]> git.saurik.com Git - apple/javascriptcore.git/blob - jit/JITOpcodes32_64.cpp
projects / apple / javascriptcore.git / blob
? search:


ccc0900326f1fa353ce4c5b2e5ddeca523d902da
[apple/javascriptcore.git] / jit / JITOpcodes32_64.cpp
1 /*
2 * Copyright (C) 2009 Apple Inc. All rights reserved.
3 * Copyright (C) 2010 Patrick Gansterer <paroga@paroga.com>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "config.h"
28 #include "JIT.h"
29
30 #if ENABLE(JIT) && USE(JSVALUE32_64)
31
32 #include "JITInlineMethods.h"
33 #include "JITStubCall.h"
34 #include "JSArray.h"
35 #include "JSCell.h"
36 #include "JSFunction.h"
37 #include "JSPropertyNameIterator.h"
38 #include "LinkBuffer.h"
39
40 namespace JSC {
41
42 void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, TrampolineStructure *trampolines)
43 {
44 #if ENABLE(JIT_OPTIMIZE_MOD)
45 Label softModBegin = align();
46 softModulo();
47 #endif
48 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
49 // (1) This function provides fast property access for string length
50 Label stringLengthBegin = align();
51
52 // regT0 holds payload, regT1 holds tag
53
54 Jump string_failureCases1 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
55 Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
56
57 // Checks out okay! - get the length from the Ustring.
58 load32(Address(regT0, OBJECT_OFFSETOF(JSString, m_length)), regT2);
59
60 Jump string_failureCases3 = branch32(Above, regT2, Imm32(INT_MAX));
61 move(regT2, regT0);
62 move(Imm32(JSValue::Int32Tag), regT1);
63
64 ret();
65 #endif
66
67 // (2) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
68
69 #if ENABLE(JIT_OPTIMIZE_CALL)
70 // VirtualCallLink Trampoline
71 // regT0 holds callee, regT1 holds argCount. regT2 will hold the FunctionExecutable.
72 Label virtualCallLinkBegin = align();
73 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
74
75 Jump isNativeFunc2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
76
77 Jump hasCodeBlock2 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
78 preserveReturnAddressAfterCall(regT3);
79 restoreArgumentReference();
80 Call callJSFunction2 = call();
81 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
82 emitGetJITStubArg(2, regT1); // argCount
83 restoreReturnAddressBeforeReturn(regT3);
84 hasCodeBlock2.link(this);
85
86 // Check argCount matches callee arity.
87 Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
88 preserveReturnAddressAfterCall(regT3);
89 emitPutJITStubArg(regT3, 1); // return address
90 restoreArgumentReference();
91 Call callArityCheck2 = call();
92 move(regT1, callFrameRegister);
93 emitGetJITStubArg(2, regT1); // argCount
94 restoreReturnAddressBeforeReturn(regT3);
95 arityCheckOkay2.link(this);
96
97 isNativeFunc2.link(this);
98
99 compileOpCallInitializeCallFrame();
100
101 preserveReturnAddressAfterCall(regT3);
102 emitPutJITStubArg(regT3, 1); // return address
103 restoreArgumentReference();
104 Call callLazyLinkCall = call();
105 restoreReturnAddressBeforeReturn(regT3);
106 jump(regT0);
107 #endif // ENABLE(JIT_OPTIMIZE_CALL)
108
109 // VirtualCall Trampoline
110 // regT0 holds callee, regT1 holds argCount. regT2 will hold the FunctionExecutable.
111 Label virtualCallBegin = align();
112 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
113
114 Jump isNativeFunc3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
115
116 Jump hasCodeBlock3 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
117 preserveReturnAddressAfterCall(regT3);
118 restoreArgumentReference();
119 Call callJSFunction1 = call();
120 emitGetJITStubArg(2, regT1); // argCount
121 restoreReturnAddressBeforeReturn(regT3);
122 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
123 hasCodeBlock3.link(this);
124
125 // Check argCount matches callee arity.
126 Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
127 preserveReturnAddressAfterCall(regT3);
128 emitPutJITStubArg(regT3, 1); // return address
129 restoreArgumentReference();
130 Call callArityCheck1 = call();
131 move(regT1, callFrameRegister);
132 emitGetJITStubArg(2, regT1); // argCount
133 restoreReturnAddressBeforeReturn(regT3);
134 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
135 arityCheckOkay3.link(this);
136
137 isNativeFunc3.link(this);
138
139 compileOpCallInitializeCallFrame();
140 loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_jitCode)), regT0);
141 jump(regT0);
142
143 #if CPU(X86) || CPU(ARM_TRADITIONAL)
144 Label nativeCallThunk = align();
145 preserveReturnAddressAfterCall(regT0);
146 emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
147
148 // Load caller frame's scope chain into this callframe so that whatever we call can
149 // get to its global data.
150 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
151 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
152 emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
153
154 #if CPU(X86)
155 emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
156
157 /* We have two structs that we use to describe the stackframe we set up for our
158 * call to native code. NativeCallFrameStructure describes the how we set up the stack
159 * in advance of the call. NativeFunctionCalleeSignature describes the callframe
160 * as the native code expects it. We do this as we are using the fastcall calling
161 * convention which results in the callee popping its arguments off the stack, but
162 * not the rest of the callframe so we need a nice way to ensure we increment the
163 * stack pointer by the right amount after the call.
