| blob | 03e4a0f9243e1770badf5448ad484d95acad6c0b |
1 # This Source Code Form is subject to the terms of the Mozilla Public
2 # License, v. 2.0. If a copy of the MPL was not distributed with this
3 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
5 # [SMDOC] MIR Opcodes
6 # =======================
7 # This file defines all MIR opcodes. It is parsed by GenerateMIRFiles.py
8 # at build time to create MIROpsGenerated.h. Each opcode consists of a
9 # name and a set of attributes that are described below. A few of the
10 # attributes below allow setting the value to "custom", meaning the
11 # method will be declared for the MIR op, but will need to be implemented
12 # in C++ (typically done in MIR.cpp). Unless marked as required, attributes
13 # are optional.
14 #
15 # name [required]
16 # ====
17 # Opcode name.
18 # Possible values:
19 # - opcode string: used as the name for MIR opcode.
20 #
21 # gen_boilerplate
22 # ===============
23 # Used to decide to generate MIR boilerplate.
24 # - true (default): auto generate boilerplate for this MIR opcode
25 # - false: do not generate boilerplate for this MIR opcode
26 #
27 # operands
28 # ========
29 # A list of operands for the MIR op class constructor. Each operand is a
30 # MIR node. The operand kind is specified from the one of the kinds from
31 # the MIRType enum in IonTypes.h. The specified types for the
32 # operands will decide the type policy for the instruction.
33 #
34 # The naming of operands is how the NAMED_OPERANDS macro will define
35 # its operands.
36 #
37 # For example:
38 # object: Object
39 # id: Value
40 # value: Object
41 #
42 # Will result in an instruction having the type policy of:
43 # MixPolicy<ObjectPolicy<0>, BoxPolicy<1>, ObjectPolicy<2>>
44 # and a named operands definition that looks like the following:
45 # NAMED_OPERANDS((0, object), (1, idValue), (2, value))
46 #
47 # - attribute not specified (default): no code generated
48 # - operand list: MIRTypes (See MIRType in jit/IonTypes.h)
49 #
50 # arguments
51 # =========
52 # A list of non-MIR node arguments to the MIR op class constructor
53 # that are passed along with the operands. The arguments require
54 # both a name and a full type signature for each item in the list.
55 #
56 # For example:
57 # templateObject: JSObject*
58 # initialHeap: gc::Heap
59 #
60 # For each argument a private variable declaration will be autogenerated
61 # in the MIR op class, as well as simple accessor for that variable. If
62 # the type of the variable is a GC pointer it will by automatically
63 # wrapped by CompilerGCPointer. The above arguments list will result in
64 # the following declarations and accessors:
65 #
66 # CompilerGCPointer<JSObject*> templateObject_;
67 # gc::Heap initialHeap_;
68 #
69 # JSObject* templateObject() const { return templateObject_; }
70 # gc::Heap initialHeap() const { return initialHeap_; }
71 #
72 # - attribute not specified (default): no code generated
73 # - operand list: argument names and their full type signature
74 #
75 # type_policy
76 # ============
77 # If this attribute is present, then the type policy for that opcode will be
78 # NoTypePolicy. This is used for opcode that should have no type policy.
79 # - attribute not specified (default): no code generated, type policy
80 # is based off of operands
81 # - none: defines the type policy as opcode's NoTypePolicy
82 #
83 # result_type
84 # ===========
85 # Defines the result type of the MIR opcode.
86 # - attribute not specified (default): no code is generated
87 # - MIRType string: Will add a call to setResultType to the opcode constructor.
88 # This will set the MIR opcodes result type to whatever the
89 # specified MIRType is (See MIRType in jit/IonTypes.h).
90 #
91 # guard
92 # =====
93 # Set if the opcode is a guard instruction and is used for checks in optimizations
94 # such as range analysis and value numbering.
95 # - attribute not specified (default): no code generated
96 # - true: adds setGuard to opcode constructor
97 #
98 # movable
99 # =======
100 # Defines the movable MIR flag for movable instructions. This is used for knowing
101 # whether we can hoist an instruction.
102 # - attribute not specified (default): no code generated
103 # - true: adds setMovable call in opcode constructor
104 #
105 # folds_to
106 # ========
107 # The foldsTo method is used for determining if an instruction can be folded into
108 # simpler instruction or for constant folding, depending on its operands.
109 # - attribute not specified (default): no code generated, no constants to fold
110 # - custom: custom C++ implementation
111 #
112 # congruent_to
113 # ============
114 # Used by ValueNumbering to determine if two values are congruent.
115 # - attribute not specified (default): no code generated, congruentTo(foo) returns
116 # false
117 # - if_operands_equal: congruentTo(foo) will return congruentIfOperandsEqual(foo)
118 # - custom: custom C++ implementation
119 #
120 # alias_set
121 # =========
122 # Defines the getAliasSet function for a MIR op. The alias set is used for alias
123 # analysis. The default alias set is Any.
124 # - attribute not specified (default): no code generated, alias set is Any
125 # - none: this is the most common case, this is will set the alias set to None.
126 # - custom: custom C++ implementation in MIR.cpp
127 #
128 # possibly_calls
129 # ==============
130 # Defines if a opcode can possibly call.
131 # - attribute not specified (default): no code generated, opcode does not call
132 # - true: possiblyCalls returns true
133 # - custom: custom C++ implementation
134 #
135 # compute_range
136 # =============
137 # Computes and sets the range value for a MIR node, which is then used in range
138 # analysis.
139 # - attribute not specified (default): no code generated, range is not set for node
140 # - custom: custom C++ implementation in RangeAnalysis.cpp
141 #
142 # can_recover
143 # ===========
144 # Indicates whether this instruction can be recovered on bailout.
145 # Possible values:
146 # - attribute not specified (default): no code generated, canRecoverOnBailout
147 # returns false
148 # - true: canRecoverOnBailout returns true
149 # - custom: canRecoverOnBailout has a custom C++ implementation
150 # If the value is either 'true' or 'custom', writeRecoverData has a custom C++
151 # implementation.
152 #
153 # clone
154 # =====
155 # Allows cloning for that MIR op.
156 # - attribute not specified (default): no code generated
157 # - true: allows cloning
158 #
159 # can_consume_float32
160 # ===================
161 # Indicates whether this instruction's operands can have MIRType::Float32.
162 # Possible values:
163 # - attribute not specified (default): no code generated
164 # - true: canConsumeFloat32 returns true
165 #
167 # TODO(no-TI): try to remove this instruction.
168 - name: Start
170 # Instruction marking on entrypoint for on-stack replacement.
171 # OSR may occur at loop headers (at JSOp::LoopHead).
172 # There is at most one MOsrEntry per MIRGraph.
173 - name: OsrEntry
174 result_type: Pointer
176 - name: Nop
177 alias_set: none
178 clone: true
180 - name: LimitedTruncate
181 gen_boilerplate: false
183 - name: Constant
184 gen_boilerplate: false
186 - name: WasmNullConstant
187 gen_boilerplate: false
189 - name: WasmFloatConstant
190 gen_boilerplate: false
192 - name: Parameter
193 gen_boilerplate: false
195 - name: Callee
196 result_type: Object
197 movable: true
198 congruent_to: if_operands_equal
199 alias_set: none
201 - name: IsConstructing
202 result_type: Boolean
203 movable: true
204 congruent_to: if_operands_equal
205 alias_set: none
207 - name: TableSwitch
208 gen_boilerplate: false
210 - name: Goto
211 gen_boilerplate: false
213 - name: Test
214 gen_boilerplate: false
216 - name: Return
217 gen_boilerplate: false
219 - name: Throw
220 operands:
221 ins: Value
222 alias_set: custom
223 possibly_calls: true
225 - name: NewArray
226 gen_boilerplate: false
228 - name: NewArrayDynamicLength
229 operands:
230 length: Int32
231 arguments:
232 templateObject: JSObject*
233 initialHeap: gc::Heap
234 result_type: Object
235 # Need to throw if length is negative.
236 guard: true
237 # Throws if length is negative.
238 alias_set: custom
240 - name: NewTypedArray
241 gen_boilerplate: false
243 - name: NewTypedArrayDynamicLength
244 operands:
245 length: Int32
246 arguments:
247 templateObject: JSObject*
248 initialHeap: gc::Heap
249 result_type: Object
250 guard: true
251 # Throws if length is negative.
252 alias_set: custom
254 # Create a new TypedArray from an Array (or Array-like object) or a TypedArray.
255 - name: NewTypedArrayFromArray
256 operands:
257 array: Object
258 arguments:
259 templateObject: JSObject*
260 initialHeap: gc::Heap
261 result_type: Object
262 guard: true
263 possibly_calls: true
265 # Create a new TypedArray from an ArrayBuffer (or SharedArrayBuffer).
266 - name: NewTypedArrayFromArrayBuffer
267 operands:
268 arrayBuffer: Object
269 byteOffset: Value
270 length: Value
271 arguments:
272 templateObject: JSObject*
273 initialHeap: gc::Heap
274 result_type: Object
275 guard: true
276 possibly_calls: true
278 - name: NewObject
279 gen_boilerplate: false
281 - name: NewPlainObject
282 gen_boilerplate: false
284 - name: NewArrayObject
285 gen_boilerplate: false
287 - name: NewIterator
288 gen_boilerplate: false
290 - name: ObjectState
291 gen_boilerplate: false
293 - name: ArrayState
294 gen_boilerplate: false
296 - name: BindFunction
297 gen_boilerplate: false
299 - name: NewBoundFunction
300 arguments:
301 templateObj: JSObject*
302 result_type: Object
303 alias_set: none
305 - name: BoundFunctionNumArgs
306 operands:
307 object: Object
308 result_type: Int32
309 movable: true
310 congruent_to: if_operands_equal
311 # A bound function's state is immutable, so there is no
312 # implicit dependency.
313 alias_set: none
315 - name: GuardBoundFunctionIsConstructor
316 operands:
317 object: Object
318 result_type: Object
319 guard: true
320 movable: true
321 congruent_to: if_operands_equal
322 # The is-constructor flag is immutable for a bound function.
323 alias_set: none
325 # Setting __proto__ in an object literal.
