| blob | b483257d12a57d6570a1e970078c9a33ae124882 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef jit_CacheIR_h
8 #define jit_CacheIR_h
13 #include <stddef.h>
14 #include <stdint.h>
27 // [SMDOC] CacheIR
28 //
29 // CacheIR is an (extremely simple) linear IR language for inline caches.
30 // From this IR, we can generate machine code for Baseline or Ion IC stubs.
31 //
32 // IRWriter
33 // --------
34 // CacheIR bytecode is written using IRWriter. This class also records some
35 // metadata that's used by the Baseline and Ion code generators to generate
36 // (efficient) machine code.
37 //
38 // Sharing Baseline stub code
39 // --------------------------
40 // Baseline stores data (like Shape* and fixed slot offsets) inside the ICStub
41 // structure, instead of embedding them directly in the JitCode. This makes
42 // Baseline IC code slightly slower, but allows us to share IC code between
43 // caches. CacheIR makes it easy to share code between stubs: stubs that have
44 // the same CacheIR (and CacheKind), will have the same Baseline stub code.
45 //
46 // Baseline stubs that share JitCode also share a CacheIRStubInfo structure.
47 // This class stores the CacheIR and the location of GC things stored in the
48 // stub, for the GC.
49 //
50 // JitZone has a CacheIRStubInfo* -> JitCode* weak map that's used to share both
51 // the IR and JitCode between Baseline CacheIR stubs. This HashMap owns the
52 // stubInfo (it uses UniquePtr), so once there are no references left to the
53 // shared stub code, we can also free the CacheIRStubInfo.
54 //
55 // Ion stubs
56 // ---------
57 // Unlike Baseline stubs, Ion stubs do not share stub code, and data stored in
58 // the IonICStub is baked into JIT code. This is one of the reasons Ion stubs
59 // are faster than Baseline stubs. Also note that Ion ICs contain more state
60 // (see IonGetPropertyIC for example) and use dynamic input/output registers,
61 // so sharing stub code for Ion would be much more difficult.
63 // An OperandId represents either a cache input or a value returned by a
64 // CacheIR instruction. Most code should use the ValOperandId and ObjOperandId
65 // classes below. The ObjOperandId class represents an operand that's known to
66 // be an object, just as StringOperandId represents a known string, etc.
78 };
84 };
90 };
96 };
105 };
111 };
117 };
123 };
129 };
135 };
141 };
144 JSValueType type_;
169 };
171 #define CACHE_IR_KINDS(_) \
172 _(GetProp) \
173 _(GetElem) \
174 _(GetName) \
175 _(GetPropSuper) \
176 _(GetElemSuper) \
177 _(GetIntrinsic) \
178 _(SetProp) \
179 _(SetElem) \
180 _(BindName) \
181 _(In) \
182 _(HasOwn) \
183 _(CheckPrivateField) \
184 _(TypeOf) \
185 _(ToPropertyKey) \
186 _(InstanceOf) \
187 _(GetIterator) \
188 _(CloseIter) \
189 _(OptimizeGetIterator) \
190 _(OptimizeSpreadCall) \
191 _(Compare) \
192 _(ToBool) \
193 _(Call) \
194 _(UnaryArith) \
195 _(BinaryArith) \
196 _(NewObject) \
197 _(NewArray)
200 #define DEFINE_KIND(kind) kind,
202 #undef DEFINE_KIND
203 };
210 #define DEFINE_OP(op, ...) op,
212 #undef DEFINE_OP
213 NumOpcodes,
214 };
216 // CacheIR opcode info that's read in performance-sensitive code. Stored as a
217 // single byte per op for better cache locality.
221 };
229 }
236 // These fields take up a single word.
237 RawInt32,
238 RawPointer,
239 Shape,
240 WeakShape,
241 WeakGetterSetter,
242 JSObject,
243 WeakObject,
244 Symbol,
245 String,
246 WeakBaseScript,
247 JitCode,
249 Id,
250 AllocSite,
252 // These fields take up 64 bits on all platforms.
