The Tor Browser: js/src/jit/x86/Trampoline-x86.cpp@6474c204b198 (annotated)

js/src/jit/x86/Trampoline-x86.cpp@6474c204b198 (annotated)

js/src/jit/x86/Trampoline-x86.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "jscompartment.h"
 #include "assembler/assembler/MacroAssembler.h"
 #include "jit/Bailouts.h"
 #include "jit/BaselineJIT.h"
 #include "jit/IonFrames.h"
 #include "jit/IonLinker.h"
 #include "jit/IonSpewer.h"
 #include "jit/JitCompartment.h"
 #ifdef JS_ION_PERF
 # include "jit/PerfSpewer.h"
 #endif
 #include "jit/VMFunctions.h"
 #include "jit/x86/BaselineHelpers-x86.h"
 #include "jsscriptinlines.h"
 #include "jit/ExecutionMode-inl.h"
 using namespace js;
 using namespace js::jit;
 // All registers to save and restore. This includes the stack pointer, since we
 // use the ability to reference register values on the stack by index.
 static const RegisterSet AllRegs =
   RegisterSet(GeneralRegisterSet(Registers::AllMask),
               FloatRegisterSet(FloatRegisters::AllMask));
 enum EnterJitEbpArgumentOffset {
     ARG_JITCODE         = 2 * sizeof(void *),
     ARG_ARGC            = 3 * sizeof(void *),
     ARG_ARGV            = 4 * sizeof(void *),
     ARG_STACKFRAME      = 5 * sizeof(void *),
     ARG_CALLEETOKEN     = 6 * sizeof(void *),
     ARG_SCOPECHAIN      = 7 * sizeof(void *),
     ARG_STACKVALUES     = 8 * sizeof(void *),
     ARG_RESULT          = 9 * sizeof(void *)
 };
 /*
  * Generates a trampoline for a C++ function with the EnterJitCode signature,
  * using the standard cdecl calling convention.
  */
 JitCode *
 JitRuntime::generateEnterJIT(JSContext *cx, EnterJitType type)
 {
     MacroAssembler masm(cx);
     // Save old stack frame pointer, set new stack frame pointer.
     masm.push(ebp);
     masm.movl(esp, ebp);
     // Save non-volatile registers. These must be saved by the trampoline,
     // rather than the JIT'd code, because they are scanned by the conservative
     // scanner.
     masm.push(ebx);
     masm.push(esi);
     masm.push(edi);
     // Push the EnterJIT sps mark.
     masm.spsMarkJit(&cx->runtime()->spsProfiler, ebp, ebx);
     // Keep track of the stack which has to be unwound after returning from the
     // compiled function.
     masm.movl(esp, esi);
     // eax <- 8*argc, eax is now the offset betwen argv and the last
     masm.loadPtr(Address(ebp, ARG_ARGC), eax);
     masm.shll(Imm32(3), eax);
     // We need to ensure that the stack is aligned on a 12-byte boundary, so
     // inside the JIT function the stack is 16-byte aligned. Our stack right
     // now might not be aligned on some platforms (win32, gcc) so we factor
     // this possibility in, and simulate what the new stack address would be.
     //   +argc * 8 for arguments
     //   +4 for pushing alignment
     //   +4 for pushing the callee token
     //   +4 for pushing the return address
     masm.movl(esp, ecx);
     masm.subl(eax, ecx);
     masm.subl(Imm32(4 * 3), ecx);
     // ecx = ecx & 15, holds alignment.
     masm.andl(Imm32(15), ecx);
     masm.subl(ecx, esp);
     /***************************************************************
     Loop over argv vector, push arguments onto stack in reverse order
     ***************************************************************/
     // ebx = argv   --argv pointer is in ebp + 16
     masm.loadPtr(Address(ebp, ARG_ARGV), ebx);
     // eax = argv[8(argc)]  --eax now points one value past the last argument
     masm.addl(ebx, eax);
     // while (eax > ebx)  --while still looping through arguments
     {
         Label header, footer;
         masm.bind(&header);
         masm.cmpl(eax, ebx);
         masm.j(Assembler::BelowOrEqual, &footer);
         // eax -= 8  --move to previous argument
         masm.subl(Imm32(8), eax);
         // Push what eax points to on stack, a Value is 2 words
         masm.push(Operand(eax, 4));
         masm.push(Operand(eax, 0));
         masm.jmp(&header);
         masm.bind(&footer);
     }
     // Push the number of actual arguments.  |result| is used to store the
     // actual number of arguments without adding an extra argument to the enter
     // JIT.
     masm.mov(Operand(ebp, ARG_RESULT), eax);
     masm.unboxInt32(Address(eax, 0x0), eax);
     masm.push(eax);
     // Push the callee token.
     masm.push(Operand(ebp, ARG_CALLEETOKEN));
     // Load the InterpreterFrame address into the OsrFrameReg.
