WasmB3IRGenerator.cpp source code [webkit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp]

1	/*
2	* Copyright (C) 2016-2019 Apple Inc. All rights reserved.
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	* 1. Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* 2. Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	*
13	* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21	* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*/
25
26	#include "config.h"
27	#include "WasmB3IRGenerator.h"
28
29	#if ENABLE(WEBASSEMBLY)
30
31	#include "AllowMacroScratchRegisterUsageIf.h"
32	#include "B3BasicBlockInlines.h"
33	#include "B3CCallValue.h"
34	#include "B3Compile.h"
35	#include "B3ConstPtrValue.h"
36	#include "B3FixSSA.h"
37	#include "B3Generate.h"
38	#include "B3InsertionSet.h"
39	#include "B3SlotBaseValue.h"
40	#include "B3StackmapGenerationParams.h"
41	#include "B3SwitchValue.h"
42	#include "B3UpsilonValue.h"
43	#include "B3Validate.h"
44	#include "B3ValueInlines.h"
45	#include "B3ValueKey.h"
46	#include "B3Variable.h"
47	#include "B3VariableValue.h"
48	#include "B3WasmAddressValue.h"
49	#include "B3WasmBoundsCheckValue.h"
50	#include "DisallowMacroScratchRegisterUsage.h"
51	#include "JSCInlines.h"
52	#include "ScratchRegisterAllocator.h"
53	#include "VirtualRegister.h"
54	#include "WasmCallingConvention.h"
55	#include "WasmContextInlines.h"
56	#include "WasmExceptionType.h"
57	#include "WasmFunctionParser.h"
58	#include "WasmInstance.h"
59	#include "WasmMemory.h"
60	#include "WasmOMGPlan.h"
61	#include "WasmOpcodeOrigin.h"
62	#include "WasmSignatureInlines.h"
63	#include "WasmThunks.h"
64	#include <limits>
65	#include <wtf/Optional.h>
66	#include <wtf/StdLibExtras.h>
67
68	void dumpProcedure(void* ptr)
69	{
70	JSC::B3::Procedure* proc = static_cast<JSC::B3::Procedure*>(ptr);
71	proc->dump(WTF::dataFile());
72	}
73
74	namespace JSC { namespace Wasm {
75
76	using namespace B3;
77
78	namespace {
79	namespace WasmB3IRGeneratorInternal {
80	static const bool verbose = false;
81	}
82	}
83
84	class B3IRGenerator {
85	public:
86	struct ControlData {
87	ControlData(Procedure& proc, Origin origin, Type signature, BlockType type, BasicBlock* continuation, BasicBlock* special = nullptr)
88	: blockType(type)
89	, continuation(continuation)
90	, special(special)
91	{
92	if (signature != Void)
93	result.append(proc.add<Value>(Phi, toB3Type(signature), origin));
94	}
95
96	ControlData()
97	{
98	}
99
100	void dump(PrintStream& out) const
101	{
102	switch (type()) {
103	case BlockType::If:
104	out.print("If: ");
105	break;
106	case BlockType::Block:
107	out.print("Block: ");
108	break;
109	case BlockType::Loop:
110	out.print("Loop: ");
111	break;
112	case BlockType::TopLevel:
113	out.print("TopLevel: ");
114	break;
115	}
116	out.print("Continuation: ", *continuation, ", Special: ");
117	if (special)
118	out.print(*special);
119	else
120	out.print("None");
121	}
122
123	BlockType type() const { return blockType; }
124
125	bool hasNonVoidSignature() const { return result.size(); }
126
127	BasicBlock* targetBlockForBranch()
128	{
129	if (type() == BlockType::Loop)
130	return special;
131	return continuation;
132	}
133
134	void convertIfToBlock()
135	{
136	ASSERT(type() == BlockType::If);
137	blockType = BlockType::Block;
138	special = nullptr;
139	}
140
141	using ResultList = Vector<Value, `1`>; // Value must be a Phi*
142
143	ResultList resultForBranch() const
144	{
145	if (type() == BlockType::Loop)
146	return ResultList ();
147	return result;
148	}
149
150	private:
151	friend class B3IRGenerator;
152	BlockType blockType;
153	BasicBlock* continuation;
154	BasicBlock* special;
155	ResultList result;
156	};
157
158	typedef Value* ExpressionType;
159	typedef ControlData ControlType;
160	typedef Vector<ExpressionType, `1`> ExpressionList;
161	typedef ControlData::ResultList ResultList;
162	typedef FunctionParser<B3IRGenerator>::ControlEntry ControlEntry;
163
164	static constexpr ExpressionType emptyExpression() { return nullptr; }
165
166	typedef String ErrorType;
167	typedef Unexpected<ErrorType> UnexpectedResult;
168	typedef Expected<std::unique_ptr<InternalFunction>, ErrorType> Result;
169	typedef Expected<void, ErrorType> PartialResult;
170	template <typename ...Args>
171	NEVER_INLINE UnexpectedResult WARN_UNUSED_RETURN fail(Args... args) const
172	{
173	using namespace FailureHelper; // See ADL comment in WasmParser.h.
174	return UnexpectedResult(makeString("WebAssembly.Module failed compiling: "_s, makeString(args)...));
175	}
176	#define WASM_COMPILE_FAIL_IF(condition, ...) do { \
177	if (UNLIKELY(condition)) \
178	return fail(__VA_ARGS__); \
179	} while (0)
180
181	B3IRGenerator(const ModuleInformation&, Procedure&, InternalFunction, Vector<UnlinkedWasmToWasmCall>&, MemoryMode, CompilationMode, unsigned* functionIndex, TierUpCount*, ThrowWasmException);
182
183	PartialResult WARN_UNUSED_RETURN addArguments(const Signature&);
184	PartialResult WARN_UNUSED_RETURN addLocal(Type, uint32_t);
185	ExpressionType addConstant(Type, uint64_t);
186
187	PartialResult WARN_UNUSED_RETURN addRefIsNull(ExpressionType& value, ExpressionType& result);
188
189	// Locals
190	PartialResult WARN_UNUSED_RETURN getLocal(uint32_t index, ExpressionType& result);
191	PartialResult WARN_UNUSED_RETURN setLocal(uint32_t index, ExpressionType value);
192
193	// Globals
194	PartialResult WARN_UNUSED_RETURN getGlobal(uint32_t index, ExpressionType& result);
195	PartialResult WARN_UNUSED_RETURN setGlobal(uint32_t index, ExpressionType value);
196
197	// Memory
198	PartialResult WARN_UNUSED_RETURN load(LoadOpType, ExpressionType pointer, ExpressionType& result, uint32_t offset);
199	PartialResult WARN_UNUSED_RETURN store(StoreOpType, ExpressionType pointer, ExpressionType value, uint32_t offset);
200	PartialResult WARN_UNUSED_RETURN addGrowMemory(ExpressionType delta, ExpressionType& result);
201	PartialResult WARN_UNUSED_RETURN addCurrentMemory(ExpressionType& result);
202
203	// Basic operators
204	template<OpType>
205	PartialResult WARN_UNUSED_RETURN addOp(ExpressionType arg, ExpressionType& result);
206	template<OpType>
207	PartialResult WARN_UNUSED_RETURN addOp(ExpressionType left, ExpressionType right, ExpressionType& result);
208	PartialResult WARN_UNUSED_RETURN addSelect(ExpressionType condition, ExpressionType nonZero, ExpressionType zero, ExpressionType& result);
209
210	// Control flow
211	ControlData WARN_UNUSED_RETURN addTopLevel(Type signature);
212	ControlData WARN_UNUSED_RETURN addBlock(Type signature);
213	ControlData WARN_UNUSED_RETURN addLoop(Type signature);
214	PartialResult WARN_UNUSED_RETURN addIf(ExpressionType condition, Type signature, ControlData& result);
215	PartialResult WARN_UNUSED_RETURN addElse(ControlData&, const ExpressionList&);
216	PartialResult WARN_UNUSED_RETURN addElseToUnreachable(ControlData&);
217
218	PartialResult WARN_UNUSED_RETURN addReturn(const ControlData&, const ExpressionList& returnValues);
219	PartialResult WARN_UNUSED_RETURN addBranch(ControlData&, ExpressionType condition, const ExpressionList& returnValues);
220	PartialResult WARN_UNUSED_RETURN addSwitch(ExpressionType condition, const Vector<ControlData>& targets, ControlData& defaultTargets, const* ExpressionList& expressionStack);
221	PartialResult WARN_UNUSED_RETURN endBlock(ControlEntry&, ExpressionList& expressionStack);
222	PartialResult WARN_UNUSED_RETURN addEndToUnreachable(ControlEntry&);
223
224	// Calls
225	PartialResult WARN_UNUSED_RETURN addCall(uint32_t calleeIndex, const Signature&, Vector<ExpressionType>& args, ExpressionType& result);
226	PartialResult WARN_UNUSED_RETURN addCallIndirect(const Signature&, Vector<ExpressionType>& args, ExpressionType& result);
227	PartialResult WARN_UNUSED_RETURN addUnreachable();
228
229	void dump(const Vector<ControlEntry>& controlStack, const ExpressionList* expressionStack);
230	void setParser(FunctionParser<B3IRGenerator>* parser) { m_parser = parser; };
231
232	Value* constant(B3::Type, uint64_t bits, Optional<Origin> = WTF::nullopt);
233	void insertConstants();
234
235	ALWAYS_INLINE void didKill(ExpressionType) { }
236
237	private:
238	void emitExceptionCheck(CCallHelpers&, ExceptionType);
239
240	void emitTierUpCheck(uint32_t decrementCount, Origin);
241
242	ExpressionType emitCheckAndPreparePointer(ExpressionType pointer, uint32_t offset, uint32_t sizeOfOp);
243	B3::Kind memoryKind(B3::Opcode memoryOp);
244	ExpressionType emitLoadOp(LoadOpType, ExpressionType pointer, uint32_t offset);
245	void emitStoreOp(StoreOpType, ExpressionType pointer, ExpressionType value, uint32_t offset);
246
247	void unify(const ExpressionType phi, const ExpressionType source);
248	void unifyValuesWithBlock(const ExpressionList& resultStack, const ResultList& stack);
249
250	void emitChecksForModOrDiv(B3::Opcode, ExpressionType left, ExpressionType right);
251
252	int32_t WARN_UNUSED_RETURN fixupPointerPlusOffset(ExpressionType&, uint32_t);
253
254	void restoreWasmContextInstance(Procedure&, BasicBlock, Value);
255	enum class RestoreCachedStackLimit { No, Yes };
256	void restoreWebAssemblyGlobalState(RestoreCachedStackLimit, const MemoryInformation&, Value* instance, Procedure&, BasicBlock*);
257
258	Origin origin();
259
260	FunctionParser<B3IRGenerator>* m_parser { nullptr };
261	const ModuleInformation& m_info;
262	const MemoryMode m_mode { MemoryMode::BoundsChecking };
263	const CompilationMode m_compilationMode { CompilationMode::BBQMode };
264	const unsigned m_functionIndex { UINT_MAX };
265	const TierUpCount* m_tierUp { nullptr };
266
267	Procedure& m_proc;
268	BasicBlock* m_currentBlock { nullptr };
269	Vector<Variable*> m_locals;
270	Vector<UnlinkedWasmToWasmCall>& m_unlinkedWasmToWasmCalls; // List each call site and the function index whose address it should be patched with.
