diff options
Diffstat (limited to '')
-rw-r--r-- | js/src/jit/CacheIRCompiler.h | 1314 |
1 files changed, 1314 insertions, 0 deletions
diff --git a/js/src/jit/CacheIRCompiler.h b/js/src/jit/CacheIRCompiler.h new file mode 100644 index 0000000000..465db7a9b8 --- /dev/null +++ b/js/src/jit/CacheIRCompiler.h @@ -0,0 +1,1314 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef jit_CacheIRCompiler_h +#define jit_CacheIRCompiler_h + +#include "mozilla/Casting.h" +#include "mozilla/Maybe.h" + +#include "jit/CacheIR.h" +#include "jit/CacheIRReader.h" +#include "jit/CacheIRWriter.h" +#include "jit/JitOptions.h" +#include "jit/MacroAssembler.h" +#include "jit/PerfSpewer.h" +#include "jit/SharedICRegisters.h" +#include "js/ScalarType.h" // js::Scalar::Type + +namespace JS { +class BigInt; +} + +namespace js { + +class TypedArrayObject; +enum class UnaryMathFunction : uint8_t; + +namespace jit { + +class BaselineCacheIRCompiler; +class ICCacheIRStub; +class IonCacheIRCompiler; +class IonScript; + +enum class ICStubEngine : uint8_t; + +// [SMDOC] CacheIR Value Representation and Tracking +// +// While compiling an IC stub the CacheIR compiler needs to keep track of the +// physical location for each logical piece of data we care about, as well as +// ensure that in the case of a stub failing, we are able to restore the input +// state so that a subsequent stub can attempt to provide a value. +// +// OperandIds are created in the CacheIR front-end to keep track of values that +// are passed between CacheIR ops during the execution of a given CacheIR stub. +// In the CacheRegisterAllocator these OperandIds are given OperandLocations, +// that represent the physical location of the OperandId at a given point in +// time during CacheRegister allocation. +// +// In the CacheRegisterAllocator physical locations include the stack, and +// registers, as well as whether or not the value has been unboxed or not. +// Constants are also represented separately to provide for on-demand +// materialization. +// +// Intra-op Register allocation: +// +// During the emission of a CacheIR op, code can ask the CacheRegisterAllocator +// for access to a particular OperandId, and the register allocator will +// generate the required code to fill that request. +// +// Input OperandIds should be considered as immutable, and should not be mutated +// during the execution of a stub. +// +// There are also a number of RAII classes that interact with the register +// allocator, in order to provide access to more registers than just those +// provided for by the OperandIds. +// +// - AutoOutputReg: The register which will hold the output value of the stub. +// - AutoScratchReg: By default, an arbitrary scratch register, however a +// specific register can be requested. +// - AutoScratchRegMaybeOutput: Any arbitrary scratch register, but the output +// register may be used as well. +// +// These RAII classes take ownership of a register for the duration of their +// lifetime so they can be used for computation or output. The register +// allocator can spill values with OperandLocations in order to try to ensure +// that a register is made available for use. +// +// If a specific register is required (via AutoScratchRegister), it should be +// the first register acquired, as the register rallocator will be unable to +// allocate the fixed register if the current op is using it for something else. +// +// If no register can be provided after attempting to spill, a +// MOZ_RELEASE_ASSERT ensures the browser will crash. The register allocator is +// not provided enough information in its current design to insert spills and +// fills at arbitrary locations, and so it can fail to find an allocation +// solution. However, this will only happen within the implementation of an +// operand emitter, and because the cache register allocator is mostly +// determinstic, so long as the operand id emitter is tested, this won't +// suddenly crop up in an arbitrary webpage. It's worth noting the most +// difficult platform to support is x86-32, because it has the least number of +// registers available. +// +// FailurePaths checkpoint the state of the register allocator so that the input +// state can be recomputed from the current state before jumping to the next +// stub in the IC chain. An important invariant is that the FailurePath must be +// allocated for each op after all the manipulation of OperandLocations has +// happened, so that its recording is correct. +// +// Inter-op Register Allocation: +// +// The RAII register management classes are RAII because all register state +// outside the OperandLocations is reset before the compilation of each +// individual CacheIR op. This means that you cannot rely on a value surviving +// between ops, even if you use the ability of AutoScratchRegister to name a +// specific register. Values that need to be preserved between ops must be given +// an OperandId. + +// Represents a Value on the Baseline frame's expression stack. Slot 0 is the +// value on top of the stack (the most recently pushed value), slot 1 is the +// value pushed before that, etc. +class BaselineFrameSlot { + uint32_t slot_; + + public: + explicit BaselineFrameSlot(uint32_t slot) : slot_(slot) {} + uint32_t slot() const { return slot_; } + + bool operator==(const BaselineFrameSlot& other) const { + return slot_ == other.slot_; + } + bool operator!