The Tor Browser: comparison js/src/jit/arm/Assembler-arm.cpp

--1:000000000000
+:25e329929056
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+* vim: set ts=8 sts=4 et sw=4 tw=99:
+* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "jit/arm/Assembler-arm.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/MathAlgorithms.h"
+#include "jscompartment.h"
+#include "jsutil.h"
+#include "assembler/jit/ExecutableAllocator.h"
+#include "gc/Marking.h"
+#include "jit/arm/MacroAssembler-arm.h"
+#include "jit/JitCompartment.h"
+using namespace js;
+using namespace js::jit;
+using mozilla::CountLeadingZeroes32;
+// Note this is used for inter-AsmJS calls and may pass arguments and results
+// in floating point registers even if the system ABI does not.
+ABIArgGenerator::ABIArgGenerator() :
+intRegIndex_(0),
+floatRegIndex_(0),
+stackOffset_(0),
+current_()
+{}
+ABIArg
+ABIArgGenerator::next(MIRType type)
+{
+switch (type) {
+case MIRType_Int32:
+case MIRType_Pointer:
+if (intRegIndex_ == NumIntArgRegs) {
+current_ = ABIArg(stackOffset_);
+stackOffset_ += sizeof(uint32_t);
+break;
+}
+current_ = ABIArg(Register::FromCode(intRegIndex_));
+intRegIndex_++;
+break;
+case MIRType_Float32:
+case MIRType_Double:
+if (floatRegIndex_ == NumFloatArgRegs) {
+static const int align = sizeof(double) - 1;
+stackOffset_ = (stackOffset_ + align) & ~align;
+current_ = ABIArg(stackOffset_);
+stackOffset_ += sizeof(uint64_t);
+break;
+}
+current_ = ABIArg(FloatRegister::FromCode(floatRegIndex_));
+floatRegIndex_++;
+break;
+default:
+MOZ_ASSUME_UNREACHABLE("Unexpected argument type");
+}
+return current_;
+}
+const Register ABIArgGenerator::NonArgReturnVolatileReg0 = r4;
+const Register ABIArgGenerator::NonArgReturnVolatileReg1 = r5;
+// Encode a standard register when it is being used as src1, the dest, and
+// an extra register. These should never be called with an InvalidReg.
+uint32_t
+js::jit::RT(Register r)
+{
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 12;
+}
+uint32_t
+js::jit::RN(Register r)
+{
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 16;
+}
+uint32_t
+js::jit::RD(Register r)
+{
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 12;
+}
+uint32_t
+js::jit::RM(Register r)
+{
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 8;
+}
+// Encode a standard register when it is being used as src1, the dest, and
+// an extra register.  For these, an InvalidReg is used to indicate a optional
+// register that has been omitted.
+uint32_t
+js::jit::maybeRT(Register r)
+{
+if (r == InvalidReg)
+return 0;
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 12;
+}
+uint32_t
+js::jit::maybeRN(Register r)
+{
+if (r == InvalidReg)
+return 0;
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 16;
+}
+uint32_t
+js::jit::maybeRD(Register r)
+{
+if (r == InvalidReg)
+return 0;
+JS_ASSERT((r.code() & ~0xf) == 0);
+return r.code() << 12;
+}
+Register
+js::jit::toRD(Instruction &i)
+{
+return Register::FromCode((i.encode()>>12) & 0xf);
+}
+Register
+js::jit::toR(Instruction &i)
+{
+return Register::FromCode(i.encode() & 0xf);
+}
+Register
+js::jit::toRM(Instruction &i)
+{
+return Register::FromCode((i.encode()>>8) & 0xf);
+}
+Register
+js::jit::toRN(Instruction &i)
+{
+return Register::FromCode((i.encode()>>16) & 0xf);
+}
+uint32_t
+js::jit::VD(VFPRegister vr)
+{
+if (vr.isMissing())
+return 0;
+//bits 15,14,13,12, 22
+VFPRegister::VFPRegIndexSplit s = vr.encode();
+return s.bit << 22 | s.block << 12;
+}
+uint32_t
+js::jit::VN(VFPRegister vr)
+{
+if (vr.isMissing())
+return 0;
+// bits 19,18,17,16, 7
+VFPRegister::VFPRegIndexSplit s = vr.encode();
+return s.bit << 7 | s.block << 16;
+}
+uint32_t
+js::jit::VM(VFPRegister vr)
+{
+if (vr.isMissing())
+return 0;
+// bits 5, 3,2,1,0
+VFPRegister::VFPRegIndexSplit s = vr.encode();
+return s.bit << 5 | s.block;
+}
+VFPRegister::VFPRegIndexSplit
+jit::VFPRegister::encode()
+{
+JS_ASSERT(!_isInvalid);
+switch (kind) {
+case Double:
+return VFPRegIndexSplit(_code &0xf , _code >> 4);
+case Single:
+return VFPRegIndexSplit(_code >> 1, _code & 1);
+default:
+// vfp register treated as an integer, NOT a gpr
+return VFPRegIndexSplit(_code >> 1, _code & 1);
+}
+}
+VFPRegister js::jit::NoVFPRegister(true);
+bool
+InstDTR::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsDTRMask) == (uint32_t)IsDTR;
+}
+InstDTR *
+InstDTR::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstDTR*)&i;
+return nullptr;
+}
+bool
+InstLDR::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsDTRMask) == (uint32_t)IsDTR;
+}
+InstLDR *
+InstLDR::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstLDR*)&i;
+return nullptr;
+}
+InstNOP *
+InstNOP::asTHIS(Instruction &i)
+{
+if (isTHIS(i))
+return (InstNOP*) (&i);
+return nullptr;
+}
+bool
+InstNOP::isTHIS(const Instruction &i)
+{
+return (i.encode() & 0x0fffffff) == NopInst;
+}
+bool
+InstBranchReg::isTHIS(const Instruction &i)
+{
+return InstBXReg::isTHIS(i) || InstBLXReg::isTHIS(i);
+}
+InstBranchReg *
+InstBranchReg::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstBranchReg*)&i;
+return nullptr;
+}
+void
+InstBranchReg::extractDest(Register *dest)
+{
+*dest = toR(*this);
+}
+bool
+InstBranchReg::checkDest(Register dest)
+{
+return dest == toR(*this);
+}
+bool
+InstBranchImm::isTHIS(const Instruction &i)
+{
+return InstBImm::isTHIS(i) || InstBLImm::isTHIS(i);
+}
+InstBranchImm *
+InstBranchImm::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstBranchImm*)&i;
+return nullptr;
+}
+void
+InstBranchImm::extractImm(BOffImm *dest)
+{
+*dest = BOffImm(*this);
+}
+bool
+InstBXReg::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsBRegMask) == IsBX;
+}
+InstBXReg *
+InstBXReg::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstBXReg*)&i;
+return nullptr;
+}
+bool
+InstBLXReg::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsBRegMask) == IsBLX;
+}
+InstBLXReg *
+InstBLXReg::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstBLXReg*)&i;
+return nullptr;
+}
+bool
+InstBImm::isTHIS(const Instruction &i)
+{
+return (i.encode () & IsBImmMask) == IsB;
+}
+InstBImm *
+InstBImm::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstBImm*)&i;
+return nullptr;
+}
+bool
+InstBLImm::isTHIS(const Instruction &i)
+{
+return (i.encode () & IsBImmMask) == IsBL;
+}
+InstBLImm *
+InstBLImm::asTHIS(Instruction &i)
+{
+if (isTHIS(i))
+return (InstBLImm*)&i;
+return nullptr;
+}
+bool
+InstMovWT::isTHIS(Instruction &i)
+{
+return  InstMovW::isTHIS(i) || InstMovT::isTHIS(i);
+}
+InstMovWT *
+InstMovWT::asTHIS(Instruction &i)
+{
+if (isTHIS(i))
+return (InstMovWT*)&i;
+return nullptr;
+}
+void
+InstMovWT::extractImm(Imm16 *imm)
+{
+*imm = Imm16(*this);
+}
+bool
+InstMovWT::checkImm(Imm16 imm)
+{
+return imm.decode() == Imm16(*this).decode();
+}
+void
+InstMovWT::extractDest(Register *dest)
+{
+*dest = toRD(*this);
+}
+bool
+InstMovWT::checkDest(Register dest)
+{
+return dest == toRD(*this);
+}
+bool
+InstMovW::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsWTMask) == IsW;
+}
+InstMovW *
+InstMovW::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstMovW*) (&i);
+return nullptr;
+}
+InstMovT *
+InstMovT::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstMovT*) (&i);
+return nullptr;
+}
+bool
+InstMovT::isTHIS(const Instruction &i)
+{
+return (i.encode() & IsWTMask) == IsT;
+}
+InstALU *
+InstALU::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstALU*) (&i);
+return nullptr;
+}
+bool
+InstALU::isTHIS(const Instruction &i)
+{
+return (i.encode() & ALUMask) == 0;
+}
+void
+InstALU::extractOp(ALUOp *ret)
+{
+*ret = ALUOp(encode() & (0xf << 21));
+}
+bool
+InstALU::checkOp(ALUOp op)
+{
+ALUOp mine;
+extractOp(&mine);
+return mine == op;
+}
+void
+InstALU::extractDest(Register *ret)
+{
+*ret = toRD(*this);
+}
+bool
+InstALU::checkDest(Register rd)
+{
+return rd == toRD(*this);
+}
+void
+InstALU::extractOp1(Register *ret)
+{
+*ret = toRN(*this);
+}
+bool
+InstALU::checkOp1(Register rn)
+{
+return rn == toRN(*this);
+}
+Operand2
+InstALU::extractOp2()
+{
+return Operand2(encode());
+}
+InstCMP *
+InstCMP::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstCMP*) (&i);
+return nullptr;
+}
+bool
+InstCMP::isTHIS(const Instruction &i)
+{
+return InstALU::isTHIS(i) && InstALU::asTHIS(i)->checkDest(r0) && InstALU::asTHIS(i)->checkOp(op_cmp);
+}
+InstMOV *
+InstMOV::asTHIS(const Instruction &i)
+{
+if (isTHIS(i))
+return (InstMOV*) (&i);
+return nullptr;
+}
+bool
+InstMOV::isTHIS(const Instruction &i)
+{
+return InstALU::isTHIS(i) && InstALU::asTHIS(i)->checkOp1(r0) && InstALU::asTHIS(i)->checkOp(op_mov);
+}
+Op2Reg
+Operand2::toOp2Reg() {
+return *(Op2Reg*)this;
+}
+O2RegImmShift
+Op2Reg::toO2RegImmShift() {
+return *(O2RegImmShift*)this;
+}
+O2RegRegShift
+Op2Reg::toO2RegRegShift() {
+return *(O2RegRegShift*)this;
+}
+Imm16::Imm16(Instruction &inst)
+: lower(inst.encode() & 0xfff),
+upper(inst.encode() >> 16),
+invalid(0xfff)
+{ }
+Imm16::Imm16(uint32_t imm)
+: lower(imm & 0xfff), pad(0),
+upper((imm>>12) & 0xf),
+invalid(0)
+{
+JS_ASSERT(decode() == imm);
+}
+Imm16::Imm16()
+: invalid(0xfff)
+{ }
+void
+jit::PatchJump(CodeLocationJump &jump_, CodeLocationLabel label)
+{
+// We need to determine if this jump can fit into the standard 24+2 bit address
+// or if we need a larger branch (or just need to use our pool entry)
+Instruction *jump = (Instruction*)jump_.raw();
+Assembler::Condition c;
+jump->extractCond(&c);
+JS_ASSERT(jump->is<InstBranchImm>() || jump->is<InstLDR>());
+int jumpOffset = label.raw() - jump_.raw();
+if (BOffImm::isInRange(jumpOffset)) {
+// This instruction started off as a branch, and will remain one
+Assembler::retargetNearBranch(jump, jumpOffset, c);
+} else {
+// This instruction started off as a branch, but now needs to be demoted to an ldr.