     // This address is also used for setting the constructing bit on all paths.
     masm.loadPtr(Address(ebp, ARG_STACKFRAME), OsrFrameReg);
     /*****************************************************************
     Push the number of bytes we've pushed so far on the stack and call
     *****************************************************************/
     // Create a frame descriptor.
     masm.subl(esp, esi);
     masm.makeFrameDescriptor(esi, JitFrame_Entry);
     masm.push(esi);
     CodeLabel returnLabel;
     if (type == EnterJitBaseline) {
         // Handle OSR.
         GeneralRegisterSet regs(GeneralRegisterSet::All());
         regs.take(JSReturnOperand);
         regs.takeUnchecked(OsrFrameReg);
         regs.take(ebp);
         regs.take(ReturnReg);
         Register scratch = regs.takeAny();
         Label notOsr;
         masm.branchTestPtr(Assembler::Zero, OsrFrameReg, OsrFrameReg, &notOsr);
         Register numStackValues = regs.takeAny();
         masm.loadPtr(Address(ebp, ARG_STACKVALUES), numStackValues);
         Register jitcode = regs.takeAny();
         masm.loadPtr(Address(ebp, ARG_JITCODE), jitcode);
         // Push return address, previous frame pointer.
         masm.mov(returnLabel.dest(), scratch);
         masm.push(scratch);
         masm.push(ebp);
         // Reserve frame.
         Register framePtr = ebp;
         masm.subPtr(Imm32(BaselineFrame::Size()), esp);
         masm.mov(esp, framePtr);
 #ifdef XP_WIN
         // Can't push large frames blindly on windows.  Touch frame memory incrementally.
         masm.mov(numStackValues, scratch);
         masm.shll(Imm32(3), scratch);
         masm.subPtr(scratch, framePtr);
         {
             masm.movePtr(esp, scratch);
             masm.subPtr(Imm32(WINDOWS_BIG_FRAME_TOUCH_INCREMENT), scratch);
             Label touchFrameLoop;
             Label touchFrameLoopEnd;
             masm.bind(&touchFrameLoop);
             masm.branchPtr(Assembler::Below, scratch, framePtr, &touchFrameLoopEnd);
             masm.store32(Imm32(0), Address(scratch, 0));
             masm.subPtr(Imm32(WINDOWS_BIG_FRAME_TOUCH_INCREMENT), scratch);
             masm.jump(&touchFrameLoop);
             masm.bind(&touchFrameLoopEnd);
         }
         masm.mov(esp, framePtr);
 #endif
         // Reserve space for locals and stack values.
         masm.mov(numStackValues, scratch);
         masm.shll(Imm32(3), scratch);
         masm.subPtr(scratch, esp);
         // Enter exit frame.
         masm.addPtr(Imm32(BaselineFrame::Size() + BaselineFrame::FramePointerOffset), scratch);
         masm.makeFrameDescriptor(scratch, JitFrame_BaselineJS);
         masm.push(scratch);
         masm.push(Imm32(0)); // Fake return address.
         masm.enterFakeExitFrame();
         masm.push(framePtr);
         masm.push(jitcode);
         masm.setupUnalignedABICall(3, scratch);
         masm.passABIArg(framePtr); // BaselineFrame
         masm.passABIArg(OsrFrameReg); // InterpreterFrame
         masm.passABIArg(numStackValues);
         masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, jit::InitBaselineFrameForOsr));
         masm.pop(jitcode);
         masm.pop(framePtr);
         JS_ASSERT(jitcode != ReturnReg);
         Label error;
         masm.addPtr(Imm32(IonExitFrameLayout::SizeWithFooter()), esp);
         masm.addPtr(Imm32(BaselineFrame::Size()), framePtr);
         masm.branchIfFalseBool(ReturnReg, &error);
         masm.jump(jitcode);
         // OOM: load error value, discard return address and previous frame
         // pointer and return.