326 - name: MutateProto
327 operands:
328 object: Object
329 value: Value
330 result_type: None
331 possibly_calls: true
333 - name: InitPropGetterSetter
334 operands:
335 object: Object
336 value: Object
337 arguments:
338 name: PropertyName*
340 - name: InitElemGetterSetter
341 operands:
342 object: Object
343 id: Value
344 value: Object
346 - name: Call
347 gen_boilerplate: false
349 - name: CallClassHook
350 gen_boilerplate: false
352 - name: ApplyArgs
353 gen_boilerplate: false
355 - name: ApplyArgsObj
356 gen_boilerplate: false
358 - name: ApplyArray
359 gen_boilerplate: false
361 - name: ConstructArgs
362 gen_boilerplate: false
364 - name: ConstructArray
365 gen_boilerplate: false
367 - name: Bail
368 gen_boilerplate: false
370 - name: Unreachable
371 gen_boilerplate: false
373 # This op serves as a way to force the encoding of a snapshot, even if there
374 # is no resume point using it. This is useful to run MAssertRecoveredOnBailout
375 # assertions.
376 - name: EncodeSnapshot
377 guard: true
379 - name: AssertRecoveredOnBailout
380 gen_boilerplate: false
382 - name: AssertFloat32
383 gen_boilerplate: false
385 - name: Compare
386 gen_boilerplate: false
388 - name: SameValueDouble
389 operands:
390 left: Double
391 right: Double
392 result_type: Boolean
393 movable: true
394 congruent_to: if_operands_equal
395 alias_set: none
396 clone: true
398 - name: SameValue
399 operands:
400 left: Value
401 right: Value
402 result_type: Boolean
403 movable: true
404 congruent_to: if_operands_equal
405 alias_set: none
406 clone: true
408 - name: Box
409 gen_boilerplate: false
411 - name: Unbox
412 gen_boilerplate: false
414 - name: AssertRange
415 gen_boilerplate: false
417 - name: AssertClass
418 gen_boilerplate: false
420 - name: AssertShape
421 gen_boilerplate: false
423 # Caller-side allocation of |this| for |new|:
424 # Constructs |this| when possible, else MagicValue(JS_IS_CONSTRUCTING).
425 - name: CreateThis
426 operands:
427 callee: Object
428 newTarget: Object
429 result_type: Value
430 # Performs a property read from |newTarget| iff |newTarget| is a JSFunction
431 # with an own |.prototype| property.
432 alias_set: custom
433 possibly_calls: true
435 - name: CreateArgumentsObject
436 gen_boilerplate: false
438 - name: CreateInlinedArgumentsObject
439 gen_boilerplate: false
441 - name: GetInlinedArgument
442 gen_boilerplate: false
444 - name: GetInlinedArgumentHole
445 gen_boilerplate: false
447 - name: GetArgumentsObjectArg
448 operands:
449 argsObject: Object
450 arguments:
451 argno: size_t
452 result_type: Value
453 congruent_to: custom
454 alias_set: custom
456 - name: SetArgumentsObjectArg
457 operands:
458 argsObject: Object
459 value: Value
460 arguments:
461 argno: size_t
462 alias_set: custom
464 # Load |arguments[index]| from a mapped or unmapped arguments object. Bails out
465 # when any elements were overridden or deleted. Also bails out if the index is
466 # out of bounds.
467 - name: LoadArgumentsObjectArg
468 operands:
469 argsObject: Object
470 index: Int32
471 result_type: Value
472 guard: true
473 congruent_to: if_operands_equal
474 alias_set: custom
476 # Load |arguments[index]| from a mapped or unmapped arguments object. Bails out
477 # when any elements were overridden or deleted. Returns undefined if the index is
478 # out of bounds.
479 - name: LoadArgumentsObjectArgHole
480 operands:
481 argsObject: Object
482 index: Int32
483 result_type: Value
484 guard: true
485 congruent_to: if_operands_equal
486 alias_set: custom
488 - name: InArgumentsObjectArg
489 operands:
490 argsObject: Object
491 index: Int32
492 result_type: Boolean
493 guard: true
494 congruent_to: if_operands_equal
495 alias_set: custom
497 # Load |arguments.length|. Bails out if the length has been overriden.
498 - name: ArgumentsObjectLength
499 operands:
500 argsObject: Object
501 result_type: Int32
502 guard: true
503 movable: true
504 congruent_to: if_operands_equal
505 # Even though the "length" property is lazily resolved, it acts similar to
506 # a normal property load, so we can treat this operation like any other
507 # property read.
508 alias_set: custom
510 # Create an array from an arguments object.
511 - name: ArrayFromArgumentsObject
512 operands:
513 argsObject: Object
514 arguments:
515 shape: Shape*
516 result_type: Object
517 possibly_calls: true
519 # Guard that the given flags are not set on the arguments object.
520 - name: GuardArgumentsObjectFlags
521 operands:
522 argsObject: Object
523 arguments:
524 flags: uint32_t
525 result_type: Object
526 movable: true
527 guard: true
528 congruent_to: custom
529 # The flags are packed with the length in a fixed private slot.
530 alias_set: custom
532 - name: LoadScriptedProxyHandler
533 operands:
534 object: Object
535 result_type: Value
536 congruent_to: if_operands_equal
537 alias_set: none
539 #ifdef JS_PUNBOX64
540 - name: CheckScriptedProxyGetResult
541 operands:
542 target: Value
543 id: Value
544 value: Value
545 guard: true
546 alias_set: custom
547 #endif
549 - name: IdToStringOrSymbol
550 operands:
551 idVal: Value
552 result_type: Value
553 congruent_to: if_operands_equal
554 alias_set: none
555 folds_to: custom
557 # Given a MIRType::Value A and a MIRType::Object B:
558 # If the Value may be safely unboxed to an Object, return Object(A).
559 # Otherwise, return B.
560 # Used to implement return behavior for inlined constructors.
561 - name: ReturnFromCtor
562 operands:
563 value: Value
564 object: Object
565 result_type: Object
566 folds_to: custom
567 congruent_to: if_operands_equal
568 alias_set: none
570 - name: ToDouble
571 gen_boilerplate: false
573 - name: ToFloat32
574 gen_boilerplate: false
576 # Converts a uint32 to a double (coming from wasm).
577 - name: WasmUnsignedToDouble
578 operands:
579 def: Int32
580 type_policy: none
581 result_type: Double
582 movable: true
583 folds_to: custom
584 congruent_to: if_operands_equal
585 alias_set: none
587 - name: WasmUnsignedToFloat32
588 gen_boilerplate: false
590 - name: WrapInt64ToInt32
591 gen_boilerplate: false
593 - name: ExtendInt32ToInt64
594 gen_boilerplate: false
596 - name: WasmBuiltinTruncateToInt64
597 gen_boilerplate: false
599 - name: WasmTruncateToInt64
600 gen_boilerplate: false
602 - name: WasmTruncateToInt32
603 gen_boilerplate: false
605 - name: WasmAnyRefFromJSValue
606 operands:
607 def: Value
608 result_type: WasmAnyRef
609 congruent_to: if_operands_equal
610 alias_set: none
612 - name: WasmAnyRefFromJSObject
613 operands:
614 def: Object
615 type_policy: none
616 result_type: WasmAnyRef
617 congruent_to: if_operands_equal
618 alias_set: none
620 - name: WasmAnyRefFromJSString
621 operands:
622 def: String
623 type_policy: none
624 result_type: WasmAnyRef
625 congruent_to: if_operands_equal
626 alias_set: none
628 - name: WasmNewI31Ref
629 operands:
630 input: Int32
631 type_policy: none
632 result_type: WasmAnyRef
633 movable: true
634 congruent_to: if_operands_equal
635 alias_set: none
637 - name: WasmI31RefGet
638 operands:
639 input: WasmAnyRef
640 arguments:
641 wideningOp: wasm::FieldWideningOp
642 type_policy: none
643 result_type: Int32
644 movable: true
645 congruent_to: if_operands_equal
646 alias_set: none
648 - name: Int32ToIntPtr
649 gen_boilerplate: false
651 - name: NonNegativeIntPtrToInt32
652 gen_boilerplate: false
654 - name: IntPtrToDouble
655 gen_boilerplate: false
657 - name: AdjustDataViewLength
658 gen_boilerplate: false
660 - name: Int64ToFloatingPoint
661 gen_boilerplate: false
663 - name: BuiltinInt64ToFloatingPoint
664 gen_boilerplate: false
666 - name: ToNumberInt32
667 gen_boilerplate: false
669 - name: BooleanToInt32
670 operands:
671 input: Boolean
672 result_type: Int32
673 movable: true
674 compute_range: custom
675 folds_to: custom
676 congruent_to: if_operands_equal
677 alias_set: none
679 - name: TruncateToInt32
680 gen_boilerplate: false
682 - name: WasmBuiltinTruncateToInt32
683 gen_boilerplate: false
685 - name: ToBigInt
686 gen_boilerplate: false
688 - name: ToInt64
689 gen_boilerplate: false
691 - name: TruncateBigIntToInt64
692 gen_boilerplate: false
694 - name: Int64ToBigInt
695 gen_boilerplate: false
697 - name: ToString
698 gen_boilerplate: false
700 - name: BitNot
701 gen_boilerplate: false
703 - name: TypeOf
704 gen_boilerplate: false
706 - name: TypeOfName
707 operands:
708 input: Int32
709 result_type: String
710 movable: true
711 folds_to: custom
712 congruent_to: if_operands_equal
713 alias_set: none
714 can_recover: true
716 - name: TypeOfIs
717 gen_boilerplate: false
719 - name: ToAsyncIter
720 operands:
721 iterator: Object
722 nextMethod: Value
723 result_type: Object
725 - name: ToPropertyKeyCache
726 operands:
727 input: Value
728 result_type: Value
730 - name: BitAnd
731 gen_boilerplate: false
733 - name: BitOr
734 gen_boilerplate: false
736 - name: BitXor
737 gen_boilerplate: false
739 - name: Lsh
740 gen_boilerplate: false
742 - name: Rsh
743 gen_boilerplate: false
745 - name: Ursh
746 gen_boilerplate: false
748 - name: SignExtendInt32
749 gen_boilerplate: false
751 - name: SignExtendInt64
752 gen_boilerplate: false
754 - name: MinMax
755 gen_boilerplate: false
757 - name: MinMaxArray
758 gen_boilerplate: false
760 - name: Abs
761 gen_boilerplate: false
763 - name: Clz
764 gen_boilerplate: false
766 - name: Ctz
767 gen_boilerplate: false
769 - name: Popcnt
770 gen_boilerplate: false
772 - name: Sqrt
773 gen_boilerplate: false
775 - name: CopySign
776 gen_boilerplate: false
778 # Inline implementation of atan2 (arctangent of y/x).
