summaryrefslogtreecommitdiffstats
path: root/js/src/jit/MIR.h
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/jit/MIR.h')
-rw-r--r--js/src/jit/MIR.h13562
1 files changed, 13562 insertions, 0 deletions
diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h
new file mode 100644
index 0000000000..f31bf6923c
--- /dev/null
+++ b/js/src/jit/MIR.h
@@ -0,0 +1,13562 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=8 sts=2 et sw=2 tw=80:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Everything needed to build actual MIR instructions: the actual opcodes and
+ * instructions, the instruction interface, and use chains.
+ */
+
+#ifndef jit_MIR_h
+#define jit_MIR_h
+
+#include "mozilla/Alignment.h"
+#include "mozilla/Array.h"
+#include "mozilla/Attributes.h"
+#include "mozilla/MacroForEach.h"
+
+#include <algorithm>
+#include <initializer_list>
+
+#include "NamespaceImports.h"
+
+#include "gc/Allocator.h"
+#include "jit/AtomicOp.h"
+#include "jit/FixedList.h"
+#include "jit/InlineList.h"
+#include "jit/InlineScriptTree.h"
+#include "jit/JitAllocPolicy.h"
+#include "jit/MacroAssembler.h"
+#include "jit/MOpcodesGenerated.h"
+#include "jit/TypePolicy.h"
+#include "js/experimental/JitInfo.h" // JSJit{Getter,Setter}Op, JSJitInfo
+#include "js/HeapAPI.h"
+#include "js/Id.h"
+#include "js/ScalarType.h" // js::Scalar::Type
+#include "js/Value.h"
+#include "js/Vector.h"
+#include "util/DifferentialTesting.h"
+#include "vm/ArrayObject.h"
+#include "vm/BuiltinObjectKind.h"
+#include "vm/EnvironmentObject.h"
+#include "vm/FunctionFlags.h" // js::FunctionFlags
+#include "vm/JSContext.h"
+#include "vm/ReceiverGuard.h"
+#include "vm/RegExpObject.h"
+#include "vm/SharedMem.h"
+#include "vm/TypedArrayObject.h"
+
+namespace JS {
+struct ExpandoAndGeneration;
+}
+
+namespace js {
+
+namespace wasm {
+class FuncExport;
+}
+
+class GenericPrinter;
+class StringObject;
+
+enum class UnaryMathFunction : uint8_t;
+
+bool CurrentThreadIsIonCompiling();
+
+namespace jit {
+
+// Forward declarations of MIR types.
+#define FORWARD_DECLARE(op) class M##op;
+MIR_OPCODE_LIST(FORWARD_DECLARE)
+#undef FORWARD_DECLARE
+
+// MDefinition visitor which ignores non-overloaded visit functions.
+class MDefinitionVisitorDefaultNoop {
+ public:
+#define VISIT_INS(op) \
+ void visit##op(M##op*) {}
+ MIR_OPCODE_LIST(VISIT_INS)
+#undef VISIT_INS
+};
+
+class CompactBufferWriter;
+class Range;
+
+template <typename T>
+struct ResultWithOOM {
+ T value;
+ bool oom;
+
+ static ResultWithOOM<T> ok(T val) { return {val, false}; }
+ static ResultWithOOM<T> fail() { return {T(), true}; }
+};
+
+static inline MIRType MIRTypeFromValue(const js::Value& vp) {
+ if (vp.isDouble()) {
+ return MIRType::Double;
+ }
+ if (vp.isMagic()) {
+ switch (vp.whyMagic()) {
+ case JS_OPTIMIZED_ARGUMENTS:
+ return MIRType::MagicOptimizedArguments;
+ case JS_OPTIMIZED_OUT:
+ return MIRType::MagicOptimizedOut;
+ case JS_ELEMENTS_HOLE:
+ return MIRType::MagicHole;
+ case JS_IS_CONSTRUCTING:
+ return MIRType::MagicIsConstructing;
+ case JS_UNINITIALIZED_LEXICAL:
+ return MIRType::MagicUninitializedLexical;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Unexpected magic constant");
+ }
+ }
+ return MIRTypeFromValueType(vp.extractNonDoubleType());
+}
+
+#define MIR_FLAG_LIST(_) \
+ _(InWorklist) \
+ _(EmittedAtUses) \
+ _(Commutative) \
+ _(Movable) /* Allow passes like LICM to move this instruction */ \
+ _(Lowered) /* (Debug only) has a virtual register */ \
+ _(Guard) /* Not removable if uses == 0 */ \
+ \
+ /* Flag an instruction to be considered as a Guard if the instructions \
+ * bails out on some inputs. \
+ * \
+ * Some optimizations can replace an instruction, and leave its operands \
+ * unused. When the type information of the operand got used as a \
+ * predicate of the transformation, then we have to flag the operands as \
+ * GuardRangeBailouts. \
+ * \
+ * This flag prevents further optimization of instructions, which \
+ * might remove the run-time checks (bailout conditions) used as a \
+ * predicate of the previous transformation. \
+ */ \
+ _(GuardRangeBailouts) \
+ \
+ /* Some instructions have uses that aren't directly represented in the \
+ * graph, and need to be handled specially. As an example, this is used to \
+ * keep the flagged instruction in resume points, not substituting with an \
+ * UndefinedValue. This can be used by call inlining when a function \
+ * argument is not used by the inlined instructions. \
+ */ \
+ _(ImplicitlyUsed) \
+ \
+ /* The instruction has been marked dead for lazy removal from resume \
+ * points. \
+ */ \
+ _(Unused) \
+ \
+ /* When a branch is removed, the uses of multiple instructions are removed. \
+ * The removal of branches is based on hypotheses. These hypotheses might \
+ * fail, in which case we need to bailout from the current code. \
+ * \
+ * When we implement a destructive optimization, we need to consider the \
+ * failing cases, and consider the fact that we might resume the execution \
+ * into a branch which was removed from the compiler. As such, a \
+ * destructive optimization need to take into acount removed branches. \
+ * \
+ * In order to let destructive optimizations know about removed branches, we \
+ * have to annotate instructions with the UseRemoved flag. This flag \
+ * annotates instruction which were used in removed branches. \
+ */ \
+ _(UseRemoved) \
+ \
+ /* Marks if the current instruction should go to the bailout paths instead \
+ * of producing code as part of the control flow. This flag can only be set \
+ * on instructions which are only used by ResumePoint or by other flagged \
+ * instructions. \
+ */ \
+ _(RecoveredOnBailout) \
+ \
+ /* Some instructions might represent an object, but the memory of these \
+ * objects might be incomplete if we have not recovered all the stores which \
+ * were supposed to happen before. This flag is used to annotate \
+ * instructions which might return a pointer to a memory area which is not \
+ * yet fully initialized. This flag is used to ensure that stores are \
+ * executed before returning the value. \
+ */ \
+ _(IncompleteObject) \
+ \
+ /* For WebAssembly, there are functions with multiple results. Instead of \
+ * having the results defined by one call instruction, they are instead \
+ * captured in subsequent result capture instructions, because modelling \
+ * multi-value results in Ion is too complicated. However since they \
+ * capture ambient live registers, it would be an error to move an unrelated \
+ * instruction between the call and the result capture. This flag is used \
+ * to prevent code motion from moving instructions in invalid ways. \
+ */ \
+ _(CallResultCapture) \
+ \
+ /* The current instruction got discarded from the MIR Graph. This is useful \
+ * when we want to iterate over resume points and instructions, while \
+ * handling instructions which are discarded without reporting to the \
+ * iterator. \
+ */ \
+ _(Discarded)
+
+class MDefinition;
+class MInstruction;
+class MBasicBlock;
+class MNode;
+class MUse;
+class MPhi;
+class MIRGraph;
+class MResumePoint;
+class MControlInstruction;
+
+// Represents a use of a node.
+class MUse : public TempObject, public InlineListNode<MUse> {
+ // Grant access to setProducerUnchecked.
+ friend class MDefinition;
+ friend class MPhi;
+
+ MDefinition* producer_; // MDefinition that is being used.
+ MNode* consumer_; // The node that is using this operand.
+
+ // Low-level unchecked edit method for replaceAllUsesWith and
+ // MPhi::removeOperand. This doesn't update use lists!
+ // replaceAllUsesWith and MPhi::removeOperand do that manually.
+ void setProducerUnchecked(MDefinition* producer) {
+ MOZ_ASSERT(consumer_);
+ MOZ_ASSERT(producer_);
+ MOZ_ASSERT(producer);
+ producer_ = producer;
+ }
+
+ public:
+ // Default constructor for use in vectors.
+ MUse() : producer_(nullptr), consumer_(nullptr) {}
+
+ // Move constructor for use in vectors. When an MUse is moved, it stays
+ // in its containing use list.
+ MUse(MUse&& other)
+ : InlineListNode<MUse>(std::move(other)),
+ producer_(other.producer_),
+ consumer_(other.consumer_) {}
+
+ // Construct an MUse initialized with |producer| and |consumer|.
+ MUse(MDefinition* producer, MNode* consumer) {
+ initUnchecked(producer, consumer);
+ }
+
+ // Set this use, which was previously clear.
+ inline void init(MDefinition* producer, MNode* consumer);
+ // Like init, but works even when the use contains uninitialized data.
+ inline void initUnchecked(MDefinition* producer, MNode* consumer);
+ // Like initUnchecked, but set the producer to nullptr.
+ inline void initUncheckedWithoutProducer(MNode* consumer);
+ // Set this use, which was not previously clear.
+ inline void replaceProducer(MDefinition* producer);
+ // Clear this use.
+ inline void releaseProducer();
+
+ MDefinition* producer() const {
+ MOZ_ASSERT(producer_ != nullptr);
+ return producer_;
+ }
+ bool hasProducer() const { return producer_ != nullptr; }
+ MNode* consumer() const {
+ MOZ_ASSERT(consumer_ != nullptr);
+ return consumer_;
+ }
+
+#ifdef DEBUG
+ // Return the operand index of this MUse in its consumer. This is DEBUG-only
+ // as normal code should instead call indexOf on the cast consumer directly,
+ // to allow it to be devirtualized and inlined.
+ size_t index() const;
+#endif
+};
+
+using MUseIterator = InlineList<MUse>::iterator;
+
+// A node is an entry in the MIR graph. It has two kinds:
+// MInstruction: an instruction which appears in the IR stream.
+// MResumePoint: a list of instructions that correspond to the state of the
+// interpreter/Baseline stack.
+//
+// Nodes can hold references to MDefinitions. Each MDefinition has a list of
+// nodes holding such a reference (its use chain).
+class MNode : public TempObject {
+ protected:
+ enum class Kind { Definition = 0, ResumePoint };
+
+ private:
+ static const uintptr_t KindMask = 0x1;
+ uintptr_t blockAndKind_;
+
+ Kind kind() const { return Kind(blockAndKind_ & KindMask); }
+
+ protected:
+ explicit MNode(const MNode& other) : blockAndKind_(other.blockAndKind_) {}
+
+ MNode(MBasicBlock* block, Kind kind) { setBlockAndKind(block, kind); }
+
+ void setBlockAndKind(MBasicBlock* block, Kind kind) {
+ blockAndKind_ = uintptr_t(block) | uintptr_t(kind);
+ MOZ_ASSERT(this->block() == block);
+ }
+
+ MBasicBlock* definitionBlock() const {
+ MOZ_ASSERT(isDefinition());
+ static_assert(unsigned(Kind::Definition) == 0,
+ "Code below relies on low bit being 0");
+ return reinterpret_cast<MBasicBlock*>(blockAndKind_);
+ }
+ MBasicBlock* resumePointBlock() const {
+ MOZ_ASSERT(isResumePoint());
+ static_assert(unsigned(Kind::ResumePoint) == 1,
+ "Code below relies on low bit being 1");
+ // Use a subtraction: if the caller does block()->foo, the compiler
+ // will be able to fold it with the load.
+ return reinterpret_cast<MBasicBlock*>(blockAndKind_ - 1);
+ }
+
+ public:
+ // Returns the definition at a given operand.
+ virtual MDefinition* getOperand(size_t index) const = 0;
+ virtual size_t numOperands() const = 0;
+ virtual size_t indexOf(const MUse* u) const = 0;
+
+ bool isDefinition() const { return kind() == Kind::Definition; }
+ bool isResumePoint() const { return kind() == Kind::ResumePoint; }
+ MBasicBlock* block() const {
+ return reinterpret_cast<MBasicBlock*>(blockAndKind_ & ~KindMask);
+ }
+ MBasicBlock* caller() const;
+
+ // Sets an already set operand, updating use information. If you're looking
+ // for setOperand, this is probably what you want.
+ virtual void replaceOperand(size_t index, MDefinition* operand) = 0;
+
+ // Resets the operand to an uninitialized state, breaking the link
+ // with the previous operand's producer.
+ void releaseOperand(size_t index) { getUseFor(index)->releaseProducer(); }
+ bool hasOperand(size_t index) const {
+ return getUseFor(index)->hasProducer();
+ }
+
+ inline MDefinition* toDefinition();
+ inline MResumePoint* toResumePoint();
+
+ [[nodiscard]] virtual bool writeRecoverData(
+ CompactBufferWriter& writer) const;
+
+#ifdef JS_JITSPEW
+ virtual void dump(GenericPrinter& out) const = 0;
+ virtual void dump() const = 0;
+#endif
+
+ protected:
+ // Need visibility on getUseFor to avoid O(n^2) complexity.
+ friend void AssertBasicGraphCoherency(MIRGraph& graph, bool force);
+
+ // Gets the MUse corresponding to given operand.
+ virtual MUse* getUseFor(size_t index) = 0;
+ virtual const MUse* getUseFor(size_t index) const = 0;
+};
+
+class AliasSet {
+ private:
+ uint32_t flags_;
+
+ public:
+ enum Flag {
+ None_ = 0,
+ ObjectFields = 1 << 0, // shape, class, slots, length etc.
+ Element = 1 << 1, // A Value member of obj->elements or
+ // a typed object.
+ UnboxedElement = 1 << 2, // An unboxed scalar or reference member of
+ // typed object.
+ DynamicSlot = 1 << 3, // A Value member of obj->slots.
+ FixedSlot = 1 << 4, // A Value member of obj->fixedSlots().
+ DOMProperty = 1 << 5, // A DOM property
+ WasmGlobalVar = 1 << 6, // An asm.js/wasm private global var
+ WasmHeap = 1 << 7, // An asm.js/wasm heap load
+ WasmHeapMeta = 1 << 8, // The asm.js/wasm heap base pointer and
+ // bounds check limit, in Tls.
+ ArrayBufferViewLengthOrOffset =
+ 1 << 9, // An array buffer view's length or byteOffset
+ WasmGlobalCell = 1 << 10, // A wasm global cell
+ WasmTableElement = 1 << 11, // An element of a wasm table
+ WasmStackResult = 1 << 12, // A stack result from the current function
+
+ // JSContext's exception state. This is used on instructions like MThrow
+ // or MNewArrayDynamicLength that throw exceptions (other than OOM) but have
+ // no other side effect, to ensure that they get their own up-to-date resume
+ // point. (This resume point will be used when constructing the Baseline
+ // frame during exception bailouts.)
+ ExceptionState = 1 << 13,
+
+ // Used for instructions that load the privateSlot of DOM proxies and
+ // the ExpandoAndGeneration.
+ DOMProxyExpando = 1 << 14,
+
+ Last = DOMProxyExpando,
+ Any = Last | (Last - 1),
+
+ NumCategories = 15,
+
+ // Indicates load or store.
+ Store_ = 1 << 31
+ };
+
+ static_assert((1 << NumCategories) - 1 == Any,
+ "NumCategories must include all flags present in Any");
+
+ explicit AliasSet(uint32_t flags) : flags_(flags) {}
+
+ public:
+ inline bool isNone() const { return flags_ == None_; }
+ uint32_t flags() const { return flags_ & Any; }
+ inline bool isStore() const { return !!(flags_ & Store_); }
+ inline bool isLoad() const { return !isStore() && !isNone(); }
+ inline AliasSet operator|(const AliasSet& other) const {
+ return AliasSet(flags_ | other.flags_);
+ }
+ inline AliasSet operator&(const AliasSet& other) const {
+ return AliasSet(flags_ & other.flags_);
+ }
+ static AliasSet None() { return AliasSet(None_); }
+ static AliasSet Load(uint32_t flags) {
+ MOZ_ASSERT(flags && !(flags & Store_));
+ return AliasSet(flags);
+ }
+ static AliasSet Store(uint32_t flags) {
+ MOZ_ASSERT(flags && !(flags & Store_));
+ return AliasSet(flags | Store_);
+ }
+};
+
+typedef Vector<MDefinition*, 6, JitAllocPolicy> MDefinitionVector;
+typedef Vector<MInstruction*, 6, JitAllocPolicy> MInstructionVector;
+
+// When a floating-point value is used by nodes which would prefer to
+// receive integer inputs, we may be able to help by computing our result
+// into an integer directly.
+//
+// A value can be truncated in 4 differents ways:
+// 1. Ignore Infinities (x / 0 --> 0).
+// 2. Ignore overflow (INT_MIN / -1 == (INT_MAX + 1) --> INT_MIN)
+// 3. Ignore negative zeros. (-0 --> 0)
+// 4. Ignore remainder. (3 / 4 --> 0)
+//
+// Indirect truncation is used to represent that we are interested in the
+// truncated result, but only if it can safely flow into operations which
+// are computed modulo 2^32, such as (2) and (3). Infinities are not safe,
+// as they would have absorbed other math operations. Remainders are not
+// safe, as fractions can be scaled up by multiplication.
+//
+// Division is a particularly interesting node here because it covers all 4
+// cases even when its own operands are integers.
+//
+// Note that these enum values are ordered from least value-modifying to
+// most value-modifying, and code relies on this ordering.
+enum class TruncateKind {
+ // No correction.
+ NoTruncate = 0,
+ // An integer is desired, but we can't skip bailout checks.
+ TruncateAfterBailouts = 1,
+ // The value will be truncated after some arithmetic (see above).
+ IndirectTruncate = 2,
+ // Direct and infallible truncation to int32.
+ Truncate = 3
+};
+
+// An MDefinition is an SSA name.
+class MDefinition : public MNode {
+ friend class MBasicBlock;
+
+ public:
+ enum class Opcode : uint16_t {
+#define DEFINE_OPCODES(op) op,
+ MIR_OPCODE_LIST(DEFINE_OPCODES)
+#undef DEFINE_OPCODES
+ };
+
+ private:
+ InlineList<MUse> uses_; // Use chain.
+ uint32_t id_; // Instruction ID, which after block re-ordering
+ // is sorted within a basic block.
+ Opcode op_; // Opcode.
+ uint16_t flags_; // Bit flags.
+ Range* range_; // Any computed range for this def.
+ union {
+ MDefinition*
+ loadDependency_; // Implicit dependency (store, call, etc.) of this
+ // instruction. Used by alias analysis, GVN and LICM.
+ uint32_t virtualRegister_; // Used by lowering to map definitions to
+ // virtual registers.
+ };
+
+ // Track bailouts by storing the current pc in MIR instruction. Also used
+ // for profiling and keeping track of what the last known pc was.
+ const BytecodeSite* trackedSite_;
+
+ // If we generate a bailout path for this instruction, this is the
+ // bailout kind that will be encoded in the snapshot. When we bail out,
+ // FinishBailoutToBaseline may take action based on the bailout kind to
+ // prevent bailout loops. (For example, if an instruction bails out after
+ // being hoisted by LICM, we will disable LICM when recompiling the script.)
+ BailoutKind bailoutKind_;
+
+ MIRType resultType_; // Representation of result type.
+
+ private:
+ enum Flag {
+ None = 0,
+#define DEFINE_FLAG(flag) flag,
+ MIR_FLAG_LIST(DEFINE_FLAG)
+#undef DEFINE_FLAG
+ Total
+ };
+
+ bool hasFlags(uint32_t flags) const { return (flags_ & flags) == flags; }
+ void removeFlags(uint32_t flags) { flags_ &= ~flags; }
+ void setFlags(uint32_t flags) { flags_ |= flags; }
+
+ // Calling isDefinition or isResumePoint on MDefinition is unnecessary.
+ bool isDefinition() const = delete;
+ bool isResumePoint() const = delete;
+
+ protected:
+ void setBlock(MBasicBlock* block) {
+ setBlockAndKind(block, Kind::Definition);
+ }
+
+ static HashNumber addU32ToHash(HashNumber hash, uint32_t data) {
+ return data + (hash << 6) + (hash << 16) - hash;
+ }
+
+ public:
+ explicit MDefinition(Opcode op)
+ : MNode(nullptr, Kind::Definition),
+ id_(0),
+ op_(op),
+ flags_(0),
+ range_(nullptr),
+ loadDependency_(nullptr),
+ trackedSite_(nullptr),
+ bailoutKind_(BailoutKind::Unknown),
+ resultType_(MIRType::None) {}
+
+ // Copying a definition leaves the list of uses and the block empty.
+ explicit MDefinition(const MDefinition& other)
+ : MNode(other),
+ id_(0),
+ op_(other.op_),
+ flags_(other.flags_),
+ range_(other.range_),
+ loadDependency_(other.loadDependency_),
+ trackedSite_(other.trackedSite_),
+ bailoutKind_(other.bailoutKind_),
+ resultType_(other.resultType_) {}
+
+ Opcode op() const { return op_; }
+
+#ifdef JS_JITSPEW
+ const char* opName() const;
+ void printName(GenericPrinter& out) const;
+ static void PrintOpcodeName(GenericPrinter& out, Opcode op);
+ virtual void printOpcode(GenericPrinter& out) const;
+ void dump(GenericPrinter& out) const override;
+ void dump() const override;
+ void dumpLocation(GenericPrinter& out) const;
+ void dumpLocation() const;
+#endif
+
+ // For LICM.
+ virtual bool neverHoist() const { return false; }
+
+ // Also for LICM. Test whether this definition is likely to be a call, which
+ // would clobber all or many of the floating-point registers, such that
+ // hoisting floating-point constants out of containing loops isn't likely to
+ // be worthwhile.
+ virtual bool possiblyCalls() const { return false; }
+
+ MBasicBlock* block() const { return definitionBlock(); }
+
+ void setTrackedSite(const BytecodeSite* site) {
+ MOZ_ASSERT(site);
+ trackedSite_ = site;
+ }
+ const BytecodeSite* trackedSite() const { return trackedSite_; }
+ jsbytecode* trackedPc() const {
+ return trackedSite_ ? trackedSite_->pc() : nullptr;
+ }
+ InlineScriptTree* trackedTree() const {
+ return trackedSite_ ? trackedSite_->tree() : nullptr;
+ }
+
+ BailoutKind bailoutKind() const { return bailoutKind_; }
+ void setBailoutKind(BailoutKind kind) { bailoutKind_ = kind; }
+
+ jsbytecode* profilerLeavePc() const {
+ // If this is in a top-level function, use the pc directly.
+ if (trackedTree()->isOutermostCaller()) {
+ return trackedPc();
+ }
+
+ // Walk up the InlineScriptTree chain to find the top-most callPC
+ InlineScriptTree* curTree = trackedTree();
+ InlineScriptTree* callerTree = curTree->caller();
+ while (!callerTree->isOutermostCaller()) {
+ curTree = callerTree;
+ callerTree = curTree->caller();
+ }
+
+ // Return the callPc of the topmost inlined script.
+ return curTree->callerPc();
+ }
+
+ // Return the range of this value, *before* any bailout checks. Contrast
+ // this with the type() method, and the Range constructor which takes an
+ // MDefinition*, which describe the value *after* any bailout checks.
+ //
+ // Warning: Range analysis is removing the bit-operations such as '| 0' at
+ // the end of the transformations. Using this function to analyse any
+ // operands after the truncate phase of the range analysis will lead to
+ // errors. Instead, one should define the collectRangeInfoPreTrunc() to set
+ // the right set of flags which are dependent on the range of the inputs.
+ Range* range() const {
+ MOZ_ASSERT(type() != MIRType::None);
+ return range_;
+ }
+ void setRange(Range* range) {
+ MOZ_ASSERT(type() != MIRType::None);
+ range_ = range;
+ }
+
+ virtual HashNumber valueHash() const;
+ virtual bool congruentTo(const MDefinition* ins) const { return false; }
+ bool congruentIfOperandsEqual(const MDefinition* ins) const;
+ virtual MDefinition* foldsTo(TempAllocator& alloc);
+ virtual void analyzeEdgeCasesForward();
+ virtual void analyzeEdgeCasesBackward();
+
+ // |needTruncation| records the truncation kind of the results, such that it
+ // can be used to truncate the operands of this instruction. If
+ // |needTruncation| function returns true, then the |truncate| function is
+ // called on the same instruction to mutate the instruction, such as
+ // updating the return type, the range and the specialization of the
+ // instruction.
+ virtual bool needTruncation(TruncateKind kind);
+ virtual void truncate();
+
+ // Determine what kind of truncate this node prefers for the operand at the
+ // given index.
+ virtual TruncateKind operandTruncateKind(size_t index) const;
+
+ // Compute an absolute or symbolic range for the value of this node.
+ virtual void computeRange(TempAllocator& alloc) {}
+
+ // Collect information from the pre-truncated ranges.
+ virtual void collectRangeInfoPreTrunc() {}
+
+ uint32_t id() const {
+ MOZ_ASSERT(block());
+ return id_;
+ }
+ void setId(uint32_t id) { id_ = id; }
+
+#define FLAG_ACCESSOR(flag) \
+ bool is##flag() const { \
+ static_assert(Flag::Total <= sizeof(flags_) * 8, \
+ "Flags should fit in flags_ field"); \
+ return hasFlags(1 << flag); \
+ } \
+ void set##flag() { \
+ MOZ_ASSERT(!hasFlags(1 << flag)); \
+ setFlags(1 << flag); \
+ } \
+ void setNot##flag() { \
+ MOZ_ASSERT(hasFlags(1 << flag)); \
+ removeFlags(1 << flag); \
+ } \
+ void set##flag##Unchecked() { setFlags(1 << flag); } \
+ void setNot##flag##Unchecked() { removeFlags(1 << flag); }
+
+ MIR_FLAG_LIST(FLAG_ACCESSOR)
+#undef FLAG_ACCESSOR
+
+ // Return the type of this value. This may be speculative, and enforced
+ // dynamically with the use of bailout checks. If all the bailout checks
+ // pass, the value will have this type.
+ //
+ // Unless this is an MUrsh that has bailouts disabled, which, as a special
+ // case, may return a value in (INT32_MAX,UINT32_MAX] even when its type()
+ // is MIRType::Int32.
+ MIRType type() const { return resultType_; }
+
+ bool mightBeType(MIRType type) const {
+ MOZ_ASSERT(type != MIRType::Value);
+
+ if (type == this->type()) {
+ return true;
+ }
+
+ if (this->type() == MIRType::Value) {
+ return true;
+ }
+
+ return false;
+ }
+
+ bool mightBeMagicType() const;
+
+ // Return true if the result-set types are a subset of the given types.
+ bool definitelyType(std::initializer_list<MIRType> types) const;
+
+ // Float32 specialization operations (see big comment in IonAnalysis before
+ // the Float32 specialization algorithm).
+ virtual bool isFloat32Commutative() const { return false; }
+ virtual bool canProduceFloat32() const { return false; }
+ virtual bool canConsumeFloat32(MUse* use) const { return false; }
+ virtual void trySpecializeFloat32(TempAllocator& alloc) {}
+#ifdef DEBUG
+ // Used during the pass that checks that Float32 flow into valid MDefinitions
+ virtual bool isConsistentFloat32Use(MUse* use) const {
+ return type() == MIRType::Float32 || canConsumeFloat32(use);
+ }
+#endif
+
+ // Returns the beginning of this definition's use chain.
+ MUseIterator usesBegin() const { return uses_.begin(); }
+
+ // Returns the end of this definition's use chain.
+ MUseIterator usesEnd() const { return uses_.end(); }
+
+ bool canEmitAtUses() const { return !isEmittedAtUses(); }
+
+ // Removes a use at the given position
+ void removeUse(MUse* use) { uses_.remove(use); }
+
+#if defined(DEBUG) || defined(JS_JITSPEW)
+ // Number of uses of this instruction. This function is only available
+ // in DEBUG mode since it requires traversing the list. Most users should
+ // use hasUses() or hasOneUse() instead.
+ size_t useCount() const;
+
+ // Number of uses of this instruction (only counting MDefinitions, ignoring
+ // MResumePoints). This function is only available in DEBUG mode since it
+ // requires traversing the list. Most users should use hasUses() or
+ // hasOneUse() instead.
+ size_t defUseCount() const;
+#endif
+
+ // Test whether this MDefinition has exactly one use.
+ bool hasOneUse() const;
+
+ // Test whether this MDefinition has exactly one use.
+ // (only counting MDefinitions, ignoring MResumePoints)
+ bool hasOneDefUse() const;
+
+ // Test whether this MDefinition has at least one use.
+ // (only counting MDefinitions, ignoring MResumePoints)
+ bool hasDefUses() const;
+
+ // Test whether this MDefinition has at least one non-recovered use.
+ // (only counting MDefinitions, ignoring MResumePoints)
+ bool hasLiveDefUses() const;
+
+ bool hasUses() const { return !uses_.empty(); }
+
+ // If this MDefinition has a single use (ignoring MResumePoints), returns that
+ // use's definition. Else returns nullptr.
+ MDefinition* maybeSingleDefUse() const;
+
+ // Returns the most recently added use (ignoring MResumePoints) for this
+ // MDefinition. Returns nullptr if there are no uses. Note that this relies on
+ // addUse adding new uses to the front of the list, and should only be called
+ // during MIR building (before optimization passes make changes to the uses).
+ MDefinition* maybeMostRecentlyAddedDefUse() const;
+
+ void addUse(MUse* use) {
+ MOZ_ASSERT(use->producer() == this);
+ uses_.pushFront(use);
+ }
+ void addUseUnchecked(MUse* use) {
+ MOZ_ASSERT(use->producer() == this);
+ uses_.pushFrontUnchecked(use);
+ }
+ void replaceUse(MUse* old, MUse* now) {
+ MOZ_ASSERT(now->producer() == this);
+ uses_.replace(old, now);
+ }
+
+ // Replace the current instruction by a dominating instruction |dom| in all
+ // uses of the current instruction.
+ void replaceAllUsesWith(MDefinition* dom);
+
+ // Like replaceAllUsesWith, but doesn't set UseRemoved on |this|'s operands.
+ void justReplaceAllUsesWith(MDefinition* dom);
+
+ // Replace the current instruction by an optimized-out constant in all uses
+ // of the current instruction. Note, that optimized-out constant should not
+ // be observed, and thus they should not flow in any computation.
+ [[nodiscard]] bool optimizeOutAllUses(TempAllocator& alloc);
+
+ // Replace the current instruction by a dominating instruction |dom| in all
+ // instruction, but keep the current instruction for resume point and
+ // instruction which are recovered on bailouts.
+ void replaceAllLiveUsesWith(MDefinition* dom);
+
+ // Mark this instruction as having replaced all uses of ins, as during GVN,
+ // returning false if the replacement should not be performed. For use when
+ // GVN eliminates instructions which are not equivalent to one another.
+ [[nodiscard]] virtual bool updateForReplacement(MDefinition* ins) {
+ return true;
+ }
+
+ void setVirtualRegister(uint32_t vreg) {
+ virtualRegister_ = vreg;
+ setLoweredUnchecked();
+ }
+ uint32_t virtualRegister() const {
+ MOZ_ASSERT(isLowered());
+ return virtualRegister_;
+ }
+
+ public:
+ // Opcode testing and casts.
+ template <typename MIRType>
+ bool is() const {
+ return op() == MIRType::classOpcode;
+ }
+ template <typename MIRType>
+ MIRType* to() {
+ MOZ_ASSERT(this->is<MIRType>());
+ return static_cast<MIRType*>(this);
+ }
+ template <typename MIRType>
+ const MIRType* to() const {
+ MOZ_ASSERT(this->is<MIRType>());
+ return static_cast<const MIRType*>(this);
+ }
+#define OPCODE_CASTS(opcode) \
+ bool is##opcode() const { return this->is<M##opcode>(); } \
+ M##opcode* to##opcode() { return this->to<M##opcode>(); } \
+ const M##opcode* to##opcode() const { return this->to<M##opcode>(); }
+ MIR_OPCODE_LIST(OPCODE_CASTS)
+#undef OPCODE_CASTS
+
+ inline MConstant* maybeConstantValue();
+
+ inline MInstruction* toInstruction();
+ inline const MInstruction* toInstruction() const;
+ bool isInstruction() const { return !isPhi(); }
+
+ virtual bool isControlInstruction() const { return false; }
+ inline MControlInstruction* toControlInstruction();
+
+ void setResultType(MIRType type) { resultType_ = type; }
+ virtual AliasSet getAliasSet() const {
+ // Instructions are effectful by default.
+ return AliasSet::Store(AliasSet::Any);
+ }
+
+#ifdef DEBUG
+ bool hasDefaultAliasSet() const {
+ AliasSet set = getAliasSet();
+ return set.isStore() && set.flags() == AliasSet::Flag::Any;
+ }
+#endif
+
+ MDefinition* dependency() const {
+ if (getAliasSet().isStore()) {
+ return nullptr;
+ }
+ return loadDependency_;
+ }
+ void setDependency(MDefinition* dependency) {
+ MOZ_ASSERT(!getAliasSet().isStore());
+ loadDependency_ = dependency;
+ }
+ bool isEffectful() const { return getAliasSet().isStore(); }
+
+#ifdef DEBUG
+ bool needsResumePoint() const {
+ // Return whether this instruction should have its own resume point.
+ return isEffectful();
+ }
+#endif
+
+ enum class AliasType : uint32_t { NoAlias = 0, MayAlias = 1, MustAlias = 2 };
+ virtual AliasType mightAlias(const MDefinition* store) const {
+ // Return whether this load may depend on the specified store, given
+ // that the alias sets intersect. This may be refined to exclude
+ // possible aliasing in cases where alias set flags are too imprecise.
+ if (!(getAliasSet().flags() & store->getAliasSet().flags())) {
+ return AliasType::NoAlias;
+ }
+ MOZ_ASSERT(!isEffectful() && store->isEffectful());
+ return AliasType::MayAlias;
+ }
+
+ virtual bool canRecoverOnBailout() const { return false; }
+};
+
+// An MUseDefIterator walks over uses in a definition, skipping any use that is
+// not a definition. Items from the use list must not be deleted during
+// iteration.
+class MUseDefIterator {
+ const MDefinition* def_;
+ MUseIterator current_;
+
+ MUseIterator search(MUseIterator start) {
+ MUseIterator i(start);
+ for (; i != def_->usesEnd(); i++) {
+ if (i->consumer()->isDefinition()) {
+ return i;
+ }
+ }
+ return def_->usesEnd();
+ }
+
+ public:
+ explicit MUseDefIterator(const MDefinition* def)
+ : def_(def), current_(search(def->usesBegin())) {}
+
+ explicit operator bool() const { return current_ != def_->usesEnd(); }
+ MUseDefIterator operator++() {
+ MOZ_ASSERT(current_ != def_->usesEnd());
+ ++current_;
+ current_ = search(current_);
+ return *this;
+ }
+ MUseDefIterator operator++(int) {
+ MUseDefIterator old(*this);
+ operator++();
+ return old;
+ }
+ MUse* use() const { return *current_; }
+ MDefinition* def() const { return current_->consumer()->toDefinition(); }
+};
+
+// Helper class to check that GC pointers embedded in MIR instructions are not
+// in the nursery. Off-thread compilation and nursery GCs can happen in
+// parallel. Nursery pointers are handled with MNurseryObject and the
+// nurseryObjects lists in WarpSnapshot and IonScript.
+//
+// These GC things are rooted through the WarpSnapshot. Compacting GCs cancel
+// off-thread compilations.
+template <typename T>
+class CompilerGCPointer {
+ js::gc::Cell* ptr_;
+
+ public:
+ explicit CompilerGCPointer(T ptr) : ptr_(ptr) {
+ MOZ_ASSERT(!IsInsideNursery(ptr));
+ MOZ_ASSERT_IF(!CurrentThreadIsIonCompiling(), TlsContext.get()->suppressGC);
+ }
+
+ operator T() const { return static_cast<T>(ptr_); }
+ T operator->() const { return static_cast<T>(ptr_); }
+
+ private:
+ CompilerGCPointer() = delete;
+ CompilerGCPointer(const CompilerGCPointer<T>&) = delete;
+ CompilerGCPointer<T>& operator=(const CompilerGCPointer<T>&) = delete;
+};
+
+using CompilerObject = CompilerGCPointer<JSObject*>;
+using CompilerNativeObject = CompilerGCPointer<NativeObject*>;
+using CompilerFunction = CompilerGCPointer<JSFunction*>;
+using CompilerBaseScript = CompilerGCPointer<BaseScript*>;
+using CompilerPropertyName = CompilerGCPointer<PropertyName*>;
+using CompilerShape = CompilerGCPointer<Shape*>;
+using CompilerObjectGroup = CompilerGCPointer<ObjectGroup*>;
+
+// An instruction is an SSA name that is inserted into a basic block's IR
+// stream.
+class MInstruction : public MDefinition, public InlineListNode<MInstruction> {
+ MResumePoint* resumePoint_;
+
+ protected:
+ // All MInstructions are using the "MFoo::New(alloc)" notation instead of
+ // the TempObject new operator. This code redefines the new operator as
+ // protected, and delegates to the TempObject new operator. Thus, the
+ // following code prevents calls to "new(alloc) MFoo" outside the MFoo
+ // members.
+ inline void* operator new(size_t nbytes,
+ TempAllocator::Fallible view) noexcept(true) {
+ return TempObject::operator new(nbytes, view);
+ }
+ inline void* operator new(size_t nbytes, TempAllocator& alloc) {
+ return TempObject::operator new(nbytes, alloc);
+ }
+ template <class T>
+ inline void* operator new(size_t nbytes, T* pos) {
+ return TempObject::operator new(nbytes, pos);
+ }
+
+ public:
+ explicit MInstruction(Opcode op) : MDefinition(op), resumePoint_(nullptr) {}
+
+ // Copying an instruction leaves the block and resume point as empty.
+ explicit MInstruction(const MInstruction& other)
+ : MDefinition(other), resumePoint_(nullptr) {}
+
+ // Convenient function used for replacing a load by the value of the store
+ // if the types are match, and boxing the value if they do not match.
+ MDefinition* foldsToStore(TempAllocator& alloc);
+
+ void setResumePoint(MResumePoint* resumePoint);
+
+ void moveResumePointAsEntry();
+ void clearResumePoint();
+ MResumePoint* resumePoint() const { return resumePoint_; }
+
+ // For instructions which can be cloned with new inputs, with all other
+ // information being the same. clone() implementations do not need to worry
+ // about cloning generic MInstruction/MDefinition state like flags and
+ // resume points.
+ virtual bool canClone() const { return false; }
+ virtual MInstruction* clone(TempAllocator& alloc,
+ const MDefinitionVector& inputs) const {
+ MOZ_CRASH();
+ }
+
+ // Instructions needing to hook into type analysis should return a
+ // TypePolicy.
+ virtual const TypePolicy* typePolicy() = 0;
+ virtual MIRType typePolicySpecialization() = 0;
+};
+
+// Note: GenerateOpcodeFiles.py generates MOpcodesGenerated.h based on the
+// INSTRUCTION_HEADER* macros.
+#define INSTRUCTION_HEADER_WITHOUT_TYPEPOLICY(opcode) \
+ static const Opcode classOpcode = Opcode::opcode; \
+ using MThisOpcode = M##opcode;
+
+#define INSTRUCTION_HEADER(opcode) \
+ INSTRUCTION_HEADER_WITHOUT_TYPEPOLICY(opcode) \
+ virtual const TypePolicy* typePolicy() override; \
+ virtual MIRType typePolicySpecialization() override;
+
+#define ALLOW_CLONE(typename) \
+ bool canClone() const override { return true; } \
+ MInstruction* clone(TempAllocator& alloc, const MDefinitionVector& inputs) \
+ const override { \
+ MInstruction* res = new (alloc) typename(*this); \
+ for (size_t i = 0; i < numOperands(); i++) \
+ res->replaceOperand(i, inputs[i]); \
+ return res; \
+ }
+
+// Adds MFoo::New functions which are mirroring the arguments of the
+// constructors. Opcodes which are using this macro can be called with a
+// TempAllocator, or the fallible version of the TempAllocator.
+#define TRIVIAL_NEW_WRAPPERS \
+ template <typename... Args> \
+ static MThisOpcode* New(TempAllocator& alloc, Args&&... args) { \
+ return new (alloc) MThisOpcode(std::forward<Args>(args)...); \
+ } \
+ template <typename... Args> \
+ static MThisOpcode* New(TempAllocator::Fallible alloc, Args&&... args) { \
+ return new (alloc) MThisOpcode(std::forward<Args>(args)...); \
+ }
+
+#define TRIVIAL_NEW_WRAPPERS_WITH_ALLOC \
+ template <typename... Args> \
+ static MThisOpcode* New(TempAllocator& alloc, Args&&... args) { \
+ return new (alloc) MThisOpcode(alloc, std::forward<Args>(args)...); \
+ } \
+ template <typename... Args> \
+ static MThisOpcode* New(TempAllocator::Fallible alloc, Args&&... args) { \
+ return new (alloc) MThisOpcode(alloc, std::forward<Args>(args)...); \
+ }
+
+// These macros are used as a syntactic sugar for writting getOperand
+// accessors. They are meant to be used in the body of MIR Instructions as
+// follows:
+//
+// public:
+// INSTRUCTION_HEADER(Foo)
+// NAMED_OPERANDS((0, lhs), (1, rhs))
+//
+// The above example defines 2 accessors, one named "lhs" accessing the first
+// operand, and a one named "rhs" accessing the second operand.
