1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef jit_BaselineIC_h
#define jit_BaselineIC_h
#include "mozilla/Assertions.h"
#include "mozilla/Attributes.h"
#include <stddef.h>
#include <stdint.h>
#include "jit/ICState.h"
#include "jit/JitCode.h"
#include "jit/shared/Assembler-shared.h"
#include "jit/TypeData.h"
#include "js/TypeDecls.h"
class JS_PUBLIC_API JSTracer;
enum class JSOp : uint8_t;
namespace js {
MOZ_COLD void ReportOutOfMemory(JSContext* cx);
namespace jit {
class BaselineFrame;
class CacheIRStubInfo;
class ICScript;
enum class TailCallVMFunctionId;
enum class VMFunctionId;
// [SMDOC] JIT Inline Caches (ICs)
//
// Baseline Inline Caches are polymorphic caches that aggressively
// share their stub code.
//
// Every polymorphic site contains a linked list of stubs which are
// specific to that site. These stubs are composed of a |StubData|
// structure that stores parametrization information (e.g.
// the shape pointer for a shape-check-and-property-get stub), any
// dynamic information (e.g. warm-up counters), a pointer to the stub code,
// and a pointer to the next stub state in the linked list.
//
// Every BaselineScript keeps an table of |CacheDescriptor| data
// structures, which store the following:
// A pointer to the first StubData in the cache.
// The bytecode PC of the relevant IC.
// The machine-code PC where the call to the stubcode returns.
//
// A diagram:
//
// Control flow Pointers
// =======# ----. .---->
// # | |
// #======> \-----/
//
//
// .---------------------------------------.
// | .-------------------------. |
// | | .----. | |
// Baseline | | | | | |
// JIT Code 0 ^ 1 ^ 2 ^ | | |
// +--------------+ .-->+-----+ +-----+ +-----+ | | |
// | | #=|==>| |==>| |==>| FB | | | |
// | | # | +-----+ +-----+ +-----+ | | |
// | | # | # # # | | |
// |==============|==# | # # # | | |
// |=== IC =======| | # # # | | |
// .->|==============|<===|======#=========#=========# | | |
// | | | | | | |
// | | | | | | |
// | | | | | | |
// | | | | v | |
// | | | | +---------+ | |
// | | | | | Fallback| | |
// | | | | | Stub | | |
// | | | | | Code | | |
// | | | | +---------+ | |
// | +--------------+ | | |
// | |_______ | +---------+ | |
// | | | | Stub |<---/ |
// | IC | \--. | Code | |
// | Descriptor | | +---------+ |
// | Table v | |
// | +-----------------+ | +---------+ |
// \--| Ins | PC | Stub |----/ | Stub |<-------/
// +-----------------+ | Code |
// | ... | +---------+
// +-----------------+
// Shared
// Stub Code
//
class ICStub;
class ICCacheIRStub;
class ICFallbackStub;
#ifdef JS_JITSPEW
void FallbackICSpew(JSContext* cx, ICFallbackStub* stub, const char* fmt, ...)
MOZ_FORMAT_PRINTF(3, 4);
#else
# define FallbackICSpew(...)
#endif
// An entry in the ICScript IC table. There's one ICEntry per IC.
class ICEntry {
// A pointer to the first IC stub for this instruction.
ICStub* firstStub_;
public:
explicit ICEntry(ICStub* firstStub) : firstStub_(firstStub) {}
ICStub* firstStub() const {
MOZ_ASSERT(firstStub_);
return firstStub_;
}
void setFirstStub(ICStub* stub) { firstStub_ = stub; }
static constexpr size_t offsetOfFirstStub() {
return offsetof(ICEntry, firstStub_);
}
void trace(JSTracer* trc);
};
//
// Base class for all IC stubs.
//
class ICStub {
friend class ICFallbackStub;
protected:
// The raw jitcode to call for this stub.
uint8_t* stubCode_;
// Counts the number of times the stub was entered
//
// See Bug 1494473 comment 6 for a mechanism to handle overflow if overflow
// becomes a concern.
uint32_t enteredCount_ = 0;
// Tracks input types for some CacheIR stubs, to help optimize
// polymorphic cases. Stored in the base class to make use of
// padding bytes.
