]> git.saurik.com Git - apple/javascriptcore.git/blob - jit/JITOpcodes32_64.cpp
projects / apple / javascriptcore.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
JavaScriptCore-621.1.tar.gz
[apple/javascriptcore.git] / jit / JITOpcodes32_64.cpp
1 /*
2 * Copyright (C) 2009 Apple Inc. All rights reserved.
3 * Copyright (C) 2010 Patrick Gansterer <paroga@paroga.com>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "config.h"
28 #include "JIT.h"
29
30 #if ENABLE(JIT) && USE(JSVALUE32_64)
31
32 #include "JITInlineMethods.h"
33 #include "JITStubCall.h"
34 #include "JSArray.h"
35 #include "JSCell.h"
36 #include "JSFunction.h"
37 #include "JSPropertyNameIterator.h"
38 #include "LinkBuffer.h"
39
40 namespace JSC {
41
42 void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, TrampolineStructure *trampolines)
43 {
44 #if ENABLE(JIT_OPTIMIZE_MOD)
45 Label softModBegin = align();
46 softModulo();
47 #endif
48 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
49 // (1) This function provides fast property access for string length
50 Label stringLengthBegin = align();
51
52 // regT0 holds payload, regT1 holds tag
53
54 Jump string_failureCases1 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
55 Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
56
57 // Checks out okay! - get the length from the Ustring.
58 load32(Address(regT0, OBJECT_OFFSETOF(JSString, m_length)), regT2);
59
60 Jump string_failureCases3 = branch32(Above, regT2, Imm32(INT_MAX));
61 move(regT2, regT0);
62 move(Imm32(JSValue::Int32Tag), regT1);
63
64 ret();
65 #endif
66
67 // (2) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
68
69 #if ENABLE(JIT_OPTIMIZE_CALL)
70 // VirtualCallLink Trampoline
71 // regT0 holds callee, regT1 holds argCount. regT2 will hold the FunctionExecutable.
72 Label virtualCallLinkBegin = align();
73 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
74
75 Jump isNativeFunc2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
76
77 Jump hasCodeBlock2 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
78 preserveReturnAddressAfterCall(regT3);
79 restoreArgumentReference();
80 Call callJSFunction2 = call();
81 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
82 emitGetJITStubArg(2, regT1); // argCount
83 restoreReturnAddressBeforeReturn(regT3);
84 hasCodeBlock2.link(this);
85
86 // Check argCount matches callee arity.
87 Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
88 preserveReturnAddressAfterCall(regT3);
89 emitPutJITStubArg(regT3, 1); // return address
90 restoreArgumentReference();
91 Call callArityCheck2 = call();
92 move(regT1, callFrameRegister);
93 emitGetJITStubArg(2, regT1); // argCount
94 restoreReturnAddressBeforeReturn(regT3);
95 arityCheckOkay2.link(this);
96
97 isNativeFunc2.link(this);
98
99 compileOpCallInitializeCallFrame();
100
101 preserveReturnAddressAfterCall(regT3);
102 emitPutJITStubArg(regT3, 1); // return address
103 restoreArgumentReference();
104 Call callLazyLinkCall = call();
105 restoreReturnAddressBeforeReturn(regT3);
106 jump(regT0);
107 #endif // ENABLE(JIT_OPTIMIZE_CALL)
108
109 // VirtualCall Trampoline
110 // regT0 holds callee, regT1 holds argCount. regT2 will hold the FunctionExecutable.
111 Label virtualCallBegin = align();
112 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
113
114 Jump isNativeFunc3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
115
116 Jump hasCodeBlock3 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
117 preserveReturnAddressAfterCall(regT3);
118 restoreArgumentReference();
119 Call callJSFunction1 = call();
120 emitGetJITStubArg(2, regT1); // argCount
121 restoreReturnAddressBeforeReturn(regT3);
122 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
123 hasCodeBlock3.link(this);
124
125 // Check argCount matches callee arity.
126 Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
127 preserveReturnAddressAfterCall(regT3);
128 emitPutJITStubArg(regT3, 1); // return address
129 restoreArgumentReference();
130 Call callArityCheck1 = call();
131 move(regT1, callFrameRegister);
132 emitGetJITStubArg(2, regT1); // argCount
133 restoreReturnAddressBeforeReturn(regT3);
134 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
135 arityCheckOkay3.link(this);
136
137 isNativeFunc3.link(this);
138
139 compileOpCallInitializeCallFrame();
140 loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_jitCode)), regT0);
141 jump(regT0);
142
143 #if CPU(X86) || CPU(ARM_TRADITIONAL)
144 Label nativeCallThunk = align();
145 preserveReturnAddressAfterCall(regT0);
146 emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
147
148 // Load caller frame's scope chain into this callframe so that whatever we call can
149 // get to its global data.
150 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
151 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
152 emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
153
154 #if CPU(X86)
155 emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
156
157 /* We have two structs that we use to describe the stackframe we set up for our
158 * call to native code. NativeCallFrameStructure describes the how we set up the stack
159 * in advance of the call. NativeFunctionCalleeSignature describes the callframe
160 * as the native code expects it. We do this as we are using the fastcall calling
161 * convention which results in the callee popping its arguments off the stack, but
162 * not the rest of the callframe so we need a nice way to ensure we increment the
163 * stack pointer by the right amount after the call.
