mozjs_sys 0.67.1

System crate for the Mozilla SpiderMonkey JavaScript engine.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * vim: set ts=8 sts=2 et sw=2 tw=80:
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef jit_JitFrames_h
#define jit_JitFrames_h

#include <stdint.h>

#include "jit/JSJitFrameIter.h"
#include "vm/JSContext.h"
#include "vm/JSFunction.h"

namespace js {
namespace jit {

struct SafepointSlotEntry;
struct VMFunctionData;

enum CalleeTokenTag {
  CalleeToken_Function = 0x0,  // untagged
  CalleeToken_FunctionConstructing = 0x1,
  CalleeToken_Script = 0x2
};

// Any CalleeToken with this bit set must be CalleeToken_Script.
static const uintptr_t CalleeTokenScriptBit = CalleeToken_Script;

static const uintptr_t CalleeTokenMask = ~uintptr_t(0x3);

static inline CalleeTokenTag GetCalleeTokenTag(CalleeToken token) {
  CalleeTokenTag tag = CalleeTokenTag(uintptr_t(token) & 0x3);
  MOZ_ASSERT(tag <= CalleeToken_Script);
  return tag;
}
static inline CalleeToken CalleeToToken(JSFunction* fun, bool constructing) {
  CalleeTokenTag tag =
      constructing ? CalleeToken_FunctionConstructing : CalleeToken_Function;
  return CalleeToken(uintptr_t(fun) | uintptr_t(tag));
}
static inline CalleeToken CalleeToToken(JSScript* script) {
  return CalleeToken(uintptr_t(script) | uintptr_t(CalleeToken_Script));
}
static inline bool CalleeTokenIsFunction(CalleeToken token) {
  CalleeTokenTag tag = GetCalleeTokenTag(token);
  return tag == CalleeToken_Function || tag == CalleeToken_FunctionConstructing;
}
static inline bool CalleeTokenIsConstructing(CalleeToken token) {
  return GetCalleeTokenTag(token) == CalleeToken_FunctionConstructing;
}
static inline JSFunction* CalleeTokenToFunction(CalleeToken token) {
  MOZ_ASSERT(CalleeTokenIsFunction(token));
  return (JSFunction*)(uintptr_t(token) & CalleeTokenMask);
}
static inline JSScript* CalleeTokenToScript(CalleeToken token) {
  MOZ_ASSERT(GetCalleeTokenTag(token) == CalleeToken_Script);
  return (JSScript*)(uintptr_t(token) & CalleeTokenMask);
}
static inline bool CalleeTokenIsModuleScript(CalleeToken token) {
  CalleeTokenTag tag = GetCalleeTokenTag(token);
  return tag == CalleeToken_Script && CalleeTokenToScript(token)->module();
}

static inline JSScript* ScriptFromCalleeToken(CalleeToken token) {
  switch (GetCalleeTokenTag(token)) {
    case CalleeToken_Script:
      return CalleeTokenToScript(token);
    case CalleeToken_Function:
    case CalleeToken_FunctionConstructing:
      return CalleeTokenToFunction(token)->nonLazyScript();
  }
  MOZ_CRASH("invalid callee token tag");
}

// In between every two frames lies a small header describing both frames. This
// header, minimally, contains a returnAddress word and a descriptor word. The
// descriptor describes the size and type of the previous frame, whereas the
// returnAddress describes the address the newer frame (the callee) will return
// to. The exact mechanism in which frames are laid out is architecture
// dependent.
//
// Two special frame types exist:
// - Entry frames begin a JitActivation, and therefore there is exactly one
// per activation of EnterIon or EnterBaseline. These reuse JitFrameLayout.
// - Exit frames are necessary to leave JIT code and enter C++, and thus,
// C++ code will always begin iterating from the topmost exit frame.

class LSafepoint;

// Two-tuple that lets you look up the safepoint entry given the
// displacement of a call instruction within the JIT code.
class SafepointIndex {
  // The displacement is the distance from the first byte of the JIT'd code
  // to the return address (of the call that the safepoint was generated for).
  uint32_t displacement_;

  union {
    LSafepoint* safepoint_;