779 - name: Atan2
780 operands:
781 y: Double
782 x: Double
783 result_type: Double
784 movable: true
785 congruent_to: if_operands_equal
786 alias_set: none
787 possibly_calls: true
788 can_recover: true
789 clone: true
791 - name: Hypot
792 gen_boilerplate: false
794 - name: Pow
795 gen_boilerplate: false
797 - name: PowHalf
798 gen_boilerplate: false
800 - name: Random
801 result_type: Double
802 alias_set: custom
803 possibly_calls: true
804 compute_range: custom
805 can_recover: custom
806 clone: true
808 - name: Sign
809 gen_boilerplate: false
811 - name: MathFunction
812 gen_boilerplate: false
814 - name: Add
815 gen_boilerplate: false
817 - name: Sub
818 gen_boilerplate: false
820 - name: Mul
821 gen_boilerplate: false
823 - name: Div
824 gen_boilerplate: false
826 - name: WasmBuiltinDivI64
827 gen_boilerplate: false
829 - name: Mod
830 gen_boilerplate: false
832 - name: WasmBuiltinModD
833 gen_boilerplate: false
835 - name: WasmBuiltinModI64
836 gen_boilerplate: false
838 - name: BigIntAdd
839 gen_boilerplate: false
841 - name: BigIntSub
842 gen_boilerplate: false
844 - name: BigIntMul
845 gen_boilerplate: false
847 - name: BigIntDiv
848 gen_boilerplate: false
850 - name: BigIntMod
851 gen_boilerplate: false
853 - name: BigIntPow
854 gen_boilerplate: false
856 - name: BigIntBitAnd
857 gen_boilerplate: false
859 - name: BigIntBitOr
860 gen_boilerplate: false
862 - name: BigIntBitXor
863 gen_boilerplate: false
865 - name: BigIntLsh
866 gen_boilerplate: false
868 - name: BigIntRsh
869 gen_boilerplate: false
871 - name: BigIntIncrement
872 gen_boilerplate: false
874 - name: BigIntDecrement
875 gen_boilerplate: false
877 - name: BigIntNegate
878 gen_boilerplate: false
880 - name: BigIntBitNot
881 gen_boilerplate: false
883 - name: Int32ToStringWithBase
884 operands:
885 input: Int32
886 base: Int32
887 result_type: String
888 movable: true
889 congruent_to: if_operands_equal
890 alias_set: none
892 - name: NumberParseInt
893 operands:
894 string: String
895 radix: Int32
896 result_type: Value
897 movable: true
898 congruent_to: if_operands_equal
899 alias_set: none
900 possibly_calls: true
902 - name: DoubleParseInt
903 operands:
904 number: Double
905 result_type: Int32
906 movable: true
907 congruent_to: if_operands_equal
908 alias_set: none
910 - name: Concat
911 gen_boilerplate: false
913 - name: LinearizeForCharAccess
914 operands:
915 string: String
916 index: Int32
917 result_type: String
918 movable: true
919 congruent_to: if_operands_equal
920 # Strings are immutable, so there is no implicit dependency.
921 alias_set: none
923 - name: CharCodeAt
924 operands:
925 string: String
926 index: Int32
927 result_type: Int32
928 movable: true
929 folds_to: custom
930 congruent_to: if_operands_equal
931 # Strings are immutable, so there is no implicit dependency.
932 alias_set: none
933 compute_range: custom
934 can_recover: true
935 clone: true
937 # Similar to CharCodeAt, but also supports out-of-bounds access.
938 - name: CharCodeAtMaybeOutOfBounds
939 operands:
940 string: String
941 index: Int32
942 result_type: Value
943 movable: true
944 congruent_to: if_operands_equal
945 # Strings are immutable, so there is no implicit dependency.
946 alias_set: none
948 # Like CharCodeAtMaybeOutOfBounds, this operation also supports out-of-bounds access.
949 - name: CharAtMaybeOutOfBounds
950 operands:
951 string: String
952 index: Int32
953 result_type: String
954 movable: true
955 congruent_to: if_operands_equal
956 # Strings are immutable, so there is no implicit dependency.
957 alias_set: none
959 - name: FromCharCode
960 operands:
961 code: Int32
962 result_type: String
963 movable: true
964 congruent_to: if_operands_equal
965 alias_set: none
966 can_recover: true
967 clone: true
969 - name: FromCodePoint
970 operands:
971 codePoint: Int32
972 result_type: String
973 guard: true
974 movable: true
975 congruent_to: if_operands_equal
976 alias_set: none
977 clone: true
979 - name: StringIndexOf
980 operands:
981 string: String
982 searchString: String
983 result_type: Int32
984 movable: true
985 congruent_to: if_operands_equal
986 alias_set: none
987 possibly_calls: true
989 - name: StringStartsWith
990 operands:
991 string: String
992 searchString: String
993 result_type: Boolean
994 movable: true
995 congruent_to: if_operands_equal
996 alias_set: none
997 possibly_calls: true
999 - name: StringEndsWith
1000 operands:
1001 string: String
1002 searchString: String
1003 result_type: Boolean
1004 movable: true
1005 congruent_to: if_operands_equal
1006 alias_set: none
1007 possibly_calls: true
1009 - name: StringConvertCase
1010 gen_boilerplate: false
1012 - name: StringSplit
1013 operands:
1014 string: String
1015 separator: String
1016 result_type: Object
1017 possibly_calls: true
1018 # Although this instruction returns a new array, we don't have to mark
1019 # it as store instruction, see also MNewArray.
1020 alias_set: none
1021 can_recover: true
1023 - name: BoxNonStrictThis
1024 operands:
1025 def: Value
1026 arguments:
1027 globalThis: JSObject*
1028 result_type: Object
1029 folds_to: custom
1030 possibly_calls: true
1031 # This instruction can allocate a new object for wrapped primitives, but
1032 # has no effect on existing objects.
1033 alias_set: none
1035 - name: ImplicitThis
1036 operands:
1037 envChain: Object
1038 arguments:
1039 name: PropertyName*
1040 result_type: Value
1041 possibly_calls: true
1043 - name: Phi
1044 gen_boilerplate: false
1046 - name: Beta
1047 gen_boilerplate: false
1049 - name: NaNToZero
1050 gen_boilerplate: false
1052 - name: OsrValue
1053 gen_boilerplate: false
1055 - name: OsrEnvironmentChain
1056 gen_boilerplate: false
1058 - name: OsrArgumentsObject
1059 gen_boilerplate: false
1061 - name: OsrReturnValue
1062 gen_boilerplate: false
1064 - name: BinaryCache
1065 gen_boilerplate: false
1067 - name: UnaryCache
1068 operands:
1069 input: Value
1070 result_type: Value
1072 # Checks whether we need to fire the interrupt handler.
1073 - name: CheckOverRecursed
1074 guard: true
1075 alias_set: none
1078 # Check whether we need to fire the interrupt handler.
1079 - name: InterruptCheck
1080 guard: true
1081 alias_set: none
1083 - name: WasmInterruptCheck
1084 gen_boilerplate: false
1086 - name: WasmTrap
1087 gen_boilerplate: false
1089 # Trap if the given ref is null
1090 - name: WasmTrapIfNull
1091 operands:
1092 ref: WasmAnyRef
1093 arguments:
1094 trap: wasm::Trap
1095 bytecodeOffset: wasm::BytecodeOffset
1096 guard: true
1097 type_policy: none
1098 result_type: None
1100 - name: LexicalCheck
1101 gen_boilerplate: false
1103 # Unconditionally throw an uninitialized let error.
1104 - name: ThrowRuntimeLexicalError
1105 arguments:
1106 errorNumber: unsigned
1107 result_type: None
1108 guard: true
1109 alias_set: custom
1111 - name: ThrowMsg
1112 gen_boilerplate: false
1114 # In the prologues of global and eval scripts, check for redeclarations and
1115 # initialize bindings.
1116 - name: GlobalDeclInstantiation
1117 guard: true
1119 - name: RegExp
1120 arguments:
1121 source: RegExpObject*
1122 hasShared: bool
1123 result_type: Object
1124 possibly_calls: true
1125 alias_set: none
1127 - name: RegExpMatcher
1128 operands:
1129 regexp: Object
1130 string: String
1131 lastIndex: Int32
1132 result_type: Value
1133 possibly_calls: true
1134 can_recover: true
1136 # Note: this instruction writes to cx->regExpSearcherLastLimit.
1137 # See also MRegExpSearcherLastLimit.
1138 - name: RegExpSearcher
1139 operands:
1140 regexp: Object
1141 string: String
1142 lastIndex: Int32
1143 result_type: Int32
1144 possibly_calls: true
1145 can_recover: false
1147 # This instruction loads cx->regExpSearcherLastLimit. We don't have a
1148 # specialized alias set for this so just use the default alias set similar to
1149 # the MRegExpSearcher instruction that precedes it.