164 */
165
166 #if COMPILER(MSVC) || OS(LINUX)
167 #if COMPILER(MSVC)
168 #pragma pack(push)
169 #pragma pack(4)
170 #endif // COMPILER(MSVC)
171 struct NativeCallFrameStructure {
172 // CallFrame* callFrame; // passed in EDX
173 JSObject* callee;
174 JSValue thisValue;
175 ArgList* argPointer;
176 ArgList args;
177 JSValue result;
178 };
179 struct NativeFunctionCalleeSignature {
180 JSObject* callee;
181 JSValue thisValue;
182 ArgList* argPointer;
183 };
184 #if COMPILER(MSVC)
185 #pragma pack(pop)
186 #endif // COMPILER(MSVC)
187 #else
188 struct NativeCallFrameStructure {
189 // CallFrame* callFrame; // passed in ECX
190 // JSObject* callee; // passed in EDX
191 JSValue thisValue;
192 ArgList* argPointer;
193 ArgList args;
194 };
195 struct NativeFunctionCalleeSignature {
196 JSValue thisValue;
197 ArgList* argPointer;
198 };
199 #endif
200
201 const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
202 // Allocate system stack frame
203 subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
204
205 // Set up arguments
206 subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
207
208 // push argcount
209 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
210
211 // Calculate the start of the callframe header, and store in regT1
212 addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
213
214 // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
215 mul32(Imm32(sizeof(Register)), regT0, regT0);
216 subPtr(regT0, regT1);
217 storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
218
219 // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
220 addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
221 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
222
223 // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
224 loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
225 loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT3);
226 storePtr(regT2, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
227 storePtr(regT3, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
228
229 #if COMPILER(MSVC) || OS(LINUX)
230 // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
231 addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
232
233 // Plant callee
234 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::eax);
235 storePtr(X86Registers::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
236
237 // Plant callframe
238 move(callFrameRegister, X86Registers::edx);
239
240 call(Address(X86Registers::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
241
242 // JSValue is a non-POD type, so eax points to it
243 emitLoad(0, regT1, regT0, X86Registers::eax);
244 #else
245 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::edx); // callee
246 move(callFrameRegister, X86Registers::ecx); // callFrame
247 call(Address(X86Registers::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
248 #endif
249
250 // We've put a few temporaries on the stack in addition to the actual arguments
251 // so pull them off now
252 addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
253
254 #elif CPU(ARM_TRADITIONAL)
255 emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
256
257 // Allocate stack space for our arglist
258 COMPILE_ASSERT((sizeof(ArgList) & 0x7) == 0 && sizeof(JSValue) == 8 && sizeof(Register) == 8, ArgList_should_by_8byte_aligned);
259 subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
260
261 // Set up arguments
262 subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
263
264 // Push argcount
265 storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
266
267 // Calculate the start of the callframe header, and store in regT1
268 move(callFrameRegister, regT1);
269 sub32(Imm32(RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), regT1);
270
271 // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT1)
272 mul32(Imm32(sizeof(Register)), regT0, regT0);
273 subPtr(regT0, regT1);
274
275 // push pointer to arguments
276 storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
277
278 // Argument passing method:
279 // r0 - points to return value
280 // r1 - callFrame
281 // r2 - callee
282 // stack: this(JSValue) and a pointer to ArgList
283
284 #if OS(WINCE)
285 // Setup arg4:
286 push(stackPointerRegister);
287
288 // Setup arg3:
289 // regT1 currently points to the first argument, regT1-sizeof(Register) points to 'this'
290 load32(Address(regT1, -(int32_t)sizeof(void*) * 2), ARMRegisters::r3);
291 push(ARMRegisters::r3);
292 load32(Address(regT1, -(int32_t)sizeof(void*)), regT3);
293 storePtr(regT3, Address(stackPointerRegister));
294
295 // Setup arg2:
296 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, regT2);
297
298 // Setup arg1:
299 move(callFrameRegister, regT1);
300
301 // Setup arg0:
302 move(stackPointerRegister, regT0);
303
304 call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
305
306 load32(Address(stackPointerRegister, 0), regT0);
307 load32(Address(stackPointerRegister, 4), regT1);
308
309 addPtr(Imm32(sizeof(ArgList) + 8), stackPointerRegister);
310 #else // OS(WINCE)
311 move(stackPointerRegister, regT3);
312 subPtr(Imm32(8), stackPointerRegister);
313 move(stackPointerRegister, regT0);
314 subPtr(Imm32(8 + 4 + 4 /* padding */), stackPointerRegister);
315
316 // Setup arg4:
317 storePtr(regT3, Address(stackPointerRegister, 8));
318
319 // Setup arg3:
320 // regT1 currently points to the first argument, regT1-sizeof(Register) points to 'this'
321 load32(Address(regT1, -(int32_t)sizeof(void*) * 2), regT3);
322 storePtr(regT3, Address(stackPointerRegister, 0));
323 load32(Address(regT1, -(int32_t)sizeof(void*)), regT3);
324 storePtr(regT3, Address(stackPointerRegister, 4));
325
326 // Setup arg2:
327 emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, regT2);
328
329 // Setup arg1:
330 move(callFrameRegister, regT1);
331
332 call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
333
334 // Load return value
335 load32(Address(stackPointerRegister, 16), regT0);
336 load32(Address(stackPointerRegister, 20), regT1);
337
338 addPtr(Imm32(sizeof(ArgList) + 16 + 8), stackPointerRegister);
339 #endif // OS(WINCE)
340
341 #endif
342
343 // Check for an exception
344 move(ImmPtr(&globalData->exception), regT2);
345 Jump sawException = branch32(NotEqual, tagFor(0, regT2), Imm32(JSValue::EmptyValueTag));
346
347 // Grab the return address.
348 emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT3);
349
350 // Restore our caller's "r".
351 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
352
353 // Return.
354 restoreReturnAddressBeforeReturn(regT3);
355 ret();
356
357 // Handle an exception
358 sawException.link(this);
359 // Grab the return address.
360 emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
361 move(ImmPtr(&globalData->exceptionLocation), regT2);
362 storePtr(regT1, regT2);
363 move(ImmPtr(FunctionPtr(ctiVMThrowTrampoline).value()), regT2);
364 emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
365 poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
366 restoreReturnAddressBeforeReturn(regT2);
367 ret();
368
369 #elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
370 #error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
371 #else
372 UNUSED_PARAM(globalData);
373 breakpoint();
374 #endif
375
376 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
377 Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
378 Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
379 Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
380 #endif
381
382 // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
383 LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()), 0);
384
385 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
386 patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
387 patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
388 patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
