| blob | fde50aec9f10a1925bf11dfd14a96600cc9018b7 |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JavaScript bytecode interpreter.
43 */
44 #include <stdio.h>
45 #include <string.h>
46 #include <math.h>
93 #if JS_HAS_XML_SUPPORT
95 #endif
99 #if defined(JS_METHODJIT) && defined(JS_MONOIC)
101 #endif
106 /* jsinvoke_cpp___ indicates inclusion from jsinvoke.cpp. */
107 #if !JS_LONE_INTERPRET ^ defined jsinvoke_cpp___
109 #ifdef DEBUG
111 #endif
113 jsbytecode *
115 {
125 }
136 #if defined(JS_METHODJIT) && defined(JS_MONOIC)
139 #else
142 #endif
143 }
145 JSObject *
147 {
150 /*
151 * There is no code active on this context. In place of an actual
152 * scope chain, use the context's global object, which is set in
153 * js_InitFunctionAndObjectClasses, and which represents the default
154 * scope chain for the embedding. See also js_FindClassObject.
155 *
156 * For embeddings that use the inner and outer object hooks, the inner
157 * object represents the ultimate global object, with the outer object
158 * acting as a stand-in.
159 */
164 }
168 }
170 }
172 /*
173 * This computes the blockChain by iterating through the bytecode
174 * of the current script until it reaches the PC. Each time it sees
175 * an ENTERBLOCK or LEAVEBLOCK instruction, it records the new
176 * blockChain. A faster variant of this function that doesn't
177 * require bytecode scanning appears below.
178 */
179 JSObject *
181 {
185 /* Assume that imacros don't affect blockChain */
216 }
219 }
221 /*
222 * This function computes the current blockChain, but only in
223 * the special case where a BLOCKCHAIN or NULLBLOCKCHAIN
224 * instruction appears immediately after the current PC.
225 * We ensure this happens for a few important ops like DEFFUN.
226 * |oplen| is the length of opcode at the current PC.
227 */
228 JSObject *
230 {
231 /* Assume that we're in a script frame. */
239 /* The fast paths assume no JSOP_RESETBASE/INDEXBASE noise. */
246 }
248 /*
249 * We can't determine in advance which local variables can live on the stack and
250 * be freed when their dynamic scope ends, and which will be closed over and
251 * need to live in the heap. So we place variables on the stack initially, note
252 * when they are closed over, and copy those that are out to the heap when we
253 * leave their dynamic scope.
254 *
255 * The bytecode compiler produces a tree of block objects accompanying each
256 * JSScript representing those lexical blocks in the script that have let-bound
257 * variables associated with them. These block objects are never modified, and
258 * never become part of any function's scope chain. Their parent slots point to
259 * the innermost block that encloses them, or are NULL in the outermost blocks
260 * within a function or in eval or global code.
261 *
262 * When we are in the static scope of such a block, blockChain points to its
263 * compiler-allocated block object; otherwise, it is NULL.
264 *
265 * scopeChain is the current scope chain, including 'call' and 'block' objects
266 * for those function calls and lexical blocks whose static scope we are
267 * currently executing in, and 'with' objects for with statements; the chain is
268 * typically terminated by a global object. However, as an optimization, the
269 * young end of the chain omits block objects we have not yet cloned. To create
270 * a closure, we clone the missing blocks from blockChain (which is always
271 * current), place them at the head of scopeChain, and use that for the
272 * closure's scope chain. If we never close over a lexical block, we never
273 * place a mutable clone of it on scopeChain.
274 *
275 * This lazy cloning is implemented in GetScopeChain, which is also used in
276 * some other cases --- entering 'with' blocks, for example.
277 */
280 {
284 /*
285 * Don't force a call object for a lightweight function call, but do
286 * insist that there is a call object for a heavyweight function call.
287 */
291 }
293 /* We don't handle cloning blocks on trace. */
296 /*
297 * We have one or more lexical scopes to reflect into fp->scopeChain, so
298 * make sure there's a call object at the current head of the scope chain,
299 * if this frame is a call frame.
300 *
301 * Also, identify the innermost compiler-allocated block we needn't clone.
302 */
310 /* We know we must clone everything on blockChain. */
313 /*
314 * scopeChain includes all blocks whose static scope we're within that
315 * have already been cloned. Find the innermost such block. Its
316 * prototype should appear on blockChain; we'll clone blockChain up
317 * to, but not including, that prototype.
318 */
324 /*
325 * It may seem like we don't know enough about limitClone to be able
326 * to just grab its prototype as we do here, but it's actually okay.
327 *
328 * If limitClone is a block object belonging to this frame, then its
329 * prototype is the innermost entry in blockChain that we have already
330 * cloned, and is thus the place to stop when we clone below.
331 *
332 * Otherwise, there are no blocks for this frame on scopeChain, and we
333 * need to clone the whole blockChain. In this case, limitBlock can
334 * point to any object known not to be on blockChain, since we simply
335 * loop until we hit limitBlock or NULL. If limitClone is a block, it
336 * isn't a block from this function, since blocks can't be nested
337 * within themselves on scopeChain (recursion is dynamic nesting, not
338 * static nesting). If limitClone isn't a block, its prototype won't
339 * be a block either. So we can just grab limitClone's prototype here
340 * regardless of its type or which frame it belongs to.
341 */
344 /* If the innermost block has already been cloned, we are done. */
347 }
349 /*
350 * Special-case cloning the innermost block; this doesn't have enough in
351 * common with subsequent steps to include in the loop.
352 *
353 * js_CloneBlockObject leaves the clone's parent slot uninitialized. We
354 * populate it below.
355 */
361 /*
362 * Clone our way towards outer scopes until we reach the innermost
363 * enclosing function, or the innermost block we've already cloned.
364 */
370 /* Sometimes limitBlock will be NULL, so check that first. */
374 /* As in the call above, we don't know the real parent yet. */
381 }
385 /*
386 * If we found a limit block belonging to this frame, then we should have
387 * found it in blockChain.
388 */
392 sharedBlock);
394 /* Place our newly cloned blocks at the head of the scope chain. */
397 }
399 JSObject *
401 {
403 }
405 JSObject *
407 {
409 }
411 /* Some objects (e.g., With) delegate 'this' to another object. */
414 {
420 }
422 /*
423 * ECMA requires "the global object", but in embeddings such as the browser,
424 * which have multiple top-level objects (windows, frames, etc. in the DOM),
425 * we prefer fun's parent. An example that causes this code to run:
426 *
427 * // in window w1
428 * function f() { return this }
429 * function g() { return f }
430 *
431 * // in window w2
432 * var h = w1.g()
433 * alert(h() == w1)
434 *
435 * The alert should display "true".
