search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1890750 - Part 1: Include NATIVE_JIT_ENTRY in FunctionFlags::HasJitEntryFlags...
[gecko.git] / js / src / jit / MacroAssembler-inl.h
blob90bf54bf00901dfc83252109fae1af899489d83e
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef jit_MacroAssembler_inl_h
8 #define jit_MacroAssembler_inl_h
9
10 #include "jit/MacroAssembler.h"
11
12 #include "mozilla/FloatingPoint.h"
13 #include "mozilla/MathAlgorithms.h"
14
15 #include "gc/Zone.h"
16 #include "jit/CalleeToken.h"
17 #include "jit/CompileWrappers.h"
18 #include "jit/JitFrames.h"
19 #include "jit/JSJitFrameIter.h"
20 #include "js/Prefs.h"
21 #include "util/DifferentialTesting.h"
22 #include "vm/BigIntType.h"
23 #include "vm/JSObject.h"
24 #include "vm/ProxyObject.h"
25 #include "vm/Runtime.h"
26 #include "vm/StringType.h"
27
28 #include "jit/ABIFunctionList-inl.h"
29
30 #if defined(JS_CODEGEN_X86)
31 # include "jit/x86/MacroAssembler-x86-inl.h"
32 #elif defined(JS_CODEGEN_X64)
33 # include "jit/x64/MacroAssembler-x64-inl.h"
34 #elif defined(JS_CODEGEN_ARM)
35 # include "jit/arm/MacroAssembler-arm-inl.h"
36 #elif defined(JS_CODEGEN_ARM64)
37 # include "jit/arm64/MacroAssembler-arm64-inl.h"
38 #elif defined(JS_CODEGEN_MIPS32)
39 # include "jit/mips32/MacroAssembler-mips32-inl.h"
40 #elif defined(JS_CODEGEN_MIPS64)
41 # include "jit/mips64/MacroAssembler-mips64-inl.h"
42 #elif defined(JS_CODEGEN_LOONG64)
43 # include "jit/loong64/MacroAssembler-loong64-inl.h"
44 #elif defined(JS_CODEGEN_RISCV64)
45 # include "jit/riscv64/MacroAssembler-riscv64-inl.h"
46 #elif defined(JS_CODEGEN_WASM32)
47 # include "jit/wasm32/MacroAssembler-wasm32-inl.h"
48 #elif !defined(JS_CODEGEN_NONE)
49 # error "Unknown architecture!"
50 #endif
51
52 #include "wasm/WasmBuiltins.h"
53
54 namespace js {
55 namespace jit {
56
57 template <typename Sig>
58 DynFn DynamicFunction(Sig fun) {
59 ABIFunctionSignature<Sig> sig;
60 return DynFn{sig.address(fun)};
61 }
62
63 // Helper for generatePreBarrier.
64 inline DynFn JitPreWriteBarrier(MIRType type) {
65 switch (type) {
66 case MIRType::Value: {
67 using Fn = void (*)(JSRuntime* rt, Value* vp);
68 return DynamicFunction<Fn>(JitValuePreWriteBarrier);
69 }
70 case MIRType::String: {
71 using Fn = void (*)(JSRuntime* rt, JSString** stringp);
72 return DynamicFunction<Fn>(JitStringPreWriteBarrier);
73 }
74 case MIRType::Object: {
75 using Fn = void (*)(JSRuntime* rt, JSObject** objp);
76 return DynamicFunction<Fn>(JitObjectPreWriteBarrier);
77 }
78 case MIRType::Shape: {
79 using Fn = void (*)(JSRuntime* rt, Shape** shapep);
80 return DynamicFunction<Fn>(JitShapePreWriteBarrier);
81 }
82 case MIRType::WasmAnyRef: {
83 using Fn = void (*)(JSRuntime* rt, wasm::AnyRef* refp);
84 return DynamicFunction<Fn>(JitWasmAnyRefPreWriteBarrier);
85 }
86 default:
87 MOZ_CRASH();
88 }
89 }
90
91 //{{{ check_macroassembler_style
92 // ===============================================================
93 // Stack manipulation functions.
94
95 CodeOffset MacroAssembler::PushWithPatch(ImmWord word) {
96 framePushed_ += sizeof(word.value);
97 return pushWithPatch(word);
98 }
99
100 CodeOffset MacroAssembler::PushWithPatch(ImmPtr imm) {
101 return PushWithPatch(ImmWord(uintptr_t(imm.value)));
102 }
103
104 // ===============================================================
105 // Simple call functions.
106
107 void MacroAssembler::call(TrampolinePtr code) { call(ImmPtr(code.value)); }
108
109 CodeOffset MacroAssembler::call(const wasm::CallSiteDesc& desc,
110 const Register reg) {
111 CodeOffset l = call(reg);
112 append(desc, l);
113 return l;
114 }
115
116 CodeOffset MacroAssembler::call(const wasm::CallSiteDesc& desc,
117 uint32_t funcIndex) {
118 CodeOffset l = callWithPatch();
119 append(desc, l, funcIndex);
120 return l;
121 }
122
123 void MacroAssembler::call(const wasm::CallSiteDesc& desc, wasm::Trap trap) {
124 CodeOffset l = callWithPatch();
125 append(desc, l, trap);
126 }
127
128 CodeOffset MacroAssembler::call(const wasm::CallSiteDesc& desc,
129 wasm::SymbolicAddress imm) {
130 MOZ_ASSERT(wasm::NeedsBuiltinThunk(imm),
131 "only for functions which may appear in profiler");
132 CodeOffset raOffset = call(imm);
133 append(desc, raOffset);
134 return raOffset;
135 }
136
137 // ===============================================================
138 // ABI function calls.
