From 086c044dc34dfc0f74fbe41f4ecb402b2cd34884 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:13:33 +0200 Subject: Merging upstream version 125.0.1. Signed-off-by: Daniel Baumann --- js/src/jit/MacroAssembler-inl.h | 63 ++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 20 deletions(-) (limited to 'js/src/jit/MacroAssembler-inl.h') diff --git a/js/src/jit/MacroAssembler-inl.h b/js/src/jit/MacroAssembler-inl.h index beba576a22..e1df31eff9 100644 --- a/js/src/jit/MacroAssembler-inl.h +++ b/js/src/jit/MacroAssembler-inl.h @@ -606,9 +606,7 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, MOZ_ASSERT(obj != scratch); MOZ_ASSERT(scratch != spectreRegToZero); - loadPtr(Address(obj, JSObject::offsetOfShape()), scratch); - loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch); - loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); + loadObjClassUnsafe(obj, scratch); branchPtr(cond, clasp, scratch, label); if (JitOptions.spectreObjectMitigations) { @@ -620,9 +618,7 @@ void MacroAssembler::branchTestObjClassNoSpectreMitigations( Condition cond, Register obj, const Address& clasp, Register scratch, Label* label) { MOZ_ASSERT(obj != scratch); - loadPtr(Address(obj, JSObject::offsetOfShape()), scratch); - loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch); - loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); + loadObjClassUnsafe(obj, scratch); branchPtr(cond, clasp, scratch, label); } @@ -633,9 +629,7 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, MOZ_ASSERT(obj != scratch); MOZ_ASSERT(scratch != spectreRegToZero); - loadPtr(Address(obj, JSObject::offsetOfShape()), scratch); - loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch); - loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); + loadObjClassUnsafe(obj, scratch); branchPtr(cond, clasp, scratch, label); if (JitOptions.spectreObjectMitigations) { @@ -643,20 +637,51 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, } } -void MacroAssembler::branchTestClassIsFunction(Condition cond, Register clasp, - Label* label) { +void MacroAssembler::branchTestClass( + Condition cond, Register clasp, + std::pair classes, Label* label) { MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual); if (cond == Assembler::Equal) { - branchPtr(Assembler::Equal, clasp, ImmPtr(&FunctionClass), label); - branchPtr(Assembler::Equal, clasp, ImmPtr(&ExtendedFunctionClass), label); + branchPtr(Assembler::Equal, clasp, ImmPtr(classes.first), label); + branchPtr(Assembler::Equal, clasp, ImmPtr(classes.second), label); return; } - Label isFunction; - branchPtr(Assembler::Equal, clasp, ImmPtr(&FunctionClass), &isFunction); - branchPtr(Assembler::NotEqual, clasp, ImmPtr(&ExtendedFunctionClass), label); - bind(&isFunction); + Label isClass; + branchPtr(Assembler::Equal, clasp, ImmPtr(classes.first), &isClass); + branchPtr(Assembler::NotEqual, clasp, ImmPtr(classes.second), label); + bind(&isClass); +} + +void MacroAssembler::branchTestObjClass( + Condition cond, Register obj, + std::pair classes, Register scratch, + Register spectreRegToZero, Label* label) { + MOZ_ASSERT(scratch != spectreRegToZero); + + branchTestObjClassNoSpectreMitigations(cond, obj, classes, scratch, label); + + if (JitOptions.spectreObjectMitigations) { + spectreZeroRegister(cond, scratch, spectreRegToZero); + } +} + +void MacroAssembler::branchTestObjClassNoSpectreMitigations( + Condition cond, Register obj, + std::pair classes, Register scratch, + Label* label) { + MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual); + MOZ_ASSERT(obj != scratch); + + loadObjClassUnsafe(obj, scratch); + branchTestClass(cond, scratch, classes, label); +} + +void MacroAssembler::branchTestClassIsFunction(Condition cond, Register clasp, + Label* label) { + return branchTestClass(cond, clasp, {&FunctionClass, &ExtendedFunctionClass}, + label); } void MacroAssembler::branchTestObjIsFunction(Condition cond, Register obj, @@ -677,9 +702,7 @@ void MacroAssembler::branchTestObjIsFunctionNoSpectreMitigations( MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual); MOZ_ASSERT(obj != scratch); - loadPtr(Address(obj, JSObject::offsetOfShape()), scratch); - loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch); - loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); + loadObjClassUnsafe(obj, scratch); branchTestClassIsFunction(cond, scratch, label); } -- cgit v1.2.3