436 */
437 JS_STATIC_INTERPRET bool
439 {
445 }
449 void
451 {
454 #ifdef DEBUG
465 }
466 #endif
478 ? js_null_str
480 ? js_undefined_str
482 JSAutoByteString funNameBytes;
486 }
487 }
488 }
490 bool
492 {
493 /*
494 * Check for SynthesizeFrame poisoning and fast constructors which
495 * didn't check their vp properly.
496 */
498 #ifdef DEBUG
501 #endif
510 }
512 }
514 #if JS_HAS_NO_SUCH_METHOD
519 Class js_NoSuchMethodClass = {
526 EnumerateStub,
527 ResolveStub,
528 ConvertStub,
529 };
531 /*
532 * When JSOP_CALLPROP or JSOP_CALLELEM does not find the method property of
533 * the base object, we search for the __noSuchMethod__ method in the base.
534 * If it exists, we store the method and the property's id into an object of
535 * NoSuchMethod class and store this object into the callee's stack slot.
536 * Later, js_Invoke will recognise such an object and transfer control to
537 * NoSuchMethod that invokes the method like:
538 *
539 * this.__noSuchMethod__(id, args)
540 *
541 * where id is the name of the method that this invocation attempted to
542 * call by name, and args is an Array containing this invocation's actual
543 * parameters.
544 */
545 JSBool
547 {
558 #if JS_HAS_XML_SUPPORT
559 /* Extract the function name from function::name qname. */
566 }
567 #endif
572 /*
573 * Null map to cause prompt and safe crash if this object were to
574 * escape due to a bug. This will make the object appear to be a
575 * stillborn instance that needs no finalization, which is sound:
576 * NoSuchMethod helper objects own no manually allocated resources.
577 */
583 }
585 }
587 static JS_REQUIRES_STACK JSBool
589 {
590 InvokeArgsGuard args;
611 }
617 JS_REQUIRES_STACK bool
619 {
622 /* FIXME: Once bug 470510 is fixed, make this an assert. */
628 }
629 }
631 #ifdef JS_METHODJIT_SPEW
633 #endif
640 #ifdef JS_METHODJIT
648 #endif
651 }
653 /*
654 * Find a function reference and its 'this' value implicit first parameter
655 * under argc arguments on cx's stack, and call the function. Push missing
656 * required arguments, allocate declared local variables, and pop everything
657 * when done. Then push the return value.
658 */
659 JS_REQUIRES_STACK bool
661 {
662 /* N.B. Must be kept in sync with InvokeSessionGuard::start/invoke */
670 }
675 /* Invoke non-functions. */
677 #if JS_HAS_NO_SUCH_METHOD
680 #endif
685 }
687 }
689 /* Invoke native functions. */
695 /* Handle the empty-script special case. */
705 }
707 }
709 /* Get pointer to new frame/slots, prepare arguments. */
710 InvokeFrameGuard frame;
714 /* Initialize frame, locals. */
719 /* Officially push fp. frame's destructor pops. */
722 /* Now that the new frame is rooted, maybe create a call object. */
726 /* Run function until JSOP_STOP, JSOP_RETURN or error. */
727 JSBool ok;
728 {
731 }
737 }
739 bool
741 {
742 #ifdef JS_TRACER
746 #endif
748 /* Always push arguments, regardless of optimized/normal invoke. */
753 /* Callees may clobber 'this' or 'callee'. */
758 /* Hoist dynamic checks from scripted Invoke. */
771 /* Push the stack frame once for the session. */
779 #ifdef JS_METHODJIT
780 /* Hoist dynamic checks from RunScript. */
786 /* Cannot also cache the raw code pointer; it can change. */
788 /* Hoist dynamic checks from CheckStackAndEnterMethodJIT. */
796 #endif
798 /* Cached to avoid canonicalActualArg in InvokeSessionGuard::operator[]. */
806 /*
807 * Use the normal invoke path.
808 *
809 * The callee slot gets overwritten during an unoptimized Invoke, so we
810 * cache it here and restore it before every Invoke call. The 'this' value
811 * does not get overwritten, so we can fill it here once.
812 */
818 }
820 bool
823 {
826 InvokeArgsGuard args;
835 /*
836 * We must call the thisObject hook in case we are not called from the
837 * interpreter, where a prior bytecode has computed an appropriate
838 * |this| already.
839 */
844 }
851 }
853 bool
856 {
859 InvokeArgsGuard args;
872 }
874 bool
877 {
880 /*
881 * ExternalInvoke could result in another try to get or set the same id
882 * again, see bug 355497.
883 */
887 }
889 bool
892 {
900 }
904 /*
905 * Get a pointer to new frame/slots. This memory is not "claimed", so the
906 * code before pushExecuteFrame must not reenter the interpreter.
907 */
908 ExecuteFrameGuard frame;
912 /* Initialize fixed slots (GVAR ops expect NULL). */
915 /* Initialize frame and locals. */
921 /*
922 * We want to call |prev->varobj()|, but this requires knowing the
923 * CallStackSegment of |prev|. If |prev == cx->fp()|, the callstack is
924 * simply the context's active callstack, so we can use
925 * |prev->varobj(cx)|. When |prev != cx->fp()|, we need to do a slow
926 * linear search. Luckily, this only happens with EvaluateInFrame.
927 */
932 /* The scope chain could be anything, so innerize just in case. */
938 /* If we were handed a non-native object, complain bitterly. */
941 JSMSG_NON_NATIVE_SCOPE);
943 }
945 /* Initialize frame. */
948 /* Compute 'this'. */
955 }
957 /*
958 * Strict mode eval code receives its own, fresh lexical environment; thus
959 * strict mode eval can't mutate its calling frame's binding set.
960 */
968 /* Clear the Call object propagated from the previous frame, if any. */
972 }
975 #if JS_HAS_SHARP_VARS
992 }
993 }
994 #endif
996 /* Officially push |fp|. |frame|'s destructor pops. */
999 /* Now that the frame has been pushed, we can call the thisObject hook. */
1005 }
1009 /* Run script until JSOP_STOP or error. */
1018 }
1020 bool
1022 {
1025 uintN oldAttrs;
1038 }
1040 /* We allow redeclaring some non-readonly properties. */
1042 /* Allow redeclaration of variables and functions. */
1046 /*
1047 * Allow adding a getter only if a property already has a setter
1048 * but no getter and similarly for adding a setter. That is, we
1049 * allow only the following transitions:
1050 *
1051 * no-property --> getter --> getter + setter
1052 * no-property --> setter --> getter + setter
1053 */
1057 /*
1058 * Allow redeclaration of an impermanent property (in which case
1059 * anyone could delete it and redefine it, willy-nilly).
