// This is the js::Native for functions exported by an asm.js module.
static bool
CallAsmJS(JSContext *cx, unsigned argc, Value *vp)
{
CallArgs callArgs = CallArgsFromVp(argc, vp);
RootedFunction callee(cx, &callArgs.callee().as<JSFunction>());
AsmJSModule &module = FunctionToEnclosingModule(callee);
const AsmJSModule::ExportedFunction &func = FunctionToExportedFunction(callee, module);
// The heap-changing function is a special-case and is implemented by C++.
if (func.isChangeHeap())
return ChangeHeap(cx, module, callArgs);
// Enable/disable profiling in the asm.js module to match the current global
// profiling state. Don't do this if the module is already active on the
// stack since this would leave the module in a state where profiling is
// enabled but the stack isn't unwindable.
if (module.profilingEnabled() != cx->runtime()->spsProfiler.enabled() && !module.active())
module.setProfilingEnabled(cx->runtime()->spsProfiler.enabled(), cx);
// The calling convention for an external call into asm.js is to pass an
// array of 16-byte values where each value contains either a coerced int32
// (in the low word), a double value (in the low dword) or a SIMD vector
// value, with the coercions specified by the asm.js signature. The
// external entry point unpacks this array into the system-ABI-specified
// registers and stack memory and then calls into the internal entry point.
// The return value is stored in the first element of the array (which,
// therefore, must have length >= 1).
js::Vector<AsmJSModule::EntryArg, 8> coercedArgs(cx);
if (!coercedArgs.resize(Max<size_t>(1, func.numArgs())))
return false;
RootedValue v(cx);
for (unsigned i = 0; i < func.numArgs(); ++i) {
v = i < callArgs.length() ? callArgs[i] : UndefinedValue();
switch (func.argCoercion(i)) {
case AsmJS_ToInt32:
if (!ToInt32(cx, v, (int32_t*)&coercedArgs[i]))
return false;
break;
case AsmJS_ToNumber:
if (!ToNumber(cx, v, (double*)&coercedArgs[i]))
return false;
break;
case AsmJS_FRound:
if (!RoundFloat32(cx, v, (float *)&coercedArgs[i]))
return false;
break;
case AsmJS_ToInt32x4: {
SimdConstant simd;
if (!ToSimdConstant<Int32x4>(cx, v, &simd))
return false;
memcpy(&coercedArgs[i], simd.asInt32x4(), Simd128DataSize);
break;
}
case AsmJS_ToFloat32x4: {
SimdConstant simd;
if (!ToSimdConstant<Float32x4>(cx, v, &simd))
return false;
memcpy(&coercedArgs[i], simd.asFloat32x4(), Simd128DataSize);
break;
}
}
}
// The correct way to handle this situation would be to allocate a new range
// of PROT_NONE memory and module.changeHeap to this memory. That would
// cause every access to take the out-of-bounds signal-handler path which
// does the right thing. For now, just throw an out-of-memory exception
// since these can technically pop out anywhere and the full fix may
// actually OOM when trying to allocate the PROT_NONE memory.
if (module.hasDetachedHeap()) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_OUT_OF_MEMORY);
return false;
}
{
// Push an AsmJSActivation to describe the asm.js frames we're about to
// push when running this module. Additionally, push a JitActivation so
// that the optimized asm.js-to-Ion FFI call path (which we want to be
// very fast) can avoid doing so. The JitActivation is marked as
// inactive so stack iteration will skip over it.
AsmJSActivation activation(cx, module);
JitActivation jitActivation(cx, /* active */ false);
// Call the per-exported-function trampoline created by GenerateEntry.
AsmJSModule::CodePtr enter = module.entryTrampoline(func);
if (!CALL_GENERATED_2(enter, coercedArgs.begin(), module.globalData()))
return false;
}
if (callArgs.isConstructing()) {
// By spec, when a function is called as a constructor and this function
// returns a primary type, which is the case for all asm.js exported
// functions, the returned value is discarded and an empty object is
// returned instead.