+uint8_t **slot = reinterpret_cast<uint8_t**>(jump_.jumpTableEntry());
+Assembler::retargetFarBranch(jump, slot, label.raw(), c);
+}
+}
+void
+Assembler::finish()
+{
+flush();
+JS_ASSERT(!isFinished);
+isFinished = true;
+for (unsigned int i = 0; i < tmpDataRelocations_.length(); i++) {
+int offset = tmpDataRelocations_[i].getOffset();
+int real_offset = offset + m_buffer.poolSizeBefore(offset);
+dataRelocations_.writeUnsigned(real_offset);
+}
+for (unsigned int i = 0; i < tmpJumpRelocations_.length(); i++) {
+int offset = tmpJumpRelocations_[i].getOffset();
+int real_offset = offset + m_buffer.poolSizeBefore(offset);
+jumpRelocations_.writeUnsigned(real_offset);
+}
+for (unsigned int i = 0; i < tmpPreBarriers_.length(); i++) {
+int offset = tmpPreBarriers_[i].getOffset();
+int real_offset = offset + m_buffer.poolSizeBefore(offset);
+preBarriers_.writeUnsigned(real_offset);
+}
+}
+void
+Assembler::executableCopy(uint8_t *buffer)
+{
+JS_ASSERT(isFinished);
+m_buffer.executableCopy(buffer);
+AutoFlushICache::setRange(uintptr_t(buffer), m_buffer.size());
+}
+void
+Assembler::resetCounter()
+{
+m_buffer.resetCounter();
+}
+uint32_t
+Assembler::actualOffset(uint32_t off_) const
+{
+return off_ + m_buffer.poolSizeBefore(off_);
+}
+uint32_t
+Assembler::actualIndex(uint32_t idx_) const
+{
+ARMBuffer::PoolEntry pe(idx_);
+return m_buffer.poolEntryOffset(pe);
+}
+uint8_t *
+Assembler::PatchableJumpAddress(JitCode *code, uint32_t pe_)
+{
+return code->raw() + pe_;
+}
+BufferOffset
+Assembler::actualOffset(BufferOffset off_) const
+{
+return BufferOffset(off_.getOffset() + m_buffer.poolSizeBefore(off_.getOffset()));
+}
+class RelocationIterator
+{
+CompactBufferReader reader_;
+// offset in bytes
+uint32_t offset_;
+public:
+RelocationIterator(CompactBufferReader &reader)
+: reader_(reader)
+{ }
+bool read() {
+if (!reader_.more())
+return false;
+offset_ = reader_.readUnsigned();
+return true;
+}
+uint32_t offset() const {
+return offset_;
+}
+};
+template<class Iter>
+const uint32_t *
+Assembler::getCF32Target(Iter *iter)
+{
+Instruction *inst1 = iter->cur();
+Instruction *inst2 = iter->next();
+Instruction *inst3 = iter->next();
+Instruction *inst4 = iter->next();
+if (inst1->is<InstBranchImm>()) {
+// see if we have a simple case, b #offset
+BOffImm imm;
+InstBranchImm *jumpB = inst1->as<InstBranchImm>();
+jumpB->extractImm(&imm);
+return imm.getDest(inst1)->raw();
+}
+if (inst1->is<InstMovW>() && inst2->is<InstMovT>() &&
+(inst3->is<InstNOP>() || inst3->is<InstBranchReg>() || inst4->is<InstBranchReg>()))
+{
+// see if we have the complex case,
+// movw r_temp, #imm1
+// movt r_temp, #imm2
+// bx r_temp
+// OR
+// movw r_temp, #imm1
+// movt r_temp, #imm2
+// str pc, [sp]
+// bx r_temp
+Imm16 targ_bot;
+Imm16 targ_top;
+Register temp;
+// Extract both the temp register and the bottom immediate.
+InstMovW *bottom = inst1->as<InstMovW>();
+bottom->extractImm(&targ_bot);
+bottom->extractDest(&temp);
+// Extract the top part of the immediate.
+InstMovT *top = inst2->as<InstMovT>();
+top->extractImm(&targ_top);
+// Make sure they are being loaded into the same register.
+JS_ASSERT(top->checkDest(temp));
+// Make sure we're branching to the same register.
+#ifdef DEBUG
+// A toggled call sometimes has a NOP instead of a branch for the third instruction.
+// No way to assert that it's valid in that situation.
+if (!inst3->is<InstNOP>()) {
+InstBranchReg *realBranch = inst3->is<InstBranchReg>() ? inst3->as<InstBranchReg>()
+: inst4->as<InstBranchReg>();
+JS_ASSERT(realBranch->checkDest(temp));
+}
+#endif
+uint32_t *dest = (uint32_t*) (targ_bot.decode() | (targ_top.decode() << 16));
+return dest;
+}
+if (inst1->is<InstLDR>()) {
+InstLDR *load = inst1->as<InstLDR>();
+uint32_t inst = load->encode();
+// get the address of the instruction as a raw pointer
+char *dataInst = reinterpret_cast<char*>(load);
+IsUp_ iu = IsUp_(inst & IsUp);
+int32_t offset = inst & 0xfff;
+if (iu != IsUp) {
+offset = - offset;
+}
+uint32_t **ptr = (uint32_t **)&dataInst[offset + 8];
+return *ptr;
+}
+MOZ_ASSUME_UNREACHABLE("unsupported branch relocation");
+}
+uintptr_t
+Assembler::getPointer(uint8_t *instPtr)
+{
+InstructionIterator iter((Instruction*)instPtr);
+uintptr_t ret = (uintptr_t)getPtr32Target(&iter, nullptr, nullptr);
+return ret;
+}
+template<class Iter>
+const uint32_t *
+Assembler::getPtr32Target(Iter *start, Register *dest, RelocStyle *style)
+{
+Instruction *load1 = start->cur();
+Instruction *load2 = start->next();
+if (load1->is<InstMovW>() && load2->is<InstMovT>()) {
+// see if we have the complex case,
+// movw r_temp, #imm1
+// movt r_temp, #imm2
+Imm16 targ_bot;
+Imm16 targ_top;
+Register temp;
+// Extract both the temp register and the bottom immediate.
+InstMovW *bottom = load1->as<InstMovW>();
+bottom->extractImm(&targ_bot);
+bottom->extractDest(&temp);
+// Extract the top part of the immediate.
+InstMovT *top = load2->as<InstMovT>();
+top->extractImm(&targ_top);
+// Make sure they are being loaded intothe same register.
+JS_ASSERT(top->checkDest(temp));
+if (dest)
+*dest = temp;
+if (style)
+*style = L_MOVWT;
+uint32_t *value = (uint32_t*) (targ_bot.decode() | (targ_top.decode() << 16));
+return value;
+}
+if (load1->is<InstLDR>()) {
+InstLDR *load = load1->as<InstLDR>();
+uint32_t inst = load->encode();
+// get the address of the instruction as a raw pointer
+char *dataInst = reinterpret_cast<char*>(load);
+IsUp_ iu = IsUp_(inst & IsUp);
+int32_t offset = inst & 0xfff;
+if (iu == IsDown)
+offset = - offset;
+if (dest)
+*dest = toRD(*load);
+if (style)
+*style = L_LDR;
+uint32_t **ptr = (uint32_t **)&dataInst[offset + 8];
+return *ptr;
+}
+MOZ_ASSUME_UNREACHABLE("unsupported relocation");
+}
+static JitCode *
+CodeFromJump(InstructionIterator *jump)
+{
+uint8_t *target = (uint8_t *)Assembler::getCF32Target(jump);
+return JitCode::FromExecutable(target);
+}
+void
+Assembler::TraceJumpRelocations(JSTracer *trc, JitCode *code, CompactBufferReader &reader)
+{
+RelocationIterator iter(reader);
+while (iter.read()) {
+InstructionIterator institer((Instruction *) (code->raw() + iter.offset()));
+JitCode *child = CodeFromJump(&institer);
+MarkJitCodeUnbarriered(trc, &child, "rel32");
+}
+}
+static void
+TraceDataRelocations(JSTracer *trc, uint8_t *buffer, CompactBufferReader &reader)
+{
+while (reader.more()) {
+size_t offset = reader.readUnsigned();
+InstructionIterator iter((Instruction*)(buffer+offset));
+void *ptr = const_cast<uint32_t *>(js::jit::Assembler::getPtr32Target(&iter));
+// No barrier needed since these are constants.
+gc::MarkGCThingUnbarriered(trc, reinterpret_cast<void **>(&ptr), "ion-masm-ptr");
+}
+}
+static void
+TraceDataRelocations(JSTracer *trc, ARMBuffer *buffer,
+js::Vector<BufferOffset, 0, SystemAllocPolicy> *locs)
+{
+for (unsigned int idx = 0; idx < locs->length(); idx++) {
+BufferOffset bo = (*locs)[idx];
+ARMBuffer::AssemblerBufferInstIterator iter(bo, buffer);
+void *ptr = const_cast<uint32_t *>(jit::Assembler::getPtr32Target(&iter));
+// No barrier needed since these are constants.