=(const BaselineFrameSlot& other) const { + return slot_ != other.slot_; + } +}; + +// OperandLocation represents the location of an OperandId. The operand is +// either in a register or on the stack, and is either boxed or unboxed. +class OperandLocation { + public: + enum Kind { + Uninitialized = 0, + PayloadReg, + DoubleReg, + ValueReg, + PayloadStack, + ValueStack, + BaselineFrame, + Constant, + }; + + private: + Kind kind_; + + union Data { + struct { + Register reg; + JSValueType type; + } payloadReg; + FloatRegister doubleReg; + ValueOperand valueReg; + struct { + uint32_t stackPushed; + JSValueType type; + } payloadStack; + uint32_t valueStackPushed; + BaselineFrameSlot baselineFrameSlot; + Value constant; + + Data() : valueStackPushed(0) {} + }; + Data data_; + + public: + OperandLocation() : kind_(Uninitialized) {} + + Kind kind() const { return kind_; } + + void setUninitialized() { kind_ = Uninitialized; } + + ValueOperand valueReg() const { + MOZ_ASSERT(kind_ == ValueReg); + return data_.valueReg; + } + Register payloadReg() const { + MOZ_ASSERT(kind_ == PayloadReg); + return data_.payloadReg.reg; + } + FloatRegister doubleReg() const { + MOZ_ASSERT(kind_ == DoubleReg); + return data_.doubleReg; + } + uint32_t payloadStack() const { + MOZ_ASSERT(kind_ == PayloadStack); + return data_.payloadStack.stackPushed; + } + uint32_t valueStack() const { + MOZ_ASSERT(kind_ == ValueStack); + return data_.valueStackPushed; + } + JSValueType payloadType() const { + if (kind_ == PayloadReg) { + return data_.payloadReg.type; + } + MOZ_ASSERT(kind_ == PayloadStack); + return data_.payloadStack.type; + } + Value constant() const { + MOZ_ASSERT(kind_ == Constant); + return data_.constant; + } + BaselineFrameSlot baselineFrameSlot() const { + MOZ_ASSERT(kind_ == BaselineFrame); + return data_.baselineFrameSlot; + } + + void setPayloadReg(Register reg, JSValueType type) { + kind_ = PayloadReg; + data_.payloadReg.reg = reg; + data_.payloadReg.type = type; + } + void setDoubleReg(FloatRegister reg) { + kind_ = DoubleReg; + data_.doubleReg = reg; + } + void setValueReg(ValueOperand reg) { + kind_ = ValueReg; + data_.valueReg = reg; + } + void setPayloadStack(uint32_t stackPushed, JSValueType type) { + kind_ = PayloadStack; + data_.payloadStack.stackPushed = stackPushed; + data_.payloadStack.type = type; + } + void setValueStack(uint32_t stackPushed) { + kind_ = ValueStack; + data_.valueStackPushed = stackPushed; + } + void setConstant(const Value& v) { + kind_ = Constant; + data_.constant = v; + } + void setBaselineFrame(BaselineFrameSlot slot) { + kind_ = BaselineFrame; + data_.baselineFrameSlot = slot; + } + + bool isUninitialized() const { return kind_ == Uninitialized; } + bool isInRegister() const { return kind_ == PayloadReg || kind_ == ValueReg; } + bool isOnStack() const { + return kind_ == PayloadStack || kind_ == ValueStack; + } + + size_t stackPushed() const { + if (kind_ == PayloadStack) { + return data_.payloadStack.stackPushed; + } + MOZ_ASSERT(kind_ == ValueStack); + return data_.valueStackPushed; + } + size_t stackSizeInBytes() const { + if (kind_ == PayloadStack) { + return sizeof(uintptr_t); + } + MOZ_ASSERT(kind_ == ValueStack); + return sizeof(js::Value); + } + void adjustStackPushed(int32_t diff) { + if (kind_ == PayloadStack) { + data_.payloadStack.stackPushed += diff; + return; + } + MOZ_ASSERT(kind_ == ValueStack); + data_.valueStackPushed += diff; + } + + bool aliasesReg(Register reg) const { + if (kind_ == PayloadReg) { + return payloadReg() == reg; + } + if (kind_ == ValueReg) { + return valueReg().aliases(reg); + } + return false; + } + bool aliasesReg(ValueOperand reg) const { +#if defined(JS_NUNBOX32) + return aliasesReg(reg.typeReg()) || aliasesReg(reg.payloadReg()); +#else + return aliasesReg(reg.valueReg()); +#endif + } + + bool aliasesReg(const OperandLocation& other) const; + + bool operator==(const OperandLocation& other) const; + bool operator!=(const OperandLocation& other) const { + return !operator==(other); + } +}; + +struct SpilledRegister { + Register reg; + uint32_t stackPushed; + + SpilledRegister(Register reg, uint32_t stackPushed) + : reg(reg), stackPushed(stackPushed) {} + bool operator==(const SpilledRegister& other) const { + return reg == other.reg && stackPushed == other.stackPushed; + } + bool operator!=(const SpilledRegister& other) const { + return !(*this == other); + } +}; + +using SpilledRegisterVector = Vector<SpilledRegister, 2, SystemAllocPolicy>; + +// Class to track and allocate registers while emitting IC code. +class MOZ_RAII CacheRegisterAllocator { + // The original location of the inputs to the cache. + Vector<OperandLocation, 4, SystemAllocPolicy> origInputLocations_; + + // The current location of each operand. + Vector<OperandLocation, 8, SystemAllocPolicy> operandLocations_; + + // Free lists for value- and payload-slots on stack + Vector<uint32_t, 2, SystemAllocPolicy> freeValueSlots_; + Vector<uint32_t, 2, SystemAllocPolicy> freePayloadSlots_; + + // The registers allocated while emitting the current CacheIR op. + // This prevents us from allocating a register and then immediately + // clobbering it for something else, while we're still holding on to it. + LiveGeneralRegisterSet currentOpRegs_; + + const AllocatableGeneralRegisterSet allocatableRegs_; + + // Registers that are currently unused and available. + AllocatableGeneralRegisterSet availableRegs_; + + // Registers