1060 */
1063 }
1067 Value value;
1071 }
1074 ? js_getter_str
1076 ? js_setter_str
1078 ? js_const_str
1079 : isFunction
1080 ? js_function_str
1082 JSAutoByteString bytes;
1089 }
1091 JSBool
1093 {
1100 }
1102 bool
1104 {
1112 }
1116 }
1120 }
1123 }
1130 }
1136 }
1140 }
1144 {
1146 }
1150 {
1152 }
1154 bool
1156 {
1160 }
1164 }
1168 }
1170 }
1172 JSType
1174 {
1188 }
1190 bool
1192 {
1197 JSAutoByteString funNameBytes;
1202 }
1203 }
1204 }
1206 }
1208 JS_REQUIRES_STACK bool
1210 {
1218 }
1220 /* Handle the fast-constructors cases before falling into the general case . */
1228 }
1232 }
1234 /* Scripts create their own |this| in JSOP_BEGIN */
1240 }
1247 /* native [[Construct]] returning primitive is error */
1248 JSAutoByteString bytes;
1253 }
1254 }
1256 /* The interpreter fixes rval for us. */
1260 }
1264 }
1266 bool
1269 {
1272 InvokeArgsGuard args;
1277 /* Initialize args.thisv on all paths below. */
1280 /* Handle the fast-constructor cases before calling the general case. */
1294 }
1298 }
1300 bool
1302 {
1319 }
1321 bool
1323 {
1328 }
1330 #if JS_HAS_XML_SUPPORT
1336 }
1337 }
1338 #endif
1341 }
1345 /*
1346 * Enter the new with scope using an object at sp[-1] and associate the depth
1347 * of the with block with sp + stackIndex.
1348 */
1349 JS_STATIC_INTERPRET JS_REQUIRES_STACK JSBool
1351 {
1365 }
1382 }
1384 JS_STATIC_INTERPRET JS_REQUIRES_STACK void
1386 {
1395 }
1397 JS_REQUIRES_STACK Class *
1399 {
1407 }
1409 }
1411 /*
1412 * Unwind block and scope chains to match the given depth. The function sets
1413 * fp->sp on return to stackDepth.
1414 */
1415 JS_REQUIRES_STACK JSBool
1417 {
1429 /* Don't fail until after we've updated all stacks. */
1433 }
1434 }
1438 }
1440 JS_STATIC_INTERPRET JSBool
1442 {
1451 }
1460 }
1464 {
1484 }
1487 }
1489 #ifdef DEBUG
1491 JS_STATIC_INTERPRET JS_REQUIRES_STACK void
1493 {
1498 JSOp op;
1505 /*
1506 * Operations in prologues don't produce interesting values, and
1507 * js_DecompileValueGenerator isn't set up to handle them anyway.
1508 */
1514 /*
1515 * If there aren't that many elements on the stack, then we have
1516 * probably entered a new frame, and printing output would just be
1517 * misleading.
1518 */
1526 bytes);
1530 }
1531 }
1533 }
1537 /*
1538 * Call objects have NULL convert ops so that we catch cases
1539 * where they escape. So js_ValueToString doesn't work on them.
1540 */
1550 }
1551 }
1553 }
1555 }
1571 bytes);
1575 }
1576 }
1578 }
1581 /* It's nice to have complete logs when debugging a crash. */
1583 }
1587 #ifdef JS_OPMETER
1589 # include <stdlib.h>
1591 # define HIST_NSLOTS 8
1593 /*
1594 * The second dimension is hardcoded at 256 because we know that many bits fit
1595 * in a byte, and mainly to optimize away multiplying by JSOP_LIMIT to address
1596 * any particular row.
1597 */
1601 JS_STATIC_INTERPRET void
1603 {
1606 }
1608 JS_STATIC_INTERPRET void
1610 {
1613 }
1618 uint32 count;
1621 static int
1623 {
1628 }
1630 void
1632 {
1646 }
1655 }
1656 }
1657 }
1659 # define SIGNIFICANT(count,total) (200. * (count) >= (total))
1673 }
1674 }
1675 }
1678 # undef SIGNIFICANT
1687 }
1691 }
1703 }
1715 /* Reuse j in the next loop, since we break after. */
1721 }
1722 }
1723 }
1725 }
1731 #ifndef jsinvoke_cpp___
1733 #ifdef JS_REPRMETER
1734 // jsval representation metering: this measures the kinds of jsvals that
1735 // are used as inputs to each JSOp.
1738 NONE,
1739 INT,
1740 DOUBLE,
1741 BOOLEAN_PROPER,
1742 BOOLEAN_OTHER,
1743 STRING,
1744 OBJECT_NULL,
1745 OBJECT_PLAIN,
1746 FUNCTION_INTERPRETED,
1747 FUNCTION_FASTNATIVE,
1748 ARRAY_SLOW,
1749 ARRAY_DENSE
1750 };
1752 // Return the |repr| value giving the representation of the given jsval.
1753 static Repr
1755 {
1762 ? BOOLEAN_PROPER
1764 }
1776 }
1777 // This must come before the general array test, because that
1778 // one subsumes this one.
1786 }
1793 // Logically, a tuple of (JSOp, repr_1, ..., repr_n) where repr_i is
1794 // the |repr| of the ith input to the JSOp.
1798 JSOp op;
1804 }
1809 }
1811 // Hash function
1817 }
1825 }
1827 }
1834 }
1835 };
1839 OpInputHistogram opinputs;
1842 // Record an OpInput for the current op. This should be called just
1843 // before executing the op.
1844 static void
1846 {
1847 // Note that we simply ignore the possibility of errors (OOMs)
1848 // using the hash map, since this is only metering code.
1853 }
1858 // Build the OpInput.
