1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef jit_CompileInfo_h
#define jit_CompileInfo_h
#include "mozilla/Assertions.h" // MOZ_ASSERT
#include "mozilla/Maybe.h" // mozilla::Maybe, mozilla::Some
#include <algorithm> // std::max
#include <stdint.h> // uint32_t
#include "jit/CompileWrappers.h" // CompileRuntime
#include "jit/JitFrames.h" // MinJITStackSize
#include "jit/shared/Assembler-shared.h"
#include "js/TypeDecls.h" // jsbytecode
#include "vm/BindingKind.h" // BindingLocation
#include "vm/JSAtomState.h" // JSAtomState
#include "vm/JSFunction.h" // JSFunction
#include "vm/JSScript.h" // JSScript
#include "vm/Opcodes.h" // JSOp
#include "vm/Scope.h" // BindingIter
namespace js {
class ModuleObject;
namespace jit {
class InlineScriptTree;
inline unsigned StartArgSlot(JSScript* script) {
// Reserved slots:
// Slot 0: Environment chain.
// Slot 1: Return value.
// When needed:
// Slot 2: Argumentsobject.
// Note: when updating this, please also update the assert in
// SnapshotWriter::startFrame
return 2 + (script->needsArgsObj() ? 1 : 0);
}
inline unsigned CountArgSlots(JSScript* script, JSFunction* fun) {
// Slot x + 0: This value.
// Slot x + 1: Argument 1.
// ...
// Slot x + n: Argument n.
// Note: when updating this, please also update the assert in
// SnapshotWriter::startFrame
return StartArgSlot(script) + (fun ? fun->nargs() + 1 : 0);
}
inline unsigned CountArgSlots(JSScript* script, bool hasFun,
uint32_t funArgCount) {
// Same as the previous function, for use when the JSFunction is not
// available.
return StartArgSlot(script) + (hasFun ? funArgCount + 1 : 0);
}
// Contains information about the compilation source for IR being generated.
class CompileInfo {
public:
CompileInfo(CompileRuntime* runtime, JSScript* script, JSFunction* fun,
jsbytecode* osrPc, bool scriptNeedsArgsObj,
InlineScriptTree* inlineScriptTree)
: script_(script),
fun_(fun),
osrPc_(osrPc),
scriptNeedsArgsObj_(scriptNeedsArgsObj),
hadEagerTruncationBailout_(script->hadEagerTruncationBailout()),
hadSpeculativePhiBailout_(script->hadSpeculativePhiBailout()),
hadLICMInvalidation_(script->hadLICMInvalidation()),
hadReorderingBailout_(script->hadReorderingBailout()),
hadBoundsCheckBailout_(script->failedBoundsCheck()),
hadUnboxFoldingBailout_(script->hadUnboxFoldingBailout()),
mayReadFrameArgsDirectly_(script->mayReadFrameArgsDirectly()),
anyFormalIsForwarded_(script->anyFormalIsForwarded()),
isDerivedClassConstructor_(script->isDerivedClassConstructor()),
inlineScriptTree_(inlineScriptTree) {
MOZ_ASSERT_IF(osrPc, JSOp(*osrPc) == JSOp::LoopHead);
// The function here can flow in from anywhere so look up the canonical
// function to ensure that we do not try to embed a nursery pointer in
// jit-code. Precisely because it can flow in from anywhere, it's not
// guaranteed to be non-lazy. Hence, don't access its script!
if (fun_) {
fun_ = fun_->baseScript()->function();
MOZ_ASSERT(fun_->isTenured());
}
nimplicit_ = StartArgSlot(script) /* env chain and argument obj */
+ (fun ? 1 : 0); /* this */
nargs_ = fun ? fun->nargs() : 0;
nlocals_ = script->nfixed();
// An extra slot is needed for global scopes because InitGLexical (stack
// depth 1) is compiled as a SetProp (stack depth 2) on the global lexical
// scope.
uint32_t extra = script->isGlobalCode() ? 1 : 0;
nstack_ = std::max<unsigned>(script->nslots() - script->nfixed(),
MinJITStackSize) +
extra;
nslots_ = nimplicit_ + nargs_ + nlocals_ + nstack_;
// For derived class constructors, find and cache the frame slot for
// the .this binding. This slot is assumed to be always
// observable. See isObservableFrameSlot.
if (script->isDerivedClassConstructor()) {
MOZ_ASSERT(script->functionHasThisBinding());
for (BindingIter bi(script); bi; bi++) {
if (bi.name() != runtime->names().dotThis) {
continue;
}
BindingLocation loc = bi.location();
if (loc.kind() == BindingLocation::Kind::Frame) {
thisSlotForDerivedClassConstructor_ =
mozilla::Some(localSlot(loc.slot()));
break;
}
}
}
// If the script uses an environment in body, the environment chain
// will need to be observable.
