search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1867190 - Add prefs for PHC probablities r=glandium
[gecko.git] / js / src / jit / CacheIRGenerator.h
blobc4b9e69d2fbbb9905f983672a168457e4b6f0934
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef jit_CacheIRGenerator_h
8 #define jit_CacheIRGenerator_h
9
10 #include "mozilla/Assertions.h"
11 #include "mozilla/Attributes.h"
12 #include "mozilla/Maybe.h"
13
14 #include <stdint.h>
15
16 #include "jstypes.h"
17 #include "NamespaceImports.h"
18
19 #include "jit/CacheIR.h"
20 #include "jit/CacheIRWriter.h"
21 #include "jit/ICState.h"
22 #include "js/Id.h"
23 #include "js/RootingAPI.h"
24 #include "js/ScalarType.h"
25 #include "js/TypeDecls.h"
26 #include "js/Value.h"
27 #include "js/ValueArray.h"
28 #include "vm/Opcodes.h"
29
30 class JSFunction;
31
32 namespace JS {
33 struct XrayJitInfo;
34 }
35
36 namespace js {
37
38 class BoundFunctionObject;
39 class NativeObject;
40 class PropertyResult;
41 class ProxyObject;
42 enum class UnaryMathFunction : uint8_t;
43
44 namespace jit {
45
46 class BaselineFrame;
47 class Label;
48 class MacroAssembler;
49 struct Register;
50 enum class InlinableNative : uint16_t;
51
52 // Some ops refer to shapes that might be in other zones. Instead of putting
53 // cross-zone pointers in the caches themselves (which would complicate tracing
54 // enormously), these ops instead contain wrappers for objects in the target
55 // zone, which refer to the actual shape via a reserved slot.
56 void LoadShapeWrapperContents(MacroAssembler& masm, Register obj, Register dst,
57 Label* failure);
58
59 class MOZ_RAII IRGenerator {
60 protected:
61 CacheIRWriter writer;
62 JSContext* cx_;
63 HandleScript script_;
64 jsbytecode* pc_;
65 CacheKind cacheKind_;
66 ICState::Mode mode_;
67 bool isFirstStub_;
68
69 // Important: This pointer may be passed to the profiler. If this is non-null,
70 // it must point to a C string literal with static lifetime, not a heap- or
71 // stack- allocated string.
72 const char* stubName_ = nullptr;
73
74 IRGenerator(const IRGenerator&) = delete;
75 IRGenerator& operator=(const IRGenerator&) = delete;
76
77 bool maybeGuardInt32Index(const Value& index, ValOperandId indexId,
78 uint32_t* int32Index, Int32OperandId* int32IndexId);
79
80 IntPtrOperandId guardToIntPtrIndex(const Value& index, ValOperandId indexId,
81 bool supportOOB);
82
83 ObjOperandId guardDOMProxyExpandoObjectAndShape(ProxyObject* obj,
84 ObjOperandId objId,
85 const Value& expandoVal,
86 NativeObject* expandoObj);
87
88 void emitIdGuard(ValOperandId valId, const Value& idVal, jsid id);
89
90 OperandId emitNumericGuard(ValOperandId valId, const Value& v,
91 Scalar::Type type);
92
93 StringOperandId emitToStringGuard(ValOperandId id, const Value& v);
94
95 void emitCalleeGuard(ObjOperandId calleeId, JSFunction* callee);
96
97 void emitOptimisticClassGuard(ObjOperandId objId, JSObject* obj,
98 GuardClassKind kind);
99
100 friend class CacheIRSpewer;
101
102 public:
103 explicit IRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
104 CacheKind cacheKind, ICState state);
105
106 const CacheIRWriter& writerRef() const { return writer; }
107 CacheKind cacheKind() const { return cacheKind_; }
108
109 // See comment on `stubName_` above.
110 const char* stubName() const { return stubName_; }
111
112 static constexpr char* NotAttached = nullptr;
113 };
114
115 // GetPropIRGenerator generates CacheIR for a GetProp IC.