1150 - name: RegExpSearcherLastLimit
1151 operands:
1152 result_type: Int32
1154 - name: RegExpExecMatch
1155 operands:
1156 regexp: Object
1157 string: String
1158 result_type: Value
1159 possibly_calls: true
1160 can_recover: false
1162 - name: RegExpExecTest
1163 operands:
1164 regexp: Object
1165 string: String
1166 result_type: Boolean
1167 possibly_calls: true
1168 can_recover: false
1170 - name: RegExpHasCaptureGroups
1171 operands:
1172 regexp: Object
1173 input: String
1174 result_type: Boolean
1175 possibly_calls: true
1177 - name: RegExpPrototypeOptimizable
1178 operands:
1179 object: Object
1180 result_type: Boolean
1181 alias_set: none
1183 - name: RegExpInstanceOptimizable
1184 operands:
1185 object: Object
1186 proto: Object
1187 result_type: Boolean
1188 alias_set: none
1190 - name: GetFirstDollarIndex
1191 gen_boilerplate: false
1193 - name: StringReplace
1194 gen_boilerplate: false
1196 - name: Substr
1197 operands:
1198 string: String
1199 begin: Int32
1200 length: Int32
1201 result_type: String
1202 congruent_to: if_operands_equal
1203 alias_set: none
1204 movable: true
1205 can_recover: true
1207 - name: ModuleMetadata
1208 arguments:
1209 module: JSObject*
1210 result_type: Object
1212 - name: DynamicImport
1213 operands:
1214 specifier: Value
1215 options: Value
1216 result_type: Object
1218 - name: Lambda
1219 gen_boilerplate: false
1221 - name: FunctionWithProto
1222 gen_boilerplate: false
1224 - name: SetFunName
1225 operands:
1226 fun: Object
1227 name: Value
1228 arguments:
1229 prefixKind: uint8_t
1230 result_type: None
1231 possibly_calls: true
1233 # Returns obj->slots.
1234 - name: Slots
1235 operands:
1236 object: Object
1237 result_type: Slots
1238 movable: true
1239 congruent_to: if_operands_equal
1240 alias_set: custom
1241 might_alias: custom
1242 clone: true
1244 # Returns obj->elements.
1245 - name: Elements
1246 operands:
1247 object: Object
1248 result_type: Elements
1249 movable: true
1250 congruent_to: if_operands_equal
1251 alias_set: custom
1252 clone: true
1254 # Load the initialized length from an elements header.
1255 - name: InitializedLength
1256 operands:
1257 elements: Elements
1258 type_policy: none
1259 result_type: Int32
1260 movable: true
1261 congruent_to: if_operands_equal
1262 alias_set: custom
1263 compute_range: custom
1264 clone: true
1266 - name: SetInitializedLength
1267 operands:
1268 elements: Elements
1269 index: Int32
1270 type_policy: none
1271 alias_set: custom
1272 clone: true
1274 # Load the array length from an elements header.
1275 - name: ArrayLength
1276 operands:
1277 elements: Elements
1278 type_policy: none
1279 result_type: Int32
1280 movable: true
1281 congruent_to: if_operands_equal
1282 alias_set: custom
1283 compute_range: custom
1284 clone: true
1286 # Store to the length in an elements header. Note the input is an *index*, one
1287 # less than the desired length.
1288 - name: SetArrayLength
1289 operands:
1290 elements: Elements
1291 index: Int32
1292 type_policy: none
1293 alias_set: custom
1294 # By default no, unless built as a recovered instruction.
1295 can_recover: custom
1297 # Load the function length. Bails for functions with lazy scripts or a
1298 # resolved "length" property.
1299 - name: FunctionLength
1300 operands:
1301 function: Object
1302 result_type: Int32
1303 guard: true
1304 congruent_to: if_operands_equal
1305 # Even though the "length" property is lazily resolved, it acts similar to
1306 # a normal property load, so we can treat this operation like any other
1307 # property read.
1308 alias_set: custom
1310 # Load the function name. Bails for bound functions when the bound function
1311 # name prefix isn't present or functions with a resolved "name" property.
1312 - name: FunctionName
1313 operands:
1314 function: Object
1315 result_type: String
1316 guard: true
1317 congruent_to: if_operands_equal
1318 # Even though the "name" property is lazily resolved, it acts similar to
1319 # a normal property load, so we can treat this operation like any other
1320 # property read.
1321 alias_set: custom
1323 - name: GetNextEntryForIterator
1324 gen_boilerplate: false
1326 # Read the byte length of an array buffer as IntPtr.
1327 - name: ArrayBufferByteLength
1328 operands:
1329 object: Object
1330 result_type: IntPtr
1331 movable: true
1332 congruent_to: if_operands_equal
1333 alias_set: custom
1335 # Read the length of an array buffer view.
1336 - name: ArrayBufferViewLength
1337 operands:
1338 object: Object
1339 result_type: IntPtr
1340 movable: true
1341 congruent_to: if_operands_equal
1342 alias_set: custom
1343 compute_range: custom
1345 - name: ArrayBufferViewByteOffset
1346 operands:
1347 object: Object
1348 result_type: IntPtr
1349 movable: true
1350 congruent_to: if_operands_equal
1351 alias_set: custom
1352 compute_range: custom
1354 # Read the length of an array buffer view.
1355 - name: ArrayBufferViewElements
1356 operands:
1357 object: Object
1358 result_type: Elements
1359 movable: true
1360 congruent_to: if_operands_equal
1361 alias_set: custom
1362 clone: true
1364 # Return the element size of a typed array.
1365 - name: TypedArrayElementSize
1366 operands:
1367 object: Object
1368 result_type: Int32
1369 movable: true
1370 congruent_to: if_operands_equal
1371 # Class is immutable. See also MHasClass.
1372 alias_set: none
1373 compute_range: custom
1375 # Guard an ArrayBufferView has an attached ArrayBuffer.
1376 - name: GuardHasAttachedArrayBuffer
1377 operands:
1378 object: Object
1379 result_type: Object
1380 guard: true
1381 movable: true
1382 congruent_to: if_operands_equal
1383 alias_set: custom
1385 - name: GuardNumberToIntPtrIndex
1386 gen_boilerplate: false
1388 - name: KeepAliveObject
1389 operands:
1390 object: Object
1391 result_type: None
1392 guard: true
1394 - name: DebugEnterGCUnsafeRegion
1395 result_type: None
1396 guard: true
1397 alias_set: none
1399 - name: DebugLeaveGCUnsafeRegion
1400 result_type: None
1401 guard: true
1402 alias_set: none
1404 - name: Not
1405 gen_boilerplate: false
1407 - name: BoundsCheck
1408 gen_boilerplate: false
1410 - name: BoundsCheckLower
1411 gen_boilerplate: false
1413 - name: SpectreMaskIndex
1414 gen_boilerplate: false
1416 - name: LoadElement
1417 gen_boilerplate: false
1419 - name: LoadElementAndUnbox
1420 gen_boilerplate: false
1422 - name: LoadElementHole
1423 gen_boilerplate: false
1425 - name: StoreElement
1426 gen_boilerplate: false
1428 - name: StoreHoleValueElement
1429 gen_boilerplate: false
1431 - name: StoreElementHole
1432 gen_boilerplate: false
1434 - name: ArrayPopShift
1435 gen_boilerplate: false
1437 # Array.prototype.push on a dense array. Returns the new array length.
1438 - name: ArrayPush
1439 operands:
1440 object: Object
1441 value: Value
1442 result_type: Int32
1443 alias_set: custom
1444 compute_range: custom
1445 clone: true
1447 # Array.prototype.slice on a dense array.
1448 - name: ArraySlice
1449 operands:
1450 object: Object
1451 begin: Int32
1452 end: Int32
1453 arguments:
1454 templateObj: JSObject*
1455 initialHeap: gc::Heap
1456 result_type: Object
1457 possibly_calls: true
1459 # Array.prototype.slice on an arguments object.
1460 - name: ArgumentsSlice
1461 operands:
1462 object: Object
1463 begin: Int32
1464 end: Int32
1465 arguments:
1466 templateObj: JSObject*
1467 initialHeap: gc::Heap
1468 result_type: Object
1469 possibly_calls: true
1471 # Array.prototype.slice on an arguments object.
1472 - name: FrameArgumentsSlice
1473 operands:
1474 begin: Int32
1475 count: Int32
1476 arguments:
1477 templateObj: JSObject*
1478 initialHeap: gc::Heap
1479 result_type: Object
1480 alias_set: none
1481 possibly_calls: true
1483 # Array.prototype.slice on an inlined arguments object.
1484 - name: InlineArgumentsSlice
1485 gen_boilerplate: false
1487 - name: NormalizeSliceTerm
1488 operands:
1489 value: Int32
1490 length: Int32
1491 result_type: Int32
1492 movable: true
1493 congruent_to: if_operands_equal
1494 alias_set: none
1495 folds_to: custom
1497 # MArrayJoin doesn't override |getAliasSet()|, because Array.prototype.join
1498 # might coerce the elements of the Array to strings. This coercion might
1499 # cause the evaluation of JavaScript code.
1500 - name: ArrayJoin
1501 operands:
1502 array: Object
1503 sep: String
1504 result_type: String
1505 possibly_calls: true
1506 folds_to: custom
1507 # MArrayJoin doesn't override |getAliasSet()|, because Array.prototype.join
1508 # might coerce the elements of the Array to strings. This coercion might
1509 # cause the evaluation of JavaScript code.
1511 - name: LoadUnboxedScalar
1512 gen_boilerplate: false
1514 - name: LoadDataViewElement
1515 gen_boilerplate: false
1517 - name: LoadTypedArrayElementHole
1518 gen_boilerplate: false
1520 - name: StoreUnboxedScalar
1521 gen_boilerplate: false
1523 - name: StoreDataViewElement
1524 gen_boilerplate: false
1526 - name: StoreTypedArrayElementHole
1527 gen_boilerplate: false
1529 - name: EffectiveAddress
1530 gen_boilerplate: false
1532 - name: ClampToUint8
1533 gen_boilerplate: false
1535 - name: LoadFixedSlot
1536 gen_boilerplate: false
1538 - name: LoadFixedSlotAndUnbox
1539 gen_boilerplate: false
1541 - name: LoadDynamicSlotAndUnbox
1542 gen_boilerplate: false
1544 - name: StoreFixedSlot
1545 gen_boilerplate: false
1547 - name: GetPropertyCache
1548 gen_boilerplate: false
1550 - name: HomeObjectSuperBase
1551 operands:
1552 homeObject: Object
1553 result_type: Value
1554 movable: true
1555 congruent_to: if_operands_equal
1556 alias_set: custom
1558 - name: GetPropSuperCache
1559 gen_boilerplate: false
1561 - name: BindNameCache
1562 operands:
1563 envChain: Object
1564 result_type: Object
1566 - name: CallBindVar
1567 operands:
1568 environmentChain: Object
1569 result_type: Object
1570 movable: true
1571 congruent_to: custom
1572 alias_set: none
1574 - name: GuardShape
1575 operands:
1576 object: Object
1577 arguments:
1578 shape: Shape*
1579 result_type: Object
1580 guard: true
1581 movable: true
1582 congruent_to: custom
1583 alias_set: custom
1584 might_alias: custom
1586 - name: GuardMultipleShapes
1587 operands:
1588 object: Object
1589 shapeList: Object
1590 result_type: Object
1591 guard: true
1592 movable: true
1593 congruent_to: if_operands_equal
1594 alias_set: custom
1596 - name: GuardProto
1597 gen_boilerplate: false
1599 - name: GuardNullProto
1600 gen_boilerplate: false
1602 # Guard the object is a native object.