that are available, but before use they must be saved and + // then restored when returning from the stub. + AllocatableGeneralRegisterSet availableRegsAfterSpill_; + + // Registers we took from availableRegsAfterSpill_ and spilled to the stack. + SpilledRegisterVector spilledRegs_; + + // The number of bytes pushed on the native stack. + uint32_t stackPushed_; + +#ifdef DEBUG + // Flag used to assert individual CacheIR instructions don't allocate + // registers after calling addFailurePath. + bool addedFailurePath_; +#endif + + // The index of the CacheIR instruction we're currently emitting. + uint32_t currentInstruction_; + + // Whether the stack contains a double spilled by AutoScratchFloatRegister. + bool hasAutoScratchFloatRegisterSpill_ = false; + + const CacheIRWriter& writer_; + + CacheRegisterAllocator(const CacheRegisterAllocator&) = delete; + CacheRegisterAllocator& operator=(const CacheRegisterAllocator&) = delete; + + void freeDeadOperandLocations(MacroAssembler& masm); + + void spillOperandToStack(MacroAssembler& masm, OperandLocation* loc); + void spillOperandToStackOrRegister(MacroAssembler& masm, + OperandLocation* loc); + + void popPayload(MacroAssembler& masm, OperandLocation* loc, Register dest); + void popValue(MacroAssembler& masm, OperandLocation* loc, ValueOperand dest); + Address payloadAddress(MacroAssembler& masm, + const OperandLocation* loc) const; + Address valueAddress(MacroAssembler& masm, const OperandLocation* loc) const; + +#ifdef DEBUG + void assertValidState() const; +#endif + + public: + friend class AutoScratchRegister; + friend class AutoScratchRegisterExcluding; + + explicit CacheRegisterAllocator(const CacheIRWriter& writer) + : allocatableRegs_(GeneralRegisterSet::All()), + stackPushed_(0), +#ifdef DEBUG + addedFailurePath_(false), +#endif + currentInstruction_(0), + writer_(writer) { + } + + [[nodiscard]] bool init(); + + void initAvailableRegs(const AllocatableGeneralRegisterSet& available) { + availableRegs_ = available; + } + void initAvailableRegsAfterSpill(); + + void fixupAliasedInputs(MacroAssembler& masm); + + OperandLocation operandLocation(size_t i) const { + return operandLocations_[i]; + } + void setOperandLocation(size_t i, const OperandLocation& loc) { + operandLocations_[i] = loc; + } + + OperandLocation origInputLocation(size_t i) const { + return origInputLocations_[i]; + } + void initInputLocation(size_t i, ValueOperand reg) { + origInputLocations_[i].setValueReg(reg); + operandLocations_[i].setValueReg(reg); + } + void initInputLocation(size_t i, Register reg, JSValueType type) { + origInputLocations_[i].setPayloadReg(reg, type); + operandLocations_[i].setPayloadReg(reg, type); + } + void initInputLocation(size_t i, FloatRegister reg) { + origInputLocations_[i].setDoubleReg(reg); + operandLocations_[i].setDoubleReg(reg); + } + void initInputLocation(size_t i, const Value& v) { + origInputLocations_[i].setConstant(v); + operandLocations_[i].setConstant(v); + } + void initInputLocation(size_t i, BaselineFrameSlot slot) { + origInputLocations_[i].setBaselineFrame(slot); + operandLocations_[i].setBaselineFrame(slot); + } + + void initInputLocation(size_t i, const TypedOrValueRegister& reg); + void initInputLocation(size_t i, const ConstantOrRegister& value); + + const SpilledRegisterVector& spilledRegs() const { return spilledRegs_; } + + [[nodiscard]] bool setSpilledRegs(const SpilledRegisterVector& regs) { + spilledRegs_.clear(); + return spilledRegs_.appendAll(regs); + } + + bool hasAutoScratchFloatRegisterSpill() const { + return hasAutoScratchFloatRegisterSpill_; + } + void setHasAutoScratchFloatRegisterSpill(bool b) { + MOZ_ASSERT(hasAutoScratchFloatRegisterSpill_ != b); + hasAutoScratchFloatRegisterSpill_ = b; + } + + void nextOp() { +#ifdef DEBUG + assertValidState(); + addedFailurePath_ = false; +#endif + currentOpRegs_.clear(); + currentInstruction_++; + } + +#ifdef DEBUG + void setAddedFailurePath() { + MOZ_ASSERT(!addedFailurePath_, "multiple failure paths for instruction"); + addedFailurePath_ = true; + } +#endif + + bool isDeadAfterInstruction(OperandId opId) const { + return writer_.operandIsDead(opId.id(), currentInstruction_ + 1); + } + + uint32_t stackPushed() const { return stackPushed_; } + void setStackPushed(uint32_t pushed) { stackPushed_ = pushed; } + + bool isAllocatable(Register reg) const { return allocatableRegs_.has(reg); } + + // Allocates a new register. + Register allocateRegister(MacroAssembler& masm); + ValueOperand allocateValueRegister(MacroAssembler& masm); + + void allocateFixedRegister(MacroAssembler& masm, Register reg); + void allocateFixedValueRegister(MacroAssembler& masm, ValueOperand reg); + + // Releases a register so it can be reused later. + void releaseRegister(Register reg) { + MOZ_ASSERT(currentOpRegs_.has(reg)); + availableRegs_.add(reg); + currentOpRegs_.take(reg); + } + void releaseValueRegister(ValueOperand reg) { +#ifdef JS_NUNBOX32 + releaseRegister(reg.payloadReg()); + releaseRegister(reg.typeReg()); +#else + releaseRegister(reg.valueReg()); +#endif + } + + // Removes spilled values from the native stack. This should only be + // called after all registers have been allocated. + void discardStack(MacroAssembler& masm); + + Address addressOf(MacroAssembler& masm, BaselineFrameSlot slot) const; + BaseValueIndex addressOf(MacroAssembler& masm, Register argcReg, + BaselineFrameSlot slot) const; + + // Returns