116 class MOZ_RAII GetPropIRGenerator : public IRGenerator {
117 HandleValue val_;
118 HandleValue idVal_;
119
120 AttachDecision tryAttachNative(HandleObject obj, ObjOperandId objId,
121 HandleId id, ValOperandId receiverId);
122 AttachDecision tryAttachObjectLength(HandleObject obj, ObjOperandId objId,
123 HandleId id);
124 AttachDecision tryAttachTypedArray(HandleObject obj, ObjOperandId objId,
125 HandleId id);
126 AttachDecision tryAttachDataView(HandleObject obj, ObjOperandId objId,
127 HandleId id);
128 AttachDecision tryAttachArrayBufferMaybeShared(HandleObject obj,
129 ObjOperandId objId,
130 HandleId id);
131 AttachDecision tryAttachRegExp(HandleObject obj, ObjOperandId objId,
132 HandleId id);
133 AttachDecision tryAttachMap(HandleObject obj, ObjOperandId objId,
134 HandleId id);
135 AttachDecision tryAttachSet(HandleObject obj, ObjOperandId objId,
136 HandleId id);
137 AttachDecision tryAttachModuleNamespace(HandleObject obj, ObjOperandId objId,
138 HandleId id);
139 AttachDecision tryAttachWindowProxy(HandleObject obj, ObjOperandId objId,
140 HandleId id);
141 AttachDecision tryAttachCrossCompartmentWrapper(HandleObject obj,
142 ObjOperandId objId,
143 HandleId id);
144 AttachDecision tryAttachXrayCrossCompartmentWrapper(HandleObject obj,
145 ObjOperandId objId,
146 HandleId id,
147 ValOperandId receiverId);
148 AttachDecision tryAttachFunction(HandleObject obj, ObjOperandId objId,
149 HandleId id);
150 AttachDecision tryAttachArgumentsObjectIterator(HandleObject obj,
151 ObjOperandId objId,
152 HandleId id);
153
154 AttachDecision tryAttachGenericProxy(Handle<ProxyObject*> obj,
155 ObjOperandId objId, HandleId id,
156 bool handleDOMProxies);
157 #ifdef JS_PUNBOX64
158 AttachDecision tryAttachScriptedProxy(Handle<ProxyObject*> obj,
159 ObjOperandId objId, HandleId id);
160 #endif
161 AttachDecision tryAttachDOMProxyExpando(Handle<ProxyObject*> obj,
162 ObjOperandId objId, HandleId id,
163 ValOperandId receiverId);
164 AttachDecision tryAttachDOMProxyShadowed(Handle<ProxyObject*> obj,
165 ObjOperandId objId, HandleId id);
166 AttachDecision tryAttachDOMProxyUnshadowed(Handle<ProxyObject*> obj,
167 ObjOperandId objId, HandleId id,
168 ValOperandId receiverId);
169 AttachDecision tryAttachProxy(HandleObject obj, ObjOperandId objId,
170 HandleId id, ValOperandId receiverId);
171
172 AttachDecision tryAttachPrimitive(ValOperandId valId, HandleId id);
173 AttachDecision tryAttachStringChar(ValOperandId valId, ValOperandId indexId);
174 AttachDecision tryAttachStringLength(ValOperandId valId, HandleId id);
175
176 AttachDecision tryAttachArgumentsObjectArg(HandleObject obj,
177 ObjOperandId objId, uint32_t index,
178 Int32OperandId indexId);
179 AttachDecision tryAttachArgumentsObjectArgHole(HandleObject obj,
180 ObjOperandId objId,
181 uint32_t index,
182 Int32OperandId indexId);
183 AttachDecision tryAttachArgumentsObjectCallee(HandleObject obj,
184 ObjOperandId objId,
185 HandleId id);
186
187 AttachDecision tryAttachDenseElement(HandleObject obj, ObjOperandId objId,
188 uint32_t index, Int32OperandId indexId);
189 AttachDecision tryAttachDenseElementHole(HandleObject obj, ObjOperandId objId,
190 uint32_t index,
191 Int32OperandId indexId);
192 AttachDecision tryAttachSparseElement(HandleObject obj, ObjOperandId objId,
193 uint32_t index, Int32OperandId indexId);
194 AttachDecision tryAttachTypedArrayElement(HandleObject obj,
195 ObjOperandId objId);
196
197 AttachDecision tryAttachGenericElement(HandleObject obj, ObjOperandId objId,
198 uint32_t index, Int32OperandId indexId,
199 ValOperandId receiverId);
200
201 AttachDecision tryAttachProxyElement(HandleObject obj, ObjOperandId objId);
202
203 void attachMegamorphicNativeSlot(ObjOperandId objId, jsid id);
204
205 ValOperandId getElemKeyValueId() const {
206 MOZ_ASSERT(cacheKind_ == CacheKind::GetElem ||
207 cacheKind_ == CacheKind::GetElemSuper);
208 return ValOperandId(1);
209 }
210
211 ValOperandId getSuperReceiverValueId() const {
212 if (cacheKind_ == CacheKind::GetPropSuper) {
213 return ValOperandId(1);
214 }
215
216 MOZ_ASSERT(cacheKind_ == CacheKind::GetElemSuper);
217 return ValOperandId(2);
218 }
219
220 bool isSuper() const {
221 return (cacheKind_ == CacheKind::GetPropSuper ||
222 cacheKind_ == CacheKind::GetElemSuper);
223 }
224
225 // If this is a GetElem cache, emit instructions to guard the incoming Value
226 // matches |id|.
227 void maybeEmitIdGuard(jsid id);
228
229 void trackAttached(const char* name /* must be a C string literal */);
230
231 public:
232 GetPropIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
233 ICState state, CacheKind cacheKind, HandleValue val,
234 HandleValue idVal);
235
236 AttachDecision tryAttachStub();
237 };
238
239 // GetNameIRGenerator generates CacheIR for a GetName IC.