1603 - name: GuardIsNativeObject
1604 operands:
1605 object: Object
1606 result_type: Object
1607 guard: true
1608 movable: true
1609 congruent_to: if_operands_equal
1610 alias_set: none
1612 - name: GuardGlobalGeneration
1613 arguments:
1614 expected: uint32_t
1615 generationAddr: const void*
1616 result_type: None
1617 guard: true
1618 movable: true
1619 alias_set: custom
1620 congruent_to: custom
1622 - name: GuardIsProxy
1623 operands:
1624 object: Object
1625 result_type: Object
1626 guard: true
1627 movable: true
1628 congruent_to: if_operands_equal
1629 alias_set: none
1631 - name: GuardIsNotDOMProxy
1632 operands:
1633 proxy: Object
1634 result_type: Object
1635 guard: true
1636 movable: true
1637 congruent_to: if_operands_equal
1638 alias_set: none
1640 - name: GuardIsNotProxy
1641 operands:
1642 object: Object
1643 result_type: Object
1644 guard: true
1645 movable: true
1646 congruent_to: if_operands_equal
1647 folds_to: custom
1648 alias_set: none
1650 - name: ProxyGet
1651 operands:
1652 proxy: Object
1653 arguments:
1654 id: jsid
1655 result_type: Value
1656 possibly_calls: true
1658 - name: ProxyGetByValue
1659 operands:
1660 proxy: Object
1661 idVal: Value
1662 result_type: Value
1663 possibly_calls: true
1665 - name: ProxyHasProp
1666 operands:
1667 proxy: Object
1668 idVal: Value
1669 arguments:
1670 hasOwn: bool
1671 result_type: Boolean
1672 possibly_calls: true
1674 - name: ProxySet
1675 operands:
1676 proxy: Object
1677 rhs: Value
1678 arguments:
1679 id: jsid
1680 strict: bool
1681 possibly_calls: true
1683 - name: ProxySetByValue
1684 operands:
1685 proxy: Object
1686 idVal: Value
1687 rhs: Value
1688 arguments:
1689 strict: bool
1690 possibly_calls: true
1692 - name: CallSetArrayLength
1693 operands:
1694 obj: Object
1695 rhs: Value
1696 arguments:
1697 strict: bool
1698 possibly_calls: true
1700 - name: MegamorphicLoadSlot
1701 operands:
1702 object: Object
1703 arguments:
1704 name: PropertyKey
1705 result_type: Value
1706 # Bails when non-native or accessor properties are encountered, so we can't
1707 # DCE this instruction.
1708 guard: true
1709 possibly_calls: true
1710 congruent_to: custom
1711 alias_set: custom
1713 - name: MegamorphicLoadSlotByValue
1714 operands:
1715 object: Object
1716 idVal: Value
1717 result_type: Value
1718 # Bails when non-native or accessor properties are encountered, so we can't
1719 # DCE this instruction.
1720 guard: true
1721 folds_to: custom
1722 congruent_to: if_operands_equal
1723 alias_set: custom
1724 possibly_calls: true
1726 - name: MegamorphicStoreSlot
1727 operands:
1728 object: Object
1729 rhs: Value
1730 arguments:
1731 name: PropertyKey
1732 strict: bool
1733 possibly_calls: true
1735 - name: MegamorphicHasProp
1736 operands:
1737 object: Object
1738 idVal: Value
1739 arguments:
1740 hasOwn: bool
1741 result_type: Boolean
1742 # Bails when non-native or accessor properties are encountered, so we can't
1743 # DCE this instruction.
1744 guard: true
1745 congruent_to: custom
1746 alias_set: custom
1747 possibly_calls: true
1749 - name: GuardIsNotArrayBufferMaybeShared
1750 operands:
1751 object: Object
1752 result_type: Object
1753 guard: true
1754 movable: true
1755 congruent_to: if_operands_equal
1756 folds_to: custom
1757 alias_set: none
1759 - name: GuardIsTypedArray
1760 operands:
1761 object: Object
1762 result_type: Object
1763 guard: true
1764 movable: true
1765 congruent_to: if_operands_equal
1766 alias_set: none
1768 - name: GuardHasProxyHandler
1769 operands:
1770 object: Object
1771 arguments:
1772 handler: const void*
1773 result_type: Object
1774 guard: true
1775 movable: true
1776 congruent_to: if_operands_equal
1777 alias_set: none
1779 # Loads a specific JSObject* that was originally nursery-allocated.
1780 # See also WarpObjectField.
1781 - name: NurseryObject
1782 arguments:
1783 # Index in the Vector of objects stored in the WarpSnapshot.
1784 nurseryIndex: uint32_t
1785 result_type: Object
1786 movable: true
1787 congruent_to: custom
1788 alias_set: none
1790 - name: GuardValue
1791 gen_boilerplate: false
1793 - name: GuardNullOrUndefined
1794 operands:
1795 value: Value
1796 result_type: Value
1797 guard: true
1798 movable: true
1799 congruent_to: if_operands_equal
1800 folds_to: custom
1801 alias_set: none
1803 - name: GuardIsNotObject
1804 operands:
1805 value: Value
1806 result_type: Value
1807 guard: true
1808 movable: true
1809 congruent_to: if_operands_equal
1810 folds_to: custom
1811 alias_set: none
1813 - name: GuardFunctionFlags
1814 gen_boilerplate: false
1816 - name: GuardFunctionIsNonBuiltinCtor
1817 operands:
1818 function: Object
1819 result_type: Object
1820 guard: true
1821 movable: true
1822 congruent_to: if_operands_equal
1823 alias_set: custom
1825 - name: GuardFunctionKind
1826 operands:
1827 function: Object
1828 arguments:
1829 expected: FunctionFlags::FunctionKind
1830 bailOnEquality: bool
1831 result_type: Object
1832 guard: true
1833 movable: true
1834 congruent_to: custom
1835 alias_set: custom
1837 - name: GuardFunctionScript
1838 operands:
1839 function: Object
1840 arguments:
1841 expected: BaseScript*
1842 nargs: uint16_t
1843 flags: FunctionFlags
1844 result_type: Object
1845 guard: true
1846 movable: true
1847 folds_to: custom
1848 congruent_to: custom
1849 # A JSFunction's BaseScript pointer is immutable. Relazification of
1850 # self-hosted functions is an exception to this, but we don't use this
1851 # guard for self-hosted functions.
1852 alias_set: custom
1854 - name: GuardObjectIdentity
1855 gen_boilerplate: false
1857 - name: GuardSpecificFunction
1858 gen_boilerplate: false
1860 - name: GuardSpecificAtom
1861 operands:
1862 str: String
1863 arguments:
1864 atom: JSAtom*
1865 result_type: String
1866 guard: true
1867 movable: true
1868 congruent_to: custom
1869 folds_to: custom
1870 alias_set: none
1872 - name: GuardSpecificSymbol
1873 gen_boilerplate: false
1875 - name: GuardSpecificInt32
1876 operands:
1877 num: Int32
1878 arguments:
1879 expected: int32_t
1880 result_type: Int32
1881 guard: true
1882 movable: true
1883 folds_to: custom
1884 alias_set: none
1886 - name: GuardStringToIndex
1887 operands:
1888 string: String
1889 result_type: Int32
1890 # Mark as guard because this instruction must not be eliminated. For
1891 # example, if the string is not an index the operation could change from a
1892 # typed array load to a getter call.
1893 guard: true
1894 movable: true
1895 congruent_to: if_operands_equal
1896 folds_to: custom
1897 alias_set: none
1899 - name: GuardStringToInt32
1900 operands:
1901 string: String
1902 result_type: Int32
1903 # Mark as guard to prevent the issue described in MGuardStringToIndex's
1904 # constructor.
1905 guard: true
1906 movable: true
1907 congruent_to: if_operands_equal
1908 folds_to: custom
1909 alias_set: none
1911 - name: GuardStringToDouble
1912 operands:
1913 string: String
1914 result_type: Double
1915 # Mark as guard to prevent the issue described in MGuardStringToIndex's
1916 # constructor.
1917 guard: true
1918 movable: true
1919 congruent_to: if_operands_equal
1920 folds_to: custom
1921 alias_set: none
1923 - name: GuardNoDenseElements
1924 operands:
1925 object: Object
1926 result_type: Object
1927 guard: true
1928 movable: true
1929 alias_set: custom
1931 - name: GuardTagNotEqual
1932 gen_boilerplate: false
1934 - name: LoadDynamicSlot
1935 gen_boilerplate: false
1937 # Inline call to access a function's environment (scope chain).
1938 - name: FunctionEnvironment
1939 operands:
1940 function: Object
1941 result_type: Object
1942 movable: true
1943 folds_to: custom
1944 # A function's environment is fixed.
1945 alias_set: none
1947 # Allocate a new BlockLexicalEnvironmentObject.
1948 - name: NewLexicalEnvironmentObject
1949 operands:
1950 templateObj: Object
1951 result_type: Object
1952 alias_set: none
1954 # Allocate a new ClassBodyEnvironmentObject.
1955 - name: NewClassBodyEnvironmentObject
1956 operands:
1957 templateObj: Object
1958 result_type: Object
1959 alias_set: none
1961 - name: NewVarEnvironmentObject
1962 operands:
1963 templateObj: Object
1964 result_type: Object
1965 alias_set: none
1967 - name: HomeObject
1968 operands:
1969 function: Object
1970 result_type: Object
1971 movable: true
1972 # A function's [[HomeObject]] is fixed.