1863 }
1868 else
1870 }
1872 void
1874 {
1884 }
1886 }
1887 }
1890 #define PUSH_COPY(v) do { *regs.sp++ = v; assertSameCompartment(cx, regs.sp[-1]); } while (0)
1891 #define PUSH_NULL() regs.sp++->setNull()
1892 #define PUSH_UNDEFINED() regs.sp++->setUndefined()
1893 #define PUSH_BOOLEAN(b) regs.sp++->setBoolean(b)
1894 #define PUSH_DOUBLE(d) regs.sp++->setDouble(d)
1895 #define PUSH_INT32(i) regs.sp++->setInt32(i)
1896 #define PUSH_STRING(s) do { regs.sp++->setString(s); assertSameCompartment(cx, regs.sp[-1]); } while (0)
1897 #define PUSH_OBJECT(obj) do { regs.sp++->setObject(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
1898 #define PUSH_OBJECT_OR_NULL(obj) do { regs.sp++->setObjectOrNull(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
1899 #define PUSH_HOLE() regs.sp++->setMagic(JS_ARRAY_HOLE)
1900 #define POP_COPY_TO(v) v = *--regs.sp
1901 #define POP_RETURN_VALUE() regs.fp->setReturnValue(*--regs.sp)
1903 #define POP_BOOLEAN(cx, vp, b) \
1904 JS_BEGIN_MACRO \
1905 vp = ®s.sp[-1]; \
1906 if (vp->isNull()) { \
1907 b = false; \
1908 } else if (vp->isBoolean()) { \
1909 b = vp->toBoolean(); \
1910 } else { \
1911 b = !!js_ValueToBoolean(*vp); \
1912 } \
1913 regs.sp--; \
1914 JS_END_MACRO
1916 #define VALUE_TO_OBJECT(cx, vp, obj) \
1917 JS_BEGIN_MACRO \
1918 if ((vp)->isObject()) { \
1919 obj = &(vp)->toObject(); \
1920 } else { \
1921 obj = js_ValueToNonNullObject(cx, *(vp)); \
1922 if (!obj) \
1923 goto error; \
1924 (vp)->setObject(*obj); \
1925 } \
1926 JS_END_MACRO
1928 #define FETCH_OBJECT(cx, n, obj) \
1929 JS_BEGIN_MACRO \
1930 Value *vp_ = ®s.sp[n]; \
1931 VALUE_TO_OBJECT(cx, vp_, obj); \
1932 JS_END_MACRO
1934 #define DEFAULT_VALUE(cx, n, hint, v) \
1935 JS_BEGIN_MACRO \
1936 JS_ASSERT(v.isObject()); \
1937 JS_ASSERT(v == regs.sp[n]); \
1938 if (!DefaultValue(cx, &v.toObject(), hint, ®s.sp[n])) \
1939 goto error; \
1940 v = regs.sp[n]; \
1941 JS_END_MACRO
1943 /* Test whether v is an int in the range [-2^31 + 1, 2^31 - 2] */
1946 {
1948 }
1950 /*
1951 * Define JS_OPMETER to instrument bytecode succession, generating a .dot file
1952 * on shutdown that shows the graph of significant predecessor/successor pairs
1953 * executed, where the edge labels give the succession counts. The .dot file
1954 * is named by the JS_OPMETER_FILE envariable, and defaults to /tmp/ops.dot.
1955 *
1956 * Bonus feature: JS_OPMETER also enables counters for stack-addressing ops
1957 * such as JSOP_GETLOCAL, JSOP_INCARG, via METER_SLOT_OP. The resulting counts
1958 * are written to JS_OPMETER_HIST, defaulting to /tmp/ops.hist.
1959 */
1960 #ifndef JS_OPMETER
1964 #else
1966 /*
1967 * The second dimension is hardcoded at 256 because we know that many bits fit
1968 * in a byte, and mainly to optimize away multiplying by JSOP_LIMIT to address
1969 * any particular row.
1970 */
1971 # define METER_OP_INIT(op) ((op) = JSOP_STOP)
1972 # define METER_OP_PAIR(op1,op2) (js_MeterOpcodePair(op1, op2))
1973 # define METER_SLOT_OP(op,slot) (js_MeterSlotOpcode(op, slot))
1975 #endif
1977 #ifdef JS_REPRMETER
1978 # define METER_REPR(cx) (reprmeter::MeterRepr(cx))
1979 #else
1980 # define METER_REPR(cx) ((void) 0)
1983 /*
1984 * Threaded interpretation via computed goto appears to be well-supported by
1985 * GCC 3 and higher. IBM's C compiler when run with the right options (e.g.,
1986 * -qlanglvl=extended) also supports threading. Ditto the SunPro C compiler.
1987 * Currently it's broken for JS_VERSION < 160, though this isn't worth fixing.
1988 * Add your compiler support macros here.
1989 */
1990 #ifndef JS_THREADED_INTERP
1991 # if JS_VERSION >= 160 && ( \
1992 __GNUC__ >= 3 || \
1993 (__IBMC__ >= 700 && defined __IBM_COMPUTED_GOTO) || \
1994 __SUNPRO_C >= 0x570)
1995 # define JS_THREADED_INTERP 1
1996 # else
1997 # define JS_THREADED_INTERP 0
1998 # endif
1999 #endif
2001 /*
2002 * Deadlocks or else bad races are likely if JS_THREADSAFE, so we must rely on
2003 * single-thread DEBUG js shell testing to verify property cache hits.
2004 */
2005 #if defined DEBUG && !defined JS_THREADSAFE
2007 # define ASSERT_VALID_PROPERTY_CACHE_HIT(pcoff,obj,pobj,entry) \
2008 JS_BEGIN_MACRO \
2009 if (!AssertValidPropertyCacheHit(cx, script, regs, pcoff, obj, pobj, \
2010 entry)) { \
2011 goto error; \
2012 } \
2013 JS_END_MACRO
2015 static bool
2019 {
2025 else
2030 JSBool ok;
2037 }
2054 Value v;
2066 }
2067 }
2070 }
2072 #else
2073 # define ASSERT_VALID_PROPERTY_CACHE_HIT(pcoff,obj,pobj,entry) ((void) 0)
2074 #endif
2076 /*
2077 * Ensure that the intrepreter switch can close call-bytecode cases in the
2078 * same way as non-call bytecodes.
2079 */
2088 /*
2089 * Same for debuggable flat closures defined at top level in another function
2090 * or program fragment.
2091 */
2094 /*
2095 * Same for JSOP_SETNAME and JSOP_SETPROP, which differ only slightly but
2096 * remain distinct for the decompiler. Likewise for JSOP_INIT{PROP,METHOD}.
2097 */
2102 /* See TRY_BRANCH_AFTER_COND. */
2106 /* For the fastest case inder JSOP_INCNAME, etc. */
2111 #ifdef JS_TRACER
2112 # define ABORT_RECORDING(cx, reason) \
2113 JS_BEGIN_MACRO \
2114 if (TRACE_RECORDER(cx)) \
2115 AbortRecording(cx, reason); \
2116 JS_END_MACRO
2117 #else
2118 # define ABORT_RECORDING(cx, reason) ((void) 0)
2119 #endif
2121 /*
2122 * Inline fast paths for iteration. js_IteratorMore and js_IteratorNext handle
2123 * all cases, but we inline the most frequently taken paths here.