         masm.bind(&error);
         masm.mov(framePtr, esp);
         masm.addPtr(Imm32(2 * sizeof(uintptr_t)), esp);
         masm.moveValue(MagicValue(JS_ION_ERROR), JSReturnOperand);
         masm.mov(returnLabel.dest(), scratch);
         masm.jump(scratch);
         masm.bind(&notOsr);
         masm.loadPtr(Address(ebp, ARG_SCOPECHAIN), R1.scratchReg());
     }
     /***************************************************************
         Call passed-in code, get return value and fill in the
         passed in return value pointer
     ***************************************************************/
     masm.call(Operand(ebp, ARG_JITCODE));
     if (type == EnterJitBaseline) {
         // Baseline OSR will return here.
         masm.bind(returnLabel.src());
         if (!masm.addCodeLabel(returnLabel))
             return nullptr;
     }
     // Pop arguments off the stack.
     // eax <- 8*argc (size of all arguments we pushed on the stack)
     masm.pop(eax);
     masm.shrl(Imm32(FRAMESIZE_SHIFT), eax); // Unmark EntryFrame.
     masm.addl(eax, esp);
     // |ebp| could have been clobbered by the inner function.
     // Grab the address for the Value result from the argument stack.
     //  +24 ... arguments ...
     //  +20 <return>
     //  +16 ebp <- original %ebp pointing here.
     //  +12 ebx
     //  +8  esi
     //  +4  edi
     //  +0  hasSPSFrame
     masm.loadPtr(Address(esp, ARG_RESULT + 4 * sizeof(void *)), eax);
     masm.storeValue(JSReturnOperand, Operand(eax, 0));
     /**************************************************************
         Return stack and registers to correct state
     **************************************************************/
     // Unwind the sps mark.
     masm.spsUnmarkJit(&cx->runtime()->spsProfiler, ebx);
     // Restore non-volatile registers
     masm.pop(edi);
     masm.pop(esi);
     masm.pop(ebx);
     // Restore old stack frame pointer
     masm.pop(ebp);
     masm.ret();
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "EnterJIT");
 #endif
     return code;
 }
 JitCode *
 JitRuntime::generateInvalidator(JSContext *cx)
 {
     AutoIonContextAlloc aica(cx);
     MacroAssembler masm(cx);
     // We do the minimum amount of work in assembly and shunt the rest
     // off to InvalidationBailout. Assembly does:
     //
     // - Pop the return address from the invalidation epilogue call.
     // - Push the machine state onto the stack.
     // - Call the InvalidationBailout routine with the stack pointer.
     // - Now that the frame has been bailed out, convert the invalidated
     //   frame into an exit frame.
     // - Do the normal check-return-code-and-thunk-to-the-interpreter dance.
     masm.addl(Imm32(sizeof(uintptr_t)), esp);
     // Push registers such that we can access them from [base + code].
     masm.PushRegsInMask(AllRegs);
     masm.movl(esp, eax); // Argument to jit::InvalidationBailout.
     // Make space for InvalidationBailout's frameSize outparam.
     masm.reserveStack(sizeof(size_t));
     masm.movl(esp, ebx);
     // Make space for InvalidationBailout's bailoutInfo outparam.
     masm.reserveStack(sizeof(void *));
     masm.movl(esp, ecx);
     masm.setupUnalignedABICall(3, edx);
     masm.passABIArg(eax);
     masm.passABIArg(ebx);
     masm.passABIArg(ecx);
     masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, InvalidationBailout));
     masm.pop(ecx); // Get bailoutInfo outparam.
     masm.pop(ebx); // Get the frameSize outparam.
     // Pop the machine state and the dead frame.
     masm.lea(Operand(esp, ebx, TimesOne, sizeof(InvalidationBailoutStack)), esp);
     // Jump to shared bailout tail. The BailoutInfo pointer has to be in ecx.