+gc::MarkGCThingUnbarriered(trc, reinterpret_cast<void **>(&ptr), "ion-masm-ptr");
+}
+}
+void
+Assembler::TraceDataRelocations(JSTracer *trc, JitCode *code, CompactBufferReader &reader)
+{
+::TraceDataRelocations(trc, code->raw(), reader);
+}
+void
+Assembler::copyJumpRelocationTable(uint8_t *dest)
+{
+if (jumpRelocations_.length())
+memcpy(dest, jumpRelocations_.buffer(), jumpRelocations_.length());
+}
+void
+Assembler::copyDataRelocationTable(uint8_t *dest)
+{
+if (dataRelocations_.length())
+memcpy(dest, dataRelocations_.buffer(), dataRelocations_.length());
+}
+void
+Assembler::copyPreBarrierTable(uint8_t *dest)
+{
+if (preBarriers_.length())
+memcpy(dest, preBarriers_.buffer(), preBarriers_.length());
+}
+void
+Assembler::trace(JSTracer *trc)
+{
+for (size_t i = 0; i < jumps_.length(); i++) {
+RelativePatch &rp = jumps_[i];
+if (rp.kind == Relocation::JITCODE) {
+JitCode *code = JitCode::FromExecutable((uint8_t*)rp.target);
+MarkJitCodeUnbarriered(trc, &code, "masmrel32");
+JS_ASSERT(code == JitCode::FromExecutable((uint8_t*)rp.target));
+}
+}
+if (tmpDataRelocations_.length())
+::TraceDataRelocations(trc, &m_buffer, &tmpDataRelocations_);
+}
+void
+Assembler::processCodeLabels(uint8_t *rawCode)
+{
+for (size_t i = 0; i < codeLabels_.length(); i++) {
+CodeLabel label = codeLabels_[i];
+Bind(rawCode, label.dest(), rawCode + actualOffset(label.src()->offset()));
+}
+}
+void
+Assembler::writeCodePointer(AbsoluteLabel *absoluteLabel) {
+JS_ASSERT(!absoluteLabel->bound());
+BufferOffset off = writeInst(LabelBase::INVALID_OFFSET);
+// x86/x64 makes general use of AbsoluteLabel and weaves a linked list of
+// uses of an AbsoluteLabel through the assembly. ARM only uses labels
+// for the case statements of switch jump tables. Thus, for simplicity, we
+// simply treat the AbsoluteLabel as a label and bind it to the offset of
+// the jump table entry that needs to be patched.
+LabelBase *label = absoluteLabel;
+label->bind(off.getOffset());
+}
+void
+Assembler::Bind(uint8_t *rawCode, AbsoluteLabel *label, const void *address)
+{
+// See writeCodePointer comment.
+uint32_t off = actualOffset(label->offset());
+*reinterpret_cast<const void **>(rawCode + off) = address;
+}
+Assembler::Condition
+Assembler::InvertCondition(Condition cond)
+{
+const uint32_t ConditionInversionBit = 0x10000000;
+return Condition(ConditionInversionBit ^ cond);
+}
+Imm8::TwoImm8mData
+Imm8::encodeTwoImms(uint32_t imm)
+{
+// In the ideal case, we are looking for a number that (in binary) looks like:
+// 0b((00)*)n_1((00)*)n_2((00)*)
+//    left  n1   mid  n2
+// where both n_1 and n_2 fit into 8 bits.
+// since this is being done with rotates, we also need to handle the case
+// that one of these numbers is in fact split between the left and right
+// sides, in which case the constant will look like:
+// 0bn_1a((00)*)n_2((00)*)n_1b
+//   n1a  mid  n2   rgh    n1b
+// also remember, values are rotated by multiples of two, and left,
+// mid or right can have length zero
+uint32_t imm1, imm2;
+int left = CountLeadingZeroes32(imm) & 0x1E;
+uint32_t no_n1 = imm & ~(0xff << (24 - left));
+// not technically needed: this case only happens if we can encode
+// as a single imm8m.  There is a perfectly reasonable encoding in this
+// case, but we shouldn't encourage people to do things like this.
+if (no_n1 == 0)
+return TwoImm8mData();
+int mid = CountLeadingZeroes32(no_n1) & 0x1E;
+uint32_t no_n2 = no_n1 & ~((0xff << ((24 - mid) & 0x1f)) | 0xff >> ((8 + mid) & 0x1f));
+if (no_n2 == 0) {
+// we hit the easy case, no wraparound.
+// note: a single constant *may* look like this.
+int imm1shift = left + 8;
+int imm2shift = mid + 8;
+imm1 = (imm >> (32 - imm1shift)) & 0xff;
+if (imm2shift >= 32) {
+imm2shift = 0;
+// this assert does not always hold
+//assert((imm & 0xff) == no_n1);
+// in fact, this would lead to some incredibly subtle bugs.
+imm2 = no_n1;
+} else {
+imm2 = ((imm >> (32 - imm2shift)) | (imm << imm2shift)) & 0xff;
+JS_ASSERT( ((no_n1 >> (32 - imm2shift)) | (no_n1 << imm2shift)) ==
+imm2);
+}
+JS_ASSERT((imm1shift & 0x1) == 0);
+JS_ASSERT((imm2shift & 0x1) == 0);
+return TwoImm8mData(datastore::Imm8mData(imm1, imm1shift >> 1),
+datastore::Imm8mData(imm2, imm2shift >> 1));
+}
+// either it wraps, or it does not fit.
+// if we initially chopped off more than 8 bits, then it won't fit.
+if (left >= 8)
+return TwoImm8mData();
+int right = 32 - (CountLeadingZeroes32(no_n2) & 30);
+// all remaining set bits *must* fit into the lower 8 bits
+// the right == 8 case should be handled by the previous case.
+if (right > 8)
+return TwoImm8mData();
+// make sure the initial bits that we removed for no_n1
+// fit into the 8-(32-right) leftmost bits
+if (((imm & (0xff << (24 - left))) << (8-right)) != 0) {
+// BUT we may have removed more bits than we needed to for no_n1
+// 0x04104001 e.g. we can encode 0x104 with a single op, then
+// 0x04000001 with a second, but we try to encode 0x0410000
+// and find that we need a second op for 0x4000, and 0x1 cannot
+// be included in the encoding of 0x04100000
+no_n1 = imm & ~((0xff >> (8-right)) | (0xff << (24 + right)));
+mid = CountLeadingZeroes32(no_n1) & 30;
+no_n2 =
+no_n1  & ~((0xff << ((24 - mid)&31)) | 0xff >> ((8 + mid)&31));
+if (no_n2 != 0)
+return TwoImm8mData();
+}
+// now assemble all of this information into a two coherent constants
+// it is a rotate right from the lower 8 bits.
+int imm1shift = 8 - right;
+imm1 = 0xff & ((imm << imm1shift) | (imm >> (32 - imm1shift)));
+JS_ASSERT ((imm1shift&~0x1e) == 0);
+// left + 8 + mid is the position of the leftmost bit of n_2.
+// we needed to rotate 0x000000ab right by 8 in order to get
+// 0xab000000, then shift again by the leftmost bit in order to
+// get the constant that we care about.
+int imm2shift =  mid + 8;
+imm2 = ((imm >> (32 - imm2shift)) | (imm << imm2shift)) & 0xff;
+JS_ASSERT((imm1shift & 0x1) == 0);
+JS_ASSERT((imm2shift & 0x1) == 0);
+return TwoImm8mData(datastore::Imm8mData(imm1, imm1shift >> 1),
+datastore::Imm8mData(imm2, imm2shift >> 1));
+}
+ALUOp
+jit::ALUNeg(ALUOp op, Register dest, Imm32 *imm, Register *negDest)
+{
+// find an alternate ALUOp to get the job done, and use a different imm.
+*negDest = dest;
+switch (op) {
+case op_mov:
+*imm = Imm32(~imm->value);
+return op_mvn;
+case op_mvn:
+*imm = Imm32(~imm->value);
+return op_mov;
+case op_and:
+*imm = Imm32(~imm->value);
+return op_bic;
+case op_bic:
+*imm = Imm32(~imm->value);
+return op_and;
+case op_add:
+*imm = Imm32(-imm->value);
+return op_sub;
+case op_sub:
+*imm = Imm32(-imm->value);
+return op_add;
+case op_cmp:
+*imm = Imm32(-imm->value);
+return op_cmn;
+case op_cmn:
+*imm = Imm32(-imm->value);
+return op_cmp;
+case op_tst:
+JS_ASSERT(dest == InvalidReg);
+*imm = Imm32(~imm->value);
+*negDest = ScratchRegister;
+return op_bic;
+// orr has orn on thumb2 only.
+default:
+return op_invalid;
+}
+}
+bool
+jit::can_dbl(ALUOp op)
+{
+// some instructions can't be processed as two separate instructions
+// such as and, and possibly add (when we're setting ccodes).
+// there is also some hilarity with *reading* condition codes.
+// for example, adc dest, src1, 0xfff; (add with carry) can be split up
+// into adc dest, src1, 0xf00; add dest, dest, 0xff, since "reading" the
+// condition code increments the result by one conditionally, that only needs
+// to be done on one of the two instructions.
+switch (op) {
+case op_bic:
+case op_add:
+case op_sub:
+case op_eor:
+case op_orr:
+return true;
+default:
+return false;
+}
+}
+bool
+jit::condsAreSafe(ALUOp op) {
+// Even when we are setting condition codes, sometimes we can
+// get away with splitting an operation into two.
+// for example, if our immediate is 0x00ff00ff, and the operation is eors
+// we can split this in half, since x ^ 0x00ff0000 ^ 0x000000ff should
+// set all of its condition codes exactly the same as x ^ 0x00ff00ff.
+// However, if the operation were adds,
+// we cannot split this in half.  If the source on the add is
+// 0xfff00ff0, the result sholud be 0xef10ef, but do we set the overflow bit
+// or not?  Depending on which half is performed first (0x00ff0000
+// or 0x000000ff) the V bit will be set differently, and *not* updating
+// the V bit would be wrong.  Theoretically, the following should work
+// adds r0, r1, 0x00ff0000;
+// addsvs r0, r1, 0x000000ff;
+// addvc r0, r1, 0x000000ff;
+// but this is 3 instructions, and at that point, we might as well use
+// something else.
+switch(op) {
+case op_bic:
+case op_orr:
+case op_eor:
+return true;
+default:
+return false;
+}
+}
+ALUOp
+jit::getDestVariant(ALUOp op)
+{
+// all of the compare operations are dest-less variants of a standard
+// operation.  Given the dest-less variant, return the dest-ful variant.