271	HashMap<ValueKey, Value*> m_constantPool;
272	InsertionSet m_constantInsertionValues;
273	GPRReg m_memoryBaseGPR { InvalidGPRReg };
274	GPRReg m_memorySizeGPR { InvalidGPRReg };
275	GPRReg m_wasmContextInstanceGPR { InvalidGPRReg };
276	bool m_makesCalls { false };
277
278	Value* m_instanceValue { nullptr }; // Always use the accessor below to ensure the instance value is materialized when used.
279	bool m_usesInstanceValue { false };
280	Value* instanceValue()
281	{
282	m_usesInstanceValue = true;
283	return m_instanceValue;
284	}
285
286	uint32_t m_maxNumJSCallArguments { `0` };
287	};
288
289	// Memory accesses in WebAssembly have unsigned 32-bit offsets, whereas they have signed 32-bit offsets in B3.
290	int32_t B3IRGenerator::fixupPointerPlusOffset(ExpressionType& ptr, uint32_t offset)
291	{
292	if (static_cast<uint64_t>(offset) > static_cast<uint64_t>(std::numeric_limits<int32_t>::max())) {
293	ptr = m_currentBlock->appendNew<Value>(m_proc, Add, origin(), ptr, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), offset));
294	return `0`;
295	}
296	return offset;
297	}
298
299	void B3IRGenerator::restoreWasmContextInstance(Procedure& proc, BasicBlock* block, Value* arg)
300	{
301	if (Context::useFastTLS()) {
302	PatchpointValue* patchpoint = block->appendNew<PatchpointValue>(proc, B3::Void, Origin ());
303	if (CCallHelpers::storeWasmContextInstanceNeedsMacroScratchRegister())
304	patchpoint->clobber(RegisterSet::macroScratchRegisters());
305	patchpoint->append(ConstrainedValue (arg, ValueRep::SomeRegister));
306	patchpoint->setGenerator(
307	[=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
308	AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::storeWasmContextInstanceNeedsMacroScratchRegister());
309	jit.storeWasmContextInstance(params [`0`].gpr());
310	});
311	return;
312	}
313
314	// FIXME: Because WasmToWasm call clobbers wasmContextInstance register and does not restore it, we need to restore it in the caller side.
315	// This prevents us from using ArgumentReg to this (logically) immutable pinned register.
316	PatchpointValue* patchpoint = block->appendNew<PatchpointValue>(proc, B3::Void, Origin ());
317	Effects effects = Effects::none();
318	effects.writesPinned = true;
319	effects.reads = B3::HeapRange::top();
320	patchpoint->effects = effects;
321	patchpoint->clobberLate(RegisterSet (m_wasmContextInstanceGPR));
322	patchpoint->append(arg, ValueRep::SomeRegister);
323	GPRReg wasmContextInstanceGPR = m_wasmContextInstanceGPR;
324	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& param) {
325	jit.move(param [`0`].gpr(), wasmContextInstanceGPR);
326	});
327	}
328
329	B3IRGenerator::B3IRGenerator(const ModuleInformation& info, Procedure& procedure, InternalFunction* compilation, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, MemoryMode mode, CompilationMode compilationMode, unsigned functionIndex, TierUpCount* tierUp, ThrowWasmException throwWasmException)
330	: m_info(info)
331	, m_mode(mode)
332	, m_compilationMode(compilationMode)
333	, m_functionIndex(functionIndex)
334	, m_tierUp(tierUp)
335	, m_proc(procedure)
336	, m_unlinkedWasmToWasmCalls(unlinkedWasmToWasmCalls)
337	, m_constantInsertionValues (m_proc)
338	{
339	m_currentBlock = m_proc.addBlock();
340
341	// FIXME we don't really need to pin registers here if there's no memory. It makes wasm -> wasm thunks simpler for now. https://bugs.webkit.org/show_bug.cgi?id=166623
342	const PinnedRegisterInfo& pinnedRegs = PinnedRegisterInfo::get();
343
344	m_memoryBaseGPR = pinnedRegs.baseMemoryPointer;
345	m_proc.pinRegister(m_memoryBaseGPR);
346
347	m_wasmContextInstanceGPR = pinnedRegs.wasmContextInstancePointer;
348	if (!Context::useFastTLS())
349	m_proc.pinRegister(m_wasmContextInstanceGPR);
350
351	if (mode != MemoryMode::Signaling) {
352	m_memorySizeGPR = pinnedRegs.sizeRegister;
353	m_proc.pinRegister(m_memorySizeGPR);
354	}
355
356	if (throwWasmException)
357	Thunks::singleton().setThrowWasmException(throwWasmException);
358
359	if (info.memory) {
360	m_proc.setWasmBoundsCheckGenerator([=] (CCallHelpers& jit, GPRReg pinnedGPR) {
361	AllowMacroScratchRegisterUsage allowScratch(jit);
362	switch (m_mode) {
363	case MemoryMode::BoundsChecking:
364	ASSERT_UNUSED(pinnedGPR, m_memorySizeGPR == pinnedGPR);
365	break;
366	case MemoryMode::Signaling:
367	ASSERT_UNUSED(pinnedGPR, InvalidGPRReg == pinnedGPR);
368	break;
369	}
370	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
371	});
372
373	switch (m_mode) {
374	case MemoryMode::BoundsChecking:
375	break;
376	case MemoryMode::Signaling:
377	// Most memory accesses in signaling mode don't do an explicit
378	// exception check because they can rely on fault handling to detect
379	// out-of-bounds accesses. FaultSignalHandler nonetheless needs the
380	// thunk to exist so that it can jump to that thunk.
381	if (UNLIKELY(!Thunks::singleton().stub(throwExceptionFromWasmThunkGenerator)))
382	CRASH();
383	break;
384	}
385	}
386
387	wasmCallingConvention().setupFrameInPrologue(&compilation->calleeMoveLocation, m_proc, Origin (), m_currentBlock);
388
389	{
390	B3::Value* framePointer = m_currentBlock->appendNew<B3::Value>(m_proc, B3::FramePointer, Origin ());
391	B3::PatchpointValue* stackOverflowCheck = m_currentBlock->appendNew<B3::PatchpointValue>(m_proc, pointerType(), Origin ());
392	m_instanceValue = stackOverflowCheck;
393	stackOverflowCheck->appendSomeRegister(framePointer);
394	stackOverflowCheck->clobber(RegisterSet::macroScratchRegisters());
395	if (!Context::useFastTLS()) {
396	// FIXME: Because WasmToWasm call clobbers wasmContextInstance register and does not restore it, we need to restore it in the caller side.
397	// This prevents us from using ArgumentReg to this (logically) immutable pinned register.
398	stackOverflowCheck->effects.writesPinned = false;
399	stackOverflowCheck->effects.readsPinned = true;
400	stackOverflowCheck->resultConstraint = ValueRep::reg(m_wasmContextInstanceGPR);
401	}
402	stackOverflowCheck->numGPScratchRegisters = `2`;
403	stackOverflowCheck->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
404	const Checked<int32_t> wasmFrameSize = params.proc().frameSize();
405	const unsigned minimumParentCheckSize = WTF::roundUpToMultipleOf(stackAlignmentBytes(), `1024`);
406	const unsigned extraFrameSize = WTF::roundUpToMultipleOf(stackAlignmentBytes(), std::max<uint32_t>(
407	// This allows us to elide stack checks for functions that are terminal nodes in the call
408	// tree, (e.g they don't make any calls) and have a small enough frame size. This works by
409	// having any such terminal node have its parent caller include some extra size in its
410	// own check for it. The goal here is twofold:
411	// 1. Emit less code.
412	// 2. Try to speed things up by skipping stack checks.
413	minimumParentCheckSize,
414	// This allows us to elide stack checks in the Wasm -> Embedder call IC stub. Since these will
415	// spill all arguments to the stack, we ensure that a stack check here covers the
416	// stack that such a stub would use.
417	(Checked<uint32_t>(m_maxNumJSCallArguments) * sizeof(Register) + jscCallingConvention().headerSizeInBytes()).unsafeGet()
418	));
419	const int32_t checkSize = m_makesCalls ? (wasmFrameSize + extraFrameSize).unsafeGet() : wasmFrameSize.unsafeGet();
420	bool needUnderflowCheck = static_cast<unsigned>(checkSize) > Options::reservedZoneSize();
421	bool needsOverflowCheck = m_makesCalls \|\| wasmFrameSize >= minimumParentCheckSize \|\| needUnderflowCheck;
422
423	GPRReg contextInstance = Context::useFastTLS() ? params [`0`].gpr() : m_wasmContextInstanceGPR;
424
425	// This allows leaf functions to not do stack checks if their frame size is within
426	// certain limits since their caller would have already done the check.
427	if (needsOverflowCheck) {
428	AllowMacroScratchRegisterUsage allowScratch(jit);
429	GPRReg fp = params [`1`].gpr();
430	GPRReg scratch1 = params.gpScratch(`0`);
431	GPRReg scratch2 = params.gpScratch(`1`);
432
433	if (Context::useFastTLS())
434	jit.loadWasmContextInstance(contextInstance);
435
436	jit.loadPtr(CCallHelpers::Address (contextInstance, Instance::offsetOfCachedStackLimit()), scratch2);
437	jit.addPtr(CCallHelpers::TrustedImm32 (-checkSize), fp, scratch1);
438	MacroAssembler::JumpList overflow;
439	if (UNLIKELY(needUnderflowCheck))
440	overflow.append(jit.branchPtr(CCallHelpers::Above, scratch1, fp));
441	overflow.append(jit.branchPtr(CCallHelpers::Below, scratch1, scratch2));
442	jit.addLinkTask([overflow] (LinkBuffer& linkBuffer) {
443	linkBuffer.link(overflow, CodeLocationLabel<JITThunkPtrTag>(Thunks::singleton().stub(throwStackOverflowFromWasmThunkGenerator).code()));
444	});
445	} else if (m_usesInstanceValue && Context::useFastTLS()) {
446	// No overflow check is needed, but the instance values still needs to be correct.
447	AllowMacroScratchRegisterUsageIf allowScratch(jit, CCallHelpers::loadWasmContextInstanceNeedsMacroScratchRegister());
448	jit.loadWasmContextInstance(contextInstance);
449	} else {
450	// We said we'd return a pointer. We don't actually need to because it isn't used, but the patchpoint conservatively said it had effects (potential stack check) which prevent it from getting removed.
451	}
452	});
453	}
454
455	emitTierUpCheck(TierUpCount::functionEntryDecrement(), Origin ());
456	}
457
458	void B3IRGenerator::restoreWebAssemblyGlobalState(RestoreCachedStackLimit restoreCachedStackLimit, const MemoryInformation& memory, Value* instance, Procedure& proc, BasicBlock* block)
459	{
460	restoreWasmContextInstance(proc, block, instance);
461
462	if (restoreCachedStackLimit == RestoreCachedStackLimit::Yes) {
463	// The Instance caches the stack limit, but also knows where its canonical location is.