     JitCode *bailoutTail = cx->runtime()->jitRuntime()->getBailoutTail();
     masm.jmp(bailoutTail);
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
     IonSpew(IonSpew_Invalidate, "   invalidation thunk created at %p", (void *) code->raw());
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "Invalidator");
 #endif
     return code;
 }
 JitCode *
 JitRuntime::generateArgumentsRectifier(JSContext *cx, ExecutionMode mode, void **returnAddrOut)
 {
     MacroAssembler masm(cx);
     // ArgumentsRectifierReg contains the |nargs| pushed onto the current frame.
     // Including |this|, there are (|nargs| + 1) arguments to copy.
     JS_ASSERT(ArgumentsRectifierReg == esi);
     // Load the number of |undefined|s to push into %ecx.
     masm.loadPtr(Address(esp, IonRectifierFrameLayout::offsetOfCalleeToken()), eax);
     masm.movzwl(Operand(eax, JSFunction::offsetOfNargs()), ecx);
     masm.subl(esi, ecx);
     // Copy the number of actual arguments.
     masm.loadPtr(Address(esp, IonRectifierFrameLayout::offsetOfNumActualArgs()), edx);
     masm.moveValue(UndefinedValue(), ebx, edi);
     // NOTE: The fact that x86 ArgumentsRectifier saves the FramePointer is relied upon
     // by the baseline bailout code.  If this changes, fix that code!  See
     // BaselineJIT.cpp/BaselineStackBuilder::calculatePrevFramePtr, and
     // BaselineJIT.cpp/InitFromBailout.  Check for the |#if defined(JS_CODEGEN_X86)| portions.
     masm.push(FramePointer);
     masm.movl(esp, FramePointer); // Save %esp.
     // Push undefined.
     {
         Label undefLoopTop;
         masm.bind(&undefLoopTop);
         masm.push(ebx); // type(undefined);
         masm.push(edi); // payload(undefined);
         masm.subl(Imm32(1), ecx);
         masm.j(Assembler::NonZero, &undefLoopTop);
     }
     // Get the topmost argument. We did a push of %ebp earlier, so be sure to
     // account for this in the offset
     BaseIndex b = BaseIndex(FramePointer, esi, TimesEight,
                             sizeof(IonRectifierFrameLayout) + sizeof(void*));
     masm.lea(Operand(b), ecx);
     // Push arguments, |nargs| + 1 times (to include |this|).
     masm.addl(Imm32(1), esi);
     {
         Label copyLoopTop;
         masm.bind(&copyLoopTop);
         masm.push(Operand(ecx, sizeof(Value)/2));
         masm.push(Operand(ecx, 0x0));
         masm.subl(Imm32(sizeof(Value)), ecx);
         masm.subl(Imm32(1), esi);
         masm.j(Assembler::NonZero, &copyLoopTop);
     }
     // Construct descriptor, accounting for pushed frame pointer above
     masm.lea(Operand(FramePointer, sizeof(void*)), ebx);
     masm.subl(esp, ebx);
     masm.makeFrameDescriptor(ebx, JitFrame_Rectifier);
     // Construct IonJSFrameLayout.
     masm.push(edx); // number of actual arguments
     masm.push(eax); // callee token
     masm.push(ebx); // descriptor
     // Call the target function.
     // Note that this assumes the function is JITted.
     masm.loadPtr(Address(eax, JSFunction::offsetOfNativeOrScript()), eax);
     masm.loadBaselineOrIonRaw(eax, eax, mode, nullptr);
     masm.call(eax);
     uint32_t returnOffset = masm.currentOffset();
     // Remove the rectifier frame.
     masm.pop(ebx);            // ebx <- descriptor with FrameType.
     masm.shrl(Imm32(FRAMESIZE_SHIFT), ebx); // ebx <- descriptor.
     masm.pop(edi);            // Discard calleeToken.
     masm.pop(edi);            // Discard number of actual arguments.
     // Discard pushed arguments, but not the pushed frame pointer.