+switch (op) {
+case op_cmp:
+return op_sub;
+case op_cmn:
+return op_add;
+case op_tst:
+return op_and;
+case op_teq:
+return op_eor;
+default:
+return op;
+}
+}
+O2RegImmShift
+jit::O2Reg(Register r) {
+return O2RegImmShift(r, LSL, 0);
+}
+O2RegImmShift
+jit::lsl(Register r, int amt)
+{
+JS_ASSERT(0 <= amt && amt <= 31);
+return O2RegImmShift(r, LSL, amt);
+}
+O2RegImmShift
+jit::lsr(Register r, int amt)
+{
+JS_ASSERT(1 <= amt && amt <= 32);
+return O2RegImmShift(r, LSR, amt);
+}
+O2RegImmShift
+jit::ror(Register r, int amt)
+{
+JS_ASSERT(1 <= amt && amt <= 31);
+return O2RegImmShift(r, ROR, amt);
+}
+O2RegImmShift
+jit::rol(Register r, int amt)
+{
+JS_ASSERT(1 <= amt && amt <= 31);
+return O2RegImmShift(r, ROR, 32 - amt);
+}
+O2RegImmShift
+jit::asr (Register r, int amt)
+{
+JS_ASSERT(1 <= amt && amt <= 32);
+return O2RegImmShift(r, ASR, amt);
+}
+O2RegRegShift
+jit::lsl(Register r, Register amt)
+{
+return O2RegRegShift(r, LSL, amt);
+}
+O2RegRegShift
+jit::lsr(Register r, Register amt)
+{
+return O2RegRegShift(r, LSR, amt);
+}
+O2RegRegShift
+jit::ror(Register r, Register amt)
+{
+return O2RegRegShift(r, ROR, amt);
+}
+O2RegRegShift
+jit::asr (Register r, Register amt)
+{
+return O2RegRegShift(r, ASR, amt);
+}
+static js::jit::DoubleEncoder doubleEncoder;
+/* static */ const js::jit::VFPImm js::jit::VFPImm::one(0x3FF00000);
+js::jit::VFPImm::VFPImm(uint32_t top)
+{
+data = -1;
+datastore::Imm8VFPImmData tmp;
+if (doubleEncoder.lookup(top, &tmp))
+data = tmp.encode();
+}
+BOffImm::BOffImm(Instruction &inst)
+: data(inst.encode() & 0x00ffffff)
+{
+}
+Instruction *
+BOffImm::getDest(Instruction *src)
+{
+// TODO: It is probably worthwhile to verify that src is actually a branch
+// NOTE: This does not explicitly shift the offset of the destination left by 2,
+// since it is indexing into an array of instruction sized objects.
+return &src[(((int32_t)data<<8)>>8) + 2];
+}
+//VFPRegister implementation
+VFPRegister
+VFPRegister::doubleOverlay() const
+{
+JS_ASSERT(!_isInvalid);
+if (kind != Double) {
+JS_ASSERT(_code % 2 == 0);
+return VFPRegister(_code >> 1, Double);
+}
+return *this;
+}
+VFPRegister
+VFPRegister::singleOverlay() const
+{
+JS_ASSERT(!_isInvalid);
+if (kind == Double) {
+// There are no corresponding float registers for d16-d31
+JS_ASSERT(_code < 16);
+return VFPRegister(_code << 1, Single);
+}
+JS_ASSERT(_code % 2 == 0);
+return VFPRegister(_code, Single);
+}
+VFPRegister
+VFPRegister::sintOverlay() const
+{
+JS_ASSERT(!_isInvalid);
+if (kind == Double) {
+// There are no corresponding float registers for d16-d31
+ASSERT(_code < 16);
+return VFPRegister(_code << 1, Int);
+}
+JS_ASSERT(_code % 2 == 0);
+return VFPRegister(_code, Int);
+}
+VFPRegister
+VFPRegister::uintOverlay() const
+{
+JS_ASSERT(!_isInvalid);
+if (kind == Double) {
+// There are no corresponding float registers for d16-d31
+ASSERT(_code < 16);
+return VFPRegister(_code << 1, UInt);
+}
+JS_ASSERT(_code % 2 == 0);
+return VFPRegister(_code, UInt);
+}
+bool
+VFPRegister::isInvalid()
+{
+return _isInvalid;
+}
+bool
+VFPRegister::isMissing()
+{
+JS_ASSERT(!_isInvalid);
+return _isMissing;
+}
+bool
+Assembler::oom() const
+{
+return m_buffer.oom() ||
+!enoughMemory_ ||
+jumpRelocations_.oom() ||
+dataRelocations_.oom() ||
+preBarriers_.oom();
+}
+bool
+Assembler::addCodeLabel(CodeLabel label)
+{
+return codeLabels_.append(label);
+}
+// Size of the instruction stream, in bytes.  Including pools. This function expects
+// all pools that need to be placed have been placed.  If they haven't then we
+// need to go an flush the pools :(
+size_t
+Assembler::size() const
+{
+return m_buffer.size();
+}
+// Size of the relocation table, in bytes.
+size_t
+Assembler::jumpRelocationTableBytes() const
+{
+return jumpRelocations_.length();
+}
+size_t
+Assembler::dataRelocationTableBytes() const
+{
+return dataRelocations_.length();
+}
+size_t
+Assembler::preBarrierTableBytes() const
+{
+return preBarriers_.length();
+}
+// Size of the data table, in bytes.
+size_t
+Assembler::bytesNeeded() const
+{
+return size() +
+jumpRelocationTableBytes() +
+dataRelocationTableBytes() +
+preBarrierTableBytes();
+}
+// write a blob of binary into the instruction stream
+BufferOffset
+Assembler::writeInst(uint32_t x, uint32_t *dest)
+{
+if (dest == nullptr)
+return m_buffer.putInt(x);
+writeInstStatic(x, dest);
+return BufferOffset();
+}
+void
+Assembler::writeInstStatic(uint32_t x, uint32_t *dest)
+{
+JS_ASSERT(dest != nullptr);
+*dest = x;
+}
+BufferOffset
+Assembler::align(int alignment)
+{
+BufferOffset ret;
+if (alignment == 8) {
+while (!m_buffer.isAligned(alignment)) {
+BufferOffset tmp = as_nop();
+if (!ret.assigned())
+ret = tmp;
+}
+} else {
+flush();
+JS_ASSERT((alignment & (alignment - 1)) == 0);
+while (size() & (alignment-1)) {
+BufferOffset tmp = as_nop();
+if (!ret.assigned())
+ret = tmp;
+}
+}
+return ret;
+}
+BufferOffset
+Assembler::as_nop()
+{
+return writeInst(0xe320f000);
+}
+BufferOffset
+Assembler::as_alu(Register dest, Register src1, Operand2 op2,
+ALUOp op, SetCond_ sc, Condition c, Instruction *instdest)
+{
+return writeInst((int)op | (int)sc | (int) c | op2.encode() |
+((dest == InvalidReg) ? 0 : RD(dest)) |
+((src1 == InvalidReg) ? 0 : RN(src1)), (uint32_t*)instdest);
+}
+BufferOffset
+Assembler::as_mov(Register dest, Operand2 op2, SetCond_ sc, Condition c, Instruction *instdest)
+{
+return as_alu(dest, InvalidReg, op2, op_mov, sc, c, instdest);
+}
+BufferOffset
+Assembler::as_mvn(Register dest, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, InvalidReg, op2, op_mvn, sc, c);
+}
+// Logical operations.
+BufferOffset
+Assembler::as_and(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_and, sc, c);
+}
+BufferOffset
+Assembler::as_bic(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_bic, sc, c);
+}
+BufferOffset
+Assembler::as_eor(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_eor, sc, c);
+}
+BufferOffset
+Assembler::as_orr(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_orr, sc, c);
+}
+// Mathematical operations.
+BufferOffset
+Assembler::as_adc(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_adc, sc, c);
+}
+BufferOffset
+Assembler::as_add(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_add, sc, c);
+}
+BufferOffset
+Assembler::as_sbc(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_sbc, sc, c);
+}
+BufferOffset
+Assembler::as_sub(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_sub, sc, c);
+}
+BufferOffset
+Assembler::as_rsb(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_rsb, sc, c);
+}
+BufferOffset
+Assembler::as_rsc(Register dest, Register src1, Operand2 op2, SetCond_ sc, Condition c)
+{
+return as_alu(dest, src1, op2, op_rsc, sc, c);
+}
+// Test operations.
+BufferOffset
+Assembler::as_cmn(Register src1, Operand2 op2, Condition c)
+{
+return as_alu(InvalidReg, src1, op2, op_cmn, SetCond, c);
+}
+BufferOffset
+Assembler::as_cmp(Register src1, Operand2 op2, Condition c)
+{
+return as_alu(InvalidReg, src1, op2, op_cmp, SetCond, c);
+}
+BufferOffset
+Assembler::as_teq(Register src1, Operand2 op2, Condition c)
+{
+return as_alu(InvalidReg, src1, op2, op_teq, SetCond, c);
+}
+BufferOffset
+Assembler::as_tst(Register src1, Operand2 op2, Condition c)
+{
+return as_alu(InvalidReg, src1, op2, op_tst, SetCond, c);
+}
+// Not quite ALU worthy, but useful none the less:
+// These also have the isue of these being formatted
+// completly differently from the standard ALU operations.
+BufferOffset
+Assembler::as_movw(Register dest, Imm16 imm, Condition c, Instruction *pos)
+{
+JS_ASSERT(hasMOVWT());
+return writeInst(0x03000000 | c | imm.encode() | RD(dest), (uint32_t*)pos);
+}
+BufferOffset
+Assembler::as_movt(Register dest, Imm16 imm, Condition c, Instruction *pos)
+{
+JS_ASSERT(hasMOVWT());
+return writeInst(0x03400000 | c | imm.encode() | RD(dest), (uint32_t*)pos);
+}
+static const int mull_tag = 0x90;
+BufferOffset
+Assembler::as_genmul(Register dhi, Register dlo, Register rm, Register rn,
+MULOp op, SetCond_ sc, Condition c)
+{
+return writeInst(RN(dhi) | maybeRD(dlo) | RM(rm) | rn.code() | op | sc | c | mull_tag);
+}
+BufferOffset
+Assembler::as_mul(Register dest, Register src1, Register src2, SetCond_ sc, Condition c)
+{
+return as_genmul(dest, InvalidReg, src1, src2, opm_mul, sc, c);
+}
+BufferOffset
+Assembler::as_mla(Register dest, Register acc, Register src1, Register src2,
+SetCond_ sc, Condition c)
+{
+return as_genmul(dest, acc, src1, src2, opm_mla, sc, c);
+}
+BufferOffset
+Assembler::as_umaal(Register destHI, Register destLO, Register src1, Register src2, Condition c)
+{
+return as_genmul(destHI, destLO, src1, src2, opm_umaal, NoSetCond, c);
+}
+BufferOffset
+Assembler::as_mls(Register dest, Register acc, Register src1, Register src2, Condition c)
+{
+return as_genmul(dest, acc, src1, src2, opm_mls, NoSetCond, c);
+}
+BufferOffset
+Assembler::as_umull(Register destHI, Register destLO, Register src1, Register src2,
+SetCond_ sc, Condition c)
+{
+return as_genmul(destHI, destLO, src1, src2, opm_umull, sc, c);
+}
+BufferOffset
+Assembler::as_umlal(Register destHI, Register destLO, Register src1, Register src2,
+SetCond_ sc, Condition c)
+{
+return as_genmul(destHI, destLO, src1, src2, opm_umlal, sc, c);
+}
+BufferOffset
+Assembler::as_smull(Register destHI, Register destLO, Register src1, Register src2,
+SetCond_ sc, Condition c)
+{
+return as_genmul(destHI, destLO, src1, src2, opm_smull, sc, c);
+}
+BufferOffset
+Assembler::as_smlal(Register destHI, Register destLO, Register src1, Register src2,
+SetCond_ sc, Condition c)
+{
+return as_genmul(destHI, destLO, src1, src2, opm_smlal, sc, c);
+}
+BufferOffset
+Assembler::as_sdiv(Register rd, Register rn, Register rm, Condition c)
+{
+return writeInst(0x0710f010 | c | RN(rd) | RM(rm) | rn.code());
+}
+BufferOffset
+Assembler::as_udiv(Register rd, Register rn, Register rm, Condition c)
+{
+return writeInst(0x0730f010 | c | RN(rd) | RM(rm) | rn.code());
+}
+// Data transfer instructions: ldr, str, ldrb, strb.