139
140 void MacroAssembler::passABIArg(Register reg) {
141 passABIArg(MoveOperand(reg), ABIType::General);
142 }
143
144 void MacroAssembler::passABIArg(FloatRegister reg, ABIType type) {
145 passABIArg(MoveOperand(reg), type);
146 }
147
148 void MacroAssembler::callWithABI(DynFn fun, ABIType result,
149 CheckUnsafeCallWithABI check) {
150 AutoProfilerCallInstrumentation profiler(*this);
151 callWithABINoProfiler(fun.address, result, check);
152 }
153
154 template <typename Sig, Sig fun>
155 void MacroAssembler::callWithABI(ABIType result, CheckUnsafeCallWithABI check) {
156 ABIFunction<Sig, fun> abiFun;
157 AutoProfilerCallInstrumentation profiler(*this);
158 callWithABINoProfiler(abiFun.address(), result, check);
159 }
160
161 void MacroAssembler::callWithABI(Register fun, ABIType result) {
162 AutoProfilerCallInstrumentation profiler(*this);
163 callWithABINoProfiler(fun, result);
164 }
165
166 void MacroAssembler::callWithABI(const Address& fun, ABIType result) {
167 AutoProfilerCallInstrumentation profiler(*this);
168 callWithABINoProfiler(fun, result);
169 }
170
171 void MacroAssembler::appendSignatureType(ABIType type) {
172 #ifdef JS_SIMULATOR
173 signature_ <<= ABITypeArgShift;
174 signature_ |= uint32_t(type);
175 #endif
176 }
177
178 ABIFunctionType MacroAssembler::signature() const {
179 #ifdef JS_SIMULATOR
180 # ifdef DEBUG
181 switch (signature_) {
182 case Args_General0:
183 case Args_General1:
184 case Args_General2:
185 case Args_General3:
186 case Args_General4:
187 case Args_General5:
188 case Args_General6:
189 case Args_General7:
190 case Args_General8:
191 case Args_Double_None:
192 case Args_Int_Double:
193 case Args_Float32_Float32:
194 case Args_Int_Float32:
195 case Args_Double_Double:
196 case Args_Double_Int:
197 case Args_Double_DoubleInt:
198 case Args_Double_DoubleDouble:
199 case Args_Double_IntDouble:
200 case Args_Int_IntDouble:
201 case Args_Int_DoubleInt:
202 case Args_Int_DoubleIntInt:
203 case Args_Int_IntDoubleIntInt:
204 case Args_Double_DoubleDoubleDouble:
205 case Args_Double_DoubleDoubleDoubleDouble:
206 case Args_Int64_GeneralGeneral:
207 break;
208 default:
209 MOZ_CRASH("Unexpected type");
210 }
211 # endif // DEBUG
212
213 return ABIFunctionType(signature_);
214 #else
215 // No simulator enabled.
216 MOZ_CRASH("Only available for making calls within a simulator.");
217 #endif
218 }
219
220 // ===============================================================
221 // Jit Frames.
222
223 uint32_t MacroAssembler::callJitNoProfiler(Register callee) {
224 #ifdef JS_USE_LINK_REGISTER
225 // The return address is pushed by the callee.
226 call(callee);
227 #else
228 callAndPushReturnAddress(callee);
229 #endif
230 return currentOffset();
231 }
232
233 uint32_t MacroAssembler::callJit(Register callee) {
234 AutoProfilerCallInstrumentation profiler(*this);
235 uint32_t ret = callJitNoProfiler(callee);
236 return ret;
237 }
238
239 uint32_t MacroAssembler::callJit(JitCode* callee) {
240 AutoProfilerCallInstrumentation profiler(*this);
241 call(callee);
242 return currentOffset();
243 }
244
245 uint32_t MacroAssembler::callJit(TrampolinePtr code) {
246 AutoProfilerCallInstrumentation profiler(*this);
247 call(code);
248 return currentOffset();
249 }
250
251 uint32_t MacroAssembler::callJit(ImmPtr callee) {
252 AutoProfilerCallInstrumentation profiler(*this);
253 call(callee);
254 return currentOffset();
255 }
256
257 void MacroAssembler::pushFrameDescriptor(FrameType type) {
258 uint32_t descriptor = MakeFrameDescriptor(type);
259 push(Imm32(descriptor));
260 }
261
262 void MacroAssembler::PushFrameDescriptor(FrameType type) {
263 uint32_t descriptor = MakeFrameDescriptor(type);
264 Push(Imm32(descriptor));
265 }
266
267 void MacroAssembler::pushFrameDescriptorForJitCall(FrameType type,
268 uint32_t argc) {
269 uint32_t descriptor = MakeFrameDescriptorForJitCall(type, argc);
270 push(Imm32(descriptor));
271 }
272
273 void MacroAssembler::PushFrameDescriptorForJitCall(FrameType type,
274 uint32_t argc) {
275 uint32_t descriptor = MakeFrameDescriptorForJitCall(type, argc);
276 Push(Imm32(descriptor));
277 }
278
279 void MacroAssembler::pushFrameDescriptorForJitCall(FrameType type,
280 Register argc,
281 Register scratch) {
282 if (argc != scratch) {
283 mov(argc, scratch);
284 }
285 lshift32(Imm32(NUMACTUALARGS_SHIFT), scratch);
286 or32(Imm32(int32_t(type)), scratch);
287 push(scratch);
288 }
289
290 void MacroAssembler::PushFrameDescriptorForJitCall(FrameType type,
291 Register argc,
292 Register scratch) {
293 pushFrameDescriptorForJitCall(type, argc, scratch);
294 framePushed_ += sizeof(uintptr_t);
295 }
296
297 void MacroAssembler::loadNumActualArgs(Register framePtr, Register dest) {
298 loadPtr(Address(framePtr, JitFrameLayout::offsetOfDescriptor()), dest);
299 rshift32(Imm32(NUMACTUALARGS_SHIFT), dest);
300 }
301
302 void MacroAssembler::PushCalleeToken(Register callee, bool constructing) {
303 if (constructing) {
304 orPtr(Imm32(CalleeToken_FunctionConstructing), callee);
305 Push(callee);
306 andPtr(Imm32(uint32_t(CalleeTokenMask)), callee);
307 } else {
308 static_assert(CalleeToken_Function == 0,
309 "Non-constructing call requires no tagging");
310 Push(callee);
311 }
312 }
313
314 void MacroAssembler::loadFunctionFromCalleeToken(Address token, Register dest) {
315 #ifdef DEBUG
316 Label ok;
317 loadPtr(token, dest);
318 andPtr(Imm32(uint32_t(~CalleeTokenMask)), dest);
319 branchPtr(Assembler::Equal, dest, Imm32(CalleeToken_Function), &ok);
320 branchPtr(Assembler::Equal, dest, Imm32(CalleeToken_FunctionConstructing),
321 &ok);
322 assumeUnreachable("Unexpected CalleeToken tag");
323 bind(&ok);
324 #endif
325 loadPtr(token, dest);
326 andPtr(Imm32(uint32_t(CalleeTokenMask)), dest);
327 }
328
329 uint32_t MacroAssembler::buildFakeExitFrame(Register scratch) {
330 mozilla::DebugOnly<uint32_t> initialDepth = framePushed();
331
332 PushFrameDescriptor(FrameType::IonJS);
333 uint32_t retAddr = pushFakeReturnAddress(scratch);
334 Push(FramePointer);
335
336 MOZ_ASSERT(framePushed() == initialDepth + ExitFrameLayout::Size());
337 return retAddr;
338 }
339
340 // ===============================================================
341 // Exit frame footer.
