| blob | e6b5cd3bfca2aee8825b31e64afd0d1bfad6845d |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef jit_JSJitFrameIter_h
8 #define jit_JSJitFrameIter_h
28 // A JS frame is analogous to a js::InterpreterFrame, representing one
29 // scripted function activation. IonJS frames are used by the optimizing
30 // compiler.
31 IonJS,
33 // JS frame used by the Baseline Interpreter and Baseline JIT.
34 BaselineJS,
36 // Frame pushed by Baseline stubs that make non-tail calls, so that the
37 // return address -> ICEntry mapping works.
38 BaselineStub,
40 // The entry frame is the initial prologue block transitioning from the VM
41 // into the Ion world.
42 CppToJSJit,
44 // This entry frame sits right before the baseline interpreter
45 // so that external profilers can identify which function is being
46 // interpreted. Only used under the --emit-interpreter-entry option.
47 BaselineInterpreterEntry,
49 // A rectifier frame sits in between two JS frames, adapting argc != nargs
50 // mismatches in calls.
51 Rectifier,
53 // Ion IC calling a scripted getter/setter or a VMFunction.
54 IonICCall,
56 // An exit frame is necessary for transitioning from a JS frame into C++.
57 // From within C++, an exit frame is always the last frame in any
58 // JitActivation.
59 Exit,
61 // A bailout frame is a special IonJS jit frame after a bailout, and before
62 // the reconstruction of the BaselineJS frame. From within C++, a bailout
63 // frame is always the last frame in a JitActivation iff the bailout frame
64 // information is recorded on the JitActivation.
65 Bailout,
67 // A wasm to JS frame is constructed during fast calls from wasm to the JS
68 // jits, used as a marker to interleave JS jit and wasm frames. From the
69 // point of view of JS JITs, this is just another kind of entry frame.
70 WasmToJSJit,
72 // A JS to wasm frame is constructed during fast calls from any JS jits to
73 // wasm, and is a special kind of exit frame that doesn't have the exit
74 // footer. From the point of view of the jit, it can be skipped as an exit.
75 JSJitToWasm,
77 // Frame for a TrampolineNative, a JS builtin implemented with a JIT
78 // trampoline. See jit/TrampolineNatives.h.
79 TrampolineNative,
80 };
83 // Read all actual arguments. Will invoke the callback numActualArgs times.
84 Actuals,
86 // Read all argument values in the stack frame. Will invoke the callback
87 // max(numFormalArgs, numActualArgs) times.
88 ActualsAndFormals,
89 };
100 // Iterate over the JIT stack to assert that all invariants are respected.
101 // - Check that all entry frames are aligned on JitStackAlignment.
102 // - Check that all rectifier frames keep the JitStackAlignment.
106 // A JSJitFrameIter can iterate over a linear frame group of JS jit frames
107 // only. It will stop at the first frame that is not of the same kind, or at
108 // the end of an activation.
109 //
110 // If you want to handle every kind of frames (including wasm frames), use
111 // JitFrameIter. If you want to skip interleaved frames of other kinds, use
112 // OnlyJSJitFrameIter.
117 FrameType type_;
120 // Size of the current Baseline frame. Equivalent to
121 // BaselineFrame::debugFrameSize_ in debug builds.
131 // See comment above the class.
134 // A constructor specialized for jit->wasm frames, which starts at a
135 // specific FP.
141 }
143 // Current frame information.
152 // Return the pointer of the JitFrame, the iterator is assumed to be settled
153 // on a scripted frame.
158 // Returns whether the JS frame has been invalidated and, if so,
159 // places the invalidated Ion script in |ionScript|.
167 }
171 }
178 }
187 }
203 // Returns the address of the next instruction that will execute in this
204 // frame, once control returns to this frame.
207 // Previous frame information extracted from the current frame.
211 // Functions used to iterate on frames. When prevType is an entry,
212 // the current frame is the last JS Jit frame.
216 // Returns the IonScript associated with this JS frame.
219 // Returns the IonScript associated with this JS frame; the frame must
220 // not be invalidated.
223 // Returns the Safepoint associated with this JS frame. Incurs a lookup
224 // overhead.
227 // Returns the OSI index associated with this JS frame. Incurs a lookup
228 // overhead.
231 // Returns the Snapshot offset associated with this JS frame. Incurs a
232 // lookup overhead.
246 }
247 }
253 // Returns the number of local and expression stack Values for the current
254 // Baseline frame.
257 // This function isn't used, but we keep it here (debug-only) because it is
258 // helpful when chasing issues with the jitcode map.
259 #ifdef DEBUG
261 #else
263 #endif
264 };
270 // See JS::ProfilingFrameIterator::endStackAddress_ comment.
272 FrameType type_;
296 }
302 }
306 }
309 };
312 // Vector of results of recover instructions.
316 // The frame pointer is used as a key to check if the current frame already
317 // bailed out.
320 // Record if we tried and succeed at allocating and filling the vector of
321 // recover instruction results, if needed. This flag is needed in order to
322 // avoid evaluating the recover instruction twice.