the register for the given operand. If the operand is currently + // not in a register, it will load it into one. + ValueOperand useValueRegister(MacroAssembler& masm, ValOperandId val); + Register useRegister(MacroAssembler& masm, TypedOperandId typedId); + + ConstantOrRegister useConstantOrRegister(MacroAssembler& masm, + ValOperandId val); + + // Allocates an output register for the given operand. + Register defineRegister(MacroAssembler& masm, TypedOperandId typedId); + ValueOperand defineValueRegister(MacroAssembler& masm, ValOperandId val); + + // Loads (potentially coercing) and unboxes a value into a float register + // This is infallible, as there should have been a previous guard + // to ensure the value is already a number. + // Does not change the allocator's state. + void ensureDoubleRegister(MacroAssembler& masm, NumberOperandId op, + FloatRegister dest) const; + + // Loads an unboxed value into a scratch register. This can be useful + // especially on 32-bit x86 when there are not enough registers for + // useRegister. + // Does not change the allocator's state. + void copyToScratchRegister(MacroAssembler& masm, TypedOperandId typedId, + Register dest) const; + void copyToScratchValueRegister(MacroAssembler& masm, ValOperandId valId, + ValueOperand dest) const; + + // Returns |val|'s JSValueType or JSVAL_TYPE_UNKNOWN. + JSValueType knownType(ValOperandId val) const; + + // Emits code to restore registers and stack to the state at the start of + // the stub. + void restoreInputState(MacroAssembler& masm, bool discardStack = true); + + // Returns the set of registers storing the IC input operands. + GeneralRegisterSet inputRegisterSet() const; + + void saveIonLiveRegisters(MacroAssembler& masm, LiveRegisterSet liveRegs, + Register scratch, IonScript* ionScript); + void restoreIonLiveRegisters(MacroAssembler& masm, LiveRegisterSet liveRegs); +}; + +// RAII class to allocate a scratch register and release it when we're done +// with it. +class MOZ_RAII AutoScratchRegister { + CacheRegisterAllocator& alloc_; + Register reg_; + + AutoScratchRegister(const AutoScratchRegister&) = delete; + void operator=(const AutoScratchRegister&) = delete; + + public: + AutoScratchRegister(CacheRegisterAllocator& alloc, MacroAssembler& masm, + Register reg = InvalidReg) + : alloc_(alloc) { + if (reg != InvalidReg) { + alloc.allocateFixedRegister(masm, reg); + reg_ = reg; + } else { + reg_ = alloc.allocateRegister(masm); + } + MOZ_ASSERT(alloc_.currentOpRegs_.has(reg_)); + } + ~AutoScratchRegister() { alloc_.releaseRegister(reg_); } + + Register get() const { return reg_; } + operator Register() const { return reg_; } +}; + +// On x86, spectreBoundsCheck32 can emit better code if it has a scratch +// register and index masking is enabled. +class MOZ_RAII AutoSpectreBoundsScratchRegister { + mozilla::Maybe<AutoScratchRegister> scratch_; + Register reg_ = InvalidReg; + + AutoSpectreBoundsScratchRegister(const AutoSpectreBoundsScratchRegister&) = + delete; + void operator=(const AutoSpectreBoundsScratchRegister&) = delete; + + public: + AutoSpectreBoundsScratchRegister(CacheRegisterAllocator& alloc, + MacroAssembler& masm) { +#ifdef JS_CODEGEN_X86 + if (JitOptions.spectreIndexMasking) { + scratch_.emplace(alloc, masm); + reg_ = scratch_->get(); + } +#endif + } + + Register get() const { return reg_; } + operator Register() const { return reg_; } +}; + +// Scratch Register64. Implemented with a single AutoScratchRegister on 64-bit +// platforms and two AutoScratchRegisters on 32-bit platforms. +class MOZ_RAII AutoScratchRegister64 { + AutoScratchRegister reg1_; +#if JS_BITS_PER_WORD == 32 + AutoScratchRegister reg2_; +#endif + + public: + AutoScratchRegister64(const AutoScratchRegister64&) = delete; + void operator=(const AutoScratchRegister64&) = delete; + +#if JS_BITS_PER_WORD == 32 + AutoScratchRegister64(CacheRegisterAllocator& alloc, MacroAssembler& masm) + : reg1_(alloc, masm), reg2_(alloc, masm) {} + + Register64 get() const { return Register64(reg1_, reg2_); } +#else + AutoScratchRegister64(CacheRegisterAllocator& alloc, MacroAssembler& masm) + : reg1_(alloc, masm) {} + + Register64 get() const { return Register64(reg1_); } +#endif + + operator Register64() const { return get(); } +}; + +// Scratch ValueOperand. Implemented with a single AutoScratchRegister on 64-bit +// platforms and two AutoScratchRegisters on 32-bit platforms. +class MOZ_RAII AutoScratchValueRegister { + AutoScratchRegister reg1_; +#if JS_BITS_PER_WORD == 32 + AutoScratchRegister reg2_; +#endif + + public: + AutoScratchValueRegister(const AutoScratchValueRegister&) = delete; + void operator=(const AutoScratchValueRegister&) = delete; + +#if JS_BITS_PER_WORD == 32 + AutoScratchValueRegister(CacheRegisterAllocator& alloc, MacroAssembler& masm) + : reg1_(alloc, masm), reg2_(alloc, masm) {} + + ValueOperand get() const { return ValueOperand(reg1_, reg2_); } +#else + AutoScratchValueRegister(CacheRegisterAllocator& alloc, MacroAssembler& masm) + : reg1_(alloc, masm) {} + + ValueOperand get() const { return ValueOperand(reg1_); } +#endif + + operator ValueOperand() const { return get(); } +}; + +// The FailurePath class stores everything we need to generate a failure path +// at the end of the IC code. The failure path restores the input registers, if +// needed, and jumps to the next stub. +class FailurePath { + Vector<OperandLocation, 