search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1890513: Directly invoke variadic native functions. r=jandem
[gecko.git] / js / src / jit / Recover.cpp
blob4c1ff56436b2af1404fe0bb524c86985063d8822
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "jit/Recover.h"
8
9 #include "mozilla/Casting.h"
10
11 #include "jsmath.h"
12
13 #include "builtin/Object.h"
14 #include "builtin/RegExp.h"
15 #include "builtin/String.h"
16 #include "jit/AtomicOperations.h"
17 #include "jit/Bailouts.h"
18 #include "jit/CompileInfo.h"
19 #include "jit/Ion.h"
20 #include "jit/JitSpewer.h"
21 #include "jit/JSJitFrameIter.h"
22 #include "jit/MIR.h"
23 #include "jit/MIRGraph.h"
24 #include "jit/VMFunctions.h"
25 #include "util/DifferentialTesting.h"
26 #include "vm/BigIntType.h"
27 #include "vm/EqualityOperations.h"
28 #include "vm/Interpreter.h"
29 #include "vm/Iteration.h"
30 #include "vm/JSContext.h"
31 #include "vm/JSObject.h"
32 #include "vm/PlainObject.h" // js::PlainObject
33 #include "vm/StringType.h"
34 #include "vm/Watchtower.h"
35
36 #include "vm/Interpreter-inl.h"
37
38 using namespace js;
39 using namespace js::jit;
40
41 bool MNode::writeRecoverData(CompactBufferWriter& writer) const {
42 MOZ_CRASH("This instruction is not serializable");
43 }
44
45 void RInstruction::readRecoverData(CompactBufferReader& reader,
46 RInstructionStorage* raw) {
47 uint32_t op = reader.readUnsigned();
48 switch (Opcode(op)) {
49 #define MATCH_OPCODES_(op) \
50 case Recover_##op: \
51 static_assert(sizeof(R##op) <= sizeof(RInstructionStorage), \
52 "storage space must be big enough to store R" #op); \
53 static_assert(alignof(R##op) <= alignof(RInstructionStorage), \
54 "storage space must be aligned adequate to store R" #op); \
55 new (raw->addr()) R##op(reader); \
56 break;
57
58 RECOVER_OPCODE_LIST(MATCH_OPCODES_)
59 #undef MATCH_OPCODES_
60
61 case Recover_Invalid:
62 default:
63 MOZ_CRASH("Bad decoding of the previous instruction?");
64 }
65 }
66
67 bool MResumePoint::writeRecoverData(CompactBufferWriter& writer) const {
68 writer.writeUnsigned(uint32_t(RInstruction::Recover_ResumePoint));
69
70 MBasicBlock* bb = block();
71 bool hasFun = bb->info().hasFunMaybeLazy();
72 uint32_t nargs = bb->info().nargs();
73 JSScript* script = bb->info().script();
74 uint32_t exprStack = stackDepth() - bb->info().ninvoke();
75
76 #ifdef DEBUG
77 // Ensure that all snapshot which are encoded can safely be used for
78 // bailouts.
79 uint32_t numIntermediate = NumIntermediateValues(mode());
80 if (JSContext* cx = GetJitContext()->cx) {
81 if (!AssertBailoutStackDepth(cx, script, pc(), mode(),
82 exprStack - numIntermediate)) {
83 return false;
84 }
85 }
86 #endif
87
88 uint32_t formalArgs = CountArgSlots(script, hasFun, nargs);
89
90 // Test if we honor the maximum of arguments at all times. This is a sanity
91 // check and not an algorithm limit. So check might be a bit too loose. +4
92 // to account for scope chain, return value, this value and maybe
93 // arguments_object.
94 MOZ_ASSERT(formalArgs < SNAPSHOT_MAX_NARGS + 4);
95
96 #ifdef JS_JITSPEW
97 uint32_t implicit = StartArgSlot(script);
98 #endif
99 uint32_t nallocs = formalArgs + script->nfixed() + exprStack;
100
101 JitSpew(JitSpew_IonSnapshots,
102 "Starting frame; implicit %u, formals %u, fixed %zu, exprs %u",
103 implicit, formalArgs - implicit, script->nfixed(), exprStack);
104
105 uint32_t pcOff = script->pcToOffset(pc());
106 JitSpew(JitSpew_IonSnapshots, "Writing pc offset %u, mode %s, nslots %u",
107 pcOff, ResumeModeToString(mode()), nallocs);
108
109 uint32_t pcOffAndMode =
110 (pcOff << RResumePoint::PCOffsetShift) | uint32_t(mode());
111 MOZ_RELEASE_ASSERT((pcOffAndMode >> RResumePoint::PCOffsetShift) == pcOff,
112 "pcOff doesn't fit in pcOffAndMode");
113 writer.writeUnsigned(pcOffAndMode);
114
115 writer.writeUnsigned(nallocs);
116 return true;
117 }
118
119 RResumePoint::RResumePoint(CompactBufferReader& reader) {
120 pcOffsetAndMode_ = reader.readUnsigned();
121 numOperands_ = reader.readUnsigned();
122 JitSpew(JitSpew_IonSnapshots,
123 "Read RResumePoint (pc offset %u, mode %s, nslots %u)", pcOffset(),
124 ResumeModeToString(mode()), numOperands_);
125 }
126
127 bool RResumePoint::recover(JSContext* cx, SnapshotIterator& iter) const {
128 MOZ_CRASH("This instruction is not recoverable.");
129 }
130
131 bool MBitNot::writeRecoverData(CompactBufferWriter& writer) const {
132 // 64-bit int bitnots exist only when compiling wasm; they exist neither for
133 // JS nor asm.js. So we don't expect them here.
134 MOZ_ASSERT(type() != MIRType::Int64);
135 MOZ_ASSERT(canRecoverOnBailout());
136 writer.writeUnsigned(uint32_t(RInstruction::Recover_BitNot));
137 return true;
138 }
139
140 RBitNot::RBitNot(CompactBufferReader& reader) {}
141
142 bool RBitNot::recover(JSContext* cx, SnapshotIterator& iter) const {
143 RootedValue operand(cx, iter.read());
144 RootedValue result(cx);
145
146 if (!js::BitNot(cx, &operand, &result)) {
147 return false;
148 }
149
150 iter.storeInstructionResult(result);
151 return true;
152 }
153
154 bool MBitAnd::writeRecoverData(CompactBufferWriter& writer) const {
155 MOZ_ASSERT(canRecoverOnBailout());
156 writer.writeUnsigned(uint32_t(RInstruction::Recover_BitAnd));
157 return true;
158 }
159
160 RBitAnd::RBitAnd(CompactBufferReader& reader) {}
161
162 bool RBitAnd::recover(JSContext* cx, SnapshotIterator& iter) const {
163 RootedValue lhs(cx, iter.read());
164 RootedValue rhs(cx, iter.read());
165 RootedValue result(cx);
166 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
167
168 if (!js::BitAnd(cx, &lhs, &rhs, &result)) {
169 return false;
170 }
171
172 iter.storeInstructionResult(result);
173 return true;
174 }
175
176 bool MBitOr::writeRecoverData(CompactBufferWriter& writer) const {
177 MOZ_ASSERT(canRecoverOnBailout());
178 writer.writeUnsigned(uint32_t(RInstruction::Recover_BitOr));
179 return true;
180 }
181
182 RBitOr::RBitOr(CompactBufferReader& reader) {}
183
184 bool RBitOr::recover(JSContext* cx, SnapshotIterator& iter) const {
185 RootedValue lhs(cx, iter.read());
186 RootedValue rhs(cx, iter.read());
187 RootedValue result(cx);
188 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
189
190 if (!js::BitOr(cx, &lhs, &rhs, &result)) {
191 return false;
192 }
193
194 iter.storeInstructionResult(result);
195 return true;
196 }
197
198 bool MBitXor::writeRecoverData(CompactBufferWriter& writer) const {
199 MOZ_ASSERT(canRecoverOnBailout());
200 writer.writeUnsigned(uint32_t(RInstruction::Recover_BitXor));
201 return true;
202 }
203
204 RBitXor::RBitXor(CompactBufferReader& reader) {}
205
206 bool RBitXor::recover(JSContext* cx, SnapshotIterator& iter) const {
207 RootedValue lhs(cx, iter.read());
208 RootedValue rhs(cx, iter.read());
209 RootedValue result(cx);
210
211 if (!js::BitXor(cx, &lhs, &rhs, &result)) {
212 return false;
213 }
214
215 iter.storeInstructionResult(result);
216 return true;
217 }
218
219 bool MLsh::writeRecoverData(CompactBufferWriter& writer) const {
220 MOZ_ASSERT(canRecoverOnBailout());
221 writer.writeUnsigned(uint32_t(RInstruction::Recover_Lsh));
222 return true;
223 }
224
225 RLsh::RLsh(CompactBufferReader& reader) {}
226
227 bool RLsh::recover(JSContext* cx, SnapshotIterator& iter) const {
228 RootedValue lhs(cx, iter.read());
229 RootedValue rhs(cx, iter.read());
230 RootedValue result(cx);
231 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
232
233 if (!js::BitLsh(cx, &lhs, &rhs, &result)) {
234 return false;
235 }
236
237 iter.storeInstructionResult(result);
238 return true;
239 }
240
241 bool MRsh::writeRecoverData(CompactBufferWriter& writer) const {
242 MOZ_ASSERT(canRecoverOnBailout());
243 writer.writeUnsigned(uint32_t(RInstruction::Recover_Rsh));
244 return true;
245 }
246
247 RRsh::RRsh(CompactBufferReader& reader) {}
248
249 bool RRsh::recover(JSContext* cx, SnapshotIterator& iter) const {
250 RootedValue lhs(cx, iter.read());
251 RootedValue rhs(cx, iter.read());
252 RootedValue result(cx);
253 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
254
255 if (!js::BitRsh(cx, &lhs, &rhs, &result)) {
256 return false;
257 }
258
259 iter.storeInstructionResult(result);
260 return true;
261 }
262
263 bool MUrsh::writeRecoverData(CompactBufferWriter& writer) const {
264 MOZ_ASSERT(canRecoverOnBailout());
265 writer.writeUnsigned(uint32_t(RInstruction::Recover_Ursh));
266 return true;
267 }
268
269 RUrsh::RUrsh(CompactBufferReader& reader) {}
270
271 bool RUrsh::recover(JSContext* cx, SnapshotIterator& iter) const {
272 RootedValue lhs(cx, iter.read());
273 RootedValue rhs(cx, iter.read());
274 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
275
276 RootedValue result(cx);
277 if (!js::UrshValues(cx, &lhs, &rhs, &result)) {
278 return false;
279 }
280
281 iter.storeInstructionResult(result);
282 return true;
283 }
284
285 bool MSignExtendInt32::writeRecoverData(CompactBufferWriter& writer) const {
286 MOZ_ASSERT(canRecoverOnBailout());
287 writer.writeUnsigned(uint32_t(RInstruction::Recover_SignExtendInt32));
288 MOZ_ASSERT(Mode(uint8_t(mode_)) == mode_);
289 writer.writeByte(uint8_t(mode_));
290 return true;
291 }
292
293 RSignExtendInt32::RSignExtendInt32(CompactBufferReader& reader) {
294 mode_ = reader.readByte();
295 }
296
297 bool RSignExtendInt32::recover(JSContext* cx, SnapshotIterator& iter) const {
298 RootedValue operand(cx, iter.read());
299
300 int32_t i;
301 if (!ToInt32(cx, operand, &i)) {
302 return false;
303 }
304
305 int32_t result;
306 switch (MSignExtendInt32::Mode(mode_)) {
307 case MSignExtendInt32::Byte:
308 result = static_cast<int8_t>(i);
309 break;
310 case MSignExtendInt32::Half:
311 result = static_cast<int16_t>(i);
312 break;
313 }
314
315 iter.storeInstructionResult(JS::Int32Value(result));
316 return true;
317 }
318
319 bool MAdd::writeRecoverData(CompactBufferWriter& writer) const {
320 MOZ_ASSERT(canRecoverOnBailout());
321 writer.writeUnsigned(uint32_t(RInstruction::Recover_Add));
322 writer.writeByte(type() == MIRType::Float32);
323 return true;
324 }
325
326 RAdd::RAdd(CompactBufferReader& reader) {
327 isFloatOperation_ = reader.readByte();
328 }
329
330 bool RAdd::recover(JSContext* cx, SnapshotIterator& iter) const {
331 RootedValue lhs(cx, iter.read());
332 RootedValue rhs(cx, iter.read());
333 RootedValue result(cx);
334
335 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
336 if (!js::AddValues(cx, &lhs, &rhs, &result)) {
337 return false;
338 }
339
340 // MIRType::Float32 is a specialization embedding the fact that the result is
341 // rounded to a Float32.