TypeData typeData_;
// Whether this is an ICFallbackStub or an ICCacheIRStub.
bool isFallback_;
ICStub(uint8_t* stubCode, bool isFallback)
: stubCode_(stubCode), isFallback_(isFallback) {
MOZ_ASSERT(stubCode != nullptr);
}
public:
inline bool isFallback() const { return isFallback_; }
inline ICStub* maybeNext() const;
inline const ICFallbackStub* toFallbackStub() const {
MOZ_ASSERT(isFallback());
return reinterpret_cast<const ICFallbackStub*>(this);
}
inline ICFallbackStub* toFallbackStub() {
MOZ_ASSERT(isFallback());
return reinterpret_cast<ICFallbackStub*>(this);
}
ICCacheIRStub* toCacheIRStub() {
MOZ_ASSERT(!isFallback());
return reinterpret_cast<ICCacheIRStub*>(this);
}
const ICCacheIRStub* toCacheIRStub() const {
MOZ_ASSERT(!isFallback());
return reinterpret_cast<const ICCacheIRStub*>(this);
}
bool usesTrampolineCode() const {
// All fallback code is stored in a single JitCode instance, so we can't
// call JitCode::FromExecutable on the raw pointer.
return isFallback();
}
JitCode* jitCode() {
MOZ_ASSERT(!usesTrampolineCode());
return JitCode::FromExecutable(stubCode_);
}
uint32_t enteredCount() const { return enteredCount_; }
inline void incrementEnteredCount() { enteredCount_++; }
void resetEnteredCount() { enteredCount_ = 0; }
static constexpr size_t offsetOfStubCode() {
return offsetof(ICStub, stubCode_);
}
static constexpr size_t offsetOfEnteredCount() {
return offsetof(ICStub, enteredCount_);
}
};
class ICFallbackStub final : public ICStub {
friend class ICStubConstIterator;
protected:
// The PC offset of this IC's bytecode op within the JSScript.
uint32_t pcOffset_;
// The state of this IC.
ICState state_{};
public:
explicit ICFallbackStub(uint32_t pcOffset, TrampolinePtr stubCode)
: ICStub(stubCode.value, /* isFallback = */ true), pcOffset_(pcOffset) {}
inline size_t numOptimizedStubs() const { return state_.numOptimizedStubs(); }
bool newStubIsFirstStub() const { return state_.newStubIsFirstStub(); }
ICState& state() { return state_; }
uint32_t pcOffset() const { return pcOffset_; }
// Add a new stub to the IC chain terminated by this fallback stub.
inline void addNewStub(ICEntry* icEntry, ICCacheIRStub* stub);
void discardStubs(JSContext* cx, ICEntry* icEntry);
void clearUsedByTranspiler() { state_.clearUsedByTranspiler(); }
void setUsedByTranspiler() { state_.setUsedByTranspiler(); }
bool usedByTranspiler() const { return state_.usedByTranspiler(); }
void clearHasFoldedStub() { state_.clearHasFoldedStub(); }
void setHasFoldedStub() { state_.setHasFoldedStub(); }
bool hasFoldedStub() const { return state_.hasFoldedStub(); }
TrialInliningState trialInliningState() const {
return state_.trialInliningState();
}
void setTrialInliningState(TrialInliningState state) {
state_.setTrialInliningState(state);
}
void trackNotAttached();
void unlinkStub(Zone* zone, ICEntry* icEntry, ICCacheIRStub* prev,
ICCacheIRStub* stub);
};
class ICCacheIRStub final : public ICStub {
// Pointer to next IC stub.
ICStub* next_ = nullptr;
const CacheIRStubInfo* stubInfo_;
#ifndef JS_64BIT
// Ensure stub data is 8-byte aligned on 32-bit.
uintptr_t padding_ = 0;
#endif
public:
ICCacheIRStub(JitCode* stubCode, const CacheIRStubInfo* stubInfo)
: ICStub(stubCode->raw(), /* isFallback = */ false),
stubInfo_(stubInfo) {}
ICStub* next() const { return next_; }
void setNext(ICStub* stub) { next_ = stub; }
ICCacheIRStub* nextCacheIR() const {
return next_->isFallback() ? nullptr : next_->toCacheIRStub();
}
const CacheIRStubInfo* stubInfo() const { return stubInfo_; }
uint8_t* stubDataStart();
void trace(JSTracer* trc);
// Optimized stubs get purged on GC. But some stubs can be active on the
// stack during GC - specifically the ones that can make calls. To ensure
// that these do not get purged, all stubs that can make calls are allocated
// in the fallback stub space.