needsBodyEnvironmentObject_ = script->needsBodyEnvironment();
funNeedsSomeEnvironmentObject_ =
fun ? fun->needsSomeEnvironmentObject() : false;
}
explicit CompileInfo(unsigned nlocals)
: script_(nullptr),
fun_(nullptr),
osrPc_(nullptr),
scriptNeedsArgsObj_(false),
hadEagerTruncationBailout_(false),
hadSpeculativePhiBailout_(false),
hadLICMInvalidation_(false),
hadReorderingBailout_(false),
hadBoundsCheckBailout_(false),
hadUnboxFoldingBailout_(false),
mayReadFrameArgsDirectly_(false),
anyFormalIsForwarded_(false),
inlineScriptTree_(nullptr),
needsBodyEnvironmentObject_(false),
funNeedsSomeEnvironmentObject_(false) {
nimplicit_ = 0;
nargs_ = 0;
nlocals_ = nlocals;
nstack_ = 1; /* For FunctionCompiler::pushPhiInput/popPhiOutput */
nslots_ = nlocals_ + nstack_;
}
JSScript* script() const { return script_; }
bool compilingWasm() const { return script() == nullptr; }
ModuleObject* module() const { return script_->module(); }
jsbytecode* osrPc() const { return osrPc_; }
InlineScriptTree* inlineScriptTree() const { return inlineScriptTree_; }
// It's not safe to access the JSFunction off main thread.
bool hasFunMaybeLazy() const { return fun_; }
ImmGCPtr funMaybeLazy() const { return ImmGCPtr(fun_); }
const char* filename() const { return script_->filename(); }
unsigned lineno() const { return script_->lineno(); }
// Total number of slots: args, locals, and stack.
unsigned nslots() const { return nslots_; }
// Number of slots needed for env chain, return value,
// maybe argumentsobject and this value.
unsigned nimplicit() const { return nimplicit_; }
// Number of arguments (without counting this value).
unsigned nargs() const { return nargs_; }
// Number of slots needed for all local variables. This includes "fixed
// vars" (see above) and also block-scoped locals.
unsigned nlocals() const { return nlocals_; }
unsigned ninvoke() const { return nslots_ - nstack_; }
uint32_t environmentChainSlot() const {
MOZ_ASSERT(script());
return 0;
}
uint32_t returnValueSlot() const {
MOZ_ASSERT(script());
return 1;
}
uint32_t argsObjSlot() const {
MOZ_ASSERT(needsArgsObj());
return 2;
}
uint32_t thisSlot() const {
MOZ_ASSERT(hasFunMaybeLazy());
MOZ_ASSERT(nimplicit_ > 0);
return nimplicit_ - 1;
}
uint32_t firstArgSlot() const { return nimplicit_; }
uint32_t argSlotUnchecked(uint32_t i) const {
// During initialization, some routines need to get at arg
// slots regardless of how regular argument access is done.
MOZ_ASSERT(i < nargs_);
return nimplicit_ + i;
}
uint32_t argSlot(uint32_t i) const {
// This should only be accessed when compiling functions for
// which argument accesses don't need to go through the
// argument object.
MOZ_ASSERT(!argsObjAliasesFormals());
return argSlotUnchecked(i);
}
uint32_t firstLocalSlot() const { return nimplicit_ + nargs_; }
uint32_t localSlot(uint32_t i) const { return firstLocalSlot() + i; }
uint32_t firstStackSlot() const { return firstLocalSlot() + nlocals(); }
uint32_t stackSlot(uint32_t i) const { return firstStackSlot() + i; }
uint32_t totalSlots() const {
MOZ_ASSERT(script() && hasFunMaybeLazy());
return nimplicit() + nargs() + nlocals();
}
bool hasMappedArgsObj() const { return script()->hasMappedArgsObj(); }
bool needsArgsObj() const { return scriptNeedsArgsObj_; }
bool argsObjAliasesFormals() const {
return scriptNeedsArgsObj_ && script()->hasMappedArgsObj();
}
bool needsBodyEnvironmentObject() const {
return needsBodyEnvironmentObject_;
}
enum class SlotObservableKind {
// This slot must be preserved because it's observable outside SSA uses.
// It can't be recovered before or during bailout.
ObservableNotRecoverable,
// This slot must be preserved because it's observable, but it can be
// recovered.
ObservableRecoverable,
// This slot is not observable outside SSA uses.
NotObservable,
};
inline SlotObservableKind getSlotObservableKind(uint32_t slot) const {
// Locals and expression stack slots.
if (slot >= firstLocalSlot()) {
// The |this| slot for a derived class constructor is a local slot.