+#define NAMED_OPERAND_ACCESSOR(Index, Name) \
+ MDefinition* Name() const { return getOperand(Index); }
+#define NAMED_OPERAND_ACCESSOR_APPLY(Args) NAMED_OPERAND_ACCESSOR Args
+#define NAMED_OPERANDS(...) \
+ MOZ_FOR_EACH(NAMED_OPERAND_ACCESSOR_APPLY, (), (__VA_ARGS__))
+
+template <size_t Arity>
+class MAryInstruction : public MInstruction {
+ mozilla::Array<MUse, Arity> operands_;
+
+ protected:
+ MUse* getUseFor(size_t index) final { return &operands_[index]; }
+ const MUse* getUseFor(size_t index) const final { return &operands_[index]; }
+ void initOperand(size_t index, MDefinition* operand) {
+ operands_[index].init(operand, this);
+ }
+
+ public:
+ MDefinition* getOperand(size_t index) const final {
+ return operands_[index].producer();
+ }
+ size_t numOperands() const final { return Arity; }
+#ifdef DEBUG
+ static const size_t staticNumOperands = Arity;
+#endif
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u >= &operands_[0]);
+ MOZ_ASSERT(u <= &operands_[numOperands() - 1]);
+ return u - &operands_[0];
+ }
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ operands_[index].replaceProducer(operand);
+ }
+
+ explicit MAryInstruction(Opcode op) : MInstruction(op) {}
+
+ explicit MAryInstruction(const MAryInstruction<Arity>& other)
+ : MInstruction(other) {
+ for (int i = 0; i < (int)Arity;
+ i++) { // N.B. use |int| to avoid warnings when Arity == 0
+ operands_[i].init(other.operands_[i].producer(), this);
+ }
+ }
+};
+
+class MNullaryInstruction : public MAryInstruction<0>,
+ public NoTypePolicy::Data {
+ protected:
+ explicit MNullaryInstruction(Opcode op) : MAryInstruction(op) {}
+
+ HashNumber valueHash() const override;
+};
+
+class MUnaryInstruction : public MAryInstruction<1> {
+ protected:
+ MUnaryInstruction(Opcode op, MDefinition* ins) : MAryInstruction(op) {
+ initOperand(0, ins);
+ }
+
+ HashNumber valueHash() const override;
+
+ public:
+ NAMED_OPERANDS((0, input))
+};
+
+class MBinaryInstruction : public MAryInstruction<2> {
+ protected:
+ MBinaryInstruction(Opcode op, MDefinition* left, MDefinition* right)
+ : MAryInstruction(op) {
+ initOperand(0, left);
+ initOperand(1, right);
+ }
+
+ public:
+ NAMED_OPERANDS((0, lhs), (1, rhs))
+
+ protected:
+ HashNumber valueHash() const override;
+
+ bool binaryCongruentTo(const MDefinition* ins) const {
+ if (op() != ins->op()) {
+ return false;
+ }
+
+ if (type() != ins->type()) {
+ return false;
+ }
+
+ if (isEffectful() || ins->isEffectful()) {
+ return false;
+ }
+
+ const MDefinition* left = getOperand(0);
+ const MDefinition* right = getOperand(1);
+ if (isCommutative() && left->id() > right->id()) {
+ std::swap(left, right);
+ }
+
+ const MBinaryInstruction* bi = static_cast<const MBinaryInstruction*>(ins);
+ const MDefinition* insLeft = bi->getOperand(0);
+ const MDefinition* insRight = bi->getOperand(1);
+ if (bi->isCommutative() && insLeft->id() > insRight->id()) {
+ std::swap(insLeft, insRight);
+ }
+
+ return left == insLeft && right == insRight;
+ }
+
+ public:
+ // Return if the operands to this instruction are both unsigned.
+ static bool unsignedOperands(MDefinition* left, MDefinition* right);
+ bool unsignedOperands();
+
+ // Replace any wrapping operands with the underlying int32 operands
+ // in case of unsigned operands.
+ void replaceWithUnsignedOperands();
+};
+
+class MTernaryInstruction : public MAryInstruction<3> {
+ protected:
+ MTernaryInstruction(Opcode op, MDefinition* first, MDefinition* second,
+ MDefinition* third)
+ : MAryInstruction(op) {
+ initOperand(0, first);
+ initOperand(1, second);
+ initOperand(2, third);
+ }
+
+ HashNumber valueHash() const override;
+};
+
+class MQuaternaryInstruction : public MAryInstruction<4> {
+ protected:
+ MQuaternaryInstruction(Opcode op, MDefinition* first, MDefinition* second,
+ MDefinition* third, MDefinition* fourth)
+ : MAryInstruction(op) {
+ initOperand(0, first);
+ initOperand(1, second);
+ initOperand(2, third);
+ initOperand(3, fourth);
+ }
+
+ HashNumber valueHash() const override;
+};
+
+template <class T>
+class MVariadicT : public T {
+ FixedList<MUse> operands_;
+
+ protected:
+ explicit MVariadicT(typename T::Opcode op) : T(op) {}
+ [[nodiscard]] bool init(TempAllocator& alloc, size_t length) {
+ return operands_.init(alloc, length);
+ }
+ void initOperand(size_t index, MDefinition* operand) {
+ // FixedList doesn't initialize its elements, so do an unchecked init.
+ operands_[index].initUnchecked(operand, this);
+ }
+ MUse* getUseFor(size_t index) final { return &operands_[index]; }
+ const MUse* getUseFor(size_t index) const final { return &operands_[index]; }
+
+ public:
+ // Will assert if called before initialization.
+ MDefinition* getOperand(size_t index) const final {
+ return operands_[index].producer();
+ }
+ size_t numOperands() const final { return operands_.length(); }
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u >= &operands_[0]);
+ MOZ_ASSERT(u <= &operands_[numOperands() - 1]);
+ return u - &operands_[0];
+ }
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ operands_[index].replaceProducer(operand);
+ }
+};
+
+using MVariadicInstruction = MVariadicT<MInstruction>;
+
+// TODO(no-TI): try to remove this instruction.
+class MStart : public MNullaryInstruction {
+ MStart() : MNullaryInstruction(classOpcode) {}
+
+ public:
+ INSTRUCTION_HEADER(Start)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+// Instruction marking on entrypoint for on-stack replacement.
+// OSR may occur at loop headers (at JSOp::LoopHead).
+// There is at most one MOsrEntry per MIRGraph.
+class MOsrEntry : public MNullaryInstruction {
+ MOsrEntry() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Pointer);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OsrEntry)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+// No-op instruction. This cannot be moved or eliminated, and is intended for
+// anchoring resume points at arbitrary points in a block.
+class MNop : public MNullaryInstruction {
+ MNop() : MNullaryInstruction(classOpcode) {}
+
+ public:
+ INSTRUCTION_HEADER(Nop)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MNop)
+};
+
+// Truncation barrier. This is intended for protecting its input against
+// follow-up truncation optimizations.
+class MLimitedTruncate : public MUnaryInstruction,
+ public ConvertToInt32Policy<0>::Data {
+ TruncateKind truncate_;
+ TruncateKind truncateLimit_;
+
+ MLimitedTruncate(MDefinition* input, TruncateKind limit)
+ : MUnaryInstruction(classOpcode, input),
+ truncate_(TruncateKind::NoTruncate),
+ truncateLimit_(limit) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(LimitedTruncate)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+ TruncateKind truncateKind() const { return truncate_; }
+ void setTruncateKind(TruncateKind kind) { truncate_ = kind; }
+};
+
+// A constant js::Value.
+class MConstant : public MNullaryInstruction {
+ struct Payload {
+ union {
+ bool b;
+ int32_t i32;
+ int64_t i64;
+ float f;
+ double d;
+ JSString* str;
+ JS::Symbol* sym;
+ BigInt* bi;
+ JSObject* obj;
+ uint64_t asBits;
+ };
+ Payload() : asBits(0) {}
+ };
+
+ Payload payload_;
+
+ static_assert(sizeof(Payload) == sizeof(uint64_t),
+ "asBits must be big enough for all payload bits");
+
+#ifdef DEBUG
+ void assertInitializedPayload() const;
+#else
+ void assertInitializedPayload() const {}
+#endif
+
+ MConstant(TempAllocator& alloc, const Value& v);
+ explicit MConstant(JSObject* obj);
+ explicit MConstant(float f);
+ explicit MConstant(int64_t i);
+
+ public:
+ INSTRUCTION_HEADER(Constant)
+ static MConstant* New(TempAllocator& alloc, const Value& v);
+ static MConstant* New(TempAllocator::Fallible alloc, const Value& v);
+ static MConstant* New(TempAllocator& alloc, const Value& v, MIRType type);
+ static MConstant* NewFloat32(TempAllocator& alloc, double d);
+ static MConstant* NewInt64(TempAllocator& alloc, int64_t i);
+ static MConstant* NewObject(TempAllocator& alloc, JSObject* v);
+ static MConstant* Copy(TempAllocator& alloc, MConstant* src) {
+ return new (alloc) MConstant(*src);
+ }
+
+ // Try to convert this constant to boolean, similar to js::ToBoolean.
+ // Returns false if the type is MIRType::Magic* or MIRType::Object.
+ [[nodiscard]] bool valueToBoolean(bool* res) const;
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool updateForReplacement(MDefinition* def) override {
+ MConstant* c = def->toConstant();
+ // During constant folding, we don't want to replace a float32
+ // value by a double value.
+ if (type() == MIRType::Float32) {
+ return c->type() == MIRType::Float32;
+ }
+ if (type() == MIRType::Double) {
+ return c->type() != MIRType::Float32;
+ }
+ return true;
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+
+ bool canProduceFloat32() const override;
+
+ ALLOW_CLONE(MConstant)
+
+ bool equals(const MConstant* other) const {
+ assertInitializedPayload();
+ return type() == other->type() && payload_.asBits == other->payload_.asBits;
+ }
+
+ bool toBoolean() const {
+ MOZ_ASSERT(type() == MIRType::Boolean);
+ return payload_.b;
+ }
+ int32_t toInt32() const {
+ MOZ_ASSERT(type() == MIRType::Int32);
+ return payload_.i32;
+ }
+ int64_t toInt64() const {
+ MOZ_ASSERT(type() == MIRType::Int64);
+ return payload_.i64;
+ }
+ bool isInt32(int32_t i) const {
+ return type() == MIRType::Int32 && payload_.i32 == i;
+ }
+ const double& toDouble() const {
+ MOZ_ASSERT(type() == MIRType::Double);
+ return payload_.d;
+ }
+ const float& toFloat32() const {
+ MOZ_ASSERT(type() == MIRType::Float32);
+ return payload_.f;
+ }
+ JSString* toString() const {
+ MOZ_ASSERT(type() == MIRType::String);
+ return payload_.str;
+ }
+ JS::Symbol* toSymbol() const {
+ MOZ_ASSERT(type() == MIRType::Symbol);
+ return payload_.sym;
+ }
+ BigInt* toBigInt() const {
+ MOZ_ASSERT(type() == MIRType::BigInt);
+ return payload_.bi;
+ }
+ JSObject& toObject() const {
+ MOZ_ASSERT(type() == MIRType::Object);
+ return *payload_.obj;
+ }
+ JSObject* toObjectOrNull() const {
+ if (type() == MIRType::Object) {
+ return payload_.obj;
+ }
+ MOZ_ASSERT(type() == MIRType::Null);
+ return nullptr;
+ }
+
+ bool isTypeRepresentableAsDouble() const {
+ return IsTypeRepresentableAsDouble(type());
+ }
+ double numberToDouble() const {
+ MOZ_ASSERT(isTypeRepresentableAsDouble());
+ if (type() == MIRType::Int32) {
+ return toInt32();
+ }
+ if (type() == MIRType::Double) {
+ return toDouble();
+ }
+ return toFloat32();
+ }
+
+ // Convert this constant to a js::Value. Float32 constants will be stored
+ // as DoubleValue and NaNs are canonicalized. Callers must be careful: not
+ // all constants can be represented by js::Value (wasm supports int64).
+ Value toJSValue() const;
+};
+
+class MWasmNullConstant : public MNullaryInstruction {
+ explicit MWasmNullConstant() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::RefOrNull);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmNullConstant)
+ TRIVIAL_NEW_WRAPPERS
+
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->isWasmNullConstant();
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MWasmNullConstant)
+};
+
+// Floating-point value as created by wasm. Just a constant value, used to
+// effectively inhibit all the MIR optimizations. This uses the same LIR nodes
+// as a MConstant of the same type would.
+class MWasmFloatConstant : public MNullaryInstruction {
+ union {
+ float f32_;
+ double f64_;
+#ifdef ENABLE_WASM_SIMD
+ int8_t s128_[16];
+ uint64_t bits_[2];
+#else
+ uint64_t bits_[1];
+#endif
+ } u;
+
+ explicit MWasmFloatConstant(MIRType type) : MNullaryInstruction(classOpcode) {
+ u.bits_[0] = 0;
+#ifdef ENABLE_WASM_SIMD
+ u.bits_[1] = 0;
+#endif
+ setResultType(type);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmFloatConstant)
+
+ static MWasmFloatConstant* NewDouble(TempAllocator& alloc, double d) {
+ auto* ret = new (alloc) MWasmFloatConstant(MIRType::Double);
+ ret->u.f64_ = d;
+ return ret;
+ }
+
+ static MWasmFloatConstant* NewFloat32(TempAllocator& alloc, float f) {
+ auto* ret = new (alloc) MWasmFloatConstant(MIRType::Float32);
+ ret->u.f32_ = f;
+ return ret;
+ }
+
+#ifdef ENABLE_WASM_SIMD
+ static MWasmFloatConstant* NewSimd128(TempAllocator& alloc,
+ const SimdConstant& s) {
+ auto* ret = new (alloc) MWasmFloatConstant(MIRType::Simd128);
+ memcpy(ret->u.s128_, s.bytes(), 16);
+ return ret;
+ }
+#endif
+
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ const double& toDouble() const {
+ MOZ_ASSERT(type() == MIRType::Double);
+ return u.f64_;
+ }
+ const float& toFloat32() const {
+ MOZ_ASSERT(type() == MIRType::Float32);
+ return u.f32_;
+ }
+#ifdef ENABLE_WASM_SIMD
+ const SimdConstant toSimd128() const {
+ MOZ_ASSERT(type() == MIRType::Simd128);
+ return SimdConstant::CreateX16(u.s128_);
+ }
+#endif
+};
+
+class MParameter : public MNullaryInstruction {
+ int32_t index_;
+
+ explicit MParameter(int32_t index)
+ : MNullaryInstruction(classOpcode), index_(index) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Parameter)
+ TRIVIAL_NEW_WRAPPERS
+
+ static const int32_t THIS_SLOT = -1;
+ int32_t index() const { return index_; }
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override;
+};
+
+class MCallee : public MNullaryInstruction {
+ public:
+ MCallee() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Callee)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIsConstructing : public MNullaryInstruction {
+ public:
+ MIsConstructing() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsConstructing)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MControlInstruction : public MInstruction {
+ protected:
+ explicit MControlInstruction(Opcode op) : MInstruction(op) {}
+
+ public:
+ virtual size_t numSuccessors() const = 0;
+ virtual MBasicBlock* getSuccessor(size_t i) const = 0;
+ virtual void replaceSuccessor(size_t i, MBasicBlock* successor) = 0;
+
+ void initSuccessor(size_t i, MBasicBlock* successor) {
+ MOZ_ASSERT(!getSuccessor(i));
+ replaceSuccessor(i, successor);
+ }
+
+ bool isControlInstruction() const override { return true; }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+};
+
+class MTableSwitch final : public MControlInstruction,
+ public NoFloatPolicy<0>::Data {
+ // The successors of the tableswitch
+ // - First successor = the default case
+ // - Successors 2 and higher = the cases
+ Vector<MBasicBlock*, 0, JitAllocPolicy> successors_;
+ // Index into successors_ sorted on case index
+ Vector<size_t, 0, JitAllocPolicy> cases_;
+
+ MUse operand_;
+ int32_t low_;
+ int32_t high_;
+
+ void initOperand(size_t index, MDefinition* operand) {
+ MOZ_ASSERT(index == 0);
+ operand_.init(operand, this);
+ }
+
+ MTableSwitch(TempAllocator& alloc, MDefinition* ins, int32_t low,
+ int32_t high)
+ : MControlInstruction(classOpcode),
+ successors_(alloc),
+ cases_(alloc),
+ low_(low),
+ high_(high) {
+ initOperand(0, ins);
+ }
+
+ protected:
+ MUse* getUseFor(size_t index) override {
+ MOZ_ASSERT(index == 0);
+ return &operand_;
+ }
+
+ const MUse* getUseFor(size_t index) const override {
+ MOZ_ASSERT(index == 0);
+ return &operand_;
+ }
+
+ public:
+ INSTRUCTION_HEADER(TableSwitch)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ size_t numSuccessors() const override { return successors_.length(); }
+
+ [[nodiscard]] bool addSuccessor(MBasicBlock* successor, size_t* index) {
+ MOZ_ASSERT(successors_.length() < (size_t)(high_ - low_ + 2));
+ MOZ_ASSERT(!successors_.empty());
+ *index = successors_.length();
+ return successors_.append(successor);
+ }
+
+ MBasicBlock* getSuccessor(size_t i) const override {
+ MOZ_ASSERT(i < numSuccessors());
+ return successors_[i];
+ }
+
+ void replaceSuccessor(size_t i, MBasicBlock* successor) override {
+ MOZ_ASSERT(i < numSuccessors());
+ successors_[i] = successor;
+ }
+
+ int32_t low() const { return low_; }
+
+ int32_t high() const { return high_; }
+
+ MBasicBlock* getDefault() const { return getSuccessor(0); }
+
+ MBasicBlock* getCase(size_t i) const { return getSuccessor(cases_[i]); }
+
+ [[nodiscard]] bool addDefault(MBasicBlock* block, size_t* index = nullptr) {
+ MOZ_ASSERT(successors_.empty());
+ if (index) {
+ *index = 0;
+ }
+ return successors_.append(block);
+ }
+
+ [[nodiscard]] bool addCase(size_t successorIndex) {
+ return cases_.append(successorIndex);
+ }
+
+ size_t numCases() const { return high() - low() + 1; }
+
+ MDefinition* getOperand(size_t index) const override {
+ MOZ_ASSERT(index == 0);
+ return operand_.producer();
+ }
+
+ size_t numOperands() const override { return 1; }
+
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u == getUseFor(0));
+ return 0;
+ }
+
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ MOZ_ASSERT(index == 0);
+ operand_.replaceProducer(operand);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+template <size_t Arity, size_t Successors>
+class MAryControlInstruction : public MControlInstruction {
+ mozilla::Array<MUse, Arity> operands_;
+ mozilla::Array<MBasicBlock*, Successors> successors_;
+
+ protected:
+ explicit MAryControlInstruction(Opcode op) : MControlInstruction(op) {}
+ void setSuccessor(size_t index, MBasicBlock* successor) {
+ successors_[index] = successor;
+ }
+
+ MUse* getUseFor(size_t index) final { return &operands_[index]; }
+ const MUse* getUseFor(size_t index) const final { return &operands_[index]; }
+ void initOperand(size_t index, MDefinition* operand) {
+ operands_[index].init(operand, this);
+ }
+
+ public:
+ MDefinition* getOperand(size_t index) const final {
+ return operands_[index].producer();
+ }
+ size_t numOperands() const final { return Arity; }
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u >= &operands_[0]);
+ MOZ_ASSERT(u <= &operands_[numOperands() - 1]);
+ return u - &operands_[0];
+ }
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ operands_[index].replaceProducer(operand);
+ }
+ size_t numSuccessors() const final { return Successors; }
+ MBasicBlock* getSuccessor(size_t i) const final { return successors_[i]; }
+ void replaceSuccessor(size_t i, MBasicBlock* succ) final {
+ successors_[i] = succ;
+ }
+};
+
+// Jump to the start of another basic block.
+class MGoto : public MAryControlInstruction<0, 1>, public NoTypePolicy::Data {
+ explicit MGoto(MBasicBlock* target) : MAryControlInstruction(classOpcode) {
+ setSuccessor(0, target);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Goto)
+ static MGoto* New(TempAllocator& alloc, MBasicBlock* target);
+ static MGoto* New(TempAllocator::Fallible alloc, MBasicBlock* target);
+
+ // Variant that may patch the target later.
+ static MGoto* New(TempAllocator& alloc);
+
+ static const size_t TargetIndex = 0;
+
+ MBasicBlock* target() { return getSuccessor(0); }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+static inline BranchDirection NegateBranchDirection(BranchDirection dir) {
+ return (dir == FALSE_BRANCH) ? TRUE_BRANCH : FALSE_BRANCH;
+}
+
+// Tests if the input instruction evaluates to true or false, and jumps to the
+// start of a corresponding basic block.
+class MTest : public MAryControlInstruction<1, 2>, public TestPolicy::Data {
+ MTest(MDefinition* ins, MBasicBlock* trueBranch, MBasicBlock* falseBranch)
+ : MAryControlInstruction(classOpcode) {
+ initOperand(0, ins);
+ setSuccessor(0, trueBranch);
+ setSuccessor(1, falseBranch);
+ }
+
+ // Variant which may patch the ifTrue branch later.
+ MTest(MDefinition* ins, MBasicBlock* falseBranch)
+ : MTest(ins, nullptr, falseBranch) {}
+
+ public:
+ INSTRUCTION_HEADER(Test)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, input))
+
+ static const size_t TrueBranchIndex = 0;
+
+ MBasicBlock* ifTrue() const { return getSuccessor(0); }
+ MBasicBlock* ifFalse() const { return getSuccessor(1); }
+ MBasicBlock* branchSuccessor(BranchDirection dir) const {
+ return (dir == TRUE_BRANCH) ? ifTrue() : ifFalse();
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsDoubleNegation(TempAllocator& alloc);
+ MDefinition* foldsConstant(TempAllocator& alloc);
+ MDefinition* foldsTypes(TempAllocator& alloc);
+ MDefinition* foldsNeedlessControlFlow(TempAllocator& alloc);
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+};
+
+// Returns from this function to the previous caller.
+class MReturn : public MAryControlInstruction<1, 0>,
+ public BoxInputsPolicy::Data {
+ explicit MReturn(MDefinition* ins) : MAryControlInstruction(classOpcode) {
+ initOperand(0, ins);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Return)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, input))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MThrow : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MThrow(MDefinition* ins) : MUnaryInstruction(classOpcode, ins) {}
+
+ public:
+ INSTRUCTION_HEADER(Throw)
+ TRIVIAL_NEW_WRAPPERS
+
+ virtual AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+ bool possiblyCalls() const override { return true; }
+};
+
+class MNewArray : public MUnaryInstruction, public NoTypePolicy::Data {
+ private:
+ // Number of elements to allocate for the array.
+ uint32_t length_;
+
+ // Heap where the array should be allocated.
+ gc::InitialHeap initialHeap_;
+
+ bool vmCall_;
+
+ MNewArray(uint32_t length, MConstant* templateConst,
+ gc::InitialHeap initialHeap, bool vmCall = false);
+
+ public:
+ INSTRUCTION_HEADER(NewArray)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MNewArray* NewVM(TempAllocator& alloc, uint32_t length,
+ MConstant* templateConst,
+ gc::InitialHeap initialHeap) {
+ return new (alloc) MNewArray(length, templateConst, initialHeap, true);
+ }
+
+ uint32_t length() const { return length_; }
+
+ JSObject* templateObject() const {
+ return getOperand(0)->toConstant()->toObjectOrNull();
+ }
+
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ bool isVMCall() const { return vmCall_; }
+
+ // NewArray is marked as non-effectful because all our allocations are
+ // either lazy when we are using "new Array(length)" or bounded by the
+ // script or the stack size when we are using "new Array(...)" or "[...]"
+ // notations. So we might have to allocate the array twice if we bail
+ // during the computation of the first element of the square braket
+ // notation.
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override {
+ // The template object can safely be used in the recover instruction
+ // because it can never be mutated by any other function execution.
+ return templateObject() != nullptr;
+ }
+};
+
+class MNewArrayDynamicLength : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ CompilerObject templateObject_;
+ gc::InitialHeap initialHeap_;
+
+ MNewArrayDynamicLength(TempAllocator& alloc, JSObject* templateObject,
+ gc::InitialHeap initialHeap, MDefinition* length)
+ : MUnaryInstruction(classOpcode, length),
+ templateObject_(templateObject),
+ initialHeap_(initialHeap) {
+ setGuard(); // Need to throw if length is negative.
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewArrayDynamicLength)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, length))
+
+ JSObject* templateObject() const { return templateObject_; }
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ AliasSet getAliasSet() const override {
+ // Throws if length is negative.
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+};
+
+class MNewTypedArray : public MUnaryInstruction, public NoTypePolicy::Data {
+ gc::InitialHeap initialHeap_;
+
+ MNewTypedArray(TempAllocator& alloc, MConstant* templateConst,
+ gc::InitialHeap initialHeap)
+ : MUnaryInstruction(classOpcode, templateConst),
+ initialHeap_(initialHeap) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewTypedArray)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ TypedArrayObject* templateObject() const {
+ return &getOperand(0)->toConstant()->toObject().as<TypedArrayObject>();
+ }
+
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MNewTypedArrayDynamicLength : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ CompilerObject templateObject_;
+ gc::InitialHeap initialHeap_;
+
+ MNewTypedArrayDynamicLength(TempAllocator& alloc, JSObject* templateObject,
+ gc::InitialHeap initialHeap, MDefinition* length)
+ : MUnaryInstruction(classOpcode, length),
+ templateObject_(templateObject),
+ initialHeap_(initialHeap) {
+ setGuard(); // Need to throw if length is negative.
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewTypedArrayDynamicLength)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, length))
+
+ JSObject* templateObject() const { return templateObject_; }
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ AliasSet getAliasSet() const override {
+ // Throws if length is negative.
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+};
+
+// Create a new TypedArray from an Array (or Array-like object) or a TypedArray.
+class MNewTypedArrayFromArray : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerObject templateObject_;
+ gc::InitialHeap initialHeap_;
+
+ MNewTypedArrayFromArray(TempAllocator& alloc, JSObject* templateObject,
+ gc::InitialHeap initialHeap, MDefinition* array)
+ : MUnaryInstruction(classOpcode, array),
+ templateObject_(templateObject),
+ initialHeap_(initialHeap) {
+ setGuard(); // Can throw during construction.
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewTypedArrayFromArray)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, array))
+
+ JSObject* templateObject() const { return templateObject_; }
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Create a new TypedArray from an ArrayBuffer (or SharedArrayBuffer).
+class MNewTypedArrayFromArrayBuffer
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>, BoxPolicy<2>>::Data {
+ CompilerObject templateObject_;
+ gc::InitialHeap initialHeap_;
+
+ MNewTypedArrayFromArrayBuffer(TempAllocator& alloc, JSObject* templateObject,
+ gc::InitialHeap initialHeap,
+ MDefinition* arrayBuffer,
+ MDefinition* byteOffset, MDefinition* length)
+ : MTernaryInstruction(classOpcode, arrayBuffer, byteOffset, length),
+ templateObject_(templateObject),
+ initialHeap_(initialHeap) {
+ setGuard(); // Can throw during construction.
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewTypedArrayFromArrayBuffer)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, arrayBuffer), (1, byteOffset), (2, length))
+
+ JSObject* templateObject() const { return templateObject_; }
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MNewObject : public MUnaryInstruction, public NoTypePolicy::Data {
+ public:
+ enum Mode { ObjectLiteral, ObjectCreate };
+
+ private:
+ gc::InitialHeap initialHeap_;
+ Mode mode_;
+ bool vmCall_;
+
+ MNewObject(TempAllocator& alloc, MConstant* templateConst,
+ gc::InitialHeap initialHeap, Mode mode, bool vmCall = false)
+ : MUnaryInstruction(classOpcode, templateConst),
+ initialHeap_(initialHeap),
+ mode_(mode),
+ vmCall_(vmCall) {
+ MOZ_ASSERT_IF(mode != ObjectLiteral, templateObject());
+ setResultType(MIRType::Object);
+
+ // The constant is kept separated in a MConstant, this way we can safely
+ // mark it during GC if we recover the object allocation. Otherwise, by
+ // making it emittedAtUses, we do not produce register allocations for
+ // it and inline its content inside the code produced by the
+ // CodeGenerator.
+ if (templateConst->toConstant()->type() == MIRType::Object) {
+ templateConst->setEmittedAtUses();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewObject)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ static MNewObject* NewVM(TempAllocator& alloc, MConstant* templateConst,
+ gc::InitialHeap initialHeap, Mode mode) {
+ return new (alloc)
+ MNewObject(alloc, templateConst, initialHeap, mode, true);
+ }
+
+ Mode mode() const { return mode_; }
+
+ JSObject* templateObject() const {
+ return getOperand(0)->toConstant()->toObjectOrNull();
+ }
+
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ bool isVMCall() const { return vmCall_; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override {
+ // The template object can safely be used in the recover instruction
+ // because it can never be mutated by any other function execution.
+ return templateObject() != nullptr;
+ }
+};
+
+class MNewIterator : public MUnaryInstruction, public NoTypePolicy::Data {
+ public:
+ enum Type {
+ ArrayIterator,
+ StringIterator,
+ RegExpStringIterator,
+ };
+
+ private:
+ Type type_;
+
+ MNewIterator(TempAllocator& alloc, MConstant* templateConst, Type type)
+ : MUnaryInstruction(classOpcode, templateConst), type_(type) {
+ setResultType(MIRType::Object);
+ templateConst->setEmittedAtUses();
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewIterator)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ Type type() const { return type_; }
+
+ JSObject* templateObject() {
+ return getOperand(0)->toConstant()->toObjectOrNull();
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// Represent the content of all slots of an object. This instruction is not
+// lowered and is not used to generate code.
+class MObjectState : public MVariadicInstruction,
+ public NoFloatPolicyAfter<1>::Data {
+ private:
+ uint32_t numSlots_;
+ uint32_t numFixedSlots_;
+
+ explicit MObjectState(JSObject* templateObject);
+ explicit MObjectState(MObjectState* state);
+
+ [[nodiscard]] bool init(TempAllocator& alloc, MDefinition* obj);
+
+ void initSlot(uint32_t slot, MDefinition* def) { initOperand(slot + 1, def); }
+
+ public:
+ INSTRUCTION_HEADER(ObjectState)
+ NAMED_OPERANDS((0, object))
+
+ // Return the template object of any object creation which can be recovered
+ // on bailout.
+ static JSObject* templateObjectOf(MDefinition* obj);
+
+ static MObjectState* New(TempAllocator& alloc, MDefinition* obj);
+ static MObjectState* Copy(TempAllocator& alloc, MObjectState* state);
+
+ // As we might do read of uninitialized properties, we have to copy the
+ // initial values from the template object.
+ [[nodiscard]] bool initFromTemplateObject(TempAllocator& alloc,
+ MDefinition* undefinedVal);
+
+ size_t numFixedSlots() const { return numFixedSlots_; }
+ size_t numSlots() const { return numSlots_; }
+
+ MDefinition* getSlot(uint32_t slot) const { return getOperand(slot + 1); }
+ void setSlot(uint32_t slot, MDefinition* def) {
+ replaceOperand(slot + 1, def);
+ }
+
+ bool hasFixedSlot(uint32_t slot) const {
+ return slot < numSlots() && slot < numFixedSlots();
+ }
+ MDefinition* getFixedSlot(uint32_t slot) const {
+ MOZ_ASSERT(slot < numFixedSlots());
+ return getSlot(slot);
+ }
+ void setFixedSlot(uint32_t slot, MDefinition* def) {
+ MOZ_ASSERT(slot < numFixedSlots());
+ setSlot(slot, def);
+ }
+
+ bool hasDynamicSlot(uint32_t slot) const {
+ return numFixedSlots() < numSlots() && slot < numSlots() - numFixedSlots();
+ }
+ MDefinition* getDynamicSlot(uint32_t slot) const {
+ return getSlot(slot + numFixedSlots());
+ }
+ void setDynamicSlot(uint32_t slot, MDefinition* def) {
+ setSlot(slot + numFixedSlots(), def);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// Represent the contents of all elements of an array. This instruction is not
+// lowered and is not used to generate code.
+class MArrayState : public MVariadicInstruction,
+ public NoFloatPolicyAfter<2>::Data {
+ private:
+ uint32_t numElements_;
+
+ explicit MArrayState(MDefinition* arr);
+
+ [[nodiscard]] bool init(TempAllocator& alloc, MDefinition* obj,
+ MDefinition* len);
+
+ void initElement(uint32_t index, MDefinition* def) {
+ initOperand(index + 2, def);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayState)
+ NAMED_OPERANDS((0, array), (1, initializedLength))
+
+ static MArrayState* New(TempAllocator& alloc, MDefinition* arr,
+ MDefinition* initLength);
+ static MArrayState* Copy(TempAllocator& alloc, MArrayState* state);
+
+ [[nodiscard]] bool initFromTemplateObject(TempAllocator& alloc,
+ MDefinition* undefinedVal);
+
+ void setInitializedLength(MDefinition* def) { replaceOperand(1, def); }
+
+ size_t numElements() const { return numElements_; }
+
+ MDefinition* getElement(uint32_t index) const {
+ return getOperand(index + 2);
+ }
+ void setElement(uint32_t index, MDefinition* def) {
+ replaceOperand(index + 2, def);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// Setting __proto__ in an object literal.
+class MMutateProto : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ MMutateProto(MDefinition* obj, MDefinition* value)
+ : MBinaryInstruction(classOpcode, obj, value) {
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(MutateProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getObject), (1, getValue))
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MInitPropGetterSetter
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>>::Data {
+ CompilerPropertyName name_;
+
+ MInitPropGetterSetter(MDefinition* obj, PropertyName* name,
+ MDefinition* value)
+ : MBinaryInstruction(classOpcode, obj, value), name_(name) {}
+
+ public:
+ INSTRUCTION_HEADER(InitPropGetterSetter)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ PropertyName* name() const { return name_; }
+};
+
+class MInitElemGetterSetter
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>, ObjectPolicy<2>>::Data {
+ MInitElemGetterSetter(MDefinition* obj, MDefinition* id, MDefinition* value)
+ : MTernaryInstruction(classOpcode, obj, id, value) {}
+
+ public:
+ INSTRUCTION_HEADER(InitElemGetterSetter)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, idValue), (2, value))
+};
+
+// WrappedFunction stores information about a function that can safely be used
+// off-thread. In particular, a function's flags can be modified on the main
+// thread as functions are relazified and delazified, so we must be careful not
+// to access these flags off-thread.
+class WrappedFunction : public TempObject {
+ // If this is a native function without a JitEntry, the JSFunction*.
+ CompilerFunction nativeFun_;
+ uint16_t nargs_;
+ js::FunctionFlags flags_;
+
+ public:
+ WrappedFunction(JSFunction* nativeFun, uint16_t nargs, FunctionFlags flags);
+
+ // Note: When adding new accessors be sure to add consistency asserts
+ // to the constructor.
+
+ size_t nargs() const { return nargs_; }
+
+ bool isNativeWithoutJitEntry() const {
+ return flags_.isNativeWithoutJitEntry();
+ }
+ bool hasJitEntry() const { return flags_.hasJitEntry(); }
+ bool isConstructor() const { return flags_.isConstructor(); }
+ bool isClassConstructor() const { return flags_.isClassConstructor(); }
+
+ // These fields never change, they can be accessed off-main thread.
+ JSNative native() const {
+ MOZ_ASSERT(isNativeWithoutJitEntry());
+ return nativeFun_->nativeUnchecked();
+ }
+ bool hasJitInfo() const {
+ return flags_.isBuiltinNative() && nativeFun_->jitInfoUnchecked();
+ }
+ const JSJitInfo* jitInfo() const {
+ MOZ_ASSERT(hasJitInfo());
+ return nativeFun_->jitInfoUnchecked();
+ }
+
+ JSFunction* rawNativeJSFunction() const { return nativeFun_; }
+};
+
+enum class DOMObjectKind : uint8_t { Proxy, Native, Unknown };
+
+class MCall : public MVariadicInstruction, public CallPolicy::Data {
+ private:
+ // The callee, this, and the actual arguments are all operands of MCall.
+ static const size_t CalleeOperandIndex = 0;
+ static const size_t NumNonArgumentOperands = 1;
+
+ protected:
+ // Monomorphic cache for MCalls with a single JSFunction target.
+ WrappedFunction* target_;
+
+ // Original value of argc from the bytecode.
+ uint32_t numActualArgs_;
+
+ // True if the call is for JSOp::New or JSOp::SuperCall.
+ bool construct_ : 1;
+
+ // True if the caller does not use the return value.
+ bool ignoresReturnValue_ : 1;
+
+ bool needsClassCheck_ : 1;
+ bool maybeCrossRealm_ : 1;
+ bool needsThisCheck_ : 1;
+
+ MCall(WrappedFunction* target, uint32_t numActualArgs, bool construct,
+ bool ignoresReturnValue)
+ : MVariadicInstruction(classOpcode),
+ target_(target),
+ numActualArgs_(numActualArgs),
+ construct_(construct),
+ ignoresReturnValue_(ignoresReturnValue),
+ needsClassCheck_(true),
+ maybeCrossRealm_(true),
+ needsThisCheck_(false) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Call)
+ static MCall* New(TempAllocator& alloc, WrappedFunction* target,
+ size_t maxArgc, size_t numActualArgs, bool construct,
+ bool ignoresReturnValue, bool isDOMCall,
+ DOMObjectKind objectKind);
+
+ void initCallee(MDefinition* func) { initOperand(CalleeOperandIndex, func); }
+
+ bool needsClassCheck() const { return needsClassCheck_; }
+ void disableClassCheck() { needsClassCheck_ = false; }
+
+ bool maybeCrossRealm() const { return maybeCrossRealm_; }
+ void setNotCrossRealm() { maybeCrossRealm_ = false; }
+
+ bool needsThisCheck() const { return needsThisCheck_; }
+ void setNeedsThisCheck() {
+ MOZ_ASSERT(construct_);
+ needsThisCheck_ = true;
+ }
+
+ MDefinition* getCallee() const { return getOperand(CalleeOperandIndex); }
+ void replaceCallee(MInstruction* newfunc) {
+ replaceOperand(CalleeOperandIndex, newfunc);
+ }
+
+ void addArg(size_t argnum, MDefinition* arg);
+
+ MDefinition* getArg(uint32_t index) const {
+ return getOperand(NumNonArgumentOperands + index);
+ }
+
+ static size_t IndexOfThis() { return NumNonArgumentOperands; }
+ static size_t IndexOfArgument(size_t index) {
+ return NumNonArgumentOperands + index + 1; // +1 to skip |this|.
+ }
+ static size_t IndexOfStackArg(size_t index) {
+ return NumNonArgumentOperands + index;
+ }
+
+ // For monomorphic callsites.
+ WrappedFunction* getSingleTarget() const { return target_; }
+
+ bool isConstructing() const { return construct_; }
+
+ bool ignoresReturnValue() const { return ignoresReturnValue_; }
+
+ // The number of stack arguments is the max between the number of formal
+ // arguments and the number of actual arguments. The number of stack
+ // argument includes the |undefined| padding added in case of underflow.
+ // Includes |this|.
+ uint32_t numStackArgs() const {
+ return numOperands() - NumNonArgumentOperands;
+ }
+
+ // Does not include |this|.
+ uint32_t numActualArgs() const { return numActualArgs_; }
+
+ bool possiblyCalls() const override { return true; }
+
+ virtual bool isCallDOMNative() const { return false; }
+
+ // A method that can be called to tell the MCall to figure out whether it's
+ // movable or not. This can't be done in the constructor, because it
+ // depends on the arguments to the call, and those aren't passed to the
+ // constructor but are set up later via addArg.
+ virtual void computeMovable() {}
+};
+
+class MCallDOMNative : public MCall {
+ // A helper class for MCalls for DOM natives. Note that this is NOT
+ // actually a separate MIR op from MCall, because all sorts of places use
+ // isCall() to check for calls and all we really want is to overload a few
+ // virtual things from MCall.
+
+ DOMObjectKind objectKind_;
+
+ MCallDOMNative(WrappedFunction* target, uint32_t numActualArgs,
+ DOMObjectKind objectKind)
+ : MCall(target, numActualArgs, false, false), objectKind_(objectKind) {
+ MOZ_ASSERT(getJitInfo()->type() != JSJitInfo::InlinableNative);
+
+ // If our jitinfo is not marked eliminatable, that means that our C++
+ // implementation is fallible or that it never wants to be eliminated or
+ // that we have no hope of ever doing the sort of argument analysis that
+ // would allow us to detemine that we're side-effect-free. In the
+ // latter case we wouldn't get DCEd no matter what, but for the former
+ // two cases we have to explicitly say that we can't be DCEd.
+ if (!getJitInfo()->isEliminatable) {
+ setGuard();
+ }
+ }
+
+ friend MCall* MCall::New(TempAllocator& alloc, WrappedFunction* target,
+ size_t maxArgc, size_t numActualArgs, bool construct,
+ bool ignoresReturnValue, bool isDOMCall,
+ DOMObjectKind objectKind);
+
+ const JSJitInfo* getJitInfo() const;
+
+ public:
+ DOMObjectKind objectKind() const { return objectKind_; }
+
+ virtual AliasSet getAliasSet() const override;
+
+ virtual bool congruentTo(const MDefinition* ins) const override;
+
+ virtual bool isCallDOMNative() const override { return true; }
+
+ virtual void computeMovable() override;
+};
+
+// fun.apply(self, arguments)
+class MApplyArgs : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>,
+ BoxPolicy<2>>::Data {
+ // Monomorphic cache of single target from TI, or nullptr.
+ WrappedFunction* target_;
+ bool maybeCrossRealm_ = true;
+ bool ignoresReturnValue_ = false;
+
+ MApplyArgs(WrappedFunction* target, MDefinition* fun, MDefinition* argc,
+ MDefinition* self)
+ : MTernaryInstruction(classOpcode, fun, argc, self), target_(target) {
+ MOZ_ASSERT(argc->type() == MIRType::Int32);
+ setResultType(MIRType::Value);
+ setBailoutKind(BailoutKind::TooManyArguments);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ApplyArgs)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getFunction), (1, getArgc), (2, getThis))
+
+ // For TI-informed monomorphic callsites.
