| | 1 | /* |
| | 2 | * Copyright (C) 2010, 2012, 2013, 2014 Apple Inc. All rights reserved. |
| | 3 | * |
| | 4 | * Redistribution and use in source and binary forms, with or without |
| | 5 | * modification, are permitted provided that the following conditions |
| | 6 | * are met: |
| | 7 | * 1. Redistributions of source code must retain the above copyright |
| | 8 | * notice, this list of conditions and the following disclaimer. |
| | 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| | 10 | * notice, this list of conditions and the following disclaimer in the |
| | 11 | * documentation and/or other materials provided with the distribution. |
| | 12 | * |
| | 13 | * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' |
| | 14 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
| | 15 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| | 16 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS |
| | 17 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| | 18 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| | 19 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| | 20 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| | 21 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| | 22 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
| | 23 | * THE POSSIBILITY OF SUCH DAMAGE. |
| | 24 | */ |
| | 25 | |
| | 26 | #include "config.h" |
| | 27 | #include "ThunkGenerators.h" |
| | 28 | |
| | 29 | #include "CodeBlock.h" |
| | 30 | #include "DFGSpeculativeJIT.h" |
| | 31 | #include "JITOperations.h" |
| | 32 | #include "JSArray.h" |
| | 33 | #include "JSArrayIterator.h" |
| | 34 | #include "JSStack.h" |
| | 35 | #include "MaxFrameExtentForSlowPathCall.h" |
| | 36 | #include "JSCInlines.h" |
| | 37 | #include "SpecializedThunkJIT.h" |
| | 38 | #include <wtf/InlineASM.h> |
| | 39 | #include <wtf/StringPrintStream.h> |
| | 40 | #include <wtf/text/StringImpl.h> |
| | 41 | |
| | 42 | #if ENABLE(JIT) |
| | 43 | |
| | 44 | namespace JSC { |
| | 45 | |
| | 46 | inline void emitPointerValidation(CCallHelpers& jit, GPRReg pointerGPR) |
| | 47 | { |
| | 48 | if (ASSERT_DISABLED) |
| | 49 | return; |
| | 50 | CCallHelpers::Jump isNonZero = jit.branchTestPtr(CCallHelpers::NonZero, pointerGPR); |
| | 51 | jit.abortWithReason(TGInvalidPointer); |
| | 52 | isNonZero.link(&jit); |
| | 53 | jit.pushToSave(pointerGPR); |
| | 54 | jit.load8(pointerGPR, pointerGPR); |
| | 55 | jit.popToRestore(pointerGPR); |
| | 56 | } |
| | 57 | |
| | 58 | // We will jump here if the JIT code tries to make a call, but the |
| | 59 | // linking helper (C++ code) decides to throw an exception instead. |
| | 60 | MacroAssemblerCodeRef throwExceptionFromCallSlowPathGenerator(VM* vm) |
| | 61 | { |
| | 62 | CCallHelpers jit(vm); |
| | 63 | |
| | 64 | // The call pushed a return address, so we need to pop it back off to re-align the stack, |
| | 65 | // even though we won't use it. |
| | 66 | jit.preserveReturnAddressAfterCall(GPRInfo::nonPreservedNonReturnGPR); |
| | 67 | |
| | 68 | jit.setupArguments(CCallHelpers::TrustedImmPtr(vm), GPRInfo::callFrameRegister); |
| | 69 | jit.move(CCallHelpers::TrustedImmPtr(bitwise_cast<void*>(lookupExceptionHandler)), GPRInfo::nonArgGPR0); |
| | 70 | emitPointerValidation(jit, GPRInfo::nonArgGPR0); |
| | 71 | jit.call(GPRInfo::nonArgGPR0); |
| | 72 | jit.jumpToExceptionHandler(); |
| | 73 | |
| | 74 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 75 | return FINALIZE_CODE(patchBuffer, ("Throw exception from call slow path thunk")); |
| | 76 | } |
| | 77 | |
| | 78 | static void slowPathFor( |
| | 79 | CCallHelpers& jit, VM* vm, P_JITOperation_ECli slowPathFunction) |
| | 80 | { |
| | 81 | jit.emitFunctionPrologue(); |
| | 82 | jit.storePtr(GPRInfo::callFrameRegister, &vm->topCallFrame); |
| | 83 | if (maxFrameExtentForSlowPathCall) |
| | 84 | jit.addPtr(CCallHelpers::TrustedImm32(-maxFrameExtentForSlowPathCall), CCallHelpers::stackPointerRegister); |
| | 85 | jit.setupArgumentsWithExecState(GPRInfo::regT2); |
| | 86 | jit.move(CCallHelpers::TrustedImmPtr(bitwise_cast<void*>(slowPathFunction)), GPRInfo::nonArgGPR0); |
| | 87 | emitPointerValidation(jit, GPRInfo::nonArgGPR0); |
| | 88 | jit.call(GPRInfo::nonArgGPR0); |
| | 89 | if (maxFrameExtentForSlowPathCall) |
| | 90 | jit.addPtr(CCallHelpers::TrustedImm32(maxFrameExtentForSlowPathCall), CCallHelpers::stackPointerRegister); |
| | 91 | |
| | 92 | // This slow call will return the address of one of the following: |
| | 93 | // 1) Exception throwing thunk. |
| | 94 | // 2) Host call return value returner thingy. |
| | 95 | // 3) The function to call. |
| | 96 | emitPointerValidation(jit, GPRInfo::returnValueGPR); |
| | 97 | jit.emitFunctionEpilogue(); |
| | 98 | jit.jump(GPRInfo::returnValueGPR); |
| | 99 | } |
| | 100 | |
| | 101 | static MacroAssemblerCodeRef linkForThunkGenerator( |
| | 102 | VM* vm, CodeSpecializationKind kind, RegisterPreservationMode registers) |
| | 103 | { |
| | 104 | // The return address is on the stack or in the link register. We will hence |
| | 105 | // save the return address to the call frame while we make a C++ function call |
| | 106 | // to perform linking and lazy compilation if necessary. We expect the callee |
| | 107 | // to be in regT0/regT1 (payload/tag), the CallFrame to have already |
| | 108 | // been adjusted, and all other registers to be available for use. |
| | 109 | |
| | 110 | CCallHelpers jit(vm); |
| | 111 | |
| | 112 | slowPathFor(jit, vm, operationLinkFor(kind, registers)); |
| | 113 | |
| | 114 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 115 | return FINALIZE_CODE( |
| | 116 | patchBuffer, |
| | 117 | ("Link %s%s slow path thunk", kind == CodeForCall ? "call" : "construct", registers == MustPreserveRegisters ? " that preserves registers" : "")); |
| | 118 | } |
| | 119 | |
| | 120 | MacroAssemblerCodeRef linkCallThunkGenerator(VM* vm) |
| | 121 | { |
| | 122 | return linkForThunkGenerator(vm, CodeForCall, RegisterPreservationNotRequired); |
| | 123 | } |
| | 124 | |
| | 125 | MacroAssemblerCodeRef linkConstructThunkGenerator(VM* vm) |
| | 126 | { |
| | 127 | return linkForThunkGenerator(vm, CodeForConstruct, RegisterPreservationNotRequired); |
| | 128 | } |
| | 129 | |
| | 130 | MacroAssemblerCodeRef linkCallThatPreservesRegsThunkGenerator(VM* vm) |
| | 131 | { |
| | 132 | return linkForThunkGenerator(vm, CodeForCall, MustPreserveRegisters); |
| | 133 | } |
| | 134 | |
| | 135 | MacroAssemblerCodeRef linkConstructThatPreservesRegsThunkGenerator(VM* vm) |
| | 136 | { |
| | 137 | return linkForThunkGenerator(vm, CodeForConstruct, MustPreserveRegisters); |
| | 138 | } |
| | 139 | |
| | 140 | static MacroAssemblerCodeRef linkClosureCallForThunkGenerator( |
| | 141 | VM* vm, RegisterPreservationMode registers) |
| | 142 | { |
| | 143 | CCallHelpers jit(vm); |
| | 144 | |
| | 145 | slowPathFor(jit, vm, operationLinkClosureCallFor(registers)); |
| | 146 | |