342 if (isFloatOperation_ && !RoundFloat32(cx, result, &result)) {
343 return false;
344 }
345
346 iter.storeInstructionResult(result);
347 return true;
348 }
349
350 bool MSub::writeRecoverData(CompactBufferWriter& writer) const {
351 MOZ_ASSERT(canRecoverOnBailout());
352 writer.writeUnsigned(uint32_t(RInstruction::Recover_Sub));
353 writer.writeByte(type() == MIRType::Float32);
354 return true;
355 }
356
357 RSub::RSub(CompactBufferReader& reader) {
358 isFloatOperation_ = reader.readByte();
359 }
360
361 bool RSub::recover(JSContext* cx, SnapshotIterator& iter) const {
362 RootedValue lhs(cx, iter.read());
363 RootedValue rhs(cx, iter.read());
364 RootedValue result(cx);
365
366 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
367 if (!js::SubValues(cx, &lhs, &rhs, &result)) {
368 return false;
369 }
370
371 // MIRType::Float32 is a specialization embedding the fact that the result is
372 // rounded to a Float32.
373 if (isFloatOperation_ && !RoundFloat32(cx, result, &result)) {
374 return false;
375 }
376
377 iter.storeInstructionResult(result);
378 return true;
379 }
380
381 bool MMul::writeRecoverData(CompactBufferWriter& writer) const {
382 MOZ_ASSERT(canRecoverOnBailout());
383 writer.writeUnsigned(uint32_t(RInstruction::Recover_Mul));
384 writer.writeByte(type() == MIRType::Float32);
385 MOZ_ASSERT(Mode(uint8_t(mode_)) == mode_);
386 writer.writeByte(uint8_t(mode_));
387 return true;
388 }
389
390 RMul::RMul(CompactBufferReader& reader) {
391 isFloatOperation_ = reader.readByte();
392 mode_ = reader.readByte();
393 }
394
395 bool RMul::recover(JSContext* cx, SnapshotIterator& iter) const {
396 RootedValue lhs(cx, iter.read());
397 RootedValue rhs(cx, iter.read());
398 RootedValue result(cx);
399
400 if (MMul::Mode(mode_) == MMul::Normal) {
401 if (!js::MulValues(cx, &lhs, &rhs, &result)) {
402 return false;
403 }
404
405 // MIRType::Float32 is a specialization embedding the fact that the
406 // result is rounded to a Float32.
407 if (isFloatOperation_ && !RoundFloat32(cx, result, &result)) {
408 return false;
409 }
410 } else {
411 MOZ_ASSERT(MMul::Mode(mode_) == MMul::Integer);
412 if (!js::math_imul_handle(cx, lhs, rhs, &result)) {
413 return false;
414 }
415 }
416
417 iter.storeInstructionResult(result);
418 return true;
419 }
420
421 bool MDiv::writeRecoverData(CompactBufferWriter& writer) const {
422 MOZ_ASSERT(canRecoverOnBailout());
423 writer.writeUnsigned(uint32_t(RInstruction::Recover_Div));
424 writer.writeByte(type() == MIRType::Float32);
425 return true;
426 }
427
428 RDiv::RDiv(CompactBufferReader& reader) {
429 isFloatOperation_ = reader.readByte();
430 }
431
432 bool RDiv::recover(JSContext* cx, SnapshotIterator& iter) const {
433 RootedValue lhs(cx, iter.read());
434 RootedValue rhs(cx, iter.read());
435 RootedValue result(cx);
436
437 if (!js::DivValues(cx, &lhs, &rhs, &result)) {
438 return false;
439 }
440
441 // MIRType::Float32 is a specialization embedding the fact that the result is
442 // rounded to a Float32.
443 if (isFloatOperation_ && !RoundFloat32(cx, result, &result)) {
444 return false;
445 }
446
447 iter.storeInstructionResult(result);
448 return true;
449 }
450
451 bool MMod::writeRecoverData(CompactBufferWriter& writer) const {
452 MOZ_ASSERT(canRecoverOnBailout());
453 writer.writeUnsigned(uint32_t(RInstruction::Recover_Mod));
454 return true;
455 }
456
457 RMod::RMod(CompactBufferReader& reader) {}
458
459 bool RMod::recover(JSContext* cx, SnapshotIterator& iter) const {
460 RootedValue lhs(cx, iter.read());
461 RootedValue rhs(cx, iter.read());
462 RootedValue result(cx);
463
464 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
465 if (!js::ModValues(cx, &lhs, &rhs, &result)) {
466 return false;
467 }
468
469 iter.storeInstructionResult(result);
470 return true;
471 }
472
473 bool MNot::writeRecoverData(CompactBufferWriter& writer) const {
474 MOZ_ASSERT(canRecoverOnBailout());
475 writer.writeUnsigned(uint32_t(RInstruction::Recover_Not));
476 return true;
477 }
478
479 RNot::RNot(CompactBufferReader& reader) {}
480
481 bool RNot::recover(JSContext* cx, SnapshotIterator& iter) const {
482 RootedValue v(cx, iter.read());
483 RootedValue result(cx);
484
485 result.setBoolean(!ToBoolean(v));
486
487 iter.storeInstructionResult(result);
488 return true;
489 }
490
491 bool MBigIntAdd::writeRecoverData(CompactBufferWriter& writer) const {
492 MOZ_ASSERT(canRecoverOnBailout());
493 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntAdd));
494 return true;
495 }
496
497 RBigIntAdd::RBigIntAdd(CompactBufferReader& reader) {}
498
499 bool RBigIntAdd::recover(JSContext* cx, SnapshotIterator& iter) const {
500 Rooted<BigInt*> lhs(cx, iter.readBigInt());
501 Rooted<BigInt*> rhs(cx, iter.readBigInt());
502
503 BigInt* result = BigInt::add(cx, lhs, rhs);
504 if (!result) {
505 return false;
506 }
507
508 iter.storeInstructionResult(BigIntValue(result));
509 return true;
510 }
511
512 bool MBigIntSub::writeRecoverData(CompactBufferWriter& writer) const {
513 MOZ_ASSERT(canRecoverOnBailout());
514 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntSub));
515 return true;
516 }
517
518 RBigIntSub::RBigIntSub(CompactBufferReader& reader) {}
519
520 bool RBigIntSub::recover(JSContext* cx, SnapshotIterator& iter) const {
521 Rooted<BigInt*> lhs(cx, iter.readBigInt());
522 Rooted<BigInt*> rhs(cx, iter.readBigInt());
523
524 BigInt* result = BigInt::sub(cx, lhs, rhs);
525 if (!result) {
526 return false;
527 }
528
529 iter.storeInstructionResult(BigIntValue(result));
530 return true;
531 }
532
533 bool MBigIntMul::writeRecoverData(CompactBufferWriter& writer) const {
534 MOZ_ASSERT(canRecoverOnBailout());
535 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntMul));
536 return true;
537 }
538
539 RBigIntMul::RBigIntMul(CompactBufferReader& reader) {}
540
541 bool RBigIntMul::recover(JSContext* cx, SnapshotIterator& iter) const {
542 Rooted<BigInt*> lhs(cx, iter.readBigInt());
543 Rooted<BigInt*> rhs(cx, iter.readBigInt());
544
545 BigInt* result = BigInt::mul(cx, lhs, rhs);
546 if (!result) {
547 return false;
548 }
549
550 iter.storeInstructionResult(BigIntValue(result));
551 return true;
552 }
553
554 bool MBigIntDiv::writeRecoverData(CompactBufferWriter& writer) const {
555 MOZ_ASSERT(canRecoverOnBailout());
556 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntDiv));
557 return true;
558 }
559
560 RBigIntDiv::RBigIntDiv(CompactBufferReader& reader) {}
561
562 bool RBigIntDiv::recover(JSContext* cx, SnapshotIterator& iter) const {
563 Rooted<BigInt*> lhs(cx, iter.readBigInt());
564 Rooted<BigInt*> rhs(cx, iter.readBigInt());
565 MOZ_ASSERT(!rhs->isZero(),
566 "division by zero throws and therefore can't be recovered");
567
568 BigInt* result = BigInt::div(cx, lhs, rhs);
569 if (!result) {
570 return false;
571 }
572
573 iter.storeInstructionResult(BigIntValue(result));
574 return true;
575 }
576
577 bool MBigIntMod::writeRecoverData(CompactBufferWriter& writer) const {
578 MOZ_ASSERT(canRecoverOnBailout());
579 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntMod));
580 return true;
581 }
582
583 RBigIntMod::RBigIntMod(CompactBufferReader& reader) {}
584
585 bool RBigIntMod::recover(JSContext* cx, SnapshotIterator& iter) const {
586 Rooted<BigInt*> lhs(cx, iter.readBigInt());
587 Rooted<BigInt*> rhs(cx, iter.readBigInt());
588 MOZ_ASSERT(!rhs->isZero(),
589 "division by zero throws and therefore can't be recovered");
590
591 BigInt* result = BigInt::mod(cx, lhs, rhs);
592 if (!result) {
593 return false;
594 }
595
596 iter.storeInstructionResult(BigIntValue(result));
597 return true;
598 }
599
600 bool MBigIntPow::writeRecoverData(CompactBufferWriter& writer) const {
601 MOZ_ASSERT(canRecoverOnBailout());
602 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntPow));
603 return true;
604 }
605
606 RBigIntPow::RBigIntPow(CompactBufferReader& reader) {}
607
608 bool RBigIntPow::recover(JSContext* cx, SnapshotIterator& iter) const {
609 Rooted<BigInt*> lhs(cx, iter.readBigInt());
610 Rooted<BigInt*> rhs(cx, iter.readBigInt());
611 MOZ_ASSERT(!rhs->isNegative(),
612 "negative exponent throws and therefore can't be recovered");
613
614 BigInt* result = BigInt::pow(cx, lhs, rhs);
615 if (!result) {