PlainObject *obj = NewBuiltinClassInstance<PlainObject>(cx);
callArgs.rval().set(ObjectValue(*obj));
return true;
}
JSObject *simdObj;
switch (func.returnType()) {
case AsmJSModule::Return_Void:
callArgs.rval().set(UndefinedValue());
break;
case AsmJSModule::Return_Int32:
callArgs.rval().set(Int32Value(*(int32_t*)&coercedArgs[0]));
break;
case AsmJSModule::Return_Double:
callArgs.rval().set(NumberValue(*(double*)&coercedArgs[0]));
break;
case AsmJSModule::Return_Int32x4:
simdObj = CreateSimd<Int32x4>(cx, (int32_t*)&coercedArgs[0]);
if (!simdObj)
return false;
callArgs.rval().set(ObjectValue(*simdObj));
break;
case AsmJSModule::Return_Float32x4:
simdObj = CreateSimd<Float32x4>(cx, (float*)&coercedArgs[0]);
if (!simdObj)
return false;
callArgs.rval().set(ObjectValue(*simdObj));
break;
}
return true;
}
static bool
ValidateGlobalVariable(JSContext *cx, const AsmJSModule &module, AsmJSModule::Global &global,
HandleValue importVal)
{
MOZ_ASSERT(global.which() == AsmJSModule::Global::Variable);
void *datum = module.globalVarToGlobalDatum(global);
switch (global.varInitKind()) {
case AsmJSModule::Global::InitConstant: {
const AsmJSNumLit &lit = global.varInitNumLit();
switch (lit.which()) {
case AsmJSNumLit::Fixnum:
case AsmJSNumLit::NegativeInt:
case AsmJSNumLit::BigUnsigned:
*(int32_t *)datum = lit.scalarValue().toInt32();
break;
case AsmJSNumLit::Double:
*(double *)datum = lit.scalarValue().toDouble();
break;
case AsmJSNumLit::Float:
*(float *)datum = static_cast<float>(lit.scalarValue().toDouble());
break;
case AsmJSNumLit::Int32x4:
memcpy(datum, lit.simdValue().asInt32x4(), Simd128DataSize);
break;
case AsmJSNumLit::Float32x4:
memcpy(datum, lit.simdValue().asFloat32x4(), Simd128DataSize);
break;
case AsmJSNumLit::OutOfRangeInt:
MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE("OutOfRangeInt isn't valid in the first place");
}
break;
}
case AsmJSModule::Global::InitImport: {
RootedPropertyName field(cx, global.varImportField());
RootedValue v(cx);
if (!GetDataProperty(cx, importVal, field, &v))
return false;
if (!v.isPrimitive() && !HasPureCoercion(cx, v))
return LinkFail(cx, "Imported values must be primitives");
SimdConstant simdConstant;
switch (global.varInitCoercion()) {
case AsmJS_ToInt32:
if (!ToInt32(cx, v, (int32_t *)datum))
return false;
break;
case AsmJS_ToNumber:
if (!ToNumber(cx, v, (double *)datum))
return false;
break;
case AsmJS_FRound:
if (!RoundFloat32(cx, v, (float *)datum))
return false;
break;
case AsmJS_ToInt32x4:
if (!ToSimdConstant<Int32x4>(cx, v, &simdConstant))
return false;
memcpy(datum, simdConstant.asInt32x4(), Simd128DataSize);
break;
case AsmJS_ToFloat32x4:
if (!ToSimdConstant<Float32x4>(cx, v, &simdConstant))
return false;
memcpy(datum, simdConstant.asFloat32x4(), Simd128DataSize);
break;
}
break;
}
}
return true;
}
bool
Instance::callExport(JSContext* cx, uint32_t funcIndex, CallArgs args)
{
if (!cx->compartment()->wasm.ensureProfilingState(cx))
return false;
const FuncExport& func = metadata().lookupFuncExport(funcIndex);
// The calling convention for an external call into wasm is to pass an
// array of 16-byte values where each value contains either a coerced int32
// (in the low word), a double value (in the low dword) or a SIMD vector
// value, with the coercions specified by the wasm signature. The external
// entry point unpacks this array into the system-ABI-specified registers
// and stack memory and then calls into the internal entry point. The return
// value is stored in the first element of the array (which, therefore, must
// have length >= 1).