1973 alias_set: none
1975 - name: AddAndStoreSlot
1976 gen_boilerplate: false
1978 - name: AllocateAndStoreSlot
1979 operands:
1980 object: Object
1981 value: Value
1982 arguments:
1983 slotOffset: uint32_t
1984 shape: Shape*
1985 numNewSlots: uint32_t
1986 possibly_calls: true
1987 alias_set: custom
1989 - name: AddSlotAndCallAddPropHook
1990 operands:
1991 object: Object
1992 value: Value
1993 arguments:
1994 shape: Shape*
1995 possibly_calls: true
1997 - name: StoreDynamicSlot
1998 gen_boilerplate: false
2000 - name: GetNameCache
2001 operands:
2002 envObj: Object
2003 result_type: Value
2005 - name: CallGetIntrinsicValue
2006 arguments:
2007 name: PropertyName*
2008 result_type: Value
2009 possibly_calls: true
2011 - name: DeleteProperty
2012 operands:
2013 value: Value
2014 arguments:
2015 name: PropertyName*
2016 strict: bool
2017 result_type: Boolean
2019 - name: DeleteElement
2020 operands:
2021 value: Value
2022 index: Value
2023 arguments:
2024 strict: bool
2025 result_type: Boolean
2027 - name: SetPropertyCache
2028 gen_boilerplate: false
2030 - name: MegamorphicSetElement
2031 gen_boilerplate: false
2033 - name: SetDOMProperty
2034 gen_boilerplate: false
2036 - name: GetDOMProperty
2037 gen_boilerplate: false
2039 - name: GetDOMMember
2040 gen_boilerplate: false
2042 - name: ObjectToIterator
2043 gen_boilerplate: false
2045 - name: ValueToIterator
2046 operands:
2047 value: Value
2048 result_type: Object
2050 - name: IteratorHasIndices
2051 operands:
2052 object: Object
2053 iterator: Object
2054 result_type: Boolean
2055 alias_set: custom
2057 - name: LoadSlotByIteratorIndex
2058 operands:
2059 object: Object
2060 iterator: Object # TODO: add MIRType::NativeIterator?
2061 result_type: Value
2062 alias_set: custom
2064 - name: StoreSlotByIteratorIndex
2065 operands:
2066 object: Object
2067 iterator: Object
2068 value: Value
2069 alias_set: custom
2071 # Load the private value expando from a DOM proxy. The target is stored in the
2072 # proxy object's private slot.
2073 # This is either an UndefinedValue (no expando), ObjectValue (the expando
2074 # object), or PrivateValue(ExpandoAndGeneration*).
2075 - name: LoadDOMExpandoValue
2076 operands:
2077 proxy: Object
2078 result_type: Value
2079 movable: true
2080 congruent_to: if_operands_equal
2081 alias_set: custom
2083 - name: LoadDOMExpandoValueGuardGeneration
2084 gen_boilerplate: false
2086 - name: LoadDOMExpandoValueIgnoreGeneration
2087 operands:
2088 proxy: Object
2089 result_type: Value
2090 movable: true
2091 congruent_to: if_operands_equal
2092 alias_set: custom
2094 # Takes an expando Value as input, then guards it's either UndefinedValue or
2095 # an object with the expected shape.
2096 - name: GuardDOMExpandoMissingOrGuardShape
2097 operands:
2098 expando: Value
2099 arguments:
2100 shape: Shape*
2101 result_type: Value
2102 guard: true
2103 movable: true
2104 congruent_to: custom
2105 alias_set: custom
2107 - name: StringLength
2108 operands:
2109 string: String
2110 result_type: Int32
2111 movable: true
2112 folds_to: custom
2113 congruent_to: if_operands_equal
2114 # The string |length| property is immutable, so there is no
2115 # implicit dependency.
2116 alias_set: none
2117 compute_range: custom
2118 can_recover: true
2119 clone: true
2121 - name: Floor
2122 gen_boilerplate: false
2124 - name: Ceil
2125 gen_boilerplate: false
2127 - name: Round
2128 gen_boilerplate: false
2130 - name: Trunc
2131 gen_boilerplate: false
2133 - name: NearbyInt
2134 gen_boilerplate: false
2136 - name: GetIteratorCache
2137 gen_boilerplate: false
2139 - name: OptimizeSpreadCallCache
2140 operands:
2141 value: Value
2142 result_type: Value
2144 - name: IteratorMore
2145 operands:
2146 iterator: Object
2147 result_type: Value
2149 - name: IsNoIter
2150 operands:
2151 def: Object
2152 result_type: Boolean
2153 type_policy: none
2154 movable : true
2155 alias_set: none
2157 - name: IteratorEnd
2158 operands:
2159 iterator: Object
2161 - name: CloseIterCache
2162 operands:
2163 iter: Object
2164 arguments:
2165 completionKind: uint8_t
2166 possibly_calls: true
2168 - name: OptimizeGetIteratorCache
2169 operands:
2170 value: Value
2171 result_type: Boolean
2173 - name: InCache
2174 gen_boilerplate: false
2176 - name: InArray
2177 gen_boilerplate: false
2179 - name: GuardElementNotHole
2180 gen_boilerplate: false
2182 - name: NewPrivateName
2183 arguments:
2184 name: JSAtom*
2185 result_type: Symbol
2186 possibly_calls: true
2188 - name: CheckPrivateFieldCache
2189 gen_boilerplate: false
2191 - name: HasOwnCache
2192 gen_boilerplate: false
2194 - name: InstanceOf
2195 gen_boilerplate: false
2197 # Implementation for instanceof operator with unknown rhs.
2198 - name: InstanceOfCache
2199 operands:
2200 obj: Value
2201 proto: Object
2202 result_type: Boolean
2204 - name: ArgumentsLength
2205 result_type: Int32
2206 movable: true
2207 congruent_to: if_operands_equal
2208 # Arguments |length| cannot be mutated by Ion Code.
2209 alias_set: none
2210 compute_range: custom
2211 can_recover: true
2213 # This MIR instruction is used to get an argument from the actual arguments.
2214 - name: GetFrameArgument
2215 operands:
2216 index: Int32
2217 result_type: Value
2218 movable: true
2219 congruent_to: if_operands_equal
2220 # This instruction is never aliased, because ops like JSOp::SetArg don't
2221 # write to the argument frames. We create an arguments object in that case.
2222 alias_set: none
2224 # This MIR instruction is used to get an argument from the actual arguments.
2225 # Returns undefined if |index| is larger-or-equals to |length|. Bails out if
2226 # |index| is negative.
2227 - name: GetFrameArgumentHole
2228 operands:
2229 index: Int32
2230 length: Int32
2231 result_type: Value
2232 guard: true
2233 movable: true
2234 congruent_to: if_operands_equal
2235 # This instruction is never aliased, because ops like JSOp::SetArg don't
2236 # write to the argument frames. We create an arguments object in that case.
2237 alias_set: none
2239 - name: NewTarget
2240 result_type: Value
2241 movable: true
2242 congruent_to: if_operands_equal
2243 alias_set: none
2245 - name: Rest
2246 operands:
2247 numActuals: Int32
2248 arguments:
2249 numFormals: unsigned
2250 shape: Shape*
2251 result_type: Object
2252 possibly_calls: true
2253 alias_set: none
2254 can_recover: true
2256 - name: PostWriteBarrier
2257 gen_boilerplate: false
2259 - name: PostWriteElementBarrier
2260 gen_boilerplate: false
2262 - name: AssertCanElidePostWriteBarrier
2263 operands:
2264 object: Object
2265 value: Value
2266 result_type: None
2267 guard: true
2268 alias_set: none
2270 - name: NewNamedLambdaObject
2271 arguments:
2272 templateObj: NamedLambdaObject*
2273 result_type: Object
2274 alias_set: none
2276 - name: NewCallObject
2277 gen_boilerplate: false
2279 - name: NewStringObject
2280 gen_boilerplate: false
2282 - name: IsCallable
2283 gen_boilerplate: false
2285 - name: IsConstructor
2286 operands:
2287 object: Object
2288 result_type: Boolean
2289 movable: true
2290 congruent_to: if_operands_equal
2291 alias_set: none
2293 - name: IsCrossRealmArrayConstructor
2294 operands:
2295 object: Object
2296 result_type: Boolean
2297 movable: true
2298 congruent_to: if_operands_equal
2299 alias_set: none
2301 - name: IsObject
2302 operands:
2303 object: Value
2304 result_type: Boolean
2305 movable: true
2306 folds_to: custom
2307 congruent_to: if_operands_equal
2308 alias_set: none
2310 - name: IsNullOrUndefined
2311 operands:
2312 value: Value
2313 result_type: Boolean
2314 movable: true
2315 folds_to: custom
2316 congruent_to: if_operands_equal
2317 alias_set: none
2318 type_policy: none
2319 can_consume_float32: true
2321 - name: HasClass
2322 gen_boilerplate: false
2324 - name: GuardToClass
2325 gen_boilerplate: false
2327 - name: GuardToFunction
2328 gen_boilerplate: false
2330 - name: IsArray
2331 gen_boilerplate: false
2333 - name: IsTypedArray
2334 gen_boilerplate: false
2336 - name: ObjectClassToString
2337 operands:
2338 object: Object
2339 result_type: String
2340 guard: true
2341 movable: true
2342 congruent_to: if_operands_equal
2343 possibly_calls: true
2344 # Tests @@toStringTag is neither present on this object nor on any object
2345 # of the prototype chain.
2346 alias_set: custom
2348 - name: CheckReturn
2349 operands:
2350 returnValue: Value
2351 thisValue: Value
2352 result_type: Value
2353 guard: true
2354 folds_to: custom
2355 alias_set: custom
2357 - name: CheckThis
2358 operands:
2359 thisValue: Value
2360 result_type: Value
2361 guard: true
2362 folds_to: custom
2363 alias_set: custom
2365 - name: AsyncResolve
2366 operands:
2367 generator: Object
2368 valueOrReason: Value
2369 arguments:
2370 resolveKind: AsyncFunctionResolveKind
2371 result_type: Object
2373 # Returns from this function to the previous caller; this looks like a regular
2374 # Unary instruction and is used to lie to the MIR generator about suspending
2375 # ops like Yield/Await, which are emitted like returns, but MIR-Build like
2376 # regular instructions.