464	Value* pointerToActualStackLimit = block->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfPointerToActualStackLimit()));
465	Value* actualStackLimit = block->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), pointerToActualStackLimit);
466	block->appendNew<MemoryValue>(m_proc, Store, origin(), actualStackLimit, instanceValue(), safeCast<int32_t>(Instance::offsetOfCachedStackLimit()));
467	}
468
469	if (!!memory) {
470	const PinnedRegisterInfo* pinnedRegs = &PinnedRegisterInfo::get();
471	RegisterSet clobbers;
472	clobbers.set(pinnedRegs->baseMemoryPointer);
473	clobbers.set(pinnedRegs->sizeRegister);
474	if (!isARM64())
475	clobbers.set(RegisterSet::macroScratchRegisters());
476
477	B3::PatchpointValue* patchpoint = block->appendNew<B3::PatchpointValue>(proc, B3::Void, origin());
478	Effects effects = Effects::none();
479	effects.writesPinned = true;
480	effects.reads = B3::HeapRange::top();
481	patchpoint->effects = effects;
482	patchpoint->clobber(clobbers);
483	patchpoint->numGPScratchRegisters = Gigacage::isEnabled(Gigacage::Primitive) ? `1` : `0`;
484
485	patchpoint->append(instance, ValueRep::SomeRegister);
486	patchpoint->setGenerator([pinnedRegs] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
487	RELEASE_ASSERT(!Gigacage::isEnabled(Gigacage::Primitive) \|\| !isARM64());
488	AllowMacroScratchRegisterUsageIf allowScratch(jit, !isARM64());
489	GPRReg baseMemory = pinnedRegs->baseMemoryPointer;
490	GPRReg scratchOrSize = Gigacage::isEnabled(Gigacage::Primitive) ? params.gpScratch(`0`) : pinnedRegs->sizeRegister;
491
492	jit.loadPtr(CCallHelpers::Address (params [`0`].gpr(), Instance::offsetOfCachedMemorySize()), pinnedRegs->sizeRegister);
493	jit.loadPtr(CCallHelpers::Address (params [`0`].gpr(), Instance::offsetOfCachedMemory()), baseMemory);
494
495	jit.cageConditionally(Gigacage::Primitive, baseMemory, scratchOrSize);
496	});
497	}
498	}
499
500	void B3IRGenerator::emitExceptionCheck(CCallHelpers& jit, ExceptionType type)
501	{
502	jit.move(CCallHelpers::TrustedImm32 (static_cast<uint32_t>(type)), GPRInfo::argumentGPR1);
503	auto jumpToExceptionStub = jit.jump();
504
505	jit.addLinkTask([jumpToExceptionStub] (LinkBuffer& linkBuffer) {
506	linkBuffer.link(jumpToExceptionStub, CodeLocationLabel<JITThunkPtrTag>(Thunks::singleton().stub(throwExceptionFromWasmThunkGenerator).code()));
507	});
508	}
509
510	Value* B3IRGenerator::constant(B3::Type type, uint64_t bits, Optional<Origin> maybeOrigin)
511	{
512	auto result = m_constantPool.ensure(ValueKey (opcodeForConstant(type), type, static_cast<int64_t>(bits)), [&] {
513	Value* result = m_proc.addConstant(maybeOrigin ? *maybeOrigin : origin(), type, bits);
514	m_constantInsertionValues.insertValue(`0`, result);
515	return result;
516	});
517	return result.iterator ->value;
518	}
519
520	void B3IRGenerator::insertConstants()
521	{
522	m_constantInsertionValues.execute(m_proc.at(`0`));
523	}
524
525	auto B3IRGenerator::addLocal(Type type, uint32_t count) -> PartialResult
526	{
527	Checked<uint32_t, RecordOverflow> totalBytesChecked = count;
528	totalBytesChecked += m_locals.size();
529	uint32_t totalBytes;
530	WASM_COMPILE_FAIL_IF((totalBytesChecked.safeGet(totalBytes) == CheckedState::DidOverflow) \|\| !m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ", totalBytes, " locals");
531
532	for (uint32_t i = `0`; i < count; ++i) {
533	Variable* local = m_proc.addVariable(toB3Type(type));
534	m_locals.uncheckedAppend(local);
535	m_currentBlock->appendNew<VariableValue>(m_proc, Set, Origin (), local, constant(toB3Type(type), `0`, Origin ()));
536	}
537	return { };
538	}
539
540	auto B3IRGenerator::addArguments(const Signature& signature) -> PartialResult
541	{
542	ASSERT(!m_locals.size());
543	WASM_COMPILE_FAIL_IF(!m_locals.tryReserveCapacity(signature.argumentCount()), "can't allocate memory for ", signature.argumentCount(), " arguments");
544
545	m_locals.grow(signature.argumentCount());
546	wasmCallingConvention().loadArguments(signature, m_proc, m_currentBlock, Origin (),
547	[=] (ExpressionType argument, unsigned i) {
548	Variable* argumentVariable = m_proc.addVariable(argument->type());
549	m_locals [i] = argumentVariable;
550	m_currentBlock->appendNew<VariableValue>(m_proc, Set, Origin (), argumentVariable, argument);
551	});
552	return { };
553	}
554
555	auto B3IRGenerator::addRefIsNull(ExpressionType& value, ExpressionType& result) -> PartialResult
556	{
557	result = m_currentBlock->appendNew<Value>(m_proc, B3::Equal, origin(), value, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), JSValue::encode(jsNull())));
558	return { };
559	}
560
561	auto B3IRGenerator::getLocal(uint32_t index, ExpressionType& result) -> PartialResult
562	{
563	ASSERT(m_locals[index]);
564	result = m_currentBlock->appendNew<VariableValue>(m_proc, B3::Get, origin(), m_locals [index]);
565	return { };
566	}
567
568	auto B3IRGenerator::addUnreachable() -> PartialResult
569	{
570	B3::PatchpointValue* unreachable = m_currentBlock->appendNew<B3::PatchpointValue>(m_proc, B3::Void, origin());
571	unreachable->setGenerator([this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
572	this->emitExceptionCheck(jit, ExceptionType::Unreachable);
573	});
574	unreachable->effects.terminal = true;
575	return { };
576	}
577
578	auto B3IRGenerator::addGrowMemory(ExpressionType delta, ExpressionType& result) -> PartialResult
579	{
580	int32_t (growMemory)(void*, Instance, int32_t) = [] (void* callFrame, Instance* instance, int32_t delta) -> int32_t {
581	instance->storeTopCallFrame(callFrame);
582
583	if (delta < `0`)
584	return -`1`;
585
586	auto grown = instance->memory()->grow(PageCount (delta));
587	if (!grown) {
588	switch (grown.error()) {
589	case Memory::GrowFailReason::InvalidDelta:
590	case Memory::GrowFailReason::InvalidGrowSize:
591	case Memory::GrowFailReason::WouldExceedMaximum:
592	case Memory::GrowFailReason::OutOfMemory:
593	return -`1`;
594	}
595	RELEASE_ASSERT_NOT_REACHED();
596	}
597
598	return grown.value().pageCount();
599	};
600
601	result = m_currentBlock->appendNew<CCallValue>(m_proc, Int32, origin(),
602	m_currentBlock->appendNew<ConstPtrValue>(m_proc, origin(), tagCFunctionPtr<void*>(growMemory, B3CCallPtrTag)),
603	m_currentBlock->appendNew<B3::Value>(m_proc, B3::FramePointer, origin()), instanceValue(), delta);
604
605	restoreWebAssemblyGlobalState(RestoreCachedStackLimit::No, m_info.memory, instanceValue(), m_proc, m_currentBlock);
606
607	return { };
608	}
609
610	auto B3IRGenerator::addCurrentMemory(ExpressionType& result) -> PartialResult
611	{
612	static_assert(sizeof(decltype(static_cast<Memory>(nullptr)->size())) == sizeof*(uint64_t), "codegen relies on this size");
613	Value* size = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int64, origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfCachedMemorySize()));
614
615	constexpr uint32_t shiftValue = `16`;
616	static_assert(PageCount::pageSize == `1ull` << shiftValue, "This must hold for the code below to be correct.");
617	Value* numPages = m_currentBlock->appendNew<Value>(m_proc, ZShr, origin(),
618	size, m_currentBlock->appendNew<Const32Value>(m_proc, origin(), shiftValue));
619
620	result = m_currentBlock->appendNew<Value>(m_proc, Trunc, origin(), numPages);
621
622	return { };
623	}
624
625	auto B3IRGenerator::setLocal(uint32_t index, ExpressionType value) -> PartialResult
626	{
627	ASSERT(m_locals[index]);
628	m_currentBlock->appendNew<VariableValue>(m_proc, B3::Set, origin(), m_locals [index], value);
629	return { };
630	}
631
632	auto B3IRGenerator::getGlobal(uint32_t index, ExpressionType& result) -> PartialResult
633	{
634	Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfGlobals()));
635	result = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, toB3Type(m_info.globals [index].type), origin(), globalsArray, safeCast<int32_t>(index * sizeof(Register)));
636	return { };
637	}
638
639	auto B3IRGenerator::setGlobal(uint32_t index, ExpressionType value) -> PartialResult
640	{
641	ASSERT(toB3Type(m_info.globals[index].type) == value->type());
642	Value* globalsArray = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfGlobals()));
643	m_currentBlock->appendNew<MemoryValue>(m_proc, Store, origin(), value, globalsArray, safeCast<int32_t>(index * sizeof(Register)));
644	return { };
645	}
646
647	inline Value* B3IRGenerator::emitCheckAndPreparePointer(ExpressionType pointer, uint32_t offset, uint32_t sizeOfOperation)
648	{
649	ASSERT(m_memoryBaseGPR);
650
651	switch (m_mode) {
652	case MemoryMode::BoundsChecking: {
653	// We're not using signal handling at all, we must therefore check that no memory access exceeds the current memory size.
654	ASSERT(m_memorySizeGPR);
655	ASSERT(sizeOfOperation + offset > offset);
656	m_currentBlock->appendNew<WasmBoundsCheckValue>(m_proc, origin(), m_memorySizeGPR, pointer, sizeOfOperation + offset - `1`);
657	break;
658	}
659
660	case MemoryMode::Signaling: {
661	// We've virtually mapped 4GiB+redzone for this memory. Only the user-allocated pages are addressable, contiguously in range [0, current],
662	// and everything above is mapped PROT_NONE. We don't need to perform any explicit bounds check in the 4GiB range because WebAssembly register
663	// memory accesses are 32-bit. However WebAssembly register + offset accesses perform the addition in 64-bit which can push an access above
664	// the 32-bit limit (the offset is unsigned 32-bit). The redzone will catch most small offsets, and we'll explicitly bounds check any
665	// register + large offset access. We don't think this will be generated frequently.
666	//
667	// We could check that register + large offset doesn't exceed 4GiB+redzone since that's technically the limit we need to avoid overflowing the
668	// PROT_NONE region, but it's better if we use a smaller immediate because it can codegens better. We know that anything equal to or greater
669	// than the declared 'maximum' will trap, so we can compare against that number. If there was no declared 'maximum' then we still know that
670	// any access equal to or greater than 4GiB will trap, no need to add the redzone.