616 return false;
617 }
618
619 iter.storeInstructionResult(BigIntValue(result));
620 return true;
621 }
622
623 bool MBigIntBitAnd::writeRecoverData(CompactBufferWriter& writer) const {
624 MOZ_ASSERT(canRecoverOnBailout());
625 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntBitAnd));
626 return true;
627 }
628
629 RBigIntBitAnd::RBigIntBitAnd(CompactBufferReader& reader) {}
630
631 bool RBigIntBitAnd::recover(JSContext* cx, SnapshotIterator& iter) const {
632 Rooted<BigInt*> lhs(cx, iter.readBigInt());
633 Rooted<BigInt*> rhs(cx, iter.readBigInt());
634
635 BigInt* result = BigInt::bitAnd(cx, lhs, rhs);
636 if (!result) {
637 return false;
638 }
639
640 iter.storeInstructionResult(BigIntValue(result));
641 return true;
642 }
643
644 bool MBigIntBitOr::writeRecoverData(CompactBufferWriter& writer) const {
645 MOZ_ASSERT(canRecoverOnBailout());
646 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntBitOr));
647 return true;
648 }
649
650 RBigIntBitOr::RBigIntBitOr(CompactBufferReader& reader) {}
651
652 bool RBigIntBitOr::recover(JSContext* cx, SnapshotIterator& iter) const {
653 Rooted<BigInt*> lhs(cx, iter.readBigInt());
654 Rooted<BigInt*> rhs(cx, iter.readBigInt());
655
656 BigInt* result = BigInt::bitOr(cx, lhs, rhs);
657 if (!result) {
658 return false;
659 }
660
661 iter.storeInstructionResult(BigIntValue(result));
662 return true;
663 }
664
665 bool MBigIntBitXor::writeRecoverData(CompactBufferWriter& writer) const {
666 MOZ_ASSERT(canRecoverOnBailout());
667 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntBitXor));
668 return true;
669 }
670
671 RBigIntBitXor::RBigIntBitXor(CompactBufferReader& reader) {}
672
673 bool RBigIntBitXor::recover(JSContext* cx, SnapshotIterator& iter) const {
674 Rooted<BigInt*> lhs(cx, iter.readBigInt());
675 Rooted<BigInt*> rhs(cx, iter.readBigInt());
676
677 BigInt* result = BigInt::bitXor(cx, lhs, rhs);
678 if (!result) {
679 return false;
680 }
681
682 iter.storeInstructionResult(BigIntValue(result));
683 return true;
684 }
685
686 bool MBigIntLsh::writeRecoverData(CompactBufferWriter& writer) const {
687 MOZ_ASSERT(canRecoverOnBailout());
688 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntLsh));
689 return true;
690 }
691
692 RBigIntLsh::RBigIntLsh(CompactBufferReader& reader) {}
693
694 bool RBigIntLsh::recover(JSContext* cx, SnapshotIterator& iter) const {
695 Rooted<BigInt*> lhs(cx, iter.readBigInt());
696 Rooted<BigInt*> rhs(cx, iter.readBigInt());
697
698 BigInt* result = BigInt::lsh(cx, lhs, rhs);
699 if (!result) {
700 return false;
701 }
702
703 iter.storeInstructionResult(BigIntValue(result));
704 return true;
705 }
706
707 bool MBigIntRsh::writeRecoverData(CompactBufferWriter& writer) const {
708 MOZ_ASSERT(canRecoverOnBailout());
709 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntRsh));
710 return true;
711 }
712
713 RBigIntRsh::RBigIntRsh(CompactBufferReader& reader) {}
714
715 bool RBigIntRsh::recover(JSContext* cx, SnapshotIterator& iter) const {
716 Rooted<BigInt*> lhs(cx, iter.readBigInt());
717 Rooted<BigInt*> rhs(cx, iter.readBigInt());
718
719 BigInt* result = BigInt::rsh(cx, lhs, rhs);
720 if (!result) {
721 return false;
722 }
723
724 iter.storeInstructionResult(BigIntValue(result));
725 return true;
726 }
727
728 bool MBigIntIncrement::writeRecoverData(CompactBufferWriter& writer) const {
729 MOZ_ASSERT(canRecoverOnBailout());
730 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntIncrement));
731 return true;
732 }
733
734 RBigIntIncrement::RBigIntIncrement(CompactBufferReader& reader) {}
735
736 bool RBigIntIncrement::recover(JSContext* cx, SnapshotIterator& iter) const {
737 Rooted<BigInt*> operand(cx, iter.readBigInt());
738
739 BigInt* result = BigInt::inc(cx, operand);
740 if (!result) {
741 return false;
742 }
743
744 iter.storeInstructionResult(BigIntValue(result));
745 return true;
746 }
747
748 bool MBigIntDecrement::writeRecoverData(CompactBufferWriter& writer) const {
749 MOZ_ASSERT(canRecoverOnBailout());
750 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntDecrement));
751 return true;
752 }
753
754 RBigIntDecrement::RBigIntDecrement(CompactBufferReader& reader) {}
755
756 bool RBigIntDecrement::recover(JSContext* cx, SnapshotIterator& iter) const {
757 Rooted<BigInt*> operand(cx, iter.readBigInt());
758
759 BigInt* result = BigInt::dec(cx, operand);
760 if (!result) {
761 return false;
762 }
763
764 iter.storeInstructionResult(BigIntValue(result));
765 return true;
766 }
767
768 bool MBigIntNegate::writeRecoverData(CompactBufferWriter& writer) const {
769 MOZ_ASSERT(canRecoverOnBailout());
770 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntNegate));
771 return true;
772 }
773
774 RBigIntNegate::RBigIntNegate(CompactBufferReader& reader) {}
775
776 bool RBigIntNegate::recover(JSContext* cx, SnapshotIterator& iter) const {
777 Rooted<BigInt*> operand(cx, iter.readBigInt());
778
779 BigInt* result = BigInt::neg(cx, operand);
780 if (!result) {
781 return false;
782 }
783
784 iter.storeInstructionResult(BigIntValue(result));
785 return true;
786 }
787
788 bool MBigIntBitNot::writeRecoverData(CompactBufferWriter& writer) const {
789 MOZ_ASSERT(canRecoverOnBailout());
790 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntBitNot));
791 return true;
792 }
793
794 RBigIntBitNot::RBigIntBitNot(CompactBufferReader& reader) {}
795
796 bool RBigIntBitNot::recover(JSContext* cx, SnapshotIterator& iter) const {
797 Rooted<BigInt*> operand(cx, iter.readBigInt());
798
799 BigInt* result = BigInt::bitNot(cx, operand);
800 if (!result) {
801 return false;
802 }
803
804 iter.storeInstructionResult(BigIntValue(result));
805 return true;
806 }
807
808 bool MCompare::writeRecoverData(CompactBufferWriter& writer) const {
809 MOZ_ASSERT(canRecoverOnBailout());
810 writer.writeUnsigned(uint32_t(RInstruction::Recover_Compare));
811
812 static_assert(sizeof(JSOp) == sizeof(uint8_t));
813 writer.writeByte(uint8_t(jsop_));
814 return true;
815 }
816
817 RCompare::RCompare(CompactBufferReader& reader) {
818 jsop_ = JSOp(reader.readByte());
819
820 MOZ_ASSERT(IsEqualityOp(jsop_) || IsRelationalOp(jsop_));
821 }
822
823 bool RCompare::recover(JSContext* cx, SnapshotIterator& iter) const {
824 RootedValue lhs(cx, iter.read());
825 RootedValue rhs(cx, iter.read());
826
827 bool result;
828 switch (jsop_) {
829 case JSOp::Eq:
830 case JSOp::Ne:
831 if (!js::LooselyEqual(cx, lhs, rhs, &result)) {
832 return false;
833 }
834 if (jsop_ == JSOp::Ne) {
835 result = !result;
836 }
837 break;
838 case JSOp::StrictEq:
839 case JSOp::StrictNe:
840 if (!StrictlyEqual(cx, lhs, rhs, &result)) {
841 return false;
842 }
843 if (jsop_ == JSOp::StrictNe) {
844 result = !result;
845 }
846 break;
847 case JSOp::Lt:
848 if (!js::LessThan(cx, &lhs, &rhs, &result)) {
849 return false;
850 }
851 break;
852 case JSOp::Le:
853 if (!js::LessThanOrEqual(cx, &lhs, &rhs, &result)) {
854 return false;
855 }
856 break;
857 case JSOp::Gt:
858 if (!js::GreaterThan(cx, &lhs, &rhs, &result)) {
859 return false;
860 }
861 break;
862 case JSOp::Ge:
863 if (!js::GreaterThanOrEqual(cx, &lhs, &rhs, &result)) {
864 return false;
865 }
866 break;
867 default:
868 MOZ_CRASH("Unexpected op.");
869 }
870
871 iter.storeInstructionResult(BooleanValue(result));
872 return true;
873 }
874
875 bool MConcat::writeRecoverData(CompactBufferWriter& writer) const {
876 MOZ_ASSERT(canRecoverOnBailout());
877 writer.writeUnsigned(uint32_t(RInstruction::Recover_Concat));
878 return true;
879 }
880
881 RConcat::RConcat(CompactBufferReader& reader) {}
882
883 bool RConcat::recover(JSContext* cx, SnapshotIterator& iter) const {
884 RootedValue lhs(cx, iter.read());
885 RootedValue rhs(cx, iter.read());
886 RootedValue result(cx);
887
888 MOZ_ASSERT(!lhs.isObject() && !rhs.isObject());
889 if (!js::AddValues(cx, &lhs, &rhs, &result)) {
890 return false;
891 }
892
893 iter.storeInstructionResult(result);
894 return true;
895 }
896
897 RStringLength::RStringLength(CompactBufferReader& reader) {}
898
899 bool RStringLength::recover(JSContext* cx, SnapshotIterator& iter) const {
900 JSString* string = iter.readString();
901
902 static_assert(JSString::MAX_LENGTH <= INT32_MAX,
903 "Can cast string length to int32_t");
904