     BaseIndex unwind = BaseIndex(esp, ebx, TimesOne, -int32_t(sizeof(void*)));
     masm.lea(Operand(unwind), esp);
     masm.pop(FramePointer);
     masm.ret();
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "ArgumentsRectifier");
 #endif
     CodeOffsetLabel returnLabel(returnOffset);
     returnLabel.fixup(&masm);
     if (returnAddrOut)
         *returnAddrOut = (void *) (code->raw() + returnLabel.offset());
     return code;
 }
 static void
 GenerateBailoutThunk(JSContext *cx, MacroAssembler &masm, uint32_t frameClass)
 {
     // Push registers such that we can access them from [base + code].
     masm.PushRegsInMask(AllRegs);
     // Push the bailout table number.
     masm.push(Imm32(frameClass));
     // The current stack pointer is the first argument to jit::Bailout.
     masm.movl(esp, eax);
     // Make space for Bailout's baioutInfo outparam.
     masm.reserveStack(sizeof(void *));
     masm.movl(esp, ebx);
     // Call the bailout function. This will correct the size of the bailout.
     masm.setupUnalignedABICall(2, ecx);
     masm.passABIArg(eax);
     masm.passABIArg(ebx);
     masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, Bailout));
     masm.pop(ecx); // Get bailoutInfo outparam.
     // Common size of stuff we've pushed.
     const uint32_t BailoutDataSize = sizeof(void *) + // frameClass
                                    sizeof(double) * FloatRegisters::Total +
                                    sizeof(void *) * Registers::Total;
     // Remove both the bailout frame and the topmost Ion frame's stack.
     if (frameClass == NO_FRAME_SIZE_CLASS_ID) {
         // We want the frameSize. Stack is:
         //    ... frame ...
         //    snapshotOffset
         //    frameSize
         //    ... bailoutFrame ...
         masm.addl(Imm32(BailoutDataSize), esp);
         masm.pop(ebx);
         masm.addl(Imm32(sizeof(uint32_t)), esp);
         masm.addl(ebx, esp);
     } else {
         // Stack is:
         //    ... frame ...
         //    bailoutId
         //    ... bailoutFrame ...
         uint32_t frameSize = FrameSizeClass::FromClass(frameClass).frameSize();
         masm.addl(Imm32(BailoutDataSize + sizeof(void *) + frameSize), esp);
     }
     // Jump to shared bailout tail. The BailoutInfo pointer has to be in ecx.
     JitCode *bailoutTail = cx->runtime()->jitRuntime()->getBailoutTail();
     masm.jmp(bailoutTail);
 }
 JitCode *
 JitRuntime::generateBailoutTable(JSContext *cx, uint32_t frameClass)
 {
     MacroAssembler masm;
     Label bailout;
     for (size_t i = 0; i < BAILOUT_TABLE_SIZE; i++)
         masm.call(&bailout);
     masm.bind(&bailout);
     GenerateBailoutThunk(cx, masm, frameClass);
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "BailoutHandler");
 #endif
     return code;
 }
 JitCode *
 JitRuntime::generateBailoutHandler(JSContext *cx)
 {
     MacroAssembler masm;
     GenerateBailoutThunk(cx, masm, NO_FRAME_SIZE_CLASS_ID);
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "BailoutHandler");
 #endif
     return code;
 }
 JitCode *
 JitRuntime::generateVMWrapper(JSContext *cx, const VMFunction &f)
 {
     JS_ASSERT(!StackKeptAligned);
     JS_ASSERT(functionWrappers_);
     JS_ASSERT(functionWrappers_->initialized());
     VMWrapperMap::AddPtr p = functionWrappers_->lookupForAdd(&f);
     if (p)
         return p->value();
     // Generate a separated code for the wrapper.
     MacroAssembler masm;
     // Avoid conflicts with argument registers while discarding the result after
     // the function call.
     GeneralRegisterSet regs = GeneralRegisterSet(Register::Codes::WrapperMask);
     // Wrapper register set is a superset of Volatile register set.
     JS_STATIC_ASSERT((Register::Codes::VolatileMask & ~Register::Codes::WrapperMask) == 0);
     // The context is the first argument.
     Register cxreg = regs.takeAny();
     // Stack is:
     //    ... frame ...
     //  +8  [args]
     //  +4  descriptor
     //  +0  returnAddress
     //
     // We're aligned to an exit frame, so link it up.
     masm.enterExitFrameAndLoadContext(&f, cxreg, regs.getAny(), f.executionMode);
     // Save the current stack pointer as the base for copying arguments.
     Register argsBase = InvalidReg;
     if (f.explicitArgs) {
         argsBase = regs.takeAny();
         masm.lea(Operand(esp, IonExitFrameLayout::SizeWithFooter()), argsBase);
     }
     // Reserve space for the outparameter.
