| blob | 5810e92263d507b063e2f3a521b18d8475414c00 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef jit_JitScript_h
8 #define jit_JitScript_h
18 #include <stddef.h>
19 #include <stdint.h>
39 }
47 }
58 // Magic BaselineScript value indicating Baseline compilation has been disabled.
64 // Magic IonScript values indicating Ion compilation has been disabled or the
65 // script is being Ion-compiled off-thread.
74 /* [SMDOC] ICScript Lifetimes
75 *
76 * An ICScript owns an array of ICEntries, each of which owns a linked
77 * list of ICStubs.
78 *
79 * A JitScript contains an embedded ICScript. If it has done any trial
80 * inlining, it also owns an InliningRoot. The InliningRoot owns all
81 * of the ICScripts that have been created for inlining into the
82 * corresponding JitScript. This ties the lifetime of the inlined
83 * ICScripts to the lifetime of the JitScript itself.
84 *
85 * We store pointers to ICScripts in two other places: on the stack in
86 * BaselineFrame, and in IC stubs for CallInlinedFunction.
87 *
88 * The ICScript pointer in a BaselineFrame either points to the
89 * ICScript embedded in the JitScript for that frame, or to an inlined
90 * ICScript owned by a caller. In each case, there must be a frame on
91 * the stack corresponding to the JitScript that owns the current
92 * ICScript, which will keep the ICScript alive.
93 *
94 * Each ICStub is owned by an ICScript and, indirectly, a
95 * JitScript. An ICStub that uses CallInlinedFunction contains an
96 * ICScript for use by the callee. The ICStub and the callee ICScript
97 * are always owned by the same JitScript, so the callee ICScript will
98 * not be freed while the ICStub is alive.
99 *
100 * The lifetime of an ICScript is independent of the lifetimes of the
101 * BaselineScript and IonScript/WarpScript to which it
102 * corresponds. They can be destroyed and recreated, and the ICScript
103 * will remain valid.
104 *
105 * When we discard JIT code, we mark ICScripts that are active on the stack as
106 * active and then purge all of the inactive ICScripts. We also purge ICStubs,
107 * including the CallInlinedFunction stub at the trial inining call site, and
108 * reset the ICStates to allow trial inlining again later.
109 *
110 * If there's a BaselineFrame for an inlined ICScript, we'll preserve both this
111 * ICScript and the IC chain for the call site in the caller's ICScript.
112 * See ICScript::purgeStubs and ICScript::purgeInactiveICScripts.
113 */
136 }
141 }
147 }
152 }
164 }
168 }
174 }
202 #ifdef DEBUG
204 #endif
213 };
215 // If this ICScript was created for trial inlining or has another
216 // ICScript inlined into it, a pointer to the root of the inlining
217 // tree. Otherwise, nullptr.
220 // ICScripts that have been inlined into this ICScript.
223 // List of allocation sites referred to by ICs in this script.
228 // Number of times this copy of the script has been called or has had
229 // backedges taken. Reset if the script's JIT code is forcibly discarded.
230 // See also the ScriptWarmUpData class.
233 // The offset of the ICFallbackStub array.
234 Offset fallbackStubsOffset_;
236 // The size of this allocation.
237 Offset endOffset_;
239 // The inlining depth of this ICScript. 0 for the inlining root.
242 // Bytecode size of the JSScript corresponding to this ICScript.
245 // Flag set when discarding JIT code to indicate this script is on the stack
246 // and should not be discarded.
259 }
264 };
266 // [SMDOC] JitScript
267 //
268 // JitScript stores type inference data, Baseline ICs and other JIT-related data
269 // for a script. Scripts with a JitScript can run in the Baseline Interpreter.
270 //
271 // IC Data
272 // =======
273 // All IC data for Baseline (Interpreter and JIT) is stored in an ICScript. Each
274 // JitScript contains an ICScript as the last field. Additional free-standing
275 // ICScripts may be created during trial inlining. Ion has its own IC chains
276 // stored in IonScript.