671	if (offset >= Memory::fastMappedRedzoneBytes()) {
672	size_t maximum = m_info.memory.maximum() ? m_info.memory.maximum().bytes() : std::numeric_limits<uint32_t>::max();
673	m_currentBlock->appendNew<WasmBoundsCheckValue>(m_proc, origin(), pointer, sizeOfOperation + offset - `1`, maximum);
674	}
675	break;
676	}
677	}
678
679	pointer = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), pointer);
680	return m_currentBlock->appendNew<WasmAddressValue>(m_proc, origin(), pointer, m_memoryBaseGPR);
681	}
682
683	inline uint32_t sizeOfLoadOp(LoadOpType op)
684	{
685	switch (op) {
686	case LoadOpType::I32Load8S:
687	case LoadOpType::I32Load8U:
688	case LoadOpType::I64Load8S:
689	case LoadOpType::I64Load8U:
690	return `1`;
691	case LoadOpType::I32Load16S:
692	case LoadOpType::I64Load16S:
693	case LoadOpType::I32Load16U:
694	case LoadOpType::I64Load16U:
695	return `2`;
696	case LoadOpType::I32Load:
697	case LoadOpType::I64Load32S:
698	case LoadOpType::I64Load32U:
699	case LoadOpType::F32Load:
700	return `4`;
701	case LoadOpType::I64Load:
702	case LoadOpType::F64Load:
703	return `8`;
704	}
705	RELEASE_ASSERT_NOT_REACHED();
706	}
707
708	inline B3::Kind B3IRGenerator::memoryKind(B3::Opcode memoryOp)
709	{
710	if (m_mode == MemoryMode::Signaling)
711	return trapping(memoryOp);
712	return memoryOp;
713	}
714
715	inline Value* B3IRGenerator::emitLoadOp(LoadOpType op, ExpressionType pointer, uint32_t uoffset)
716	{
717	int32_t offset = fixupPointerPlusOffset(pointer, uoffset);
718
719	switch (op) {
720	case LoadOpType::I32Load8S: {
721	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load8S), origin(), pointer, offset);
722	}
723
724	case LoadOpType::I64Load8S: {
725	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load8S), origin(), pointer, offset);
726	return m_currentBlock->appendNew<Value>(m_proc, SExt32, origin(), value);
727	}
728
729	case LoadOpType::I32Load8U: {
730	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load8Z), origin(), pointer, offset);
731	}
732
733	case LoadOpType::I64Load8U: {
734	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load8Z), origin(), pointer, offset);
735	return m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), value);
736	}
737
738	case LoadOpType::I32Load16S: {
739	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load16S), origin(), pointer, offset);
740	}
741
742	case LoadOpType::I64Load16S: {
743	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load16S), origin(), pointer, offset);
744	return m_currentBlock->appendNew<Value>(m_proc, SExt32, origin(), value);
745	}
746
747	case LoadOpType::I32Load16U: {
748	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load16Z), origin(), pointer, offset);
749	}
750
751	case LoadOpType::I64Load16U: {
752	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load16Z), origin(), pointer, offset);
753	return m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), value);
754	}
755
756	case LoadOpType::I32Load: {
757	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Int32, origin(), pointer, offset);
758	}
759
760	case LoadOpType::I64Load32U: {
761	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Int32, origin(), pointer, offset);
762	return m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), value);
763	}
764
765	case LoadOpType::I64Load32S: {
766	Value* value = m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Int32, origin(), pointer, offset);
767	return m_currentBlock->appendNew<Value>(m_proc, SExt32, origin(), value);
768	}
769
770	case LoadOpType::I64Load: {
771	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Int64, origin(), pointer, offset);
772	}
773
774	case LoadOpType::F32Load: {
775	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Float, origin(), pointer, offset);
776	}
777
778	case LoadOpType::F64Load: {
779	return m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Load), Double, origin(), pointer, offset);
780	}
781	}
782	RELEASE_ASSERT_NOT_REACHED();
783	}
784
785	auto B3IRGenerator::load(LoadOpType op, ExpressionType pointer, ExpressionType& result, uint32_t offset) -> PartialResult
786	{
787	ASSERT(pointer->type() == Int32);
788
789	if (UNLIKELY(sumOverflows<uint32_t>(offset, sizeOfLoadOp(op)))) {
790	// FIXME: Even though this is provably out of bounds, it's not a validation error, so we have to handle it
791	// as a runtime exception. However, this may change: https://bugs.webkit.org/show_bug.cgi?id=166435
792	B3::PatchpointValue* throwException = m_currentBlock->appendNew<B3::PatchpointValue>(m_proc, B3::Void, origin());
793	throwException->setGenerator([this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
794	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
795	});
796
797	switch (op) {
798	case LoadOpType::I32Load8S:
799	case LoadOpType::I32Load16S:
800	case LoadOpType::I32Load:
801	case LoadOpType::I32Load16U:
802	case LoadOpType::I32Load8U:
803	result = constant(Int32, `0`);
804	break;
805	case LoadOpType::I64Load8S:
806	case LoadOpType::I64Load8U:
807	case LoadOpType::I64Load16S:
808	case LoadOpType::I64Load32U:
809	case LoadOpType::I64Load32S:
810	case LoadOpType::I64Load:
811	case LoadOpType::I64Load16U:
812	result = constant(Int64, `0`);
813	break;
814	case LoadOpType::F32Load:
815	result = constant(Float, `0`);
816	break;
817	case LoadOpType::F64Load:
818	result = constant(Double, `0`);
819	break;
820	}
821
822	} else
823	result = emitLoadOp(op, emitCheckAndPreparePointer(pointer, offset, sizeOfLoadOp(op)), offset);
824
825	return { };
826	}
827
828	inline uint32_t sizeOfStoreOp(StoreOpType op)
829	{
830	switch (op) {
831	case StoreOpType::I32Store8:
832	case StoreOpType::I64Store8:
833	return `1`;
834	case StoreOpType::I32Store16:
835	case StoreOpType::I64Store16:
836	return `2`;
837	case StoreOpType::I32Store:
838	case StoreOpType::I64Store32:
839	case StoreOpType::F32Store:
840	return `4`;
841	case StoreOpType::I64Store:
842	case StoreOpType::F64Store:
843	return `8`;
844	}
845	RELEASE_ASSERT_NOT_REACHED();
846	}
847
848
849	inline void B3IRGenerator::emitStoreOp(StoreOpType op, ExpressionType pointer, ExpressionType value, uint32_t uoffset)
850	{
851	int32_t offset = fixupPointerPlusOffset(pointer, uoffset);
852
853	switch (op) {
854	case StoreOpType::I64Store8:
855	value = m_currentBlock->appendNew<Value>(m_proc, Trunc, origin(), value);
856	FALLTHROUGH;
857
858	case StoreOpType::I32Store8:
859	m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Store8), origin(), value, pointer, offset);
860	return;
861
862	case StoreOpType::I64Store16:
863	value = m_currentBlock->appendNew<Value>(m_proc, Trunc, origin(), value);
864	FALLTHROUGH;
865
866	case StoreOpType::I32Store16:
867	m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Store16), origin(), value, pointer, offset);
868	return;
869
870	case StoreOpType::I64Store32:
871	value = m_currentBlock->appendNew<Value>(m_proc, Trunc, origin(), value);
872	FALLTHROUGH;
873
874	case StoreOpType::I64Store:
875	case StoreOpType::I32Store:
876	case StoreOpType::F32Store:
877	case StoreOpType::F64Store:
878	m_currentBlock->appendNew<MemoryValue>(m_proc, memoryKind(Store), origin(), value, pointer, offset);
879	return;
880	}
881	RELEASE_ASSERT_NOT_REACHED();
882	}
883
884	auto B3IRGenerator::store(StoreOpType op, ExpressionType pointer, ExpressionType value, uint32_t offset) -> PartialResult
885	{
886	ASSERT(pointer->type() == Int32);
887
888	if (UNLIKELY(sumOverflows<uint32_t>(offset, sizeOfStoreOp(op)))) {
889	// FIXME: Even though this is provably out of bounds, it's not a validation error, so we have to handle it
890	// as a runtime exception. However, this may change: https://bugs.webkit.org/show_bug.cgi?id=166435
891	B3::PatchpointValue* throwException = m_currentBlock->appendNew<B3::PatchpointValue>(m_proc, B3::Void, origin());
892	throwException->setGenerator([this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
893	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
894	});
895	} else
896	emitStoreOp(op, emitCheckAndPreparePointer(pointer, offset, sizeOfStoreOp(op)), value, offset);
897
898	return { };
899	}
900
901	auto B3IRGenerator::addSelect(ExpressionType condition, ExpressionType nonZero, ExpressionType zero, ExpressionType& result) -> PartialResult
902	{
903	result = m_currentBlock->appendNew<Value>(m_proc, B3::Select, origin(), condition, nonZero, zero);
904	return { };
905	}
906
907	B3IRGenerator::ExpressionType B3IRGenerator::addConstant(Type type, uint64_t value)
908	{
909	return constant(toB3Type(type), value);
910	}
911
912	void B3IRGenerator::emitTierUpCheck(uint32_t decrementCount, Origin origin)
913	{
914	if (!m_tierUp)
915	return;
916
917	ASSERT(m_tierUp);
918	Value* countDownLocation = constant(pointerType(), reinterpret_cast<uint64_t>(m_tierUp), origin);
919	Value* oldCountDown = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin, countDownLocation);
920	Value* newCountDown = m_currentBlock->appendNew<Value>(m_proc, Sub, origin, oldCountDown, constant(Int32, decrementCount, origin));
921	m_currentBlock->appendNew<MemoryValue>(m_proc, Store, origin, newCountDown, countDownLocation);
922
923	PatchpointValue* patch = m_currentBlock->appendNew<PatchpointValue>(m_proc, B3::Void, origin);
924	Effects effects = Effects::none();
925	// FIXME: we should have a more precise heap range for the tier up count.
926	effects.reads = B3::HeapRange::top();
927	effects.writes = B3::HeapRange::top();
928	patch->effects = effects;
929
930	patch->append(newCountDown, ValueRep::SomeRegister);
931	patch->append(oldCountDown, ValueRep::SomeRegister);
932	patch->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
933	MacroAssembler::Jump tierUp = jit.branch32(MacroAssembler::Above, params [`0`].gpr(), params [`1`].gpr());
934	MacroAssembler::Label tierUpResume = jit.label();
935
936	params.addLatePath([=] (CCallHelpers& jit) {
937	tierUp.link(&jit);
938
939	const unsigned extraPaddingBytes = `0`;
940	RegisterSet registersToSpill = { };
941	registersToSpill.add(GPRInfo::argumentGPR1);
942	unsigned numberOfStackBytesUsedForRegisterPreservation = ScratchRegisterAllocator::preserveRegistersToStackForCall(jit, registersToSpill, extraPaddingBytes);
943
944	jit.move(MacroAssembler::TrustedImm32 (m_functionIndex), GPRInfo::argumentGPR1);
945	MacroAssembler::Call call = jit.nearCall();
946
947	ScratchRegisterAllocator::restoreRegistersFromStackForCall(jit, registersToSpill, RegisterSet (), numberOfStackBytesUsedForRegisterPreservation, extraPaddingBytes);
948	jit.jump(tierUpResume);
949
950	jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
951	MacroAssembler::repatchNearCall(linkBuffer.locationOfNearCall<NoPtrTag>(call), CodeLocationLabel<JITThunkPtrTag>(Thunks::singleton().stub(triggerOMGTierUpThunkGenerator).code()));
952
953	});
954	});
955	});
956	}
957
958	B3IRGenerator::ControlData B3IRGenerator::addLoop(Type signature)
959	{
960	BasicBlock* body = m_proc.addBlock();
961	BasicBlock* continuation = m_proc.addBlock();
962
963	m_currentBlock->appendNewControlValue(m_proc, Jump, origin(), body);
964
965	m_currentBlock = body;
966	emitTierUpCheck(TierUpCount::loopDecrement(), origin());
967
968	return ControlData (m_proc, origin(), signature, BlockType::Loop, continuation, body);
969	}
970
971	B3IRGenerator::ControlData B3IRGenerator::addTopLevel(Type signature)
972	{
973	return ControlData (m_proc, Origin (), signature, BlockType::TopLevel, m_proc.addBlock());
974	}
975
976	B3IRGenerator::ControlData B3IRGenerator::addBlock(Type signature)
977	{
978	return ControlData (m_proc, origin(), signature, BlockType::Block, m_proc.addBlock());
979	}
980
981	auto B3IRGenerator::addIf(ExpressionType condition, Type signature, ControlType& result) -> PartialResult
982	{
983	// FIXME: This needs to do some kind of stack passing.