+ WrappedFunction* getSingleTarget() const { return target_; }
+
+ bool maybeCrossRealm() const { return maybeCrossRealm_; }
+ void setNotCrossRealm() { maybeCrossRealm_ = false; }
+
+ bool ignoresReturnValue() const { return ignoresReturnValue_; }
+ void setIgnoresReturnValue() { ignoresReturnValue_ = true; }
+
+ bool isConstructing() const { return false; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// fun.apply(fn, array)
+class MApplyArray : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<2>>::Data {
+ // Monomorphic cache of single target from TI, or nullptr.
+ WrappedFunction* target_;
+ bool maybeCrossRealm_ = true;
+ bool ignoresReturnValue_ = false;
+
+ MApplyArray(WrappedFunction* target, MDefinition* fun, MDefinition* elements,
+ MDefinition* self)
+ : MTernaryInstruction(classOpcode, fun, elements, self), target_(target) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ setResultType(MIRType::Value);
+ setBailoutKind(BailoutKind::TooManyArguments);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ApplyArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getFunction), (1, getElements), (2, getThis))
+
+ // For TI-informed monomorphic callsites.
+ WrappedFunction* getSingleTarget() const { return target_; }
+
+ bool maybeCrossRealm() const { return maybeCrossRealm_; }
+ void setNotCrossRealm() { maybeCrossRealm_ = false; }
+
+ bool ignoresReturnValue() const { return ignoresReturnValue_; }
+ void setIgnoresReturnValue() { ignoresReturnValue_ = true; }
+
+ bool isConstructing() const { return false; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// |new F(...args)| and |super(...args)|.
+class MConstructArray
+ : public MQuaternaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<2>, ObjectPolicy<3>>::Data {
+ // Monomorphic cache of single target from TI, or nullptr.
+ WrappedFunction* target_;
+ bool maybeCrossRealm_ = true;
+
+ MConstructArray(WrappedFunction* target, MDefinition* fun,
+ MDefinition* elements, MDefinition* thisValue,
+ MDefinition* newTarget)
+ : MQuaternaryInstruction(classOpcode, fun, elements, thisValue,
+ newTarget),
+ target_(target) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ setResultType(MIRType::Value);
+ setBailoutKind(BailoutKind::TooManyArguments);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ConstructArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getFunction), (1, getElements), (2, getThis),
+ (3, getNewTarget))
+
+ // For TI-informed monomorphic callsites.
+ WrappedFunction* getSingleTarget() const { return target_; }
+
+ bool maybeCrossRealm() const { return maybeCrossRealm_; }
+ void setNotCrossRealm() { maybeCrossRealm_ = false; }
+
+ bool ignoresReturnValue() const { return false; }
+ bool isConstructing() const { return true; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MBail : public MNullaryInstruction {
+ explicit MBail(BailoutKind kind) : MNullaryInstruction(classOpcode) {
+ setBailoutKind(kind);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Bail)
+
+ static MBail* New(TempAllocator& alloc, BailoutKind kind) {
+ return new (alloc) MBail(kind);
+ }
+ static MBail* New(TempAllocator& alloc) {
+ return new (alloc) MBail(BailoutKind::Inevitable);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MUnreachable : public MAryControlInstruction<0, 0>,
+ public NoTypePolicy::Data {
+ MUnreachable() : MAryControlInstruction(classOpcode) {}
+
+ public:
+ INSTRUCTION_HEADER(Unreachable)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// This class serve as a way to force the encoding of a snapshot, even if there
+// is no resume point using it. This is useful to run MAssertRecoveredOnBailout
+// assertions.
+class MEncodeSnapshot : public MNullaryInstruction {
+ MEncodeSnapshot() : MNullaryInstruction(classOpcode) { setGuard(); }
+
+ public:
+ INSTRUCTION_HEADER(EncodeSnapshot)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MAssertRecoveredOnBailout : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ bool mustBeRecovered_;
+
+ MAssertRecoveredOnBailout(MDefinition* ins, bool mustBeRecovered)
+ : MUnaryInstruction(classOpcode, ins), mustBeRecovered_(mustBeRecovered) {
+ setResultType(MIRType::Value);
+ setRecoveredOnBailout();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(AssertRecoveredOnBailout)
+ TRIVIAL_NEW_WRAPPERS
+
+ // Needed to assert that float32 instructions are correctly recovered.
+ bool canConsumeFloat32(MUse* use) const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MAssertFloat32 : public MUnaryInstruction, public NoTypePolicy::Data {
+ bool mustBeFloat32_;
+
+ MAssertFloat32(MDefinition* value, bool mustBeFloat32)
+ : MUnaryInstruction(classOpcode, value), mustBeFloat32_(mustBeFloat32) {}
+
+ public:
+ INSTRUCTION_HEADER(AssertFloat32)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool canConsumeFloat32(MUse* use) const override { return true; }
+
+ bool mustBeFloat32() const { return mustBeFloat32_; }
+};
+
+class MCompare : public MBinaryInstruction, public ComparePolicy::Data {
+ public:
+ enum CompareType {
+
+ // Anything compared to Undefined
+ Compare_Undefined,
+
+ // Anything compared to Null
+ Compare_Null,
+
+ // Int32 compared to Int32
+ // Boolean compared to Boolean
+ Compare_Int32,
+
+ // Int32 compared as unsigneds
+ Compare_UInt32,
+
+ // Int64 compared to Int64.
+ Compare_Int64,
+
+ // Int64 compared as unsigneds.
+ Compare_UInt64,
+
+ // Double compared to Double
+ Compare_Double,
+
+ // Float compared to Float
+ Compare_Float32,
+
+ // String compared to String
+ Compare_String,
+
+ // Symbol compared to Symbol
+ Compare_Symbol,
+
+ // Object compared to Object
+ Compare_Object,
+
+ // BigInt compared to BigInt
+ Compare_BigInt,
+
+ // BigInt compared to Int32
+ Compare_BigInt_Int32,
+
+ // BigInt compared to Double
+ Compare_BigInt_Double,
+
+ // BigInt compared to String
+ Compare_BigInt_String,
+
+ // Wasm Ref/AnyRef/NullRef compared to Ref/AnyRef/NullRef
+ Compare_RefOrNull,
+
+ // All other possible compares
+ Compare_Unknown
+ };
+
+ private:
+ CompareType compareType_;
+ JSOp jsop_;
+ bool operandsAreNeverNaN_;
+
+ // When a floating-point comparison is converted to an integer comparison
+ // (when range analysis proves it safe), we need to convert the operands
+ // to integer as well.
+ bool truncateOperands_;
+
+ MCompare(MDefinition* left, MDefinition* right, JSOp jsop,
+ CompareType compareType)
+ : MBinaryInstruction(classOpcode, left, right),
+ compareType_(compareType),
+ jsop_(jsop),
+ operandsAreNeverNaN_(false),
+ truncateOperands_(false) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Compare)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MCompare* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, JSOp jsop,
+ CompareType compareType) {
+ MOZ_ASSERT(compareType == Compare_Int32 || compareType == Compare_UInt32 ||
+ compareType == Compare_Int64 || compareType == Compare_UInt64 ||
+ compareType == Compare_Double ||
+ compareType == Compare_Float32 ||
+ compareType == Compare_RefOrNull);
+ auto* ins = MCompare::New(alloc, left, right, jsop, compareType);
+ ins->setResultType(MIRType::Int32);
+ return ins;
+ }
+
+ [[nodiscard]] bool tryFold(bool* result);
+ [[nodiscard]] bool evaluateConstantOperands(TempAllocator& alloc,
+ bool* result);
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ CompareType compareType() const { return compareType_; }
+ bool isInt32Comparison() const { return compareType() == Compare_Int32; }
+ bool isDoubleComparison() const { return compareType() == Compare_Double; }
+ bool isFloat32Comparison() const { return compareType() == Compare_Float32; }
+ bool isNumericComparison() const {
+ return isInt32Comparison() || isDoubleComparison() || isFloat32Comparison();
+ }
+ MIRType inputType();
+
+ JSOp jsop() const { return jsop_; }
+ bool operandsAreNeverNaN() const { return operandsAreNeverNaN_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+ void collectRangeInfoPreTrunc() override;
+
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+ bool isFloat32Commutative() const override { return true; }
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override {
+ // Both sides of the compare can be Float32
+ return compareType_ == Compare_Float32;
+ }
+#endif
+
+ ALLOW_CLONE(MCompare)
+
+ private:
+ [[nodiscard]] bool tryFoldEqualOperands(bool* result);
+ [[nodiscard]] bool tryFoldTypeOf(bool* result);
+ [[nodiscard]] MDefinition* tryFoldCharCompare(TempAllocator& alloc);
+
+ public:
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!binaryCongruentTo(ins)) {
+ return false;
+ }
+ return compareType() == ins->toCompare()->compareType() &&
+ jsop() == ins->toCompare()->jsop();
+ }
+};
+
+class MSameValue : public MBinaryInstruction, public AllDoublePolicy::Data {
+ MSameValue(MDefinition* left, MDefinition* right)
+ : MBinaryInstruction(classOpcode, left, right) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(SameValue)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MSameValue)
+};
+
+// Takes a typed value and returns an untyped value.
+class MBox : public MUnaryInstruction, public NoTypePolicy::Data {
+ explicit MBox(MDefinition* ins) : MUnaryInstruction(classOpcode, ins) {
+ // Cannot box a box.
+ MOZ_ASSERT(ins->type() != MIRType::Value);
+
+ setResultType(MIRType::Value);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Box)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MBox)
+};
+
+// Note: the op may have been inverted during lowering (to put constants in a
+// position where they can be immediates), so it is important to use the
+// lir->jsop() instead of the mir->jsop() when it is present.
+static inline Assembler::Condition JSOpToCondition(
+ MCompare::CompareType compareType, JSOp op) {
+ bool isSigned = (compareType != MCompare::Compare_UInt32);
+ return JSOpToCondition(op, isSigned);
+}
+
+// Takes a typed value and checks if it is a certain type. If so, the payload
+// is unpacked and returned as that type. Otherwise, it is considered a
+// deoptimization.
+class MUnbox final : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ public:
+ enum Mode {
+ Fallible, // Check the type, and deoptimize if unexpected.
+ Infallible, // Type guard is not necessary.
+ };
+
+ private:
+ Mode mode_;
+
+ MUnbox(MDefinition* ins, MIRType type, Mode mode)
+ : MUnaryInstruction(classOpcode, ins), mode_(mode) {
+ // Only allow unboxing a non MIRType::Value when input and output types
+ // don't match. This is often used to force a bailout. Boxing happens
+ // during type analysis.
+ MOZ_ASSERT_IF(ins->type() != MIRType::Value, type != ins->type());
+
+ MOZ_ASSERT(type == MIRType::Boolean || type == MIRType::Int32 ||
+ type == MIRType::Double || type == MIRType::String ||
+ type == MIRType::Symbol || type == MIRType::BigInt ||
+ type == MIRType::Object);
+
+ setResultType(type);
+ setMovable();
+
+ if (mode_ == Fallible) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(Unbox)
+ TRIVIAL_NEW_WRAPPERS
+
+ Mode mode() const { return mode_; }
+ bool fallible() const { return mode() != Infallible; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isUnbox() || ins->toUnbox()->mode() != mode()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ ALLOW_CLONE(MUnbox)
+};
+
+class MAssertRange : public MUnaryInstruction, public NoTypePolicy::Data {
+ // This is the range checked by the assertion. Don't confuse this with the
+ // range_ member or the range() accessor. Since MAssertRange doesn't return
+ // a value, it doesn't use those.
+ const Range* assertedRange_;
+
+ MAssertRange(MDefinition* ins, const Range* assertedRange)
+ : MUnaryInstruction(classOpcode, ins), assertedRange_(assertedRange) {
+ setGuard();
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(AssertRange)
+ TRIVIAL_NEW_WRAPPERS
+
+ const Range* assertedRange() const { return assertedRange_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+};
+
+class MAssertClass : public MUnaryInstruction, public NoTypePolicy::Data {
+ const JSClass* class_;
+
+ MAssertClass(MDefinition* obj, const JSClass* clasp)
+ : MUnaryInstruction(classOpcode, obj), class_(clasp) {
+ MOZ_ASSERT(obj->type() == MIRType::Object);
+
+ setGuard();
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(AssertClass)
+ TRIVIAL_NEW_WRAPPERS
+
+ const JSClass* getClass() const { return class_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MAssertShape : public MUnaryInstruction, public NoTypePolicy::Data {
+ CompilerShape shape_;
+
+ MAssertShape(MDefinition* obj, Shape* shape)
+ : MUnaryInstruction(classOpcode, obj), shape_(shape) {
+ MOZ_ASSERT(obj->type() == MIRType::Object);
+
+ setGuard();
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(AssertShape)
+ TRIVIAL_NEW_WRAPPERS
+
+ const Shape* shape() const { return shape_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Caller-side allocation of |this| for |new|:
+// Given a templateobject, construct |this| for JSOp::New.
+// Not used for JSOp::SuperCall, because Baseline doesn't attach template
+// objects for super calls.
+class MCreateThisWithTemplate : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ gc::InitialHeap initialHeap_;
+
+ MCreateThisWithTemplate(TempAllocator& alloc, MConstant* templateConst,
+ gc::InitialHeap initialHeap)
+ : MUnaryInstruction(classOpcode, templateConst),
+ initialHeap_(initialHeap) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CreateThisWithTemplate)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ // Template for |this|, provided by TI.
+ JSObject* templateObject() const {
+ return &getOperand(0)->toConstant()->toObject();
+ }
+
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ // Although creation of |this| modifies global state, it is safely repeatable.
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override;
+};
+
+// Caller-side allocation of |this| for |new|:
+// Constructs |this| when possible, else MagicValue(JS_IS_CONSTRUCTING).
+class MCreateThis : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>>::Data {
+ explicit MCreateThis(MDefinition* callee, MDefinition* newTarget)
+ : MBinaryInstruction(classOpcode, callee, newTarget) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CreateThis)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getCallee), (1, getNewTarget))
+
+ // Performs a property read from |newTarget| iff |newTarget| is a JSFunction
+ // with an own |.prototype| property.
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Any);
+ }
+ bool possiblyCalls() const override { return true; }
+};
+
+// Eager initialization of arguments object.
+class MCreateArgumentsObject : public MUnaryInstruction,
+ public ObjectPolicy<0>::Data {
+ CompilerGCPointer<ArgumentsObject*> templateObj_;
+
+ MCreateArgumentsObject(MDefinition* callObj, ArgumentsObject* templateObj)
+ : MUnaryInstruction(classOpcode, callObj), templateObj_(templateObj) {
+ setResultType(MIRType::Object);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(CreateArgumentsObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getCallObject))
+
+ ArgumentsObject* templateObject() const { return templateObj_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MGetArgumentsObjectArg : public MUnaryInstruction,
+ public ObjectPolicy<0>::Data {
+ size_t argno_;
+
+ MGetArgumentsObjectArg(MDefinition* argsObject, size_t argno)
+ : MUnaryInstruction(classOpcode, argsObject), argno_(argno) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetArgumentsObjectArg)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getArgsObject))
+
+ size_t argno() const { return argno_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGetArgumentsObjectArg()) {
+ return false;
+ }
+ if (ins->toGetArgumentsObjectArg()->argno() != argno()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Any);
+ }
+};
+
+class MSetArgumentsObjectArg
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ size_t argno_;
+
+ MSetArgumentsObjectArg(MDefinition* argsObj, size_t argno, MDefinition* value)
+ : MBinaryInstruction(classOpcode, argsObj, value), argno_(argno) {}
+
+ public:
+ INSTRUCTION_HEADER(SetArgumentsObjectArg)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getArgsObject), (1, getValue))
+
+ size_t argno() const { return argno_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::Any);
+ }
+};
+
+// Load |arguments[index]| from a mapped or unmapped arguments object. Bails out
+// if any elements were overridden or deleted. Also bails out if the index is
+// out of bounds.
+class MLoadArgumentsObjectArg
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MLoadArgumentsObjectArg(MDefinition* object, MDefinition* index)
+ : MBinaryInstruction(classOpcode, object, index) {
+ setResultType(MIRType::Value);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadArgumentsObjectArg)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getArgsObject), (1, index))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Any);
+ }
+};
+
+// Load |arguments.length|. Bails out if the length has been overriden.
+class MArgumentsObjectLength : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArgumentsObjectLength(MDefinition* argsObj)
+ : MUnaryInstruction(classOpcode, argsObj) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArgumentsObjectLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getArgsObject))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ // Even though the "length" property is lazily resolved, it acts similar to
+ // a normal property load, so we can treat this operation like any other
+ // property read.
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+};
+
+// Guard that the |ArgumentsObject::ITERATOR_OVERRIDDEN_BIT| flag isn't set.
+class MGuardArgumentsObjectNotOverriddenIterator
+ : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardArgumentsObjectNotOverriddenIterator(MDefinition* argsObj)
+ : MUnaryInstruction(classOpcode, argsObj) {
+ setResultType(MIRType::Object);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardArgumentsObjectNotOverriddenIterator)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getArgsObject))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ // Even though the "iterator" property is lazily resolved, it acts similar
+ // to a normal property load, so we can treat this operation like any other
+ // property read.
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+};
+
+// Given a MIRType::Value A and a MIRType::Object B:
+// If the Value may be safely unboxed to an Object, return Object(A).
+// Otherwise, return B.
+// Used to implement return behavior for inlined constructors.
+class MReturnFromCtor : public MBinaryInstruction,
+ public MixPolicy<BoxPolicy<0>, ObjectPolicy<1>>::Data {
+ MReturnFromCtor(MDefinition* value, MDefinition* object)
+ : MBinaryInstruction(classOpcode, value, object) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ReturnFromCtor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getValue), (1, getObject))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MToFPInstruction : public MUnaryInstruction, public ToDoublePolicy::Data {
+ public:
+ // Types of values which can be converted.
+ enum ConversionKind { NonStringPrimitives, NumbersOnly };
+
+ private:
+ ConversionKind conversion_;
+
+ protected:
+ MToFPInstruction(Opcode op, MDefinition* def,
+ ConversionKind conversion = NonStringPrimitives)
+ : MUnaryInstruction(op, def), conversion_(conversion) {}
+
+ public:
+ ConversionKind conversion() const { return conversion_; }
+};
+
+// Converts a primitive (either typed or untyped) to a double. If the input is
+// not primitive at runtime, a bailout occurs.
+class MToDouble : public MToFPInstruction {
+ private:
+ TruncateKind implicitTruncate_;
+
+ explicit MToDouble(MDefinition* def,
+ ConversionKind conversion = NonStringPrimitives)
+ : MToFPInstruction(classOpcode, def, conversion),
+ implicitTruncate_(TruncateKind::NoTruncate) {
+ setResultType(MIRType::Double);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (!def->definitelyType({MIRType::Undefined, MIRType::Null,
+ MIRType::Boolean, MIRType::Int32, MIRType::Double,
+ MIRType::Float32, MIRType::String})) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToDouble)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isToDouble() || ins->toToDouble()->conversion() != conversion()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+
+ TruncateKind truncateKind() const { return implicitTruncate_; }
+ void setTruncateKind(TruncateKind kind) {
+ implicitTruncate_ = std::max(implicitTruncate_, kind);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override {
+ if (input()->type() == MIRType::Value) {
+ return false;
+ }
+ if (input()->type() == MIRType::Symbol) {
+ return false;
+ }
+ if (input()->type() == MIRType::BigInt) {
+ return false;
+ }
+
+ return true;
+ }
+
+ ALLOW_CLONE(MToDouble)
+};
+
+// Converts a primitive (either typed or untyped) to a float32. If the input is
+// not primitive at runtime, a bailout occurs.
+class MToFloat32 : public MToFPInstruction {
+ bool mustPreserveNaN_;
+
+ explicit MToFloat32(MDefinition* def,
+ ConversionKind conversion = NonStringPrimitives)
+ : MToFPInstruction(classOpcode, def, conversion),
+ mustPreserveNaN_(false) {
+ setResultType(MIRType::Float32);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (!def->definitelyType({MIRType::Undefined, MIRType::Null,
+ MIRType::Boolean, MIRType::Int32, MIRType::Double,
+ MIRType::Float32, MIRType::String})) {
+ setGuard();
+ }
+ }
+
+ explicit MToFloat32(MDefinition* def, bool mustPreserveNaN)
+ : MToFloat32(def) {
+ mustPreserveNaN_ = mustPreserveNaN;
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToFloat32)
+ TRIVIAL_NEW_WRAPPERS
+
+ virtual MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!congruentIfOperandsEqual(ins)) {
+ return false;
+ }
+ auto* other = ins->toToFloat32();
+ return other->conversion() == conversion() &&
+ other->mustPreserveNaN_ == mustPreserveNaN_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ bool canConsumeFloat32(MUse* use) const override { return true; }
+ bool canProduceFloat32() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MToFloat32)
+};
+
+// Converts a uint32 to a double (coming from wasm).
+class MWasmUnsignedToDouble : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ explicit MWasmUnsignedToDouble(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::Double);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmUnsignedToDouble)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Converts a uint32 to a float32 (coming from wasm).
+class MWasmUnsignedToFloat32 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ explicit MWasmUnsignedToFloat32(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::Float32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmUnsignedToFloat32)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool canProduceFloat32() const override { return true; }
+};
+
+class MWrapInt64ToInt32 : public MUnaryInstruction, public NoTypePolicy::Data {
+ bool bottomHalf_;
+
+ explicit MWrapInt64ToInt32(MDefinition* def, bool bottomHalf = true)
+ : MUnaryInstruction(classOpcode, def), bottomHalf_(bottomHalf) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WrapInt64ToInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isWrapInt64ToInt32()) {
+ return false;
+ }
+ if (ins->toWrapInt64ToInt32()->bottomHalf() != bottomHalf()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool bottomHalf() const { return bottomHalf_; }
+};
+
+class MExtendInt32ToInt64 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ bool isUnsigned_;
+
+ MExtendInt32ToInt64(MDefinition* def, bool isUnsigned)
+ : MUnaryInstruction(classOpcode, def), isUnsigned_(isUnsigned) {
+ setResultType(MIRType::Int64);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ExtendInt32ToInt64)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return isUnsigned_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isExtendInt32ToInt64()) {
+ return false;
+ }
+ if (ins->toExtendInt32ToInt64()->isUnsigned_ != isUnsigned_) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// The same as MWasmTruncateToInt64 but with the TLS dependency.
+// It used only for arm now because on arm we need to call builtin to truncate
+// to i64.
+class MWasmBuiltinTruncateToInt64 : public MAryInstruction<2>,
+ public NoTypePolicy::Data {
+ TruncFlags flags_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmBuiltinTruncateToInt64(MDefinition* def, MDefinition* tls,
+ TruncFlags flags,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MAryInstruction(classOpcode),
+ flags_(flags),
+ bytecodeOffset_(bytecodeOffset) {
+ initOperand(0, def);
+ initOperand(1, tls);
+
+ setResultType(MIRType::Int64);
+ setGuard(); // neither removable nor movable because of possible
+ // side-effects.
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBuiltinTruncateToInt64)
+ NAMED_OPERANDS((0, input), (1, tls));
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return flags_ & TRUNC_UNSIGNED; }
+ bool isSaturating() const { return flags_ & TRUNC_SATURATING; }
+ TruncFlags flags() const { return flags_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toWasmBuiltinTruncateToInt64()->flags() == flags_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MWasmTruncateToInt64 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ TruncFlags flags_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmTruncateToInt64(MDefinition* def, TruncFlags flags,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MUnaryInstruction(classOpcode, def),
+ flags_(flags),
+ bytecodeOffset_(bytecodeOffset) {
+ setResultType(MIRType::Int64);
+ setGuard(); // neither removable nor movable because of possible
+ // side-effects.
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmTruncateToInt64)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return flags_ & TRUNC_UNSIGNED; }
+ bool isSaturating() const { return flags_ & TRUNC_SATURATING; }
+ TruncFlags flags() const { return flags_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toWasmTruncateToInt64()->flags() == flags_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Truncate a value to an int32, with wasm semantics: this will trap when the
+// value is out of range.
+class MWasmTruncateToInt32 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ TruncFlags flags_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmTruncateToInt32(MDefinition* def, TruncFlags flags,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MUnaryInstruction(classOpcode, def),
+ flags_(flags),
+ bytecodeOffset_(bytecodeOffset) {
+ setResultType(MIRType::Int32);
+ setGuard(); // neither removable nor movable because of possible
+ // side-effects.
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmTruncateToInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return flags_ & TRUNC_UNSIGNED; }
+ bool isSaturating() const { return flags_ & TRUNC_SATURATING; }
+ TruncFlags flags() const { return flags_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toWasmTruncateToInt32()->flags() == flags_;
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Store a JS Value that can't be represented as an AnyRef pointer into an
+// object that holds the value (opaquely) as such a pointer.
+class MWasmBoxValue : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MWasmBoxValue(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::RefOrNull);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBoxValue)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MWasmAnyRefFromJSObject : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ explicit MWasmAnyRefFromJSObject(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::RefOrNull);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmAnyRefFromJSObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MInt64ToFloatingPoint : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ bool isUnsigned_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MInt64ToFloatingPoint(MDefinition* def, MIRType type,
+ wasm::BytecodeOffset bytecodeOffset, bool isUnsigned)
+ : MUnaryInstruction(classOpcode, def),
+ isUnsigned_(isUnsigned),
+ bytecodeOffset_(bytecodeOffset) {
+ MOZ_ASSERT(IsFloatingPointType(type));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Int64ToFloatingPoint)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return isUnsigned_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isInt64ToFloatingPoint()) {
+ return false;
+ }
+ if (ins->toInt64ToFloatingPoint()->isUnsigned_ != isUnsigned_) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// It used only for arm now because on arm we need to call builtin to convert
+// i64 to float.
+class MBuiltinInt64ToFloatingPoint : public MAryInstruction<2>,
+ public NoTypePolicy::Data {
+ bool isUnsigned_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MBuiltinInt64ToFloatingPoint(MDefinition* def, MDefinition* tls, MIRType type,
+ wasm::BytecodeOffset bytecodeOffset,
+ bool isUnsigned)
+ : MAryInstruction(classOpcode),
+ isUnsigned_(isUnsigned),
+ bytecodeOffset_(bytecodeOffset) {
+ MOZ_ASSERT(IsFloatingPointType(type));
+ initOperand(0, def);
+ initOperand(1, tls);
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BuiltinInt64ToFloatingPoint)
+ NAMED_OPERANDS((0, input), (1, tls));
+ TRIVIAL_NEW_WRAPPERS
+
+ bool isUnsigned() const { return isUnsigned_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isBuiltinInt64ToFloatingPoint()) {
+ return false;
+ }
+ if (ins->toBuiltinInt64ToFloatingPoint()->isUnsigned_ != isUnsigned_) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Applies ECMA's ToNumber on a primitive (either typed or untyped) and expects
+// the result to be precisely representable as an Int32, otherwise bails.
+//
+// If the input is not primitive at runtime, a bailout occurs. If the input
+// cannot be converted to an int32 without loss (i.e. 5.5 or undefined) then a
+// bailout occurs.
+class MToNumberInt32 : public MUnaryInstruction, public ToInt32Policy::Data {
+ bool needsNegativeZeroCheck_;
+ IntConversionInputKind conversion_;
+
+ explicit MToNumberInt32(MDefinition* def, IntConversionInputKind conversion =
+ IntConversionInputKind::Any)
+ : MUnaryInstruction(classOpcode, def),
+ needsNegativeZeroCheck_(true),
+ conversion_(conversion) {
+ setResultType(MIRType::Int32);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (!def->definitelyType({MIRType::Undefined, MIRType::Null,
+ MIRType::Boolean, MIRType::Int32, MIRType::Double,
+ MIRType::Float32, MIRType::String})) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToNumberInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ // this only has backwards information flow.
+ void analyzeEdgeCasesBackward() override;
+
+ bool needsNegativeZeroCheck() const { return needsNegativeZeroCheck_; }
+ void setNeedsNegativeZeroCheck(bool needsCheck) {
+ needsNegativeZeroCheck_ = needsCheck;
+ }
+
+ IntConversionInputKind conversion() const { return conversion_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isToNumberInt32() ||
+ ins->toToNumberInt32()->conversion() != conversion()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+ void collectRangeInfoPreTrunc() override;
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+
+ ALLOW_CLONE(MToNumberInt32)
+};
+
+// Applies ECMA's ToInteger on a primitive (either typed or untyped) and expects
+// the result to be precisely representable as an Int32, otherwise bails.
+//
+// NB: Negative zero doesn't lead to a bailout, but instead will be treated the
+// same as positive zero for this operation.
+//
+// If the input is not primitive at runtime, a bailout occurs. If the input
+// cannot be converted to an int32 without loss (i.e. 2e10 or Infinity) then a
+// bailout occurs.
+class MToIntegerInt32 : public MUnaryInstruction, public ToInt32Policy::Data {
+ explicit MToIntegerInt32(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::Int32);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (!def->definitelyType({MIRType::Undefined, MIRType::Null,
+ MIRType::Boolean, MIRType::Int32, MIRType::Double,
+ MIRType::Float32, MIRType::String})) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToIntegerInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+
+ ALLOW_CLONE(MToIntegerInt32)
+};
+
+// Converts a value or typed input to a truncated int32, for use with bitwise
+// operations. This is an infallible ValueToECMAInt32.
+class MTruncateToInt32 : public MUnaryInstruction, public ToInt32Policy::Data {
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MTruncateToInt32(
+ MDefinition* def,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset())
+ : MUnaryInstruction(classOpcode, def), bytecodeOffset_(bytecodeOffset) {
+ setResultType(MIRType::Int32);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (mightHaveSideEffects(def)) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(TruncateToInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ static bool mightHaveSideEffects(MDefinition* def) {
+ return !def->definitelyType(
+ {MIRType::Undefined, MIRType::Null, MIRType::Boolean, MIRType::Int32,
+ MIRType::Double, MIRType::Float32, MIRType::String});
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override {
+ return input()->type() < MIRType::Symbol;
+ }
+
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ ALLOW_CLONE(MTruncateToInt32)
+};
+
+// It is like MTruncateToInt32 but with tls dependency.
+class MWasmBuiltinTruncateToInt32 : public MAryInstruction<2>,
+ public ToInt32Policy::Data {
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmBuiltinTruncateToInt32(
+ MDefinition* def, MDefinition* tls,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset())
+ : MAryInstruction(classOpcode), bytecodeOffset_(bytecodeOffset) {
+ initOperand(0, def);
+ initOperand(1, tls);
+ setResultType(MIRType::Int32);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (MTruncateToInt32::mightHaveSideEffects(def)) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBuiltinTruncateToInt32)
+ NAMED_OPERANDS((0, input), (1, tls))
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ ALLOW_CLONE(MWasmBuiltinTruncateToInt32)
+};
+
+// Converts a primitive (either typed or untyped) to a BigInt. If the input is
+// not primitive at runtime, a bailout occurs.
+class MToBigInt : public MUnaryInstruction, public ToBigIntPolicy::Data {
+ private:
+ explicit MToBigInt(MDefinition* def) : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::BigInt);
+ setMovable();
+
+ // Guard unless the conversion is known to be non-effectful & non-throwing.
+ if (!def->definitelyType(
+ {MIRType::Boolean, MIRType::String, MIRType::BigInt})) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToBigInt)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MToBigInt)
+};
+
+// Takes a Value or typed input and returns a suitable Int64 using the
+// ToBigInt algorithm, possibly calling out to the VM for string, etc inputs.
+class MToInt64 : public MUnaryInstruction, public ToInt64Policy::Data {
+ explicit MToInt64(MDefinition* def) : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::Int64);
+ setMovable();
+
+ // An object might have "valueOf", which means it is effectful.
+ // ToBigInt(undefined), ToBigInt(null), ToBigInt(number), and
+ // ToBigInt(symbol) all throw.
+ if (def->mightBeType(MIRType::Object) ||
+ def->mightBeType(MIRType::Undefined) ||
+ def->mightBeType(MIRType::Null) || def->mightBeType(MIRType::Double) ||
+ def->mightBeType(MIRType::Float32) ||
+ def->mightBeType(MIRType::Int32) || def->mightBeType(MIRType::Symbol)) {
+ setGuard();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToInt64)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MToInt64)
+};
+
+// Takes a BigInt pointer and returns its toInt64 value.
+class MTruncateBigIntToInt64 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ explicit MTruncateBigIntToInt64(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ MOZ_ASSERT(def->type() == MIRType::BigInt);
+ setResultType(MIRType::Int64);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(TruncateBigIntToInt64)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MTruncateBigIntToInt64)
+};
+
+// Takes an Int64 and returns a fresh BigInt pointer.
+class MInt64ToBigInt : public MUnaryInstruction, public NoTypePolicy::Data {
+ explicit MInt64ToBigInt(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ MOZ_ASSERT(def->type() == MIRType::Int64);
+ setResultType(MIRType::BigInt);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Int64ToBigInt)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MInt64ToBigInt)
+};
+
+// Converts any type to a string
+class MToString : public MUnaryInstruction, public ToStringPolicy::Data {
+ public:
+ // MToString has two modes for handling of object/symbol arguments: if the
+ // to-string conversion happens as part of another opcode, we have to bail out
+ // to Baseline. If the conversion is for a stand-alone JSOp we can support
+ // side-effects.
+ enum class SideEffectHandling { Bailout, Supported };
+
+ private:
+ SideEffectHandling sideEffects_;
+ bool mightHaveSideEffects_ = false;
+
+ MToString(MDefinition* def, SideEffectHandling sideEffects)
+ : MUnaryInstruction(classOpcode, def), sideEffects_(sideEffects) {
+ setResultType(MIRType::String);
+
+ if (!def->definitelyType({MIRType::Undefined, MIRType::Null,
+ MIRType::Boolean, MIRType::Int32, MIRType::Double,
+ MIRType::Float32, MIRType::String,
+ MIRType::BigInt})) {
+ mightHaveSideEffects_ = true;
+ }
+
+ // If this instruction is not effectful, mark it as movable and set the
+ // Guard flag if needed. If the operation is effectful it won't be
+ // optimized anyway so there's no need to set any flags.
+ if (!isEffectful()) {
+ setMovable();
+ // Objects might override toString; Symbol throws. We bailout in those
+ // cases and run side-effects in baseline instead.
+ if (mightHaveSideEffects_) {
+ setGuard();
+ }
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToString)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isToString()) {
+ return false;
+ }
+ if (sideEffects_ != ins->toToString()->sideEffects_) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ if (supportSideEffects() && mightHaveSideEffects_) {
+ return AliasSet::Store(AliasSet::Any);
+ }
+ return AliasSet::None();
+ }
+
+ bool mightHaveSideEffects() const { return mightHaveSideEffects_; }
+
+ bool supportSideEffects() const {
+ return sideEffects_ == SideEffectHandling::Supported;
+ }
+
+ bool needsSnapshot() const {
+ return sideEffects_ == SideEffectHandling::Bailout && mightHaveSideEffects_;
+ }
+
+ ALLOW_CLONE(MToString)
+};
+
+class MBitNot : public MUnaryInstruction, public BitwisePolicy::Data {
+ explicit MBitNot(MDefinition* input) : MUnaryInstruction(classOpcode, input) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BitNot)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBitNot)
+};
+
+class MTypeOf : public MUnaryInstruction,
+ public BoxExceptPolicy<0, MIRType::Object>::Data {
+ bool inputMaybeCallableOrEmulatesUndefined_;
+
+ explicit MTypeOf(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def),
+ inputMaybeCallableOrEmulatesUndefined_(true) {
+ setResultType(MIRType::String);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(TypeOf)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void cacheInputMaybeCallableOrEmulatesUndefined();
+
+ bool inputMaybeCallableOrEmulatesUndefined() const {
+ return inputMaybeCallableOrEmulatesUndefined_;
+ }
+ void markInputNotCallableOrEmulatesUndefined() {
+ inputMaybeCallableOrEmulatesUndefined_ = false;
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isTypeOf()) {
+ return false;
+ }
+ if (inputMaybeCallableOrEmulatesUndefined() !=
+ ins->toTypeOf()->inputMaybeCallableOrEmulatesUndefined()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MToAsyncIter : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ explicit MToAsyncIter(MDefinition* iterator, MDefinition* nextMethod)
+ : MBinaryInstruction(classOpcode, iterator, nextMethod) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToAsyncIter)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, getIterator), (1, getNextMethod))
+};
+
+class MToPropertyKeyCache : public MUnaryInstruction,
+ public BoxPolicy<0>::Data {
+ explicit MToPropertyKeyCache(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ToPropertyKeyCache)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MBinaryBitwiseInstruction : public MBinaryInstruction,
+ public BitwisePolicy::Data {
+ protected:
+ MBinaryBitwiseInstruction(Opcode op, MDefinition* left, MDefinition* right,
+ MIRType type)
+ : MBinaryInstruction(op, left, right),
+ maskMatchesLeftRange(false),
+ maskMatchesRightRange(false) {
+ MOZ_ASSERT(type == MIRType::Int32 || type == MIRType::Int64 ||
+ (isUrsh() && type == MIRType::Double));
+ setResultType(type);
+ setMovable();
+ }
+
+ bool maskMatchesLeftRange;
+ bool maskMatchesRightRange;
+
+ public:
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ MDefinition* foldUnnecessaryBitop();
+ virtual MDefinition* foldIfZero(size_t operand) = 0;
+ virtual MDefinition* foldIfNegOne(size_t operand) = 0;
+ virtual MDefinition* foldIfEqual() = 0;
+ virtual MDefinition* foldIfAllBitsSet(size_t operand) = 0;
+ void collectRangeInfoPreTrunc() override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return binaryCongruentTo(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ TruncateKind operandTruncateKind(size_t index) const override;
+};
+
+class MBitAnd : public MBinaryBitwiseInstruction {
+ MBitAnd(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryBitwiseInstruction(classOpcode, left, right, type) {
+ setCommutative();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BitAnd)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldIfZero(size_t operand) override {
+ return getOperand(operand); // 0 & x => 0;
+ }
+ MDefinition* foldIfNegOne(size_t operand) override {
+ return getOperand(1 - operand); // x & -1 => x
+ }
+ MDefinition* foldIfEqual() override {
+ return getOperand(0); // x & x => x;
+ }
+ MDefinition* foldIfAllBitsSet(size_t operand) override {
+ // e.g. for uint16: x & 0xffff => x;
+ return getOperand(1 - operand);
+ }
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBitAnd)
+};
+
+class MBitOr : public MBinaryBitwiseInstruction {
+ MBitOr(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryBitwiseInstruction(classOpcode, left, right, type) {
+ setCommutative();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BitOr)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldIfZero(size_t operand) override {
+ return getOperand(1 -
+ operand); // 0 | x => x, so if ith is 0, return (1-i)th
+ }
+ MDefinition* foldIfNegOne(size_t operand) override {
+ return getOperand(operand); // x | -1 => -1
+ }
+ MDefinition* foldIfEqual() override {
+ return getOperand(0); // x | x => x
+ }
+ MDefinition* foldIfAllBitsSet(size_t operand) override { return this; }
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBitOr)
+};
+
+class MBitXor : public MBinaryBitwiseInstruction {
+ MBitXor(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryBitwiseInstruction(classOpcode, left, right, type) {
+ setCommutative();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BitXor)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldIfZero(size_t operand) override {
+ return getOperand(1 - operand); // 0 ^ x => x
+ }
+ MDefinition* foldIfNegOne(size_t operand) override { return this; }
+ MDefinition* foldIfEqual() override { return this; }
+ MDefinition* foldIfAllBitsSet(size_t operand) override { return this; }
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBitXor)
+};
+
+class MShiftInstruction : public MBinaryBitwiseInstruction {
+ protected:
+ MShiftInstruction(Opcode op, MDefinition* left, MDefinition* right,
+ MIRType type)
+ : MBinaryBitwiseInstruction(op, left, right, type) {}
+
+ public:
+ MDefinition* foldIfNegOne(size_t operand) override { return this; }
+ MDefinition* foldIfEqual() override { return this; }
+ MDefinition* foldIfAllBitsSet(size_t operand) override { return this; }
+};
+
+class MLsh : public MShiftInstruction {
+ MLsh(MDefinition* left, MDefinition* right, MIRType type)
+ : MShiftInstruction(classOpcode, left, right, type) {}
+
+ public:
+ INSTRUCTION_HEADER(Lsh)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldIfZero(size_t operand) override {
+ // 0 << x => 0
+ // x << 0 => x
+ return getOperand(0);
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MLsh)
+};
+
+class MRsh : public MShiftInstruction {
+ MRsh(MDefinition* left, MDefinition* right, MIRType type)
+ : MShiftInstruction(classOpcode, left, right, type) {}
+
+ public:
+ INSTRUCTION_HEADER(Rsh)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldIfZero(size_t operand) override {
+ // 0 >> x => 0
+ // x >> 0 => x
+ return getOperand(0);
+ }
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MRsh)
+};
+
+class MUrsh : public MShiftInstruction {
+ bool bailoutsDisabled_;
+
+ MUrsh(MDefinition* left, MDefinition* right, MIRType type)
+ : MShiftInstruction(classOpcode, left, right, type),
+ bailoutsDisabled_(false) {}
+
+ public:
+ INSTRUCTION_HEADER(Ursh)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MUrsh* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, MIRType type);
+
+ MDefinition* foldIfZero(size_t operand) override {
+ // 0 >>> x => 0
+ if (operand == 0) {
+ return getOperand(0);
+ }
+
+ return this;
+ }
+
+ bool bailoutsDisabled() const { return bailoutsDisabled_; }
+
+ bool fallible() const;
+
+ void computeRange(TempAllocator& alloc) override;
+ void collectRangeInfoPreTrunc() override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MUrsh)
+};
+
+class MSignExtendInt32 : public MUnaryInstruction, public NoTypePolicy::Data {
+ public:
+ enum Mode { Byte, Half };
+
+ private:
+ Mode mode_;
+
+ MSignExtendInt32(MDefinition* op, Mode mode)
+ : MUnaryInstruction(classOpcode, op), mode_(mode) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(SignExtendInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ Mode mode() const { return mode_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!congruentIfOperandsEqual(ins)) {
+ return false;
+ }
+ return ins->isSignExtendInt32() && ins->toSignExtendInt32()->mode_ == mode_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MSignExtendInt32)
+};
+
+class MSignExtendInt64 : public MUnaryInstruction, public NoTypePolicy::Data {
+ public:
+ enum Mode { Byte, Half, Word };
+
+ private:
+ Mode mode_;
+
+ MSignExtendInt64(MDefinition* op, Mode mode)
+ : MUnaryInstruction(classOpcode, op), mode_(mode) {
+ setResultType(MIRType::Int64);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(SignExtendInt64)
+ TRIVIAL_NEW_WRAPPERS
+
+ Mode mode() const { return mode_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!congruentIfOperandsEqual(ins)) {
+ return false;
+ }
+ return ins->isSignExtendInt64() && ins->toSignExtendInt64()->mode_ == mode_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MSignExtendInt64)
+};
+
+class MBinaryArithInstruction : public MBinaryInstruction,
+ public ArithPolicy::Data {
+ // Implicit truncate flag is set by the truncate backward range analysis
+ // optimization phase, and by wasm pre-processing. It is used in
+ // NeedNegativeZeroCheck to check if the result of a multiplication needs to
+ // produce -0 double value, and for avoiding overflow checks.