    // Offset to the start of the encoded safepoint in the safepoint stream.
    uint32_t safepointOffset_;
  };

#ifdef DEBUG
  bool resolved;
#endif

 public:
  SafepointIndex(uint32_t displacement, LSafepoint* safepoint)
      : displacement_(displacement),
        safepoint_(safepoint)
#ifdef DEBUG
        ,
        resolved(false)
#endif
  {
  }

  void resolve();

  LSafepoint* safepoint() {
    MOZ_ASSERT(!resolved);
    return safepoint_;
  }
  uint32_t displacement() const { return displacement_; }
  uint32_t safepointOffset() const { return safepointOffset_; }
  void adjustDisplacement(uint32_t offset) {
    MOZ_ASSERT(offset >= displacement_);
    displacement_ = offset;
  }
  inline SnapshotOffset snapshotOffset() const;
  inline bool hasSnapshotOffset() const;
};

class MacroAssembler;
// The OSI point is patched to a call instruction. Therefore, the
// returnPoint for an OSI call is the address immediately following that
// call instruction. The displacement of that point within the assembly
// buffer is the |returnPointDisplacement|.
class OsiIndex {
  uint32_t callPointDisplacement_;
  uint32_t snapshotOffset_;

 public:
  OsiIndex(uint32_t callPointDisplacement, uint32_t snapshotOffset)
      : callPointDisplacement_(callPointDisplacement),
        snapshotOffset_(snapshotOffset) {}

  uint32_t returnPointDisplacement() const;
  uint32_t callPointDisplacement() const { return callPointDisplacement_; }
  uint32_t snapshotOffset() const { return snapshotOffset_; }
};

// The layout of an Ion frame on the C stack is roughly:
//      argN     _
//      ...       \ - These are jsvals
//      arg0      /
//   -3 this    _/
//   -2 callee
//   -1 descriptor
//    0 returnAddress
//   .. locals ..

// The descriptor is organized into four sections:
// [ frame size | has cached saved frame bit | frame header size | frame type ]
// < highest - - - - - - - - - - - - - - lowest >
static const uintptr_t FRAMETYPE_BITS = 4;
static const uintptr_t FRAMETYPE_MASK = (1 << FRAMETYPE_BITS) - 1;
static const uintptr_t FRAME_HEADER_SIZE_SHIFT = FRAMETYPE_BITS;
static const uintptr_t FRAME_HEADER_SIZE_BITS = 3;
static const uintptr_t FRAME_HEADER_SIZE_MASK =
    (1 << FRAME_HEADER_SIZE_BITS) - 1;
static const uintptr_t HASCACHEDSAVEDFRAME_BIT =
    1 << (FRAMETYPE_BITS + FRAME_HEADER_SIZE_BITS);
static const uintptr_t FRAMESIZE_SHIFT =
    FRAMETYPE_BITS + FRAME_HEADER_SIZE_BITS + 1 /* cached saved frame bit */;
static const uintptr_t FRAMESIZE_BITS = 32 - FRAMESIZE_SHIFT;
static const uintptr_t FRAMESIZE_MASK = (1 << FRAMESIZE_BITS) - 1;

// Ion frames have a few important numbers associated with them:
//      Local depth:    The number of bytes required to spill local variables.
//      Argument depth: The number of bytes required to push arguments and make
//                      a function call.
//      Slack:          A frame may temporarily use extra stack to resolve
//                      cycles.
//
// The (local + argument) depth determines the "fixed frame size". The fixed
// frame size is the distance between the stack pointer and the frame header.
// Thus, fixed >= (local + argument).
//
// In order to compress guards, we create shared jump tables that recover the
// script from the stack and recover a snapshot pointer based on which jump was
// taken. Thus, we create a jump table for each fixed frame size.
//
// Jump tables are big. To control the amount of jump tables we generate, each
// platform chooses how to segregate stack size classes based on its
// architecture.
//
// On some architectures, these jump tables are not used at all, or frame
// size segregation is not needed. Thus, there is an option for a frame to not
// have any frame size class, and to be totally dynamic.
static const uint32_t NO_FRAME_SIZE_CLASS_ID = uint32_t(-1);