389 #endif
390 patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
391 patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
392 #if ENABLE(JIT_OPTIMIZE_CALL)
393 patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
394 patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
395 patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
396 #endif
397
398 CodeRef finalCode = patchBuffer.finalizeCode();
399 *executablePool = finalCode.m_executablePool;
400
401 trampolines->ctiVirtualCall = patchBuffer.trampolineAt(virtualCallBegin);
402 #if ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
403 trampolines->ctiNativeCallThunk = adoptRef(new NativeExecutable(JITCode(JITCode::HostFunction(patchBuffer.trampolineAt(nativeCallThunk)))));
404 #endif
405 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
406 trampolines->ctiStringLengthTrampoline = patchBuffer.trampolineAt(stringLengthBegin);
407 #else
408 UNUSED_PARAM(ctiStringLengthTrampoline);
409 #endif
410 #if ENABLE(JIT_OPTIMIZE_CALL)
411 trampolines->ctiVirtualCallLink = patchBuffer.trampolineAt(virtualCallLinkBegin);
412 #else
413 UNUSED_PARAM(ctiVirtualCallLink);
414 #endif
415 #if ENABLE(JIT_OPTIMIZE_MOD)
416 trampolines->ctiSoftModulo = patchBuffer.trampolineAt(softModBegin);
417 #endif
418 }
419
420 void JIT::emit_op_mov(Instruction* currentInstruction)
421 {
422 unsigned dst = currentInstruction[1].u.operand;
423 unsigned src = currentInstruction[2].u.operand;
424
425 if (m_codeBlock->isConstantRegisterIndex(src))
426 emitStore(dst, getConstantOperand(src));
427 else {
428 emitLoad(src, regT1, regT0);
429 emitStore(dst, regT1, regT0);
430 map(m_bytecodeIndex + OPCODE_LENGTH(op_mov), dst, regT1, regT0);
431 }
432 }
433
434 void JIT::emit_op_end(Instruction* currentInstruction)
435 {
436 if (m_codeBlock->needsFullScopeChain())
437 JITStubCall(this, cti_op_end).call();
438 ASSERT(returnValueRegister != callFrameRegister);
439 emitLoad(currentInstruction[1].u.operand, regT1, regT0);
440 restoreReturnAddressBeforeReturn(Address(callFrameRegister, RegisterFile::ReturnPC * static_cast<int>(sizeof(Register))));
441 ret();
442 }
443
444 void JIT::emit_op_jmp(Instruction* currentInstruction)
445 {
446 unsigned target = currentInstruction[1].u.operand;
447 addJump(jump(), target);
448 }
449
450 void JIT::emit_op_loop_if_lesseq(Instruction* currentInstruction)
451 {
452 unsigned op1 = currentInstruction[1].u.operand;
453 unsigned op2 = currentInstruction[2].u.operand;
454 unsigned target = currentInstruction[3].u.operand;
455
456 emitTimeoutCheck();
457
458 if (isOperandConstantImmediateInt(op1)) {
459 emitLoad(op2, regT1, regT0);
460 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
461 addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op1).asInt32())), target);
462 return;
463 }
464
465 if (isOperandConstantImmediateInt(op2)) {
466 emitLoad(op1, regT1, regT0);
467 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
468 addJump(branch32(LessThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target);
469 return;
470 }
471
472 emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
473 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
474 addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
475 addJump(branch32(LessThanOrEqual, regT0, regT2), target);
476 }
477
478 void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
479 {
480 unsigned op1 = currentInstruction[1].u.operand;
481 unsigned op2 = currentInstruction[2].u.operand;
482 unsigned target = currentInstruction[3].u.operand;
483
484 if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
485 linkSlowCase(iter); // int32 check
486 linkSlowCase(iter); // int32 check
487
488 JITStubCall stubCall(this, cti_op_loop_if_lesseq);
489 stubCall.addArgument(op1);
490 stubCall.addArgument(op2);
491 stubCall.call();
492 emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
493 }
494
495 void JIT::emit_op_new_object(Instruction* currentInstruction)
496 {
497 JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
498 }
499
500 void JIT::emit_op_instanceof(Instruction* currentInstruction)
501 {
502 unsigned dst = currentInstruction[1].u.operand;
503 unsigned value = currentInstruction[2].u.operand;
504 unsigned baseVal = currentInstruction[3].u.operand;
505 unsigned proto = currentInstruction[4].u.operand;
506
507 // Load the operands into registers.
508 // We use regT0 for baseVal since we will be done with this first, and we can then use it for the result.
509 emitLoadPayload(value, regT2);
510 emitLoadPayload(baseVal, regT0);
511 emitLoadPayload(proto, regT1);
512
513 // Check that value, baseVal, and proto are cells.
514 emitJumpSlowCaseIfNotJSCell(value);
515 emitJumpSlowCaseIfNotJSCell(baseVal);
516 emitJumpSlowCaseIfNotJSCell(proto);
517
518 // Check that baseVal 'ImplementsDefaultHasInstance'.
519 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
520 addSlowCase(branchTest8(Zero, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(ImplementsDefaultHasInstance)));
521
522 // Optimistically load the result true, and start looping.
523 // Initially, regT1 still contains proto and regT2 still contains value.
524 // As we loop regT2 will be updated with its prototype, recursively walking the prototype chain.
525 move(Imm32(JSValue::TrueTag), regT0);
526 Label loop(this);
527
528 // Load the prototype of the cell in regT2. If this is equal to regT1 - WIN!
529 // Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
530 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
531 load32(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
532 Jump isInstance = branchPtr(Equal, regT2, regT1);
533 branchTest32(NonZero, regT2).linkTo(loop, this);
534
535 // We get here either by dropping out of the loop, or if value was not an Object. Result is false.
536 move(Imm32(JSValue::FalseTag), regT0);
537
538 // isInstance jumps right down to here, to skip setting the result to false (it has already set true).
539 isInstance.link(this);
540 emitStoreBool(dst, regT0);
541 }
542
543 void JIT::emitSlow_op_instanceof(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
544 {
545 unsigned dst = currentInstruction[1].u.operand;
546 unsigned value = currentInstruction[2].u.operand;
547 unsigned baseVal = currentInstruction[3].u.operand;
548 unsigned proto = currentInstruction[4].u.operand;
549
550 linkSlowCaseIfNotJSCell(iter, value);
551 linkSlowCaseIfNotJSCell(iter, baseVal);
552 linkSlowCaseIfNotJSCell(iter, proto);
553 linkSlowCase(iter);
554
555 JITStubCall stubCall(this, cti_op_instanceof);
556 stubCall.addArgument(value);
557 stubCall.addArgument(baseVal);
558 stubCall.addArgument(proto);
559 stubCall.call(dst);
560 }
561
562 void JIT::emit_op_new_func(Instruction* currentInstruction)
563 {
564 JITStubCall stubCall(this, cti_op_new_func);
565 stubCall.addArgument(ImmPtr(m_codeBlock->functionDecl(currentInstruction[2].u.operand)));
566 stubCall.call(currentInstruction[1].u.operand);
567 }
568
569 void JIT::emit_op_get_global_var(Instruction* currentInstruction)
570 {
571 int dst = currentInstruction[1].u.operand;
572 JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[2].u.jsCell);
573 ASSERT(globalObject->isGlobalObject());
574 int index = currentInstruction[3].u.operand;
575
576 loadPtr(&globalObject->d()->registers, regT2);
577
578 emitLoad(index, regT1, regT0, regT2);
579 emitStore(dst, regT1, regT0);
580 map(m_bytecodeIndex + OPCODE_LENGTH(op_get_global_var), dst, regT1, regT0);
581 }
582
583 void JIT::emit_op_put_global_var(Instruction* currentInstruction)
584 {
585 JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[1].u.jsCell);
586 ASSERT(globalObject->isGlobalObject());
587 int index = currentInstruction[2].u.operand;
588 int value = currentInstruction[3].u.operand;
589
590 emitLoad(value, regT1, regT0);
591
592 loadPtr(&globalObject->d()->registers, regT2);