+
+ // This optimization happens when the multiplication cannot be truncated
+ // even if all uses are truncating its result, such as when the range
+ // analysis detect a precision loss in the multiplication.
+ TruncateKind implicitTruncate_;
+
+ // Whether we must preserve NaN semantics, and in particular not fold
+ // (x op id) or (id op x) to x, or replace a division by a multiply of the
+ // exact reciprocal.
+ bool mustPreserveNaN_;
+
+ protected:
+ MBinaryArithInstruction(Opcode op, MDefinition* left, MDefinition* right,
+ MIRType type)
+ : MBinaryInstruction(op, left, right),
+ implicitTruncate_(TruncateKind::NoTruncate),
+ mustPreserveNaN_(false) {
+ MOZ_ASSERT(IsNumberType(type));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ void setMustPreserveNaN(bool b) { mustPreserveNaN_ = b; }
+ bool mustPreserveNaN() const { return mustPreserveNaN_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ virtual double getIdentity() = 0;
+
+ void setSpecialization(MIRType type) {
+ MOZ_ASSERT(IsNumberType(type));
+ setResultType(type);
+ }
+
+ virtual void trySpecializeFloat32(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!binaryCongruentTo(ins)) {
+ return false;
+ }
+ const auto* other = static_cast<const MBinaryArithInstruction*>(ins);
+ return other->mustPreserveNaN_ == mustPreserveNaN_;
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool isTruncated() const {
+ return implicitTruncate_ == TruncateKind::Truncate;
+ }
+ TruncateKind truncateKind() const { return implicitTruncate_; }
+ void setTruncateKind(TruncateKind kind) {
+ implicitTruncate_ = std::max(implicitTruncate_, kind);
+ }
+};
+
+class MMinMax : public MBinaryInstruction, public ArithPolicy::Data {
+ bool isMax_;
+
+ MMinMax(MDefinition* left, MDefinition* right, MIRType type, bool isMax)
+ : MBinaryInstruction(classOpcode, left, right), isMax_(isMax) {
+ MOZ_ASSERT(IsNumberType(type));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(MinMax)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MMinMax* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, MIRType type, bool isMax) {
+ return New(alloc, left, right, type, isMax);
+ }
+
+ bool isMax() const { return isMax_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!congruentIfOperandsEqual(ins)) {
+ return false;
+ }
+ const MMinMax* other = ins->toMinMax();
+ return other->isMax() == isMax();
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MMinMax)
+};
+
+class MAbs : public MUnaryInstruction, public ArithPolicy::Data {
+ bool implicitTruncate_;
+
+ MAbs(MDefinition* num, MIRType type)
+ : MUnaryInstruction(classOpcode, num), implicitTruncate_(false) {
+ MOZ_ASSERT(IsNumberType(type));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Abs)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MAbs* NewWasm(TempAllocator& alloc, MDefinition* num, MIRType type) {
+ auto* ins = new (alloc) MAbs(num, type);
+ if (type == MIRType::Int32) {
+ ins->implicitTruncate_ = true;
+ }
+ return ins;
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ bool fallible() const;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MAbs)
+};
+
+class MClz : public MUnaryInstruction, public BitwisePolicy::Data {
+ bool operandIsNeverZero_;
+
+ explicit MClz(MDefinition* num, MIRType type)
+ : MUnaryInstruction(classOpcode, num), operandIsNeverZero_(false) {
+ MOZ_ASSERT(IsIntType(type));
+ MOZ_ASSERT(IsNumberType(num->type()));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Clz)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, num))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool operandIsNeverZero() const { return operandIsNeverZero_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void computeRange(TempAllocator& alloc) override;
+ void collectRangeInfoPreTrunc() override;
+};
+
+class MCtz : public MUnaryInstruction, public BitwisePolicy::Data {
+ bool operandIsNeverZero_;
+
+ explicit MCtz(MDefinition* num, MIRType type)
+ : MUnaryInstruction(classOpcode, num), operandIsNeverZero_(false) {
+ MOZ_ASSERT(IsIntType(type));
+ MOZ_ASSERT(IsNumberType(num->type()));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Ctz)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, num))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool operandIsNeverZero() const { return operandIsNeverZero_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void computeRange(TempAllocator& alloc) override;
+ void collectRangeInfoPreTrunc() override;
+};
+
+class MPopcnt : public MUnaryInstruction, public BitwisePolicy::Data {
+ explicit MPopcnt(MDefinition* num, MIRType type)
+ : MUnaryInstruction(classOpcode, num) {
+ MOZ_ASSERT(IsNumberType(num->type()));
+ MOZ_ASSERT(IsIntType(type));
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Popcnt)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, num))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void computeRange(TempAllocator& alloc) override;
+};
+
+// Inline implementation of Math.sqrt().
+class MSqrt : public MUnaryInstruction, public FloatingPointPolicy<0>::Data {
+ MSqrt(MDefinition* num, MIRType type) : MUnaryInstruction(classOpcode, num) {
+ setResultType(type);
+ specialization_ = type;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Sqrt)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MSqrt)
+};
+
+class MCopySign : public MBinaryInstruction, public NoTypePolicy::Data {
+ MCopySign(MDefinition* lhs, MDefinition* rhs, MIRType type)
+ : MBinaryInstruction(classOpcode, lhs, rhs) {
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(CopySign)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MCopySign)
+};
+
+// Inline implementation of atan2 (arctangent of y/x).
+class MAtan2 : public MBinaryInstruction,
+ public MixPolicy<DoublePolicy<0>, DoublePolicy<1>>::Data {
+ MAtan2(MDefinition* y, MDefinition* x)
+ : MBinaryInstruction(classOpcode, y, x) {
+ setResultType(MIRType::Double);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Atan2)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, y), (1, x))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool possiblyCalls() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MAtan2)
+};
+
+// Inline implementation of Math.hypot().
+class MHypot : public MVariadicInstruction, public AllDoublePolicy::Data {
+ MHypot() : MVariadicInstruction(classOpcode) {
+ setResultType(MIRType::Double);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Hypot)
+ static MHypot* New(TempAllocator& alloc, const MDefinitionVector& vector);
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool possiblyCalls() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool canClone() const override { return true; }
+
+ MInstruction* clone(TempAllocator& alloc,
+ const MDefinitionVector& inputs) const override {
+ return MHypot::New(alloc, inputs);
+ }
+};
+
+// Inline implementation of Math.pow().
+//
+// Supports the following three specializations:
+//
+// 1. MPow(FloatingPoint, FloatingPoint) -> Double
+// - The most general mode, calls js::ecmaPow.
+// - Never performs a bailout.
+// 2. MPow(FloatingPoint, Int32) -> Double
+// - Optimization to call js::powi instead of js::ecmaPow.
+// - Never performs a bailout.
+// 3. MPow(Int32, Int32) -> Int32
+// - Performs the complete exponentiation operation in assembly code.
+// - Bails out if the result doesn't fit in Int32.
+class MPow : public MBinaryInstruction, public PowPolicy::Data {
+ // If true, convert the power operand to int32 instead of double (this only
+ // affects the Double specialization). This exists because we can sometimes
+ // get more precise types during MIR building than in type analysis.
+ bool powerIsInt32_ : 1;
+
+ // If true, the result is guaranteed to never be negative zero, as long as the
+ // power is a positive number.
+ bool canBeNegativeZero_ : 1;
+
+ MPow(MDefinition* input, MDefinition* power, MIRType specialization)
+ : MBinaryInstruction(classOpcode, input, power),
+ powerIsInt32_(power->type() == MIRType::Int32) {
+ MOZ_ASSERT(specialization == MIRType::Int32 ||
+ specialization == MIRType::Double);
+ setResultType(specialization);
+ setMovable();
+
+ // The result can't be negative zero if the base is an Int32 value.
+ canBeNegativeZero_ = input->type() != MIRType::Int32;
+ }
+
+ // Helpers for `foldsTo`
+ MDefinition* foldsConstant(TempAllocator& alloc);
+ MDefinition* foldsConstantPower(TempAllocator& alloc);
+
+ bool canBeNegativeZero() const { return canBeNegativeZero_; }
+
+ public:
+ INSTRUCTION_HEADER(Pow)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* input() const { return lhs(); }
+ MDefinition* power() const { return rhs(); }
+ bool powerIsInt32() const { return powerIsInt32_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isPow() || ins->toPow()->powerIsInt32() != powerIsInt32()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool possiblyCalls() const override { return type() != MIRType::Int32; }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MPow)
+};
+
+// Inline implementation of Math.pow(x, 0.5), which subtly differs from
+// Math.sqrt(x).
+class MPowHalf : public MUnaryInstruction, public DoublePolicy<0>::Data {
+ bool operandIsNeverNegativeInfinity_;
+ bool operandIsNeverNegativeZero_;
+ bool operandIsNeverNaN_;
+
+ explicit MPowHalf(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input),
+ operandIsNeverNegativeInfinity_(false),
+ operandIsNeverNegativeZero_(false),
+ operandIsNeverNaN_(false) {
+ setResultType(MIRType::Double);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(PowHalf)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ bool operandIsNeverNegativeInfinity() const {
+ return operandIsNeverNegativeInfinity_;
+ }
+ bool operandIsNeverNegativeZero() const {
+ return operandIsNeverNegativeZero_;
+ }
+ bool operandIsNeverNaN() const { return operandIsNeverNaN_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void collectRangeInfoPreTrunc() override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MPowHalf)
+};
+
+// Inline implementation of Math.random().
+class MRandom : public MNullaryInstruction {
+ MRandom() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Double);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Random)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool possiblyCalls() const override { return true; }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ bool canRecoverOnBailout() const override {
+ return !js::SupportDifferentialTesting();
+ }
+
+ ALLOW_CLONE(MRandom)
+};
+
+class MSign : public MUnaryInstruction, public SignPolicy::Data {
+ private:
+ MSign(MDefinition* input, MIRType resultType)
+ : MUnaryInstruction(classOpcode, input) {
+ MOZ_ASSERT(IsNumberType(input->type()));
+ MOZ_ASSERT(resultType == MIRType::Int32 || resultType == MIRType::Double);
+ specialization_ = input->type();
+ setResultType(resultType);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Sign)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MSign)
+};
+
+class MMathFunction : public MUnaryInstruction,
+ public FloatingPointPolicy<0>::Data {
+ UnaryMathFunction function_;
+
+ // A nullptr cache means this function will neither access nor update the
+ // cache.
+ MMathFunction(MDefinition* input, UnaryMathFunction function)
+ : MUnaryInstruction(classOpcode, input), function_(function) {
+ setResultType(MIRType::Double);
+ specialization_ = MIRType::Double;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(MathFunction)
+ TRIVIAL_NEW_WRAPPERS
+
+ UnaryMathFunction function() const { return function_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isMathFunction()) {
+ return false;
+ }
+ if (ins->toMathFunction()->function() != function()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool possiblyCalls() const override { return true; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ static const char* FunctionName(UnaryMathFunction function);
+
+ bool isFloat32Commutative() const override;
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override;
+
+ ALLOW_CLONE(MMathFunction)
+};
+
+class MAdd : public MBinaryArithInstruction {
+ MAdd(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryArithInstruction(classOpcode, left, right, type) {
+ setCommutative();
+ }
+
+ MAdd(MDefinition* left, MDefinition* right, TruncateKind truncateKind)
+ : MAdd(left, right, MIRType::Int32) {
+ setTruncateKind(truncateKind);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Add)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MAdd* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, MIRType type) {
+ auto* ret = new (alloc) MAdd(left, right, type);
+ if (type == MIRType::Int32) {
+ ret->setTruncateKind(TruncateKind::Truncate);
+ }
+ return ret;
+ }
+
+ bool isFloat32Commutative() const override { return true; }
+
+ double getIdentity() override { return 0; }
+
+ bool fallible() const;
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MAdd)
+};
+
+class MSub : public MBinaryArithInstruction {
+ MSub(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryArithInstruction(classOpcode, left, right, type) {}
+
+ public:
+ INSTRUCTION_HEADER(Sub)
+ TRIVIAL_NEW_WRAPPERS
+
+ static MSub* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, MIRType type, bool mustPreserveNaN) {
+ auto* ret = new (alloc) MSub(left, right, type);
+ ret->setMustPreserveNaN(mustPreserveNaN);
+ if (type == MIRType::Int32) {
+ ret->setTruncateKind(TruncateKind::Truncate);
+ }
+ return ret;
+ }
+
+ double getIdentity() override { return 0; }
+
+ bool isFloat32Commutative() const override { return true; }
+
+ bool fallible() const;
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MSub)
+};
+
+class MMul : public MBinaryArithInstruction {
+ public:
+ enum Mode { Normal, Integer };
+
+ private:
+ // Annotation the result could be a negative zero
+ // and we need to guard this during execution.
+ bool canBeNegativeZero_;
+
+ Mode mode_;
+
+ MMul(MDefinition* left, MDefinition* right, MIRType type, Mode mode)
+ : MBinaryArithInstruction(classOpcode, left, right, type),
+ canBeNegativeZero_(true),
+ mode_(mode) {
+ setCommutative();
+ if (mode == Integer) {
+ // This implements the required behavior for Math.imul, which
+ // can never fail and always truncates its output to int32.
+ canBeNegativeZero_ = false;
+ setTruncateKind(TruncateKind::Truncate);
+ }
+ MOZ_ASSERT_IF(mode != Integer, mode == Normal);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Mul)
+
+ static MMul* New(TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MIRType type, Mode mode = Normal) {
+ return new (alloc) MMul(left, right, type, mode);
+ }
+ static MMul* NewWasm(TempAllocator& alloc, MDefinition* left,
+ MDefinition* right, MIRType type, Mode mode,
+ bool mustPreserveNaN) {
+ auto* ret = new (alloc) MMul(left, right, type, mode);
+ ret->setMustPreserveNaN(mustPreserveNaN);
+ return ret;
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void analyzeEdgeCasesForward() override;
+ void analyzeEdgeCasesBackward() override;
+ void collectRangeInfoPreTrunc() override;
+
+ double getIdentity() override { return 1; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isMul()) {
+ return false;
+ }
+
+ const MMul* mul = ins->toMul();
+ if (canBeNegativeZero_ != mul->canBeNegativeZero()) {
+ return false;
+ }
+
+ if (mode_ != mul->mode()) {
+ return false;
+ }
+
+ if (mustPreserveNaN() != mul->mustPreserveNaN()) {
+ return false;
+ }
+
+ return binaryCongruentTo(ins);
+ }
+
+ bool canOverflow() const;
+
+ bool canBeNegativeZero() const { return canBeNegativeZero_; }
+ void setCanBeNegativeZero(bool negativeZero) {
+ canBeNegativeZero_ = negativeZero;
+ }
+
+ [[nodiscard]] bool updateForReplacement(MDefinition* ins) override;
+
+ bool fallible() const { return canBeNegativeZero_ || canOverflow(); }
+
+ bool isFloat32Commutative() const override { return true; }
+
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ Mode mode() const { return mode_; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MMul)
+};
+
+class MDiv : public MBinaryArithInstruction {
+ bool canBeNegativeZero_;
+ bool canBeNegativeOverflow_;
+ bool canBeDivideByZero_;
+ bool canBeNegativeDividend_;
+ bool unsigned_; // If false, signedness will be derived from operands
+ bool trapOnError_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MDiv(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryArithInstruction(classOpcode, left, right, type),
+ canBeNegativeZero_(true),
+ canBeNegativeOverflow_(true),
+ canBeDivideByZero_(true),
+ canBeNegativeDividend_(true),
+ unsigned_(false),
+ trapOnError_(false) {}
+
+ public:
+ INSTRUCTION_HEADER(Div)
+
+ static MDiv* New(TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MIRType type) {
+ return new (alloc) MDiv(left, right, type);
+ }
+ static MDiv* New(TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MIRType type, bool unsignd, bool trapOnError = false,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset(),
+ bool mustPreserveNaN = false) {
+ auto* div = new (alloc) MDiv(left, right, type);
+ div->unsigned_ = unsignd;
+ div->trapOnError_ = trapOnError;
+ div->bytecodeOffset_ = bytecodeOffset;
+ if (trapOnError) {
+ div->setGuard(); // not removable because of possible side-effects.
+ div->setNotMovable();
+ }
+ div->setMustPreserveNaN(mustPreserveNaN);
+ if (type == MIRType::Int32) {
+ div->setTruncateKind(TruncateKind::Truncate);
+ }
+ return div;
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ void analyzeEdgeCasesForward() override;
+ void analyzeEdgeCasesBackward() override;
+
+ double getIdentity() override { MOZ_CRASH("not used"); }
+
+ bool canBeNegativeZero() const { return canBeNegativeZero_; }
+ void setCanBeNegativeZero(bool negativeZero) {
+ canBeNegativeZero_ = negativeZero;
+ }
+
+ bool canBeNegativeOverflow() const { return canBeNegativeOverflow_; }
+
+ bool canBeDivideByZero() const { return canBeDivideByZero_; }
+
+ bool canBeNegativeDividend() const {
+ // "Dividend" is an ambiguous concept for unsigned truncated
+ // division, because of the truncation procedure:
+ // ((x>>>0)/2)|0, for example, gets transformed in
+ // MDiv::truncate into a node with lhs representing x (not
+ // x>>>0) and rhs representing the constant 2; in other words,
+ // the MIR node corresponds to "cast operands to unsigned and
+ // divide" operation. In this case, is the dividend x or is it
+ // x>>>0? In order to resolve such ambiguities, we disallow
+ // the usage of this method for unsigned division.
+ MOZ_ASSERT(!unsigned_);
+ return canBeNegativeDividend_;
+ }
+
+ bool isUnsigned() const { return unsigned_; }
+
+ bool isTruncatedIndirectly() const {
+ return truncateKind() >= TruncateKind::IndirectTruncate;
+ }
+
+ bool canTruncateInfinities() const { return isTruncated(); }
+ bool canTruncateRemainder() const { return isTruncated(); }
+ bool canTruncateOverflow() const {
+ return isTruncated() || isTruncatedIndirectly();
+ }
+ bool canTruncateNegativeZero() const {
+ return isTruncated() || isTruncatedIndirectly();
+ }
+
+ bool trapOnError() const { return trapOnError_; }
+ wasm::BytecodeOffset bytecodeOffset() const {
+ MOZ_ASSERT(bytecodeOffset_.isValid());
+ return bytecodeOffset_;
+ }
+
+ bool isFloat32Commutative() const override { return true; }
+
+ void computeRange(TempAllocator& alloc) override;
+ bool fallible() const;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ void collectRangeInfoPreTrunc() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!MBinaryArithInstruction::congruentTo(ins)) {
+ return false;
+ }
+ const MDiv* other = ins->toDiv();
+ MOZ_ASSERT(other->trapOnError() == trapOnError_);
+ return unsigned_ == other->isUnsigned();
+ }
+
+ ALLOW_CLONE(MDiv)
+};
+
+class MWasmBuiltinDivI64 : public MAryInstruction<3>, public ArithPolicy::Data {
+ bool canBeNegativeZero_;
+ bool canBeNegativeOverflow_;
+ bool canBeDivideByZero_;
+ bool canBeNegativeDividend_;
+ bool unsigned_; // If false, signedness will be derived from operands
+ bool trapOnError_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmBuiltinDivI64(MDefinition* left, MDefinition* right, MDefinition* tls)
+ : MAryInstruction(classOpcode),
+ canBeNegativeZero_(true),
+ canBeNegativeOverflow_(true),
+ canBeDivideByZero_(true),
+ canBeNegativeDividend_(true),
+ unsigned_(false),
+ trapOnError_(false) {
+ initOperand(0, left);
+ initOperand(1, right);
+ initOperand(2, tls);
+
+ setResultType(MIRType::Int64);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBuiltinDivI64)
+
+ NAMED_OPERANDS((0, lhs), (1, rhs), (2, tls))
+
+ static MWasmBuiltinDivI64* New(
+ TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MDefinition* tls, bool unsignd, bool trapOnError = false,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset()) {
+ auto* wasm64Div = new (alloc) MWasmBuiltinDivI64(left, right, tls);
+ wasm64Div->unsigned_ = unsignd;
+ wasm64Div->trapOnError_ = trapOnError;
+ wasm64Div->bytecodeOffset_ = bytecodeOffset;
+ if (trapOnError) {
+ wasm64Div->setGuard(); // not removable because of possible side-effects.
+ wasm64Div->setNotMovable();
+ }
+ return wasm64Div;
+ }
+
+ bool canBeNegativeZero() const { return canBeNegativeZero_; }
+ void setCanBeNegativeZero(bool negativeZero) {
+ canBeNegativeZero_ = negativeZero;
+ }
+
+ bool canBeNegativeOverflow() const { return canBeNegativeOverflow_; }
+
+ bool canBeDivideByZero() const { return canBeDivideByZero_; }
+
+ bool canBeNegativeDividend() const {
+ // "Dividend" is an ambiguous concept for unsigned truncated
+ // division, because of the truncation procedure:
+ // ((x>>>0)/2)|0, for example, gets transformed in
+ // MWasmDiv::truncate into a node with lhs representing x (not
+ // x>>>0) and rhs representing the constant 2; in other words,
+ // the MIR node corresponds to "cast operands to unsigned and
+ // divide" operation. In this case, is the dividend x or is it
+ // x>>>0? In order to resolve such ambiguities, we disallow
+ // the usage of this method for unsigned division.
+ MOZ_ASSERT(!unsigned_);
+ return canBeNegativeDividend_;
+ }
+
+ bool isUnsigned() const { return unsigned_; }
+
+ bool trapOnError() const { return trapOnError_; }
+ wasm::BytecodeOffset bytecodeOffset() const {
+ MOZ_ASSERT(bytecodeOffset_.isValid());
+ return bytecodeOffset_;
+ }
+
+ ALLOW_CLONE(MWasmBuiltinDivI64)
+};
+
+class MMod : public MBinaryArithInstruction {
+ bool unsigned_; // If false, signedness will be derived from operands
+ bool canBeNegativeDividend_;
+ bool canBePowerOfTwoDivisor_;
+ bool canBeDivideByZero_;
+ bool trapOnError_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MMod(MDefinition* left, MDefinition* right, MIRType type)
+ : MBinaryArithInstruction(classOpcode, left, right, type),
+ unsigned_(false),
+ canBeNegativeDividend_(true),
+ canBePowerOfTwoDivisor_(true),
+ canBeDivideByZero_(true),
+ trapOnError_(false) {}
+
+ public:
+ INSTRUCTION_HEADER(Mod)
+
+ static MMod* New(TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MIRType type) {
+ return new (alloc) MMod(left, right, type);
+ }
+ static MMod* New(
+ TempAllocator& alloc, MDefinition* left, MDefinition* right, MIRType type,
+ bool unsignd, bool trapOnError = false,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset()) {
+ auto* mod = new (alloc) MMod(left, right, type);
+ mod->unsigned_ = unsignd;
+ mod->trapOnError_ = trapOnError;
+ mod->bytecodeOffset_ = bytecodeOffset;
+ if (trapOnError) {
+ mod->setGuard(); // not removable because of possible side-effects.
+ mod->setNotMovable();
+ }
+ if (type == MIRType::Int32) {
+ mod->setTruncateKind(TruncateKind::Truncate);
+ }
+ return mod;
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ double getIdentity() override { MOZ_CRASH("not used"); }
+
+ bool canBeNegativeDividend() const {
+ MOZ_ASSERT(type() == MIRType::Int32 || type() == MIRType::Int64);
+ MOZ_ASSERT(!unsigned_);
+ return canBeNegativeDividend_;
+ }
+
+ bool canBeDivideByZero() const {
+ MOZ_ASSERT(type() == MIRType::Int32 || type() == MIRType::Int64);
+ return canBeDivideByZero_;
+ }
+
+ bool canBePowerOfTwoDivisor() const {
+ MOZ_ASSERT(type() == MIRType::Int32);
+ return canBePowerOfTwoDivisor_;
+ }
+
+ void analyzeEdgeCasesForward() override;
+
+ bool isUnsigned() const { return unsigned_; }
+
+ bool trapOnError() const { return trapOnError_; }
+ wasm::BytecodeOffset bytecodeOffset() const {
+ MOZ_ASSERT(bytecodeOffset_.isValid());
+ return bytecodeOffset_;
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool fallible() const;
+
+ void computeRange(TempAllocator& alloc) override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+ void collectRangeInfoPreTrunc() override;
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return MBinaryArithInstruction::congruentTo(ins) &&
+ unsigned_ == ins->toMod()->isUnsigned();
+ }
+
+ bool possiblyCalls() const override { return type() == MIRType::Double; }
+
+ ALLOW_CLONE(MMod)
+};
+
+class MWasmBuiltinModD : public MAryInstruction<3>, public ArithPolicy::Data {
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmBuiltinModD(MDefinition* left, MDefinition* right, MDefinition* tls,
+ MIRType type)
+ : MAryInstruction(classOpcode) {
+ initOperand(0, left);
+ initOperand(1, right);
+ initOperand(2, tls);
+
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBuiltinModD)
+ NAMED_OPERANDS((0, lhs), (1, rhs), (2, tls))
+
+ static MWasmBuiltinModD* New(
+ TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MDefinition* tls, MIRType type,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset()) {
+ auto* wasmBuiltinModD =
+ new (alloc) MWasmBuiltinModD(left, right, tls, type);
+ wasmBuiltinModD->bytecodeOffset_ = bytecodeOffset;
+ return wasmBuiltinModD;
+ }
+
+ wasm::BytecodeOffset bytecodeOffset() const {
+ MOZ_ASSERT(bytecodeOffset_.isValid());
+ return bytecodeOffset_;
+ }
+
+ ALLOW_CLONE(MWasmBuiltinModD)
+};
+
+class MWasmBuiltinModI64 : public MAryInstruction<3>, public ArithPolicy::Data {
+ bool unsigned_; // If false, signedness will be derived from operands
+ bool canBeNegativeDividend_;
+ bool canBeDivideByZero_;
+ bool trapOnError_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmBuiltinModI64(MDefinition* left, MDefinition* right, MDefinition* tls)
+ : MAryInstruction(classOpcode),
+ unsigned_(false),
+ canBeNegativeDividend_(true),
+ canBeDivideByZero_(true),
+ trapOnError_(false) {
+ initOperand(0, left);
+ initOperand(1, right);
+ initOperand(2, tls);
+
+ setResultType(MIRType::Int64);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBuiltinModI64)
+
+ NAMED_OPERANDS((0, lhs), (1, rhs), (2, tls))
+
+ static MWasmBuiltinModI64* New(
+ TempAllocator& alloc, MDefinition* left, MDefinition* right,
+ MDefinition* tls, bool unsignd, bool trapOnError = false,
+ wasm::BytecodeOffset bytecodeOffset = wasm::BytecodeOffset()) {
+ auto* mod = new (alloc) MWasmBuiltinModI64(left, right, tls);
+ mod->unsigned_ = unsignd;
+ mod->trapOnError_ = trapOnError;
+ mod->bytecodeOffset_ = bytecodeOffset;
+ if (trapOnError) {
+ mod->setGuard(); // not removable because of possible side-effects.
+ mod->setNotMovable();
+ }
+ return mod;
+ }
+
+ bool canBeNegativeDividend() const {
+ MOZ_ASSERT(!unsigned_);
+ return canBeNegativeDividend_;
+ }
+
+ bool canBeDivideByZero() const { return canBeDivideByZero_; }
+
+ bool isUnsigned() const { return unsigned_; }
+
+ bool trapOnError() const { return trapOnError_; }
+ wasm::BytecodeOffset bytecodeOffset() const {
+ MOZ_ASSERT(bytecodeOffset_.isValid());
+ return bytecodeOffset_;
+ }
+
+ ALLOW_CLONE(MWasmBuiltinModI64)
+};
+
+class MBigIntBinaryArithInstruction : public MBinaryInstruction,
+ public BigIntArithPolicy::Data {
+ protected:
+ MBigIntBinaryArithInstruction(Opcode op, MDefinition* left,
+ MDefinition* right)
+ : MBinaryInstruction(op, left, right) {
+ setResultType(MIRType::BigInt);
+ setMovable();
+ }
+
+ public:
+ bool congruentTo(const MDefinition* ins) const override {
+ return binaryCongruentTo(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MBigIntAdd : public MBigIntBinaryArithInstruction {
+ MBigIntAdd(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ setCommutative();
+
+ // Don't guard this instruction even though adding two BigInts can throw
+ // JSMSG_BIGINT_TOO_LARGE. This matches the behavior when adding too large
+ // strings in MConcat.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntAdd)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntAdd)
+};
+
+class MBigIntSub : public MBigIntBinaryArithInstruction {
+ MBigIntSub(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntSub)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntSub)
+};
+
+class MBigIntMul : public MBigIntBinaryArithInstruction {
+ MBigIntMul(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ setCommutative();
+
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntMul)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntMul)
+};
+
+class MBigIntDiv : public MBigIntBinaryArithInstruction {
+ bool canBeDivideByZero_;
+
+ MBigIntDiv(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ MOZ_ASSERT(right->type() == MIRType::BigInt);
+ canBeDivideByZero_ =
+ !right->isConstant() || right->toConstant()->toBigInt()->isZero();
+
+ // Throws when the divisor is zero.
+ if (canBeDivideByZero_) {
+ setGuard();
+ setNotMovable();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntDiv)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool canBeDivideByZero() const { return canBeDivideByZero_; }
+
+ AliasSet getAliasSet() const override {
+ if (canBeDivideByZero()) {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+ return AliasSet::None();
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return !canBeDivideByZero(); }
+
+ ALLOW_CLONE(MBigIntDiv)
+};
+
+class MBigIntMod : public MBigIntBinaryArithInstruction {
+ bool canBeDivideByZero_;
+
+ MBigIntMod(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ MOZ_ASSERT(right->type() == MIRType::BigInt);
+ canBeDivideByZero_ =
+ !right->isConstant() || right->toConstant()->toBigInt()->isZero();
+
+ // Throws when the divisor is zero.
+ if (canBeDivideByZero_) {
+ setGuard();
+ setNotMovable();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntMod)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool canBeDivideByZero() const { return canBeDivideByZero_; }
+
+ AliasSet getAliasSet() const override {
+ if (canBeDivideByZero()) {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+ return AliasSet::None();
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return !canBeDivideByZero(); }
+
+ ALLOW_CLONE(MBigIntMod)
+};
+
+class MBigIntPow : public MBigIntBinaryArithInstruction {
+ bool canBeNegativeExponent_;
+
+ MBigIntPow(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ MOZ_ASSERT(right->type() == MIRType::BigInt);
+ canBeNegativeExponent_ =
+ !right->isConstant() || right->toConstant()->toBigInt()->isNegative();
+
+ // Throws when the exponent is negative.
+ if (canBeNegativeExponent_) {
+ setGuard();
+ setNotMovable();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntPow)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool canBeNegativeExponent() const { return canBeNegativeExponent_; }
+
+ AliasSet getAliasSet() const override {
+ if (canBeNegativeExponent()) {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+ return AliasSet::None();
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return !canBeNegativeExponent(); }
+
+ ALLOW_CLONE(MBigIntPow)
+};
+
+class MBigIntBitAnd : public MBigIntBinaryArithInstruction {
+ MBigIntBitAnd(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ setCommutative();
+
+ // We don't need to guard this instruction because it can only fail on OOM.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntBitAnd)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntBitAnd)
+};
+
+class MBigIntBitOr : public MBigIntBinaryArithInstruction {
+ MBigIntBitOr(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ setCommutative();
+
+ // We don't need to guard this instruction because it can only fail on OOM.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntBitOr)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntBitOr)
+};
+
+class MBigIntBitXor : public MBigIntBinaryArithInstruction {
+ MBigIntBitXor(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ setCommutative();
+
+ // We don't need to guard this instruction because it can only fail on OOM.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntBitXor)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntBitXor)
+};
+
+class MBigIntLsh : public MBigIntBinaryArithInstruction {
+ MBigIntLsh(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntLsh)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntLsh)
+};
+
+class MBigIntRsh : public MBigIntBinaryArithInstruction {
+ MBigIntRsh(MDefinition* left, MDefinition* right)
+ : MBigIntBinaryArithInstruction(classOpcode, left, right) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntRsh)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntRsh)
+};
+
+class MBigIntUnaryArithInstruction : public MUnaryInstruction,
+ public BigIntArithPolicy::Data {
+ protected:
+ MBigIntUnaryArithInstruction(Opcode op, MDefinition* input)
+ : MUnaryInstruction(op, input) {
+ setResultType(MIRType::BigInt);
+ setMovable();
+ }
+
+ public:
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MBigIntIncrement : public MBigIntUnaryArithInstruction {
+ explicit MBigIntIncrement(MDefinition* input)
+ : MBigIntUnaryArithInstruction(classOpcode, input) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntIncrement)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntIncrement)
+};
+
+class MBigIntDecrement : public MBigIntUnaryArithInstruction {
+ explicit MBigIntDecrement(MDefinition* input)
+ : MBigIntUnaryArithInstruction(classOpcode, input) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntDecrement)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntDecrement)
+};
+
+class MBigIntNegate : public MBigIntUnaryArithInstruction {
+ explicit MBigIntNegate(MDefinition* input)
+ : MBigIntUnaryArithInstruction(classOpcode, input) {
+ // We don't need to guard this instruction because it can only fail on OOM.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntNegate)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntNegate)
+};
+
+class MBigIntBitNot : public MBigIntUnaryArithInstruction {
+ explicit MBigIntBitNot(MDefinition* input)
+ : MBigIntUnaryArithInstruction(classOpcode, input) {
+ // See MBigIntAdd for why we don't guard this instruction.
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntBitNot)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntBitNot)
+};
+
+class MConcat : public MBinaryInstruction,
+ public MixPolicy<ConvertToStringPolicy<0>,
+ ConvertToStringPolicy<1>>::Data {
+ MConcat(MDefinition* left, MDefinition* right)
+ : MBinaryInstruction(classOpcode, left, right) {
+ // At least one input should be definitely string
+ MOZ_ASSERT(left->type() == MIRType::String ||
+ right->type() == MIRType::String);
+
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Concat)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MConcat)
+};
+
+class MCharCodeAt
+ : public MBinaryInstruction,
+ public MixPolicy<StringPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MCharCodeAt(MDefinition* str, MDefinition* index)
+ : MBinaryInstruction(classOpcode, str, index) {
+ setMovable();
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CharCodeAt)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string), (1, index))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ virtual AliasSet getAliasSet() const override {
+ // Strings are immutable, so there is no implicit dependency.
+ return AliasSet::None();
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MCharCodeAt)
+};
+
+class MFromCharCode : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ explicit MFromCharCode(MDefinition* code)
+ : MUnaryInstruction(classOpcode, code) {
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(FromCharCode)
+ TRIVIAL_NEW_WRAPPERS
+
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MFromCharCode)
+};
+
+class MFromCodePoint : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ explicit MFromCodePoint(MDefinition* codePoint)
+ : MUnaryInstruction(classOpcode, codePoint) {
+ setGuard(); // throws on invalid code point
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(FromCodePoint)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ ALLOW_CLONE(MFromCodePoint)
+};
+
+class MStringConvertCase : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ public:
+ enum Mode { LowerCase, UpperCase };
+
+ private:
+ Mode mode_;
+
+ MStringConvertCase(MDefinition* string, Mode mode)
+ : MUnaryInstruction(classOpcode, string), mode_(mode) {
+ setResultType(MIRType::String);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(StringConvertCase)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toStringConvertCase()->mode() == mode();
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool possiblyCalls() const override { return true; }
+ Mode mode() const { return mode_; }
+};
+
+class MStringSplit : public MBinaryInstruction,
+ public MixPolicy<StringPolicy<0>, StringPolicy<1>>::Data {
+ MStringSplit(TempAllocator& alloc, MDefinition* string, MDefinition* sep)
+ : MBinaryInstruction(classOpcode, string, sep) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StringSplit)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, string), (1, separator))
+
+ bool possiblyCalls() const override { return true; }
+ virtual AliasSet getAliasSet() const override {
+ // Although this instruction returns a new array, we don't have to mark
+ // it as store instruction, see also MNewArray.
+ return AliasSet::None();
+ }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// Returns the object to use as |this| value in a non-strict function. See also
+// BoxNonStrictThis in Interpreter.h.
+class MBoxNonStrictThis : public MUnaryInstruction, public BoxPolicy<0>::Data {
+ CompilerObject globalThis_;
+
+ MBoxNonStrictThis(MDefinition* def, JSObject* globalThis)
+ : MUnaryInstruction(classOpcode, def), globalThis_(globalThis) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BoxNonStrictThis)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ JSObject* globalThis() const { return globalThis_; }
+
+ bool possiblyCalls() const override { return true; }
+
+ AliasSet getAliasSet() const override {
+ // This instruction can allocate a new object for wrapped primitives, but
+ // has no effect on existing objects.
+ return AliasSet::None();
+ }
+};
+
+class MImplicitThis : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerPropertyName name_;
+
+ MImplicitThis(MDefinition* envChain, PropertyName* name)
+ : MUnaryInstruction(classOpcode, envChain), name_(name) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ImplicitThis)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, envChain))
+
+ PropertyName* name() const { return name_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Load an arrow function's |new.target| value.
+class MArrowNewTarget : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArrowNewTarget(MDefinition* callee)
+ : MUnaryInstruction(classOpcode, callee) {
+ setResultType(MIRType::Value);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrowNewTarget)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, callee))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ // An arrow function's lexical |this| value is immutable.
+ return AliasSet::None();
+ }
+};
+
+// This is a 3 state flag used by FlagPhiInputsAsHavingRemovedUses to record and
+// propagate the information about the consumers of a Phi instruction. This is
+// then used to set UseRemoved flags on the inputs of such Phi instructions.
+enum class PhiUsage : uint8_t { Unknown, Unused, Used };
+
+using PhiVector = Vector<MPhi*, 4, JitAllocPolicy>;
+
+class MPhi final : public MDefinition,
+ public InlineListNode<MPhi>,
+ public NoTypePolicy::Data {
+ using InputVector = js::Vector<MUse, 2, JitAllocPolicy>;
+ InputVector inputs_;
+
+ TruncateKind truncateKind_;
+ bool triedToSpecialize_;
+ bool isIterator_;
+ bool canProduceFloat32_;
+ bool canConsumeFloat32_;
+ // Record the state of the data flow before any mutation made to the control
+ // flow, such that removing branches is properly accounted for.
+ PhiUsage usageAnalysis_;
+
+ protected:
+ MUse* getUseFor(size_t index) override {
+ MOZ_ASSERT(index < numOperands());
+ return &inputs_[index];
+ }
+ const MUse* getUseFor(size_t index) const override { return &inputs_[index]; }
+
+ public:
+ INSTRUCTION_HEADER_WITHOUT_TYPEPOLICY(Phi)
+ virtual const TypePolicy* typePolicy();
+ virtual MIRType typePolicySpecialization();
+
+ MPhi(TempAllocator& alloc, MIRType resultType)
+ : MDefinition(classOpcode),
+ inputs_(alloc),
+ truncateKind_(TruncateKind::NoTruncate),
+ triedToSpecialize_(false),
+ isIterator_(false),
+ canProduceFloat32_(false),
+ canConsumeFloat32_(false),
+ usageAnalysis_(PhiUsage::Unknown) {
+ setResultType(resultType);
+ }
+
+ static MPhi* New(TempAllocator& alloc, MIRType resultType = MIRType::Value) {
+ return new (alloc) MPhi(alloc, resultType);
+ }
+ static MPhi* New(TempAllocator::Fallible alloc,
+ MIRType resultType = MIRType::Value) {
+ return new (alloc) MPhi(alloc.alloc, resultType);
+ }
+
+ void removeOperand(size_t index);
+ void removeAllOperands();
+
+ MDefinition* getOperand(size_t index) const override {
+ return inputs_[index].producer();
+ }
+ size_t numOperands() const override { return inputs_.length(); }
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u >= &inputs_[0]);
+ MOZ_ASSERT(u <= &inputs_[numOperands() - 1]);
+ return u - &inputs_[0];
+ }
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ inputs_[index].replaceProducer(operand);
+ }
+ bool triedToSpecialize() const { return triedToSpecialize_; }
+ void specialize(MIRType type) {
+ triedToSpecialize_ = true;
+ setResultType(type);
+ }
+
+#ifdef DEBUG
+ // Assert that this is a phi in a loop header with a unique predecessor and
+ // a unique backedge.
+ void assertLoopPhi() const;
+#else
+ void assertLoopPhi() const {}
+#endif
+
+ // Assuming this phi is in a loop header with a unique loop entry, return
+ // the phi operand along the loop entry.