| | 147 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 148 | return FINALIZE_CODE(patchBuffer, ("Link closure call %s slow path thunk", registers == MustPreserveRegisters ? " that preserves registers" : "")); |
| | 149 | } |
| | 150 | |
| | 151 | // For closure optimizations, we only include calls, since if you're using closures for |
| | 152 | // object construction then you're going to lose big time anyway. |
| | 153 | MacroAssemblerCodeRef linkClosureCallThunkGenerator(VM* vm) |
| | 154 | { |
| | 155 | return linkClosureCallForThunkGenerator(vm, RegisterPreservationNotRequired); |
| | 156 | } |
| | 157 | |
| | 158 | MacroAssemblerCodeRef linkClosureCallThatPreservesRegsThunkGenerator(VM* vm) |
| | 159 | { |
| | 160 | return linkClosureCallForThunkGenerator(vm, MustPreserveRegisters); |
| | 161 | } |
| | 162 | |
| | 163 | static MacroAssemblerCodeRef virtualForThunkGenerator( |
| | 164 | VM* vm, CodeSpecializationKind kind, RegisterPreservationMode registers) |
| | 165 | { |
| | 166 | // The callee is in regT0 (for JSVALUE32_64, the tag is in regT1). |
| | 167 | // The return address is on the stack, or in the link register. We will hence |
| | 168 | // jump to the callee, or save the return address to the call frame while we |
| | 169 | // make a C++ function call to the appropriate JIT operation. |
| | 170 | |
| | 171 | CCallHelpers jit(vm); |
| | 172 | |
| | 173 | CCallHelpers::JumpList slowCase; |
| | 174 | |
| | 175 | // This is a slow path execution, and regT2 contains the CallLinkInfo. Count the |
| | 176 | // slow path execution for the profiler. |
| | 177 | jit.add32( |
| | 178 | CCallHelpers::TrustedImm32(1), |
| | 179 | CCallHelpers::Address(GPRInfo::regT2, OBJECT_OFFSETOF(CallLinkInfo, slowPathCount))); |
| | 180 | |
| | 181 | // FIXME: we should have a story for eliminating these checks. In many cases, |
| | 182 | // the DFG knows that the value is definitely a cell, or definitely a function. |
| | 183 | |
| | 184 | #if USE(JSVALUE64) |
| | 185 | jit.move(CCallHelpers::TrustedImm64(TagMask), GPRInfo::regT4); |
| | 186 | |
| | 187 | slowCase.append( |
| | 188 | jit.branchTest64( |
| | 189 | CCallHelpers::NonZero, GPRInfo::regT0, GPRInfo::regT4)); |
| | 190 | #else |
| | 191 | slowCase.append( |
| | 192 | jit.branch32( |
| | 193 | CCallHelpers::NotEqual, GPRInfo::regT1, |
| | 194 | CCallHelpers::TrustedImm32(JSValue::CellTag))); |
| | 195 | #endif |
| | 196 | AssemblyHelpers::emitLoadStructure(jit, GPRInfo::regT0, GPRInfo::regT4, GPRInfo::regT1); |
| | 197 | slowCase.append( |
| | 198 | jit.branchPtr( |
| | 199 | CCallHelpers::NotEqual, |
| | 200 | CCallHelpers::Address(GPRInfo::regT4, Structure::classInfoOffset()), |
| | 201 | CCallHelpers::TrustedImmPtr(JSFunction::info()))); |
| | 202 | |
| | 203 | // Now we know we have a JSFunction. |
| | 204 | |
| | 205 | jit.loadPtr( |
| | 206 | CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfExecutable()), |
| | 207 | GPRInfo::regT4); |
| | 208 | jit.loadPtr( |
| | 209 | CCallHelpers::Address( |
| | 210 | GPRInfo::regT4, ExecutableBase::offsetOfJITCodeWithArityCheckFor(kind, registers)), |
| | 211 | GPRInfo::regT4); |
| | 212 | slowCase.append(jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::regT4)); |
| | 213 | |
| | 214 | // Now we know that we have a CodeBlock, and we're committed to making a fast |
| | 215 | // call. |
| | 216 | |
| | 217 | jit.loadPtr( |
| | 218 | CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfScopeChain()), |
| | 219 | GPRInfo::regT1); |
| | 220 | #if USE(JSVALUE64) |
| | 221 | jit.emitPutToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain); |
| | 222 | #else |
| | 223 | jit.emitPutPayloadToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain); |
| | 224 | jit.emitPutTagToCallFrameHeaderBeforePrologue(CCallHelpers::TrustedImm32(JSValue::CellTag), |
| | 225 | JSStack::ScopeChain); |
| | 226 | #endif |
| | 227 | |
| | 228 | // Make a tail call. This will return back to JIT code. |
| | 229 | emitPointerValidation(jit, GPRInfo::regT4); |
| | 230 | jit.jump(GPRInfo::regT4); |
| | 231 | |
| | 232 | slowCase.link(&jit); |
| | 233 | |
| | 234 | // Here we don't know anything, so revert to the full slow path. |
| | 235 | |
| | 236 | slowPathFor(jit, vm, operationVirtualFor(kind, registers)); |
| | 237 | |
| | 238 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 239 | return FINALIZE_CODE( |
| | 240 | patchBuffer, |
| | 241 | ("Virtual %s%s slow path thunk", kind == CodeForCall ? "call" : "construct", registers == MustPreserveRegisters ? " that preserves registers" : "")); |
| | 242 | } |
| | 243 | |
| | 244 | MacroAssemblerCodeRef virtualCallThunkGenerator(VM* vm) |
| | 245 | { |
| | 246 | return virtualForThunkGenerator(vm, CodeForCall, RegisterPreservationNotRequired); |
| | 247 | } |
| | 248 | |
| | 249 | MacroAssemblerCodeRef virtualConstructThunkGenerator(VM* vm) |
| | 250 | { |
| | 251 | return virtualForThunkGenerator(vm, CodeForConstruct, RegisterPreservationNotRequired); |
| | 252 | } |
| | 253 | |
| | 254 | MacroAssemblerCodeRef virtualCallThatPreservesRegsThunkGenerator(VM* vm) |
| | 255 | { |
| | 256 | return virtualForThunkGenerator(vm, CodeForCall, MustPreserveRegisters); |
| | 257 | } |
| | 258 | |
| | 259 | MacroAssemblerCodeRef virtualConstructThatPreservesRegsThunkGenerator(VM* vm) |
| | 260 | { |
| | 261 | return virtualForThunkGenerator(vm, CodeForConstruct, MustPreserveRegisters); |
| | 262 | } |
| | 263 | |
| | 264 | enum ThunkEntryType { EnterViaCall, EnterViaJump }; |
| | 265 | |
| | 266 | static MacroAssemblerCodeRef nativeForGenerator(VM* vm, CodeSpecializationKind kind, ThunkEntryType entryType = EnterViaCall) |
| | 267 | { |
| | 268 | int executableOffsetToFunction = NativeExecutable::offsetOfNativeFunctionFor(kind); |
| | 269 | |
| | 270 | JSInterfaceJIT jit(vm); |
| | 271 | |
| | 272 | if (entryType == EnterViaCall) |
| | 273 | jit.emitFunctionPrologue(); |
| | 274 | |
| | 275 | jit.emitPutImmediateToCallFrameHeader(0, JSStack::CodeBlock); |
| | 276 | jit.storePtr(JSInterfaceJIT::callFrameRegister, &vm->topCallFrame); |
| | 277 | |
| | 278 | #if CPU(X86) |
| | 279 | // Load caller frame's scope chain into this callframe so that whatever we call can |
| | 280 | // get to its global data. |
| | 281 | jit.emitGetCallerFrameFromCallFrameHeaderPtr(JSInterfaceJIT::regT0); |
| | 282 | jit.emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, JSInterfaceJIT::regT1, JSInterfaceJIT::regT0); |
| | 283 | jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain); |
| | 284 | |
| | 285 | // Calling convention: f(ecx, edx, ...); |
| | 286 | // Host function signature: f(ExecState*); |
| | 287 | jit.move(JSInterfaceJIT::callFrameRegister, X86Registers::ecx); |
| | 288 | |
| | 289 | jit.subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::stackPointerRegister); // Align stack after prologue. |
| | 290 | |
| | 291 | // call the function |
| | 292 | jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1); |
| | 293 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT1); |