164 */
165
166 #if COMPILER(MSVC) || OS(LINUX)
167 #if COMPILER(MSVC)
168 #pragma pack(push)
169 #pragma pack(4)
170 #endif // COMPILER(MSVC)
171 struct NativeCallFrameStructure {
172 // CallFrame* callFrame; // passed in EDX
173 JSObject* callee;
174 JSValue thisValue;
175 ArgList* argPointer;
176 ArgList args;
177 JSValue result;
178 };
179 struct NativeFunctionCalleeSignature {
180 JSObject* callee;
181 JSValue thisValue;
182 ArgList* argPointer;
183 };
184 #if COMPILER(MSVC)
185 #pragma pack(pop)
186 #endif // COMPILER(MSVC)
187 #else
188 struct NativeCallFrameStructure {
189 // CallFrame* callFrame; // passed in ECX
190 // JSObject* callee; // passed in EDX
191 JSValue thisValue;
192 ArgList* argPointer;
193 ArgList args;
194 };
195 struct NativeFunctionCalleeSignature {
196 JSValue thisValue;
197 ArgList* argPointer;
198 };
199 #endif
200
201 const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
202 // Allocate system stack frame
203 subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
204
205 // Set up arguments
206 subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
207
208 // push argcount
209 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
210
211 // Calculate the start of the callframe header, and store in regT1
212 addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
213
214 // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
215 mul32(Imm32(sizeof(Register)), regT0, regT0);
216 subPtr(regT0, regT1);
217 storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
218
219 // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
220 addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
221 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
222
223 // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
224 loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
225 loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT3);
226 storePtr(regT2, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
227 storePtr(regT3, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
228
229 #if COMPILER(MSVC) || OS(LINUX)
230 // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
231 addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
232
233 // Plant callee
234 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::eax);
235 storePtr(X86Registers::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
236
237 // Plant callframe
238 move(callFrameRegister, X86Registers::edx);
239
240 call(Address(X86Registers::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
241
242 // JSValue is a non-POD type, so eax points to it
243 emitLoad(0, regT1, regT0, X86Registers::eax);
244 #else
245 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::edx); // callee
246 move(callFrameRegister, X86Registers::ecx); // callFrame
247 call(Address(X86Registers::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
248 #endif
249
250 // We've put a few temporaries on the stack in addition to the actual arguments
251 // so pull them off now
252 addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
253
254 #elif CPU(ARM_TRADITIONAL)
255 emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
256
257 // Allocate stack space for our arglist
258 COMPILE_ASSERT((sizeof(ArgList) & 0x7) == 0 && sizeof(JSValue) == 8 && sizeof(Register) == 8, ArgList_should_by_8byte_aligned);
259 subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
260
261 // Set up arguments
262 subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
263
264 // Push argcount
265 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
266
267 // Calculate the start of the callframe header, and store in regT1
268 move(callFrameRegister, regT1);
269 sub32(Imm32(RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), regT1);
270
271 // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT1)
272 mul32(Imm32(sizeof(Register)), regT0, regT0);
273 subPtr(regT0, regT1);
274
275 // push pointer to arguments
276 storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
277
278 // Argument passing method:
279 // r0 - points to return value
280 // r1 - callFrame
281 // r2 - callee
282 // stack: this(JSValue) and a pointer to ArgList
283
284 #if OS(WINCE)
285 // Setup arg4:
286 push(stackPointerRegister);
287
288 // Setup arg3:
289 // regT1 currently points to the first argument, regT1-sizeof(Register) points to 'this'
290 load32(Address(regT1, -(int32_t)sizeof(void*) * 2), ARMRegisters::r3);
291 push(ARMRegisters::r3);
292 load32(Address(regT1, -(int32_t)sizeof(void*)), regT3);
293 storePtr(regT3, Address(stackPointerRegister));
294
295 // Setup arg2:
296 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, regT2);
297
298 // Setup arg1:
299 move(callFrameRegister, regT1);
300
301 // Setup arg0:
302 move(stackPointerRegister, regT0);
303
304 call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
305
306 load32(Address(stackPointerRegister, 0), regT0);
307 load32(Address(stackPointerRegister, 4), regT1);
308
309 addPtr(Imm32(sizeof(ArgList) + 8), stackPointerRegister);
310 #else // OS(WINCE)
311 move(stackPointerRegister, regT3);
312 subPtr(Imm32(8), stackPointerRegister);
313 move(stackPointerRegister, regT0);
314 subPtr(Imm32(8 + 4 + 4 /* padding */), stackPointerRegister);
315
316 // Setup arg4:
317 storePtr(regT3, Address(stackPointerRegister, 8));
318
319 // Setup arg3:
320 // regT1 currently points to the first argument, regT1-sizeof(Register) points to 'this'
321 load32(Address(regT1, -(int32_t)sizeof(void*) * 2), regT3);
322 storePtr(regT3, Address(stackPointerRegister, 0));
323 load32(Address(regT1, -(int32_t)sizeof(void*)), regT3);
324 storePtr(regT3, Address(stackPointerRegister, 4));
325
326 // Setup arg2:
327 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, regT2);
328
329 // Setup arg1:
330 move(callFrameRegister, regT1);
331
332 call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
333
334 // Load return value
335 load32(Address(stackPointerRegister, 16), regT0);
336 load32(Address(stackPointerRegister, 20), regT1);
337
338 addPtr(Imm32(sizeof(ArgList) + 16 + 8), stackPointerRegister);
339 #endif // OS(WINCE)
340
341 #endif
342
343 // Check for an exception
344 move(ImmPtr(&globalData->exception), regT2);
345 Jump sawException = branch32(NotEqual, tagFor(0, regT2), Imm32(JSValue::EmptyValueTag));
346
347 // Grab the return address.
348 emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT3);
349
350 // Restore our caller's "r".
351 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
352
353 // Return.
354 restoreReturnAddressBeforeReturn(regT3);
355 ret();
356
357 // Handle an exception
358 sawException.link(this);
359 // Grab the return address.
360 emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
361 move(ImmPtr(&globalData->exceptionLocation), regT2);
362 storePtr(regT1, regT2);
363 move(ImmPtr(FunctionPtr(ctiVMThrowTrampoline).value()), regT2);
364 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
365 poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
366 restoreReturnAddressBeforeReturn(regT2);
367 ret();
368
369 #elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
370 #error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
371 #else
372 UNUSED_PARAM(globalData);
373 breakpoint();
374 #endif
375
376 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
377 Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
378 Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
379 Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
380 #endif
381
382 // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
383 LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
384
385 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
386 patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
387 patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
388 patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