240 class MOZ_RAII GetNameIRGenerator : public IRGenerator {
241 HandleObject env_;
242 Handle<PropertyName*> name_;
243
244 AttachDecision tryAttachGlobalNameValue(ObjOperandId objId, HandleId id);
245 AttachDecision tryAttachGlobalNameGetter(ObjOperandId objId, HandleId id);
246 AttachDecision tryAttachEnvironmentName(ObjOperandId objId, HandleId id);
247
248 void trackAttached(const char* name /* must be a C string literal */);
249
250 public:
251 GetNameIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
252 ICState state, HandleObject env,
253 Handle<PropertyName*> name);
254
255 AttachDecision tryAttachStub();
256 };
257
258 // BindNameIRGenerator generates CacheIR for a BindName IC.
259 class MOZ_RAII BindNameIRGenerator : public IRGenerator {
260 HandleObject env_;
261 Handle<PropertyName*> name_;
262
263 AttachDecision tryAttachGlobalName(ObjOperandId objId, HandleId id);
264 AttachDecision tryAttachEnvironmentName(ObjOperandId objId, HandleId id);
265
266 void trackAttached(const char* name /* must be a C string literal */);
267
268 public:
269 BindNameIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
270 ICState state, HandleObject env,
271 Handle<PropertyName*> name);
272
273 AttachDecision tryAttachStub();
274 };
275
276 // SetPropIRGenerator generates CacheIR for a SetProp IC.
277 class MOZ_RAII SetPropIRGenerator : public IRGenerator {
278 HandleValue lhsVal_;
279 HandleValue idVal_;
280 HandleValue rhsVal_;
281
282 public:
283 enum class DeferType { None, AddSlot };
284
285 private:
286 DeferType deferType_ = DeferType::None;
287
288 ValOperandId setElemKeyValueId() const {
289 MOZ_ASSERT(cacheKind_ == CacheKind::SetElem);
290 return ValOperandId(1);
291 }
292
293 ValOperandId rhsValueId() const {
294 if (cacheKind_ == CacheKind::SetProp) {
295 return ValOperandId(1);
296 }
297 MOZ_ASSERT(cacheKind_ == CacheKind::SetElem);
298 return ValOperandId(2);
299 }
300
301 // If this is a SetElem cache, emit instructions to guard the incoming Value
302 // matches |id|.
303 void maybeEmitIdGuard(jsid id);
304
305 AttachDecision tryAttachNativeSetSlot(HandleObject obj, ObjOperandId objId,
306 HandleId id, ValOperandId rhsId);
307 AttachDecision tryAttachMegamorphicSetSlot(HandleObject obj,
308 ObjOperandId objId, HandleId id,
309 ValOperandId rhsId);
310 AttachDecision tryAttachSetter(HandleObject obj, ObjOperandId objId,
311 HandleId id, ValOperandId rhsId);
312 AttachDecision tryAttachSetArrayLength(HandleObject obj, ObjOperandId objId,
313 HandleId id, ValOperandId rhsId);
314 AttachDecision tryAttachWindowProxy(HandleObject obj, ObjOperandId objId,
315 HandleId id, ValOperandId rhsId);
316
317 AttachDecision tryAttachSetDenseElement(HandleObject obj, ObjOperandId objId,
318 uint32_t index,
319 Int32OperandId indexId,
320 ValOperandId rhsId);
321 AttachDecision tryAttachSetTypedArrayElement(HandleObject obj,
322 ObjOperandId objId,
323 ValOperandId rhsId);
324
325 AttachDecision tryAttachSetDenseElementHole(HandleObject obj,
326 ObjOperandId objId,
327 uint32_t index,
328 Int32OperandId indexId,
329 ValOperandId rhsId);
330
331 AttachDecision tryAttachAddOrUpdateSparseElement(HandleObject obj,
332 ObjOperandId objId,
333 uint32_t index,
334 Int32OperandId indexId,
335 ValOperandId rhsId);
336
337 AttachDecision tryAttachGenericProxy(Handle<ProxyObject*> obj,
338 ObjOperandId objId, HandleId id,
339 ValOperandId rhsId,
340 bool handleDOMProxies);
341 AttachDecision tryAttachDOMProxyShadowed(Handle<ProxyObject*> obj,
342 ObjOperandId objId, HandleId id,
343 ValOperandId rhsId);
344 AttachDecision tryAttachDOMProxyUnshadowed(Handle<ProxyObject*> obj,
345 ObjOperandId objId, HandleId id,
346 ValOperandId rhsId);
347 AttachDecision tryAttachDOMProxyExpando(Handle<ProxyObject*> obj,
348 ObjOperandId objId, HandleId id,
349 ValOperandId rhsId);
350 AttachDecision tryAttachProxy(HandleObject obj, ObjOperandId objId,
351 HandleId id, ValOperandId rhsId);
352 AttachDecision tryAttachProxyElement(HandleObject obj, ObjOperandId objId,
353 ValOperandId rhsId);
354 AttachDecision tryAttachMegamorphicSetElement(HandleObject obj,
355 ObjOperandId objId,
356 ValOperandId rhsId);
357
358 bool canAttachAddSlotStub(HandleObject obj, HandleId id);
359
360 public:
361 SetPropIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
362 CacheKind cacheKind, ICState state, HandleValue lhsVal,
363 HandleValue idVal, HandleValue rhsVal);
364
365 AttachDecision tryAttachStub();
366 AttachDecision tryAttachAddSlotStub(Handle<Shape*> oldShape);
367 void trackAttached(const char* name /* must be a C string literal */);
368
369 DeferType deferType() const { return deferType_; }
370 };
371
372 // HasPropIRGenerator generates CacheIR for a HasProp IC. Used for
373 // CacheKind::In / CacheKind::HasOwn.
