search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1834537 - Part 1: Simplify JIT nursery allocation r=jandem
[gecko.git] / js / src / jit / IonIC.cpp
blobb6536d6d83489d1d6816b250e6dfae84f36f1f39
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "jit/IonIC.h"
8
9 #include "jit/CacheIRCompiler.h"
10 #include "jit/CacheIRGenerator.h"
11 #include "jit/IonScript.h"
12 #include "jit/VMFunctions.h"
13 #include "util/DiagnosticAssertions.h"
14 #include "vm/EqualityOperations.h"
15 #include "vm/Iteration.h"
16
17 #include "vm/Interpreter-inl.h"
18 #include "vm/JSScript-inl.h"
19
20 using namespace js;
21 using namespace js::jit;
22
23 void IonIC::resetCodeRaw(IonScript* ionScript) {
24 codeRaw_ = fallbackAddr(ionScript);
25 }
26
27 uint8_t* IonIC::fallbackAddr(IonScript* ionScript) const {
28 return ionScript->method()->raw() + fallbackOffset_;
29 }
30
31 uint8_t* IonIC::rejoinAddr(IonScript* ionScript) const {
32 return ionScript->method()->raw() + rejoinOffset_;
33 }
34
35 Register IonIC::scratchRegisterForEntryJump() {
36 switch (kind_) {
37 case CacheKind::GetProp:
38 case CacheKind::GetElem:
39 return asGetPropertyIC()->output().scratchReg();
40 case CacheKind::GetPropSuper:
41 case CacheKind::GetElemSuper:
42 return asGetPropSuperIC()->output().scratchReg();
43 case CacheKind::SetProp:
44 case CacheKind::SetElem:
45 return asSetPropertyIC()->temp();
46 case CacheKind::GetName:
47 return asGetNameIC()->temp();
48 case CacheKind::BindName:
49 return asBindNameIC()->temp();
50 case CacheKind::In:
51 return asInIC()->temp();
52 case CacheKind::HasOwn:
53 return asHasOwnIC()->output();
54 case CacheKind::CheckPrivateField:
55 return asCheckPrivateFieldIC()->output();
56 case CacheKind::GetIterator:
57 return asGetIteratorIC()->temp1();
58 case CacheKind::OptimizeSpreadCall:
59 return asOptimizeSpreadCallIC()->temp();
60 case CacheKind::InstanceOf:
61 return asInstanceOfIC()->output();
62 case CacheKind::UnaryArith:
63 return asUnaryArithIC()->output().scratchReg();
64 case CacheKind::ToPropertyKey:
65 return asToPropertyKeyIC()->output().scratchReg();
66 case CacheKind::BinaryArith:
67 return asBinaryArithIC()->output().scratchReg();
68 case CacheKind::Compare:
69 return asCompareIC()->output();
70 case CacheKind::CloseIter:
71 return asCloseIterIC()->temp();
72 case CacheKind::Call:
73 case CacheKind::TypeOf:
74 case CacheKind::ToBool:
75 case CacheKind::GetIntrinsic:
76 case CacheKind::NewArray:
77 case CacheKind::NewObject:
78 MOZ_CRASH("Unsupported IC");
79 }
80
81 MOZ_CRASH("Invalid kind");
82 }
83
84 void IonIC::discardStubs(Zone* zone, IonScript* ionScript) {
85 if (firstStub_) {
86 // We are removing edges from IonIC to gcthings. Perform a write barrier to
87 // let the GC know about those edges.
88 PreWriteBarrier(zone, ionScript);
89 }
90
91 #ifdef JS_CRASH_DIAGNOSTICS
92 IonICStub* stub = firstStub_;
93 while (stub) {
94 IonICStub* next = stub->next();
95 stub->poison();
96 stub = next;
97 }
98 #endif
99
100 firstStub_ = nullptr;
101 resetCodeRaw(ionScript);
102 state_.trackUnlinkedAllStubs();
103 }
104
105 void IonIC::reset(Zone* zone, IonScript* ionScript) {
106 discardStubs(zone, ionScript);
107 state_.reset();
108 }
109
110 void IonIC::trace(JSTracer* trc, IonScript* ionScript) {
111 if (script_) {
112 TraceManuallyBarrieredEdge(trc, &script_, "IonIC::script_");
113 }
114
115 uint8_t* nextCodeRaw = codeRaw_;
116 for (IonICStub* stub = firstStub_; stub; stub = stub->next()) {
117 JitCode* code = JitCode::FromExecutable(nextCodeRaw);
118 TraceManuallyBarrieredEdge(trc, &code, "ion-ic-code");
119
120 TraceCacheIRStub(trc, stub, stub->stubInfo());
121
122 nextCodeRaw = stub->nextCodeRaw();
123 }
124
125 MOZ_ASSERT(nextCodeRaw == fallbackAddr(ionScript));
126 }
127
128 // This helper handles ICState updates/transitions while attaching CacheIR
129 // stubs.
