emitLoadStubField(slot, scratch2); BaseObjectSlotIndex expectedSlot(scratch1, scratch2); masm.branchTestObject(Assembler::Equal, expectedSlot, failure->label()); return true; } bool CacheIRCompiler::emitGuardFixedSlotValue(ObjOperandId objId, uint32_t offsetOffset, uint32_t valOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); AutoScratchValueRegister scratchVal(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } StubFieldOffset offset(offsetOffset, StubField::Type::RawInt32); emitLoadStubField(offset, scratch); StubFieldOffset val(valOffset, StubField::Type::Value); emitLoadValueStubField(val, scratchVal); BaseIndex slotVal(obj, scratch, TimesOne); masm.branchTestValue(Assembler::NotEqual, slotVal, scratchVal, failure->label()); return true; } bool CacheIRCompiler::emitGuardDynamicSlotValue(ObjOperandId objId, uint32_t offsetOffset, uint32_t valOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchValueRegister scratchVal(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, NativeObject::offsetOfSlots()), scratch1); StubFieldOffset offset(offsetOffset, StubField::Type::RawInt32); emitLoadStubField(offset, scratch2); StubFieldOffset val(valOffset, StubField::Type::Value); emitLoadValueStubField(val, scratchVal); BaseIndex slotVal(scratch1, scratch2, TimesOne); masm.branchTestValue(Assembler::NotEqual, slotVal, scratchVal, failure->label()); return true; } bool CacheIRCompiler::emitLoadScriptedProxyHandler(ObjOperandId resultId, ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), output); Address handlerAddr(output, js::detail::ProxyReservedSlots::offsetOfSlot( ScriptedProxyHandler::HANDLER_EXTRA)); masm.fallibleUnboxObject(handlerAddr, output, failure->label()); return true; } bool CacheIRCompiler::emitIdToStringOrSymbol(ValOperandId resultId, ValOperandId idId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand id = allocator.useValueRegister(masm, idId); ValueOperand output = allocator.defineValueRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.moveValue(id, output); Label done, intDone, callVM; { ScratchTagScope tag(masm, output); masm.splitTagForTest(output, tag); masm.branchTestString(Assembler::Equal, tag, &done); masm.branchTestSymbol(Assembler::Equal, tag, &done); masm.branchTestInt32(Assembler::NotEqual, tag, failure->label()); } Register intReg = output.scratchReg(); masm.unboxInt32(output, intReg); // Fast path for small integers. masm.lookupStaticIntString(intReg, intReg, scratch, cx_->staticStrings(), &callVM); masm.jump(&intDone); masm.bind(&callVM); LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = JSLinearString* (*)(JSContext* cx, int32_t i); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(intReg); masm.callWithABI<Fn, js::Int32ToStringPure>(); masm.storeCallPointerResult(intReg); LiveRegisterSet ignore; ignore.add(intReg); masm.PopRegsInMaskIgnore(volatileRegs, ignore); masm.branchPtr(Assembler::Equal, intReg, ImmPtr(nullptr), failure->label()); masm.bind(&intDone); masm.tagValue(JSVAL_TYPE_STRING, intReg, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadFixedSlot(ValOperandId resultId, ObjOperandId objId, uint32_t offsetOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand output = allocator.defineValueRegister(masm, resultId); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); StubFieldOffset slotIndex(offsetOffset, StubField::Type::RawInt32); emitLoadStubField(slotIndex, scratch); masm.loadValue(BaseIndex(obj, scratch, TimesOne), output); return true; } bool CacheIRCompiler::emitLoadDynamicSlot(ValOperandId resultId, ObjOperandId objId, uint32_t slotOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand output = allocator.defineValueRegister(masm, resultId); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); Register scratch2 = output.scratchReg(); StubFieldOffset slotIndex(slotOffset, StubField::Type::RawInt32); emitLoadStubField(slotIndex, scratch2); masm.loadPtr(Address(obj, NativeObject::offsetOfSlots()), scratch1); masm.loadValue(BaseObjectSlotIndex(scratch1, scratch2), output); return true; } bool CacheIRCompiler::emitGuardIsNativeObject(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfNonNativeObj(obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsProxy(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestObjectIsProxy(false, obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsNotProxy(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestObjectIsProxy(true, obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsNotArrayBufferMaybeShared(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadObjClassUnsafe(obj, scratch); masm.branchPtr(Assembler::Equal, scratch, ImmPtr(&FixedLengthArrayBufferObject::class_), failure->label()); masm.branchPtr(Assembler::Equal, scratch, ImmPtr(&FixedLengthSharedArrayBufferObject::class_), failure->label()); masm.branchPtr(Assembler::Equal, scratch, ImmPtr(&ResizableArrayBufferObject::class_), failure->label()); masm.branchPtr(Assembler::Equal, scratch, ImmPtr(&GrowableSharedArrayBufferObject::class_), failure->label()); return true; } bool CacheIRCompiler::emitGuardIsTypedArray(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadObjClassUnsafe(obj, scratch); masm.branchIfClassIsNotTypedArray(scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsFixedLengthTypedArray(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadObjClassUnsafe(obj, scratch); masm.branchIfClassIsNotFixedLengthTypedArray(scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsResizableTypedArray(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadObjClassUnsafe(obj, scratch); masm.branchIfClassIsNotResizableTypedArray(scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardIsNotDOMProxy(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestProxyHandlerFamily(Assembler::Equal, obj, scratch, GetDOMProxyHandlerFamily(), failure->label()); return true; } bool CacheIRCompiler::emitGuardNoDenseElements(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); // Make sure there are no dense elements. Address initLength(scratch, ObjectElements::offsetOfInitializedLength()); masm.branch32(Assembler::NotEqual, initLength, Imm32(0), failure->label()); return true; } bool CacheIRCompiler::emitGuardSpecificInt32(Int32OperandId numId, int32_t expected) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register num = allocator.useRegister(masm, numId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branch32(Assembler::NotEqual, num, Imm32(expected), failure->label()); return true; } bool CacheIRCompiler::emitGuardStringToInt32(StringOperandId strId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, strId); Register output = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.guardStringToInt32(str, output, scratch, liveVolatileRegs(), failure->label()); return true; } bool CacheIRCompiler::emitGuardStringToNumber(StringOperandId strId, NumberOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, strId); ValueOperand output = allocator.defineValueRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label vmCall, done; // Use indexed value as fast path if possible. masm.loadStringIndexValue(str, scratch, &vmCall); masm.tagValue(JSVAL_TYPE_INT32, scratch, output); masm.jump(&done); { masm.bind(&vmCall); // Reserve stack for holding the result value of the call. masm.reserveStack(sizeof(double)); masm.moveStackPtrTo(output.payloadOrValueReg()); // We cannot use callVM, as callVM expects to be able to clobber all // operands, however, since this op is not the last in the generated IC, we // want to be able to reference other live values. LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSString* str, double* result); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(str); masm.passABIArg(output.payloadOrValueReg()); masm.callWithABI<Fn, js::StringToNumberPure>(); masm.storeCallPointerResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(volatileRegs, ignore); Label ok; masm.branchIfTrueBool(scratch, &ok); { // OOM path, recovered by StringToNumberPure. // // Use addToStackPtr instead of freeStack as freeStack tracks stack height // flow-insensitively, and using it twice would confuse the stack height // tracking. masm.addToStackPtr(Imm32(sizeof(double))); masm.jump(failure->label()); } masm.bind(&ok); { ScratchDoubleScope fpscratch(masm); masm.loadDouble(Address(output.payloadOrValueReg(), 0), fpscratch); masm.boxDouble(fpscratch, output, fpscratch); } masm.freeStack(sizeof(double)); } masm.bind(&done); return true; } bool CacheIRCompiler::emitNumberParseIntResult(StringOperandId strId, Int32OperandId radixId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register radix = allocator.useRegister(masm, radixId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, callvm.output()); #ifdef DEBUG Label ok; masm.branch32(Assembler::Equal, radix, Imm32(0), &ok); masm.branch32(Assembler::Equal, radix, Imm32(10), &ok); masm.assumeUnreachable("radix must be 0 or 10 for indexed value fast path"); masm.bind(&ok); #endif // Discard the stack to ensure it's balanced when we skip the vm-call. allocator.discardStack(masm); // Use indexed value as fast path if possible. Label vmCall, done; masm.loadStringIndexValue(str, scratch, &vmCall); masm.tagValue(JSVAL_TYPE_INT32, scratch, callvm.outputValueReg()); masm.jump(&done); { masm.bind(&vmCall); callvm.prepare(); masm.Push(radix); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, int32_t, MutableHandleValue); callvm.call<Fn, js::NumberParseInt>(); } masm.bind(&done); return true; } bool CacheIRCompiler::emitDoubleParseIntResult(NumberOperandId numId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch1(*this, FloatReg0); AutoAvailableFloatRegister floatScratch2(*this, FloatReg1); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, numId, floatScratch1); masm.branchDouble(Assembler::DoubleUnordered, floatScratch1, floatScratch1, failure->label()); masm.branchTruncateDoubleToInt32(floatScratch1, scratch, failure->label()); Label ok; masm.branch32(Assembler::NotEqual, scratch, Imm32(0), &ok); { // Accept both +0 and -0 and return 0. masm.loadConstantDouble(0.0, floatScratch2); masm.branchDouble(Assembler::DoubleEqual, floatScratch1, floatScratch2, &ok); // Fail if a non-zero input is in the exclusive range (-1, 1.0e-6). masm.loadConstantDouble(DOUBLE_DECIMAL_IN_SHORTEST_LOW, floatScratch2); masm.branchDouble(Assembler::DoubleLessThan, floatScratch1, floatScratch2, failure->label()); } masm.bind(&ok); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitStringToAtom(StringOperandId stringId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, stringId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done, vmCall; masm.branchTest32(Assembler::NonZero, Address(str, JSString::offsetOfFlags()), Imm32(JSString::ATOM_BIT), &done); masm.tryFastAtomize(str, scratch, str, &vmCall); masm.jump(&done); masm.bind(&vmCall); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = JSAtom* (*)(JSContext* cx, JSString* str); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(str); masm.callWithABI<Fn, jit::AtomizeStringNoGC>(); masm.storeCallPointerResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(save, ignore); masm.branchPtr(Assembler::Equal, scratch, Imm32(0), failure->label()); masm.movePtr(scratch.get(), str); masm.bind(&done); return true; } bool CacheIRCompiler::emitBooleanToNumber(BooleanOperandId booleanId, NumberOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register boolean = allocator.useRegister(masm, booleanId); ValueOperand output = allocator.defineValueRegister(masm, resultId); masm.tagValue(JSVAL_TYPE_INT32, boolean, output); return true; } bool CacheIRCompiler::emitGuardStringToIndex(StringOperandId strId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, strId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label vmCall, done; masm.loadStringIndexValue(str, output, &vmCall); masm.jump(&done); { masm.bind(&vmCall); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = int32_t (*)(JSString* str); masm.setupUnalignedABICall(output); masm.passABIArg(str); masm.callWithABI<Fn, GetIndexFromString>(); masm.storeCallInt32Result(output); LiveRegisterSet ignore; ignore.add(output); masm.PopRegsInMaskIgnore(save, ignore); // GetIndexFromString returns a negative value on failure. masm.branchTest32(Assembler::Signed, output, output, failure->label()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadProto(ObjOperandId objId, ObjOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register reg = allocator.defineRegister(masm, resultId); masm.loadObjProto(obj, reg); #ifdef DEBUG // We shouldn't encounter a null or lazy proto. MOZ_ASSERT(uintptr_t(TaggedProto::LazyProto) == 1); Label done; masm.branchPtr(Assembler::Above, reg, ImmWord(1), &done); masm.assumeUnreachable("Unexpected null or lazy proto in CacheIR LoadProto"); masm.bind(&done); #endif return true; } bool CacheIRCompiler::emitLoadEnclosingEnvironment(ObjOperandId objId, ObjOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register reg = allocator.defineRegister(masm, resultId); masm.unboxObject( Address(obj, EnvironmentObject::offsetOfEnclosingEnvironment()), reg); return true; } bool CacheIRCompiler::emitLoadWrapperTarget(ObjOperandId objId, ObjOperandId resultId, bool fallible) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register reg = allocator.defineRegister(masm, resultId); FailurePath* failure; if (fallible && !addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), reg); Address targetAddr(reg, js::detail::ProxyReservedSlots::offsetOfPrivateSlot()); if (fallible) { masm.fallibleUnboxObject(targetAddr, reg, failure->label()); } else { masm.unboxObject(targetAddr, reg); } return true; } bool CacheIRCompiler::emitLoadValueTag(ValOperandId valId, ValueTagOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand val = allocator.useValueRegister(masm, valId); Register res = allocator.defineRegister(masm, resultId); Register tag = masm.extractTag(val, res); if (tag != res) { masm.mov(tag, res); } return true; } bool CacheIRCompiler::emitLoadDOMExpandoValue(ObjOperandId objId, ValOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); ValueOperand val = allocator.defineValueRegister(masm, resultId); masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), val.scratchReg()); masm.loadValue(Address(val.scratchReg(), js::detail::ProxyReservedSlots::offsetOfPrivateSlot()), val); return true; } bool CacheIRCompiler::emitLoadDOMExpandoValueIgnoreGeneration( ObjOperandId objId, ValOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); ValueOperand output = allocator.defineValueRegister(masm, resultId); // Determine the expando's Address. Register scratch = output.scratchReg(); masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), scratch); Address expandoAddr(scratch, js::detail::ProxyReservedSlots::offsetOfPrivateSlot()); #ifdef DEBUG // Private values are stored as doubles, so assert we have a double. Label ok; masm.branchTestDouble(Assembler::Equal, expandoAddr, &ok); masm.assumeUnreachable("DOM expando is not a PrivateValue!"); masm.bind(&ok); #endif // Load the ExpandoAndGeneration* from the PrivateValue. masm.loadPrivate(expandoAddr, scratch); // Load expandoAndGeneration->expando into the output Value register. masm.loadValue(Address(scratch, ExpandoAndGeneration::offsetOfExpando()), output); return true; } bool CacheIRCompiler::emitLoadUndefinedResult() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); masm.moveValue(UndefinedValue(), output.valueReg()); return true; } static void EmitStoreBoolean(MacroAssembler& masm, bool b, const AutoOutputRegister& output) { if (output.hasValue()) { Value val = BooleanValue(b); masm.moveValue(val, output.valueReg()); } else { MOZ_ASSERT(output.type() == JSVAL_TYPE_BOOLEAN); masm.movePtr(ImmWord(b), output.typedReg().gpr()); } } bool CacheIRCompiler::emitLoadBooleanResult(bool val) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); EmitStoreBoolean(masm, val, output); return true; } bool CacheIRCompiler::emitLoadOperandResult(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand input = allocator.useValueRegister(masm, inputId); masm.moveValue(input, output.valueReg()); return true; } static void EmitStoreResult(MacroAssembler& masm, Register reg, JSValueType type, const AutoOutputRegister& output) { if (output.hasValue()) { masm.tagValue(type, reg, output.valueReg()); return; } if (type == JSVAL_TYPE_INT32 && output.typedReg().isFloat()) { masm.convertInt32ToDouble(reg, output.typedReg().fpu()); return; } if (type == output.type()) { masm.mov(reg, output.typedReg().gpr()); return; } masm.assumeUnreachable("Should have monitored result"); } bool CacheIRCompiler::emitLoadInt32ArrayLengthResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); masm.load32(Address(scratch, ObjectElements::offsetOfLength()), scratch); // Guard length fits in an int32. masm.branchTest32(Assembler::Signed, scratch, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadInt32ArrayLength(ObjOperandId objId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register res = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), res); masm.load32(Address(res, ObjectElements::offsetOfLength()), res); // Guard length fits in an int32. masm.branchTest32(Assembler::Signed, res, res, failure->label()); return true; } bool CacheIRCompiler::emitDoubleAddResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); masm.addDouble(floatScratch1, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitDoubleSubResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); masm.subDouble(floatScratch1, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitDoubleMulResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); masm.mulDouble(floatScratch1, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitDoubleDivResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); masm.divDouble(floatScratch1, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitDoubleModResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double a, double b); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.callWithABI<Fn, js::NumberMod>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitDoublePowResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double x, double y); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.callWithABI<Fn, js::ecmaPow>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitInt32AddResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(rhs, scratch); masm.branchAdd32(Assembler::Overflow, lhs, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32SubResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(lhs, scratch); masm.branchSub32(Assembler::Overflow, rhs, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32MulResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegister scratch(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label maybeNegZero, done; masm.mov(lhs, scratch); masm.branchMul32(Assembler::Overflow, rhs, scratch, failure->label()); masm.branchTest32(Assembler::Zero, scratch, scratch, &maybeNegZero); masm.jump(&done); masm.bind(&maybeNegZero); masm.mov(lhs, scratch2); // Result is -0 if exactly one of lhs or rhs is negative. masm.or32(rhs, scratch2); masm.branchTest32(Assembler::Signed, scratch2, scratch2, failure->label()); masm.bind(&done); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32DivResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegister rem(allocator, masm); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Prevent division by 0. masm.branchTest32(Assembler::Zero, rhs, rhs, failure->label()); // Prevent -2147483648 / -1. Label notOverflow; masm.branch32(Assembler::NotEqual, lhs, Imm32(INT32_MIN), ¬Overflow); masm.branch32(Assembler::Equal, rhs, Imm32(-1), failure->label()); masm.bind(¬Overflow); // Prevent negative 0. Label notZero; masm.branchTest32(Assembler::NonZero, lhs, lhs, ¬Zero); masm.branchTest32(Assembler::Signed, rhs, rhs, failure->label()); masm.bind(¬Zero); masm.mov(lhs, scratch); masm.flexibleDivMod32(rhs, scratch, rem, false, liveVolatileRegs()); // A remainder implies a double result. masm.branchTest32(Assembler::NonZero, rem, rem, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32ModResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // x % 0 results in NaN masm.branchTest32(Assembler::Zero, rhs, rhs, failure->label()); // Prevent -2147483648 % -1. // // Traps on x86 and has undefined behavior on ARM32 (when __aeabi_idivmod is // called). Label notOverflow; masm.branch32(Assembler::NotEqual, lhs, Imm32(INT32_MIN), ¬Overflow); masm.branch32(Assembler::Equal, rhs, Imm32(-1), failure->label()); masm.bind(¬Overflow); masm.mov(lhs, scratch); masm.flexibleRemainder32(rhs, scratch, false, liveVolatileRegs()); // Modulo takes the sign of the dividend; we can't return negative zero here. Label notZero; masm.branchTest32(Assembler::NonZero, scratch, scratch, ¬Zero); masm.branchTest32(Assembler::Signed, lhs, lhs, failure->label()); masm.bind(¬Zero); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32PowResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register base = allocator.useRegister(masm, lhsId); Register power = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); AutoScratchRegister scratch3(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.pow32(base, power, scratch1, scratch2, scratch3, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32BitOrResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); masm.mov(rhs, scratch); masm.or32(lhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32BitXorResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); masm.mov(rhs, scratch); masm.xor32(lhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32BitAndResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); masm.mov(rhs, scratch); masm.and32(lhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32LeftShiftResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.mov(lhs, scratch); masm.flexibleLshift32(rhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32RightShiftResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.mov(lhs, scratch); masm.flexibleRshift32Arithmetic(rhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32URightShiftResult(Int32OperandId lhsId, Int32OperandId rhsId, bool forceDouble) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(lhs, scratch); masm.flexibleRshift32(rhs, scratch); if (forceDouble) { ScratchDoubleScope fpscratch(masm); masm.convertUInt32ToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); } else { masm.branchTest32(Assembler::Signed, scratch, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); } return true; } bool CacheIRCompiler::emitInt32NegationResult(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register val = allocator.useRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Guard against 0 and MIN_INT by checking if low 31-bits are all zero. // Both of these result in a double. masm.branchTest32(Assembler::Zero, val, Imm32(0x7fffffff), failure->label()); masm.mov(val, scratch); masm.neg32(scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32IncResult(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register input = allocator.useRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(input, scratch); masm.branchAdd32(Assembler::Overflow, Imm32(1), scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32DecResult(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register input = allocator.useRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(input, scratch); masm.branchSub32(Assembler::Overflow, Imm32(1), scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32NotResult(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register val = allocator.useRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.mov(val, scratch); masm.not32(scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitDoubleNegationResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchFloatRegister floatReg(this); allocator.ensureDoubleRegister(masm, inputId, floatReg); masm.negateDouble(floatReg); masm.boxDouble(floatReg, output.valueReg(), floatReg); return true; } bool CacheIRCompiler::emitDoubleIncDecResult(bool isInc, NumberOperandId inputId) { AutoOutputRegister output(*this); AutoScratchFloatRegister floatReg(this); allocator.ensureDoubleRegister(masm, inputId, floatReg); { ScratchDoubleScope fpscratch(masm); masm.loadConstantDouble(1.0, fpscratch); if (isInc) { masm.addDouble(fpscratch, floatReg); } else { masm.subDouble(fpscratch, floatReg); } } masm.boxDouble(floatReg, output.valueReg(), floatReg); return true; } bool CacheIRCompiler::emitDoubleIncResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); return emitDoubleIncDecResult(true, inputId); } bool CacheIRCompiler::emitDoubleDecResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); return emitDoubleIncDecResult(false, inputId); } template <typename Fn, Fn fn> bool CacheIRCompiler::emitBigIntBinaryOperationShared(BigIntOperandId lhsId, BigIntOperandId rhsId) { AutoCallVM callvm(masm, this, allocator); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); callvm.prepare(); masm.Push(rhs); masm.Push(lhs); callvm.call<Fn, fn>(); return true; } bool