389 #endif
390 patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
391 patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
392 #if ENABLE(JIT_OPTIMIZE_CALL)
393 patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
394 patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
395 patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
396 #endif
397
398 CodeRef finalCode = patchBuffer.finalizeCode();
399 *executablePool = finalCode.m_executablePool;
400
401 trampolines->ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
402 #if ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
403 trampolines->ctiNativeCallThunk = adoptRef(new NativeExecutable(JITCode(JITCode::HostFunction(trampolineAt(finalCode, nativeCallThunk)))));
404 #endif
405 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
406 trampolines->ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
407 #else
408 UNUSED_PARAM(ctiStringLengthTrampoline);
409 #endif
410 #if ENABLE(JIT_OPTIMIZE_CALL)
411 trampolines->ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
412 #else
413 UNUSED_PARAM(ctiVirtualCallLink);
414 #endif
415 #if ENABLE(JIT_OPTIMIZE_MOD)
416 trampolines->ctiSoftModulo = trampolineAt(finalCode, softModBegin);
417 #endif
418 }
419
420 void JIT::emit_op_mov(Instruction* currentInstruction)
421 {
422 unsigned dst = currentInstruction[1].u.operand;
423 unsigned src = currentInstruction[2].u.operand;
424
425 if (m_codeBlock->isConstantRegisterIndex(src))
426 emitStore(dst, getConstantOperand(src));
427 else {
428 emitLoad(src, regT1, regT0);
429 emitStore(dst, regT1, regT0);
430 map(m_bytecodeIndex + OPCODE_LENGTH(op_mov), dst, regT1, regT0);
431 }
432 }
433
434 void JIT::emit_op_end(Instruction* currentInstruction)
435 {
436 if (m_codeBlock->needsFullScopeChain())
437 JITStubCall(this, cti_op_end).call();
438 ASSERT(returnValueRegister != callFrameRegister);
439 emitLoad(currentInstruction[1].u.operand, regT1, regT0);
440 restoreReturnAddressBeforeReturn(Address(callFrameRegister, RegisterFile::ReturnPC * static_cast<int>(sizeof(Register))));
441 ret();
442 }
443
444 void JIT::emit_op_jmp(Instruction* currentInstruction)
445 {
446 unsigned target = currentInstruction[1].u.operand;
447 addJump(jump(), target);
448 }
449
450 void JIT::emit_op_loop_if_lesseq(Instruction* currentInstruction)
451 {
452 unsigned op1 = currentInstruction[1].u.operand;
453 unsigned op2 = currentInstruction[2].u.operand;
454 unsigned target = currentInstruction[3].u.operand;
455
456 emitTimeoutCheck();
457
458 if (isOperandConstantImmediateInt(op1)) {
459 emitLoad(op2, regT1, regT0);
460 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
461 addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op1).asInt32())), target);
462 return;
463 }
464
465 if (isOperandConstantImmediateInt(op2)) {
466 emitLoad(op1, regT1, regT0);
467 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
468 addJump(branch32(LessThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target);
469 return;
470 }
471
472 emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
473 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
474 addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
475 addJump(branch32(LessThanOrEqual, regT0, regT2), target);
476 }
477
478 void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
479 {
480 unsigned op1 = currentInstruction[1].u.operand;
481 unsigned op2 = currentInstruction[2].u.operand;
482 unsigned target = currentInstruction[3].u.operand;
483
484 if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
485 linkSlowCase(iter); // int32 check
486 linkSlowCase(iter); // int32 check
487
488 JITStubCall stubCall(this, cti_op_loop_if_lesseq);
489 stubCall.addArgument(op1);
490 stubCall.addArgument(op2);
491 stubCall.call();
492 emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
493 }
494
495 void JIT::emit_op_new_object(Instruction* currentInstruction)
496 {
497 JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
498 }
499
500 void JIT::emit_op_instanceof(Instruction* currentInstruction)
501 {
502 unsigned dst = currentInstruction[1].u.operand;
503 unsigned value = currentInstruction[2].u.operand;
504 unsigned baseVal = currentInstruction[3].u.operand;
505 unsigned proto = currentInstruction[4].u.operand;
506
507 // Load the operands into registers.
508 // We use regT0 for baseVal since we will be done with this first, and we can then use it for the result.
509 emitLoadPayload(value, regT2);
510 emitLoadPayload(baseVal, regT0);
511 emitLoadPayload(proto, regT1);
512
513 // Check that value, baseVal, and proto are cells.
514 emitJumpSlowCaseIfNotJSCell(value);
515 emitJumpSlowCaseIfNotJSCell(baseVal);
516 emitJumpSlowCaseIfNotJSCell(proto);
517
518 // Check that baseVal 'ImplementsDefaultHasInstance'.
519 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
520 addSlowCase(branchTest8(Zero, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(ImplementsDefaultHasInstance)));
521
522 // Optimistically load the result true, and start looping.
523 // Initially, regT1 still contains proto and regT2 still contains value.
524 // As we loop regT2 will be updated with its prototype, recursively walking the prototype chain.
525 move(Imm32(JSValue::TrueTag), regT0);
526 Label loop(this);
527
528 // Load the prototype of the cell in regT2. If this is equal to regT1 - WIN!
529 // Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
530 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
531 load32(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
532 Jump isInstance = branchPtr(Equal, regT2, regT1);
533 branchTest32(NonZero, regT2).linkTo(loop, this);
534
535 // We get here either by dropping out of the loop, or if value was not an Object. Result is false.
536 move(Imm32(JSValue::FalseTag), regT0);
537
538 // isInstance jumps right down to here, to skip setting the result to false (it has already set true).
539 isInstance.link(this);
540 emitStoreBool(dst, regT0);
541 }
542
543 void JIT::emitSlow_op_instanceof(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
544 {
545 unsigned dst = currentInstruction[1].u.operand;
546 unsigned value = currentInstruction[2].u.operand;
547 unsigned baseVal = currentInstruction[3].u.operand;
548 unsigned proto = currentInstruction[4].u.operand;
549
550 linkSlowCaseIfNotJSCell(iter, value);
551 linkSlowCaseIfNotJSCell(iter, baseVal);
552 linkSlowCaseIfNotJSCell(iter, proto);
553 linkSlowCase(iter);
554
555 JITStubCall stubCall(this, cti_op_instanceof);
556 stubCall.addArgument(value);
557 stubCall.addArgument(baseVal);
558 stubCall.addArgument(proto);
559 stubCall.call(dst);
560 }
561
562 void JIT::emit_op_new_func(Instruction* currentInstruction)
563 {
564 JITStubCall stubCall(this, cti_op_new_func);
565 stubCall.addArgument(ImmPtr(m_codeBlock->functionDecl(currentInstruction[2].u.operand)));
566 stubCall.call(currentInstruction[1].u.operand);
567 }
568
569 void JIT::emit_op_get_global_var(Instruction* currentInstruction)
570 {
571 int dst = currentInstruction[1].u.operand;
572 JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[2].u.jsCell);
573 ASSERT(globalObject->isGlobalObject());
574 int index = currentInstruction[3].u.operand;
575
576 loadPtr(&globalObject->d()->registers, regT2);
577
578 emitLoad(index, regT1, regT0, regT2);
579 emitStore(dst, regT1, regT0);
580 map(m_bytecodeIndex + OPCODE_LENGTH(op_get_global_var), dst, regT1, regT0);
581 }
582
583 void JIT::emit_op_put_global_var(Instruction* currentInstruction)
584 {
585 JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[1].u.jsCell);
586 ASSERT(globalObject->isGlobalObject());
587 int index = currentInstruction[2].u.operand;
588 int value = currentInstruction[3].u.operand;
589
590 emitLoad(value, regT1, regT0);
591
592 loadPtr(&globalObject->d()->registers, regT2);
593 emitStore(index, regT1, regT0, regT2);