374 class MOZ_RAII HasPropIRGenerator : public IRGenerator {
375 HandleValue val_;
376 HandleValue idVal_;
377
378 AttachDecision tryAttachDense(HandleObject obj, ObjOperandId objId,
379 uint32_t index, Int32OperandId indexId);
380 AttachDecision tryAttachDenseHole(HandleObject obj, ObjOperandId objId,
381 uint32_t index, Int32OperandId indexId);
382 AttachDecision tryAttachTypedArray(HandleObject obj, ObjOperandId objId,
383 ValOperandId keyId);
384 AttachDecision tryAttachSparse(HandleObject obj, ObjOperandId objId,
385 Int32OperandId indexId);
386 AttachDecision tryAttachArgumentsObjectArg(HandleObject obj,
387 ObjOperandId objId,
388 Int32OperandId indexId);
389 AttachDecision tryAttachNamedProp(HandleObject obj, ObjOperandId objId,
390 HandleId key, ValOperandId keyId);
391 AttachDecision tryAttachMegamorphic(ObjOperandId objId, ValOperandId keyId);
392 AttachDecision tryAttachNative(NativeObject* obj, ObjOperandId objId,
393 jsid key, ValOperandId keyId,
394 PropertyResult prop, NativeObject* holder);
395 AttachDecision tryAttachSlotDoesNotExist(NativeObject* obj,
396 ObjOperandId objId, jsid key,
397 ValOperandId keyId);
398 AttachDecision tryAttachDoesNotExist(HandleObject obj, ObjOperandId objId,
399 HandleId key, ValOperandId keyId);
400 AttachDecision tryAttachProxyElement(HandleObject obj, ObjOperandId objId,
401 ValOperandId keyId);
402
403 void trackAttached(const char* name /* must be a C string literal */);
404
405 public:
406 // NOTE: Argument order is PROPERTY, OBJECT
407 HasPropIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
408 ICState state, CacheKind cacheKind, HandleValue idVal,
409 HandleValue val);
410
411 AttachDecision tryAttachStub();
412 };
413
414 class MOZ_RAII CheckPrivateFieldIRGenerator : public IRGenerator {
415 HandleValue val_;
416 HandleValue idVal_;
417
418 AttachDecision tryAttachNative(NativeObject* obj, ObjOperandId objId,
419 jsid key, ValOperandId keyId,
420 PropertyResult prop);
421
422 void trackAttached(const char* name /* must be a C string literal */);
423
424 public:
425 CheckPrivateFieldIRGenerator(JSContext* cx, HandleScript script,
426 jsbytecode* pc, ICState state,
427 CacheKind cacheKind, HandleValue idVal,
428 HandleValue val);
429 AttachDecision tryAttachStub();
430 };
431
432 class MOZ_RAII InstanceOfIRGenerator : public IRGenerator {
433 HandleValue lhsVal_;
434 HandleObject rhsObj_;
435
436 void trackAttached(const char* name /* must be a C string literal */);
437
438 public:
439 InstanceOfIRGenerator(JSContext*, HandleScript, jsbytecode*, ICState,
440 HandleValue, HandleObject);
441
442 AttachDecision tryAttachStub();
443 };
444
445 class MOZ_RAII TypeOfIRGenerator : public IRGenerator {
446 HandleValue val_;
447
448 AttachDecision tryAttachPrimitive(ValOperandId valId);
449 AttachDecision tryAttachObject(ValOperandId valId);
450 void trackAttached(const char* name /* must be a C string literal */);
451
452 public:
453 TypeOfIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc, ICState state,
454 HandleValue value);
455
456 AttachDecision tryAttachStub();
457 };
458
459 class MOZ_RAII GetIteratorIRGenerator : public IRGenerator {
460 HandleValue val_;
461
462 AttachDecision tryAttachObject(ValOperandId valId);
463 AttachDecision tryAttachNullOrUndefined(ValOperandId valId);
464 AttachDecision tryAttachGeneric(ValOperandId valId);
465
466 public:
467 GetIteratorIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
468 ICState state, HandleValue value);
469
470 AttachDecision tryAttachStub();
471
472 void trackAttached(const char* name /* must be a C string literal */);
473 };
474
475 class MOZ_RAII OptimizeSpreadCallIRGenerator : public IRGenerator {