class FrameSizeClass {
  uint32_t class_;

  explicit FrameSizeClass(uint32_t class_) : class_(class_) {}

 public:
  FrameSizeClass() = delete;

  static FrameSizeClass None() {
    return FrameSizeClass(NO_FRAME_SIZE_CLASS_ID);
  }
  static FrameSizeClass FromClass(uint32_t class_) {
    return FrameSizeClass(class_);
  }

  // These functions are implemented in specific CodeGenerator-* files.
  static FrameSizeClass FromDepth(uint32_t frameDepth);
  static FrameSizeClass ClassLimit();
  uint32_t frameSize() const;

  uint32_t classId() const {
    MOZ_ASSERT(class_ != NO_FRAME_SIZE_CLASS_ID);
    return class_;
  }

  bool operator==(const FrameSizeClass& other) const {
    return class_ == other.class_;
  }
  bool operator!=(const FrameSizeClass& other) const {
    return class_ != other.class_;
  }
};

struct BaselineBailoutInfo;

// Data needed to recover from an exception.
struct ResumeFromException {
  static const uint32_t RESUME_ENTRY_FRAME = 0;
  static const uint32_t RESUME_CATCH = 1;
  static const uint32_t RESUME_FINALLY = 2;
  static const uint32_t RESUME_FORCED_RETURN = 3;
  static const uint32_t RESUME_BAILOUT = 4;
  static const uint32_t RESUME_WASM = 5;

  uint8_t* framePointer;
  uint8_t* stackPointer;
  uint8_t* target;
  uint32_t kind;

  // Value to push when resuming into a |finally| block.
  Value exception;

  BaselineBailoutInfo* bailoutInfo;
};

void HandleException(ResumeFromException* rfe);

void EnsureBareExitFrame(JitActivation* act, JitFrameLayout* frame);

void TraceJitActivations(JSContext* cx, JSTracer* trc);

void UpdateJitActivationsForMinorGC(JSRuntime* rt);

static inline uint32_t EncodeFrameHeaderSize(size_t headerSize) {
  MOZ_ASSERT((headerSize % sizeof(uintptr_t)) == 0);

  uint32_t headerSizeWords = headerSize / sizeof(uintptr_t);
  MOZ_ASSERT(headerSizeWords <= FRAME_HEADER_SIZE_MASK);
  return headerSizeWords;
}

static inline uint32_t MakeFrameDescriptor(uint32_t frameSize, FrameType type,
                                           uint32_t headerSize) {
  MOZ_ASSERT(frameSize < FRAMESIZE_MASK);
  headerSize = EncodeFrameHeaderSize(headerSize);
  return 0 | (frameSize << FRAMESIZE_SHIFT) |
         (headerSize << FRAME_HEADER_SIZE_SHIFT) | uint32_t(type);
}

// Returns the JSScript associated with the topmost JIT frame.
inline JSScript* GetTopJitJSScript(JSContext* cx) {
  JSJitFrameIter frame(cx->activation()->asJit());
  MOZ_ASSERT(frame.type() == FrameType::Exit);
  ++frame;

  if (frame.isBaselineStub()) {
    ++frame;
    MOZ_ASSERT(frame.isBaselineJS());
  }

  MOZ_ASSERT(frame.isScripted());
  return frame.script();
}

#ifdef JS_CODEGEN_MIPS32
uint8_t* alignDoubleSpillWithOffset(uint8_t* pointer, int32_t offset);
#else
inline uint8_t* alignDoubleSpillWithOffset(uint8_t* pointer, int32_t offset) {
  // This is NO-OP on non-MIPS platforms.
  return pointer;
}
#endif