594 map(m_bytecodeIndex + OPCODE_LENGTH(op_put_global_var), value, regT1, regT0);
595 }
596
597 void JIT::emit_op_get_scoped_var(Instruction* currentInstruction)
598 {
599 int dst = currentInstruction[1].u.operand;
600 int index = currentInstruction[2].u.operand;
601 int skip = currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain();
602
603 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
604 while (skip--)
605 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
606
607 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
608 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
609 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
610
611 emitLoad(index, regT1, regT0, regT2);
612 emitStore(dst, regT1, regT0);
613 map(m_bytecodeIndex + OPCODE_LENGTH(op_get_scoped_var), dst, regT1, regT0);
614 }
615
616 void JIT::emit_op_put_scoped_var(Instruction* currentInstruction)
617 {
618 int index = currentInstruction[1].u.operand;
619 int skip = currentInstruction[2].u.operand + m_codeBlock->needsFullScopeChain();
620 int value = currentInstruction[3].u.operand;
621
622 emitLoad(value, regT1, regT0);
623
624 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
625 while (skip--)
626 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
627
628 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
629 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
630 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
631
632 emitStore(index, regT1, regT0, regT2);
633 map(m_bytecodeIndex + OPCODE_LENGTH(op_put_scoped_var), value, regT1, regT0);
634 }
635
636 void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
637 {
638 JITStubCall stubCall(this, cti_op_tear_off_activation);
639 stubCall.addArgument(currentInstruction[1].u.operand);
640 stubCall.call();
641 }
642
643 void JIT::emit_op_tear_off_arguments(Instruction*)
644 {
645 JITStubCall(this, cti_op_tear_off_arguments).call();
646 }
647
648 void JIT::emit_op_new_array(Instruction* currentInstruction)
649 {
650 JITStubCall stubCall(this, cti_op_new_array);
651 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
652 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
653 stubCall.call(currentInstruction[1].u.operand);
654 }
655
656 void JIT::emit_op_resolve(Instruction* currentInstruction)
657 {
658 JITStubCall stubCall(this, cti_op_resolve);
659 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
660 stubCall.call(currentInstruction[1].u.operand);
661 }
662
663 void JIT::emit_op_to_primitive(Instruction* currentInstruction)
664 {
665 int dst = currentInstruction[1].u.operand;
666 int src = currentInstruction[2].u.operand;
667
668 emitLoad(src, regT1, regT0);
669
670 Jump isImm = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
671 addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
672 isImm.link(this);
673
674 if (dst != src)
675 emitStore(dst, regT1, regT0);
676 map(m_bytecodeIndex + OPCODE_LENGTH(op_to_primitive), dst, regT1, regT0);
677 }
678
679 void JIT::emitSlow_op_to_primitive(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
680 {
681 int dst = currentInstruction[1].u.operand;
682
683 linkSlowCase(iter);
684
685 JITStubCall stubCall(this, cti_op_to_primitive);
686 stubCall.addArgument(regT1, regT0);
687 stubCall.call(dst);
688 }
689
690 void JIT::emit_op_strcat(Instruction* currentInstruction)
691 {
692 JITStubCall stubCall(this, cti_op_strcat);
693 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
694 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
695 stubCall.call(currentInstruction[1].u.operand);
696 }
697
698 void JIT::emit_op_resolve_base(Instruction* currentInstruction)
699 {
700 JITStubCall stubCall(this, cti_op_resolve_base);
701 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
702 stubCall.call(currentInstruction[1].u.operand);
703 }
704
705 void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
706 {
707 JITStubCall stubCall(this, cti_op_resolve_skip);
708 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
709 stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
710 stubCall.call(currentInstruction[1].u.operand);
711 }
712
713 void JIT::emit_op_resolve_global(Instruction* currentInstruction, bool dynamic)
714 {
715 // FIXME: Optimize to use patching instead of so many memory accesses.
716
717 unsigned dst = currentInstruction[1].u.operand;
718 void* globalObject = currentInstruction[2].u.jsCell;
719
720 unsigned currentIndex = m_globalResolveInfoIndex++;
721 void* structureAddress = &(m_codeBlock->globalResolveInfo(currentIndex).structure);
722 void* offsetAddr = &(m_codeBlock->globalResolveInfo(currentIndex).offset);
723
724 // Verify structure.
725 move(ImmPtr(globalObject), regT0);
726 loadPtr(structureAddress, regT1);
727 addSlowCase(branchPtr(NotEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure))));
728
729 // Load property.
730 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_externalStorage)), regT2);
731 load32(offsetAddr, regT3);
732 load32(BaseIndex(regT2, regT3, TimesEight), regT0); // payload
733 load32(BaseIndex(regT2, regT3, TimesEight, 4), regT1); // tag
734 emitStore(dst, regT1, regT0);
735 map(m_bytecodeIndex + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
736 }
737
738 void JIT::emitSlow_op_resolve_global(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
739 {
740 unsigned dst = currentInstruction[1].u.operand;
741 void* globalObject = currentInstruction[2].u.jsCell;
742 Identifier* ident = &m_codeBlock->identifier(currentInstruction[3].u.operand);
743
744 unsigned currentIndex = m_globalResolveInfoIndex++;
745
746 linkSlowCase(iter);
747 JITStubCall stubCall(this, cti_op_resolve_global);
748 stubCall.addArgument(ImmPtr(globalObject));
749 stubCall.addArgument(ImmPtr(ident));
750 stubCall.addArgument(Imm32(currentIndex));
751 stubCall.call(dst);
752 }
753
754 void JIT::emit_op_not(Instruction* currentInstruction)
755 {
756 unsigned dst = currentInstruction[1].u.operand;
757 unsigned src = currentInstruction[2].u.operand;
758
759 emitLoadTag(src, regT0);
760
761 xor32(Imm32(JSValue::FalseTag), regT0);
762 addSlowCase(branchTest32(NonZero, regT0, Imm32(~1)));
763 xor32(Imm32(JSValue::TrueTag), regT0);
764
765 emitStoreBool(dst, regT0, (dst == src));
766 }
767
768 void JIT::emitSlow_op_not(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
769 {
770 unsigned dst = currentInstruction[1].u.operand;
771 unsigned src = currentInstruction[2].u.operand;
772
773 linkSlowCase(iter);
774
775 JITStubCall stubCall(this, cti_op_not);
776 stubCall.addArgument(src);
777 stubCall.call(dst);
778 }
779
780 void JIT::emit_op_jfalse(Instruction* currentInstruction)
781 {
782 unsigned cond = currentInstruction[1].u.operand;
783 unsigned target = currentInstruction[2].u.operand;
784
785 emitLoad(cond, regT1, regT0);
786
787 Jump isTrue = branch32(Equal, regT1, Imm32(JSValue::TrueTag));
788 addJump(branch32(Equal, regT1, Imm32(JSValue::FalseTag)), target);
789
790 Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
791 Jump isTrue2 = branch32(NotEqual, regT0, Imm32(0));
792 addJump(jump(), target);
793
794 if (supportsFloatingPoint()) {
795 isNotInteger.link(this);
796
797 addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
798
799 zeroDouble(fpRegT0);
800 emitLoadDouble(cond, fpRegT1);
801 addJump(branchDouble(DoubleEqualOrUnordered, fpRegT0, fpRegT1), target);
802 } else
803 addSlowCase(isNotInteger);
804
805 isTrue.link(this);
806 isTrue2.link(this);
807 }
808
809 void JIT::emitSlow_op_jfalse(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
810 {
811 unsigned cond = currentInstruction[1].u.operand;
812 unsigned target = currentInstruction[2].u.operand;
813
814 linkSlowCase(iter);
815 JITStubCall stubCall(this, cti_op_jtrue);
816 stubCall.addArgument(cond);
817 stubCall.call();
818 emitJumpSlowToHot(branchTest32(Zero, regT0), target); // Inverted.
