diff options
Diffstat (limited to 'js/src/vm/PortableBaselineInterpret.cpp')
| -rw-r--r-- | js/src/vm/PortableBaselineInterpret.cpp | 5538 |
1 files changed, 5538 insertions, 0 deletions
diff --git a/js/src/vm/PortableBaselineInterpret.cpp b/js/src/vm/PortableBaselineInterpret.cpp new file mode 100644 index 0000000000..e2acaf2d7b --- /dev/null +++ b/js/src/vm/PortableBaselineInterpret.cpp @@ -0,0 +1,5538 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * JavaScript "portable baseline interpreter": an interpreter that is + * capable of running ICs, but without any native code. + * + * See the [SMDOC] in vm/PortableBaselineInterpret.h for a high-level + * overview. + */ + +#include "vm/PortableBaselineInterpret.h" + +#include "mozilla/Maybe.h" +#include <algorithm> + +#include "jsapi.h" + +#include "builtin/DataViewObject.h" +#include "builtin/MapObject.h" +#include "builtin/String.h" +#include "debugger/DebugAPI.h" +#include "jit/BaselineFrame.h" +#include "jit/BaselineIC.h" +#include "jit/BaselineJIT.h" +#include "jit/CacheIR.h" +#include "jit/CacheIRCompiler.h" +#include "jit/CacheIRReader.h" +#include "jit/JitFrames.h" +#include "jit/JitScript.h" +#include "jit/JSJitFrameIter.h" +#include "jit/VMFunctions.h" +#include "vm/AsyncFunction.h" +#include "vm/AsyncIteration.h" +#include "vm/EnvironmentObject.h" +#include "vm/EqualityOperations.h" +#include "vm/GeneratorObject.h" +#include "vm/Interpreter.h" +#include "vm/Iteration.h" +#include "vm/JitActivation.h" +#include "vm/JSScript.h" +#include "vm/Opcodes.h" +#include "vm/PlainObject.h" +#include "vm/Shape.h" + +#include "debugger/DebugAPI-inl.h" +#include "jit/BaselineFrame-inl.h" +#include "jit/JitScript-inl.h" +#include "vm/EnvironmentObject-inl.h" +#include "vm/Interpreter-inl.h" +#include "vm/JSScript-inl.h" +#include "vm/PlainObject-inl.h" + +namespace js { +namespace pbl { + +using namespace js::jit; + +/* + * Debugging: enable `TRACE_INTERP` for an extremely detailed dump of + * what PBL is doing at every opcode step. + */ + +// #define TRACE_INTERP + +#ifdef TRACE_INTERP +# define TRACE_PRINTF(...) \ + do { \ + printf(__VA_ARGS__); \ + fflush(stdout); \ + } while (0) +#else +# define TRACE_PRINTF(...) \ + do { \ + } while (0) +#endif + +// Whether we are using the "hybrid" strategy for ICs (see the [SMDOC] +// in PortableBaselineInterpret.h for more). This is currently a +// constant, but may become configurable in the future. +static const bool kHybridICs = true; + +/* + * ----------------------------------------------- + * Stack handling + * ----------------------------------------------- + */ + +// Large enough for an exit frame. +static const size_t kStackMargin = 1024; + +/* + * A 64-bit value on the auxiliary stack. May either be a raw uint64_t + * or a `Value` (JS NaN-boxed value). + */ +struct StackVal { + uint64_t value; + + explicit StackVal(uint64_t v) : value(v) {} + explicit StackVal(const Value& v) : value(v.asRawBits()) {} + + uint64_t asUInt64() const { return value; } + Value asValue() const { return Value::fromRawBits(value); } +}; + +/* + * A native-pointer-sized value on the auxiliary stack. This is + * separate from the above because we support running on 32-bit + * systems as well! May either be a `void*` (or cast to a + * `CalleeToken`, which is a typedef for a `void*`), or a `uint32_t`, + * which always fits in a native pointer width on our supported + * platforms. (See static_assert below.) + */ +struct StackValNative { + static_assert(sizeof(uintptr_t) >= sizeof(uint32_t), + "Must be at least a 32-bit system to use PBL."); + + uintptr_t value; + + explicit StackValNative(void* v) : value(reinterpret_cast<uintptr_t>(v)) {} + explicit StackValNative(uint32_t v) : value(v) {} + + void* asVoidPtr() const { return reinterpret_cast<void*>(value); } + CalleeToken asCalleeToken() const { + return reinterpret_cast<CalleeToken>(value); + } +}; + +// Assert that the stack alignment is no more than the size of a +// StackValNative -- we rely on this when setting up call frames. +static_assert(JitStackAlignment <= sizeof(StackValNative)); + +#define PUSH(val) *--sp = (val) +#define POP() (*sp++) +#define POPN(n) sp += (n) + +#define PUSHNATIVE(val) \ + do { \ + StackValNative* nativeSP = reinterpret_cast<StackValNative*>(sp); \ + *--nativeSP = (val); \ + sp = reinterpret_cast<StackVal*>(nativeSP); \ + } while (0) +#define POPNNATIVE(n) \ + sp = reinterpret_cast<StackVal*>(reinterpret_cast<StackValNative*>(sp) + (n)) + +/* + * Helper class to manage the auxiliary stack and push/pop frames. + */ +struct Stack { + StackVal* fp; + StackVal* base; + StackVal* top; + StackVal* unwindingSP; + + explicit Stack(PortableBaselineStack& pbs) + : fp(reinterpret_cast<StackVal*>(pbs.top)), + base(reinterpret_cast<StackVal*>(pbs.base)), + top(reinterpret_cast<StackVal*>(pbs.top)), + unwindingSP(nullptr) {} + + MOZ_ALWAYS_INLINE bool check(StackVal* sp, size_t size, bool margin = true) { + return reinterpret_cast<uintptr_t>(base) + size + + (margin ? kStackMargin : 0) <= + reinterpret_cast<uintptr_t>(sp); + } + + [[nodiscard]] MOZ_ALWAYS_INLINE StackVal* allocate(StackVal* sp, + size_t size) { + if (!check(sp, size, false)) { + return nullptr; + } + sp = reinterpret_cast<StackVal*>(reinterpret_cast<uintptr_t>(sp) - size); + return sp; + } + + uint32_t frameSize(StackVal* sp, BaselineFrame* curFrame) const { + return sizeof(StackVal) * (reinterpret_cast<StackVal*>(fp) - sp); + } + + [[nodiscard]] MOZ_ALWAYS_INLINE BaselineFrame* pushFrame(StackVal* sp, + JSContext* cx, + JSObject* envChain) { + TRACE_PRINTF("pushFrame: sp = %p fp = %p\n", sp, fp); + if (sp == base) { + return nullptr; + } + PUSHNATIVE(StackValNative(fp)); + fp = sp; + TRACE_PRINTF("pushFrame: new fp = %p\n", fp); + + BaselineFrame* frame = + reinterpret_cast<BaselineFrame*>(allocate(sp, BaselineFrame::Size())); + if (!frame) { + return nullptr; + } + + frame->setFlags(BaselineFrame::Flags::RUNNING_IN_INTERPRETER); + frame->setEnvironmentChain(envChain); + JSScript* script = frame->script(); + frame->setICScript(script->jitScript()->icScript()); + frame->setInterpreterFields(script->code()); +#ifdef DEBUG + frame->setDebugFrameSize(0); +#endif + return frame; + } + + StackVal* popFrame() { + StackVal* newTOS = + reinterpret_cast<StackVal*>(reinterpret_cast<StackValNative*>(fp) + 1); + fp = reinterpret_cast<StackVal*>( + reinterpret_cast<StackValNative*>(fp)->asVoidPtr()); + MOZ_ASSERT(fp); + TRACE_PRINTF("popFrame: fp = %p\n", fp); + return newTOS; + } + + void setFrameSize(StackVal* sp, BaselineFrame* prevFrame) { +#ifdef DEBUG + MOZ_ASSERT(fp != nullptr); + uintptr_t frameSize = + reinterpret_cast<uintptr_t>(fp) - reinterpret_cast<uintptr_t>(sp); + MOZ_ASSERT(reinterpret_cast<uintptr_t>(fp) >= + reinterpret_cast<uintptr_t>(sp)); + TRACE_PRINTF("pushExitFrame: fp = %p cur() = %p -> frameSize = %d\n", fp, + sp, int(frameSize)); + MOZ_ASSERT(frameSize >= BaselineFrame::Size()); + prevFrame->setDebugFrameSize(frameSize); +#endif + } + + [[nodiscard]] MOZ_ALWAYS_INLINE StackVal* pushExitFrame( + StackVal* sp, BaselineFrame* prevFrame) { + uint8_t* prevFP = + reinterpret_cast<uint8_t*>(prevFrame) + BaselineFrame::Size(); + MOZ_ASSERT(reinterpret_cast<StackVal*>(prevFP) == fp); + setFrameSize(sp, prevFrame); + + if (!check(sp, sizeof(StackVal) * 4, false)) { + return nullptr; + } + + PUSHNATIVE(StackValNative( + MakeFrameDescriptorForJitCall(FrameType::BaselineJS, 0))); + PUSHNATIVE(StackValNative(nullptr)); // fake return address. + PUSHNATIVE(StackValNative(prevFP)); + StackVal* exitFP = sp; + fp = exitFP; + TRACE_PRINTF(" -> fp = %p\n", fp); + PUSHNATIVE(StackValNative(uint32_t(ExitFrameType::Bare))); + return exitFP; + } + + void popExitFrame(StackVal* fp) { + StackVal* prevFP = reinterpret_cast<StackVal*>( + reinterpret_cast<StackValNative*>(fp)->asVoidPtr()); + MOZ_ASSERT(prevFP); + this->fp = prevFP; + TRACE_PRINTF("popExitFrame: fp -> %p\n", fp); + } + + BaselineFrame* frameFromFP() { + return reinterpret_cast<BaselineFrame*>(reinterpret_cast<uintptr_t>(fp) - + BaselineFrame::Size()); + } + + static HandleValue handle(StackVal* sp) { + return HandleValue::fromMarkedLocation(reinterpret_cast<Value*>(sp)); + } + static MutableHandleValue handleMut(StackVal* sp) { + return MutableHandleValue::fromMarkedLocation(reinterpret_cast<Value*>(sp)); + } +}; + +/* + * ----------------------------------------------- + * Interpreter state + * ----------------------------------------------- + */ + +struct ICRegs { + CacheIRReader cacheIRReader; + static const int kMaxICVals = 16; + uint64_t icVals[kMaxICVals]; + uint64_t icResult; + int extraArgs; + bool spreadCall; + + ICRegs() : cacheIRReader(nullptr, nullptr) {} +}; + +struct State { + RootedValue value0; + RootedValue value1; + RootedValue value2; + RootedValue value3; + RootedValue res; + RootedObject obj0; + RootedObject obj1; + RootedObject obj2; + RootedString str0; + RootedString str1; + RootedScript script0; + Rooted<PropertyName*> name0; + Rooted<jsid> id0; + Rooted<JSAtom*> atom0; + RootedFunction fun0; + Rooted<Scope*> scope0; + + explicit State(JSContext* cx) + : value0(cx), + value1(cx), + value2(cx), + value3(cx), + res(cx), + obj0(cx), + obj1(cx), + obj2(cx), + str0(cx), + str1(cx), + script0(cx), + name0(cx), + id0(cx), + atom0(cx), + fun0(cx), + scope0(cx) {} +}; + +/* + * ----------------------------------------------- + * RAII helpers for pushing exit frames. + * + * (See [SMDOC] in PortableBaselineInterpret.h for more.) + * ----------------------------------------------- + */ + +class VMFrameManager { + JSContext* cx; + BaselineFrame* frame; + friend class VMFrame; + + public: + VMFrameManager(JSContext*& cx_, BaselineFrame* frame_) + : cx(cx_), frame(frame_) { + // Once the manager exists, we need to create an exit frame to + // have access to the cx (unless the caller promises it is not + // calling into the rest of the runtime). + cx_ = nullptr; + } + + void switchToFrame(BaselineFrame* frame) { this->frame = frame; } + + // Provides the JSContext, but *only* if no calls into the rest of + // the runtime (that may invoke a GC or stack walk) occur. Avoids + // the overhead of pushing an exit frame. + JSContext* cxForLocalUseOnly() const { return cx; } +}; + +class VMFrame { + JSContext* cx; + Stack& stack; + StackVal* exitFP; + void* prevSavedStack; + + public: + VMFrame(VMFrameManager& mgr, Stack& stack_, StackVal* sp, jsbytecode* pc) + : cx(mgr.cx), stack(stack_) { + mgr.frame->interpreterPC() = pc; + exitFP = stack.pushExitFrame(sp, mgr.frame); + if (!exitFP) { + return; + } + cx->activation()->asJit()->setJSExitFP(reinterpret_cast<uint8_t*>(exitFP)); + prevSavedStack = cx->portableBaselineStack().top; + cx->portableBaselineStack().top = reinterpret_cast<void*>(spBelowFrame()); + } + + StackVal* spBelowFrame() { + return reinterpret_cast<StackVal*>(reinterpret_cast<uintptr_t>(exitFP) - + sizeof(StackValNative)); + } + + ~VMFrame() { + stack.popExitFrame(exitFP); + cx->portableBaselineStack().top = prevSavedStack; + } + + JSContext* getCx() const { return cx; } + operator JSContext*() const { return cx; } + + bool success() const { return exitFP != nullptr; } +}; + +#define PUSH_EXIT_FRAME_OR_RET(value) \ + VMFrame cx(frameMgr, stack, sp, pc); \ + if (!cx.success()) { \ + return value; \ + } \ + StackVal* sp = cx.spBelowFrame(); /* shadow the definition */ \ + (void)sp; /* avoid unused-variable warnings */ + +#define PUSH_IC_FRAME() PUSH_EXIT_FRAME_OR_RET(ICInterpretOpResult::Error) +#define PUSH_FALLBACK_IC_FRAME() PUSH_EXIT_FRAME_OR_RET(PBIResult::Error) +#define PUSH_EXIT_FRAME() PUSH_EXIT_FRAME_OR_RET(PBIResult::Error) + +/* + * ----------------------------------------------- + * IC Interpreter + * ----------------------------------------------- + */ + +ICInterpretOpResult MOZ_ALWAYS_INLINE +ICInterpretOps(BaselineFrame* frame, VMFrameManager& frameMgr, State& state, + ICRegs& icregs, Stack& stack, StackVal* sp, ICCacheIRStub* cstub, + jsbytecode* pc) { +#define CACHEOP_CASE(name) \ + cacheop_##name \ + : TRACE_PRINTF("cacheop (frame %p pc %p stub %p): " #name "\n", frame, \ + pc, cstub); +#define CACHEOP_CASE_FALLTHROUGH(name) CACHEOP_CASE(name) +#define CACHEOP_CASE_UNIMPL(name) cacheop_##name: + + static const void* const addresses[long(CacheOp::NumOpcodes)] = { +#define OP(name, ...) &&cacheop_##name, + CACHE_IR_OPS(OP) +#undef OP + }; + +#define DISPATCH_CACHEOP() \ + cacheop = icregs.cacheIRReader.readOp(); \ + goto* addresses[long(cacheop)]; + +// We set a fixed bound on the number of icVals which is smaller than what IC +// generators may use. As a result we can't evaluate an IC if it defines too +// many values. Note that we don't need to check this when reading from icVals +// because we should have bailed out before the earlier write which defined the +// same value. Similarly, we don't need to check writes to locations which we've +// just read from. +#define BOUNDSCHECK(resultId) \ + if (resultId.id() >= ICRegs::kMaxICVals) return ICInterpretOpResult::NextIC; + +#define PREDICT_NEXT(name) \ + if (icregs.cacheIRReader.peekOp() == CacheOp::name) { \ + icregs.cacheIRReader.readOp(); \ + goto cacheop_##name; \ + } + + CacheOp cacheop; + + DISPATCH_CACHEOP(); + + CACHEOP_CASE(ReturnFromIC) { + TRACE_PRINTF("stub successful!\n"); + return ICInterpretOpResult::Return; + } + + CACHEOP_CASE(GuardToObject) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + TRACE_PRINTF("GuardToObject: icVal %" PRIx64 "\n", + icregs.icVals[inputId.id()]); + if (!v.isObject()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[inputId.id()] = reinterpret_cast<uint64_t>(&v.toObject()); + PREDICT_NEXT(GuardShape); + PREDICT_NEXT(GuardSpecificFunction); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardIsNullOrUndefined) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isNullOrUndefined()) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardIsNull) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isNull()) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardIsUndefined) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isUndefined()) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToBoolean) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isBoolean()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[inputId.id()] = v.toBoolean() ? 1 : 0; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToString) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isString()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[inputId.id()] = reinterpret_cast<uint64_t>(v.toString()); + PREDICT_NEXT(GuardToString); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToSymbol) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isSymbol()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[inputId.id()] = reinterpret_cast<uint64_t>(v.toSymbol()); + PREDICT_NEXT(GuardSpecificSymbol); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToBigInt) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isBigInt()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[inputId.id()] = reinterpret_cast<uint64_t>(v.toBigInt()); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardIsNumber) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isNumber()) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToInt32) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + TRACE_PRINTF("GuardToInt32 (%d): icVal %" PRIx64 "\n", inputId.id(), + icregs.icVals[inputId.id()]); + if (!v.isInt32()) { + return ICInterpretOpResult::NextIC; + } + // N.B.: we don't need to unbox because the low 32 bits are + // already the int32 itself, and we are careful when using + // `Int32Operand`s to only use those bits. + + PREDICT_NEXT(GuardToInt32); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardBooleanToInt32) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Int32OperandId resultId = icregs.cacheIRReader.int32OperandId(); + BOUNDSCHECK(resultId); + Value v = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (!v.isBoolean()) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[resultId.id()] = v.toBoolean() ? 