+// Using an int to differentiate between 8 bits and 32 bits is
+// overkill, but meh
+BufferOffset
+Assembler::as_dtr(LoadStore ls, int size, Index mode,
+Register rt, DTRAddr addr, Condition c, uint32_t *dest)
+{
+JS_ASSERT (mode == Offset ||  (rt != addr.getBase() && pc != addr.getBase()));
+JS_ASSERT(size == 32 || size == 8);
+return writeInst( 0x04000000 | ls | (size == 8 ? 0x00400000 : 0) | mode | c |
+RT(rt) | addr.encode(), dest);
+}
+class PoolHintData {
+public:
+enum LoadType {
+// set 0 to bogus, since that is the value most likely to be
+// accidentally left somewhere.
+poolBOGUS  = 0,
+poolDTR    = 1,
+poolBranch = 2,
+poolVDTR   = 3
+};
+private:
+uint32_t   index    : 16;
+uint32_t   cond     : 4;
+LoadType   loadType : 2;
+uint32_t   destReg  : 5;
+uint32_t   destType : 1;
+uint32_t   ONES     : 4;
+static const uint32_t expectedOnes = 0xfu;
+public:
+void init(uint32_t index_, Assembler::Condition cond_, LoadType lt, const Register &destReg_) {
+index = index_;
+JS_ASSERT(index == index_);
+cond = cond_ >> 28;
+JS_ASSERT(cond == cond_ >> 28);
+loadType = lt;
+ONES = expectedOnes;
+destReg = destReg_.code();
+destType = 0;
+}
+void init(uint32_t index_, Assembler::Condition cond_, LoadType lt, const VFPRegister &destReg_) {
+JS_ASSERT(destReg_.isFloat());
+index = index_;
+JS_ASSERT(index == index_);
+cond = cond_ >> 28;
+JS_ASSERT(cond == cond_ >> 28);
+loadType = lt;
+ONES = expectedOnes;
+destReg = destReg_.isDouble() ? destReg_.code() : destReg_.doubleOverlay().code();
+destType = destReg_.isDouble();
+}
+Assembler::Condition getCond() {
+return Assembler::Condition(cond << 28);
+}
+Register getReg() {
+return Register::FromCode(destReg);
+}
+VFPRegister getVFPReg() {
+VFPRegister r = VFPRegister(FloatRegister::FromCode(destReg));
+return destType ? r : r.singleOverlay();
+}
+int32_t getIndex() {
+return index;
+}
+void setIndex(uint32_t index_) {
+JS_ASSERT(ONES == expectedOnes && loadType != poolBOGUS);
+index = index_;
+JS_ASSERT(index == index_);
+}
+LoadType getLoadType() {
+// If this *was* a poolBranch, but the branch has already been bound
+// then this isn't going to look like a real poolhintdata, but we still
+// want to lie about it so everyone knows it *used* to be a branch.
+if (ONES != expectedOnes)
+return PoolHintData::poolBranch;
+return loadType;
+}
+bool isValidPoolHint() {
+// Most instructions cannot have a condition that is 0xf. Notable exceptions are
+// blx and the entire NEON instruction set. For the purposes of pool loads, and
+// possibly patched branches, the possible instructions are ldr and b, neither of
+// which can have a condition code of 0xf.
+return ONES == expectedOnes;
+}
+};
+union PoolHintPun {
+PoolHintData phd;
+uint32_t raw;
+};
+// Handles all of the other integral data transferring functions:
+// ldrsb, ldrsh, ldrd, etc.
+// size is given in bits.
+BufferOffset
+Assembler::as_extdtr(LoadStore ls, int size, bool IsSigned, Index mode,
+Register rt, EDtrAddr addr, Condition c, uint32_t *dest)
+{
+int extra_bits2 = 0;
+int extra_bits1 = 0;
+switch(size) {
+case 8:
+JS_ASSERT(IsSigned);
+JS_ASSERT(ls!=IsStore);
+extra_bits1 = 0x1;
+extra_bits2 = 0x2;
+break;
+case 16:
+//case 32:
+// doesn't need to be handled-- it is handled by the default ldr/str
+extra_bits2 = 0x01;
+extra_bits1 = (ls == IsStore) ? 0 : 1;
+if (IsSigned) {
+JS_ASSERT(ls != IsStore);
+extra_bits2 |= 0x2;
+}
+break;
+case 64:
+extra_bits2 = (ls == IsStore) ? 0x3 : 0x2;
+extra_bits1 = 0;
+break;
+default:
+MOZ_ASSUME_UNREACHABLE("SAY WHAT?");
+}
+return writeInst(extra_bits2 << 5 | extra_bits1 << 20 | 0x90 |
+addr.encode() | RT(rt) | mode | c, dest);
+}
+BufferOffset
+Assembler::as_dtm(LoadStore ls, Register rn, uint32_t mask,
+DTMMode mode, DTMWriteBack wb, Condition c)
+{
+return writeInst(0x08000000 | RN(rn) | ls |
+mode | mask | c | wb);
+}
+BufferOffset
+Assembler::as_Imm32Pool(Register dest, uint32_t value, Condition c)
+{
+PoolHintPun php;
+php.phd.init(0, c, PoolHintData::poolDTR, dest);
+return m_buffer.insertEntry(4, (uint8_t*)&php.raw, int32Pool, (uint8_t*)&value);
+}
+void
+Assembler::as_WritePoolEntry(Instruction *addr, Condition c, uint32_t data)
+{
+JS_ASSERT(addr->is<InstLDR>());
+int32_t offset = addr->encode() & 0xfff;
+if ((addr->encode() & IsUp) != IsUp)
+offset = -offset;
+char * rawAddr = reinterpret_cast<char*>(addr);
+uint32_t * dest = reinterpret_cast<uint32_t*>(&rawAddr[offset + 8]);
+*dest = data;
+Condition orig_cond;
+addr->extractCond(&orig_cond);
+JS_ASSERT(orig_cond == c);
+}
+BufferOffset
+Assembler::as_BranchPool(uint32_t value, RepatchLabel *label, ARMBuffer::PoolEntry *pe, Condition c)
+{
+PoolHintPun php;
+php.phd.init(0, c, PoolHintData::poolBranch, pc);
+m_buffer.markNextAsBranch();
+BufferOffset ret = m_buffer.insertEntry(4, (uint8_t*)&php.raw, int32Pool, (uint8_t*)&value, pe);
+// If this label is already bound, then immediately replace the stub load with
+// a correct branch.
+if (label->bound()) {
+BufferOffset dest(label);
+as_b(dest.diffB<BOffImm>(ret), c, ret);
+} else {
+label->use(ret.getOffset());
+}
+return ret;
+}
+BufferOffset
+Assembler::as_FImm64Pool(VFPRegister dest, double value, Condition c)
+{
+JS_ASSERT(dest.isDouble());
+PoolHintPun php;
+php.phd.init(0, c, PoolHintData::poolVDTR, dest);
+return m_buffer.insertEntry(4, (uint8_t*)&php.raw, doublePool, (uint8_t*)&value);
+}
+struct PaddedFloat32
+{
+float value;
+uint32_t padding;
+};
+JS_STATIC_ASSERT(sizeof(PaddedFloat32) == sizeof(double));
+BufferOffset
+Assembler::as_FImm32Pool(VFPRegister dest, float value, Condition c)
+{
+/*
+* Insert floats into the double pool as they have the same limitations on
+* immediate offset.  This wastes 4 bytes padding per float.  An alternative
+* would be to have a separate pool for floats.
+*/
+JS_ASSERT(dest.isSingle());
+PoolHintPun php;
+php.phd.init(0, c, PoolHintData::poolVDTR, dest);
+PaddedFloat32 pf = { value, 0 };
+return m_buffer.insertEntry(4, (uint8_t*)&php.raw, doublePool, (uint8_t*)&pf);
+}
+// Pool callbacks stuff:
+void
+Assembler::insertTokenIntoTag(uint32_t instSize, uint8_t *load_, int32_t token)
+{
+uint32_t *load = (uint32_t*) load_;
+PoolHintPun php;
+php.raw = *load;
+php.phd.setIndex(token);
+*load = php.raw;
+}
+// patchConstantPoolLoad takes the address of the instruction that wants to be patched, and
+//the address of the start of the constant pool, and figures things out from there.
+bool
+Assembler::patchConstantPoolLoad(void* loadAddr, void* constPoolAddr)
+{
+PoolHintData data = *(PoolHintData*)loadAddr;
+uint32_t *instAddr = (uint32_t*) loadAddr;
+int offset = (char *)constPoolAddr - (char *)loadAddr;
+switch(data.getLoadType()) {
+case PoolHintData::poolBOGUS:
+MOZ_ASSUME_UNREACHABLE("bogus load type!");
+case PoolHintData::poolDTR:
+dummy->as_dtr(IsLoad, 32, Offset, data.getReg(),
+DTRAddr(pc, DtrOffImm(offset+4*data.getIndex() - 8)), data.getCond(), instAddr);
+break;
+case PoolHintData::poolBranch:
+// Either this used to be a poolBranch, and the label was already bound, so it was
+// replaced with a real branch, or this may happen in the future.
+// If this is going to happen in the future, then the actual bits that are written here
+// don't matter (except the condition code, since that is always preserved across
+// patchings) but if it does not get bound later,
+// then we want to make sure this is a load from the pool entry (and the pool entry
+// should be nullptr so it will crash).
+if (data.isValidPoolHint()) {
+dummy->as_dtr(IsLoad, 32, Offset, pc,
+DTRAddr(pc, DtrOffImm(offset+4*data.getIndex() - 8)),
+data.getCond(), instAddr);
+}
+break;
+case PoolHintData::poolVDTR: {
+VFPRegister dest = data.getVFPReg();
+int32_t imm = offset + (8 * data.getIndex()) - 8;
+if (imm < -1023 || imm  > 1023)
+return false;
+dummy->as_vdtr(IsLoad, dest, VFPAddr(pc, VFPOffImm(imm)), data.getCond(), instAddr);
+break;
+}
+}
+return true;
+}
+uint32_t
+Assembler::placeConstantPoolBarrier(int offset)
+{
+// BUG: 700526
+// this is still an active path, however, we do not hit it in the test
+// suite at all.
