| blob | 1675a9fa8d23348ba9c4fa21a3c7911adebb9bbf |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 *
4 * Copyright 2023 Mozilla Foundation
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
19 #ifndef wasm_anyref_h
20 #define wasm_anyref_h
24 #include <utility>
31 // #include "NamespaceImports.h"
43 // [SMDOC] AnyRef
44 //
45 // An AnyRef is a boxed value that can represent any wasm reference type and any
46 // host type that the host system allows to flow into and out of wasm
47 // transparently. It is a pointer-sized datum that has the same representation
48 // as all its subtypes (funcref, externref, eqref, (ref T), et al) due to the
49 // non-coercive subtyping of the wasm type system.
50 //
51 // The C++/wasm boundary always uses a 'void*' type to express AnyRef values, to
52 // emphasize the pointer-ness of the value. The C++ code must transform the
53 // void* into an AnyRef by calling AnyRef::fromCompiledCode(), and transform an
54 // AnyRef into a void* by calling AnyRef::toCompiledCode(). Once in C++, we use
55 // AnyRef everywhere. A JS Value is transformed into an AnyRef by calling
56 // AnyRef::fromJSValue(), and the AnyRef is transformed into a JS Value by
57 // calling AnyRef::toJSValue().
58 //
59 // NOTE that AnyRef values may point to GC'd storage and as such need to be
60 // rooted if they are kept live in boxed form across code that may cause GC!
61 // Use RootedAnyRef / HandleAnyRef / MutableHandleAnyRef where necessary.
62 //
63 // The lowest bits of the pointer value are used for tagging, to allow for some
64 // representation optimizations and to distinguish various types.
65 //
66 // The current tagging scheme is:
67 // if (pointer == 0) then 'null'
68 // if (pointer & 0x1) then 'i31'
69 // if (pointer & 0x2) then 'string'
70 // else 'object'
71 //
72 // NOTE: there is sequencing required when checking tags. If bit 0x1 is set,
73 // then bit 0x2 is part of the i31 value and does not imply string.
74 //
75 // An i31ref value has no sign interpretation within wasm, where instructions
76 // specify the signedness. When converting to/from a JS value, an i31ref value
77 // is treated as a signed 31-bit value.
79 // The kind of value stored in an AnyRef. This is not 1:1 with the pointer tag
80 // of AnyRef as this separates the 'Null' and 'Object' cases which are
81 // collapsed in the pointer tag.
83 Null,
84 Object,
85 String,
86 I31,
87 };
89 // The pointer tag of an AnyRef.
91 // This value is either a JSObject& or a null pointer.
93 // This value is a 31-bit integer.
95 // This value is a JSString*.
97 };
99 // A reference to any wasm reference type or host (JS) value. AnyRef is
100 // optimized for efficient access to objects, strings, and 31-bit integers.
101 //
102 // See the above documentation comment for more details.
106 // Get the pointer tag stored in value_.
114 }
117 }
119 // Mask off all but the lowest two-bits (the tag)
121 // If the lowest bit is set, we want to normalize and only return
122 // AnyRefTag::I31. Mask off the high-bit iff the low-bit was set.
125 }
127 // Given a 32-bit signed integer within 31-bit signed bounds, turn it into
128 // an AnyRef.
132 }
138 // A mask for getting the GC thing an AnyRef represents.
140 // A combined mask for getting the gc::Chunk for an AnyRef that is a GC
141 // thing.
145 // The representation of a null reference value throughout the compiler for
146 // when we need an integer constant. This is asserted to be equivalent to
147 // nullptr in wasm::Init.
151 // The inclusive maximum 31-bit signed integer, 2^30 - 1.
153 // The inclusive minimum 31-bit signed integer, -2^30.
159 // The null AnyRef value.
162 // An invalid AnyRef cannot arise naturally from wasm and so can be used as
163 // a sentinel value to indicate failure from an AnyRef-returning function.
166 // Given a JSObject* that comes from JS, turn it into AnyRef.
171 }
173 // Given a JSObject& that comes from JS, turn it into AnyRef.
177 }
179 // Given a JSString* that comes from JS, turn it into AnyRef.
182 }
184 // Given a void* that comes from compiled wasm code, turn it into AnyRef.
187 }
189 // Given a JS value, turn it into AnyRef. This returns false if boxing the
190 // value failed due to an OOM.
194 // fromUint32Truncate will produce an i31 from an int32 by truncating the
195 // highest bit. For values in the 31-bit range, this losslessly preserves the
196 // value. For values outside the 31-bit range, this performs 31-bit
197 // wraparound.
198 //
199 // There are four cases here based on the two high bits:
200 // 00 - [0, MaxI31Value]
201 // 01 - (MaxI31Value, INT32_MAX]
202 // 10 - [INT32_MIN, MinI31Value)
203 // 11 - [MinI31Value, -1]
204 //
205 // The middle two cases can be ruled out if the value is guaranteed to be
206 // within the i31 range. Therefore if we truncate the high bit upon converting
207 // to i31 and perform a signed widening upon converting back to i32, we can
208 // losslessly represent all i31 values.
210 // See 64-bit GPRs carrying 32-bit values invariants in MacroAssember.h
211 #if defined(JS_CODEGEN_X64) || defined(JS_CODEGEN_ARM64)
212 // Truncate the value to the 31-bit value size.
214 #elif defined(JS_CODEGEN_LOONG64) || defined(JS_CODEGEN_MIPS64) || \
215 defined(JS_CODEGEN_RISCV64)
216 // Sign extend the value to the native pointer size.
218 #else
219 // Transfer 32-bit value as is.
221 #endif
223 // Left shift the value by 1, truncating the high bit.
227 }
230 // We can represent every signed 31-bit number without boxing
232 }
238 }
240 }
242 // Returns whether a JS value will need to be boxed.
246 }
249 }
252 }
254 }
256 // Box a JS Value that needs boxing.
261 }
264 // Check if this AnyRef is the invalid value.
270 }
273 // The invalid pattern uses the ObjectOrNull tag, check for it here.
275 // We ruled out the null case above
277 }
280 }
283 }
286 }
287 }
288 }
299 }
303 }
308 }
312 }
313 // Unpack an i31, interpreting the integer as signed.
316 // On 64-bit targets, we only care about the low 4-bytes.
318 // Perform a right arithmetic shift (see AnyRef::fromI31 for more details),
319 // avoiding undefined behavior by using an unsigned type.
323 }
324 // Perform a bitwise cast to see the result as a signed value.
326 }
328 // Convert from AnyRef to a JS Value. This currently does not require any
329 // allocation. If this changes in the future, this function will become
330 // more complicated.
333 // Get the raw value for returning to wasm code.
336 // Get the raw value for diagnostics.
339 // Internal details of the boxing format used by WasmStubs.cpp
342 };
354 }
363 };
365 // If the Value is a GC pointer type, call |f| with the pointer cast to that
366 // type and return the result wrapped in a Maybe, otherwise return None().
378 }
379 }
381 }
389 })
391 }
400 // This should only be called as part of root marking since that's the only
401 // time we should trace unbarriered GC thing pointers. This will assert if
402 // called at other times.
404 }
407 }
408 };