905 iter.storeInstructionResult(Int32Value(int32_t(string->length())));
906 return true;
907 }
908
909 bool MStringLength::writeRecoverData(CompactBufferWriter& writer) const {
910 MOZ_ASSERT(canRecoverOnBailout());
911 writer.writeUnsigned(uint32_t(RInstruction::Recover_StringLength));
912 return true;
913 }
914
915 bool MArgumentsLength::writeRecoverData(CompactBufferWriter& writer) const {
916 MOZ_ASSERT(canRecoverOnBailout());
917 writer.writeUnsigned(uint32_t(RInstruction::Recover_ArgumentsLength));
918 return true;
919 }
920
921 RArgumentsLength::RArgumentsLength(CompactBufferReader& reader) {}
922
923 bool RArgumentsLength::recover(JSContext* cx, SnapshotIterator& iter) const {
924 uintptr_t numActualArgs = iter.frame()->numActualArgs();
925
926 static_assert(ARGS_LENGTH_MAX <= INT32_MAX,
927 "Can cast arguments count to int32_t");
928 MOZ_ASSERT(numActualArgs <= ARGS_LENGTH_MAX);
929
930 iter.storeInstructionResult(JS::Int32Value(int32_t(numActualArgs)));
931 return true;
932 }
933
934 bool MFloor::writeRecoverData(CompactBufferWriter& writer) const {
935 MOZ_ASSERT(canRecoverOnBailout());
936 writer.writeUnsigned(uint32_t(RInstruction::Recover_Floor));
937 return true;
938 }
939
940 RFloor::RFloor(CompactBufferReader& reader) {}
941
942 bool RFloor::recover(JSContext* cx, SnapshotIterator& iter) const {
943 double num = iter.readNumber();
944 double result = js::math_floor_impl(num);
945
946 iter.storeInstructionResult(NumberValue(result));
947 return true;
948 }
949
950 bool MCeil::writeRecoverData(CompactBufferWriter& writer) const {
951 MOZ_ASSERT(canRecoverOnBailout());
952 writer.writeUnsigned(uint32_t(RInstruction::Recover_Ceil));
953 return true;
954 }
955
956 RCeil::RCeil(CompactBufferReader& reader) {}
957
958 bool RCeil::recover(JSContext* cx, SnapshotIterator& iter) const {
959 double num = iter.readNumber();
960 double result = js::math_ceil_impl(num);
961
962 iter.storeInstructionResult(NumberValue(result));
963 return true;
964 }
965
966 bool MRound::writeRecoverData(CompactBufferWriter& writer) const {
967 MOZ_ASSERT(canRecoverOnBailout());
968 writer.writeUnsigned(uint32_t(RInstruction::Recover_Round));
969 return true;
970 }
971
972 RRound::RRound(CompactBufferReader& reader) {}
973
974 bool RRound::recover(JSContext* cx, SnapshotIterator& iter) const {
975 double num = iter.readNumber();
976 double result = js::math_round_impl(num);
977
978 iter.storeInstructionResult(NumberValue(result));
979 return true;
980 }
981
982 bool MTrunc::writeRecoverData(CompactBufferWriter& writer) const {
983 MOZ_ASSERT(canRecoverOnBailout());
984 writer.writeUnsigned(uint32_t(RInstruction::Recover_Trunc));
985 return true;
986 }
987
988 RTrunc::RTrunc(CompactBufferReader& reader) {}
989
990 bool RTrunc::recover(JSContext* cx, SnapshotIterator& iter) const {
991 double num = iter.readNumber();
992 double result = js::math_trunc_impl(num);
993
994 iter.storeInstructionResult(NumberValue(result));
995 return true;
996 }
997
998 bool MCharCodeAt::writeRecoverData(CompactBufferWriter& writer) const {
999 MOZ_ASSERT(canRecoverOnBailout());
1000 writer.writeUnsigned(uint32_t(RInstruction::Recover_CharCodeAt));
1001 return true;
1002 }
1003
1004 RCharCodeAt::RCharCodeAt(CompactBufferReader& reader) {}
1005
1006 bool RCharCodeAt::recover(JSContext* cx, SnapshotIterator& iter) const {
1007 JSString* string = iter.readString();
1008
1009 // Int32 because |index| is computed from MBoundsCheck.
1010 int32_t index = iter.readInt32();
1011 MOZ_RELEASE_ASSERT(0 <= index && size_t(index) < string->length());
1012
1013 char16_t c;
1014 if (!string->getChar(cx, index, &c)) {
1015 return false;
1016 }
1017
1018 iter.storeInstructionResult(Int32Value(c));
1019 return true;
1020 }
1021
1022 bool MFromCharCode::writeRecoverData(CompactBufferWriter& writer) const {
1023 MOZ_ASSERT(canRecoverOnBailout());
1024 writer.writeUnsigned(uint32_t(RInstruction::Recover_FromCharCode));
1025 return true;
1026 }
1027
1028 RFromCharCode::RFromCharCode(CompactBufferReader& reader) {}
1029
1030 bool RFromCharCode::recover(JSContext* cx, SnapshotIterator& iter) const {
1031 // Number because |charCode| is computed from (recoverable) user input.
1032 int32_t charCode = JS::ToInt32(iter.readNumber());
1033
1034 JSString* str = StringFromCharCode(cx, charCode);
1035 if (!str) {
1036 return false;
1037 }
1038
1039 iter.storeInstructionResult(StringValue(str));
1040 return true;
1041 }
1042
1043 bool MFromCharCodeEmptyIfNegative::writeRecoverData(
1044 CompactBufferWriter& writer) const {
1045 MOZ_ASSERT(canRecoverOnBailout());
1046 writer.writeUnsigned(
1047 uint32_t(RInstruction::Recover_FromCharCodeEmptyIfNegative));
1048 return true;
1049 }
1050
1051 RFromCharCodeEmptyIfNegative::RFromCharCodeEmptyIfNegative(
1052 CompactBufferReader& reader) {}
1053
1054 bool RFromCharCodeEmptyIfNegative::recover(JSContext* cx,
1055 SnapshotIterator& iter) const {
1056 // Int32 because |charCode| is computed from MCharCodeAtOrNegative.
1057 int32_t charCode = iter.readInt32();
1058
1059 JSString* str;
1060 if (charCode < 0) {
1061 str = cx->emptyString();
1062 } else {
1063 str = StringFromCharCode(cx, charCode);
1064 if (!str) {
1065 return false;
1066 }
1067 }
1068
1069 iter.storeInstructionResult(StringValue(str));
1070 return true;
1071 }
1072
1073 bool MPow::writeRecoverData(CompactBufferWriter& writer) const {
1074 MOZ_ASSERT(canRecoverOnBailout());
1075 writer.writeUnsigned(uint32_t(RInstruction::Recover_Pow));
1076 return true;
1077 }
1078
1079 RPow::RPow(CompactBufferReader& reader) {}
1080
1081 bool RPow::recover(JSContext* cx, SnapshotIterator& iter) const {
1082 double base = iter.readNumber();
1083 double power = iter.readNumber();
1084 double result = ecmaPow(base, power);
1085
1086 iter.storeInstructionResult(NumberValue(result));
1087 return true;
1088 }
1089
1090 bool MPowHalf::writeRecoverData(CompactBufferWriter& writer) const {
1091 MOZ_ASSERT(canRecoverOnBailout());
1092 writer.writeUnsigned(uint32_t(RInstruction::Recover_PowHalf));
1093 return true;
1094 }
1095
1096 RPowHalf::RPowHalf(CompactBufferReader& reader) {}
1097
1098 bool RPowHalf::recover(JSContext* cx, SnapshotIterator& iter) const {
1099 double base = iter.readNumber();
1100 double power = 0.5;
1101 double result = ecmaPow(base, power);
1102
1103 iter.storeInstructionResult(NumberValue(result));
1104 return true;
1105 }
1106
1107 bool MMinMax::writeRecoverData(CompactBufferWriter& writer) const {
1108 MOZ_ASSERT(canRecoverOnBailout());
1109 writer.writeUnsigned(uint32_t(RInstruction::Recover_MinMax));
1110 writer.writeByte(isMax_);
1111 return true;
1112 }
1113
1114 RMinMax::RMinMax(CompactBufferReader& reader) { isMax_ = reader.readByte(); }
1115
1116 bool RMinMax::recover(JSContext* cx, SnapshotIterator& iter) const {
1117 double x = iter.readNumber();
1118 double y = iter.readNumber();
1119
1120 double result;
1121 if (isMax_) {
1122 result = js::math_max_impl(x, y);
1123 } else {
1124 result = js::math_min_impl(x, y);
1125 }
1126
1127 iter.storeInstructionResult(NumberValue(result));
1128 return true;
1129 }
1130
1131 bool MAbs::writeRecoverData(CompactBufferWriter& writer) const {
1132 MOZ_ASSERT(canRecoverOnBailout());
1133 writer.writeUnsigned(uint32_t(RInstruction::Recover_Abs));
1134 return true;
1135 }
1136
1137 RAbs::RAbs(CompactBufferReader& reader) {}
1138
1139 bool RAbs::recover(JSContext* cx, SnapshotIterator& iter) const {
1140 double num = iter.readNumber();
1141 double result = js::math_abs_impl(num);
1142
1143 iter.storeInstructionResult(NumberValue(result));
1144 return true;
1145 }
1146
1147 bool MSqrt::writeRecoverData(CompactBufferWriter& writer) const {
1148 MOZ_ASSERT(canRecoverOnBailout());
1149 writer.writeUnsigned(uint32_t(RInstruction::Recover_Sqrt));
1150 writer.writeByte(type() == MIRType::Float32);
1151 return true;
1152 }
1153
1154 RSqrt::RSqrt(CompactBufferReader& reader) {
1155 isFloatOperation_ = reader.readByte();
1156 }
1157
1158 bool RSqrt::recover(JSContext* cx, SnapshotIterator& iter) const {
1159 double num = iter.readNumber();
1160 double result = js::math_sqrt_impl(num);
1161
1162 // MIRType::Float32 is a specialization embedding the fact that the result is
1163 // rounded to a Float32.