+ MDefinition* getLoopPredecessorOperand() const {
+ assertLoopPhi();
+ return getOperand(0);
+ }
+
+ // Assuming this phi is in a loop header with a unique loop entry, return
+ // the phi operand along the loop backedge.
+ MDefinition* getLoopBackedgeOperand() const {
+ assertLoopPhi();
+ return getOperand(1);
+ }
+
+ // Whether this phi's type already includes information for def.
+ bool typeIncludes(MDefinition* def);
+
+ // Mark all phis in |iterators|, and the phis they flow into, as having
+ // implicit uses.
+ [[nodiscard]] static bool markIteratorPhis(const PhiVector& iterators);
+
+ // Initializes the operands vector to the given capacity,
+ // permitting use of addInput() instead of addInputSlow().
+ [[nodiscard]] bool reserveLength(size_t length) {
+ return inputs_.reserve(length);
+ }
+
+ // Use only if capacity has been reserved by reserveLength
+ void addInput(MDefinition* ins) {
+ MOZ_ASSERT_IF(type() != MIRType::Value, ins->type() == type());
+ inputs_.infallibleEmplaceBack(ins, this);
+ }
+
+ // Appends a new input to the input vector. May perform reallocation.
+ // Prefer reserveLength() and addInput() instead, where possible.
+ [[nodiscard]] bool addInputSlow(MDefinition* ins) {
+ MOZ_ASSERT_IF(type() != MIRType::Value, ins->type() == type());
+ return inputs_.emplaceBack(ins, this);
+ }
+
+ // Appends a new input to the input vector. Infallible because
+ // we know the inputs fits in the vector's inline storage.
+ void addInlineInput(MDefinition* ins) {
+ MOZ_ASSERT(inputs_.length() < InputVector::InlineLength);
+ MOZ_ALWAYS_TRUE(addInputSlow(ins));
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ MDefinition* foldsTernary(TempAllocator& alloc);
+
+ bool congruentTo(const MDefinition* ins) const override;
+ bool updateForReplacement(MDefinition* def) override;
+
+ bool isIterator() const { return isIterator_; }
+ void setIterator() { isIterator_ = true; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+ MDefinition* operandIfRedundant();
+
+ bool canProduceFloat32() const override { return canProduceFloat32_; }
+
+ void setCanProduceFloat32(bool can) { canProduceFloat32_ = can; }
+
+ bool canConsumeFloat32(MUse* use) const override {
+ return canConsumeFloat32_;
+ }
+
+ void setCanConsumeFloat32(bool can) { canConsumeFloat32_ = can; }
+
+ TruncateKind operandTruncateKind(size_t index) const override;
+ bool needTruncation(TruncateKind kind) override;
+ void truncate() override;
+
+ PhiUsage getUsageAnalysis() const { return usageAnalysis_; }
+ void setUsageAnalysis(PhiUsage pu) {
+ MOZ_ASSERT(usageAnalysis_ == PhiUsage::Unknown);
+ usageAnalysis_ = pu;
+ MOZ_ASSERT(usageAnalysis_ != PhiUsage::Unknown);
+ }
+};
+
+// The goal of a Beta node is to split a def at a conditionally taken
+// branch, so that uses dominated by it have a different name.
+class MBeta : public MUnaryInstruction, public NoTypePolicy::Data {
+ private:
+ // This is the range induced by a comparison and branch in a preceding
+ // block. Note that this does not reflect any range constraints from
+ // the input value itself, so this value may differ from the range()
+ // range after it is computed.
+ const Range* comparison_;
+
+ MBeta(MDefinition* val, const Range* comp)
+ : MUnaryInstruction(classOpcode, val), comparison_(comp) {
+ setResultType(val->type());
+ }
+
+ public:
+ INSTRUCTION_HEADER(Beta)
+ TRIVIAL_NEW_WRAPPERS
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+};
+
+// If input evaluates to false (i.e. it's NaN, 0 or -0), 0 is returned, else the
+// input is returned
+class MNaNToZero : public MUnaryInstruction, public DoublePolicy<0>::Data {
+ bool operandIsNeverNaN_;
+ bool operandIsNeverNegativeZero_;
+
+ explicit MNaNToZero(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input),
+ operandIsNeverNaN_(false),
+ operandIsNeverNegativeZero_(false) {
+ setResultType(MIRType::Double);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(NaNToZero)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool operandIsNeverNaN() const { return operandIsNeverNaN_; }
+
+ bool operandIsNeverNegativeZero() const {
+ return operandIsNeverNegativeZero_;
+ }
+
+ void collectRangeInfoPreTrunc() override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ bool writeRecoverData(CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MNaNToZero)
+};
+
+// MIR representation of a Value on the OSR BaselineFrame.
+// The Value is indexed off of OsrFrameReg.
+class MOsrValue : public MUnaryInstruction, public NoTypePolicy::Data {
+ private:
+ ptrdiff_t frameOffset_;
+
+ MOsrValue(MOsrEntry* entry, ptrdiff_t frameOffset)
+ : MUnaryInstruction(classOpcode, entry), frameOffset_(frameOffset) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OsrValue)
+ TRIVIAL_NEW_WRAPPERS
+
+ ptrdiff_t frameOffset() const { return frameOffset_; }
+
+ MOsrEntry* entry() { return getOperand(0)->toOsrEntry(); }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// MIR representation of a JSObject scope chain pointer on the OSR
+// BaselineFrame. The pointer is indexed off of OsrFrameReg.
+class MOsrEnvironmentChain : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ private:
+ explicit MOsrEnvironmentChain(MOsrEntry* entry)
+ : MUnaryInstruction(classOpcode, entry) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OsrEnvironmentChain)
+ TRIVIAL_NEW_WRAPPERS
+
+ MOsrEntry* entry() { return getOperand(0)->toOsrEntry(); }
+};
+
+// MIR representation of a JSObject ArgumentsObject pointer on the OSR
+// BaselineFrame. The pointer is indexed off of OsrFrameReg.
+class MOsrArgumentsObject : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ private:
+ explicit MOsrArgumentsObject(MOsrEntry* entry)
+ : MUnaryInstruction(classOpcode, entry) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OsrArgumentsObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ MOsrEntry* entry() { return getOperand(0)->toOsrEntry(); }
+};
+
+// MIR representation of the return value on the OSR BaselineFrame.
+// The Value is indexed off of OsrFrameReg.
+class MOsrReturnValue : public MUnaryInstruction, public NoTypePolicy::Data {
+ private:
+ explicit MOsrReturnValue(MOsrEntry* entry)
+ : MUnaryInstruction(classOpcode, entry) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OsrReturnValue)
+ TRIVIAL_NEW_WRAPPERS
+
+ MOsrEntry* entry() { return getOperand(0)->toOsrEntry(); }
+};
+
+class MBinaryCache : public MBinaryInstruction,
+ public MixPolicy<BoxPolicy<0>, BoxPolicy<1>>::Data {
+ explicit MBinaryCache(MDefinition* left, MDefinition* right, MIRType resType)
+ : MBinaryInstruction(classOpcode, left, right) {
+ setResultType(resType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(BinaryCache)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MUnaryCache : public MUnaryInstruction, public BoxPolicy<0>::Data {
+ explicit MUnaryCache(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(UnaryCache)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+// Check the current frame for over-recursion past the global stack limit.
+class MCheckOverRecursed : public MNullaryInstruction {
+ MCheckOverRecursed() : MNullaryInstruction(classOpcode) { setGuard(); }
+
+ public:
+ INSTRUCTION_HEADER(CheckOverRecursed)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Check whether we need to fire the interrupt handler.
+class MInterruptCheck : public MNullaryInstruction {
+ MInterruptCheck() : MNullaryInstruction(classOpcode) { setGuard(); }
+
+ public:
+ INSTRUCTION_HEADER(InterruptCheck)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Check whether we need to fire the interrupt handler (in wasm code).
+class MWasmInterruptCheck : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmInterruptCheck(MDefinition* tlsPointer,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MUnaryInstruction(classOpcode, tlsPointer),
+ bytecodeOffset_(bytecodeOffset) {
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmInterruptCheck)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, tlsPtr))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+};
+
+// Directly jumps to the indicated trap, leaving Wasm code and reporting a
+// runtime error.
+
+class MWasmTrap : public MAryControlInstruction<0, 0>,
+ public NoTypePolicy::Data {
+ wasm::Trap trap_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmTrap(wasm::Trap trap, wasm::BytecodeOffset bytecodeOffset)
+ : MAryControlInstruction(classOpcode),
+ trap_(trap),
+ bytecodeOffset_(bytecodeOffset) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmTrap)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ wasm::Trap trap() const { return trap_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+};
+
+// Checks if a value is JS_UNINITIALIZED_LEXICAL, bailout out if so, leaving
+// it to baseline to throw at the correct pc.
+class MLexicalCheck : public MUnaryInstruction, public BoxPolicy<0>::Data {
+ explicit MLexicalCheck(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input) {
+ setResultType(MIRType::Value);
+ setMovable();
+ setGuard();
+
+ // If this instruction bails out, we will set a flag to prevent
+ // lexical checks in this script from being moved.
+ setBailoutKind(BailoutKind::UninitializedLexical);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LexicalCheck)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Unconditionally throw an uninitialized let error.
+class MThrowRuntimeLexicalError : public MNullaryInstruction {
+ unsigned errorNumber_;
+
+ explicit MThrowRuntimeLexicalError(unsigned errorNumber)
+ : MNullaryInstruction(classOpcode), errorNumber_(errorNumber) {
+ setGuard();
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ThrowRuntimeLexicalError)
+ TRIVIAL_NEW_WRAPPERS
+
+ unsigned errorNumber() const { return errorNumber_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+};
+
+// Unconditionally throw a known error number.
+class MThrowMsg : public MNullaryInstruction {
+ const ThrowMsgKind throwMsgKind_;
+
+ explicit MThrowMsg(ThrowMsgKind throwMsgKind)
+ : MNullaryInstruction(classOpcode), throwMsgKind_(throwMsgKind) {
+ setGuard();
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ThrowMsg)
+ TRIVIAL_NEW_WRAPPERS
+
+ ThrowMsgKind throwMsgKind() const { return throwMsgKind_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+};
+
+// In the prologues of global and eval scripts, check for redeclarations and
+// initialize bindings.
+class MGlobalDeclInstantiation : public MNullaryInstruction {
+ MGlobalDeclInstantiation() : MNullaryInstruction(classOpcode) { setGuard(); }
+
+ public:
+ INSTRUCTION_HEADER(GlobalDeclInstantiation)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MRegExp : public MNullaryInstruction {
+ CompilerGCPointer<RegExpObject*> source_;
+ bool hasShared_;
+
+ MRegExp(TempAllocator& alloc, RegExpObject* source, bool hasShared)
+ : MNullaryInstruction(classOpcode),
+ source_(source),
+ hasShared_(hasShared) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExp)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ bool hasShared() const { return hasShared_; }
+ RegExpObject* source() const { return source_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool possiblyCalls() const override { return true; }
+};
+
+class MRegExpMatcher : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, StringPolicy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ private:
+ MRegExpMatcher(MDefinition* regexp, MDefinition* string,
+ MDefinition* lastIndex)
+ : MTernaryInstruction(classOpcode, regexp, string, lastIndex) {
+ // May be object or null.
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExpMatcher)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, regexp), (1, string), (2, lastIndex))
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MRegExpSearcher : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, StringPolicy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ private:
+ MRegExpSearcher(MDefinition* regexp, MDefinition* string,
+ MDefinition* lastIndex)
+ : MTernaryInstruction(classOpcode, regexp, string, lastIndex) {
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExpSearcher)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, regexp), (1, string), (2, lastIndex))
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MRegExpTester : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, StringPolicy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ private:
+ MRegExpTester(MDefinition* regexp, MDefinition* string,
+ MDefinition* lastIndex)
+ : MTernaryInstruction(classOpcode, regexp, string, lastIndex) {
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExpTester)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, regexp), (1, string), (2, lastIndex))
+
+ bool possiblyCalls() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MRegExpPrototypeOptimizable : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MRegExpPrototypeOptimizable(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExpPrototypeOptimizable)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MRegExpInstanceOptimizable
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>>::Data {
+ explicit MRegExpInstanceOptimizable(MDefinition* object, MDefinition* proto)
+ : MBinaryInstruction(classOpcode, object, proto) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(RegExpInstanceOptimizable)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, proto))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGetFirstDollarIndex : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ explicit MGetFirstDollarIndex(MDefinition* str)
+ : MUnaryInstruction(classOpcode, str) {
+ setResultType(MIRType::Int32);
+
+ // Codegen assumes string length > 0. Don't allow LICM to move this
+ // before the .length > 1 check in RegExpReplace in RegExp.js.
+ MOZ_ASSERT(!isMovable());
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetFirstDollarIndex)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, str))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+class MStringReplace : public MTernaryInstruction,
+ public MixPolicy<StringPolicy<0>, StringPolicy<1>,
+ StringPolicy<2>>::Data {
+ private:
+ bool isFlatReplacement_;
+
+ MStringReplace(MDefinition* string, MDefinition* pattern,
+ MDefinition* replacement)
+ : MTernaryInstruction(classOpcode, string, pattern, replacement),
+ isFlatReplacement_(false) {
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StringReplace)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string), (1, pattern), (2, replacement))
+
+ void setFlatReplacement() {
+ MOZ_ASSERT(!isFlatReplacement_);
+ isFlatReplacement_ = true;
+ }
+
+ bool isFlatReplacement() const { return isFlatReplacement_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isStringReplace()) {
+ return false;
+ }
+ if (isFlatReplacement_ != ins->toStringReplace()->isFlatReplacement()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override {
+ if (isFlatReplacement_) {
+ MOZ_ASSERT(!pattern()->isRegExp());
+ return true;
+ }
+ return false;
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MSubstr : public MTernaryInstruction,
+ public MixPolicy<StringPolicy<0>, UnboxedInt32Policy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ private:
+ MSubstr(MDefinition* string, MDefinition* begin, MDefinition* length)
+ : MTernaryInstruction(classOpcode, string, begin, length) {
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Substr)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string), (1, begin), (2, length))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MClassConstructor : public MNullaryInstruction {
+ jsbytecode* pc_;
+
+ explicit MClassConstructor(jsbytecode* pc)
+ : MNullaryInstruction(classOpcode), pc_(pc) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ClassConstructor)
+ TRIVIAL_NEW_WRAPPERS
+
+ jsbytecode* pc() const { return pc_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MDerivedClassConstructor : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ jsbytecode* pc_;
+
+ MDerivedClassConstructor(MDefinition* prototype, jsbytecode* pc)
+ : MUnaryInstruction(classOpcode, prototype), pc_(pc) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(DerivedClassConstructor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, prototype))
+
+ jsbytecode* pc() const { return pc_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MModuleMetadata : public MNullaryInstruction {
+ CompilerObject module_;
+
+ explicit MModuleMetadata(JSObject* module)
+ : MNullaryInstruction(classOpcode), module_(module) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ModuleMetadata)
+ TRIVIAL_NEW_WRAPPERS
+
+ JSObject* module() const { return module_; }
+};
+
+class MDynamicImport : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MDynamicImport(MDefinition* specifier)
+ : MUnaryInstruction(classOpcode, specifier) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(DynamicImport)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, specifier))
+};
+
+struct LambdaFunctionInfo {
+ // The functions used in lambdas are the canonical original function in
+ // the script, and are immutable except for delazification. Record this
+ // information while still on the main thread to avoid races.
+ private:
+ CompilerFunction fun_;
+
+ public:
+ js::BaseScript* baseScript;
+ js::FunctionFlags flags;
+ uint16_t nargs;
+
+ LambdaFunctionInfo(JSFunction* fun, BaseScript* baseScript,
+ FunctionFlags flags, uint16_t nargs)
+ : fun_(fun), baseScript(baseScript), flags(flags), nargs(nargs) {}
+
+ LambdaFunctionInfo(const LambdaFunctionInfo& other)
+ : fun_(static_cast<JSFunction*>(other.fun_)),
+ baseScript(other.baseScript),
+ flags(other.flags),
+ nargs(other.nargs) {}
+
+ // Be careful when calling this off-thread. Don't call any JSFunction*
+ // methods that depend on script/lazyScript - this can race with
+ // delazification on the main thread.
+ JSFunction* funUnsafe() const { return fun_; }
+
+ private:
+ void operator=(const LambdaFunctionInfo&) = delete;
+};
+
+class MLambda : public MBinaryInstruction, public SingleObjectPolicy::Data {
+ const LambdaFunctionInfo info_;
+
+ MLambda(TempAllocator& alloc, MDefinition* envChain, MConstant* cst,
+ const LambdaFunctionInfo& info)
+ : MBinaryInstruction(classOpcode, envChain, cst), info_(info) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Lambda)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, environmentChain))
+
+ MConstant* functionOperand() const { return getOperand(1)->toConstant(); }
+ const LambdaFunctionInfo& info() const { return info_; }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MLambdaArrow
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>, ObjectPolicy<2>>::Data {
+ const LambdaFunctionInfo info_;
+
+ MLambdaArrow(TempAllocator& alloc, MDefinition* envChain,
+ MDefinition* newTarget, MConstant* cst,
+ const LambdaFunctionInfo& info)
+ : MTernaryInstruction(classOpcode, envChain, newTarget, cst),
+ info_(info) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LambdaArrow)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, environmentChain), (1, newTargetDef))
+
+ MConstant* functionOperand() const { return getOperand(2)->toConstant(); }
+ const LambdaFunctionInfo& info() const { return info_; }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MFunctionWithProto : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>,
+ ObjectPolicy<2>>::Data {
+ CompilerFunction fun_;
+
+ MFunctionWithProto(MDefinition* envChain, MDefinition* prototype,
+ MConstant* cst)
+ : MTernaryInstruction(classOpcode, envChain, prototype, cst),
+ fun_(&cst->toObject().as<JSFunction>()) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(FunctionWithProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, environmentChain), (1, prototype))
+
+ MConstant* functionOperand() const { return getOperand(2)->toConstant(); }
+ JSFunction* function() const { return fun_; }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MSetFunName : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ uint8_t prefixKind_;
+
+ explicit MSetFunName(MDefinition* fun, MDefinition* name, uint8_t prefixKind)
+ : MBinaryInstruction(classOpcode, fun, name), prefixKind_(prefixKind) {
+ setResultType(MIRType::None);
+ }
+
+ public:
+ INSTRUCTION_HEADER(SetFunName)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, fun), (1, name))
+
+ uint8_t prefixKind() const { return prefixKind_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Returns obj->slots.
+class MSlots : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ explicit MSlots(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Slots);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Slots)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ ALLOW_CLONE(MSlots)
+};
+
+// Returns obj->elements.
+class MElements : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ explicit MElements(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Elements);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Elements)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ ALLOW_CLONE(MElements)
+};
+
+// Load the initialized length from an elements header.
+class MInitializedLength : public MUnaryInstruction, public NoTypePolicy::Data {
+ explicit MInitializedLength(MDefinition* elements)
+ : MUnaryInstruction(classOpcode, elements) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(InitializedLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MInitializedLength)
+};
+
+// Store to the initialized length in an elements header. Note the input is an
+// *index*, one less than the desired length.
+class MSetInitializedLength : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MSetInitializedLength(MDefinition* elements, MDefinition* index)
+ : MBinaryInstruction(classOpcode, elements, index) {}
+
+ public:
+ INSTRUCTION_HEADER(SetInitializedLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields);
+ }
+
+ ALLOW_CLONE(MSetInitializedLength)
+};
+
+// Load the array length from an elements header.
+class MArrayLength : public MUnaryInstruction, public NoTypePolicy::Data {
+ explicit MArrayLength(MDefinition* elements)
+ : MUnaryInstruction(classOpcode, elements) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MArrayLength)
+};
+
+// Store to the length in an elements header. Note the input is an *index*, one
+// less than the desired length.
+class MSetArrayLength : public MBinaryInstruction, public NoTypePolicy::Data {
+ MSetArrayLength(MDefinition* elements, MDefinition* index)
+ : MBinaryInstruction(classOpcode, elements, index) {}
+
+ public:
+ INSTRUCTION_HEADER(SetArrayLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields);
+ }
+
+ // By default no, unless built as a recovered instruction.
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return isRecoveredOnBailout(); }
+};
+
+// Load the function length. Bails for functions with lazy scripts or a
+// resolved "length" property.
+class MFunctionLength : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MFunctionLength(MDefinition* fun)
+ : MUnaryInstruction(classOpcode, fun) {
+ setResultType(MIRType::Int32);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(FunctionLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ // Even though the "length" property is lazily resolved, it acts similar to
+ // a normal property load, so we can treat this operation like any other
+ // property read.
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+};
+
+// Load the function name. Bails for bound functions when the bound function
+// name prefix isn't present or functions with a resolved "name" property.
+class MFunctionName : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MFunctionName(MDefinition* fun)
+ : MUnaryInstruction(classOpcode, fun) {
+ setResultType(MIRType::String);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(FunctionName)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ // Even though the "name" property is lazily resolved, it acts similar to
+ // a normal property load, so we can treat this operation like any other
+ // property read.
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+};
+
+class MGetNextEntryForIterator
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>>::Data {
+ public:
+ enum Mode { Map, Set };
+
+ private:
+ Mode mode_;
+
+ explicit MGetNextEntryForIterator(MDefinition* iter, MDefinition* result,
+ Mode mode)
+ : MBinaryInstruction(classOpcode, iter, result), mode_(mode) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetNextEntryForIterator)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, iter), (1, result))
+
+ Mode mode() const { return mode_; }
+};
+
+// Read the byte length of an array buffer as int32.
+class MArrayBufferByteLengthInt32 : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArrayBufferByteLengthInt32(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayBufferByteLengthInt32)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::FixedSlot);
+ }
+};
+
+// Read the length of an array buffer view.
+class MArrayBufferViewLength : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArrayBufferViewLength(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayBufferViewLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ArrayBufferViewLengthOrOffset);
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+};
+
+// Read the byteOffset of an array buffer view.
+class MArrayBufferViewByteOffset : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArrayBufferViewByteOffset(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayBufferViewByteOffset)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ArrayBufferViewLengthOrOffset);
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+};
+
+// Load an array buffer view's elements vector.
+class MArrayBufferViewElements : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MArrayBufferViewElements(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Elements);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayBufferViewElements)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ ALLOW_CLONE(MArrayBufferViewElements)
+};
+
+// Return the element shift of a typed array, i.e. the shift value so that
+// |1 << shift| is equal to the element size.
+class MTypedArrayElementShift : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MTypedArrayElementShift(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(TypedArrayElementShift)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ // Class is immutable. See also MHasClass.
+ return AliasSet::None();
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+};
+
+// Convert the input into an Int32 value for accessing a TypedArray element.
+// If the input is non-finite, not an integer, negative, or outside the Int32
+// range, produces a value which is known to trigger an out-of-bounds access.
+class MTypedArrayIndexToInt32 : public MUnaryInstruction,
+ public TypedArrayIndexPolicy::Data {
+ explicit MTypedArrayIndexToInt32(MDefinition* def)
+ : MUnaryInstruction(classOpcode, def) {
+ MOZ_ASSERT(def->type() == MIRType::Int32 || def->type() == MIRType::Double);
+ setResultType(MIRType::Int32);
+ setMovable();
+ specialization_ = def->type();
+ }
+
+ public:
+ INSTRUCTION_HEADER(TypedArrayIndexToInt32)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MTypedArrayIndexToInt32)
+};
+
+class MKeepAliveObject : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MKeepAliveObject(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::None);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(KeepAliveObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+};
+
+// Perform !-operation
+class MNot : public MUnaryInstruction, public TestPolicy::Data {
+ bool operandIsNeverNaN_;
+
+ explicit MNot(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input), operandIsNeverNaN_(false) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ static MNot* NewInt32(TempAllocator& alloc, MDefinition* input) {
+ MOZ_ASSERT(input->type() == MIRType::Int32 ||
+ input->type() == MIRType::Int64);
+ auto* ins = new (alloc) MNot(input);
+ ins->setResultType(MIRType::Int32);
+ return ins;
+ }
+
+ INSTRUCTION_HEADER(Not)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool operandIsNeverNaN() const { return operandIsNeverNaN_; }
+
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void collectRangeInfoPreTrunc() override;
+
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+ bool isFloat32Commutative() const override { return true; }
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// Bailout if index + minimum < 0 or index + maximum >= length. The length used
+// in a bounds check must not be negative, or the wrong result may be computed
+// (unsigned comparisons may be used).
+class MBoundsCheck
+ : public MBinaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<0>, UnboxedInt32Policy<1>>::Data {
+ // Range over which to perform the bounds check, may be modified by GVN.
+ int32_t minimum_;
+ int32_t maximum_;
+ bool fallible_;
+
+ MBoundsCheck(MDefinition* index, MDefinition* length)
+ : MBinaryInstruction(classOpcode, index, length),
+ minimum_(0),
+ maximum_(0),
+ fallible_(true) {
+ setGuard();
+ setMovable();
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(length->type() == MIRType::Int32);
+
+ // Returns the checked index.
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(BoundsCheck)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index), (1, length))
+
+ int32_t minimum() const { return minimum_; }
+ void setMinimum(int32_t n) {
+ MOZ_ASSERT(fallible_);
+ minimum_ = n;
+ }
+ int32_t maximum() const { return maximum_; }
+ void setMaximum(int32_t n) {
+ MOZ_ASSERT(fallible_);
+ maximum_ = n;
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isBoundsCheck()) {
+ return false;
+ }
+ const MBoundsCheck* other = ins->toBoundsCheck();
+ if (minimum() != other->minimum() || maximum() != other->maximum()) {
+ return false;
+ }
+ if (fallible() != other->fallible()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+ bool fallible() const { return fallible_; }
+ void collectRangeInfoPreTrunc() override;
+
+ ALLOW_CLONE(MBoundsCheck)
+};
+
+// Bailout if index < minimum.
+class MBoundsCheckLower : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ int32_t minimum_;
+ bool fallible_;
+
+ explicit MBoundsCheckLower(MDefinition* index)
+ : MUnaryInstruction(classOpcode, index), minimum_(0), fallible_(true) {
+ setGuard();
+ setMovable();
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(BoundsCheckLower)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index))
+
+ int32_t minimum() const { return minimum_; }
+ void setMinimum(int32_t n) { minimum_ = n; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool fallible() const { return fallible_; }
+ void collectRangeInfoPreTrunc() override;
+};
+
+class MSpectreMaskIndex
+ : public MBinaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<0>, UnboxedInt32Policy<1>>::Data {
+ MSpectreMaskIndex(MDefinition* index, MDefinition* length)
+ : MBinaryInstruction(classOpcode, index, length) {
+ // Note: this instruction does not need setGuard(): if there are no uses
+ // it's fine for DCE to eliminate this instruction.
+ setMovable();
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(length->type() == MIRType::Int32);
+
+ // Returns the masked index.
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(SpectreMaskIndex)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index), (1, length))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ virtual AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MSpectreMaskIndex)
+};
+
+// Load a value from a dense array's element vector and does a hole check if the
+// array is not known to be packed.
+class MLoadElement : public MBinaryInstruction, public NoTypePolicy::Data {
+ bool needsHoleCheck_;
+
+ MLoadElement(MDefinition* elements, MDefinition* index, bool needsHoleCheck)
+ : MBinaryInstruction(classOpcode, elements, index),
+ needsHoleCheck_(needsHoleCheck) {
+ if (needsHoleCheck) {
+ // Uses may be optimized away based on this instruction's result
+ // type. This means it's invalid to DCE this instruction, as we
+ // have to invalidate when we read a hole.
+ setGuard();
+ }
+ setResultType(MIRType::Value);
+ setMovable();
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ bool needsHoleCheck() const { return needsHoleCheck_; }
+ bool fallible() const { return needsHoleCheck(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadElement()) {
+ return false;
+ }
+ const MLoadElement* other = ins->toLoadElement();
+ if (needsHoleCheck() != other->needsHoleCheck()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+ AliasType mightAlias(const MDefinition* store) const override;
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element);
+ }
+
+ ALLOW_CLONE(MLoadElement)
+};
+
+class MLoadElementAndUnbox : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MUnbox::Mode mode_;
+
+ MLoadElementAndUnbox(MDefinition* elements, MDefinition* index,
+ MUnbox::Mode mode, MIRType type)
+ : MBinaryInstruction(classOpcode, elements, index), mode_(mode) {
+ setResultType(type);
+ setMovable();
+ if (mode_ == MUnbox::Fallible) {
+ setGuard();
+ }
+ setBailoutKind(BailoutKind::UnboxFolding);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadElementAndUnbox)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ MUnbox::Mode mode() const { return mode_; }
+ bool fallible() const { return mode_ != MUnbox::Infallible; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadElementAndUnbox() ||
+ mode() != ins->toLoadElementAndUnbox()->mode()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element);
+ }
+
+ ALLOW_CLONE(MLoadElementAndUnbox);
+};
+
+// Load a value from the elements vector of a native object. If the index is
+// out-of-bounds, or the indexed slot has a hole, undefined is returned instead.
+class MLoadElementHole : public MTernaryInstruction, public NoTypePolicy::Data {
+ bool needsNegativeIntCheck_;
+ bool needsHoleCheck_;
+
+ MLoadElementHole(MDefinition* elements, MDefinition* index,
+ MDefinition* initLength, bool needsHoleCheck)
+ : MTernaryInstruction(classOpcode, elements, index, initLength),
+ needsNegativeIntCheck_(true),
+ needsHoleCheck_(needsHoleCheck) {
+ setResultType(MIRType::Value);
+ setMovable();
+
+ // Set the guard flag to make sure we bail when we see a negative
+ // index. We can clear this flag (and needsNegativeIntCheck_) in
+ // collectRangeInfoPreTrunc.
+ setGuard();
+
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(initLength->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadElementHole)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, initLength))
+
+ bool needsNegativeIntCheck() const { return needsNegativeIntCheck_; }
+ bool needsHoleCheck() const { return needsHoleCheck_; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadElementHole()) {
+ return false;
+ }
+ const MLoadElementHole* other = ins->toLoadElementHole();
+ if (needsHoleCheck() != other->needsHoleCheck()) {
+ return false;
+ }
+ if (needsNegativeIntCheck() != other->needsNegativeIntCheck()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element);
+ }
+ void collectRangeInfoPreTrunc() override;
+
+ ALLOW_CLONE(MLoadElementHole)
+};
+
+class MStoreElementCommon {
+ MIRType elementType_;
+ bool needsBarrier_;
+
+ protected:
+ MStoreElementCommon() : elementType_(MIRType::Value), needsBarrier_(false) {}
+
+ public:
+ MIRType elementType() const { return elementType_; }
+ void setElementType(MIRType elementType) {
+ MOZ_ASSERT(elementType != MIRType::None);
+ elementType_ = elementType;
+ }
+ bool needsBarrier() const { return needsBarrier_; }
+ void setNeedsBarrier() { needsBarrier_ = true; }
+};
+
+// Store a value to a dense array slots vector.
+class MStoreElement : public MTernaryInstruction,
+ public MStoreElementCommon,
+ public NoFloatPolicy<2>::Data {
+ bool needsHoleCheck_;
+
+ MStoreElement(MDefinition* elements, MDefinition* index, MDefinition* value,
+ bool needsHoleCheck)
+ : MTernaryInstruction(classOpcode, elements, index, value) {
+ needsHoleCheck_ = needsHoleCheck;
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(value->type() != MIRType::MagicHole);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, value))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::Element);
+ }
+ bool needsHoleCheck() const { return needsHoleCheck_; }
+ bool fallible() const { return needsHoleCheck(); }
+
+ ALLOW_CLONE(MStoreElement)
+};
+
+// Stores MagicValue(JS_ELEMENTS_HOLE) and marks the elements as non-packed.
+class MStoreHoleValueElement : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MStoreHoleValueElement(MDefinition* elements, MDefinition* index)
+ : MBinaryInstruction(classOpcode, elements, index) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreHoleValueElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::Element | AliasSet::ObjectFields);
+ }
+
+ ALLOW_CLONE(MStoreHoleValueElement)
+};
+
+// Like MStoreElement, but supports indexes >= initialized length. The downside
+// is that we cannot hoist the elements vector and bounds check, since this
+// instruction may update the (initialized) length and reallocate the elements
+// vector.
+class MStoreElementHole
+ : public MQuaternaryInstruction,
+ public MStoreElementCommon,
+ public MixPolicy<SingleObjectPolicy, NoFloatPolicy<3>>::Data {
+ MStoreElementHole(MDefinition* object, MDefinition* elements,
+ MDefinition* index, MDefinition* value)
+ : MQuaternaryInstruction(classOpcode, object, elements, index, value) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(value->type() != MIRType::MagicHole);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreElementHole)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, elements), (2, index), (3, value))
+
+ ALLOW_CLONE(MStoreElementHole)
+};
+
+// Array.prototype.pop or Array.prototype.shift on a dense array.
+class MArrayPopShift : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ public:
+ enum Mode { Pop, Shift };
+
+ private:
+ Mode mode_;
+
+ MArrayPopShift(MDefinition* object, Mode mode)
+ : MUnaryInstruction(classOpcode, object), mode_(mode) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayPopShift)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool mode() const { return mode_; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields | AliasSet::Element);
+ }
+
+ ALLOW_CLONE(MArrayPopShift)
+};
+
+// Array.prototype.push on a dense array. Returns the new array length.
+class MArrayPush : public MBinaryInstruction,
+ public MixPolicy<SingleObjectPolicy, BoxPolicy<1>>::Data {
+ MArrayPush(MDefinition* object, MDefinition* value)
+ : MBinaryInstruction(classOpcode, object, value) {
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayPush)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields | AliasSet::Element);
+ }
+ void computeRange(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MArrayPush)
+};
+
+// Array.prototype.slice on a dense array.
+class MArraySlice : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ CompilerObject templateObj_;
+ gc::InitialHeap initialHeap_;
+
+ MArraySlice(MDefinition* obj, MDefinition* begin, MDefinition* end,
+ JSObject* templateObj, gc::InitialHeap initialHeap)
+ : MTernaryInstruction(classOpcode, obj, begin, end),
+ templateObj_(templateObj),
+ initialHeap_(initialHeap) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArraySlice)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, begin), (2, end))
+
+ JSObject* templateObj() const { return templateObj_; }
+
+ gc::InitialHeap initialHeap() const { return initialHeap_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MArrayJoin : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, StringPolicy<1>>::Data {
+ MArrayJoin(MDefinition* array, MDefinition* sep)
+ : MBinaryInstruction(classOpcode, array, sep) {
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArrayJoin)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, array), (1, sep))
+
+ // MArrayJoin doesn't override |getAliasSet()|, because Array.prototype.join
+ // might coerce the elements of the Array to strings. This coercion might
+ // cause the evaluation of JavaScript code.
+
+ bool possiblyCalls() const override { return true; }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+// All barriered operations - MCompareExchangeTypedArrayElement,
+// MExchangeTypedArrayElement, and MAtomicTypedArrayElementBinop, as
+// well as MLoadUnboxedScalar and MStoreUnboxedScalar when they are
+// marked as requiring a memory barrer - have the following
+// attributes:
+//
+// - Not movable
+// - Not removable
+// - Not congruent with any other instruction
+// - Effectful (they alias every TypedArray store)
+//
+// The intended effect of those constraints is to prevent all loads
+// and stores preceding the barriered operation from being moved to
+// after the barriered operation, and vice versa, and to prevent the
+// barriered operation from being removed or hoisted.
+
+enum MemoryBarrierRequirement {
+ DoesNotRequireMemoryBarrier,
+ DoesRequireMemoryBarrier
+};
+
+// Also see comments at MMemoryBarrierRequirement, above.
+
+// Load an unboxed scalar value from an array buffer view or other object.
+class MLoadUnboxedScalar : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ int32_t offsetAdjustment_ = 0;
+ Scalar::Type storageType_;
+ bool requiresBarrier_;
+
+ MLoadUnboxedScalar(
+ MDefinition* elements, MDefinition* index, Scalar::Type storageType,
+ MemoryBarrierRequirement requiresBarrier = DoesNotRequireMemoryBarrier)
+ : MBinaryInstruction(classOpcode, elements, index),
+ storageType_(storageType),
+ requiresBarrier_(requiresBarrier == DoesRequireMemoryBarrier) {
+ setResultType(MIRType::Value);
+ if (requiresBarrier_) {
+ setGuard(); // Not removable or movable
+ } else {
+ setMovable();
+ }
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(storageType >= 0 && storageType < Scalar::MaxTypedArrayViewType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadUnboxedScalar)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ Scalar::Type storageType() const { return storageType_; }
+ bool fallible() const {
+ // Bailout if the result does not fit in an int32.
+ return storageType_ == Scalar::Uint32 && type() == MIRType::Int32;
+ }
+ bool requiresMemoryBarrier() const { return requiresBarrier_; }
+ int32_t offsetAdjustment() const { return offsetAdjustment_; }
+ void setOffsetAdjustment(int32_t offsetAdjustment) {
+ offsetAdjustment_ = offsetAdjustment;
+ }
+ AliasSet getAliasSet() const override {
+ // When a barrier is needed make the instruction effectful by
+ // giving it a "store" effect.
+ if (requiresBarrier_) {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+ return AliasSet::Load(AliasSet::UnboxedElement);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (requiresBarrier_) {
+ return false;
+ }
+ if (!ins->isLoadUnboxedScalar()) {
+ return false;
+ }
+ const MLoadUnboxedScalar* other = ins->toLoadUnboxedScalar();
+ if (storageType_ != other->storageType_) {
+ return false;
+ }
+ if (offsetAdjustment() != other->offsetAdjustment()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ void computeRange(TempAllocator& alloc) override;
+
+ bool canProduceFloat32() const override {
+ return storageType_ == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MLoadUnboxedScalar)
+};
+
+// Load an unboxed scalar value from a dataview object.
+class MLoadDataViewElement : public MTernaryInstruction,
+ public NoTypePolicy::Data {
+ Scalar::Type storageType_;
+
+ MLoadDataViewElement(MDefinition* elements, MDefinition* index,
+ MDefinition* littleEndian, Scalar::Type storageType)
+ : MTernaryInstruction(classOpcode, elements, index, littleEndian),
+ storageType_(storageType) {
+ setResultType(MIRType::Value);
+ setMovable();
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(littleEndian->type() == MIRType::Boolean);
+ MOZ_ASSERT(storageType >= 0 && storageType < Scalar::MaxTypedArrayViewType);
+ MOZ_ASSERT(Scalar::byteSize(storageType) > 1);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDataViewElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, littleEndian))
+
+ Scalar::Type storageType() const { return storageType_; }
+ bool fallible() const {
+ // Bailout if the result does not fit in an int32.
+ return storageType_ == Scalar::Uint32 && type() == MIRType::Int32;
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::UnboxedElement);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadDataViewElement()) {
+ return false;
+ }
+ const MLoadDataViewElement* other = ins->toLoadDataViewElement();
+ if (storageType_ != other->storageType_) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ void computeRange(TempAllocator& alloc) override;
+
+ bool canProduceFloat32() const override {
+ return storageType_ == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MLoadDataViewElement)
+};
+
+// Load a value from a typed array. Out-of-bounds accesses are handled in-line.
+class MLoadTypedArrayElementHole : public MBinaryInstruction,
+ public SingleObjectPolicy::Data {
+ Scalar::Type arrayType_;
+ bool allowDouble_;
+
+ MLoadTypedArrayElementHole(MDefinition* object, MDefinition* index,
+ Scalar::Type arrayType, bool allowDouble)
+ : MBinaryInstruction(classOpcode, object, index),
+ arrayType_(arrayType),
+ allowDouble_(allowDouble) {
+ setResultType(MIRType::Value);
+ setMovable();
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(arrayType >= 0 && arrayType < Scalar::MaxTypedArrayViewType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadTypedArrayElementHole)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ Scalar::Type arrayType() const { return arrayType_; }
+ bool allowDouble() const { return allowDouble_; }
+ bool fallible() const {
+ return arrayType_ == Scalar::Uint32 && !allowDouble_;
+ }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadTypedArrayElementHole()) {
+ return false;
+ }
+ const MLoadTypedArrayElementHole* other =
+ ins->toLoadTypedArrayElementHole();
+ if (arrayType() != other->arrayType()) {
+ return false;
+ }
+ if (allowDouble() != other->allowDouble()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::UnboxedElement);
+ }
+ bool canProduceFloat32() const override {
+ return arrayType_ == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MLoadTypedArrayElementHole)
+};
+
+// Base class for MIR ops that write unboxed scalar values.
+class StoreUnboxedScalarBase {
+ Scalar::Type writeType_;
+
+ protected:
+ explicit StoreUnboxedScalarBase(Scalar::Type writeType)
+ : writeType_(writeType) {
+ MOZ_ASSERT(isIntegerWrite() || isFloatWrite() || isBigIntWrite());
+ }
+
+ public:
+ Scalar::Type writeType() const { return writeType_; }
+ bool isByteWrite() const {
+ return writeType_ == Scalar::Int8 || writeType_ == Scalar::Uint8 ||
+ writeType_ == Scalar::Uint8Clamped;
+ }
+ bool isIntegerWrite() const {
+ return isByteWrite() || writeType_ == Scalar::Int16 ||
+ writeType_ == Scalar::Uint16 || writeType_ == Scalar::Int32 ||
+ writeType_ == Scalar::Uint32;
+ }
+ bool isFloatWrite() const {
+ return writeType_ == Scalar::Float32 || writeType_ == Scalar::Float64;
+ }
+ bool isBigIntWrite() const { return Scalar::isBigIntType(writeType_); }
+};
+
+// Store an unboxed scalar value to an array buffer view or other object.