2124 */
2127 {
2133 }
2134 }
2139 }
2143 {
2153 }
2154 /* Take the slow path if we have to stringify a numeric property name. */
2155 }
2156 }
2158 }
2162 {
2168 }
2176 }
2179 }
2183 JS_REQUIRES_STACK JS_NEVER_INLINE bool
2184 Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInterpMode interpMode)
2185 {
2186 #ifdef MOZ_TRACEVIS
2188 #endif
2191 # ifdef DEBUG
2192 /*
2193 * We call this macro from BEGIN_CASE in threaded interpreters,
2194 * and before entering the switch in non-threaded interpreters.
2195 * However, reaching such points doesn't mean we've actually
2196 * fetched an OP from the instruction stream: some opcodes use
2197 * 'op=x; DO_OP()' to let another opcode's implementation finish
2198 * their work, and many opcodes share entry points with a run of
2199 * consecutive BEGIN_CASEs.
2200 *
2201 * Take care to trace OP only when it is the opcode fetched from
2202 * the instruction stream, so the trace matches what one would
2203 * expect from looking at the code. (We do omit POPs after SETs;
2204 * unfortunate, but not worth fixing.)
2205 */
2206 # define LOG_OPCODE(OP) JS_BEGIN_MACRO \
2207 if (JS_UNLIKELY(cx->logfp != NULL) && \
2208 (OP) == *regs.pc) \
2209 js_LogOpcode(cx); \
2210 JS_END_MACRO
2211 # else
2212 # define LOG_OPCODE(OP) ((void) 0)
2213 # endif
2215 /*
2216 * Macros for threaded interpreter loop
2217 */
2218 #if JS_THREADED_INTERP
2220 # define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
2221 JS_EXTENSION &&L_##op,
2223 # undef OPDEF
2224 };
2227 # define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
2228 JS_EXTENSION &&interrupt,
2230 # undef OPDEF
2231 };
2237 # define ENABLE_INTERRUPTS() ((void) (jumpTable = interruptJumpTable))
2239 # ifdef JS_TRACER
2240 # define CHECK_RECORDER() \
2241 JS_ASSERT_IF(TRACE_RECORDER(cx), jumpTable == interruptJumpTable)
2242 # else
2243 # define CHECK_RECORDER() ((void)0)
2244 # endif
2246 # define DO_OP() JS_BEGIN_MACRO \
2247 CHECK_RECORDER(); \
2248 JS_EXTENSION_(goto *jumpTable[op]); \
2249 JS_END_MACRO
2250 # define DO_NEXT_OP(n) JS_BEGIN_MACRO \
2251 METER_OP_PAIR(op, JSOp(regs.pc[n])); \
2252 op = (JSOp) *(regs.pc += (n)); \
2253 METER_REPR(cx); \
2254 DO_OP(); \
2255 JS_END_MACRO
2257 # define BEGIN_CASE(OP) L_##OP: LOG_OPCODE(OP); CHECK_RECORDER();
2258 # define END_CASE(OP) DO_NEXT_OP(OP##_LENGTH);
2259 # define END_VARLEN_CASE DO_NEXT_OP(len);
2260 # define ADD_EMPTY_CASE(OP) BEGIN_CASE(OP) \
2261 JS_ASSERT(js_CodeSpec[OP].length == 1); \
2262 op = (JSOp) *++regs.pc; \
2263 DO_OP();
2265 # define END_EMPTY_CASES
2270 intN switchOp;
2272 # define ENABLE_INTERRUPTS() ((void) (switchMask = -1))
2274 # ifdef JS_TRACER
2275 # define CHECK_RECORDER() \
2276 JS_ASSERT_IF(TRACE_RECORDER(cx), switchMask == -1)
2277 # else
2278 # define CHECK_RECORDER() ((void)0)
2279 # endif
2281 # define DO_OP() goto do_op
2282 # define DO_NEXT_OP(n) JS_BEGIN_MACRO \
2283 JS_ASSERT((n) == len); \
2284 goto advance_pc; \
2285 JS_END_MACRO
2287 # define BEGIN_CASE(OP) case OP: CHECK_RECORDER();
2288 # define END_CASE(OP) END_CASE_LEN(OP##_LENGTH)
2289 # define END_CASE_LEN(n) END_CASE_LENX(n)
2290 # define END_CASE_LENX(n) END_CASE_LEN##n
2292 /*
2293 * To share the code for all len == 1 cases we use the specialized label with
2294 * code that falls through to advance_pc: .
2295 */
2296 # define END_CASE_LEN1 goto advance_pc_by_one;
2297 # define END_CASE_LEN2 len = 2; goto advance_pc;
2298 # define END_CASE_LEN3 len = 3; goto advance_pc;
2299 # define END_CASE_LEN4 len = 4; goto advance_pc;
2300 # define END_CASE_LEN5 len = 5; goto advance_pc;
2301 # define END_VARLEN_CASE goto advance_pc;
2302 # define ADD_EMPTY_CASE(OP) BEGIN_CASE(OP)
2303 # define END_EMPTY_CASES goto advance_pc_by_one;
2307 #define LOAD_ATOM(PCOFF, atom) \
2308 JS_BEGIN_MACRO \
2309 JS_ASSERT(regs.fp->hasImacropc() \
2310 ? atoms == COMMON_ATOMS_START(&rt->atomState) && \
2311 GET_INDEX(regs.pc + PCOFF) < js_common_atom_count \
2312 : (size_t)(atoms - script->atomMap.vector) < \
2313 (size_t)(script->atomMap.length - \
2314 GET_INDEX(regs.pc + PCOFF))); \
2315 atom = atoms[GET_INDEX(regs.pc + PCOFF)]; \
2316 JS_END_MACRO
2318 #define GET_FULL_INDEX(PCOFF) \
2319 (atoms - script->atomMap.vector + GET_INDEX(regs.pc + (PCOFF)))
2321 #define LOAD_OBJECT(PCOFF, obj) \
2322 (obj = script->getObject(GET_FULL_INDEX(PCOFF)))
2324 #define LOAD_FUNCTION(PCOFF) \
2325 (fun = script->getFunction(GET_FULL_INDEX(PCOFF)))
2327 #define LOAD_DOUBLE(PCOFF, dbl) \
2328 (dbl = script->getConst(GET_FULL_INDEX(PCOFF)).toDouble())
2330 #ifdef JS_METHODJIT
2332 #else
2334 #endif
2336 #ifdef JS_METHODJIT