342
343 void MacroAssembler::enterExitFrame(Register cxreg, Register scratch,
344 VMFunctionId f) {
345 linkExitFrame(cxreg, scratch);
346 // Push `ExitFrameType::VMFunction + VMFunctionId`, for marking the arguments.
347 // See ExitFooterFrame::data_.
348 uintptr_t type = uintptr_t(ExitFrameType::VMFunction) + uintptr_t(f);
349 MOZ_ASSERT(type <= INT32_MAX);
350 Push(Imm32(type));
351 }
352
353 void MacroAssembler::enterFakeExitFrame(Register cxreg, Register scratch,
354 ExitFrameType type) {
355 linkExitFrame(cxreg, scratch);
356 Push(Imm32(int32_t(type)));
357 }
358
359 void MacroAssembler::enterFakeExitFrameForNative(Register cxreg,
360 Register scratch,
361 bool isConstructing) {
362 enterFakeExitFrame(cxreg, scratch,
363 isConstructing ? ExitFrameType::ConstructNative
364 : ExitFrameType::CallNative);
365 }
366
367 void MacroAssembler::leaveExitFrame(size_t extraFrame) {
368 freeStack(ExitFooterFrame::Size() + extraFrame);
369 }
370
371 // ===============================================================
372 // Move instructions
373
374 void MacroAssembler::moveValue(const ConstantOrRegister& src,
375 const ValueOperand& dest) {
376 if (src.constant()) {
377 moveValue(src.value(), dest);
378 return;
379 }
380
381 moveValue(src.reg(), dest);
382 }
383
384 // ===============================================================
385 // Copy instructions
386
387 void MacroAssembler::copy64(const Address& src, const Address& dest,
388 Register scratch) {
389 #if JS_BITS_PER_WORD == 32
390 MOZ_RELEASE_ASSERT(src.base != scratch && dest.base != scratch);
391 load32(LowWord(src), scratch);
392 store32(scratch, LowWord(dest));
393 load32(HighWord(src), scratch);
394 store32(scratch, HighWord(dest));
395 #else
396 Register64 scratch64(scratch);
397 load64(src, scratch64);
398 store64(scratch64, dest);
399 #endif
400 }
401
402 // ===============================================================
403 // Arithmetic functions
404
405 void MacroAssembler::addPtr(ImmPtr imm, Register dest) {
406 addPtr(ImmWord(uintptr_t(imm.value)), dest);
407 }
408
409 // ===============================================================
410 // Branch functions
411
412 template <class L>
413 void MacroAssembler::branchIfFalseBool(Register reg, L label) {
414 // Note that C++ bool is only 1 byte, so ignore the higher-order bits.
415 branchTest32(Assembler::Zero, reg, Imm32(0xFF), label);
416 }
417
418 void MacroAssembler::branchIfTrueBool(Register reg, Label* label) {
419 // Note that C++ bool is only 1 byte, so ignore the higher-order bits.
420 branchTest32(Assembler::NonZero, reg, Imm32(0xFF), label);
421 }
422
423 void MacroAssembler::branchIfRope(Register str, Label* label) {
424 Address flags(str, JSString::offsetOfFlags());
425 branchTest32(Assembler::Zero, flags, Imm32(JSString::LINEAR_BIT), label);
426 }
427
428 void MacroAssembler::branchIfNotRope(Register str, Label* label) {
429 Address flags(str, JSString::offsetOfFlags());
430 branchTest32(Assembler::NonZero, flags, Imm32(JSString::LINEAR_BIT), label);
431 }
432
433 void MacroAssembler::branchLatin1String(Register string, Label* label) {
434 branchTest32(Assembler::NonZero, Address(string, JSString::offsetOfFlags()),
435 Imm32(JSString::LATIN1_CHARS_BIT), label);
436 }
437
438 void MacroAssembler::branchTwoByteString(Register string, Label* label) {
439 branchTest32(Assembler::Zero, Address(string, JSString::offsetOfFlags()),
440 Imm32(JSString::LATIN1_CHARS_BIT), label);
441 }
442
443 void MacroAssembler::branchIfBigIntIsNegative(Register bigInt, Label* label) {
444 branchTest32(Assembler::NonZero, Address(bigInt, BigInt::offsetOfFlags()),
445 Imm32(BigInt::signBitMask()), label);
446 }
447
448 void MacroAssembler::branchIfBigIntIsNonNegative(Register bigInt,
449 Label* label) {
450 branchTest32(Assembler::Zero, Address(bigInt, BigInt::offsetOfFlags()),
451 Imm32(BigInt::signBitMask()), label);
452 }
453
454 void MacroAssembler::branchIfBigIntIsZero(Register bigInt, Label* label) {
455 branch32(Assembler::Equal, Address(bigInt, BigInt::offsetOfLength()),
456 Imm32(0), label);
457 }
458
459 void MacroAssembler::branchIfBigIntIsNonZero(Register bigInt, Label* label) {
460 branch32(Assembler::NotEqual, Address(bigInt, BigInt::offsetOfLength()),
461 Imm32(0), label);
462 }
463
464 void MacroAssembler::branchTestFunctionFlags(Register fun, uint32_t flags,
465 Condition cond, Label* label) {
466 Address address(fun, JSFunction::offsetOfFlagsAndArgCount());
467 branchTest32(cond, address, Imm32(flags), label);
468 }
469
470 void MacroAssembler::branchIfNotFunctionIsNonBuiltinCtor(Register fun,
471 Register scratch,
472 Label* label) {
473 // Guard the function has the BASESCRIPT and CONSTRUCTOR flags and does NOT
474 // have the SELF_HOSTED flag.