4, SystemAllocPolicy> inputs_; + SpilledRegisterVector spilledRegs_; + NonAssertingLabel label_; + uint32_t stackPushed_; +#ifdef DEBUG + // Flag to ensure FailurePath::label() isn't taken while there's a scratch + // float register which still needs to be restored. + bool hasAutoScratchFloatRegister_ = false; +#endif + + public: + FailurePath() = default; + + FailurePath(FailurePath&& other) + : inputs_(std::move(other.inputs_)), + spilledRegs_(std::move(other.spilledRegs_)), + label_(other.label_), + stackPushed_(other.stackPushed_) {} + + Label* labelUnchecked() { return &label_; } + Label* label() { + MOZ_ASSERT(!hasAutoScratchFloatRegister_); + return labelUnchecked(); + } + + void setStackPushed(uint32_t i) { stackPushed_ = i; } + uint32_t stackPushed() const { return stackPushed_; } + + [[nodiscard]] bool appendInput(const OperandLocation& loc) { + return inputs_.append(loc); + } + OperandLocation input(size_t i) const { return inputs_[i]; } + + const SpilledRegisterVector& spilledRegs() const { return spilledRegs_; } + + [[nodiscard]] bool setSpilledRegs(const SpilledRegisterVector& regs) { + MOZ_ASSERT(spilledRegs_.empty()); + return spilledRegs_.appendAll(regs); + } + + // If canShareFailurePath(other) returns true, the same machine code will + // be emitted for two failure paths, so we can share them. + bool canShareFailurePath(const FailurePath& other) const; + + void setHasAutoScratchFloatRegister() { +#ifdef DEBUG + MOZ_ASSERT(!hasAutoScratchFloatRegister_); + hasAutoScratchFloatRegister_ = true; +#endif + } + + void clearHasAutoScratchFloatRegister() { +#ifdef DEBUG + MOZ_ASSERT(hasAutoScratchFloatRegister_); + hasAutoScratchFloatRegister_ = false; +#endif + } +}; + +/** + * Wrap an offset so that a call can decide to embed a constant + * or load from the stub data. + */ +class StubFieldOffset { + private: + uint32_t offset_; + StubField::Type type_; + + public: + StubFieldOffset(uint32_t offset, StubField::Type type) + : offset_(offset), type_(type) {} + + uint32_t getOffset() { return offset_; } + StubField::Type getStubFieldType() { return type_; } +}; + +class AutoOutputRegister; + +// Base class for BaselineCacheIRCompiler and IonCacheIRCompiler. +class MOZ_RAII CacheIRCompiler { + protected: + friend class AutoOutputRegister; + friend class AutoStubFrame; + friend class AutoSaveLiveRegisters; + friend class AutoCallVM; + friend class AutoScratchFloatRegister; + friend class AutoAvailableFloatRegister; + + enum class Mode { Baseline, Ion }; + + bool enteredStubFrame_; + + bool isBaseline(); + bool isIon(); + BaselineCacheIRCompiler* asBaseline(); + IonCacheIRCompiler* asIon(); + + JSContext* cx_; + const CacheIRWriter& writer_; + StackMacroAssembler masm; + + CacheRegisterAllocator allocator; + Vector<FailurePath, 4, SystemAllocPolicy> failurePaths; + + // Float registers that are live. Registers not in this set can be + // clobbered and don't need to be saved before performing a VM call. + // Doing this for non-float registers is a bit more complicated because + // the IC register allocator allocates GPRs. + LiveFloatRegisterSet liveFloatRegs_; + + mozilla::Maybe<TypedOrValueRegister> outputUnchecked_; + Mode mode_; + + // Distance from the IC to the stub data; mostly will be + // sizeof(stubType) + uint32_t stubDataOffset_; + + enum class StubFieldPolicy { Address, Constant }; + + StubFieldPolicy stubFieldPolicy_; + + CacheIRCompiler(JSContext* cx, TempAllocator& alloc, + const CacheIRWriter& writer, uint32_t stubDataOffset, + Mode mode, StubFieldPolicy policy) + : enteredStubFrame_(false), + cx_(cx), + writer_(writer), + masm(cx, alloc), + allocator(writer_), + liveFloatRegs_(FloatRegisterSet::All()), + mode_(mode), + stubDataOffset_(stubDataOffset), + stubFieldPolicy_(policy) { + MOZ_ASSERT(!writer.failed()); + } + + [[nodiscard]] bool addFailurePath(FailurePath** failure); + [[nodiscard]] bool emitFailurePath(size_t i); + + // Returns the set of volatile float registers that are live. These + // registers need to be saved when making non-GC calls with callWithABI. + FloatRegisterSet liveVolatileFloatRegs() const { + return FloatRegisterSet::Intersect(liveFloatRegs_.set(), + FloatRegisterSet::Volatile()); + } + + bool objectGuardNeedsSpectreMitigations(ObjOperandId objId) const { + // Instructions like GuardShape need Spectre mitigations if + // (1) mitigations are enabled and (2) the object is used by other + // instructions (if the object is *not* used by other instructions, + // zeroing its register is pointless). + return JitOptions.spectreObjectMitigations && + !allocator.isDeadAfterInstruction(objId); + } + + private: + void emitPostBarrierShared(Register obj, const ConstantOrRegister& val, + Register scratch, Register maybeIndex); + + void emitPostBarrierShared(Register obj, ValueOperand val, Register scratch, + Register maybeIndex) { + emitPostBarrierShared(obj, ConstantOrRegister(val), scratch, maybeIndex); + } + + protected: + template <typename T> + void emitPostBarrierSlot(Register obj, const T& val, Register scratch) { + emitPostBarrierShared(obj, val, scratch, InvalidReg); + } + + template <typename T> + void emitPostBarrierElement(Register obj, const T& val, Register scratch, + Register index) { + MOZ_ASSERT(index != InvalidReg); + emitPostBarrierShared(obj, val, scratch, index); + } + + bool emitComparePointerResultShared(JSOp op, TypedOperandId lhsId, + TypedOperandId rhsId); + + [[nodiscard]] bool