bool makesGCCalls() const;
bool allocatedInFallbackSpace() const { return makesGCCalls(); }
static constexpr size_t offsetOfNext() {
return offsetof(ICCacheIRStub, next_);
}
void setTypeData(TypeData data) { typeData_ = data; }
TypeData typeData() const { return typeData_; }
};
// Assert stub size is what we expect to catch regressions.
#ifdef JS_64BIT
static_assert(sizeof(ICFallbackStub) == 3 * sizeof(uintptr_t));
static_assert(sizeof(ICCacheIRStub) == 4 * sizeof(uintptr_t));
#else
static_assert(sizeof(ICFallbackStub) == 5 * sizeof(uintptr_t));
static_assert(sizeof(ICCacheIRStub) == 6 * sizeof(uintptr_t));
#endif
inline ICStub* ICStub::maybeNext() const {
return isFallback() ? nullptr : toCacheIRStub()->next();
}
inline void ICFallbackStub::addNewStub(ICEntry* icEntry, ICCacheIRStub* stub) {
MOZ_ASSERT(stub->next() == nullptr);
stub->setNext(icEntry->firstStub());
icEntry->setFirstStub(stub);
state_.trackAttached();
}
AllocatableGeneralRegisterSet BaselineICAvailableGeneralRegs(size_t numInputs);
bool ICSupportsPolymorphicTypeData(JSOp op);
struct IonOsrTempData;
extern bool DoCallFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, uint32_t argc, Value* vp,
MutableHandleValue res);
extern bool DoSpreadCallFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, Value* vp,
MutableHandleValue res);
extern bool DoToBoolFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue arg,
MutableHandleValue ret);
extern bool DoGetElemSuperFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue lhs,
HandleValue rhs, HandleValue receiver,
MutableHandleValue res);
extern bool DoGetElemFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue lhs,
HandleValue rhs, MutableHandleValue res);
extern bool DoSetElemFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, Value* stack,
HandleValue objv, HandleValue index,
HandleValue rhs);
extern bool DoInFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue key,
HandleValue objValue, MutableHandleValue res);
extern bool DoHasOwnFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue keyValue,
HandleValue objValue, MutableHandleValue res);
extern bool DoCheckPrivateFieldFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub,
HandleValue objValue,
HandleValue keyValue,
MutableHandleValue res);
extern bool DoGetNameFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleObject envChain,
MutableHandleValue res);
extern bool DoBindNameFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleObject envChain,
MutableHandleValue res);
extern bool DoGetIntrinsicFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub,
MutableHandleValue res);
extern bool DoGetPropFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, MutableHandleValue val,
MutableHandleValue res);
extern bool DoGetPropSuperFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue receiver,
MutableHandleValue val,
MutableHandleValue res);
extern bool DoSetPropFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, Value* stack,
HandleValue lhs, HandleValue rhs);
extern bool DoGetIteratorFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue value,
MutableHandleValue res);
extern bool DoOptimizeSpreadCallFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub,
HandleValue value,
MutableHandleValue res);
extern bool DoInstanceOfFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue lhs,
HandleValue rhs, MutableHandleValue res);
extern bool DoTypeOfFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue val,
MutableHandleValue res);
extern bool DoToPropertyKeyFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue val,
MutableHandleValue res);
extern bool DoRestFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, MutableHandleValue res);
extern bool DoUnaryArithFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue val,
MutableHandleValue res);
extern bool DoBinaryArithFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue lhs,
HandleValue rhs, MutableHandleValue ret);
extern bool DoNewArrayFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, MutableHandleValue res);
extern bool DoNewObjectFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, MutableHandleValue res);
extern bool DoCompareFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleValue lhs,
HandleValue rhs, MutableHandleValue ret);
extern bool DoCloseIterFallback(JSContext* cx, BaselineFrame* frame,
ICFallbackStub* stub, HandleObject iter);
} // namespace jit
} // namespace js
#endif /* jit_BaselineIC_h */
|