| | 294 | jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, executableOffsetToFunction)); |
| | 295 | |
| | 296 | jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::stackPointerRegister); |
| | 297 | |
| | 298 | #elif CPU(X86_64) |
| | 299 | // Load caller frame's scope chain into this callframe so that whatever we call can |
| | 300 | // get to its global data. |
| | 301 | jit.emitGetCallerFrameFromCallFrameHeaderPtr(JSInterfaceJIT::regT0); |
| | 302 | jit.emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, JSInterfaceJIT::regT1, JSInterfaceJIT::regT0); |
| | 303 | jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain); |
| | 304 | #if !OS(WINDOWS) |
| | 305 | // Calling convention: f(edi, esi, edx, ecx, ...); |
| | 306 | // Host function signature: f(ExecState*); |
| | 307 | jit.move(JSInterfaceJIT::callFrameRegister, X86Registers::edi); |
| | 308 | |
| | 309 | jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, X86Registers::esi); |
| | 310 | jit.loadPtr(JSInterfaceJIT::Address(X86Registers::esi, JSFunction::offsetOfExecutable()), X86Registers::r9); |
| | 311 | jit.call(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction)); |
| | 312 | |
| | 313 | #else |
| | 314 | // Calling convention: f(ecx, edx, r8, r9, ...); |
| | 315 | // Host function signature: f(ExecState*); |
| | 316 | jit.move(JSInterfaceJIT::callFrameRegister, X86Registers::ecx); |
| | 317 | |
| | 318 | // Leave space for the callee parameter home addresses. |
| | 319 | // At this point the stack is aligned to 16 bytes, but if this changes at some point, we need to emit code to align it. |
| | 320 | jit.subPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); |
| | 321 | |
| | 322 | jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, X86Registers::edx); |
| | 323 | jit.loadPtr(JSInterfaceJIT::Address(X86Registers::edx, JSFunction::offsetOfExecutable()), X86Registers::r9); |
| | 324 | jit.call(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction)); |
| | 325 | |
| | 326 | jit.addPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); |
| | 327 | #endif |
| | 328 | |
| | 329 | #elif CPU(ARM64) |
| | 330 | COMPILE_ASSERT(ARM64Registers::x3 != JSInterfaceJIT::regT1, prev_callframe_not_trampled_by_T1); |
| | 331 | COMPILE_ASSERT(ARM64Registers::x3 != JSInterfaceJIT::regT3, prev_callframe_not_trampled_by_T3); |
| | 332 | COMPILE_ASSERT(ARM64Registers::x0 != JSInterfaceJIT::regT3, T3_not_trampled_by_arg_0); |
| | 333 | COMPILE_ASSERT(ARM64Registers::x1 != JSInterfaceJIT::regT3, T3_not_trampled_by_arg_1); |
| | 334 | COMPILE_ASSERT(ARM64Registers::x2 != JSInterfaceJIT::regT3, T3_not_trampled_by_arg_2); |
| | 335 | |
| | 336 | // Load caller frame's scope chain into this callframe so that whatever we call can |
| | 337 | // get to its global data. |
| | 338 | jit.emitGetCallerFrameFromCallFrameHeaderPtr(ARM64Registers::x3); |
| | 339 | jit.emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, JSInterfaceJIT::regT1, ARM64Registers::x3); |
| | 340 | jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain); |
| | 341 | |
| | 342 | // Host function signature: f(ExecState*); |
| | 343 | jit.move(JSInterfaceJIT::callFrameRegister, ARM64Registers::x0); |
| | 344 | |
| | 345 | jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, ARM64Registers::x1); |
| | 346 | jit.loadPtr(JSInterfaceJIT::Address(ARM64Registers::x1, JSFunction::offsetOfExecutable()), ARM64Registers::x2); |
| | 347 | jit.call(JSInterfaceJIT::Address(ARM64Registers::x2, executableOffsetToFunction)); |
| | 348 | #elif CPU(ARM) || CPU(SH4) || CPU(MIPS) |
| | 349 | // Load caller frame's scope chain into this callframe so that whatever we call can get to its global data. |
| | 350 | jit.emitGetCallerFrameFromCallFrameHeaderPtr(JSInterfaceJIT::regT2); |
| | 351 | jit.emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, JSInterfaceJIT::regT1, JSInterfaceJIT::regT2); |
| | 352 | jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain); |
| | 353 | |
| | 354 | #if CPU(MIPS) |
| | 355 | // Allocate stack space for (unused) 16 bytes (8-byte aligned) for 4 arguments. |
| | 356 | jit.subPtr(JSInterfaceJIT::TrustedImm32(16), JSInterfaceJIT::stackPointerRegister); |
| | 357 | #endif |
| | 358 | |
| | 359 | // Calling convention is f(argumentGPR0, argumentGPR1, ...). |
| | 360 | // Host function signature is f(ExecState*). |
| | 361 | jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR0); |
| | 362 | |
| | 363 | jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::argumentGPR1); |
| | 364 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::argumentGPR1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT2); |
| | 365 | jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT2, executableOffsetToFunction)); |
| | 366 | |
| | 367 | #if CPU(MIPS) |
| | 368 | // Restore stack space |
| | 369 | jit.addPtr(JSInterfaceJIT::TrustedImm32(16), JSInterfaceJIT::stackPointerRegister); |
| | 370 | #endif |
| | 371 | #else |
| | 372 | #error "JIT not supported on this platform." |
| | 373 | UNUSED_PARAM(executableOffsetToFunction); |
| | 374 | abortWithReason(TGNotSupported); |
| | 375 | #endif |
| | 376 | |
| | 377 | // Check for an exception |
| | 378 | #if USE(JSVALUE64) |
| | 379 | jit.load64(vm->addressOfException(), JSInterfaceJIT::regT2); |
| | 380 | JSInterfaceJIT::Jump exceptionHandler = jit.branchTest64(JSInterfaceJIT::NonZero, JSInterfaceJIT::regT2); |
| | 381 | #else |
| | 382 | JSInterfaceJIT::Jump exceptionHandler = jit.branch32( |
| | 383 | JSInterfaceJIT::NotEqual, |
| | 384 | JSInterfaceJIT::AbsoluteAddress(reinterpret_cast<char*>(vm->addressOfException()) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), |
| | 385 | JSInterfaceJIT::TrustedImm32(JSValue::EmptyValueTag)); |
| | 386 | #endif |
| | 387 | |
| | 388 | jit.emitFunctionEpilogue(); |
| | 389 | // Return. |
| | 390 | jit.ret(); |
| | 391 | |
| | 392 | // Handle an exception |
| | 393 | exceptionHandler.link(&jit); |
| | 394 | |
| | 395 | jit.storePtr(JSInterfaceJIT::callFrameRegister, &vm->topCallFrame); |
| | 396 | |
| | 397 | #if CPU(X86) && USE(JSVALUE32_64) |
| | 398 | jit.addPtr(JSInterfaceJIT::TrustedImm32(-12), JSInterfaceJIT::stackPointerRegister); |
| | 399 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister), JSInterfaceJIT::regT0); |
| | 400 | jit.push(JSInterfaceJIT::regT0); |
| | 401 | #else |
| | 402 | #if OS(WINDOWS) |
| | 403 | // Allocate space on stack for the 4 parameter registers. |
| | 404 | jit.subPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); |
| | 405 | #endif |
| | 406 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister), JSInterfaceJIT::argumentGPR0); |
| | 407 | #endif |
| | 408 | jit.move(JSInterfaceJIT::TrustedImmPtr(FunctionPtr(operationVMHandleException).value()), JSInterfaceJIT::regT3); |
| | 409 | jit.call(JSInterfaceJIT::regT3); |
| | 410 | #if CPU(X86) && USE(JSVALUE32_64) |
| | 411 | jit.addPtr(JSInterfaceJIT::TrustedImm32(16), JSInterfaceJIT::stackPointerRegister); |
| | 412 | #elif OS(WINDOWS) |