emitMathFunctionNumberResultShared( + UnaryMathFunction fun, FloatRegister inputScratch, ValueOperand output); + + template <typename Fn, Fn fn> + [[nodiscard]] bool emitBigIntBinaryOperationShared(BigIntOperandId lhsId, + BigIntOperandId rhsId); + + template <typename Fn, Fn fn> + [[nodiscard]] bool emitBigIntUnaryOperationShared(BigIntOperandId inputId); + + bool emitDoubleIncDecResult(bool isInc, NumberOperandId inputId); + + using AtomicsReadWriteModifyFn = int32_t (*)(TypedArrayObject*, size_t, + int32_t); + + [[nodiscard]] bool emitAtomicsReadModifyWriteResult( + ObjOperandId objId, IntPtrOperandId indexId, uint32_t valueId, + Scalar::Type elementType, AtomicsReadWriteModifyFn fn); + + using AtomicsReadWriteModify64Fn = JS::BigInt* (*)(JSContext*, + TypedArrayObject*, size_t, + const JS::BigInt*); + + template <AtomicsReadWriteModify64Fn fn> + [[nodiscard]] bool emitAtomicsReadModifyWriteResult64(ObjOperandId objId, + IntPtrOperandId indexId, + uint32_t valueId); + + void emitActivateIterator(Register objBeingIterated, Register iterObject, + Register nativeIter, Register scratch, + Register scratch2, uint32_t enumeratorsAddrOffset); + + CACHE_IR_COMPILER_SHARED_GENERATED + + void emitLoadStubField(StubFieldOffset val, Register dest); + void emitLoadStubFieldConstant(StubFieldOffset val, Register dest); + + void emitLoadValueStubField(StubFieldOffset val, ValueOperand dest); + void emitLoadDoubleValueStubField(StubFieldOffset val, ValueOperand dest, + FloatRegister scratch); + + uintptr_t readStubWord(uint32_t offset, StubField::Type type) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + MOZ_ASSERT((offset % sizeof(uintptr_t)) == 0); + return writer_.readStubField(offset, type).asWord(); + } + uint64_t readStubInt64(uint32_t offset, StubField::Type type) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + MOZ_ASSERT((offset % sizeof(uintptr_t)) == 0); + return writer_.readStubField(offset, type).asInt64(); + } + int32_t int32StubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return readStubWord(offset, StubField::Type::RawInt32); + } + uint32_t uint32StubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return readStubWord(offset, StubField::Type::RawInt32); + } + Shape* shapeStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (Shape*)readStubWord(offset, StubField::Type::Shape); + } + GetterSetter* getterSetterStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (GetterSetter*)readStubWord(offset, StubField::Type::GetterSetter); + } + JSObject* objectStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (JSObject*)readStubWord(offset, StubField::Type::JSObject); + } + Value valueStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + uint64_t raw = readStubInt64(offset, StubField::Type::Value); + return Value::fromRawBits(raw); + } + double doubleStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + uint64_t raw = readStubInt64(offset, StubField::Type::Double); + return mozilla::BitwiseCast<double>(raw); + } + JSString* stringStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (JSString*)readStubWord(offset, StubField::Type::String); + } + JS::Symbol* symbolStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (JS::Symbol*)readStubWord(offset, StubField::Type::Symbol); + } + JS::Compartment* compartmentStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (JS::Compartment*)readStubWord(offset, StubField::Type::RawPointer); + } + BaseScript* baseScriptStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (BaseScript*)readStubWord(offset, StubField::Type::BaseScript); + } + const JSClass* classStubField(uintptr_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (const JSClass*)readStubWord(offset, StubField::Type::RawPointer); + } + const void* proxyHandlerStubField(uintptr_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (const void*)readStubWord(offset, StubField::Type::RawPointer); + } + const void* pointerStubField(uintptr_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return (const void*)readStubWord(offset, StubField::Type::RawPointer); + } + jsid idStubField(uint32_t offset) { + MOZ_ASSERT(stubFieldPolicy_ == StubFieldPolicy::Constant); + return jsid::fromRawBits(readStubWord(offset, StubField::Type::Id)); + } + +#ifdef DEBUG + void assertFloatRegisterAvailable(FloatRegister reg); +#endif + + void callVMInternal(MacroAssembler& masm, VMFunctionId id); + template <typename Fn, Fn fn> + void callVM(MacroAssembler& masm); +}; + +// Ensures the IC's output register is available for writing. +class MOZ_RAII AutoOutputRegister { + TypedOrValueRegister output_; + CacheRegisterAllocator& alloc_; + + AutoOutputRegister(const AutoOutputRegister&) = delete; + void operator=(const AutoOutputRegister&) = delete; + + public: + explicit AutoOutputRegister(CacheIRCompiler& compiler); + ~AutoOutputRegister(); + + Register maybeReg() const { + if (output_.hasValue()) { + return output_.valueReg().scratchReg(); + } + if (!output_.typedReg().isFloat()) { + return output_.typedReg().gpr(); + } + return InvalidReg; + } + + bool hasValue() const { return output_.hasValue(); } + ValueOperand valueReg() const { return output_.valueReg(); } + AnyRegister typedReg() const { return output_.typedReg(); } + + JSValueType type() const { + MOZ_ASSERT(!hasValue()); + return ValueTypeFromMIRType(output_.type()); + } + + operator TypedOrValueRegister() const { return output_; } +}; + +enum class