130 template <typename IRGenerator, typename... Args>
131 static void TryAttachIonStub(JSContext* cx, IonIC* ic, IonScript* ionScript,
132 Args&&... args) {
133 if (ic->state().maybeTransition()) {
134 ic->discardStubs(cx->zone(), ionScript);
135 }
136
137 if (ic->state().canAttachStub()) {
138 RootedScript script(cx, ic->script());
139 bool attached = false;
140 IRGenerator gen(cx, script, ic->pc(), ic->state(),
141 std::forward<Args>(args)...);
142 switch (gen.tryAttachStub()) {
143 case AttachDecision::Attach:
144 ic->attachCacheIRStub(cx, gen.writerRef(), gen.cacheKind(), ionScript,
145 &attached);
146 break;
147 case AttachDecision::NoAction:
148 break;
149 case AttachDecision::TemporarilyUnoptimizable:
150 attached = true;
151 break;
152 case AttachDecision::Deferred:
153 MOZ_ASSERT_UNREACHABLE("Not expected in generic TryAttachIonStub");
154 break;
155 }
156 if (!attached) {
157 ic->state().trackNotAttached();
158 }
159 }
160 }
161
162 /* static */
163 bool IonGetPropertyIC::update(JSContext* cx, HandleScript outerScript,
164 IonGetPropertyIC* ic, HandleValue val,
165 HandleValue idVal, MutableHandleValue res) {
166 IonScript* ionScript = outerScript->ionScript();
167
168 // Optimized-arguments and other magic values must not escape to Ion ICs.
169 MOZ_ASSERT(!val.isMagic());
170
171 TryAttachIonStub<GetPropIRGenerator>(cx, ic, ionScript, ic->kind(), val,
172 idVal);
173
174 if (ic->kind() == CacheKind::GetProp) {
175 Rooted<PropertyName*> name(cx, idVal.toString()->asAtom().asPropertyName());
176 if (!GetProperty(cx, val, name, res)) {
177 return false;
178 }
179 } else {
180 MOZ_ASSERT(ic->kind() == CacheKind::GetElem);
181 if (!GetElementOperation(cx, val, idVal, res)) {
182 return false;
183 }
184 }
185
186 return true;
187 }
188
189 /* static */
190 bool IonGetPropSuperIC::update(JSContext* cx, HandleScript outerScript,
191 IonGetPropSuperIC* ic, HandleObject obj,
192 HandleValue receiver, HandleValue idVal,
193 MutableHandleValue res) {
194 IonScript* ionScript = outerScript->ionScript();
195
196 if (ic->state().maybeTransition()) {
197 ic->discardStubs(cx->zone(), ionScript);
198 }
199
200 RootedValue val(cx, ObjectValue(*obj));
201
202 TryAttachIonStub<GetPropIRGenerator>(cx, ic, ionScript, ic->kind(), val,
203 idVal);
204
205 if (ic->kind() == CacheKind::GetPropSuper) {
206 Rooted<PropertyName*> name(cx, idVal.toString()->asAtom().asPropertyName());
207 if (!GetProperty(cx, obj, receiver, name, res)) {
208 return false;
209 }
210 } else {
211 MOZ_ASSERT(ic->kind() == CacheKind::GetElemSuper);
212
213 JSOp op = JSOp(*ic->pc());
214 MOZ_ASSERT(op == JSOp::GetElemSuper);
215
216 if (!GetObjectElementOperation(cx, op, obj, receiver, idVal, res)) {
217 return false;
218 }
219 }
220
221 return true;
222 }
223
224 /* static */
225 bool IonSetPropertyIC::update(JSContext* cx, HandleScript outerScript,
226 IonSetPropertyIC* ic, HandleObject obj,
227 HandleValue idVal, HandleValue rhs) {
228 using DeferType = SetPropIRGenerator::DeferType;
229
230 Rooted<Shape*> oldShape(cx);
231 IonScript* ionScript = outerScript->ionScript();
232
233 bool attached = false;
234 DeferType deferType = DeferType::None;
235
236 if (ic->state().maybeTransition()) {