// Layout of the frame prefix. This assumes the stack architecture grows down.
// If this is ever not the case, we'll have to refactor.
class CommonFrameLayout {
  uint8_t* returnAddress_;
  uintptr_t descriptor_;

 public:
  static size_t offsetOfDescriptor() {
    return offsetof(CommonFrameLayout, descriptor_);
  }
  uintptr_t descriptor() const { return descriptor_; }
  static size_t offsetOfReturnAddress() {
    return offsetof(CommonFrameLayout, returnAddress_);
  }
  FrameType prevType() const { return FrameType(descriptor_ & FRAMETYPE_MASK); }
  void changePrevType(FrameType type) {
    descriptor_ &= ~FRAMETYPE_MASK;
    descriptor_ |= uintptr_t(type);
  }
  size_t prevFrameLocalSize() const { return descriptor_ >> FRAMESIZE_SHIFT; }
  size_t headerSize() const {
    return sizeof(uintptr_t) *
           ((descriptor_ >> FRAME_HEADER_SIZE_SHIFT) & FRAME_HEADER_SIZE_MASK);
  }
  bool hasCachedSavedFrame() const {
    return descriptor_ & HASCACHEDSAVEDFRAME_BIT;
  }
  void setHasCachedSavedFrame() { descriptor_ |= HASCACHEDSAVEDFRAME_BIT; }
  void clearHasCachedSavedFrame() { descriptor_ &= ~HASCACHEDSAVEDFRAME_BIT; }
  uint8_t* returnAddress() const { return returnAddress_; }
  void setReturnAddress(uint8_t* addr) { returnAddress_ = addr; }
};

class JitFrameLayout : public CommonFrameLayout {
  CalleeToken calleeToken_;
  uintptr_t numActualArgs_;

 public:
  CalleeToken calleeToken() const { return calleeToken_; }
  void replaceCalleeToken(CalleeToken calleeToken) {
    calleeToken_ = calleeToken;
  }

  static size_t offsetOfCalleeToken() {
    return offsetof(JitFrameLayout, calleeToken_);
  }
  static size_t offsetOfNumActualArgs() {
    return offsetof(JitFrameLayout, numActualArgs_);
  }
  static size_t offsetOfThis() { return sizeof(JitFrameLayout); }
  static size_t offsetOfEvalNewTarget() { return sizeof(JitFrameLayout); }
  static size_t offsetOfActualArgs() { return offsetOfThis() + sizeof(Value); }
  static size_t offsetOfActualArg(size_t arg) {
    return offsetOfActualArgs() + arg * sizeof(Value);
  }

  Value thisv() {
    MOZ_ASSERT(CalleeTokenIsFunction(calleeToken()));
    return argv()[0];
  }
  Value* argv() {
    MOZ_ASSERT(CalleeTokenIsFunction(calleeToken()));
    return (Value*)(this + 1);
  }
  uintptr_t numActualArgs() const { return numActualArgs_; }

  // Computes a reference to a stack or argument slot, where a slot is a
  // distance from the base frame pointer, as would be used for LStackSlot
  // or LArgument.
  uintptr_t* slotRef(SafepointSlotEntry where);

  static inline size_t Size() { return sizeof(JitFrameLayout); }
};

class RectifierFrameLayout : public JitFrameLayout {
 public:
  static inline size_t Size() { return sizeof(RectifierFrameLayout); }
};

class WasmToJSJitFrameLayout : public JitFrameLayout {
 public:
  static inline size_t Size() { return sizeof(WasmToJSJitFrameLayout); }
};

class IonICCallFrameLayout : public CommonFrameLayout {
 protected:
  // Pointer to root the stub's JitCode.
  JitCode* stubCode_;

 public:
  JitCode** stubCode() { return &stubCode_; }
  static size_t Size() { return sizeof(IonICCallFrameLayout); }
};

enum class ExitFrameType : uint8_t {
  CallNative = 0x0,
  ConstructNative = 0x1,
  IonDOMGetter = 0x2,
  IonDOMSetter = 0x3,
  IonDOMMethod = 0x4,
  IonOOLNative = 0x5,
  IonOOLProxy = 0x6,
  WasmGenericJitEntry = 0x7,
  DirectWasmJitCall = 0x8,
  InterpreterStub = 0xFC,
  VMFunction = 0xFD,
  LazyLink = 0xFE,
  Bare = 0xFF,
};