819 }
820
821 void JIT::emit_op_jtrue(Instruction* currentInstruction)
822 {
823 unsigned cond = currentInstruction[1].u.operand;
824 unsigned target = currentInstruction[2].u.operand;
825
826 emitLoad(cond, regT1, regT0);
827
828 Jump isFalse = branch32(Equal, regT1, Imm32(JSValue::FalseTag));
829 addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target);
830
831 Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
832 Jump isFalse2 = branch32(Equal, regT0, Imm32(0));
833 addJump(jump(), target);
834
835 if (supportsFloatingPoint()) {
836 isNotInteger.link(this);
837
838 addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
839
840 zeroDouble(fpRegT0);
841 emitLoadDouble(cond, fpRegT1);
842 addJump(branchDouble(DoubleNotEqual, fpRegT0, fpRegT1), target);
843 } else
844 addSlowCase(isNotInteger);
845
846 isFalse.link(this);
847 isFalse2.link(this);
848 }
849
850 void JIT::emitSlow_op_jtrue(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
851 {
852 unsigned cond = currentInstruction[1].u.operand;
853 unsigned target = currentInstruction[2].u.operand;
854
855 linkSlowCase(iter);
856 JITStubCall stubCall(this, cti_op_jtrue);
857 stubCall.addArgument(cond);
858 stubCall.call();
859 emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
860 }
861
862 void JIT::emit_op_jeq_null(Instruction* currentInstruction)
863 {
864 unsigned src = currentInstruction[1].u.operand;
865 unsigned target = currentInstruction[2].u.operand;
866
867 emitLoad(src, regT1, regT0);
868
869 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
870
871 // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
872 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
873 addJump(branchTest8(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target);
874
875 Jump wasNotImmediate = jump();
876
877 // Now handle the immediate cases - undefined & null
878 isImmediate.link(this);
879
880 set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
881 set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
882 or32(regT2, regT1);
883
884 addJump(branchTest32(NonZero, regT1), target);
885
886 wasNotImmediate.link(this);
887 }
888
889 void JIT::emit_op_jneq_null(Instruction* currentInstruction)
890 {
891 unsigned src = currentInstruction[1].u.operand;
892 unsigned target = currentInstruction[2].u.operand;
893
894 emitLoad(src, regT1, regT0);
895
896 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
897
898 // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
899 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
900 addJump(branchTest8(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target);
901
902 Jump wasNotImmediate = jump();
903
904 // Now handle the immediate cases - undefined & null
905 isImmediate.link(this);
906
907 set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
908 set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
909 or32(regT2, regT1);
910
911 addJump(branchTest32(Zero, regT1), target);
912
913 wasNotImmediate.link(this);
914 }
915
916 void JIT::emit_op_jneq_ptr(Instruction* currentInstruction)
917 {
918 unsigned src = currentInstruction[1].u.operand;
919 JSCell* ptr = currentInstruction[2].u.jsCell;
920 unsigned target = currentInstruction[3].u.operand;
921
922 emitLoad(src, regT1, regT0);
923 addJump(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)), target);
924 addJump(branchPtr(NotEqual, regT0, ImmPtr(ptr)), target);
925 }
926
927 void JIT::emit_op_jsr(Instruction* currentInstruction)
928 {
929 int retAddrDst = currentInstruction[1].u.operand;
930 int target = currentInstruction[2].u.operand;
931 DataLabelPtr storeLocation = storePtrWithPatch(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * retAddrDst));
932 addJump(jump(), target);
933 m_jsrSites.append(JSRInfo(storeLocation, label()));
934 }
935
936 void JIT::emit_op_sret(Instruction* currentInstruction)
937 {
938 jump(Address(callFrameRegister, sizeof(Register) * currentInstruction[1].u.operand));
939 }
940
941 void JIT::emit_op_eq(Instruction* currentInstruction)
942 {
943 unsigned dst = currentInstruction[1].u.operand;
944 unsigned src1 = currentInstruction[2].u.operand;
945 unsigned src2 = currentInstruction[3].u.operand;
946
947 emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
948 addSlowCase(branch32(NotEqual, regT1, regT3));
949 addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
950 addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
951
952 set8(Equal, regT0, regT2, regT0);
953 or32(Imm32(JSValue::FalseTag), regT0);
954
955 emitStoreBool(dst, regT0);
956 }
957
958 void JIT::emitSlow_op_eq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
959 {
960 unsigned dst = currentInstruction[1].u.operand;
961 unsigned op1 = currentInstruction[2].u.operand;
962 unsigned op2 = currentInstruction[3].u.operand;
963
964 JumpList storeResult;
965 JumpList genericCase;
966
967 genericCase.append(getSlowCase(iter)); // tags not equal
968
969 linkSlowCase(iter); // tags equal and JSCell
970 genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
971 genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
972
973 // String case.
974 JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
975 stubCallEqStrings.addArgument(regT0);
976 stubCallEqStrings.addArgument(regT2);
977 stubCallEqStrings.call();
978 storeResult.append(jump());
979
980 // Generic case.
981 genericCase.append(getSlowCase(iter)); // doubles
982 genericCase.link(this);
983 JITStubCall stubCallEq(this, cti_op_eq);
984 stubCallEq.addArgument(op1);
985 stubCallEq.addArgument(op2);
986 stubCallEq.call(regT0);
987
988 storeResult.link(this);
989 or32(Imm32(JSValue::FalseTag), regT0);
990 emitStoreBool(dst, regT0);
991 }
992
993 void JIT::emit_op_neq(Instruction* currentInstruction)
994 {
995 unsigned dst = currentInstruction[1].u.operand;
996 unsigned src1 = currentInstruction[2].u.operand;
997 unsigned src2 = currentInstruction[3].u.operand;
998
999 emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
1000 addSlowCase(branch32(NotEqual, regT1, regT3));
1001 addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
1002 addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
1003
1004 set8(NotEqual, regT0, regT2, regT0);
1005 or32(Imm32(JSValue::FalseTag), regT0);
1006
1007 emitStoreBool(dst, regT0);
1008 }
1009
1010 void JIT::emitSlow_op_neq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1011 {
1012 unsigned dst = currentInstruction[1].u.operand;
1013
1014 JumpList storeResult;
1015 JumpList genericCase;
1016
1017 genericCase.append(getSlowCase(iter)); // tags not equal
1018
1019 linkSlowCase(iter); // tags equal and JSCell
1020 genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
1021 genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
1022
1023 // String case.