| | 413 | jit.addPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); |
| | 414 | #endif |
| | 415 | |
| | 416 | jit.jumpToExceptionHandler(); |
| | 417 | |
| | 418 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 419 | return FINALIZE_CODE(patchBuffer, ("native %s%s trampoline", entryType == EnterViaJump ? "Tail " : "", toCString(kind).data())); |
| | 420 | } |
| | 421 | |
| | 422 | MacroAssemblerCodeRef nativeCallGenerator(VM* vm) |
| | 423 | { |
| | 424 | return nativeForGenerator(vm, CodeForCall); |
| | 425 | } |
| | 426 | |
| | 427 | MacroAssemblerCodeRef nativeTailCallGenerator(VM* vm) |
| | 428 | { |
| | 429 | return nativeForGenerator(vm, CodeForCall, EnterViaJump); |
| | 430 | } |
| | 431 | |
| | 432 | MacroAssemblerCodeRef nativeConstructGenerator(VM* vm) |
| | 433 | { |
| | 434 | return nativeForGenerator(vm, CodeForConstruct); |
| | 435 | } |
| | 436 | |
| | 437 | MacroAssemblerCodeRef arityFixup(VM* vm) |
| | 438 | { |
| | 439 | JSInterfaceJIT jit(vm); |
| | 440 | |
| | 441 | // We enter with fixup count, in aligned stack units, in regT0 and the return thunk in |
| | 442 | // regT5 on 32-bit and regT7 on 64-bit. |
| | 443 | #if USE(JSVALUE64) |
| | 444 | # if CPU(X86_64) |
| | 445 | jit.pop(JSInterfaceJIT::regT4); |
| | 446 | # endif |
| | 447 | jit.lshift32(JSInterfaceJIT::TrustedImm32(logStackAlignmentRegisters()), JSInterfaceJIT::regT0); |
| | 448 | jit.neg64(JSInterfaceJIT::regT0); |
| | 449 | jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT6); |
| | 450 | jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::regT2); |
| | 451 | jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2); |
| | 452 | |
| | 453 | // Move current frame down regT0 number of slots |
| | 454 | JSInterfaceJIT::Label copyLoop(jit.label()); |
| | 455 | jit.load64(JSInterfaceJIT::regT6, JSInterfaceJIT::regT1); |
| | 456 | jit.store64(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT6, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 457 | jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT6); |
| | 458 | jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(copyLoop, &jit); |
| | 459 | |
| | 460 | // Fill in regT0 - 1 missing arg slots with undefined |
| | 461 | jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT2); |
| | 462 | jit.move(JSInterfaceJIT::TrustedImm64(ValueUndefined), JSInterfaceJIT::regT1); |
| | 463 | jit.add32(JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2); |
| | 464 | JSInterfaceJIT::Label fillUndefinedLoop(jit.label()); |
| | 465 | jit.store64(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT6, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 466 | jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT6); |
| | 467 | jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit); |
| | 468 | |
| | 469 | // Adjust call frame register and stack pointer to account for missing args |
| | 470 | jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT1); |
| | 471 | jit.lshift64(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT1); |
| | 472 | jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::callFrameRegister); |
| | 473 | jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::stackPointerRegister); |
| | 474 | |
| | 475 | // Save the original return PC. |
| | 476 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()), GPRInfo::regT1); |
| | 477 | jit.storePtr(GPRInfo::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT6, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 478 | |
| | 479 | // Install the new return PC. |
| | 480 | jit.storePtr(GPRInfo::regT7, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset())); |
| | 481 | |
| | 482 | # if CPU(X86_64) |
| | 483 | jit.push(JSInterfaceJIT::regT4); |
| | 484 | # endif |
| | 485 | jit.ret(); |
| | 486 | #else |
| | 487 | # if CPU(X86) |
| | 488 | jit.pop(JSInterfaceJIT::regT4); |
| | 489 | # endif |
| | 490 | jit.lshift32(JSInterfaceJIT::TrustedImm32(logStackAlignmentRegisters()), JSInterfaceJIT::regT0); |
| | 491 | jit.neg32(JSInterfaceJIT::regT0); |
| | 492 | jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3); |
| | 493 | jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::regT2); |
| | 494 | jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2); |
| | 495 | |
| | 496 | // Move current frame down regT0 number of slots |
| | 497 | JSInterfaceJIT::Label copyLoop(jit.label()); |
| | 498 | jit.load32(JSInterfaceJIT::regT3, JSInterfaceJIT::regT1); |
| | 499 | jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 500 | jit.load32(MacroAssembler::Address(JSInterfaceJIT::regT3, 4), JSInterfaceJIT::regT1); |
| | 501 | jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight, 4)); |
| | 502 | jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); |
| | 503 | jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(copyLoop, &jit); |
| | 504 | |
| | 505 | // Fill in regT0 - 1 missing arg slots with undefined |
| | 506 | jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT2); |
| | 507 | jit.add32(JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2); |
| | 508 | JSInterfaceJIT::Label fillUndefinedLoop(jit.label()); |
| | 509 | jit.move(JSInterfaceJIT::TrustedImm32(0), JSInterfaceJIT::regT1); |
| | 510 | jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 511 | jit.move(JSInterfaceJIT::TrustedImm32(JSValue::UndefinedTag), JSInterfaceJIT::regT1); |
| | 512 | jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight, 4)); |
| | 513 | |
| | 514 | jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); |
| | 515 | jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit); |
| | 516 | |
| | 517 | // Adjust call frame register and stack pointer to account for missing args |
| | 518 | jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT1); |
| | 519 | jit.lshift32(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT1); |
| | 520 | jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::callFrameRegister); |
| | 521 | jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::stackPointerRegister); |
| | 522 | |
| | 523 | // Save the original return PC. |
| | 524 | jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()), GPRInfo::regT1); |
| | 525 | jit.storePtr(GPRInfo::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); |
| | 526 | |
| | 527 | // Install the new return PC. |
| | 528 | jit.storePtr(GPRInfo::regT5, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset())); |
| | 529 | |
| | 530 | # if CPU(X86) |
| | 531 | jit.push(JSInterfaceJIT::regT4); |
| | 532 | # endif |
| | 533 | jit.ret(); |
| | 534 | #endif |
| | 535 | |
| | 536 | LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID); |
| | 537 | return FINALIZE_CODE(patchBuffer, ("fixup arity")); |
| | 538 | } |
| | 539 | |
| | 540 | static void stringCharLoad(SpecializedThunkJIT& jit, VM* vm) |
| | 541 | { |
| | 542 | // load string |
| | 543 | jit.loadJSStringArgument(*vm, SpecializedThunkJIT::ThisArgument, SpecializedThunkJIT::regT0); |
| | 544 | |