     Register outReg = InvalidReg;
     switch (f.outParam) {
       case Type_Value:
         outReg = regs.takeAny();
         masm.Push(UndefinedValue());
         masm.movl(esp, outReg);
         break;
       case Type_Handle:
         outReg = regs.takeAny();
         masm.PushEmptyRooted(f.outParamRootType);
         masm.movl(esp, outReg);
         break;
       case Type_Int32:
       case Type_Pointer:
       case Type_Bool:
         outReg = regs.takeAny();
         masm.reserveStack(sizeof(int32_t));
         masm.movl(esp, outReg);
         break;
       case Type_Double:
         outReg = regs.takeAny();
         masm.reserveStack(sizeof(double));
         masm.movl(esp, outReg);
         break;
       default:
         JS_ASSERT(f.outParam == Type_Void);
         break;
     }
     masm.setupUnalignedABICall(f.argc(), regs.getAny());
     masm.passABIArg(cxreg);
     size_t argDisp = 0;
     // Copy arguments.
     for (uint32_t explicitArg = 0; explicitArg < f.explicitArgs; explicitArg++) {
         MoveOperand from;
         switch (f.argProperties(explicitArg)) {
           case VMFunction::WordByValue:
             masm.passABIArg(MoveOperand(argsBase, argDisp), MoveOp::GENERAL);
             argDisp += sizeof(void *);
             break;
           case VMFunction::DoubleByValue:
             // We don't pass doubles in float registers on x86, so no need
             // to check for argPassedInFloatReg.
             masm.passABIArg(MoveOperand(argsBase, argDisp), MoveOp::GENERAL);
             argDisp += sizeof(void *);
             masm.passABIArg(MoveOperand(argsBase, argDisp), MoveOp::GENERAL);
             argDisp += sizeof(void *);
             break;
           case VMFunction::WordByRef:
             masm.passABIArg(MoveOperand(argsBase, argDisp, MoveOperand::EFFECTIVE_ADDRESS),
                             MoveOp::GENERAL);
             argDisp += sizeof(void *);
             break;
           case VMFunction::DoubleByRef:
             masm.passABIArg(MoveOperand(argsBase, argDisp, MoveOperand::EFFECTIVE_ADDRESS),
                             MoveOp::GENERAL);
             argDisp += 2 * sizeof(void *);
             break;
         }
     }
     // Copy the implicit outparam, if any.
     if (outReg != InvalidReg)
         masm.passABIArg(outReg);
     masm.callWithABI(f.wrapped);
     // Test for failure.
     switch (f.failType()) {
       case Type_Object:
         masm.branchTestPtr(Assembler::Zero, eax, eax, masm.failureLabel(f.executionMode));
         break;
       case Type_Bool:
         masm.testb(eax, eax);
         masm.j(Assembler::Zero, masm.failureLabel(f.executionMode));
         break;
       default:
         MOZ_ASSUME_UNREACHABLE("unknown failure kind");
     }
     // Load the outparam and free any allocated stack.
     switch (f.outParam) {
       case Type_Handle:
         masm.popRooted(f.outParamRootType, ReturnReg, JSReturnOperand);
         break;
       case Type_Value:
         masm.Pop(JSReturnOperand);
         break;
       case Type_Int32:
       case Type_Pointer:
         masm.Pop(ReturnReg);
         break;
       case Type_Bool:
         masm.Pop(ReturnReg);
         masm.movzbl(ReturnReg, ReturnReg);
         break;
       case Type_Double:
         if (cx->runtime()->jitSupportsFloatingPoint)
             masm.Pop(ReturnFloatReg);
         else
             masm.assumeUnreachable("Unable to pop to float reg, with no FP support.");
         break;
       default:
         JS_ASSERT(f.outParam == Type_Void);
         break;
     }
     masm.leaveExitFrame();
     masm.retn(Imm32(sizeof(IonExitFrameLayout) +
                     f.explicitStackSlots() * sizeof(void *) +
                     f.extraValuesToPop * sizeof(Value)));
     Linker linker(masm);
     JitCode *wrapper = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
     if (!wrapper)
         return nullptr;
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(wrapper, "VMWrapper");
 #endif
     // linker.newCode may trigger a GC and sweep functionWrappers_ so we have to
     // use relookupOrAdd instead of add.