1024 JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
1025 stubCallEqStrings.addArgument(regT0);
1026 stubCallEqStrings.addArgument(regT2);
1027 stubCallEqStrings.call(regT0);
1028 storeResult.append(jump());
1029
1030 // Generic case.
1031 genericCase.append(getSlowCase(iter)); // doubles
1032 genericCase.link(this);
1033 JITStubCall stubCallEq(this, cti_op_eq);
1034 stubCallEq.addArgument(regT1, regT0);
1035 stubCallEq.addArgument(regT3, regT2);
1036 stubCallEq.call(regT0);
1037
1038 storeResult.link(this);
1039 xor32(Imm32(0x1), regT0);
1040 or32(Imm32(JSValue::FalseTag), regT0);
1041 emitStoreBool(dst, regT0);
1042 }
1043
1044 void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
1045 {
1046 unsigned dst = currentInstruction[1].u.operand;
1047 unsigned src1 = currentInstruction[2].u.operand;
1048 unsigned src2 = currentInstruction[3].u.operand;
1049
1050 emitLoadTag(src1, regT0);
1051 emitLoadTag(src2, regT1);
1052
1053 // Jump to a slow case if either operand is double, or if both operands are
1054 // cells and/or Int32s.
1055 move(regT0, regT2);
1056 and32(regT1, regT2);
1057 addSlowCase(branch32(Below, regT2, Imm32(JSValue::LowestTag)));
1058 addSlowCase(branch32(AboveOrEqual, regT2, Imm32(JSValue::CellTag)));
1059
1060 if (type == OpStrictEq)
1061 set8(Equal, regT0, regT1, regT0);
1062 else
1063 set8(NotEqual, regT0, regT1, regT0);
1064
1065 or32(Imm32(JSValue::FalseTag), regT0);
1066
1067 emitStoreBool(dst, regT0);
1068 }
1069
1070 void JIT::emit_op_stricteq(Instruction* currentInstruction)
1071 {
1072 compileOpStrictEq(currentInstruction, OpStrictEq);
1073 }
1074
1075 void JIT::emitSlow_op_stricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1076 {
1077 unsigned dst = currentInstruction[1].u.operand;
1078 unsigned src1 = currentInstruction[2].u.operand;
1079 unsigned src2 = currentInstruction[3].u.operand;
1080
1081 linkSlowCase(iter);
1082 linkSlowCase(iter);
1083
1084 JITStubCall stubCall(this, cti_op_stricteq);
1085 stubCall.addArgument(src1);
1086 stubCall.addArgument(src2);
1087 stubCall.call(dst);
1088 }
1089
1090 void JIT::emit_op_nstricteq(Instruction* currentInstruction)
1091 {
1092 compileOpStrictEq(currentInstruction, OpNStrictEq);
1093 }
1094
1095 void JIT::emitSlow_op_nstricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1096 {
1097 unsigned dst = currentInstruction[1].u.operand;
1098 unsigned src1 = currentInstruction[2].u.operand;
1099 unsigned src2 = currentInstruction[3].u.operand;
1100
1101 linkSlowCase(iter);
1102 linkSlowCase(iter);
1103
1104 JITStubCall stubCall(this, cti_op_nstricteq);
1105 stubCall.addArgument(src1);
1106 stubCall.addArgument(src2);
1107 stubCall.call(dst);
1108 }
1109
1110 void JIT::emit_op_eq_null(Instruction* currentInstruction)
1111 {
1112 unsigned dst = currentInstruction[1].u.operand;
1113 unsigned src = currentInstruction[2].u.operand;
1114
1115 emitLoad(src, regT1, regT0);
1116 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
1117
1118 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
1119 setTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
1120
1121 Jump wasNotImmediate = jump();
1122
1123 isImmediate.link(this);
1124
1125 set8(Equal, regT1, Imm32(JSValue::NullTag), regT2);
1126 set8(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
1127 or32(regT2, regT1);
1128
1129 wasNotImmediate.link(this);
1130
1131 or32(Imm32(JSValue::FalseTag), regT1);
1132
1133 emitStoreBool(dst, regT1);
1134 }
1135
1136 void JIT::emit_op_neq_null(Instruction* currentInstruction)
1137 {
1138 unsigned dst = currentInstruction[1].u.operand;
1139 unsigned src = currentInstruction[2].u.operand;
1140
1141 emitLoad(src, regT1, regT0);
1142 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
1143
1144 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
1145 setTest8(Zero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
1146
1147 Jump wasNotImmediate = jump();
1148
1149 isImmediate.link(this);
1150
1151 set8(NotEqual, regT1, Imm32(JSValue::NullTag), regT2);
1152 set8(NotEqual, regT1, Imm32(JSValue::UndefinedTag), regT1);
1153 and32(regT2, regT1);
1154
1155 wasNotImmediate.link(this);
1156
1157 or32(Imm32(JSValue::FalseTag), regT1);
1158
1159 emitStoreBool(dst, regT1);
1160 }
1161
1162 void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
1163 {
1164 JITStubCall stubCall(this, cti_op_resolve_with_base);
1165 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
1166 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1167 stubCall.call(currentInstruction[2].u.operand);
1168 }
1169
1170 void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
1171 {
1172 JITStubCall stubCall(this, cti_op_new_func_exp);
1173 stubCall.addArgument(ImmPtr(m_codeBlock->functionExpr(currentInstruction[2].u.operand)));
1174 stubCall.call(currentInstruction[1].u.operand);
1175 }
1176
1177 void JIT::emit_op_throw(Instruction* currentInstruction)
1178 {
1179 unsigned exception = currentInstruction[1].u.operand;
1180 JITStubCall stubCall(this, cti_op_throw);
1181 stubCall.addArgument(exception);
1182 stubCall.call();
1183
1184 #ifndef NDEBUG
1185 // cti_op_throw always changes it's return address,
1186 // this point in the code should never be reached.