| | 545 | // Load string length to regT2, and start the process of loading the data pointer into regT0 |
| | 546 | jit.load32(MacroAssembler::Address(SpecializedThunkJIT::regT0, ThunkHelpers::jsStringLengthOffset()), SpecializedThunkJIT::regT2); |
| | 547 | jit.loadPtr(MacroAssembler::Address(SpecializedThunkJIT::regT0, ThunkHelpers::jsStringValueOffset()), SpecializedThunkJIT::regT0); |
| | 548 | jit.appendFailure(jit.branchTest32(MacroAssembler::Zero, SpecializedThunkJIT::regT0)); |
| | 549 | |
| | 550 | // load index |
| | 551 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT1); // regT1 contains the index |
| | 552 | |
| | 553 | // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large |
| | 554 | jit.appendFailure(jit.branch32(MacroAssembler::AboveOrEqual, SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT2)); |
| | 555 | |
| | 556 | // Load the character |
| | 557 | SpecializedThunkJIT::JumpList is16Bit; |
| | 558 | SpecializedThunkJIT::JumpList cont8Bit; |
| | 559 | // Load the string flags |
| | 560 | jit.loadPtr(MacroAssembler::Address(SpecializedThunkJIT::regT0, StringImpl::flagsOffset()), SpecializedThunkJIT::regT2); |
| | 561 | jit.loadPtr(MacroAssembler::Address(SpecializedThunkJIT::regT0, StringImpl::dataOffset()), SpecializedThunkJIT::regT0); |
| | 562 | is16Bit.append(jit.branchTest32(MacroAssembler::Zero, SpecializedThunkJIT::regT2, MacroAssembler::TrustedImm32(StringImpl::flagIs8Bit()))); |
| | 563 | jit.load8(MacroAssembler::BaseIndex(SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1, MacroAssembler::TimesOne, 0), SpecializedThunkJIT::regT0); |
| | 564 | cont8Bit.append(jit.jump()); |
| | 565 | is16Bit.link(&jit); |
| | 566 | jit.load16(MacroAssembler::BaseIndex(SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1, MacroAssembler::TimesTwo, 0), SpecializedThunkJIT::regT0); |
| | 567 | cont8Bit.link(&jit); |
| | 568 | } |
| | 569 | |
| | 570 | static void charToString(SpecializedThunkJIT& jit, VM* vm, MacroAssembler::RegisterID src, MacroAssembler::RegisterID dst, MacroAssembler::RegisterID scratch) |
| | 571 | { |
| | 572 | jit.appendFailure(jit.branch32(MacroAssembler::AboveOrEqual, src, MacroAssembler::TrustedImm32(0x100))); |
| | 573 | jit.move(MacroAssembler::TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), scratch); |
| | 574 | jit.loadPtr(MacroAssembler::BaseIndex(scratch, src, MacroAssembler::ScalePtr, 0), dst); |
| | 575 | jit.appendFailure(jit.branchTestPtr(MacroAssembler::Zero, dst)); |
| | 576 | } |
| | 577 | |
| | 578 | MacroAssemblerCodeRef charCodeAtThunkGenerator(VM* vm) |
| | 579 | { |
| | 580 | SpecializedThunkJIT jit(vm, 1); |
| | 581 | stringCharLoad(jit, vm); |
| | 582 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 583 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "charCodeAt"); |
| | 584 | } |
| | 585 | |
| | 586 | MacroAssemblerCodeRef charAtThunkGenerator(VM* vm) |
| | 587 | { |
| | 588 | SpecializedThunkJIT jit(vm, 1); |
| | 589 | stringCharLoad(jit, vm); |
| | 590 | charToString(jit, vm, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1); |
| | 591 | jit.returnJSCell(SpecializedThunkJIT::regT0); |
| | 592 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "charAt"); |
| | 593 | } |
| | 594 | |
| | 595 | MacroAssemblerCodeRef fromCharCodeThunkGenerator(VM* vm) |
| | 596 | { |
| | 597 | SpecializedThunkJIT jit(vm, 1); |
| | 598 | // load char code |
| | 599 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0); |
| | 600 | charToString(jit, vm, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1); |
| | 601 | jit.returnJSCell(SpecializedThunkJIT::regT0); |
| | 602 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "fromCharCode"); |
| | 603 | } |
| | 604 | |
| | 605 | MacroAssemblerCodeRef sqrtThunkGenerator(VM* vm) |
| | 606 | { |
| | 607 | SpecializedThunkJIT jit(vm, 1); |
| | 608 | if (!jit.supportsFloatingPointSqrt()) |
| | 609 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 610 | |
| | 611 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 612 | jit.sqrtDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT0); |
| | 613 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 614 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "sqrt"); |
| | 615 | } |
| | 616 | |
| | 617 | |
| | 618 | #define UnaryDoubleOpWrapper(function) function##Wrapper |
| | 619 | enum MathThunkCallingConvention { }; |
| | 620 | typedef MathThunkCallingConvention(*MathThunk)(MathThunkCallingConvention); |
| | 621 | extern "C" { |
| | 622 | |
| | 623 | double jsRound(double) REFERENCED_FROM_ASM; |
| | 624 | double jsRound(double d) |
| | 625 | { |
| | 626 | double integer = ceil(d); |
| | 627 | return integer - (integer - d > 0.5); |
| | 628 | } |
| | 629 | |
| | 630 | } |
| | 631 | |
| | 632 | #if CPU(X86_64) && COMPILER(GCC) && (OS(DARWIN) || OS(LINUX)) |
| | 633 | |
| | 634 | #define defineUnaryDoubleOpWrapper(function) \ |
| | 635 | asm( \ |
| | 636 | ".text\n" \ |
| | 637 | ".globl " SYMBOL_STRING(function##Thunk) "\n" \ |
| | 638 | HIDE_SYMBOL(function##Thunk) "\n" \ |
| | 639 | SYMBOL_STRING(function##Thunk) ":" "\n" \ |
| | 640 | "pushq %rax\n" \ |
| | 641 | "call " GLOBAL_REFERENCE(function) "\n" \ |
| | 642 | "popq %rcx\n" \ |
| | 643 | "ret\n" \ |
| | 644 | );\ |
| | 645 | extern "C" { \ |
| | 646 | MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \ |
| | 647 | } \ |
| | 648 | static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk; |
| | 649 | |
| | 650 | #elif CPU(X86) && COMPILER(GCC) && (OS(DARWIN) || OS(LINUX)) |
| | 651 | #define defineUnaryDoubleOpWrapper(function) \ |
| | 652 | asm( \ |
| | 653 | ".text\n" \ |
| | 654 | ".globl " SYMBOL_STRING(function##Thunk) "\n" \ |
| | 655 | HIDE_SYMBOL(function##Thunk) "\n" \ |
| | 656 | SYMBOL_STRING(function##Thunk) ":" "\n" \ |
| | 657 | "subl $20, %esp\n" \ |
| | 658 | "movsd %xmm0, (%esp) \n" \ |
| | 659 | "call " GLOBAL_REFERENCE(function) "\n" \ |
| | 660 | "fstpl (%esp) \n" \ |
| | 661 | "movsd (%esp), %xmm0 \n" \ |
| | 662 | "addl $20, %esp\n" \ |
| | 663 | "ret\n" \ |
| | 664 | );\ |
| | 665 | extern "C" { \ |
| | 666 | MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \ |
| | 667 | } \ |
| | 668 | static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk; |
| | 669 | |
| | 670 | #elif CPU(ARM_THUMB2) && COMPILER(GCC) && PLATFORM(IOS) |
| | 671 | |
| | 672 | #define defineUnaryDoubleOpWrapper(function) \ |
| | 673 | asm( \ |
| | 674 | ".text\n" \ |
| | 675 | ".align 2\n" \ |
| | 676 | ".globl " SYMBOL_STRING(function##Thunk) "\n" \ |
| | 677 | HIDE_SYMBOL(function##Thunk) "\n" \ |
| | 678 | ".thumb\n" \ |
| | 679 | ".thumb_func " THUMB_FUNC_PARAM(function##Thunk) "\n" \ |
| | 680 | SYMBOL_STRING(function##Thunk) ":" "\n" \ |
| | 681 | "push {lr}\n" \ |
| | 682 | "vmov r0, r1, d0\n" \ |
| | 683 | "blx " GLOBAL_REFERENCE(function) "\n" \ |
| | 684 | "vmov d0, r0, r1\n" \ |
| | 685 | "pop {lr}\n" \ |
| | 686 | "bx lr\n" \ |
| | 687 | ); \ |
| | 688 | extern "C" { \ |
| | 689 | MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \ |
| | 690 | } \ |
