| blob | 132070d535c1172f6f7f0918d40d50400a4003d2 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef jit_CacheIR_h
8 #define jit_CacheIR_h
13 #include <stddef.h>
14 #include <stdint.h>
27 // [SMDOC] CacheIR
28 //
29 // CacheIR is an (extremely simple) linear IR language for inline caches.
30 // From this IR, we can generate machine code for Baseline or Ion IC stubs.
31 //
32 // IRWriter
33 // --------
34 // CacheIR bytecode is written using IRWriter. This class also records some
35 // metadata that's used by the Baseline and Ion code generators to generate
36 // (efficient) machine code.
37 //
38 // Sharing Baseline stub code
39 // --------------------------
40 // Baseline stores data (like Shape* and fixed slot offsets) inside the ICStub
41 // structure, instead of embedding them directly in the JitCode. This makes
42 // Baseline IC code slightly slower, but allows us to share IC code between
43 // caches. CacheIR makes it easy to share code between stubs: stubs that have
44 // the same CacheIR (and CacheKind), will have the same Baseline stub code.
45 //
46 // Baseline stubs that share JitCode also share a CacheIRStubInfo structure.
47 // This class stores the CacheIR and the location of GC things stored in the
48 // stub, for the GC.
49 //
50 // JitZone has a CacheIRStubInfo* -> JitCode* weak map that's used to share both
51 // the IR and JitCode between Baseline CacheIR stubs. This HashMap owns the
52 // stubInfo (it uses UniquePtr), so once there are no references left to the
53 // shared stub code, we can also free the CacheIRStubInfo.
54 //
55 // Ion stubs
56 // ---------
57 // Unlike Baseline stubs, Ion stubs do not share stub code, and data stored in
58 // the IonICStub is baked into JIT code. This is one of the reasons Ion stubs
59 // are faster than Baseline stubs. Also note that Ion ICs contain more state
60 // (see IonGetPropertyIC for example) and use dynamic input/output registers,
61 // so sharing stub code for Ion would be much more difficult.
63 // An OperandId represents either a cache input or a value returned by a
64 // CacheIR instruction. Most code should use the ValOperandId and ObjOperandId
65 // classes below. The ObjOperandId class represents an operand that's known to
66 // be an object, just as StringOperandId represents a known string, etc.
78 };
84 };
90 };
96 };
105 };
111 };
117 };
123 };
129 };
135 };
141 };
144 JSValueType type_;
169 };
171 #define CACHE_IR_KINDS(_) \
172 _(GetProp) \
173 _(GetElem) \
174 _(GetName) \
175 _(GetPropSuper) \
176 _(GetElemSuper) \
177 _(GetIntrinsic) \
178 _(SetProp) \
179 _(SetElem) \
180 _(BindName) \
181 _(In) \
182 _(HasOwn) \
183 _(CheckPrivateField) \
184 _(TypeOf) \
185 _(ToPropertyKey) \
186 _(InstanceOf) \
187 _(GetIterator) \
188 _(CloseIter) \
189 _(OptimizeGetIterator) \
190 _(OptimizeSpreadCall) \
191 _(Compare) \
192 _(ToBool) \
193 _(Call) \
194 _(UnaryArith) \
195 _(BinaryArith) \
196 _(NewObject) \
197 _(NewArray)
200 #define DEFINE_KIND(kind) kind,
202 #undef DEFINE_KIND
203 };
210 #define DEFINE_OP(op, ...) op,
212 #undef DEFINE_OP
213 NumOpcodes,
214 };
216 // CacheIR opcode info that's read in performance-sensitive code. Stored as a
217 // single byte per op for better cache locality.
221 };
229 }
236 // These fields take up a single word.
237 RawInt32,
238 RawPointer,
239 Shape,
240 WeakShape,
241 WeakGetterSetter,
242 JSObject,
243 WeakObject,
244 Symbol,
245 String,
246 WeakBaseScript,
247 JitCode,
249 Id,
250 AllocSite,
252 // These fields take up 64 bits on all platforms.