1 : 0; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardToInt32Index) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Int32OperandId resultId = icregs.cacheIRReader.int32OperandId(); + BOUNDSCHECK(resultId); + Value val = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (val.isInt32()) { + icregs.icVals[resultId.id()] = val.toInt32(); + DISPATCH_CACHEOP(); + } else if (val.isDouble()) { + double doubleVal = val.toDouble(); + if (doubleVal >= double(INT32_MIN) && doubleVal <= double(INT32_MAX)) { + icregs.icVals[resultId.id()] = int32_t(doubleVal); + DISPATCH_CACHEOP(); + } + } + return ICInterpretOpResult::NextIC; + } + + CACHEOP_CASE(GuardNonDoubleType) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + ValueType type = icregs.cacheIRReader.valueType(); + Value val = Value::fromRawBits(icregs.icVals[inputId.id()]); + switch (type) { + case ValueType::String: + if (!val.isString()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::Symbol: + if (!val.isSymbol()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::BigInt: + if (!val.isBigInt()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::Int32: + if (!val.isInt32()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::Boolean: + if (!val.isBoolean()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::Undefined: + if (!val.isUndefined()) { + return ICInterpretOpResult::NextIC; + } + break; + case ValueType::Null: + if (!val.isNull()) { + return ICInterpretOpResult::NextIC; + } + break; + default: + MOZ_CRASH("Unexpected type"); + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardShape) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t shapeOffset = icregs.cacheIRReader.stubOffset(); + JSObject* obj = reinterpret_cast<JSObject*>(icregs.icVals[objId.id()]); + uintptr_t expectedShape = + cstub->stubInfo()->getStubRawWord(cstub, shapeOffset); + if (reinterpret_cast<uintptr_t>(obj->shape()) != expectedShape) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardFuse) { + RealmFuses::FuseIndex fuseIndex = icregs.cacheIRReader.realmFuseIndex(); + if (!frameMgr.cxForLocalUseOnly() + ->realm() + ->realmFuses.getFuseByIndex(fuseIndex) + ->intact()) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardProto) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t protoOffset = icregs.cacheIRReader.stubOffset(); + JSObject* obj = reinterpret_cast<JSObject*>(icregs.icVals[objId.id()]); + uintptr_t expectedProto = + cstub->stubInfo()->getStubRawWord(cstub, protoOffset); + if (reinterpret_cast<uintptr_t>(obj->staticPrototype()) != expectedProto) { + return ICInterpretOpResult::NextIC; + } + PREDICT_NEXT(LoadProto); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardClass) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + GuardClassKind kind = icregs.cacheIRReader.guardClassKind(); + JSObject* object = reinterpret_cast<JSObject*>(icregs.icVals[objId.id()]); + switch (kind) { + case GuardClassKind::Array: + if (object->getClass() != &ArrayObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::PlainObject: + if (object->getClass() != &PlainObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::FixedLengthArrayBuffer: + if (object->getClass() != &FixedLengthArrayBufferObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::FixedLengthSharedArrayBuffer: + if (object->getClass() != &FixedLengthSharedArrayBufferObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::FixedLengthDataView: + if (object->getClass() != &FixedLengthDataViewObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::MappedArguments: + if (object->getClass() != &MappedArgumentsObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::UnmappedArguments: + if (object->getClass() != &UnmappedArgumentsObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::WindowProxy: + if (object->getClass() != + frameMgr.cxForLocalUseOnly()->runtime()->maybeWindowProxyClass()) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::JSFunction: + if (!object->is<JSFunction>()) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::Set: + if (object->getClass() != &SetObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::Map: + if (object->getClass() != &MapObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + case GuardClassKind::BoundFunction: + if (object->getClass() != &BoundFunctionObject::class_) { + return ICInterpretOpResult::NextIC; + } + break; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardGlobalGeneration) { + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uint32_t generationAddrOffset = icregs.cacheIRReader.stubOffset(); + uint32_t expected = + cstub->stubInfo()->getStubRawInt32(cstub, expectedOffset); + uint32_t* generationAddr = reinterpret_cast<uint32_t*>( + cstub->stubInfo()->getStubRawWord(cstub, generationAddrOffset)); + if (*generationAddr != expected) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardSpecificObject) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t expected = + cstub->stubInfo()->getStubRawWord(cstub, expectedOffset); + if (expected != icregs.icVals[objId.id()]) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardSpecificFunction) { + ObjOperandId funId = icregs.cacheIRReader.objOperandId(); + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uint32_t nargsAndFlagsOffset = icregs.cacheIRReader.stubOffset(); + (void)nargsAndFlagsOffset; // Unused. + uintptr_t expected = + cstub->stubInfo()->getStubRawWord(cstub, expectedOffset); + if (expected != icregs.icVals[funId.id()]) { + return ICInterpretOpResult::NextIC; + } + PREDICT_NEXT(LoadArgumentFixedSlot); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardFunctionScript) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uint32_t nargsAndFlagsOffset = icregs.cacheIRReader.stubOffset(); + JSFunction* fun = reinterpret_cast<JSFunction*>(icregs.icVals[objId.id()]); + BaseScript* expected = reinterpret_cast<BaseScript*>( + cstub->stubInfo()->getStubRawWord(cstub, expectedOffset)); + (void)nargsAndFlagsOffset; + + if (!fun->hasBaseScript() || fun->baseScript() != expected) { + return ICInterpretOpResult::NextIC; + } + + PREDICT_NEXT(CallScriptedFunction); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardSpecificAtom) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t expected = + cstub->stubInfo()->getStubRawWord(cstub, expectedOffset); + if (expected != icregs.icVals[strId.id()]) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardSpecificSymbol) { + SymbolOperandId symId = icregs.cacheIRReader.symbolOperandId(); + uint32_t expectedOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t expected = + cstub->stubInfo()->getStubRawWord(cstub, expectedOffset); + if (expected != icregs.icVals[symId.id()]) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardSpecificInt32) { + Int32OperandId numId = icregs.cacheIRReader.int32OperandId(); + int32_t expected = icregs.cacheIRReader.int32Immediate(); + if (expected != int32_t(icregs.icVals[numId.id()])) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardDynamicSlotIsSpecificObject) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + ObjOperandId expectedId = icregs.cacheIRReader.objOperandId(); + uint32_t slotOffset = icregs.cacheIRReader.stubOffset(); + JSObject* expected = + reinterpret_cast<JSObject*>(icregs.icVals[expectedId.id()]); + uintptr_t offset = cstub->stubInfo()->getStubRawInt32(cstub, slotOffset); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + HeapSlot* slots = nobj->getSlotsUnchecked(); + Value actual = slots[offset / sizeof(Value)]; + if (actual != ObjectValue(*expected)) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(GuardNoAllocationMetadataBuilder) { + uint32_t builderAddrOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t builderAddr = + cstub->stubInfo()->getStubRawWord(cstub, builderAddrOffset); + if (*reinterpret_cast<uintptr_t*>(builderAddr) != 0) { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadObject) { + ObjOperandId resultId = icregs.cacheIRReader.objOperandId(); + BOUNDSCHECK(resultId); + uint32_t objOffset = icregs.cacheIRReader.stubOffset(); + intptr_t obj = cstub->stubInfo()->getStubRawWord(cstub, objOffset); + icregs.icVals[resultId.id()] = obj; + PREDICT_NEXT(GuardShape); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadProtoObject) { + ObjOperandId resultId = icregs.cacheIRReader.objOperandId(); + BOUNDSCHECK(resultId); + uint32_t protoObjOffset = icregs.cacheIRReader.stubOffset(); + ObjOperandId receiverObjId = icregs.cacheIRReader.objOperandId(); + (void)receiverObjId; + intptr_t obj = cstub->stubInfo()->getStubRawWord(cstub, protoObjOffset); + icregs.icVals[resultId.id()] = obj; + PREDICT_NEXT(GuardShape); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadProto) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + ObjOperandId resultId = icregs.cacheIRReader.objOperandId(); + BOUNDSCHECK(resultId); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + icregs.icVals[resultId.id()] = + reinterpret_cast<uintptr_t>(nobj->staticPrototype()); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadArgumentFixedSlot) { + ValOperandId resultId = icregs.cacheIRReader.valOperandId(); + BOUNDSCHECK(resultId); + uint8_t slotIndex = icregs.cacheIRReader.readByte(); + Value val = sp[slotIndex].asValue(); + TRACE_PRINTF(" -> slot %d: val %" PRIx64 "\n", int(slotIndex), + val.asRawBits()); + icregs.icVals[resultId.id()] = val.asRawBits(); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadArgumentDynamicSlot) { + ValOperandId resultId = icregs.cacheIRReader.valOperandId(); + BOUNDSCHECK(resultId); + Int32OperandId argcId = icregs.cacheIRReader.int32OperandId(); + uint8_t slotIndex = icregs.cacheIRReader.readByte(); + int32_t argc = int32_t(icregs.icVals[argcId.id()]); + Value val = sp[slotIndex + argc].asValue(); + icregs.icVals[resultId.id()] = val.asRawBits(); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(StoreFixedSlot) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t offsetOffset = icregs.cacheIRReader.stubOffset(); + ValOperandId rhsId = icregs.cacheIRReader.valOperandId(); + uintptr_t offset = cstub->stubInfo()->getStubRawInt32(cstub, offsetOffset); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + GCPtr<Value>* slot = reinterpret_cast<GCPtr<Value>*>( + reinterpret_cast<uintptr_t>(nobj) + offset); + Value val = Value::fromRawBits(icregs.icVals[rhsId.id()]); + slot->set(val); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(StoreDynamicSlot) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t offsetOffset = icregs.cacheIRReader.stubOffset(); + ValOperandId rhsId = icregs.cacheIRReader.valOperandId(); + uint32_t offset = cstub->stubInfo()->getStubRawInt32(cstub, offsetOffset); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + HeapSlot* slots = nobj->getSlotsUnchecked(); + Value val = Value::fromRawBits(icregs.icVals[rhsId.id()]); + size_t dynSlot = offset / sizeof(Value); + size_t slot = dynSlot + nobj->numFixedSlots(); + slots[dynSlot].set(nobj, HeapSlot::Slot, slot, val); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(StoreDenseElement) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + Int32OperandId indexId = icregs.cacheIRReader.int32OperandId(); + ValOperandId rhsId = icregs.cacheIRReader.valOperandId(); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + ObjectElements* elems = nobj->getElementsHeader(); + int32_t index = int32_t(icregs.icVals[indexId.id()]); + if (index < 0 || uint32_t(index) >= nobj->getDenseInitializedLength()) { + return ICInterpretOpResult::NextIC; + } + HeapSlot* slot = &elems->elements()[index]; + if (slot->get().isMagic()) { + return ICInterpretOpResult::NextIC; + } + Value val = Value::fromRawBits(icregs.icVals[rhsId.id()]); + slot->set(nobj, HeapSlot::Element, index + elems->numShiftedElements(), + val); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(IsObjectResult) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value val = Value::fromRawBits(icregs.icVals[inputId.id()]); + icregs.icResult = BooleanValue(val.isObject()).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(Int32MinMax) { + bool isMax = icregs.cacheIRReader.readBool(); + Int32OperandId firstId = icregs.cacheIRReader.int32OperandId(); + Int32OperandId secondId = icregs.cacheIRReader.int32OperandId(); + Int32OperandId resultId = icregs.cacheIRReader.int32OperandId(); + BOUNDSCHECK(resultId); + int32_t lhs = int32_t(icregs.icVals[firstId.id()]); + int32_t rhs = int32_t(icregs.icVals[secondId.id()]); + int32_t result = ((lhs > rhs) ^ isMax) ? rhs : lhs; + icregs.icVals[resultId.id()] = result; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CallInt32ToString) { + Int32OperandId inputId = icregs.cacheIRReader.int32OperandId(); + StringOperandId resultId = icregs.cacheIRReader.stringOperandId(); + BOUNDSCHECK(resultId); + int32_t input = int32_t(icregs.icVals[inputId.id()]); + JSLinearString* str = + Int32ToStringPure(frameMgr.cxForLocalUseOnly(), input); + if (str) { + icregs.icVals[resultId.id()] = reinterpret_cast<uintptr_t>(str); + } else { + return ICInterpretOpResult::NextIC; + } + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CallScriptedFunction) + CACHEOP_CASE_FALLTHROUGH(CallNativeFunction) { + bool isNative = cacheop == CacheOp::CallNativeFunction; + TRACE_PRINTF("CallScriptedFunction / CallNativeFunction (native: %d)\n", + isNative); + ObjOperandId calleeId = icregs.cacheIRReader.objOperandId(); + Int32OperandId argcId = icregs.cacheIRReader.int32OperandId(); + CallFlags flags = icregs.cacheIRReader.callFlags(); + uint32_t argcFixed = icregs.cacheIRReader.uint32Immediate(); + bool ignoresRv = false; + if (isNative) { + ignoresRv = icregs.cacheIRReader.readBool(); + } + + JSFunction* callee = + reinterpret_cast<JSFunction*>(icregs.icVals[calleeId.id()]); + uint32_t argc = uint32_t(icregs.icVals[argcId.id()]); + (void)argcFixed; + + if (!isNative) { + if (!callee->hasBaseScript() || !callee->baseScript()->hasBytecode() || + !callee->baseScript()->hasJitScript()) { + return ICInterpretOpResult::NextIC; + } + } + + // For now, fail any constructing or different-realm cases. + if (flags.isConstructing() || !flags.isSameRealm()) { + TRACE_PRINTF("failing: constructing or not same realm\n"); + return ICInterpretOpResult::NextIC; + } + // And support only "standard" arg formats. + if (flags.getArgFormat() != CallFlags::Standard) { + TRACE_PRINTF("failing: not standard arg format\n"); + return ICInterpretOpResult::NextIC; + } + + // For now, fail any arg-underflow case. + if (argc < callee->nargs()) { + TRACE_PRINTF("failing: too few args\n"); + return ICInterpretOpResult::NextIC; + } + + uint32_t extra = 1 + flags.isConstructing() + isNative; + uint32_t totalArgs = argc + extra; + StackVal* origArgs = sp; + + { + PUSH_IC_FRAME(); + + if (!stack.check(sp, sizeof(StackVal) * (totalArgs + 6))) { + ReportOverRecursed(frameMgr.cxForLocalUseOnly()); + return ICInterpretOpResult::Error; + } + + // This will not be an Exit frame but a BaselineStub frame, so + // replace the ExitFrameType with the ICStub pointer. + POPNNATIVE(1); + PUSHNATIVE(StackValNative(cstub)); + + // Push args. + for (uint32_t i = 0; i < totalArgs; i++) { + PUSH(origArgs[i]); + } + Value* args = reinterpret_cast<Value*>(sp); + + TRACE_PRINTF("pushing callee: %p\n", callee); + PUSHNATIVE( + StackValNative(CalleeToToken(callee, /* isConstructing = */ false))); + + if (isNative) { + PUSHNATIVE(StackValNative(argc)); + PUSHNATIVE(StackValNative( + MakeFrameDescriptorForJitCall(FrameType::BaselineStub, 0))); + + // We *also* need an exit frame (the native baseline + // execution would invoke a trampoline here). + StackVal* trampolinePrevFP = stack.fp; + PUSHNATIVE(StackValNative(nullptr)); // fake return address. + PUSHNATIVE(StackValNative(stack.fp)); + stack.fp = sp; + PUSHNATIVE(StackValNative(uint32_t(ExitFrameType::CallNative))); + cx.getCx()->activation()->asJit()->setJSExitFP( + reinterpret_cast<uint8_t*>(stack.fp)); + cx.getCx()->portableBaselineStack().top = reinterpret_cast<void*>(sp); + + JSNative native = ignoresRv + ? callee->jitInfo()->ignoresReturnValueMethod + : callee->native(); + bool success = native(cx, argc, args); + + stack.fp = trampolinePrevFP; + POPNNATIVE(4); + + if (!success) { + return ICInterpretOpResult::Error; + } + icregs.icResult = args[0].asRawBits(); + } else { + PUSHNATIVE(StackValNative( + MakeFrameDescriptorForJitCall(FrameType::BaselineStub, argc))); + + switch (PortableBaselineInterpret( + cx, state, stack, sp, /* envChain = */ nullptr, + reinterpret_cast<Value*>(&icregs.icResult))) { + case PBIResult::Ok: + break; + case PBIResult::Error: + return ICInterpretOpResult::Error; + case PBIResult::Unwind: + return ICInterpretOpResult::Unwind; + case PBIResult::UnwindError: + return ICInterpretOpResult::UnwindError; + case PBIResult::UnwindRet: + return ICInterpretOpResult::UnwindRet; + } + } + } + + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadFixedSlotResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t offsetOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t offset = cstub->stubInfo()->getStubRawInt32(cstub, offsetOffset); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + Value* slot = + reinterpret_cast<Value*>(reinterpret_cast<uintptr_t>(nobj) + offset); + TRACE_PRINTF( + "LoadFixedSlotResult: obj %p offsetOffset %d offset %d slotPtr %p " + "slot %" PRIx64 "\n", + nobj, int(offsetOffset), int(offset), slot, slot->asRawBits()); + icregs.icResult = slot->asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadDynamicSlotResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t offsetOffset = icregs.cacheIRReader.stubOffset(); + uintptr_t offset = cstub->stubInfo()->getStubRawInt32(cstub, offsetOffset); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + HeapSlot* slots = nobj->getSlotsUnchecked(); + icregs.icResult = slots[offset / sizeof(Value)].get().asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadDenseElementResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + Int32OperandId indexId = icregs.cacheIRReader.int32OperandId(); + NativeObject* nobj = + reinterpret_cast<NativeObject*>(icregs.icVals[objId.id()]); + ObjectElements* elems = nobj->getElementsHeader(); + int32_t index = int32_t(icregs.icVals[indexId.id()]); + if (index < 0 || uint32_t(index) >= nobj->getDenseInitializedLength()) { + return ICInterpretOpResult::NextIC; + } + HeapSlot* slot = &elems->elements()[index]; + Value val = slot->get(); + if (val.isMagic()) { + return ICInterpretOpResult::NextIC; + } + icregs.icResult = val.asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadInt32ArrayLengthResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + ArrayObject* aobj = + reinterpret_cast<ArrayObject*>(icregs.icVals[objId.id()]); + uint32_t length = aobj->length(); + if (length > uint32_t(INT32_MAX)) { + return ICInterpretOpResult::NextIC; + } + icregs.icResult = Int32Value(length).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadInt32ArrayLength) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + Int32OperandId resultId = icregs.cacheIRReader.int32OperandId(); + BOUNDSCHECK(resultId); + ArrayObject* aobj = + reinterpret_cast<ArrayObject*>(icregs.icVals[objId.id()]); + uint32_t length = aobj->length(); + if (length > uint32_t(INT32_MAX)) { + return ICInterpretOpResult::NextIC; + } + icregs.icVals[resultId.id()] = length; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LinearizeForCharAccess) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + Int32OperandId indexId = icregs.cacheIRReader.int32OperandId(); + StringOperandId resultId = icregs.cacheIRReader.stringOperandId(); + BOUNDSCHECK(resultId); + JSString* str = + reinterpret_cast<JSLinearString*>(icregs.icVals[strId.id()]); + (void)indexId; + + if (!str->isRope()) { + icregs.icVals[resultId.id()] = reinterpret_cast<uintptr_t>(str); + } else { + PUSH_IC_FRAME(); + JSLinearString* result = LinearizeForCharAccess(cx, str); + if (!result) { + return ICInterpretOpResult::Error; + } + icregs.icVals[resultId.id()] = reinterpret_cast<uintptr_t>(result); + } + PREDICT_NEXT(LoadStringCharResult); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadStringCharResult) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + Int32OperandId indexId = icregs.cacheIRReader.int32OperandId(); + bool handleOOB = icregs.cacheIRReader.readBool(); + + JSString* str = + reinterpret_cast<JSLinearString*>(icregs.icVals[strId.id()]); + int32_t index = int32_t(icregs.icVals[indexId.id()]); + JSString* result = nullptr; + if (index < 0 || size_t(index) >= str->length()) { + if (handleOOB) { + // Return an empty string. + result = frameMgr.cxForLocalUseOnly()->names().empty_; + } else { + return ICInterpretOpResult::NextIC; + } + } else { + char16_t c; + // Guaranteed to be always work because this CacheIR op is + // always preceded by LinearizeForCharAccess. + MOZ_ALWAYS_TRUE(str->getChar(/* cx = */ nullptr, index, &c)); + StaticStrings& sstr = frameMgr.cxForLocalUseOnly()->staticStrings(); + if (sstr.hasUnit(c)) { + result = sstr.getUnit(c); + } else { + PUSH_IC_FRAME(); + result = StringFromCharCode(cx, c); + if (!result) { + return ICInterpretOpResult::Error; + } + } + } + icregs.icResult = StringValue(result).