// GC related data used to keep alive data surrounding the Exit frame.
class ExitFooterFrame {
  // Stores the ExitFrameType or, for ExitFrameType::VMFunction, the
  // VMFunctionData*.
  uintptr_t data_;

 public:
  static inline size_t Size() { return sizeof(ExitFooterFrame); }
  void setBareExitFrame() { data_ = uintptr_t(ExitFrameType::Bare); }
  ExitFrameType type() const {
    static_assert(sizeof(ExitFrameType) == sizeof(uint8_t),
                  "Code assumes ExitFrameType fits in a byte");
    if (data_ > UINT8_MAX) {
      return ExitFrameType::VMFunction;
    }
    MOZ_ASSERT(ExitFrameType(data_) != ExitFrameType::VMFunction);
    return ExitFrameType(data_);
  }
  inline const VMFunctionData* function() const {
    MOZ_ASSERT(type() == ExitFrameType::VMFunction);
    return reinterpret_cast<const VMFunctionData*>(data_);
  }

  // This should only be called for function()->outParam == Type_Handle
  template <typename T>
  T* outParam() {
    uint8_t* address = reinterpret_cast<uint8_t*>(this);
    address = alignDoubleSpillWithOffset(address, sizeof(intptr_t));
    return reinterpret_cast<T*>(address - sizeof(T));
  }
};

class NativeExitFrameLayout;
class IonOOLNativeExitFrameLayout;
class IonOOLProxyExitFrameLayout;
class IonDOMExitFrameLayout;

// this is the frame layout when we are exiting ion code, and about to enter
// platform ABI code
class ExitFrameLayout : public CommonFrameLayout {
  inline uint8_t* top() { return reinterpret_cast<uint8_t*>(this + 1); }

 public:
  static inline size_t Size() { return sizeof(ExitFrameLayout); }
  static inline size_t SizeWithFooter() {
    return Size() + ExitFooterFrame::Size();
  }

  inline ExitFooterFrame* footer() {
    uint8_t* sp = reinterpret_cast<uint8_t*>(this);
    return reinterpret_cast<ExitFooterFrame*>(sp - ExitFooterFrame::Size());
  }

  // argBase targets the point which precedes the exit frame. Arguments of VM
  // each wrapper are pushed before the exit frame.  This correspond exactly
  // to the value of the argBase register of the generateVMWrapper function.
  inline uint8_t* argBase() {
    MOZ_ASSERT(isWrapperExit());
    return top();
  }

  inline bool isWrapperExit() {
    return footer()->type() == ExitFrameType::VMFunction;
  }
  inline bool isBareExit() { return footer()->type() == ExitFrameType::Bare; }

  // See the various exit frame layouts below.
  template <typename T>
  inline bool is() {
    return footer()->type() == T::Type();
  }
  template <typename T>
  inline T* as() {
    MOZ_ASSERT(this->is<T>());
    return reinterpret_cast<T*>(footer());
  }
};

// Cannot inherit implementation since we need to extend the top of
// ExitFrameLayout.
class NativeExitFrameLayout {
 protected:  // only to silence a clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;
  uintptr_t argc_;

  // We need to split the Value into 2 fields of 32 bits, otherwise the C++
  // compiler may add some padding between the fields.
  uint32_t loCalleeResult_;
  uint32_t hiCalleeResult_;

 public:
  static inline size_t Size() { return sizeof(NativeExitFrameLayout); }

  static size_t offsetOfResult() {
    return offsetof(NativeExitFrameLayout, loCalleeResult_);
  }
  inline Value* vp() { return reinterpret_cast<Value*>(&loCalleeResult_); }
  inline uintptr_t argc() const { return argc_; }
};

class CallNativeExitFrameLayout : public NativeExitFrameLayout {
 public:
  static ExitFrameType Type() { return ExitFrameType::CallNative; }
};

class ConstructNativeExitFrameLayout : public NativeExitFrameLayout {
 public:
  static ExitFrameType Type() { return ExitFrameType::ConstructNative; }
};

template <>
inline bool ExitFrameLayout::is<NativeExitFrameLayout>() {
  return is<CallNativeExitFrameLayout>() ||
         is<ConstructNativeExitFrameLayout>();
}

class IonOOLNativeExitFrameLayout {
 protected:  // only to silence a clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;