CallCanGC { CanGC, CanNotGC }; + +// Instructions that have to perform a callVM require a stub frame. Call its +// enter() and leave() methods to enter/leave the stub frame. +// Hoisted from jit/BaselineCacheIRCompiler.cpp. See there for method +// definitions. +class MOZ_RAII AutoStubFrame { + BaselineCacheIRCompiler& compiler; +#ifdef DEBUG + uint32_t framePushedAtEnterStubFrame_; +#endif + + AutoStubFrame(const AutoStubFrame&) = delete; + void operator=(const AutoStubFrame&) = delete; + + public: + explicit AutoStubFrame(BaselineCacheIRCompiler& compiler); + + void enter(MacroAssembler& masm, Register scratch, + CallCanGC canGC = CallCanGC::CanGC); + void leave(MacroAssembler& masm); + +#ifdef DEBUG + ~AutoStubFrame(); +#endif +}; +// AutoSaveLiveRegisters must be used when we make a call that can GC. The +// constructor ensures all live registers are stored on the stack (where the GC +// expects them) and the destructor restores these registers. +class MOZ_RAII AutoSaveLiveRegisters { + IonCacheIRCompiler& compiler_; + + AutoSaveLiveRegisters(const AutoSaveLiveRegisters&) = delete; + void operator=(const AutoSaveLiveRegisters&) = delete; + + public: + explicit AutoSaveLiveRegisters(IonCacheIRCompiler& compiler); + + ~AutoSaveLiveRegisters(); +}; +// Like AutoScratchRegister, but reuse a register of |output| if possible. +class MOZ_RAII AutoScratchRegisterMaybeOutput { + mozilla::Maybe<AutoScratchRegister> scratch_; + Register scratchReg_; + + AutoScratchRegisterMaybeOutput(const AutoScratchRegisterMaybeOutput&) = + delete; + void operator=(const AutoScratchRegisterMaybeOutput&) = delete; + + public: + AutoScratchRegisterMaybeOutput(CacheRegisterAllocator& alloc, + MacroAssembler& masm, + const AutoOutputRegister& output) { + scratchReg_ = output.maybeReg(); + if (scratchReg_ == InvalidReg) { + scratch_.emplace(alloc, masm); + scratchReg_ = scratch_.ref(); + } + } + AutoScratchRegisterMaybeOutput(CacheRegisterAllocator& alloc, + MacroAssembler& masm) { + scratch_.emplace(alloc, masm); + scratchReg_ = scratch_.ref(); + } + + Register get() const { return scratchReg_; } + operator Register() const { return scratchReg_; } +}; + +// Like AutoScratchRegisterMaybeOutput, but tries to use the ValueOperand's +// type register for the scratch register on 32-bit. +// +// Word of warning: Passing an instance of this class and AutoOutputRegister to +// functions may not work correctly, because no guarantee is given that the type +// register is used last when modifying the output's ValueOperand. +class MOZ_RAII AutoScratchRegisterMaybeOutputType { + mozilla::Maybe<AutoScratchRegister> scratch_; + Register scratchReg_; + + public: + AutoScratchRegisterMaybeOutputType(CacheRegisterAllocator& alloc, + MacroAssembler& masm, + const AutoOutputRegister& output) { +#if defined(JS_NUNBOX32) + scratchReg_ = output.hasValue() ? output.valueReg().typeReg() : InvalidReg; +#else + scratchReg_ = InvalidReg; +#endif + if (scratchReg_ == InvalidReg) { + scratch_.emplace(alloc, masm); + scratchReg_ = scratch_.ref(); + } + } + + AutoScratchRegisterMaybeOutputType( + const AutoScratchRegisterMaybeOutputType&) = delete; + + void operator=(const AutoScratchRegisterMaybeOutputType&) = delete; + + Register get() const { return scratchReg_; } + operator Register() const { return scratchReg_; } +}; + +// AutoCallVM is a wrapper class that unifies methods shared by +// IonCacheIRCompiler and BaselineCacheIRCompiler that perform a callVM, but +// require stub specific functionality before performing the VM call. +// +// Expected Usage: +// +// OPs with implementations that may be unified by this class must: +// - Be listed in the CACHEIR_OPS list but not in the CACHE_IR_SHARED_OPS +// list +// - Differ only in their use of `AutoSaveLiveRegisters`, +// `AutoOutputRegister`, and `AutoScratchRegister`. The Ion +// implementation will use `AutoSaveLiveRegisters` and +// `AutoOutputRegister`, while the Baseline implementation will use +// `AutoScratchRegister`. +// - Both use the `callVM` method. +// +// Using AutoCallVM: +// - The constructor initializes `AutoOutputRegister` for both compiler +// types. Additionally it initializes an `AutoSaveLiveRegisters` for +// CacheIRCompilers with the mode Ion, and initializes +// `AutoScratchRegisterMaybeOutput` and `AutoStubFrame` variables for +// compilers with mode Baseline. +// - The `prepare()` method calls the IonCacheIRCompiler method +// `prepareVMCall` for IonCacheIRCompilers, calls the `enter()` method of +// `AutoStubFrame` for BaselineCacheIRCompilers, and calls the +// `discardStack` method of the `Register` class for both compiler types. +// - The `call()` method invokes `callVM` on the CacheIRCompiler and stores +// the call result according to its type. Finally it calls the `leave` +// method of `AutoStubFrame` for BaselineCacheIRCompilers. +// +// Expected Usage Example: +// See: `CacheIRCompiler::emitCallGetSparseElementResult()` +// +// Restrictions: +// - OPs that do not meet the criteria listed above can not be unified with +// AutoCallVM +// + +class MOZ_RAII AutoCallVM { + MacroAssembler& masm_; + CacheIRCompiler* compiler_; + CacheRegisterAllocator& allocator_; + mozilla::Maybe<AutoOutputRegister> output_; + + // Baseline specific stuff + mozilla::Maybe<AutoStubFrame> stubFrame_; + mozilla::Maybe<AutoScratchRegisterMaybeOutput> scratch_; + + // Ion specific stuff + mozilla::Maybe<AutoSaveLiveRegisters> save_; + + void