475 // This is equivalent to JSFunction::isNonBuiltinConstructor.
476 constexpr int32_t mask = FunctionFlags::BASESCRIPT |
477 FunctionFlags::SELF_HOSTED |
478 FunctionFlags::CONSTRUCTOR;
479 constexpr int32_t expected =
480 FunctionFlags::BASESCRIPT | FunctionFlags::CONSTRUCTOR;
481
482 load32(Address(fun, JSFunction::offsetOfFlagsAndArgCount()), scratch);
483 and32(Imm32(mask), scratch);
484 branch32(Assembler::NotEqual, scratch, Imm32(expected), label);
485 }
486
487 void MacroAssembler::branchIfFunctionHasNoJitEntry(Register fun, Label* label) {
488 uint16_t flags = FunctionFlags::HasJitEntryFlags();
489 branchTestFunctionFlags(fun, flags, Assembler::Zero, label);
490 }
491
492 void MacroAssembler::branchIfFunctionHasJitEntry(Register fun, Label* label) {
493 uint16_t flags = FunctionFlags::HasJitEntryFlags();
494 branchTestFunctionFlags(fun, flags, Assembler::NonZero, label);
495 }
496
497 void MacroAssembler::branchIfScriptHasJitScript(Register script, Label* label) {
498 static_assert(ScriptWarmUpData::JitScriptTag == 0,
499 "Code below depends on tag value");
500 branchTestPtr(Assembler::Zero,
501 Address(script, JSScript::offsetOfWarmUpData()),
502 Imm32(ScriptWarmUpData::TagMask), label);
503 }
504
505 void MacroAssembler::branchIfScriptHasNoJitScript(Register script,
506 Label* label) {
507 static_assert(ScriptWarmUpData::JitScriptTag == 0,
508 "Code below depends on tag value");
509 static_assert(BaseScript::offsetOfWarmUpData() ==
510 SelfHostedLazyScript::offsetOfWarmUpData(),
511 "SelfHostedLazyScript and BaseScript must use same layout for "
512 "warmUpData_");
513 branchTestPtr(Assembler::NonZero,
514 Address(script, JSScript::offsetOfWarmUpData()),
515 Imm32(ScriptWarmUpData::TagMask), label);
516 }
517
518 void MacroAssembler::loadJitScript(Register script, Register dest) {
519 #ifdef DEBUG
520 Label ok;
521 branchIfScriptHasJitScript(script, &ok);
522 assumeUnreachable("Script has no JitScript!");
523 bind(&ok);
524 #endif
525
526 static_assert(ScriptWarmUpData::JitScriptTag == 0,
527 "Code below depends on tag value");
528 loadPtr(Address(script, JSScript::offsetOfWarmUpData()), dest);
529 }
530
531 void MacroAssembler::loadFunctionArgCount(Register func, Register output) {
532 load32(Address(func, JSFunction::offsetOfFlagsAndArgCount()), output);
533 rshift32(Imm32(JSFunction::ArgCountShift), output);
534 }
535
536 void MacroAssembler::branchIfObjectEmulatesUndefined(Register objReg,
537 Register scratch,
538 Label* slowCheck,
539 Label* label) {
540 MOZ_ASSERT(objReg != scratch);
541
542 Label done;
543 if (JS::Prefs::use_emulates_undefined_fuse()) {
544 loadPtr(AbsoluteAddress(
545 runtime()->addressOfHasSeenObjectEmulateUndefinedFuse()),
546 scratch);
547 branchPtr(Assembler::Equal, scratch, ImmPtr(nullptr), &done);
548 }
549
550 // The branches to out-of-line code here implement a conservative version
551 // of the JSObject::isWrapper test performed in EmulatesUndefined.
