/*
* Copyright (C) 2011 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef DFGSpeculativeJIT_h
#define DFGSpeculativeJIT_h
#if ENABLE(DFG_JIT)
#include <dfg/DFGJITCodeGenerator.h>
namespace JSC { namespace DFG {
class SpeculativeJIT;
// This enum describes the types of additional recovery that
// may need be performed should a speculation check fail.
enum SpeculationRecoveryType {
SpeculativeAdd
};
// === SpeculationRecovery ===
//
// This class provides additional information that may be associated with a
// speculation check - for example
class SpeculationRecovery {
public:
SpeculationRecovery(SpeculationRecoveryType type, GPRReg dest, GPRReg src)
: m_type(type)
, m_dest(dest)
, m_src(src)
{
}
SpeculationRecoveryType type() { return m_type; }
GPRReg dest() { return m_dest; }
GPRReg src() { return m_src; }
private:
// Indicates the type of additional recovery to be performed.
SpeculationRecoveryType m_type;
// different recovery types may required different additional information here.
GPRReg m_dest;
GPRReg m_src;
};
// === SpeculationCheck ===
//
// This structure records a bail-out from the speculative path,
// which will need to be linked in to the non-speculative one.
struct SpeculationCheck {
SpeculationCheck(MacroAssembler::Jump, SpeculativeJIT*, unsigned recoveryIndex = 0);
// The location of the jump out from the speculative path,
// and the node we were generating code for.
MacroAssembler::Jump m_check;
NodeIndex m_nodeIndex;
// Used to record any additional recovery to be performed; this
// value is an index into the SpeculativeJIT's m_speculationRecoveryList
// array, offset by 1. (m_recoveryIndex == 0) means no recovery.
unsigned m_recoveryIndex;
struct RegisterInfo {
NodeIndex nodeIndex;
DataFormat format;
};
RegisterInfo m_gprInfo[numberOfGPRs];
NodeIndex m_fprInfo[numberOfFPRs];
};
typedef SegmentedVector<SpeculationCheck, 16> SpeculationCheckVector;
// === SpeculativeJIT ===
//
// The SpeculativeJIT is used to generate a fast, but potentially
// incomplete code path for the dataflow. When code generating
// we may make assumptions about operand types, dynamically check,
// and bail-out to an alternate code path if these checks fail.
// Importantly, the speculative code path cannot be reentered once
// a speculative check has failed. This allows the SpeculativeJIT
// to propagate type information (including information that has
// only speculatively been asserted) through the dataflow.
class SpeculativeJIT : public JITCodeGenerator {
friend struct SpeculationCheck;
public:
SpeculativeJIT(JITCompiler& jit)
: JITCodeGenerator(jit, true)
, m_didTerminate(false)
{
}
bool compile();
// Retrieve the list of bail-outs from the speculative path,
// and additional recovery information.
SpeculationCheckVector& speculationChecks()
{
return m_speculationChecks;
}
SpeculationRecovery* speculationRecovery(size_t index)
{
// SpeculationCheck::m_recoveryIndex is offset by 1,
// 0 means no recovery.
return index ? &m_speculationRecoveryList[index - 1] : 0;
}
// Called by the speculative operand types, below, to fill operand to
// machine registers, implicitly generating speculation checks as needed.
GPRReg fillSpeculateInt(NodeIndex, DataFormat& returnFormat);
GPRReg fillSpeculateIntStrict(NodeIndex);
GPRReg fillSpeculateCell(NodeIndex);
private:
bool compile(Node&);
bool compile(BasicBlock&);
bool isDoubleConstantWithInt32Value(NodeIndex nodeIndex, int32_t& out)
{
if (!m_jit.isDoubleConstant(nodeIndex))
return false;
double value = m_jit.valueOfDoubleConstant(nodeIndex);
int32_t asInt32 = static_cast<int32_t>(value);
if (value != asInt32)
return false;
if (!asInt32 && signbit(value))
return false;
out = asInt32;
return true;
}
// Add a speculation check without additional recovery.
void speculationCheck(MacroAssembler::Jump jumpToFail)
{
m_speculationChecks.append(SpeculationCheck(jumpToFail, this));
}
// Add a speculation check with additional recovery.
void speculationCheck(MacroAssembler::Jump jumpToFail, const SpeculationRecovery& recovery)
{
m_speculationRecoveryList.append(recovery);
m_speculationChecks.append(SpeculationCheck(jumpToFail, this, m_speculationRecoveryList.size()));
}
// Called when we statically determine that a speculation will fail.
void terminateSpeculativeExecution()
{
// FIXME: in cases where we can statically determine we're going to bail out from the speculative
// JIT we should probably rewind code generation and only produce the non-speculative path.
m_didTerminate = true;
speculationCheck(m_jit.jump());
}
template<bool strict>
GPRReg fillSpeculateIntInternal(NodeIndex, DataFormat& returnFormat);
// It is possible, during speculative generation, to reach a situation in which we
// can statically determine a speculation will fail (for example, when two nodes
// will make conflicting speculations about the same operand). In such cases this
// flag is set, indicating no further code generation should take place.
bool m_didTerminate;
// This vector tracks bail-outs from the speculative path to the non-speculative one.