+class MStoreUnboxedScalar : public MTernaryInstruction,
+ public StoreUnboxedScalarBase,
+ public StoreUnboxedScalarPolicy::Data {
+ bool requiresBarrier_;
+
+ MStoreUnboxedScalar(
+ MDefinition* elements, MDefinition* index, MDefinition* value,
+ Scalar::Type storageType,
+ MemoryBarrierRequirement requiresBarrier = DoesNotRequireMemoryBarrier)
+ : MTernaryInstruction(classOpcode, elements, index, value),
+ StoreUnboxedScalarBase(storageType),
+ requiresBarrier_(requiresBarrier == DoesRequireMemoryBarrier) {
+ if (requiresBarrier_) {
+ setGuard(); // Not removable or movable
+ }
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(storageType >= 0 && storageType < Scalar::MaxTypedArrayViewType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreUnboxedScalar)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, value))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+ bool requiresMemoryBarrier() const { return requiresBarrier_; }
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ bool canConsumeFloat32(MUse* use) const override {
+ return use == getUseFor(2) && writeType() == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MStoreUnboxedScalar)
+};
+
+// Store an unboxed scalar value to a dataview object.
+class MStoreDataViewElement : public MQuaternaryInstruction,
+ public StoreUnboxedScalarBase,
+ public StoreDataViewElementPolicy::Data {
+ MStoreDataViewElement(MDefinition* elements, MDefinition* index,
+ MDefinition* value, MDefinition* littleEndian,
+ Scalar::Type storageType)
+ : MQuaternaryInstruction(classOpcode, elements, index, value,
+ littleEndian),
+ StoreUnboxedScalarBase(storageType) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(storageType >= 0 && storageType < Scalar::MaxTypedArrayViewType);
+ MOZ_ASSERT(Scalar::byteSize(storageType) > 1);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreDataViewElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, value), (3, littleEndian))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ bool canConsumeFloat32(MUse* use) const override {
+ return use == getUseFor(2) && writeType() == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MStoreDataViewElement)
+};
+
+class MStoreTypedArrayElementHole : public MQuaternaryInstruction,
+ public StoreUnboxedScalarBase,
+ public StoreTypedArrayHolePolicy::Data {
+ MStoreTypedArrayElementHole(MDefinition* elements, MDefinition* length,
+ MDefinition* index, MDefinition* value,
+ Scalar::Type arrayType)
+ : MQuaternaryInstruction(classOpcode, elements, length, index, value),
+ StoreUnboxedScalarBase(arrayType) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(length->type() == MIRType::Int32);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(arrayType >= 0 && arrayType < Scalar::MaxTypedArrayViewType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreTypedArrayElementHole)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, length), (2, index), (3, value))
+
+ Scalar::Type arrayType() const { return writeType(); }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+ TruncateKind operandTruncateKind(size_t index) const override;
+
+ bool canConsumeFloat32(MUse* use) const override {
+ return use == getUseFor(3) && arrayType() == Scalar::Float32;
+ }
+
+ ALLOW_CLONE(MStoreTypedArrayElementHole)
+};
+
+// Compute an "effective address", i.e., a compound computation of the form:
+// base + index * scale + displacement
+class MEffectiveAddress : public MBinaryInstruction, public NoTypePolicy::Data {
+ MEffectiveAddress(MDefinition* base, MDefinition* index, Scale scale,
+ int32_t displacement)
+ : MBinaryInstruction(classOpcode, base, index),
+ scale_(scale),
+ displacement_(displacement) {
+ MOZ_ASSERT(base->type() == MIRType::Int32);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ setMovable();
+ setResultType(MIRType::Int32);
+ }
+
+ Scale scale_;
+ int32_t displacement_;
+
+ public:
+ INSTRUCTION_HEADER(EffectiveAddress)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* base() const { return lhs(); }
+ MDefinition* index() const { return rhs(); }
+ Scale scale() const { return scale_; }
+ int32_t displacement() const { return displacement_; }
+
+ ALLOW_CLONE(MEffectiveAddress)
+};
+
+// Clamp input to range [0, 255] for Uint8ClampedArray.
+class MClampToUint8 : public MUnaryInstruction, public ClampPolicy::Data {
+ explicit MClampToUint8(MDefinition* input)
+ : MUnaryInstruction(classOpcode, input) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ClampToUint8)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ void computeRange(TempAllocator& alloc) override;
+
+ ALLOW_CLONE(MClampToUint8)
+};
+
+class MLoadFixedSlot : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ size_t slot_;
+
+ protected:
+ MLoadFixedSlot(MDefinition* obj, size_t slot)
+ : MUnaryInstruction(classOpcode, obj), slot_(slot) {
+ setResultType(MIRType::Value);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadFixedSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ size_t slot() const { return slot_; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadFixedSlot()) {
+ return false;
+ }
+ if (slot() != ins->toLoadFixedSlot()->slot()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::FixedSlot);
+ }
+
+ AliasType mightAlias(const MDefinition* store) const override;
+
+ ALLOW_CLONE(MLoadFixedSlot)
+};
+
+class MLoadFixedSlotAndUnbox : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ size_t slot_;
+ MUnbox::Mode mode_;
+
+ MLoadFixedSlotAndUnbox(MDefinition* obj, size_t slot, MUnbox::Mode mode,
+ MIRType type)
+ : MUnaryInstruction(classOpcode, obj), slot_(slot), mode_(mode) {
+ setResultType(type);
+ setMovable();
+ if (mode_ == MUnbox::Fallible) {
+ setGuard();
+ }
+ setBailoutKind(BailoutKind::UnboxFolding);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadFixedSlotAndUnbox)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ size_t slot() const { return slot_; }
+ MUnbox::Mode mode() const { return mode_; }
+ bool fallible() const { return mode_ != MUnbox::Infallible; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadFixedSlotAndUnbox() ||
+ slot() != ins->toLoadFixedSlotAndUnbox()->slot() ||
+ mode() != ins->toLoadFixedSlotAndUnbox()->mode()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::FixedSlot);
+ }
+
+ AliasType mightAlias(const MDefinition* store) const override;
+
+ ALLOW_CLONE(MLoadFixedSlotAndUnbox);
+};
+
+class MLoadDynamicSlotAndUnbox : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ size_t slot_;
+ MUnbox::Mode mode_;
+
+ MLoadDynamicSlotAndUnbox(MDefinition* slots, size_t slot, MUnbox::Mode mode,
+ MIRType type)
+ : MUnaryInstruction(classOpcode, slots), slot_(slot), mode_(mode) {
+ setResultType(type);
+ setMovable();
+ if (mode_ == MUnbox::Fallible) {
+ setGuard();
+ }
+ setBailoutKind(BailoutKind::UnboxFolding);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDynamicSlotAndUnbox)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, slots))
+
+ size_t slot() const { return slot_; }
+ MUnbox::Mode mode() const { return mode_; }
+ bool fallible() const { return mode_ != MUnbox::Infallible; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadDynamicSlotAndUnbox() ||
+ slot() != ins->toLoadDynamicSlotAndUnbox()->slot() ||
+ mode() != ins->toLoadDynamicSlotAndUnbox()->mode()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::DynamicSlot);
+ }
+
+ ALLOW_CLONE(MLoadDynamicSlotAndUnbox);
+};
+
+class MStoreFixedSlot
+ : public MBinaryInstruction,
+ public MixPolicy<SingleObjectPolicy, NoFloatPolicy<1>>::Data {
+ bool needsBarrier_;
+ size_t slot_;
+
+ MStoreFixedSlot(MDefinition* obj, MDefinition* rval, size_t slot,
+ bool barrier)
+ : MBinaryInstruction(classOpcode, obj, rval),
+ needsBarrier_(barrier),
+ slot_(slot) {}
+
+ public:
+ INSTRUCTION_HEADER(StoreFixedSlot)
+ NAMED_OPERANDS((0, object), (1, value))
+
+ static MStoreFixedSlot* NewUnbarriered(TempAllocator& alloc, MDefinition* obj,
+ size_t slot, MDefinition* rval) {
+ return new (alloc) MStoreFixedSlot(obj, rval, slot, false);
+ }
+ static MStoreFixedSlot* NewBarriered(TempAllocator& alloc, MDefinition* obj,
+ size_t slot, MDefinition* rval) {
+ return new (alloc) MStoreFixedSlot(obj, rval, slot, true);
+ }
+
+ size_t slot() const { return slot_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::FixedSlot);
+ }
+ bool needsBarrier() const { return needsBarrier_; }
+ void setNeedsBarrier(bool needsBarrier = true) {
+ needsBarrier_ = needsBarrier;
+ }
+
+ ALLOW_CLONE(MStoreFixedSlot)
+};
+
+class MGetPropertyCache : public MBinaryInstruction,
+ public MixPolicy<BoxExceptPolicy<0, MIRType::Object>,
+ CacheIdPolicy<1>>::Data {
+ MGetPropertyCache(MDefinition* obj, MDefinition* id)
+ : MBinaryInstruction(classOpcode, obj, id) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetPropertyCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, idval))
+};
+
+class MHomeObjectSuperBase : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MHomeObjectSuperBase(MDefinition* homeObject)
+ : MUnaryInstruction(classOpcode, homeObject) {
+ setResultType(MIRType::Object);
+ setGuard(); // May throw if [[Prototype]] is null
+ }
+
+ public:
+ INSTRUCTION_HEADER(HomeObjectSuperBase)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, homeObject))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MGetPropSuperCache
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxExceptPolicy<1, MIRType::Object>,
+ CacheIdPolicy<2>>::Data {
+ MGetPropSuperCache(MDefinition* obj, MDefinition* receiver, MDefinition* id)
+ : MTernaryInstruction(classOpcode, obj, receiver, id) {
+ setResultType(MIRType::Value);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetPropSuperCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, receiver), (2, idval))
+};
+
+class MBindNameCache : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MBindNameCache(MDefinition* envChain)
+ : MUnaryInstruction(classOpcode, envChain) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(BindNameCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, environmentChain))
+};
+
+class MCallBindVar : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ explicit MCallBindVar(MDefinition* envChain)
+ : MUnaryInstruction(classOpcode, envChain) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(CallBindVar)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, environmentChain))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isCallBindVar()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard on an object's shape.
+class MGuardShape : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ CompilerShape shape_;
+
+ MGuardShape(MDefinition* obj, Shape* shape)
+ : MUnaryInstruction(classOpcode, obj), shape_(shape) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardShape)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ const Shape* shape() const { return shape_; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardShape()) {
+ return false;
+ }
+ if (shape() != ins->toGuardShape()->shape()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+// Guard the object's proto is |expected|.
+class MGuardProto : public MBinaryInstruction, public SingleObjectPolicy::Data {
+ MGuardProto(MDefinition* obj, MDefinition* expected)
+ : MBinaryInstruction(classOpcode, obj, expected) {
+ MOZ_ASSERT(expected->isConstant() || expected->isNurseryObject());
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, expected))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+ AliasType mightAlias(const MDefinition* def) const override {
+ // These instructions never modify the [[Prototype]].
+ if (def->isAddAndStoreSlot() || def->isAllocateAndStoreSlot()) {
+ return AliasType::NoAlias;
+ }
+ return AliasType::MayAlias;
+ }
+};
+
+// Guard the object has no proto.
+class MGuardNullProto : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardNullProto(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardNullProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+ AliasType mightAlias(const MDefinition* def) const override {
+ // These instructions never modify the [[Prototype]].
+ if (def->isAddAndStoreSlot() || def->isAllocateAndStoreSlot()) {
+ return AliasType::NoAlias;
+ }
+ return AliasType::MayAlias;
+ }
+};
+
+// Guard the object is a native object.
+class MGuardIsNativeObject : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsNativeObject(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsNativeObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard the object is a proxy.
+class MGuardIsProxy : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsProxy(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsProxy)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard the object is not a proxy.
+class MGuardIsNotProxy : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsNotProxy(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsNotProxy)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard the proxy is not a DOM proxy.
+class MGuardIsNotDOMProxy : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsNotDOMProxy(MDefinition* proxy)
+ : MUnaryInstruction(classOpcode, proxy) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsNotDOMProxy)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MProxyGet : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ jsid id_;
+
+ MProxyGet(MDefinition* proxy, jsid id)
+ : MUnaryInstruction(classOpcode, proxy), id_(id) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ProxyGet)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy))
+
+ jsid id() const { return id_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MProxyGetByValue : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ MProxyGetByValue(MDefinition* proxy, MDefinition* idVal)
+ : MBinaryInstruction(classOpcode, proxy, idVal) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ProxyGetByValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy), (1, idVal))
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MProxyHasProp : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ bool hasOwn_;
+
+ MProxyHasProp(MDefinition* proxy, MDefinition* idVal, bool hasOwn)
+ : MBinaryInstruction(classOpcode, proxy, idVal), hasOwn_(hasOwn) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ProxyHasProp)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy), (1, idVal))
+
+ bool hasOwn() const { return hasOwn_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MProxySet : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ jsid id_;
+ bool strict_;
+
+ MProxySet(MDefinition* proxy, jsid id, MDefinition* rhs, bool strict)
+ : MBinaryInstruction(classOpcode, proxy, rhs), id_(id), strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(ProxySet)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy), (1, rhs))
+
+ jsid id() const { return id_; }
+ bool strict() const { return strict_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MProxySetByValue
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>, BoxPolicy<2>>::Data {
+ bool strict_;
+
+ MProxySetByValue(MDefinition* proxy, MDefinition* idVal, MDefinition* rhs,
+ bool strict)
+ : MTernaryInstruction(classOpcode, proxy, idVal, rhs), strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(ProxySetByValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy), (1, idVal), (2, rhs))
+
+ bool strict() const { return strict_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MCallSetArrayLength
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ bool strict_;
+
+ MCallSetArrayLength(MDefinition* obj, MDefinition* rhs, bool strict)
+ : MBinaryInstruction(classOpcode, obj, rhs), strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(CallSetArrayLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, obj), (1, rhs))
+
+ bool strict() const { return strict_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MMegamorphicLoadSlot : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerPropertyName name_;
+
+ MMegamorphicLoadSlot(MDefinition* obj, PropertyName* name)
+ : MUnaryInstruction(classOpcode, obj), name_(name) {
+ setResultType(MIRType::Value);
+
+ // Bails when non-native or accessor properties are encountered, so we can't
+ // DCE this instruction.
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(MegamorphicLoadSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ PropertyName* name() const { return name_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isMegamorphicLoadSlot()) {
+ return false;
+ }
+ if (ins->toMegamorphicLoadSlot()->name() != name()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MMegamorphicLoadSlotByValue
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ MMegamorphicLoadSlotByValue(MDefinition* obj, MDefinition* idVal)
+ : MBinaryInstruction(classOpcode, obj, idVal) {
+ setResultType(MIRType::Value);
+
+ // Bails when non-native or accessor properties are encountered, so we can't
+ // DCE this instruction.
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(MegamorphicLoadSlotByValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, idVal))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MMegamorphicStoreSlot
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ CompilerPropertyName name_;
+
+ MMegamorphicStoreSlot(MDefinition* obj, PropertyName* name, MDefinition* rhs)
+ : MBinaryInstruction(classOpcode, obj, rhs), name_(name) {}
+
+ public:
+ INSTRUCTION_HEADER(MegamorphicStoreSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, rhs))
+
+ PropertyName* name() const { return name_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isMegamorphicStoreSlot()) {
+ return false;
+ }
+ if (ins->toMegamorphicStoreSlot()->name() != name()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MMegamorphicHasProp
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ bool hasOwn_;
+
+ MMegamorphicHasProp(MDefinition* obj, MDefinition* idVal, bool hasOwn)
+ : MBinaryInstruction(classOpcode, obj, idVal), hasOwn_(hasOwn) {
+ setResultType(MIRType::Boolean);
+
+ // Bails when non-native or accessor properties are encountered, so we can't
+ // DCE this instruction.
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(MegamorphicHasProp)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, idVal))
+
+ bool hasOwn() const { return hasOwn_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isMegamorphicHasProp()) {
+ return false;
+ }
+ if (ins->toMegamorphicHasProp()->hasOwn() != hasOwn()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Guard the object is not an ArrayBufferObject or SharedArrayBufferObject.
+class MGuardIsNotArrayBufferMaybeShared : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsNotArrayBufferMaybeShared(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsNotArrayBufferMaybeShared)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard the object is a TypedArray object.
+class MGuardIsTypedArray : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsTypedArray(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsTypedArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Loads a specific JSObject* that was originally nursery-allocated.
+// See also WarpObjectField.
+class MNurseryObject : public MNullaryInstruction {
+ // Index in the Vector of objects stored in the WarpSnapshot.
+ uint32_t nurseryIndex_;
+
+ explicit MNurseryObject(uint32_t nurseryIndex)
+ : MNullaryInstruction(classOpcode), nurseryIndex_(nurseryIndex) {
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NurseryObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ uint32_t nurseryIndex() const { return nurseryIndex_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isNurseryObject()) {
+ return false;
+ }
+ return nurseryIndex() == ins->toNurseryObject()->nurseryIndex();
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard on a specific Value.
+class MGuardValue : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ Value expected_;
+
+ MGuardValue(MDefinition* val, const Value& expected)
+ : MUnaryInstruction(classOpcode, val), expected_(expected) {
+ MOZ_ASSERT(expected.isNullOrUndefined() || expected.isMagic());
+
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ Value expected() const { return expected_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardValue()) {
+ return false;
+ }
+ if (expected() != ins->toGuardValue()->expected()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guards the value is not MagicValue(JS_OPTIMIZED_ARGUMENTS). If this fails,
+// disable lazy arguments for the script.
+class MGuardNotOptimizedArguments : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MGuardNotOptimizedArguments(MDefinition* val)
+ : MUnaryInstruction(classOpcode, val) {
+ setGuard();
+ setResultType(MIRType::Value);
+ // Note: don't setMovable() to not deoptimize lazy arguments unnecessarily.
+
+ // If this instruction bails out, we will disable the optimization to
+ // prevent bailout loops.
+ setBailoutKind(BailoutKind::NotOptimizedArgumentsGuard);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardNotOptimizedArguments)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ static bool maybeIsOptimizedArguments(MDefinition* def);
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard on null or undefined values.
+class MGuardNullOrUndefined : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MGuardNullOrUndefined(MDefinition* val)
+ : MUnaryInstruction(classOpcode, val) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardNullOrUndefined)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard on function flags
+class MGuardFunctionFlags : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ // At least one of the expected flags must be set, but not necessarily all
+ // expected flags.
+ uint16_t expectedFlags_;
+
+ // None of the unexpected flags must be set.
+ uint16_t unexpectedFlags_;
+
+ explicit MGuardFunctionFlags(MDefinition* fun, uint16_t expectedFlags,
+ uint16_t unexpectedFlags)
+ : MUnaryInstruction(classOpcode, fun),
+ expectedFlags_(expectedFlags),
+ unexpectedFlags_(unexpectedFlags) {
+ MOZ_ASSERT((expectedFlags & unexpectedFlags) == 0,
+ "Can't guard inconsistent flags");
+ MOZ_ASSERT((expectedFlags | unexpectedFlags) != 0,
+ "Can't guard zero flags");
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardFunctionFlags)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ uint16_t expectedFlags() const { return expectedFlags_; };
+ uint16_t unexpectedFlags() const { return unexpectedFlags_; };
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardFunctionFlags()) {
+ return false;
+ }
+ if (expectedFlags() != ins->toGuardFunctionFlags()->expectedFlags()) {
+ return false;
+ }
+ if (unexpectedFlags() != ins->toGuardFunctionFlags()->unexpectedFlags()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+// Guard the function is a non-builtin constructor.
+class MGuardFunctionIsNonBuiltinCtor : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardFunctionIsNonBuiltinCtor(MDefinition* fun)
+ : MUnaryInstruction(classOpcode, fun) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardFunctionIsNonBuiltinCtor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+// Guard on function kind
+class MGuardFunctionKind : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ FunctionFlags::FunctionKind expected_;
+ bool bailOnEquality_;
+
+ explicit MGuardFunctionKind(MDefinition* fun,
+ FunctionFlags::FunctionKind expected,
+ bool bailOnEquality)
+ : MUnaryInstruction(classOpcode, fun),
+ expected_(expected),
+ bailOnEquality_(bailOnEquality) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardFunctionKind)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ FunctionFlags::FunctionKind expected() const { return expected_; };
+ bool bailOnEquality() const { return bailOnEquality_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardFunctionKind()) {
+ return false;
+ }
+ if (expected() != ins->toGuardFunctionKind()->expected()) {
+ return false;
+ }
+ if (bailOnEquality() != ins->toGuardFunctionKind()->bailOnEquality()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MGuardFunctionScript : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerBaseScript expected_;
+ uint16_t nargs_;
+ FunctionFlags flags_;
+
+ MGuardFunctionScript(MDefinition* fun, BaseScript* expected, uint16_t nargs,
+ FunctionFlags flags)
+ : MUnaryInstruction(classOpcode, fun),
+ expected_(expected),
+ nargs_(nargs),
+ flags_(flags) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardFunctionScript)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ BaseScript* expected() const { return expected_; }
+ uint16_t nargs() const { return nargs_; }
+ FunctionFlags flags() const { return flags_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardFunctionScript()) {
+ return false;
+ }
+ if (expected() != ins->toGuardFunctionScript()->expected()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ // A JSFunction's BaseScript pointer is immutable. Relazification of
+ // self-hosted functions is an exception to this, but we don't use this
+ // guard for self-hosted functions.
+ MOZ_ASSERT(!flags_.isSelfHostedOrIntrinsic());
+ return AliasSet::None();
+ }
+};
+
+// Guard on an object's group, inclusively or exclusively.
+class MGuardObjectGroup : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerObjectGroup group_;
+ bool bailOnEquality_;
+
+ MGuardObjectGroup(MDefinition* obj, ObjectGroup* group, bool bailOnEquality)
+ : MUnaryInstruction(classOpcode, obj),
+ group_(group),
+ bailOnEquality_(bailOnEquality) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardObjectGroup)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ const ObjectGroup* group() const { return group_; }
+ bool bailOnEquality() const { return bailOnEquality_; }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardObjectGroup()) {
+ return false;
+ }
+ if (group() != ins->toGuardObjectGroup()->group()) {
+ return false;
+ }
+ if (bailOnEquality() != ins->toGuardObjectGroup()->bailOnEquality()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+ AliasType mightAlias(const MDefinition* def) const override {
+ // These instructions don't modify the group only the shape.
+ if (def->isAddAndStoreSlot() || def->isAllocateAndStoreSlot()) {
+ return AliasType::NoAlias;
+ }
+ return AliasType::MayAlias;
+ };
+};
+
+// Guard on an object's identity, inclusively or exclusively.
+class MGuardObjectIdentity : public MBinaryInstruction,
+ public SingleObjectPolicy::Data {
+ bool bailOnEquality_;
+
+ MGuardObjectIdentity(MDefinition* obj, MDefinition* expected,
+ bool bailOnEquality)
+ : MBinaryInstruction(classOpcode, obj, expected),
+ bailOnEquality_(bailOnEquality) {
+ MOZ_ASSERT(expected->isConstant() || expected->isNurseryObject());
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardObjectIdentity)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, expected))
+
+ bool bailOnEquality() const { return bailOnEquality_; }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardObjectIdentity()) {
+ return false;
+ }
+ if (bailOnEquality() != ins->toGuardObjectIdentity()->bailOnEquality()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Guard on a specific JSFunction. Used instead of MGuardObjectIdentity,
+// so we can store some metadata related to the expected function.
+class MGuardSpecificFunction : public MBinaryInstruction,
+ public SingleObjectPolicy::Data {
+ uint16_t nargs_;
+ FunctionFlags flags_;
+
+ MGuardSpecificFunction(MDefinition* obj, MDefinition* expected,
+ uint16_t nargs, FunctionFlags flags)
+ : MBinaryInstruction(classOpcode, obj, expected),
+ nargs_(nargs),
+ flags_(flags) {
+ MOZ_ASSERT(expected->isConstant() || expected->isNurseryObject());
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardSpecificFunction)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function), (1, expected))
+
+ uint16_t nargs() const { return nargs_; }
+ FunctionFlags flags() const { return flags_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardSpecificFunction()) {
+ return false;
+ }
+
+ auto* other = ins->toGuardSpecificFunction();
+ if (nargs() != other->nargs() ||
+ flags().toRaw() != other->flags().toRaw()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardSpecificAtom : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ CompilerGCPointer<JSAtom*> atom_;
+
+ MGuardSpecificAtom(MDefinition* str, JSAtom* atom)
+ : MUnaryInstruction(classOpcode, str), atom_(atom) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardSpecificAtom)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, str))
+
+ JSAtom* atom() const { return atom_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardSpecificAtom()) {
+ return false;
+ }
+ if (atom() != ins->toGuardSpecificAtom()->atom()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardSpecificSymbol : public MUnaryInstruction,
+ public SymbolPolicy<0>::Data {
+ CompilerGCPointer<JS::Symbol*> expected_;
+
+ MGuardSpecificSymbol(MDefinition* symbol, JS::Symbol* expected)
+ : MUnaryInstruction(classOpcode, symbol), expected_(expected) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Symbol);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardSpecificSymbol)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, symbol))
+
+ JS::Symbol* expected() const { return expected_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardSpecificSymbol()) {
+ return false;
+ }
+ if (expected() != ins->toGuardSpecificSymbol()->expected()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardStringToIndex : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ explicit MGuardStringToIndex(MDefinition* str)
+ : MUnaryInstruction(classOpcode, str) {
+ // Mark as guard because this instruction must not be eliminated. For
+ // example, if the string is not an index the operation could change from a
+ // typed array load to a getter call.
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardStringToIndex)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardStringToInt32 : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ explicit MGuardStringToInt32(MDefinition* str)
+ : MUnaryInstruction(classOpcode, str) {
+ // Mark as guard to prevent the issue described in MGuardStringToIndex's
+ // constructor.
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardStringToInt32)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardStringToDouble : public MUnaryInstruction,
+ public StringPolicy<0>::Data {
+ explicit MGuardStringToDouble(MDefinition* str)
+ : MUnaryInstruction(classOpcode, str) {
+ // Mark as guard to prevent the issue described in MGuardStringToIndex's
+ // constructor.
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Double);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardStringToDouble)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MGuardNoDenseElements : public MUnaryInstruction,
+ public ObjectPolicy<0>::Data {
+ explicit MGuardNoDenseElements(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardNoDenseElements)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MGuardTagNotEqual
+ : public MBinaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<0>, UnboxedInt32Policy<1>>::Data {
+ MGuardTagNotEqual(MDefinition* left, MDefinition* right)
+ : MBinaryInstruction(classOpcode, left, right) {
+ setGuard();
+ setMovable();
+ setCommutative();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardTagNotEqual)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return binaryCongruentTo(ins);
+ }
+};
+
+// Load from vp[slot] (slots that are not inline in an object).
+class MLoadDynamicSlot : public MUnaryInstruction, public NoTypePolicy::Data {
+ uint32_t slot_;
+
+ MLoadDynamicSlot(MDefinition* slots, uint32_t slot)
+ : MUnaryInstruction(classOpcode, slots), slot_(slot) {
+ setResultType(MIRType::Value);
+ setMovable();
+ MOZ_ASSERT(slots->type() == MIRType::Slots);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDynamicSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, slots))
+
+ uint32_t slot() const { return slot_; }
+
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadDynamicSlot()) {
+ return false;
+ }
+ if (slot() != ins->toLoadDynamicSlot()->slot()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override {
+ MOZ_ASSERT(slots()->type() == MIRType::Slots);
+ return AliasSet::Load(AliasSet::DynamicSlot);
+ }
+ AliasType mightAlias(const MDefinition* store) const override;
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ ALLOW_CLONE(MLoadDynamicSlot)
+};
+
+// Inline call to access a function's environment (scope chain).
+class MFunctionEnvironment : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MFunctionEnvironment(MDefinition* function)
+ : MUnaryInstruction(classOpcode, function) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(FunctionEnvironment)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ // A function's environment is fixed.
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Allocate a new LexicalEnvironmentObject.
+class MNewLexicalEnvironmentObject : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerGCPointer<LexicalScope*> scope_;
+
+ MNewLexicalEnvironmentObject(MDefinition* enclosing, LexicalScope* scope)
+ : MUnaryInstruction(classOpcode, enclosing), scope_(scope) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewLexicalEnvironmentObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, enclosing))
+
+ LexicalScope* scope() const { return scope_; }
+ bool possiblyCalls() const override { return true; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Allocate a new LexicalEnvironmentObject from existing one
+class MCopyLexicalEnvironmentObject : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ bool copySlots_;
+
+ MCopyLexicalEnvironmentObject(MDefinition* env, bool copySlots)
+ : MUnaryInstruction(classOpcode, env), copySlots_(copySlots) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CopyLexicalEnvironmentObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, env))
+
+ bool copySlots() const { return copySlots_; }
+ bool possiblyCalls() const override { return true; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+};
+
+class MHomeObject : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ explicit MHomeObject(MDefinition* function)
+ : MUnaryInstruction(classOpcode, function) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(HomeObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function))
+
+ // A function's [[HomeObject]] is fixed.
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MAddAndStoreSlot
+ : public MBinaryInstruction,
+ public MixPolicy<SingleObjectPolicy, BoxPolicy<1>>::Data {
+ public:
+ enum class Kind {
+ FixedSlot,
+ DynamicSlot,
+ };
+
+ private:
+ Kind kind_;
+ uint32_t slotOffset_;
+ CompilerShape shape_;
+
+ MAddAndStoreSlot(MDefinition* obj, MDefinition* value, Kind kind,
+ uint32_t slotOffset, Shape* shape)
+ : MBinaryInstruction(classOpcode, obj, value),
+ kind_(kind),
+ slotOffset_(slotOffset),
+ shape_(shape) {}
+
+ public:
+ INSTRUCTION_HEADER(AddAndStoreSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ Kind kind() const { return kind_; }
+ uint32_t slotOffset() const { return slotOffset_; }
+ Shape* shape() const { return shape_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields |
+ (kind() == Kind::FixedSlot ? AliasSet::FixedSlot
+ : AliasSet::DynamicSlot));
+ }
+};
+
+class MAllocateAndStoreSlot
+ : public MBinaryInstruction,
+ public MixPolicy<SingleObjectPolicy, BoxPolicy<1>>::Data {
+ private:
+ CompilerShape shape_;
+ uint32_t slotOffset_;
+ uint32_t numNewSlots_;
+
+ MAllocateAndStoreSlot(MDefinition* obj, MDefinition* value,
+ uint32_t slotOffset, Shape* shape, uint32_t numNewSlots)
+ : MBinaryInstruction(classOpcode, obj, value),
+ shape_(shape),
+ slotOffset_(slotOffset),
+ numNewSlots_(numNewSlots) {}
+
+ public:
+ INSTRUCTION_HEADER(AllocateAndStoreSlot)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ Shape* shape() const { return shape_; }
+ uint32_t slotOffset() const { return slotOffset_; }
+ uint32_t numNewSlots() const { return numNewSlots_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields | AliasSet::DynamicSlot);
+ }
+ bool possiblyCalls() const override { return true; }
+};
+
+// Store to vp[slot] (slots that are not inline in an object).
+class MStoreDynamicSlot : public MBinaryInstruction,
+ public NoFloatPolicy<1>::Data {
+ uint32_t slot_;
+ MIRType slotType_;
+ bool needsBarrier_;
+
+ MStoreDynamicSlot(MDefinition* slots, uint32_t slot, MDefinition* value,
+ bool barrier)
+ : MBinaryInstruction(classOpcode, slots, value),
+ slot_(slot),
+ slotType_(MIRType::Value),
+ needsBarrier_(barrier) {
+ MOZ_ASSERT(slots->type() == MIRType::Slots);
+ }
+
+ public:
+ INSTRUCTION_HEADER(StoreDynamicSlot)
+ NAMED_OPERANDS((0, slots), (1, value))
+
+ static MStoreDynamicSlot* NewUnbarriered(TempAllocator& alloc,
+ MDefinition* slots, uint32_t slot,
+ MDefinition* value) {
+ return new (alloc) MStoreDynamicSlot(slots, slot, value, false);
+ }
+ static MStoreDynamicSlot* NewBarriered(TempAllocator& alloc,
+ MDefinition* slots, uint32_t slot,
+ MDefinition* value) {
+ return new (alloc) MStoreDynamicSlot(slots, slot, value, true);
+ }
+
+ uint32_t slot() const { return slot_; }
+ MIRType slotType() const { return slotType_; }
+ void setSlotType(MIRType slotType) {
+ MOZ_ASSERT(slotType != MIRType::None);
+ slotType_ = slotType;
+ }
+ bool needsBarrier() const { return needsBarrier_; }
+ void setNeedsBarrier() { needsBarrier_ = true; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::DynamicSlot);
+ }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ ALLOW_CLONE(MStoreDynamicSlot)
+};
+
+class MGetNameCache : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ private:
+ explicit MGetNameCache(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetNameCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, envObj))
+};
+
+class MCallGetIntrinsicValue : public MNullaryInstruction {
+ CompilerPropertyName name_;
+
+ explicit MCallGetIntrinsicValue(PropertyName* name)
+ : MNullaryInstruction(classOpcode), name_(name) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CallGetIntrinsicValue)
+ TRIVIAL_NEW_WRAPPERS
+
+ PropertyName* name() const { return name_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool possiblyCalls() const override { return true; }
+};
+
+class MDeleteProperty : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ CompilerPropertyName name_;
+ bool strict_;
+
+ MDeleteProperty(MDefinition* val, PropertyName* name, bool strict)
+ : MUnaryInstruction(classOpcode, val), name_(name), strict_(strict) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(DeleteProperty)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ PropertyName* name() const { return name_; }
+ bool strict() const { return strict_; }
+};
+
+class MDeleteElement : public MBinaryInstruction, public BoxInputsPolicy::Data {
+ bool strict_;
+
+ MDeleteElement(MDefinition* value, MDefinition* index, bool strict)
+ : MBinaryInstruction(classOpcode, value, index), strict_(strict) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(DeleteElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, index))
+
+ bool strict() const { return strict_; }
+};
+
+class MSetPropertyCache : public MTernaryInstruction,
+ public MixPolicy<SingleObjectPolicy, CacheIdPolicy<1>,
+ NoFloatPolicy<2>>::Data {
+ bool strict_ : 1;
+
+ MSetPropertyCache(MDefinition* obj, MDefinition* id, MDefinition* value,
+ bool strict)
+ : MTernaryInstruction(classOpcode, obj, id, value), strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(SetPropertyCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, idval), (2, value))
+
+ bool strict() const { return strict_; }
+};
+
+class MCallSetElement : public MTernaryInstruction,
+ public CallSetElementPolicy::Data {
+ bool strict_;
+
+ MCallSetElement(MDefinition* object, MDefinition* index, MDefinition* value,
+ bool strict)
+ : MTernaryInstruction(classOpcode, object, index, value),
+ strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(CallSetElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index), (2, value))
+
+ bool strict() const { return strict_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MSetDOMProperty : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ const JSJitSetterOp func_;
+ Realm* setterRealm_;
+ DOMObjectKind objectKind_;
+
+ MSetDOMProperty(const JSJitSetterOp func, DOMObjectKind objectKind,
+ Realm* setterRealm, MDefinition* obj, MDefinition* val)
+ : MBinaryInstruction(classOpcode, obj, val),
+ func_(func),
+ setterRealm_(setterRealm),
+ objectKind_(objectKind) {}
+
+ public:
+ INSTRUCTION_HEADER(SetDOMProperty)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ JSJitSetterOp fun() const { return func_; }
+ Realm* setterRealm() const { return setterRealm_; }
+ DOMObjectKind objectKind() const { return objectKind_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MGetDOMPropertyBase : public MVariadicInstruction,
+ public ObjectPolicy<0>::Data {
+ const JSJitInfo* info_;
+
+ protected:
+ MGetDOMPropertyBase(Opcode op, const JSJitInfo* jitinfo)
+ : MVariadicInstruction(op), info_(jitinfo) {
+ MOZ_ASSERT(jitinfo);
+ MOZ_ASSERT(jitinfo->type() == JSJitInfo::Getter);
+
+ // We are movable iff the jitinfo says we can be.
+ if (isDomMovable()) {
+ MOZ_ASSERT(jitinfo->aliasSet() != JSJitInfo::AliasEverything);
+ setMovable();
+ } else {
+ // If we're not movable, that means we shouldn't be DCEd either,
+ // because we might throw an exception when called, and getting rid
+ // of that is observable.
+ setGuard();
+ }
+
+ setResultType(MIRType::Value);
+ }
+
+ const JSJitInfo* info() const { return info_; }
+
+ [[nodiscard]] bool init(TempAllocator& alloc, MDefinition* obj,
+ MDefinition* guard, MDefinition* globalGuard) {
+ MOZ_ASSERT(obj);
+ // guard can be null.
+ // globalGuard can be null.
+ size_t operandCount = 1;
+ if (guard) {
+ ++operandCount;
+ }
+ if (globalGuard) {
+ ++operandCount;
+ }
+ if (!MVariadicInstruction::init(alloc, operandCount)) {
+ return false;
+ }
+ initOperand(0, obj);
+
+ size_t operandIndex = 1;
+ // Pin the guard, if we have one as an operand if we want to hoist later.
+ if (guard) {
+ initOperand(operandIndex++, guard);
+ }
+
+ // And the same for the global guard, if we have one.
+ if (globalGuard) {
+ initOperand(operandIndex, globalGuard);
+ }
+
+ return true;
+ }
+
+ public:
+ NAMED_OPERANDS((0, object))
+
+ JSJitGetterOp fun() const { return info_->getter; }
+ bool isInfallible() const { return info_->isInfallible; }
+ bool isDomMovable() const { return info_->isMovable; }
+ JSJitInfo::AliasSet domAliasSet() const { return info_->aliasSet(); }
+ size_t domMemberSlotIndex() const {
+ MOZ_ASSERT(info_->isAlwaysInSlot || info_->isLazilyCachedInSlot);
+ return info_->slotIndex;
+ }
+ bool valueMayBeInSlot() const { return info_->isLazilyCachedInSlot; }
+
+ bool baseCongruentTo(const MGetDOMPropertyBase* ins) const {
+ if (!isDomMovable()) {
+ return false;
+ }
+
+ // Checking the jitinfo is the same as checking the constant function
+ if (!(info() == ins->info())) {
+ return false;
+ }
+
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ JSJitInfo::AliasSet aliasSet = domAliasSet();
+ if (aliasSet == JSJitInfo::AliasNone) {
+ return AliasSet::None();
+ }
+ if (aliasSet == JSJitInfo::AliasDOMSets) {
+ return AliasSet::Load(AliasSet::DOMProperty);
+ }
+ MOZ_ASSERT(aliasSet == JSJitInfo::AliasEverything);
+ return AliasSet::Store(AliasSet::Any);
+ }
+};
+
+class MGetDOMProperty : public MGetDOMPropertyBase {
+ Realm* getterRealm_;
+ DOMObjectKind objectKind_;
+
+ MGetDOMProperty(const JSJitInfo* jitinfo, DOMObjectKind objectKind,
+ Realm* getterRealm)
+ : MGetDOMPropertyBase(classOpcode, jitinfo),
+ getterRealm_(getterRealm),
+ objectKind_(objectKind) {}
+
+ public:
+ INSTRUCTION_HEADER(GetDOMProperty)
+
+ static MGetDOMProperty* New(TempAllocator& alloc, const JSJitInfo* info,
+ DOMObjectKind objectKind, Realm* getterRealm,
+ MDefinition* obj, MDefinition* guard,
+ MDefinition* globalGuard) {
+ auto* res = new (alloc) MGetDOMProperty(info, objectKind, getterRealm);
+ if (!res || !res->init(alloc, obj, guard, globalGuard)) {
+ return nullptr;
+ }
+ return res;
+ }
+
+ Realm* getterRealm() const { return getterRealm_; }
+ DOMObjectKind objectKind() const { return objectKind_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGetDOMProperty()) {
+ return false;
+ }
+
+ if (ins->toGetDOMProperty()->getterRealm() != getterRealm()) {
+ return false;
+ }
+
+ return baseCongruentTo(ins->toGetDOMProperty());
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MGetDOMMember : public MGetDOMPropertyBase {
+ explicit MGetDOMMember(const JSJitInfo* jitinfo)
+ : MGetDOMPropertyBase(classOpcode, jitinfo) {
+ setResultType(MIRTypeFromValueType(jitinfo->returnType()));
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetDOMMember)
+
+ static MGetDOMMember* New(TempAllocator& alloc, const JSJitInfo* info,
+ MDefinition* obj, MDefinition* guard,
+ MDefinition* globalGuard) {
+ auto* res = new (alloc) MGetDOMMember(info);
+ if (!res || !res->init(alloc, obj, guard, globalGuard)) {
+ return nullptr;
+ }
+ return res;
+ }
+
+ bool possiblyCalls() const override { return false; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGetDOMMember()) {
+ return false;
+ }
+
+ return baseCongruentTo(ins->toGetDOMMember());
+ }
+};
+
+// Load the private value expando from a DOM proxy. The target is stored in the
+// proxy object's private slot.
+// This is either an UndefinedValue (no expando), ObjectValue (the expando
+// object), or PrivateValue(ExpandoAndGeneration*).
+class MLoadDOMExpandoValue : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MLoadDOMExpandoValue(MDefinition* proxy)
+ : MUnaryInstruction(classOpcode, proxy) {
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDOMExpandoValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::DOMProxyExpando);
+ }
+};
+
+class MLoadDOMExpandoValueGuardGeneration : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ JS::ExpandoAndGeneration* expandoAndGeneration_;
+ uint64_t generation_;
+
+ MLoadDOMExpandoValueGuardGeneration(
+ MDefinition* proxy, JS::ExpandoAndGeneration* expandoAndGeneration,
+ uint64_t generation)
+ : MUnaryInstruction(classOpcode, proxy),
+ expandoAndGeneration_(expandoAndGeneration),
+ generation_(generation) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDOMExpandoValueGuardGeneration)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy))
+
+ JS::ExpandoAndGeneration* expandoAndGeneration() const {
+ return expandoAndGeneration_;
+ }
+ uint64_t generation() const { return generation_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isLoadDOMExpandoValueGuardGeneration()) {
+ return false;
+ }
+ const auto* other = ins->toLoadDOMExpandoValueGuardGeneration();
+ if (expandoAndGeneration() != other->expandoAndGeneration() ||
+ generation() != other->generation()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::DOMProxyExpando);
+ }
+};
+
+class MLoadDOMExpandoValueIgnoreGeneration : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MLoadDOMExpandoValueIgnoreGeneration(MDefinition* proxy)
+ : MUnaryInstruction(classOpcode, proxy) {
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadDOMExpandoValueIgnoreGeneration)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, proxy))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::DOMProxyExpando);
+ }
+};
+
+// Takes an expando Value as input, then guards it's either UndefinedValue or
+// an object with the expected shape.