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadStringCharCodeResult) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + Int32OperandId indexId = icregs.cacheIRReader.int32OperandId(); + bool handleOOB = icregs.cacheIRReader.readBool(); + + JSString* str = + reinterpret_cast<JSLinearString*>(icregs.icVals[strId.id()]); + int32_t index = int32_t(icregs.icVals[indexId.id()]); + Value result; + if (index < 0 || size_t(index) >= str->length()) { + if (handleOOB) { + // Return NaN. + result = JS::NaNValue(); + } else { + return ICInterpretOpResult::NextIC; + } + } else { + char16_t c; + // Guaranteed to be always work because this CacheIR op is + // always preceded by LinearizeForCharAccess. + MOZ_ALWAYS_TRUE(str->getChar(/* cx = */ nullptr, index, &c)); + result = Int32Value(c); + } + icregs.icResult = result.asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadStringLengthResult) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + JSString* str = reinterpret_cast<JSString*>(icregs.icVals[strId.id()]); + size_t length = str->length(); + if (length > size_t(INT32_MAX)) { + return ICInterpretOpResult::NextIC; + } + icregs.icResult = Int32Value(length).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadObjectResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + icregs.icResult = + ObjectValue(*reinterpret_cast<JSObject*>(icregs.icVals[objId.id()])) + .asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadStringResult) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + icregs.icResult = + StringValue(reinterpret_cast<JSString*>(icregs.icVals[strId.id()])) + .asRawBits(); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadSymbolResult) { + SymbolOperandId symId = icregs.cacheIRReader.symbolOperandId(); + icregs.icResult = + SymbolValue(reinterpret_cast<JS::Symbol*>(icregs.icVals[symId.id()])) + .asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadInt32Result) { + Int32OperandId valId = icregs.cacheIRReader.int32OperandId(); + icregs.icResult = Int32Value(icregs.icVals[valId.id()]).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadDoubleResult) { + NumberOperandId valId = icregs.cacheIRReader.numberOperandId(); + Value val = Value::fromRawBits(icregs.icVals[valId.id()]); + if (val.isInt32()) { + val = DoubleValue(val.toInt32()); + } + icregs.icResult = val.asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadBigIntResult) { + BigIntOperandId valId = icregs.cacheIRReader.bigIntOperandId(); + icregs.icResult = + BigIntValue(reinterpret_cast<JS::BigInt*>(icregs.icVals[valId.id()])) + .asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadBooleanResult) { + bool val = icregs.cacheIRReader.readBool(); + icregs.icResult = BooleanValue(val).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadInt32Constant) { + uint32_t valOffset = icregs.cacheIRReader.stubOffset(); + Int32OperandId resultId = icregs.cacheIRReader.int32OperandId(); + BOUNDSCHECK(resultId); + uint32_t value = cstub->stubInfo()->getStubRawInt32(cstub, valOffset); + icregs.icVals[resultId.id()] = value; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadConstantStringResult) { + uint32_t strOffset = icregs.cacheIRReader.stubOffset(); + JSString* str = reinterpret_cast<JSString*>( + cstub->stubInfo()->getStubRawWord(cstub, strOffset)); + icregs.icResult = StringValue(str).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + +#define INT32_OP(name, op, extra_check) \ + CACHEOP_CASE(Int32##name##Result) { \ + Int32OperandId lhsId = icregs.cacheIRReader.int32OperandId(); \ + Int32OperandId rhsId = icregs.cacheIRReader.int32OperandId(); \ + int64_t lhs = int64_t(int32_t(icregs.icVals[lhsId.id()])); \ + int64_t rhs = int64_t(int32_t(icregs.icVals[rhsId.id()])); \ + extra_check; \ + int64_t result = lhs op rhs; \ + if (result < INT32_MIN || result > INT32_MAX) { \ + return ICInterpretOpResult::NextIC; \ + } \ + icregs.icResult = Int32Value(int32_t(result)).asRawBits(); \ + PREDICT_NEXT(ReturnFromIC); \ + DISPATCH_CACHEOP(); \ + } + + INT32_OP(Add, +, {}); + INT32_OP(Sub, -, {}); + INT32_OP(Mul, *, { + if (rhs * lhs == 0 && ((rhs < 0) ^ (lhs < 0))) { + return ICInterpretOpResult::NextIC; + } + }); + INT32_OP(Div, /, { + if (rhs == 0 || (lhs == INT32_MIN && rhs == -1)) { + return ICInterpretOpResult::NextIC; + } + if (lhs == 0 && rhs < 0) { + return ICInterpretOpResult::NextIC; + } + if (lhs % rhs != 0) { + return ICInterpretOpResult::NextIC; + } + }); + INT32_OP(Mod, %, { + if (rhs == 0 || (lhs == INT32_MIN && rhs == -1)) { + return ICInterpretOpResult::NextIC; + } + if (lhs % rhs == 0 && lhs < 0) { + return ICInterpretOpResult::NextIC; + } + }); + INT32_OP(BitOr, |, {}); + INT32_OP(BitAnd, &, {}); + + CACHEOP_CASE(Int32PowResult) { + Int32OperandId lhsId = icregs.cacheIRReader.int32OperandId(); + Int32OperandId rhsId = icregs.cacheIRReader.int32OperandId(); + int64_t lhs = int64_t(int32_t(icregs.icVals[lhsId.id()])); + int64_t rhs = int64_t(int32_t(icregs.icVals[rhsId.id()])); + int64_t result; + + if (lhs == 1) { + result = 1; + } else if (rhs < 0) { + return ICInterpretOpResult::NextIC; + } else { + result = 1; + int64_t runningSquare = lhs; + while (rhs) { + if (rhs & 1) { + result *= runningSquare; + if (result > int64_t(INT32_MAX)) { + return ICInterpretOpResult::NextIC; + } + } + rhs >>= 1; + if (rhs == 0) { + break; + } + runningSquare *= runningSquare; + if (runningSquare > int64_t(INT32_MAX)) { + return ICInterpretOpResult::NextIC; + } + } + } + + icregs.icResult = Int32Value(int32_t(result)).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(Int32IncResult) { + Int32OperandId inputId = icregs.cacheIRReader.int32OperandId(); + int64_t value = int64_t(int32_t(icregs.icVals[inputId.id()])); + value++; + if (value > INT32_MAX) { + return ICInterpretOpResult::NextIC; + } + icregs.icResult = Int32Value(int32_t(value)).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadInt32TruthyResult) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + int32_t val = int32_t(icregs.icVals[inputId.id()]); + icregs.icResult = BooleanValue(val != 0).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadStringTruthyResult) { + StringOperandId strId = icregs.cacheIRReader.stringOperandId(); + JSString* str = + reinterpret_cast<JSLinearString*>(icregs.icVals[strId.id()]); + icregs.icResult = BooleanValue(str->length() > 0).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadObjectTruthyResult) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + JSObject* obj = reinterpret_cast<JSObject*>(icregs.icVals[objId.id()]); + const JSClass* cls = obj->getClass(); + if (cls->isProxyObject()) { + return ICInterpretOpResult::NextIC; + } + icregs.icResult = BooleanValue(!cls->emulatesUndefined()).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadValueResult) { + uint32_t valOffset = icregs.cacheIRReader.stubOffset(); + icregs.icResult = cstub->stubInfo()->getStubRawInt64(cstub, valOffset); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(LoadOperandResult) { + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + icregs.icResult = icregs.icVals[inputId.id()]; + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CallStringConcatResult) { + StringOperandId lhsId = icregs.cacheIRReader.stringOperandId(); + StringOperandId rhsId = icregs.cacheIRReader.stringOperandId(); + // We don't push a frame and do a CanGC invocation here; we do a + // pure (NoGC) invocation only, because it's cheaper. + FakeRooted<JSString*> lhs( + nullptr, reinterpret_cast<JSString*>(icregs.icVals[lhsId.id()])); + FakeRooted<JSString*> rhs( + nullptr, reinterpret_cast<JSString*>(icregs.icVals[rhsId.id()])); + JSString* result = + ConcatStrings<NoGC>(frameMgr.cxForLocalUseOnly(), lhs, rhs); + if (result) { + icregs.icResult = StringValue(result).asRawBits(); + } else { + return ICInterpretOpResult::NextIC; + } + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CompareStringResult) { + JSOp op = icregs.cacheIRReader.jsop(); + StringOperandId lhsId = icregs.cacheIRReader.stringOperandId(); + StringOperandId rhsId = icregs.cacheIRReader.stringOperandId(); + { + PUSH_IC_FRAME(); + ReservedRooted<JSString*> lhs( + &state.str0, reinterpret_cast<JSString*>(icregs.icVals[lhsId.id()])); + ReservedRooted<JSString*> rhs( + &state.str1, reinterpret_cast<JSString*>(icregs.icVals[rhsId.id()])); + bool result; + switch (op) { + case JSOp::Eq: + case JSOp::StrictEq: + if (lhs->length() != rhs->length()) { + result = false; + break; + } + if (!StringsEqual<EqualityKind::Equal>(cx, lhs, rhs, &result)) { + return ICInterpretOpResult::Error; + } + break; + case JSOp::Ne: + case JSOp::StrictNe: + if (lhs->length() != rhs->length()) { + result = true; + break; + } + if (!StringsEqual<EqualityKind::NotEqual>(cx, lhs, rhs, &result)) { + return ICInterpretOpResult::Error; + } + break; + case JSOp::Lt: + if (!StringsCompare<ComparisonKind::LessThan>(cx, lhs, rhs, + &result)) { + return ICInterpretOpResult::Error; + } + break; + case JSOp::Ge: + if (!StringsCompare<ComparisonKind::GreaterThanOrEqual>(cx, lhs, rhs, + &result)) { + return ICInterpretOpResult::Error; + } + break; + case JSOp::Le: + if (!StringsCompare<ComparisonKind::GreaterThanOrEqual>( + cx, /* N.B. swapped order */ rhs, lhs, &result)) { + return ICInterpretOpResult::Error; + } + break; + case JSOp::Gt: + if (!StringsCompare<ComparisonKind::LessThan>( + cx, /* N.B. swapped order */ rhs, lhs, &result)) { + return ICInterpretOpResult::Error; + } + break; + default: + MOZ_CRASH("bad opcode"); + } + icregs.icResult = BooleanValue(result).asRawBits(); + } + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CompareInt32Result) { + JSOp op = icregs.cacheIRReader.jsop(); + Int32OperandId lhsId = icregs.cacheIRReader.int32OperandId(); + Int32OperandId rhsId = icregs.cacheIRReader.int32OperandId(); + int64_t lhs = int64_t(int32_t(icregs.icVals[lhsId.id()])); + int64_t rhs = int64_t(int32_t(icregs.icVals[rhsId.id()])); + TRACE_PRINTF("lhs (%d) = %" PRIi64 " rhs (%d) = %" PRIi64 "\n", lhsId.id(), + lhs, rhsId.id(), rhs); + bool result; + switch (op) { + case JSOp::Eq: + case JSOp::StrictEq: + result = lhs == rhs; + break; + case JSOp::Ne: + case JSOp::StrictNe: + result = lhs != rhs; + break; + case JSOp::Lt: + result = lhs < rhs; + break; + case JSOp::Le: + result = lhs <= rhs; + break; + case JSOp::Gt: + result = lhs > rhs; + break; + case JSOp::Ge: + result = lhs >= rhs; + break; + default: + MOZ_CRASH("Unexpected opcode"); + } + icregs.icResult = BooleanValue(result).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(CompareNullUndefinedResult) { + JSOp op = icregs.cacheIRReader.jsop(); + bool isUndefined = icregs.cacheIRReader.readBool(); + ValOperandId inputId = icregs.cacheIRReader.valOperandId(); + Value val = Value::fromRawBits(icregs.icVals[inputId.id()]); + if (val.isObject() && val.toObject().getClass()->isProxyObject()) { + return ICInterpretOpResult::NextIC; + } + + bool result; + switch (op) { + case JSOp::Eq: + result = + val.isUndefined() || val.isNull() || + (val.isObject() && val.toObject().getClass()->emulatesUndefined()); + break; + case JSOp::Ne: + result = !( + val.isUndefined() || val.isNull() || + (val.isObject() && val.toObject().getClass()->emulatesUndefined())); + break; + case JSOp::StrictEq: + result = isUndefined ? val.isUndefined() : val.isNull(); + break; + case JSOp::StrictNe: + result = !(isUndefined ? val.isUndefined() : val.isNull()); + break; + default: + MOZ_CRASH("bad opcode"); + } + icregs.icResult = BooleanValue(result).asRawBits(); + PREDICT_NEXT(ReturnFromIC); + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE(AssertPropertyLookup) { + ObjOperandId objId = icregs.cacheIRReader.objOperandId(); + uint32_t idOffset = icregs.cacheIRReader.stubOffset(); + uint32_t slotOffset = icregs.cacheIRReader.stubOffset(); + // Debug-only assertion; we can ignore. + (void)objId; + (void)idOffset; + (void)slotOffset; + DISPATCH_CACHEOP(); + } + + CACHEOP_CASE_UNIMPL(GuardToNonGCThing) + CACHEOP_CASE_UNIMPL(Int32ToIntPtr) + CACHEOP_CASE_UNIMPL(GuardNumberToIntPtrIndex) + CACHEOP_CASE_UNIMPL(GuardToInt32ModUint32) + CACHEOP_CASE_UNIMPL(GuardToUint8Clamped) + CACHEOP_CASE_UNIMPL(GuardMultipleShapes) + CACHEOP_CASE_UNIMPL(GuardNullProto) + CACHEOP_CASE_UNIMPL(GuardAnyClass) + CACHEOP_CASE_UNIMPL(HasClassResult) + CACHEOP_CASE_UNIMPL(CallRegExpMatcherResult) + CACHEOP_CASE_UNIMPL(CallRegExpSearcherResult) + CACHEOP_CASE_UNIMPL(RegExpSearcherLastLimitResult) + CACHEOP_CASE_UNIMPL(RegExpHasCaptureGroupsResult) + CACHEOP_CASE_UNIMPL(RegExpBuiltinExecMatchResult) + CACHEOP_CASE_UNIMPL(RegExpBuiltinExecTestResult) + CACHEOP_CASE_UNIMPL(RegExpFlagResult) + CACHEOP_CASE_UNIMPL(CallSubstringKernelResult) + CACHEOP_CASE_UNIMPL(StringReplaceStringResult) + CACHEOP_CASE_UNIMPL(StringSplitStringResult) + CACHEOP_CASE_UNIMPL(RegExpPrototypeOptimizableResult) + CACHEOP_CASE_UNIMPL(RegExpInstanceOptimizableResult) + CACHEOP_CASE_UNIMPL(GetFirstDollarIndexResult) + CACHEOP_CASE_UNIMPL(GuardCompartment) + CACHEOP_CASE_UNIMPL(GuardIsExtensible) + CACHEOP_CASE_UNIMPL(GuardIsNativeObject) + CACHEOP_CASE_UNIMPL(GuardIsProxy) + CACHEOP_CASE_UNIMPL(GuardIsNotProxy) + CACHEOP_CASE_UNIMPL(GuardIsNotArrayBufferMaybeShared) + CACHEOP_CASE_UNIMPL(GuardIsTypedArray) + CACHEOP_CASE_UNIMPL(GuardIsFixedLengthTypedArray) + CACHEOP_CASE_UNIMPL(GuardHasProxyHandler) + CACHEOP_CASE_UNIMPL(GuardIsNotDOMProxy) + CACHEOP_CASE_UNIMPL(GuardObjectIdentity) + CACHEOP_CASE_UNIMPL(GuardNoDenseElements) + CACHEOP_CASE_UNIMPL(GuardStringToIndex) + CACHEOP_CASE_UNIMPL(GuardStringToInt32) + CACHEOP_CASE_UNIMPL(GuardStringToNumber) + CACHEOP_CASE_UNIMPL(StringToAtom) + CACHEOP_CASE_UNIMPL(BooleanToNumber) + CACHEOP_CASE_UNIMPL(GuardHasGetterSetter) + CACHEOP_CASE_UNIMPL(GuardInt32IsNonNegative) + CACHEOP_CASE_UNIMPL(GuardIndexIsValidUpdateOrAdd) + CACHEOP_CASE_UNIMPL(GuardIndexIsNotDenseElement) + CACHEOP_CASE_UNIMPL(GuardTagNotEqual) + CACHEOP_CASE_UNIMPL(GuardXrayExpandoShapeAndDefaultProto) + CACHEOP_CASE_UNIMPL(GuardXrayNoExpando) + CACHEOP_CASE_UNIMPL(GuardDynamicSlotIsNotObject) + CACHEOP_CASE_UNIMPL(GuardFixedSlotValue) + CACHEOP_CASE_UNIMPL(GuardDynamicSlotValue) + CACHEOP_CASE_UNIMPL(LoadScriptedProxyHandler) + CACHEOP_CASE_UNIMPL(IdToStringOrSymbol) + CACHEOP_CASE_UNIMPL(LoadFixedSlot) + CACHEOP_CASE_UNIMPL(LoadDynamicSlot) + CACHEOP_CASE_UNIMPL(GuardFunctionHasJitEntry) + CACHEOP_CASE_UNIMPL(GuardFunctionHasNoJitEntry) + CACHEOP_CASE_UNIMPL(GuardFunctionIsNonBuiltinCtor) + CACHEOP_CASE_UNIMPL(GuardFunctionIsConstructor) + CACHEOP_CASE_UNIMPL(GuardNotClassConstructor) + CACHEOP_CASE_UNIMPL(GuardArrayIsPacked) + CACHEOP_CASE_UNIMPL(GuardArgumentsObjectFlags) + CACHEOP_CASE_UNIMPL(LoadEnclosingEnvironment) + CACHEOP_CASE_UNIMPL(LoadWrapperTarget) + CACHEOP_CASE_UNIMPL(LoadValueTag) + CACHEOP_CASE_UNIMPL(TruncateDoubleToUInt32) + CACHEOP_CASE_UNIMPL(DoubleToUint8Clamped) + CACHEOP_CASE_UNIMPL(MegamorphicLoadSlotResult) + CACHEOP_CASE_UNIMPL(MegamorphicLoadSlotByValueResult) + CACHEOP_CASE_UNIMPL(MegamorphicStoreSlot) + CACHEOP_CASE_UNIMPL(MegamorphicSetElement) + CACHEOP_CASE_UNIMPL(MegamorphicHasPropResult) + CACHEOP_CASE_UNIMPL(SmallObjectVariableKeyHasOwnResult) + CACHEOP_CASE_UNIMPL(ObjectToIteratorResult) + CACHEOP_CASE_UNIMPL(ValueToIteratorResult) + CACHEOP_CASE_UNIMPL(LoadDOMExpandoValue) + CACHEOP_CASE_UNIMPL(LoadDOMExpandoValueGuardGeneration) + CACHEOP_CASE_UNIMPL(LoadDOMExpandoValueIgnoreGeneration) + CACHEOP_CASE_UNIMPL(GuardDOMExpandoMissingOrGuardShape) + CACHEOP_CASE_UNIMPL(AddAndStoreFixedSlot) + CACHEOP_CASE_UNIMPL(AddAndStoreDynamicSlot) + CACHEOP_CASE_UNIMPL(AllocateAndStoreDynamicSlot) + CACHEOP_CASE_UNIMPL(AddSlotAndCallAddPropHook) + CACHEOP_CASE_UNIMPL(StoreDenseElementHole) + CACHEOP_CASE_UNIMPL(ArrayPush) + CACHEOP_CASE_UNIMPL(ArrayJoinResult) + CACHEOP_CASE_UNIMPL(ObjectKeysResult) + CACHEOP_CASE_UNIMPL(PackedArrayPopResult) + CACHEOP_CASE_UNIMPL(PackedArrayShiftResult) + CACHEOP_CASE_UNIMPL(PackedArraySliceResult) + CACHEOP_CASE_UNIMPL(ArgumentsSliceResult) + CACHEOP_CASE_UNIMPL(IsArrayResult) + CACHEOP_CASE_UNIMPL(StoreFixedSlotUndefinedResult) + CACHEOP_CASE_UNIMPL(IsPackedArrayResult) + CACHEOP_CASE_UNIMPL(IsCallableResult) + CACHEOP_CASE_UNIMPL(IsConstructorResult) + CACHEOP_CASE_UNIMPL(IsCrossRealmArrayConstructorResult) + CACHEOP_CASE_UNIMPL(IsTypedArrayResult) + CACHEOP_CASE_UNIMPL(IsTypedArrayConstructorResult) + CACHEOP_CASE_UNIMPL(ArrayBufferViewByteOffsetInt32Result) + CACHEOP_CASE_UNIMPL(ArrayBufferViewByteOffsetDoubleResult) + CACHEOP_CASE_UNIMPL(TypedArrayByteLengthInt32Result) + CACHEOP_CASE_UNIMPL(TypedArrayByteLengthDoubleResult) + CACHEOP_CASE_UNIMPL(TypedArrayElementSizeResult) + CACHEOP_CASE_UNIMPL(GuardHasAttachedArrayBuffer) + CACHEOP_CASE_UNIMPL(NewArrayIteratorResult) + CACHEOP_CASE_UNIMPL(NewStringIteratorResult) + CACHEOP_CASE_UNIMPL(NewRegExpStringIteratorResult) + CACHEOP_CASE_UNIMPL(ObjectCreateResult) + CACHEOP_CASE_UNIMPL(NewArrayFromLengthResult) + CACHEOP_CASE_UNIMPL(NewTypedArrayFromLengthResult) + CACHEOP_CASE_UNIMPL(NewTypedArrayFromArrayBufferResult) + CACHEOP_CASE_UNIMPL(NewTypedArrayFromArrayResult) + CACHEOP_CASE_UNIMPL(NewStringObjectResult) + CACHEOP_CASE_UNIMPL(StringFromCharCodeResult) + CACHEOP_CASE_UNIMPL(StringFromCodePointResult) + CACHEOP_CASE_UNIMPL(StringIncludesResult) + CACHEOP_CASE_UNIMPL(StringIndexOfResult) + CACHEOP_CASE_UNIMPL(StringLastIndexOfResult) + CACHEOP_CASE_UNIMPL(StringStartsWithResult) + CACHEOP_CASE_UNIMPL(StringEndsWithResult) + CACHEOP_CASE_UNIMPL(StringToLowerCaseResult) + CACHEOP_CASE_UNIMPL(StringToUpperCaseResult) + CACHEOP_CASE_UNIMPL(StringTrimResult) + CACHEOP_CASE_UNIMPL(StringTrimStartResult) + CACHEOP_CASE_UNIMPL(StringTrimEndResult) + CACHEOP_CASE_UNIMPL(LinearizeForCodePointAccess) + CACHEOP_CASE_UNIMPL(LoadStringAtResult) + CACHEOP_CASE_UNIMPL(LoadStringCodePointResult) + CACHEOP_CASE_UNIMPL(ToRelativeStringIndex) + CACHEOP_CASE_UNIMPL(MathAbsInt32Result) + CACHEOP_CASE_UNIMPL(MathAbsNumberResult) + CACHEOP_CASE_UNIMPL(MathClz32Result) + CACHEOP_CASE_UNIMPL(MathSignInt32Result) + CACHEOP_CASE_UNIMPL(MathSignNumberResult) + CACHEOP_CASE_UNIMPL(MathSignNumberToInt32Result) + CACHEOP_CASE_UNIMPL(MathImulResult) + CACHEOP_CASE_UNIMPL(MathSqrtNumberResult) + CACHEOP_CASE_UNIMPL(MathFRoundNumberResult) + CACHEOP_CASE_UNIMPL(MathRandomResult) + CACHEOP_CASE_UNIMPL(MathHypot2NumberResult) + CACHEOP_CASE_UNIMPL(MathHypot3NumberResult) + CACHEOP_CASE_UNIMPL(MathHypot4NumberResult) + CACHEOP_CASE_UNIMPL(MathAtan2NumberResult) + CACHEOP_CASE_UNIMPL(MathFloorNumberResult) + CACHEOP_CASE_UNIMPL(MathCeilNumberResult) + CACHEOP_CASE_UNIMPL(MathTruncNumberResult) + CACHEOP_CASE_UNIMPL(MathFloorToInt32Result) + CACHEOP_CASE_UNIMPL(MathCeilToInt32Result) + CACHEOP_CASE_UNIMPL(MathTruncToInt32Result) + CACHEOP_CASE_UNIMPL(MathRoundToInt32Result) + CACHEOP_CASE_UNIMPL(NumberMinMax) + CACHEOP_CASE_UNIMPL(Int32MinMaxArrayResult) + CACHEOP_CASE_UNIMPL(NumberMinMaxArrayResult) + CACHEOP_CASE_UNIMPL(MathFunctionNumberResult) + CACHEOP_CASE_UNIMPL(NumberParseIntResult) + CACHEOP_CASE_UNIMPL(DoubleParseIntResult) + CACHEOP_CASE_UNIMPL(ObjectToStringResult) + CACHEOP_CASE_UNIMPL(ReflectGetPrototypeOfResult) + CACHEOP_CASE_UNIMPL(StoreTypedArrayElement) + CACHEOP_CASE_UNIMPL(AtomicsCompareExchangeResult) + CACHEOP_CASE_UNIMPL(AtomicsExchangeResult) + CACHEOP_CASE_UNIMPL(AtomicsAddResult) + CACHEOP_CASE_UNIMPL(AtomicsSubResult) + CACHEOP_CASE_UNIMPL(AtomicsAndResult) + CACHEOP_CASE_UNIMPL(AtomicsOrResult) + CACHEOP_CASE_UNIMPL(AtomicsXorResult) + CACHEOP_CASE_UNIMPL(AtomicsLoadResult) + CACHEOP_CASE_UNIMPL(AtomicsStoreResult) + CACHEOP_CASE_UNIMPL(AtomicsIsLockFreeResult) + CACHEOP_CASE_UNIMPL(CallNativeSetter) + CACHEOP_CASE_UNIMPL(CallScriptedSetter) + CACHEOP_CASE_UNIMPL(CallInlinedSetter) + CACHEOP_CASE_UNIMPL(CallDOMSetter) + CACHEOP_CASE_UNIMPL(CallSetArrayLength) + CACHEOP_CASE_UNIMPL(ProxySet) + CACHEOP_CASE_UNIMPL(ProxySetByValue) + CACHEOP_CASE_UNIMPL(CallAddOrUpdateSparseElementHelper) + CACHEOP_CASE_UNIMPL(CallNumberToString) + CACHEOP_CASE_UNIMPL(Int32ToStringWithBaseResult) + CACHEOP_CASE_UNIMPL(BooleanToString) + CACHEOP_CASE_UNIMPL(CallBoundScriptedFunction) + CACHEOP_CASE_UNIMPL(CallWasmFunction) + CACHEOP_CASE_UNIMPL(GuardWasmArg) + CACHEOP_CASE_UNIMPL(CallDOMFunction) + CACHEOP_CASE_UNIMPL(CallClassHook) + CACHEOP_CASE_UNIMPL(CallInlinedFunction) +#ifdef