1164 if (isFloatOperation_) {
1165 result = js::RoundFloat32(result);
1166 }
1167
1168 iter.storeInstructionResult(DoubleValue(result));
1169 return true;
1170 }
1171
1172 bool MAtan2::writeRecoverData(CompactBufferWriter& writer) const {
1173 MOZ_ASSERT(canRecoverOnBailout());
1174 writer.writeUnsigned(uint32_t(RInstruction::Recover_Atan2));
1175 return true;
1176 }
1177
1178 RAtan2::RAtan2(CompactBufferReader& reader) {}
1179
1180 bool RAtan2::recover(JSContext* cx, SnapshotIterator& iter) const {
1181 double y = iter.readNumber();
1182 double x = iter.readNumber();
1183 double result = js::ecmaAtan2(y, x);
1184
1185 iter.storeInstructionResult(DoubleValue(result));
1186 return true;
1187 }
1188
1189 bool MHypot::writeRecoverData(CompactBufferWriter& writer) const {
1190 MOZ_ASSERT(canRecoverOnBailout());
1191 writer.writeUnsigned(uint32_t(RInstruction::Recover_Hypot));
1192 writer.writeUnsigned(uint32_t(numOperands()));
1193 return true;
1194 }
1195
1196 RHypot::RHypot(CompactBufferReader& reader)
1197 : numOperands_(reader.readUnsigned()) {}
1198
1199 bool RHypot::recover(JSContext* cx, SnapshotIterator& iter) const {
1200 JS::RootedValueVector vec(cx);
1201
1202 if (!vec.reserve(numOperands_)) {
1203 return false;
1204 }
1205
1206 for (uint32_t i = 0; i < numOperands_; ++i) {
1207 vec.infallibleAppend(NumberValue(iter.readNumber()));
1208 }
1209
1210 RootedValue result(cx);
1211
1212 if (!js::math_hypot_handle(cx, vec, &result)) {
1213 return false;
1214 }
1215
1216 iter.storeInstructionResult(result);
1217 return true;
1218 }
1219
1220 bool MNearbyInt::writeRecoverData(CompactBufferWriter& writer) const {
1221 MOZ_ASSERT(canRecoverOnBailout());
1222 switch (roundingMode_) {
1223 case RoundingMode::Up:
1224 writer.writeUnsigned(uint32_t(RInstruction::Recover_Ceil));
1225 return true;
1226 case RoundingMode::Down:
1227 writer.writeUnsigned(uint32_t(RInstruction::Recover_Floor));
1228 return true;
1229 case RoundingMode::TowardsZero:
1230 writer.writeUnsigned(uint32_t(RInstruction::Recover_Trunc));
1231 return true;
1232 default:
1233 MOZ_CRASH("Unsupported rounding mode.");
1234 }
1235 }
1236
1237 RNearbyInt::RNearbyInt(CompactBufferReader& reader) {
1238 roundingMode_ = reader.readByte();
1239 }
1240
1241 bool RNearbyInt::recover(JSContext* cx, SnapshotIterator& iter) const {
1242 MOZ_CRASH("Unsupported rounding mode.");
1243 }
1244
1245 bool MSign::writeRecoverData(CompactBufferWriter& writer) const {
1246 MOZ_ASSERT(canRecoverOnBailout());
1247 writer.writeUnsigned(uint32_t(RInstruction::Recover_Sign));
1248 return true;
1249 }
1250
1251 RSign::RSign(CompactBufferReader& reader) {}
1252
1253 bool RSign::recover(JSContext* cx, SnapshotIterator& iter) const {
1254 double num = iter.readNumber();
1255 double result = js::math_sign_impl(num);
1256
1257 iter.storeInstructionResult(NumberValue(result));
1258 return true;
1259 }
1260
1261 bool MMathFunction::writeRecoverData(CompactBufferWriter& writer) const {
1262 MOZ_ASSERT(canRecoverOnBailout());
1263 switch (function_) {
1264 case UnaryMathFunction::Ceil:
1265 writer.writeUnsigned(uint32_t(RInstruction::Recover_Ceil));
1266 return true;
1267 case UnaryMathFunction::Floor:
1268 writer.writeUnsigned(uint32_t(RInstruction::Recover_Floor));
1269 return true;
1270 case UnaryMathFunction::Round:
1271 writer.writeUnsigned(uint32_t(RInstruction::Recover_Round));
1272 return true;
1273 case UnaryMathFunction::Trunc:
1274 writer.writeUnsigned(uint32_t(RInstruction::Recover_Trunc));
1275 return true;
1276 case UnaryMathFunction::SinNative:
1277 case UnaryMathFunction::SinFdlibm:
1278 case UnaryMathFunction::CosNative:
1279 case UnaryMathFunction::CosFdlibm:
1280 case UnaryMathFunction::TanNative:
1281 case UnaryMathFunction::TanFdlibm:
1282 case UnaryMathFunction::Log:
1283 case UnaryMathFunction::Exp:
1284 case UnaryMathFunction::ACos:
1285 case UnaryMathFunction::ASin:
1286 case UnaryMathFunction::ATan:
1287 case UnaryMathFunction::Log10:
1288 case UnaryMathFunction::Log2:
1289 case UnaryMathFunction::Log1P:
1290 case UnaryMathFunction::ExpM1:
1291 case UnaryMathFunction::CosH:
1292 case UnaryMathFunction::SinH:
1293 case UnaryMathFunction::TanH:
1294 case UnaryMathFunction::ACosH:
1295 case UnaryMathFunction::ASinH:
1296 case UnaryMathFunction::ATanH:
1297 case UnaryMathFunction::Cbrt:
1298 static_assert(sizeof(UnaryMathFunction) == sizeof(uint8_t));
1299 writer.writeUnsigned(uint32_t(RInstruction::Recover_MathFunction));
1300 writer.writeByte(uint8_t(function_));
1301 return true;
1302 }
1303 MOZ_CRASH("Unknown math function.");
1304 }
1305
1306 RMathFunction::RMathFunction(CompactBufferReader& reader) {
1307 function_ = UnaryMathFunction(reader.readByte());
1308 }
1309
1310 bool RMathFunction::recover(JSContext* cx, SnapshotIterator& iter) const {
1311 double num = iter.readNumber();
1312
1313 double result;
1314 switch (function_) {
1315 case UnaryMathFunction::SinNative:
1316 result = js::math_sin_native_impl(num);
1317 break;
1318 case UnaryMathFunction::SinFdlibm:
1319 result = js::math_sin_fdlibm_impl(num);
1320 break;
1321 case UnaryMathFunction::CosNative:
1322 result = js::math_cos_native_impl(num);
1323 break;
1324 case UnaryMathFunction::CosFdlibm:
1325 result = js::math_cos_fdlibm_impl(num);
1326 break;
1327 case UnaryMathFunction::TanNative:
1328 result = js::math_tan_native_impl(num);
1329 break;
1330 case UnaryMathFunction::TanFdlibm:
1331 result = js::math_tan_fdlibm_impl(num);
1332 break;
1333 case UnaryMathFunction::Log:
1334 result = js::math_log_impl(num);
1335 break;
1336 case UnaryMathFunction::Exp:
1337 result = js::math_exp_impl(num);
1338 break;
1339 case UnaryMathFunction::ACos:
1340 result = js::math_acos_impl(num);
1341 break;
1342 case UnaryMathFunction::ASin:
1343 result = js::math_asin_impl(num);
1344 break;
1345 case UnaryMathFunction::ATan:
1346 result = js::math_atan_impl(num);
1347 break;
1348 case UnaryMathFunction::Log10:
1349 result = js::math_log10_impl(num);
1350 break;
1351 case UnaryMathFunction::Log2:
1352 result = js::math_log2_impl(num);
1353 break;
1354 case UnaryMathFunction::Log1P:
1355 result = js::math_log1p_impl(num);
1356 break;
1357 case UnaryMathFunction::ExpM1:
1358 result = js::math_expm1_impl(num);
1359 break;
1360 case UnaryMathFunction::CosH:
1361 result = js::math_cosh_impl(num);
1362 break;
1363 case UnaryMathFunction::SinH:
1364 result = js::math_sinh_impl(num);
1365 break;
1366 case UnaryMathFunction::TanH:
1367 result = js::math_tanh_impl(num);
1368 break;
1369 case UnaryMathFunction::ACosH:
1370 result = js::math_acosh_impl(num);
1371 break;
1372 case UnaryMathFunction::ASinH:
1373 result = js::math_asinh_impl(num);
1374 break;
1375 case UnaryMathFunction::ATanH:
1376 result = js::math_atanh_impl(num);
1377 break;
1378 case UnaryMathFunction::Cbrt:
1379 result = js::math_cbrt_impl(num);
1380 break;
1381
1382 case UnaryMathFunction::Trunc:
1383 case UnaryMathFunction::Floor:
1384 case UnaryMathFunction::Ceil:
1385 case UnaryMathFunction::Round:
1386 // These have their own recover instructions.