2338 #define MONITOR_BRANCH_METHODJIT() \
2339 JS_BEGIN_MACRO \
2340 mjit::CompileStatus status = \
2341 mjit::CanMethodJITAtBranch(cx, script, regs.fp, regs.pc); \
2342 if (status == mjit::Compile_Error) \
2343 goto error; \
2344 if (status == mjit::Compile_Okay) { \
2345 void *ncode = \
2346 script->nativeCodeForPC(regs.fp->isConstructing(), regs.pc); \
2347 interpReturnOK = mjit::JaegerShotAtSafePoint(cx, ncode); \
2348 if (inlineCallCount) \
2349 goto jit_return; \
2350 goto leave_on_safe_point; \
2351 } \
2352 if (status == mjit::Compile_Abort) { \
2353 useMethodJIT = false; \
2354 } \
2355 JS_END_MACRO
2357 #else
2359 #define MONITOR_BRANCH_METHODJIT() ((void) 0)
2361 #endif
2363 #ifdef JS_TRACER
2365 #ifdef MOZ_TRACEVIS
2366 #if JS_THREADED_INTERP
2367 #define MONITOR_BRANCH_TRACEVIS \
2368 JS_BEGIN_MACRO \
2369 if (jumpTable != interruptJumpTable) \
2370 EnterTraceVisState(cx, S_RECORD, R_NONE); \
2371 JS_END_MACRO
2373 #define MONITOR_BRANCH_TRACEVIS \
2374 JS_BEGIN_MACRO \
2375 EnterTraceVisState(cx, S_RECORD, R_NONE); \
2376 JS_END_MACRO
2377 #endif
2378 #else
2379 #define MONITOR_BRANCH_TRACEVIS
2380 #endif
2382 #define RESTORE_INTERP_VARS() \
2383 JS_BEGIN_MACRO \
2384 script = regs.fp->script(); \
2385 argv = regs.fp->maybeFormalArgs(); \
2386 atoms = FrameAtomBase(cx, regs.fp); \
2387 JS_ASSERT(cx->regs == ®s); \
2388 if (cx->isExceptionPending()) \
2389 goto error; \
2390 JS_END_MACRO
2392 #define MONITOR_BRANCH() \
2393 JS_BEGIN_MACRO \
2394 if (TRACING_ENABLED(cx)) { \
2395 if (!TRACE_RECORDER(cx) && !TRACE_PROFILER(cx) && useMethodJIT) { \
2396 MONITOR_BRANCH_METHODJIT(); \
2397 } else { \
2398 MonitorResult r = MonitorLoopEdge(cx, inlineCallCount, interpMode); \
2399 if (r == MONITOR_RECORDING) { \
2400 JS_ASSERT(TRACE_RECORDER(cx)); \
2401 JS_ASSERT(!TRACE_PROFILER(cx)); \
2402 MONITOR_BRANCH_TRACEVIS; \
2403 ENABLE_INTERRUPTS(); \
2404 CLEAR_LEAVE_ON_TRACE_POINT(); \
2405 } \
2406 RESTORE_INTERP_VARS(); \
2407 JS_ASSERT_IF(cx->isExceptionPending(), r == MONITOR_ERROR); \
2408 if (r == MONITOR_ERROR) \
2409 goto error; \
2410 } \
2411 } else { \
2412 MONITOR_BRANCH_METHODJIT(); \
2413 } \
2414 JS_END_MACRO
2418 #define MONITOR_BRANCH() \
2419 JS_BEGIN_MACRO \
2420 MONITOR_BRANCH_METHODJIT(); \
2421 JS_END_MACRO
2425 /*
2426 * Prepare to call a user-supplied branch handler, and abort the script
2427 * if it returns false.
2428 */
2429 #define CHECK_BRANCH() \
2430 JS_BEGIN_MACRO \
2431 if (JS_THREAD_DATA(cx)->interruptFlags && !js_HandleExecutionInterrupt(cx)) \
2432 goto error; \
2433 JS_END_MACRO
2435 #if defined(JS_TRACER) && defined(JS_METHODJIT)
2436 # define LEAVE_ON_SAFE_POINT() \
2437 do { \
2438 JS_ASSERT_IF(leaveOnSafePoint, !TRACE_RECORDER(cx)); \
2439 JS_ASSERT_IF(leaveOnSafePoint, !TRACE_PROFILER(cx)); \
2440 JS_ASSERT_IF(leaveOnSafePoint, interpMode != JSINTERP_NORMAL); \
2441 if (leaveOnSafePoint && !regs.fp->hasImacropc() && \
2442 script->maybeNativeCodeForPC(regs.fp->isConstructing(), regs.pc)) { \
2443 JS_ASSERT(!TRACE_RECORDER(cx)); \
2444 interpReturnOK = true; \
2445 goto leave_on_safe_point; \
2446 } \
2447 } while (0)
2448 #else
2450 #endif
2452 #define BRANCH(n) \
2453 JS_BEGIN_MACRO \
2454 regs.pc += (n); \
2455 op = (JSOp) *regs.pc; \
2456 if ((n) <= 0) { \
2457 CHECK_BRANCH(); \
2458 if (op == JSOP_NOTRACE) { \
2459 if (TRACE_RECORDER(cx) || TRACE_PROFILER(cx)) { \
2460 MONITOR_BRANCH(); \
2461 op = (JSOp) *regs.pc; \
2462 } \
2463 } else if (op == JSOP_TRACE) { \
2464 MONITOR_BRANCH(); \
2465 op = (JSOp) *regs.pc; \
2466 } \
2467 } \
2468 LEAVE_ON_SAFE_POINT(); \
2469 DO_OP(); \
2470 JS_END_MACRO
2472 #define CHECK_INTERRUPT_HANDLER() \
2473 JS_BEGIN_MACRO \
2474 if (cx->debugHooks->interruptHook) \
2475 ENABLE_INTERRUPTS(); \
2476 JS_END_MACRO
2480 /* Repoint cx->regs to a local variable for faster access. */
2489 }
2495 }
2498 /* Copy in hot values that change infrequently. */
2504 #if defined(JS_TRACER) && defined(JS_METHODJIT)
2506 # define CLEAR_LEAVE_ON_TRACE_POINT() ((void) (leaveOnSafePoint = false))
2507 #else
2508 # define CLEAR_LEAVE_ON_TRACE_POINT() ((void) 0)
2509 #endif
2514 /*
2515 * Initialize the index segment register used by LOAD_ATOM and
2516 * GET_FULL_INDEX macros below. As a register we use a pointer based on
2517 * the atom map to turn frequently executed LOAD_ATOM into simple array
2518 * access. For less frequent object and regexp loads we have to recover
2519 * the segment from atoms pointer first.
2520 */
2523 #if JS_HAS_GENERATORS
2529 /*
2530 * To support generator_throw and to catch ignored exceptions,
2531 * fail if cx->isExceptionPending() is true.