SpeculationCheckVector m_speculationChecks;
// Some bail-outs need to record additional information recording specific recovery
// to be performed (for example, on detected overflow from an add, we may need to
// reverse the addition if an operand is being overwritten).
Vector<SpeculationRecovery, 16> m_speculationRecoveryList;
};
// === Speculative Operand types ===
//
// SpeculateIntegerOperand, SpeculateStrictInt32Operand and SpeculateCellOperand.
//
// These are used to lock the operands to a node into machine registers within the
// SpeculativeJIT. The classes operate like those provided by the JITCodeGenerator,
// however these will perform a speculative check for a more restrictive type than
// we can statically determine the operand to have. If the operand does not have
// the requested type, a bail-out to the non-speculative path will be taken.
class SpeculateIntegerOperand {
public:
explicit SpeculateIntegerOperand(SpeculativeJIT* jit, NodeIndex index)
: m_jit(jit)
, m_index(index)
, m_gprOrInvalid(InvalidGPRReg)
#ifndef NDEBUG
, m_format(DataFormatNone)
#endif
{
ASSERT(m_jit);
if (jit->isFilled(index))
gpr();
}
~SpeculateIntegerOperand()
{
ASSERT(m_gprOrInvalid != InvalidGPRReg);
m_jit->unlock(m_gprOrInvalid);
}
NodeIndex index() const
{
return m_index;
}
GPRReg gpr()
{
if (m_gprOrInvalid == InvalidGPRReg)
m_gprOrInvalid = m_jit->fillSpeculateInt(index(), m_format);
return m_gprOrInvalid;
}
DataFormat format()
{
gpr(); // m_format is set when m_gpr is locked.
ASSERT(m_format == DataFormatInteger || m_format == DataFormatJSInteger);
return m_format;
}
MacroAssembler::RegisterID registerID()
{
return JITCompiler::gprToRegisterID(gpr());
}
private:
SpeculativeJIT* m_jit;
NodeIndex m_index;
GPRReg m_gprOrInvalid;
DataFormat m_format;
};
class SpeculateStrictInt32Operand {
public:
explicit SpeculateStrictInt32Operand(SpeculativeJIT* jit, NodeIndex index)
: m_jit(jit)
, m_index(index)
, m_gprOrInvalid(InvalidGPRReg)
{
ASSERT(m_jit);
if (jit->isFilled(index))
gpr();
}
~SpeculateStrictInt32Operand()
{
ASSERT(m_gprOrInvalid != InvalidGPRReg);
m_jit->unlock(m_gprOrInvalid);
}
NodeIndex index() const
{
return m_index;
}
GPRReg gpr()
{
if (m_gprOrInvalid == InvalidGPRReg)
m_gprOrInvalid = m_jit->fillSpeculateIntStrict(index());
return m_gprOrInvalid;
}
MacroAssembler::RegisterID registerID()
{
return JITCompiler::gprToRegisterID(gpr());
}
private:
SpeculativeJIT* m_jit;
NodeIndex m_index;
GPRReg m_gprOrInvalid;
};
class SpeculateCellOperand {
public:
explicit SpeculateCellOperand(SpeculativeJIT* jit, NodeIndex index)
: m_jit(jit)
, m_index(index)
, m_gprOrInvalid(InvalidGPRReg)
{
ASSERT(m_jit);
if (jit->isFilled(index))
gpr();
}
~SpeculateCellOperand()
{
ASSERT(m_gprOrInvalid != InvalidGPRReg);
m_jit->unlock(m_gprOrInvalid);
}
NodeIndex index() const
{
return m_index;
}
GPRReg gpr()
{
if (m_gprOrInvalid == InvalidGPRReg)
m_gprOrInvalid = m_jit->fillSpeculateCell(index());
return m_gprOrInvalid;
}
MacroAssembler::RegisterID registerID()
{
return JITCompiler::gprToRegisterID(gpr());
}
private:
SpeculativeJIT* m_jit;
NodeIndex m_index;
GPRReg m_gprOrInvalid;
};
// === SpeculationCheckIndexIterator ===
//
// This class is used by the non-speculative JIT to check which
// nodes require entry points from the speculative path.
class SpeculationCheckIndexIterator {
public:
SpeculationCheckIndexIterator(SpeculationCheckVector& speculationChecks)
: m_speculationChecks(speculationChecks)
, m_iter(m_speculationChecks.begin())
, m_end(m_speculationChecks.end())
{
}
bool hasCheckAtIndex(NodeIndex nodeIndex)
{
while (m_iter != m_end) {
NodeIndex current = m_iter->m_nodeIndex;
if (current >= nodeIndex)
return current == nodeIndex;
++m_iter;
}
return false;
}
private:
SpeculationCheckVector& m_speculationChecks;
SpeculationCheckVector::Iterator m_iter;
SpeculationCheckVector::Iterator m_end;
};
} } // namespace JSC::DFG
#endif
#endif