593 emitStore(index, regT1, regT0, regT2);
594 map(m_bytecodeIndex + OPCODE_LENGTH(op_put_global_var), value, regT1, regT0);
595 }
596
597 void JIT::emit_op_get_scoped_var(Instruction* currentInstruction)
598 {
599 int dst = currentInstruction[1].u.operand;
600 int index = currentInstruction[2].u.operand;
601 int skip = currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain();
602
603 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
604 while (skip--)
605 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
606
607 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
608 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
609 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
610
611 emitLoad(index, regT1, regT0, regT2);
612 emitStore(dst, regT1, regT0);
613 map(m_bytecodeIndex + OPCODE_LENGTH(op_get_scoped_var), dst, regT1, regT0);
614 }
615
616 void JIT::emit_op_put_scoped_var(Instruction* currentInstruction)
617 {
618 int index = currentInstruction[1].u.operand;
619 int skip = currentInstruction[2].u.operand + m_codeBlock->needsFullScopeChain();
620 int value = currentInstruction[3].u.operand;
621
622 emitLoad(value, regT1, regT0);
623
624 emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
625 while (skip--)
626 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
627
628 loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
629 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
630 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
631
632 emitStore(index, regT1, regT0, regT2);
633 map(m_bytecodeIndex + OPCODE_LENGTH(op_put_scoped_var), value, regT1, regT0);
634 }
635
636 void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
637 {
638 JITStubCall stubCall(this, cti_op_tear_off_activation);
639 stubCall.addArgument(currentInstruction[1].u.operand);
640 stubCall.call();
641 }
642
643 void JIT::emit_op_tear_off_arguments(Instruction*)
644 {
645 JITStubCall(this, cti_op_tear_off_arguments).call();
646 }
647
648 void JIT::emit_op_new_array(Instruction* currentInstruction)
649 {
650 JITStubCall stubCall(this, cti_op_new_array);
651 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
652 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
653 stubCall.call(currentInstruction[1].u.operand);
654 }
655
656 void JIT::emit_op_resolve(Instruction* currentInstruction)
657 {
658 JITStubCall stubCall(this, cti_op_resolve);
659 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
660 stubCall.call(currentInstruction[1].u.operand);
661 }
662
663 void JIT::emit_op_to_primitive(Instruction* currentInstruction)
664 {
665 int dst = currentInstruction[1].u.operand;
666 int src = currentInstruction[2].u.operand;
667
668 emitLoad(src, regT1, regT0);
669
670 Jump isImm = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
671 addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
672 isImm.link(this);
673
674 if (dst != src)
675 emitStore(dst, regT1, regT0);
676 map(m_bytecodeIndex + OPCODE_LENGTH(op_to_primitive), dst, regT1, regT0);
677 }
678
679 void JIT::emitSlow_op_to_primitive(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
680 {
681 int dst = currentInstruction[1].u.operand;
682
683 linkSlowCase(iter);
684
685 JITStubCall stubCall(this, cti_op_to_primitive);
686 stubCall.addArgument(regT1, regT0);
687 stubCall.call(dst);
688 }
689
690 void JIT::emit_op_strcat(Instruction* currentInstruction)
691 {
692 JITStubCall stubCall(this, cti_op_strcat);
693 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
694 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
695 stubCall.call(currentInstruction[1].u.operand);
696 }
697
698 void JIT::emit_op_resolve_base(Instruction* currentInstruction)
699 {
700 JITStubCall stubCall(this, cti_op_resolve_base);
701 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
702 stubCall.call(currentInstruction[1].u.operand);
703 }
704
705 void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
706 {
707 JITStubCall stubCall(this, cti_op_resolve_skip);
708 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
709 stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
710 stubCall.call(currentInstruction[1].u.operand);
711 }
712
713 void JIT::emit_op_resolve_global(Instruction* currentInstruction, bool dynamic)
714 {
715 // FIXME: Optimize to use patching instead of so many memory accesses.
716
717 unsigned dst = currentInstruction[1].u.operand;
718 void* globalObject = currentInstruction[2].u.jsCell;
719
720 unsigned currentIndex = m_globalResolveInfoIndex++;
721 void* structureAddress = &(m_codeBlock->globalResolveInfo(currentIndex).structure);
722 void* offsetAddr = &(m_codeBlock->globalResolveInfo(currentIndex).offset);
723
724 // Verify structure.
725 move(ImmPtr(globalObject), regT0);
726 loadPtr(structureAddress, regT1);
727 addSlowCase(branchPtr(NotEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure))));
728
729 // Load property.
730 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_externalStorage)), regT2);
731 load32(offsetAddr, regT3);
732 load32(BaseIndex(regT2, regT3, TimesEight), regT0); // payload
733 load32(BaseIndex(regT2, regT3, TimesEight, 4), regT1); // tag
734 emitStore(dst, regT1, regT0);
735 map(m_bytecodeIndex + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
736 }
737
738 void JIT::emitSlow_op_resolve_global(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
739 {
740 unsigned dst = currentInstruction[1].u.operand;
741 void* globalObject = currentInstruction[2].u.jsCell;
742 Identifier* ident = &m_codeBlock->identifier(currentInstruction[3].u.operand);
743
744 unsigned currentIndex = m_globalResolveInfoIndex++;
745
746 linkSlowCase(iter);
747 JITStubCall stubCall(this, cti_op_resolve_global);
748 stubCall.addArgument(ImmPtr(globalObject));
749 stubCall.addArgument(ImmPtr(ident));
750 stubCall.addArgument(Imm32(currentIndex));
751 stubCall.call(dst);
752 }
753
754 void JIT::emit_op_not(Instruction* currentInstruction)
755 {
756 unsigned dst = currentInstruction[1].u.operand;
757 unsigned src = currentInstruction[2].u.operand;
758
759 emitLoadTag(src, regT0);
760
761 xor32(Imm32(JSValue::FalseTag), regT0);
762 addSlowCase(branchTest32(NonZero, regT0, Imm32(~1)));
763 xor32(Imm32(JSValue::TrueTag), regT0);
764
765 emitStoreBool(dst, regT0, (dst == src));
766 }
767
768 void JIT::emitSlow_op_not(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
769 {
770 unsigned dst = currentInstruction[1].u.operand;
771 unsigned src = currentInstruction[2].u.operand;
772
773 linkSlowCase(iter);
774
775 JITStubCall stubCall(this, cti_op_not);
776 stubCall.addArgument(src);
777 stubCall.call(dst);
778 }
779
780 void JIT::emit_op_jfalse(Instruction* currentInstruction)
781 {
782 unsigned cond = currentInstruction[1].u.operand;
783 unsigned target = currentInstruction[2].u.operand;
784
785 emitLoad(cond, regT1, regT0);
786
787 Jump isTrue = branch32(Equal, regT1, Imm32(JSValue::TrueTag));
788 addJump(branch32(Equal, regT1, Imm32(JSValue::FalseTag)), target);
789
790 Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
791 Jump isTrue2 = branch32(NotEqual, regT0, Imm32(0));
792 addJump(jump(), target);
793
794 if (supportsFloatingPoint()) {
795 isNotInteger.link(this);
796
797 addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
798
799 emitLoadDouble(cond, fpRegT0);
800 addJump(branchDoubleZeroOrNaN(fpRegT0, fpRegT1), target);
801 } else
802 addSlowCase(isNotInteger);
803
804 isTrue.link(this);
805 isTrue2.link(this);
806 }
807
808 void JIT::emitSlow_op_jfalse(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
809 {
810 unsigned cond = currentInstruction[1].u.operand;
811 unsigned target = currentInstruction[2].u.operand;
812
813 linkSlowCase(iter);
814 JITStubCall stubCall(this, cti_op_jtrue);
815 stubCall.addArgument(cond);
816 stubCall.call();
817 emitJumpSlowToHot(branchTest32(Zero, regT0), target); // Inverted.