  // pointer to root the stub's JitCode
  JitCode* stubCode_;

  uintptr_t argc_;

  // We need to split the Value into 2 fields of 32 bits, otherwise the C++
  // compiler may add some padding between the fields.
  uint32_t loCalleeResult_;
  uint32_t hiCalleeResult_;

  // Split Value for |this| and args above.
  uint32_t loThis_;
  uint32_t hiThis_;

 public:
  static ExitFrameType Type() { return ExitFrameType::IonOOLNative; }

  static inline size_t Size(size_t argc) {
    // The frame accounts for the callee/result and |this|, so we only need
    // args.
    return sizeof(IonOOLNativeExitFrameLayout) + (argc * sizeof(Value));
  }

  static size_t offsetOfResult() {
    return offsetof(IonOOLNativeExitFrameLayout, loCalleeResult_);
  }

  inline JitCode** stubCode() { return &stubCode_; }
  inline Value* vp() { return reinterpret_cast<Value*>(&loCalleeResult_); }
  inline Value* thisp() { return reinterpret_cast<Value*>(&loThis_); }
  inline uintptr_t argc() const { return argc_; }
};

// ProxyGetProperty(JSContext* cx, HandleObject proxy, HandleId id,
//                  MutableHandleValue vp)
// ProxyCallProperty(JSContext* cx, HandleObject proxy, HandleId id,
//                   MutableHandleValue vp)
// ProxySetProperty(JSContext* cx, HandleObject proxy, HandleId id,
//                  MutableHandleValue vp, bool strict)
class IonOOLProxyExitFrameLayout {
 protected:  // only to silence a clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;

  // The proxy object.
  JSObject* proxy_;

  // id for HandleId
  jsid id_;

  // space for MutableHandleValue result
  // use two uint32_t so compiler doesn't align.
  uint32_t vp0_;
  uint32_t vp1_;

  // pointer to root the stub's JitCode
  JitCode* stubCode_;

 public:
  static ExitFrameType Type() { return ExitFrameType::IonOOLProxy; }

  static inline size_t Size() { return sizeof(IonOOLProxyExitFrameLayout); }

  static size_t offsetOfResult() {
    return offsetof(IonOOLProxyExitFrameLayout, vp0_);
  }

  inline JitCode** stubCode() { return &stubCode_; }
  inline Value* vp() { return reinterpret_cast<Value*>(&vp0_); }
  inline jsid* id() { return &id_; }
  inline JSObject** proxy() { return &proxy_; }
};

class IonDOMExitFrameLayout {
 protected:  // only to silence a clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;
  JSObject* thisObj;

  // We need to split the Value into 2 fields of 32 bits, otherwise the C++
  // compiler may add some padding between the fields.
  uint32_t loCalleeResult_;
  uint32_t hiCalleeResult_;

 public:
  static ExitFrameType GetterType() { return ExitFrameType::IonDOMGetter; }
  static ExitFrameType SetterType() { return ExitFrameType::IonDOMSetter; }

  static inline size_t Size() { return sizeof(IonDOMExitFrameLayout); }

  static size_t offsetOfResult() {
    return offsetof(IonDOMExitFrameLayout, loCalleeResult_);
  }
  inline Value* vp() { return reinterpret_cast<Value*>(&loCalleeResult_); }
  inline JSObject** thisObjAddress() { return &thisObj; }
  inline bool isMethodFrame();
};

struct IonDOMMethodExitFrameLayoutTraits;

class IonDOMMethodExitFrameLayout {
 protected:  // only to silence a clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;
  // This must be the last thing pushed, so as to stay common with
  // IonDOMExitFrameLayout.
  JSObject* thisObj_;
  Value* argv_;
  uintptr_t argc_;