JS_PUNBOX64 + CACHEOP_CASE_UNIMPL(CallScriptedProxyGetResult) + CACHEOP_CASE_UNIMPL(CallScriptedProxyGetByValueResult) +#endif + CACHEOP_CASE_UNIMPL(MetaScriptedThisShape) + CACHEOP_CASE_UNIMPL(BindFunctionResult) + CACHEOP_CASE_UNIMPL(SpecializedBindFunctionResult) + CACHEOP_CASE_UNIMPL(LoadFixedSlotTypedResult) + CACHEOP_CASE_UNIMPL(LoadDenseElementHoleResult) + CACHEOP_CASE_UNIMPL(CallGetSparseElementResult) + CACHEOP_CASE_UNIMPL(LoadDenseElementExistsResult) + CACHEOP_CASE_UNIMPL(LoadTypedArrayElementExistsResult) + CACHEOP_CASE_UNIMPL(LoadDenseElementHoleExistsResult) + CACHEOP_CASE_UNIMPL(LoadTypedArrayElementResult) + CACHEOP_CASE_UNIMPL(LoadDataViewValueResult) + CACHEOP_CASE_UNIMPL(StoreDataViewValueResult) + CACHEOP_CASE_UNIMPL(LoadArgumentsObjectArgResult) + CACHEOP_CASE_UNIMPL(LoadArgumentsObjectArgHoleResult) + CACHEOP_CASE_UNIMPL(LoadArgumentsObjectArgExistsResult) + CACHEOP_CASE_UNIMPL(LoadArgumentsObjectLengthResult) + CACHEOP_CASE_UNIMPL(LoadArgumentsObjectLength) + CACHEOP_CASE_UNIMPL(LoadFunctionLengthResult) + CACHEOP_CASE_UNIMPL(LoadFunctionNameResult) + CACHEOP_CASE_UNIMPL(LoadBoundFunctionNumArgs) + CACHEOP_CASE_UNIMPL(LoadBoundFunctionTarget) + CACHEOP_CASE_UNIMPL(GuardBoundFunctionIsConstructor) + CACHEOP_CASE_UNIMPL(LoadArrayBufferByteLengthInt32Result) + CACHEOP_CASE_UNIMPL(LoadArrayBufferByteLengthDoubleResult) + CACHEOP_CASE_UNIMPL(LoadArrayBufferViewLengthInt32Result) + CACHEOP_CASE_UNIMPL(LoadArrayBufferViewLengthDoubleResult) + CACHEOP_CASE_UNIMPL(FrameIsConstructingResult) + CACHEOP_CASE_UNIMPL(CallScriptedGetterResult) + CACHEOP_CASE_UNIMPL(CallInlinedGetterResult) + CACHEOP_CASE_UNIMPL(CallNativeGetterResult) + CACHEOP_CASE_UNIMPL(CallDOMGetterResult) + CACHEOP_CASE_UNIMPL(ProxyGetResult) + CACHEOP_CASE_UNIMPL(ProxyGetByValueResult) + CACHEOP_CASE_UNIMPL(ProxyHasPropResult) + CACHEOP_CASE_UNIMPL(CallObjectHasSparseElementResult) + CACHEOP_CASE_UNIMPL(CallNativeGetElementResult) + CACHEOP_CASE_UNIMPL(CallNativeGetElementSuperResult) + CACHEOP_CASE_UNIMPL(GetNextMapSetEntryForIteratorResult) + CACHEOP_CASE_UNIMPL(LoadUndefinedResult) + CACHEOP_CASE_UNIMPL(LoadDoubleConstant) + CACHEOP_CASE_UNIMPL(LoadBooleanConstant) + CACHEOP_CASE_UNIMPL(LoadUndefined) + CACHEOP_CASE_UNIMPL(LoadConstantString) + CACHEOP_CASE_UNIMPL(LoadInstanceOfObjectResult) + CACHEOP_CASE_UNIMPL(LoadTypeOfObjectResult) + CACHEOP_CASE_UNIMPL(DoubleAddResult) + CACHEOP_CASE_UNIMPL(DoubleSubResult) + CACHEOP_CASE_UNIMPL(DoubleMulResult) + CACHEOP_CASE_UNIMPL(DoubleDivResult) + CACHEOP_CASE_UNIMPL(DoubleModResult) + CACHEOP_CASE_UNIMPL(DoublePowResult) + CACHEOP_CASE_UNIMPL(BigIntAddResult) + CACHEOP_CASE_UNIMPL(BigIntSubResult) + CACHEOP_CASE_UNIMPL(BigIntMulResult) + CACHEOP_CASE_UNIMPL(BigIntDivResult) + CACHEOP_CASE_UNIMPL(BigIntModResult) + CACHEOP_CASE_UNIMPL(BigIntPowResult) + CACHEOP_CASE_UNIMPL(Int32BitXorResult) + CACHEOP_CASE_UNIMPL(Int32LeftShiftResult) + CACHEOP_CASE_UNIMPL(Int32RightShiftResult) + CACHEOP_CASE_UNIMPL(Int32URightShiftResult) + CACHEOP_CASE_UNIMPL(Int32NotResult) + CACHEOP_CASE_UNIMPL(BigIntBitOrResult) + CACHEOP_CASE_UNIMPL(BigIntBitXorResult) + CACHEOP_CASE_UNIMPL(BigIntBitAndResult) + CACHEOP_CASE_UNIMPL(BigIntLeftShiftResult) + CACHEOP_CASE_UNIMPL(BigIntRightShiftResult) + CACHEOP_CASE_UNIMPL(BigIntNotResult) + CACHEOP_CASE_UNIMPL(Int32NegationResult) + CACHEOP_CASE_UNIMPL(DoubleNegationResult) + CACHEOP_CASE_UNIMPL(BigIntNegationResult) + CACHEOP_CASE_UNIMPL(Int32DecResult) + CACHEOP_CASE_UNIMPL(DoubleIncResult) + CACHEOP_CASE_UNIMPL(DoubleDecResult) + CACHEOP_CASE_UNIMPL(BigIntIncResult) + CACHEOP_CASE_UNIMPL(BigIntDecResult) + CACHEOP_CASE_UNIMPL(LoadDoubleTruthyResult) + CACHEOP_CASE_UNIMPL(LoadBigIntTruthyResult) + CACHEOP_CASE_UNIMPL(LoadValueTruthyResult) + CACHEOP_CASE_UNIMPL(NewPlainObjectResult) + CACHEOP_CASE_UNIMPL(NewArrayObjectResult) + CACHEOP_CASE_UNIMPL(CallStringObjectConcatResult) + CACHEOP_CASE_UNIMPL(CallIsSuspendedGeneratorResult) + CACHEOP_CASE_UNIMPL(CompareObjectResult) + CACHEOP_CASE_UNIMPL(CompareSymbolResult) + CACHEOP_CASE_UNIMPL(CompareDoubleResult) + CACHEOP_CASE_UNIMPL(CompareBigIntResult) + CACHEOP_CASE_UNIMPL(CompareBigIntInt32Result) + CACHEOP_CASE_UNIMPL(CompareBigIntNumberResult) + CACHEOP_CASE_UNIMPL(CompareBigIntStringResult) + CACHEOP_CASE_UNIMPL(CompareDoubleSameValueResult) + CACHEOP_CASE_UNIMPL(SameValueResult) + CACHEOP_CASE_UNIMPL(IndirectTruncateInt32Result) + CACHEOP_CASE_UNIMPL(BigIntAsIntNResult) + CACHEOP_CASE_UNIMPL(BigIntAsUintNResult) + CACHEOP_CASE_UNIMPL(SetHasResult) + CACHEOP_CASE_UNIMPL(SetHasNonGCThingResult) + CACHEOP_CASE_UNIMPL(SetHasStringResult) + CACHEOP_CASE_UNIMPL(SetHasSymbolResult) + CACHEOP_CASE_UNIMPL(SetHasBigIntResult) + CACHEOP_CASE_UNIMPL(SetHasObjectResult) + CACHEOP_CASE_UNIMPL(SetSizeResult) + CACHEOP_CASE_UNIMPL(MapHasResult) + CACHEOP_CASE_UNIMPL(MapHasNonGCThingResult) + CACHEOP_CASE_UNIMPL(MapHasStringResult) + CACHEOP_CASE_UNIMPL(MapHasSymbolResult) + CACHEOP_CASE_UNIMPL(MapHasBigIntResult) + CACHEOP_CASE_UNIMPL(MapHasObjectResult) + CACHEOP_CASE_UNIMPL(MapGetResult) + CACHEOP_CASE_UNIMPL(MapGetNonGCThingResult) + CACHEOP_CASE_UNIMPL(MapGetStringResult) + CACHEOP_CASE_UNIMPL(MapGetSymbolResult) + CACHEOP_CASE_UNIMPL(MapGetBigIntResult) + CACHEOP_CASE_UNIMPL(MapGetObjectResult) + CACHEOP_CASE_UNIMPL(MapSizeResult) + CACHEOP_CASE_UNIMPL(ArrayFromArgumentsObjectResult) + CACHEOP_CASE_UNIMPL(CloseIterScriptedResult) + CACHEOP_CASE_UNIMPL(CallPrintString) + CACHEOP_CASE_UNIMPL(Breakpoint) + CACHEOP_CASE_UNIMPL(WrapResult) + CACHEOP_CASE_UNIMPL(Bailout) + CACHEOP_CASE_UNIMPL(AssertRecoveredOnBailoutResult) + CACHEOP_CASE_UNIMPL(GuardIsNotUninitializedLexical) { + TRACE_PRINTF("unknown CacheOp: %s\n", CacheIROpNames[int(cacheop)]); + return ICInterpretOpResult::NextIC; + } + +#undef PREDICT_NEXT +} + +/* + * ----------------------------------------------- + * IC callsite logic, and fallback stubs + * ----------------------------------------------- + */ + +#define SAVE_INPUTS(arity) \ + do { \ + switch (arity) { \ + case 0: \ + break; \ + case 1: \ + inputs[0] = icregs.icVals[0]; \ + break; \ + case 2: \ + inputs[0] = icregs.icVals[0]; \ + inputs[1] = icregs.icVals[1]; \ + break; \ + case 3: \ + inputs[0] = icregs.icVals[0]; \ + inputs[1] = icregs.icVals[1]; \ + inputs[2] = icregs.icVals[2]; \ + break; \ + } \ + } while (0) + +#define RESTORE_INPUTS(arity) \ + do { \ + switch (arity) { \ + case 0: \ + break; \ + case 1: \ + icregs.icVals[0] = inputs[0]; \ + break; \ + case 2: \ + icregs.icVals[0] = inputs[0]; \ + icregs.icVals[1] = inputs[1]; \ + break; \ + case 3: \ + icregs.icVals[0] = inputs[0]; \ + icregs.icVals[1] = inputs[1]; \ + icregs.icVals[2] = inputs[2]; \ + break; \ + } \ + } while (0) + +#define DEFINE_IC(kind, arity, fallback_body) \ + static PBIResult MOZ_ALWAYS_INLINE IC##kind( \ + BaselineFrame* frame, VMFrameManager& frameMgr, State& state, \ + ICRegs& icregs, Stack& stack, StackVal* sp, jsbytecode* pc) { \ + ICStub* stub = frame->interpreterICEntry()->firstStub(); \ + uint64_t inputs[3]; \ + SAVE_INPUTS(arity); \ + while (true) { \ + next_stub: \ + if (stub->isFallback()) { \ + ICFallbackStub* fallback = stub->toFallbackStub(); \ + fallback_body; \ + icregs.icResult = state.res.asRawBits(); \ + state.res = UndefinedValue(); \ + return PBIResult::Ok; \ + error: \ + return PBIResult::Error; \ + } else { \ + ICCacheIRStub* cstub = stub->toCacheIRStub(); \ + cstub->incrementEnteredCount(); \ + new (&icregs.cacheIRReader) CacheIRReader(cstub->stubInfo()); \ + switch (ICInterpretOps(frame, frameMgr, state, icregs, stack, sp, \ + cstub, pc)) { \ + case ICInterpretOpResult::NextIC: \ + stub = stub->maybeNext(); \ + RESTORE_INPUTS(arity); \ + goto next_stub; \ + case ICInterpretOpResult::Return: \ + return PBIResult::Ok; \ + case ICInterpretOpResult::Error: \ + return PBIResult::Error; \ + case ICInterpretOpResult::Unwind: \ + return PBIResult::Unwind; \ + case ICInterpretOpResult::UnwindError: \ + return PBIResult::UnwindError; \ + case ICInterpretOpResult::UnwindRet: \ + return PBIResult::UnwindRet; \ + } \ + } \ + } \ + } + +#define IC_LOAD_VAL(state_elem, index) \ + ReservedRooted<Value> state_elem(&state.state_elem, \ + Value::fromRawBits(icregs.icVals[(index)])) +#define IC_LOAD_OBJ(state_elem, index) \ + ReservedRooted<JSObject*> state_elem( \ + &state.state_elem, reinterpret_cast<JSObject*>(icregs.icVals[(index)])) + +DEFINE_IC(Typeof, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoTypeOfFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetName, 1, { + IC_LOAD_OBJ(obj0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetNameFallback(cx, frame, fallback, obj0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(Call, 1, { + uint32_t argc = uint32_t(icregs.icVals[0]); + uint32_t totalArgs = + argc + icregs.extraArgs; // this, callee, (constructing?), func args + Value* args = reinterpret_cast<Value*>(&sp[0]); + TRACE_PRINTF("Call fallback: argc %d totalArgs %d args %p\n", argc, totalArgs, + args); + // Reverse values on the stack. + std::reverse(args, args + totalArgs); + { + PUSH_FALLBACK_IC_FRAME(); + if (icregs.spreadCall) { + if (!DoSpreadCallFallback(cx, frame, fallback, args, &state.res)) { + std::reverse(args, args + totalArgs); + goto error; + } + } else { + if (!DoCallFallback(cx, frame, fallback, argc, args, &state.res)) { + std::reverse(args, args + totalArgs); + goto error; + } + } + } +}); + +DEFINE_IC(UnaryArith, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoUnaryArithFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(BinaryArith, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoBinaryArithFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(ToBool, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoToBoolFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(Compare, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoCompareFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(InstanceOf, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoInstanceOfFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(In, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoInFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(BindName, 1, { + IC_LOAD_OBJ(obj0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoBindNameFallback(cx, frame, fallback, obj0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(SetProp, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoSetPropFallback(cx, frame, fallback, nullptr, value0, value1)) { + goto error; + } +}); + +DEFINE_IC(NewObject, 0, { + PUSH_FALLBACK_IC_FRAME(); + if (!DoNewObjectFallback(cx, frame, fallback, &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetProp, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetPropFallback(cx, frame, fallback, &value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetPropSuper, 2, { + IC_LOAD_VAL(value0, 1); + IC_LOAD_VAL(value1, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetPropSuperFallback(cx, frame, fallback, value0, &value1, + &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetElem, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetElemFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetElemSuper, 3, { + IC_LOAD_VAL(value0, 0); // receiver + IC_LOAD_VAL(value1, 1); // obj (lhs) + IC_LOAD_VAL(value2, 2); // key (rhs) + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetElemSuperFallback(cx, frame, fallback, value1, value2, value0, + &state.res)) { + goto error; + } +}); + +DEFINE_IC(NewArray, 0, { + PUSH_FALLBACK_IC_FRAME(); + if (!DoNewArrayFallback(cx, frame, fallback, &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetIntrinsic, 0, { + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetIntrinsicFallback(cx, frame, fallback, &state.res)) { + goto error; + } +}); + +DEFINE_IC(SetElem, 3, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + IC_LOAD_VAL(value2, 2); + PUSH_FALLBACK_IC_FRAME(); + if (!DoSetElemFallback(cx, frame, fallback, nullptr, value0, value1, + value2)) { + goto error; + } +}); + +DEFINE_IC(HasOwn, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoHasOwnFallback(cx, frame, fallback, value0, value1, &state.res)) { + goto error; + } +}); + +DEFINE_IC(CheckPrivateField, 2, { + IC_LOAD_VAL(value0, 0); + IC_LOAD_VAL(value1, 1); + PUSH_FALLBACK_IC_FRAME(); + if (!DoCheckPrivateFieldFallback(cx, frame, fallback, value0, value1, + &state.res)) { + goto error; + } +}); + +DEFINE_IC(GetIterator, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoGetIteratorFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(ToPropertyKey, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoToPropertyKeyFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(OptimizeSpreadCall, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoOptimizeSpreadCallFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(OptimizeGetIterator, 1, { + IC_LOAD_VAL(value0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoOptimizeGetIteratorFallback(cx, frame, fallback, value0, &state.res)) { + goto error; + } +}); + +DEFINE_IC(Rest, 0, { + PUSH_FALLBACK_IC_FRAME(); + if (!DoRestFallback(cx, frame, fallback, &state.res)) { + goto error; + } +}); + +DEFINE_IC(CloseIter, 1, { + IC_LOAD_OBJ(obj0, 0); + PUSH_FALLBACK_IC_FRAME(); + if (!DoCloseIterFallback(cx, frame, fallback, obj0)) { + goto error; + } +}); + +/* + * ----------------------------------------------- + * Main JSOp interpreter + * ----------------------------------------------- + */ + +static EnvironmentObject& getEnvironmentFromCoordinate( + BaselineFrame* frame, EnvironmentCoordinate ec) { + JSObject* env = frame->environmentChain(); + for (unsigned i = ec.hops(); i; i--) { + if (env->is<EnvironmentObject>()) { + env = &env->as<EnvironmentObject>().enclosingEnvironment(); + } else { + MOZ_ASSERT(env->is<DebugEnvironmentProxy>()); + env = &env->as<DebugEnvironmentProxy>().enclosingEnvironment(); + } + } + return env->is<EnvironmentObject>() + ? env->as<EnvironmentObject>() + : env->as<DebugEnvironmentProxy>().environment(); +} + +#ifndef __wasi__ +# define DEBUG_CHECK() \ + if (frame->isDebuggee()) { \ + TRACE_PRINTF( \ + "Debug check: frame is debuggee, checking for debug script\n"); \ + if (script->hasDebugScript()) { \ + goto debug; \ + } \ + } +#else +# define DEBUG_CHECK() +#endif + +#define LABEL(op) (&&label_##op) +#define CASE(op) label_##op: +#if !defined(TRACE_INTERP) +# define DISPATCH() \ + DEBUG_CHECK(); \ + goto* addresses[*pc] +#else +# define DISPATCH() \ + DEBUG_CHECK(); \ + goto dispatch +#endif + +#define ADVANCE(delta) pc += (delta); +#define ADVANCE_AND_DISPATCH(delta) \ + ADVANCE(delta); \ + DISPATCH(); + +#define END_OP(op) ADVANCE_AND_DISPATCH(JSOpLength_##op); + +#define IC_SET_ARG_FROM_STACK(index, stack_index) \ + icregs.icVals[(index)] = sp[(stack_index)].asUInt64(); +#define IC_POP_ARG(index) icregs.icVals[(index)] = (*sp++).asUInt64(); +#define IC_SET_VAL_ARG(index, expr) icregs.icVals[(index)] = (expr).asRawBits(); +#define IC_SET_OBJ_ARG(index, expr) \ + icregs.icVals[(index)] = reinterpret_cast<uint64_t>(expr); +#define IC_PUSH_RESULT() PUSH(StackVal(icregs.icResult)); + +#if !defined(TRACE_INTERP) +# define PREDICT_NEXT(op) \ + if (JSOp(*pc) == JSOp::op) { \ + DEBUG_CHECK(); \ + goto label_##op; \ + } +#else +# define PREDICT_NEXT(op) +#endif + +#define COUNT_COVERAGE_PC(PC) \ + if (script->hasScriptCounts()) { \ + PCCounts* counts = script->maybeGetPCCounts(PC); \ + MOZ_ASSERT(counts); \ + counts->numExec()++; \ + } +#define COUNT_COVERAGE_MAIN() \ + { \ + jsbytecode* main = script->main(); \ + if (!BytecodeIsJumpTarget(JSOp(*main))) COUNT_COVERAGE_PC(main); \ + } + +#define NEXT_IC() frame->interpreterICEntry()++; + +#define INVOKE_IC(kind) \ + switch (IC##kind(frame, frameMgr, state, icregs, stack, sp, pc)) { \ + case PBIResult::Ok: \ + break; \ + case PBIResult::Error: \ + goto error; \ + case PBIResult::Unwind: \ + goto unwind; \ + case PBIResult::UnwindError: \ + goto unwind_error; \ + case PBIResult::UnwindRet: \ + goto unwind_ret; \ + } \ + NEXT_IC(); + +PBIResult PortableBaselineInterpret(JSContext* cx_, State& state, Stack& stack, + StackVal* sp, JSObject* envChain, + Value* ret) { +#define OPCODE_LABEL(op, ...) LABEL(op), +#define TRAILING_LABEL(v) LABEL(default), + + static const void* const addresses[EnableInterruptsPseudoOpcode + 