Vector<ExportArg, 8> exportArgs(cx);
if (!exportArgs.resize(Max<size_t>(1, func.sig().args().length())))
return false;
RootedValue v(cx);
for (unsigned i = 0; i < func.sig().args().length(); ++i) {
v = i < args.length() ? args[i] : UndefinedValue();
switch (func.sig().arg(i)) {
case ValType::I32:
if (!ToInt32(cx, v, (int32_t*)&exportArgs[i]))
return false;
break;
case ValType::I64:
if (!JitOptions.wasmTestMode) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_I64);
return false;
}
if (!ReadI64Object(cx, v, (int64_t*)&exportArgs[i]))
return false;
break;
case ValType::F32:
if (JitOptions.wasmTestMode && v.isObject()) {
if (!ReadCustomFloat32NaNObject(cx, v, (float*)&exportArgs[i]))
return false;
break;
}
if (!RoundFloat32(cx, v, (float*)&exportArgs[i]))
return false;
break;
case ValType::F64:
if (JitOptions.wasmTestMode && v.isObject()) {
if (!ReadCustomDoubleNaNObject(cx, v, (double*)&exportArgs[i]))
return false;
break;
}
if (!ToNumber(cx, v, (double*)&exportArgs[i]))
return false;
break;
case ValType::I8x16: {
SimdConstant simd;
if (!ToSimdConstant<Int8x16>(cx, v, &simd))
return false;
memcpy(&exportArgs[i], simd.asInt8x16(), Simd128DataSize);
break;
}
case ValType::I16x8: {
SimdConstant simd;
if (!ToSimdConstant<Int16x8>(cx, v, &simd))
return false;
memcpy(&exportArgs[i], simd.asInt16x8(), Simd128DataSize);
break;
}
case ValType::I32x4: {
SimdConstant simd;
if (!ToSimdConstant<Int32x4>(cx, v, &simd))
return false;
memcpy(&exportArgs[i], simd.asInt32x4(), Simd128DataSize);
break;
}
case ValType::F32x4: {
SimdConstant simd;
if (!ToSimdConstant<Float32x4>(cx, v, &simd))
return false;
memcpy(&exportArgs[i], simd.asFloat32x4(), Simd128DataSize);
break;
}
case ValType::B8x16: {
SimdConstant simd;
if (!ToSimdConstant<Bool8x16>(cx, v, &simd))
return false;
// Bool8x16 uses the same representation as Int8x16.
memcpy(&exportArgs[i], simd.asInt8x16(), Simd128DataSize);
break;
}
case ValType::B16x8: {
SimdConstant simd;
if (!ToSimdConstant<Bool16x8>(cx, v, &simd))
return false;
// Bool16x8 uses the same representation as Int16x8.
memcpy(&exportArgs[i], simd.asInt16x8(), Simd128DataSize);
break;
}
case ValType::B32x4: {
SimdConstant simd;
if (!ToSimdConstant<Bool32x4>(cx, v, &simd))
return false;
// Bool32x4 uses the same representation as Int32x4.
memcpy(&exportArgs[i], simd.asInt32x4(), Simd128DataSize);
break;
}
case ValType::Limit:
MOZ_CRASH("Limit");
}
}
{
// Push a WasmActivation to describe the wasm frames we're about to push
// when running this module. Additionally, push a JitActivation so that
// the optimized wasm-to-Ion FFI call path (which we want to be very
// fast) can avoid doing so. The JitActivation is marked as inactive so
// stack iteration will skip over it.
WasmActivation activation(cx);
JitActivation jitActivation(cx, /* active */ false);
// Call the per-exported-function trampoline created by GenerateEntry.
auto funcPtr = JS_DATA_TO_FUNC_PTR(ExportFuncPtr, codeBase() + func.entryOffset());
if (!CALL_GENERATED_2(funcPtr, exportArgs.begin(), &tlsData_))
return false;
}
if (args.isConstructing()) {
// By spec, when a function is called as a constructor and this function
// returns a primary type, which is the case for all wasm exported
// functions, the returned value is discarded and an empty object is
// returned instead.