+MOZ_ASSUME_UNREACHABLE("ARMAssembler holdover");
+}
+// Control flow stuff:
+// bx can *only* branch to a register
+// never to an immediate.
+BufferOffset
+Assembler::as_bx(Register r, Condition c, bool isPatchable)
+{
+BufferOffset ret = writeInst(((int) c) | op_bx | r.code());
+if (c == Always && !isPatchable)
+m_buffer.markGuard();
+return ret;
+}
+void
+Assembler::writePoolGuard(BufferOffset branch, Instruction *dest, BufferOffset afterPool)
+{
+BOffImm off = afterPool.diffB<BOffImm>(branch);
+*dest = InstBImm(off, Always);
+}
+// Branch can branch to an immediate *or* to a register.
+// Branches to immediates are pc relative, branches to registers
+// are absolute
+BufferOffset
+Assembler::as_b(BOffImm off, Condition c, bool isPatchable)
+{
+m_buffer.markNextAsBranch();
+BufferOffset ret =writeInst(((int)c) | op_b | off.encode());
+if (c == Always && !isPatchable)
+m_buffer.markGuard();
+return ret;
+}
+BufferOffset
+Assembler::as_b(Label *l, Condition c, bool isPatchable)
+{
+if (m_buffer.oom()) {
+BufferOffset ret;
+return ret;
+}
+m_buffer.markNextAsBranch();
+if (l->bound()) {
+BufferOffset ret = as_nop();
+as_b(BufferOffset(l).diffB<BOffImm>(ret), c, ret);
+return ret;
+}
+int32_t old;
+BufferOffset ret;
+if (l->used()) {
+old = l->offset();
+// This will currently throw an assertion if we couldn't actually
+// encode the offset of the branch.
+if (!BOffImm::isInRange(old)) {
+m_buffer.fail_bail();
+return ret;
+}
+ret = as_b(BOffImm(old), c, isPatchable);
+} else {
+old = LabelBase::INVALID_OFFSET;
+BOffImm inv;
+ret = as_b(inv, c, isPatchable);
+}
+DebugOnly<int32_t> check = l->use(ret.getOffset());
+JS_ASSERT(check == old);
+return ret;
+}
+BufferOffset
+Assembler::as_b(BOffImm off, Condition c, BufferOffset inst)
+{
+*editSrc(inst) = InstBImm(off, c);
+return inst;
+}
+// blx can go to either an immediate or a register.
+// When blx'ing to a register, we change processor state
+// depending on the low bit of the register
+// when blx'ing to an immediate, we *always* change processor state.
+BufferOffset
+Assembler::as_blx(Register r, Condition c)
+{
+return writeInst(((int) c) | op_blx | r.code());
+}
+// bl can only branch to an pc-relative immediate offset
+// It cannot change the processor state.
+BufferOffset
+Assembler::as_bl(BOffImm off, Condition c)
+{
+m_buffer.markNextAsBranch();
+return writeInst(((int)c) | op_bl | off.encode());
+}
+BufferOffset
+Assembler::as_bl(Label *l, Condition c)
+{
+if (m_buffer.oom()) {
+BufferOffset ret;
+return ret;
+}
+m_buffer.markNextAsBranch();
+if (l->bound()) {
+BufferOffset ret = as_nop();
+as_bl(BufferOffset(l).diffB<BOffImm>(ret), c, ret);
+return ret;
+}
+int32_t old;
+BufferOffset ret;
+// See if the list was empty :(
+if (l->used()) {
+// This will currently throw an assertion if we couldn't actually
+// encode the offset of the branch.
+old = l->offset();
+if (!BOffImm::isInRange(old)) {
+m_buffer.fail_bail();
+return ret;
+}
+ret = as_bl(BOffImm(old), c);
+} else {
+old = LabelBase::INVALID_OFFSET;
+BOffImm inv;
+ret = as_bl(inv, c);
+}
+DebugOnly<int32_t> check = l->use(ret.getOffset());
+JS_ASSERT(check == old);
+return ret;
+}
+BufferOffset
+Assembler::as_bl(BOffImm off, Condition c, BufferOffset inst)
+{
+*editSrc(inst) = InstBLImm(off, c);
+return inst;
+}
+BufferOffset
+Assembler::as_mrs(Register r, Condition c)
+{
+return writeInst(0x010f0000 | int(c) | RD(r));
+}
+BufferOffset
+Assembler::as_msr(Register r, Condition c)
+{
+// hardcode the 'mask' field to 0b11 for now.  it is bits 18 and 19, which are the two high bits of the 'c' in this constant.
+JS_ASSERT((r.code() & ~0xf) == 0);
+return writeInst(0x012cf000 | int(c) | r.code());
+}
+// VFP instructions!
+enum vfp_tags {
+vfp_tag   = 0x0C000A00,
+vfp_arith = 0x02000000
+};
+BufferOffset
+Assembler::writeVFPInst(vfp_size sz, uint32_t blob, uint32_t *dest)
+{
+JS_ASSERT((sz & blob) == 0);
+JS_ASSERT((vfp_tag & blob) == 0);
+return writeInst(vfp_tag | sz | blob, dest);
+}
+// Unityped variants: all registers hold the same (ieee754 single/double)
+// notably not included are vcvt; vmov vd, #imm; vmov rt, vn.
+BufferOffset
+Assembler::as_vfp_float(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+VFPOp op, Condition c)
+{
+// Make sure we believe that all of our operands are the same kind
+JS_ASSERT_IF(!vn.isMissing(), vd.equiv(vn));
+JS_ASSERT_IF(!vm.isMissing(), vd.equiv(vm));
+vfp_size sz = vd.isDouble() ? isDouble : isSingle;
+return writeVFPInst(sz, VD(vd) | VN(vn) | VM(vm) | op | vfp_arith | c);
+}
+BufferOffset
+Assembler::as_vadd(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, vn, vm, opv_add, c);
+}
+BufferOffset
+Assembler::as_vdiv(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, vn, vm, opv_div, c);
+}
+BufferOffset
+Assembler::as_vmul(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, vn, vm, opv_mul, c);
+}
+BufferOffset
+Assembler::as_vnmul(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, vn, vm, opv_mul, c);
+MOZ_ASSUME_UNREACHABLE("Feature NYI");
+}
+BufferOffset
+Assembler::as_vnmla(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+MOZ_ASSUME_UNREACHABLE("Feature NYI");
+}
+BufferOffset
+Assembler::as_vnmls(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+MOZ_ASSUME_UNREACHABLE("Feature NYI");
+return BufferOffset();
+}
+BufferOffset
+Assembler::as_vneg(VFPRegister vd, VFPRegister vm, Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, vm, opv_neg, c);
+}
+BufferOffset
+Assembler::as_vsqrt(VFPRegister vd, VFPRegister vm, Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, vm, opv_sqrt, c);
+}
+BufferOffset
+Assembler::as_vabs(VFPRegister vd, VFPRegister vm, Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, vm, opv_abs, c);
+}
+BufferOffset
+Assembler::as_vsub(VFPRegister vd, VFPRegister vn, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, vn, vm, opv_sub, c);
+}
+BufferOffset
+Assembler::as_vcmp(VFPRegister vd, VFPRegister vm,
+Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, vm, opv_cmp, c);
+}
+BufferOffset
+Assembler::as_vcmpz(VFPRegister vd, Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, NoVFPRegister, opv_cmpz, c);
+}
+// Specifically, a move between two same sized-registers.
+BufferOffset
+Assembler::as_vmov(VFPRegister vd, VFPRegister vsrc, Condition c)
+{
+return as_vfp_float(vd, NoVFPRegister, vsrc, opv_mov, c);
+}
+//xfer between Core and VFP
+// Unlike the next function, moving between the core registers and vfp
+// registers can't be *that* properly typed.  Namely, since I don't want to
+// munge the type VFPRegister to also include core registers.  Thus, the core
+// and vfp registers are passed in based on their type, and src/dest is
+// determined by the float2core.
+BufferOffset
+Assembler::as_vxfer(Register vt1, Register vt2, VFPRegister vm, FloatToCore_ f2c,
+Condition c, int idx)
+{
+vfp_size sz = isSingle;
+if (vm.isDouble()) {
+// Technically, this can be done with a vmov à la ARM ARM under vmov
+// however, that requires at least an extra bit saying if the
+// operation should be performed on the lower or upper half of the
+// double.  Moving a single to/from 2N/2N+1 isn't equivalent,
+// since there are 32 single registers, and 32 double registers
+// so there is no way to encode the last 16 double registers.
+sz = isDouble;
+JS_ASSERT(idx == 0 || idx == 1);
+// If we are transferring a single half of the double
+// then it must be moving a VFP reg to a core reg.
+if (vt2 == InvalidReg)
+JS_ASSERT(f2c == FloatToCore);
+idx = idx << 21;
+} else {
+JS_ASSERT(idx == 0);
+}
+VFPXferSize xfersz = WordTransfer;
+uint32_t (*encodeVFP)(VFPRegister) = VN;
+if (vt2 != InvalidReg) {
+// We are doing a 64 bit transfer.
+xfersz = DoubleTransfer;
+encodeVFP = VM;
+}
+return writeVFPInst(sz, xfersz | f2c | c |
+RT(vt1) | maybeRN(vt2) | encodeVFP(vm) | idx);
+}
+enum vcvt_destFloatness {
+toInteger = 1 << 18,
+toFloat  = 0 << 18
+};
+enum vcvt_toZero {
+toZero = 1 << 7, // use the default rounding mode, which rounds truncates
+toFPSCR = 0 << 7 // use whatever rounding mode the fpscr specifies
+};
+enum vcvt_Signedness {
+toSigned   = 1 << 16,
+toUnsigned = 0 << 16,
+fromSigned   = 1 << 7,
+fromUnsigned = 0 << 7
+};
+// our encoding actually allows just the src and the dest (and their types)
+// to uniquely specify the encoding that we are going to use.
+BufferOffset
+Assembler::as_vcvt(VFPRegister vd, VFPRegister vm, bool useFPSCR,
+Condition c)
+{
+// Unlike other cases, the source and dest types cannot be the same
+JS_ASSERT(!vd.equiv(vm));
+vfp_size sz = isDouble;
+if (vd.isFloat() && vm.isFloat()) {
+// Doing a float -> float conversion
+if (vm.isSingle())
+sz = isSingle;
+return writeVFPInst(sz, c | 0x02B700C0 |
+VM(vm) | VD(vd));
+}
+// At least one of the registers should be a float.