237 ic->discardStubs(cx->zone(), ionScript);
238 }
239
240 if (ic->state().canAttachStub()) {
241 oldShape = obj->shape();
242
243 RootedValue objv(cx, ObjectValue(*obj));
244 RootedScript script(cx, ic->script());
245 jsbytecode* pc = ic->pc();
246
247 SetPropIRGenerator gen(cx, script, pc, ic->kind(), ic->state(), objv, idVal,
248 rhs);
249 switch (gen.tryAttachStub()) {
250 case AttachDecision::Attach:
251 ic->attachCacheIRStub(cx, gen.writerRef(), gen.cacheKind(), ionScript,
252 &attached);
253 break;
254 case AttachDecision::NoAction:
255 break;
256 case AttachDecision::TemporarilyUnoptimizable:
257 attached = true;
258 break;
259 case AttachDecision::Deferred:
260 deferType = gen.deferType();
261 MOZ_ASSERT(deferType != DeferType::None);
262 break;
263 }
264 }
265
266 jsbytecode* pc = ic->pc();
267 if (ic->kind() == CacheKind::SetElem) {
268 if (JSOp(*pc) == JSOp::InitElemInc) {
269 if (!InitElemIncOperation(cx, obj.as<ArrayObject>(), idVal.toInt32(),
270 rhs)) {
271 return false;
272 }
273 } else if (IsPropertyInitOp(JSOp(*pc))) {
274 if (!InitElemOperation(cx, pc, obj, idVal, rhs)) {
275 return false;
276 }
277 } else {
278 MOZ_ASSERT(IsPropertySetOp(JSOp(*pc)));
279 if (!SetObjectElement(cx, obj, idVal, rhs, ic->strict())) {
280 return false;
281 }
282 }
283 } else {
284 MOZ_ASSERT(ic->kind() == CacheKind::SetProp);
285
286 if (JSOp(*pc) == JSOp::InitGLexical) {
287 RootedScript script(cx, ic->script());
288 MOZ_ASSERT(!script->hasNonSyntacticScope());
289 InitGlobalLexicalOperation(cx, &cx->global()->lexicalEnvironment(),
290 script, pc, rhs);
291 } else if (IsPropertyInitOp(JSOp(*pc))) {
292 Rooted<PropertyName*> name(cx,
293 idVal.toString()->asAtom().asPropertyName());
294 if (!InitPropertyOperation(cx, pc, obj, name, rhs)) {
295 return false;
296 }
297 } else {
298 MOZ_ASSERT(IsPropertySetOp(JSOp(*pc)));
299 Rooted<PropertyName*> name(cx,
300 idVal.toString()->asAtom().asPropertyName());
301 if (!SetProperty(cx, obj, name, rhs, ic->strict(), pc)) {
302 return false;
303 }
304 }
305 }
306
307 if (attached) {
308 return true;
309 }
310
311 // The SetProperty call might have entered this IC recursively, so try
312 // to transition.
313 if (ic->state().maybeTransition()) {
314 ic->discardStubs(cx->zone(), ionScript);
315 }
316
317 bool canAttachStub = ic->state().canAttachStub();
318 if (deferType != DeferType::None && canAttachStub) {
319 RootedValue objv(cx, ObjectValue(*obj));
320 RootedScript script(cx, ic->script());
321 jsbytecode* pc = ic->pc();
322 SetPropIRGenerator gen(cx, script, pc, ic->kind(), ic->state(), objv, idVal,
323 rhs);
324 MOZ_ASSERT(deferType == DeferType::AddSlot);
325 AttachDecision decision = gen.tryAttachAddSlotStub(oldShape);
326
327 switch (decision) {
328 case AttachDecision::Attach:
329 ic->attachCacheIRStub(cx, gen.writerRef(), gen.cacheKind(), ionScript,
330 &attached);
331 break;
332 case AttachDecision::NoAction:
333 gen.trackAttached(IRGenerator::NotAttached);
334 break;
335 case AttachDecision::TemporarilyUnoptimizable:
336 case AttachDecision::Deferred:
337 MOZ_ASSERT_UNREACHABLE("Invalid attach result");
338 break;
339 }
340 }
341 if (!attached && canAttachStub) {
342 ic->state().trackNotAttached();