818 }
819
820 void JIT::emit_op_jtrue(Instruction* currentInstruction)
821 {
822 unsigned cond = currentInstruction[1].u.operand;
823 unsigned target = currentInstruction[2].u.operand;
824
825 emitLoad(cond, regT1, regT0);
826
827 Jump isFalse = branch32(Equal, regT1, Imm32(JSValue::FalseTag));
828 addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target);
829
830 Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
831 Jump isFalse2 = branch32(Equal, regT0, Imm32(0));
832 addJump(jump(), target);
833
834 if (supportsFloatingPoint()) {
835 isNotInteger.link(this);
836
837 addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
838
839 emitLoadDouble(cond, fpRegT0);
840 addJump(branchDoubleNonZero(fpRegT0, fpRegT1), target);
841 } else
842 addSlowCase(isNotInteger);
843
844 isFalse.link(this);
845 isFalse2.link(this);
846 }
847
848 void JIT::emitSlow_op_jtrue(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
849 {
850 unsigned cond = currentInstruction[1].u.operand;
851 unsigned target = currentInstruction[2].u.operand;
852
853 linkSlowCase(iter);
854 JITStubCall stubCall(this, cti_op_jtrue);
855 stubCall.addArgument(cond);
856 stubCall.call();
857 emitJumpSlowToHot(branchTest32(NonZero, regT0), target);
858 }
859
860 void JIT::emit_op_jeq_null(Instruction* currentInstruction)
861 {
862 unsigned src = currentInstruction[1].u.operand;
863 unsigned target = currentInstruction[2].u.operand;
864
865 emitLoad(src, regT1, regT0);
866
867 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
868
869 // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
870 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
871 addJump(branchTest8(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target);
872
873 Jump wasNotImmediate = jump();
874
875 // Now handle the immediate cases - undefined & null
876 isImmediate.link(this);
877
878 set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
879 set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
880 or32(regT2, regT1);
881
882 addJump(branchTest32(NonZero, regT1), target);
883
884 wasNotImmediate.link(this);
885 }
886
887 void JIT::emit_op_jneq_null(Instruction* currentInstruction)
888 {
889 unsigned src = currentInstruction[1].u.operand;
890 unsigned target = currentInstruction[2].u.operand;
891
892 emitLoad(src, regT1, regT0);
893
894 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
895
896 // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
897 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
898 addJump(branchTest8(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target);
899
900 Jump wasNotImmediate = jump();
901
902 // Now handle the immediate cases - undefined & null
903 isImmediate.link(this);
904
905 set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
906 set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
907 or32(regT2, regT1);
908
909 addJump(branchTest32(Zero, regT1), target);
910
911 wasNotImmediate.link(this);
912 }
913
914 void JIT::emit_op_jneq_ptr(Instruction* currentInstruction)
915 {
916 unsigned src = currentInstruction[1].u.operand;
917 JSCell* ptr = currentInstruction[2].u.jsCell;
918 unsigned target = currentInstruction[3].u.operand;
919
920 emitLoad(src, regT1, regT0);
921 addJump(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)), target);
922 addJump(branchPtr(NotEqual, regT0, ImmPtr(ptr)), target);
923 }
924
925 void JIT::emit_op_jsr(Instruction* currentInstruction)
926 {
927 int retAddrDst = currentInstruction[1].u.operand;
928 int target = currentInstruction[2].u.operand;
929 DataLabelPtr storeLocation = storePtrWithPatch(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * retAddrDst));
930 addJump(jump(), target);
931 m_jsrSites.append(JSRInfo(storeLocation, label()));
932 }
933
934 void JIT::emit_op_sret(Instruction* currentInstruction)
935 {
936 jump(Address(callFrameRegister, sizeof(Register) * currentInstruction[1].u.operand));
937 }
938
939 void JIT::emit_op_eq(Instruction* currentInstruction)
940 {
941 unsigned dst = currentInstruction[1].u.operand;
942 unsigned src1 = currentInstruction[2].u.operand;
943 unsigned src2 = currentInstruction[3].u.operand;
944
945 emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
946 addSlowCase(branch32(NotEqual, regT1, regT3));
947 addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
948 addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
949
950 set8(Equal, regT0, regT2, regT0);
951 or32(Imm32(JSValue::FalseTag), regT0);
952
953 emitStoreBool(dst, regT0);
954 }
955
956 void JIT::emitSlow_op_eq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
957 {
958 unsigned dst = currentInstruction[1].u.operand;
959 unsigned op1 = currentInstruction[2].u.operand;
960 unsigned op2 = currentInstruction[3].u.operand;
961
962 JumpList storeResult;
963 JumpList genericCase;
964
965 genericCase.append(getSlowCase(iter)); // tags not equal
966
967 linkSlowCase(iter); // tags equal and JSCell
968 genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
969 genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
970
971 // String case.
972 JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
973 stubCallEqStrings.addArgument(regT0);
974 stubCallEqStrings.addArgument(regT2);
975 stubCallEqStrings.call();
976 storeResult.append(jump());
977
978 // Generic case.
979 genericCase.append(getSlowCase(iter)); // doubles
980 genericCase.link(this);
981 JITStubCall stubCallEq(this, cti_op_eq);
982 stubCallEq.addArgument(op1);
983 stubCallEq.addArgument(op2);
984 stubCallEq.call(regT0);
985
986 storeResult.link(this);
987 or32(Imm32(JSValue::FalseTag), regT0);
988 emitStoreBool(dst, regT0);
989 }
990
991 void JIT::emit_op_neq(Instruction* currentInstruction)
992 {
993 unsigned dst = currentInstruction[1].u.operand;
994 unsigned src1 = currentInstruction[2].u.operand;
995 unsigned src2 = currentInstruction[3].u.operand;
996
997 emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
998 addSlowCase(branch32(NotEqual, regT1, regT3));
999 addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
1000 addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
1001
1002 set8(NotEqual, regT0, regT2, regT0);
1003 or32(Imm32(JSValue::FalseTag), regT0);
1004
1005 emitStoreBool(dst, regT0);
1006 }
1007
1008 void JIT::emitSlow_op_neq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1009 {
1010 unsigned dst = currentInstruction[1].u.operand;
1011
1012 JumpList storeResult;
1013 JumpList genericCase;
1014
1015 genericCase.append(getSlowCase(iter)); // tags not equal
1016
1017 linkSlowCase(iter); // tags equal and JSCell
1018 genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
1019 genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
1020
1021 // String case.