+vcvt_destFloatness destFloat;
+vcvt_Signedness opSign;
+vcvt_toZero doToZero = toFPSCR;
+JS_ASSERT(vd.isFloat() || vm.isFloat());
+if (vd.isSingle() || vm.isSingle()) {
+sz = isSingle;
+}
+if (vd.isFloat()) {
+destFloat = toFloat;
+opSign = (vm.isSInt()) ? fromSigned : fromUnsigned;
+} else {
+destFloat = toInteger;
+opSign = (vd.isSInt()) ? toSigned : toUnsigned;
+doToZero = useFPSCR ? toFPSCR : toZero;
+}
+return writeVFPInst(sz, c | 0x02B80040 | VD(vd) | VM(vm) | destFloat | opSign | doToZero);
+}
+BufferOffset
+Assembler::as_vcvtFixed(VFPRegister vd, bool isSigned, uint32_t fixedPoint, bool toFixed, Condition c)
+{
+JS_ASSERT(vd.isFloat());
+uint32_t sx = 0x1;
+vfp_size sf = vd.isDouble() ? isDouble : isSingle;
+int32_t imm5 = fixedPoint;
+imm5 = (sx ? 32 : 16) - imm5;
+JS_ASSERT(imm5 >= 0);
+imm5 = imm5 >> 1 | (imm5 & 1) << 5;
+return writeVFPInst(sf, 0x02BA0040 | VD(vd) | toFixed << 18 | sx << 7 |
+(!isSigned) << 16 | imm5 | c);
+}
+// xfer between VFP and memory
+BufferOffset
+Assembler::as_vdtr(LoadStore ls, VFPRegister vd, VFPAddr addr,
+Condition c /* vfp doesn't have a wb option*/,
+uint32_t *dest)
+{
+vfp_size sz = vd.isDouble() ? isDouble : isSingle;
+return writeVFPInst(sz, ls | 0x01000000 | addr.encode() | VD(vd) | c, dest);
+}
+// VFP's ldm/stm work differently from the standard arm ones.
+// You can only transfer a range
+BufferOffset
+Assembler::as_vdtm(LoadStore st, Register rn, VFPRegister vd, int length,
+/*also has update conditions*/Condition c)
+{
+JS_ASSERT(length <= 16 && length >= 0);
+vfp_size sz = vd.isDouble() ? isDouble : isSingle;
+if (vd.isDouble())
+length *= 2;
+return writeVFPInst(sz, dtmLoadStore | RN(rn) | VD(vd) |
+length |
+dtmMode | dtmUpdate | dtmCond);
+}
+BufferOffset
+Assembler::as_vimm(VFPRegister vd, VFPImm imm, Condition c)
+{
+JS_ASSERT(imm.isValid());
+vfp_size sz = vd.isDouble() ? isDouble : isSingle;
+return writeVFPInst(sz,  c | imm.encode() | VD(vd) | 0x02B00000);
+}
+BufferOffset
+Assembler::as_vmrs(Register r, Condition c)
+{
+return writeInst(c | 0x0ef10a10 | RT(r));
+}
+BufferOffset
+Assembler::as_vmsr(Register r, Condition c)
+{
+return writeInst(c | 0x0ee10a10 | RT(r));
+}
+bool
+Assembler::nextLink(BufferOffset b, BufferOffset *next)
+{
+Instruction branch = *editSrc(b);
+JS_ASSERT(branch.is<InstBranchImm>());
+BOffImm destOff;
+branch.as<InstBranchImm>()->extractImm(&destOff);
+if (destOff.isInvalid())
+return false;
+// Propagate the next link back to the caller, by
+// constructing a new BufferOffset into the space they
+// provided.
+new (next) BufferOffset(destOff.decode());
+return true;
+}
+void
+Assembler::bind(Label *label, BufferOffset boff)
+{
+if (label->used()) {
+bool more;
+// If our caller didn't give us an explicit target to bind to
+// then we want to bind to the location of the next instruction
+BufferOffset dest = boff.assigned() ? boff : nextOffset();
+BufferOffset b(label);
+do {
+BufferOffset next;
+more = nextLink(b, &next);
+Instruction branch = *editSrc(b);
+Condition c;
+branch.extractCond(&c);
+if (branch.is<InstBImm>())
+as_b(dest.diffB<BOffImm>(b), c, b);
+else if (branch.is<InstBLImm>())
+as_bl(dest.diffB<BOffImm>(b), c, b);
+else
+MOZ_ASSUME_UNREACHABLE("crazy fixup!");
+b = next;
+} while (more);
+}
+label->bind(nextOffset().getOffset());
+}
+void
+Assembler::bind(RepatchLabel *label)
+{
+BufferOffset dest = nextOffset();
+if (label->used()) {
+// If the label has a use, then change this use to refer to
+// the bound label;
+BufferOffset branchOff(label->offset());
+// Since this was created with a RepatchLabel, the value written in the
+// instruction stream is not branch shaped, it is PoolHintData shaped.
+Instruction *branch = editSrc(branchOff);
+PoolHintPun p;
+p.raw = branch->encode();
+Condition cond;
+if (p.phd.isValidPoolHint())
+cond = p.phd.getCond();
+else
+branch->extractCond(&cond);
+as_b(dest.diffB<BOffImm>(branchOff), cond, branchOff);
+}
+label->bind(dest.getOffset());
+}
+void
+Assembler::retarget(Label *label, Label *target)
+{
+if (label->used()) {
+if (target->bound()) {
+bind(label, BufferOffset(target));
+} else if (target->used()) {
+// The target is not bound but used. Prepend label's branch list
+// onto target's.
+BufferOffset labelBranchOffset(label);
+BufferOffset next;
+// Find the head of the use chain for label.
+while (nextLink(labelBranchOffset, &next))
+labelBranchOffset = next;
+// Then patch the head of label's use chain to the tail of
+// target's use chain, prepending the entire use chain of target.
+Instruction branch = *editSrc(labelBranchOffset);
+Condition c;
+branch.extractCond(&c);
+int32_t prev = target->use(label->offset());
+if (branch.is<InstBImm>())
+as_b(BOffImm(prev), c, labelBranchOffset);
+else if (branch.is<InstBLImm>())
+as_bl(BOffImm(prev), c, labelBranchOffset);
+else
+MOZ_ASSUME_UNREACHABLE("crazy fixup!");
+} else {
+// The target is unbound and unused.  We can just take the head of
+// the list hanging off of label, and dump that into target.
+DebugOnly<uint32_t> prev = target->use(label->offset());
+JS_ASSERT((int32_t)prev == Label::INVALID_OFFSET);
+}
+}
+label->reset();
+}
+void dbg_break() {}
+static int stopBKPT = -1;
+void
+Assembler::as_bkpt()
+{
+// This is a count of how many times a breakpoint instruction has been generated.
+// It is embedded into the instruction for debugging purposes.  gdb will print "bkpt xxx"
+// when you attempt to dissassemble a breakpoint with the number xxx embedded into it.
+// If this breakpoint is being hit, then you can run (in gdb)
+// >b dbg_break
+// >b main
+// >commands
+// >set stopBKPT = xxx
+// >c
+// >end
+// which will set a breakpoint on the function dbg_break above
+// set a scripted breakpoint on main that will set the (otherwise unmodified)
+// value to the number of the breakpoint, so dbg_break will actuall be called
+// and finally, when you run the executable, execution will halt when that
+// breakpoint is generated
+static int hit = 0;
+if (stopBKPT == hit)
+dbg_break();
+writeInst(0xe1200070 | (hit & 0xf) | ((hit & 0xfff0)<<4));
+hit++;
+}
+void
+Assembler::dumpPool()
+{
+m_buffer.flushPool();
+}
+void
+Assembler::flushBuffer()
+{
+m_buffer.flushPool();
+}
+void
+Assembler::enterNoPool()
+{
+m_buffer.enterNoPool();
+}
+void
+Assembler::leaveNoPool()
+{
+m_buffer.leaveNoPool();
+}
+ptrdiff_t
+Assembler::getBranchOffset(const Instruction *i_)
+{
+if (!i_->is<InstBranchImm>())
+return 0;
+InstBranchImm *i = i_->as<InstBranchImm>();
+BOffImm dest;
+i->extractImm(&dest);
+return dest.decode();
+}
+void
+Assembler::retargetNearBranch(Instruction *i, int offset, bool final)
+{
+Assembler::Condition c;
+i->extractCond(&c);
+retargetNearBranch(i, offset, c, final);
+}
+void
+Assembler::retargetNearBranch(Instruction *i, int offset, Condition cond, bool final)
+{
+// Retargeting calls is totally unsupported!
+JS_ASSERT_IF(i->is<InstBranchImm>(), i->is<InstBImm>() || i->is<InstBLImm>());
+if (i->is<InstBLImm>())
+new (i) InstBLImm(BOffImm(offset), cond);
+else
+new (i) InstBImm(BOffImm(offset), cond);
+// Flush the cache, since an instruction was overwritten
+if (final)
+AutoFlushICache::flush(uintptr_t(i), 4);
+}
+void
+Assembler::retargetFarBranch(Instruction *i, uint8_t **slot, uint8_t *dest, Condition cond)
+{
+int32_t offset = reinterpret_cast<uint8_t*>(slot) - reinterpret_cast<uint8_t*>(i);
+if (!i->is<InstLDR>()) {
+new (i) InstLDR(Offset, pc, DTRAddr(pc, DtrOffImm(offset - 8)), cond);
+AutoFlushICache::flush(uintptr_t(i), 4);
+}
+*slot = dest;
+}
+struct PoolHeader : Instruction {
+struct Header
+{
+// size should take into account the pool header.
+// size is in units of Instruction (4bytes), not byte
+uint32_t size : 15;
+bool isNatural : 1;
+uint32_t ONES : 16;
+Header(int size_, bool isNatural_)
+: size(size_),
+isNatural(isNatural_),
+ONES(0xffff)
+{ }
+Header(const Instruction *i) {
+JS_STATIC_ASSERT(sizeof(Header) == sizeof(uint32_t));
+memcpy(this, i, sizeof(Header));
+JS_ASSERT(ONES == 0xffff);
+}
+uint32_t raw() const {
+JS_STATIC_ASSERT(sizeof(Header) == sizeof(uint32_t));
+uint32_t dest;
+memcpy(&dest, this, sizeof(Header));
+return dest;
+}
+};
+PoolHeader(int size_, bool isNatural_)
+: Instruction(Header(size_, isNatural_).raw(), true)
+{ }
+uint32_t size() const {
+Header tmp(this);
+return tmp.size;
+}
+uint32_t isNatural() const {
+Header tmp(this);
+return tmp.isNatural;
+}
+static bool isTHIS(const Instruction &i) {
+return (*i.raw() & 0xffff0000) == 0xffff0000;
+}
+static const PoolHeader *asTHIS(const Instruction &i) {
+if (!isTHIS(i))
+return nullptr;
+return static_cast<const PoolHeader*>(&i);
+}
+};
+void
+Assembler::writePoolHeader(uint8_t *start, Pool *p, bool isNatural)
+{
+STATIC_ASSERT(sizeof(PoolHeader) == 4);
+uint8_t *pool = start+4;
+// go through the usual rigaramarole to get the size of the pool.