1187 breakpoint();
1188 #endif
1189 }
1190
1191 void JIT::emit_op_get_pnames(Instruction* currentInstruction)
1192 {
1193 int dst = currentInstruction[1].u.operand;
1194 int base = currentInstruction[2].u.operand;
1195 int i = currentInstruction[3].u.operand;
1196 int size = currentInstruction[4].u.operand;
1197 int breakTarget = currentInstruction[5].u.operand;
1198
1199 JumpList isNotObject;
1200
1201 emitLoad(base, regT1, regT0);
1202 if (!m_codeBlock->isKnownNotImmediate(base))
1203 isNotObject.append(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
1204 if (base != m_codeBlock->thisRegister()) {
1205 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1206 isNotObject.append(branch8(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
1207 }
1208
1209 // We could inline the case where you have a valid cache, but
1210 // this call doesn't seem to be hot.
1211 Label isObject(this);
1212 JITStubCall getPnamesStubCall(this, cti_op_get_pnames);
1213 getPnamesStubCall.addArgument(regT0);
1214 getPnamesStubCall.call(dst);
1215 load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
1216 store32(Imm32(0), addressFor(i));
1217 store32(regT3, addressFor(size));
1218 Jump end = jump();
1219
1220 isNotObject.link(this);
1221 addJump(branch32(Equal, regT1, Imm32(JSValue::NullTag)), breakTarget);
1222 addJump(branch32(Equal, regT1, Imm32(JSValue::UndefinedTag)), breakTarget);
1223 JITStubCall toObjectStubCall(this, cti_to_object);
1224 toObjectStubCall.addArgument(regT1, regT0);
1225 toObjectStubCall.call(base);
1226 jump().linkTo(isObject, this);
1227
1228 end.link(this);
1229 }
1230
1231 void JIT::emit_op_next_pname(Instruction* currentInstruction)
1232 {
1233 int dst = currentInstruction[1].u.operand;
1234 int base = currentInstruction[2].u.operand;
1235 int i = currentInstruction[3].u.operand;
1236 int size = currentInstruction[4].u.operand;
1237 int it = currentInstruction[5].u.operand;
1238 int target = currentInstruction[6].u.operand;
1239
1240 JumpList callHasProperty;
1241
1242 Label begin(this);
1243 load32(addressFor(i), regT0);
1244 Jump end = branch32(Equal, regT0, addressFor(size));
1245
1246 // Grab key @ i
1247 loadPtr(addressFor(it), regT1);
1248 loadPtr(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStrings)), regT2);
1249 load32(BaseIndex(regT2, regT0, TimesEight), regT2);
1250 store32(Imm32(JSValue::CellTag), tagFor(dst));
1251 store32(regT2, payloadFor(dst));
1252
1253 // Increment i
1254 add32(Imm32(1), regT0);
1255 store32(regT0, addressFor(i));
1256
1257 // Verify that i is valid:
1258 loadPtr(addressFor(base), regT0);
1259
1260 // Test base's structure
1261 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1262 callHasProperty.append(branchPtr(NotEqual, regT2, Address(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedStructure)))));
1263
1264 // Test base's prototype chain
1265 loadPtr(Address(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedPrototypeChain))), regT3);
1266 loadPtr(Address(regT3, OBJECT_OFFSETOF(StructureChain, m_vector)), regT3);
1267 addJump(branchTestPtr(Zero, Address(regT3)), target);
1268
1269 Label checkPrototype(this);
1270 callHasProperty.append(branch32(Equal, Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), Imm32(JSValue::NullTag)));
1271 loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
1272 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1273 callHasProperty.append(branchPtr(NotEqual, regT2, Address(regT3)));
1274 addPtr(Imm32(sizeof(Structure*)), regT3);
1275 branchTestPtr(NonZero, Address(regT3)).linkTo(checkPrototype, this);
1276
1277 // Continue loop.
1278 addJump(jump(), target);
1279
1280 // Slow case: Ask the object if i is valid.
1281 callHasProperty.link(this);
1282 loadPtr(addressFor(dst), regT1);
1283 JITStubCall stubCall(this, cti_has_property);
1284 stubCall.addArgument(regT0);
1285 stubCall.addArgument(regT1);
1286 stubCall.call();
1287
1288 // Test for valid key.
1289 addJump(branchTest32(NonZero, regT0), target);
1290 jump().linkTo(begin, this);
1291
1292 // End of loop.
1293 end.link(this);
1294 }
1295
1296 void JIT::emit_op_push_scope(Instruction* currentInstruction)
1297 {
1298 JITStubCall stubCall(this, cti_op_push_scope);
1299 stubCall.addArgument(currentInstruction[1].u.operand);
1300 stubCall.call(currentInstruction[1].u.operand);
1301 }
1302
1303 void JIT::emit_op_pop_scope(Instruction*)
1304 {
1305 JITStubCall(this, cti_op_pop_scope).call();
1306 }
1307
1308 void JIT::emit_op_to_jsnumber(Instruction* currentInstruction)
1309 {
1310 int dst = currentInstruction[1].u.operand;
1311 int src = currentInstruction[2].u.operand;
1312
1313 emitLoad(src, regT1, regT0);
1314
1315 Jump isInt32 = branch32(Equal, regT1, Imm32(JSValue::Int32Tag));
1316 addSlowCase(branch32(AboveOrEqual, regT1, Imm32(JSValue::EmptyValueTag)));
1317 isInt32.link(this);
1318
1319 if (src != dst)
1320 emitStore(dst, regT1, regT0);
1321 map(m_bytecodeIndex + OPCODE_LENGTH(op_to_jsnumber), dst, regT1, regT0);
1322 }
1323
1324 void JIT::emitSlow_op_to_jsnumber(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1325 {
1326 int dst = currentInstruction[1].u.operand;
1327
1328 linkSlowCase(iter);
1329
1330 JITStubCall stubCall(this, cti_op_to_jsnumber);
1331 stubCall.addArgument(regT1, regT0);
1332 stubCall.call(dst);
1333 }
1334
1335 void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
1336 {
1337 JITStubCall stubCall(this, cti_op_push_new_scope);
1338 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
1339 stubCall.addArgument(currentInstruction[3].u.operand);
1340 stubCall.call(currentInstruction[1].u.operand);
1341 }
1342
1343 void JIT::emit_op_catch(Instruction* currentInstruction)
1344 {
1345 unsigned exception = currentInstruction[1].u.operand;
1346
1347 // This opcode only executes after a return from cti_op_throw.
1348
1349 // cti_op_throw may have taken us to a call frame further up the stack; reload
1350 // the call frame pointer to adjust.
1351 peek(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
1352
1353 // Now store the exception returned by cti_op_throw.