1387 MOZ_CRASH("Unexpected rounding math function.");
1388 }
1389
1390 iter.storeInstructionResult(DoubleValue(result));
1391 return true;
1392 }
1393
1394 bool MRandom::writeRecoverData(CompactBufferWriter& writer) const {
1395 MOZ_ASSERT(this->canRecoverOnBailout());
1396 writer.writeUnsigned(uint32_t(RInstruction::Recover_Random));
1397 return true;
1398 }
1399
1400 bool MRandom::canRecoverOnBailout() const {
1401 return !js::SupportDifferentialTesting();
1402 }
1403
1404 RRandom::RRandom(CompactBufferReader& reader) {}
1405
1406 bool RRandom::recover(JSContext* cx, SnapshotIterator& iter) const {
1407 iter.storeInstructionResult(DoubleValue(math_random_impl(cx)));
1408 return true;
1409 }
1410
1411 bool MStringSplit::writeRecoverData(CompactBufferWriter& writer) const {
1412 MOZ_ASSERT(canRecoverOnBailout());
1413 writer.writeUnsigned(uint32_t(RInstruction::Recover_StringSplit));
1414 return true;
1415 }
1416
1417 RStringSplit::RStringSplit(CompactBufferReader& reader) {}
1418
1419 bool RStringSplit::recover(JSContext* cx, SnapshotIterator& iter) const {
1420 RootedString str(cx, iter.readString());
1421 RootedString sep(cx, iter.readString());
1422
1423 JSObject* res = StringSplitString(cx, str, sep, INT32_MAX);
1424 if (!res) {
1425 return false;
1426 }
1427
1428 iter.storeInstructionResult(ObjectValue(*res));
1429 return true;
1430 }
1431
1432 bool MNaNToZero::writeRecoverData(CompactBufferWriter& writer) const {
1433 MOZ_ASSERT(canRecoverOnBailout());
1434 writer.writeUnsigned(uint32_t(RInstruction::Recover_NaNToZero));
1435 return true;
1436 }
1437
1438 RNaNToZero::RNaNToZero(CompactBufferReader& reader) {}
1439
1440 bool RNaNToZero::recover(JSContext* cx, SnapshotIterator& iter) const {
1441 double v = iter.readNumber();
1442 if (std::isnan(v) || mozilla::IsNegativeZero(v)) {
1443 v = 0.0;
1444 }
1445
1446 iter.storeInstructionResult(DoubleValue(v));
1447 return true;
1448 }
1449
1450 bool MRegExpMatcher::writeRecoverData(CompactBufferWriter& writer) const {
1451 MOZ_ASSERT(canRecoverOnBailout());
1452 writer.writeUnsigned(uint32_t(RInstruction::Recover_RegExpMatcher));
1453 return true;
1454 }
1455
1456 RRegExpMatcher::RRegExpMatcher(CompactBufferReader& reader) {}
1457
1458 bool RRegExpMatcher::recover(JSContext* cx, SnapshotIterator& iter) const {
1459 RootedObject regexp(cx, iter.readObject());
1460 RootedString input(cx, iter.readString());
1461
1462 // Int32 because |lastIndex| is computed from transpiled self-hosted call.
1463 int32_t lastIndex = iter.readInt32();
1464
1465 RootedValue result(cx);
1466 if (!RegExpMatcherRaw(cx, regexp, input, lastIndex, nullptr, &result)) {
1467 return false;
1468 }
1469
1470 iter.storeInstructionResult(result);
1471 return true;
1472 }
1473
1474 bool MTypeOf::writeRecoverData(CompactBufferWriter& writer) const {
1475 MOZ_ASSERT(canRecoverOnBailout());
1476 writer.writeUnsigned(uint32_t(RInstruction::Recover_TypeOf));
1477 return true;
1478 }
1479
1480 RTypeOf::RTypeOf(CompactBufferReader& reader) {}
1481
1482 bool RTypeOf::recover(JSContext* cx, SnapshotIterator& iter) const {
1483 JS::Value v = iter.read();
1484
1485 iter.storeInstructionResult(Int32Value(TypeOfValue(v)));
1486 return true;
1487 }
1488
1489 bool MTypeOfName::writeRecoverData(CompactBufferWriter& writer) const {
1490 MOZ_ASSERT(canRecoverOnBailout());
1491 writer.writeUnsigned(uint32_t(RInstruction::Recover_TypeOfName));
1492 return true;
1493 }
1494
1495 RTypeOfName::RTypeOfName(CompactBufferReader& reader) {}
1496
1497 bool RTypeOfName::recover(JSContext* cx, SnapshotIterator& iter) const {
1498 // Int32 because |type| is computed from MTypeOf.
1499 int32_t type = iter.readInt32();
1500 MOZ_ASSERT(JSTYPE_UNDEFINED <= type && type < JSTYPE_LIMIT);
1501
1502 JSString* name = TypeName(JSType(type), *cx->runtime()->commonNames);
1503 iter.storeInstructionResult(StringValue(name));
1504 return true;
1505 }
1506
1507 bool MToDouble::writeRecoverData(CompactBufferWriter& writer) const {
1508 MOZ_ASSERT(canRecoverOnBailout());
1509 writer.writeUnsigned(uint32_t(RInstruction::Recover_ToDouble));
1510 return true;
1511 }
1512
1513 RToDouble::RToDouble(CompactBufferReader& reader) {}
1514
1515 bool RToDouble::recover(JSContext* cx, SnapshotIterator& iter) const {
1516 RootedValue v(cx, iter.read());
1517
1518 MOZ_ASSERT(!v.isObject());
1519 MOZ_ASSERT(!v.isSymbol());
1520 MOZ_ASSERT(!v.isBigInt());
1521
1522 double dbl;
1523 if (!ToNumber(cx, v, &dbl)) {
1524 return false;
1525 }
1526
1527 iter.storeInstructionResult(DoubleValue(dbl));
1528 return true;
1529 }
1530
1531 bool MToFloat32::writeRecoverData(CompactBufferWriter& writer) const {
1532 MOZ_ASSERT(canRecoverOnBailout());
1533 writer.writeUnsigned(uint32_t(RInstruction::Recover_ToFloat32));
1534 return true;
1535 }
1536
1537 RToFloat32::RToFloat32(CompactBufferReader& reader) {}
1538
1539 bool RToFloat32::recover(JSContext* cx, SnapshotIterator& iter) const {
1540 double num = iter.readNumber();
1541 double result = js::RoundFloat32(num);
1542
1543 iter.storeInstructionResult(DoubleValue(result));
1544 return true;
1545 }
1546
1547 bool MTruncateToInt32::writeRecoverData(CompactBufferWriter& writer) const {
1548 MOZ_ASSERT(canRecoverOnBailout());
1549 writer.writeUnsigned(uint32_t(RInstruction::Recover_TruncateToInt32));
1550 return true;
1551 }
1552
1553 RTruncateToInt32::RTruncateToInt32(CompactBufferReader& reader) {}
1554
1555 bool RTruncateToInt32::recover(JSContext* cx, SnapshotIterator& iter) const {
1556 RootedValue value(cx, iter.read());
1557
1558 int32_t trunc;
1559 if (!JS::ToInt32(cx, value, &trunc)) {
1560 return false;
1561 }
1562
1563 iter.storeInstructionResult(Int32Value(trunc));
1564 return true;
1565 }
1566
1567 bool MNewObject::writeRecoverData(CompactBufferWriter& writer) const {
1568 MOZ_ASSERT(canRecoverOnBailout());
1569
1570 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewObject));
1571
1572 // Recover instructions are only supported if we have a template object.
1573 MOZ_ASSERT(mode_ == MNewObject::ObjectCreate);
1574 return true;
1575 }
1576
1577 RNewObject::RNewObject(CompactBufferReader& reader) {}
1578
1579 bool RNewObject::recover(JSContext* cx, SnapshotIterator& iter) const {
1580 RootedObject templateObject(cx, iter.readObject());
1581
1582 // See CodeGenerator::visitNewObjectVMCall.
1583 // Note that recover instructions are only used if mode == ObjectCreate.
1584 JSObject* resultObject =
1585 ObjectCreateWithTemplate(cx, templateObject.as<PlainObject>());
1586 if (!resultObject) {
1587 return false;
1588 }
1589
1590 iter.storeInstructionResult(ObjectValue(*resultObject));
1591 return true;
1592 }
1593
1594 bool MNewPlainObject::writeRecoverData(CompactBufferWriter& writer) const {
1595 MOZ_ASSERT(canRecoverOnBailout());
1596 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewPlainObject));
1597
1598 MOZ_ASSERT(gc::AllocKind(uint8_t(allocKind_)) == allocKind_);
1599 writer.writeByte(uint8_t(allocKind_));
1600 MOZ_ASSERT(gc::Heap(uint8_t(initialHeap_)) == initialHeap_);
1601 writer.writeByte(uint8_t(initialHeap_));
1602 return true;
1603 }
1604
1605 RNewPlainObject::RNewPlainObject(CompactBufferReader& reader) {
1606 allocKind_ = gc::AllocKind(reader.readByte());
1607 MOZ_ASSERT(gc::IsValidAllocKind(allocKind_));
1608 initialHeap_ = gc::Heap(reader.readByte());
1609 MOZ_ASSERT(initialHeap_ == gc::Heap::Default ||
1610 initialHeap_ == gc::Heap::Tenured);
1611 }
1612
1613 bool RNewPlainObject::recover(JSContext* cx, SnapshotIterator& iter) const {
1614 Rooted<SharedShape*> shape(cx, &iter.readGCCellPtr().as<Shape>().asShared());
1615
1616 // See CodeGenerator::visitNewPlainObject.