  // We need to split the Value into 2 fields of 32 bits, otherwise the C++
  // compiler may add some padding between the fields.
  uint32_t loCalleeResult_;
  uint32_t hiCalleeResult_;

  friend struct IonDOMMethodExitFrameLayoutTraits;

 public:
  static ExitFrameType Type() { return ExitFrameType::IonDOMMethod; }

  static inline size_t Size() { return sizeof(IonDOMMethodExitFrameLayout); }

  static size_t offsetOfResult() {
    return offsetof(IonDOMMethodExitFrameLayout, loCalleeResult_);
  }

  inline Value* vp() {
    // The code in visitCallDOMNative depends on this static assert holding
    JS_STATIC_ASSERT(
        offsetof(IonDOMMethodExitFrameLayout, loCalleeResult_) ==
        (offsetof(IonDOMMethodExitFrameLayout, argc_) + sizeof(uintptr_t)));
    return reinterpret_cast<Value*>(&loCalleeResult_);
  }
  inline JSObject** thisObjAddress() { return &thisObj_; }
  inline uintptr_t argc() { return argc_; }
};

inline bool IonDOMExitFrameLayout::isMethodFrame() {
  return footer_.type() == IonDOMMethodExitFrameLayout::Type();
}

template <>
inline bool ExitFrameLayout::is<IonDOMExitFrameLayout>() {
  ExitFrameType type = footer()->type();
  return type == IonDOMExitFrameLayout::GetterType() ||
         type == IonDOMExitFrameLayout::SetterType() ||
         type == IonDOMMethodExitFrameLayout::Type();
}

template <>
inline IonDOMExitFrameLayout* ExitFrameLayout::as<IonDOMExitFrameLayout>() {
  MOZ_ASSERT(is<IonDOMExitFrameLayout>());
  return reinterpret_cast<IonDOMExitFrameLayout*>(footer());
}

struct IonDOMMethodExitFrameLayoutTraits {
  static const size_t offsetOfArgcFromArgv =
      offsetof(IonDOMMethodExitFrameLayout, argc_) -
      offsetof(IonDOMMethodExitFrameLayout, argv_);
};

// Cannot inherit implementation since we need to extend the top of
// ExitFrameLayout.
class CalledFromJitExitFrameLayout {
 protected:  // silence clang warning about unused private fields
  ExitFooterFrame footer_;
  JitFrameLayout exit_;

 public:
  static inline size_t Size() { return sizeof(CalledFromJitExitFrameLayout); }
  inline JitFrameLayout* jsFrame() { return &exit_; }
  static size_t offsetOfExitFrame() {
    return offsetof(CalledFromJitExitFrameLayout, exit_);
  }
};

class LazyLinkExitFrameLayout : public CalledFromJitExitFrameLayout {
 public:
  static ExitFrameType Type() { return ExitFrameType::LazyLink; }
};

class InterpreterStubExitFrameLayout : public CalledFromJitExitFrameLayout {
 public:
  static ExitFrameType Type() { return ExitFrameType::InterpreterStub; }
};

class WasmGenericJitEntryFrameLayout : CalledFromJitExitFrameLayout {
 public:
  static ExitFrameType Type() { return ExitFrameType::WasmGenericJitEntry; }
};

template <>
inline bool ExitFrameLayout::is<CalledFromJitExitFrameLayout>() {
  return is<InterpreterStubExitFrameLayout>() ||
         is<LazyLinkExitFrameLayout>() || is<WasmGenericJitEntryFrameLayout>();
}

template <>
inline CalledFromJitExitFrameLayout*
ExitFrameLayout::as<CalledFromJitExitFrameLayout>() {
  MOZ_ASSERT(is<CalledFromJitExitFrameLayout>());
  uint8_t* sp = reinterpret_cast<uint8_t*>(this);
  sp -= CalledFromJitExitFrameLayout::offsetOfExitFrame();
  return reinterpret_cast<CalledFromJitExitFrameLayout*>(sp);
}