PlainObject* obj = NewBuiltinClassInstance<PlainObject>(cx);
if (!obj)
return false;
args.rval().set(ObjectValue(*obj));
return true;
}
void* retAddr = &exportArgs[0];
JSObject* retObj = nullptr;
switch (func.sig().ret()) {
case ExprType::Void:
args.rval().set(UndefinedValue());
break;
case ExprType::I32:
args.rval().set(Int32Value(*(int32_t*)retAddr));
break;
case ExprType::I64:
if (!JitOptions.wasmTestMode) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_I64);
return false;
}
retObj = CreateI64Object(cx, *(int64_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::F32:
if (JitOptions.wasmTestMode && IsNaN(*(float*)retAddr)) {
retObj = CreateCustomNaNObject(cx, (float*)retAddr);
if (!retObj)
return false;
break;
}
args.rval().set(NumberValue(*(float*)retAddr));
break;
case ExprType::F64:
if (JitOptions.wasmTestMode && IsNaN(*(double*)retAddr)) {
retObj = CreateCustomNaNObject(cx, (double*)retAddr);
if (!retObj)
return false;
break;
}
args.rval().set(NumberValue(*(double*)retAddr));
break;
case ExprType::I8x16:
retObj = CreateSimd<Int8x16>(cx, (int8_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::I16x8:
retObj = CreateSimd<Int16x8>(cx, (int16_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::I32x4:
retObj = CreateSimd<Int32x4>(cx, (int32_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::F32x4:
retObj = CreateSimd<Float32x4>(cx, (float*)retAddr);
if (!retObj)
return false;
break;
case ExprType::B8x16:
retObj = CreateSimd<Bool8x16>(cx, (int8_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::B16x8:
retObj = CreateSimd<Bool16x8>(cx, (int16_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::B32x4:
retObj = CreateSimd<Bool32x4>(cx, (int32_t*)retAddr);
if (!retObj)
return false;
break;
case ExprType::Limit:
MOZ_CRASH("Limit");
}
if (retObj)
args.rval().set(ObjectValue(*retObj));
return true;
}
bool
Module::callExport(JSContext* cx, uint32_t exportIndex, CallArgs args)
{
MOZ_ASSERT(dynamicallyLinked_);
const Export& exp = exports()[exportIndex];
// Enable/disable profiling in the Module to match the current global
// profiling state. Don't do this if the Module is already active on the
// stack since this would leave the Module in a state where profiling is
// enabled but the stack isn't unwindable.
if (profilingEnabled() != cx->runtime()->spsProfiler.enabled() && !activation()) {
if (!setProfilingEnabled(cx, cx->runtime()->spsProfiler.enabled()))
return false;
}
// The calling convention for an external call into wasm is to pass an
// array of 16-byte values where each value contains either a coerced int32
// (in the low word), a double value (in the low dword) or a SIMD vector
// value, with the coercions specified by the wasm signature. The external
// entry point unpacks this array into the system-ABI-specified registers
// and stack memory and then calls into the internal entry point. The return
// value is stored in the first element of the array (which, therefore, must
// have length >= 1).
Vector<Module::EntryArg, 8> coercedArgs(cx);
if (!coercedArgs.resize(Max<size_t>(1, exp.sig().args().length())))
return false;
RootedValue v(cx);
for (unsigned i = 0; i < exp.sig().args().length(); ++i) {
v = i < args.length() ? args[i] : UndefinedValue();
switch (exp.sig().arg(i)) {
case ValType::I32:
if (!ToInt32(cx, v, (int32_t*)&coercedArgs[i]))
return false;
break;
case ValType::I64:
MOZ_CRASH("int64");
case ValType::F32:
if (!RoundFloat32(cx, v, (float*)&coercedArgs[i]))
return false;
break;
case ValType::F64:
if (!ToNumber(cx, v, (double*)&coercedArgs[i]))
return false;
break;
case ValType::I32x4: {
SimdConstant simd;
if (!ToSimdConstant<Int32x4>(cx, v, &simd))
return false;
memcpy(&coercedArgs[i], simd.asInt32x4(), Simd128DataSize);
break;
}
case ValType::F32x4: {
SimdConstant simd;
if (!ToSimdConstant<Float32x4>(cx, v, &simd))
return false;
memcpy(&coercedArgs[i], simd.asFloat32x4(), Simd128DataSize);
break;
}
case ValType::B32x4: {
SimdConstant simd;
if (!ToSimdConstant<Bool32x4>(cx, v, &simd))
return false;
// Bool32x4 uses the same representation as Int32x4.
memcpy(&coercedArgs[i], simd.asInt32x4(), Simd128DataSize);
break;
}
case ValType::Limit:
MOZ_CRASH("Limit");
}
}
{
// Push a WasmActivation to describe the wasm frames we're about to push
// when running this module. Additionally, push a JitActivation so that
// the optimized wasm-to-Ion FFI call path (which we want to be very
// fast) can avoid doing so. The JitActivation is marked as inactive so
// stack iteration will skip over it.