1022 JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
1023 stubCallEqStrings.addArgument(regT0);
1024 stubCallEqStrings.addArgument(regT2);
1025 stubCallEqStrings.call(regT0);
1026 storeResult.append(jump());
1027
1028 // Generic case.
1029 genericCase.append(getSlowCase(iter)); // doubles
1030 genericCase.link(this);
1031 JITStubCall stubCallEq(this, cti_op_eq);
1032 stubCallEq.addArgument(regT1, regT0);
1033 stubCallEq.addArgument(regT3, regT2);
1034 stubCallEq.call(regT0);
1035
1036 storeResult.link(this);
1037 xor32(Imm32(0x1), regT0);
1038 or32(Imm32(JSValue::FalseTag), regT0);
1039 emitStoreBool(dst, regT0);
1040 }
1041
1042 void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
1043 {
1044 unsigned dst = currentInstruction[1].u.operand;
1045 unsigned src1 = currentInstruction[2].u.operand;
1046 unsigned src2 = currentInstruction[3].u.operand;
1047
1048 emitLoadTag(src1, regT0);
1049 emitLoadTag(src2, regT1);
1050
1051 // Jump to a slow case if either operand is double, or if both operands are
1052 // cells and/or Int32s.
1053 move(regT0, regT2);
1054 and32(regT1, regT2);
1055 addSlowCase(branch32(Below, regT2, Imm32(JSValue::LowestTag)));
1056 addSlowCase(branch32(AboveOrEqual, regT2, Imm32(JSValue::CellTag)));
1057
1058 if (type == OpStrictEq)
1059 set8(Equal, regT0, regT1, regT0);
1060 else
1061 set8(NotEqual, regT0, regT1, regT0);
1062
1063 or32(Imm32(JSValue::FalseTag), regT0);
1064
1065 emitStoreBool(dst, regT0);
1066 }
1067
1068 void JIT::emit_op_stricteq(Instruction* currentInstruction)
1069 {
1070 compileOpStrictEq(currentInstruction, OpStrictEq);
1071 }
1072
1073 void JIT::emitSlow_op_stricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1074 {
1075 unsigned dst = currentInstruction[1].u.operand;
1076 unsigned src1 = currentInstruction[2].u.operand;
1077 unsigned src2 = currentInstruction[3].u.operand;
1078
1079 linkSlowCase(iter);
1080 linkSlowCase(iter);
1081
1082 JITStubCall stubCall(this, cti_op_stricteq);
1083 stubCall.addArgument(src1);
1084 stubCall.addArgument(src2);
1085 stubCall.call(dst);
1086 }
1087
1088 void JIT::emit_op_nstricteq(Instruction* currentInstruction)
1089 {
1090 compileOpStrictEq(currentInstruction, OpNStrictEq);
1091 }
1092
1093 void JIT::emitSlow_op_nstricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1094 {
1095 unsigned dst = currentInstruction[1].u.operand;
1096 unsigned src1 = currentInstruction[2].u.operand;
1097 unsigned src2 = currentInstruction[3].u.operand;
1098
1099 linkSlowCase(iter);
1100 linkSlowCase(iter);
1101
1102 JITStubCall stubCall(this, cti_op_nstricteq);
1103 stubCall.addArgument(src1);
1104 stubCall.addArgument(src2);
1105 stubCall.call(dst);
1106 }
1107
1108 void JIT::emit_op_eq_null(Instruction* currentInstruction)
1109 {
1110 unsigned dst = currentInstruction[1].u.operand;
1111 unsigned src = currentInstruction[2].u.operand;
1112
1113 emitLoad(src, regT1, regT0);
1114 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
1115
1116 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
1117 setTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
1118
1119 Jump wasNotImmediate = jump();
1120
1121 isImmediate.link(this);
1122
1123 set8(Equal, regT1, Imm32(JSValue::NullTag), regT2);
1124 set8(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
1125 or32(regT2, regT1);
1126
1127 wasNotImmediate.link(this);
1128
1129 or32(Imm32(JSValue::FalseTag), regT1);
1130
1131 emitStoreBool(dst, regT1);
1132 }
1133
1134 void JIT::emit_op_neq_null(Instruction* currentInstruction)
1135 {
1136 unsigned dst = currentInstruction[1].u.operand;
1137 unsigned src = currentInstruction[2].u.operand;
1138
1139 emitLoad(src, regT1, regT0);
1140 Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
1141
1142 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
1143 setTest8(Zero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
1144
1145 Jump wasNotImmediate = jump();
1146
1147 isImmediate.link(this);
1148
1149 set8(NotEqual, regT1, Imm32(JSValue::NullTag), regT2);
1150 set8(NotEqual, regT1, Imm32(JSValue::UndefinedTag), regT1);
1151 and32(regT2, regT1);
1152
1153 wasNotImmediate.link(this);
1154
1155 or32(Imm32(JSValue::FalseTag), regT1);
1156
1157 emitStoreBool(dst, regT1);
1158 }
1159
1160 void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
1161 {
1162 JITStubCall stubCall(this, cti_op_resolve_with_base);
1163 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
1164 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1165 stubCall.call(currentInstruction[2].u.operand);
1166 }
1167
1168 void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
1169 {
1170 JITStubCall stubCall(this, cti_op_new_func_exp);
1171 stubCall.addArgument(ImmPtr(m_codeBlock->functionExpr(currentInstruction[2].u.operand)));
1172 stubCall.call(currentInstruction[1].u.operand);
1173 }
1174
1175 void JIT::emit_op_throw(Instruction* currentInstruction)
1176 {
1177 unsigned exception = currentInstruction[1].u.operand;
1178 JITStubCall stubCall(this, cti_op_throw);
1179 stubCall.addArgument(exception);
1180 stubCall.call();
1181
1182 #ifndef NDEBUG
1183 // cti_op_throw always changes it's return address,
1184 // this point in the code should never be reached.