342 };
363 };
367 // Reads frame information in snapshot-encoding order (that is, outermost frame
368 // to innermost frame).
371 SnapshotReader snapshot_;
372 RecoverReader recover_;
379 // Read the normal value.
380 Normal,
382 // Read the default value, or the normal value if there is no default.
383 AlwaysDefault,
384 };
387 // Read a spilled register from the machine state.
395 }
397 // Read an uintptr_t from the stack.
403 }
415 // Handle iterating over RValueAllocations of the snapshots.
419 }
428 }
432 // Used by recover instruction to store the value back into the instruction
433 // results array.
437 // Exhibits frame properties contained in the snapshot.
442 // Calls in outer frames are never considered resume-after.
445 }
451 // Read the next instruction available and get ready to either skip it or
452 // evaluate it.
457 }
459 // Skip an Instruction by walking to the next instruction and by skipping
460 // all the allocations corresponding to this instruction.
465 // Register a vector used for storing the results of the evaluation of
466 // recover instructions. This vector should be registered before the
467 // beginning of the iteration. This function is in charge of allocating
468 // enough space for all instructions results, and return false iff it fails.
472 // This function is used internally for computing the result of the recover
473 // instructions.
478 // Handle iterating over frames of the snapshots.
483 // The last instruction is recovering the innermost frame, so as long as
484 // there is more instruction there is necesseray more frames.
486 }
489 // Connect all informations about the current script in order to recover the
490 // content of baseline frames.
502 }
508 }
510 // Read the |Normal| value unless it is not available and that the snapshot
511 // provides a |Default| value. This is useful to avoid invalidations of the
512 // frame while we are only interested in a few properties which are provided
513 // by the |Default| value.
519 }
523 }
529 }
539 // Assumes that the common frame arguments have already been read.
545 }
548 }
549 }
555 }
560 }
564 }
566 // We are not always able to read values from the snapshots, some values
567 // such as non-gc things may still be live in registers and cause an
568 // error while reading the machine state.
571 }
572 }
574 // Iterate over all the allocations and return only the value of the
575 // allocation located at one index.
578 #ifdef TRACK_SNAPSHOTS
580 #endif
581 };
583 // Reads frame information in callstack order (that is, innermost frame to
584 // outermost frame).
587 SnapshotIterator start_;
588 SnapshotIterator si_;
591 // When the inline-frame-iterator is created, this variable is defined to
592 // UINT32_MAX. Then the first iteration of findNextFrame, which settle on
593 // the innermost frame, is used to update this counter to the number of
594 // frames contained in the recover buffer.
597 // The |calleeTemplate_| fields contains either the JSFunction or the
598 // template from which it is supposed to be cloned. The |calleeRVA_| is an
599 // Invalid value allocation, if the |calleeTemplate_| field is the effective
600 // JSFunction, and not its template. On the other hand, any other value
601 // allocation implies that the |calleeTemplate_| is the template JSFunction
602 // from which the effective one would be derived and cached by the Recover
603 // instruction result.
604 RootedFunction calleeTemplate_;
605 RValueAllocation calleeRVA_;
607 RootedScript script_;
611 // Register state, used by all snapshot iterators.
612 MachineState machine_;
616 };
630 // Due to optimizations, we are not always capable of reading the callee of
631 // inlined frames without invalidating the IonCode. This function might
632 // return either the effective callee of the JSFunction which might be used
633 // to create it.
634 //
635 // As such, the |calleeTemplate()| can be used to read most of the metadata
636 // which are conserved across clones.
640 }
646 // The number of actual arguments for inline frames is determined by this
647 // iterator based on the caller's bytecode instruction (Call, FunCall,
648 // GetProp/SetProp, etc). For the outer function it's stored in the stack
649 // frame.
652 }
655 }
665 // Read the env chain.
672 }
674 // Read return value.
679 }
681 // Read arguments, which only function frames have.
686 // Read the formal arguments, which are taken from the inlined frame,
687 // because it will have the updated value when JSOp::SetArg is used.
694 }
698 // Skip formals we didn't read.
701 }
705 // There is still a parent frame of this inlined frame. All
706 // arguments (also the overflown) are the last pushed values
707 // in the parent frame. To get the overflown arguments, we
708 // need to take them from there.
710 // The overflown arguments are not available in current frame.
711 // They are the last pushed arguments in the parent frame of
712 // this inlined frame.
719 // Skip over all slots until we get to the last slots
720 // (= arguments slots of callee) the +3 is for [this], [returnvalue],
721 // [envchain], and maybe +1 for [argsObj]
725 hasNewTarget;
728 }
730 // Get the overflown arguments
736 // There is no parent frame to this inlined frame, we can read
737 // from the frame's Value vector directly.
741 }
742 }
743 }
744 }
746 // At this point we've read all the formals in s, and can read the
747 // locals.
750 }
751 }
756 Nop nop;
759 }
772 // envChain
775 }
780 // envChain
783 // return value
786 // Arguments object.
789 }
792 }
797 }
805 // Inline frame number, 0 for the outermost (non-inlined) frame.
810 }
815 };