+pool = p[0].addPoolSize(pool);
+pool = p[1].addPoolSize(pool);
+pool = p[1].other->addPoolSize(pool);
+pool = p[0].other->addPoolSize(pool);
+uint32_t size = pool - start;
+JS_ASSERT((size & 3) == 0);
+size = size >> 2;
+JS_ASSERT(size < (1 << 15));
+PoolHeader header(size, isNatural);
+*(PoolHeader*)start = header;
+}
+void
+Assembler::writePoolFooter(uint8_t *start, Pool *p, bool isNatural)
+{
+return;
+}
+// The size of an arbitrary 32-bit call in the instruction stream.
+// On ARM this sequence is |pc = ldr pc - 4; imm32| given that we
+// never reach the imm32.
+uint32_t
+Assembler::patchWrite_NearCallSize()
+{
+return sizeof(uint32_t);
+}
+void
+Assembler::patchWrite_NearCall(CodeLocationLabel start, CodeLocationLabel toCall)
+{
+Instruction *inst = (Instruction *) start.raw();
+// Overwrite whatever instruction used to be here with a call.
+// Since the destination is in the same function, it will be within range of the 24<<2 byte
+// bl instruction.
+uint8_t *dest = toCall.raw();
+new (inst) InstBLImm(BOffImm(dest - (uint8_t*)inst) , Always);
+// Ensure everyone sees the code that was just written into memory.
+AutoFlushICache::flush(uintptr_t(inst), 4);
+}
+void
+Assembler::patchDataWithValueCheck(CodeLocationLabel label, PatchedImmPtr newValue,
+PatchedImmPtr expectedValue)
+{
+Instruction *ptr = (Instruction *) label.raw();
+InstructionIterator iter(ptr);
+Register dest;
+Assembler::RelocStyle rs;
+DebugOnly<const uint32_t *> val = getPtr32Target(&iter, &dest, &rs);
+JS_ASSERT((uint32_t)(const uint32_t *)val == uint32_t(expectedValue.value));
+reinterpret_cast<MacroAssemblerARM*>(dummy)->ma_movPatchable(Imm32(int32_t(newValue.value)),
+dest, Always, rs, ptr);
+// L_LDR won't cause any instructions to be updated.
+if (rs != L_LDR) {
+AutoFlushICache::flush(uintptr_t(ptr), 4);
+AutoFlushICache::flush(uintptr_t(ptr->next()), 4);
+}
+}
+void
+Assembler::patchDataWithValueCheck(CodeLocationLabel label, ImmPtr newValue, ImmPtr expectedValue)
+{
+patchDataWithValueCheck(label, PatchedImmPtr(newValue.value), PatchedImmPtr(expectedValue.value));
+}
+// This just stomps over memory with 32 bits of raw data. Its purpose is to
+// overwrite the call of JITed code with 32 bits worth of an offset. This will
+// is only meant to function on code that has been invalidated, so it should
+// be totally safe. Since that instruction will never be executed again, a
+// ICache flush should not be necessary
+void
+Assembler::patchWrite_Imm32(CodeLocationLabel label, Imm32 imm) {
+// Raw is going to be the return address.
+uint32_t *raw = (uint32_t*)label.raw();
+// Overwrite the 4 bytes before the return address, which will
+// end up being the call instruction.
+*(raw-1) = imm.value;
+}
+uint8_t *
+Assembler::nextInstruction(uint8_t *inst_, uint32_t *count)
+{
+Instruction *inst = reinterpret_cast<Instruction*>(inst_);
+if (count != nullptr)
+*count += sizeof(Instruction);
+return reinterpret_cast<uint8_t*>(inst->next());
+}
+static bool
+InstIsGuard(Instruction *inst, const PoolHeader **ph)
+{
+Assembler::Condition c;
+inst->extractCond(&c);
+if (c != Assembler::Always)
+return false;
+if (!(inst->is<InstBXReg>() || inst->is<InstBImm>()))
+return false;
+// See if the next instruction is a pool header.
+*ph = (inst+1)->as<const PoolHeader>();
+return *ph != nullptr;
+}
+static bool
+InstIsBNop(Instruction *inst) {
+// In some special situations, it is necessary to insert a NOP
+// into the instruction stream that nobody knows about, since nobody should know about
+// it, make sure it gets skipped when Instruction::next() is called.
+// this generates a very specific nop, namely a branch to the next instruction.
+Assembler::Condition c;
+inst->extractCond(&c);
+if (c != Assembler::Always)
+return false;
+if (!inst->is<InstBImm>())
+return false;
+InstBImm *b = inst->as<InstBImm>();
+BOffImm offset;
+b->extractImm(&offset);
+return offset.decode() == 4;
+}
+static bool
+InstIsArtificialGuard(Instruction *inst, const PoolHeader **ph)
+{
+if (!InstIsGuard(inst, ph))
+return false;
+return !(*ph)->isNatural();
+}
+// Cases to be handled:
+// 1) no pools or branches in sight => return this+1
+// 2) branch to next instruction => return this+2, because a nop needed to be inserted into the stream.
+// 3) this+1 is an artificial guard for a pool => return first instruction after the pool
+// 4) this+1 is a natural guard => return the branch
+// 5) this is a branch, right before a pool => return first instruction after the pool
+// in assembly form:
+// 1) add r0, r0, r0 <= this
+//    add r1, r1, r1 <= returned value
+//    add r2, r2, r2
+//
+// 2) add r0, r0, r0 <= this
+//    b foo
+//    foo:
+//    add r2, r2, r2 <= returned value
+//
+// 3) add r0, r0, r0 <= this
+//    b after_pool;
+//    .word 0xffff0002  # bit 15 being 0 indicates that the branch was not requested by the assembler
+//    0xdeadbeef        # the 2 indicates that there is 1 pool entry, and the pool header
+//    add r4, r4, r4 <= returned value
+// 4) add r0, r0, r0 <= this
+//    b after_pool  <= returned value
+//    .word 0xffff8002  # bit 15 being 1 indicates that the branch was requested by the assembler
+//    0xdeadbeef
+//    add r4, r4, r4
+// 5) b after_pool  <= this
+//    .word 0xffff8002  # bit 15 has no bearing on the returned value
+//    0xdeadbeef
+//    add r4, r4, r4  <= returned value
+Instruction *
+Instruction::next()
+{
+Instruction *ret = this+1;
+const PoolHeader *ph;
+// If this is a guard, and the next instruction is a header, always work around the pool
+// If it isn't a guard, then start looking ahead.
+if (InstIsGuard(this, &ph))
+return ret + ph->size();
+if (InstIsArtificialGuard(ret, &ph))
+return ret + 1 + ph->size();
+if (InstIsBNop(ret))
+return ret + 1;
+return ret;
+}
+void
+Assembler::ToggleToJmp(CodeLocationLabel inst_)
+{
+uint32_t *ptr = (uint32_t *)inst_.raw();
+DebugOnly<Instruction *> inst = (Instruction *)inst_.raw();
+JS_ASSERT(inst->is<InstCMP>());
+// Zero bits 20-27, then set 24-27 to be correct for a branch.
+// 20-23 will be party of the B's immediate, and should be 0.
+*ptr = (*ptr & ~(0xff << 20)) | (0xa0 << 20);
+AutoFlushICache::flush(uintptr_t(ptr), 4);
+}
+void
+Assembler::ToggleToCmp(CodeLocationLabel inst_)
+{
+uint32_t *ptr = (uint32_t *)inst_.raw();
+DebugOnly<Instruction *> inst = (Instruction *)inst_.raw();
+JS_ASSERT(inst->is<InstBImm>());
+// Ensure that this masking operation doesn't affect the offset of the
+// branch instruction when it gets toggled back.
+JS_ASSERT((*ptr & (0xf << 20)) == 0);
+// Also make sure that the CMP is valid. Part of having a valid CMP is that
+// all of the bits describing the destination in most ALU instructions are
+// all unset (looks like it is encoding r0).
+JS_ASSERT(toRD(*inst) == r0);
+// Zero out bits 20-27, then set them to be correct for a compare.
+*ptr = (*ptr & ~(0xff << 20)) | (0x35 << 20);
+AutoFlushICache::flush(uintptr_t(ptr), 4);
+}
+void
+Assembler::ToggleCall(CodeLocationLabel inst_, bool enabled)
+{
+Instruction *inst = (Instruction *)inst_.raw();
+JS_ASSERT(inst->is<InstMovW>() || inst->is<InstLDR>());
+if (inst->is<InstMovW>()) {
+// If it looks like the start of a movw/movt sequence,
+// then make sure we have all of it (and advance the iterator
+// past the full sequence)
+inst = inst->next();
+JS_ASSERT(inst->is<InstMovT>());
+}
+inst = inst->next();
+JS_ASSERT(inst->is<InstNOP>() || inst->is<InstBLXReg>());
+if (enabled == inst->is<InstBLXReg>()) {
+// Nothing to do.
+return;
+}
+if (enabled)
+*inst = InstBLXReg(ScratchRegister, Always);
+else
+*inst = InstNOP();
+AutoFlushICache::flush(uintptr_t(inst), 4);
+}
+void Assembler::updateBoundsCheck(uint32_t heapSize, Instruction *inst)
+{
+JS_ASSERT(inst->is<InstCMP>());
+InstCMP *cmp = inst->as<InstCMP>();
+Register index;
+cmp->extractOp1(&index);
+Operand2 op = cmp->extractOp2();
+JS_ASSERT(op.isImm8());
+Imm8 imm8 = Imm8(heapSize);
+JS_ASSERT(!imm8.invalid);
+*inst = InstALU(InvalidReg, index, imm8, op_cmp, SetCond, Always);
+// NOTE: we don't update the Auto Flush Cache!  this function is currently only called from
+// within AsmJSModule::patchHeapAccesses, which does that for us.  Don't call this!
+}
+InstructionIterator::InstructionIterator(Instruction *i_) : i(i_) {
+const PoolHeader *ph;
+// If this is a guard, and the next instruction is a header, always work around the pool
+// If it isn't a guard, then start looking ahead.
+if (InstIsArtificialGuard(i, &ph)) {
+i = i->next();
+}
+}
+Assembler *Assembler::dummy = nullptr;

The Tor Browser / file comparison

comparison: js/src/jit/arm/Assembler-arm.cpp

js/src/jit/arm/Assembler-arm.cpp