| | 691 | static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk; |
| | 692 | |
| | 693 | #elif CPU(ARM64) |
| | 694 | |
| | 695 | #define defineUnaryDoubleOpWrapper(function) \ |
| | 696 | asm( \ |
| | 697 | ".text\n" \ |
| | 698 | ".align 2\n" \ |
| | 699 | ".globl " SYMBOL_STRING(function##Thunk) "\n" \ |
| | 700 | HIDE_SYMBOL(function##Thunk) "\n" \ |
| | 701 | SYMBOL_STRING(function##Thunk) ":" "\n" \ |
| | 702 | "b " GLOBAL_REFERENCE(function) "\n" \ |
| | 703 | ); \ |
| | 704 | extern "C" { \ |
| | 705 | MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \ |
| | 706 | } \ |
| | 707 | static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk; |
| | 708 | |
| | 709 | #else |
| | 710 | |
| | 711 | #define defineUnaryDoubleOpWrapper(function) \ |
| | 712 | static MathThunk UnaryDoubleOpWrapper(function) = 0 |
| | 713 | #endif |
| | 714 | |
| | 715 | defineUnaryDoubleOpWrapper(jsRound); |
| | 716 | defineUnaryDoubleOpWrapper(exp); |
| | 717 | defineUnaryDoubleOpWrapper(log); |
| | 718 | defineUnaryDoubleOpWrapper(floor); |
| | 719 | defineUnaryDoubleOpWrapper(ceil); |
| | 720 | |
| | 721 | static const double oneConstant = 1.0; |
| | 722 | static const double negativeHalfConstant = -0.5; |
| | 723 | static const double zeroConstant = 0.0; |
| | 724 | static const double halfConstant = 0.5; |
| | 725 | |
| | 726 | MacroAssemblerCodeRef floorThunkGenerator(VM* vm) |
| | 727 | { |
| | 728 | SpecializedThunkJIT jit(vm, 1); |
| | 729 | MacroAssembler::Jump nonIntJump; |
| | 730 | if (!UnaryDoubleOpWrapper(floor) || !jit.supportsFloatingPoint()) |
| | 731 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 732 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump); |
| | 733 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 734 | nonIntJump.link(&jit); |
| | 735 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 736 | #if CPU(ARM64) |
| | 737 | SpecializedThunkJIT::JumpList doubleResult; |
| | 738 | jit.floorDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT0); |
| | 739 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1); |
| | 740 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 741 | doubleResult.link(&jit); |
| | 742 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 743 | #else |
| | 744 | SpecializedThunkJIT::Jump intResult; |
| | 745 | SpecializedThunkJIT::JumpList doubleResult; |
| | 746 | if (jit.supportsFloatingPointTruncate()) { |
| | 747 | jit.loadDouble(MacroAssembler::TrustedImmPtr(&zeroConstant), SpecializedThunkJIT::fpRegT1); |
| | 748 | doubleResult.append(jit.branchDouble(MacroAssembler::DoubleEqual, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1)); |
| | 749 | SpecializedThunkJIT::JumpList slowPath; |
| | 750 | // Handle the negative doubles in the slow path for now. |
| | 751 | slowPath.append(jit.branchDouble(MacroAssembler::DoubleLessThanOrUnordered, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1)); |
| | 752 | slowPath.append(jit.branchTruncateDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0)); |
| | 753 | intResult = jit.jump(); |
| | 754 | slowPath.link(&jit); |
| | 755 | } |
| | 756 | jit.callDoubleToDoublePreservingReturn(UnaryDoubleOpWrapper(floor)); |
| | 757 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1); |
| | 758 | if (jit.supportsFloatingPointTruncate()) |
| | 759 | intResult.link(&jit); |
| | 760 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 761 | doubleResult.link(&jit); |
| | 762 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 763 | #endif // CPU(ARM64) |
| | 764 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "floor"); |
| | 765 | } |
| | 766 | |
| | 767 | MacroAssemblerCodeRef ceilThunkGenerator(VM* vm) |
| | 768 | { |
| | 769 | SpecializedThunkJIT jit(vm, 1); |
| | 770 | if (!UnaryDoubleOpWrapper(ceil) || !jit.supportsFloatingPoint()) |
| | 771 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 772 | MacroAssembler::Jump nonIntJump; |
| | 773 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump); |
| | 774 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 775 | nonIntJump.link(&jit); |
| | 776 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 777 | #if CPU(ARM64) |
| | 778 | jit.ceilDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT0); |
| | 779 | #else |
| | 780 | jit.callDoubleToDoublePreservingReturn(UnaryDoubleOpWrapper(ceil)); |
| | 781 | #endif // CPU(ARM64) |
| | 782 | SpecializedThunkJIT::JumpList doubleResult; |
| | 783 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1); |
| | 784 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 785 | doubleResult.link(&jit); |
| | 786 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 787 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "ceil"); |
| | 788 | } |
| | 789 | |
| | 790 | MacroAssemblerCodeRef roundThunkGenerator(VM* vm) |
| | 791 | { |
| | 792 | SpecializedThunkJIT jit(vm, 1); |
| | 793 | if (!UnaryDoubleOpWrapper(jsRound) || !jit.supportsFloatingPoint()) |
| | 794 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 795 | MacroAssembler::Jump nonIntJump; |
| | 796 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump); |
| | 797 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 798 | nonIntJump.link(&jit); |
| | 799 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 800 | SpecializedThunkJIT::Jump intResult; |
| | 801 | SpecializedThunkJIT::JumpList doubleResult; |
| | 802 | if (jit.supportsFloatingPointTruncate()) { |
| | 803 | jit.loadDouble(MacroAssembler::TrustedImmPtr(&zeroConstant), SpecializedThunkJIT::fpRegT1); |
| | 804 | doubleResult.append(jit.branchDouble(MacroAssembler::DoubleEqual, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1)); |
| | 805 | SpecializedThunkJIT::JumpList slowPath; |
| | 806 | // Handle the negative doubles in the slow path for now. |
| | 807 | slowPath.append(jit.branchDouble(MacroAssembler::DoubleLessThanOrUnordered, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1)); |
| | 808 | jit.loadDouble(MacroAssembler::TrustedImmPtr(&halfConstant), SpecializedThunkJIT::fpRegT1); |
| | 809 | jit.addDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1); |
| | 810 | slowPath.append(jit.branchTruncateDoubleToInt32(SpecializedThunkJIT::fpRegT1, SpecializedThunkJIT::regT0)); |
| | 811 | intResult = jit.jump(); |
| | 812 | slowPath.link(&jit); |
| | 813 | } |
| | 814 | jit.callDoubleToDoublePreservingReturn(UnaryDoubleOpWrapper(jsRound)); |
| | 815 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1); |
| | 816 | if (jit.supportsFloatingPointTruncate()) |
| | 817 | intResult.link(&jit); |
| | 818 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 819 | doubleResult.link(&jit); |
| | 820 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 821 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "round"); |
| | 822 | } |
| | 823 | |
| | 824 | MacroAssemblerCodeRef expThunkGenerator(VM* vm) |
| | 825 | { |
| | 826 | if (!UnaryDoubleOpWrapper(exp)) |
| | 827 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 828 | SpecializedThunkJIT jit(vm, 1); |