1185 breakpoint();
1186 #endif
1187 }
1188
1189 void JIT::emit_op_get_pnames(Instruction* currentInstruction)
1190 {
1191 int dst = currentInstruction[1].u.operand;
1192 int base = currentInstruction[2].u.operand;
1193 int i = currentInstruction[3].u.operand;
1194 int size = currentInstruction[4].u.operand;
1195 int breakTarget = currentInstruction[5].u.operand;
1196
1197 JumpList isNotObject;
1198
1199 emitLoad(base, regT1, regT0);
1200 if (!m_codeBlock->isKnownNotImmediate(base))
1201 isNotObject.append(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
1202 if (base != m_codeBlock->thisRegister()) {
1203 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1204 isNotObject.append(branch8(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
1205 }
1206
1207 // We could inline the case where you have a valid cache, but
1208 // this call doesn't seem to be hot.
1209 Label isObject(this);
1210 JITStubCall getPnamesStubCall(this, cti_op_get_pnames);
1211 getPnamesStubCall.addArgument(regT0);
1212 getPnamesStubCall.call(dst);
1213 load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
1214 store32(Imm32(0), addressFor(i));
1215 store32(regT3, addressFor(size));
1216 Jump end = jump();
1217
1218 isNotObject.link(this);
1219 addJump(branch32(Equal, regT1, Imm32(JSValue::NullTag)), breakTarget);
1220 addJump(branch32(Equal, regT1, Imm32(JSValue::UndefinedTag)), breakTarget);
1221 JITStubCall toObjectStubCall(this, cti_to_object);
1222 toObjectStubCall.addArgument(regT1, regT0);
1223 toObjectStubCall.call(base);
1224 jump().linkTo(isObject, this);
1225
1226 end.link(this);
1227 }
1228
1229 void JIT::emit_op_next_pname(Instruction* currentInstruction)
1230 {
1231 int dst = currentInstruction[1].u.operand;
1232 int base = currentInstruction[2].u.operand;
1233 int i = currentInstruction[3].u.operand;
1234 int size = currentInstruction[4].u.operand;
1235 int it = currentInstruction[5].u.operand;
1236 int target = currentInstruction[6].u.operand;
1237
1238 JumpList callHasProperty;
1239
1240 Label begin(this);
1241 load32(addressFor(i), regT0);
1242 Jump end = branch32(Equal, regT0, addressFor(size));
1243
1244 // Grab key @ i
1245 loadPtr(addressFor(it), regT1);
1246 loadPtr(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStrings)), regT2);
1247 load32(BaseIndex(regT2, regT0, TimesEight), regT2);
1248 store32(Imm32(JSValue::CellTag), tagFor(dst));
1249 store32(regT2, payloadFor(dst));
1250
1251 // Increment i
1252 add32(Imm32(1), regT0);
1253 store32(regT0, addressFor(i));
1254
1255 // Verify that i is valid:
1256 loadPtr(addressFor(base), regT0);
1257
1258 // Test base's structure
1259 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1260 callHasProperty.append(branchPtr(NotEqual, regT2, Address(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedStructure)))));
1261
1262 // Test base's prototype chain
1263 loadPtr(Address(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedPrototypeChain))), regT3);
1264 loadPtr(Address(regT3, OBJECT_OFFSETOF(StructureChain, m_vector)), regT3);
1265 addJump(branchTestPtr(Zero, Address(regT3)), target);
1266
1267 Label checkPrototype(this);
1268 callHasProperty.append(branch32(Equal, Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), Imm32(JSValue::NullTag)));
1269 loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
1270 loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1271 callHasProperty.append(branchPtr(NotEqual, regT2, Address(regT3)));
1272 addPtr(Imm32(sizeof(Structure*)), regT3);
1273 branchTestPtr(NonZero, Address(regT3)).linkTo(checkPrototype, this);
1274
1275 // Continue loop.
1276 addJump(jump(), target);
1277
1278 // Slow case: Ask the object if i is valid.
1279 callHasProperty.link(this);
1280 loadPtr(addressFor(dst), regT1);
1281 JITStubCall stubCall(this, cti_has_property);
1282 stubCall.addArgument(regT0);
1283 stubCall.addArgument(regT1);
1284 stubCall.call();
1285
1286 // Test for valid key.
1287 addJump(branchTest32(NonZero, regT0), target);
1288 jump().linkTo(begin, this);
1289
1290 // End of loop.
1291 end.link(this);
1292 }
1293
1294 void JIT::emit_op_push_scope(Instruction* currentInstruction)
1295 {
1296 JITStubCall stubCall(this, cti_op_push_scope);
1297 stubCall.addArgument(currentInstruction[1].u.operand);
1298 stubCall.call(currentInstruction[1].u.operand);
1299 }
1300
1301 void JIT::emit_op_pop_scope(Instruction*)
1302 {
1303 JITStubCall(this, cti_op_pop_scope).call();
1304 }
1305
1306 void JIT::emit_op_to_jsnumber(Instruction* currentInstruction)
1307 {
1308 int dst = currentInstruction[1].u.operand;
1309 int src = currentInstruction[2].u.operand;
1310
1311 emitLoad(src, regT1, regT0);
1312
1313 Jump isInt32 = branch32(Equal, regT1, Imm32(JSValue::Int32Tag));
1314 addSlowCase(branch32(AboveOrEqual, regT1, Imm32(JSValue::EmptyValueTag)));
1315 isInt32.link(this);
1316
1317 if (src != dst)
1318 emitStore(dst, regT1, regT0);
1319 map(m_bytecodeIndex + OPCODE_LENGTH(op_to_jsnumber), dst, regT1, regT0);
1320 }
1321
1322 void JIT::emitSlow_op_to_jsnumber(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1323 {
1324 int dst = currentInstruction[1].u.operand;
1325
1326 linkSlowCase(iter);
1327
1328 JITStubCall stubCall(this, cti_op_to_jsnumber);
1329 stubCall.addArgument(regT1, regT0);
1330 stubCall.call(dst);
1331 }
1332
1333 void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
1334 {
1335 JITStubCall stubCall(this, cti_op_push_new_scope);
1336 stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
1337 stubCall.addArgument(currentInstruction[3].u.operand);
1338 stubCall.call(currentInstruction[1].u.operand);
1339 }
1340
1341 void JIT::emit_op_catch(Instruction* currentInstruction)
1342 {
1343 unsigned exception = currentInstruction[1].u.operand;
1344
1345 // This opcode only executes after a return from cti_op_throw.
1346
1347 // cti_op_throw may have taken us to a call frame further up the stack; reload
1348 // the call frame pointer to adjust.
1349 peek(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
1350
1351 // Now store the exception returned by cti_op_throw.