2532 */
2535 }
2536 #endif
2538 #ifdef JS_TRACER
2539 /*
2540 * The method JIT may have already initiated a recording, in which case
2541 * there should already be a valid recorder. Otherwise...
2542 * we cannot reenter the interpreter while recording.
2543 */
2552 }
2556 #endif
2558 /* Don't call the script prologue if executing between Method and Trace JIT. */
2563 }
2567 /* State communicated between non-local jumps: */
2568 JSBool interpReturnOK;
2571 /*
2572 * It is important that "op" be initialized before calling DO_OP because
2573 * it is possible for "op" to be specially assigned during the normal
2574 * processing of an opcode while looping. We rely on DO_NEXT_OP to manage
2575 * "op" correctly in all other cases.
2576 */
2577 JSOp op;
2578 jsint len;
2581 /* Check for too deep of a native thread stack. */
2582 #ifdef JS_TRACER
2583 #ifdef JS_METHODJIT
2591 #else
2597 #endif
2598 #else
2600 #endif
2602 #if JS_THREADED_INTERP
2604 #else
2606 #endif
2608 #if JS_THREADED_INTERP
2609 /*
2610 * This is a loop, but it does not look like a loop. The loop-closing
2611 * jump is distributed throughout goto *jumpTable[op] inside of DO_OP.
2612 * When interrupts are enabled, jumpTable is set to interruptJumpTable
2613 * where all jumps point to the interrupt label. The latter, after
2614 * calling the interrupt handler, dispatches through normalJumpTable to
2615 * continue the normal bytecode processing.
2616 */
2620 advance_pc_by_one:
2623 advance_pc:
2627 do_op:
2631 do_switch:
2633 #endif
2635 #if JS_THREADED_INTERP
2636 interrupt:
2641 {
2645 #ifdef JS_TRACER
2648 #ifdef JS_METHODJIT
2651 #endif
2652 #endif
2653 Value rval;
2668 }
2670 }
2672 #ifdef JS_TRACER
2673 #ifdef JS_METHODJIT
2683 }
2688 }
2689 }
2690 #endif
2703 #ifdef JS_METHODJIT
2706 #endif
2710 }
2711 }
2726 // The code at 'error:' aborts the recording.
2732 /* A 'stop' error should have already aborted recording. */
2735 }
2736 }
2739 #if JS_THREADED_INTERP
2740 #ifdef MOZ_TRACEVIS
2743 #endif
2746 #else
2750 #endif
2751 }
2753 /* No-ops for ease of decompilation. */
2757 #if JS_HAS_XML_SUPPORT
2760 #endif
2762 END_EMPTY_CASES
2769 /* ADD_EMPTY_CASE is not used here as JSOP_LINENO_LENGTH == 3. */
2785 {
2787 #ifdef DEBUG
2804 }
2805 #endif
2806 }
2818 /*
2819 * We must ensure that different "with" blocks have different stack depth
2820 * associated with them. This allows the try handler search to properly
2821 * recover the scope chain. Thus we must keep the stack at least at the
2822 * current level.
2823 *
2824 * We set sp[-1] to the current "with" object to help asserting the
2825 * enter/leave balance in [leavewith].
2826 */
2838 /* FALL THROUGH */
2842 {
2843 /*
2844 * When the inlined frame exits with an exception or an error, ok will be
2845 * false after the inline_return label.
2846 */
2849 #ifdef JS_TRACER
2851 /*
2852 * If we are at the end of an imacro, return to its caller in the
2853 * current frame.
2854 */
2864 }
2865 #endif
2869 inline_return:
2870 {
2875 /* The JIT inlines ScriptEpilogue. */
2876 jit_return:
2881 /* Sync interpreter registers. */
2886 /* Resume execution in the calling frame. */
2888 inlineCallCount--;
2895 }
2899 }
2902 }
2906 /* FALL THROUGH */
2908 {
2911 }
2915 {
2922 }
2923 }
2927 {
2934 }
2935 }
2939 {
2947 }
2948 }
2952 {
2960 }
2961 }
2966 /* FALL THROUGH */
2968 {
2971 }
2975 {
2982 }
2983 }
2987 {
2994 }
2995 }
2999 {
3007 }
3008 }
3012 {
3020 }
3021 }
3024 /*
3025 * If the index value at sp[n] is not an int that fits in a jsval, it could
3026 * be an object (an XML QName, AttributeName, or AnyName), but only if we are
3027 * compiling with JS_HAS_XML_SUPPORT. Otherwise convert the index value to a
3028 * string atom id.
3029 */
3030 #define FETCH_ELEMENT_ID(obj, n, id) \
3031 JS_BEGIN_MACRO \
3032 const Value &idval_ = regs.sp[n]; \
3033 int32_t i_; \
3034 if (ValueFitsInInt32(idval_, &i_) && INT_FITS_IN_JSID(i_)) { \
3035 id = INT_TO_JSID(i_); \
3036 } else { \
3037 if (!js_InternNonIntElementId(cx, obj, idval_, &id, ®s.sp[n])) \
3038 goto error; \
3039 } \
3040 JS_END_MACRO
3042 #define TRY_BRANCH_AFTER_COND(cond,spdec) \
3043 JS_BEGIN_MACRO \
3044 JS_ASSERT(js_CodeSpec[op].length == 1); \
3045 uintN diff_ = (uintN) regs.pc[1] - (uintN) JSOP_IFEQ; \
3046 if (diff_ <= 1) { \
3047 regs.sp -= spdec; \
3048 if (cond == (diff_ != 0)) { \
3049 ++regs.pc; \
3050 len = GET_JUMP_OFFSET(regs.pc); \
3051 BRANCH(len); \
3052 } \
3053 len = 1 + JSOP_IFEQ_LENGTH; \
3054 DO_NEXT_OP(len); \
3055 } \
3056 JS_END_MACRO
3059 {
3064 }
3066 jsid id;
3076 }
3080 {
3087 }
3091 {
3100 }
3104 {
3110 }
3114 {
3121 }
3125 {
3132 }
3137 {
3147 {
3154 }
3155 }
3159 {
3166 {
3173 }
3175 }
3179 /*
3180 * JSOP_FORELEM simply dups the property identifier at top of stack and
3181 * lets the subsequent JSOP_ENUMELEM opcode sequence handle the left-hand
3182 * side expression evaluation and assignment. This opcode exists solely to
3183 * help the decompiler.