1354 emitStore(exception, regT1, regT0);
1355 map(m_bytecodeIndex + OPCODE_LENGTH(op_catch), exception, regT1, regT0);
1356 }
1357
1358 void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
1359 {
1360 JITStubCall stubCall(this, cti_op_jmp_scopes);
1361 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1362 stubCall.call();
1363 addJump(jump(), currentInstruction[2].u.operand);
1364 }
1365
1366 void JIT::emit_op_switch_imm(Instruction* currentInstruction)
1367 {
1368 unsigned tableIndex = currentInstruction[1].u.operand;
1369 unsigned defaultOffset = currentInstruction[2].u.operand;
1370 unsigned scrutinee = currentInstruction[3].u.operand;
1371
1372 // create jump table for switch destinations, track this switch statement.
1373 SimpleJumpTable* jumpTable = &m_codeBlock->immediateSwitchJumpTable(tableIndex);
1374 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Immediate));
1375 jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
1376
1377 JITStubCall stubCall(this, cti_op_switch_imm);
1378 stubCall.addArgument(scrutinee);
1379 stubCall.addArgument(Imm32(tableIndex));
1380 stubCall.call();
1381 jump(regT0);
1382 }
1383
1384 void JIT::emit_op_switch_char(Instruction* currentInstruction)
1385 {
1386 unsigned tableIndex = currentInstruction[1].u.operand;
1387 unsigned defaultOffset = currentInstruction[2].u.operand;
1388 unsigned scrutinee = currentInstruction[3].u.operand;
1389
1390 // create jump table for switch destinations, track this switch statement.
1391 SimpleJumpTable* jumpTable = &m_codeBlock->characterSwitchJumpTable(tableIndex);
1392 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Character));
1393 jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
1394
1395 JITStubCall stubCall(this, cti_op_switch_char);
1396 stubCall.addArgument(scrutinee);
1397 stubCall.addArgument(Imm32(tableIndex));
1398 stubCall.call();
1399 jump(regT0);
1400 }
1401
1402 void JIT::emit_op_switch_string(Instruction* currentInstruction)
1403 {
1404 unsigned tableIndex = currentInstruction[1].u.operand;
1405 unsigned defaultOffset = currentInstruction[2].u.operand;
1406 unsigned scrutinee = currentInstruction[3].u.operand;
1407
1408 // create jump table for switch destinations, track this switch statement.
1409 StringJumpTable* jumpTable = &m_codeBlock->stringSwitchJumpTable(tableIndex);
1410 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
1411
1412 JITStubCall stubCall(this, cti_op_switch_string);
1413 stubCall.addArgument(scrutinee);
1414 stubCall.addArgument(Imm32(tableIndex));
1415 stubCall.call();
1416 jump(regT0);
1417 }
1418
1419 void JIT::emit_op_new_error(Instruction* currentInstruction)
1420 {
1421 unsigned dst = currentInstruction[1].u.operand;
1422 unsigned type = currentInstruction[2].u.operand;
1423 unsigned message = currentInstruction[3].u.operand;
1424
1425 JITStubCall stubCall(this, cti_op_new_error);
1426 stubCall.addArgument(Imm32(type));
1427 stubCall.addArgument(m_codeBlock->getConstant(message));
1428 stubCall.addArgument(Imm32(m_bytecodeIndex));
1429 stubCall.call(dst);
1430 }
1431
1432 void JIT::emit_op_debug(Instruction* currentInstruction)
1433 {
1434 #if ENABLE(DEBUG_WITH_BREAKPOINT)
1435 UNUSED_PARAM(currentInstruction);
1436 breakpoint();
1437 #else
1438 JITStubCall stubCall(this, cti_op_debug);
1439 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1440 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
1441 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
1442 stubCall.call();
1443 #endif
1444 }
1445
1446
1447 void JIT::emit_op_enter(Instruction*)
1448 {
1449 // Even though JIT code doesn't use them, we initialize our constant
1450 // registers to zap stale pointers, to avoid unnecessarily prolonging
1451 // object lifetime and increasing GC pressure.
1452 for (int i = 0; i < m_codeBlock->m_numVars; ++i)
1453 emitStore(i, jsUndefined());
1454 }
1455
1456 void JIT::emit_op_enter_with_activation(Instruction* currentInstruction)
1457 {
1458 emit_op_enter(currentInstruction);
1459
1460 JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
1461 }
1462
1463 void JIT::emit_op_create_arguments(Instruction*)
1464 {
1465 Jump argsCreated = branch32(NotEqual, tagFor(RegisterFile::ArgumentsRegister, callFrameRegister), Imm32(JSValue::EmptyValueTag));
1466
1467 // If we get here the arguments pointer is a null cell - i.e. arguments need lazy creation.
1468 if (m_codeBlock->m_numParameters == 1)
1469 JITStubCall(this, cti_op_create_arguments_no_params).call();
1470 else
1471 JITStubCall(this, cti_op_create_arguments).call();
1472
1473 argsCreated.link(this);
1474 }
1475
1476 void JIT::emit_op_init_arguments(Instruction*)
1477 {
1478 emitStore(RegisterFile::ArgumentsRegister, JSValue(), callFrameRegister);
1479 }
1480
1481 void JIT::emit_op_convert_this(Instruction* currentInstruction)
1482 {
1483 unsigned thisRegister = currentInstruction[1].u.operand;
1484
1485 emitLoad(thisRegister, regT1, regT0);
1486
1487 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
1488
1489 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1490 addSlowCase(branchTest8(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
1491
1492 map(m_bytecodeIndex + OPCODE_LENGTH(op_convert_this), thisRegister, regT1, regT0);
1493 }
1494
1495 void JIT::emitSlow_op_convert_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1496 {
1497 unsigned thisRegister = currentInstruction[1].u.operand;
1498
1499 linkSlowCase(iter);
1500 linkSlowCase(iter);
1501
1502 JITStubCall stubCall(this, cti_op_convert_this);
1503 stubCall.addArgument(regT1, regT0);
1504 stubCall.call(thisRegister);
1505 }
1506
1507 void JIT::emit_op_profile_will_call(Instruction* currentInstruction)
1508 {
1509 peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof(void*));
1510 Jump noProfiler = branchTestPtr(Zero, Address(regT2));
1511
1512 JITStubCall stubCall(this, cti_op_profile_will_call);
1513 stubCall.addArgument(currentInstruction[1].u.operand);
1514 stubCall.call();
1515 noProfiler.link(this);
1516 }
1517
1518 void JIT::emit_op_profile_did_call(Instruction* currentInstruction)
1519 {
1520 peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof(void*));
1521 Jump noProfiler = branchTestPtr(Zero, Address(regT2));
1522
1523 JITStubCall stubCall(this, cti_op_profile_did_call);
1524 stubCall.addArgument(currentInstruction[1].u.operand);
1525 stubCall.call();
1526 noProfiler.link(this);
1527 }
1528
1529 }
1530
1531 #endif // ENABLE(JIT) && USE(JSVALUE32_64)
mirror of JavaScriptCore