253 RawInt64,
255 Value,
256 Double,
258 Limit
259 };
264 }
269 }
274 }
277 }
281 Type type_;
286 }
298 }
302 }
305 // This class is used to wrap up information about a call to make it
306 // easier to convey from one function to another. (In particular,
307 // CacheIRWriter encodes the CallFlags in CacheIR, and CacheIRReader
308 // decodes them and uses them for compilation.)
312 Unknown,
313 Standard,
314 Spread,
315 FunCall,
316 FunApplyArgsObj,
317 FunApplyArray,
318 FunApplyNullUndefined,
319 LastArgFormat = FunApplyNullUndefined
320 };
336 }
344 // See CacheIRReader::callFlags()
349 }
352 }
355 }
357 }
365 // Used for encoding/decoding
375 };
377 // In baseline, we have to copy args onto the stack. Below this threshold, we
378 // will unroll the arg copy loop. We need to clamp this before providing it as
379 // an arg to a CacheIR op so that everything 5 or greater can share an IC.
383 }
386 // We cannot attach a stub.
387 NoAction,
389 // We can attach a stub.
390 Attach,
392 // We cannot currently attach a stub, but we expect to be able to do so in the
393 // future. In this case, we do not call trackNotAttached().
394 TemporarilyUnoptimizable,
396 // We want to attach a stub, but the result of the operation is
397 // needed to generate that stub. For example, AddSlot needs to know
398 // the resulting shape. Note: the attached stub will inspect the
399 // inputs to the operation, so most input checks should be done
400 // before the actual operation, with only minimal checks remaining
401 // for the deferred portion. This prevents arbitrary scripted code
402 // run by the operation from interfering with the conditions being
403 // checked.
404 Deferred
405 };
407 // If the input expression evaluates to an AttachDecision other than NoAction,
408 // return that AttachDecision. If it is NoAction, do nothing.
409 #define TRY_ATTACH(expr) \
410 do { \
411 AttachDecision tryAttachTempResult_ = expr; \
412 if (tryAttachTempResult_ != AttachDecision::NoAction) { \
413 return tryAttachTempResult_; \
414 } \
415 } while (0)
417 // Set of arguments supported by GetIndexOfArgument.
418 // Support for higher argument indices can be added easily, but is currently
419 // unneeded.
421 Callee,
422 This,
423 NewTarget,
424 Arg0,
425 Arg1,
426 Arg2,
427 Arg3,
428 Arg4,
429 Arg5,
430 Arg6,
431 Arg7,
432 NumKinds
433 };
441 }
443 // This function calculates the index of an argument based on the call flags.
444 // addArgc is an out-parameter, indicating whether the value of argc should
445 // be added to the return value to find the actual index.
448 // *** STACK LAYOUT (bottom to top) *** ******** INDEX ********
449 // Callee <-- argc+1 + isConstructing
450 // ThisValue <-- argc + isConstructing
451 // Args: | Arg0 | | ArgArray | <-- argc-1 + isConstructing
452 // | Arg1 | --or-- | | <-- argc-2 + isConstructing
453 // | ... | | (if spread | <-- ...
454 // | ArgN | | call) | <-- 0 + isConstructing
455 // NewTarget (only if constructing) <-- 0 (if it exists)
456 //
457 // If this is a spread call, then argc is always 1, and we can calculate the
458 // index directly. If this is not a spread call, then the index of any
459 // argument other than NewTarget depends on argc.
461 // First we determine whether the caller needs to add argc.
467 // Spread calls do not have Arg1 or higher.
478 }
480 // Second, we determine the offset relative to argc.
509 }
510 }
512 // We use this enum as GuardClass operand, instead of storing Class* pointers
513 // in the IR, to keep the IR compact and the same size on all platforms.
515 Array,
516 PlainObject,
517 FixedLengthArrayBuffer,
518 FixedLengthSharedArrayBuffer,
519 FixedLengthDataView,
520 MappedArguments,
521 UnmappedArguments,
522 WindowProxy,
523 JSFunction,
524 BoundFunction,
525 Set,
526 Map,
527 };