     if (!functionWrappers_->relookupOrAdd(p, &f, wrapper))
         return nullptr;
     return wrapper;
 }
 JitCode *
 JitRuntime::generatePreBarrier(JSContext *cx, MIRType type)
 {
     MacroAssembler masm;
     RegisterSet save;
     if (cx->runtime()->jitSupportsFloatingPoint) {
         save = RegisterSet(GeneralRegisterSet(Registers::VolatileMask),
                            FloatRegisterSet(FloatRegisters::VolatileMask));
     } else {
         save = RegisterSet(GeneralRegisterSet(Registers::VolatileMask),
                            FloatRegisterSet());
     }
     masm.PushRegsInMask(save);
     JS_ASSERT(PreBarrierReg == edx);
     masm.movl(ImmPtr(cx->runtime()), ecx);
     masm.setupUnalignedABICall(2, eax);
     masm.passABIArg(ecx);
     masm.passABIArg(edx);
     if (type == MIRType_Value) {
         masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, MarkValueFromIon));
     } else {
         JS_ASSERT(type == MIRType_Shape);
         masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, MarkShapeFromIon));
     }
     masm.PopRegsInMask(save);
     masm.ret();
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "PreBarrier");
 #endif
     return code;
 }
 typedef bool (*HandleDebugTrapFn)(JSContext *, BaselineFrame *, uint8_t *, bool *);
 static const VMFunction HandleDebugTrapInfo = FunctionInfo<HandleDebugTrapFn>(HandleDebugTrap);
 JitCode *
 JitRuntime::generateDebugTrapHandler(JSContext *cx)
 {
     MacroAssembler masm;
     Register scratch1 = eax;
     Register scratch2 = ecx;
     Register scratch3 = edx;
     // Load the return address in scratch1.
     masm.loadPtr(Address(esp, 0), scratch1);
     // Load BaselineFrame pointer in scratch2.
     masm.mov(ebp, scratch2);
     masm.subPtr(Imm32(BaselineFrame::Size()), scratch2);
     // Enter a stub frame and call the HandleDebugTrap VM function. Ensure
     // the stub frame has a nullptr ICStub pointer, since this pointer is
     // marked during GC.
     masm.movePtr(ImmPtr(nullptr), BaselineStubReg);
     EmitEnterStubFrame(masm, scratch3);
     JitCode *code = cx->runtime()->jitRuntime()->getVMWrapper(HandleDebugTrapInfo);
     if (!code)
         return nullptr;
     masm.push(scratch1);
     masm.push(scratch2);
     EmitCallVM(code, masm);
     EmitLeaveStubFrame(masm);
     // If the stub returns |true|, we have to perform a forced return
     // (return from the JS frame). If the stub returns |false|, just return
     // from the trap stub so that execution continues at the current pc.
     Label forcedReturn;
     masm.branchTest32(Assembler::NonZero, ReturnReg, ReturnReg, &forcedReturn);
     masm.ret();
     masm.bind(&forcedReturn);
     masm.loadValue(Address(ebp, BaselineFrame::reverseOffsetOfReturnValue()),
                    JSReturnOperand);
     masm.mov(ebp, esp);
     masm.pop(ebp);
     masm.ret();
     Linker linker(masm);
     JitCode *codeDbg = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(codeDbg, "DebugTrapHandler");
 #endif
     return codeDbg;
 }
 JitCode *
 JitRuntime::generateExceptionTailStub(JSContext *cx)
 {
     MacroAssembler masm;
     masm.handleFailureWithHandlerTail();
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "ExceptionTailStub");
 #endif
     return code;
 }
 JitCode *
 JitRuntime::generateBailoutTailStub(JSContext *cx)
 {
     MacroAssembler masm;
     masm.generateBailoutTail(edx, ecx);
     Linker linker(masm);
     JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
 #ifdef JS_ION_PERF
     writePerfSpewerJitCodeProfile(code, "BailoutTailStub");
 #endif
     return code;
 }

The Tor Browser / annotate

js/src/jit/x86/Trampoline-x86.cpp@6474c204b198 (annotated)

js/src/jit/x86/Trampoline-x86.cpp