552 loadObjClassUnsafe(objReg, scratch);
553
554 branchTestClassIsProxy(true, scratch, slowCheck);
555
556 Address flags(scratch, JSClass::offsetOfFlags());
557 branchTest32(Assembler::NonZero, flags, Imm32(JSCLASS_EMULATES_UNDEFINED),
558 label);
559 bind(&done);
560 }
561
562 void MacroAssembler::branchFunctionKind(Condition cond,
563 FunctionFlags::FunctionKind kind,
564 Register fun, Register scratch,
565 Label* label) {
566 Address address(fun, JSFunction::offsetOfFlagsAndArgCount());
567 load32(address, scratch);
568 and32(Imm32(FunctionFlags::FUNCTION_KIND_MASK), scratch);
569 branch32(cond, scratch, Imm32(kind), label);
570 }
571
572 void MacroAssembler::branchTestObjClass(Condition cond, Register obj,
573 const JSClass* clasp, Register scratch,
574 Register spectreRegToZero,
575 Label* label) {
576 MOZ_ASSERT(obj != scratch);
577 MOZ_ASSERT(scratch != spectreRegToZero);
578
579 loadPtr(Address(obj, JSObject::offsetOfShape()), scratch);
580 loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch);
581 branchPtr(cond, Address(scratch, BaseShape::offsetOfClasp()), ImmPtr(clasp),
582 label);
583
584 if (JitOptions.spectreObjectMitigations) {
585 spectreZeroRegister(cond, scratch, spectreRegToZero);
586 }
587 }
588
589 void MacroAssembler::branchTestObjClassNoSpectreMitigations(
590 Condition cond, Register obj, const JSClass* clasp, Register scratch,
591 Label* label) {
592 loadPtr(Address(obj, JSObject::offsetOfShape()), scratch);
593 loadPtr(Address(scratch, Shape::offsetOfBaseShape()), scratch);
594 branchPtr(cond, Address(scratch, BaseShape::offsetOfClasp()), ImmPtr(clasp),
595 label);
596 }
597
598 void MacroAssembler::branchTestObjClass(Condition cond, Register obj,
599 const Address& clasp, Register scratch,
600 Register spectreRegToZero,
601 Label* label) {
602 MOZ_ASSERT(obj != scratch);
603 MOZ_ASSERT(scratch != spectreRegToZero);
604
605 loadObjClassUnsafe(obj, scratch);
606 branchPtr(cond, clasp, scratch, label);
607
608 if (JitOptions.spectreObjectMitigations) {
609 spectreZeroRegister(cond, scratch, spectreRegToZero);
610 }
611 }
612
613 void MacroAssembler::branchTestObjClassNoSpectreMitigations(
614 Condition cond, Register obj, const Address& clasp, Register scratch,
615 Label* label) {
616 MOZ_ASSERT(obj != scratch);
617 loadObjClassUnsafe(obj, scratch);
618 branchPtr(cond, clasp, scratch, label);
619 }
620
621 void MacroAssembler::branchTestObjClass(Condition cond, Register obj,
622 Register clasp, Register scratch,
623 Register spectreRegToZero,
624 Label* label) {
625 MOZ_ASSERT(obj != scratch);
626 MOZ_ASSERT(scratch != spectreRegToZero);
627
628 loadObjClassUnsafe(obj, scratch);
629 branchPtr(cond, clasp, scratch, label);
630
631 if (JitOptions.spectreObjectMitigations) {
632 spectreZeroRegister(cond, scratch, spectreRegToZero);
633 }
634 }
635
636 void MacroAssembler::branchTestClass(
637 Condition cond, Register clasp,
638 std::pair<const JSClass*, const JSClass*> classes, Label* label) {
639 MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual);
640
641 if (cond == Assembler::Equal) {
642 branchPtr(Assembler::Equal, clasp, ImmPtr(classes.first), label);
643 branchPtr(Assembler::Equal, clasp, ImmPtr(classes.second), label);
644 return;
645 }
646
647 Label isClass;
648 branchPtr(Assembler::Equal, clasp, ImmPtr(classes.first), &isClass);
649 branchPtr(Assembler::NotEqual, clasp, ImmPtr(classes.second), label);
650 bind(&isClass);
651 }
652
653 void MacroAssembler::branchTestObjClass(
654 Condition cond, Register obj,
655 std::pair<const JSClass*, const JSClass*> classes, Register scratch,
656 Register spectreRegToZero, Label* label) {
657 MOZ_ASSERT(scratch != spectreRegToZero);
658
659 branchTestObjClassNoSpectreMitigations(cond, obj, classes, scratch, label);
660
661 if (JitOptions.spectreObjectMitigations) {
662 spectreZeroRegister(cond, scratch, spectreRegToZero);
663 }
664 }
665
666 void MacroAssembler::branchTestObjClassNoSpectreMitigations(
667 Condition cond, Register obj,
668 std::pair<const JSClass*, const JSClass*> classes, Register scratch,
669 Label* label) {
670 MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual);
671 MOZ_ASSERT(obj != scratch);
672
673 loadObjClassUnsafe(obj, scratch);
674 branchTestClass(cond, scratch, classes, label);
675 }
676
677 void MacroAssembler::branchTestClassIsFunction(Condition cond, Register clasp,
678 Label* label) {
679 return branchTestClass(cond, clasp, {&FunctionClass, &ExtendedFunctionClass},
680 label);
681 }
682
683 void MacroAssembler::branchTestObjIsFunction(Condition cond, Register obj,
684 Register scratch,
685 Register spectreRegToZero,
686 Label* label) {
687 MOZ_ASSERT(scratch != spectreRegToZero);
688
689 branchTestObjIsFunctionNoSpectreMitigations(cond, obj, scratch, label);
690
691 if (JitOptions.spectreObjectMitigations) {
692 spectreZeroRegister(cond, scratch, spectreRegToZero);
693 }
694 }
695
696 void MacroAssembler::branchTestObjIsFunctionNoSpectreMitigations(
697 Condition cond, Register obj, Register scratch, Label* label) {
698 MOZ_ASSERT(cond == Assembler::Equal || cond == Assembler::NotEqual);
699 MOZ_ASSERT(obj != scratch);
700
701 loadObjClassUnsafe(obj, scratch);
702 branchTestClassIsFunction(cond, scratch, label);
703 }
704