+class MGuardDOMExpandoMissingOrGuardShape : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ CompilerShape shape_;
+
+ MGuardDOMExpandoMissingOrGuardShape(MDefinition* obj, Shape* shape)
+ : MUnaryInstruction(classOpcode, obj), shape_(shape) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardDOMExpandoMissingOrGuardShape)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, expando))
+
+ const Shape* shape() const { return shape_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardDOMExpandoMissingOrGuardShape()) {
+ return false;
+ }
+ if (shape() != ins->toGuardDOMExpandoMissingOrGuardShape()->shape()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MStringLength : public MUnaryInstruction, public StringPolicy<0>::Data {
+ explicit MStringLength(MDefinition* string)
+ : MUnaryInstruction(classOpcode, string) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(StringLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, string))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ // The string |length| property is immutable, so there is no
+ // implicit dependency.
+ return AliasSet::None();
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MStringLength)
+};
+
+// Inlined assembly for Math.floor(double | float32) -> int32.
+class MFloor : public MUnaryInstruction, public FloatingPointPolicy<0>::Data {
+ explicit MFloor(MDefinition* num) : MUnaryInstruction(classOpcode, num) {
+ setResultType(MIRType::Int32);
+ specialization_ = MIRType::Double;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Floor)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MFloor)
+};
+
+// Inlined assembly version for Math.ceil(double | float32) -> int32.
+class MCeil : public MUnaryInstruction, public FloatingPointPolicy<0>::Data {
+ explicit MCeil(MDefinition* num) : MUnaryInstruction(classOpcode, num) {
+ setResultType(MIRType::Int32);
+ specialization_ = MIRType::Double;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Ceil)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ void computeRange(TempAllocator& alloc) override;
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MCeil)
+};
+
+// Inlined version of Math.round(double | float32) -> int32.
+class MRound : public MUnaryInstruction, public FloatingPointPolicy<0>::Data {
+ explicit MRound(MDefinition* num) : MUnaryInstruction(classOpcode, num) {
+ setResultType(MIRType::Int32);
+ specialization_ = MIRType::Double;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Round)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MRound)
+};
+
+// Inlined version of Math.trunc(double | float32) -> int32.
+class MTrunc : public MUnaryInstruction, public FloatingPointPolicy<0>::Data {
+ explicit MTrunc(MDefinition* num) : MUnaryInstruction(classOpcode, num) {
+ setResultType(MIRType::Int32);
+ specialization_ = MIRType::Double;
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Trunc)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MTrunc)
+};
+
+// NearbyInt rounds the floating-point input to the nearest integer, according
+// to the RoundingMode.
+class MNearbyInt : public MUnaryInstruction,
+ public FloatingPointPolicy<0>::Data {
+ RoundingMode roundingMode_;
+
+ explicit MNearbyInt(MDefinition* num, MIRType resultType,
+ RoundingMode roundingMode)
+ : MUnaryInstruction(classOpcode, num), roundingMode_(roundingMode) {
+ MOZ_ASSERT(HasAssemblerSupport(roundingMode));
+
+ MOZ_ASSERT(IsFloatingPointType(resultType));
+ setResultType(resultType);
+ specialization_ = resultType;
+
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(NearbyInt)
+ TRIVIAL_NEW_WRAPPERS
+
+ static bool HasAssemblerSupport(RoundingMode mode) {
+ return Assembler::HasRoundInstruction(mode);
+ }
+
+ RoundingMode roundingMode() const { return roundingMode_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool isFloat32Commutative() const override { return true; }
+ void trySpecializeFloat32(TempAllocator& alloc) override;
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override { return true; }
+#endif
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toNearbyInt()->roundingMode() == roundingMode_;
+ }
+
+#ifdef JS_JITSPEW
+ void printOpcode(GenericPrinter& out) const override;
+#endif
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ bool canRecoverOnBailout() const override {
+ switch (roundingMode_) {
+ case RoundingMode::Up:
+ case RoundingMode::Down:
+ case RoundingMode::TowardsZero:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ ALLOW_CLONE(MNearbyInt)
+};
+
+class MGetIteratorCache : public MUnaryInstruction,
+ public BoxExceptPolicy<0, MIRType::Object>::Data {
+ explicit MGetIteratorCache(MDefinition* val)
+ : MUnaryInstruction(classOpcode, val) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetIteratorCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+};
+
+class MOptimizeSpreadCallCache : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MOptimizeSpreadCallCache(MDefinition* val)
+ : MUnaryInstruction(classOpcode, val) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(OptimizeSpreadCallCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+};
+
+class MIteratorMore : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MIteratorMore(MDefinition* iter)
+ : MUnaryInstruction(classOpcode, iter) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(IteratorMore)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, iterator))
+};
+
+class MIsNoIter : public MUnaryInstruction, public NoTypePolicy::Data {
+ explicit MIsNoIter(MDefinition* def) : MUnaryInstruction(classOpcode, def) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsNoIter)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIteratorEnd : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ explicit MIteratorEnd(MDefinition* iter)
+ : MUnaryInstruction(classOpcode, iter) {}
+
+ public:
+ INSTRUCTION_HEADER(IteratorEnd)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, iterator))
+};
+
+// Implementation for 'in' operator using instruction cache
+class MInCache : public MBinaryInstruction,
+ public MixPolicy<CacheIdPolicy<0>, ObjectPolicy<1>>::Data {
+ MInCache(MDefinition* key, MDefinition* obj)
+ : MBinaryInstruction(classOpcode, key, obj) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(InCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, key), (1, object))
+};
+
+// Test whether the index is in the array bounds or a hole.
+class MInArray : public MQuaternaryInstruction, public ObjectPolicy<3>::Data {
+ bool needsNegativeIntCheck_;
+
+ MInArray(MDefinition* elements, MDefinition* index, MDefinition* initLength,
+ MDefinition* object)
+ : MQuaternaryInstruction(classOpcode, elements, index, initLength,
+ object),
+ needsNegativeIntCheck_(true) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+
+ // Set the guard flag to make sure we bail when we see a negative index.
+ // We can clear this flag (and needsNegativeIntCheck_) in
+ // collectRangeInfoPreTrunc.
+ setGuard();
+
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ MOZ_ASSERT(initLength->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(InArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, initLength), (3, object))
+
+ bool needsNegativeIntCheck() const { return needsNegativeIntCheck_; }
+ void collectRangeInfoPreTrunc() override;
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element);
+ }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isInArray()) {
+ return false;
+ }
+ const MInArray* other = ins->toInArray();
+ if (needsNegativeIntCheck() != other->needsNegativeIntCheck()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(other);
+ }
+};
+
+// Bail when the element is a hole.
+class MGuardElementNotHole : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MGuardElementNotHole(MDefinition* elements, MDefinition* index)
+ : MBinaryInstruction(classOpcode, elements, index) {
+ setMovable();
+ setGuard();
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(index->type() == MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardElementNotHole)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element);
+ }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+class MCheckPrivateFieldCache
+ : public MBinaryInstruction,
+ public MixPolicy<BoxExceptPolicy<0, MIRType::Object>,
+ CacheIdPolicy<1>>::Data {
+ MCheckPrivateFieldCache(MDefinition* obj, MDefinition* id)
+ : MBinaryInstruction(classOpcode, obj, id) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckPrivateFieldCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, idval))
+};
+
+class MHasOwnCache : public MBinaryInstruction,
+ public MixPolicy<BoxExceptPolicy<0, MIRType::Object>,
+ CacheIdPolicy<1>>::Data {
+ MHasOwnCache(MDefinition* obj, MDefinition* id)
+ : MBinaryInstruction(classOpcode, obj, id) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(HasOwnCache)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, idval))
+};
+
+// Implementation for instanceof operator with specific rhs.
+class MInstanceOf : public MBinaryInstruction,
+ public MixPolicy<BoxExceptPolicy<0, MIRType::Object>,
+ ObjectPolicy<1>>::Data {
+ MInstanceOf(MDefinition* obj, MDefinition* proto)
+ : MBinaryInstruction(classOpcode, obj, proto) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(InstanceOf)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+// Implementation for instanceof operator with unknown rhs.
+class MInstanceOfCache : public MBinaryInstruction,
+ public MixPolicy<BoxPolicy<0>, ObjectPolicy<1>>::Data {
+ MInstanceOfCache(MDefinition* obj, MDefinition* proto)
+ : MBinaryInstruction(classOpcode, obj, proto) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(InstanceOfCache)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MArgumentsLength : public MNullaryInstruction {
+ MArgumentsLength() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ArgumentsLength)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ // Arguments |length| cannot be mutated by Ion Code.
+ return AliasSet::None();
+ }
+
+ void computeRange(TempAllocator& alloc) override;
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+// This MIR instruction is used to get an argument from the actual arguments.
+class MGetFrameArgument : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ explicit MGetFrameArgument(MDefinition* idx)
+ : MUnaryInstruction(classOpcode, idx) {
+ setResultType(MIRType::Value);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetFrameArgument)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ // This instruction is never aliased, because ops like JSOp::SetArg don't
+ // write to the argument frames. We create an arguments object in that case.
+ return AliasSet::None();
+ }
+};
+
+class MNewTarget : public MNullaryInstruction {
+ MNewTarget() : MNullaryInstruction(classOpcode) {
+ setResultType(MIRType::Value);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewTarget)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MRest : public MUnaryInstruction, public UnboxedInt32Policy<0>::Data {
+ unsigned numFormals_;
+ CompilerGCPointer<ArrayObject*> templateObject_;
+
+ MRest(TempAllocator& alloc, MDefinition* numActuals, unsigned numFormals,
+ ArrayObject* templateObject)
+ : MUnaryInstruction(classOpcode, numActuals),
+ numFormals_(numFormals),
+ templateObject_(templateObject) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Rest)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+ NAMED_OPERANDS((0, numActuals))
+
+ unsigned numFormals() const { return numFormals_; }
+ ArrayObject* templateObject() const { return templateObject_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool possiblyCalls() const override { return true; }
+};
+
+// Given a value being written to another object, update the generational store
+// buffer if the value is in the nursery and object is in the tenured heap.
+class MPostWriteBarrier : public MBinaryInstruction,
+ public ObjectPolicy<0>::Data {
+ MPostWriteBarrier(MDefinition* obj, MDefinition* value)
+ : MBinaryInstruction(classOpcode, obj, value) {
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(PostWriteBarrier)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override {
+ // During lowering, values that neither have object nor value MIR type
+ // are ignored, thus Float32 can show up at this point without any issue.
+ return use == getUseFor(1);
+ }
+#endif
+
+ ALLOW_CLONE(MPostWriteBarrier)
+};
+
+// Given a value being written to another object's elements at the specified
+// index, update the generational store buffer if the value is in the nursery
+// and object is in the tenured heap.
+class MPostWriteElementBarrier
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<2>>::Data {
+ MPostWriteElementBarrier(MDefinition* obj, MDefinition* value,
+ MDefinition* index)
+ : MTernaryInstruction(classOpcode, obj, value, index) {
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(PostWriteElementBarrier)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, value), (2, index))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override {
+ // During lowering, values that neither have object nor value MIR type
+ // are ignored, thus Float32 can show up at this point without any issue.
+ return use == getUseFor(1);
+ }
+#endif
+
+ ALLOW_CLONE(MPostWriteElementBarrier)
+};
+
+class MNewNamedLambdaObject : public MNullaryInstruction {
+ CompilerGCPointer<LexicalEnvironmentObject*> templateObj_;
+
+ explicit MNewNamedLambdaObject(LexicalEnvironmentObject* templateObj)
+ : MNullaryInstruction(classOpcode), templateObj_(templateObj) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewNamedLambdaObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ LexicalEnvironmentObject* templateObj() { return templateObj_; }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MNewCallObject : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ public:
+ INSTRUCTION_HEADER(NewCallObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ explicit MNewCallObject(MConstant* templateObj)
+ : MUnaryInstruction(classOpcode, templateObj) {
+ setResultType(MIRType::Object);
+ }
+
+ CallObject* templateObject() const {
+ return &getOperand(0)->toConstant()->toObject().as<CallObject>();
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+};
+
+class MNewStringObject : public MUnaryInstruction,
+ public ConvertToStringPolicy<0>::Data {
+ CompilerObject templateObj_;
+
+ MNewStringObject(MDefinition* input, JSObject* templateObj)
+ : MUnaryInstruction(classOpcode, input), templateObj_(templateObj) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(NewStringObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ StringObject* templateObj() const;
+};
+
+// This is an alias for MLoadFixedSlot.
+class MEnclosingEnvironment : public MLoadFixedSlot {
+ explicit MEnclosingEnvironment(MDefinition* obj)
+ : MLoadFixedSlot(obj, EnvironmentObject::enclosingEnvironmentSlot()) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ static MEnclosingEnvironment* New(TempAllocator& alloc, MDefinition* obj) {
+ return new (alloc) MEnclosingEnvironment(obj);
+ }
+
+ AliasSet getAliasSet() const override {
+ // EnvironmentObject reserved slots are immutable.
+ return AliasSet::None();
+ }
+};
+
+// This is an element of a spaghetti stack which is used to represent the memory
+// context which has to be restored in case of a bailout.
+struct MStoreToRecover : public TempObject,
+ public InlineSpaghettiStackNode<MStoreToRecover> {
+ MDefinition* operand;
+
+ explicit MStoreToRecover(MDefinition* operand) : operand(operand) {}
+};
+
+using MStoresToRecoverList = InlineSpaghettiStack<MStoreToRecover>;
+
+// A resume point contains the information needed to reconstruct the Baseline
+// Interpreter state from a position in Warp JIT code. A resume point is a
+// mapping of stack slots to MDefinitions.
+//
+// We capture stack state at critical points:
+// * (1) At the beginning of every basic block.
+// * (2) After every effectful operation.
+//
+// As long as these two properties are maintained, instructions can be moved,
+// hoisted, or, eliminated without problems, and ops without side effects do not
+// need to worry about capturing state at precisely the right point in time.
+//
+// Effectful instructions, of course, need to capture state after completion,
+// where the interpreter will not attempt to repeat the operation. For this,
+// ResumeAfter must be used. The state is attached directly to the effectful
+// instruction to ensure that no intermediate instructions could be injected
+// in between by a future analysis pass.
+//
+// During LIR construction, if an instruction can bail back to the interpreter,
+// we create an LSnapshot, which uses the last known resume point to request
+// register/stack assignments for every live value.
+class MResumePoint final : public MNode
+#ifdef DEBUG
+ ,
+ public InlineForwardListNode<MResumePoint>
+#endif
+{
+ public:
+ enum Mode {
+ ResumeAt, // Resume until before the current instruction
+ ResumeAfter, // Resume after the current instruction
+ Outer // State before inlining.
+ };
+
+ private:
+ friend class MBasicBlock;
+ friend void AssertBasicGraphCoherency(MIRGraph& graph, bool force);
+
+ // List of stack slots needed to reconstruct the BaselineFrame.
+ FixedList<MUse> operands_;
+
+ // List of stores needed to reconstruct the content of objects which are
+ // emulated by EmulateStateOf variants.
+ MStoresToRecoverList stores_;
+
+ jsbytecode* pc_;
+ MInstruction* instruction_;
+ Mode mode_;
+
+ MResumePoint(MBasicBlock* block, jsbytecode* pc, Mode mode);
+ void inherit(MBasicBlock* state);
+
+ void setBlock(MBasicBlock* block) {
+ setBlockAndKind(block, Kind::ResumePoint);
+ }
+
+ // Calling isDefinition or isResumePoint on MResumePoint is unnecessary.
+ bool isDefinition() const = delete;
+ bool isResumePoint() const = delete;
+
+ protected:
+ // Initializes operands_ to an empty array of a fixed length.
+ // The array may then be filled in by inherit().
+ [[nodiscard]] bool init(TempAllocator& alloc);
+
+ void clearOperand(size_t index) {
+ // FixedList doesn't initialize its elements, so do an unchecked init.
+ operands_[index].initUncheckedWithoutProducer(this);
+ }
+
+ MUse* getUseFor(size_t index) override { return &operands_[index]; }
+ const MUse* getUseFor(size_t index) const override {
+ return &operands_[index];
+ }
+
+ public:
+ static MResumePoint* New(TempAllocator& alloc, MBasicBlock* block,
+ jsbytecode* pc, Mode mode);
+
+ MBasicBlock* block() const { return resumePointBlock(); }
+
+ size_t numAllocatedOperands() const { return operands_.length(); }
+ uint32_t stackDepth() const { return numAllocatedOperands(); }
+ size_t numOperands() const override { return numAllocatedOperands(); }
+ size_t indexOf(const MUse* u) const final {
+ MOZ_ASSERT(u >= &operands_[0]);
+ MOZ_ASSERT(u <= &operands_[numOperands() - 1]);
+ return u - &operands_[0];
+ }
+ void initOperand(size_t index, MDefinition* operand) {
+ // FixedList doesn't initialize its elements, so do an unchecked init.
+ operands_[index].initUnchecked(operand, this);
+ }
+ void replaceOperand(size_t index, MDefinition* operand) final {
+ operands_[index].replaceProducer(operand);
+ }
+
+ bool isObservableOperand(MUse* u) const;
+ bool isObservableOperand(size_t index) const;
+ bool isRecoverableOperand(MUse* u) const;
+
+ MDefinition* getOperand(size_t index) const override {
+ return operands_[index].producer();
+ }
+ jsbytecode* pc() const { return pc_; }
+ MResumePoint* caller() const;
+ uint32_t frameCount() const {
+ uint32_t count = 1;
+ for (MResumePoint* it = caller(); it; it = it->caller()) {
+ count++;
+ }
+ return count;
+ }
+ MInstruction* instruction() { return instruction_; }
+ void setInstruction(MInstruction* ins) {
+ MOZ_ASSERT(!instruction_);
+ instruction_ = ins;
+ }
+ void resetInstruction() {
+ MOZ_ASSERT(instruction_);
+ instruction_ = nullptr;
+ }
+ Mode mode() const { return mode_; }
+
+ void releaseUses() {
+ for (size_t i = 0, e = numOperands(); i < e; i++) {
+ if (operands_[i].hasProducer()) {
+ operands_[i].releaseProducer();
+ }
+ }
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+
+ // Register a store instruction on the current resume point. This
+ // instruction would be recovered when we are bailing out. The |cache|
+ // argument can be any resume point, it is used to share memory if we are
+ // doing the same modification.
+ void addStore(TempAllocator& alloc, MDefinition* store,
+ const MResumePoint* cache = nullptr);
+
+ MStoresToRecoverList::iterator storesBegin() const { return stores_.begin(); }
+ MStoresToRecoverList::iterator storesEnd() const { return stores_.end(); }
+
+#ifdef JS_JITSPEW
+ virtual void dump(GenericPrinter& out) const override;
+ virtual void dump() const override;
+#endif
+};
+
+class MIsCallable : public MUnaryInstruction,
+ public BoxExceptPolicy<0, MIRType::Object>::Data {
+ explicit MIsCallable(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsCallable)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIsConstructor : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ public:
+ explicit MIsConstructor(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsConstructor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIsCrossRealmArrayConstructor : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ public:
+ explicit MIsCrossRealmArrayConstructor(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsCrossRealmArrayConstructor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIsObject : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MIsObject(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIsNullOrUndefined : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MIsNullOrUndefined(MDefinition* value)
+ : MUnaryInstruction(classOpcode, value) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsNullOrUndefined)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MHasClass : public MUnaryInstruction, public SingleObjectPolicy::Data {
+ const JSClass* class_;
+
+ MHasClass(MDefinition* object, const JSClass* clasp)
+ : MUnaryInstruction(classOpcode, object), class_(clasp) {
+ MOZ_ASSERT(object->type() == MIRType::Object);
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(HasClass)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ const JSClass* getClass() const { return class_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isHasClass()) {
+ return false;
+ }
+ if (getClass() != ins->toHasClass()->getClass()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+class MGuardToClass : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ const JSClass* class_;
+
+ MGuardToClass(MDefinition* object, const JSClass* clasp)
+ : MUnaryInstruction(classOpcode, object), class_(clasp) {
+ MOZ_ASSERT(object->type() == MIRType::Object);
+ setResultType(MIRType::Object);
+ setMovable();
+
+ // We will bail out if the class type is incorrect, so we need to ensure we
+ // don't eliminate this instruction
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardToClass)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ const JSClass* getClass() const { return class_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardToClass()) {
+ return false;
+ }
+ if (getClass() != ins->toGuardToClass()->getClass()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Note: we might call a proxy trap, so this instruction is effectful.
+class MIsArray : public MUnaryInstruction,
+ public BoxExceptPolicy<0, MIRType::Object>::Data {
+ explicit MIsArray(MDefinition* value)
+ : MUnaryInstruction(classOpcode, value) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+class MIsTypedArray : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ bool possiblyWrapped_;
+
+ explicit MIsTypedArray(MDefinition* value, bool possiblyWrapped)
+ : MUnaryInstruction(classOpcode, value),
+ possiblyWrapped_(possiblyWrapped) {
+ setResultType(MIRType::Boolean);
+
+ if (possiblyWrapped) {
+ // Proxy checks may throw, so we're neither removable nor movable.
+ setGuard();
+ } else {
+ setMovable();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsTypedArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ bool isPossiblyWrapped() const { return possiblyWrapped_; }
+ AliasSet getAliasSet() const override {
+ if (isPossiblyWrapped()) {
+ return AliasSet::Store(AliasSet::Any);
+ }
+ return AliasSet::None();
+ }
+};
+
+class MObjectClassToString : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MObjectClassToString(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::String);
+ }
+
+ public:
+ INSTRUCTION_HEADER(ObjectClassToString)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override {
+ // Tests @@toStringTag is neither present on this object nor on any object
+ // of the prototype chain.
+ return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot |
+ AliasSet::DynamicSlot);
+ }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MCheckReturn : public MBinaryInstruction, public BoxInputsPolicy::Data {
+ explicit MCheckReturn(MDefinition* retVal, MDefinition* thisVal)
+ : MBinaryInstruction(classOpcode, retVal, thisVal) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckReturn)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, returnValue), (1, thisValue))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MCheckThis : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MCheckThis(MDefinition* thisVal)
+ : MUnaryInstruction(classOpcode, thisVal) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckThis)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, thisValue))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+class MAsyncResolve : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ AsyncFunctionResolveKind resolveKind_;
+
+ explicit MAsyncResolve(MDefinition* generator, MDefinition* valueOrReason,
+ AsyncFunctionResolveKind resolveKind)
+ : MBinaryInstruction(classOpcode, generator, valueOrReason),
+ resolveKind_(resolveKind) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(AsyncResolve)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, generator), (1, valueOrReason))
+
+ AsyncFunctionResolveKind resolveKind() { return resolveKind_; }
+};
+
+// Returns from this function to the previous caller; this looks like a regular
+// Unary instruction and is used to lie to the MIR generator about suspending
+// ops like Yield/Await, which are emitted like returns, but MIR-Build like
+// regular instructions.
+class MGeneratorReturn : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MGeneratorReturn(MDefinition* ins)
+ : MUnaryInstruction(classOpcode, ins) {
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GeneratorReturn)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, input))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MAsyncAwait : public MBinaryInstruction,
+ public MixPolicy<BoxPolicy<0>, ObjectPolicy<1>>::Data {
+ explicit MAsyncAwait(MDefinition* value, MDefinition* gen)
+ : MBinaryInstruction(classOpcode, value, gen) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(AsyncAwait)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, generator))
+};
+
+class MCheckThisReinit : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MCheckThisReinit(MDefinition* thisVal)
+ : MUnaryInstruction(classOpcode, thisVal) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckThisReinit)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, thisValue))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+// Allocate the generator object for a frame.
+class MGenerator : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>>::Data {
+ explicit MGenerator(MDefinition* callee, MDefinition* environmentChain,
+ MDefinition* argsObject)
+ : MTernaryInstruction(classOpcode, callee, environmentChain, argsObject) {
+ setResultType(MIRType::Object);
+ };
+
+ public:
+ INSTRUCTION_HEADER(Generator)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, callee), (1, environmentChain), (2, argsObject))
+};
+
+class MCanSkipAwait : public MUnaryInstruction, public BoxPolicy<0>::Data {
+ explicit MCanSkipAwait(MDefinition* generator)
+ : MUnaryInstruction(classOpcode, generator) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CanSkipAwait)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+};
+
+class MMaybeExtractAwaitValue : public MBinaryInstruction,
+ public BoxPolicy<0>::Data {
+ explicit MMaybeExtractAwaitValue(MDefinition* value, MDefinition* canSkip)
+ : MBinaryInstruction(classOpcode, value, canSkip) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(MaybeExtractAwaitValue)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, canSkip))
+};
+
+class MIncrementWarmUpCounter : public MNullaryInstruction {
+ private:
+ JSScript* script_;
+
+ explicit MIncrementWarmUpCounter(JSScript* script)
+ : MNullaryInstruction(classOpcode), script_(script) {}
+
+ public:
+ INSTRUCTION_HEADER(IncrementWarmUpCounter)
+ TRIVIAL_NEW_WRAPPERS
+
+ JSScript* script() const { return script_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MAtomicIsLockFree : public MUnaryInstruction,
+ public ConvertToInt32Policy<0>::Data {
+ explicit MAtomicIsLockFree(MDefinition* value)
+ : MUnaryInstruction(classOpcode, value) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(AtomicIsLockFree)
+ TRIVIAL_NEW_WRAPPERS
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MAtomicIsLockFree)
+};
+
+class MCompareExchangeTypedArrayElement
+ : public MQuaternaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<1>, TruncateToInt32Policy<2>,
+ TruncateToInt32Policy<3>>::Data {
+ Scalar::Type arrayType_;
+
+ explicit MCompareExchangeTypedArrayElement(MDefinition* elements,
+ MDefinition* index,
+ Scalar::Type arrayType,
+ MDefinition* oldval,
+ MDefinition* newval)
+ : MQuaternaryInstruction(classOpcode, elements, index, oldval, newval),
+ arrayType_(arrayType) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ setGuard(); // Not removable
+ }
+
+ public:
+ INSTRUCTION_HEADER(CompareExchangeTypedArrayElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, oldval), (3, newval))
+
+ bool isByteArray() const {
+ return (arrayType_ == Scalar::Int8 || arrayType_ == Scalar::Uint8);
+ }
+ int oldvalOperand() { return 2; }
+ Scalar::Type arrayType() const { return arrayType_; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+};
+
+class MAtomicExchangeTypedArrayElement
+ : public MTernaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<1>, TruncateToInt32Policy<2>>::Data {
+ Scalar::Type arrayType_;
+
+ MAtomicExchangeTypedArrayElement(MDefinition* elements, MDefinition* index,
+ MDefinition* value, Scalar::Type arrayType)
+ : MTernaryInstruction(classOpcode, elements, index, value),
+ arrayType_(arrayType) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ MOZ_ASSERT(arrayType <= Scalar::Uint32);
+ setGuard(); // Not removable
+ }
+
+ public:
+ INSTRUCTION_HEADER(AtomicExchangeTypedArrayElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, value))
+
+ bool isByteArray() const {
+ return (arrayType_ == Scalar::Int8 || arrayType_ == Scalar::Uint8);
+ }
+ Scalar::Type arrayType() const { return arrayType_; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+};
+
+class MAtomicTypedArrayElementBinop
+ : public MTernaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<1>, TruncateToInt32Policy<2>>::Data {
+ private:
+ AtomicOp op_;
+ Scalar::Type arrayType_;
+
+ explicit MAtomicTypedArrayElementBinop(AtomicOp op, MDefinition* elements,
+ MDefinition* index,
+ Scalar::Type arrayType,
+ MDefinition* value)
+ : MTernaryInstruction(classOpcode, elements, index, value),
+ op_(op),
+ arrayType_(arrayType) {
+ MOZ_ASSERT(elements->type() == MIRType::Elements);
+ setGuard(); // Not removable
+ }
+
+ public:
+ INSTRUCTION_HEADER(AtomicTypedArrayElementBinop)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, elements), (1, index), (2, value))
+
+ bool isByteArray() const {
+ return (arrayType_ == Scalar::Int8 || arrayType_ == Scalar::Uint8);
+ }
+ AtomicOp operation() const { return op_; }
+ Scalar::Type arrayType() const { return arrayType_; }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::UnboxedElement);
+ }
+};
+
+class MDebugger : public MNullaryInstruction {
+ MDebugger() : MNullaryInstruction(classOpcode) {
+ setBailoutKind(BailoutKind::Debugger);
+ }
+
+ public:
+ INSTRUCTION_HEADER(Debugger)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MCheckIsObj : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ uint8_t checkKind_;
+
+ MCheckIsObj(TempAllocator& alloc, MDefinition* value, uint8_t checkKind)
+ : MUnaryInstruction(classOpcode, value), checkKind_(checkKind) {
+ setResultType(MIRType::Object);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckIsObj)
+ TRIVIAL_NEW_WRAPPERS_WITH_ALLOC
+
+ uint8_t checkKind() const { return checkKind_; }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MCheckObjCoercible : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MCheckObjCoercible(MDefinition* toCheck)
+ : MUnaryInstruction(classOpcode, toCheck) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckObjCoercible)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, checkValue))
+
+ AliasSet getAliasSet() const override {
+ // Throws on null or undefined.
+ return AliasSet::Store(AliasSet::ExceptionState);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+class MCheckClassHeritage : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MCheckClassHeritage(MDefinition* heritage)
+ : MUnaryInstruction(classOpcode, heritage) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CheckClassHeritage)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, heritage))
+};
+
+class MDebugCheckSelfHosted : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MDebugCheckSelfHosted(MDefinition* toCheck)
+ : MUnaryInstruction(classOpcode, toCheck) {
+ setGuard();
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(DebugCheckSelfHosted)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, checkValue))
+};
+
+class MFinishBoundFunctionInit
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, ObjectPolicy<1>,
+ UnboxedInt32Policy<2>>::Data {
+ MFinishBoundFunctionInit(MDefinition* bound, MDefinition* target,
+ MDefinition* argCount)
+ : MTernaryInstruction(classOpcode, bound, target, argCount) {}
+
+ public:
+ INSTRUCTION_HEADER(FinishBoundFunctionInit)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, bound), (1, target), (2, argCount))
+};
+
+class MIsPackedArray : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MIsPackedArray(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsPackedArray)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MGuardArrayIsPacked : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardArrayIsPacked(MDefinition* array)
+ : MUnaryInstruction(classOpcode, array) {
+ setGuard();
+ setMovable();
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardArrayIsPacked)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, array))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MGetPrototypeOf : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGetPrototypeOf(MDefinition* target)
+ : MUnaryInstruction(classOpcode, target) {
+ setResultType(MIRType::Value);
+ setGuard(); // May throw if target is a proxy.
+ }
+
+ public:
+ INSTRUCTION_HEADER(GetPrototypeOf)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, target))
+};
+
+class MObjectWithProto : public MUnaryInstruction,
+ public BoxInputsPolicy::Data {
+ explicit MObjectWithProto(MDefinition* prototype)
+ : MUnaryInstruction(classOpcode, prototype) {
+ setResultType(MIRType::Object);
+ setGuard(); // May throw if prototype is neither an object nor null.
+ }
+
+ public:
+ INSTRUCTION_HEADER(ObjectWithProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, prototype))
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Used to load the prototype of an object known to have
+// a static prototype.
+class MObjectStaticProto : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MObjectStaticProto(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(ObjectStaticProto)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+ AliasType mightAlias(const MDefinition* def) const override {
+ // These instructions never modify the [[Prototype]].
+ if (def->isAddAndStoreSlot() || def->isAllocateAndStoreSlot()) {
+ return AliasType::NoAlias;
+ }
+ return AliasType::MayAlias;
+ }
+};
+
+class MBuiltinObject : public MNullaryInstruction {
+ BuiltinObjectKind builtinObjectKind_;
+
+ explicit MBuiltinObject(BuiltinObjectKind kind)
+ : MNullaryInstruction(classOpcode), builtinObjectKind_(kind) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(BuiltinObject)
+ TRIVIAL_NEW_WRAPPERS
+
+ BuiltinObjectKind builtinObjectKind() const { return builtinObjectKind_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+class MSuperFunction : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MSuperFunction(MDefinition* callee)
+ : MUnaryInstruction(classOpcode, callee) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(SuperFunction)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, callee))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+};
+
+class MInitHomeObject : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, BoxPolicy<1>>::Data {
+ explicit MInitHomeObject(MDefinition* function, MDefinition* homeObject)
+ : MBinaryInstruction(classOpcode, function, homeObject) {
+ setResultType(MIRType::Object);
+ }
+
+ public:
+ INSTRUCTION_HEADER(InitHomeObject)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, function), (1, homeObject))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::ObjectFields);
+ }
+};
+
+// Return true if the object is definitely a TypedArray constructor, but not
+// necessarily from the currently active realm. Return false if the object is
+// not a TypedArray constructor or if it's a wrapper.
+class MIsTypedArrayConstructor : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MIsTypedArrayConstructor(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Boolean);
+ }
+
+ public:
+ INSTRUCTION_HEADER(IsTypedArrayConstructor)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+// Load the JSValueTag on all platforms except ARM64. See the comments in
+// MacroAssembler-arm64.h for the |cmpTag(Register, ImmTag)| method for why
+// ARM64 doesn't use the raw JSValueTag, but instead a modified tag value. That
+// modified tag value can't be directly compared against JSValueTag constants.
+class MLoadValueTag : public MUnaryInstruction, public BoxInputsPolicy::Data {
+ explicit MLoadValueTag(MDefinition* value)
+ : MUnaryInstruction(classOpcode, value) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadValueTag)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Load the target object from a proxy wrapper. The target is stored in the
+// proxy object's private slot.
+class MLoadWrapperTarget : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MLoadWrapperTarget(MDefinition* obj)
+ : MUnaryInstruction(classOpcode, obj) {
+ setResultType(MIRType::Object);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(LoadWrapperTarget)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override {
+ // Can't use |AliasSet::None| because the target changes on navigation.
+ // TODO: Investigate using a narrower or a custom alias set.
+ return AliasSet::Load(AliasSet::Any);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Guard the accessor shape is present on the object or its prototype chain.
+class MGuardHasGetterSetter : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ CompilerShape shape_;
+
+ MGuardHasGetterSetter(MDefinition* obj, Shape* shape)
+ : MUnaryInstruction(classOpcode, obj), shape_(shape) {
+ setResultType(MIRType::Object);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardHasGetterSetter)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ Shape* shape() const { return shape_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ if (!ins->isGuardHasGetterSetter()) {
+ return false;
+ }
+ if (ins->toGuardHasGetterSetter()->shape() != shape()) {
+ return false;
+ }
+ return congruentIfOperandsEqual(ins);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Guard the object is extensible.
+class MGuardIsExtensible : public MUnaryInstruction,
+ public SingleObjectPolicy::Data {
+ explicit MGuardIsExtensible(MDefinition* object)
+ : MUnaryInstruction(classOpcode, object) {
+ setResultType(MIRType::Object);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIsExtensible)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Guard the input int32 is non-negative.
+class MGuardInt32IsNonNegative : public MUnaryInstruction,
+ public UnboxedInt32Policy<0>::Data {
+ explicit MGuardInt32IsNonNegative(MDefinition* index)
+ : MUnaryInstruction(classOpcode, index) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardInt32IsNonNegative)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+};
+
+// Guard the input index is greater than the dense initialized length of an
+// object.
+class MGuardIndexGreaterThanDenseInitLength
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MGuardIndexGreaterThanDenseInitLength(MDefinition* obj, MDefinition* index)
+ : MBinaryInstruction(classOpcode, obj, index) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIndexGreaterThanDenseInitLength)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Guard an array object's length can be updated successfully when adding an
+// element at the input index.
+class MGuardIndexIsValidUpdateOrAdd
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MGuardIndexIsValidUpdateOrAdd(MDefinition* obj, MDefinition* index)
+ : MBinaryInstruction(classOpcode, obj, index) {
+ setResultType(MIRType::Int32);
+ setMovable();
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(GuardIndexIsValidUpdateOrAdd)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::ObjectFields);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+};
+
+// Add or update a sparse element of an array object. It's allowed for the
+// sparse element to be already present on the array. It may also be an accessor
+// property, so this instruction is always marked as effectful.
+class MCallAddOrUpdateSparseElement
+ : public MTernaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>,
+ BoxPolicy<2>>::Data {
+ bool strict_;
+
+ MCallAddOrUpdateSparseElement(MDefinition* obj, MDefinition* index,
+ MDefinition* value, bool strict)
+ : MTernaryInstruction(classOpcode, obj, index, value), strict_(strict) {}
+
+ public:
+ INSTRUCTION_HEADER(CallAddOrUpdateSparseElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index), (2, value))
+
+ bool strict() const { return strict_; }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Get a sparse element from an array object, possibly by calling an accessor
+// property.
+class MCallGetSparseElement
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MCallGetSparseElement(MDefinition* obj, MDefinition* index)
+ : MBinaryInstruction(classOpcode, obj, index) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CallGetSparseElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Get any element from a native object.
+class MCallNativeGetElement
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MCallNativeGetElement(MDefinition* obj, MDefinition* index)
+ : MBinaryInstruction(classOpcode, obj, index) {
+ setResultType(MIRType::Value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(CallNativeGetElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Test if a native object has an own element (sparse or dense) at an index.
+class MCallObjectHasSparseElement
+ : public MBinaryInstruction,
+ public MixPolicy<ObjectPolicy<0>, UnboxedInt32Policy<1>>::Data {
+ MCallObjectHasSparseElement(MDefinition* obj, MDefinition* index)
+ : MBinaryInstruction(classOpcode, obj, index) {
+ setResultType(MIRType::Boolean);
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(CallObjectHasSparseElement)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, object), (1, index))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::Element | AliasSet::ObjectFields |
+ AliasSet::DynamicSlot | AliasSet::FixedSlot);
+ }
+
+ bool possiblyCalls() const override { return true; }
+};
+
+// Inline implementation of BigInt.asIntN().
+class MBigIntAsIntN
+ : public MBinaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<0>, BigIntPolicy<1>>::Data {
+ MBigIntAsIntN(MDefinition* bits, MDefinition* input)
+ : MBinaryInstruction(classOpcode, bits, input) {
+ setResultType(MIRType::BigInt);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntAsIntN)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, bits), (1, input))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ bool possiblyCalls() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntAsIntN)
+};
+
+// Inline implementation of BigInt.asUintN().
+class MBigIntAsUintN
+ : public MBinaryInstruction,
+ public MixPolicy<UnboxedInt32Policy<0>, BigIntPolicy<1>>::Data {
+ MBigIntAsUintN(MDefinition* bits, MDefinition* input)
+ : MBinaryInstruction(classOpcode, bits, input) {
+ setResultType(MIRType::BigInt);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(BigIntAsUintN)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, bits), (1, input))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ bool possiblyCalls() const override { return true; }
+
+ [[nodiscard]] bool writeRecoverData(
+ CompactBufferWriter& writer) const override;
+ bool canRecoverOnBailout() const override { return true; }
+
+ ALLOW_CLONE(MBigIntAsUintN)
+};
+
+// Flips the input's sign bit, independently of the rest of the number's
+// payload. Note this is different from multiplying by minus-one, which has
+// side-effects for e.g. NaNs.
+class MWasmNeg : public MUnaryInstruction, public NoTypePolicy::Data {
+ MWasmNeg(MDefinition* op, MIRType type) : MUnaryInstruction(classOpcode, op) {
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmNeg)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmLoadTls : public MUnaryInstruction, public NoTypePolicy::Data {
+ uint32_t offset_;
+ AliasSet aliases_;
+
+ explicit MWasmLoadTls(MDefinition* tlsPointer, uint32_t offset, MIRType type,
+ AliasSet aliases)
+ : MUnaryInstruction(classOpcode, tlsPointer),
+ offset_(offset),
+ aliases_(aliases) {
+ // Different Tls data have different alias classes and only those classes
+ // are allowed.
+ MOZ_ASSERT(aliases_.flags() ==
+ AliasSet::Load(AliasSet::WasmHeapMeta).flags() ||
+ aliases_.flags() == AliasSet::None().flags());
+
+ // The only types supported at the moment.
+ MOZ_ASSERT(type == MIRType::Pointer || type == MIRType::Int32);
+
+ setMovable();
+ setResultType(type);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmLoadTls)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, tlsPtr))
+
+ uint32_t offset() const { return offset_; }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return op() == ins->op() && offset() == ins->toWasmLoadTls()->offset() &&
+ type() == ins->type();
+ }
+
+ HashNumber valueHash() const override {
+ return addU32ToHash(HashNumber(op()), offset());
+ }
+
+ AliasSet getAliasSet() const override { return aliases_; }
+};
+
+class MWasmHeapBase : public MUnaryInstruction, public NoTypePolicy::Data {
+ AliasSet aliases_;
+
+ explicit MWasmHeapBase(MDefinition* tlsPointer, AliasSet aliases)
+ : MUnaryInstruction(classOpcode, tlsPointer), aliases_(aliases) {
+ setMovable();
+ setResultType(MIRType::Pointer);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmHeapBase)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, tlsPtr))
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->isWasmHeapBase();
+ }
+
+ AliasSet getAliasSet() const override { return aliases_; }
+};
+
+class MWasmBoundsCheck : public MBinaryInstruction, public NoTypePolicy::Data {
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmBoundsCheck(MDefinition* index, MDefinition* boundsCheckLimit,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MBinaryInstruction(classOpcode, index, boundsCheckLimit),
+ bytecodeOffset_(bytecodeOffset) {
+ // Bounds check is effectful: it throws for OOB.