// It should never be optimized out, as a Debugger might need to perform
// TDZ checks on it via, e.g., an exceptionUnwind handler. The TDZ check
// is required for correctness if the handler decides to continue
// execution.
if (thisSlotForDerivedClassConstructor_ &&
*thisSlotForDerivedClassConstructor_ == slot) {
return SlotObservableKind::ObservableNotRecoverable;
}
return SlotObservableKind::NotObservable;
}
// Formal argument slots.
if (slot >= firstArgSlot()) {
MOZ_ASSERT(hasFunMaybeLazy());
MOZ_ASSERT(slot - firstArgSlot() < nargs());
// Preserve formal arguments if they might be read when creating a rest or
// arguments object. In non-strict scripts, Function.arguments can create
// an arguments object dynamically so we always preserve the arguments.
if (mayReadFrameArgsDirectly_ || !script()->strict()) {
return SlotObservableKind::ObservableRecoverable;
}
return SlotObservableKind::NotObservable;
}
// |this| slot is observable but it can be recovered.
if (hasFunMaybeLazy() && slot == thisSlot()) {
return SlotObservableKind::ObservableRecoverable;
}
// Environment chain slot.
if (slot == environmentChainSlot()) {
// If environments can be added in the body (after the prologue) we need
// to preserve the environment chain slot. It can't be recovered.
if (needsBodyEnvironmentObject()) {
return SlotObservableKind::ObservableNotRecoverable;
}
// If the function may need an arguments object, also preserve the
// environment chain because it may be needed to reconstruct the arguments
// object during bailout.
if (funNeedsSomeEnvironmentObject_ || needsArgsObj()) {
return SlotObservableKind::ObservableRecoverable;
}
return SlotObservableKind::NotObservable;
}
// The arguments object is observable. If it does not escape, it can
// be recovered.
if (needsArgsObj() && slot == argsObjSlot()) {
MOZ_ASSERT(hasFunMaybeLazy());
return SlotObservableKind::ObservableRecoverable;
}
MOZ_ASSERT(slot == returnValueSlot());
return SlotObservableKind::NotObservable;
}
// Returns true if a slot can be observed out-side the current frame while
// the frame is active on the stack. This implies that these definitions
// would have to be executed and that they cannot be removed even if they
// are unused.
inline bool isObservableSlot(uint32_t slot) const {
SlotObservableKind kind = getSlotObservableKind(slot);
return (kind == SlotObservableKind::ObservableNotRecoverable ||
kind == SlotObservableKind::ObservableRecoverable);
}
// Returns true if a slot can be recovered before or during a bailout. A
// definition which can be observed and recovered, implies that this
// definition can be optimized away as long as we can compute its values.
bool isRecoverableOperand(uint32_t slot) const {
SlotObservableKind kind = getSlotObservableKind(slot);
return (kind == SlotObservableKind::ObservableRecoverable ||
kind == SlotObservableKind::NotObservable);
}
// Check previous bailout states to prevent doing the same bailout in the
// next compilation.
bool hadEagerTruncationBailout() const { return hadEagerTruncationBailout_; }
bool hadSpeculativePhiBailout() const { return hadSpeculativePhiBailout_; }
bool hadLICMInvalidation() const { return hadLICMInvalidation_; }
bool hadReorderingBailout() const { return hadReorderingBailout_; }
bool hadBoundsCheckBailout() const { return hadBoundsCheckBailout_; }
bool hadUnboxFoldingBailout() const { return hadUnboxFoldingBailout_; }
bool mayReadFrameArgsDirectly() const { return mayReadFrameArgsDirectly_; }
bool anyFormalIsForwarded() const { return anyFormalIsForwarded_; }
bool isDerivedClassConstructor() const { return isDerivedClassConstructor_; }
private:
unsigned nimplicit_;
unsigned nargs_;
unsigned nlocals_;
unsigned nstack_;
unsigned nslots_;
mozilla::Maybe<unsigned> thisSlotForDerivedClassConstructor_;
JSScript* script_;
JSFunction* fun_;
jsbytecode* osrPc_;
bool scriptNeedsArgsObj_;
// Record the state of previous bailouts in order to prevent compiling the
// same function identically the next time.
bool hadEagerTruncationBailout_;
bool hadSpeculativePhiBailout_;
bool hadLICMInvalidation_;
bool hadReorderingBailout_;
bool hadBoundsCheckBailout_;
bool hadUnboxFoldingBailout_;
bool mayReadFrameArgsDirectly_;
bool anyFormalIsForwarded_;
bool isDerivedClassConstructor_;
InlineScriptTree* inlineScriptTree_;
// Whether a script needs environments within its body. This informs us
// that the environment chain is not easy to reconstruct.
bool needsBodyEnvironmentObject_;
bool funNeedsSomeEnvironmentObject_;
};
} // namespace jit
} // namespace js
#endif /* jit_CompileInfo_h */
|