476 HandleValue val_;
477
478 AttachDecision tryAttachArray();
479 AttachDecision tryAttachArguments();
480 AttachDecision tryAttachNotOptimizable();
481
482 public:
483 OptimizeSpreadCallIRGenerator(JSContext* cx, HandleScript script,
484 jsbytecode* pc, ICState state,
485 HandleValue value);
486
487 AttachDecision tryAttachStub();
488
489 void trackAttached(const char* name /* must be a C string literal */);
490 };
491
492 class MOZ_RAII OptimizeGetIteratorIRGenerator : public IRGenerator {
493 HandleValue val_;
494
495 AttachDecision tryAttachArray();
496 AttachDecision tryAttachNotOptimizable();
497
498 public:
499 OptimizeGetIteratorIRGenerator(JSContext* cx, HandleScript script,
500 jsbytecode* pc, ICState state,
501 HandleValue value);
502
503 AttachDecision tryAttachStub();
504
505 void trackAttached(const char* name /* must be a C string literal */);
506 };
507
508 enum class StringChar { CharCodeAt, CodePointAt, CharAt, At };
509 enum class ScriptedThisResult { NoAction, UninitializedThis, PlainObjectShape };
510
511 class MOZ_RAII CallIRGenerator : public IRGenerator {
512 private:
513 JSOp op_;
514 uint32_t argc_;
515 HandleValue callee_;
516 HandleValue thisval_;
517 HandleValue newTarget_;
518 HandleValueArray args_;
519
520 friend class InlinableNativeIRGenerator;
521
522 ScriptedThisResult getThisShapeForScripted(HandleFunction calleeFunc,
523 Handle<JSObject*> newTarget,
524 MutableHandle<Shape*> result);
525
526 ObjOperandId emitFunCallOrApplyGuard(Int32OperandId argcId);
527 ObjOperandId emitFunCallGuard(Int32OperandId argcId);
528 ObjOperandId emitFunApplyGuard(Int32OperandId argcId);
529 mozilla::Maybe<ObjOperandId> emitFunApplyArgsGuard(
530 CallFlags::ArgFormat format);
531
532 void emitCallScriptedGuards(ObjOperandId calleeObjId, JSFunction* calleeFunc,
533 Int32OperandId argcId, CallFlags flags,
534 Shape* thisShape, bool isBoundFunction);
535
536 AttachDecision tryAttachFunCall(HandleFunction calleeFunc);
537 AttachDecision tryAttachFunApply(HandleFunction calleeFunc);
538 AttachDecision tryAttachCallScripted(HandleFunction calleeFunc);
539 AttachDecision tryAttachInlinableNative(HandleFunction calleeFunc,
540 CallFlags flags);
541 AttachDecision tryAttachWasmCall(HandleFunction calleeFunc);
542 AttachDecision tryAttachCallNative(HandleFunction calleeFunc);
543 AttachDecision tryAttachCallHook(HandleObject calleeObj);
544 AttachDecision tryAttachBoundFunction(Handle<BoundFunctionObject*> calleeObj);
545
546 void trackAttached(const char* name /* must be a C string literal */);
547
548 public:
549 CallIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc, JSOp op,
550 ICState state, uint32_t argc, HandleValue callee,
551 HandleValue thisval, HandleValue newTarget,
552 HandleValueArray args);
553
554 AttachDecision tryAttachStub();
555 };
556
557 class MOZ_RAII InlinableNativeIRGenerator {
558 CallIRGenerator& generator_;
559 CacheIRWriter& writer;
560 JSContext* cx_;
561
562 HandleFunction callee_;
563 HandleValue newTarget_;
564 HandleValue thisval_;
565 HandleValueArray args_;
566 uint32_t argc_;
567 CallFlags flags_;
568
569 HandleScript script() const { return generator_.script_; }
570 bool isFirstStub() const { return generator_.isFirstStub_; }
571 bool ignoresResult() const { return generator_.op_ == JSOp::CallIgnoresRv; }
572
573 void emitNativeCalleeGuard();
574 void emitOptimisticClassGuard(ObjOperandId objId, JSObject* obj,
575 GuardClassKind kind) {
576 generator_.emitOptimisticClassGuard(objId, obj, kind);
577 }
578
579 ObjOperandId emitLoadArgsArray();
580
581 void initializeInputOperand() {
582 // The input operand is already initialized for FunCall and FunApplyArray.