2377 - name: GeneratorReturn
2378 operands:
2379 input: Value
2380 guard: true
2381 alias_set: none
2383 - name: AsyncAwait
2384 operands:
2385 value: Value
2386 generator: Object
2387 result_type: Object
2389 - name: CheckThisReinit
2390 operands:
2391 thisValue: Value
2392 result_type: Value
2393 guard: true
2394 folds_to: custom
2395 alias_set: custom
2397 - name: Generator
2398 gen_boilerplate: false
2400 - name: CanSkipAwait
2401 operands:
2402 value: Value
2403 result_type: Boolean
2405 - name: MaybeExtractAwaitValue
2406 gen_boilerplate: false
2408 - name: IncrementWarmUpCounter
2409 arguments:
2410 script: JSScript*
2411 alias_set: none
2413 - name: AtomicIsLockFree
2414 gen_boilerplate: false
2416 - name: CompareExchangeTypedArrayElement
2417 gen_boilerplate: false
2419 - name: AtomicExchangeTypedArrayElement
2420 gen_boilerplate: false
2422 - name: AtomicTypedArrayElementBinop
2423 gen_boilerplate: false
2425 - name: Debugger
2426 gen_boilerplate: false
2428 - name: CheckIsObj
2429 operands:
2430 value: Value
2431 arguments:
2432 checkKind: uint8_t
2433 result_type: Object
2434 guard: true
2435 folds_to: custom
2436 alias_set: custom
2438 - name: CheckObjCoercible
2439 operands:
2440 checkValue: Value
2441 result_type: Value
2442 guard: true
2443 folds_to: custom
2444 # Throws on null or undefined.
2445 alias_set: custom
2447 - name: CheckClassHeritage
2448 operands:
2449 heritage: Value
2450 result_type: Value
2451 guard: true
2453 - name: DebugCheckSelfHosted
2454 operands:
2455 checkValue: Value
2456 result_type: Value
2457 guard: true
2459 - name: IsPackedArray
2460 operands:
2461 object: Object
2462 result_type: Boolean
2463 movable: true
2464 alias_set: custom
2466 - name: GuardArrayIsPacked
2467 operands:
2468 array: Object
2469 result_type: Object
2470 guard: true
2471 movable: true
2472 congruent_to: if_operands_equal
2473 alias_set: custom
2475 - name: GetPrototypeOf
2476 operands:
2477 target: Object
2478 result_type: Value
2479 # May throw if target is a proxy.
2480 guard: true
2482 - name: ObjectWithProto
2483 operands:
2484 prototype: Value
2485 result_type: Object
2486 # May throw if prototype is neither an object nor null.
2487 guard: true
2488 possibly_calls: true
2490 - name: ObjectStaticProto
2491 gen_boilerplate: false
2493 # This is basically just a limited case of Constant, for objects which are
2494 # the prototype of another object and will be used for a GuardShape. It
2495 # includes a reference to the receiver object so we can eliminate redundant
2496 # shape guards.
2497 - name: ConstantProto
2498 gen_boilerplate: false
2500 - name: BuiltinObject
2501 arguments:
2502 builtinObjectKind: BuiltinObjectKind
2503 result_type: Object
2504 possibly_calls: true
2506 - name: SuperFunction
2507 operands:
2508 callee: Object
2509 result_type: Value
2510 movable: true
2511 congruent_to: if_operands_equal
2512 alias_set: custom
2514 - name: InitHomeObject
2515 operands:
2516 function: Object
2517 homeObject: Value
2518 result_type: Object
2519 alias_set: custom
2521 # Return true if the object is definitely a TypedArray constructor, but not
2522 # necessarily from the currently active realm. Return false if the object is
2523 # not a TypedArray constructor or if it's a wrapper.
2524 - name: IsTypedArrayConstructor
2525 operands:
2526 object: Object
2527 result_type: Boolean
2528 alias_set: none
2530 # Load the JSValueTag on all platforms except ARM64. See the comments in
2531 # MacroAssembler-arm64.h for the |cmpTag(Register, ImmTag)| method for why
2532 # ARM64 doesn't use the raw JSValueTag, but instead a modified tag value. That
2533 # modified tag value can't be directly compared against JSValueTag constants.
2534 - name: LoadValueTag
2535 operands:
2536 value: Value
2537 result_type: Int32
2538 movable: true
2539 congruent_to: if_operands_equal
2540 alias_set: none
2542 # Load the target object from a proxy wrapper. The target is stored in the
2543 # proxy object's private slot.
2544 - name: LoadWrapperTarget
2545 operands:
2546 object: Object
2547 result_type: Object
2548 movable: true
2549 congruent_to: if_operands_equal
2550 # Can't use |AliasSet::None| because the target changes on navigation.
2551 # TODO: Investigate using a narrower or a custom alias set.
2552 alias_set: custom
2554 # Guard the accessor shape is present on the object or its prototype chain.
2555 - name: GuardHasGetterSetter
2556 operands:
2557 object: Object
2558 arguments:
2559 propId: jsid
2560 getterSetter: GetterSetter*
2561 result_type: Object
2562 guard: true
2563 movable: true
2564 possibly_calls: true
2565 congruent_to: custom
2566 alias_set: custom
2568 - name: GuardIsExtensible
2569 operands:
2570 object: Object
2571 result_type: Object
2572 guard: true
2573 movable: true
2574 congruent_to: if_operands_equal
2575 alias_set: custom
2577 - name: GuardInt32IsNonNegative
2578 operands:
2579 index: Int32
2580 result_type: Int32
2581 guard: true
2582 movable: true
2583 congruent_to: if_operands_equal
2584 folds_to: custom
2585 alias_set: none
2587 - name: GuardInt32Range
2588 operands:
2589 input: Int32
2590 arguments:
2591 minimum: int32_t
2592 maximum: int32_t
2593 result_type: Int32
2594 guard: true
2595 movable: true
2596 congruent_to: if_operands_equal
2597 folds_to: custom
2598 alias_set: none
2600 # Guard the input index is either greater than the dense initialized length of
2601 # an object, or a hole element.
2602 - name: GuardIndexIsNotDenseElement
2603 operands:
2604 object: Object
2605 index: Int32
2606 result_type: Int32
2607 guard: true
2608 movable: true
2609 congruent_to: if_operands_equal
2610 alias_set: custom
2612 # Guard an array object's length can be updated successfully when adding an
2613 # element at the input index.
2614 - name: GuardIndexIsValidUpdateOrAdd
2615 operands:
2616 object: Object
2617 index: Int32
2618 result_type: Int32
2619 guard: true
2620 movable: true
2621 congruent_to: if_operands_equal
2622 alias_set: custom
2624 # Add or update a sparse element of an ArrayObject or PlainObject. It's allowed
2625 # for the sparse element to be already present on the object. It may also be an
2626 # accessor property, so this instruction is always marked as effectful.
2627 - name: CallAddOrUpdateSparseElement
2628 operands:
2629 object: Object
2630 index: Int32
2631 value: Value
2632 arguments:
2633 strict: bool
2634 possibly_calls: true
2636 # Get a sparse element from an ArrayObject or PlainObject, possibly by calling
2637 # an accessor property.
2638 - name: CallGetSparseElement
2639 operands:
2640 object: Object
2641 index: Int32
2642 result_type: Value
2643 possibly_calls: true
2645 - name: CallNativeGetElement
2646 operands:
2647 object: Object
2648 index: Int32
2649 result_type: Value
2650 possibly_calls: true
2652 - name: CallNativeGetElementSuper
2653 operands:
2654 object: Object
2655 index: Int32
2656 receiver: Value
2657 result_type: Value
2658 possibly_calls: true
2660 # Test if a native object has an own element (sparse or dense) at an index.
2661 - name: CallObjectHasSparseElement
2662 operands:
2663 object: Object
2664 index: Int32
2665 result_type: Boolean
2666 guard: true
2667 congruent_to: if_operands_equal
2668 possibly_calls: true
2669 alias_set: custom
2671 - name: BigIntAsIntN
2672 operands:
2673 bits: Int32
2674 input: BigInt
2675 result_type: BigInt
2676 movable: true
2677 congruent_to: if_operands_equal
2678 possibly_calls: true
2679 alias_set: none
2680 can_recover: true
2681 clone: true
2683 - name: BigIntAsUintN
2684 operands:
2685 bits: Int32
2686 input: BigInt
2687 result_type: BigInt
2688 movable: true
2689 congruent_to: if_operands_equal
2690 possibly_calls: true
2691 alias_set: none
2692 can_recover: true
2693 clone: true
2695 - name: GuardNonGCThing
2696 operands:
2697 input: Value
2698 result_type: Value
2699 guard: true
2700 movable: true
2701 congruent_to: if_operands_equal
2702 folds_to: custom
2703 alias_set: none
2705 - name: ToHashableNonGCThing
2706 operands:
2707 input: Value
2708 result_type: Value
2709 movable: true
2710 congruent_to: if_operands_equal
2711 alias_set: none
2713 - name: ToHashableString
2714 operands:
2715 input: String
2716 result_type: String
2717 movable: true
2718 congruent_to: if_operands_equal
2719 alias_set: none
2720 possibly_calls: true
2722 - name: ToHashableValue
2723 operands:
2724 input: Value
2725 result_type: Value
2726 movable: true
2727 congruent_to: if_operands_equal
2728 alias_set: none
2729 possibly_calls: true
2731 - name: HashNonGCThing
2732 operands:
2733 input: Value
2734 result_type: Int32
2735 movable: true
2736 congruent_to: if_operands_equal
2737 alias_set: none
2739 - name: HashString
2740 operands:
2741 input: String
2742 result_type: Int32
2743 movable: true
2744 congruent_to: if_operands_equal
2745 alias_set: none
2747 - name: HashSymbol
2748 operands:
2749 input: Symbol
2750 result_type: Int32
2751 movable: true
2752 congruent_to: if_operands_equal
2753 alias_set: none
2755 - name: HashBigInt
2756 operands:
2757 input: BigInt
2758 result_type: Int32
2759 movable: true
2760 congruent_to: if_operands_equal
2761 alias_set: none
2763 - name: HashObject
2764 operands:
2765 set: Object
2766 input: Value
2767 result_type: Int32
2768 # In contrast to the previous hash operations, we can't move this
2769 # instruction, because the hashcode is computed from the object's address,
2770 # which can change when the object is moved by the GC.