705 void MacroAssembler::branchTestObjShape(Condition cond, Register obj,
706 const Shape* shape, Register scratch,
707 Register spectreRegToZero,
708 Label* label) {
709 MOZ_ASSERT(obj != scratch);
710 MOZ_ASSERT(spectreRegToZero != scratch);
711
712 if (JitOptions.spectreObjectMitigations) {
713 move32(Imm32(0), scratch);
714 }
715
716 branchPtr(cond, Address(obj, JSObject::offsetOfShape()), ImmGCPtr(shape),
717 label);
718
719 if (JitOptions.spectreObjectMitigations) {
720 spectreMovePtr(cond, scratch, spectreRegToZero);
721 }
722 }
723
724 void MacroAssembler::branchTestObjShapeNoSpectreMitigations(Condition cond,
725 Register obj,
726 const Shape* shape,
727 Label* label) {
728 branchPtr(cond, Address(obj, JSObject::offsetOfShape()), ImmGCPtr(shape),
729 label);
730 }
731
732 void MacroAssembler::branchTestObjShape(Condition cond, Register obj,
733 Register shape, Register scratch,
734 Register spectreRegToZero,
735 Label* label) {
736 MOZ_ASSERT(obj != scratch);
737 MOZ_ASSERT(obj != shape);
738 MOZ_ASSERT(spectreRegToZero != scratch);
739
740 if (JitOptions.spectreObjectMitigations) {
741 move32(Imm32(0), scratch);
742 }
743
744 branchPtr(cond, Address(obj, JSObject::offsetOfShape()), shape, label);
745
746 if (JitOptions.spectreObjectMitigations) {
747 spectreMovePtr(cond, scratch, spectreRegToZero);
748 }
749 }
750
751 void MacroAssembler::branchTestObjShapeNoSpectreMitigations(Condition cond,
752 Register obj,
753 Register shape,
754 Label* label) {
755 branchPtr(cond, Address(obj, JSObject::offsetOfShape()), shape, label);
756 }
757
758 void MacroAssembler::branchTestObjShapeUnsafe(Condition cond, Register obj,
759 Register shape, Label* label) {
760 branchTestObjShapeNoSpectreMitigations(cond, obj, shape, label);
761 }
762
763 void MacroAssembler::branchTestClassIsProxy(bool proxy, Register clasp,
764 Label* label) {
765 branchTest32(proxy ? Assembler::NonZero : Assembler::Zero,
766 Address(clasp, JSClass::offsetOfFlags()),
767 Imm32(JSCLASS_IS_PROXY), label);
768 }
769
770 void MacroAssembler::branchTestObjectIsProxy(bool proxy, Register object,
771 Register scratch, Label* label) {
772 constexpr uint32_t ShiftedMask = (Shape::kindMask() << Shape::kindShift());
773 static_assert(uint32_t(Shape::Kind::Proxy) == 0,
774 "branchTest32 below depends on proxy kind being 0");
775 loadPtr(Address(object, JSObject::offsetOfShape()), scratch);
776 branchTest32(proxy ? Assembler::Zero : Assembler::NonZero,
777 Address(scratch, Shape::offsetOfImmutableFlags()),
778 Imm32(ShiftedMask), label);
779 }
780
781 void MacroAssembler::branchTestProxyHandlerFamily(Condition cond,
782 Register proxy,
783 Register scratch,
784 const void* handlerp,
785 Label* label) {
786 #ifdef DEBUG
787 Label ok;
788 branchTestObjectIsProxy(true, proxy, scratch, &ok);
789 assumeUnreachable("Expected ProxyObject in branchTestProxyHandlerFamily");
790 bind(&ok);
791 #endif
792
793 Address handlerAddr(proxy, ProxyObject::offsetOfHandler());
794 loadPtr(handlerAddr, scratch);
795 Address familyAddr(scratch, BaseProxyHandler::offsetOfFamily());
796 branchPtr(cond, familyAddr, ImmPtr(handlerp), label);
797 }
798
799 void MacroAssembler::branchTestNeedsIncrementalBarrier(Condition cond,
800 Label* label) {
801 MOZ_ASSERT(cond == Zero || cond == NonZero);
802 CompileZone* zone = realm()->zone();
803 const uint32_t* needsBarrierAddr = zone->addressOfNeedsIncrementalBarrier();
804 branchTest32(cond, AbsoluteAddress(needsBarrierAddr), Imm32(0x1), label);
805 }
806
807 void MacroAssembler::branchTestNeedsIncrementalBarrierAnyZone(
808 Condition cond, Label* label, Register scratch) {
809 MOZ_ASSERT(cond == Zero || cond == NonZero);
810 if (maybeRealm_) {
811 branchTestNeedsIncrementalBarrier(cond, label);
812 } else {
813 // We are compiling the interpreter or another runtime-wide trampoline, so
814 // we have to load cx->zone.
815 loadPtr(AbsoluteAddress(runtime()->addressOfZone()), scratch);
816 Address needsBarrierAddr(scratch, Zone::offsetOfNeedsIncrementalBarrier());
817 branchTest32(cond, needsBarrierAddr, Imm32(0x1), label);
818 }
819 }
820
821 void MacroAssembler::branchTestMagicValue(Condition cond,
822 const ValueOperand& val,
823 JSWhyMagic why, Label* label) {
824 MOZ_ASSERT(cond == Equal || cond == NotEqual);
825 branchTestValue(cond, val, MagicValue(why), label);
826 }
827
828 void MacroAssembler::branchDoubleNotInInt64Range(Address src, Register temp,
829 Label* fail) {
830 using mozilla::FloatingPoint;
831
832 // Tests if double is in [INT64_MIN; INT64_MAX] range
833 uint32_t EXPONENT_MASK = 0x7ff00000;
834 uint32_t EXPONENT_SHIFT = FloatingPoint<double>::kExponentShift - 32;
835 uint32_t TOO_BIG_EXPONENT = (FloatingPoint<double>::kExponentBias + 63)
836 << EXPONENT_SHIFT;
837
838 load32(Address(src.base, src.offset + sizeof(int32_t)), temp);
839 and32(Imm32(EXPONENT_MASK), temp);
840 branch32(Assembler::GreaterThanOrEqual, temp, Imm32(TOO_BIG_EXPONENT), fail);
841 }
842
843 void MacroAssembler::branchDoubleNotInUInt64Range(Address src, Register temp,
844 Label* fail) {
845 using mozilla::FloatingPoint;
846
847 // Note: returns failure on -0.0
848 // Tests if double is in [0; UINT64_MAX] range
849 // Take the sign also in the equation. That way we can compare in one test?