583 if (flags_.getArgFormat() == CallFlags::FunCall ||
584 flags_.getArgFormat() == CallFlags::FunApplyArray) {
585 return;
586 }
587 (void)writer.setInputOperandId(0);
588 }
589
590 auto emitToStringGuard(ValOperandId id, const Value& v) {
591 return generator_.emitToStringGuard(id, v);
592 }
593
594 auto emitNumericGuard(ValOperandId valId, const Value& v, Scalar::Type type) {
595 return generator_.emitNumericGuard(valId, v, type);
596 }
597
598 auto guardToIntPtrIndex(const Value& index, ValOperandId indexId,
599 bool supportOOB) {
600 return generator_.guardToIntPtrIndex(index, indexId, supportOOB);
601 }
602
603 bool canAttachAtomicsReadWriteModify();
604
605 struct AtomicsReadWriteModifyOperands {
606 ObjOperandId objId;
607 IntPtrOperandId intPtrIndexId;
608 OperandId numericValueId;
609 };
610
611 AtomicsReadWriteModifyOperands emitAtomicsReadWriteModifyOperands();
612
613 AttachDecision tryAttachArrayPush();
614 AttachDecision tryAttachArrayPopShift(InlinableNative native);
615 AttachDecision tryAttachArrayJoin();
616 AttachDecision tryAttachArraySlice();
617 AttachDecision tryAttachArrayIsArray();
618 AttachDecision tryAttachDataViewGet(Scalar::Type type);
619 AttachDecision tryAttachDataViewSet(Scalar::Type type);
620 AttachDecision tryAttachFunctionBind();
621 AttachDecision tryAttachSpecializedFunctionBind(
622 Handle<JSObject*> target, Handle<BoundFunctionObject*> templateObj);
623 AttachDecision tryAttachUnsafeGetReservedSlot(InlinableNative native);
624 AttachDecision tryAttachUnsafeSetReservedSlot();
625 AttachDecision tryAttachIsSuspendedGenerator();
626 AttachDecision tryAttachToObject();
627 AttachDecision tryAttachToInteger();
628 AttachDecision tryAttachToLength();
629 AttachDecision tryAttachIsObject();
630 AttachDecision tryAttachIsPackedArray();
631 AttachDecision tryAttachIsCallable();
632 AttachDecision tryAttachIsConstructor();
633 AttachDecision tryAttachIsCrossRealmArrayConstructor();
634 AttachDecision tryAttachGuardToClass(InlinableNative native);
635 AttachDecision tryAttachGuardToArrayBuffer();
636 AttachDecision tryAttachGuardToSharedArrayBuffer();
637 AttachDecision tryAttachHasClass(const JSClass* clasp,
638 bool isPossiblyWrapped);
639 AttachDecision tryAttachRegExpMatcherSearcher(InlinableNative native);
640 AttachDecision tryAttachRegExpSearcherLastLimit();
641 AttachDecision tryAttachRegExpHasCaptureGroups();
642 AttachDecision tryAttachRegExpPrototypeOptimizable();
643 AttachDecision tryAttachRegExpInstanceOptimizable();
644 AttachDecision tryAttachIntrinsicRegExpBuiltinExec(InlinableNative native);
645 AttachDecision tryAttachIntrinsicRegExpExec(InlinableNative native);
646 AttachDecision tryAttachGetFirstDollarIndex();
647 AttachDecision tryAttachSubstringKernel();
648 AttachDecision tryAttachObjectHasPrototype();
649 AttachDecision tryAttachString();
650 AttachDecision tryAttachStringConstructor();
651 AttachDecision tryAttachStringToStringValueOf();
652 AttachDecision tryAttachStringChar(StringChar kind);
653 AttachDecision tryAttachStringCharCodeAt();
654 AttachDecision tryAttachStringCodePointAt();
655 AttachDecision tryAttachStringCharAt();
656 AttachDecision tryAttachStringAt();
657 AttachDecision tryAttachStringFromCharCode();
658 AttachDecision tryAttachStringFromCodePoint();
659 AttachDecision tryAttachStringIncludes();
660 AttachDecision tryAttachStringIndexOf();
661 AttachDecision tryAttachStringLastIndexOf();
662 AttachDecision tryAttachStringStartsWith();
663 AttachDecision tryAttachStringEndsWith();
664 AttachDecision tryAttachStringToLowerCase();
665 AttachDecision tryAttachStringToUpperCase();
666 AttachDecision tryAttachStringTrim();
667 AttachDecision tryAttachStringTrimStart();
668 AttachDecision tryAttachStringTrimEnd();
669 AttachDecision tryAttachStringReplaceString();
670 AttachDecision tryAttachStringSplitString();
671 AttachDecision tryAttachMathRandom();
672 AttachDecision tryAttachMathAbs();
673 AttachDecision tryAttachMathClz32();
674 AttachDecision tryAttachMathSign();
675 AttachDecision tryAttachMathImul();
676 AttachDecision tryAttachMathFloor();
677 AttachDecision tryAttachMathCeil();
678 AttachDecision tryAttachMathTrunc();
679 AttachDecision tryAttachMathRound();
680 AttachDecision tryAttachMathSqrt();
681 AttachDecision tryAttachMathFRound();
682 AttachDecision tryAttachMathHypot();
683 AttachDecision tryAttachMathATan2();
684 AttachDecision tryAttachMathFunction(UnaryMathFunction fun);
685 AttachDecision tryAttachMathPow();
686 AttachDecision tryAttachMathMinMax(bool isMax);
687 AttachDecision tryAttachSpreadMathMinMax(bool isMax);