| | 829 | if (!jit.supportsFloatingPoint()) |
| | 830 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 831 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 832 | jit.callDoubleToDoublePreservingReturn(UnaryDoubleOpWrapper(exp)); |
| | 833 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 834 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "exp"); |
| | 835 | } |
| | 836 | |
| | 837 | MacroAssemblerCodeRef logThunkGenerator(VM* vm) |
| | 838 | { |
| | 839 | if (!UnaryDoubleOpWrapper(log)) |
| | 840 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 841 | SpecializedThunkJIT jit(vm, 1); |
| | 842 | if (!jit.supportsFloatingPoint()) |
| | 843 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 844 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 845 | jit.callDoubleToDoublePreservingReturn(UnaryDoubleOpWrapper(log)); |
| | 846 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 847 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "log"); |
| | 848 | } |
| | 849 | |
| | 850 | MacroAssemblerCodeRef absThunkGenerator(VM* vm) |
| | 851 | { |
| | 852 | SpecializedThunkJIT jit(vm, 1); |
| | 853 | if (!jit.supportsFloatingPointAbs()) |
| | 854 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 855 | MacroAssembler::Jump nonIntJump; |
| | 856 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump); |
| | 857 | jit.rshift32(SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(31), SpecializedThunkJIT::regT1); |
| | 858 | jit.add32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0); |
| | 859 | jit.xor32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0); |
| | 860 | jit.appendFailure(jit.branch32(MacroAssembler::Equal, SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(1 << 31))); |
| | 861 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 862 | nonIntJump.link(&jit); |
| | 863 | // Shame about the double int conversion here. |
| | 864 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 865 | jit.absDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1); |
| | 866 | jit.returnDouble(SpecializedThunkJIT::fpRegT1); |
| | 867 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "abs"); |
| | 868 | } |
| | 869 | |
| | 870 | MacroAssemblerCodeRef powThunkGenerator(VM* vm) |
| | 871 | { |
| | 872 | SpecializedThunkJIT jit(vm, 2); |
| | 873 | if (!jit.supportsFloatingPoint()) |
| | 874 | return MacroAssemblerCodeRef::createSelfManagedCodeRef(vm->jitStubs->ctiNativeCall(vm)); |
| | 875 | |
| | 876 | jit.loadDouble(MacroAssembler::TrustedImmPtr(&oneConstant), SpecializedThunkJIT::fpRegT1); |
| | 877 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 878 | MacroAssembler::Jump nonIntExponent; |
| | 879 | jit.loadInt32Argument(1, SpecializedThunkJIT::regT0, nonIntExponent); |
| | 880 | jit.appendFailure(jit.branch32(MacroAssembler::LessThan, SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(0))); |
| | 881 | |
| | 882 | MacroAssembler::Jump exponentIsZero = jit.branchTest32(MacroAssembler::Zero, SpecializedThunkJIT::regT0); |
| | 883 | MacroAssembler::Label startLoop(jit.label()); |
| | 884 | |
| | 885 | MacroAssembler::Jump exponentIsEven = jit.branchTest32(MacroAssembler::Zero, SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(1)); |
| | 886 | jit.mulDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1); |
| | 887 | exponentIsEven.link(&jit); |
| | 888 | jit.mulDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT0); |
| | 889 | jit.rshift32(MacroAssembler::TrustedImm32(1), SpecializedThunkJIT::regT0); |
| | 890 | jit.branchTest32(MacroAssembler::NonZero, SpecializedThunkJIT::regT0).linkTo(startLoop, &jit); |
| | 891 | |
| | 892 | exponentIsZero.link(&jit); |
| | 893 | |
| | 894 | { |
| | 895 | SpecializedThunkJIT::JumpList doubleResult; |
| | 896 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT1, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT0); |
| | 897 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 898 | doubleResult.link(&jit); |
| | 899 | jit.returnDouble(SpecializedThunkJIT::fpRegT1); |
| | 900 | } |
| | 901 | |
| | 902 | if (jit.supportsFloatingPointSqrt()) { |
| | 903 | nonIntExponent.link(&jit); |
| | 904 | jit.loadDouble(MacroAssembler::TrustedImmPtr(&negativeHalfConstant), SpecializedThunkJIT::fpRegT3); |
| | 905 | jit.loadDoubleArgument(1, SpecializedThunkJIT::fpRegT2, SpecializedThunkJIT::regT0); |
| | 906 | jit.appendFailure(jit.branchDouble(MacroAssembler::DoubleLessThanOrEqual, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1)); |
| | 907 | jit.appendFailure(jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, SpecializedThunkJIT::fpRegT2, SpecializedThunkJIT::fpRegT3)); |
| | 908 | jit.sqrtDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT0); |
| | 909 | jit.divDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1); |
| | 910 | |
| | 911 | SpecializedThunkJIT::JumpList doubleResult; |
| | 912 | jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT1, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT0); |
| | 913 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 914 | doubleResult.link(&jit); |
| | 915 | jit.returnDouble(SpecializedThunkJIT::fpRegT1); |
| | 916 | } else |
| | 917 | jit.appendFailure(nonIntExponent); |
| | 918 | |
| | 919 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "pow"); |
| | 920 | } |
| | 921 | |
| | 922 | MacroAssemblerCodeRef imulThunkGenerator(VM* vm) |
| | 923 | { |
| | 924 | SpecializedThunkJIT jit(vm, 2); |
| | 925 | MacroAssembler::Jump nonIntArg0Jump; |
| | 926 | jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntArg0Jump); |
| | 927 | SpecializedThunkJIT::Label doneLoadingArg0(&jit); |
| | 928 | MacroAssembler::Jump nonIntArg1Jump; |
| | 929 | jit.loadInt32Argument(1, SpecializedThunkJIT::regT1, nonIntArg1Jump); |
| | 930 | SpecializedThunkJIT::Label doneLoadingArg1(&jit); |
| | 931 | jit.mul32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0); |
| | 932 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 933 | |
| | 934 | if (jit.supportsFloatingPointTruncate()) { |
| | 935 | nonIntArg0Jump.link(&jit); |
| | 936 | jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0); |
| | 937 | jit.branchTruncateDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, SpecializedThunkJIT::BranchIfTruncateSuccessful).linkTo(doneLoadingArg0, &jit); |
| | 938 | jit.appendFailure(jit.jump()); |
| | 939 | } else |
| | 940 | jit.appendFailure(nonIntArg0Jump); |
| | 941 | |
| | 942 | if (jit.supportsFloatingPointTruncate()) { |
| | 943 | nonIntArg1Jump.link(&jit); |
| | 944 | jit.loadDoubleArgument(1, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT1); |
| | 945 | jit.branchTruncateDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT1, SpecializedThunkJIT::BranchIfTruncateSuccessful).linkTo(doneLoadingArg1, &jit); |
| | 946 | jit.appendFailure(jit.jump()); |
| | 947 | } else |
| | 948 | jit.appendFailure(nonIntArg1Jump); |
| | 949 | |