1617 JSObject* resultObject =
1618 NewPlainObjectOptimizedFallback(cx, shape, allocKind_, initialHeap_);
1619 if (!resultObject) {
1620 return false;
1621 }
1622
1623 iter.storeInstructionResult(ObjectValue(*resultObject));
1624 return true;
1625 }
1626
1627 bool MNewArrayObject::writeRecoverData(CompactBufferWriter& writer) const {
1628 MOZ_ASSERT(canRecoverOnBailout());
1629 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewArrayObject));
1630
1631 writer.writeUnsigned(length_);
1632 MOZ_ASSERT(gc::Heap(uint8_t(initialHeap_)) == initialHeap_);
1633 writer.writeByte(uint8_t(initialHeap_));
1634 return true;
1635 }
1636
1637 RNewArrayObject::RNewArrayObject(CompactBufferReader& reader) {
1638 length_ = reader.readUnsigned();
1639 initialHeap_ = gc::Heap(reader.readByte());
1640 MOZ_ASSERT(initialHeap_ == gc::Heap::Default ||
1641 initialHeap_ == gc::Heap::Tenured);
1642 }
1643
1644 bool RNewArrayObject::recover(JSContext* cx, SnapshotIterator& iter) const {
1645 iter.read(); // Skip unused shape field.
1646
1647 NewObjectKind kind =
1648 initialHeap_ == gc::Heap::Tenured ? TenuredObject : GenericObject;
1649 JSObject* array = NewArrayOperation(cx, length_, kind);
1650 if (!array) {
1651 return false;
1652 }
1653
1654 iter.storeInstructionResult(ObjectValue(*array));
1655 return true;
1656 }
1657
1658 bool MNewTypedArray::writeRecoverData(CompactBufferWriter& writer) const {
1659 MOZ_ASSERT(canRecoverOnBailout());
1660 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewTypedArray));
1661 return true;
1662 }
1663
1664 RNewTypedArray::RNewTypedArray(CompactBufferReader& reader) {}
1665
1666 bool RNewTypedArray::recover(JSContext* cx, SnapshotIterator& iter) const {
1667 RootedObject templateObject(cx, iter.readObject());
1668
1669 size_t length = templateObject.as<FixedLengthTypedArrayObject>()->length();
1670 MOZ_ASSERT(length <= INT32_MAX,
1671 "Template objects are only created for int32 lengths");
1672
1673 JSObject* resultObject =
1674 NewTypedArrayWithTemplateAndLength(cx, templateObject, length);
1675 if (!resultObject) {
1676 return false;
1677 }
1678
1679 iter.storeInstructionResult(ObjectValue(*resultObject));
1680 return true;
1681 }
1682
1683 bool MNewArray::writeRecoverData(CompactBufferWriter& writer) const {
1684 MOZ_ASSERT(canRecoverOnBailout());
1685 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewArray));
1686 writer.writeUnsigned(length());
1687 return true;
1688 }
1689
1690 RNewArray::RNewArray(CompactBufferReader& reader) {
1691 count_ = reader.readUnsigned();
1692 }
1693
1694 bool RNewArray::recover(JSContext* cx, SnapshotIterator& iter) const {
1695 RootedObject templateObject(cx, iter.readObject());
1696 Rooted<Shape*> shape(cx, templateObject->shape());
1697
1698 ArrayObject* resultObject = NewArrayWithShape(cx, count_, shape);
1699 if (!resultObject) {
1700 return false;
1701 }
1702
1703 iter.storeInstructionResult(ObjectValue(*resultObject));
1704 return true;
1705 }
1706
1707 bool MNewIterator::writeRecoverData(CompactBufferWriter& writer) const {
1708 MOZ_ASSERT(canRecoverOnBailout());
1709 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewIterator));
1710 writer.writeByte(type_);
1711 return true;
1712 }
1713
1714 RNewIterator::RNewIterator(CompactBufferReader& reader) {
1715 type_ = reader.readByte();
1716 }
1717
1718 bool RNewIterator::recover(JSContext* cx, SnapshotIterator& iter) const {
1719 RootedObject templateObject(cx, iter.readObject());
1720
1721 JSObject* resultObject = nullptr;
1722 switch (MNewIterator::Type(type_)) {
1723 case MNewIterator::ArrayIterator:
1724 resultObject = NewArrayIterator(cx);
1725 break;
1726 case MNewIterator::StringIterator:
1727 resultObject = NewStringIterator(cx);
1728 break;
1729 case MNewIterator::RegExpStringIterator:
1730 resultObject = NewRegExpStringIterator(cx);
1731 break;
1732 }
1733
1734 if (!resultObject) {
1735 return false;
1736 }
1737
1738 iter.storeInstructionResult(ObjectValue(*resultObject));
1739 return true;
1740 }
1741
1742 bool MLambda::writeRecoverData(CompactBufferWriter& writer) const {
1743 MOZ_ASSERT(canRecoverOnBailout());
1744 writer.writeUnsigned(uint32_t(RInstruction::Recover_Lambda));
1745 return true;
1746 }
1747
1748 RLambda::RLambda(CompactBufferReader& reader) {}
1749
1750 bool RLambda::recover(JSContext* cx, SnapshotIterator& iter) const {
1751 RootedObject scopeChain(cx, iter.readObject());
1752 RootedFunction fun(cx, &iter.readObject()->as<JSFunction>());
1753
1754 JSObject* resultObject = js::Lambda(cx, fun, scopeChain);
1755 if (!resultObject) {
1756 return false;
1757 }
1758
1759 iter.storeInstructionResult(ObjectValue(*resultObject));
1760 return true;
1761 }
1762
1763 bool MFunctionWithProto::writeRecoverData(CompactBufferWriter& writer) const {
1764 MOZ_ASSERT(canRecoverOnBailout());
1765 writer.writeUnsigned(uint32_t(RInstruction::Recover_FunctionWithProto));
1766 return true;
1767 }
1768
1769 RFunctionWithProto::RFunctionWithProto(CompactBufferReader& reader) {}
1770
1771 bool RFunctionWithProto::recover(JSContext* cx, SnapshotIterator& iter) const {
1772 RootedObject scopeChain(cx, iter.readObject());
1773 RootedObject prototype(cx, iter.readObject());
1774 RootedFunction fun(cx, &iter.readObject()->as<JSFunction>());
1775
1776 JSObject* resultObject =
1777 js::FunWithProtoOperation(cx, fun, scopeChain, prototype);
1778 if (!resultObject) {
1779 return false;
1780 }
1781
1782 iter.storeInstructionResult(ObjectValue(*resultObject));
1783 return true;
1784 }
1785
1786 bool MNewCallObject::writeRecoverData(CompactBufferWriter& writer) const {
1787 MOZ_ASSERT(canRecoverOnBailout());
1788 writer.writeUnsigned(uint32_t(RInstruction::Recover_NewCallObject));
1789 return true;
1790 }
1791
1792 RNewCallObject::RNewCallObject(CompactBufferReader& reader) {}
1793
1794 bool RNewCallObject::recover(JSContext* cx, SnapshotIterator& iter) const {
1795 Rooted<CallObject*> templateObj(cx, &iter.readObject()->as<CallObject>());
1796
1797 Rooted<SharedShape*> shape(cx, templateObj->sharedShape());
1798
1799 JSObject* resultObject = CallObject::createWithShape(cx, shape);
1800 if (!resultObject) {
1801 return false;
1802 }
1803
1804 iter.storeInstructionResult(ObjectValue(*resultObject));
1805 return true;
1806 }
1807
1808 bool MObjectKeys::canRecoverOnBailout() const {
1809 // Only claim that this operation can be recovered on bailout if some other
1810 // optimization already marked it as such.
1811 return isRecoveredOnBailout();
1812 }
1813
1814 bool MObjectKeys::writeRecoverData(CompactBufferWriter& writer) const {
1815 MOZ_ASSERT(canRecoverOnBailout());
1816 writer.writeUnsigned(uint32_t(RInstruction::Recover_ObjectKeys));
1817 return true;
1818 }
1819
1820 RObjectKeys::RObjectKeys(CompactBufferReader& reader) {}
1821
1822 bool RObjectKeys::recover(JSContext* cx, SnapshotIterator& iter) const {
1823 Rooted<JSObject*> obj(cx, iter.readObject());
1824
1825 JSObject* resultKeys = ObjectKeys(cx, obj);
1826 if (!resultKeys) {
1827 return false;
1828 }
1829
1830 iter.storeInstructionResult(ObjectValue(*resultKeys));
1831 return true;
1832 }
1833
1834 bool MObjectState::writeRecoverData(CompactBufferWriter& writer) const {
1835 MOZ_ASSERT(canRecoverOnBailout());
1836 writer.writeUnsigned(uint32_t(RInstruction::Recover_ObjectState));
1837 writer.writeUnsigned(numSlots());
1838 return true;
1839 }
1840
1841 RObjectState::RObjectState(CompactBufferReader& reader) {
1842 numSlots_ = reader.readUnsigned();
1843 }
1844
1845 bool RObjectState::recover(JSContext* cx, SnapshotIterator& iter) const {
1846 RootedObject object(cx, iter.readObject());
1847 Handle<NativeObject*> nativeObject = object.as<NativeObject>();
1848 MOZ_ASSERT(!Watchtower::watchesPropertyModification(nativeObject));
1849 MOZ_ASSERT(nativeObject->slotSpan() == numSlots());
1850
1851 for (size_t i = 0; i < numSlots(); i++) {
1852 Value val = iter.read();
1853 nativeObject->setSlot(i, val);
1854 }
1855
1856 iter.storeInstructionResult(ObjectValue(*object));
1857 return true;
1858 }
1859
1860 bool MArrayState::writeRecoverData(CompactBufferWriter& writer) const {
1861 MOZ_ASSERT(canRecoverOnBailout());
1862 writer.writeUnsigned(uint32_t(RInstruction::Recover_ArrayState));
1863 writer.writeUnsigned(numElements());
1864 return true;
1865 }
1866
1867 RArrayState::RArrayState(CompactBufferReader& reader) {
1868 numElements_ = reader.readUnsigned();
1869 }
1870
1871 bool RArrayState::recover(JSContext* cx, SnapshotIterator& iter) const {
1872 ArrayObject* object = &iter.readObject()->as<ArrayObject>();
1873
1874 // Int32 because |initLength| is computed from MConstant.