850 uint32_t EXPONENT_MASK = 0xfff00000;
851 uint32_t EXPONENT_SHIFT = FloatingPoint<double>::kExponentShift - 32;
852 uint32_t TOO_BIG_EXPONENT = (FloatingPoint<double>::kExponentBias + 64)
853 << EXPONENT_SHIFT;
854
855 load32(Address(src.base, src.offset + sizeof(int32_t)), temp);
856 and32(Imm32(EXPONENT_MASK), temp);
857 branch32(Assembler::AboveOrEqual, temp, Imm32(TOO_BIG_EXPONENT), fail);
858 }
859
860 void MacroAssembler::branchFloat32NotInInt64Range(Address src, Register temp,
861 Label* fail) {
862 using mozilla::FloatingPoint;
863
864 // Tests if float is in [INT64_MIN; INT64_MAX] range
865 uint32_t EXPONENT_MASK = 0x7f800000;
866 uint32_t EXPONENT_SHIFT = FloatingPoint<float>::kExponentShift;
867 uint32_t TOO_BIG_EXPONENT = (FloatingPoint<float>::kExponentBias + 63)
868 << EXPONENT_SHIFT;
869
870 load32(src, temp);
871 and32(Imm32(EXPONENT_MASK), temp);
872 branch32(Assembler::GreaterThanOrEqual, temp, Imm32(TOO_BIG_EXPONENT), fail);
873 }
874
875 void MacroAssembler::branchFloat32NotInUInt64Range(Address src, Register temp,
876 Label* fail) {
877 using mozilla::FloatingPoint;
878
879 // Note: returns failure on -0.0
880 // Tests if float is in [0; UINT64_MAX] range
881 // Take the sign also in the equation. That way we can compare in one test?
882 uint32_t EXPONENT_MASK = 0xff800000;
883 uint32_t EXPONENT_SHIFT = FloatingPoint<float>::kExponentShift;
884 uint32_t TOO_BIG_EXPONENT = (FloatingPoint<float>::kExponentBias + 64)
885 << EXPONENT_SHIFT;
886
887 load32(src, temp);
888 and32(Imm32(EXPONENT_MASK), temp);
889 branch32(Assembler::AboveOrEqual, temp, Imm32(TOO_BIG_EXPONENT), fail);
890 }
891
892 // ========================================================================
893 // Canonicalization primitives.
894 void MacroAssembler::canonicalizeFloat(FloatRegister reg) {
895 Label notNaN;
896 branchFloat(DoubleOrdered, reg, reg, &notNaN);
897 loadConstantFloat32(float(JS::GenericNaN()), reg);
898 bind(&notNaN);
899 }
900
901 void MacroAssembler::canonicalizeFloatIfDeterministic(FloatRegister reg) {
902 // See the comment in TypedArrayObjectTemplate::getElement.
903 if (js::SupportDifferentialTesting()) {
904 canonicalizeFloat(reg);
905 }
906 }
907
908 void MacroAssembler::canonicalizeDouble(FloatRegister reg) {
909 Label notNaN;
910 branchDouble(DoubleOrdered, reg, reg, &notNaN);
911 loadConstantDouble(JS::GenericNaN(), reg);
912 bind(&notNaN);
913 }
914
915 void MacroAssembler::canonicalizeDoubleIfDeterministic(FloatRegister reg) {
916 // See the comment in TypedArrayObjectTemplate::getElement.
917 if (js::SupportDifferentialTesting()) {
918 canonicalizeDouble(reg);
919 }
920 }
921
922 // ========================================================================
923 // Memory access primitives.
924 template <class T>
925 FaultingCodeOffset MacroAssembler::storeDouble(FloatRegister src,
926 const T& dest) {
927 canonicalizeDoubleIfDeterministic(src);
928 return storeUncanonicalizedDouble(src, dest);
929 }
930
931 template FaultingCodeOffset MacroAssembler::storeDouble(FloatRegister src,
932 const Address& dest);
933 template FaultingCodeOffset MacroAssembler::storeDouble(FloatRegister src,
934 const BaseIndex& dest);
935
936 template <class T>
937 void MacroAssembler::boxDouble(FloatRegister src, const T& dest) {
938 storeDouble(src, dest);
939 }
940
941 template <class T>
942 FaultingCodeOffset MacroAssembler::storeFloat32(FloatRegister src,
943 const T& dest) {
944 canonicalizeFloatIfDeterministic(src);
945 return storeUncanonicalizedFloat32(src, dest);
946 }
947
948 template FaultingCodeOffset MacroAssembler::storeFloat32(FloatRegister src,
949 const Address& dest);
950 template FaultingCodeOffset MacroAssembler::storeFloat32(FloatRegister src,
951 const BaseIndex& dest);
952
953 template <typename T>
954 void MacroAssembler::fallibleUnboxInt32(const T& src, Register dest,
955 Label* fail) {
956 // Int32Value can be unboxed efficiently with unboxInt32, so use that.
957 branchTestInt32(Assembler::NotEqual, src, fail);
958 unboxInt32(src, dest);
959 }
960
961 template <typename T>
962 void MacroAssembler::fallibleUnboxBoolean(const T& src, Register dest,
963 Label* fail) {
964 // BooleanValue can be unboxed efficiently with unboxBoolean, so use that.