1352 emitStore(exception, regT1, regT0);
1353 map(m_bytecodeIndex + OPCODE_LENGTH(op_catch), exception, regT1, regT0);
1354 }
1355
1356 void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
1357 {
1358 JITStubCall stubCall(this, cti_op_jmp_scopes);
1359 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1360 stubCall.call();
1361 addJump(jump(), currentInstruction[2].u.operand);
1362 }
1363
1364 void JIT::emit_op_switch_imm(Instruction* currentInstruction)
1365 {
1366 unsigned tableIndex = currentInstruction[1].u.operand;
1367 unsigned defaultOffset = currentInstruction[2].u.operand;
1368 unsigned scrutinee = currentInstruction[3].u.operand;
1369
1370 // create jump table for switch destinations, track this switch statement.
1371 SimpleJumpTable* jumpTable = &m_codeBlock->immediateSwitchJumpTable(tableIndex);
1372 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Immediate));
1373 jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
1374
1375 JITStubCall stubCall(this, cti_op_switch_imm);
1376 stubCall.addArgument(scrutinee);
1377 stubCall.addArgument(Imm32(tableIndex));
1378 stubCall.call();
1379 jump(regT0);
1380 }
1381
1382 void JIT::emit_op_switch_char(Instruction* currentInstruction)
1383 {
1384 unsigned tableIndex = currentInstruction[1].u.operand;
1385 unsigned defaultOffset = currentInstruction[2].u.operand;
1386 unsigned scrutinee = currentInstruction[3].u.operand;
1387
1388 // create jump table for switch destinations, track this switch statement.
1389 SimpleJumpTable* jumpTable = &m_codeBlock->characterSwitchJumpTable(tableIndex);
1390 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Character));
1391 jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
1392
1393 JITStubCall stubCall(this, cti_op_switch_char);
1394 stubCall.addArgument(scrutinee);
1395 stubCall.addArgument(Imm32(tableIndex));
1396 stubCall.call();
1397 jump(regT0);
1398 }
1399
1400 void JIT::emit_op_switch_string(Instruction* currentInstruction)
1401 {
1402 unsigned tableIndex = currentInstruction[1].u.operand;
1403 unsigned defaultOffset = currentInstruction[2].u.operand;
1404 unsigned scrutinee = currentInstruction[3].u.operand;
1405
1406 // create jump table for switch destinations, track this switch statement.
1407 StringJumpTable* jumpTable = &m_codeBlock->stringSwitchJumpTable(tableIndex);
1408 m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
1409
1410 JITStubCall stubCall(this, cti_op_switch_string);
1411 stubCall.addArgument(scrutinee);
1412 stubCall.addArgument(Imm32(tableIndex));
1413 stubCall.call();
1414 jump(regT0);
1415 }
1416
1417 void JIT::emit_op_new_error(Instruction* currentInstruction)
1418 {
1419 unsigned dst = currentInstruction[1].u.operand;
1420 unsigned type = currentInstruction[2].u.operand;
1421 unsigned message = currentInstruction[3].u.operand;
1422
1423 JITStubCall stubCall(this, cti_op_new_error);
1424 stubCall.addArgument(Imm32(type));
1425 stubCall.addArgument(m_codeBlock->getConstant(message));
1426 stubCall.addArgument(Imm32(m_bytecodeIndex));
1427 stubCall.call(dst);
1428 }
1429
1430 void JIT::emit_op_debug(Instruction* currentInstruction)
1431 {
1432 #if ENABLE(DEBUG_WITH_BREAKPOINT)
1433 UNUSED_PARAM(currentInstruction);
1434 breakpoint();
1435 #else
1436 JITStubCall stubCall(this, cti_op_debug);
1437 stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
1438 stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
1439 stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
1440 stubCall.call();
1441 #endif
1442 }
1443
1444
1445 void JIT::emit_op_enter(Instruction*)
1446 {
1447 // Even though JIT code doesn't use them, we initialize our constant
1448 // registers to zap stale pointers, to avoid unnecessarily prolonging
1449 // object lifetime and increasing GC pressure.
1450 for (int i = 0; i < m_codeBlock->m_numVars; ++i)
1451 emitStore(i, jsUndefined());
1452 }
1453
1454 void JIT::emit_op_enter_with_activation(Instruction* currentInstruction)
1455 {
1456 emit_op_enter(currentInstruction);
1457
1458 JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
1459 }
1460
1461 void JIT::emit_op_create_arguments(Instruction*)
1462 {
1463 Jump argsCreated = branch32(NotEqual, tagFor(RegisterFile::ArgumentsRegister, callFrameRegister), Imm32(JSValue::EmptyValueTag));
1464
1465 // If we get here the arguments pointer is a null cell - i.e. arguments need lazy creation.
1466 if (m_codeBlock->m_numParameters == 1)
1467 JITStubCall(this, cti_op_create_arguments_no_params).call();
1468 else
1469 JITStubCall(this, cti_op_create_arguments).call();
1470
1471 argsCreated.link(this);
1472 }
1473
1474 void JIT::emit_op_init_arguments(Instruction*)
1475 {
1476 emitStore(RegisterFile::ArgumentsRegister, JSValue(), callFrameRegister);
1477 }
1478
1479 void JIT::emit_op_convert_this(Instruction* currentInstruction)
1480 {
1481 unsigned thisRegister = currentInstruction[1].u.operand;
1482
1483 emitLoad(thisRegister, regT1, regT0);
1484
1485 addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
1486
1487 loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
1488 addSlowCase(branchTest8(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
1489
1490 map(m_bytecodeIndex + OPCODE_LENGTH(op_convert_this), thisRegister, regT1, regT0);
1491 }
1492
1493 void JIT::emitSlow_op_convert_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
1494 {
1495 unsigned thisRegister = currentInstruction[1].u.operand;
1496
1497 linkSlowCase(iter);
1498 linkSlowCase(iter);
1499
1500 JITStubCall stubCall(this, cti_op_convert_this);
1501 stubCall.addArgument(regT1, regT0);
1502 stubCall.call(thisRegister);
1503 }
1504
1505 void JIT::emit_op_profile_will_call(Instruction* currentInstruction)
1506 {
1507 peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof(void*));
1508 Jump noProfiler = branchTestPtr(Zero, Address(regT2));
1509
1510 JITStubCall stubCall(this, cti_op_profile_will_call);
1511 stubCall.addArgument(currentInstruction[1].u.operand);
1512 stubCall.call();
1513 noProfiler.link(this);
1514 }
1515
1516 void JIT::emit_op_profile_did_call(Instruction* currentInstruction)
1517 {
1518 peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof(void*));
1519 Jump noProfiler = branchTestPtr(Zero, Address(regT2));
1520
1521 JITStubCall stubCall(this, cti_op_profile_did_call);
1522 stubCall.addArgument(currentInstruction[1].u.operand);
1523 stubCall.call();
1524 noProfiler.link(this);
1525 }
1526
1527 }
1528
1529 #endif // ENABLE(JIT) && USE(JSVALUE32_64)
mirror of JavaScriptCore