984
985	BasicBlock* taken = m_proc.addBlock();
986	BasicBlock* notTaken = m_proc.addBlock();
987	BasicBlock* continuation = m_proc.addBlock();
988
989	m_currentBlock->appendNew<Value>(m_proc, B3::Branch, origin(), condition);
990	m_currentBlock->setSuccessors(FrequentedBlock (taken), FrequentedBlock (notTaken));
991	taken->addPredecessor(m_currentBlock);
992	notTaken->addPredecessor(m_currentBlock);
993
994	m_currentBlock = taken;
995	result = ControlData (m_proc, origin(), signature, BlockType::If, continuation, notTaken);
996	return { };
997	}
998
999	auto B3IRGenerator::addElse(ControlData& data, const ExpressionList& currentStack) -> PartialResult
1000	{
1001	unifyValuesWithBlock(currentStack, data.result);
1002	m_currentBlock->appendNewControlValue(m_proc, Jump, origin(), data.continuation);
1003	return addElseToUnreachable(data);
1004	}
1005
1006	auto B3IRGenerator::addElseToUnreachable(ControlData& data) -> PartialResult
1007	{
1008	ASSERT(data.type() == BlockType::If);
1009	m_currentBlock = data.special;
1010	data.convertIfToBlock();
1011	return { };
1012	}
1013
1014	auto B3IRGenerator::addReturn(const ControlData&, const ExpressionList& returnValues) -> PartialResult
1015	{
1016	ASSERT(returnValues.size() <= `1`);
1017	if (returnValues.size())
1018	m_currentBlock->appendNewControlValue(m_proc, B3::Return, origin(), returnValues [`0`]);
1019	else
1020	m_currentBlock->appendNewControlValue(m_proc, B3::Return, origin());
1021	return { };
1022	}
1023
1024	auto B3IRGenerator::addBranch(ControlData& data, ExpressionType condition, const ExpressionList& returnValues) -> PartialResult
1025	{
1026	unifyValuesWithBlock(returnValues, data.resultForBranch());
1027
1028	BasicBlock* target = data.targetBlockForBranch();
1029	if (condition) {
1030	BasicBlock* continuation = m_proc.addBlock();
1031	m_currentBlock->appendNew<Value>(m_proc, B3::Branch, origin(), condition);
1032	m_currentBlock->setSuccessors(FrequentedBlock (target), FrequentedBlock (continuation));
1033	target->addPredecessor(m_currentBlock);
1034	continuation->addPredecessor(m_currentBlock);
1035	m_currentBlock = continuation;
1036	} else {
1037	m_currentBlock->appendNewControlValue(m_proc, Jump, origin(), FrequentedBlock (target));
1038	target->addPredecessor(m_currentBlock);
1039	}
1040
1041	return { };
1042	}
1043
1044	auto B3IRGenerator::addSwitch(ExpressionType condition, const Vector<ControlData>& targets, ControlData& defaultTarget, const* ExpressionList& expressionStack) -> PartialResult
1045	{
1046	for (size_t i = `0`; i < targets.size(); ++i)
1047	unifyValuesWithBlock(expressionStack, targets [i]->resultForBranch());
1048	unifyValuesWithBlock(expressionStack, defaultTarget.resultForBranch());
1049
1050	SwitchValue* switchValue = m_currentBlock->appendNew<SwitchValue>(m_proc, origin(), condition);
1051	switchValue->setFallThrough(FrequentedBlock (defaultTarget.targetBlockForBranch()));
1052	for (size_t i = `0`; i < targets.size(); ++i)
1053	switchValue->appendCase(SwitchCase (i, FrequentedBlock (targets [i]->targetBlockForBranch())));
1054
1055	return { };
1056	}
1057
1058	auto B3IRGenerator::endBlock(ControlEntry& entry, ExpressionList& expressionStack) -> PartialResult
1059	{
1060	ControlData& data = entry.controlData;
1061
1062	unifyValuesWithBlock(expressionStack, data.result);
1063	m_currentBlock->appendNewControlValue(m_proc, Jump, origin(), data.continuation);
1064	data.continuation->addPredecessor(m_currentBlock);
1065
1066	return addEndToUnreachable(entry);
1067	}
1068
1069
1070	auto B3IRGenerator::addEndToUnreachable(ControlEntry& entry) -> PartialResult
1071	{
1072	ControlData& data = entry.controlData;
1073	m_currentBlock = data.continuation;
1074
1075	if (data.type() == BlockType::If) {
1076	data.special->appendNewControlValue(m_proc, Jump, origin(), m_currentBlock);
1077	m_currentBlock->addPredecessor(data.special);
1078	}
1079
1080	for (Value* result : data.result) {
1081	m_currentBlock->append(result);
1082	entry.enclosedExpressionStack.append(result);
1083	}
1084
1085	// TopLevel does not have any code after this so we need to make sure we emit a return here.
1086	if (data.type() == BlockType::TopLevel)
1087	return addReturn(entry.controlData, entry.enclosedExpressionStack);
1088
1089	return { };
1090	}
1091
1092	auto B3IRGenerator::addCall(uint32_t functionIndex, const Signature& signature, Vector<ExpressionType>& args, ExpressionType& result) -> PartialResult
1093	{
1094	ASSERT(signature.argumentCount() == args.size());
1095
1096	m_makesCalls = true;
1097
1098	Type returnType = signature.returnType();
1099	Vector<UnlinkedWasmToWasmCall>* unlinkedWasmToWasmCalls = &m_unlinkedWasmToWasmCalls;
1100
1101	if (m_info.isImportedFunctionFromFunctionIndexSpace(functionIndex)) {
1102	m_maxNumJSCallArguments = std::max(m_maxNumJSCallArguments, static_cast<uint32_t>(args.size()));
1103
1104	// FIXME imports can be linked here, instead of generating a patchpoint, because all import stubs are generated before B3 compilation starts. https://bugs.webkit.org/show_bug.cgi?id=166462
1105	Value* targetInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfTargetInstance(functionIndex)));
1106	// The target instance is 0 unless the call is wasm->wasm.
1107	Value* isWasmCall = m_currentBlock->appendNew<Value>(m_proc, NotEqual, origin(), targetInstance, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), `0`));
1108
1109	BasicBlock* isWasmBlock = m_proc.addBlock();
1110	BasicBlock* isEmbedderBlock = m_proc.addBlock();
1111	BasicBlock* continuation = m_proc.addBlock();
1112	m_currentBlock->appendNewControlValue(m_proc, B3::Branch, origin(), isWasmCall, FrequentedBlock (isWasmBlock), FrequentedBlock (isEmbedderBlock));
1113
1114	Value* wasmCallResult = wasmCallingConvention().setupCall(m_proc, isWasmBlock, origin(), args, toB3Type(returnType),
1115	[=] (PatchpointValue* patchpoint) {
1116	patchpoint->effects.writesPinned = true;
1117	patchpoint->effects.readsPinned = true;
1118	// We need to clobber all potential pinned registers since we might be leaving the instance.
1119	// We pessimistically assume we could be calling to something that is bounds checking.
1120	// FIXME: We shouldn't have to do this: https://bugs.webkit.org/show_bug.cgi?id=172181
1121	patchpoint->clobberLate(PinnedRegisterInfo::get().toSave(MemoryMode::BoundsChecking));
1122	patchpoint->setGenerator([unlinkedWasmToWasmCalls, functionIndex] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1123	AllowMacroScratchRegisterUsage allowScratch(jit);
1124	CCallHelpers::Call call = jit.threadSafePatchableNearCall();
1125	jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndex] (LinkBuffer& linkBuffer) {
1126	unlinkedWasmToWasmCalls->append({ linkBuffer.locationOfNearCall<WasmEntryPtrTag>(call), functionIndex });
1127	});
1128	});
1129	});
1130	UpsilonValue* wasmCallResultUpsilon = returnType == Void ? nullptr : isWasmBlock->appendNew<UpsilonValue>(m_proc, origin(), wasmCallResult);
1131	isWasmBlock->appendNewControlValue(m_proc, Jump, origin(), continuation);
1132
1133	// FIXME: Let's remove this indirection by creating a PIC friendly IC
1134	// for calls out to the embedder. This shouldn't be that hard to do. We could probably
1135	// implement the IC to be over Context.*
1136	// https://bugs.webkit.org/show_bug.cgi?id=170375
1137	Value* jumpDestination = isEmbedderBlock->appendNew<MemoryValue>(m_proc,
1138	Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfWasmToEmbedderStub(functionIndex)));
1139
1140	Value* embedderCallResult = wasmCallingConvention().setupCall(m_proc, isEmbedderBlock, origin(), args, toB3Type(returnType),
1141	[=] (PatchpointValue* patchpoint) {
1142	patchpoint->effects.writesPinned = true;
1143	patchpoint->effects.readsPinned = true;
1144	patchpoint->append(jumpDestination, ValueRep::SomeRegister);
1145	// We need to clobber all potential pinned registers since we might be leaving the instance.
1146	// We pessimistically assume we could be calling to something that is bounds checking.
1147	// FIXME: We shouldn't have to do this: https://bugs.webkit.org/show_bug.cgi?id=172181
1148	patchpoint->clobberLate(PinnedRegisterInfo::get().toSave(MemoryMode::BoundsChecking));
1149	patchpoint->setGenerator([returnType] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
1150	AllowMacroScratchRegisterUsage allowScratch(jit);
1151	jit.call(params [returnType == Void ? `0` : `1`].gpr(), WasmEntryPtrTag);
1152	});
1153	});
1154	UpsilonValue* embedderCallResultUpsilon = returnType == Void ? nullptr : isEmbedderBlock->appendNew<UpsilonValue>(m_proc, origin(), embedderCallResult);
1155	isEmbedderBlock->appendNewControlValue(m_proc, Jump, origin(), continuation);
1156
1157	m_currentBlock = continuation;
1158
1159	if (returnType == Void)
1160	result = nullptr;
1161	else {
1162	result = continuation->appendNew<Value>(m_proc, Phi, toB3Type(returnType), origin());
1163	wasmCallResultUpsilon->setPhi(result);
1164	embedderCallResultUpsilon->setPhi(result);
1165	}
1166
1167	// The call could have been to another WebAssembly instance, and / or could have modified our Memory.
1168	restoreWebAssemblyGlobalState(RestoreCachedStackLimit::Yes, m_info.memory, instanceValue(), m_proc, continuation);
1169	} else {
1170	result = wasmCallingConvention().setupCall(m_proc, m_currentBlock, origin(), args, toB3Type(returnType),
1171	[=] (PatchpointValue* patchpoint) {
1172	patchpoint->effects.writesPinned = true;
1173	patchpoint->effects.readsPinned = true;
1174
1175	patchpoint->setGenerator([unlinkedWasmToWasmCalls, functionIndex] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1176	AllowMacroScratchRegisterUsage allowScratch(jit);
1177	CCallHelpers::Call call = jit.threadSafePatchableNearCall();
1178	jit.addLinkTask([unlinkedWasmToWasmCalls, call, functionIndex] (LinkBuffer& linkBuffer) {
1179	unlinkedWasmToWasmCalls->append({ linkBuffer.locationOfNearCall<WasmEntryPtrTag>(call), functionIndex });
1180	});
1181	});
1182	});
1183	}
1184
1185	return { };
1186	}
1187
1188	auto B3IRGenerator::addCallIndirect(const Signature& signature, Vector<ExpressionType>& args, ExpressionType& result) -> PartialResult
1189	{
1190	ExpressionType calleeIndex = args.takeLast();
1191	ASSERT(signature.argumentCount() == args.size());
1192
1193	m_makesCalls = true;
1194	// Note: call indirect can call either WebAssemblyFunction or WebAssemblyWrapperFunction. Because
1195	// WebAssemblyWrapperFunction is like calling into the embedder, we conservatively assume all call indirects
1196	// can be to the embedder for our stack check calculation.