storeResult(JSValueType returnType); + + template <typename Fn> + void storeResult(); + + void leaveBaselineStubFrame(); + + public: + AutoCallVM(MacroAssembler& masm, CacheIRCompiler* compiler, + CacheRegisterAllocator& allocator); + + void prepare(); + + template <typename Fn, Fn fn> + void call() { + compiler_->callVM<Fn, fn>(masm_); + storeResult<Fn>(); + leaveBaselineStubFrame(); + } + + template <typename Fn, Fn fn> + void callNoResult() { + compiler_->callVM<Fn, fn>(masm_); + leaveBaselineStubFrame(); + } + + const AutoOutputRegister& output() const { return *output_; } + ValueOperand outputValueReg() const { return output_->valueReg(); } +}; + +// RAII class to allocate FloatReg0 as a scratch register and release it when +// we're done with it. The previous contents of FloatReg0 may be spilled on the +// stack and, if necessary, are restored when the destructor runs. +// +// When FailurePath is passed to the constructor, FailurePath::label() must not +// be used during the life time of the AutoScratchFloatRegister. Instead use +// AutoScratchFloatRegister::failure(). +class MOZ_RAII AutoScratchFloatRegister { + Label failurePopReg_{}; + CacheIRCompiler* compiler_; + FailurePath* failure_; + + AutoScratchFloatRegister(const AutoScratchFloatRegister&) = delete; + void operator=(const AutoScratchFloatRegister&) = delete; + + public: + explicit AutoScratchFloatRegister(CacheIRCompiler* compiler) + : AutoScratchFloatRegister(compiler, nullptr) {} + + AutoScratchFloatRegister(CacheIRCompiler* compiler, FailurePath* failure); + + ~AutoScratchFloatRegister(); + + Label* failure(); + + FloatRegister get() const { return FloatReg0; } + operator FloatRegister() const { return FloatReg0; } +}; + +// This class can be used to assert a certain FloatRegister is available. In +// Baseline mode, all float registers are available. In Ion mode, only the +// registers added as fixed temps in LIRGenerator are available. +class MOZ_RAII AutoAvailableFloatRegister { + FloatRegister reg_; + + AutoAvailableFloatRegister(const AutoAvailableFloatRegister&) = delete; + void operator=(const AutoAvailableFloatRegister&) = delete; + + public: + explicit AutoAvailableFloatRegister(CacheIRCompiler& compiler, + FloatRegister reg) + : reg_(reg) { +#ifdef DEBUG + compiler.assertFloatRegisterAvailable(reg); +#endif + } + + FloatRegister get() const { return reg_; } + operator FloatRegister() const { return reg_; } +}; + +// See the 'Sharing Baseline stub code' comment in CacheIR.h for a description +// of this class. +// +// CacheIRStubInfo has a trailing variable-length array of bytes. The memory +// layout is as follows: +// +// Item | Offset +// -----------------+-------------------------------------- +// CacheIRStubInfo | 0 +// CacheIR bytecode | sizeof(CacheIRStubInfo) +// Stub field types | sizeof(CacheIRStubInfo) + codeLength_ +// +// The array of stub field types is terminated by StubField::Type::Limit. +class CacheIRStubInfo { + uint32_t codeLength_; + CacheKind kind_; + ICStubEngine engine_; + uint8_t stubDataOffset_; + bool makesGCCalls_; + + CacheIRStubInfo(CacheKind kind, ICStubEngine engine, bool makesGCCalls, + uint32_t stubDataOffset, uint32_t codeLength) + : codeLength_(codeLength), + kind_(kind), + engine_(engine), + stubDataOffset_(stubDataOffset), + makesGCCalls_(makesGCCalls) { + MOZ_ASSERT(kind_ == kind, "Kind must fit in bitfield"); + MOZ_ASSERT(engine_ == engine, "Engine must fit in bitfield"); + MOZ_ASSERT(stubDataOffset_ == stubDataOffset, + "stubDataOffset must fit in uint8_t"); + } + + CacheIRStubInfo(const CacheIRStubInfo&) = delete; + CacheIRStubInfo& operator=(const CacheIRStubInfo&) = delete; + + public: + CacheKind kind() const { return kind_; } + ICStubEngine engine() const { return engine_; } + bool makesGCCalls() const { return makesGCCalls_; } + + const uint8_t* code() const { + return reinterpret_cast<const uint8_t*>(this) + sizeof(CacheIRStubInfo); + } + uint32_t codeLength() const { return codeLength_; } + uint32_t stubDataOffset() const { return stubDataOffset_; } + + size_t stubDataSize() const; + + StubField::Type fieldType(uint32_t i) const { + static_assert(sizeof(StubField::Type) == sizeof(uint8_t)); + const uint8_t* fieldTypes = code() + codeLength_; + return static_cast<StubField::Type>(fieldTypes[i]); + } + + static CacheIRStubInfo* New(CacheKind kind, ICStubEngine engine, + bool canMakeCalls, uint32_t stubDataOffset, + const CacheIRWriter& writer); + + template <class Stub, class T> + js::GCPtr<T>& getStubField(Stub* stub, uint32_t offset) const; + + template <class Stub, class T> + T* getPtrStubField(Stub* stub, uint32_t offset) const; + + template <class T> + js::GCPtr<T>& getStubField(ICCacheIRStub* stub, uint32_t offset) const { + return getStubField<ICCacheIRStub, T>(stub, offset); + } + + uintptr_t getStubRawWord(const uint8_t* stubData, uint32_t offset) const; + uintptr_t getStubRawWord(ICCacheIRStub* stub, uint32_t offset) const; + + int64_t getStubRawInt64(const uint8_t* stubData, uint32_t offset) const; + int64_t getStubRawInt64(ICCacheIRStub* stub, uint32_t offset) const; + + void replaceStubRawWord(uint8_t* stubData, uint32_t offset, uintptr_t oldWord, + uintptr_t newWord) const; +}; + +template <typename T> +void TraceCacheIRStub(JSTracer* trc, T* stub, const CacheIRStubInfo* stubInfo); + +} // namespace jit +} // namespace js + +#endif /* jit_CacheIRCompiler_h */ |