1] = { + FOR_EACH_OPCODE(OPCODE_LABEL) + FOR_EACH_TRAILING_UNUSED_OPCODE(TRAILING_LABEL)}; + +#undef OPCODE_LABEL +#undef TRAILING_LABEL + + PUSHNATIVE(StackValNative(nullptr)); // Fake return address. + BaselineFrame* frame = stack.pushFrame(sp, cx_, envChain); + MOZ_ASSERT(frame); // safety: stack margin. + sp = reinterpret_cast<StackVal*>(frame); + + // Save the entry frame so that when unwinding, we know when to + // return from this C++ frame. + StackVal* entryFrame = sp; + + ICRegs icregs; + RootedScript script(cx_, frame->script()); + jsbytecode* pc = frame->interpreterPC(); + bool from_unwind = false; + + VMFrameManager frameMgr(cx_, frame); + + AutoCheckRecursionLimit recursion(frameMgr.cxForLocalUseOnly()); + if (!recursion.checkDontReport(frameMgr.cxForLocalUseOnly())) { + PUSH_EXIT_FRAME(); + ReportOverRecursed(frameMgr.cxForLocalUseOnly()); + return PBIResult::Error; + } + + // Check max stack depth once, so we don't need to check it + // otherwise below for ordinary stack-manipulation opcodes (just for + // exit frames). + if (!stack.check(sp, sizeof(StackVal) * script->nslots())) { + PUSH_EXIT_FRAME(); + ReportOverRecursed(frameMgr.cxForLocalUseOnly()); + return PBIResult::Error; + } + + uint32_t nfixed = script->nfixed(); + for (uint32_t i = 0; i < nfixed; i++) { + PUSH(StackVal(UndefinedValue())); + } + ret->setUndefined(); + + if (CalleeTokenIsFunction(frame->calleeToken())) { + JSFunction* func = CalleeTokenToFunction(frame->calleeToken()); + frame->setEnvironmentChain(func->environment()); + if (func->needsFunctionEnvironmentObjects()) { + PUSH_EXIT_FRAME(); + if (!js::InitFunctionEnvironmentObjects(cx, frame)) { + goto error; + } + TRACE_PRINTF("callee is func %p; created environment object: %p\n", func, + frame->environmentChain()); + } + } + + // Check if we are being debugged, and set a flag in the frame if + // so. + if (script->isDebuggee()) { + TRACE_PRINTF("Script is debuggee\n"); + frame->setIsDebuggee(); + + PUSH_EXIT_FRAME(); + if (!DebugPrologue(cx, frame)) { + goto error; + } + } + + if (!script->hasScriptCounts()) { + if (frameMgr.cxForLocalUseOnly()->realm()->collectCoverageForDebug()) { + PUSH_EXIT_FRAME(); + if (!script->initScriptCounts(cx)) { + goto error; + } + } + } + COUNT_COVERAGE_MAIN(); + +#ifndef __wasi__ + if (frameMgr.cxForLocalUseOnly()->hasAnyPendingInterrupt()) { + PUSH_EXIT_FRAME(); + if (!InterruptCheck(cx)) { + goto error; + } + } +#endif + + TRACE_PRINTF("Entering: sp = %p fp = %p frame = %p, script = %p, pc = %p\n", + sp, stack.fp, frame, script.get(), pc); + TRACE_PRINTF("nslots = %d nfixed = %d\n", int(script->nslots()), + int(script->nfixed())); + + while (true) { + DEBUG_CHECK(); + +#ifndef __wasi__ + dispatch: +#endif + +#ifdef TRACE_INTERP + { + JSOp op = JSOp(*pc); + printf("sp[0] = %" PRIx64 " sp[1] = %" PRIx64 " sp[2] = %" PRIx64 "\n", + sp[0].asUInt64(), sp[1].asUInt64(), sp[2].asUInt64()); + printf("script = %p pc = %p: %s (ic %d) pending = %d\n", script.get(), pc, + CodeName(op), + (int)(frame->interpreterICEntry() - + script->jitScript()->icScript()->icEntries()), + frameMgr.cxForLocalUseOnly()->isExceptionPending()); + printf("sp = %p fp = %p\n", sp, stack.fp); + printf("TOS tag: %d\n", int(sp[0].asValue().asRawBits() >> 47)); + fflush(stdout); + } +#endif + + goto* addresses[*pc]; + + CASE(Nop) { END_OP(Nop); } + CASE(NopIsAssignOp) { END_OP(NopIsAssignOp); } + CASE(Undefined) { + PUSH(StackVal(UndefinedValue())); + END_OP(Undefined); + } + CASE(Null) { + PUSH(StackVal(NullValue())); + END_OP(Null); + } + CASE(False) { + PUSH(StackVal(BooleanValue(false))); + END_OP(False); + } + CASE(True) { + PUSH(StackVal(BooleanValue(true))); + END_OP(True); + } + CASE(Int32) { + PUSH(StackVal(Int32Value(GET_INT32(pc)))); + END_OP(Int32); + } + CASE(Zero) { + PUSH(StackVal(Int32Value(0))); + END_OP(Zero); + } + CASE(One) { + PUSH(StackVal(Int32Value(1))); + END_OP(One); + } + CASE(Int8) { + PUSH(StackVal(Int32Value(GET_INT8(pc)))); + END_OP(Int8); + } + CASE(Uint16) { + PUSH(StackVal(Int32Value(GET_UINT16(pc)))); + END_OP(Uint16); + } + CASE(Uint24) { + PUSH(StackVal(Int32Value(GET_UINT24(pc)))); + END_OP(Uint24); + } + CASE(Double) { + PUSH(StackVal(GET_INLINE_VALUE(pc))); + END_OP(Double); + } + CASE(BigInt) { + PUSH(StackVal(JS::BigIntValue(script->getBigInt(pc)))); + END_OP(BigInt); + } + CASE(String) { + PUSH(StackVal(StringValue(script->getString(pc)))); + END_OP(String); + } + CASE(Symbol) { + PUSH(StackVal( + SymbolValue(frameMgr.cxForLocalUseOnly()->wellKnownSymbols().get( + GET_UINT8(pc))))); + END_OP(Symbol); + } + CASE(Void) { + sp[0] = StackVal(JS::UndefinedValue()); + END_OP(Void); + } + + CASE(Typeof) + CASE(TypeofExpr) { + static_assert(JSOpLength_Typeof == JSOpLength_TypeofExpr); + if (kHybridICs) { + sp[0] = StackVal(StringValue(TypeOfOperation( + Stack::handle(sp), frameMgr.cxForLocalUseOnly()->runtime()))); + NEXT_IC(); + } else { + IC_POP_ARG(0); + INVOKE_IC(Typeof); + IC_PUSH_RESULT(); + } + END_OP(Typeof); + } + + CASE(Pos) { + if (sp[0].asValue().isNumber()) { + // Nothing! + NEXT_IC(); + END_OP(Pos); + } else { + goto generic_unary; + } + } + CASE(Neg) { + if (sp[0].asValue().isInt32()) { + int32_t i = sp[0].asValue().toInt32(); + if (i != 0 && i != INT32_MIN) { + sp[0] = StackVal(Int32Value(-i)); + NEXT_IC(); + END_OP(Neg); + } + } + if (sp[0].asValue().isNumber()) { + sp[0] = StackVal(NumberValue(-sp[0].asValue().toNumber())); + NEXT_IC(); + END_OP(Neg); + } + goto generic_unary; + } + + CASE(Inc) { + if (sp[0].asValue().isInt32()) { + int32_t i = sp[0].asValue().toInt32(); + if (i != INT32_MAX) { + sp[0] = StackVal(Int32Value(i + 1)); + NEXT_IC(); + END_OP(Inc); + } + } + if (sp[0].asValue().isNumber()) { + sp[0] = StackVal(NumberValue(sp[0].asValue().toNumber() + 1)); + NEXT_IC(); + END_OP(Inc); + } + goto generic_unary; + } + CASE(Dec) { + if (sp[0].asValue().isInt32()) { + int32_t i = sp[0].asValue().toInt32(); + if (i != INT32_MIN) { + sp[0] = StackVal(Int32Value(i - 1)); + NEXT_IC(); + END_OP(Dec); + } + } + if (sp[0].asValue().isNumber()) { + sp[0] = StackVal(NumberValue(sp[0].asValue().toNumber() - 1)); + NEXT_IC(); + END_OP(Dec); + } + goto generic_unary; + } + + CASE(BitNot) { + if (sp[0].asValue().isInt32()) { + int32_t i = sp[0].asValue().toInt32(); + sp[0] = StackVal(Int32Value(~i)); + NEXT_IC(); + END_OP(Inc); + } + goto generic_unary; + } + + CASE(ToNumeric) { + if (sp[0].asValue().isNumeric()) { + NEXT_IC(); + } else if (kHybridICs) { + MutableHandleValue val = Stack::handleMut(&sp[0]); + PUSH_EXIT_FRAME(); + if (!ToNumeric(cx, val)) { + goto error; + } + NEXT_IC(); + } else { + goto generic_unary; + } + END_OP(ToNumeric); + } + + generic_unary: { + static_assert(JSOpLength_Pos == JSOpLength_Neg); + static_assert(JSOpLength_Pos == JSOpLength_BitNot); + static_assert(JSOpLength_Pos == JSOpLength_Inc); + static_assert(JSOpLength_Pos == JSOpLength_Dec); + static_assert(JSOpLength_Pos == JSOpLength_ToNumeric); + IC_POP_ARG(0); + INVOKE_IC(UnaryArith); + IC_PUSH_RESULT(); + END_OP(Pos); + } + + CASE(Not) { + if (kHybridICs) { + sp[0] = StackVal(BooleanValue(!ToBoolean(Stack::handle(sp)))); + NEXT_IC(); + } else { + IC_POP_ARG(0); + INVOKE_IC(ToBool); + PUSH(StackVal( + BooleanValue(!Value::fromRawBits(icregs.icResult).toBoolean()))); + } + END_OP(Not); + } + + CASE(And) { + bool result; + if (kHybridICs) { + result = ToBoolean(Stack::handle(sp)); + NEXT_IC(); + } else { + IC_SET_ARG_FROM_STACK(0, 0); + INVOKE_IC(ToBool); + result = Value::fromRawBits(icregs.icResult).toBoolean(); + } + int32_t jumpOffset = GET_JUMP_OFFSET(pc); + if (!result) { + ADVANCE(jumpOffset); + PREDICT_NEXT(JumpTarget); + PREDICT_NEXT(LoopHead); + } else { + ADVANCE(JSOpLength_And); + } + DISPATCH(); + } + CASE(Or) { + bool result; + if (kHybridICs) { + result = ToBoolean(Stack::handle(sp)); + NEXT_IC(); + } else { + IC_SET_ARG_FROM_STACK(0, 0); + INVOKE_IC(ToBool); + result = Value::fromRawBits(icregs.icResult).toBoolean(); + } + int32_t jumpOffset = GET_JUMP_OFFSET(pc); + if (result) { + ADVANCE(jumpOffset); + PREDICT_NEXT(JumpTarget); + PREDICT_NEXT(LoopHead); + } else { + ADVANCE(JSOpLength_Or); + } + DISPATCH(); + } + CASE(JumpIfTrue) { + bool result; + if (kHybridICs) { + result = ToBoolean(Stack::handle(sp)); + POP(); + NEXT_IC(); + } else { + IC_POP_ARG(0); + INVOKE_IC(ToBool); + result = Value::fromRawBits(icregs.icResult).toBoolean(); + } + int32_t jumpOffset = GET_JUMP_OFFSET(pc); + if (result) { + ADVANCE(jumpOffset); + PREDICT_NEXT(JumpTarget); + PREDICT_NEXT(LoopHead); + } else { + ADVANCE(JSOpLength_JumpIfTrue); + } + DISPATCH(); + } + CASE(JumpIfFalse) { + bool result; + if (kHybridICs) { + result = ToBoolean(Stack::handle(sp)); + POP(); + NEXT_IC(); + } else { + IC_POP_ARG(0); + INVOKE_IC(ToBool); + result = Value::fromRawBits(icregs.icResult).toBoolean(); + } + int32_t jumpOffset = GET_JUMP_OFFSET(pc); + if (!result) { + ADVANCE(jumpOffset); + PREDICT_NEXT(JumpTarget); + PREDICT_NEXT(LoopHead); + } else { + ADVANCE(JSOpLength_JumpIfFalse); + } + DISPATCH(); + } + + CASE(Add) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int64_t lhs = sp[1].asValue().toInt32(); + int64_t rhs = sp[0].asValue().toInt32(); + if (lhs + rhs >= int64_t(INT32_MIN) && + lhs + rhs <= int64_t(INT32_MAX)) { + POP(); + sp[0] = StackVal(Int32Value(int32_t(lhs + rhs))); + NEXT_IC(); + END_OP(Add); + } + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(NumberValue(lhs + rhs)); + NEXT_IC(); + END_OP(Add); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!AddOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Add); + } + goto generic_binary; + } + + CASE(Sub) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int64_t lhs = sp[1].asValue().toInt32(); + int64_t rhs = sp[0].asValue().toInt32(); + if (lhs - rhs >= int64_t(INT32_MIN) && + lhs - rhs <= int64_t(INT32_MAX)) { + POP(); + sp[0] = StackVal(Int32Value(int32_t(lhs - rhs))); + NEXT_IC(); + END_OP(Sub); + } + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(NumberValue(lhs - rhs)); + NEXT_IC(); + END_OP(Add); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!SubOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Sub); + } + goto generic_binary; + } + + CASE(Mul) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int64_t lhs = sp[1].asValue().toInt32(); + int64_t rhs = sp[0].asValue().toInt32(); + int64_t product = lhs * rhs; + if (product >= int64_t(INT32_MIN) && product <= int64_t(INT32_MAX) && + (product != 0 || !((lhs < 0) ^ (rhs < 0)))) { + POP(); + sp[0] = StackVal(Int32Value(int32_t(product))); + NEXT_IC(); + END_OP(Mul); + } + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(NumberValue(lhs * rhs)); + NEXT_IC(); + END_OP(Mul); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!MulOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Mul); + } + goto generic_binary; + } + CASE(Div) { + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(NumberValue(NumberDiv(lhs, rhs))); + NEXT_IC(); + END_OP(Div); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!DivOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Div); + } + goto generic_binary; + } + CASE(Mod) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int64_t lhs = sp[1].asValue().toInt32(); + int64_t rhs = sp[0].asValue().toInt32(); + if (lhs > 0 && rhs > 0) { + int64_t mod = lhs % rhs; + POP(); + sp[0] = StackVal(Int32Value(int32_t(mod))); + NEXT_IC(); + END_OP(Mod); + } + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(DoubleValue(NumberMod(lhs, rhs))); + NEXT_IC(); + END_OP(Mod); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!ModOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Mod); + } + goto generic_binary; + } + CASE(Pow) { + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + POP(); + sp[0] = StackVal(NumberValue(ecmaPow(lhs, rhs))); + NEXT_IC(); + END_OP(Pow); + } + if (kHybridICs) { + MutableHandleValue lhs = Stack::handleMut(sp + 1); + MutableHandleValue rhs = Stack::handleMut(sp); + MutableHandleValue result = Stack::handleMut(sp + 1); + { + PUSH_EXIT_FRAME(); + if (!PowOperation(cx, lhs, rhs, result)) { + goto error; + } + } + POP(); + NEXT_IC(); + END_OP(Pow); + } + goto generic_binary; + } + CASE(BitOr) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int32_t lhs = sp[1].asValue().toInt32(); + int32_t rhs = sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(Int32Value(lhs | rhs)); + NEXT_IC(); + END_OP(BitOr); + } + goto generic_binary; + } + CASE(BitAnd) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int32_t lhs = sp[1].asValue().toInt32(); + int32_t rhs = sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(Int32Value(lhs & rhs)); + NEXT_IC(); + END_OP(BitAnd); + } + goto generic_binary; + } + CASE(BitXor) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int32_t lhs = sp[1].asValue().toInt32(); + int32_t rhs = sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(Int32Value(lhs ^ rhs)); + NEXT_IC(); + END_OP(BitXor); + } + goto generic_binary; + } + CASE(Lsh) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + // Unsigned to avoid undefined behavior on left-shift overflow + // (see comment in BitLshOperation in Interpreter.cpp). + uint32_t lhs = uint32_t(sp[1].asValue().toInt32()); + uint32_t rhs = uint32_t(sp[0].asValue().toInt32()); + POP(); + rhs &= 31; + sp[0] = StackVal(Int32Value(int32_t(lhs << rhs))); + NEXT_IC(); + END_OP(Lsh); + } + goto generic_binary; + } + CASE(Rsh) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + int32_t lhs = sp[1].asValue().toInt32(); + int32_t rhs = sp[0].asValue().toInt32(); + POP(); + rhs &= 31; + sp[0] = StackVal(Int32Value(lhs >> rhs)); + NEXT_IC(); + END_OP(Rsh); + } + goto generic_binary; + } + CASE(Ursh) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + uint32_t lhs = uint32_t(sp[1].asValue().toInt32()); + int32_t rhs = sp[0].asValue().toInt32(); + POP(); + rhs &= 31; + uint32_t result = lhs >> rhs; + if (result <= uint32_t(INT32_MAX)) { + sp[0] = StackVal(Int32Value(int32_t(result))); + } else { + sp[0] = StackVal(NumberValue(double(result))); + } + NEXT_IC(); + END_OP(Ursh); + } + goto generic_binary; + } + + generic_binary: { + static_assert(JSOpLength_BitOr == JSOpLength_BitXor); + static_assert(JSOpLength_BitOr == JSOpLength_BitAnd); + static_assert(JSOpLength_BitOr == JSOpLength_Lsh); + static_assert(JSOpLength_BitOr == JSOpLength_Rsh); + static_assert(JSOpLength_BitOr == JSOpLength_Ursh); + static_assert(JSOpLength_BitOr == JSOpLength_Add); + static_assert(JSOpLength_BitOr == JSOpLength_Sub); + static_assert(JSOpLength_BitOr == JSOpLength_Mul); + static_assert(JSOpLength_BitOr == JSOpLength_Div); + static_assert(JSOpLength_BitOr == JSOpLength_Mod); + static_assert(JSOpLength_BitOr == JSOpLength_Pow); + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(BinaryArith); + IC_PUSH_RESULT(); + END_OP(Div); + } + + CASE(Eq) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[0].asValue().toInt32() == sp[1].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Eq); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs == rhs; + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Eq); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + bool result = sp[0].asValue().toNumber() == sp[1].asValue().toNumber(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Eq); + } + goto generic_cmp; + } + + CASE(Ne) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[0].asValue().toInt32() != sp[1].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Ne); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs != rhs; + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Ne); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + bool result = sp[0].asValue().toNumber() != sp[1].asValue().toNumber(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Eq); + } + goto generic_cmp; + } + + CASE(Lt) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[1].asValue().toInt32() < sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Lt); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs < rhs; + if (std::isnan(lhs) || std::isnan(rhs)) { + result = false; + } + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Lt); + } + goto generic_cmp; + } + CASE(Le) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[1].asValue().toInt32() <= sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Le); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs <= rhs; + if (std::isnan(lhs) || std::isnan(rhs)) { + result = false; + } + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Le); + } + goto generic_cmp; + } + CASE(Gt) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[1].asValue().toInt32() > sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Gt); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs > rhs; + if (std::isnan(lhs) || std::isnan(rhs)) { + result = false; + } + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Gt); + } + goto generic_cmp; + } + CASE(Ge) { + if (sp[0].asValue().isInt32() && sp[1].asValue().isInt32()) { + bool result = sp[1].asValue().toInt32() >= sp[0].asValue().toInt32(); + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Ge); + } + if (sp[0].asValue().isNumber() && sp[1].asValue().isNumber()) { + double lhs = sp[1].asValue().toNumber(); + double rhs = sp[0].asValue().toNumber(); + bool result = lhs >= rhs; + if (std::isnan(lhs) || std::isnan(rhs)) { + result = false; + } + POP(); + sp[0] = StackVal(BooleanValue(result)); + NEXT_IC(); + END_OP(Ge); + } + goto generic_cmp; + } + + CASE(StrictEq) + CASE(StrictNe) { + if (kHybridICs) { + bool result; + HandleValue lval = Stack::handle(sp + 1); + HandleValue rval = Stack::handle(sp); + if (sp[0].asValue().isString() && sp[1].asValue().isString()) { + PUSH_EXIT_FRAME(); + if (!js::StrictlyEqual(cx, lval, rval, &result)) { + goto error; + } + } else { + if (!js::StrictlyEqual(nullptr, lval, rval, &result)) { + goto error; + } + } + POP(); + sp[0] = StackVal( + BooleanValue((JSOp(*pc) == JSOp::StrictEq) ? result : !result)); + NEXT_IC(); + END_OP(StrictEq); + } else { + goto generic_cmp; + } + } + + generic_cmp: { + static_assert(JSOpLength_Eq == JSOpLength_Ne); + static_assert(JSOpLength_Eq == JSOpLength_StrictEq); + static_assert(JSOpLength_Eq == JSOpLength_StrictNe); + static_assert(JSOpLength_Eq == JSOpLength_Lt); + static_assert(JSOpLength_Eq == JSOpLength_Gt); + static_assert(JSOpLength_Eq == JSOpLength_Le); + static_assert(JSOpLength_Eq == JSOpLength_Ge); + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(Compare); + IC_PUSH_RESULT(); + END_OP(Eq); + } + + CASE(Instanceof) { + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(InstanceOf); + IC_PUSH_RESULT(); + END_OP(Instanceof); + } + + CASE(In) { + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(In); + IC_PUSH_RESULT(); + END_OP(In); + } + + CASE(ToPropertyKey) { + IC_POP_ARG(0); + INVOKE_IC(ToPropertyKey); + IC_PUSH_RESULT(); + END_OP(ToPropertyKey); + } + + CASE(ToString) { + if (sp[0].asValue().isString()) { + END_OP(ToString); + } + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + if (JSString* result = + ToStringSlow<NoGC>(frameMgr.cxForLocalUseOnly(), value0)) { + PUSH(StackVal(StringValue(result))); + } else { + { + PUSH_EXIT_FRAME(); + result = ToString<CanGC>(cx, value0); + if (!result) { + goto error; + } + } + PUSH(StackVal(StringValue(result))); + } + } + END_OP(ToString); + } + + CASE(IsNullOrUndefined) { + bool result = sp[0].asValue().isNull() || sp[0].asValue().isUndefined(); + PUSH(StackVal(BooleanValue(result))); + END_OP(IsNullOrUndefined); + } + + CASE(GlobalThis) { + PUSH(StackVal(ObjectValue(*frameMgr.cxForLocalUseOnly() + ->global() + ->lexicalEnvironment() + .thisObject()))); + END_OP(GlobalThis); + } + + CASE(NonSyntacticGlobalThis) { + { + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + ReservedRooted<Value> value0(&state.value0); + { + PUSH_EXIT_FRAME(); + js::GetNonSyntacticGlobalThis(cx, obj0, &value0); + } + PUSH(StackVal(value0)); + } + END_OP(NonSyntacticGlobalThis); + } + + CASE(NewTarget) { + PUSH(StackVal(frame->newTarget())); + END_OP(NewTarget); + } + + CASE(DynamicImport) { + { + ReservedRooted<Value> value0(&state.value0, + POP().asValue()); // options + ReservedRooted<Value> value1(&state.value1, + POP().asValue()); // specifier + JSObject* promise; + { + PUSH_EXIT_FRAME(); + promise = StartDynamicModuleImport(cx, script, value1, value0); + if (!promise) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*promise))); + } + END_OP(DynamicImport); + } + + CASE(ImportMeta) { + JSObject* metaObject; + { + PUSH_EXIT_FRAME(); + metaObject = ImportMetaOperation(cx, script); + if (!metaObject) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*metaObject))); + END_OP(ImportMeta); + } + + CASE(NewInit) { + if (kHybridICs) { + JSObject* obj; + { + PUSH_EXIT_FRAME(); + obj = NewObjectOperation(cx, script, pc); + if (!obj) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*obj))); + NEXT_IC(); + END_OP(NewInit); + } else { + INVOKE_IC(NewObject); + IC_PUSH_RESULT(); + END_OP(NewInit); + } + } + CASE(NewObject) { + if (kHybridICs) { + JSObject* obj; + { + PUSH_EXIT_FRAME(); + obj = NewObjectOperation(cx, script, pc); + if (!obj) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*obj))); + NEXT_IC(); + END_OP(NewObject); + } else { + INVOKE_IC(NewObject); + IC_PUSH_RESULT(); + END_OP(NewObject); + } + } + CASE(Object) { + PUSH(StackVal(ObjectValue(*script->getObject(pc)))); + END_OP(Object); + } + CASE(ObjWithProto) { + { + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); + JSObject* obj; + { + PUSH_EXIT_FRAME(); + obj = ObjectWithProtoOperation(cx, value0); + if (!obj) { + goto error; + } + } + sp[0] = StackVal(ObjectValue(*obj)); + } + END_OP(ObjWithProto); + } + + CASE(InitElem) + CASE(InitHiddenElem) + CASE(InitLockedElem) + CASE(InitElemInc) + CASE(SetElem) + CASE(StrictSetElem) { + static_assert(JSOpLength_InitElem == JSOpLength_InitHiddenElem); + static_assert(JSOpLength_InitElem == JSOpLength_InitLockedElem); + static_assert(JSOpLength_InitElem == JSOpLength_InitElemInc); + static_assert(JSOpLength_InitElem == JSOpLength_SetElem); + static_assert(JSOpLength_InitElem == JSOpLength_StrictSetElem); + StackVal val = sp[0]; + IC_POP_ARG(2); + IC_POP_ARG(1); + IC_SET_ARG_FROM_STACK(0, 0); + if (JSOp(*pc) == JSOp::SetElem || JSOp(*pc) == JSOp::StrictSetElem) { + sp[0] = val; + } + INVOKE_IC(SetElem); + if (JSOp(*pc) == JSOp::InitElemInc) { + PUSH(StackVal( + Int32Value(Value::fromRawBits(icregs.icVals[1]).toInt32() + 1))); + } + END_OP(InitElem); + } + + CASE(InitPropGetter) + CASE(InitHiddenPropGetter) + CASE(InitPropSetter) + CASE(InitHiddenPropSetter) { + static_assert(JSOpLength_InitPropGetter == + JSOpLength_InitHiddenPropGetter); + static_assert(JSOpLength_InitPropGetter == JSOpLength_InitPropSetter); + static_assert(JSOpLength_InitPropGetter == + JSOpLength_InitHiddenPropSetter); + { + ReservedRooted<JSObject*> obj1(&state.obj1, + &POP().asValue().toObject()); // val + ReservedRooted<JSObject*> obj0( + &state.obj0, &sp[0].asValue().toObject()); // obj; leave on stack + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + { + PUSH_EXIT_FRAME(); + if (!InitPropGetterSetterOperation(cx, pc, obj0, name0, obj1)) { + goto error; + } + } + } + END_OP(InitPropGetter); + } + + CASE(InitElemGetter) + CASE(InitHiddenElemGetter) + CASE(InitElemSetter) + CASE(InitHiddenElemSetter) { + static_assert(JSOpLength_InitElemGetter == + JSOpLength_InitHiddenElemGetter); + static_assert(JSOpLength_InitElemGetter == JSOpLength_InitElemSetter); + static_assert(JSOpLength_InitElemGetter == + JSOpLength_InitHiddenElemSetter); + { + ReservedRooted<JSObject*> obj1(&state.obj1, + &POP().asValue().toObject()); // val + ReservedRooted<Value> value0(&state.value0, POP().asValue()); // idval + ReservedRooted<JSObject*> obj0( + &state.obj0, &sp[0].asValue().toObject()); // obj; leave on stack + { + PUSH_EXIT_FRAME(); + if (!InitElemGetterSetterOperation(cx, pc, obj0, value0, obj1)) { + goto error; + } + } + } + END_OP(InitElemGetter); + } + + CASE(GetProp) + CASE(GetBoundName) { + static_assert(JSOpLength_GetProp == JSOpLength_GetBoundName); + IC_POP_ARG(0); + INVOKE_IC(GetProp); + IC_PUSH_RESULT(); + END_OP(GetProp); + } + CASE(GetPropSuper) { + IC_POP_ARG(0); + IC_POP_ARG(1); + INVOKE_IC(GetPropSuper); + IC_PUSH_RESULT(); + END_OP(GetPropSuper); + } + + CASE(GetElem) { + HandleValue lhs = Stack::handle(&sp[1]); + HandleValue rhs = Stack::handle(&sp[0]); + uint32_t index; + if (IsDefinitelyIndex(rhs, &index)) { + if (lhs.isString()) { + JSString* str = lhs.toString(); + if (index < str->length() && str->isLinear()) { + JSLinearString* linear = &str->asLinear(); + char16_t c = linear->latin1OrTwoByteChar(index); + StaticStrings& sstr = frameMgr.cxForLocalUseOnly()->staticStrings(); + if (sstr.hasUnit(c)) { + sp[1] = StackVal(StringValue(sstr.getUnit(c))); + POP(); + NEXT_IC(); + END_OP(GetElem); + } + } + } + if (lhs.isObject()) { + JSObject* obj = &lhs.toObject(); + Value ret; + if (GetElementNoGC(frameMgr.cxForLocalUseOnly(), obj, lhs, index, + &ret)) { + sp[1] = StackVal(ret); + POP(); + NEXT_IC(); + END_OP(GetElem); + } + } + } + + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(GetElem); + IC_PUSH_RESULT(); + END_OP(GetElem); + } + + CASE(GetElemSuper) { + // N.B.: second and third args are out of order! See the saga at + // https://bugzilla.mozilla.org/show_bug.cgi?id=1709328; this is + // an echo of that issue. + IC_POP_ARG(1); + IC_POP_ARG(2); + IC_POP_ARG(0); + INVOKE_IC(GetElemSuper); + IC_PUSH_RESULT(); + END_OP(GetElemSuper); + } + + CASE(DelProp) { + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + bool res = false; + { + PUSH_EXIT_FRAME(); + if (!DelPropOperation<false>(cx, value0, name0, &res)) { + goto error; + } + } + PUSH(StackVal(BooleanValue(res))); + } + END_OP(DelProp); + } + CASE(StrictDelProp) { + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + bool res = false; + { + PUSH_EXIT_FRAME(); + if (!DelPropOperation<true>(cx, value0, name0, &res)) { + goto error; + } + } + PUSH(StackVal(BooleanValue(res))); + } + END_OP(StrictDelProp); + } + CASE(DelElem) { + { + ReservedRooted<Value> value1(&state.value1, POP().asValue()); + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + bool res = false; + { + PUSH_EXIT_FRAME(); + if (!DelElemOperation<false>(cx, value0, value1, &res)) { + goto error; + } + } + PUSH(StackVal(BooleanValue(res))); + } + END_OP(DelElem); + } + CASE(StrictDelElem) { + { + ReservedRooted<Value> value1(&state.value1, POP().asValue()); + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + bool res = false; + { + PUSH_EXIT_FRAME(); + if (!DelElemOperation<true>(cx, value0, value1, &res)) { + goto error; + } + } + PUSH(StackVal(BooleanValue(res))); + } + END_OP(StrictDelElem); + } + + CASE(HasOwn) { + IC_POP_ARG(1); + IC_POP_ARG(0); + INVOKE_IC(HasOwn); + IC_PUSH_RESULT(); + END_OP(HasOwn); + } + + CASE(CheckPrivateField) { + IC_SET_ARG_FROM_STACK(1, 0); + IC_SET_ARG_FROM_STACK(0, 1); + INVOKE_IC(CheckPrivateField); + IC_PUSH_RESULT(); + END_OP(CheckPrivateField); + } + + CASE(NewPrivateName) { + { + ReservedRooted<JSAtom*> atom0(&state.atom0, script->getAtom(pc)); + JS::Symbol* symbol; + { + PUSH_EXIT_FRAME(); + symbol = NewPrivateName(cx, atom0); + if (!symbol) { + goto error; + } + } + PUSH(StackVal(SymbolValue(symbol))); + } + END_OP(NewPrivateName); + } + + CASE(SuperBase) { + JSFunction& superEnvFunc = POP().asValue().toObject().as<JSFunction>(); + MOZ_ASSERT(superEnvFunc.allowSuperProperty()); + MOZ_ASSERT(superEnvFunc.baseScript()->needsHomeObject()); + const Value& homeObjVal = superEnvFunc.getExtendedSlot( + FunctionExtended::METHOD_HOMEOBJECT_SLOT); + + JSObject* homeObj = &homeObjVal.toObject(); + JSObject* superBase = HomeObjectSuperBase(homeObj); + + PUSH(StackVal(ObjectOrNullValue(superBase))); + END_OP(SuperBase); + } + + CASE(SetPropSuper) + CASE(StrictSetPropSuper) { + // stack signature: receiver, lval, rval => rval + static_assert(JSOpLength_SetPropSuper == JSOpLength_StrictSetPropSuper); + bool strict = JSOp(*pc) == JSOp::StrictSetPropSuper; + { + ReservedRooted<Value> value2(&state.value2, POP().asValue()); // rval + ReservedRooted<Value> value1(&state.value1, POP().asValue()); // lval + ReservedRooted<Value> value0(&state.value0, + POP().asValue()); // recevier + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + { + PUSH_EXIT_FRAME(); + // SetPropertySuper(cx, lval, receiver, name, rval, strict) + // (N.B.: lval and receiver are transposed!) + if (!SetPropertySuper(cx, value1, value0, name0, value2, strict)) { + goto error; + } + } + PUSH(StackVal(value2)); + } + END_OP(SetPropSuper); + } + + CASE(SetElemSuper) + CASE(StrictSetElemSuper) { + // stack signature: receiver, key, lval, rval => rval + static_assert(JSOpLength_SetElemSuper == JSOpLength_StrictSetElemSuper); + bool strict = JSOp(*pc) == JSOp::StrictSetElemSuper; + { + ReservedRooted<Value> value3(&state.value3, POP().asValue()); // rval + ReservedRooted<Value> value2(&state.value2, POP().asValue()); // lval + ReservedRooted<Value> value1(&state.value1, POP().asValue()); // index + ReservedRooted<Value> value0(&state.value0, + POP().asValue()); // receiver + { + PUSH_EXIT_FRAME(); + // SetElementSuper(cx, lval, receiver, index, rval, strict) + // (N.B.: lval, receiver and index are rotated!) + if (!SetElementSuper(cx, value2, value0, value1, value3, strict)) { + goto error; + } + } + PUSH(StackVal(value3)); // value + } + END_OP(SetElemSuper); + } + + CASE(Iter) { + IC_POP_ARG(0); + INVOKE_IC(GetIterator); + IC_PUSH_RESULT(); + END_OP(Iter); + } + + CASE(MoreIter) { + // iter => iter, name + Value v = IteratorMore(&sp[0].asValue().toObject()); + PUSH(StackVal(v)); + END_OP(MoreIter); + } + + CASE(IsNoIter) { + // iter => iter, bool + bool result = sp[0].asValue().isMagic(JS_NO_ITER_VALUE); + PUSH(StackVal(BooleanValue(result))); + END_OP(IsNoIter); + } + + CASE(EndIter) { + // iter, interval => + POP(); + CloseIterator(&POP().asValue().toObject()); + END_OP(EndIter); + } + + CASE(CloseIter) { + IC_SET_OBJ_ARG(0, &POP().asValue().toObject()); + INVOKE_IC(CloseIter); + END_OP(CloseIter); + } + + CASE(CheckIsObj) { + if (!sp[0].asValue().isObject()) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE( + js::ThrowCheckIsObject(cx, js::CheckIsObjectKind(GET_UINT8(pc)))); + /* abandon frame; error handler will re-establish sp */ + goto error; + } + END_OP(CheckIsObj); + } + + CASE(CheckObjCoercible) { + { + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); + if (value0.isNullOrUndefined()) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowObjectCoercible(cx, value0)); + /* abandon frame; error handler will re-establish sp */ + goto error; + } + } + END_OP(CheckObjCoercible); + } + + CASE(ToAsyncIter) { + // iter, next => asynciter + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); // next + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // iter + JSObject* result; + { + PUSH_EXIT_FRAME(); + result = CreateAsyncFromSyncIterator(cx, obj0, value0); + if (!result) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*result))); + } + END_OP(ToAsyncIter); + } + + CASE(MutateProto) { + // obj, protoVal => obj + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + ReservedRooted<JSObject*> obj0(&state.obj0, + &sp[0].asValue().toObject()); + { + PUSH_EXIT_FRAME(); + if (!MutatePrototype(cx, obj0.as<PlainObject>(), value0)) { + goto error; + } + } + } + END_OP(MutateProto); + } + + CASE(NewArray) { + if (kHybridICs) { + ArrayObject* obj; + { + PUSH_EXIT_FRAME(); + uint32_t length = GET_UINT32(pc); + obj = NewArrayOperation(cx, length); + if (!obj) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*obj))); + NEXT_IC(); + END_OP(NewArray); + } else { + INVOKE_IC(NewArray); + IC_PUSH_RESULT(); + END_OP(NewArray); + } + } + + CASE(InitElemArray) { + // array, val => array + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + ReservedRooted<JSObject*> obj0(&state.obj0, + &sp[0].asValue().toObject()); + { + PUSH_EXIT_FRAME(); + InitElemArrayOperation(cx, pc, obj0.as<ArrayObject>(), value0); + } + } + END_OP(InitElemArray); + } + + CASE(Hole) { + PUSH(StackVal(MagicValue(JS_ELEMENTS_HOLE))); + END_OP(Hole); + } + + CASE(RegExp) { + JSObject* obj; + { + PUSH_EXIT_FRAME(); + ReservedRooted<JSObject*> obj0(&state.obj0, script->getRegExp(pc)); + obj = CloneRegExpObject(cx, obj0.as<RegExpObject>()); + if (!obj) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*obj))); + END_OP(RegExp); + } + + CASE(Lambda) { + { + ReservedRooted<JSFunction*> fun0(&state.fun0, script->getFunction(pc)); + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + JSObject* res; + { + PUSH_EXIT_FRAME(); + res = js::Lambda(cx, fun0, obj0); + if (!res) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*res))); + } + END_OP(Lambda); + } + + CASE(SetFunName) { + // fun, name => fun + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); // name + ReservedRooted<JSFunction*> fun0( + &state.fun0, &sp[0].asValue().toObject().as<JSFunction>()); + FunctionPrefixKind prefixKind = FunctionPrefixKind(GET_UINT8(pc)); + { + PUSH_EXIT_FRAME(); + if (!SetFunctionName(cx, fun0, value0, prefixKind)) { + goto error; + } + } + } + END_OP(SetFunName); + } + + CASE(InitHomeObject) { + // fun, homeObject => fun + { + ReservedRooted<JSObject*> obj0( + &state.obj0, &POP().asValue().toObject()); // homeObject + ReservedRooted<JSFunction*> fun0( + &state.fun0, &sp[0].asValue().toObject().as<JSFunction>()); + MOZ_ASSERT(fun0->allowSuperProperty()); + MOZ_ASSERT(obj0->is<PlainObject>() || obj0->is<JSFunction>()); + fun0->setExtendedSlot(FunctionExtended::METHOD_HOMEOBJECT_SLOT, + ObjectValue(*obj0)); + } + END_OP(InitHomeObject); + } + + CASE(CheckClassHeritage) { + { + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); + { + PUSH_EXIT_FRAME(); + if (!CheckClassHeritageOperation(cx, value0)) { + goto error; + } + } + } + END_OP(CheckClassHeritage); + } + + CASE(FunWithProto) { + // proto => obj + { + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // proto + ReservedRooted<JSObject*> obj1(&state.obj1, frame->environmentChain()); + ReservedRooted<JSFunction*> fun0(&state.fun0, script->getFunction(pc)); + JSObject* obj; + { + PUSH_EXIT_FRAME(); + obj = FunWithProtoOperation(cx, fun0, obj1, obj0); + if (!obj) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*obj))); + } + END_OP(FunWithProto); + } + + CASE(BuiltinObject) { + auto kind = BuiltinObjectKind(GET_UINT8(pc)); + JSObject* builtin; + { + PUSH_EXIT_FRAME(); + builtin = BuiltinObjectOperation(cx, kind); + if (!builtin) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*builtin))); + END_OP(BuiltinObject); + } + + CASE(Call) + CASE(CallIgnoresRv) + CASE(CallContent) + CASE(CallIter) + CASE(CallContentIter) + CASE(Eval) + CASE(StrictEval) + CASE(SuperCall) + CASE(New) + CASE(NewContent) { + static_assert(JSOpLength_Call == JSOpLength_CallIgnoresRv); + static_assert(JSOpLength_Call == JSOpLength_CallContent); + static_assert(JSOpLength_Call == JSOpLength_CallIter); + static_assert(JSOpLength_Call == JSOpLength_CallContentIter); + static_assert(JSOpLength_Call == JSOpLength_Eval); + static_assert(JSOpLength_Call == JSOpLength_StrictEval); + static_assert(JSOpLength_Call == JSOpLength_SuperCall); + static_assert(JSOpLength_Call == JSOpLength_New); + static_assert(JSOpLength_Call == JSOpLength_NewContent); + JSOp op = JSOp(*pc); + bool constructing = + (op == JSOp::New || op == JSOp::NewContent || op == JSOp::SuperCall); + uint32_t argc = GET_ARGC(pc); + do { + { + // CallArgsFromSp would be called with + // - numValues = argc + 2 + constructing + // - stackSlots = argc + constructing + // - sp = vp + numValues + // CallArgs::create then gets + // - argc_ = stackSlots - constructing = argc + // - argv_ = sp - stackSlots = vp + 2 + // our arguments are in reverse order compared to what CallArgs + // expects so we should subtract any array subscripts from (sp + + // stackSlots - 1) + StackVal* firstArg = sp + argc + constructing - 1; + + // callee is argv_[-2] -> sp + argc + constructing + 1 + // this is argv_[-1] -> sp + argc + constructing + // newTarget is argv_[argc_] -> sp + constructing - 1 + // but this/newTarget are only used when constructing is 1 so we can + // simplify this is argv_[-1] -> sp + argc + 1 newTarget is + // argv_[argc_] -> sp + + HandleValue callee = Stack::handle(firstArg + 2); + if (!callee.isObject() || !callee.toObject().is<JSFunction>()) { + TRACE_PRINTF("missed fastpath: not a function\n"); + break; + } + ReservedRooted<JSFunction*> func(&state.fun0, + &callee.toObject().as<JSFunction>()); + if (!func->hasBaseScript() || !func->isInterpreted()) { + TRACE_PRINTF("missed fastpath: not an interpreted script\n"); + break; + } + if (!constructing && func->isClassConstructor()) { + TRACE_PRINTF("missed fastpath: constructor called without `new`\n"); + break; + } + if (!func->baseScript()->hasBytecode()) { + TRACE_PRINTF("missed fastpath: no bytecode\n"); + break; + } + ReservedRooted<JSScript*> calleeScript( + &state.script0, func->baseScript()->asJSScript()); + if (!calleeScript->hasJitScript()) { + TRACE_PRINTF("missed fastpath: no jit-script\n"); + break; + } + if (frameMgr.cxForLocalUseOnly()->realm() != calleeScript->realm()) { + TRACE_PRINTF("missed fastpath: mismatched realm\n"); + break; + } + if (argc < func->nargs()) { + TRACE_PRINTF("missed fastpath: not enough arguments\n"); + break; + } + + // Fast-path: function, interpreted, has JitScript, same realm, no + // argument underflow. + + // Include newTarget in the args if it exists; exclude callee + uint32_t totalArgs = argc + 1 + constructing; + StackVal* origArgs = sp; + + TRACE_PRINTF( + "Call fastpath: argc = %d origArgs = %p callee = %" PRIx64 "\n", + argc, origArgs, callee.get().asRawBits()); + + if (!stack.check(sp, sizeof(StackVal) * (totalArgs + 3))) { + TRACE_PRINTF("missed fastpath: would cause stack overrun\n"); + break; + } + + if (constructing) { + MutableHandleValue thisv = Stack::handleMut(firstArg + 1); + if (!thisv.isObject()) { + HandleValue newTarget = Stack::handle(firstArg - argc); + ReservedRooted<JSObject*> obj0(&state.obj0, + &newTarget.toObject()); + + PUSH_EXIT_FRAME(); + // CreateThis might discard the JitScript but we're counting on it + // continuing to exist while we evaluate the fastpath. + AutoKeepJitScripts keepJitScript(cx); + if (!CreateThis(cx, func, obj0, GenericObject, thisv)) { + goto error; + } + + TRACE_PRINTF("created %" PRIx64 "\n", thisv.get().asRawBits()); + } + } + + // 0. Save current PC in current frame, so we can retrieve + // it later. + frame->interpreterPC() = pc; + + // 1. Push a baseline stub frame. Don't use the frame manager + // -- we don't want the frame to be auto-freed when we leave + // this scope, and we don't want to shadow `sp`. + StackVal* exitFP = stack.pushExitFrame(sp, frame); + MOZ_ASSERT(exitFP); // safety: stack margin. + sp = exitFP; + TRACE_PRINTF("exit frame at %p\n", exitFP); + + // 2. Modify exit code to nullptr (this is where ICStubReg is + // normally saved; the tracing code can skip if null). + PUSHNATIVE(StackValNative(nullptr)); + + // 3. Push args in proper order (they are reversed in our + // downward-growth stack compared to what the calling + // convention expects). + for (uint32_t i = 0; i < totalArgs; i++) { + PUSH(origArgs[i]); + } + + // 4. Push inter-frame content: callee token, descriptor for + // above. + PUSHNATIVE(StackValNative(CalleeToToken(func, constructing))); + PUSHNATIVE(StackValNative( + MakeFrameDescriptorForJitCall(FrameType::BaselineStub, argc))); + + // 5. Push fake return address, set script, push baseline frame. + PUSHNATIVE(StackValNative(nullptr)); + script.set(calleeScript); + BaselineFrame* newFrame = + stack.pushFrame(sp, frameMgr.cxForLocalUseOnly(), + /* envChain = */ func->environment()); + MOZ_ASSERT(newFrame); // safety: stack margin. + TRACE_PRINTF("callee frame at %p\n", newFrame); + frame = newFrame; + frameMgr.switchToFrame(frame); + // 6. Set up PC and SP for callee. + sp = reinterpret_cast<StackVal*>(frame); + pc = calleeScript->code(); + // 7. Check callee stack space for max stack depth. + if (!stack.check(sp, sizeof(StackVal) * calleeScript->nslots())) { + PUSH_EXIT_FRAME(); + ReportOverRecursed(frameMgr.cxForLocalUseOnly()); + goto error; + } + // 8. Push local slots, and set return value to `undefined` by + // default. + uint32_t nfixed = calleeScript->nfixed(); + for (uint32_t i = 0; i < nfixed; i++) { + PUSH(StackVal(UndefinedValue())); + } + ret->setUndefined(); + // 9. Initialize environment objects. + if (func->needsFunctionEnvironmentObjects()) { + PUSH_EXIT_FRAME(); + if (!js::InitFunctionEnvironmentObjects(cx, frame)) { + goto error; + } + } + // 10. Set debug flag, if appropriate. + if (script->isDebuggee()) { + TRACE_PRINTF("Script is debuggee\n"); + frame->setIsDebuggee(); + + PUSH_EXIT_FRAME(); + if (!DebugPrologue(cx, frame)) { + goto error; + } + } + // 11. Check for interrupts. +#ifndef __wasi__ + if (frameMgr.cxForLocalUseOnly()->hasAnyPendingInterrupt()) { + PUSH_EXIT_FRAME(); + if (!InterruptCheck(cx)) { + goto error; + } + } +#endif + // 12. Initialize coverage tables, if needed. + if (!script->hasScriptCounts()) { + if (frameMgr.cxForLocalUseOnly() + ->realm() + ->collectCoverageForDebug()) { + PUSH_EXIT_FRAME(); + if (!script->initScriptCounts(cx)) { + goto error; + } + } + } + COUNT_COVERAGE_MAIN(); + } + + // Everything is switched to callee context now -- dispatch! + DISPATCH(); + } while (0); + + // Slow path: use the IC! + icregs.icVals[0] = argc; + icregs.extraArgs = 2 + constructing; + icregs.spreadCall = false; + INVOKE_IC(Call); + POPN(argc + 2 + constructing); + PUSH(StackVal(Value::fromRawBits(icregs.icResult))); + END_OP(Call); + } + + CASE(SpreadCall) + CASE(SpreadEval) + CASE(StrictSpreadEval) { + static_assert(JSOpLength_SpreadCall == JSOpLength_SpreadEval); + static_assert(JSOpLength_SpreadCall == JSOpLength_StrictSpreadEval); + icregs.icVals[0] = 1; + icregs.extraArgs = 2; + icregs.spreadCall = true; + INVOKE_IC(Call); + POPN(3); + PUSH(StackVal(Value::fromRawBits(icregs.icResult))); + END_OP(SpreadCall); + } + + CASE(SpreadSuperCall) + CASE(SpreadNew) { + static_assert(JSOpLength_SpreadSuperCall == JSOpLength_SpreadNew); + icregs.icVals[0] = 1; + icregs.extraArgs = 3; + icregs.spreadCall = true; + INVOKE_IC(Call); + POPN(4); + PUSH(StackVal(Value::fromRawBits(icregs.icResult))); + END_OP(SpreadSuperCall); + } + + CASE(OptimizeSpreadCall) { + IC_POP_ARG(0); + INVOKE_IC(OptimizeSpreadCall); + IC_PUSH_RESULT(); + END_OP(OptimizeSpreadCall); + } + + CASE(OptimizeGetIterator) { + IC_POP_ARG(0); + INVOKE_IC(OptimizeGetIterator); + IC_PUSH_RESULT(); + END_OP(OptimizeGetIterator); + } + + CASE(ImplicitThis) { + { + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + PUSH_EXIT_FRAME(); + if (!ImplicitThisOperation(cx, obj0, name0, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + state.res.setUndefined(); + END_OP(ImplicitThis); + } + + CASE(CallSiteObj) { + JSObject* cso = script->getObject(pc); + MOZ_ASSERT(!cso->as<ArrayObject>().isExtensible()); + MOZ_ASSERT(cso->as<ArrayObject>().containsPure( + frameMgr.cxForLocalUseOnly()->names().raw)); + PUSH(StackVal(ObjectValue(*cso))); + END_OP(CallSiteObj); + } + + CASE(IsConstructing) { + PUSH(StackVal(MagicValue(JS_IS_CONSTRUCTING))); + END_OP(IsConstructing); + } + + CASE(SuperFun) { + JSObject* superEnvFunc = &POP().asValue().toObject(); + JSObject* superFun = SuperFunOperation(superEnvFunc); + PUSH(StackVal(ObjectOrNullValue(superFun))); + END_OP(SuperFun); + } + + CASE(CheckThis) { + if (sp[0].asValue().isMagic(JS_UNINITIALIZED_LEXICAL)) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowUninitializedThis(cx)); + goto error; + } + END_OP(CheckThis); + } + + CASE(CheckThisReinit) { + if (!sp[0].asValue().isMagic(JS_UNINITIALIZED_LEXICAL)) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowInitializedThis(cx)); + goto error; + } + END_OP(CheckThisReinit); + } + + CASE(Generator) { + JSObject* generator; + { + PUSH_EXIT_FRAME(); + generator = CreateGeneratorFromFrame(cx, frame); + if (!generator) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*generator))); + END_OP(Generator); + } + + CASE(InitialYield) { + // gen => rval, gen, resumeKind + ReservedRooted<JSObject*> obj0(&state.obj0, &sp[0].asValue().toObject()); + uint32_t frameSize = stack.frameSize(sp, frame); + { + PUSH_EXIT_FRAME(); + if (!NormalSuspend(cx, obj0, frame, frameSize, pc)) { + goto error; + } + } + frame->setReturnValue(sp[0].asValue()); + goto do_return; + } + + CASE(Await) + CASE(Yield) { + // rval1, gen => rval2, gen, resumeKind + ReservedRooted<JSObject*> obj0(&state.obj0, &POP().asValue().toObject()); + uint32_t frameSize = stack.frameSize(sp, frame); + { + PUSH_EXIT_FRAME(); + if (!NormalSuspend(cx, obj0, frame, frameSize, pc)) { + goto error; + } + } + frame->setReturnValue(sp[0].asValue()); + goto do_return; + } + + CASE(FinalYieldRval) { + // gen => + ReservedRooted<JSObject*> obj0(&state.obj0, &POP().asValue().toObject()); + { + PUSH_EXIT_FRAME(); + if (!FinalSuspend(cx, obj0, pc)) { + goto error; + } + } + goto do_return; + } + + CASE(IsGenClosing) { + bool result = sp[0].asValue() == MagicValue(JS_GENERATOR_CLOSING); + PUSH(StackVal(BooleanValue(result))); + END_OP(IsGenClosing); + } + + CASE(AsyncAwait) { + // value, gen => promise + JSObject* promise; + { + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // gen + ReservedRooted<Value> value0(&state.value0, POP().asValue()); // value + PUSH_EXIT_FRAME(); + promise = AsyncFunctionAwait( + cx, obj0.as<AsyncFunctionGeneratorObject>(), value0); + if (!promise) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*promise))); + END_OP(AsyncAwait); + } + + CASE(AsyncResolve) { + // value, gen => promise + JSObject* promise; + { + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // gen + ReservedRooted<Value> value0(&state.value0, + POP().asValue()); // value + PUSH_EXIT_FRAME(); + promise = AsyncFunctionResolve( + cx, obj0.as<AsyncFunctionGeneratorObject>(), value0); + if (!promise) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*promise))); + END_OP(AsyncResolve); + } + + CASE(AsyncReject) { + // reason, gen => promise + JSObject* promise; + { + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // gen + ReservedRooted<Value> value0(&state.value0, + POP().asValue()); // stack + ReservedRooted<Value> value1(&state.value1, + POP().asValue()); // reason + PUSH_EXIT_FRAME(); + promise = AsyncFunctionReject( + cx, obj0.as<AsyncFunctionGeneratorObject>(), value1, value0); + if (!promise) { + goto error; + } + } + PUSH(StackVal(ObjectValue(*promise))); + END_OP(AsyncReject); + } + + CASE(CanSkipAwait) { + // value => value, can_skip + bool result = false; + { + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); + PUSH_EXIT_FRAME(); + if (!CanSkipAwait(cx, value0, &result)) { + goto error; + } + } + PUSH(StackVal(BooleanValue(result))); + END_OP(CanSkipAwait); + } + + CASE(MaybeExtractAwaitValue) { + // value, can_skip => value_or_resolved, can_skip + { + Value can_skip = POP().asValue(); + ReservedRooted<Value> value0(&state.value0, POP().asValue()); // value + if (can_skip.toBoolean()) { + PUSH_EXIT_FRAME(); + if (!ExtractAwaitValue(cx, value0, &value0)) { + goto error; + } + } + PUSH(StackVal(value0)); + PUSH(StackVal(can_skip)); + } + END_OP(MaybeExtractAwaitValue); + } + + CASE(ResumeKind) { + GeneratorResumeKind resumeKind = ResumeKindFromPC(pc); + PUSH(StackVal(Int32Value(int32_t(resumeKind)))); + END_OP(ResumeKind); + } + + CASE(CheckResumeKind) { + // rval, gen, resumeKind => rval + { + GeneratorResumeKind resumeKind = + IntToResumeKind(POP().asValue().toInt32()); + ReservedRooted<JSObject*> obj0(&state.obj0, + &POP().asValue().toObject()); // gen + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); // rval + if (resumeKind != GeneratorResumeKind::Next) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(GeneratorThrowOrReturn( + cx, frame, obj0.as<AbstractGeneratorObject>(), value0, + resumeKind)); + goto error; + } + } + END_OP(CheckResumeKind); + } + + CASE(Resume) { + Value gen = sp[2].asValue(); + Value* callerSP = reinterpret_cast<Value*>(sp); + { + ReservedRooted<Value> value0(&state.value0); + ReservedRooted<JSObject*> obj0(&state.obj0, &gen.toObject()); + { + PUSH_EXIT_FRAME(); + TRACE_PRINTF("Going to C++ interp for Resume\n"); + if (!InterpretResume(cx, obj0, callerSP, &value0)) { + goto error; + } + } + POPN(2); + sp[0] = StackVal(value0); + } + END_OP(Resume); + } + + CASE(JumpTarget) { + int32_t icIndex = GET_INT32(pc); + frame->interpreterICEntry() = frame->icScript()->icEntries() + icIndex; + COUNT_COVERAGE_PC(pc); + END_OP(JumpTarget); + } + CASE(LoopHead) { + int32_t icIndex = GET_INT32(pc); + frame->interpreterICEntry() = frame->icScript()->icEntries() + icIndex; +#ifndef __wasi__ + if (frameMgr.cxForLocalUseOnly()->hasAnyPendingInterrupt()) { + PUSH_EXIT_FRAME(); + if (!InterruptCheck(cx)) { + goto error; + } + } +#endif + COUNT_COVERAGE_PC(pc); + END_OP(LoopHead); + } + CASE(AfterYield) { + int32_t icIndex = GET_INT32(pc); + frame->interpreterICEntry() = frame->icScript()->icEntries() + icIndex; + if (script->isDebuggee()) { + TRACE_PRINTF("doing DebugAfterYield\n"); + PUSH_EXIT_FRAME(); + if (DebugAPI::hasAnyBreakpointsOrStepMode(script) && + !HandleDebugTrap(cx, frame, pc)) { + TRACE_PRINTF("HandleDebugTrap returned error\n"); + goto error; + } + if (!DebugAfterYield(cx, frame)) { + TRACE_PRINTF("DebugAfterYield returned error\n"); + goto error; + } + } + COUNT_COVERAGE_PC(pc); + END_OP(AfterYield); + } + + CASE(Goto) { + ADVANCE(GET_JUMP_OFFSET(pc)); + PREDICT_NEXT(JumpTarget); + PREDICT_NEXT(LoopHead); + DISPATCH(); + } + + CASE(Coalesce) { + if (!sp[0].asValue().isNullOrUndefined()) { + ADVANCE(GET_JUMP_OFFSET(pc)); + DISPATCH(); + } else { + END_OP(Coalesce); + } + } + + CASE(Case) { + bool cond = POP().asValue().toBoolean(); + if (cond) { + POP(); + ADVANCE(GET_JUMP_OFFSET(pc)); + DISPATCH(); + } else { + END_OP(Case); + } + } + + CASE(Default) { + POP(); + ADVANCE(GET_JUMP_OFFSET(pc)); + DISPATCH(); + } + + CASE(TableSwitch) { + int32_t len = GET_JUMP_OFFSET(pc); + int32_t low = GET_JUMP_OFFSET(pc + 1 * JUMP_OFFSET_LEN); + int32_t high = GET_JUMP_OFFSET(pc + 2 * JUMP_OFFSET_LEN); + Value v = POP().asValue(); + int32_t i = 0; + if (v.isInt32()) { + i = v.toInt32(); + } else if (!v.isDouble() || + !mozilla::NumberEqualsInt32(v.toDouble(), &i)) { + ADVANCE(len); + DISPATCH(); + } + + i = uint32_t(i) - uint32_t(low); + if ((uint32_t(i) < uint32_t(high - low + 1))) { + len = script->tableSwitchCaseOffset(pc, uint32_t(i)) - + script->pcToOffset(pc); + } + ADVANCE(len); + DISPATCH(); + } + + CASE(Return) { + frame->setReturnValue(POP().asValue()); + goto do_return; + } + + CASE(GetRval) { + PUSH(StackVal(frame->returnValue())); + END_OP(GetRval); + } + + CASE(SetRval) { + frame->setReturnValue(POP().asValue()); + END_OP(SetRval); + } + + do_return: + CASE(RetRval) { + bool ok = true; + if (frame->isDebuggee() && !from_unwind) { + TRACE_PRINTF("doing DebugEpilogueOnBaselineReturn\n"); + PUSH_EXIT_FRAME(); + ok = DebugEpilogueOnBaselineReturn(cx, frame, pc); + } + from_unwind = false; + + uint32_t argc = frame->numActualArgs(); + sp = stack.popFrame(); + + // If FP is higher than the entry frame now, return; otherwise, + // do an inline state update. + if (stack.fp > entryFrame) { + *ret = frame->returnValue(); + TRACE_PRINTF("ret = %" PRIx64 "\n", ret->asRawBits()); + return ok ? PBIResult::Ok : PBIResult::Error; + } else { + TRACE_PRINTF("Return fastpath\n"); + Value ret = frame->returnValue(); + TRACE_PRINTF("ret = %" PRIx64 "\n", ret.asRawBits()); + + // Pop exit frame as well. + sp = stack.popFrame(); + // Pop fake return address and descriptor. + POPNNATIVE(2); + + // Set PC, frame, and current script. + frame = reinterpret_cast<BaselineFrame*>( + reinterpret_cast<uintptr_t>(stack.fp) - BaselineFrame::Size()); + TRACE_PRINTF(" sp -> %p, fp -> %p, frame -> %p\n", sp, stack.fp, frame); + frameMgr.switchToFrame(frame); + pc = frame->interpreterPC(); + script.set(frame->script()); + + // Adjust caller's stack to complete the call op that PC still points to + // in that frame (pop args, push return value). + JSOp op = JSOp(*pc); + bool constructing = (op == JSOp::New || op == JSOp::NewContent || + op == JSOp::SuperCall); + // Fix-up return value; EnterJit would do this if we hadn't bypassed it. + if (constructing && ret.isPrimitive()) { + ret = sp[argc + constructing].asValue(); + TRACE_PRINTF("updated ret = %" PRIx64 "\n", ret.asRawBits()); + } + // Pop args -- this is 1 more than how many are pushed in the + // `totalArgs` count during the call fastpath because it includes + // the callee. + POPN(argc + 2 + constructing); + // Push return value. + PUSH(StackVal(ret)); + + if (!ok) { + goto error; + } + + // Advance past call instruction, and advance past IC. + NEXT_IC(); + ADVANCE(JSOpLength_Call); + + DISPATCH(); + } + } + + CASE(CheckReturn) { + Value thisval = POP().asValue(); + // inlined version of frame->checkReturn(thisval, result) + // (js/src/vm/Stack.cpp). + HandleValue retVal = frame->returnValue(); + if (retVal.isObject()) { + PUSH(StackVal(retVal)); + } else if (!retVal.isUndefined()) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ReportValueError(cx, JSMSG_BAD_DERIVED_RETURN, + JSDVG_IGNORE_STACK, retVal, nullptr)); + goto error; + } else if (thisval.isMagic(JS_UNINITIALIZED_LEXICAL)) { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowUninitializedThis(cx)); + goto error; + } else { + PUSH(StackVal(thisval)); + } + END_OP(CheckReturn); + } + + CASE(Throw) { + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowOperation(cx, value0)); + goto error; + } + END_OP(Throw); + } + + CASE(ThrowWithStack) { + { + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + ReservedRooted<Value> value1(&state.value1, POP().asValue()); + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowWithStackOperation(cx, value1, value0)); + goto error; + } + END_OP(ThrowWithStack); + } + + CASE(ThrowMsg) { + { + PUSH_EXIT_FRAME(); + MOZ_ALWAYS_FALSE(ThrowMsgOperation(cx, GET_UINT8(pc))); + goto error; + } + END_OP(ThrowMsg); + } + + CASE(ThrowSetConst) { + { + PUSH_EXIT_FRAME(); + ReportRuntimeLexicalError(cx, JSMSG_BAD_CONST_ASSIGN, script, pc); + goto error; + } + END_OP(ThrowSetConst); + } + + CASE(Try) + CASE(TryDestructuring) { + static_assert(JSOpLength_Try == JSOpLength_TryDestructuring); + END_OP(Try); + } + + CASE(Exception) { + { + PUSH_EXIT_FRAME(); + if (!GetAndClearException(cx, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + state.res.setUndefined(); + END_OP(Exception); + } + + CASE(ExceptionAndStack) { + { + ReservedRooted<Value> value0(&state.value0); + { + PUSH_EXIT_FRAME(); + if (!cx.getCx()->getPendingExceptionStack(&value0)) { + goto error; + } + if (!GetAndClearException(cx, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + PUSH(StackVal(value0)); + state.res.setUndefined(); + } + END_OP(ExceptionAndStack); + } + + CASE(Finally) { +#ifndef __wasi__ + if (frameMgr.cxForLocalUseOnly()->hasAnyPendingInterrupt()) { + PUSH_EXIT_FRAME(); + if (!InterruptCheck(cx)) { + goto error; + } + } +#endif + END_OP(Finally); + } + + CASE(Uninitialized) { + PUSH(StackVal(MagicValue(JS_UNINITIALIZED_LEXICAL))); + END_OP(Uninitialized); + } + CASE(InitLexical) { + uint32_t i = GET_LOCALNO(pc); + frame->unaliasedLocal(i) = sp[0].asValue(); + END_OP(InitLexical); + } + + CASE(InitAliasedLexical) { + EnvironmentCoordinate