343 }
344
345 return true;
346 }
347
348 /* static */
349 bool IonGetNameIC::update(JSContext* cx, HandleScript outerScript,
350 IonGetNameIC* ic, HandleObject envChain,
351 MutableHandleValue res) {
352 IonScript* ionScript = outerScript->ionScript();
353 jsbytecode* pc = ic->pc();
354 Rooted<PropertyName*> name(cx, ic->script()->getName(pc));
355
356 TryAttachIonStub<GetNameIRGenerator>(cx, ic, ionScript, envChain, name);
357
358 RootedObject obj(cx);
359 RootedObject holder(cx);
360 PropertyResult prop;
361 if (!LookupName(cx, name, envChain, &obj, &holder, &prop)) {
362 return false;
363 }
364
365 if (JSOp(*GetNextPc(pc)) == JSOp::Typeof) {
366 return FetchName<GetNameMode::TypeOf>(cx, obj, holder, name, prop, res);
367 }
368
369 return FetchName<GetNameMode::Normal>(cx, obj, holder, name, prop, res);
370 }
371
372 /* static */
373 JSObject* IonBindNameIC::update(JSContext* cx, HandleScript outerScript,
374 IonBindNameIC* ic, HandleObject envChain) {
375 IonScript* ionScript = outerScript->ionScript();
376 jsbytecode* pc = ic->pc();
377 Rooted<PropertyName*> name(cx, ic->script()->getName(pc));
378
379 TryAttachIonStub<BindNameIRGenerator>(cx, ic, ionScript, envChain, name);
380
381 RootedObject holder(cx);
382 if (!LookupNameUnqualified(cx, name, envChain, &holder)) {
383 return nullptr;
384 }
385
386 return holder;
387 }
388
389 /* static */
390 JSObject* IonGetIteratorIC::update(JSContext* cx, HandleScript outerScript,
391 IonGetIteratorIC* ic, HandleValue value) {
392 IonScript* ionScript = outerScript->ionScript();
393
394 TryAttachIonStub<GetIteratorIRGenerator>(cx, ic, ionScript, value);
395
396 PropertyIteratorObject* iterObj = ValueToIterator(cx, value);
397 if (!iterObj) {
398 return nullptr;
399 }
400
401 return iterObj;
402 }
403
404 /* static */
405 bool IonOptimizeSpreadCallIC::update(JSContext* cx, HandleScript outerScript,
406 IonOptimizeSpreadCallIC* ic,
407 HandleValue value,
408 MutableHandleValue result) {
409 IonScript* ionScript = outerScript->ionScript();
410
411 TryAttachIonStub<OptimizeSpreadCallIRGenerator>(cx, ic, ionScript, value);
412
413 return OptimizeSpreadCall(cx, value, result);
414 }
415
416 /* static */
417 bool IonHasOwnIC::update(JSContext* cx, HandleScript outerScript,
418 IonHasOwnIC* ic, HandleValue val, HandleValue idVal,
419 int32_t* res) {
420 IonScript* ionScript = outerScript->ionScript();
421
422 TryAttachIonStub<HasPropIRGenerator>(cx, ic, ionScript, CacheKind::HasOwn,
423 idVal, val);
424
425 bool found;
426 if (!HasOwnProperty(cx, val, idVal, &found)) {
427 return false;
428 }
429
430 *res = found;
431 return true;
432 }
433
434 /* static */
435 bool IonCheckPrivateFieldIC::update(JSContext* cx, HandleScript outerScript,
436 IonCheckPrivateFieldIC* ic, HandleValue val,
437 HandleValue idVal, bool* res) {
438 IonScript* ionScript = outerScript->ionScript();
439 jsbytecode* pc = ic->pc();
440
441 TryAttachIonStub<CheckPrivateFieldIRGenerator>(
442 cx, ic, ionScript, CacheKind::CheckPrivateField, idVal, val);
443
444 return CheckPrivateFieldOperation(cx, pc, val, idVal, res);
445 }
446
447 /* static */
448 bool IonInIC::update(JSContext* cx, HandleScript outerScript, IonInIC* ic,