688 AttachDecision tryAttachIsTypedArray(bool isPossiblyWrapped);
689 AttachDecision tryAttachIsTypedArrayConstructor();
690 AttachDecision tryAttachTypedArrayByteOffset();
691 AttachDecision tryAttachTypedArrayElementSize();
692 AttachDecision tryAttachTypedArrayLength(bool isPossiblyWrapped);
693 AttachDecision tryAttachTypedArrayLengthZeroOnOutOfBounds();
694 AttachDecision tryAttachArrayBufferByteLength(bool isPossiblyWrapped);
695 AttachDecision tryAttachIsConstructing();
696 AttachDecision tryAttachGetNextMapSetEntryForIterator(bool isMap);
697 AttachDecision tryAttachNewArrayIterator();
698 AttachDecision tryAttachNewStringIterator();
699 AttachDecision tryAttachNewRegExpStringIterator();
700 AttachDecision tryAttachArrayIteratorPrototypeOptimizable();
701 AttachDecision tryAttachObjectCreate();
702 AttachDecision tryAttachObjectConstructor();
703 AttachDecision tryAttachArrayConstructor();
704 AttachDecision tryAttachTypedArrayConstructor();
705 AttachDecision tryAttachNumber();
706 AttachDecision tryAttachNumberParseInt();
707 AttachDecision tryAttachNumberToString();
708 AttachDecision tryAttachReflectGetPrototypeOf();
709 AttachDecision tryAttachAtomicsCompareExchange();
710 AttachDecision tryAttachAtomicsExchange();
711 AttachDecision tryAttachAtomicsAdd();
712 AttachDecision tryAttachAtomicsSub();
713 AttachDecision tryAttachAtomicsAnd();
714 AttachDecision tryAttachAtomicsOr();
715 AttachDecision tryAttachAtomicsXor();
716 AttachDecision tryAttachAtomicsLoad();
717 AttachDecision tryAttachAtomicsStore();
718 AttachDecision tryAttachAtomicsIsLockFree();
719 AttachDecision tryAttachBoolean();
720 AttachDecision tryAttachBailout();
721 AttachDecision tryAttachAssertFloat32();
722 AttachDecision tryAttachAssertRecoveredOnBailout();
723 AttachDecision tryAttachObjectIs();
724 AttachDecision tryAttachObjectIsPrototypeOf();
725 AttachDecision tryAttachObjectKeys();
726 AttachDecision tryAttachObjectToString();
727 AttachDecision tryAttachBigIntAsIntN();
728 AttachDecision tryAttachBigIntAsUintN();
729 AttachDecision tryAttachSetHas();
730 AttachDecision tryAttachSetSize();
731 AttachDecision tryAttachMapHas();
732 AttachDecision tryAttachMapGet();
733 #ifdef FUZZING_JS_FUZZILLI
734 AttachDecision tryAttachFuzzilliHash();
735 #endif
736
737 void trackAttached(const char* name /* must be a C string literal */) {
738 return generator_.trackAttached(name);
739 }
740
741 public:
742 InlinableNativeIRGenerator(CallIRGenerator& generator, HandleFunction callee,
743 HandleValue newTarget, HandleValue thisValue,
744 HandleValueArray args, CallFlags flags)
745 : generator_(generator),
746 writer(generator.writer),
747 cx_(generator.cx_),
748 callee_(callee),
749 newTarget_(newTarget),
750 thisval_(thisValue),
751 args_(args),
752 argc_(args.length()),
753 flags_(flags) {}
754
755 AttachDecision tryAttachStub();
756 };
757
758 class MOZ_RAII CompareIRGenerator : public IRGenerator {
759 JSOp op_;
760 HandleValue lhsVal_;
761 HandleValue rhsVal_;
762
763 AttachDecision tryAttachString(ValOperandId lhsId, ValOperandId rhsId);
764 AttachDecision tryAttachObject(ValOperandId lhsId, ValOperandId rhsId);
765 AttachDecision tryAttachSymbol(ValOperandId lhsId, ValOperandId rhsId);
766 AttachDecision tryAttachStrictDifferentTypes(ValOperandId lhsId,
767 ValOperandId rhsId);
768 AttachDecision tryAttachInt32(ValOperandId lhsId, ValOperandId rhsId);
769 AttachDecision tryAttachNumber(ValOperandId lhsId, ValOperandId rhsId);
770 AttachDecision tryAttachBigInt(ValOperandId lhsId, ValOperandId rhsId);
771 AttachDecision tryAttachAnyNullUndefined(ValOperandId lhsId,
772 ValOperandId rhsId);
773 AttachDecision tryAttachNullUndefined(ValOperandId lhsId, ValOperandId rhsId);
774 AttachDecision tryAttachStringNumber(ValOperandId lhsId, ValOperandId rhsId);
775 AttachDecision tryAttachPrimitiveSymbol(ValOperandId lhsId,
776 ValOperandId rhsId);
777 AttachDecision tryAttachBigIntInt32(ValOperandId lhsId, ValOperandId rhsId);
778 AttachDecision tryAttachBigIntNumber(ValOperandId lhsId, ValOperandId rhsId);
779 AttachDecision tryAttachBigIntString(ValOperandId lhsId, ValOperandId rhsId);
780
781 void trackAttached(const char* name /* must be a C string literal */);
782
783 public:
784 CompareIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc, ICState state,
785 JSOp op, HandleValue lhsVal, HandleValue rhsVal);
786
787 AttachDecision tryAttachStub();
788 };
789
790 class MOZ_RAII ToBoolIRGenerator : public IRGenerator {
791 HandleValue val_;
792
793 AttachDecision tryAttachBool();
794 AttachDecision tryAttachInt32();