1197	m_maxNumJSCallArguments = std::max(m_maxNumJSCallArguments, static_cast<uint32_t>(args.size()));
1198
1199	ExpressionType callableFunctionBuffer;
1200	ExpressionType instancesBuffer;
1201	ExpressionType callableFunctionBufferLength;
1202	ExpressionType mask;
1203	{
1204	ExpressionType table = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
1205	instanceValue(), safeCast<int32_t>(Instance::offsetOfTable()));
1206	callableFunctionBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
1207	table, safeCast<int32_t>(Table::offsetOfFunctions()));
1208	instancesBuffer = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
1209	table, safeCast<int32_t>(Table::offsetOfInstances()));
1210	callableFunctionBufferLength = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
1211	table, safeCast<int32_t>(Table::offsetOfLength()));
1212	mask = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(),
1213	m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
1214	table, safeCast<int32_t>(Table::offsetOfMask())));
1215	}
1216
1217	// Check the index we are looking for is valid.
1218	{
1219	CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
1220	m_currentBlock->appendNew<Value>(m_proc, AboveEqual, origin(), calleeIndex, callableFunctionBufferLength));
1221
1222	check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1223	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsCallIndirect);
1224	});
1225	}
1226
1227	calleeIndex = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), calleeIndex);
1228
1229	if (Options::enableSpectreMitigations())
1230	calleeIndex = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(), mask, calleeIndex);
1231
1232	ExpressionType callableFunction;
1233	{
1234	// Compute the offset in the table index space we are looking for.
1235	ExpressionType offset = m_currentBlock->appendNew<Value>(m_proc, Mul, origin(),
1236	calleeIndex, constant(pointerType(), sizeof(WasmToWasmImportableFunction)));
1237	callableFunction = m_currentBlock->appendNew<Value>(m_proc, Add, origin(), callableFunctionBuffer, offset);
1238
1239	// Check that the WasmToWasmImportableFunction is initialized. We trap if it isn't. An "invalid" SignatureIndex indicates it's not initialized.
1240	// FIXME: when we have trap handlers, we can just let the call fail because Signature::invalidIndex is 0. https://bugs.webkit.org/show_bug.cgi?id=177210
1241	static_assert(sizeof(WasmToWasmImportableFunction::signatureIndex) == sizeof(uint64_t), "Load codegen assumes i64");
1242	ExpressionType calleeSignatureIndex = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int64, origin(), callableFunction, safeCast<int32_t>(WasmToWasmImportableFunction::offsetOfSignatureIndex()));
1243	{
1244	CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
1245	m_currentBlock->appendNew<Value>(m_proc, Equal, origin(),
1246	calleeSignatureIndex,
1247	m_currentBlock->appendNew<Const64Value>(m_proc, origin(), Signature::invalidIndex)));
1248
1249	check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1250	this->emitExceptionCheck(jit, ExceptionType::NullTableEntry);
1251	});
1252	}
1253
1254	// Check the signature matches the value we expect.
1255	{
1256	ExpressionType expectedSignatureIndex = m_currentBlock->appendNew<Const64Value>(m_proc, origin(), SignatureInformation::get(signature));
1257	CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
1258	m_currentBlock->appendNew<Value>(m_proc, NotEqual, origin(), calleeSignatureIndex, expectedSignatureIndex));
1259
1260	check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1261	this->emitExceptionCheck(jit, ExceptionType::BadSignature);
1262	});
1263	}
1264	}
1265
1266	// Do a context switch if needed.
1267	{
1268	Value* offset = m_currentBlock->appendNew<Value>(m_proc, Mul, origin(),
1269	calleeIndex, constant(pointerType(), sizeof(Instance*)));
1270	Value* newContextInstance = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
1271	m_currentBlock->appendNew<Value>(m_proc, Add, origin(), instancesBuffer, offset));
1272
1273	BasicBlock* continuation = m_proc.addBlock();
1274	BasicBlock* doContextSwitch = m_proc.addBlock();
1275
1276	Value* isSameContextInstance = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(),
1277	newContextInstance, instanceValue());
1278	m_currentBlock->appendNewControlValue(m_proc, B3::Branch, origin(),
1279	isSameContextInstance, FrequentedBlock (continuation), FrequentedBlock (doContextSwitch));
1280
1281	PatchpointValue* patchpoint = doContextSwitch->appendNew<PatchpointValue>(m_proc, B3::Void, origin());
1282	patchpoint->effects.writesPinned = true;
1283	// We pessimistically assume we're calling something with BoundsChecking memory.
1284	// FIXME: We shouldn't have to do this: https://bugs.webkit.org/show_bug.cgi?id=172181
1285	patchpoint->clobber(PinnedRegisterInfo::get().toSave(MemoryMode::BoundsChecking));
1286	patchpoint->clobber(RegisterSet::macroScratchRegisters());
1287	patchpoint->append(newContextInstance, ValueRep::SomeRegister);
1288	patchpoint->append(instanceValue(), ValueRep::SomeRegister);
1289	patchpoint->numGPScratchRegisters = Gigacage::isEnabled(Gigacage::Primitive) ? `1` : `0`;
1290
1291	patchpoint->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
1292	AllowMacroScratchRegisterUsage allowScratch(jit);
1293	GPRReg newContextInstance = params [`0`].gpr();
1294	GPRReg oldContextInstance = params [`1`].gpr();
1295	const PinnedRegisterInfo& pinnedRegs = PinnedRegisterInfo::get();
1296	GPRReg baseMemory = pinnedRegs.baseMemoryPointer;
1297	ASSERT(newContextInstance != baseMemory);
1298	jit.loadPtr(CCallHelpers::Address (oldContextInstance, Instance::offsetOfCachedStackLimit()), baseMemory);
1299	jit.storePtr(baseMemory, CCallHelpers::Address (newContextInstance, Instance::offsetOfCachedStackLimit()));
1300	jit.storeWasmContextInstance(newContextInstance);
1301	ASSERT(pinnedRegs.sizeRegister != baseMemory);
1302	// FIXME: We should support more than one memory size register
1303	// see: https://bugs.webkit.org/show_bug.cgi?id=162952
1304	ASSERT(pinnedRegs.sizeRegister != newContextInstance);
1305	GPRReg scratchOrSize = Gigacage::isEnabled(Gigacage::Primitive) ? params.gpScratch(`0`) : pinnedRegs.sizeRegister;
1306
1307	jit.loadPtr(CCallHelpers::Address (newContextInstance, Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
1308	jit.loadPtr(CCallHelpers::Address (newContextInstance, Instance::offsetOfCachedMemory()), baseMemory); // Memory::void.*
1309
1310	jit.cageConditionally(Gigacage::Primitive, baseMemory, scratchOrSize);
1311	});
1312	doContextSwitch->appendNewControlValue(m_proc, Jump, origin(), continuation);
1313
1314	m_currentBlock = continuation;
1315	}
1316
1317	ExpressionType calleeCode = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
1318	m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), callableFunction,
1319	safeCast<int32_t>(WasmToWasmImportableFunction::offsetOfEntrypointLoadLocation())));
1320
1321	Type returnType = signature.returnType();
1322	result = wasmCallingConvention().setupCall(m_proc, m_currentBlock, origin(), args, toB3Type(returnType),
1323	[=] (PatchpointValue* patchpoint) {
1324	patchpoint->effects.writesPinned = true;
1325	patchpoint->effects.readsPinned = true;
1326	// We need to clobber all potential pinned registers since we might be leaving the instance.
1327	// We pessimistically assume we're always calling something that is bounds checking so
1328	// because the wasm->wasm thunk unconditionally overrides the size registers.
1329	// FIXME: We should not have to do this, but the wasm->wasm stub assumes it can
1330	// use all the pinned registers as scratch: https://bugs.webkit.org/show_bug.cgi?id=172181
1331	patchpoint->clobberLate(PinnedRegisterInfo::get().toSave(MemoryMode::BoundsChecking));
1332
1333	patchpoint->append(calleeCode, ValueRep::SomeRegister);
1334	patchpoint->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams& params) {
1335	AllowMacroScratchRegisterUsage allowScratch(jit);
1336	jit.call(params [returnType == Void ? `0` : `1`].gpr(), WasmEntryPtrTag);
1337	});
1338	});
1339
1340	// The call could have been to another WebAssembly instance, and / or could have modified our Memory.
1341	restoreWebAssemblyGlobalState(RestoreCachedStackLimit::Yes, m_info.memory, instanceValue(), m_proc, m_currentBlock);
1342
1343	return { };
1344	}
1345
1346	void B3IRGenerator::unify(const ExpressionType phi, const ExpressionType source)
1347	{
1348	m_currentBlock->appendNew<UpsilonValue>(m_proc, origin(), source, phi);
1349	}
1350
1351	void B3IRGenerator::unifyValuesWithBlock(const ExpressionList& resultStack, const ResultList& result)
1352	{
1353	ASSERT(result.size() <= resultStack.size());
1354
1355	for (size_t i = `0`; i < result.size(); ++i)
1356	unify(result [result.size() - `1` - i], resultStack [resultStack.size() - `1` - i]);
1357	}
1358
1359	static void dumpExpressionStack(const CommaPrinter& comma, const B3IRGenerator::ExpressionList& expressionStack)
1360	{
1361	dataLog(comma, "ExpressionStack:");
1362	for (const auto& expression : expressionStack)
1363	dataLog(comma, *expression);
1364	}
1365
1366	void B3IRGenerator::dump(const Vector<ControlEntry>& controlStack, const ExpressionList* expressionStack)
1367	{
1368	dataLogLn("Constants:");
1369	for (const auto& constant : m_constantPool)
1370	dataLogLn(deepDump(m_proc, constant.value));
1371
1372	dataLogLn("Processing Graph:");
1373	dataLog(m_proc);
1374	dataLogLn("With current block:", *m_currentBlock);
1375	dataLogLn("Control stack:");
1376	ASSERT(controlStack.size());
1377	for (size_t i = controlStack.size(); i--;) {
1378	dataLog(" ", controlStack [i].controlData, ": ");
1379	CommaPrinter comma(", ", "");
1380	dumpExpressionStack(comma, *expressionStack);
1381	expressionStack = &controlStack [i].enclosedExpressionStack;
1382	dataLogLn();
1383	}
1384	dataLogLn();
1385	}
1386
1387	auto B3IRGenerator::origin() -> Origin
1388	{
1389	OpcodeOrigin origin(m_parser->currentOpcode(), m_parser->currentOpcodeStartingOffset());
1390	ASSERT(isValidOpType(static_cast<uint8_t>(origin.opcode())));
1391	return bitwise_cast<Origin>(origin);
1392	}
1393
1394	Expected<std::unique_ptr<InternalFunction>, String> parseAndCompile(CompilationContext& compilationContext, const uint8_t* functionStart, size_t functionLength, const Signature& signature, Vector<UnlinkedWasmToWasmCall>& unlinkedWasmToWasmCalls, const ModuleInformation& info, MemoryMode mode, CompilationMode compilationMode, uint32_t functionIndex, TierUpCount* tierUp, ThrowWasmException throwWasmException)
1395	{
1396	auto result = std::make_unique<InternalFunction>();
1397
1398	compilationContext.embedderEntrypointJIT = std::make_unique<CCallHelpers>();
1399	compilationContext.wasmEntrypointJIT = std::make_unique<CCallHelpers>();
1400
1401	Procedure procedure;
1402
1403	procedure.setOriginPrinter([] (PrintStream& out, Origin origin) {
1404	if (origin.data())
1405	out.print("Wasm: ", bitwise_cast<OpcodeOrigin>(origin));
1406	});
1407
1408	// This means we cannot use either StackmapGenerationParams::usedRegisters() or
1409	// StackmapGenerationParams::unavailableRegisters(). In exchange for this concession, we
1410	// don't strictly need to run Air::reportUsedRegisters(), which saves a bit of CPU time at
1411	// optLevel=1.