1875 uint32_t initLength = iter.readInt32();
1876
1877 MOZ_ASSERT(object->getDenseInitializedLength() == 0,
1878 "initDenseElement call below relies on this");
1879 object->setDenseInitializedLength(initLength);
1880
1881 for (size_t index = 0; index < numElements(); index++) {
1882 Value val = iter.read();
1883
1884 if (index >= initLength) {
1885 MOZ_ASSERT(val.isUndefined());
1886 continue;
1887 }
1888
1889 object->initDenseElement(index, val);
1890 }
1891
1892 iter.storeInstructionResult(ObjectValue(*object));
1893 return true;
1894 }
1895
1896 bool MAssertRecoveredOnBailout::writeRecoverData(
1897 CompactBufferWriter& writer) const {
1898 MOZ_ASSERT(canRecoverOnBailout());
1899 MOZ_RELEASE_ASSERT(input()->isRecoveredOnBailout() == mustBeRecovered_,
1900 "assertRecoveredOnBailout failed during compilation");
1901 writer.writeUnsigned(
1902 uint32_t(RInstruction::Recover_AssertRecoveredOnBailout));
1903 return true;
1904 }
1905
1906 RAssertRecoveredOnBailout::RAssertRecoveredOnBailout(
1907 CompactBufferReader& reader) {}
1908
1909 bool RAssertRecoveredOnBailout::recover(JSContext* cx,
1910 SnapshotIterator& iter) const {
1911 iter.read(); // skip the unused operand.
1912 iter.storeInstructionResult(UndefinedValue());
1913 return true;
1914 }
1915
1916 bool MStringReplace::writeRecoverData(CompactBufferWriter& writer) const {
1917 MOZ_ASSERT(canRecoverOnBailout());
1918 writer.writeUnsigned(uint32_t(RInstruction::Recover_StringReplace));
1919 writer.writeByte(isFlatReplacement_);
1920 return true;
1921 }
1922
1923 RStringReplace::RStringReplace(CompactBufferReader& reader) {
1924 isFlatReplacement_ = reader.readByte();
1925 }
1926
1927 bool RStringReplace::recover(JSContext* cx, SnapshotIterator& iter) const {
1928 RootedString string(cx, iter.readString());
1929 RootedString pattern(cx, iter.readString());
1930 RootedString replace(cx, iter.readString());
1931
1932 JSString* result =
1933 isFlatReplacement_
1934 ? js::StringFlatReplaceString(cx, string, pattern, replace)
1935 : js::str_replace_string_raw(cx, string, pattern, replace);
1936
1937 if (!result) {
1938 return false;
1939 }
1940
1941 iter.storeInstructionResult(StringValue(result));
1942 return true;
1943 }
1944
1945 bool MSubstr::writeRecoverData(CompactBufferWriter& writer) const {
1946 MOZ_ASSERT(canRecoverOnBailout());
1947 writer.writeUnsigned(uint32_t(RInstruction::Recover_Substr));
1948 return true;
1949 }
1950
1951 RSubstr::RSubstr(CompactBufferReader& reader) {}
1952
1953 bool RSubstr::recover(JSContext* cx, SnapshotIterator& iter) const {
1954 RootedString str(cx, iter.readString());
1955
1956 // Int32 because |begin| is computed from MStringTrimStartIndex, MConstant,
1957 // or CallSubstringKernelResult.
1958 int32_t begin = iter.readInt32();
1959
1960 // |length| is computed from MSub(truncated), MStringTrimEndIndex, or
1961 // CallSubstringKernelResult. The current MSub inputs won't overflow, so when
1962 // RSub recovers the MSub instruction, the input will be representable as an
1963 // Int32. This is only true as long as RSub calls |js::SubOperation|, which in
1964 // turn calls |JS::Value::setNumber|. We don't want to rely on this exact call
1965 // sequence, so instead use |readNumber| here and then release-assert the
1966 // number is exactly representable as an Int32.
1967 int32_t length = mozilla::ReleaseAssertedCast<int32_t>(iter.readNumber());
1968
1969 JSString* result = SubstringKernel(cx, str, begin, length);
1970 if (!result) {
1971 return false;
1972 }
1973
1974 iter.storeInstructionResult(StringValue(result));
1975 return true;
1976 }
1977
1978 bool MAtomicIsLockFree::writeRecoverData(CompactBufferWriter& writer) const {
1979 MOZ_ASSERT(canRecoverOnBailout());
1980 writer.writeUnsigned(uint32_t(RInstruction::Recover_AtomicIsLockFree));
1981 return true;
1982 }
1983
1984 RAtomicIsLockFree::RAtomicIsLockFree(CompactBufferReader& reader) {}
1985
1986 bool RAtomicIsLockFree::recover(JSContext* cx, SnapshotIterator& iter) const {
1987 double dsize = JS::ToInteger(iter.readNumber());
1988
1989 int32_t size;
1990 bool result = mozilla::NumberEqualsInt32(dsize, &size) &&
1991 AtomicOperations::isLockfreeJS(size);
1992 iter.storeInstructionResult(BooleanValue(result));
1993 return true;
1994 }
1995
1996 bool MBigIntAsIntN::writeRecoverData(CompactBufferWriter& writer) const {
1997 MOZ_ASSERT(canRecoverOnBailout());
1998 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntAsIntN));
1999 return true;
2000 }
2001
2002 RBigIntAsIntN::RBigIntAsIntN(CompactBufferReader& reader) {}
2003
2004 bool RBigIntAsIntN::recover(JSContext* cx, SnapshotIterator& iter) const {
2005 // Int32 because |bits| is computed from MGuardInt32IsNonNegative.
2006 int32_t bits = iter.readInt32();
2007 MOZ_ASSERT(bits >= 0);
2008
2009 RootedBigInt input(cx, iter.readBigInt());
2010
2011 BigInt* result = BigInt::asIntN(cx, input, bits);
2012 if (!result) {
2013 return false;
2014 }
2015
2016 iter.storeInstructionResult(JS::BigIntValue(result));
2017 return true;
2018 }
2019
2020 bool MBigIntAsUintN::writeRecoverData(CompactBufferWriter& writer) const {
2021 MOZ_ASSERT(canRecoverOnBailout());
2022 writer.writeUnsigned(uint32_t(RInstruction::Recover_BigIntAsUintN));
2023 return true;
2024 }
2025
2026 RBigIntAsUintN::RBigIntAsUintN(CompactBufferReader& reader) {}
2027
2028 bool RBigIntAsUintN::recover(JSContext* cx, SnapshotIterator& iter) const {
2029 // Int32 because |bits| is computed from MGuardInt32IsNonNegative.
2030 int32_t bits = iter.readInt32();
2031 MOZ_ASSERT(bits >= 0);
2032
2033 RootedBigInt input(cx, iter.readBigInt());
2034
2035 BigInt* result = BigInt::asUintN(cx, input, bits);
2036 if (!result) {
2037 return false;
2038 }
2039
2040 iter.storeInstructionResult(JS::BigIntValue(result));
2041 return true;
2042 }
2043
2044 bool MCreateArgumentsObject::writeRecoverData(
2045 CompactBufferWriter& writer) const {
2046 MOZ_ASSERT(canRecoverOnBailout());
2047 writer.writeUnsigned(uint32_t(RInstruction::Recover_CreateArgumentsObject));
2048 return true;
2049 }
2050
2051 RCreateArgumentsObject::RCreateArgumentsObject(CompactBufferReader& reader) {}
2052
2053 bool RCreateArgumentsObject::recover(JSContext* cx,
2054 SnapshotIterator& iter) const {
2055 RootedObject callObject(cx, iter.readObject());
2056 RootedObject result(
2057 cx, ArgumentsObject::createForIon(cx, iter.frame(), callObject));
2058 if (!result) {
2059 return false;
2060 }
2061
2062 iter.storeInstructionResult(JS::ObjectValue(*result));
2063 return true;
2064 }
2065
2066 bool MCreateInlinedArgumentsObject::writeRecoverData(
2067 CompactBufferWriter& writer) const {
2068 MOZ_ASSERT(canRecoverOnBailout());
2069 writer.writeUnsigned(
2070 uint32_t(RInstruction::Recover_CreateInlinedArgumentsObject));
2071 writer.writeUnsigned(numActuals());
2072 return true;
2073 }
2074
2075 RCreateInlinedArgumentsObject::RCreateInlinedArgumentsObject(
2076 CompactBufferReader& reader) {
2077 numActuals_ = reader.readUnsigned();
2078 }
2079
2080 bool RCreateInlinedArgumentsObject::recover(JSContext* cx,
2081 SnapshotIterator& iter) const {
2082 RootedObject callObject(cx, iter.readObject());
2083 RootedFunction callee(cx, &iter.readObject()->as<JSFunction>());
2084
2085 JS::RootedValueArray<ArgumentsObject::MaxInlinedArgs> argsArray(cx);
2086 for (uint32_t i = 0; i < numActuals_; i++) {
2087 argsArray[i].set(iter.read());
2088 }
2089
2090 ArgumentsObject* result = ArgumentsObject::createFromValueArray(
2091 cx, argsArray, callee, callObject, numActuals_);
2092 if (!result) {
2093 return false;
2094 }
2095
2096 iter.storeInstructionResult(JS::ObjectValue(*result));
2097 return true;
2098 }
2099
2100 bool MRest::writeRecoverData(CompactBufferWriter& writer) const {
2101 MOZ_ASSERT(canRecoverOnBailout());
2102 writer.writeUnsigned(uint32_t(RInstruction::Recover_Rest));
2103 writer.writeUnsigned(numFormals());
2104 return true;
2105 }
2106
2107 RRest::RRest(CompactBufferReader& reader) {
2108 numFormals_ = reader.readUnsigned();
2109 }
2110
2111 bool RRest::recover(JSContext* cx, SnapshotIterator& iter) const {
2112 JitFrameLayout* frame = iter.frame();
2113
2114 // Int32 because |numActuals| is computed from MArgumentsLength.
2115 uint32_t numActuals = iter.readInt32();
2116 MOZ_ASSERT(numActuals == frame->numActualArgs());
2117
2118 uint32_t numFormals = numFormals_;
2119
2120 uint32_t length = std::max(numActuals, numFormals) - numFormals;
2121 Value* src = frame->actualArgs() + numFormals;
2122 JSObject* rest = jit::InitRestParameter(cx, length, src, nullptr);
2123 if (!rest) {
2124 return false;
2125 }
2126
2127 iter.storeInstructionResult(ObjectValue(*rest));
2128 return true;
2129 }