CacheIRCompiler::emitBigIntAddResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::add>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntSubResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::sub>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntMulResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::mul>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntDivResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::div>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntModResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::mod>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntPowResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::pow>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntBitAndResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::bitAnd>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntBitOrResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::bitOr>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntBitXorResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::bitXor>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntLeftShiftResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::lsh>(lhsId, rhsId); } bool CacheIRCompiler::emitBigIntRightShiftResult(BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt, HandleBigInt); return emitBigIntBinaryOperationShared<Fn, BigInt::rsh>(lhsId, rhsId); } template <typename Fn, Fn fn> bool CacheIRCompiler::emitBigIntUnaryOperationShared(BigIntOperandId inputId) { AutoCallVM callvm(masm, this, allocator); Register val = allocator.useRegister(masm, inputId); callvm.prepare(); masm.Push(val); callvm.call<Fn, fn>(); return true; } bool CacheIRCompiler::emitBigIntNotResult(BigIntOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt); return emitBigIntUnaryOperationShared<Fn, BigInt::bitNot>(inputId); } bool CacheIRCompiler::emitBigIntNegationResult(BigIntOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt); return emitBigIntUnaryOperationShared<Fn, BigInt::neg>(inputId); } bool CacheIRCompiler::emitBigIntIncResult(BigIntOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt); return emitBigIntUnaryOperationShared<Fn, BigInt::inc>(inputId); } bool CacheIRCompiler::emitBigIntDecResult(BigIntOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); using Fn = BigInt* (*)(JSContext*, HandleBigInt); return emitBigIntUnaryOperationShared<Fn, BigInt::dec>(inputId); } bool CacheIRCompiler::emitBigIntToIntPtr(BigIntOperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadBigIntPtr(input, output, failure->label()); return true; } static gc::Heap InitialBigIntHeap(JSContext* cx) { JS::Zone* zone = cx->zone(); return zone->allocNurseryBigInts() ? gc::Heap::Default : gc::Heap::Tenured; } static void EmitAllocateBigInt(MacroAssembler& masm, Register result, Register temp, const LiveRegisterSet& liveSet, gc::Heap initialHeap, Label* fail) { Label fallback, done; masm.newGCBigInt(result, temp, initialHeap, &fallback); masm.jump(&done); { masm.bind(&fallback); // Request a minor collection at a later time if nursery allocation failed. bool requestMinorGC = initialHeap == gc::Heap::Default; masm.PushRegsInMask(liveSet); using Fn = void* (*)(JSContext* cx, bool requestMinorGC); masm.setupUnalignedABICall(temp); masm.loadJSContext(temp); masm.passABIArg(temp); masm.move32(Imm32(requestMinorGC), result); masm.passABIArg(result); masm.callWithABI<Fn, jit::AllocateBigIntNoGC>(); masm.storeCallPointerResult(result); masm.PopRegsInMask(liveSet); masm.branchPtr(Assembler::Equal, result, ImmWord(0), fail); } masm.bind(&done); } bool CacheIRCompiler::emitIntPtrToBigIntResult(IntPtrOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register input = allocator.useRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(scratch1); save.takeUnchecked(scratch2); save.takeUnchecked(output); // Allocate a new BigInt. The code after this must be infallible. gc::Heap initialHeap = InitialBigIntHeap(cx_); EmitAllocateBigInt(masm, scratch1, scratch2, save, initialHeap, failure->label()); masm.movePtr(input, scratch2); masm.initializeBigIntPtr(scratch1, scratch2); masm.tagValue(JSVAL_TYPE_BIGINT, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitBigIntPtrAdd(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(rhs, output); masm.branchAddPtr(Assembler::Overflow, lhs, output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrSub(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(lhs, output); masm.branchSubPtr(Assembler::Overflow, rhs, output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrMul(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(rhs, output); masm.branchMulPtr(Assembler::Overflow, lhs, output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrDiv(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } static constexpr auto DigitMin = std::numeric_limits< mozilla::SignedStdintTypeForSize<sizeof(BigInt::Digit)>::Type>::min(); // Prevent division by 0. masm.branchTestPtr(Assembler::Zero, rhs, rhs, failure->label()); // Prevent INTPTR_MIN / -1. Label notOverflow; masm.branchPtr(Assembler::NotEqual, lhs, ImmWord(DigitMin), ¬Overflow); masm.branchPtr(Assembler::Equal, rhs, Imm32(-1), failure->label()); masm.bind(¬Overflow); LiveRegisterSet volatileRegs(GeneralRegisterSet::Volatile(), liveVolatileFloatRegs()); masm.movePtr(lhs, output); masm.flexibleQuotientPtr(rhs, output, false, volatileRegs); return true; } bool CacheIRCompiler::emitBigIntPtrMod(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } static constexpr auto DigitMin = std::numeric_limits< mozilla::SignedStdintTypeForSize<sizeof(BigInt::Digit)>::Type>::min(); // Prevent division by 0. masm.branchTestPtr(Assembler::Zero, rhs, rhs, failure->label()); masm.movePtr(lhs, output); // Prevent INTPTR_MIN / -1. Label notOverflow; masm.branchPtr(Assembler::NotEqual, lhs, ImmWord(DigitMin), ¬Overflow); masm.branchPtr(Assembler::NotEqual, rhs, Imm32(-1), ¬Overflow); masm.movePtr(ImmWord(0), output); masm.bind(¬Overflow); LiveRegisterSet volatileRegs(GeneralRegisterSet::Volatile(), liveVolatileFloatRegs()); masm.flexibleRemainderPtr(rhs, output, false, volatileRegs); return true; } bool CacheIRCompiler::emitBigIntPtrPow(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.powPtr(lhs, rhs, output, scratch1, scratch2, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrBitOr(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); masm.movePtr(rhs, output); masm.orPtr(lhs, output); return true; } bool CacheIRCompiler::emitBigIntPtrBitXor(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); masm.movePtr(rhs, output); masm.xorPtr(lhs, output); return true; } bool CacheIRCompiler::emitBigIntPtrBitAnd(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); masm.movePtr(rhs, output); masm.andPtr(lhs, output); return true; } bool CacheIRCompiler::emitBigIntPtrLeftShift(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.movePtr(lhs, output); // 0n << x == 0n masm.branchPtr(Assembler::Equal, lhs, Imm32(0), &done); // x << DigitBits with x != 0n always exceeds pointer-sized storage. masm.branchPtr(Assembler::GreaterThanOrEqual, rhs, Imm32(BigInt::DigitBits), failure->label()); // x << -DigitBits == x >> DigitBits, which is either 0n or -1n. Label shift; masm.branchPtr(Assembler::GreaterThan, rhs, Imm32(-int32_t(BigInt::DigitBits)), &shift); { masm.rshiftPtrArithmetic(Imm32(BigInt::DigitBits - 1), output); masm.jump(&done); } masm.bind(&shift); // |x << -y| is computed as |x >> y|. Label leftShift; masm.branchPtr(Assembler::GreaterThanOrEqual, rhs, Imm32(0), &leftShift); { masm.movePtr(rhs, scratch); masm.negPtr(scratch); masm.flexibleRshiftPtrArithmetic(scratch, output); masm.jump(&done); } masm.bind(&leftShift); masm.flexibleLshiftPtr(rhs, output); // Check for overflow: ((lhs << rhs) >> rhs) == lhs. masm.movePtr(output, scratch); masm.flexibleRshiftPtrArithmetic(rhs, scratch); masm.branchPtr(Assembler::NotEqual, scratch, lhs, failure->label()); masm.bind(&done); return true; } bool CacheIRCompiler::emitBigIntPtrRightShift(IntPtrOperandId lhsId, IntPtrOperandId rhsId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); Register output = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.movePtr(lhs, output); // 0n >> x == 0n masm.branchPtr(Assembler::Equal, lhs, Imm32(0), &done); // x >> -DigitBits == x << DigitBits, which exceeds pointer-sized storage. masm.branchPtr(Assembler::LessThanOrEqual, rhs, Imm32(-int32_t(BigInt::DigitBits)), failure->label()); // x >> DigitBits is either 0n or -1n. Label shift; masm.branchPtr(Assembler::LessThan, rhs, Imm32(BigInt::DigitBits), &shift); { masm.rshiftPtrArithmetic(Imm32(BigInt::DigitBits - 1), output); masm.jump(&done); } masm.bind(&shift); // |x >> -y| is computed as |x << y|. Label rightShift; masm.branchPtr(Assembler::GreaterThanOrEqual, rhs, Imm32(0), &rightShift); { masm.movePtr(rhs, scratch1); masm.negPtr(scratch1); masm.flexibleLshiftPtr(scratch1, output); // Check for overflow: ((lhs << rhs) >> rhs) == lhs. masm.movePtr(output, scratch2); masm.flexibleRshiftPtrArithmetic(scratch1, scratch2); masm.branchPtr(Assembler::NotEqual, scratch2, lhs, failure->label()); masm.jump(&done); } masm.bind(&rightShift); masm.flexibleRshiftPtrArithmetic(rhs, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitBigIntPtrNegation(IntPtrOperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(input, output); masm.branchNegPtr(Assembler::Overflow, output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrInc(IntPtrOperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(input, output); masm.branchAddPtr(Assembler::Overflow, Imm32(1), output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrDec(IntPtrOperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.movePtr(input, output); masm.branchSubPtr(Assembler::Overflow, Imm32(1), output, failure->label()); return true; } bool CacheIRCompiler::emitBigIntPtrNot(IntPtrOperandId inputId, IntPtrOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register output = allocator.defineRegister(masm, resultId); masm.movePtr(input, output); masm.notPtr(output); return true; } bool CacheIRCompiler::emitTruncateDoubleToUInt32(NumberOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register res = allocator.defineRegister(masm, resultId); AutoScratchFloatRegister floatReg(this); allocator.ensureDoubleRegister(masm, inputId, floatReg); TruncateDoubleModUint32(masm, floatReg, res, liveVolatileRegs()); return true; } bool CacheIRCompiler::emitDoubleToUint8Clamped(NumberOperandId inputId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register res = allocator.defineRegister(masm, resultId); AutoScratchFloatRegister floatReg(this); allocator.ensureDoubleRegister(masm, inputId, floatReg); masm.clampDoubleToUint8(floatReg, res); return true; } bool CacheIRCompiler::emitLoadArgumentsObjectLengthResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArgumentsObjectLength(obj, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadArgumentsObjectLength(ObjOperandId objId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register res = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArgumentsObjectLength(obj, res, failure->label()); return true; } bool CacheIRCompiler::emitLoadArrayBufferByteLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArrayBufferByteLengthIntPtr(obj, scratch); masm.guardNonNegativeIntPtrToInt32(scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadArrayBufferByteLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); ScratchDoubleScope fpscratch(masm); masm.loadArrayBufferByteLengthIntPtr(obj, scratch); masm.convertIntPtrToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitLoadArrayBufferViewLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArrayBufferViewLengthIntPtr(obj, scratch); masm.guardNonNegativeIntPtrToInt32(scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadArrayBufferViewLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); ScratchDoubleScope fpscratch(masm); masm.loadArrayBufferViewLengthIntPtr(obj, scratch); masm.convertIntPtrToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitLoadBoundFunctionNumArgs(ObjOperandId objId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register output = allocator.defineRegister(masm, resultId); masm.unboxInt32(Address(obj, BoundFunctionObject::offsetOfFlagsSlot()), output); masm.rshift32(Imm32(BoundFunctionObject::NumBoundArgsShift), output); return true; } bool CacheIRCompiler::emitLoadBoundFunctionTarget(ObjOperandId objId, ObjOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register output = allocator.defineRegister(masm, resultId); masm.unboxObject(Address(obj, BoundFunctionObject::offsetOfTargetSlot()), output); return true; } bool CacheIRCompiler::emitLoadBoundFunctionArgument(ObjOperandId objId, uint32_t index, ValOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); ValueOperand output = allocator.defineValueRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); constexpr size_t inlineArgsOffset = BoundFunctionObject::offsetOfFirstInlineBoundArg(); masm.unboxObject(Address(obj, inlineArgsOffset), scratch); masm.loadPtr(Address(scratch, NativeObject::offsetOfElements()), scratch); masm.loadValue(Address(scratch, index * sizeof(Value)), output); return true; } bool CacheIRCompiler::emitGuardBoundFunctionIsConstructor(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Address flagsSlot(obj, BoundFunctionObject::offsetOfFlagsSlot()); masm.branchTest32(Assembler::Zero, flagsSlot, Imm32(BoundFunctionObject::IsConstructorFlag), failure->label()); return true; } bool CacheIRCompiler::emitGuardObjectIdentity(ObjOperandId obj1Id, ObjOperandId obj2Id) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj1 = allocator.useRegister(masm, obj1Id); Register obj2 = allocator.useRegister(masm, obj2Id); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchPtr(Assembler::NotEqual, obj1, obj2, failure->label()); return true; } bool CacheIRCompiler::emitLoadFunctionLengthResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Get the JSFunction flags and arg count. masm.load32(Address(obj, JSFunction::offsetOfFlagsAndArgCount()), scratch); // Functions with a SelfHostedLazyScript must be compiled with the slow-path // before the function length is known. If the length was previously resolved, // the length property may be shadowed. masm.branchTest32( Assembler::NonZero, scratch, Imm32(FunctionFlags::SELFHOSTLAZY | FunctionFlags::RESOLVED_LENGTH), failure->label()); masm.loadFunctionLength(obj, scratch, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadFunctionNameResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadFunctionName(obj, scratch, ImmGCPtr(cx_->names().empty_), failure->label()); masm.tagValue(JSVAL_TYPE_STRING, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLinearizeForCharAccess(StringOperandId strId, Int32OperandId indexId, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, strId); Register index = allocator.useRegister(masm, indexId); Register result = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.movePtr(str, result); // We can omit the bounds check, because we only compare the index against the // string length. In the worst case we unnecessarily linearize the string // when the index is out-of-bounds. masm.branchIfCanLoadStringChar(str, index, scratch, &done); { LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = JSLinearString* (*)(JSString*); masm.setupUnalignedABICall(scratch); masm.passABIArg(str); masm.callWithABI<Fn, js::jit::LinearizeForCharAccessPure>(); masm.storeCallPointerResult(result); LiveRegisterSet ignore; ignore.add(result); masm.PopRegsInMaskIgnore(volatileRegs, ignore); masm.branchTestPtr(Assembler::Zero, result, result, failure->label()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitLinearizeForCodePointAccess( StringOperandId strId, Int32OperandId indexId, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register str = allocator.useRegister(masm, strId); Register index = allocator.useRegister(masm, indexId); Register result = allocator.defineRegister(masm, resultId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.movePtr(str, result); // We can omit the bounds check, because we only compare the index against the // string length. In the worst case we unnecessarily linearize the string // when the index is out-of-bounds. masm.branchIfCanLoadStringCodePoint(str, index, scratch1, scratch2, &done); { LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = JSLinearString* (*)(JSString*); masm.setupUnalignedABICall(scratch1); masm.passABIArg(str); masm.callWithABI<Fn, js::jit::LinearizeForCharAccessPure>(); masm.storeCallPointerResult(result); LiveRegisterSet ignore; ignore.add(result); masm.PopRegsInMaskIgnore(volatileRegs, ignore); masm.branchTestPtr(Assembler::Zero, result, result, failure->label()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitToRelativeStringIndex(Int32OperandId indexId, StringOperandId strId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register index = allocator.useRegister(masm, indexId); Register str = allocator.useRegister(masm, strId); Register result = allocator.defineRegister(masm, resultId); // If |index| is non-negative, it's an index relative to the start of the // string. Otherwise it's an index relative to the end of the string. masm.move32(Imm32(0), result); masm.cmp32Load32(Assembler::LessThan, index, Imm32(0), Address(str, JSString::offsetOfLength()), result); masm.add32(index, result); return true; } bool CacheIRCompiler::emitLoadStringLengthResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register str = allocator.useRegister(masm, strId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.loadStringLength(str, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadStringCharCodeResult(StringOperandId strId, Int32OperandId indexId, bool handleOOB) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register str = allocator.useRegister(masm, strId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); AutoScratchRegister scratch3(allocator, masm); // Bounds check, load string char. Label done; if (!handleOOB) { FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.spectreBoundsCheck32(index, Address(str, JSString::offsetOfLength()), scratch1, failure->label()); masm.loadStringChar(str, index, scratch1, scratch2, scratch3, failure->label()); } else { // Return NaN for out-of-bounds access. masm.moveValue(JS::NaNValue(), output.valueReg()); // The bounds check mustn't use a scratch register which aliases the output. MOZ_ASSERT(!output.valueReg().aliases(scratch3)); // This CacheIR op is always preceded by |LinearizeForCharAccess|, so we're // guaranteed to see no nested ropes. Label loadFailed; masm.spectreBoundsCheck32(index, Address(str, JSString::offsetOfLength()), scratch3, &done); masm.loadStringChar(str, index, scratch1, scratch2, scratch3, &loadFailed); Label loadedChar; masm.jump(&loadedChar); masm.bind(&loadFailed); masm.assumeUnreachable("loadStringChar can't fail for linear strings"); masm.bind(&loadedChar); } masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadStringCodePointResult(StringOperandId strId, Int32OperandId indexId, bool handleOOB) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register str = allocator.useRegister(masm, strId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); AutoScratchRegister scratch3(allocator, masm); // Bounds check, load string char. Label done; if (!handleOOB) { FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.spectreBoundsCheck32(index, Address(str, JSString::offsetOfLength()), scratch1, failure->label()); masm.loadStringCodePoint(str, index, scratch1, scratch2, scratch3, failure->label()); } else { // Return undefined for out-of-bounds access. masm.moveValue(JS::UndefinedValue(), output.valueReg()); // The bounds check mustn't use a scratch register which aliases the output. MOZ_ASSERT(!output.valueReg().aliases(scratch3)); // This CacheIR op is always preceded by |LinearizeForCodePointAccess|, so // we're guaranteed to see no nested ropes or split surrogates. Label loadFailed; masm.spectreBoundsCheck32(index, Address(str, JSString::offsetOfLength()), scratch3, &done); masm.loadStringCodePoint(str, index, scratch1, scratch2, scratch3, &loadFailed); Label loadedChar; masm.jump(&loadedChar); masm.bind(&loadFailed); masm.assumeUnreachable("loadStringCodePoint can't fail for linear strings"); masm.bind(&loadedChar); } masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitNewMapObjectResult(uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); callvm.prepare(); masm.Push(ImmPtr(nullptr)); // proto using Fn = MapObject* (*)(JSContext*, HandleObject); callvm.call<Fn, MapObject::create>(); return true; } bool CacheIRCompiler::emitNewSetObjectResult(uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); callvm.prepare(); masm.Push(ImmPtr(nullptr)); // proto using Fn = SetObject* (*)(JSContext*, HandleObject); callvm.call<Fn, SetObject::create>(); return true; } bool CacheIRCompiler::emitNewMapObjectFromIterableResult( uint32_t templateObjectOffset, ValOperandId iterableId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); ValueOperand iterable = allocator.useValueRegister(masm, iterableId); callvm.prepare(); masm.Push(ImmPtr(nullptr)); // allocatedFromJit masm.Push(iterable); masm.Push(ImmPtr(nullptr)); // proto using Fn = MapObject* (*)(JSContext*, Handle<JSObject*>, Handle<Value>, Handle<MapObject*>); callvm.call<Fn, MapObject::createFromIterable>(); return true; } bool CacheIRCompiler::emitNewSetObjectFromIterableResult( uint32_t templateObjectOffset, ValOperandId iterableId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); ValueOperand iterable = allocator.useValueRegister(masm, iterableId); callvm.prepare(); masm.Push(ImmPtr(nullptr)); // allocatedFromJit masm.Push(iterable); masm.Push(ImmPtr(nullptr)); // proto using Fn = SetObject* (*)(JSContext*, Handle<JSObject*>, Handle<Value>, Handle<SetObject*>); callvm.call<Fn, SetObject::createFromIterable>(); return true; } bool CacheIRCompiler::emitNewStringObjectResult(uint32_t templateObjectOffset, StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSObject* (*)(JSContext*, HandleString); callvm.call<Fn, NewStringObject>(); return true; } bool CacheIRCompiler::emitStringIncludesResult(StringOperandId strId, StringOperandId searchStrId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register searchStr = allocator.useRegister(masm, searchStrId); callvm.prepare(); masm.Push(searchStr); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, HandleString, bool*); callvm.call<Fn, js::StringIncludes>(); return true; } bool CacheIRCompiler::emitStringIndexOfResult(StringOperandId strId, StringOperandId searchStrId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register searchStr = allocator.useRegister(masm, searchStrId); callvm.prepare(); masm.Push(searchStr); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, HandleString, int32_t*); callvm.call<Fn, js::StringIndexOf>(); return true; } bool CacheIRCompiler::emitStringLastIndexOfResult(StringOperandId strId, StringOperandId searchStrId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register searchStr = allocator.useRegister(masm, searchStrId); callvm.prepare(); masm.Push(searchStr); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, HandleString, int32_t*); callvm.call<Fn, js::StringLastIndexOf>(); return true; } bool CacheIRCompiler::emitStringStartsWithResult(StringOperandId strId, StringOperandId searchStrId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register searchStr = allocator.useRegister(masm, searchStrId); callvm.prepare(); masm.Push(searchStr); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, HandleString, bool*); callvm.call<Fn, js::StringStartsWith>(); return true; } bool CacheIRCompiler::emitStringEndsWithResult(StringOperandId strId, StringOperandId searchStrId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register searchStr = allocator.useRegister(masm, searchStrId); callvm.prepare(); masm.Push(searchStr); masm.Push(str); using Fn = bool (*)(JSContext*, HandleString, HandleString, bool*); callvm.call<Fn, js::StringEndsWith>(); return true; } bool CacheIRCompiler::emitStringToLowerCaseResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSLinearString* (*)(JSContext*, JSString*); callvm.call<Fn, js::StringToLowerCase>(); return true; } bool CacheIRCompiler::emitStringToUpperCaseResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSLinearString* (*)(JSContext*, JSString*); callvm.call<Fn, js::StringToUpperCase>(); return true; } bool CacheIRCompiler::emitStringTrimResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSString* (*)(JSContext*, HandleString); callvm.call<Fn, js::StringTrim>(); return true; } bool CacheIRCompiler::emitStringTrimStartResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSString* (*)(JSContext*, HandleString); callvm.call<Fn, js::StringTrimStart>(); return true; } bool CacheIRCompiler::emitStringTrimEndResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = JSString* (*)(JSContext*, HandleString); callvm.call<Fn, js::StringTrimEnd>(); return true; } bool CacheIRCompiler::emitLoadArgumentsObjectArgResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArgumentsObjectElement(obj, index, output.valueReg(), scratch, failure->label()); return true; } bool CacheIRCompiler::emitLoadArgumentsObjectArgHoleResult( ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArgumentsObjectElementHole(obj, index, output.valueReg(), scratch, failure->label()); return true; } bool CacheIRCompiler::emitLoadArgumentsObjectArgExistsResult( ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArgumentsObjectElementExists(obj, index, scratch2, scratch1, failure->label()); EmitStoreResult(masm, scratch2, JSVAL_TYPE_BOOLEAN, output); return true; } bool CacheIRCompiler::emitLoadDenseElementResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch1); // Bounds check. Address initLength(scratch1, ObjectElements::offsetOfInitializedLength()); masm.spectreBoundsCheck32(index, initLength, scratch2, failure->label()); // Hole check. BaseObjectElementIndex element(scratch1, index); masm.branchTestMagic(Assembler::Equal, element, failure->label()); masm.loadTypedOrValue(element, output); return true; } bool CacheIRCompiler::emitGuardInt32IsNonNegative(Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register index = allocator.useRegister(masm, indexId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branch32(Assembler::LessThan, index, Imm32(0), failure->label()); return true; } bool CacheIRCompiler::emitGuardIndexIsNotDenseElement(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch(allocator, masm); AutoSpectreBoundsScratchRegister spectreScratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); // Ensure index >= initLength or the element is a hole. Label notDense; Address capacity(scratch, ObjectElements::offsetOfInitializedLength()); masm.spectreBoundsCheck32(index, capacity, spectreScratch, ¬Dense); BaseValueIndex element(scratch, index); masm.branchTestMagic(Assembler::Equal, element, ¬Dense); masm.jump(failure->label()); masm.bind(¬Dense); return true; } bool CacheIRCompiler::emitGuardIndexIsValidUpdateOrAdd(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch(allocator, masm); AutoSpectreBoundsScratchRegister spectreScratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); Label success; // If length is writable, branch to &success. All indices are writable. Address flags(scratch, ObjectElements::offsetOfFlags()); masm.branchTest32(Assembler::Zero, flags, Imm32(ObjectElements::Flags::NONWRITABLE_ARRAY_LENGTH), &success); // Otherwise, ensure index is in bounds. Address length(scratch, ObjectElements::offsetOfLength()); masm.spectreBoundsCheck32(index, length, spectreScratch, /* failure = */ failure->label()); masm.bind(&success); return true; } bool CacheIRCompiler::emitGuardTagNotEqual(ValueTagOperandId lhsId, ValueTagOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.branch32(Assembler::Equal, lhs, rhs, failure->label()); // If both lhs and rhs are numbers, can't use tag comparison to do inequality // comparison masm.branchTestNumber(Assembler::NotEqual, lhs, &done); masm.branchTestNumber(Assembler::NotEqual, rhs, &done); masm.jump(failure->label()); masm.bind(&done); return true; } bool CacheIRCompiler::emitGuardXrayExpandoShapeAndDefaultProto( ObjOperandId objId, uint32_t shapeWrapperOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); StubFieldOffset shapeWrapper(shapeWrapperOffset, StubField::Type::JSObject); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), scratch); Address holderAddress(scratch, sizeof(Value) * GetXrayJitInfo()->xrayHolderSlot); Address expandoAddress(scratch, NativeObject::getFixedSlotOffset( GetXrayJitInfo()->holderExpandoSlot)); masm.fallibleUnboxObject(holderAddress, scratch, failure->label()); masm.fallibleUnboxObject(expandoAddress, scratch, failure->label()); // Unwrap the expando before checking its shape. masm.loadPtr(Address(scratch, ProxyObject::offsetOfReservedSlots()), scratch); masm.unboxObject( Address(scratch, js::detail::ProxyReservedSlots::offsetOfPrivateSlot()), scratch); emitLoadStubField(shapeWrapper, scratch2); LoadShapeWrapperContents(masm, scratch2, scratch2, failure->label()); masm.branchTestObjShape(Assembler::NotEqual, scratch, scratch2, scratch3, scratch, failure->label()); // The reserved slots on the expando should all be in fixed slots. Address protoAddress(scratch, NativeObject::getFixedSlotOffset( GetXrayJitInfo()->expandoProtoSlot)); masm.branchTestUndefined(Assembler::NotEqual, protoAddress, failure->label()); return true; } bool CacheIRCompiler::emitGuardXrayNoExpando(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadPtr(Address(obj, ProxyObject::offsetOfReservedSlots()), scratch); Address holderAddress(scratch, sizeof(Value) * GetXrayJitInfo()->xrayHolderSlot); Address expandoAddress(scratch, NativeObject::getFixedSlotOffset( GetXrayJitInfo()->holderExpandoSlot)); Label done; masm.fallibleUnboxObject(holderAddress, scratch, &done); masm.branchTestObject(Assembler::Equal, expandoAddress, failure->label()); masm.bind(&done); return true; } bool CacheIRCompiler::emitGuardNoAllocationMetadataBuilder( uint32_t builderAddrOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } StubFieldOffset builderField(builderAddrOffset, StubField::Type::RawPointer); emitLoadStubField(builderField, scratch); masm.branchPtr(Assembler::NotEqual, Address(scratch, 0), ImmWord(0), failure->label()); return true; } bool CacheIRCompiler::emitGuardFunctionHasJitEntry(ObjOperandId funId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register fun = allocator.useRegister(masm, funId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfFunctionHasNoJitEntry(fun, failure->label()); return true; } bool CacheIRCompiler::emitGuardFunctionHasNoJitEntry(ObjOperandId funId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, funId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfFunctionHasJitEntry(obj, failure->label()); return true; } bool CacheIRCompiler::emitGuardFunctionIsNonBuiltinCtor(ObjOperandId funId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register fun = allocator.useRegister(masm, funId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfNotFunctionIsNonBuiltinCtor(fun, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardFunctionIsConstructor(ObjOperandId funId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register funcReg = allocator.useRegister(masm, funId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Ensure obj is a constructor masm.branchTestFunctionFlags(funcReg, FunctionFlags::CONSTRUCTOR, Assembler::Zero, failure->label()); return true; } bool CacheIRCompiler::emitGuardNotClassConstructor(ObjOperandId funId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register fun = allocator.useRegister(masm, funId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchFunctionKind(Assembler::Equal, FunctionFlags::ClassConstructor, fun, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardArrayIsPacked(ObjOperandId arrayId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register array = allocator.useRegister(masm, arrayId); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchArrayIsNotPacked(array, scratch, scratch2, failure->label()); return true; } bool CacheIRCompiler::emitGuardArgumentsObjectFlags(ObjOperandId objId, uint8_t flags) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchTestArgumentsObjectFlags(obj, scratch, flags, Assembler::NonZero, failure->label()); return true; } bool CacheIRCompiler::emitLoadDenseElementHoleResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Make sure the index is nonnegative. masm.branch32(Assembler::LessThan, index, Imm32(0), failure->label()); // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch1); // Guard on the initialized length. Label hole; Address initLength(scratch1, ObjectElements::offsetOfInitializedLength()); masm.spectreBoundsCheck32(index, initLength, scratch2, &hole); // Load the value. Label done; masm.loadValue(BaseObjectElementIndex(scratch1, index), output.valueReg()); masm.branchTestMagic(Assembler::NotEqual, output.valueReg(), &done); // Load undefined for the hole. masm.bind(&hole); masm.moveValue(UndefinedValue(), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadTypedArrayElementExistsResult( ObjOperandId objId, IntPtrOperandId indexId, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Maybe<AutoScratchRegister> scratch2; if (viewKind == ArrayBufferViewKind::Resizable) { scratch2.emplace(allocator, masm); } Label outOfBounds, done; // Bounds check. if (viewKind == ArrayBufferViewKind::FixedLength) { masm.loadArrayBufferViewLengthIntPtr(obj, scratch); } else { // Bounds check doesn't require synchronization. See IsValidIntegerIndex // abstract operation which reads the underlying buffer byte length using // "unordered" memory order. auto sync = Synchronization::None(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch, *scratch2); } masm.branchPtr(Assembler::BelowOrEqual, scratch, index, &outOfBounds); EmitStoreBoolean(masm, true, output); masm.jump(&done); masm.bind(&outOfBounds); EmitStoreBoolean(masm, false, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadDenseElementExistsResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); // Bounds check. Unsigned compare sends negative indices to next IC. Address initLength(scratch, ObjectElements::offsetOfInitializedLength()); masm.branch32(Assembler::BelowOrEqual, initLength, index, failure->label()); // Hole check. BaseObjectElementIndex element(scratch, index); masm.branchTestMagic(Assembler::Equal, element, failure->label()); EmitStoreBoolean(masm, true, output); return true; } bool CacheIRCompiler::emitLoadDenseElementHoleExistsResult( ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Make sure the index is nonnegative. masm.branch32(Assembler::LessThan, index, Imm32(0), failure->label()); // Load obj->elements. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); // Guard on the initialized length. Label hole; Address initLength(scratch, ObjectElements::offsetOfInitializedLength()); masm.branch32(Assembler::BelowOrEqual, initLength, index, &hole); // Load value and replace with true. Label done; BaseObjectElementIndex element(scratch, index); masm.branchTestMagic(Assembler::Equal, element, &hole); EmitStoreBoolean(masm, true, output); masm.jump(&done); // Load false for the hole. masm.bind(&hole); EmitStoreBoolean(masm, false, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitPackedArrayPopResult(ObjOperandId arrayId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register array = allocator.useRegister(masm, arrayId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.packedArrayPop(array, output.valueReg(), scratch1, scratch2, failure->label()); return true; } bool CacheIRCompiler::emitPackedArrayShiftResult(ObjOperandId arrayId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register array = allocator.useRegister(masm, arrayId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.packedArrayShift(array, output.valueReg(), scratch1, scratch2, liveVolatileRegs(), failure->label()); return true; } bool CacheIRCompiler::emitIsObjectResult(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); ValueOperand val = allocator.useValueRegister(masm, inputId); masm.testObjectSet(Assembler::Equal, val, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitIsPackedArrayResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch(allocator, masm); Register outputScratch = output.valueReg().scratchReg(); masm.setIsPackedArray(obj, outputScratch, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, outputScratch, output.valueReg()); return true; } bool CacheIRCompiler::emitIsCallableResult(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); ValueOperand val = allocator.useValueRegister(masm, inputId); Label isObject, done; masm.branchTestObject(Assembler::Equal, val, &isObject); // Primitives are never callable. masm.move32(Imm32(0), scratch2); masm.jump(&done); masm.bind(&isObject); masm.unboxObject(val, scratch1); Label isProxy; masm.isCallable(scratch1, scratch2, &isProxy); masm.jump(&done); masm.bind(&isProxy); { LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSObject* obj); masm.setupUnalignedABICall(scratch2); masm.passABIArg(scratch1); masm.callWithABI<Fn, ObjectIsCallable>(); masm.storeCallBoolResult(scratch2); LiveRegisterSet ignore; ignore.add(scratch2); masm.PopRegsInMaskIgnore(volatileRegs, ignore); } masm.bind(&done); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitIsConstructorResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); Label isProxy, done; masm.isConstructor(obj, scratch, &isProxy); masm.jump(&done); masm.bind(&isProxy); { LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSObject* obj); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, ObjectIsConstructor>(); masm.storeCallBoolResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(volatileRegs, ignore); } masm.bind(&done); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitIsCrossRealmArrayConstructorResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); masm.setIsCrossRealmArrayConstructor(obj, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitArrayBufferViewByteOffsetInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArrayBufferViewByteOffsetIntPtr(obj, scratch); masm.guardNonNegativeIntPtrToInt32(scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitArrayBufferViewByteOffsetDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); ScratchDoubleScope fpscratch(masm); masm.loadArrayBufferViewByteOffsetIntPtr(obj, scratch); masm.convertIntPtrToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler:: emitResizableTypedArrayByteOffsetMaybeOutOfBoundsInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadResizableTypedArrayByteOffsetMaybeOutOfBoundsIntPtr(obj, scratch1, scratch2); masm.guardNonNegativeIntPtrToInt32(scratch1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler:: emitResizableTypedArrayByteOffsetMaybeOutOfBoundsDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); ScratchDoubleScope fpscratch(masm); masm.loadResizableTypedArrayByteOffsetMaybeOutOfBoundsIntPtr(obj, scratch1, scratch2); masm.convertIntPtrToDouble(scratch1, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitTypedArrayByteLengthInt32Result(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadArrayBufferViewLengthIntPtr(obj, scratch1); masm.guardNonNegativeIntPtrToInt32(scratch1, failure->label()); masm.typedArrayElementSize(obj, scratch2); masm.branchMul32(Assembler::Overflow, scratch2.get(), scratch1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitTypedArrayByteLengthDoubleResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); masm.loadArrayBufferViewLengthIntPtr(obj, scratch1); masm.typedArrayElementSize(obj, scratch2); masm.mulPtr(scratch2, scratch1); ScratchDoubleScope fpscratch(masm); masm.convertIntPtrToDouble(scratch1, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitResizableTypedArrayByteLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch1, scratch2); masm.guardNonNegativeIntPtrToInt32(scratch1, failure->label()); masm.typedArrayElementSize(obj, scratch2); masm.branchMul32(Assembler::Overflow, scratch2.get(), scratch1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitResizableTypedArrayByteLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch1, scratch2); masm.typedArrayElementSize(obj, scratch2); masm.mulPtr(scratch2, scratch1); ScratchDoubleScope fpscratch(masm); masm.convertIntPtrToDouble(scratch1, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitResizableTypedArrayLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Explicit |length| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch1, scratch2); masm.guardNonNegativeIntPtrToInt32(scratch1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitResizableTypedArrayLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); // Explicit |length| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch1, scratch2); ScratchDoubleScope fpscratch(masm); masm.convertIntPtrToDouble(scratch1, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitTypedArrayElementSizeResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); masm.typedArrayElementSize(obj, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitResizableDataViewByteLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableDataViewByteLengthIntPtr(sync, obj, scratch1, scratch2); masm.guardNonNegativeIntPtrToInt32(scratch1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitResizableDataViewByteLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Register obj = allocator.useRegister(masm, objId); // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadResizableDataViewByteLengthIntPtr(sync, obj, scratch1, scratch2); ScratchDoubleScope fpscratch(masm); masm.convertIntPtrToDouble(scratch1, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitGrowableSharedArrayBufferByteLengthInt32Result( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadGrowableSharedArrayBufferByteLengthIntPtr(sync, obj, scratch); masm.guardNonNegativeIntPtrToInt32(scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitGrowableSharedArrayBufferByteLengthDoubleResult( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); // Explicit |byteLength| accesses are seq-consistent atomic loads. auto sync = Synchronization::Load(); masm.loadGrowableSharedArrayBufferByteLengthIntPtr(sync, obj, scratch); ScratchDoubleScope fpscratch(masm); masm.convertIntPtrToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); return true; } bool CacheIRCompiler::emitGuardHasAttachedArrayBuffer(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfHasDetachedArrayBuffer(obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardResizableArrayBufferViewInBounds( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfResizableArrayBufferViewOutOfBounds(obj, scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardResizableArrayBufferViewInBoundsOrDetached( ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); Register obj = allocator.useRegister(masm, objId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; masm.branchIfResizableArrayBufferViewInBounds(obj, scratch, &done); masm.branchIfHasAttachedArrayBuffer(obj, scratch, failure->label()); masm.bind(&done); return true; } bool CacheIRCompiler::emitIsTypedArrayConstructorResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); masm.setIsDefinitelyTypedArrayConstructor(obj, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitGetNextMapSetEntryForIteratorResult( ObjOperandId iterId, ObjOperandId resultArrId, bool isMap) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register iter = allocator.useRegister(masm, iterId); Register resultArr = allocator.useRegister(masm, resultArrId); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(output.valueReg()); save.takeUnchecked(scratch); masm.PushRegsInMask(save); masm.setupUnalignedABICall(scratch); masm.passABIArg(iter); masm.passABIArg(resultArr); if (isMap) { using Fn = bool (*)(MapIteratorObject* iter, ArrayObject* resultPairObj); masm.callWithABI<Fn, MapIteratorObject::next>(); } else { using Fn = bool (*)(SetIteratorObject* iter, ArrayObject* resultObj); masm.callWithABI<Fn, SetIteratorObject::next>(); } masm.storeCallBoolResult(scratch); masm.PopRegsInMask(save); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } void CacheIRCompiler::emitActivateIterator(Register objBeingIterated, Register iterObject, Register nativeIter, Register scratch, Register scratch2, uint32_t enumeratorsAddrOffset) { // 'objectBeingIterated_' must be nullptr, so we don't need a pre-barrier. Address iterObjAddr(nativeIter, NativeIterator::offsetOfObjectBeingIterated()); #ifdef DEBUG Label ok; masm.branchPtr(Assembler::Equal, iterObjAddr, ImmPtr(nullptr), &ok); masm.assumeUnreachable("iterator with non-null object"); masm.bind(&ok); #endif // Mark iterator as active. Address iterFlagsAddr(nativeIter, NativeIterator::offsetOfFlagsAndCount()); masm.storePtr(objBeingIterated, iterObjAddr); masm.or32(Imm32(NativeIterator::Flags::Active), iterFlagsAddr); // Post-write barrier for stores to 'objectBeingIterated_'. emitPostBarrierSlot( iterObject, TypedOrValueRegister(MIRType::Object, AnyRegister(objBeingIterated)), scratch); // Chain onto the active iterator stack. StubFieldOffset enumeratorsAddr(enumeratorsAddrOffset, StubField::Type::RawPointer); emitLoadStubField(enumeratorsAddr, scratch); masm.registerIterator(scratch, nativeIter, scratch2); } bool CacheIRCompiler::emitObjectToIteratorResult( ObjOperandId objId, uint32_t enumeratorsAddrOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister iterObj(allocator, masm); AutoScratchRegister scratch(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, callvm.output()); AutoScratchRegisterMaybeOutputType scratch3(allocator, masm, callvm.output()); Label callVM, done; masm.maybeLoadIteratorFromShape(obj, iterObj, scratch, scratch2, scratch3, &callVM); masm.loadPrivate( Address(iterObj, PropertyIteratorObject::offsetOfIteratorSlot()), scratch); emitActivateIterator(obj, iterObj, scratch, scratch2, scratch3, enumeratorsAddrOffset); masm.jump(&done); masm.bind(&callVM); callvm.prepare(); masm.Push(obj); using Fn = PropertyIteratorObject* (*)(JSContext*, HandleObject); callvm.call<Fn, GetIterator>(); masm.storeCallPointerResult(iterObj); masm.bind(&done); EmitStoreResult(masm, iterObj, JSVAL_TYPE_OBJECT, callvm.output()); return true; } bool CacheIRCompiler::emitValueToIteratorResult(ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); using Fn = PropertyIteratorObject* (*)(JSContext*, HandleValue); callvm.call<Fn, ValueToIterator>(); return true; } bool CacheIRCompiler::emitNewArrayIteratorResult( uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); callvm.prepare(); using Fn = ArrayIteratorObject* (*)(JSContext*); callvm.call<Fn, NewArrayIterator>(); return true; } bool CacheIRCompiler::emitNewStringIteratorResult( uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); callvm.prepare(); using Fn = StringIteratorObject* (*)(JSContext*); callvm.call<Fn, NewStringIterator>(); return true; } bool CacheIRCompiler::emitNewRegExpStringIteratorResult( uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); callvm.prepare(); using Fn = RegExpStringIteratorObject* (*)(JSContext*); callvm.call<Fn, NewRegExpStringIterator>(); return true; } bool CacheIRCompiler::emitObjectCreateResult(uint32_t templateObjectOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); StubFieldOffset objectField(templateObjectOffset, StubField::Type::JSObject); emitLoadStubField(objectField, scratch); callvm.prepare(); masm.Push(scratch); using Fn = PlainObject* (*)(JSContext*, Handle<PlainObject*>); callvm.call<Fn, ObjectCreateWithTemplate>(); return true; } bool CacheIRCompiler::emitObjectKeysResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); // Our goal is only to record calls to Object.keys, to elide it when // partially used, not to provide an alternative implementation. { callvm.prepare(); masm.Push(obj); using Fn = JSObject* (*)(JSContext*, HandleObject); callvm.call<Fn, jit::ObjectKeys>(); } return true; } bool CacheIRCompiler::emitNewArrayFromLengthResult( uint32_t templateObjectOffset, Int32OperandId lengthId, uint32_t siteOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); Register length = allocator.useRegister(masm, lengthId); StubFieldOffset objectField(templateObjectOffset, StubField::Type::JSObject); emitLoadStubField(objectField, scratch); StubFieldOffset siteField(siteOffset, StubField::Type::AllocSite); emitLoadStubField(siteField, scratch2); callvm.prepare(); masm.Push(scratch2); masm.Push(length); masm.Push(scratch); using Fn = ArrayObject* (*)(JSContext*, Handle<ArrayObject*>, int32_t, gc::AllocSite*); callvm.call<Fn, ArrayConstructorOneArg>(); return true; } bool CacheIRCompiler::emitNewTypedArrayFromLengthResult( uint32_t templateObjectOffset, Int32OperandId lengthId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); Register length = allocator.useRegister(masm, lengthId); StubFieldOffset objectField(templateObjectOffset, StubField::Type::JSObject); emitLoadStubField(objectField, scratch); callvm.prepare(); masm.Push(length); masm.Push(scratch); using Fn = TypedArrayObject* (*)(JSContext*, HandleObject, int32_t length); callvm.call<Fn, NewTypedArrayWithTemplateAndLength>(); return true; } bool CacheIRCompiler::emitNewTypedArrayFromArrayBufferResult( uint32_t templateObjectOffset, ObjOperandId bufferId, ValOperandId byteOffsetId, ValOperandId lengthId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); #ifdef JS_CODEGEN_X86 MOZ_CRASH("Instruction not supported on 32-bit x86, not enough registers"); #endif AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); Register buffer = allocator.useRegister(masm, bufferId); ValueOperand byteOffset = allocator.useValueRegister(masm, byteOffsetId); ValueOperand length = allocator.useValueRegister(masm, lengthId); StubFieldOffset objectField(templateObjectOffset, StubField::Type::JSObject); emitLoadStubField(objectField, scratch); callvm.prepare(); masm.Push(length); masm.Push(byteOffset); masm.Push(buffer); masm.Push(scratch); using Fn = TypedArrayObject* (*)(JSContext*, HandleObject, HandleObject, HandleValue, HandleValue); callvm.call<Fn, NewTypedArrayWithTemplateAndBuffer>(); return true; } bool CacheIRCompiler::emitNewTypedArrayFromArrayResult( uint32_t templateObjectOffset, ObjOperandId arrayId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); Register array = allocator.useRegister(masm, arrayId); StubFieldOffset objectField(templateObjectOffset, StubField::Type::JSObject); emitLoadStubField(objectField, scratch); callvm.prepare(); masm.Push(array); masm.Push(scratch); using Fn = TypedArrayObject* (*)(JSContext*, HandleObject, HandleObject); callvm.call<Fn, NewTypedArrayWithTemplateAndArray>(); return true; } bool CacheIRCompiler::emitAddSlotAndCallAddPropHook(ObjOperandId objId, ValOperandId rhsId, uint32_t newShapeOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); AutoScratchRegister scratch(allocator, masm); Register obj = allocator.useRegister(masm, objId); ValueOperand rhs = allocator.useValueRegister(masm, rhsId); StubFieldOffset shapeField(newShapeOffset, StubField::Type::Shape); emitLoadStubField(shapeField, scratch); callvm.prepare(); masm.Push(scratch); masm.Push(rhs); masm.Push(obj); using Fn = bool (*)(JSContext*, Handle<NativeObject*>, HandleValue, Handle<Shape*>); callvm.callNoResult<Fn, AddSlotAndCallAddPropHook>(); return true; } bool CacheIRCompiler::emitMathAbsInt32Result(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register input = allocator.useRegister(masm, inputId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.mov(input, scratch); // Don't negate already positive values. Label positive; masm.branchTest32(Assembler::NotSigned, scratch, scratch, &positive); // neg32 might overflow for INT_MIN. masm.branchNeg32(Assembler::Overflow, scratch, failure->label()); masm.bind(&positive); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathAbsNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); masm.absDouble(scratch, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } bool CacheIRCompiler::emitMathClz32Result(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register input = allocator.useRegister(masm, inputId); masm.clz32(input, scratch, /* knownNotZero = */ false); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathSignInt32Result(Int32OperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register input = allocator.useRegister(masm, inputId); masm.signInt32(input, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathSignNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch1(*this, FloatReg0); AutoAvailableFloatRegister floatScratch2(*this, FloatReg1); allocator.ensureDoubleRegister(masm, inputId, floatScratch1); masm.signDouble(floatScratch1, floatScratch2); masm.boxDouble(floatScratch2, output.valueReg(), floatScratch2); return true; } bool CacheIRCompiler::emitMathSignNumberToInt32Result(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch1(*this, FloatReg0); AutoAvailableFloatRegister floatScratch2(*this, FloatReg1); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, inputId, floatScratch1); masm.signDoubleToInt32(floatScratch1, scratch, floatScratch2, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathImulResult(Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); masm.mov(lhs, scratch); masm.mul32(rhs, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathSqrtNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); masm.sqrtDouble(scratch, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } bool CacheIRCompiler::emitMathFloorNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); if (Assembler::HasRoundInstruction(RoundingMode::Down)) { masm.nearbyIntDouble(RoundingMode::Down, scratch, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } return emitMathFunctionNumberResultShared(UnaryMathFunction::Floor, scratch, output.valueReg()); } bool CacheIRCompiler::emitMathCeilNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); if (Assembler::HasRoundInstruction(RoundingMode::Up)) { masm.nearbyIntDouble(RoundingMode::Up, scratch, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } return emitMathFunctionNumberResultShared(UnaryMathFunction::Ceil, scratch, output.valueReg()); } bool CacheIRCompiler::emitMathTruncNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); if (Assembler::HasRoundInstruction(RoundingMode::TowardsZero)) { masm.nearbyIntDouble(RoundingMode::TowardsZero, scratch, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } return emitMathFunctionNumberResultShared(UnaryMathFunction::Trunc, scratch, output.valueReg()); } bool CacheIRCompiler::emitMathFRoundNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); FloatRegister scratchFloat32 = scratch.get().asSingle(); allocator.ensureDoubleRegister(masm, inputId, scratch); masm.convertDoubleToFloat32(scratch, scratchFloat32); masm.convertFloat32ToDouble(scratchFloat32, scratch); masm.boxDouble(scratch, output.valueReg(), scratch); return true; } bool CacheIRCompiler::emitMathF16RoundNumberResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, floatScratch); if (MacroAssembler::SupportsFloat64To16()) { masm.convertDoubleToFloat16(floatScratch, floatScratch); masm.convertFloat16ToDouble(floatScratch, floatScratch); } else { LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(floatScratch); masm.PushRegsInMask(save); using Fn = double (*)(double); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch, ABIType::Float64); masm.callWithABI<Fn, js::RoundFloat16>(ABIType::Float64); masm.storeCallFloatResult(floatScratch); masm.PopRegsInMask(save); } masm.boxDouble(floatScratch, output.valueReg(), floatScratch); return true; } bool CacheIRCompiler::emitMathHypot2NumberResult(NumberOperandId first, NumberOperandId second) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, first, floatScratch0); allocator.ensureDoubleRegister(masm, second, floatScratch1); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double x, double y); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.callWithABI<Fn, ecmaHypot>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitMathHypot3NumberResult(NumberOperandId first, NumberOperandId second, NumberOperandId third) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); AutoAvailableFloatRegister floatScratch2(*this, FloatReg2); allocator.ensureDoubleRegister(masm, first, floatScratch0); allocator.ensureDoubleRegister(masm, second, floatScratch1); allocator.ensureDoubleRegister(masm, third, floatScratch2); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double x, double y, double z); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.passABIArg(floatScratch2, ABIType::Float64); masm.callWithABI<Fn, hypot3>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitMathHypot4NumberResult(NumberOperandId first, NumberOperandId second, NumberOperandId third, NumberOperandId fourth) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); AutoAvailableFloatRegister floatScratch2(*this, FloatReg2); AutoAvailableFloatRegister floatScratch3(*this, FloatReg3); allocator.ensureDoubleRegister(masm, first, floatScratch0); allocator.ensureDoubleRegister(masm, second, floatScratch1); allocator.ensureDoubleRegister(masm, third, floatScratch2); allocator.ensureDoubleRegister(masm, fourth, floatScratch3); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double x, double y, double z, double w); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.passABIArg(floatScratch2, ABIType::Float64); masm.passABIArg(floatScratch3, ABIType::Float64); masm.callWithABI<Fn, hypot4>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitMathAtan2NumberResult(NumberOperandId yId, NumberOperandId xId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); allocator.ensureDoubleRegister(masm, yId, floatScratch0); allocator.ensureDoubleRegister(masm, xId, floatScratch1); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = double (*)(double x, double y); masm.setupUnalignedABICall(scratch); masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(floatScratch1, ABIType::Float64); masm.callWithABI<Fn, js::ecmaAtan2>(ABIType::Float64); masm.storeCallFloatResult(floatScratch0); LiveRegisterSet ignore; ignore.add(floatScratch0); masm.PopRegsInMaskIgnore(save, ignore); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); return true; } bool CacheIRCompiler::emitMathFloorToInt32Result(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, inputId, scratchFloat); masm.floorDoubleToInt32(scratchFloat, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathCeilToInt32Result(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, inputId, scratchFloat); masm.ceilDoubleToInt32(scratchFloat, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathTruncToInt32Result(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, inputId, scratchFloat); masm.truncDoubleToInt32(scratchFloat, scratch, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMathRoundToInt32Result(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister scratchFloat0(*this, FloatReg0); AutoAvailableFloatRegister scratchFloat1(*this, FloatReg1); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, inputId, scratchFloat0); masm.roundDoubleToInt32(scratchFloat0, scratch, scratchFloat1, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitInt32MinMax(bool isMax, Int32OperandId firstId, Int32OperandId secondId, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register first = allocator.useRegister(masm, firstId); Register second = allocator.useRegister(masm, secondId); Register result = allocator.defineRegister(masm, resultId); Assembler::Condition cond = isMax ? Assembler::GreaterThan : Assembler::LessThan; masm.move32(first, result); masm.cmp32Move32(cond, second, first, second, result); return true; } bool CacheIRCompiler::emitNumberMinMax(bool isMax, NumberOperandId firstId, NumberOperandId secondId, NumberOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand output = allocator.defineValueRegister(masm, resultId); AutoAvailableFloatRegister scratch1(*this, FloatReg0); AutoAvailableFloatRegister scratch2(*this, FloatReg1); allocator.ensureDoubleRegister(masm, firstId, scratch1); allocator.ensureDoubleRegister(masm, secondId, scratch2); if (isMax) { masm.maxDouble(scratch2, scratch1, /* handleNaN = */ true); } else { masm.minDouble(scratch2, scratch1, /* handleNaN = */ true); } masm.boxDouble(scratch1, output, scratch1); return true; } bool CacheIRCompiler::emitInt32MinMaxArrayResult(ObjOperandId arrayId, bool isMax) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register array = allocator.useRegister(masm, arrayId); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegisterMaybeOutputType scratch3(allocator, masm, output); AutoScratchRegisterMaybeOutput result(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.minMaxArrayInt32(array, result, scratch, scratch2, scratch3, isMax, failure->label()); masm.tagValue(JSVAL_TYPE_INT32, result, output.valueReg()); return true; } bool CacheIRCompiler::emitNumberMinMaxArrayResult(ObjOperandId arrayId, bool isMax) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register array = allocator.useRegister(masm, arrayId); AutoAvailableFloatRegister result(*this, FloatReg0); AutoAvailableFloatRegister floatScratch(*this, FloatReg1); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.minMaxArrayNumber(array, result, floatScratch, scratch1, scratch2, isMax, failure->label()); masm.boxDouble(result, output.valueReg(), result); return true; } bool CacheIRCompiler::emitMathFunctionNumberResultShared( UnaryMathFunction fun, FloatRegister inputScratch, ValueOperand output) { UnaryMathFunctionType funPtr = GetUnaryMathFunctionPtr(fun); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(inputScratch); masm.PushRegsInMask(save); masm.setupUnalignedABICall(output.scratchReg()); masm.passABIArg(inputScratch, ABIType::Float64); masm.callWithABI(DynamicFunction<UnaryMathFunctionType>(funPtr), ABIType::Float64); masm.storeCallFloatResult(inputScratch); masm.PopRegsInMask(save); masm.boxDouble(inputScratch, output, inputScratch); return true; } bool CacheIRCompiler::emitMathFunctionNumberResult(NumberOperandId inputId, UnaryMathFunction fun) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister scratch(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, scratch); return emitMathFunctionNumberResultShared(fun, scratch, output.valueReg()); } static void EmitStoreDenseElement(MacroAssembler& masm, const ConstantOrRegister& value, BaseObjectElementIndex target) { if (value.constant()) { Value v = value.value(); masm.storeValue(v, target); return; } TypedOrValueRegister reg = value.reg(); masm.storeTypedOrValue(reg, target); } bool CacheIRCompiler::emitStoreDenseElement(ObjOperandId objId, Int32OperandId indexId, ValOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); ConstantOrRegister val = allocator.useConstantOrRegister(masm, rhsId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements in scratch. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); // Bounds check. Unfortunately we don't have more registers available on // x86, so use InvalidReg and emit slightly slower code on x86. Register spectreTemp = InvalidReg; Address initLength(scratch, ObjectElements::offsetOfInitializedLength()); masm.spectreBoundsCheck32(index, initLength, spectreTemp, failure->label()); // Hole check. BaseObjectElementIndex element(scratch, index); masm.branchTestMagic(Assembler::Equal, element, failure->label()); // Perform the store. EmitPreBarrier(masm, element, MIRType::Value); EmitStoreDenseElement(masm, val, element); emitPostBarrierElement(obj, val, scratch, index); return true; } static void EmitAssertExtensibleElements(MacroAssembler& masm, Register elementsReg) { #ifdef DEBUG // Preceding shape guards ensure the object elements are extensible. Address elementsFlags(elementsReg, ObjectElements::offsetOfFlags()); Label ok; masm.branchTest32(Assembler::Zero, elementsFlags, Imm32(ObjectElements::Flags::NOT_EXTENSIBLE), &ok); masm.assumeUnreachable("Unexpected non-extensible elements"); masm.bind(&ok); #endif } static void EmitAssertWritableArrayLengthElements(MacroAssembler& masm, Register elementsReg) { #ifdef DEBUG // Preceding shape guards ensure the array length is writable. Address elementsFlags(elementsReg, ObjectElements::offsetOfFlags()); Label ok; masm.branchTest32(Assembler::Zero, elementsFlags, Imm32(ObjectElements::Flags::NONWRITABLE_ARRAY_LENGTH), &ok); masm.assumeUnreachable("Unexpected non-writable array length elements"); masm.bind(&ok); #endif } bool CacheIRCompiler::emitStoreDenseElementHole(ObjOperandId objId, Int32OperandId indexId, ValOperandId rhsId, bool handleAdd) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); ConstantOrRegister val = allocator.useConstantOrRegister(masm, rhsId); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements in scratch. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); EmitAssertExtensibleElements(masm, scratch); if (handleAdd) { EmitAssertWritableArrayLengthElements(masm, scratch); } BaseObjectElementIndex element(scratch, index); Address initLength(scratch, ObjectElements::offsetOfInitializedLength()); Address elementsFlags(scratch, ObjectElements::offsetOfFlags()); // We don't have enough registers on x86 so use InvalidReg. This will emit // slightly less efficient code on x86. Register spectreTemp = InvalidReg; Label storeSkipPreBarrier; if (handleAdd) { // Bounds check. Label inBounds, outOfBounds; masm.spectreBoundsCheck32(index, initLength, spectreTemp, &outOfBounds); masm.jump(&inBounds); // If we're out-of-bounds, only handle the index == initLength case. masm.bind(&outOfBounds); masm.branch32(Assembler::NotEqual, initLength, index, failure->label()); // If index < capacity, we can add a dense element inline. If not we // need to allocate more elements. Label allocElement, addNewElement; Address capacity(scratch, ObjectElements::offsetOfCapacity()); masm.spectreBoundsCheck32(index, capacity, spectreTemp, &allocElement); masm.jump(&addNewElement); masm.bind(&allocElement); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(scratch); masm.PushRegsInMask(save); using Fn = bool (*)(JSContext* cx, NativeObject* obj); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, NativeObject::addDenseElementPure>(); masm.storeCallPointerResult(scratch); masm.PopRegsInMask(save); masm.branchIfFalseBool(scratch, failure->label()); // Load the reallocated elements pointer. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); masm.bind(&addNewElement); // Increment initLength. masm.add32(Imm32(1), initLength); // If length is now <= index, increment length too. Label skipIncrementLength; Address length(scratch, ObjectElements::offsetOfLength()); masm.branch32(Assembler::Above, length, index, &skipIncrementLength); masm.add32(Imm32(1), length); masm.bind(&skipIncrementLength); // Skip EmitPreBarrier as the memory is uninitialized. masm.jump(&storeSkipPreBarrier); masm.bind(&inBounds); } else { // Fail if index >= initLength. masm.spectreBoundsCheck32(index, initLength, spectreTemp, failure->label()); } EmitPreBarrier(masm, element, MIRType::Value); masm.bind(&storeSkipPreBarrier); EmitStoreDenseElement(masm, val, element); emitPostBarrierElement(obj, val, scratch, index); return true; } bool CacheIRCompiler::emitArrayPush(ObjOperandId objId, ValOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); ValueOperand val = allocator.useValueRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratchLength(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Load obj->elements in scratch. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); EmitAssertExtensibleElements(masm, scratch); EmitAssertWritableArrayLengthElements(masm, scratch); Address elementsInitLength(scratch, ObjectElements::offsetOfInitializedLength()); Address elementsLength(scratch, ObjectElements::offsetOfLength()); Address capacity(scratch, ObjectElements::offsetOfCapacity()); // Fail if length != initLength. masm.load32(elementsInitLength, scratchLength); masm.branch32(Assembler::NotEqual, elementsLength, scratchLength, failure->label()); // If scratchLength < capacity, we can add a dense element inline. If not we // need to allocate more elements. Label allocElement, addNewElement; masm.spectreBoundsCheck32(scratchLength, capacity, InvalidReg, &allocElement); masm.jump(&addNewElement); masm.bind(&allocElement); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(scratch); masm.PushRegsInMask(save); using Fn = bool (*)(JSContext* cx, NativeObject* obj); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, NativeObject::addDenseElementPure>(); masm.storeCallPointerResult(scratch); masm.PopRegsInMask(save); masm.branchIfFalseBool(scratch, failure->label()); // Load the reallocated elements pointer. masm.loadPtr(Address(obj, NativeObject::offsetOfElements()), scratch); masm.bind(&addNewElement); // Increment initLength and length. masm.add32(Imm32(1), elementsInitLength); masm.add32(Imm32(1), elementsLength); // Store the value. BaseObjectElementIndex element(scratch, scratchLength); masm.storeValue(val, element); emitPostBarrierElement(obj, val, scratch, scratchLength); // Return value is new length. masm.add32(Imm32(1), scratchLength); masm.tagValue(JSVAL_TYPE_INT32, scratchLength, output.valueReg()); return true; } bool CacheIRCompiler::emitStoreTypedArrayElement(ObjOperandId objId, Scalar::Type elementType, IntPtrOperandId indexId, uint32_t rhsId, bool handleOOB, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); Maybe<Register> valInt32; Maybe<Register> valBigInt; switch (elementType) { case Scalar::Int8: case Scalar::Uint8: case Scalar::Int16: case Scalar::Uint16: case Scalar::Int32: case Scalar::Uint32: case Scalar::Uint8Clamped: valInt32.emplace(allocator.useRegister(masm, Int32OperandId(rhsId))); break; case Scalar::Float16: case Scalar::Float32: case Scalar::Float64: allocator.ensureDoubleRegister(masm, NumberOperandId(rhsId), floatScratch0); break; case Scalar::BigInt64: case Scalar::BigUint64: valBigInt.emplace(allocator.useRegister(masm, BigIntOperandId(rhsId))); break; case Scalar::MaxTypedArrayViewType: case Scalar::Int64: case Scalar::Simd128: MOZ_CRASH("Unsupported TypedArray type"); } AutoScratchRegister scratch1(allocator, masm); Maybe<AutoScratchRegister> scratch2; Maybe<AutoSpectreBoundsScratchRegister> spectreScratch; if (Scalar::isBigIntType(elementType) || elementType == Scalar::Float16 || viewKind == ArrayBufferViewKind::Resizable) { scratch2.emplace(allocator, masm); } else { spectreScratch.emplace(allocator, masm); } FailurePath* failure = nullptr; if (!handleOOB) { if (!addFailurePath(&failure)) { return false; } } // Bounds check. Label done; emitTypedArrayBoundsCheck(viewKind, obj, index, scratch1, scratch2, spectreScratch, handleOOB ? &done : failure->label()); // Load the elements vector. masm.loadPtr(Address(obj, ArrayBufferViewObject::dataOffset()), scratch1); BaseIndex dest(scratch1, index, ScaleFromScalarType(elementType)); if (Scalar::isBigIntType(elementType)) { #ifdef JS_PUNBOX64 Register64 temp(scratch2->get()); #else // We don't have more registers available on x86, so spill |obj|. masm.push(obj); Register64 temp(scratch2->get(), obj); #endif masm.loadBigInt64(*valBigInt, temp); masm.storeToTypedBigIntArray(temp, dest); #ifndef JS_PUNBOX64 masm.pop(obj); #endif } else if (Scalar::isFloatingType(elementType)) { Register temp = scratch2 ? scratch2->get() : InvalidReg; masm.storeToTypedFloatArray(elementType, floatScratch0, dest, temp, liveVolatileRegs()); } else { masm.storeToTypedIntArray(elementType, *valInt32, dest); } masm.bind(&done); return true; } void CacheIRCompiler::emitTypedArrayBoundsCheck(ArrayBufferViewKind viewKind, Register obj, Register index, Register scratch, Register maybeScratch, Register spectreScratch, Label* fail) { // |index| must not alias any scratch register. MOZ_ASSERT(index != scratch); MOZ_ASSERT(index != maybeScratch); MOZ_ASSERT(index != spectreScratch); // Use |maybeScratch| when no explicit |spectreScratch| is present. if (spectreScratch == InvalidReg) { spectreScratch = maybeScratch; } if (viewKind == ArrayBufferViewKind::FixedLength) { masm.loadArrayBufferViewLengthIntPtr(obj, scratch); masm.spectreBoundsCheckPtr(index, scratch, spectreScratch, fail); } else { if (maybeScratch == InvalidReg) { // Spill |index| to use it as an additional scratch register. masm.push(index); maybeScratch = index; } // Bounds check doesn't require synchronization. See IsValidIntegerIndex // abstract operation which reads the underlying buffer byte length using // "unordered" memory order. auto sync = Synchronization::None(); masm.loadResizableTypedArrayLengthIntPtr(sync, obj, scratch, maybeScratch); if (maybeScratch == index) { // Restore |index|. masm.pop(index); } masm.spectreBoundsCheckPtr(index, scratch, spectreScratch, fail); } } void CacheIRCompiler::emitTypedArrayBoundsCheck( ArrayBufferViewKind viewKind, Register obj, Register index, Register scratch, mozilla::Maybe<Register> maybeScratch, mozilla::Maybe<Register> spectreScratch, Label* fail) { emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, maybeScratch.valueOr(InvalidReg), spectreScratch.valueOr(InvalidReg), fail); } bool CacheIRCompiler::emitLoadTypedArrayElementResult( ObjOperandId objId, IntPtrOperandId indexId, Scalar::Type elementType, bool handleOOB, bool forceDoubleForUint32, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegister scratch1(allocator, masm); #ifdef JS_PUNBOX64 AutoScratchRegister scratch2(allocator, masm); #else // There are too few registers available on x86, so we may need to reuse the // output's scratch register. AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Bounds check. Label outOfBounds; emitTypedArrayBoundsCheck(viewKind, obj, index, scratch1, scratch2, scratch2, handleOOB ? &outOfBounds : failure->label()); // Allocate BigInt if needed. The code after this should be infallible. Maybe<Register> bigInt; if (Scalar::isBigIntType(elementType)) { bigInt.emplace(output.valueReg().scratchReg()); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(scratch1); save.takeUnchecked(scratch2); save.takeUnchecked(output); gc::Heap initialHeap = InitialBigIntHeap(cx_); EmitAllocateBigInt(masm, *bigInt, scratch1, save, initialHeap, failure->label()); } // Load the elements vector. masm.loadPtr(Address(obj, ArrayBufferViewObject::dataOffset()), scratch1); // Load the value. BaseIndex source(scratch1, index, ScaleFromScalarType(elementType)); if (Scalar::isBigIntType(elementType)) { #ifdef JS_PUNBOX64 Register64 temp(scratch2); #else // We don't have more registers available on x86, so spill |obj| and // additionally use the output's type register. MOZ_ASSERT(output.valueReg().scratchReg() != output.valueReg().typeReg()); masm.push(obj); Register64 temp(output.valueReg().typeReg(), obj); #endif masm.loadFromTypedBigIntArray(elementType, source, output.valueReg(), *bigInt, temp); #ifndef JS_PUNBOX64 masm.pop(obj); #endif } else { MacroAssembler::Uint32Mode uint32Mode = forceDoubleForUint32 ? MacroAssembler::Uint32Mode::ForceDouble : MacroAssembler::Uint32Mode::FailOnDouble; masm.loadFromTypedArray(elementType, source, output.valueReg(), uint32Mode, scratch1, failure->label(), liveVolatileRegs()); } if (handleOOB) { Label done; masm.jump(&done); masm.bind(&outOfBounds); masm.moveValue(UndefinedValue(), output.valueReg()); masm.bind(&done); } return true; } void CacheIRCompiler::emitDataViewBoundsCheck(ArrayBufferViewKind viewKind, size_t byteSize, Register obj, Register offset, Register scratch, Register maybeScratch, Label* fail) { // |offset| must not alias any scratch register. MOZ_ASSERT(offset != scratch); MOZ_ASSERT(offset != maybeScratch); if (viewKind == ArrayBufferViewKind::FixedLength) { masm.loadArrayBufferViewLengthIntPtr(obj, scratch); } else { if (maybeScratch == InvalidReg) { // Spill |offset| to use it as an additional scratch register. masm.push(offset); maybeScratch = offset; } // Bounds check doesn't require synchronization. See GetViewValue and // SetViewValue abstract operations which read the underlying buffer byte // length using "unordered" memory order. auto sync = Synchronization::None(); masm.loadResizableDataViewByteLengthIntPtr(sync, obj, scratch, maybeScratch); if (maybeScratch == offset) { // Restore |offset|. masm.pop(offset); } } // Ensure both offset < length and offset + (byteSize - 1) < length. if (byteSize == 1) { masm.spectreBoundsCheckPtr(offset, scratch, InvalidReg, fail); } else { // temp := length - (byteSize - 1) // if temp < 0: fail // if offset >= temp: fail masm.branchSubPtr(Assembler::Signed, Imm32(byteSize - 1), scratch, fail); masm.spectreBoundsCheckPtr(offset, scratch, InvalidReg, fail); } } bool CacheIRCompiler::emitLoadDataViewValueResult( ObjOperandId objId, IntPtrOperandId offsetId, BooleanOperandId littleEndianId, Scalar::Type elementType, bool forceDoubleForUint32, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register offset = allocator.useRegister(masm, offsetId); Register littleEndian = allocator.useRegister(masm, littleEndianId); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); Register64 outputReg64 = output.valueReg().toRegister64(); Register outputScratch = outputReg64.scratchReg(); Register scratch2; #ifndef JS_CODEGEN_X86 Maybe<AutoScratchRegister> maybeScratch2; if (viewKind == ArrayBufferViewKind::Resizable || (elementType == Scalar::Float16 && !MacroAssembler::SupportsFloat32To16())) { maybeScratch2.emplace(allocator, masm); scratch2 = *maybeScratch2; } #else // Not enough registers on x86, so use the other part of outputReg64. scratch2 = outputReg64.secondScratchReg(); #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } const size_t byteSize = Scalar::byteSize(elementType); emitDataViewBoundsCheck(viewKind, byteSize, obj, offset, outputScratch, scratch2, failure->label()); masm.loadPtr(Address(obj, DataViewObject::dataOffset()), outputScratch); // Load the value. BaseIndex source(outputScratch, offset, TimesOne); switch (elementType) { case Scalar::Int8: masm.load8SignExtend(source, outputScratch); break; case Scalar::Uint8: masm.load8ZeroExtend(source, outputScratch); break; case Scalar::Int16: masm.load16UnalignedSignExtend(source, outputScratch); break; case Scalar::Uint16: case Scalar::Float16: masm.load16UnalignedZeroExtend(source, outputScratch); break; case Scalar::Int32: case Scalar::Uint32: case Scalar::Float32: masm.load32Unaligned(source, outputScratch); break; case Scalar::Float64: case Scalar::BigInt64: case Scalar::BigUint64: masm.load64Unaligned(source, outputReg64); break; case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid typed array type"); } // Swap the bytes in the loaded value. if (byteSize > 1) { Label skip; masm.branch32(MOZ_LITTLE_ENDIAN() ? Assembler::NotEqual : Assembler::Equal, littleEndian, Imm32(0), &skip); switch (elementType) { case Scalar::Int16: masm.byteSwap16SignExtend(outputScratch); break; case Scalar::Uint16: case Scalar::Float16: masm.byteSwap16ZeroExtend(outputScratch); break; case Scalar::Int32: case Scalar::Uint32: case Scalar::Float32: masm.byteSwap32(outputScratch); break; case Scalar::Float64: case Scalar::BigInt64: case Scalar::BigUint64: masm.byteSwap64(outputReg64); break; case Scalar::Int8: case Scalar::Uint8: case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid type"); } masm.bind(&skip); } // Move the value into the output register. switch (elementType) { case Scalar::Int8: case Scalar::Uint8: case Scalar::Int16: case Scalar::Uint16: case Scalar::Int32: masm.tagValue(JSVAL_TYPE_INT32, outputScratch, output.valueReg()); break; case Scalar::Uint32: { MacroAssembler::Uint32Mode uint32Mode = forceDoubleForUint32 ? MacroAssembler::Uint32Mode::ForceDouble : MacroAssembler::Uint32Mode::FailOnDouble; masm.boxUint32(outputScratch, output.valueReg(), uint32Mode, failure->label()); break; } case Scalar::Float16: { FloatRegister scratchFloat32 = floatScratch0.get().asSingle(); masm.moveGPRToFloat16(outputScratch, scratchFloat32, scratch2, liveVolatileRegs()); masm.canonicalizeFloat(scratchFloat32); masm.convertFloat32ToDouble(scratchFloat32, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); break; } case Scalar::Float32: { FloatRegister scratchFloat32 = floatScratch0.get().asSingle(); masm.moveGPRToFloat32(outputScratch, scratchFloat32); masm.canonicalizeFloat(scratchFloat32); masm.convertFloat32ToDouble(scratchFloat32, floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); break; } case Scalar::Float64: masm.moveGPR64ToDouble(outputReg64, floatScratch0); masm.canonicalizeDouble(floatScratch0); masm.boxDouble(floatScratch0, output.valueReg(), floatScratch0); break; case Scalar::BigInt64: case Scalar::BigUint64: { // We need two extra registers. Reuse the obj/littleEndian registers. Register bigInt = obj; Register bigIntScratch = littleEndian; masm.push(bigInt); masm.push(bigIntScratch); Label fail, done; LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(bigInt); save.takeUnchecked(bigIntScratch); gc::Heap initialHeap = InitialBigIntHeap(cx_); EmitAllocateBigInt(masm, bigInt, bigIntScratch, save, initialHeap, &fail); masm.jump(&done); masm.bind(&fail); masm.pop(bigIntScratch); masm.pop(bigInt); masm.jump(failure->label()); masm.bind(&done); masm.initializeBigInt64(elementType, bigInt, outputReg64); masm.tagValue(JSVAL_TYPE_BIGINT, bigInt, output.valueReg()); masm.pop(bigIntScratch); masm.pop(bigInt); break; } case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid typed array type"); } return true; } bool CacheIRCompiler::emitStoreDataViewValueResult( ObjOperandId objId, IntPtrOperandId offsetId, uint32_t valueId, BooleanOperandId littleEndianId, Scalar::Type elementType, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); #ifdef JS_CODEGEN_X86 // Use a scratch register to avoid running out of the registers. Register obj = output.valueReg().typeReg(); allocator.copyToScratchRegister(masm, objId, obj); #else Register obj = allocator.useRegister(masm, objId); #endif Register offset = allocator.useRegister(masm, offsetId); Register littleEndian = allocator.useRegister(masm, littleEndianId); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); Maybe<Register> valInt32; Maybe<Register> valBigInt; switch (elementType) { case Scalar::Int8: case Scalar::Uint8: case Scalar::Int16: case Scalar::Uint16: case Scalar::Int32: case Scalar::Uint32: case Scalar::Uint8Clamped: valInt32.emplace(allocator.useRegister(masm, Int32OperandId(valueId))); break; case Scalar::Float16: case Scalar::Float32: case Scalar::Float64: allocator.ensureDoubleRegister(masm, NumberOperandId(valueId), floatScratch0); break; case Scalar::BigInt64: case Scalar::BigUint64: valBigInt.emplace(allocator.useRegister(masm, BigIntOperandId(valueId))); break; case Scalar::MaxTypedArrayViewType: case Scalar::Int64: case Scalar::Simd128: MOZ_CRASH("Unsupported type"); } Register scratch1 = output.valueReg().scratchReg(); MOZ_ASSERT(scratch1 != obj, "scratchReg must not be typeReg"); // On platforms with enough registers, |scratch2| is an extra scratch register // (pair) used for byte-swapping the value. #ifndef JS_CODEGEN_X86 mozilla::MaybeOneOf<AutoScratchRegister, AutoScratchRegister64> scratch2; switch (elementType) { case Scalar::Int8: case Scalar::Uint8: break; case Scalar::Int16: case Scalar::Uint16: case Scalar::Int32: case Scalar::Uint32: case Scalar::Float16: case Scalar::Float32: scratch2.construct<AutoScratchRegister>(allocator, masm); break; case Scalar::Float64: case Scalar::BigInt64: case Scalar::BigUint64: scratch2.construct<AutoScratchRegister64>(allocator, masm); break; case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid type"); } #endif Register boundsCheckScratch; #ifndef JS_CODEGEN_X86 Maybe<AutoScratchRegister> maybeBoundsCheckScratch; if (viewKind == ArrayBufferViewKind::Resizable) { if (scratch2.constructed<AutoScratchRegister>()) { boundsCheckScratch = scratch2.ref<AutoScratchRegister>().get(); } else if (scratch2.constructed<AutoScratchRegister64>()) { boundsCheckScratch = scratch2.ref<AutoScratchRegister64>().get().scratchReg(); } else { maybeBoundsCheckScratch.emplace(allocator, masm); boundsCheckScratch = *maybeBoundsCheckScratch; } } #else // Not enough registers on x86. #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } const size_t byteSize = Scalar::byteSize(elementType); emitDataViewBoundsCheck(viewKind, byteSize, obj, offset, scratch1, boundsCheckScratch, failure->label()); masm.loadPtr(Address(obj, DataViewObject::dataOffset()), scratch1); BaseIndex dest(scratch1, offset, TimesOne); if (byteSize == 1) { // Byte swapping has no effect, so just do the byte store. masm.store8(*valInt32, dest); masm.moveValue(UndefinedValue(), output.valueReg()); return true; } // On 32-bit x86, |obj| is already a scratch register so use that. If we need // a Register64 we also use the littleEndian register and use the stack // location for the check below. bool pushedLittleEndian = false; #ifdef JS_CODEGEN_X86 if (byteSize == 8) { masm.push(littleEndian); pushedLittleEndian = true; } auto valScratch32 = [&]() -> Register { return obj; }; auto valScratch64 = [&]() -> Register64 { return Register64(obj, littleEndian); }; #else auto valScratch32 = [&]() -> Register { return scratch2.ref<AutoScratchRegister>(); }; auto valScratch64 = [&]() -> Register64 { return scratch2.ref<AutoScratchRegister64>(); }; #endif // Load the value into a gpr register. switch (elementType) { case Scalar::Int16: case Scalar::Uint16: case Scalar::Int32: case Scalar::Uint32: masm.move32(*valInt32, valScratch32()); break; case Scalar::Float16: { FloatRegister scratchFloat32 = floatScratch0.get().asSingle(); masm.convertDoubleToFloat16(floatScratch0, scratchFloat32, valScratch32(), liveVolatileRegs()); masm.canonicalizeFloatIfDeterministic(scratchFloat32); masm.moveFloat16ToGPR(scratchFloat32, valScratch32(), liveVolatileRegs()); break; } case Scalar::Float32: { FloatRegister scratchFloat32 = floatScratch0.get().asSingle(); masm.convertDoubleToFloat32(floatScratch0, scratchFloat32); masm.canonicalizeFloatIfDeterministic(scratchFloat32); masm.moveFloat32ToGPR(scratchFloat32, valScratch32()); break; } case Scalar::Float64: { masm.canonicalizeDoubleIfDeterministic(floatScratch0); masm.moveDoubleToGPR64(floatScratch0, valScratch64()); break; } case Scalar::BigInt64: case Scalar::BigUint64: masm.loadBigInt64(*valBigInt, valScratch64()); break; case Scalar::Int8: case Scalar::Uint8: case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid type"); } // Swap the bytes in the loaded value. Label skip; if (pushedLittleEndian) { masm.branch32(MOZ_LITTLE_ENDIAN() ? Assembler::NotEqual : Assembler::Equal, Address(masm.getStackPointer(), 0), Imm32(0), &skip); } else { masm.branch32(MOZ_LITTLE_ENDIAN() ? Assembler::NotEqual : Assembler::Equal, littleEndian, Imm32(0), &skip); } switch (elementType) { case Scalar::Int16: masm.byteSwap16SignExtend(valScratch32()); break; case Scalar::Uint16: case Scalar::Float16: masm.byteSwap16ZeroExtend(valScratch32()); break; case Scalar::Int32: case Scalar::Uint32: case Scalar::Float32: masm.byteSwap32(valScratch32()); break; case Scalar::Float64: case Scalar::BigInt64: case Scalar::BigUint64: masm.byteSwap64(valScratch64()); break; case Scalar::Int8: case Scalar::Uint8: case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid type"); } masm.bind(&skip); // Store the value. switch (elementType) { case Scalar::Int16: case Scalar::Uint16: case Scalar::Float16: masm.store16Unaligned(valScratch32(), dest); break; case Scalar::Int32: case Scalar::Uint32: case Scalar::Float32: masm.store32Unaligned(valScratch32(), dest); break; case Scalar::Float64: case Scalar::BigInt64: case Scalar::BigUint64: masm.store64Unaligned(valScratch64(), dest); break; case Scalar::Int8: case Scalar::Uint8: case Scalar::Uint8Clamped: default: MOZ_CRASH("Invalid typed array type"); } #ifdef JS_CODEGEN_X86 // Restore registers. if (pushedLittleEndian) { masm.pop(littleEndian); } #endif masm.moveValue(UndefinedValue(), output.valueReg()); return true; } bool CacheIRCompiler::emitStoreFixedSlotUndefinedResult(ObjOperandId objId, uint32_t offsetOffset, ValOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Register obj = allocator.useRegister(masm, objId); ValueOperand val = allocator.useValueRegister(masm, rhsId); StubFieldOffset offset(offsetOffset, StubField::Type::RawInt32); emitLoadStubField(offset, scratch); BaseIndex slot(obj, scratch, TimesOne); EmitPreBarrier(masm, slot, MIRType::Value); masm.storeValue(val, slot); emitPostBarrierSlot(obj, val, scratch); masm.moveValue(UndefinedValue(), output.valueReg()); return true; } bool CacheIRCompiler::emitLoadObjectResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); EmitStoreResult(masm, obj, JSVAL_TYPE_OBJECT, output); return true; } bool CacheIRCompiler::emitLoadStringResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register str = allocator.useRegister(masm, strId); masm.tagValue(JSVAL_TYPE_STRING, str, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadSymbolResult(SymbolOperandId symId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register sym = allocator.useRegister(masm, symId); masm.tagValue(JSVAL_TYPE_SYMBOL, sym, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadInt32Result(Int32OperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register val = allocator.useRegister(masm, valId); masm.tagValue(JSVAL_TYPE_INT32, val, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadBigIntResult(BigIntOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register val = allocator.useRegister(masm, valId); masm.tagValue(JSVAL_TYPE_BIGINT, val, output.valueReg()); return true; } bool CacheIRCompiler::emitLoadDoubleResult(NumberOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand val = allocator.useValueRegister(masm, valId); #ifdef DEBUG Label ok; masm.branchTestDouble(Assembler::Equal, val, &ok); masm.branchTestInt32(Assembler::Equal, val, &ok); masm.assumeUnreachable("input must be double or int32"); masm.bind(&ok); #endif masm.moveValue(val, output.valueReg()); masm.convertInt32ValueToDouble(output.valueReg()); return true; } bool CacheIRCompiler::emitLoadTypeOfObjectResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Label slowCheck, isObject, isCallable, isUndefined, done; masm.typeOfObject(obj, scratch, &slowCheck, &isObject, &isCallable, &isUndefined); masm.bind(&isCallable); masm.moveValue(StringValue(cx_->names().function), output.valueReg()); masm.jump(&done); masm.bind(&isUndefined); masm.moveValue(StringValue(cx_->names().undefined), output.valueReg()); masm.jump(&done); masm.bind(&isObject); masm.moveValue(StringValue(cx_->names().object), output.valueReg()); masm.jump(&done); { masm.bind(&slowCheck); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = JSString* (*)(JSObject* obj, JSRuntime* rt); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.movePtr(ImmPtr(cx_->runtime()), scratch); masm.passABIArg(scratch); masm.callWithABI<Fn, TypeOfNameObject>(); masm.storeCallPointerResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(save, ignore); masm.tagValue(JSVAL_TYPE_STRING, scratch, output.valueReg()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadTypeOfEqObjectResult(ObjOperandId objId, TypeofEqOperand operand) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); JSType type = operand.type(); JSOp compareOp = operand.compareOp(); bool result; Label slowCheck, isObject, isCallable, isUndefined, done; masm.typeOfObject(obj, scratch, &slowCheck, &isObject, &isCallable, &isUndefined); masm.bind(&isCallable); result = type == JSTYPE_FUNCTION; if (compareOp == JSOp::Ne) { result = !result; } masm.moveValue(BooleanValue(result), output.valueReg()); masm.jump(&done); masm.bind(&isUndefined); result = type == JSTYPE_UNDEFINED; if (compareOp == JSOp::Ne) { result = !result; } masm.moveValue(BooleanValue(result), output.valueReg()); masm.jump(&done); masm.bind(&isObject); result = type == JSTYPE_OBJECT; if (compareOp == JSOp::Ne) { result = !result; } masm.moveValue(BooleanValue(result), output.valueReg()); masm.jump(&done); { masm.bind(&slowCheck); LiveRegisterSet save = liveVolatileRegs(); save.takeUnchecked(output.valueReg()); save.takeUnchecked(scratch); masm.PushRegsInMask(save); using Fn = bool (*)(JSObject* obj, TypeofEqOperand operand); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.move32(Imm32(TypeofEqOperand(type, compareOp).rawValue()), scratch); masm.passABIArg(scratch); masm.callWithABI<Fn, TypeOfEqObject>(); masm.storeCallBoolResult(scratch); masm.PopRegsInMask(save); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadInt32TruthyResult(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand val = allocator.useValueRegister(masm, inputId); Label ifFalse, done; masm.branchTestInt32Truthy(false, val, &ifFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadStringTruthyResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register str = allocator.useRegister(masm, strId); Label ifFalse, done; masm.branch32(Assembler::Equal, Address(str, JSString::offsetOfLength()), Imm32(0), &ifFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadDoubleTruthyResult(NumberOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchFloatRegister floatReg(this); allocator.ensureDoubleRegister(masm, inputId, floatReg); Label ifFalse, done; masm.branchTestDoubleTruthy(false, floatReg, &ifFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadObjectTruthyResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Label emulatesUndefined, slowPath, done; masm.branchIfObjectEmulatesUndefined(obj, scratch, &slowPath, &emulatesUndefined); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&emulatesUndefined); masm.moveValue(BooleanValue(false), output.valueReg()); masm.jump(&done); masm.bind(&slowPath); { LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch); volatileRegs.takeUnchecked(output); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSObject* obj); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, js::EmulatesUndefined>(); masm.storeCallBoolResult(scratch); masm.xor32(Imm32(1), scratch); masm.PopRegsInMask(volatileRegs); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadBigIntTruthyResult(BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register bigInt = allocator.useRegister(masm, bigIntId); Label ifFalse, done; masm.branch32(Assembler::Equal, Address(bigInt, BigInt::offsetOfDigitLength()), Imm32(0), &ifFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitLoadValueTruthyResult(ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand value = allocator.useValueRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); AutoScratchFloatRegister floatReg(this); Label ifFalse, ifTrue, done; { ScratchTagScope tag(masm, value); masm.splitTagForTest(value, tag); masm.branchTestUndefined(Assembler::Equal, tag, &ifFalse); masm.branchTestNull(Assembler::Equal, tag, &ifFalse); Label notBoolean; masm.branchTestBoolean(Assembler::NotEqual, tag, ¬Boolean); { ScratchTagScopeRelease _(&tag); masm.branchTestBooleanTruthy(false, value, &ifFalse); masm.jump(&ifTrue); } masm.bind(¬Boolean); Label notInt32; masm.branchTestInt32(Assembler::NotEqual, tag, ¬Int32); { ScratchTagScopeRelease _(&tag); masm.branchTestInt32Truthy(false, value, &ifFalse); masm.jump(&ifTrue); } masm.bind(¬Int32); Label notObject; masm.branchTestObject(Assembler::NotEqual, tag, ¬Object); { ScratchTagScopeRelease _(&tag); Register obj = masm.extractObject(value, scratch1); Label slowPath; masm.branchIfObjectEmulatesUndefined(obj, scratch2, &slowPath, &ifFalse); masm.jump(&ifTrue); masm.bind(&slowPath); { LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(scratch2); volatileRegs.takeUnchecked(output); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSObject* obj); masm.setupUnalignedABICall(scratch2); masm.passABIArg(obj); masm.callWithABI<Fn, js::EmulatesUndefined>(); masm.storeCallPointerResult(scratch2); masm.PopRegsInMask(volatileRegs); masm.branchIfTrueBool(scratch2, &ifFalse); masm.jump(&ifTrue); } } masm.bind(¬Object); Label notString; masm.branchTestString(Assembler::NotEqual, tag, ¬String); { ScratchTagScopeRelease _(&tag); masm.branchTestStringTruthy(false, value, &ifFalse); masm.jump(&ifTrue); } masm.bind(¬String); Label notBigInt; masm.branchTestBigInt(Assembler::NotEqual, tag, ¬BigInt); { ScratchTagScopeRelease _(&tag); masm.branchTestBigIntTruthy(false, value, &ifFalse); masm.jump(&ifTrue); } masm.bind(¬BigInt); masm.branchTestSymbol(Assembler::Equal, tag, &ifTrue); #ifdef DEBUG Label isDouble; masm.branchTestDouble(Assembler::Equal, tag, &isDouble); masm.assumeUnreachable("Unexpected value type"); masm.bind(&isDouble); #endif { ScratchTagScopeRelease _(&tag); masm.unboxDouble(value, floatReg); masm.branchTestDoubleTruthy(false, floatReg, &ifFalse); } // Fall through to true case. } masm.bind(&ifTrue); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitComparePointerResultShared(JSOp op, TypedOperandId lhsId, TypedOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register left = allocator.useRegister(masm, lhsId); Register right = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Label ifTrue, done; masm.branchPtr(JSOpToCondition(op, /* signed = */ true), left, right, &ifTrue); EmitStoreBoolean(masm, false, output); masm.jump(&done); masm.bind(&ifTrue); EmitStoreBoolean(masm, true, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitCompareObjectResult(JSOp op, ObjOperandId lhsId, ObjOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); return emitComparePointerResultShared(op, lhsId, rhsId); } bool CacheIRCompiler::emitCompareSymbolResult(JSOp op, SymbolOperandId lhsId, SymbolOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); return emitComparePointerResultShared(op, lhsId, rhsId); } bool CacheIRCompiler::emitCompareInt32Result(JSOp op, Int32OperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register left = allocator.useRegister(masm, lhsId); Register right = allocator.useRegister(masm, rhsId); Label ifTrue, done; masm.branch32(JSOpToCondition(op, /* signed = */ true), left, right, &ifTrue); EmitStoreBoolean(masm, false, output); masm.jump(&done); masm.bind(&ifTrue); EmitStoreBoolean(masm, true, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitCompareDoubleResult(JSOp op, NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); Label done, ifTrue; masm.branchDouble(JSOpToDoubleCondition(op), floatScratch0, floatScratch1, &ifTrue); EmitStoreBoolean(masm, false, output); masm.jump(&done); masm.bind(&ifTrue); EmitStoreBoolean(masm, true, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitCompareBigIntResult(JSOp op, BigIntOperandId lhsId, BigIntOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); masm.setupUnalignedABICall(scratch); // Push the operands in reverse order for JSOp::Le and JSOp::Gt: // - |left <= right| is implemented as |right >= left|. // - |left > right| is implemented as |right < left|. if (op == JSOp::Le || op == JSOp::Gt) { masm.passABIArg(rhs); masm.passABIArg(lhs); } else { masm.passABIArg(lhs); masm.passABIArg(rhs); } using Fn = bool (*)(BigInt*, BigInt*); Fn fn; if (op == JSOp::Eq || op == JSOp::StrictEq) { fn = jit::BigIntEqual<EqualityKind::Equal>; } else if (op == JSOp::Ne || op == JSOp::StrictNe) { fn = jit::BigIntEqual<EqualityKind::NotEqual>; } else if (op == JSOp::Lt || op == JSOp::Gt) { fn = jit::BigIntCompare<ComparisonKind::LessThan>; } else { MOZ_ASSERT(op == JSOp::Le || op == JSOp::Ge); fn = jit::BigIntCompare<ComparisonKind::GreaterThanOrEqual>; } masm.callWithABI(DynamicFunction<Fn>(fn)); masm.storeCallBoolResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(save, ignore); EmitStoreResult(masm, scratch, JSVAL_TYPE_BOOLEAN, output); return true; } bool CacheIRCompiler::emitCompareBigIntInt32Result(JSOp op, BigIntOperandId lhsId, Int32OperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register bigInt = allocator.useRegister(masm, lhsId); Register int32 = allocator.useRegister(masm, rhsId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); Label ifTrue, ifFalse; masm.compareBigIntAndInt32(op, bigInt, int32, scratch1, scratch2, &ifTrue, &ifFalse); Label done; masm.bind(&ifFalse); EmitStoreBoolean(masm, false, output); masm.jump(&done); masm.bind(&ifTrue); EmitStoreBoolean(masm, true, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitCompareBigIntNumberResult(JSOp op, BigIntOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); Register lhs = allocator.useRegister(masm, lhsId); allocator.ensureDoubleRegister(masm, rhsId, floatScratch0); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); masm.setupUnalignedABICall(scratch); // Push the operands in reverse order for JSOp::Le and JSOp::Gt: // - |left <= right| is implemented as |right >= left|. // - |left > right| is implemented as |right < left|. if (op == JSOp::Le || op == JSOp::Gt) { masm.passABIArg(floatScratch0, ABIType::Float64); masm.passABIArg(lhs); } else { masm.passABIArg(lhs); masm.passABIArg(floatScratch0, ABIType::Float64); } using FnBigIntNumber = bool (*)(BigInt*, double); using FnNumberBigInt = bool (*)(double, BigInt*); switch (op) { case JSOp::Eq: { masm.callWithABI<FnBigIntNumber, jit::BigIntNumberEqual<EqualityKind::Equal>>(); break; } case JSOp::Ne: { masm.callWithABI<FnBigIntNumber, jit::BigIntNumberEqual<EqualityKind::NotEqual>>(); break; } case JSOp::Lt: { masm.callWithABI<FnBigIntNumber, jit::BigIntNumberCompare<ComparisonKind::LessThan>>(); break; } case JSOp::Gt: { masm.callWithABI<FnNumberBigInt, jit::NumberBigIntCompare<ComparisonKind::LessThan>>(); break; } case JSOp::Le: { masm.callWithABI< FnNumberBigInt, jit::NumberBigIntCompare<ComparisonKind::GreaterThanOrEqual>>(); break; } case JSOp::Ge: { masm.callWithABI< FnBigIntNumber, jit::BigIntNumberCompare<ComparisonKind::GreaterThanOrEqual>>(); break; } default: MOZ_CRASH("unhandled op"); } masm.storeCallBoolResult(scratch); LiveRegisterSet ignore; ignore.add(scratch); masm.PopRegsInMaskIgnore(save, ignore); EmitStoreResult(masm, scratch, JSVAL_TYPE_BOOLEAN, output); return true; } bool CacheIRCompiler::emitCompareBigIntStringResult(JSOp op, BigIntOperandId lhsId, StringOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); callvm.prepare(); // Push the operands in reverse order for JSOp::Le and JSOp::Gt: // - |left <= right| is implemented as |right >= left|. // - |left > right| is implemented as |right < left|. if (op == JSOp::Le || op == JSOp::Gt) { masm.Push(lhs); masm.Push(rhs); } else { masm.Push(rhs); masm.Push(lhs); } using FnBigIntString = bool (*)(JSContext*, HandleBigInt, HandleString, bool*); using FnStringBigInt = bool (*)(JSContext*, HandleString, HandleBigInt, bool*); switch (op) { case JSOp::Eq: { constexpr auto Equal = EqualityKind::Equal; callvm.call<FnBigIntString, BigIntStringEqual<Equal>>(); break; } case JSOp::Ne: { constexpr auto NotEqual = EqualityKind::NotEqual; callvm.call<FnBigIntString, BigIntStringEqual<NotEqual>>(); break; } case JSOp::Lt: { constexpr auto LessThan = ComparisonKind::LessThan; callvm.call<FnBigIntString, BigIntStringCompare<LessThan>>(); break; } case JSOp::Gt: { constexpr auto LessThan = ComparisonKind::LessThan; callvm.call<FnStringBigInt, StringBigIntCompare<LessThan>>(); break; } case JSOp::Le: { constexpr auto GreaterThanOrEqual = ComparisonKind::GreaterThanOrEqual; callvm.call<FnStringBigInt, StringBigIntCompare<GreaterThanOrEqual>>(); break; } case JSOp::Ge: { constexpr auto GreaterThanOrEqual = ComparisonKind::GreaterThanOrEqual; callvm.call<FnBigIntString, BigIntStringCompare<GreaterThanOrEqual>>(); break; } default: MOZ_CRASH("unhandled op"); } return true; } bool CacheIRCompiler::emitCompareNullUndefinedResult(JSOp op, bool isUndefined, ValOperandId inputId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand input = allocator.useValueRegister(masm, inputId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); if (IsStrictEqualityOp(op)) { if (isUndefined) { masm.testUndefinedSet(JSOpToCondition(op, false), input, scratch); } else { masm.testNullSet(JSOpToCondition(op, false), input, scratch); } EmitStoreResult(masm, scratch, JSVAL_TYPE_BOOLEAN, output); return true; } FailurePath* failure; if (!addFailurePath(&failure)) { return false; } MOZ_ASSERT(IsLooseEqualityOp(op)); Label nullOrLikeUndefined, notNullOrLikeUndefined, done; { ScratchTagScope tag(masm, input); masm.splitTagForTest(input, tag); if (isUndefined) { masm.branchTestUndefined(Assembler::Equal, tag, &nullOrLikeUndefined); masm.branchTestNull(Assembler::Equal, tag, &nullOrLikeUndefined); } else { masm.branchTestNull(Assembler::Equal, tag, &nullOrLikeUndefined); masm.branchTestUndefined(Assembler::Equal, tag, &nullOrLikeUndefined); } masm.branchTestObject(Assembler::NotEqual, tag, ¬NullOrLikeUndefined); { ScratchTagScopeRelease _(&tag); masm.unboxObject(input, scratch); masm.branchIfObjectEmulatesUndefined(scratch, scratch2, failure->label(), &nullOrLikeUndefined); masm.jump(¬NullOrLikeUndefined); } } masm.bind(&nullOrLikeUndefined); EmitStoreBoolean(masm, op == JSOp::Eq, output); masm.jump(&done); masm.bind(¬NullOrLikeUndefined); EmitStoreBoolean(masm, op == JSOp::Ne, output); masm.bind(&done); return true; } bool CacheIRCompiler::emitCompareDoubleSameValueResult(NumberOperandId lhsId, NumberOperandId rhsId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); AutoAvailableFloatRegister floatScratch1(*this, FloatReg1); AutoAvailableFloatRegister floatScratch2(*this, FloatReg2); allocator.ensureDoubleRegister(masm, lhsId, floatScratch0); allocator.ensureDoubleRegister(masm, rhsId, floatScratch1); masm.sameValueDouble(floatScratch0, floatScratch1, floatScratch2, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitIndirectTruncateInt32Result(Int32OperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register val = allocator.useRegister(masm, valId); if (output.hasValue()) { masm.tagValue(JSVAL_TYPE_INT32, val, output.valueReg()); } else { masm.mov(val, output.typedReg().gpr()); } return true; } bool CacheIRCompiler::emitCallPrintString(const char* str) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); masm.printf(str); return true; } bool CacheIRCompiler::emitBreakpoint() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); masm.breakpoint(); return true; } void CacheIRCompiler::emitPostBarrierShared(Register obj, const ConstantOrRegister& val, Register scratch, Register maybeIndex) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (val.constant()) { MOZ_ASSERT_IF(val.value().isGCThing(), !IsInsideNursery(val.value().toGCThing())); return; } TypedOrValueRegister reg = val.reg(); if (reg.hasTyped() && !NeedsPostBarrier(reg.type())) { return; } Label skipBarrier; if (reg.hasValue()) { masm.branchValueIsNurseryCell(Assembler::NotEqual, reg.valueReg(), scratch, &skipBarrier); } else { masm.branchPtrInNurseryChunk(Assembler::NotEqual, reg.typedReg().gpr(), scratch, &skipBarrier); } masm.branchPtrInNurseryChunk(Assembler::Equal, obj, scratch, &skipBarrier); // Check one element cache to avoid VM call. auto* lastCellAddr = cx_->runtime()->gc.addressOfLastBufferedWholeCell(); masm.branchPtr(Assembler::Equal, AbsoluteAddress(lastCellAddr), obj, &skipBarrier); // Call one of these, depending on maybeIndex: // // void PostWriteBarrier(JSRuntime* rt, JSObject* obj); // void PostWriteElementBarrier(JSRuntime* rt, JSObject* obj, // int32_t index); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); masm.setupUnalignedABICall(scratch); masm.movePtr(ImmPtr(cx_->runtime()), scratch); masm.passABIArg(scratch); masm.passABIArg(obj); if (maybeIndex != InvalidReg) { masm.passABIArg(maybeIndex); using Fn = void (*)(JSRuntime* rt, JSObject* obj, int32_t index); masm.callWithABI<Fn, PostWriteElementBarrier>(); } else { using Fn = void (*)(JSRuntime* rt, js::gc::Cell* cell); masm.callWithABI<Fn, PostWriteBarrier>(); } masm.PopRegsInMask(save); masm.bind(&skipBarrier); } bool CacheIRCompiler::emitWrapResult() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label done; // We only have to wrap objects, because we are in the same zone. masm.branchTestObject(Assembler::NotEqual, output.valueReg(), &done); Register obj = output.valueReg().scratchReg(); masm.unboxObject(output.valueReg(), obj); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); using Fn = JSObject* (*)(JSContext* cx, JSObject* obj); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, WrapObjectPure>(); masm.storeCallPointerResult(obj); LiveRegisterSet ignore; ignore.add(obj); masm.PopRegsInMaskIgnore(save, ignore); // We could not get a wrapper for this object. masm.branchTestPtr(Assembler::Zero, obj, obj, failure->label()); // We clobbered the output register, so we have to retag. masm.tagValue(JSVAL_TYPE_OBJECT, obj, output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitMegamorphicLoadSlotByValueResult(ObjOperandId objId, ValOperandId idId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); ValueOperand idVal = allocator.useValueRegister(masm, idId); #ifdef JS_CODEGEN_X86 AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); #else AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } #ifdef JS_CODEGEN_X86 masm.xorPtr(scratch2, scratch2); #else Label cacheHit; masm.emitMegamorphicCacheLookupByValue( idVal, obj, scratch1, scratch3, scratch2, output.valueReg(), &cacheHit); #endif masm.branchIfNonNativeObj(obj, scratch1, failure->label()); // idVal will be in vp[0], result will be stored in vp[1]. masm.reserveStack(sizeof(Value)); masm.Push(idVal); masm.moveStackPtrTo(idVal.scratchReg()); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(idVal); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* obj, MegamorphicCache::Entry* cacheEntry, Value* vp); masm.setupUnalignedABICall(scratch1); masm.loadJSContext(scratch1); masm.passABIArg(scratch1); masm.passABIArg(obj); masm.passABIArg(scratch2); masm.passABIArg(idVal.scratchReg()); masm.callWithABI<Fn, GetNativeDataPropertyByValuePure>(); masm.storeCallPointerResult(scratch1); masm.PopRegsInMask(volatileRegs); masm.Pop(idVal); Label ok; uint32_t framePushed = masm.framePushed(); masm.branchIfTrueBool(scratch1, &ok); masm.adjustStack(sizeof(Value)); masm.jump(failure->label()); masm.bind(&ok); masm.setFramePushed(framePushed); masm.loadTypedOrValue(Address(masm.getStackPointer(), 0), output); masm.adjustStack(sizeof(Value)); #ifndef JS_CODEGEN_X86 masm.bind(&cacheHit); #endif return true; } bool CacheIRCompiler::emitMegamorphicLoadSlotByValuePermissiveResult( ObjOperandId objId, ValOperandId idId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); const AutoOutputRegister& output = callvm.output(); Register obj = allocator.useRegister(masm, objId); ValueOperand idVal = allocator.useValueRegister(masm, idId); #ifdef JS_CODEGEN_X86 AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); #else AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); #endif #ifdef JS_CODEGEN_X86 masm.xorPtr(scratch2, scratch2); #else Label cacheHit; masm.emitMegamorphicCacheLookupByValue( idVal, obj, scratch1, scratch3, scratch2, output.valueReg(), &cacheHit); #endif callvm.prepare(); masm.Push(scratch2); masm.Push(idVal); masm.Push(obj); using Fn = bool (*)(JSContext*, HandleObject, HandleValue, MegamorphicCacheEntry*, MutableHandleValue); callvm.call<Fn, GetElemMaybeCached>(); #ifndef JS_CODEGEN_X86 masm.bind(&cacheHit); #endif return true; } bool CacheIRCompiler::emitMegamorphicHasPropResult(ObjOperandId objId, ValOperandId idId, bool hasOwn) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); ValueOperand idVal = allocator.useValueRegister(masm, idId); #ifdef JS_CODEGEN_X86 AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratch2(allocator, masm, output); #else AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } #ifndef JS_CODEGEN_X86 Label cacheHit, done; masm.emitMegamorphicCacheLookupExists(idVal, obj, scratch1, scratch3, scratch2, output.maybeReg(), &cacheHit, hasOwn); #else masm.xorPtr(scratch2, scratch2); #endif masm.branchIfNonNativeObj(obj, scratch1, failure->label()); // idVal will be in vp[0], result will be stored in vp[1]. masm.reserveStack(sizeof(Value)); masm.Push(idVal); masm.moveStackPtrTo(idVal.scratchReg()); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(idVal); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* obj, MegamorphicCache::Entry* cacheEntry, Value* vp); masm.setupUnalignedABICall(scratch1); masm.loadJSContext(scratch1); masm.passABIArg(scratch1); masm.passABIArg(obj); masm.passABIArg(scratch2); masm.passABIArg(idVal.scratchReg()); if (hasOwn) { masm.callWithABI<Fn, HasNativeDataPropertyPure<true>>(); } else { masm.callWithABI<Fn, HasNativeDataPropertyPure<false>>(); } masm.storeCallPointerResult(scratch1); masm.PopRegsInMask(volatileRegs); masm.Pop(idVal); Label ok; uint32_t framePushed = masm.framePushed(); masm.branchIfTrueBool(scratch1, &ok); masm.adjustStack(sizeof(Value)); masm.jump(failure->label()); masm.bind(&ok); masm.setFramePushed(framePushed); masm.loadTypedOrValue(Address(masm.getStackPointer(), 0), output); masm.adjustStack(sizeof(Value)); #ifndef JS_CODEGEN_X86 masm.jump(&done); masm.bind(&cacheHit); if (output.hasValue()) { masm.tagValue(JSVAL_TYPE_BOOLEAN, output.valueReg().scratchReg(), output.valueReg()); } masm.bind(&done); #endif return true; } bool CacheIRCompiler::emitSmallObjectVariableKeyHasOwnResult( StringOperandId idId, uint32_t propNamesOffset, uint32_t shapeOffset) { StubFieldOffset propNames(propNamesOffset, StubField::Type::JSObject); AutoOutputRegister output(*this); Register id = allocator.useRegister(masm, idId); AutoScratchRegisterMaybeOutput propNamesReg(allocator, masm, output); AutoScratchRegister endScratch(allocator, masm); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } emitLoadStubField(propNames, propNamesReg); Label trueResult, falseResult, loop, done; masm.loadPtr(Address(propNamesReg, NativeObject::offsetOfElements()), propNamesReg); // Compute end pointer. Address lengthAddr(propNamesReg, ObjectElements::offsetOfInitializedLength()); masm.load32(lengthAddr, endScratch); masm.branch32(Assembler::Equal, endScratch, Imm32(0), &falseResult); BaseObjectElementIndex endPtrAddr(propNamesReg, endScratch); masm.computeEffectiveAddress(endPtrAddr, endScratch); masm.bind(&loop); Address atomAddr(propNamesReg.get(), 0); masm.unboxString(atomAddr, scratch); masm.branchPtr(Assembler::Equal, scratch, id, &trueResult); masm.addPtr(Imm32(sizeof(Value)), propNamesReg); masm.branchPtr(Assembler::Below, propNamesReg, endScratch, &loop); masm.bind(&falseResult); if (output.hasValue()) { masm.moveValue(BooleanValue(false), output.valueReg()); } else { masm.move32(Imm32(0), output.typedReg().gpr()); } masm.jump(&done); masm.bind(&trueResult); if (output.hasValue()) { masm.moveValue(BooleanValue(true), output.valueReg()); } else { masm.move32(Imm32(1), output.typedReg().gpr()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitCallObjectHasSparseElementResult( ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.reserveStack(sizeof(Value)); masm.moveStackPtrTo(scratch2.get()); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(index); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, NativeObject* obj, int32_t index, Value* vp); masm.setupUnalignedABICall(scratch1); masm.loadJSContext(scratch1); masm.passABIArg(scratch1); masm.passABIArg(obj); masm.passABIArg(index); masm.passABIArg(scratch2); masm.callWithABI<Fn, HasNativeElementPure>(); masm.storeCallPointerResult(scratch1); masm.PopRegsInMask(volatileRegs); Label ok; uint32_t framePushed = masm.framePushed(); masm.branchIfTrueBool(scratch1, &ok); masm.adjustStack(sizeof(Value)); masm.jump(failure->label()); masm.bind(&ok); masm.setFramePushed(framePushed); masm.loadTypedOrValue(Address(masm.getStackPointer(), 0), output); masm.adjustStack(sizeof(Value)); return true; } /* * Move a constant value into register dest. */ void CacheIRCompiler::emitLoadStubFieldConstant(StubFieldOffset val, Register dest) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); MOZ_ASSERT(mode_ == Mode::Ion); switch (val.getStubFieldType()) { case StubField::Type::Shape: masm.movePtr(ImmGCPtr(shapeStubField(val.getOffset())), dest); break; case StubField::Type::WeakGetterSetter: masm.movePtr(ImmGCPtr(weakGetterSetterStubField(val.getOffset())), dest); break; case StubField::Type::String: masm.movePtr(ImmGCPtr(stringStubField(val.getOffset())), dest); break; case StubField::Type::JSObject: masm.movePtr(ImmGCPtr(objectStubField(val.getOffset())), dest); break; case StubField::Type::RawPointer: masm.movePtr(ImmPtr(pointerStubField(val.getOffset())), dest); break; case StubField::Type::RawInt32: masm.move32(Imm32(int32StubField(val.getOffset())), dest); break; case StubField::Type::Id: masm.movePropertyKey(idStubField(val.getOffset()), dest); break; default: MOZ_CRASH("Unhandled stub field constant type"); } } /* * After this is done executing, dest contains the value; either through a * constant load or through the load from the stub data. * * The current policy is that Baseline will use loads from the stub data (to * allow IC sharing), where as Ion doesn't share ICs, and so we can safely use * constants in the IC. */ void CacheIRCompiler::emitLoadStubField(StubFieldOffset val, Register dest) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (stubFieldPolicy_ == StubFieldPolicy::Constant) { emitLoadStubFieldConstant(val, dest); } else { Address load(ICStubReg, stubDataOffset_ + val.getOffset()); switch (val.getStubFieldType()) { case StubField::Type::RawPointer: case StubField::Type::Shape: case StubField::Type::WeakGetterSetter: case StubField::Type::JSObject: case StubField::Type::Symbol: case StubField::Type::String: case StubField::Type::Id: case StubField::Type::AllocSite: masm.loadPtr(load, dest); break; case StubField::Type::RawInt32: masm.load32(load, dest); break; default: MOZ_CRASH("Unhandled stub field constant type"); } } } void CacheIRCompiler::emitLoadValueStubField(StubFieldOffset val, ValueOperand dest) { MOZ_ASSERT(val.getStubFieldType() == StubField::Type::Value); if (stubFieldPolicy_ == StubFieldPolicy::Constant) { MOZ_ASSERT(mode_ == Mode::Ion); masm.moveValue(valueStubField(val.getOffset()), dest); } else { Address addr(ICStubReg, stubDataOffset_ + val.getOffset()); masm.loadValue(addr, dest); } } void CacheIRCompiler::emitLoadDoubleValueStubField(StubFieldOffset val, ValueOperand dest, FloatRegister scratch) { MOZ_ASSERT(val.getStubFieldType() == StubField::Type::Double); if (stubFieldPolicy_ == StubFieldPolicy::Constant) { MOZ_ASSERT(mode_ == Mode::Ion); double d = doubleStubField(val.getOffset()); masm.moveValue(DoubleValue(d), dest); } else { Address addr(ICStubReg, stubDataOffset_ + val.getOffset()); masm.loadDouble(addr, scratch); masm.boxDouble(scratch, dest, scratch); } } bool CacheIRCompiler::emitLoadInstanceOfObjectResult(ValOperandId lhsId, ObjOperandId protoId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand lhs = allocator.useValueRegister(masm, lhsId); Register proto = allocator.useRegister(masm, protoId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } Label returnFalse, returnTrue, done; masm.fallibleUnboxObject(lhs, scratch, &returnFalse); // LHS is an object. Load its proto. masm.loadObjProto(scratch, scratch); { // Walk the proto chain until we either reach the target object, // nullptr or LazyProto. Label loop; masm.bind(&loop); masm.branchPtr(Assembler::Equal, scratch, proto, &returnTrue); masm.branchTestPtr(Assembler::Zero, scratch, scratch, &returnFalse); MOZ_ASSERT(uintptr_t(TaggedProto::LazyProto) == 1); masm.branchPtr(Assembler::Equal, scratch, ImmWord(1), failure->label()); masm.loadObjProto(scratch, scratch); masm.jump(&loop); } masm.bind(&returnFalse); EmitStoreBoolean(masm, false, output); masm.jump(&done); masm.bind(&returnTrue); EmitStoreBoolean(masm, true, output); // fallthrough masm.bind(&done); return true; } bool CacheIRCompiler::emitMegamorphicLoadSlotResult(ObjOperandId objId, uint32_t idOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); StubFieldOffset id(idOffset, StubField::Type::Id); AutoScratchRegisterMaybeOutput idReg(allocator, masm, output); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegisterMaybeOutputType scratch3(allocator, masm, output); #ifdef JS_CODEGEN_X86 masm.xorPtr(scratch3, scratch3); #else Label cacheHit; emitLoadStubField(id, idReg); masm.emitMegamorphicCacheLookupByValue(idReg.get(), obj, scratch1, scratch2, scratch3, output.valueReg(), &cacheHit); #endif FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.branchIfNonNativeObj(obj, scratch1, failure->label()); masm.Push(UndefinedValue()); masm.moveStackPtrTo(idReg.get()); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(scratch2); volatileRegs.takeUnchecked(scratch3); volatileRegs.takeUnchecked(idReg); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* obj, PropertyKey id, MegamorphicCache::Entry* cacheEntry, Value* vp); masm.setupUnalignedABICall(scratch1); masm.loadJSContext(scratch1); masm.passABIArg(scratch1); masm.passABIArg(obj); emitLoadStubField(id, scratch2); masm.passABIArg(scratch2); masm.passABIArg(scratch3); masm.passABIArg(idReg); #ifdef JS_CODEGEN_X86 masm.callWithABI<Fn, GetNativeDataPropertyPureWithCacheLookup>(); #else masm.callWithABI<Fn, GetNativeDataPropertyPure>(); #endif masm.storeCallPointerResult(scratch2); masm.PopRegsInMask(volatileRegs); masm.loadTypedOrValue(Address(masm.getStackPointer(), 0), output); masm.adjustStack(sizeof(Value)); masm.branchIfFalseBool(scratch2, failure->label()); #ifndef JS_CODEGEN_X86 masm.bind(&cacheHit); #endif return true; } bool CacheIRCompiler::emitMegamorphicLoadSlotPermissiveResult( ObjOperandId objId, uint32_t idOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); const AutoOutputRegister& output = callvm.output(); Register obj = allocator.useRegister(masm, objId); StubFieldOffset id(idOffset, StubField::Type::Id); AutoScratchRegisterMaybeOutput idReg(allocator, masm, output); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegisterMaybeOutputType scratch3(allocator, masm, output); #ifdef JS_CODEGEN_X86 masm.xorPtr(scratch3, scratch3); #else Label cacheHit; emitLoadStubField(id, idReg); masm.emitMegamorphicCacheLookupByValue(idReg.get(), obj, scratch1, scratch2, scratch3, output.valueReg(), &cacheHit); #endif callvm.prepare(); emitLoadStubField(id, scratch2); masm.Push(scratch3); masm.Push(scratch2); masm.Push(obj); using Fn = bool (*)(JSContext*, HandleObject, HandleId, MegamorphicCacheEntry*, MutableHandleValue); callvm.call<Fn, GetPropMaybeCached>(); #ifndef JS_CODEGEN_X86 masm.bind(&cacheHit); #endif return true; } bool CacheIRCompiler::emitMegamorphicStoreSlot(ObjOperandId objId, uint32_t idOffset, ValOperandId rhsId, bool strict) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); ConstantOrRegister val = allocator.useConstantOrRegister(masm, rhsId); StubFieldOffset id(idOffset, StubField::Type::Id); AutoScratchRegister scratch(allocator, masm); callvm.prepare(); masm.Push(Imm32(strict)); masm.Push(val); emitLoadStubField(id, scratch); masm.Push(scratch); masm.Push(obj); using Fn = bool (*)(JSContext*, HandleObject, HandleId, HandleValue, bool); callvm.callNoResult<Fn, SetPropertyMegamorphic<false>>(); return true; } bool CacheIRCompiler::emitGuardHasGetterSetter(ObjOperandId objId, uint32_t idOffset, uint32_t getterSetterOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); StubFieldOffset id(idOffset, StubField::Type::Id); StubFieldOffset getterSetter(getterSetterOffset, StubField::Type::WeakGetterSetter); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch1); volatileRegs.takeUnchecked(scratch2); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* obj, jsid id, GetterSetter* getterSetter); masm.setupUnalignedABICall(scratch1); masm.loadJSContext(scratch1); masm.passABIArg(scratch1); masm.passABIArg(obj); emitLoadStubField(id, scratch2); masm.passABIArg(scratch2); emitLoadStubField(getterSetter, scratch3); masm.passABIArg(scratch3); masm.callWithABI<Fn, ObjectHasGetterSetterPure>(); masm.storeCallPointerResult(scratch1); masm.PopRegsInMask(volatileRegs); masm.branchIfFalseBool(scratch1, failure->label()); return true; } bool CacheIRCompiler::emitGuardWasmArg(ValOperandId argId, wasm::ValType::Kind kind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); // All values can be boxed as AnyRef. if (kind == wasm::ValType::Ref) { return true; } MOZ_ASSERT(kind != wasm::ValType::V128); ValueOperand arg = allocator.useValueRegister(masm, argId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Check that the argument can be converted to the Wasm type in Warp code // without bailing out. Label done; switch (kind) { case wasm::ValType::I32: case wasm::ValType::F32: case wasm::ValType::F64: { // Argument must be number, bool, or undefined. masm.branchTestNumber(Assembler::Equal, arg, &done); masm.branchTestBoolean(Assembler::Equal, arg, &done); masm.branchTestUndefined(Assembler::NotEqual, arg, failure->label()); break; } case wasm::ValType::I64: { // Argument must be bigint, bool, or string. masm.branchTestBigInt(Assembler::Equal, arg, &done); masm.branchTestBoolean(Assembler::Equal, arg, &done); masm.branchTestString(Assembler::NotEqual, arg, failure->label()); break; } default: MOZ_CRASH("Unexpected kind"); } masm.bind(&done); return true; } bool CacheIRCompiler::emitGuardMultipleShapes(ObjOperandId objId, uint32_t shapesOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister shapes(allocator, masm); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); bool needSpectreMitigations = objectGuardNeedsSpectreMitigations(objId); Register spectreScratch = InvalidReg; Maybe<AutoScratchRegister> maybeSpectreScratch; if (needSpectreMitigations) { maybeSpectreScratch.emplace(allocator, masm); spectreScratch = *maybeSpectreScratch; } FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // The stub field contains a ListObject. Load its elements. StubFieldOffset shapeArray(shapesOffset, StubField::Type::JSObject); emitLoadStubField(shapeArray, shapes); masm.loadPtr(Address(shapes, NativeObject::offsetOfElements()), shapes); masm.branchTestObjShapeList(Assembler::NotEqual, obj, shapes, scratch, scratch2, spectreScratch, failure->label()); return true; } bool CacheIRCompiler::emitLoadObject(ObjOperandId resultId, uint32_t objOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register reg = allocator.defineRegister(masm, resultId); StubFieldOffset obj(objOffset, StubField::Type::JSObject); emitLoadStubField(obj, reg); return true; } bool CacheIRCompiler::emitLoadProtoObject(ObjOperandId resultId, uint32_t objOffset, ObjOperandId receiverObjId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register reg = allocator.defineRegister(masm, resultId); StubFieldOffset obj(objOffset, StubField::Type::JSObject); emitLoadStubField(obj, reg); return true; } bool CacheIRCompiler::emitLoadInt32Constant(uint32_t valOffset, Int32OperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register reg = allocator.defineRegister(masm, resultId); StubFieldOffset val(valOffset, StubField::Type::RawInt32); emitLoadStubField(val, reg); return true; } bool CacheIRCompiler::emitLoadBooleanConstant(bool val, BooleanOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register reg = allocator.defineRegister(masm, resultId); masm.move32(Imm32(val), reg); return true; } bool CacheIRCompiler::emitLoadDoubleConstant(uint32_t valOffset, NumberOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand output = allocator.defineValueRegister(masm, resultId); StubFieldOffset val(valOffset, StubField::Type::Double); AutoScratchFloatRegister floatReg(this); emitLoadDoubleValueStubField(val, output, floatReg); return true; } bool CacheIRCompiler::emitLoadUndefined(ValOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); ValueOperand reg = allocator.defineValueRegister(masm, resultId); masm.moveValue(UndefinedValue(), reg); return true; } bool CacheIRCompiler::emitLoadConstantString(uint32_t strOffset, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register reg = allocator.defineRegister(masm, resultId); StubFieldOffset str(strOffset, StubField::Type::String); emitLoadStubField(str, reg); return true; } bool CacheIRCompiler::emitCallInt32ToString(Int32OperandId inputId, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register input = allocator.useRegister(masm, inputId); Register result = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(result); masm.PushRegsInMask(volatileRegs); using Fn = JSLinearString* (*)(JSContext* cx, int32_t i); masm.setupUnalignedABICall(result); masm.loadJSContext(result); masm.passABIArg(result); masm.passABIArg(input); masm.callWithABI<Fn, js::Int32ToStringPure>(); masm.storeCallPointerResult(result); masm.PopRegsInMask(volatileRegs); masm.branchPtr(Assembler::Equal, result, ImmPtr(nullptr), failure->label()); return true; } bool CacheIRCompiler::emitCallNumberToString(NumberOperandId inputId, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoAvailableFloatRegister floatScratch0(*this, FloatReg0); allocator.ensureDoubleRegister(masm, inputId, floatScratch0); Register result = allocator.defineRegister(masm, resultId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(result); masm.PushRegsInMask(volatileRegs); using Fn = JSString* (*)(JSContext* cx, double d); masm.setupUnalignedABICall(result); masm.loadJSContext(result); masm.passABIArg(result); masm.passABIArg(floatScratch0, ABIType::Float64); masm.callWithABI<Fn, js::NumberToStringPure>(); masm.storeCallPointerResult(result); masm.PopRegsInMask(volatileRegs); masm.branchPtr(Assembler::Equal, result, ImmPtr(nullptr), failure->label()); return true; } bool CacheIRCompiler::emitInt32ToStringWithBaseResult(Int32OperandId inputId, Int32OperandId baseId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register input = allocator.useRegister(masm, inputId); Register base = allocator.useRegister(masm, baseId); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // AutoCallVM's AutoSaveLiveRegisters aren't accounted for in FailurePath, so // we can't use both at the same time. This isn't an issue here, because Ion // doesn't support CallICs. If that ever changes, this code must be updated. MOZ_ASSERT(isBaseline(), "Can't use FailurePath with AutoCallVM in Ion ICs"); masm.branch32(Assembler::LessThan, base, Imm32(2), failure->label()); masm.branch32(Assembler::GreaterThan, base, Imm32(36), failure->label()); // Use lower-case characters by default. constexpr bool lowerCase = true; callvm.prepare(); masm.Push(Imm32(lowerCase)); masm.Push(base); masm.Push(input); using Fn = JSLinearString* (*)(JSContext*, int32_t, int32_t, bool); callvm.call<Fn, js::Int32ToStringWithBase<CanGC>>(); return true; } bool CacheIRCompiler::emitBooleanToString(BooleanOperandId inputId, StringOperandId resultId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register boolean = allocator.useRegister(masm, inputId); Register result = allocator.defineRegister(masm, resultId); const JSAtomState& names = cx_->names(); Label true_, done; masm.branchTest32(Assembler::NonZero, boolean, boolean, &true_); // False case masm.movePtr(ImmGCPtr(names.false_), result); masm.jump(&done); // True case masm.bind(&true_); masm.movePtr(ImmGCPtr(names.true_), result); masm.bind(&done); return true; } bool CacheIRCompiler::emitObjectToStringResult(ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(output.valueReg()); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); using Fn = JSString* (*)(JSContext*, JSObject*); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(obj); masm.callWithABI<Fn, js::ObjectClassToString>(); masm.storeCallPointerResult(scratch); masm.PopRegsInMask(volatileRegs); masm.branchPtr(Assembler::Equal, scratch, ImmPtr(nullptr), failure->label()); masm.tagValue(JSVAL_TYPE_STRING, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitConcatStringsResult(StringOperandId lhsId, StringOperandId rhsId, uint32_t stubOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); const AutoOutputRegister& output = callvm.output(); Register lhs = allocator.useRegister(masm, lhsId); Register rhs = allocator.useRegister(masm, rhsId); // Discard the stack to ensure it's balanced when we skip the vm-call. allocator.discardStack(masm); Label done; { // The StringConcat stub uses CallTemp registers 0 to 5. LiveGeneralRegisterSet liveRegs; liveRegs.add(CallTempReg0); liveRegs.add(CallTempReg1); liveRegs.add(CallTempReg2); liveRegs.add(CallTempReg3); liveRegs.add(CallTempReg4); liveRegs.add(CallTempReg5); #ifdef JS_USE_LINK_REGISTER liveRegs.add(ICTailCallReg); #endif liveRegs.takeUnchecked(output.valueReg()); masm.PushRegsInMask(liveRegs); // The stub expects lhs in CallTempReg0 and rhs in CallTempReg1. masm.moveRegPair(lhs, rhs, CallTempReg0, CallTempReg1); uint32_t framePushed = masm.framePushed(); // Call cx->zone()->jitZone()->stringConcatStub. See also the comment and // code in CallRegExpStub. Label vmCall; Register temp = CallTempReg2; masm.loadJSContext(temp); masm.loadPtr(Address(temp, JSContext::offsetOfZone()), temp); masm.loadPtr(Address(temp, Zone::offsetOfJitZone()), temp); masm.loadPtr(Address(temp, JitZone::offsetOfStringConcatStub()), temp); masm.branchTestPtr(Assembler::Zero, temp, temp, &vmCall); masm.call(Address(temp, JitCode::offsetOfCode())); // The result is returned in CallTempReg5 (nullptr on failure). masm.branchTestPtr(Assembler::Zero, CallTempReg5, CallTempReg5, &vmCall); masm.tagValue(JSVAL_TYPE_STRING, CallTempReg5, output.valueReg()); masm.PopRegsInMask(liveRegs); masm.jump(&done); masm.bind(&vmCall); masm.setFramePushed(framePushed); masm.PopRegsInMask(liveRegs); } { callvm.prepare(); masm.Push(static_cast<js::jit::Imm32>(int32_t(js::gc::Heap::Default))); masm.Push(rhs); masm.Push(lhs); using Fn = JSString* (*)(JSContext*, HandleString, HandleString, js::gc::Heap); callvm.call<Fn, ConcatStrings<CanGC>>(); } masm.bind(&done); return true; } bool CacheIRCompiler::emitCallIsSuspendedGeneratorResult(ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); ValueOperand input = allocator.useValueRegister(masm, valId); // Test if it's an object. Label returnFalse, done; masm.fallibleUnboxObject(input, scratch, &returnFalse); // Test if it's a GeneratorObject. masm.branchTestObjClass(Assembler::NotEqual, scratch, &GeneratorObject::class_, scratch2, scratch, &returnFalse); // If the resumeIndex slot holds an int32 value < RESUME_INDEX_RUNNING, // the generator is suspended. Address addr(scratch, AbstractGeneratorObject::offsetOfResumeIndexSlot()); masm.fallibleUnboxInt32(addr, scratch, &returnFalse); masm.branch32(Assembler::AboveOrEqual, scratch, Imm32(AbstractGeneratorObject::RESUME_INDEX_RUNNING), &returnFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&returnFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } // This op generates no code. It is consumed by the transpiler. bool CacheIRCompiler::emitMetaScriptedThisShape(uint32_t) { return true; } bool CacheIRCompiler::emitCallNativeGetElementResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); callvm.prepare(); masm.Push(index); masm.Push(TypedOrValueRegister(MIRType::Object, AnyRegister(obj))); masm.Push(obj); using Fn = bool (*)(JSContext*, Handle<NativeObject*>, HandleValue, int32_t, MutableHandleValue); callvm.call<Fn, NativeGetElement>(); return true; } bool CacheIRCompiler::emitCallNativeGetElementSuperResult( ObjOperandId objId, Int32OperandId indexId, ValOperandId receiverId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); ValueOperand receiver = allocator.useValueRegister(masm, receiverId); callvm.prepare(); masm.Push(index); masm.Push(receiver); masm.Push(obj); using Fn = bool (*)(JSContext*, Handle<NativeObject*>, HandleValue, int32_t, MutableHandleValue); callvm.call<Fn, NativeGetElement>(); return true; } bool CacheIRCompiler::emitProxyHasPropResult(ObjOperandId objId, ValOperandId idId, bool hasOwn) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); ValueOperand idVal = allocator.useValueRegister(masm, idId); callvm.prepare(); masm.Push(idVal); masm.Push(obj); using Fn = bool (*)(JSContext*, HandleObject, HandleValue, bool*); if (hasOwn) { callvm.call<Fn, ProxyHasOwn>(); } else { callvm.call<Fn, ProxyHas>(); } return true; } bool CacheIRCompiler::emitProxyGetByValueResult(ObjOperandId objId, ValOperandId idId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); ValueOperand idVal = allocator.useValueRegister(masm, idId); callvm.prepare(); masm.Push(idVal); masm.Push(obj); using Fn = bool (*)(JSContext*, HandleObject, HandleValue, MutableHandleValue); callvm.call<Fn, ProxyGetPropertyByValue>(); return true; } bool CacheIRCompiler::emitCallGetSparseElementResult(ObjOperandId objId, Int32OperandId indexId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); Register id = allocator.useRegister(masm, indexId); callvm.prepare(); masm.Push(id); masm.Push(obj); using Fn = bool (*)(JSContext* cx, Handle<NativeObject*> obj, int32_t int_id, MutableHandleValue result); callvm.call<Fn, GetSparseElementHelper>(); return true; } bool CacheIRCompiler::emitRegExpSearcherLastLimitResult() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); masm.loadAndClearRegExpSearcherLastLimit(scratch1, scratch2); masm.tagValue(JSVAL_TYPE_INT32, scratch1, output.valueReg()); return true; } bool CacheIRCompiler::emitRegExpFlagResult(ObjOperandId regexpId, int32_t flagsMask) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register regexp = allocator.useRegister(masm, regexpId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Address flagsAddr( regexp, NativeObject::getFixedSlotOffset(RegExpObject::flagsSlot())); masm.unboxInt32(flagsAddr, scratch); Label ifFalse, done; masm.branchTest32(Assembler::Zero, scratch, Imm32(flagsMask), &ifFalse); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); masm.bind(&ifFalse); masm.moveValue(BooleanValue(false), output.valueReg()); masm.bind(&done); return true; } bool CacheIRCompiler::emitCallSubstringKernelResult(StringOperandId strId, Int32OperandId beginId, Int32OperandId lengthId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register begin = allocator.useRegister(masm, beginId); Register length = allocator.useRegister(masm, lengthId); callvm.prepare(); masm.Push(length); masm.Push(begin); masm.Push(str); using Fn = JSString* (*)(JSContext* cx, HandleString str, int32_t begin, int32_t len); callvm.call<Fn, SubstringKernel>(); return true; } bool CacheIRCompiler::emitStringReplaceStringResult( StringOperandId strId, StringOperandId patternId, StringOperandId replacementId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register pattern = allocator.useRegister(masm, patternId); Register replacement = allocator.useRegister(masm, replacementId); callvm.prepare(); masm.Push(replacement); masm.Push(pattern); masm.Push(str); using Fn = JSString* (*)(JSContext*, HandleString, HandleString, HandleString); callvm.call<Fn, jit::StringReplace>(); return true; } bool CacheIRCompiler::emitStringSplitStringResult(StringOperandId strId, StringOperandId separatorId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); Register separator = allocator.useRegister(masm, separatorId); callvm.prepare(); masm.Push(Imm32(INT32_MAX)); masm.Push(separator); masm.Push(str); using Fn = ArrayObject* (*)(JSContext*, HandleString, HandleString, uint32_t); callvm.call<Fn, js::StringSplitString>(); return true; } bool CacheIRCompiler::emitRegExpPrototypeOptimizableResult( ObjOperandId protoId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register proto = allocator.useRegister(masm, protoId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Label slow, done; masm.branchIfNotRegExpPrototypeOptimizable( proto, scratch, /* maybeGlobal = */ nullptr, &slow); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); { masm.bind(&slow); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* proto); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(proto); masm.callWithABI<Fn, RegExpPrototypeOptimizableRaw>(); masm.storeCallBoolResult(scratch); masm.PopRegsInMask(volatileRegs); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitRegExpInstanceOptimizableResult( ObjOperandId regexpId, ObjOperandId protoId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register regexp = allocator.useRegister(masm, regexpId); Register proto = allocator.useRegister(masm, protoId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Label slow, done; masm.branchIfNotRegExpInstanceOptimizable(regexp, scratch, /* maybeGlobal = */ nullptr, &slow); masm.moveValue(BooleanValue(true), output.valueReg()); masm.jump(&done); { masm.bind(&slow); LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); using Fn = bool (*)(JSContext* cx, JSObject* obj, JSObject* proto); masm.setupUnalignedABICall(scratch); masm.loadJSContext(scratch); masm.passABIArg(scratch); masm.passABIArg(regexp); masm.passABIArg(proto); masm.callWithABI<Fn, RegExpInstanceOptimizableRaw>(); masm.storeCallBoolResult(scratch); masm.PopRegsInMask(volatileRegs); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); } masm.bind(&done); return true; } bool CacheIRCompiler::emitGetFirstDollarIndexResult(StringOperandId strId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register str = allocator.useRegister(masm, strId); callvm.prepare(); masm.Push(str); using Fn = bool (*)(JSContext*, JSString*, int32_t*); callvm.call<Fn, GetFirstDollarIndexRaw>(); return true; } bool CacheIRCompiler::emitAtomicsCompareExchangeResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t expectedId, uint32_t replacementId, Scalar::Type elementType, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Maybe<AutoOutputRegister> output; Maybe<AutoCallVM> callvm; if (!Scalar::isBigIntType(elementType)) { output.emplace(*this); } else { callvm.emplace(masm, this, allocator); } #ifdef JS_CODEGEN_X86 // Use a scratch register to avoid running out of registers. Register obj = output ? output->valueReg().typeReg() : callvm->outputValueReg().typeReg(); allocator.copyToScratchRegister(masm, objId, obj); #else Register obj = allocator.useRegister(masm, objId); #endif Register index = allocator.useRegister(masm, indexId); Register expected; Register replacement; if (!Scalar::isBigIntType(elementType)) { expected = allocator.useRegister(masm, Int32OperandId(expectedId)); replacement = allocator.useRegister(masm, Int32OperandId(replacementId)); } else { expected = allocator.useRegister(masm, BigIntOperandId(expectedId)); replacement = allocator.useRegister(masm, BigIntOperandId(replacementId)); } Register scratch = output ? output->valueReg().scratchReg() : callvm->outputValueReg().scratchReg(); MOZ_ASSERT(scratch != obj, "scratchReg must not be typeReg"); Maybe<AutoScratchRegister> scratch2; if (viewKind == ArrayBufferViewKind::Resizable) { #ifdef JS_CODEGEN_X86 // Not enough spare registers on x86. #else scratch2.emplace(allocator, masm); #endif } // Not enough registers on X86. constexpr auto spectreTemp = mozilla::Nothing{}; FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // AutoCallVM's AutoSaveLiveRegisters aren't accounted for in FailurePath, so // we can't use both at the same time. This isn't an issue here, because Ion // doesn't support CallICs. If that ever changes, this code must be updated. MOZ_ASSERT(isBaseline(), "Can't use FailurePath with AutoCallVM in Ion ICs"); // Bounds check. emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, scratch2, spectreTemp, failure->label()); // Atomic operations are highly platform-dependent, for example x86/x64 has // specific requirements on which registers are used; MIPS needs multiple // additional temporaries. Therefore we're using either an ABI or VM call here // instead of handling each platform separately. if (Scalar::isBigIntType(elementType)) { callvm->prepare(); masm.Push(replacement); masm.Push(expected); masm.Push(index); masm.Push(obj); using Fn = BigInt* (*)(JSContext*, TypedArrayObject*, size_t, const BigInt*, const BigInt*); callvm->call<Fn, jit::AtomicsCompareExchange64>(); return true; } { LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(output->valueReg()); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.passABIArg(index); masm.passABIArg(expected); masm.passABIArg(replacement); masm.callWithABI(DynamicFunction<AtomicsCompareExchangeFn>( AtomicsCompareExchange(elementType))); masm.storeCallInt32Result(scratch); masm.PopRegsInMask(volatileRegs); } if (elementType != Scalar::Uint32) { masm.tagValue(JSVAL_TYPE_INT32, scratch, output->valueReg()); } else { ScratchDoubleScope fpscratch(masm); masm.convertUInt32ToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output->valueReg(), fpscratch); } return true; } bool CacheIRCompiler::emitAtomicsReadModifyWriteResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, ArrayBufferViewKind viewKind, AtomicsReadWriteModifyFn fn) { AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); Register value = allocator.useRegister(masm, Int32OperandId(valueId)); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Maybe<AutoScratchRegisterMaybeOutputType> scratch2; if (viewKind == ArrayBufferViewKind::Resizable) { scratch2.emplace(allocator, masm, output); } // Not enough registers on X86. constexpr auto spectreTemp = mozilla::Nothing{}; FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Bounds check. emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, scratch2, spectreTemp, failure->label()); // See comment in emitAtomicsCompareExchange for why we use an ABI call. { LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(output.valueReg()); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.passABIArg(index); masm.passABIArg(value); masm.callWithABI(DynamicFunction<AtomicsReadWriteModifyFn>(fn)); masm.storeCallInt32Result(scratch); masm.PopRegsInMask(volatileRegs); } if (elementType != Scalar::Uint32) { masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); } else { ScratchDoubleScope fpscratch(masm); masm.convertUInt32ToDouble(scratch, fpscratch); masm.boxDouble(fpscratch, output.valueReg(), fpscratch); } return true; } template <CacheIRCompiler::AtomicsReadWriteModify64Fn fn> bool CacheIRCompiler::emitAtomicsReadModifyWriteResult64( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, ArrayBufferViewKind viewKind) { AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); Register value = allocator.useRegister(masm, BigIntOperandId(valueId)); AutoScratchRegisterMaybeOutput scratch(allocator, masm, callvm.output()); Maybe<AutoScratchRegisterMaybeOutputType> scratch2; if (viewKind == ArrayBufferViewKind::Resizable) { scratch2.emplace(allocator, masm, callvm.output()); } // Not enough registers on X86. constexpr auto spectreTemp = mozilla::Nothing{}; FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // AutoCallVM's AutoSaveLiveRegisters aren't accounted for in FailurePath, so // we can't use both at the same time. This isn't an issue here, because Ion // doesn't support CallICs. If that ever changes, this code must be updated. MOZ_ASSERT(isBaseline(), "Can't use FailurePath with AutoCallVM in Ion ICs"); // Bounds check. emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, scratch2, spectreTemp, failure->label()); // See comment in emitAtomicsCompareExchange for why we use a VM call. callvm.prepare(); masm.Push(value); masm.Push(index); masm.Push(obj); callvm.call<AtomicsReadWriteModify64Fn, fn>(); return true; } bool CacheIRCompiler::emitAtomicsExchangeResult(ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsExchange64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsExchange(elementType)); } bool CacheIRCompiler::emitAtomicsAddResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, bool forEffect, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsAdd64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsAdd(elementType)); } bool CacheIRCompiler::emitAtomicsSubResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, bool forEffect, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsSub64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsSub(elementType)); } bool CacheIRCompiler::emitAtomicsAndResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, bool forEffect, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsAnd64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsAnd(elementType)); } bool CacheIRCompiler::emitAtomicsOrResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, bool forEffect, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsOr64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsOr(elementType)); } bool CacheIRCompiler::emitAtomicsXorResult( ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, bool forEffect, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); if (Scalar::isBigIntType(elementType)) { return emitAtomicsReadModifyWriteResult64<jit::AtomicsXor64>( objId, indexId, valueId, viewKind); } return emitAtomicsReadModifyWriteResult(objId, indexId, valueId, elementType, viewKind, AtomicsXor(elementType)); } bool CacheIRCompiler::emitAtomicsLoadResult(ObjOperandId objId, IntPtrOperandId indexId, Scalar::Type elementType, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Maybe<AutoOutputRegister> output; Maybe<AutoCallVM> callvm; if (!Scalar::isBigIntType(elementType)) { output.emplace(*this); } else { callvm.emplace(masm, this, allocator); } Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output ? *output : callvm->output()); Maybe<AutoSpectreBoundsScratchRegister> spectreTemp; Maybe<AutoScratchRegister> scratch2; if (viewKind == ArrayBufferViewKind::FixedLength) { spectreTemp.emplace(allocator, masm); } else { scratch2.emplace(allocator, masm); } AutoAvailableFloatRegister floatReg(*this, FloatReg0); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // AutoCallVM's AutoSaveLiveRegisters aren't accounted for in FailurePath, so // we can't use both at the same time. This isn't an issue here, because Ion // doesn't support CallICs. If that ever changes, this code must be updated. MOZ_ASSERT(isBaseline(), "Can't use FailurePath with AutoCallVM in Ion ICs"); // Bounds check. emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, scratch2, spectreTemp, failure->label()); // Atomic operations are highly platform-dependent, for example x86/arm32 has // specific requirements on which registers are used. Therefore we're using a // VM call here instead of handling each platform separately. if (Scalar::isBigIntType(elementType)) { callvm->prepare(); masm.Push(index); masm.Push(obj); using Fn = BigInt* (*)(JSContext*, TypedArrayObject*, size_t); callvm->call<Fn, jit::AtomicsLoad64>(); return true; } // Load the elements vector. masm.loadPtr(Address(obj, ArrayBufferViewObject::dataOffset()), scratch); // Load the value. BaseIndex source(scratch, index, ScaleFromScalarType(elementType)); // NOTE: the generated code must match the assembly code in gen_load in // GenerateAtomicOperations.py auto sync = Synchronization::Load(); masm.memoryBarrierBefore(sync); Label* failUint32 = nullptr; MacroAssembler::Uint32Mode mode = MacroAssembler::Uint32Mode::ForceDouble; masm.loadFromTypedArray(elementType, source, output->valueReg(), mode, InvalidReg, failUint32, LiveRegisterSet{}); masm.memoryBarrierAfter(sync); return true; } bool CacheIRCompiler::emitAtomicsStoreResult(ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, Scalar::Type elementType, ArrayBufferViewKind viewKind) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register obj = allocator.useRegister(masm, objId); Register index = allocator.useRegister(masm, indexId); Maybe<Register> valueInt32; Maybe<Register> valueBigInt; if (!Scalar::isBigIntType(elementType)) { valueInt32.emplace(allocator.useRegister(masm, Int32OperandId(valueId))); } else { valueBigInt.emplace(allocator.useRegister(masm, BigIntOperandId(valueId))); } AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); Maybe<AutoScratchRegisterMaybeOutputType> scratch2; if (viewKind == ArrayBufferViewKind::Resizable) { scratch2.emplace(allocator, masm, output); } // Not enough registers on X86. constexpr auto spectreTemp = mozilla::Nothing{}; FailurePath* failure; if (!addFailurePath(&failure)) { return false; } // Bounds check. emitTypedArrayBoundsCheck(viewKind, obj, index, scratch, scratch2, spectreTemp, failure->label()); if (!Scalar::isBigIntType(elementType)) { // Load the elements vector. masm.loadPtr(Address(obj, ArrayBufferViewObject::dataOffset()), scratch); // Store the value. BaseIndex dest(scratch, index, ScaleFromScalarType(elementType)); // NOTE: the generated code must match the assembly code in gen_store in // GenerateAtomicOperations.py auto sync = Synchronization::Store(); masm.memoryBarrierBefore(sync); masm.storeToTypedIntArray(elementType, *valueInt32, dest); masm.memoryBarrierAfter(sync); masm.tagValue(JSVAL_TYPE_INT32, *valueInt32, output.valueReg()); } else { // See comment in emitAtomicsCompareExchange for why we use an ABI call. LiveRegisterSet volatileRegs = liveVolatileRegs(); volatileRegs.takeUnchecked(output.valueReg()); volatileRegs.takeUnchecked(scratch); masm.PushRegsInMask(volatileRegs); using Fn = void (*)(TypedArrayObject*, size_t, const BigInt*); masm.setupUnalignedABICall(scratch); masm.passABIArg(obj); masm.passABIArg(index); masm.passABIArg(*valueBigInt); masm.callWithABI<Fn, jit::AtomicsStore64>(); masm.PopRegsInMask(volatileRegs); masm.tagValue(JSVAL_TYPE_BIGINT, *valueBigInt, output.valueReg()); } return true; } bool CacheIRCompiler::emitAtomicsIsLockFreeResult(Int32OperandId valueId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register value = allocator.useRegister(masm, valueId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.atomicIsLockFreeJS(value, scratch); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitAtomicsPauseResult() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); masm.atomicPause(); masm.moveValue(UndefinedValue(), output.valueReg()); return true; } bool CacheIRCompiler::emitBigIntAsIntNResult(Int32OperandId bitsId, BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register bits = allocator.useRegister(masm, bitsId); Register bigInt = allocator.useRegister(masm, bigIntId); callvm.prepare(); masm.Push(bits); masm.Push(bigInt); using Fn = BigInt* (*)(JSContext*, HandleBigInt, int32_t); callvm.call<Fn, jit::BigIntAsIntN>(); return true; } bool CacheIRCompiler::emitBigIntAsUintNResult(Int32OperandId bitsId, BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register bits = allocator.useRegister(masm, bitsId); Register bigInt = allocator.useRegister(masm, bigIntId); callvm.prepare(); masm.Push(bits); masm.Push(bigInt); using Fn = BigInt* (*)(JSContext*, HandleBigInt, int32_t); callvm.call<Fn, jit::BigIntAsUintN>(); return true; } bool CacheIRCompiler::emitSetHasResult(ObjOperandId setId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register set = allocator.useRegister(masm, setId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(set); using Fn = bool (*)(JSContext*, Handle<SetObject*>, HandleValue, bool*); callvm.call<Fn, jit::SetObjectHas>(); return true; } bool CacheIRCompiler::emitSetHasNonGCThingResult(ObjOperandId setId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register set = allocator.useRegister(masm, setId); ValueOperand val = allocator.useValueRegister(masm, valId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); masm.toHashableNonGCThing(val, output.valueReg(), scratchFloat); masm.prepareHashNonGCThing(output.valueReg(), scratch1, scratch2); masm.setObjectHasNonBigInt(set, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitSetHasSymbolResult(ObjOperandId setId, SymbolOperandId symId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register set = allocator.useRegister(masm, setId); Register sym = allocator.useRegister(masm, symId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); masm.prepareHashSymbol(sym, scratch1); masm.tagValue(JSVAL_TYPE_SYMBOL, sym, output.valueReg()); masm.setObjectHasNonBigInt(set, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitSetHasBigIntResult(ObjOperandId setId, BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register set = allocator.useRegister(masm, setId); Register bigInt = allocator.useRegister(masm, bigIntId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); #ifndef JS_CODEGEN_ARM AutoScratchRegister scratch6(allocator, masm); #else // We don't have more registers available on ARM32. Register scratch6 = set; masm.push(set); #endif masm.prepareHashBigInt(bigInt, scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BIGINT, bigInt, output.valueReg()); masm.setObjectHasBigInt(set, output.valueReg(), scratch1, scratch2, scratch3, scratch4, scratch5, scratch6); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); #ifdef JS_CODEGEN_ARM masm.pop(set); #endif return true; } bool CacheIRCompiler::emitSetHasObjectResult(ObjOperandId setId, ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register set = allocator.useRegister(masm, setId); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); masm.tagValue(JSVAL_TYPE_OBJECT, obj, output.valueReg()); masm.prepareHashObject(set, output.valueReg(), scratch1, scratch2, scratch3, scratch4, scratch5); masm.setObjectHasNonBigInt(set, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitSetDeleteResult(ObjOperandId setId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register set = allocator.useRegister(masm, setId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(set); using Fn = bool (*)(JSContext*, Handle<SetObject*>, HandleValue, bool*); callvm.call<Fn, jit::SetObjectDelete>(); return true; } bool CacheIRCompiler::emitSetAddResult(ObjOperandId setId, ValOperandId keyId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register set = allocator.useRegister(masm, setId); ValueOperand key = allocator.useValueRegister(masm, keyId); callvm.prepare(); masm.Push(key); masm.Push(set); using Fn = bool (*)(JSContext*, Handle<SetObject*>, HandleValue, MutableHandleValue); callvm.call<Fn, jit::SetObjectAddFromIC>(); return true; } bool CacheIRCompiler::emitSetSizeResult(ObjOperandId setId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register set = allocator.useRegister(masm, setId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.loadSetObjectSize(set, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitMapHasResult(ObjOperandId mapId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register map = allocator.useRegister(masm, mapId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(map); using Fn = bool (*)(JSContext*, Handle<MapObject*>, HandleValue, bool*); callvm.call<Fn, jit::MapObjectHas>(); return true; } bool CacheIRCompiler::emitMapHasNonGCThingResult(ObjOperandId mapId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); ValueOperand val = allocator.useValueRegister(masm, valId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); masm.toHashableNonGCThing(val, output.valueReg(), scratchFloat); masm.prepareHashNonGCThing(output.valueReg(), scratch1, scratch2); masm.mapObjectHasNonBigInt(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitMapHasSymbolResult(ObjOperandId mapId, SymbolOperandId symId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register sym = allocator.useRegister(masm, symId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); masm.prepareHashSymbol(sym, scratch1); masm.tagValue(JSVAL_TYPE_SYMBOL, sym, output.valueReg()); masm.mapObjectHasNonBigInt(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitMapHasBigIntResult(ObjOperandId mapId, BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register bigInt = allocator.useRegister(masm, bigIntId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); #ifndef JS_CODEGEN_ARM AutoScratchRegister scratch6(allocator, masm); #else // We don't have more registers available on ARM32. Register scratch6 = map; masm.push(map); #endif masm.prepareHashBigInt(bigInt, scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BIGINT, bigInt, output.valueReg()); masm.mapObjectHasBigInt(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4, scratch5, scratch6); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); #ifdef JS_CODEGEN_ARM masm.pop(map); #endif return true; } bool CacheIRCompiler::emitMapHasObjectResult(ObjOperandId mapId, ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); masm.tagValue(JSVAL_TYPE_OBJECT, obj, output.valueReg()); masm.prepareHashObject(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4, scratch5); masm.mapObjectHasNonBigInt(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BOOLEAN, scratch2, output.valueReg()); return true; } bool CacheIRCompiler::emitMapGetResult(ObjOperandId mapId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register map = allocator.useRegister(masm, mapId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(map); using Fn = bool (*)(JSContext*, Handle<MapObject*>, HandleValue, MutableHandleValue); callvm.call<Fn, jit::MapObjectGet>(); return true; } bool CacheIRCompiler::emitMapDeleteResult(ObjOperandId mapId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register map = allocator.useRegister(masm, mapId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(map); using Fn = bool (*)(JSContext*, Handle<MapObject*>, HandleValue, bool*); callvm.call<Fn, jit::MapObjectDelete>(); return true; } bool CacheIRCompiler::emitMapSetResult(ObjOperandId mapId, ValOperandId keyId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register map = allocator.useRegister(masm, mapId); ValueOperand key = allocator.useValueRegister(masm, keyId); ValueOperand val = allocator.useValueRegister(masm, valId); callvm.prepare(); masm.Push(val); masm.Push(key); masm.Push(map); using Fn = bool (*)(JSContext*, Handle<MapObject*>, HandleValue, HandleValue, MutableHandleValue); callvm.call<Fn, jit::MapObjectSetFromIC>(); return true; } bool CacheIRCompiler::emitMapGetNonGCThingResult(ObjOperandId mapId, ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); ValueOperand val = allocator.useValueRegister(masm, valId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoAvailableFloatRegister scratchFloat(*this, FloatReg0); masm.toHashableNonGCThing(val, output.valueReg(), scratchFloat); masm.prepareHashNonGCThing(output.valueReg(), scratch1, scratch2); masm.mapObjectGetNonBigInt(map, output.valueReg(), scratch1, output.valueReg(), scratch2, scratch3, scratch4); return true; } bool CacheIRCompiler::emitMapGetSymbolResult(ObjOperandId mapId, SymbolOperandId symId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register sym = allocator.useRegister(masm, symId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); masm.prepareHashSymbol(sym, scratch1); masm.tagValue(JSVAL_TYPE_SYMBOL, sym, output.valueReg()); masm.mapObjectGetNonBigInt(map, output.valueReg(), scratch1, output.valueReg(), scratch2, scratch3, scratch4); return true; } bool CacheIRCompiler::emitMapGetBigIntResult(ObjOperandId mapId, BigIntOperandId bigIntId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register bigInt = allocator.useRegister(masm, bigIntId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); #ifndef JS_CODEGEN_ARM AutoScratchRegister scratch6(allocator, masm); #else // We don't have more registers available on ARM32. Register scratch6 = map; masm.push(map); #endif masm.prepareHashBigInt(bigInt, scratch1, scratch2, scratch3, scratch4); masm.tagValue(JSVAL_TYPE_BIGINT, bigInt, output.valueReg()); masm.mapObjectGetBigInt(map, output.valueReg(), scratch1, output.valueReg(), scratch2, scratch3, scratch4, scratch5, scratch6); #ifdef JS_CODEGEN_ARM masm.pop(map); #endif return true; } bool CacheIRCompiler::emitMapGetObjectResult(ObjOperandId mapId, ObjOperandId objId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister scratch1(allocator, masm); AutoScratchRegister scratch2(allocator, masm); AutoScratchRegister scratch3(allocator, masm); AutoScratchRegister scratch4(allocator, masm); AutoScratchRegister scratch5(allocator, masm); masm.tagValue(JSVAL_TYPE_OBJECT, obj, output.valueReg()); masm.prepareHashObject(map, output.valueReg(), scratch1, scratch2, scratch3, scratch4, scratch5); masm.mapObjectGetNonBigInt(map, output.valueReg(), scratch1, output.valueReg(), scratch2, scratch3, scratch4); return true; } bool CacheIRCompiler::emitMapSizeResult(ObjOperandId mapId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); Register map = allocator.useRegister(masm, mapId); AutoScratchRegisterMaybeOutput scratch(allocator, masm, output); masm.loadMapObjectSize(map, scratch); masm.tagValue(JSVAL_TYPE_INT32, scratch, output.valueReg()); return true; } bool CacheIRCompiler::emitDateFillLocalTimeSlots(ObjOperandId dateId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register date = allocator.useRegister(masm, dateId); AutoScratchRegister scratch(allocator, masm); masm.dateFillLocalTimeSlots(date, scratch, liveVolatileRegs()); return true; } bool CacheIRCompiler::emitDateHoursFromSecondsIntoYearResult( ValOperandId secondsIntoYearId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand secondsIntoYear = allocator.useValueRegister(masm, secondsIntoYearId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); masm.dateHoursFromSecondsIntoYear(secondsIntoYear, output.valueReg(), scratch1, scratch2); return true; } bool CacheIRCompiler::emitDateMinutesFromSecondsIntoYearResult( ValOperandId secondsIntoYearId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand secondsIntoYear = allocator.useValueRegister(masm, secondsIntoYearId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); masm.dateMinutesFromSecondsIntoYear(secondsIntoYear, output.valueReg(), scratch1, scratch2); return true; } bool CacheIRCompiler::emitDateSecondsFromSecondsIntoYearResult( ValOperandId secondsIntoYearId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); ValueOperand secondsIntoYear = allocator.useValueRegister(masm, secondsIntoYearId); AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output); AutoScratchRegister scratch2(allocator, masm); masm.dateSecondsFromSecondsIntoYear(secondsIntoYear, output.valueReg(), scratch1, scratch2); return true; } bool CacheIRCompiler::emitArrayFromArgumentsObjectResult(ObjOperandId objId, uint32_t shapeOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); Register obj = allocator.useRegister(masm, objId); callvm.prepare(); masm.Push(obj); using Fn = ArrayObject* (*)(JSContext*, Handle<ArgumentsObject*>); callvm.call<Fn, js::ArrayFromArgumentsObject>(); return true; } bool CacheIRCompiler::emitGuardGlobalGeneration(uint32_t expectedOffset, uint32_t generationAddrOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); AutoScratchRegister scratch2(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } StubFieldOffset expected(expectedOffset, StubField::Type::RawInt32); emitLoadStubField(expected, scratch); StubFieldOffset generationAddr(generationAddrOffset, StubField::Type::RawPointer); emitLoadStubField(generationAddr, scratch2); masm.branch32(Assembler::NotEqual, Address(scratch2, 0), scratch, failure->label()); return true; } bool CacheIRCompiler::emitGuardFuse(RealmFuses::FuseIndex fuseIndex) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoScratchRegister scratch(allocator, masm); FailurePath* failure; if (!addFailurePath(&failure)) { return false; } masm.loadRealmFuse(fuseIndex, scratch); masm.branchPtr(Assembler::NotEqual, scratch, ImmPtr(nullptr), failure->label()); return true; } bool CacheIRCompiler::emitBailout() { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); // Generates no code. return true; } bool CacheIRCompiler::emitAssertFloat32Result(ValOperandId valId, bool mustFloat32) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); // NOP when not in IonMonkey masm.moveValue(UndefinedValue(), output.valueReg()); return true; } bool CacheIRCompiler::emitAssertRecoveredOnBailoutResult(ValOperandId valId, bool mustBeRecovered) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoOutputRegister output(*this); // NOP when not in IonMonkey masm.moveValue(UndefinedValue(), output.valueReg()); return true; } bool CacheIRCompiler::emitAssertPropertyLookup(ObjOperandId objId, uint32_t idOffset, uint32_t slotOffset) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); Register obj = allocator.useRegister(masm, objId); AutoScratchRegister id(allocator, masm); AutoScratchRegister slot(allocator, masm); LiveRegisterSet save = liveVolatileRegs(); masm.PushRegsInMask(save); masm.setupUnalignedABICall(id); StubFieldOffset idField(idOffset, StubField::Type::Id); emitLoadStubField(idField, id); StubFieldOffset slotField(slotOffset, StubField::Type::RawInt32); emitLoadStubField(slotField, slot); masm.passABIArg(obj); masm.passABIArg(id); masm.passABIArg(slot); using Fn = void (*)(NativeObject*, PropertyKey, uint32_t); masm.callWithABI<Fn, js::jit::AssertPropertyLookup>(); masm.PopRegsInMask(save); return true; } #ifdef FUZZING_JS_FUZZILLI bool CacheIRCompiler::emitFuzzilliHashResult(ValOperandId valId) { JitSpew(JitSpew_Codegen, "%s", __FUNCTION__); AutoCallVM callvm(masm, this, allocator); const AutoOutputRegister& output = callvm.output(); ValueOperand input = allocator.useValueRegister(masm, valId); AutoScratchRegister scratch(allocator, masm); AutoScratchRegisterMaybeOutput scratch2(allocator, masm, output); AutoScratchRegisterMaybeOutputType scratchJSContext(allocator, masm, output); AutoScratchFloatRegister floatReg(this); Label hashDouble, updateHash, done; Label isInt32, isDouble, isNull, isUndefined, isBoolean, isBigInt, isObject; { ScratchTagScope tag(masm, input); masm.splitTagForTest(input, tag); masm.branchTestInt32(Assembler::Equal, tag, &isInt32); masm.branchTestDouble(Assembler::Equal, tag, &isDouble); masm.branchTestNull(Assembler::Equal, tag, &isNull); masm.branchTestUndefined(Assembler::Equal, tag, &isUndefined); masm.branchTestBoolean(Assembler::Equal, tag, &isBoolean); masm.branchTestBigInt(Assembler::Equal, tag, &isBigInt); masm.branchTestObject(Assembler::Equal, tag, &isObject); // Symbol or String. masm.move32(Imm32(0), scratch); masm.jump(&updateHash); } masm.bind(&isInt32); { masm.unboxInt32(input, scratch); masm.convertInt32ToDouble(scratch, floatReg); masm.jump(&hashDouble); } masm.bind(&isDouble); { masm.unboxDouble(input, floatReg); masm.jump(&hashDouble); } masm.bind(&isNull); { masm.loadConstantDouble(1.0, floatReg); masm.jump(&hashDouble); } masm.bind(&isUndefined); { masm.loadConstantDouble(2.0, floatReg); masm.jump(&hashDouble); } masm.bind(&isBoolean); { masm.unboxBoolean(input, scratch); masm.add32(Imm32(3), scratch); masm.convertInt32ToDouble(scratch, floatReg); masm.jump(&hashDouble); } masm.bind(&isBigInt); { masm.unboxBigInt(input, scratch); LiveRegisterSet volatileRegs = liveVolatileRegs(); masm.PushRegsInMask(volatileRegs); using Fn = uint32_t (*)(BigInt* bigInt); masm.setupUnalignedABICall(scratchJSContext); masm.loadJSContext(scratchJSContext); masm.passABIArg(scratch); masm.callWithABI<Fn, js::FuzzilliHashBigInt>(); masm.storeCallInt32Result(scratch); LiveRegisterSet ignore; ignore.add(scratch); ignore.add(scratchJSContext); masm.PopRegsInMaskIgnore(volatileRegs, ignore); masm.jump(&updateHash); } masm.bind(&isObject); { masm.unboxObject(input, scratch); callvm.prepare(); masm.Push(scratch); using Fn = void (*)(JSContext* cx, JSObject* o); callvm.callNoResult<Fn, js::FuzzilliHashObject>(); masm.jump(&done); } masm.bind(&hashDouble); masm.fuzzilliHashDouble(floatReg, scratch, scratch2); masm.bind(&updateHash); masm.fuzzilliStoreHash(scratch, scratchJSContext, scratch2); masm.bind(&done); masm.moveValue(UndefinedValue(), output.valueReg()); return true; } #endif template <typename Fn, Fn fn> void CacheIRCompiler::callVM(MacroAssembler& masm) { VMFunctionId id = VMFunctionToId<Fn, fn>::id; callVMInternal(masm, id); } void CacheIRCompiler::callVMInternal(MacroAssembler& masm, VMFunctionId id) { MOZ_ASSERT(enteredStubFrame_); if (mode_ == Mode::Ion) { TrampolinePtr code = cx_->runtime()->jitRuntime()->getVMWrapper(id); const VMFunctionData& fun = GetVMFunction(id); uint32_t frameSize = fun.explicitStackSlots() * sizeof(void*); masm.PushFrameDescriptor(FrameType::IonICCall); masm.callJit(code); // Pop rest of the exit frame and the arguments left on the stack. int framePop = sizeof(ExitFrameLayout) - ExitFrameLayout::bytesPoppedAfterCall(); masm.implicitPop(frameSize + framePop); masm.freeStack(asIon()->localTracingSlots() * sizeof(Value)); // Pop IonICCallFrameLayout. masm.Pop(FramePointer); masm.freeStack(IonICCallFrameLayout::Size() - sizeof(void*)); return; } MOZ_ASSERT(mode_ == Mode::Baseline); TrampolinePtr code = cx_->runtime()->jitRuntime()->getVMWrapper(id); EmitBaselineCallVM(code, masm); } bool CacheIRCompiler::isBaseline() { return mode_ == Mode::Baseline; } bool CacheIRCompiler::isIon() { return mode_ == Mode::Ion; } BaselineCacheIRCompiler* CacheIRCompiler::asBaseline() { MOZ_ASSERT(this->isBaseline()); return static_cast<BaselineCacheIRCompiler*>(this); } IonCacheIRCompiler* CacheIRCompiler::asIon() { MOZ_ASSERT(this->isIon()); return static_cast<IonCacheIRCompiler*>(this); } #ifdef DEBUG void CacheIRCompiler::assertFloatRegisterAvailable(FloatRegister reg) { if (isBaseline()) { // Baseline does not have any FloatRegisters live when calling an IC stub. return; } asIon()->assertFloatRegisterAvailable(reg); } #endif AutoCallVM::AutoCallVM(MacroAssembler& masm, CacheIRCompiler* compiler, CacheRegisterAllocator& allocator) : masm_(masm), compiler_(compiler), allocator_(allocator) { // Ion needs to `enterStubFrame` before it can callVM and it also needs to // initialize AutoSaveLiveRegisters. if (compiler_->mode_ == CacheIRCompiler::Mode::Ion) { // Will need to use a downcast here as well, in order to pass the // stub to AutoSaveLiveRegisters save_.emplace(*compiler_->asIon()); } if (compiler->outputUnchecked_.isSome()) { output_.emplace(*compiler); } if (compiler_->mode_ == CacheIRCompiler::Mode::Baseline) { stubFrame_.emplace(*compiler_->asBaseline()); if (output_.isSome()) { scratch_.emplace(allocator_, masm_, output_.ref()); } else { scratch_.emplace(allocator_, masm_); } } } void AutoCallVM::prepare() { allocator_.discardStack(masm_); MOZ_ASSERT(compiler_ != nullptr); if (compiler_->mode_ == CacheIRCompiler::Mode::Ion) { compiler_->asIon()->enterStubFrame(masm_, *save_.ptr()); return; } MOZ_ASSERT(compiler_->mode_ == CacheIRCompiler::Mode::Baseline); stubFrame_->enter(masm_, scratch_.ref()); } void AutoCallVM::storeResult(JSValueType returnType) { MOZ_ASSERT(returnType != JSVAL_TYPE_DOUBLE); if (returnType == JSVAL_TYPE_UNKNOWN) { masm_.storeCallResultValue(output_.ref()); } else { if (output_->hasValue()) { masm_.tagValue(returnType, ReturnReg, output_->valueReg()); } else { masm_.storeCallPointerResult(output_->typedReg().gpr()); } } } void AutoCallVM::leaveBaselineStubFrame() { if (compiler_->mode_ == CacheIRCompiler::Mode::Baseline) { stubFrame_->leave(masm_); } } template <typename...> struct VMFunctionReturnType; template <class R, typename... Args> struct VMFunctionReturnType<R (*)(JSContext*, Args...)> { using LastArgument = typename LastArg<Args...>::Type; // By convention VMFunctions returning `bool` use an output parameter. using ReturnType = std::conditional_t<std::is_same_v<R, bool>, LastArgument, R>; }; template <class> struct ReturnTypeToJSValueType; // Definitions for the currently used return types. template <> struct ReturnTypeToJSValueType<MutableHandleValue> { static constexpr JSValueType result = JSVAL_TYPE_UNKNOWN; }; template <> struct ReturnTypeToJSValueType<bool*> { static constexpr JSValueType result = JSVAL_TYPE_BOOLEAN; }; template <> struct ReturnTypeToJSValueType<int32_t*> { static constexpr JSValueType result = JSVAL_TYPE_INT32; }; template <> struct ReturnTypeToJSValueType<JSString*> { static constexpr JSValueType result = JSVAL_TYPE_STRING; }; template <> struct ReturnTypeToJSValueType<JSLinearString*> { static constexpr JSValueType result = JSVAL_TYPE_STRING; }; template <> struct ReturnTypeToJSValueType<JSAtom*> { static constexpr JSValueType result = JSVAL_TYPE_STRING; }; template <> struct ReturnTypeToJSValueType<BigInt*> { static constexpr JSValueType result = JSVAL_TYPE_BIGINT; }; template <> struct ReturnTypeToJSValueType<JSObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<PropertyIteratorObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<ArrayIteratorObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<StringIteratorObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<RegExpStringIteratorObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<PlainObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<ArrayObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<TypedArrayObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<MapObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <> struct ReturnTypeToJSValueType<SetObject*> { static constexpr JSValueType result = JSVAL_TYPE_OBJECT; }; template <typename Fn> void AutoCallVM::storeResult() { using ReturnType = typename VMFunctionReturnType<Fn>::ReturnType; storeResult(ReturnTypeToJSValueType<ReturnType>::result); } AutoScratchFloatRegister::AutoScratchFloatRegister(CacheIRCompiler* compiler, FailurePath* failure) : compiler_(compiler), failure_(failure) { // If we're compiling a Baseline IC, FloatReg0 is always available. if (!compiler_->isBaseline()) { MacroAssembler& masm = compiler_->masm; masm.push(FloatReg0); compiler->allocator.setHasAutoScratchFloatRegisterSpill(true); } if (failure_) { failure_->setHasAutoScratchFloatRegister(); } } AutoScratchFloatRegister::~AutoScratchFloatRegister() { if (failure_) { failure_->clearHasAutoScratchFloatRegister(); } if (!compiler_->isBaseline()) { MacroAssembler& masm = compiler_->masm; masm.pop(FloatReg0); compiler_->allocator.setHasAutoScratchFloatRegisterSpill(false); if (failure_) { Label done; masm.jump(&done); masm.bind(&failurePopReg_); masm.pop(FloatReg0); masm.jump(failure_->label()); masm.bind(&done); } } } Label* AutoScratchFloatRegister::failure() { MOZ_ASSERT(failure_); if (!compiler_->isBaseline()) { return &failurePopReg_; } return failure_->labelUnchecked(); }
¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.440Bemerkung: (vorverarbeitet am 2026-04-26) ¤*Bot Zugriff |
|
||||||||||||||
2026-05-26