449 HandleValue key, HandleObject obj, bool* res) {
450 IonScript* ionScript = outerScript->ionScript();
451 RootedValue objV(cx, ObjectValue(*obj));
452
453 TryAttachIonStub<HasPropIRGenerator>(cx, ic, ionScript, CacheKind::In, key,
454 objV);
455
456 return OperatorIn(cx, key, obj, res);
457 }
458 /* static */
459 bool IonInstanceOfIC::update(JSContext* cx, HandleScript outerScript,
460 IonInstanceOfIC* ic, HandleValue lhs,
461 HandleObject rhs, bool* res) {
462 IonScript* ionScript = outerScript->ionScript();
463
464 TryAttachIonStub<InstanceOfIRGenerator>(cx, ic, ionScript, lhs, rhs);
465
466 return InstanceofOperator(cx, rhs, lhs, res);
467 }
468
469 /* static */
470 bool IonToPropertyKeyIC::update(JSContext* cx, HandleScript outerScript,
471 IonToPropertyKeyIC* ic, HandleValue val,
472 MutableHandleValue res) {
473 IonScript* ionScript = outerScript->ionScript();
474
475 TryAttachIonStub<ToPropertyKeyIRGenerator>(cx, ic, ionScript, val);
476
477 return ToPropertyKeyOperation(cx, val, res);
478 }
479
480 /* static */
481 bool IonCloseIterIC::update(JSContext* cx, HandleScript outerScript,
482 IonCloseIterIC* ic, HandleObject iter) {
483 IonScript* ionScript = outerScript->ionScript();
484 CompletionKind kind = ic->completionKind();
485
486 TryAttachIonStub<CloseIterIRGenerator>(cx, ic, ionScript, iter, kind);
487
488 return CloseIterOperation(cx, iter, kind);
489 }
490
491 /* static */
492 bool IonUnaryArithIC::update(JSContext* cx, HandleScript outerScript,
493 IonUnaryArithIC* ic, HandleValue val,
494 MutableHandleValue res) {
495 IonScript* ionScript = outerScript->ionScript();
496 RootedScript script(cx, ic->script());
497 jsbytecode* pc = ic->pc();
498 JSOp op = JSOp(*pc);
499
500 switch (op) {
501 case JSOp::BitNot: {
502 res.set(val);
503 if (!BitNot(cx, res, res)) {
504 return false;
505 }
506 break;
507 }
508 case JSOp::Pos: {
509 res.set(val);
510 if (!ToNumber(cx, res)) {
511 return false;
512 }
513 break;
514 }
515 case JSOp::Neg: {
516 res.set(val);
517 if (!NegOperation(cx, res, res)) {
518 return false;
519 }
520 break;
521 }
522 case JSOp::Inc: {
523 if (!IncOperation(cx, val, res)) {
524 return false;
525 }
526 break;
527 }
528 case JSOp::Dec: {
529 if (!DecOperation(cx, val, res)) {
530 return false;
531 }
532 break;
533 }
534 case JSOp::ToNumeric: {
535 res.set(val);
536 if (!ToNumeric(cx, res)) {
537 return false;
538 }
539 break;
540 }
541 default:
542 MOZ_CRASH("Unexpected op");
543 }
544 MOZ_ASSERT(res.isNumeric());
545
546 TryAttachIonStub<UnaryArithIRGenerator>(cx, ic, ionScript, op, val, res);
547
548 return true;
549 }
550
551 /* static */
552 bool IonBinaryArithIC::update(JSContext* cx, HandleScript outerScript,
553 IonBinaryArithIC* ic, HandleValue lhs,
554 HandleValue rhs, MutableHandleValue ret) {
555 IonScript* ionScript = outerScript->ionScript();
556 RootedScript script(cx, ic->script());
557 jsbytecode* pc = ic->pc();
558 JSOp op = JSOp(*pc);
559
560 // Don't pass lhs/rhs directly, we need the original values when
561 // generating stubs.
562 RootedValue lhsCopy(cx, lhs);
563 RootedValue rhsCopy(cx, rhs);
564
565 // Perform the compare operation.
566 switch (op) {
567 case JSOp::Add:
568 // Do an add.
