dfg/DFGArrayifySlowPathGenerator.h

   1 /*
   2  * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  * 1. Redistributions of source code must retain the above copyright
   8  *    notice, this list of conditions and the following disclaimer.
   9  * 2. Redistributions in binary form must reproduce the above copyright
  10  *    notice, this list of conditions and the following disclaimer in the
  11  *    documentation and/or other materials provided with the distribution.
  12  *
  13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
  14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
  17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  24  */
  25
  26 #ifndef DFGArrayifySlowPathGenerator_h
  27 #define DFGArrayifySlowPathGenerator_h
  28
  29 #include <wtf/Platform.h>
  30
  31 #if ENABLE(DFG_JIT)
  32
  33 #include "DFGArrayMode.h"
  34 #include "DFGCommon.h"
  35 #include "DFGOSRExitJumpPlaceholder.h"
  36 #include "DFGOperations.h"
  37 #include "DFGSlowPathGenerator.h"
  38 #include "DFGSpeculativeJIT.h"
  39 #include <wtf/Vector.h>
  40
  41 namespace JSC { namespace DFG {
  42
  43 class ArrayifySlowPathGenerator : public JumpingSlowPathGenerator<MacroAssembler::JumpList> {
  44 public:
  45     ArrayifySlowPathGenerator(
  46         const MacroAssembler::JumpList& from, SpeculativeJIT* jit, Node* node, GPRReg baseGPR,
  47         GPRReg propertyGPR, GPRReg tempGPR, GPRReg structureGPR)
  48         : JumpingSlowPathGenerator<MacroAssembler::JumpList>(from, jit)
  49         , m_op(node->op())
  50         , m_arrayMode(node->arrayMode())
  51         , m_structure(node->op() == ArrayifyToStructure ? node->structure() : 0)
  52         , m_baseGPR(baseGPR)
  53         , m_propertyGPR(propertyGPR)
  54         , m_tempGPR(tempGPR)
  55         , m_structureGPR(structureGPR)
  56     {
  57         ASSERT(m_op == Arrayify || m_op == ArrayifyToStructure);
  58
  59         jit->silentSpillAllRegistersImpl(false, m_plans, InvalidGPRReg);
  60
  61         if (m_propertyGPR != InvalidGPRReg) {
  62             switch (m_arrayMode.type()) {
  63             case Array::Int32:
  64             case Array::Double:
  65             case Array::Contiguous:
  66                 m_badPropertyJump = jit->backwardSpeculationCheck(Uncountable, JSValueRegs(), 0);
  67                 break;
  68             default:
  69                 break;
  70             }
  71         }
  72         m_badIndexingTypeJump = jit->backwardSpeculationCheck(BadIndexingType, JSValueSource::unboxedCell(m_baseGPR), 0);
  73     }
  74
  75 protected:
  76     void generateInternal(SpeculativeJIT* jit)
  77     {
  78         linkFrom(jit);
  79
  80         ASSERT(m_op == Arrayify || m_op == ArrayifyToStructure);
  81
  82         if (m_propertyGPR != InvalidGPRReg) {
  83             switch (m_arrayMode.type()) {
  84             case Array::Int32:
  85             case Array::Double:
  86             case Array::Contiguous:
  87                 m_badPropertyJump.fill(jit, jit->m_jit.branch32(
  88                     MacroAssembler::AboveOrEqual, m_propertyGPR,
  89                     MacroAssembler::TrustedImm32(MIN_SPARSE_ARRAY_INDEX)));
  90                 break;
  91             default:
  92                 break;
  93             }
  94         }
  95
  96         for (unsigned i = 0; i < m_plans.size(); ++i)
  97             jit->silentSpill(m_plans[i]);
  98         switch (m_arrayMode.type()) {
  99         case Array::Int32:
 100             jit->callOperation(operationEnsureInt32, m_tempGPR, m_baseGPR);
 101             break;
 102         case Array::Double:
 103             jit->callOperation(operationEnsureDouble, m_tempGPR, m_baseGPR);
 104             break;
 105         case Array::Contiguous:
 106             if (m_arrayMode.conversion() == Array::RageConvert)
 107                 jit->callOperation(operationRageEnsureContiguous, m_tempGPR, m_baseGPR);
 108             else
 109                 jit->callOperation(operationEnsureContiguous, m_tempGPR, m_baseGPR);
 110             break;
 111         case Array::ArrayStorage:
 112         case Array::SlowPutArrayStorage:
 113             jit->callOperation(operationEnsureArrayStorage, m_tempGPR, m_baseGPR);
 114             break;
 115         default:
 116             CRASH();
 117             break;
 118         }
 119         for (unsigned i = m_plans.size(); i--;)
 120             jit->silentFill(m_plans[i], GPRInfo::regT0);
 121
 122         if (m_op == ArrayifyToStructure) {
 123             ASSERT(m_structure);
 124             m_badIndexingTypeJump.fill(
 125                 jit, jit->m_jit.branchWeakPtr(
 126                     MacroAssembler::NotEqual,
 127                     MacroAssembler::Address(m_baseGPR, JSCell::structureOffset()),
 128                     m_structure));
 129         } else {
 130             // Alas, we need to reload the structure because silent spilling does not save
 131             // temporaries. Nor would it be useful for it to do so. Either way we're talking
 132             // about a load.
 133             jit->m_jit.loadPtr(
 134                 MacroAssembler::Address(m_baseGPR, JSCell::structureOffset()), m_structureGPR);
 135
 136             // Finally, check that we have the kind of array storage that we wanted to get.
 137             // Note that this is a backwards speculation check, which will result in the
 138             // bytecode operation corresponding to this arrayification being reexecuted.
 139             // That's fine, since arrayification is not user-visible.
 140             jit->m_jit.load8(
 141                 MacroAssembler::Address(m_structureGPR, Structure::indexingTypeOffset()), m_structureGPR);
 142             m_badIndexingTypeJump.fill(
 143                 jit, jit->jumpSlowForUnwantedArrayMode(m_structureGPR, m_arrayMode));
 144         }
 145
 146         jumpTo(jit);
 147     }
 148
 149 private:
 150     NodeType m_op;
 151     ArrayMode m_arrayMode;
 152     Structure* m_structure;
 153     GPRReg m_baseGPR;
 154     GPRReg m_propertyGPR;
 155     GPRReg m_tempGPR;
 156     GPRReg m_structureGPR;
 157     OSRExitJumpPlaceholder m_badPropertyJump;
 158     OSRExitJumpPlaceholder m_badIndexingTypeJump;
 159     Vector<SilentRegisterSavePlan, 2> m_plans;
 160 };
 161
 162 } } // namespace JSC::DFG
 163
 164 #endif // ENABLE(DFG_JIT)
 165
 166 #endif // DFGArrayifySlowPathGenerator_h
 167