| | 950 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "imul"); |
| | 951 | } |
| | 952 | |
| | 953 | static MacroAssemblerCodeRef arrayIteratorNextThunkGenerator(VM* vm, ArrayIterationKind kind) |
| | 954 | { |
| | 955 | typedef SpecializedThunkJIT::TrustedImm32 TrustedImm32; |
| | 956 | typedef SpecializedThunkJIT::TrustedImmPtr TrustedImmPtr; |
| | 957 | typedef SpecializedThunkJIT::Address Address; |
| | 958 | typedef SpecializedThunkJIT::BaseIndex BaseIndex; |
| | 959 | typedef SpecializedThunkJIT::Jump Jump; |
| | 960 | |
| | 961 | SpecializedThunkJIT jit(vm); |
| | 962 | // Make sure we're being called on an array iterator, and load m_iteratedObject, and m_nextIndex into regT0 and regT1 respectively |
| | 963 | jit.loadArgumentWithSpecificClass(JSArrayIterator::info(), SpecializedThunkJIT::ThisArgument, SpecializedThunkJIT::regT4, SpecializedThunkJIT::regT1); |
| | 964 | |
| | 965 | // Early exit if we don't have a thunk for this form of iteration |
| | 966 | jit.appendFailure(jit.branch32(SpecializedThunkJIT::AboveOrEqual, Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfIterationKind()), TrustedImm32(ArrayIterateKeyValue))); |
| | 967 | |
| | 968 | jit.loadPtr(Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfIteratedObject()), SpecializedThunkJIT::regT0); |
| | 969 | |
| | 970 | jit.load32(Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex()), SpecializedThunkJIT::regT1); |
| | 971 | |
| | 972 | // Pull out the butterfly from iteratedObject |
| | 973 | jit.load8(Address(SpecializedThunkJIT::regT0, JSCell::indexingTypeOffset()), SpecializedThunkJIT::regT3); |
| | 974 | jit.loadPtr(Address(SpecializedThunkJIT::regT0, JSObject::butterflyOffset()), SpecializedThunkJIT::regT2); |
| | 975 | |
| | 976 | jit.and32(TrustedImm32(IndexingShapeMask), SpecializedThunkJIT::regT3); |
| | 977 | |
| | 978 | Jump notDone = jit.branch32(SpecializedThunkJIT::Below, SpecializedThunkJIT::regT1, Address(SpecializedThunkJIT::regT2, Butterfly::offsetOfPublicLength())); |
| | 979 | // Return the termination signal to indicate that we've finished |
| | 980 | jit.move(TrustedImmPtr(vm->iterationTerminator.get()), SpecializedThunkJIT::regT0); |
| | 981 | jit.returnJSCell(SpecializedThunkJIT::regT0); |
| | 982 | |
| | 983 | notDone.link(&jit); |
| | 984 | |
| | 985 | if (kind == ArrayIterateKey) { |
| | 986 | jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 987 | jit.returnInt32(SpecializedThunkJIT::regT1); |
| | 988 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "array-iterator-next-key"); |
| | 989 | |
| | 990 | } |
| | 991 | ASSERT(kind == ArrayIterateValue); |
| | 992 | |
| | 993 | // Okay, now we're returning a value so make sure we're inside the vector size |
| | 994 | jit.appendFailure(jit.branch32(SpecializedThunkJIT::AboveOrEqual, SpecializedThunkJIT::regT1, Address(SpecializedThunkJIT::regT2, Butterfly::offsetOfVectorLength()))); |
| | 995 | |
| | 996 | // So now we perform inline loads for int32, value/undecided, and double storage |
| | 997 | Jump undecidedStorage = jit.branch32(SpecializedThunkJIT::Equal, SpecializedThunkJIT::regT3, TrustedImm32(UndecidedShape)); |
| | 998 | Jump notContiguousStorage = jit.branch32(SpecializedThunkJIT::NotEqual, SpecializedThunkJIT::regT3, TrustedImm32(ContiguousShape)); |
| | 999 | |
| | 1000 | undecidedStorage.link(&jit); |
| | 1001 | |
| | 1002 | jit.loadPtr(Address(SpecializedThunkJIT::regT0, JSObject::butterflyOffset()), SpecializedThunkJIT::regT2); |
| | 1003 | |
| | 1004 | #if USE(JSVALUE64) |
| | 1005 | jit.load64(BaseIndex(SpecializedThunkJIT::regT2, SpecializedThunkJIT::regT1, SpecializedThunkJIT::TimesEight), SpecializedThunkJIT::regT0); |
| | 1006 | Jump notHole = jit.branchTest64(SpecializedThunkJIT::NonZero, SpecializedThunkJIT::regT0); |
| | 1007 | jit.move(JSInterfaceJIT::TrustedImm64(ValueUndefined), JSInterfaceJIT::regT0); |
| | 1008 | notHole.link(&jit); |
| | 1009 | jit.addPtr(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 1010 | jit.returnJSValue(SpecializedThunkJIT::regT0); |
| | 1011 | #else |
| | 1012 | jit.load32(BaseIndex(SpecializedThunkJIT::regT2, SpecializedThunkJIT::regT1, SpecializedThunkJIT::TimesEight, JSValue::offsetOfTag()), SpecializedThunkJIT::regT3); |
| | 1013 | Jump notHole = jit.branch32(SpecializedThunkJIT::NotEqual, SpecializedThunkJIT::regT3, TrustedImm32(JSValue::EmptyValueTag)); |
| | 1014 | jit.move(JSInterfaceJIT::TrustedImm32(JSValue::UndefinedTag), JSInterfaceJIT::regT1); |
| | 1015 | jit.move(JSInterfaceJIT::TrustedImm32(0), JSInterfaceJIT::regT0); |
| | 1016 | jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 1017 | jit.returnJSValue(SpecializedThunkJIT::regT0, JSInterfaceJIT::regT1); |
| | 1018 | notHole.link(&jit); |
| | 1019 | jit.load32(BaseIndex(SpecializedThunkJIT::regT2, SpecializedThunkJIT::regT1, SpecializedThunkJIT::TimesEight, JSValue::offsetOfPayload()), SpecializedThunkJIT::regT0); |
| | 1020 | jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 1021 | jit.move(SpecializedThunkJIT::regT3, SpecializedThunkJIT::regT1); |
| | 1022 | jit.returnJSValue(SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1); |
| | 1023 | #endif |
| | 1024 | notContiguousStorage.link(&jit); |
| | 1025 | |
| | 1026 | Jump notInt32Storage = jit.branch32(SpecializedThunkJIT::NotEqual, SpecializedThunkJIT::regT3, TrustedImm32(Int32Shape)); |
| | 1027 | jit.loadPtr(Address(SpecializedThunkJIT::regT0, JSObject::butterflyOffset()), SpecializedThunkJIT::regT2); |
| | 1028 | jit.load32(BaseIndex(SpecializedThunkJIT::regT2, SpecializedThunkJIT::regT1, SpecializedThunkJIT::TimesEight, JSValue::offsetOfPayload()), SpecializedThunkJIT::regT0); |
| | 1029 | jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 1030 | jit.returnInt32(SpecializedThunkJIT::regT0); |
| | 1031 | notInt32Storage.link(&jit); |
| | 1032 | |
| | 1033 | jit.appendFailure(jit.branch32(SpecializedThunkJIT::NotEqual, SpecializedThunkJIT::regT3, TrustedImm32(DoubleShape))); |
| | 1034 | jit.loadPtr(Address(SpecializedThunkJIT::regT0, JSObject::butterflyOffset()), SpecializedThunkJIT::regT2); |
| | 1035 | jit.loadDouble(BaseIndex(SpecializedThunkJIT::regT2, SpecializedThunkJIT::regT1, SpecializedThunkJIT::TimesEight), SpecializedThunkJIT::fpRegT0); |
| | 1036 | jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex())); |
| | 1037 | jit.returnDouble(SpecializedThunkJIT::fpRegT0); |
| | 1038 | |
| | 1039 | return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "array-iterator-next-value"); |
| | 1040 | } |
| | 1041 | |
| | 1042 | MacroAssemblerCodeRef arrayIteratorNextKeyThunkGenerator(VM* vm) |
| | 1043 | { |
| | 1044 | return arrayIteratorNextThunkGenerator(vm, ArrayIterateKey); |
| | 1045 | } |
| | 1046 | |
| | 1047 | MacroAssemblerCodeRef arrayIteratorNextValueThunkGenerator(VM* vm) |
| | 1048 | { |
| | 1049 | return arrayIteratorNextThunkGenerator(vm, ArrayIterateValue); |
| | 1050 | } |
| | 1051 | |
| | 1052 | } |
| | 1053 | |
| | 1054 | #endif // ENABLE(JIT) |
projects / apple / javascriptcore.git / blame_incremental