569 if (!AddValues(cx, &lhsCopy, &rhsCopy, ret)) {
570 return false;
571 }
572 break;
573 case JSOp::Sub:
574 if (!SubValues(cx, &lhsCopy, &rhsCopy, ret)) {
575 return false;
576 }
577 break;
578 case JSOp::Mul:
579 if (!MulValues(cx, &lhsCopy, &rhsCopy, ret)) {
580 return false;
581 }
582 break;
583 case JSOp::Div:
584 if (!DivValues(cx, &lhsCopy, &rhsCopy, ret)) {
585 return false;
586 }
587 break;
588 case JSOp::Mod:
589 if (!ModValues(cx, &lhsCopy, &rhsCopy, ret)) {
590 return false;
591 }
592 break;
593 case JSOp::Pow:
594 if (!PowValues(cx, &lhsCopy, &rhsCopy, ret)) {
595 return false;
596 }
597 break;
598 case JSOp::BitOr: {
599 if (!BitOr(cx, &lhsCopy, &rhsCopy, ret)) {
600 return false;
601 }
602 break;
603 }
604 case JSOp::BitXor: {
605 if (!BitXor(cx, &lhsCopy, &rhsCopy, ret)) {
606 return false;
607 }
608 break;
609 }
610 case JSOp::BitAnd: {
611 if (!BitAnd(cx, &lhsCopy, &rhsCopy, ret)) {
612 return false;
613 }
614 break;
615 }
616 case JSOp::Lsh: {
617 if (!BitLsh(cx, &lhsCopy, &rhsCopy, ret)) {
618 return false;
619 }
620 break;
621 }
622 case JSOp::Rsh: {
623 if (!BitRsh(cx, &lhsCopy, &rhsCopy, ret)) {
624 return false;
625 }
626 break;
627 }
628 case JSOp::Ursh: {
629 if (!UrshValues(cx, &lhsCopy, &rhsCopy, ret)) {
630 return false;
631 }
632 break;
633 }
634 default:
635 MOZ_CRASH("Unhandled binary arith op");
636 }
637
638 TryAttachIonStub<BinaryArithIRGenerator>(cx, ic, ionScript, op, lhs, rhs,
639 ret);
640
641 return true;
642 }
643
644 /* static */
645 bool IonCompareIC::update(JSContext* cx, HandleScript outerScript,
646 IonCompareIC* ic, HandleValue lhs, HandleValue rhs,
647 bool* res) {
648 IonScript* ionScript = outerScript->ionScript();
649 RootedScript script(cx, ic->script());
650 jsbytecode* pc = ic->pc();
651 JSOp op = JSOp(*pc);
652
653 // Don't pass lhs/rhs directly, we need the original values when
654 // generating stubs.
655 RootedValue lhsCopy(cx, lhs);
656 RootedValue rhsCopy(cx, rhs);
657
658 // Perform the compare operation.
659 switch (op) {
660 case JSOp::Lt:
661 if (!LessThan(cx, &lhsCopy, &rhsCopy, res)) {
662 return false;
663 }
664 break;
665 case JSOp::Le:
666 if (!LessThanOrEqual(cx, &lhsCopy, &rhsCopy, res)) {
667 return false;
668 }
669 break;
670 case JSOp::Gt:
671 if (!GreaterThan(cx, &lhsCopy, &rhsCopy, res)) {
672 return false;
673 }
674 break;
675 case JSOp::Ge:
676 if (!GreaterThanOrEqual(cx, &lhsCopy, &rhsCopy, res)) {
677 return false;
678 }
679 break;
680 case JSOp::Eq:
681 if (!js::LooselyEqual(cx, lhsCopy, rhsCopy, res)) {
682 return false;
683 }
684 break;
685 case JSOp::Ne:
686 if (!js::LooselyEqual(cx, lhsCopy, rhsCopy, res)) {
687 return false;
688 }
689 *res = !*res;
690 break;
691 case JSOp::StrictEq:
692 if (!js::StrictlyEqual(cx, lhsCopy, rhsCopy, res)) {
693 return false;
694 }
695 break;
696 case JSOp::StrictNe:
697 if (!js::StrictlyEqual(cx, lhsCopy, rhsCopy, res)) {
698 return false;
699 }
700 *res = !*res;
701 break;
702 default:
703 MOZ_ASSERT_UNREACHABLE("Unhandled ion compare op");
704 return false;
705 }
706
707 TryAttachIonStub<CompareIRGenerator>(cx, ic, ionScript, op, lhs, rhs);
708
709 return true;
710 }
711
712 uint8_t* IonICStub::stubDataStart() {
713 return reinterpret_cast<uint8_t*>(this) + stubInfo_->stubDataOffset();
714 }
715
716 void IonIC::attachStub(IonICStub* newStub, JitCode* code) {
717 MOZ_ASSERT(newStub);
718 MOZ_ASSERT(code);
719
720 if (firstStub_) {
721 newStub->setNext(firstStub_, codeRaw_);
722 }
723 firstStub_ = newStub;
724 codeRaw_ = code->raw();
725
726 state_.trackAttached();
727 }