class DirectWasmJitCallFrameLayout {
 protected:  // silence clang warning about unused private fields
  ExitFooterFrame footer_;
  ExitFrameLayout exit_;

 public:
  static ExitFrameType Type() { return ExitFrameType::DirectWasmJitCall; }
};

class ICStub;

class JitStubFrameLayout : public CommonFrameLayout {
  /* clang-format off */
    // Info on the stack
    //
    // --------------------
    // |JitStubFrameLayout|
    // +------------------+
    // | - Descriptor     | => Marks end of FrameType::IonJS
    // | - returnaddres   |
    // +------------------+
    // | - StubPtr        | => First thing pushed in a stub only when the stub will do
    // --------------------    a vmcall. Else we cannot have JitStubFrame. But technically
    //                         not a member of the layout.
  /* clang-format on */

 public:
  static size_t Size() { return sizeof(JitStubFrameLayout); }

  static inline int reverseOffsetOfStubPtr() { return -int(sizeof(void*)); }

  inline ICStub* maybeStubPtr() {
    uint8_t* fp = reinterpret_cast<uint8_t*>(this);
    return *reinterpret_cast<ICStub**>(fp + reverseOffsetOfStubPtr());
  }
};

class BaselineStubFrameLayout : public JitStubFrameLayout {
  /* clang-format off */
    // Info on the stack
    //
    // -------------------------
    // |BaselineStubFrameLayout|
    // +-----------------------+
    // | - Descriptor          | => Marks end of FrameType::BaselineJS
    // | - returnaddres        |
    // +-----------------------+
    // | - StubPtr             | => First thing pushed in a stub only when the stub will do
    // +-----------------------+    a vmcall. Else we cannot have BaselineStubFrame.
    // | - FramePtr            | => Baseline stubs also need to push the frame ptr when doing
    // -------------------------    a vmcall.
    //                              Technically these last two variables are not part of the
    //                              layout.
  /* clang-format on */

 public:
  static inline size_t Size() { return sizeof(BaselineStubFrameLayout); }

  static inline int reverseOffsetOfSavedFramePtr() {
    return -int(2 * sizeof(void*));
  }

  void* reverseSavedFramePtr() {
    uint8_t* addr = ((uint8_t*)this) + reverseOffsetOfSavedFramePtr();
    return *(void**)addr;
  }

  inline void setStubPtr(ICStub* stub) {
    uint8_t* fp = reinterpret_cast<uint8_t*>(this);
    *reinterpret_cast<ICStub**>(fp + reverseOffsetOfStubPtr()) = stub;
  }
};

// An invalidation bailout stack is at the stack pointer for the callee frame.
class InvalidationBailoutStack {
  RegisterDump::FPUArray fpregs_;
  RegisterDump::GPRArray regs_;
  IonScript* ionScript_;
  uint8_t* osiPointReturnAddress_;

 public:
  uint8_t* sp() const {
    return (uint8_t*)this + sizeof(InvalidationBailoutStack);
  }
  JitFrameLayout* fp() const;
  MachineState machine() { return MachineState::FromBailout(regs_, fpregs_); }

  IonScript* ionScript() const { return ionScript_; }
  uint8_t* osiPointReturnAddress() const { return osiPointReturnAddress_; }
  static size_t offsetOfFpRegs() {
    return offsetof(InvalidationBailoutStack, fpregs_);
  }
  static size_t offsetOfRegs() {
    return offsetof(InvalidationBailoutStack, regs_);
  }

  void checkInvariants() const;
};

void GetPcScript(JSContext* cx, JSScript** scriptRes, jsbytecode** pcRes);

CalleeToken TraceCalleeToken(JSTracer* trc, CalleeToken token);

// Baseline requires one slot for this/argument type checks.
static const uint32_t MinJITStackSize = 1;

} /* namespace jit */
} /* namespace js */

#endif /* jit_JitFrames_h */