ec = EnvironmentCoordinate(pc); + EnvironmentObject& obj = getEnvironmentFromCoordinate(frame, ec); + obj.setAliasedBinding(ec, sp[0].asValue()); + END_OP(InitAliasedLexical); + } + CASE(CheckLexical) { + if (sp[0].asValue().isMagic(JS_UNINITIALIZED_LEXICAL)) { + PUSH_EXIT_FRAME(); + ReportRuntimeLexicalError(cx, JSMSG_UNINITIALIZED_LEXICAL, script, pc); + goto error; + } + END_OP(CheckLexical); + } + CASE(CheckAliasedLexical) { + if (sp[0].asValue().isMagic(JS_UNINITIALIZED_LEXICAL)) { + PUSH_EXIT_FRAME(); + ReportRuntimeLexicalError(cx, JSMSG_UNINITIALIZED_LEXICAL, script, pc); + goto error; + } + END_OP(CheckAliasedLexical); + } + + CASE(BindGName) { + IC_SET_OBJ_ARG( + 0, &frameMgr.cxForLocalUseOnly()->global()->lexicalEnvironment()); + INVOKE_IC(BindName); + IC_PUSH_RESULT(); + END_OP(BindGName); + } + CASE(BindName) { + IC_SET_OBJ_ARG(0, frame->environmentChain()); + INVOKE_IC(BindName); + IC_PUSH_RESULT(); + END_OP(BindName); + } + CASE(GetGName) { + IC_SET_OBJ_ARG( + 0, &frameMgr.cxForLocalUseOnly()->global()->lexicalEnvironment()); + INVOKE_IC(GetName); + IC_PUSH_RESULT(); + END_OP(GetGName); + } + CASE(GetName) { + IC_SET_OBJ_ARG(0, frame->environmentChain()); + INVOKE_IC(GetName); + IC_PUSH_RESULT(); + END_OP(GetName); + } + + CASE(GetArg) { + unsigned i = GET_ARGNO(pc); + if (script->argsObjAliasesFormals()) { + PUSH(StackVal(frame->argsObj().arg(i))); + } else { + PUSH(StackVal(frame->unaliasedFormal(i))); + } + END_OP(GetArg); + } + + CASE(GetFrameArg) { + uint32_t i = GET_ARGNO(pc); + PUSH(StackVal(frame->unaliasedFormal(i, DONT_CHECK_ALIASING))); + END_OP(GetFrameArg); + } + + CASE(GetLocal) { + uint32_t i = GET_LOCALNO(pc); + TRACE_PRINTF(" -> local: %d\n", int(i)); + PUSH(StackVal(frame->unaliasedLocal(i))); + END_OP(GetLocal); + } + + CASE(ArgumentsLength) { + PUSH(StackVal(Int32Value(frame->numActualArgs()))); + END_OP(ArgumentsLength); + } + + CASE(GetActualArg) { + MOZ_ASSERT(!script->needsArgsObj()); + uint32_t index = sp[0].asValue().toInt32(); + sp[0] = StackVal(frame->unaliasedActual(index)); + END_OP(GetActualArg); + } + + CASE(GetAliasedVar) + CASE(GetAliasedDebugVar) { + static_assert(JSOpLength_GetAliasedVar == JSOpLength_GetAliasedDebugVar); + EnvironmentCoordinate ec = EnvironmentCoordinate(pc); + EnvironmentObject& obj = getEnvironmentFromCoordinate(frame, ec); + PUSH(StackVal(obj.aliasedBinding(ec))); + END_OP(GetAliasedVar); + } + + CASE(GetImport) { + { + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + ReservedRooted<Value> value0(&state.value0); + { + PUSH_EXIT_FRAME(); + if (!GetImportOperation(cx, obj0, script, pc, &value0)) { + goto error; + } + } + PUSH(StackVal(value0)); + } + END_OP(GetImport); + } + + CASE(GetIntrinsic) { + INVOKE_IC(GetIntrinsic); + IC_PUSH_RESULT(); + END_OP(GetIntrinsic); + } + + CASE(Callee) { + PUSH(StackVal(frame->calleev())); + END_OP(Callee); + } + + CASE(EnvCallee) { + uint8_t numHops = GET_UINT8(pc); + JSObject* env = &frame->environmentChain()->as<EnvironmentObject>(); + for (unsigned i = 0; i < numHops; i++) { + env = &env->as<EnvironmentObject>().enclosingEnvironment(); + } + PUSH(StackVal(ObjectValue(env->as<CallObject>().callee()))); + END_OP(EnvCallee); + } + + CASE(SetProp) + CASE(StrictSetProp) + CASE(SetName) + CASE(StrictSetName) + CASE(SetGName) + CASE(StrictSetGName) { + static_assert(JSOpLength_SetProp == JSOpLength_StrictSetProp); + static_assert(JSOpLength_SetProp == JSOpLength_SetName); + static_assert(JSOpLength_SetProp == JSOpLength_StrictSetName); + static_assert(JSOpLength_SetProp == JSOpLength_SetGName); + static_assert(JSOpLength_SetProp == JSOpLength_StrictSetGName); + IC_POP_ARG(1); + IC_POP_ARG(0); + PUSH(StackVal(icregs.icVals[1])); + INVOKE_IC(SetProp); + END_OP(SetProp); + } + + CASE(InitProp) + CASE(InitHiddenProp) + CASE(InitLockedProp) { + static_assert(JSOpLength_InitProp == JSOpLength_InitHiddenProp); + static_assert(JSOpLength_InitProp == JSOpLength_InitLockedProp); + IC_POP_ARG(1); + IC_SET_ARG_FROM_STACK(0, 0); + INVOKE_IC(SetProp); + END_OP(InitProp); + } + CASE(InitGLexical) { + IC_SET_ARG_FROM_STACK(1, 0); + IC_SET_OBJ_ARG( + 0, &frameMgr.cxForLocalUseOnly()->global()->lexicalEnvironment()); + INVOKE_IC(SetProp); + END_OP(InitGLexical); + } + + CASE(SetArg) { + unsigned i = GET_ARGNO(pc); + if (script->argsObjAliasesFormals()) { + frame->argsObj().setArg(i, sp[0].asValue()); + } else { + frame->unaliasedFormal(i) = sp[0].asValue(); + } + END_OP(SetArg); + } + + CASE(SetLocal) { + uint32_t i = GET_LOCALNO(pc); + TRACE_PRINTF(" -> local: %d\n", int(i)); + frame->unaliasedLocal(i) = sp[0].asValue(); + END_OP(SetLocal); + } + + CASE(SetAliasedVar) { + EnvironmentCoordinate ec = EnvironmentCoordinate(pc); + EnvironmentObject& obj = getEnvironmentFromCoordinate(frame, ec); + MOZ_ASSERT(!IsUninitializedLexical(obj.aliasedBinding(ec))); + obj.setAliasedBinding(ec, sp[0].asValue()); + END_OP(SetAliasedVar); + } + + CASE(SetIntrinsic) { + { + ReservedRooted<Value> value0(&state.value0, sp[0].asValue()); + { + PUSH_EXIT_FRAME(); + if (!SetIntrinsicOperation(cx, script, pc, value0)) { + goto error; + } + } + } + END_OP(SetIntrinsic); + } + + CASE(PushLexicalEnv) { + { + ReservedRooted<Scope*> scope0(&state.scope0, script->getScope(pc)); + { + PUSH_EXIT_FRAME(); + if (!frame->pushLexicalEnvironment(cx, scope0.as<LexicalScope>())) { + goto error; + } + } + } + END_OP(PushLexicalEnv); + } + CASE(PopLexicalEnv) { + if (frame->isDebuggee()) { + TRACE_PRINTF("doing DebugLeaveThenPopLexicalEnv\n"); + PUSH_EXIT_FRAME(); + if (!DebugLeaveThenPopLexicalEnv(cx, frame, pc)) { + goto error; + } + } else { + frame->popOffEnvironmentChain<LexicalEnvironmentObject>(); + } + END_OP(PopLexicalEnv); + } + CASE(DebugLeaveLexicalEnv) { + if (frame->isDebuggee()) { + TRACE_PRINTF("doing DebugLeaveLexicalEnv\n"); + PUSH_EXIT_FRAME(); + if (!DebugLeaveLexicalEnv(cx, frame, pc)) { + goto error; + } + } + END_OP(DebugLeaveLexicalEnv); + } + + CASE(RecreateLexicalEnv) { + { + PUSH_EXIT_FRAME(); + if (frame->isDebuggee()) { + TRACE_PRINTF("doing DebuggeeRecreateLexicalEnv\n"); + if (!DebuggeeRecreateLexicalEnv(cx, frame, pc)) { + goto error; + } + } else { + if (!frame->recreateLexicalEnvironment<false>(cx)) { + goto error; + } + } + } + END_OP(RecreateLexicalEnv); + } + + CASE(FreshenLexicalEnv) { + { + PUSH_EXIT_FRAME(); + if (frame->isDebuggee()) { + TRACE_PRINTF("doing DebuggeeFreshenLexicalEnv\n"); + if (!DebuggeeFreshenLexicalEnv(cx, frame, pc)) { + goto error; + } + } else { + if (!frame->freshenLexicalEnvironment<false>(cx)) { + goto error; + } + } + } + END_OP(FreshenLexicalEnv); + } + CASE(PushClassBodyEnv) { + { + ReservedRooted<Scope*> scope0(&state.scope0, script->getScope(pc)); + PUSH_EXIT_FRAME(); + if (!frame->pushClassBodyEnvironment(cx, scope0.as<ClassBodyScope>())) { + goto error; + } + } + END_OP(PushClassBodyEnv); + } + CASE(PushVarEnv) { + { + ReservedRooted<Scope*> scope0(&state.scope0, script->getScope(pc)); + PUSH_EXIT_FRAME(); + if (!frame->pushVarEnvironment(cx, scope0)) { + goto error; + } + } + END_OP(PushVarEnv); + } + CASE(EnterWith) { + { + ReservedRooted<Scope*> scope0(&state.scope0, script->getScope(pc)); + ReservedRooted<Value> value0(&state.value0, POP().asValue()); + PUSH_EXIT_FRAME(); + if (!EnterWithOperation(cx, frame, value0, scope0.as<WithScope>())) { + goto error; + } + } + END_OP(EnterWith); + } + CASE(LeaveWith) { + frame->popOffEnvironmentChain<WithEnvironmentObject>(); + END_OP(LeaveWith); + } + CASE(BindVar) { + JSObject* varObj; + { + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + PUSH_EXIT_FRAME(); + varObj = BindVarOperation(cx, obj0); + } + PUSH(StackVal(ObjectValue(*varObj))); + END_OP(BindVar); + } + + CASE(GlobalOrEvalDeclInstantiation) { + GCThingIndex lastFun = GET_GCTHING_INDEX(pc); + { + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + PUSH_EXIT_FRAME(); + if (!GlobalOrEvalDeclInstantiation(cx, obj0, script, lastFun)) { + goto error; + } + } + END_OP(GlobalOrEvalDeclInstantiation); + } + + CASE(DelName) { + { + ReservedRooted<PropertyName*> name0(&state.name0, script->getName(pc)); + ReservedRooted<JSObject*> obj0(&state.obj0, frame->environmentChain()); + PUSH_EXIT_FRAME(); + if (!DeleteNameOperation(cx, name0, obj0, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + state.res.setUndefined(); + END_OP(DelName); + } + + CASE(Arguments) { + { + PUSH_EXIT_FRAME(); + if (!NewArgumentsObject(cx, frame, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + state.res.setUndefined(); + END_OP(Arguments); + } + + CASE(Rest) { + INVOKE_IC(Rest); + IC_PUSH_RESULT(); + END_OP(Rest); + } + + CASE(FunctionThis) { + { + PUSH_EXIT_FRAME(); + if (!js::GetFunctionThis(cx, frame, &state.res)) { + goto error; + } + } + PUSH(StackVal(state.res)); + state.res.setUndefined(); + END_OP(FunctionThis); + } + + CASE(Pop) { + POP(); + END_OP(Pop); + } + CASE(PopN) { + uint32_t n = GET_UINT16(pc); + POPN(n); + END_OP(PopN); + } + CASE(Dup) { + StackVal value = sp[0]; + PUSH(value); + END_OP(Dup); + } + CASE(Dup2) { + StackVal value1 = sp[0]; + StackVal value2 = sp[1]; + PUSH(value2); + PUSH(value1); + END_OP(Dup2); + } + CASE(DupAt) { + unsigned i = GET_UINT24(pc); + StackVal value = sp[i]; + PUSH(value); + END_OP(DupAt); + } + CASE(Swap) { + std::swap(sp[0], sp[1]); + END_OP(Swap); + } + CASE(Pick) { + unsigned i = GET_UINT8(pc); + StackVal tmp = sp[i]; + memmove(&sp[1], &sp[0], sizeof(StackVal) * i); + sp[0] = tmp; + END_OP(Pick); + } + CASE(Unpick) { + unsigned i = GET_UINT8(pc); + StackVal tmp = sp[0]; + memmove(&sp[0], &sp[1], sizeof(StackVal) * i); + sp[i] = tmp; + END_OP(Unpick); + } + CASE(DebugCheckSelfHosted) { + HandleValue val = Stack::handle(&sp[0]); + { + PUSH_EXIT_FRAME(); + if (!Debug_CheckSelfHosted(cx, val)) { + goto error; + } + } + END_OP(DebugCheckSelfHosted); + } + CASE(Lineno) { END_OP(Lineno); } + CASE(NopDestructuring) { END_OP(NopDestructuring); } + CASE(ForceInterpreter) { END_OP(ForceInterpreter); } + CASE(Debugger) { + { + PUSH_EXIT_FRAME(); + if (!OnDebuggerStatement(cx, frame)) { + goto error; + } + } + END_OP(Debugger); + } + + label_default: + MOZ_CRASH("Bad opcode"); + } + +error: + TRACE_PRINTF("HandleException: frame %p\n", frame); + { + ResumeFromException rfe; + { + PUSH_EXIT_FRAME(); + HandleException(&rfe); + } + + switch (rfe.kind) { + case ExceptionResumeKind::EntryFrame: + TRACE_PRINTF(" -> Return from entry frame\n"); + frame->setReturnValue(MagicValue(JS_ION_ERROR)); + stack.fp = reinterpret_cast<StackVal*>(rfe.framePointer); + stack.unwindingSP = reinterpret_cast<StackVal*>(rfe.stackPointer); + goto unwind_error; + case ExceptionResumeKind::Catch: + pc = frame->interpreterPC(); + stack.fp = reinterpret_cast<StackVal*>(rfe.framePointer); + stack.unwindingSP = reinterpret_cast<StackVal*>(rfe.stackPointer); + TRACE_PRINTF(" -> catch to pc %p\n", pc); + goto unwind; + case ExceptionResumeKind::Finally: + pc = frame->interpreterPC(); + stack.fp = reinterpret_cast<StackVal*>(rfe.framePointer); + sp = reinterpret_cast<StackVal*>(rfe.stackPointer); + TRACE_PRINTF(" -> finally to pc %p\n", pc); + PUSH(StackVal(rfe.exception)); + PUSH(StackVal(rfe.exceptionStack)); + PUSH(StackVal(BooleanValue(true))); + stack.unwindingSP = sp; + goto unwind; + case ExceptionResumeKind::ForcedReturnBaseline: + pc = frame->interpreterPC(); + stack.fp = reinterpret_cast<StackVal*>(rfe.framePointer); + stack.unwindingSP = reinterpret_cast<StackVal*>(rfe.stackPointer); + TRACE_PRINTF(" -> forced return\n"); + goto unwind_ret; + case ExceptionResumeKind::ForcedReturnIon: + MOZ_CRASH( + "Unexpected ForcedReturnIon exception-resume kind in Portable " + "Baseline"); + case ExceptionResumeKind::Bailout: + MOZ_CRASH( + "Unexpected Bailout exception-resume kind in Portable Baseline"); + case ExceptionResumeKind::Wasm: + MOZ_CRASH("Unexpected Wasm exception-resume kind in Portable Baseline"); + case ExceptionResumeKind::WasmCatch: + MOZ_CRASH( + "Unexpected WasmCatch exception-resume kind in Portable " + "Baseline"); + } + } + + DISPATCH(); + +unwind: + TRACE_PRINTF("unwind: fp = %p entryFrame = %p\n", stack.fp, entryFrame); + if (reinterpret_cast<uintptr_t>(stack.fp) > + reinterpret_cast<uintptr_t>(entryFrame) + BaselineFrame::Size()) { + TRACE_PRINTF(" -> returning\n"); + return PBIResult::Unwind; + } + sp = stack.unwindingSP; + frame = reinterpret_cast<BaselineFrame*>( + reinterpret_cast<uintptr_t>(stack.fp) - BaselineFrame::Size()); + TRACE_PRINTF(" -> setting sp to %p, frame to %p\n", sp, frame); + frameMgr.switchToFrame(frame); + pc = frame->interpreterPC(); + script.set(frame->script()); + DISPATCH(); +unwind_error: + TRACE_PRINTF("unwind_error: fp = %p entryFrame = %p\n", stack.fp, entryFrame); + if (reinterpret_cast<uintptr_t>(stack.fp) > + reinterpret_cast<uintptr_t>(entryFrame) + BaselineFrame::Size()) { + return PBIResult::UnwindError; + } + if (reinterpret_cast<uintptr_t>(stack.fp) == + reinterpret_cast<uintptr_t>(entryFrame) + BaselineFrame::Size()) { + return PBIResult::Error; + } + sp = stack.unwindingSP; + frame = reinterpret_cast<BaselineFrame*>( + reinterpret_cast<uintptr_t>(stack.fp) - BaselineFrame::Size()); + TRACE_PRINTF(" -> setting sp to %p, frame to %p\n", sp, frame); + frameMgr.switchToFrame(frame); + pc = frame->interpreterPC(); + script.set(frame->script()); + goto error; +unwind_ret: + TRACE_PRINTF("unwind_ret: fp = %p entryFrame = %p\n", stack.fp, entryFrame); + if (reinterpret_cast<uintptr_t>(stack.fp) > + reinterpret_cast<uintptr_t>(entryFrame) + BaselineFrame::Size()) { + return PBIResult::UnwindRet; + } + if (reinterpret_cast<uintptr_t>(stack.fp) == + reinterpret_cast<uintptr_t>(entryFrame) + BaselineFrame::Size()) { + *ret = frame->returnValue(); + return PBIResult::Ok; + } + sp = stack.unwindingSP; + frame = reinterpret_cast<BaselineFrame*>( + reinterpret_cast<uintptr_t>(stack.fp) - BaselineFrame::Size()); + TRACE_PRINTF(" -> setting sp to %p, frame to %p\n", sp, frame); + frameMgr.switchToFrame(frame); + pc = frame->interpreterPC(); + script.set(frame->script()); + from_unwind = true; + goto do_return; + +#ifndef __wasi__ +debug: { + TRACE_PRINTF("hit debug point\n"); + PUSH_EXIT_FRAME(); + if (!HandleDebugTrap(cx, frame, pc)) { + TRACE_PRINTF("HandleDebugTrap returned error\n"); + goto error; + } + pc = frame->interpreterPC(); + TRACE_PRINTF("HandleDebugTrap done\n"); +} + goto dispatch; +#endif +} + +/* + * ----------------------------------------------- + * Entry point + * ----------------------------------------------- + */ + +bool PortableBaselineTrampoline(JSContext* cx, size_t argc, Value* argv, + size_t numFormals, size_t numActuals, + CalleeToken calleeToken, JSObject* envChain, + Value* result) { + State state(cx); + Stack stack(cx->portableBaselineStack()); + StackVal* sp = stack.top; + + TRACE_PRINTF("Trampoline: calleeToken %p env %p\n", calleeToken, envChain); + + // Expected stack frame: + // - argN + // - ... + // - arg1 + // - this + // - calleeToken + // - descriptor + // - "return address" (nullptr for top frame) + + // `argc` is the number of args *including* `this` (`N + 1` + // above). `numFormals` is the minimum `N`; if less, we need to push + // `UndefinedValue`s above. We need to pass an argc (including + // `this`) accoundint for the extra undefs in the descriptor's argc. + // + // If constructing, there is an additional `newTarget` at the end. + // + // Note that `callee`, which is in the stack signature for a `Call` + // JSOp, does *not* appear in this count: it is separately passed in + // the `calleeToken`. + + bool constructing = CalleeTokenIsConstructing(calleeToken); + size_t numCalleeActuals = std::max(numActuals, numFormals); + size_t numUndefs = numCalleeActuals - numActuals; + + // N.B.: we already checked the stack in + // PortableBaselineInterpreterStackCheck; we don't do it here + // because we can't push an exit frame if we don't have an entry + // frame, and we need a full activation to produce the backtrace + // from ReportOverRecursed. + + if (constructing) { + PUSH(StackVal(argv[argc])); + } + for (size_t i = 0; i < numUndefs; i++) { + PUSH(StackVal(UndefinedValue())); + } + for (size_t i = 0; i < argc; i++) { + PUSH(StackVal(argv[argc - 1 - i])); + } + PUSHNATIVE(StackValNative(calleeToken)); + PUSHNATIVE(StackValNative( + MakeFrameDescriptorForJitCall(FrameType::CppToJSJit, numActuals))); + + switch (PortableBaselineInterpret(cx, state, stack, sp, envChain, result)) { + case PBIResult::Ok: + case PBIResult::UnwindRet: + TRACE_PRINTF("PBI returned Ok/UnwindRet with result %" PRIx64 "\n", + result->asRawBits()); + break; + case PBIResult::Error: + case PBIResult::UnwindError: + TRACE_PRINTF("PBI returned Error/UnwindError\n"); + return false; + case PBIResult::Unwind: + MOZ_CRASH("Should not unwind out of top / entry frame"); + } + + return true; +} + +MethodStatus CanEnterPortableBaselineInterpreter(JSContext* cx, + RunState& state) { + if (!JitOptions.portableBaselineInterpreter) { + return MethodStatus::Method_CantCompile; + } + if (state.script()->hasJitScript()) { + return MethodStatus::Method_Compiled; + } + if (state.script()->hasForceInterpreterOp()) { + return MethodStatus::Method_CantCompile; + } + if (cx->runtime()->geckoProfiler().enabled()) { + return MethodStatus::Method_CantCompile; + } + + if (state.isInvoke()) { + InvokeState& invoke = *state.asInvoke(); + if (TooManyActualArguments(invoke.args().length())) { + return MethodStatus::Method_CantCompile; + } + } else { + if (state.asExecute()->isDebuggerEval()) { + return MethodStatus::Method_CantCompile; + } + } + if (state.script()->getWarmUpCount() <= + JitOptions.portableBaselineInterpreterWarmUpThreshold) { + return MethodStatus::Method_Skipped; + } + if (!cx->zone()->ensureJitZoneExists(cx)) { + return MethodStatus::Method_Error; + } + + AutoKeepJitScripts keepJitScript(cx); + if (!state.script()->ensureHasJitScript(cx, keepJitScript)) { + return MethodStatus::Method_Error; + } + state.script()->updateJitCodeRaw(cx->runtime()); + return MethodStatus::Method_Compiled; +} + +bool PortablebaselineInterpreterStackCheck(JSContext* cx, RunState& state, + size_t numActualArgs) { + auto& pbs = cx->portableBaselineStack(); + StackVal* base = reinterpret_cast<StackVal*>(pbs.base); + StackVal* top = reinterpret_cast<StackVal*>(pbs.top); + ssize_t margin = kStackMargin / sizeof(StackVal); + ssize_t needed = numActualArgs + state.script()->nslots() + margin; + return (top - base) >= needed; +} + +} // namespace pbl +} // namespace js |