965 branchTestBoolean(Assembler::NotEqual, src, fail);
966 unboxBoolean(src, dest);
967 }
968
969 template <typename T>
970 void MacroAssembler::fallibleUnboxObject(const T& src, Register dest,
971 Label* fail) {
972 fallibleUnboxPtr(src, dest, JSVAL_TYPE_OBJECT, fail);
973 }
974
975 template <typename T>
976 void MacroAssembler::fallibleUnboxString(const T& src, Register dest,
977 Label* fail) {
978 fallibleUnboxPtr(src, dest, JSVAL_TYPE_STRING, fail);
979 }
980
981 template <typename T>
982 void MacroAssembler::fallibleUnboxSymbol(const T& src, Register dest,
983 Label* fail) {
984 fallibleUnboxPtr(src, dest, JSVAL_TYPE_SYMBOL, fail);
985 }
986
987 template <typename T>
988 void MacroAssembler::fallibleUnboxBigInt(const T& src, Register dest,
989 Label* fail) {
990 fallibleUnboxPtr(src, dest, JSVAL_TYPE_BIGINT, fail);
991 }
992
993 //}}} check_macroassembler_style
994 // ===============================================================
995
996 #ifndef JS_CODEGEN_ARM64
997
998 template <typename T>
999 void MacroAssembler::branchTestStackPtr(Condition cond, T t, Label* label) {
1000 branchTestPtr(cond, getStackPointer(), t, label);
1001 }
1002
1003 template <typename T>
1004 void MacroAssembler::branchStackPtr(Condition cond, T rhs, Label* label) {
1005 branchPtr(cond, getStackPointer(), rhs, label);
1006 }
1007
1008 template <typename T>
1009 void MacroAssembler::branchStackPtrRhs(Condition cond, T lhs, Label* label) {
1010 branchPtr(cond, lhs, getStackPointer(), label);
1011 }
1012
1013 template <typename T>
1014 void MacroAssembler::addToStackPtr(T t) {
1015 addPtr(t, getStackPointer());
1016 }
1017
1018 template <typename T>
1019 void MacroAssembler::addStackPtrTo(T t) {
1020 addPtr(getStackPointer(), t);
1021 }
1022
1023 void MacroAssembler::reserveStack(uint32_t amount) {
1024 subFromStackPtr(Imm32(amount));
1025 adjustFrame(amount);
1026 }
1027 #endif // !JS_CODEGEN_ARM64
1028
1029 void MacroAssembler::loadObjClassUnsafe(Register obj, Register dest) {
1030 loadPtr(Address(obj, JSObject::offsetOfShape()), dest);
1031 loadPtr(Address(dest, Shape::offsetOfBaseShape()), dest);
1032 loadPtr(Address(dest, BaseShape::offsetOfClasp()), dest);
1033 }
1034
1035 template <typename EmitPreBarrier>
1036 void MacroAssembler::storeObjShape(Register shape, Register obj,
1037 EmitPreBarrier emitPreBarrier) {
1038 MOZ_ASSERT(shape != obj);
1039 Address shapeAddr(obj, JSObject::offsetOfShape());
1040 emitPreBarrier(*this, shapeAddr);
1041 storePtr(shape, shapeAddr);
1042 }
1043
1044 template <typename EmitPreBarrier>
1045 void MacroAssembler::storeObjShape(Shape* shape, Register obj,
1046 EmitPreBarrier emitPreBarrier) {
1047 Address shapeAddr(obj, JSObject::offsetOfShape());
1048 emitPreBarrier(*this, shapeAddr);
1049 storePtr(ImmGCPtr(shape), shapeAddr);
1050 }
1051
1052 void MacroAssembler::loadObjProto(Register obj, Register dest) {
1053 loadPtr(Address(obj, JSObject::offsetOfShape()), dest);
1054 loadPtr(Address(dest, Shape::offsetOfBaseShape()), dest);
1055 loadPtr(Address(dest, BaseShape::offsetOfProto()), dest);
1056 }
1057
1058 void MacroAssembler::loadStringLength(Register str, Register dest) {
1059 load32(Address(str, JSString::offsetOfLength()), dest);
1060 }
1061
1062 void MacroAssembler::assertStackAlignment(uint32_t alignment,
1063 int32_t offset /* = 0 */) {
1064 #ifdef DEBUG
1065 Label ok, bad;
1066 MOZ_ASSERT(mozilla::IsPowerOfTwo(alignment));
1067
1068 // Wrap around the offset to be a non-negative number.
1069 offset %= alignment;
1070 if (offset < 0) {
1071 offset += alignment;
1072 }
1073
1074 // Test if each bit from offset is set.
1075 uint32_t off = offset;
1076 while (off) {
1077 uint32_t lowestBit = 1 << mozilla::CountTrailingZeroes32(off);
1078 branchTestStackPtr(Assembler::Zero, Imm32(lowestBit), &bad);
1079 off ^= lowestBit;
1080 }
1081
1082 // Check that all remaining bits are zero.
1083 branchTestStackPtr(Assembler::Zero, Imm32((alignment - 1) ^ offset), &ok);
1084
1085 bind(&bad);
1086 breakpoint();
1087 bind(&ok);
1088 #endif
1089 }
1090
1091 void MacroAssembler::storeCallBoolResult(Register reg) {
1092 convertBoolToInt32(ReturnReg, reg);
1093 }
1094
1095 void MacroAssembler::storeCallInt32Result(Register reg) {
1096 #if JS_BITS_PER_WORD == 32
1097 storeCallPointerResult(reg);
1098 #else
1099 // Ensure the upper 32 bits are cleared.
1100 move32(ReturnReg, reg);
1101 #endif
1102 }
1103
1104 void MacroAssembler::storeCallResultValue(AnyRegister dest, JSValueType type) {
1105 unboxValue(JSReturnOperand, dest, type);
1106 }
1107
1108 void MacroAssembler::storeCallResultValue(TypedOrValueRegister dest) {
1109 if (dest.hasValue()) {
1110 storeCallResultValue(dest.valueReg());
1111 } else {
1112 storeCallResultValue(dest.typedReg(), ValueTypeFromMIRType(dest.type()));
1113 }
1114 }
1115
1116 } // namespace jit
1117 } // namespace js
1118
1119 #endif /* jit_MacroAssembler_inl_h */