1412	procedure.setNeedsUsedRegisters(false);
1413
1414	procedure.setOptLevel(compilationMode == CompilationMode::BBQMode
1415	? Options::webAssemblyBBQOptimizationLevel()
1416	: Options::webAssemblyOMGOptimizationLevel());
1417
1418	B3IRGenerator irGenerator(info, procedure, result.get(), unlinkedWasmToWasmCalls, mode, compilationMode, functionIndex, tierUp, throwWasmException);
1419	FunctionParser<B3IRGenerator> parser(irGenerator, functionStart, functionLength, signature, info);
1420	WASM_FAIL_IF_HELPER_FAILS(parser.parse());
1421
1422	irGenerator.insertConstants();
1423
1424	procedure.resetReachability();
1425	if (!ASSERT_DISABLED)
1426	validate(procedure, "After parsing:\n");
1427
1428	dataLogIf(WasmB3IRGeneratorInternal::verbose, "Pre SSA: ", procedure);
1429	fixSSA(procedure);
1430	dataLogIf(WasmB3IRGeneratorInternal::verbose, "Post SSA: ", procedure);
1431
1432	{
1433	B3::prepareForGeneration(procedure);
1434	B3::generate(procedure, *compilationContext.wasmEntrypointJIT);
1435	compilationContext.wasmEntrypointByproducts = procedure.releaseByproducts();
1436	result ->entrypoint.calleeSaveRegisters = procedure.calleeSaveRegisterAtOffsetList();
1437	}
1438
1439	return result;
1440	}
1441
1442	// Custom wasm ops. These are the ones too messy to do in wasm.json.
1443
1444	void B3IRGenerator::emitChecksForModOrDiv(B3::Opcode operation, ExpressionType left, ExpressionType right)
1445	{
1446	ASSERT(operation == Div \|\| operation == Mod \|\| operation == UDiv \|\| operation == UMod);
1447	const B3::Type type = left->type();
1448
1449	{
1450	CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
1451	m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), right, constant(type, `0`)));
1452
1453	check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1454	this->emitExceptionCheck(jit, ExceptionType::DivisionByZero);
1455	});
1456	}
1457
1458	if (operation == Div) {
1459	int64_t min = type == Int32 ? std::numeric_limits<int32_t>::min() : std::numeric_limits<int64_t>::min();
1460
1461	CheckValue* check = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(),
1462	m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1463	m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), left, constant(type, min)),
1464	m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), right, constant(type, -`1`))));
1465
1466	check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
1467	this->emitExceptionCheck(jit, ExceptionType::IntegerOverflow);
1468	});
1469	}
1470	}
1471
1472	template<>
1473	auto B3IRGenerator::addOp<OpType::I32DivS>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1474	{
1475	const B3::Opcode op = Div;
1476	emitChecksForModOrDiv(op, left, right);
1477	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1478	return { };
1479	}
1480
1481	template<>
1482	auto B3IRGenerator::addOp<OpType::I32RemS>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1483	{
1484	const B3::Opcode op = Mod;
1485	emitChecksForModOrDiv(op, left, right);
1486	result = m_currentBlock->appendNew<Value>(m_proc, chill(op), origin(), left, right);
1487	return { };
1488	}
1489
1490	template<>
1491	auto B3IRGenerator::addOp<OpType::I32DivU>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1492	{
1493	const B3::Opcode op = UDiv;
1494	emitChecksForModOrDiv(op, left, right);
1495	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1496	return { };
1497	}
1498
1499	template<>
1500	auto B3IRGenerator::addOp<OpType::I32RemU>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1501	{
1502	const B3::Opcode op = UMod;
1503	emitChecksForModOrDiv(op, left, right);
1504	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1505	return { };
1506	}
1507
1508	template<>
1509	auto B3IRGenerator::addOp<OpType::I64DivS>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1510	{
1511	const B3::Opcode op = Div;
1512	emitChecksForModOrDiv(op, left, right);
1513	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1514	return { };
1515	}
1516
1517	template<>
1518	auto B3IRGenerator::addOp<OpType::I64RemS>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1519	{
1520	const B3::Opcode op = Mod;
1521	emitChecksForModOrDiv(op, left, right);
1522	result = m_currentBlock->appendNew<Value>(m_proc, chill(op), origin(), left, right);
1523	return { };
1524	}
1525
1526	template<>
1527	auto B3IRGenerator::addOp<OpType::I64DivU>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1528	{
1529	const B3::Opcode op = UDiv;
1530	emitChecksForModOrDiv(op, left, right);
1531	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1532	return { };
1533	}
1534
1535	template<>
1536	auto B3IRGenerator::addOp<OpType::I64RemU>(ExpressionType left, ExpressionType right, ExpressionType& result) -> PartialResult
1537	{
1538	const B3::Opcode op = UMod;
1539	emitChecksForModOrDiv(op, left, right);
1540	result = m_currentBlock->appendNew<Value>(m_proc, op, origin(), left, right);
1541	return { };
1542	}
1543
1544	template<>
1545	auto B3IRGenerator::addOp<OpType::I32Ctz>(ExpressionType arg, ExpressionType& result) -> PartialResult
1546	{
1547	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1548	patchpoint->append(arg, ValueRep::SomeRegister);
1549	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1550	jit.countTrailingZeros32(params [`1`].gpr(), params [`0`].gpr());
1551	});
1552	patchpoint->effects = Effects::none();
1553	result = patchpoint;
1554	return { };
1555	}
1556
1557	template<>
1558	auto B3IRGenerator::addOp<OpType::I64Ctz>(ExpressionType arg, ExpressionType& result) -> PartialResult
1559	{
1560	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1561	patchpoint->append(arg, ValueRep::SomeRegister);
1562	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1563	jit.countTrailingZeros64(params [`1`].gpr(), params [`0`].gpr());
1564	});
1565	patchpoint->effects = Effects::none();
1566	result = patchpoint;
1567	return { };
1568	}
1569
1570	template<>
1571	auto B3IRGenerator::addOp<OpType::I32Popcnt>(ExpressionType arg, ExpressionType& result) -> PartialResult
1572	{
1573	#if CPU(X86_64)
1574	if (MacroAssembler::supportsCountPopulation()) {
1575	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1576	patchpoint->append(arg, ValueRep::SomeRegister);
1577	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1578	jit.countPopulation32(params [`1`].gpr(), params [`0`].gpr());
1579	});
1580	patchpoint->effects = Effects::none();
1581	result = patchpoint;
1582	return { };
1583	}
1584	#endif
1585
1586	uint32_t (popcount)(int32_t) = [] (int32_t value) -> uint32_t { return* __builtin_popcount(value); };
1587	Value* funcAddress = m_currentBlock->appendNew<ConstPtrValue>(m_proc, origin(), tagCFunctionPtr<void*>(popcount, B3CCallPtrTag));
1588	result = m_currentBlock->appendNew<CCallValue>(m_proc, Int32, origin(), Effects::none(), funcAddress, arg);
1589	return { };
1590	}
1591
1592	template<>
1593	auto B3IRGenerator::addOp<OpType::I64Popcnt>(ExpressionType arg, ExpressionType& result) -> PartialResult
1594	{
1595	#if CPU(X86_64)
1596	if (MacroAssembler::supportsCountPopulation()) {
1597	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1598	patchpoint->append(arg, ValueRep::SomeRegister);
1599	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1600	jit.countPopulation64(params [`1`].gpr(), params [`0`].gpr());
1601	});
1602	patchpoint->effects = Effects::none();
1603	result = patchpoint;
1604	return { };
1605	}
1606	#endif
1607
1608	uint64_t (popcount)(int64_t) = [] (int64_t value) -> uint64_t { return* __builtin_popcountll(value); };
1609	Value* funcAddress = m_currentBlock->appendNew<ConstPtrValue>(m_proc, origin(), tagCFunctionPtr<void*>(popcount, B3CCallPtrTag));
1610	result = m_currentBlock->appendNew<CCallValue>(m_proc, Int64, origin(), Effects::none(), funcAddress, arg);
1611	return { };
1612	}
1613
1614	template<>
1615	auto B3IRGenerator::addOp<F64ConvertUI64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1616	{
1617	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Double, origin());
1618	if (isX86())
1619	patchpoint->numGPScratchRegisters = `1`;
1620	patchpoint->clobber(RegisterSet::macroScratchRegisters());
1621	patchpoint->append(ConstrainedValue (arg, ValueRep::SomeRegister));
1622	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1623	AllowMacroScratchRegisterUsage allowScratch(jit);
1624	#if CPU(X86_64)
1625	jit.convertUInt64ToDouble(params [`1`].gpr(), params [`0`].fpr(), params.gpScratch(`0`));
1626	#else
1627	jit.convertUInt64ToDouble(params[`1`].gpr(), params[`0`].fpr());
1628	#endif
1629	});
1630	patchpoint->effects = Effects::none();
1631	result = patchpoint;
1632	return { };
1633	}
1634
1635	template<>
1636	auto B3IRGenerator::addOp<OpType::F32ConvertUI64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1637	{
1638	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Float, origin());
1639	if (isX86())
1640	patchpoint->numGPScratchRegisters = `1`;
1641	patchpoint->clobber(RegisterSet::macroScratchRegisters());
1642	patchpoint->append(ConstrainedValue (arg, ValueRep::SomeRegister));
1643	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1644	AllowMacroScratchRegisterUsage allowScratch(jit);
1645	#if CPU(X86_64)
1646	jit.convertUInt64ToFloat(params [`1`].gpr(), params [`0`].fpr(), params.gpScratch(`0`));
1647	#else
1648	jit.convertUInt64ToFloat(params[`1`].gpr(), params[`0`].fpr());
1649	#endif
1650	});
1651	patchpoint->effects = Effects::none();
1652	result = patchpoint;
1653	return { };
1654	}
1655
1656	template<>
1657	auto B3IRGenerator::addOp<OpType::F64Nearest>(ExpressionType arg, ExpressionType& result) -> PartialResult
1658	{
1659	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Double, origin());
1660	patchpoint->append(arg, ValueRep::SomeRegister);
1661	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1662	jit.roundTowardNearestIntDouble(params [`1`].fpr(), params [`0`].fpr());
1663	});
1664	patchpoint->effects = Effects::none();
1665	result = patchpoint;
1666	return { };
1667	}
1668
1669	template<>
1670	auto B3IRGenerator::addOp<OpType::F32Nearest>(ExpressionType arg, ExpressionType& result) -> PartialResult
1671	{
1672	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Float, origin());
1673	patchpoint->append(arg, ValueRep::SomeRegister);
1674	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1675	jit.roundTowardNearestIntFloat(params [`1`].fpr(), params [`0`].fpr());
1676	});
1677	patchpoint->effects = Effects::none();
1678	result = patchpoint;
1679	return { };
1680	}
1681
1682	template<>
1683	auto B3IRGenerator::addOp<OpType::F64Trunc>(ExpressionType arg, ExpressionType& result) -> PartialResult
1684	{
1685	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Double, origin());
1686	patchpoint->append(arg, ValueRep::SomeRegister);
1687	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1688	jit.roundTowardZeroDouble(params [`1`].fpr(), params [`0`].fpr());
1689	});
1690	patchpoint->effects = Effects::none();
1691	result = patchpoint;
1692	return { };
1693	}
1694
1695	template<>
1696	auto B3IRGenerator::addOp<OpType::F32Trunc>(ExpressionType arg, ExpressionType& result) -> PartialResult
1697	{
1698	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Float, origin());
1699	patchpoint->append(arg, ValueRep::SomeRegister);
1700	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1701	jit.roundTowardZeroFloat(params [`1`].fpr(), params [`0`].fpr());
1702	});
1703	patchpoint->effects = Effects::none();
1704	result = patchpoint;
1705	return { };
1706	}
1707
1708	template<>
1709	auto B3IRGenerator::addOp<OpType::I32TruncSF64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1710	{
1711	Value* max = constant(Double, bitwise_cast<uint64_t>(-static_cast<double>(std::numeric_limits<int32_t>::min())));
1712	Value* min = constant(Double, bitwise_cast<uint64_t>(static_cast<double>(std::numeric_limits<int32_t>::min())));
1713	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1714	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1715	m_currentBlock->appendNew<Value>(m_proc, GreaterEqual, origin(), arg, min));