795 AttachDecision tryAttachNumber();
796 AttachDecision tryAttachString();
797 AttachDecision tryAttachSymbol();
798 AttachDecision tryAttachNullOrUndefined();
799 AttachDecision tryAttachObject();
800 AttachDecision tryAttachBigInt();
801
802 void trackAttached(const char* name /* must be a C string literal */);
803
804 public:
805 ToBoolIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc, ICState state,
806 HandleValue val);
807
808 AttachDecision tryAttachStub();
809 };
810
811 class MOZ_RAII GetIntrinsicIRGenerator : public IRGenerator {
812 HandleValue val_;
813
814 void trackAttached(const char* name /* must be a C string literal */);
815
816 public:
817 GetIntrinsicIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
818 ICState state, HandleValue val);
819
820 AttachDecision tryAttachStub();
821 };
822
823 class MOZ_RAII UnaryArithIRGenerator : public IRGenerator {
824 JSOp op_;
825 HandleValue val_;
826 HandleValue res_;
827
828 AttachDecision tryAttachInt32();
829 AttachDecision tryAttachNumber();
830 AttachDecision tryAttachBitwise();
831 AttachDecision tryAttachBigInt();
832 AttachDecision tryAttachStringInt32();
833 AttachDecision tryAttachStringNumber();
834
835 void trackAttached(const char* name /* must be a C string literal */);
836
837 public:
838 UnaryArithIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
839 ICState state, JSOp op, HandleValue val,
840 HandleValue res);
841
842 AttachDecision tryAttachStub();
843 };
844
845 class MOZ_RAII ToPropertyKeyIRGenerator : public IRGenerator {
846 HandleValue val_;
847
848 AttachDecision tryAttachInt32();
849 AttachDecision tryAttachNumber();
850 AttachDecision tryAttachString();
851 AttachDecision tryAttachSymbol();
852
853 void trackAttached(const char* name /* must be a C string literal */);
854
855 public:
856 ToPropertyKeyIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
857 ICState state, HandleValue val);
858
859 AttachDecision tryAttachStub();
860 };
861
862 class MOZ_RAII BinaryArithIRGenerator : public IRGenerator {
863 JSOp op_;
864 HandleValue lhs_;
865 HandleValue rhs_;
866 HandleValue res_;
867
868 void trackAttached(const char* name /* must be a C string literal */);
869
870 AttachDecision tryAttachInt32();
871 AttachDecision tryAttachDouble();
872 AttachDecision tryAttachBitwise();
873 AttachDecision tryAttachStringConcat();
874 AttachDecision tryAttachStringObjectConcat();
875 AttachDecision tryAttachBigInt();
876 AttachDecision tryAttachStringInt32Arith();
877 AttachDecision tryAttachStringNumberArith();
878
879 public:
880 BinaryArithIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
881 ICState state, JSOp op, HandleValue lhs,
882 HandleValue rhs, HandleValue res);
883
884 AttachDecision tryAttachStub();
885 };
886
887 class MOZ_RAII NewArrayIRGenerator : public IRGenerator {
888 #ifdef JS_CACHEIR_SPEW
889 JSOp op_;
890 #endif
891 HandleObject templateObject_;
892 BaselineFrame* frame_;
893
894 void trackAttached(const char* name /* must be a C string literal */);
895
896 public:
897 NewArrayIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
898 ICState state, JSOp op, HandleObject templateObj,
899 BaselineFrame* frame);
900
901 AttachDecision tryAttachStub();
902 AttachDecision tryAttachArrayObject();
903 };
904
905 class MOZ_RAII NewObjectIRGenerator : public IRGenerator {
906 #ifdef JS_CACHEIR_SPEW
907 JSOp op_;
908 #endif
909 HandleObject templateObject_;
910 BaselineFrame* frame_;
911
912 void trackAttached(const char* name /* must be a C string literal */);
913
914 public:
915 NewObjectIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
916 ICState state, JSOp op, HandleObject templateObj,
917 BaselineFrame* frame);
918
919 AttachDecision tryAttachStub();
920 AttachDecision tryAttachPlainObject();
921 };
922
923 inline bool BytecodeOpCanHaveAllocSite(JSOp op) {
924 return op == JSOp::NewArray || op == JSOp::NewObject || op == JSOp::NewInit;
925 }
926
927 class MOZ_RAII CloseIterIRGenerator : public IRGenerator {
928 HandleObject iter_;
929 CompletionKind kind_;
930
931 void trackAttached(const char* name /* must be a C string literal */);
932
933 public:
934 CloseIterIRGenerator(JSContext* cx, HandleScript, jsbytecode* pc,
935 ICState state, HandleObject iter, CompletionKind kind);
936
937 AttachDecision tryAttachStub();
938 AttachDecision tryAttachNoReturnMethod();
939 AttachDecision tryAttachScriptedReturn();
940 };
941
942 // Retrieve Xray JIT info set by the embedder.
943 extern JS::XrayJitInfo* GetXrayJitInfo();
944
945 } // namespace jit
946 } // namespace js
947
948 #endif /* jit_CacheIRGenerator_h */