+ setGuard();
+
+ if (JitOptions.spectreIndexMasking) {
+ setResultType(MIRType::Int32);
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBoundsCheck)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index), (1, boundsCheckLimit))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool isRedundant() const { return !isGuard(); }
+
+ void setRedundant() { setNotGuard(); }
+
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+};
+
+class MWasmAddOffset : public MUnaryInstruction, public NoTypePolicy::Data {
+ uint32_t offset_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ MWasmAddOffset(MDefinition* base, uint32_t offset,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MUnaryInstruction(classOpcode, base),
+ offset_(offset),
+ bytecodeOffset_(bytecodeOffset) {
+ setGuard();
+ setResultType(MIRType::Int32);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmAddOffset)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, base))
+
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ uint32_t offset() const { return offset_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+};
+
+class MWasmAlignmentCheck : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ uint32_t byteSize_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmAlignmentCheck(MDefinition* index, uint32_t byteSize,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MUnaryInstruction(classOpcode, index),
+ byteSize_(byteSize),
+ bytecodeOffset_(bytecodeOffset) {
+ MOZ_ASSERT(mozilla::IsPowerOfTwo(byteSize));
+ // Alignment check is effectful: it throws for unaligned.
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmAlignmentCheck)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, index))
+
+ bool congruentTo(const MDefinition* ins) const override;
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ uint32_t byteSize() const { return byteSize_; }
+
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+};
+
+class MWasmLoad
+ : public MVariadicInstruction, // memoryBase is nullptr on some platforms
+ public NoTypePolicy::Data {
+ wasm::MemoryAccessDesc access_;
+
+ explicit MWasmLoad(const wasm::MemoryAccessDesc& access, MIRType resultType)
+ : MVariadicInstruction(classOpcode), access_(access) {
+ setGuard();
+ setResultType(resultType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmLoad)
+ NAMED_OPERANDS((0, base), (1, memoryBase));
+
+ static MWasmLoad* New(TempAllocator& alloc, MDefinition* memoryBase,
+ MDefinition* base, const wasm::MemoryAccessDesc& access,
+ MIRType resultType) {
+ MWasmLoad* load = new (alloc) MWasmLoad(access, resultType);
+ if (!load->init(alloc, 1 + !!memoryBase)) {
+ return nullptr;
+ }
+
+ load->initOperand(0, base);
+ if (memoryBase) {
+ load->initOperand(1, memoryBase);
+ }
+
+ return load;
+ }
+
+ const wasm::MemoryAccessDesc& access() const { return access_; }
+
+ AliasSet getAliasSet() const override {
+ // When a barrier is needed, make the instruction effectful by giving
+ // it a "store" effect.
+ if (access_.isAtomic()) {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+ return AliasSet::Load(AliasSet::WasmHeap);
+ }
+};
+
+class MWasmStore : public MVariadicInstruction, public NoTypePolicy::Data {
+ wasm::MemoryAccessDesc access_;
+
+ explicit MWasmStore(const wasm::MemoryAccessDesc& access)
+ : MVariadicInstruction(classOpcode), access_(access) {
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmStore)
+ NAMED_OPERANDS((0, base), (1, value), (2, memoryBase))
+
+ static MWasmStore* New(TempAllocator& alloc, MDefinition* memoryBase,
+ MDefinition* base,
+ const wasm::MemoryAccessDesc& access,
+ MDefinition* value) {
+ MWasmStore* store = new (alloc) MWasmStore(access);
+ if (!store->init(alloc, 2 + !!memoryBase)) {
+ return nullptr;
+ }
+
+ store->initOperand(0, base);
+ store->initOperand(1, value);
+ if (memoryBase) {
+ store->initOperand(2, memoryBase);
+ }
+
+ return store;
+ }
+
+ const wasm::MemoryAccessDesc& access() const { return access_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+};
+
+class MAsmJSMemoryAccess {
+ uint32_t offset_;
+ Scalar::Type accessType_;
+ bool needsBoundsCheck_;
+
+ public:
+ explicit MAsmJSMemoryAccess(Scalar::Type accessType)
+ : offset_(0), accessType_(accessType), needsBoundsCheck_(true) {
+ MOZ_ASSERT(accessType != Scalar::Uint8Clamped);
+ }
+
+ uint32_t offset() const { return offset_; }
+ uint32_t endOffset() const { return offset() + byteSize(); }
+ Scalar::Type accessType() const { return accessType_; }
+ unsigned byteSize() const { return TypedArrayElemSize(accessType()); }
+ bool needsBoundsCheck() const { return needsBoundsCheck_; }
+
+ wasm::MemoryAccessDesc access() const {
+ return wasm::MemoryAccessDesc(accessType_, Scalar::byteSize(accessType_),
+ offset_, wasm::BytecodeOffset());
+ }
+
+ void removeBoundsCheck() { needsBoundsCheck_ = false; }
+ void setOffset(uint32_t o) { offset_ = o; }
+};
+
+class MAsmJSLoadHeap
+ : public MVariadicInstruction, // 1 plus optional memoryBase and
+ // boundsCheckLimit
+ public MAsmJSMemoryAccess,
+ public NoTypePolicy::Data {
+ uint32_t memoryBaseIndex_;
+
+ explicit MAsmJSLoadHeap(uint32_t memoryBaseIndex, Scalar::Type accessType)
+ : MVariadicInstruction(classOpcode),
+ MAsmJSMemoryAccess(accessType),
+ memoryBaseIndex_(memoryBaseIndex) {
+ setResultType(ScalarTypeToMIRType(accessType));
+ }
+
+ public:
+ INSTRUCTION_HEADER(AsmJSLoadHeap)
+ NAMED_OPERANDS((0, base), (1, boundsCheckLimit))
+
+ static MAsmJSLoadHeap* New(TempAllocator& alloc, MDefinition* memoryBase,
+ MDefinition* base, MDefinition* boundsCheckLimit,
+ Scalar::Type accessType) {
+ uint32_t nextIndex = 2;
+ uint32_t memoryBaseIndex = memoryBase ? nextIndex++ : UINT32_MAX;
+
+ MAsmJSLoadHeap* load =
+ new (alloc) MAsmJSLoadHeap(memoryBaseIndex, accessType);
+ if (!load->init(alloc, nextIndex)) {
+ return nullptr;
+ }
+
+ load->initOperand(0, base);
+ load->initOperand(1, boundsCheckLimit);
+ if (memoryBase) {
+ load->initOperand(memoryBaseIndex, memoryBase);
+ }
+
+ return load;
+ }
+
+ bool hasMemoryBase() const { return memoryBaseIndex_ != UINT32_MAX; }
+ MDefinition* memoryBase() const {
+ MOZ_ASSERT(hasMemoryBase());
+ return getOperand(memoryBaseIndex_);
+ }
+
+ bool congruentTo(const MDefinition* ins) const override;
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::WasmHeap);
+ }
+ AliasType mightAlias(const MDefinition* def) const override;
+};
+
+class MAsmJSStoreHeap
+ : public MVariadicInstruction, // 2 plus optional memoryBase and
+ // boundsCheckLimit
+ public MAsmJSMemoryAccess,
+ public NoTypePolicy::Data {
+ uint32_t memoryBaseIndex_;
+
+ explicit MAsmJSStoreHeap(uint32_t memoryBaseIndex, Scalar::Type accessType)
+ : MVariadicInstruction(classOpcode),
+ MAsmJSMemoryAccess(accessType),
+ memoryBaseIndex_(memoryBaseIndex) {}
+
+ public:
+ INSTRUCTION_HEADER(AsmJSStoreHeap)
+ NAMED_OPERANDS((0, base), (1, value), (2, boundsCheckLimit))
+
+ static MAsmJSStoreHeap* New(TempAllocator& alloc, MDefinition* memoryBase,
+ MDefinition* base, MDefinition* boundsCheckLimit,
+ Scalar::Type accessType, MDefinition* v) {
+ uint32_t nextIndex = 3;
+ uint32_t memoryBaseIndex = memoryBase ? nextIndex++ : UINT32_MAX;
+
+ MAsmJSStoreHeap* store =
+ new (alloc) MAsmJSStoreHeap(memoryBaseIndex, accessType);
+ if (!store->init(alloc, nextIndex)) {
+ return nullptr;
+ }
+
+ store->initOperand(0, base);
+ store->initOperand(1, v);
+ store->initOperand(2, boundsCheckLimit);
+ if (memoryBase) {
+ store->initOperand(memoryBaseIndex, memoryBase);
+ }
+
+ return store;
+ }
+
+ bool hasMemoryBase() const { return memoryBaseIndex_ != UINT32_MAX; }
+ MDefinition* memoryBase() const {
+ MOZ_ASSERT(hasMemoryBase());
+ return getOperand(memoryBaseIndex_);
+ }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+};
+
+class MWasmFence : public MNullaryInstruction {
+ MWasmFence() : MNullaryInstruction(classOpcode) { setGuard(); }
+
+ public:
+ INSTRUCTION_HEADER(WasmFence)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ ALLOW_CLONE(MWasmFence)
+};
+
+class MWasmCompareExchangeHeap : public MVariadicInstruction,
+ public NoTypePolicy::Data {
+ wasm::MemoryAccessDesc access_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmCompareExchangeHeap(const wasm::MemoryAccessDesc& access,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MVariadicInstruction(classOpcode),
+ access_(access),
+ bytecodeOffset_(bytecodeOffset) {
+ setGuard(); // Not removable
+ setResultType(ScalarTypeToMIRType(access.type()));
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmCompareExchangeHeap)
+ NAMED_OPERANDS((0, base), (1, oldValue), (2, newValue), (3, tls),
+ (4, memoryBase))
+
+ static MWasmCompareExchangeHeap* New(TempAllocator& alloc,
+ wasm::BytecodeOffset bytecodeOffset,
+ MDefinition* memoryBase,
+ MDefinition* base,
+ const wasm::MemoryAccessDesc& access,
+ MDefinition* oldv, MDefinition* newv,
+ MDefinition* tls) {
+ MWasmCompareExchangeHeap* cas =
+ new (alloc) MWasmCompareExchangeHeap(access, bytecodeOffset);
+ if (!cas->init(alloc, 4 + !!memoryBase)) {
+ return nullptr;
+ }
+ cas->initOperand(0, base);
+ cas->initOperand(1, oldv);
+ cas->initOperand(2, newv);
+ cas->initOperand(3, tls);
+ if (memoryBase) {
+ cas->initOperand(4, memoryBase);
+ }
+ return cas;
+ }
+
+ const wasm::MemoryAccessDesc& access() const { return access_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+};
+
+class MWasmAtomicExchangeHeap : public MVariadicInstruction,
+ public NoTypePolicy::Data {
+ wasm::MemoryAccessDesc access_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmAtomicExchangeHeap(const wasm::MemoryAccessDesc& access,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MVariadicInstruction(classOpcode),
+ access_(access),
+ bytecodeOffset_(bytecodeOffset) {
+ setGuard(); // Not removable
+ setResultType(ScalarTypeToMIRType(access.type()));
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmAtomicExchangeHeap)
+ NAMED_OPERANDS((0, base), (1, value), (2, tls), (3, memoryBase))
+
+ static MWasmAtomicExchangeHeap* New(TempAllocator& alloc,
+ wasm::BytecodeOffset bytecodeOffset,
+ MDefinition* memoryBase,
+ MDefinition* base,
+ const wasm::MemoryAccessDesc& access,
+ MDefinition* value, MDefinition* tls) {
+ MWasmAtomicExchangeHeap* xchg =
+ new (alloc) MWasmAtomicExchangeHeap(access, bytecodeOffset);
+ if (!xchg->init(alloc, 3 + !!memoryBase)) {
+ return nullptr;
+ }
+
+ xchg->initOperand(0, base);
+ xchg->initOperand(1, value);
+ xchg->initOperand(2, tls);
+ if (memoryBase) {
+ xchg->initOperand(3, memoryBase);
+ }
+
+ return xchg;
+ }
+
+ const wasm::MemoryAccessDesc& access() const { return access_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+};
+
+class MWasmAtomicBinopHeap : public MVariadicInstruction,
+ public NoTypePolicy::Data {
+ AtomicOp op_;
+ wasm::MemoryAccessDesc access_;
+ wasm::BytecodeOffset bytecodeOffset_;
+
+ explicit MWasmAtomicBinopHeap(AtomicOp op,
+ const wasm::MemoryAccessDesc& access,
+ wasm::BytecodeOffset bytecodeOffset)
+ : MVariadicInstruction(classOpcode),
+ op_(op),
+ access_(access),
+ bytecodeOffset_(bytecodeOffset) {
+ setGuard(); // Not removable
+ setResultType(ScalarTypeToMIRType(access.type()));
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmAtomicBinopHeap)
+ NAMED_OPERANDS((0, base), (1, value), (2, tls), (3, memoryBase))
+
+ static MWasmAtomicBinopHeap* New(TempAllocator& alloc,
+ wasm::BytecodeOffset bytecodeOffset,
+ AtomicOp op, MDefinition* memoryBase,
+ MDefinition* base,
+ const wasm::MemoryAccessDesc& access,
+ MDefinition* v, MDefinition* tls) {
+ MWasmAtomicBinopHeap* binop =
+ new (alloc) MWasmAtomicBinopHeap(op, access, bytecodeOffset);
+ if (!binop->init(alloc, 3 + !!memoryBase)) {
+ return nullptr;
+ }
+
+ binop->initOperand(0, base);
+ binop->initOperand(1, v);
+ binop->initOperand(2, tls);
+ if (memoryBase) {
+ binop->initOperand(3, memoryBase);
+ }
+
+ return binop;
+ }
+
+ AtomicOp operation() const { return op_; }
+ const wasm::MemoryAccessDesc& access() const { return access_; }
+ wasm::BytecodeOffset bytecodeOffset() const { return bytecodeOffset_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmHeap);
+ }
+};
+
+class MWasmLoadGlobalVar : public MUnaryInstruction, public NoTypePolicy::Data {
+ MWasmLoadGlobalVar(MIRType type, unsigned globalDataOffset, bool isConstant,
+ MDefinition* tlsPtr)
+ : MUnaryInstruction(classOpcode, tlsPtr),
+ globalDataOffset_(globalDataOffset),
+ isConstant_(isConstant) {
+ MOZ_ASSERT(IsNumberType(type) || type == MIRType::Simd128 ||
+ type == MIRType::Pointer || type == MIRType::RefOrNull);
+ setResultType(type);
+ setMovable();
+ }
+
+ unsigned globalDataOffset_;
+ bool isConstant_;
+
+ public:
+ INSTRUCTION_HEADER(WasmLoadGlobalVar)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, tlsPtr))
+
+ unsigned globalDataOffset() const { return globalDataOffset_; }
+
+ HashNumber valueHash() const override;
+ bool congruentTo(const MDefinition* ins) const override;
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+
+ AliasSet getAliasSet() const override {
+ return isConstant_ ? AliasSet::None()
+ : AliasSet::Load(AliasSet::WasmGlobalVar);
+ }
+
+ AliasType mightAlias(const MDefinition* def) const override;
+};
+
+class MWasmLoadGlobalCell : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmLoadGlobalCell(MIRType type, MDefinition* cellPtr)
+ : MUnaryInstruction(classOpcode, cellPtr) {
+ setResultType(type);
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmLoadGlobalCell)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, cellPtr))
+
+ // The default valueHash is good enough, because there are no non-operand
+ // fields.
+ bool congruentTo(const MDefinition* ins) const override;
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Load(AliasSet::WasmGlobalCell);
+ }
+
+ AliasType mightAlias(const MDefinition* def) const override;
+};
+
+class MWasmStoreGlobalVar : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmStoreGlobalVar(unsigned globalDataOffset, MDefinition* value,
+ MDefinition* tlsPtr)
+ : MBinaryInstruction(classOpcode, value, tlsPtr),
+ globalDataOffset_(globalDataOffset) {}
+
+ unsigned globalDataOffset_;
+
+ public:
+ INSTRUCTION_HEADER(WasmStoreGlobalVar)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, tlsPtr))
+
+ unsigned globalDataOffset() const { return globalDataOffset_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmGlobalVar);
+ }
+};
+
+class MWasmStoreGlobalCell : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmStoreGlobalCell(MDefinition* value, MDefinition* cellPtr)
+ : MBinaryInstruction(classOpcode, value, cellPtr) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmStoreGlobalCell)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, value), (1, cellPtr))
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmGlobalCell);
+ }
+};
+
+class MWasmStoreStackResult : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmStoreStackResult(MDefinition* stackResultArea, uint32_t offset,
+ MDefinition* value)
+ : MBinaryInstruction(classOpcode, stackResultArea, value),
+ offset_(offset) {}
+
+ uint32_t offset_;
+
+ public:
+ INSTRUCTION_HEADER(WasmStoreStackResult)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, stackResultArea), (1, value))
+
+ uint32_t offset() const { return offset_; }
+
+ AliasSet getAliasSet() const override {
+ return AliasSet::Store(AliasSet::WasmStackResult);
+ }
+};
+
+// Represents a known-good derived pointer into an object or memory region (in
+// the most general sense) that will not move while the derived pointer is live.
+// The `offset` *must* be a valid offset into the object represented by `base`;
+// hence overflow in the address calculation will never be an issue.
+
+class MWasmDerivedPointer : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmDerivedPointer(MDefinition* base, size_t offset)
+ : MUnaryInstruction(classOpcode, base), offset_(offset) {
+ MOZ_ASSERT(offset <= INT32_MAX);
+ setResultType(MIRType::Pointer);
+ setMovable();
+ }
+
+ size_t offset_;
+
+ public:
+ INSTRUCTION_HEADER(WasmDerivedPointer)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, base))
+
+ size_t offset() const { return offset_; }
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toWasmDerivedPointer()->offset() == offset();
+ }
+
+ ALLOW_CLONE(MWasmDerivedPointer)
+};
+
+class MWasmStoreRef : public MAryInstruction<3>, public NoTypePolicy::Data {
+ AliasSet::Flag aliasSet_;
+
+ MWasmStoreRef(MDefinition* tls, MDefinition* valueAddr, MDefinition* value,
+ AliasSet::Flag aliasSet)
+ : MAryInstruction<3>(classOpcode), aliasSet_(aliasSet) {
+ MOZ_ASSERT(valueAddr->type() == MIRType::Pointer);
+ MOZ_ASSERT(value->type() == MIRType::RefOrNull);
+ initOperand(0, tls);
+ initOperand(1, valueAddr);
+ initOperand(2, value);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmStoreRef)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, tls), (1, valueAddr), (2, value))
+
+ AliasSet getAliasSet() const override { return AliasSet::Store(aliasSet_); }
+};
+
+class MWasmParameter : public MNullaryInstruction {
+ ABIArg abi_;
+
+ MWasmParameter(ABIArg abi, MIRType mirType)
+ : MNullaryInstruction(classOpcode), abi_(abi) {
+ setResultType(mirType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmParameter)
+ TRIVIAL_NEW_WRAPPERS
+
+ ABIArg abi() const { return abi_; }
+};
+
+class MWasmReturn : public MAryControlInstruction<2, 0>,
+ public NoTypePolicy::Data {
+ MWasmReturn(MDefinition* ins, MDefinition* tls)
+ : MAryControlInstruction(classOpcode) {
+ initOperand(0, ins);
+ initOperand(1, tls);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmReturn)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmReturnVoid : public MAryControlInstruction<1, 0>,
+ public NoTypePolicy::Data {
+ explicit MWasmReturnVoid(MDefinition* tls)
+ : MAryControlInstruction(classOpcode) {
+ initOperand(0, tls);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmReturnVoid)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmStackArg : public MUnaryInstruction, public NoTypePolicy::Data {
+ MWasmStackArg(uint32_t spOffset, MDefinition* ins)
+ : MUnaryInstruction(classOpcode, ins), spOffset_(spOffset) {}
+
+ uint32_t spOffset_;
+
+ public:
+ INSTRUCTION_HEADER(WasmStackArg)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, arg))
+
+ uint32_t spOffset() const { return spOffset_; }
+ void incrementOffset(uint32_t inc) { spOffset_ += inc; }
+};
+
+template <typename Location>
+class MWasmResultBase : public MNullaryInstruction {
+ Location loc_;
+
+ protected:
+ MWasmResultBase(Opcode op, MIRType type, Location loc)
+ : MNullaryInstruction(op), loc_(loc) {
+ setResultType(type);
+ setCallResultCapture();
+ }
+
+ public:
+ Location loc() { return loc_; }
+};
+
+class MWasmRegisterResult : public MWasmResultBase<Register> {
+ MWasmRegisterResult(MIRType type, Register reg)
+ : MWasmResultBase(classOpcode, type, reg) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmRegisterResult)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmFloatRegisterResult : public MWasmResultBase<FloatRegister> {
+ MWasmFloatRegisterResult(MIRType type, FloatRegister reg)
+ : MWasmResultBase(classOpcode, type, reg) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmFloatRegisterResult)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmRegister64Result : public MWasmResultBase<Register64> {
+ explicit MWasmRegister64Result(Register64 reg)
+ : MWasmResultBase(classOpcode, MIRType::Int64, reg) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmRegister64Result)
+ TRIVIAL_NEW_WRAPPERS
+};
+
+class MWasmStackResultArea : public MNullaryInstruction {
+ public:
+ class StackResult {
+ // Offset in bytes from lowest address of stack result area.
+ uint32_t offset_;
+ MIRType type_;
+
+ public:
+ StackResult() : type_(MIRType::Undefined) {}
+ StackResult(uint32_t offset, MIRType type) : offset_(offset), type_(type) {}
+
+ bool initialized() const { return type_ != MIRType::Undefined; }
+ uint32_t offset() const {
+ MOZ_ASSERT(initialized());
+ return offset_;
+ }
+ MIRType type() const {
+ MOZ_ASSERT(initialized());
+ return type_;
+ }
+ uint32_t endOffset() const { return offset() + MIRTypeToSize(type()); }
+ };
+
+ private:
+ FixedList<StackResult> results_;
+ uint32_t base_;
+
+ explicit MWasmStackResultArea()
+ : MNullaryInstruction(classOpcode), base_(UINT32_MAX) {
+ setResultType(MIRType::StackResults);
+ }
+
+ void assertInitialized() const {
+ MOZ_ASSERT(results_.length() != 0);
+#ifdef DEBUG
+ for (size_t i = 0; i < results_.length(); i++) {
+ MOZ_ASSERT(results_[i].initialized());
+ }
+#endif
+ }
+
+ bool baseInitialized() const { return base_ != UINT32_MAX; }
+
+ public:
+ INSTRUCTION_HEADER(WasmStackResultArea)
+ TRIVIAL_NEW_WRAPPERS
+
+ [[nodiscard]] bool init(TempAllocator& alloc, size_t stackResultCount) {
+ MOZ_ASSERT(results_.length() == 0);
+ MOZ_ASSERT(stackResultCount > 0);
+ if (!results_.init(alloc, stackResultCount)) {
+ return false;
+ }
+ for (size_t n = 0; n < stackResultCount; n++) {
+ results_[n] = StackResult();
+ }
+ return true;
+ }
+
+ size_t resultCount() const { return results_.length(); }
+ const StackResult& result(size_t n) const {
+ MOZ_ASSERT(results_[n].initialized());
+ return results_[n];
+ }
+ void initResult(size_t n, const StackResult& loc) {
+ MOZ_ASSERT(!results_[n].initialized());
+ MOZ_ASSERT((n == 0) == (loc.offset() == 0));
+ MOZ_ASSERT_IF(n > 0, loc.offset() >= result(n - 1).endOffset());
+ results_[n] = loc;
+ }
+
+ uint32_t byteSize() const {
+ assertInitialized();
+ return result(resultCount() - 1).endOffset();
+ }
+
+ // Stack index indicating base of stack area.
+ uint32_t base() const {
+ MOZ_ASSERT(baseInitialized());
+ return base_;
+ }
+ void setBase(uint32_t base) {
+ MOZ_ASSERT(!baseInitialized());
+ base_ = base;
+ MOZ_ASSERT(baseInitialized());
+ }
+};
+
+class MWasmStackResult : public MUnaryInstruction, public NoTypePolicy::Data {
+ uint32_t resultIdx_;
+
+ MWasmStackResult(MWasmStackResultArea* resultArea, size_t idx)
+ : MUnaryInstruction(classOpcode, resultArea), resultIdx_(idx) {
+ setResultType(result().type());
+ setCallResultCapture();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmStackResult)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, resultArea))
+
+ const MWasmStackResultArea::StackResult& result() const {
+ return resultArea()->toWasmStackResultArea()->result(resultIdx_);
+ }
+};
+
+class MWasmCall final : public MVariadicInstruction, public NoTypePolicy::Data {
+ wasm::CallSiteDesc desc_;
+ wasm::CalleeDesc callee_;
+ wasm::FailureMode builtinMethodFailureMode_;
+ FixedList<AnyRegister> argRegs_;
+ uint32_t stackArgAreaSizeUnaligned_;
+ ABIArg instanceArg_;
+
+ MWasmCall(const wasm::CallSiteDesc& desc, const wasm::CalleeDesc& callee,
+ uint32_t stackArgAreaSizeUnaligned)
+ : MVariadicInstruction(classOpcode),
+ desc_(desc),
+ callee_(callee),
+ builtinMethodFailureMode_(wasm::FailureMode::Infallible),
+ stackArgAreaSizeUnaligned_(stackArgAreaSizeUnaligned) {}
+
+ public:
+ INSTRUCTION_HEADER(WasmCall)
+
+ struct Arg {
+ AnyRegister reg;
+ MDefinition* def;
+ Arg(AnyRegister reg, MDefinition* def) : reg(reg), def(def) {}
+ };
+ typedef Vector<Arg, 8, SystemAllocPolicy> Args;
+
+ static MWasmCall* New(TempAllocator& alloc, const wasm::CallSiteDesc& desc,
+ const wasm::CalleeDesc& callee, const Args& args,
+ uint32_t stackArgAreaSizeUnaligned,
+ MDefinition* tableIndex = nullptr);
+
+ static MWasmCall* NewBuiltinInstanceMethodCall(
+ TempAllocator& alloc, const wasm::CallSiteDesc& desc,
+ const wasm::SymbolicAddress builtin, wasm::FailureMode failureMode,
+ const ABIArg& instanceArg, const Args& args,
+ uint32_t stackArgAreaSizeUnaligned);
+
+ size_t numArgs() const { return argRegs_.length(); }
+ AnyRegister registerForArg(size_t index) const {
+ MOZ_ASSERT(index < numArgs());
+ return argRegs_[index];
+ }
+ const wasm::CallSiteDesc& desc() const { return desc_; }
+ const wasm::CalleeDesc& callee() const { return callee_; }
+ wasm::FailureMode builtinMethodFailureMode() const {
+ MOZ_ASSERT(callee_.which() == wasm::CalleeDesc::BuiltinInstanceMethod);
+ return builtinMethodFailureMode_;
+ }
+ uint32_t stackArgAreaSizeUnaligned() const {
+ return stackArgAreaSizeUnaligned_;
+ }
+
+ bool possiblyCalls() const override { return true; }
+
+ const ABIArg& instanceArg() const { return instanceArg_; }
+};
+
+class MWasmSelect : public MTernaryInstruction, public NoTypePolicy::Data {
+ MWasmSelect(MDefinition* trueExpr, MDefinition* falseExpr,
+ MDefinition* condExpr)
+ : MTernaryInstruction(classOpcode, trueExpr, falseExpr, condExpr) {
+ MOZ_ASSERT(condExpr->type() == MIRType::Int32);
+ MOZ_ASSERT(trueExpr->type() == falseExpr->type());
+ setResultType(trueExpr->type());
+ setMovable();
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmSelect)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, trueExpr), (1, falseExpr), (2, condExpr))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ ALLOW_CLONE(MWasmSelect)
+};
+
+class MWasmReinterpret : public MUnaryInstruction, public NoTypePolicy::Data {
+ MWasmReinterpret(MDefinition* val, MIRType toType)
+ : MUnaryInstruction(classOpcode, val) {
+ switch (val->type()) {
+ case MIRType::Int32:
+ MOZ_ASSERT(toType == MIRType::Float32);
+ break;
+ case MIRType::Float32:
+ MOZ_ASSERT(toType == MIRType::Int32);
+ break;
+ case MIRType::Double:
+ MOZ_ASSERT(toType == MIRType::Int64);
+ break;
+ case MIRType::Int64:
+ MOZ_ASSERT(toType == MIRType::Double);
+ break;
+ default:
+ MOZ_CRASH("unexpected reinterpret conversion");
+ }
+ setMovable();
+ setResultType(toType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmReinterpret)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ ALLOW_CLONE(MWasmReinterpret)
+};
+
+class MRotate : public MBinaryInstruction, public NoTypePolicy::Data {
+ bool isLeftRotate_;
+
+ MRotate(MDefinition* input, MDefinition* count, MIRType type,
+ bool isLeftRotate)
+ : MBinaryInstruction(classOpcode, input, count),
+ isLeftRotate_(isLeftRotate) {
+ setMovable();
+ setResultType(type);
+ // Prevent reordering. Although there's no problem eliding call result
+ // definitions, there's also no need, as they cause no codegen.
+ setGuard();
+ }
+
+ public:
+ INSTRUCTION_HEADER(Rotate)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, input), (1, count))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins) &&
+ ins->toRotate()->isLeftRotate() == isLeftRotate_;
+ }
+
+ bool isLeftRotate() const { return isLeftRotate_; }
+
+ ALLOW_CLONE(MRotate)
+};
+
+// Wasm SIMD.
+//
+// See comment in WasmIonCompile.cpp for a justification for these nodes.
+
+// (v128, v128, v128) -> v128 effect-free operation.
+class MWasmBitselectSimd128 : public MTernaryInstruction,
+ public NoTypePolicy::Data {
+ MWasmBitselectSimd128(MDefinition* lhs, MDefinition* rhs,
+ MDefinition* control)
+ : MTernaryInstruction(classOpcode, lhs, rhs, control) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBitselectSimd128)
+ TRIVIAL_NEW_WRAPPERS
+ NAMED_OPERANDS((0, lhs), (1, rhs), (2, control))
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+
+ ALLOW_CLONE(MWasmBitselectSimd128)
+};
+
+// (v128, v128) -> v128 effect-free operations.
+class MWasmBinarySimd128 : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ wasm::SimdOp simdOp_;
+
+ MWasmBinarySimd128(MDefinition* lhs, MDefinition* rhs, bool commutative,
+ wasm::SimdOp simdOp)
+ : MBinaryInstruction(classOpcode, lhs, rhs), simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ if (commutative) {
+ setCommutative();
+ }
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBinarySimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmBinarySimd128()->simdOp() == simdOp_ &&
+ congruentIfOperandsEqual(ins);
+ }
+#ifdef ENABLE_WASM_SIMD
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+#endif
+
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ // Platform-dependent specialization.
+ bool specializeForConstantRhs();
+
+ ALLOW_CLONE(MWasmBinarySimd128)
+};
+
+// (v128, const) -> v128 effect-free operations.
+class MWasmBinarySimd128WithConstant : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ SimdConstant rhs_;
+ wasm::SimdOp simdOp_;
+
+ MWasmBinarySimd128WithConstant(MDefinition* lhs, const SimdConstant& rhs,
+ wasm::SimdOp simdOp)
+ : MUnaryInstruction(classOpcode, lhs), rhs_(rhs), simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmBinarySimd128WithConstant)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmBinarySimd128WithConstant()->simdOp() == simdOp_ &&
+ congruentIfOperandsEqual(ins) &&
+ rhs_.bitwiseEqual(ins->toWasmBinarySimd128WithConstant()->rhs());
+ }
+
+ wasm::SimdOp simdOp() const { return simdOp_; }
+ MDefinition* lhs() const { return input(); }
+ const SimdConstant& rhs() const { return rhs_; }
+
+ ALLOW_CLONE(MWasmBinarySimd128WithConstant)
+};
+
+// (v128, i32) -> v128 effect-free shift operations.
+class MWasmShiftSimd128 : public MBinaryInstruction, public NoTypePolicy::Data {
+ wasm::SimdOp simdOp_;
+
+ MWasmShiftSimd128(MDefinition* lhs, MDefinition* rhs, wasm::SimdOp simdOp)
+ : MBinaryInstruction(classOpcode, lhs, rhs), simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmShiftSimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmShiftSimd128()->simdOp() == simdOp_ &&
+ congruentIfOperandsEqual(ins);
+ }
+
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ ALLOW_CLONE(MWasmShiftSimd128)
+};
+
+// (v128, v128, mask) -> v128 effect-free operation.
+class MWasmShuffleSimd128 : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ SimdConstant control_;
+
+ MWasmShuffleSimd128(MDefinition* lhs, MDefinition* rhs, SimdConstant control)
+ : MBinaryInstruction(classOpcode, lhs, rhs), control_(control) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmShuffleSimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmShuffleSimd128()->control().bitwiseEqual(control_) &&
+ congruentIfOperandsEqual(ins);
+ }
+
+ SimdConstant control() const { return control_; }
+
+ ALLOW_CLONE(MWasmShuffleSimd128)
+};
+
+// (v128, scalar, imm) -> v128 effect-free operations.
+class MWasmReplaceLaneSimd128 : public MBinaryInstruction,
+ public NoTypePolicy::Data {
+ uint32_t laneIndex_;
+ wasm::SimdOp simdOp_;
+
+ MWasmReplaceLaneSimd128(MDefinition* lhs, MDefinition* rhs,
+ uint32_t laneIndex, wasm::SimdOp simdOp)
+ : MBinaryInstruction(classOpcode, lhs, rhs),
+ laneIndex_(laneIndex),
+ simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmReplaceLaneSimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmReplaceLaneSimd128()->simdOp() == simdOp_ &&
+ ins->toWasmReplaceLaneSimd128()->laneIndex() == laneIndex_ &&
+ congruentIfOperandsEqual(ins);
+ }
+
+ uint32_t laneIndex() const { return laneIndex_; }
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ ALLOW_CLONE(MWasmReplaceLaneSimd128)
+};
+
+// (v128) -> v128 effect-free operations.
+class MWasmUnarySimd128 : public MUnaryInstruction, public NoTypePolicy::Data {
+ wasm::SimdOp simdOp_;
+
+ MWasmUnarySimd128(MDefinition* src, wasm::SimdOp simdOp)
+ : MUnaryInstruction(classOpcode, src), simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmUnarySimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmUnarySimd128()->simdOp() == simdOp_ &&
+ congruentIfOperandsEqual(ins);
+ }
+
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ ALLOW_CLONE(MWasmUnarySimd128)
+};
+
+// (scalar) -> v128 effect-free operations.
+class MWasmScalarToSimd128 : public MUnaryInstruction,
+ public NoTypePolicy::Data {
+ wasm::SimdOp simdOp_;
+
+ MWasmScalarToSimd128(MDefinition* src, wasm::SimdOp simdOp)
+ : MUnaryInstruction(classOpcode, src), simdOp_(simdOp) {
+ setMovable();
+ setResultType(MIRType::Simd128);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmScalarToSimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmScalarToSimd128()->simdOp() == simdOp_ &&
+ congruentIfOperandsEqual(ins);
+ }
+#ifdef ENABLE_WASM_SIMD
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+#endif
+
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ ALLOW_CLONE(MWasmScalarToSimd128)
+};
+
+// (v128, imm) -> scalar effect-free operations.
+class MWasmReduceSimd128 : public MUnaryInstruction, public NoTypePolicy::Data {
+ wasm::SimdOp simdOp_;
+ uint32_t imm_;
+
+ MWasmReduceSimd128(MDefinition* src, wasm::SimdOp simdOp, MIRType outType,
+ uint32_t imm)
+ : MUnaryInstruction(classOpcode, src), simdOp_(simdOp), imm_(imm) {
+ setMovable();
+ setResultType(outType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(WasmReduceSimd128)
+ TRIVIAL_NEW_WRAPPERS
+
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+ bool congruentTo(const MDefinition* ins) const override {
+ return ins->toWasmReduceSimd128()->simdOp() == simdOp_ &&
+ ins->toWasmReduceSimd128()->imm() == imm_ &&
+ congruentIfOperandsEqual(ins);
+ }
+#ifdef ENABLE_WASM_SIMD
+ MDefinition* foldsTo(TempAllocator& alloc) override;
+#endif
+
+ uint32_t imm() const { return imm_; }
+ wasm::SimdOp simdOp() const { return simdOp_; }
+
+ ALLOW_CLONE(MWasmReduceSimd128)
+};
+
+// End Wasm SIMD
+
+// Used by MIR building to represent the bytecode result of an operation for
+// which an MBail was generated, to balance the basic block's MDefinition stack.
+class MUnreachableResult : public MNullaryInstruction {
+ explicit MUnreachableResult(MIRType type) : MNullaryInstruction(classOpcode) {
+ MOZ_ASSERT(type != MIRType::None);
+ setResultType(type);
+ }
+
+ public:
+ INSTRUCTION_HEADER(UnreachableResult)
+ TRIVIAL_NEW_WRAPPERS
+
+ bool congruentTo(const MDefinition* ins) const override {
+ return congruentIfOperandsEqual(ins);
+ }
+ AliasSet getAliasSet() const override { return AliasSet::None(); }
+};
+
+class MIonToWasmCall final : public MVariadicInstruction,
+ public NoTypePolicy::Data {
+ CompilerGCPointer<WasmInstanceObject*> instanceObj_;
+ const wasm::FuncExport& funcExport_;
+
+ MIonToWasmCall(WasmInstanceObject* instanceObj, MIRType resultType,
+ const wasm::FuncExport& funcExport)
+ : MVariadicInstruction(classOpcode),
+ instanceObj_(instanceObj),
+ funcExport_(funcExport) {
+ setResultType(resultType);
+ }
+
+ public:
+ INSTRUCTION_HEADER(IonToWasmCall);
+
+ static MIonToWasmCall* New(TempAllocator& alloc,
+ WasmInstanceObject* instanceObj,
+ const wasm::FuncExport& funcExport);
+
+ void initArg(size_t i, MDefinition* arg) { initOperand(i, arg); }
+
+ WasmInstanceObject* instanceObject() const { return instanceObj_; }
+ const wasm::FuncExport& funcExport() const { return funcExport_; }
+ bool possiblyCalls() const override { return true; }
+#ifdef DEBUG
+ bool isConsistentFloat32Use(MUse* use) const override;
+#endif
+};
+
+#undef INSTRUCTION_HEADER
+
+void MUse::init(MDefinition* producer, MNode* consumer) {
+ MOZ_ASSERT(!consumer_, "Initializing MUse that already has a consumer");
+ MOZ_ASSERT(!producer_, "Initializing MUse that already has a producer");
+ initUnchecked(producer, consumer);
+}
+
+void MUse::initUnchecked(MDefinition* producer, MNode* consumer) {
+ MOZ_ASSERT(consumer, "Initializing to null consumer");
+ consumer_ = consumer;
+ producer_ = producer;
+ producer_->addUseUnchecked(this);
+}
+
+void MUse::initUncheckedWithoutProducer(MNode* consumer) {
+ MOZ_ASSERT(consumer, "Initializing to null consumer");
+ consumer_ = consumer;
+ producer_ = nullptr;
+}
+
+void MUse::replaceProducer(MDefinition* producer) {
+ MOZ_ASSERT(consumer_, "Resetting MUse without a consumer");
+ producer_->removeUse(this);
+ producer_ = producer;
+ producer_->addUse(this);
+}
+
+void MUse::releaseProducer() {
+ MOZ_ASSERT(consumer_, "Clearing MUse without a consumer");
+ producer_->removeUse(this);
+ producer_ = nullptr;
+}
+
+// Implement cast functions now that the compiler can see the inheritance.
+
+MDefinition* MNode::toDefinition() {
+ MOZ_ASSERT(isDefinition());
+ return (MDefinition*)this;
+}
+
+MResumePoint* MNode::toResumePoint() {
+ MOZ_ASSERT(isResumePoint());
+ return (MResumePoint*)this;
+}
+
+MInstruction* MDefinition::toInstruction() {
+ MOZ_ASSERT(!isPhi());
+ return (MInstruction*)this;
+}
+
+const MInstruction* MDefinition::toInstruction() const {
+ MOZ_ASSERT(!isPhi());
+ return (const MInstruction*)this;
+}
+
+MControlInstruction* MDefinition::toControlInstruction() {
+ MOZ_ASSERT(isControlInstruction());
+ return (MControlInstruction*)this;
+}
+
+MConstant* MDefinition::maybeConstantValue() {
+ MDefinition* op = this;
+ if (op->isBox()) {
+ op = op->toBox()->input();
+ }
+ if (op->isConstant()) {
+ return op->toConstant();
+ }
+ return nullptr;
+}
+
+// Helper functions used to decide how to build MIR.
+
+inline MIRType MIRTypeForArrayBufferViewRead(Scalar::Type arrayType,
+ bool observedDouble) {
+ switch (arrayType) {
+ case Scalar::Int8:
+ case Scalar::Uint8:
+ case Scalar::Uint8Clamped:
+ case Scalar::Int16:
+ case Scalar::Uint16:
+ case Scalar::Int32:
+ return MIRType::Int32;
+ case Scalar::Uint32:
+ return observedDouble ? MIRType::Double : MIRType::Int32;
+ case Scalar::Float32:
+ return MIRType::Float32;
+ case Scalar::Float64:
+ return MIRType::Double;
+ case Scalar::BigInt64:
+ case Scalar::BigUint64:
+ return MIRType::BigInt;
+ default:
+ break;
+ }
+ MOZ_CRASH("Unknown typed array type");
+}
+
+} // namespace jit
+} // namespace js
+
+// Specialize the AlignmentFinder class to make Result<V, E> works with abstract
+// classes such as MDefinition*, and MInstruction*
+namespace mozilla {
+
+template <>
+class AlignmentFinder<js::jit::MDefinition>
+ : public AlignmentFinder<js::jit::MStart> {};
+
+template <>
+class AlignmentFinder<js::jit::MInstruction>
+ : public AlignmentFinder<js::jit::MStart> {};
+
+} // namespace mozilla
+
+#endif /* jit_MIR_h */