1716	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1717	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1718	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1719	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1720	});
1721	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1722	patchpoint->append(arg, ValueRep::SomeRegister);
1723	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1724	jit.truncateDoubleToInt32(params [`1`].fpr(), params [`0`].gpr());
1725	});
1726	patchpoint->effects = Effects::none();
1727	result = patchpoint;
1728	return { };
1729	}
1730
1731	template<>
1732	auto B3IRGenerator::addOp<OpType::I32TruncSF32>(ExpressionType arg, ExpressionType& result) -> PartialResult
1733	{
1734	Value* max = constant(Float, bitwise_cast<uint32_t>(-static_cast<float>(std::numeric_limits<int32_t>::min())));
1735	Value* min = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(std::numeric_limits<int32_t>::min())));
1736	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1737	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1738	m_currentBlock->appendNew<Value>(m_proc, GreaterEqual, origin(), arg, min));
1739	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1740	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1741	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1742	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1743	});
1744	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1745	patchpoint->append(arg, ValueRep::SomeRegister);
1746	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1747	jit.truncateFloatToInt32(params [`1`].fpr(), params [`0`].gpr());
1748	});
1749	patchpoint->effects = Effects::none();
1750	result = patchpoint;
1751	return { };
1752	}
1753
1754
1755	template<>
1756	auto B3IRGenerator::addOp<OpType::I32TruncUF64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1757	{
1758	Value* max = constant(Double, bitwise_cast<uint64_t>(static_cast<double>(std::numeric_limits<int32_t>::min()) * -`2.0`));
1759	Value* min = constant(Double, bitwise_cast<uint64_t>(-`1.0`));
1760	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1761	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1762	m_currentBlock->appendNew<Value>(m_proc, GreaterThan, origin(), arg, min));
1763	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1764	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1765	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1766	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1767	});
1768	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1769	patchpoint->append(arg, ValueRep::SomeRegister);
1770	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1771	jit.truncateDoubleToUint32(params [`1`].fpr(), params [`0`].gpr());
1772	});
1773	patchpoint->effects = Effects::none();
1774	result = patchpoint;
1775	return { };
1776	}
1777
1778	template<>
1779	auto B3IRGenerator::addOp<OpType::I32TruncUF32>(ExpressionType arg, ExpressionType& result) -> PartialResult
1780	{
1781	Value* max = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(std::numeric_limits<int32_t>::min()) * static_cast<float>(-`2.0`)));
1782	Value* min = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(-`1.0`)));
1783	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1784	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1785	m_currentBlock->appendNew<Value>(m_proc, GreaterThan, origin(), arg, min));
1786	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1787	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1788	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1789	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1790	});
1791	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int32, origin());
1792	patchpoint->append(arg, ValueRep::SomeRegister);
1793	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1794	jit.truncateFloatToUint32(params [`1`].fpr(), params [`0`].gpr());
1795	});
1796	patchpoint->effects = Effects::none();
1797	result = patchpoint;
1798	return { };
1799	}
1800
1801	template<>
1802	auto B3IRGenerator::addOp<OpType::I64TruncSF64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1803	{
1804	Value* max = constant(Double, bitwise_cast<uint64_t>(-static_cast<double>(std::numeric_limits<int64_t>::min())));
1805	Value* min = constant(Double, bitwise_cast<uint64_t>(static_cast<double>(std::numeric_limits<int64_t>::min())));
1806	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1807	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1808	m_currentBlock->appendNew<Value>(m_proc, GreaterEqual, origin(), arg, min));
1809	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1810	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1811	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1812	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1813	});
1814	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1815	patchpoint->append(arg, ValueRep::SomeRegister);
1816	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1817	jit.truncateDoubleToInt64(params [`1`].fpr(), params [`0`].gpr());
1818	});
1819	patchpoint->effects = Effects::none();
1820	result = patchpoint;
1821	return { };
1822	}
1823
1824	template<>
1825	auto B3IRGenerator::addOp<OpType::I64TruncUF64>(ExpressionType arg, ExpressionType& result) -> PartialResult
1826	{
1827	Value* max = constant(Double, bitwise_cast<uint64_t>(static_cast<double>(std::numeric_limits<int64_t>::min()) * -`2.0`));
1828	Value* min = constant(Double, bitwise_cast<uint64_t>(-`1.0`));
1829	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1830	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1831	m_currentBlock->appendNew<Value>(m_proc, GreaterThan, origin(), arg, min));
1832	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1833	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1834	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1835	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1836	});
1837
1838	Value* signBitConstant;
1839	if (isX86()) {
1840	// Since x86 doesn't have an instruction to convert floating points to unsigned integers, we at least try to do the smart thing if
1841	// the numbers are would be positive anyway as a signed integer. Since we cannot materialize constants into fprs we have b3 do it
1842	// so we can pool them if needed.
1843	signBitConstant = constant(Double, bitwise_cast<uint64_t>(static_cast<double>(std::numeric_limits<uint64_t>::max() - std::numeric_limits<int64_t>::max())));
1844	}
1845	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1846	patchpoint->append(arg, ValueRep::SomeRegister);
1847	if (isX86()) {
1848	patchpoint->append(signBitConstant, ValueRep::SomeRegister);
1849	patchpoint->numFPScratchRegisters = `1`;
1850	}
1851	patchpoint->clobber(RegisterSet::macroScratchRegisters());
1852	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1853	AllowMacroScratchRegisterUsage allowScratch(jit);
1854	FPRReg scratch = InvalidFPRReg;
1855	FPRReg constant = InvalidFPRReg;
1856	if (isX86()) {
1857	scratch = params.fpScratch(`0`);
1858	constant = params [`2`].fpr();
1859	}
1860	jit.truncateDoubleToUint64(params [`1`].fpr(), params [`0`].gpr(), scratch, constant);
1861	});
1862	patchpoint->effects = Effects::none();
1863	result = patchpoint;
1864	return { };
1865	}
1866
1867	template<>
1868	auto B3IRGenerator::addOp<OpType::I64TruncSF32>(ExpressionType arg, ExpressionType& result) -> PartialResult
1869	{
1870	Value* max = constant(Float, bitwise_cast<uint32_t>(-static_cast<float>(std::numeric_limits<int64_t>::min())));
1871	Value* min = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(std::numeric_limits<int64_t>::min())));
1872	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1873	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1874	m_currentBlock->appendNew<Value>(m_proc, GreaterEqual, origin(), arg, min));
1875	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1876	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1877	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1878	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1879	});
1880	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1881	patchpoint->append(arg, ValueRep::SomeRegister);
1882	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1883	jit.truncateFloatToInt64(params [`1`].fpr(), params [`0`].gpr());
1884	});
1885	patchpoint->effects = Effects::none();
1886	result = patchpoint;
1887	return { };
1888	}
1889
1890	template<>
1891	auto B3IRGenerator::addOp<OpType::I64TruncUF32>(ExpressionType arg, ExpressionType& result) -> PartialResult
1892	{
1893	Value* max = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(std::numeric_limits<int64_t>::min()) * static_cast<float>(-`2.0`)));
1894	Value* min = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(-`1.0`)));
1895	Value* outOfBounds = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(),
1896	m_currentBlock->appendNew<Value>(m_proc, LessThan, origin(), arg, max),
1897	m_currentBlock->appendNew<Value>(m_proc, GreaterThan, origin(), arg, min));
1898	outOfBounds = m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), outOfBounds, constant(Int32, `0`));
1899	CheckValue* trap = m_currentBlock->appendNew<CheckValue>(m_proc, Check, origin(), outOfBounds);
1900	trap->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams&) {
1901	this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTrunc);
1902	});
1903
1904	Value* signBitConstant;
1905	if (isX86()) {
1906	// Since x86 doesn't have an instruction to convert floating points to unsigned integers, we at least try to do the smart thing if
1907	// the numbers would be positive anyway as a signed integer. Since we cannot materialize constants into fprs we have b3 do it
1908	// so we can pool them if needed.
1909	signBitConstant = constant(Float, bitwise_cast<uint32_t>(static_cast<float>(std::numeric_limits<uint64_t>::max() - std::numeric_limits<int64_t>::max())));
1910	}
1911	PatchpointValue* patchpoint = m_currentBlock->appendNew<PatchpointValue>(m_proc, Int64, origin());
1912	patchpoint->append(arg, ValueRep::SomeRegister);
1913	if (isX86()) {
1914	patchpoint->append(signBitConstant, ValueRep::SomeRegister);
1915	patchpoint->numFPScratchRegisters = `1`;
1916	}
1917	patchpoint->clobber(RegisterSet::macroScratchRegisters());
1918	patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
1919	AllowMacroScratchRegisterUsage allowScratch(jit);
1920	FPRReg scratch = InvalidFPRReg;
1921	FPRReg constant = InvalidFPRReg;
1922	if (isX86()) {
1923	scratch = params.fpScratch(`0`);
1924	constant = params [`2`].fpr();
1925	}
1926	jit.truncateFloatToUint64(params [`1`].fpr(), params [`0`].gpr(), scratch, constant);
1927	});
1928	patchpoint->effects = Effects::none();
1929	result = patchpoint;
1930	return { };
1931	}
1932
1933	} } // namespace JSC::Wasm
1934
1935	#include "WasmB3IRGeneratorInlines.h"
1936
1937	#endif // ENABLE(WEBASSEMBLY)
1938

Definitions

dumpProcedure
verbose
B3IRGenerator
ControlData
ControlData
ControlData
dump
type
hasNonVoidSignature
targetBlockForBranch
convertIfToBlock
resultForBranch
emptyExpression
fail
setParser
didKill
RestoreCachedStackLimit
instanceValue
fixupPointerPlusOffset
restoreWasmContextInstance
B3IRGenerator
restoreWebAssemblyGlobalState
emitExceptionCheck
constant
insertConstants
addLocal
addArguments
addRefIsNull
getLocal
addUnreachable
addGrowMemory
addCurrentMemory
setLocal
getGlobal
setGlobal
emitCheckAndPreparePointer
sizeOfLoadOp
memoryKind
emitLoadOp
load
sizeOfStoreOp
emitStoreOp
store
addSelect
addConstant
emitTierUpCheck
addLoop
addTopLevel
addBlock
addIf
addElse
addElseToUnreachable
addReturn
addBranch
addSwitch
endBlock
addEndToUnreachable
addCall
addCallIndirect
unify
unifyValuesWithBlock
dumpExpressionStack
dump
origin
parseAndCompile
emitChecksForModOrDiv
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp
addOp

Browse the source code of webkit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

Definitions