2771 movable: false
2772 alias_set: none
2774 - name: HashValue
2775 operands:
2776 set: Object
2777 input: Value
2778 result_type: Int32
2779 movable: false
2780 alias_set: none
2782 - name: SetObjectHasNonBigInt
2783 operands:
2784 set: Object
2785 value: Value
2786 hash: Int32
2787 result_type: Boolean
2788 movable: true
2789 congruent_to: if_operands_equal
2790 alias_set: custom
2792 - name: SetObjectHasBigInt
2793 operands:
2794 set: Object
2795 value: Value
2796 hash: Int32
2797 result_type: Boolean
2798 movable: true
2799 congruent_to: if_operands_equal
2800 alias_set: custom
2802 - name: SetObjectHasValue
2803 operands:
2804 set: Object
2805 value: Value
2806 hash: Int32
2807 result_type: Boolean
2808 movable: true
2809 congruent_to: if_operands_equal
2810 alias_set: custom
2812 - name: SetObjectHasValueVMCall
2813 operands:
2814 set: Object
2815 value: Value
2816 result_type: Boolean
2817 movable: true
2818 congruent_to: if_operands_equal
2819 alias_set: custom
2820 possibly_calls: true
2822 - name: SetObjectSize
2823 operands:
2824 set: Object
2825 result_type: Int32
2826 movable: true
2827 congruent_to: if_operands_equal
2828 alias_set: custom
2830 - name: MapObjectHasNonBigInt
2831 operands:
2832 map: Object
2833 value: Value
2834 hash: Int32
2835 result_type: Boolean
2836 movable: true
2837 congruent_to: if_operands_equal
2838 alias_set: custom
2840 - name: MapObjectHasBigInt
2841 operands:
2842 map: Object
2843 value: Value
2844 hash: Int32
2845 result_type: Boolean
2846 movable: true
2847 congruent_to: if_operands_equal
2848 alias_set: custom
2850 - name: MapObjectHasValue
2851 operands:
2852 map: Object
2853 value: Value
2854 hash: Int32
2855 result_type: Boolean
2856 movable: true
2857 congruent_to: if_operands_equal
2858 alias_set: custom
2860 - name: MapObjectHasValueVMCall
2861 operands:
2862 map: Object
2863 value: Value
2864 result_type: Boolean
2865 movable: true
2866 congruent_to: if_operands_equal
2867 alias_set: custom
2868 possibly_calls: true
2870 - name: MapObjectGetNonBigInt
2871 operands:
2872 map: Object
2873 value: Value
2874 hash: Int32
2875 result_type: Value
2876 movable: true
2877 congruent_to: if_operands_equal
2878 alias_set: custom
2880 - name: MapObjectGetBigInt
2881 operands:
2882 map: Object
2883 value: Value
2884 hash: Int32
2885 result_type: Value
2886 movable: true
2887 congruent_to: if_operands_equal
2888 alias_set: custom
2890 - name: MapObjectGetValue
2891 operands:
2892 map: Object
2893 value: Value
2894 hash: Int32
2895 result_type: Value
2896 movable: true
2897 congruent_to: if_operands_equal
2898 alias_set: custom
2900 - name: MapObjectGetValueVMCall
2901 operands:
2902 map: Object
2903 value: Value
2904 result_type: Value
2905 movable: true
2906 congruent_to: if_operands_equal
2907 alias_set: custom
2908 possibly_calls: true
2910 - name: MapObjectSize
2911 operands:
2912 map: Object
2913 result_type: Int32
2914 movable: true
2915 congruent_to: if_operands_equal
2916 alias_set: custom
2918 - name: WasmNeg
2919 gen_boilerplate: false
2921 - name: WasmBinaryBitwise
2922 gen_boilerplate: false
2924 - name: WasmLoadInstance
2925 gen_boilerplate: false
2927 - name: WasmStoreInstance
2928 gen_boilerplate: false
2930 - name: WasmHeapReg
2931 gen_boilerplate: false
2933 - name: WasmBoundsCheck
2934 gen_boilerplate: false
2936 - name: WasmBoundsCheckRange32
2937 operands:
2938 index: Int32
2939 length: Int32
2940 limit: Int32
2941 arguments:
2942 bytecodeOffset: wasm::BytecodeOffset
2943 result_type: Int32
2944 congruent_to: if_operands_equal
2945 type_policy: none
2947 - name: WasmExtendU32Index
2948 operands:
2949 input: Int32
2950 result_type: Int64
2951 movable: true
2952 congruent_to: if_operands_equal
2953 folds_to: custom
2954 type_policy: none
2955 alias_set: none
2957 - name: WasmWrapU32Index
2958 operands:
2959 input: Int64
2960 result_type: Int32
2961 movable: true
2962 congruent_to: if_operands_equal
2963 folds_to: custom
2964 type_policy: none
2965 alias_set: none
2967 - name: WasmAddOffset
2968 gen_boilerplate: false
2970 - name: WasmAlignmentCheck
2971 gen_boilerplate: false
2973 - name: WasmLoad
2974 gen_boilerplate: false
2976 - name: WasmStore
2977 gen_boilerplate: false
2979 - name: AsmJSLoadHeap
2980 gen_boilerplate: false
2982 - name: AsmJSStoreHeap
2983 gen_boilerplate: false
2985 - name: WasmFence
2986 guard: true
2987 alias_set: none
2988 clone: true
2990 - name: WasmCompareExchangeHeap
2991 gen_boilerplate: false
2993 - name: WasmAtomicExchangeHeap
2994 gen_boilerplate: false
2996 - name: WasmAtomicBinopHeap
2997 gen_boilerplate: false
2999 - name: WasmLoadInstanceDataField
3000 gen_boilerplate: false
3002 - name: WasmLoadGlobalCell
3003 gen_boilerplate: false
3005 - name: WasmLoadTableElement
3006 gen_boilerplate: false
3008 - name: WasmStoreInstanceDataField
3009 gen_boilerplate: false
3011 - name: WasmStoreGlobalCell
3012 gen_boilerplate: false
3014 - name: WasmStoreStackResult
3015 gen_boilerplate: false
3017 - name: WasmDerivedPointer
3018 gen_boilerplate: false
3020 - name: WasmDerivedIndexPointer
3021 gen_boilerplate: false
3023 - name: WasmStoreRef
3024 gen_boilerplate: false
3026 - name: WasmPostWriteBarrier
3027 gen_boilerplate: false
3029 - name: WasmParameter
3030 gen_boilerplate: false
3032 - name: WasmReturn
3033 gen_boilerplate: false
3035 - name: WasmReturnVoid
3036 gen_boilerplate: false
3038 - name: WasmStackArg
3039 gen_boilerplate: false
3041 - name: WasmRegisterResult
3042 gen_boilerplate: false
3044 - name: WasmFloatRegisterResult
3045 gen_boilerplate: false
3047 - name: WasmRegister64Result
3048 gen_boilerplate: false
3050 - name: WasmStackResultArea
3051 gen_boilerplate: false
3053 - name: WasmStackResult
3054 gen_boilerplate: false
3056 - name: WasmCallCatchable
3057 gen_boilerplate: false
3059 - name: WasmCallUncatchable
3060 gen_boilerplate: false
3062 - name: WasmCallLandingPrePad
3063 gen_boilerplate: false
3065 - name: WasmReturnCall
3066 gen_boilerplate: false
3068 - name: WasmSelect
3069 gen_boilerplate: false
3071 - name: WasmReinterpret
3072 gen_boilerplate: false
3074 - name: Rotate
3075 gen_boilerplate: false
3077 - name: WasmBinarySimd128
3078 gen_boilerplate: false
3080 - name: WasmBinarySimd128WithConstant
3081 gen_boilerplate: false
3083 # (v128, i32) -> v128 effect-free shift operations.
3084 - name: WasmShiftSimd128
3085 operands:
3086 lhs: Simd128
3087 rhs: Int32
3088 arguments:
3089 simdOp: wasm::SimdOp
3090 type_policy: none
3091 result_type: Simd128
3092 movable: true
3093 congruent_to: custom
3094 alias_set: none
3095 clone: true
3097 # (v128, v128, mask) -> v128 effect-free operation.
3098 - name: WasmShuffleSimd128
3099 operands:
3100 lhs: Simd128
3101 rhs: Simd128
3102 arguments:
3103 shuffle: SimdShuffle
3104 type_policy: none
3105 result_type: Simd128
3106 movable: true
3107 congruent_to: custom
3108 alias_set: none
3109 clone: true
3111 - name: WasmReplaceLaneSimd128
3112 gen_boilerplate: false
3114 - name: WasmUnarySimd128
3115 operands:
3116 src: Simd128
3117 arguments:
3118 simdOp: wasm::SimdOp
3119 type_policy: none
3120 result_type: Simd128
3121 movable: true
3122 congruent_to: custom
3123 alias_set: none
3124 clone: true
3126 - name: WasmTernarySimd128
3127 gen_boilerplate: false
3129 - name: WasmScalarToSimd128
3130 gen_boilerplate: false
3132 - name: WasmReduceSimd128
3133 gen_boilerplate: false
3135 - name: WasmLoadLaneSimd128
3136 gen_boilerplate: false
3138 - name: WasmStoreLaneSimd128
3139 gen_boilerplate: false
3141 - name: UnreachableResult
3142 gen_boilerplate: false
3144 - name: IonToWasmCall
3145 gen_boilerplate: false
3147 - name: WasmLoadField
3148 gen_boilerplate: false
3150 - name: WasmLoadFieldKA
3151 gen_boilerplate: false
3153 - name: WasmStoreFieldKA
3154 gen_boilerplate: false
3156 - name: WasmStoreFieldRefKA
3157 gen_boilerplate: false
3159 - name: WasmRefIsSubtypeOfConcrete
3160 gen_boilerplate: false
3162 - name: WasmRefIsSubtypeOfAbstract
3163 gen_boilerplate: false
3165 #ifdef FUZZING_JS_FUZZILLI
3166 - name: FuzzilliHash
3167 gen_boilerplate: false
3169 - name: FuzzilliHashStore
3170 gen_boilerplate: false
3171 #endif