253 RawInt64,
255 Value,
256 Double,
258 Limit
259 };
264 }
269 }
274 }
277 }
281 Type type_;
286 }
298 }
302 }
305 // This class is used to wrap up information about a call to make it
306 // easier to convey from one function to another. (In particular,
307 // CacheIRWriter encodes the CallFlags in CacheIR, and CacheIRReader
308 // decodes them and uses them for compilation.)
312 Unknown,
313 Standard,
314 Spread,
315 FunCall,
316 FunApplyArgsObj,
317 FunApplyArray,
318 FunApplyNullUndefined,
319 LastArgFormat = FunApplyNullUndefined
320 };
342 }
350 // See CacheIRReader::callFlags()
355 }
358 }
361 }
363 }
371 // Used for encoding/decoding
381 };
383 // In baseline, we have to copy args onto the stack. Below this threshold, we
384 // will unroll the arg copy loop. We need to clamp this before providing it as
385 // an arg to a CacheIR op so that everything 5 or greater can share an IC.
389 }
392 // We cannot attach a stub.
393 NoAction,
395 // We can attach a stub.
396 Attach,
398 // We cannot currently attach a stub, but we expect to be able to do so in the
399 // future. In this case, we do not call trackNotAttached().
400 TemporarilyUnoptimizable,
402 // We want to attach a stub, but the result of the operation is
403 // needed to generate that stub. For example, AddSlot needs to know
404 // the resulting shape. Note: the attached stub will inspect the
405 // inputs to the operation, so most input checks should be done
406 // before the actual operation, with only minimal checks remaining
407 // for the deferred portion. This prevents arbitrary scripted code
408 // run by the operation from interfering with the conditions being
409 // checked.
410 Deferred
411 };
413 // If the input expression evaluates to an AttachDecision other than NoAction,
414 // return that AttachDecision. If it is NoAction, do nothing.
415 #define TRY_ATTACH(expr) \
416 do { \
417 AttachDecision tryAttachTempResult_ = expr; \
418 if (tryAttachTempResult_ != AttachDecision::NoAction) { \
419 return tryAttachTempResult_; \
420 } \
421 } while (0)
423 // Set of arguments supported by GetIndexOfArgument.
424 // Support for higher argument indices can be added easily, but is currently
425 // unneeded.
427 Callee,
428 This,
429 NewTarget,
430 Arg0,
431 Arg1,
432 Arg2,
433 Arg3,
434 Arg4,
435 Arg5,
436 Arg6,
437 Arg7,
438 NumKinds
439 };
447 }
449 // This function calculates the index of an argument based on the call flags.
450 // addArgc is an out-parameter, indicating whether the value of argc should
451 // be added to the return value to find the actual index.
454 // *** STACK LAYOUT (bottom to top) *** ******** INDEX ********
455 // Callee <-- argc+1 + isConstructing
456 // ThisValue <-- argc + isConstructing
457 // Args: | Arg0 | | ArgArray | <-- argc-1 + isConstructing
458 // | Arg1 | --or-- | | <-- argc-2 + isConstructing
459 // | ... | | (if spread | <-- ...
460 // | ArgN | | call) | <-- 0 + isConstructing
461 // NewTarget (only if constructing) <-- 0 (if it exists)
462 //
463 // If this is a spread call, then argc is always 1, and we can calculate the
464 // index directly. If this is not a spread call, then the index of any
465 // argument other than NewTarget depends on argc.
467 // First we determine whether the caller needs to add argc.
473 // Spread calls do not have Arg1 or higher.
484 }
486 // Second, we determine the offset relative to argc.
515 }
516 }
518 // We use this enum as GuardClass operand, instead of storing Class* pointers
519 // in the IR, to keep the IR compact and the same size on all platforms.
521 Array,
522 PlainObject,
523 FixedLengthArrayBuffer,
524 ResizableArrayBuffer,
525 FixedLengthSharedArrayBuffer,
526 GrowableSharedArrayBuffer,
527 FixedLengthDataView,
528 ResizableDataView,
529 MappedArguments,
530 UnmappedArguments,
531 WindowProxy,
532 JSFunction,
533 BoundFunction,
534 Set,
535 Map,
536 };
541 FixedLength,
542 Resizable,
543 };