WasmActivation activation(cx, *this);
JitActivation jitActivation(cx, /* active */ false);
// Call the per-exported-function trampoline created by GenerateEntry.
auto entry = JS_DATA_TO_FUNC_PTR(EntryFuncPtr, code() + exp.stubOffset());
if (!CALL_GENERATED_2(entry, coercedArgs.begin(), globalData()))
return false;
}
if (args.isConstructing()) {
// By spec, when a function is called as a constructor and this function
// returns a primary type, which is the case for all wasm exported
// functions, the returned value is discarded and an empty object is
// returned instead.
PlainObject* obj = NewBuiltinClassInstance<PlainObject>(cx);
if (!obj)
return false;
args.rval().set(ObjectValue(*obj));
return true;
}
JSObject* simdObj;
switch (exp.sig().ret()) {
case ExprType::Void:
args.rval().set(UndefinedValue());
break;
case ExprType::I32:
args.rval().set(Int32Value(*(int32_t*)&coercedArgs[0]));
break;
case ExprType::I64:
MOZ_CRASH("int64");
case ExprType::F32:
case ExprType::F64:
args.rval().set(NumberValue(*(double*)&coercedArgs[0]));
break;
case ExprType::I32x4:
simdObj = CreateSimd<Int32x4>(cx, (int32_t*)&coercedArgs[0]);
if (!simdObj)
return false;
args.rval().set(ObjectValue(*simdObj));
break;
case ExprType::F32x4:
simdObj = CreateSimd<Float32x4>(cx, (float*)&coercedArgs[0]);
if (!simdObj)
return false;
args.rval().set(ObjectValue(*simdObj));
break;
case ExprType::B32x4:
simdObj = CreateSimd<Bool32x4>(cx, (int32_t*)&coercedArgs[0]);
if (!simdObj)
return false;
args.rval().set(ObjectValue(*simdObj));
break;
case ExprType::Limit:
MOZ_CRASH("Limit");
}
return true;
}
static bool
ValidateGlobalVariable(JSContext* cx, const AsmJSModule& module, AsmJSModule::Global& global,
HandleValue importVal)
{
void* datum = module.globalData() + global.varGlobalDataOffset();
switch (global.varInitKind()) {
case AsmJSModule::Global::InitConstant: {
Val v = global.varInitVal();
switch (v.type()) {
case ValType::I32:
*(int32_t*)datum = v.i32();
break;
case ValType::I64:
MOZ_CRASH("int64");
case ValType::F32:
*(float*)datum = v.f32();
break;
case ValType::F64:
*(double*)datum = v.f64();
break;
case ValType::I32x4:
memcpy(datum, v.i32x4(), Simd128DataSize);
break;
case ValType::F32x4:
memcpy(datum, v.f32x4(), Simd128DataSize);
break;
}
break;
}
case AsmJSModule::Global::InitImport: {
RootedPropertyName field(cx, global.varImportField());
RootedValue v(cx);
if (!GetDataProperty(cx, importVal, field, &v))
return false;
if (!v.isPrimitive() && !HasPureCoercion(cx, v))
return LinkFail(cx, "Imported values must be primitives");
switch (global.varInitImportType()) {
case ValType::I32:
if (!ToInt32(cx, v, (int32_t*)datum))
return false;
break;
case ValType::I64:
MOZ_CRASH("int64");
case ValType::F32:
if (!RoundFloat32(cx, v, (float*)datum))
return false;
break;
case ValType::F64:
if (!ToNumber(cx, v, (double*)datum))
return false;
break;
case ValType::I32x4: {
SimdConstant simdConstant;
if (!ToSimdConstant<Int32x4>(cx, v, &simdConstant))
return false;
memcpy(datum, simdConstant.asInt32x4(), Simd128DataSize);
break;
}
case ValType::F32x4: {
SimdConstant simdConstant;
if (!ToSimdConstant<Float32x4>(cx, v, &simdConstant))
return false;
memcpy(datum, simdConstant.asFloat32x4(), Simd128DataSize);
break;
}
}
break;
}
}
return true;
}