277 //
278 // For each IC we store an ICEntry, which points to the first ICStub in the
279 // chain, and an ICFallbackStub. Note that multiple stubs in the same zone can
280 // share Baseline IC code. This works because the stub data is stored in the
281 // ICStub instead of baked in in the stub code.
282 //
283 // Storing this separate from BaselineScript allows us to use the same ICs in
284 // the Baseline Interpreter and Baseline JIT. It also simplifies debug mode OSR
285 // because the JitScript can be reused when we have to recompile the
286 // BaselineScript.
287 //
288 // An ICScript contains a list of IC entries and a list of fallback stubs.
289 // There's one ICEntry and ICFallbackStub for each JOF_IC bytecode op.
290 //
291 // The ICScript also contains the warmUpCount for the script.
292 //
293 // Inlining Data
294 // =============
295 // JitScript also contains a list of Warp compilations inlining this script, for
296 // invalidation.
297 //
298 // Memory Layout
299 // =============
300 // JitScript contains an ICScript as the last field. ICScript has trailing
301 // (variable length) arrays for ICEntry and ICFallbackStub. The memory layout is
302 // as follows:
303 //
304 // Item | Offset
305 // ------------------------+------------------------
306 // JitScript | 0
307 // -->ICScript (field) |
308 // ICEntry[] | icEntriesOffset()
309 // ICFallbackStub[] | fallbackStubsOffset()
310 //
311 // These offsets are also used to compute numICEntries.
317 // Profile string used by the profiler for Baseline Interpreter frames.
322 // Baseline code for the script. Either nullptr, BaselineDisabledScriptPtr or
323 // a valid BaselineScript*.
326 // Ion code for this script. Either nullptr, IonDisabledScriptPtr,
327 // IonCompilingScriptPtr or a valid IonScript*.
330 // For functions that need a CallObject and/or NamedLambdaObject, the template
331 // objects used by the Baseline JIT and Ion. If the function needs both a
332 // named lambda object and a call object, the named lambda object template is
333 // linked via the call object's enclosing environment. This field is set the
334 // first time the Baseline JIT compiles this script.
337 // Analysis data computed lazily the first time this script is compiled or
338 // inlined by WarpBuilder.
341 // The size of this allocation.
345 // True if this script entered Ion via OSR at a loop header.
347 };
352 #ifdef DEBUG
353 // If the last warp compilation invalidated because of TranspiledCacheIR
354 // bailouts, this is a hash of the ICScripts used in that compilation.
355 // When recompiling, we assert that the hash has changed.
358 // To avoid pathological cases, we skip the check if we have purged
359 // stubs due to GC pressure.
361 #endif
363 // Value of the warmup counter when the last IC stub was attached,
364 // used for Ion hints.
367 ICScript icScript_;
368 // End of fields.
381 HandleScript script);
389 #ifdef DEBUG
391 #endif
399 }
407 }
410 }
413 }
416 }
431 }
435 }
438 }
448 };
462 // Methods to set baselineScript_ to a BaselineScript*, nullptr, or
463 // BaselineDisabledScriptPtr.
469 // Methods for getting/setting/clearing a BaselineScript*.
474 }
478 }
483 }
489 }
492 // Methods to set ionScript_ to an IonScript*, nullptr, or one of the special
493 // Ion{Disabled,Compiling}ScriptPtr values.
498 // Helper that calls the passed function for the outer ICScript and for each
499 // inlined ICScript.
506 // Methods for getting/setting/clearing an IonScript*.
512 }
516 }
521 }
527 }
529 // Methods for off-thread compilation.
532 }
536 }
540 }
548 #ifdef DEBUG
551 #endif
552 }
554 #ifdef DEBUG
562 }
563 }
564 #endif
565 };
567 // Ensures no JitScripts are purged in the current zone.
578 };
580 // Mark ICScripts on the stack as active, so that they are not discarded
581 // during GC, and copy active Baseline IC stubs to the new stub space.
584 #ifdef JS_STRUCTURED_SPEW
586 #endif