3184 */
3193 {
3197 }
3201 {
3207 }
3211 {
3216 }
3220 {
3226 }
3229 #define NATIVE_GET(cx,obj,pobj,shape,getHow,vp) \
3230 JS_BEGIN_MACRO \
3231 if (shape->isDataDescriptor() && shape->hasDefaultGetter()) { \
3233 JS_ASSERT((shape)->slot != SHAPE_INVALID_SLOT || \
3234 !shape->hasDefaultSetter()); \
3235 if (((shape)->slot != SHAPE_INVALID_SLOT)) \
3236 *(vp) = (pobj)->nativeGetSlot((shape)->slot); \
3237 else \
3238 (vp)->setUndefined(); \
3239 } else { \
3240 if (!js_NativeGet(cx, obj, pobj, shape, getHow, vp)) \
3241 goto error; \
3242 } \
3243 JS_END_MACRO
3245 #define NATIVE_SET(cx,obj,shape,entry,strict,vp) \
3246 JS_BEGIN_MACRO \
3247 if (shape->hasDefaultSetter() && \
3248 (shape)->slot != SHAPE_INVALID_SLOT && \
3249 !(obj)->brandedOrHasMethodBarrier()) { \
3251 (obj)->nativeSetSlot((shape)->slot, *vp); \
3252 } else { \
3253 if (!js_NativeSet(cx, obj, shape, false, strict, vp)) \
3254 goto error; \
3255 } \
3256 JS_END_MACRO
3258 /*
3259 * Skip the JSOP_POP typically found after a JSOP_SET* opcode, where oplen is
3260 * the constant length of the SET opcode sequence, and spdec is the constant
3261 * by which to decrease the stack pointer to pop all of the SET op's operands.
3262 *
3263 * NB: unlike macros that could conceivably be replaced by functions (ignoring
3264 * goto error), where a call should not have to be braced in order to expand
3265 * correctly (e.g., in if (cond) FOO(); else BAR()), these three macros lack
3266 * JS_{BEGIN,END}_MACRO brackets. They are also indented so as to align with
3267 * nearby opcode code.
3268 */
3269 #define SKIP_POP_AFTER_SET(oplen,spdec) \
3270 if (regs.pc[oplen] == JSOP_POP) { \
3271 regs.sp -= spdec; \
3272 regs.pc += oplen + JSOP_POP_LENGTH; \
3273 op = (JSOp) *regs.pc; \
3274 DO_OP(); \
3275 }
3277 #define END_SET_CASE(OP) \
3278 SKIP_POP_AFTER_SET(OP##_LENGTH, 1); \
3279 END_CASE(OP)
3281 #define END_SET_CASE_STORE_RVAL(OP,spdec) \
3282 SKIP_POP_AFTER_SET(OP##_LENGTH, spdec); \
3283 { \
3284 Value *newsp = regs.sp - ((spdec) - 1); \
3285 newsp[-1] = regs.sp[-1]; \
3286 regs.sp = newsp; \
3287 } \
3288 END_CASE(OP)
3291 {
3300 }
3301 }
3304 #if JS_HAS_DESTRUCTURING
3306 {
3310 jsid id;
3316 }
3318 }
3320 #endif
3327 {
3330 /*
3331 * We can skip the property lookup for the global object. If the
3332 * property does not exist anywhere on the scope chain, JSOP_SETNAME
3333 * adds the property to the global.
3334 *
3335 * As a consequence of this optimization for the global object we run
3336 * its JSRESOLVE_ASSIGNING-tolerant resolve hooks only in JSOP_SETNAME,
3337 * after the interpreter evaluates the right- hand-side of the
3338 * assignment, and not here.
3339 *
3340 * This should be transparent to the hooks because the script, instead
3341 * of name = rhs, could have used global.name = rhs given a global
3342 * object reference, which also calls the hooks only after evaluating
3343 * the rhs. We desire such resolve hook equivalence between the two
3344 * forms.
3345 */
3357 }
3365 }
3373 #define BITWISE_OP(OP) \
3374 JS_BEGIN_MACRO \
3375 int32_t i, j; \
3376 if (!ValueToECMAInt32(cx, regs.sp[-2], &i)) \
3377 goto error; \
3378 if (!ValueToECMAInt32(cx, regs.sp[-1], &j)) \
3379 goto error; \
3380 i = i OP j; \
3381 regs.sp--; \
3382 regs.sp[-1].setInt32(i); \
3383 JS_END_MACRO
3397 #undef BITWISE_OP
3399 /*
3400 * NB: These macros can't use JS_BEGIN_MACRO/JS_END_MACRO around their bodies
3401 * because they begin if/else chains, so callers must not put semicolons after
3402 * the call expressions!
3403 */
3404 #if JS_HAS_XML_SUPPORT
3405 #define XML_EQUALITY_OP(OP) \
3406 if ((lval.isObject() && lval.toObject().isXML()) || \
3407 (rval.isObject() && rval.toObject().isXML())) { \
3408 if (!js_TestXMLEquality(cx, lval, rval, &cond)) \
3409 goto error; \
3410 cond = cond OP JS_TRUE; \
3411 } else
3412 #else
3414 #endif
3416 #define EQUALITY_OP(OP, IFNAN) \
3417 JS_BEGIN_MACRO \
3418 JSBool cond; \
3419 Value rval = regs.sp[-1]; \
3420 Value lval = regs.sp[-2]; \
3421 XML_EQUALITY_OP(OP) \
3422 if (SameType(lval, rval)) { \
3423 if (lval.isString()) { \
3424 JSString *l = lval.toString(), *r = rval.toString(); \
3425 JSBool equal; \
3426 if (!EqualStrings(cx, l, r, &equal)) \
3427 goto error; \
3428 cond = equal OP JS_TRUE; \
3429 } else if (lval.isDouble()) { \
3430 double l = lval.toDouble(), r = rval.toDouble(); \
3431 cond = JSDOUBLE_COMPARE(l, OP, r, IFNAN); \
3432 } else if (lval.isObject()) { \
3433 JSObject *l = &lval.toObject(), *r = &rval.toObject(); \
3434 l->assertSpecialEqualitySynced(); \
3435 if (EqualityOp eq = l->getClass()->ext.equality) { \
3436 if (!eq(cx, l, &rval, &cond)) \
3437 goto error; \
3438 cond = cond OP JS_TRUE; \
3439 } else { \
3440 cond = l OP r; \
3441 } \
3442 } else { \
3443 cond = lval.payloadAsRawUint32() OP rval.payloadAsRawUint32();\
3444 } \
3445 } else { \
3446 if (lval.isNullOrUndefined()) { \
3447 cond = rval.isNullOrUndefined() OP true; \
3448 } else if (rval.isNullOrUndefined()) { \
3449 cond = true OP false; \
3450 } else { \
3451 if (lval.isObject()) \
3452 DEFAULT_VALUE(cx, -2, JSTYPE_VOID, lval); \
3453 if (rval.isObject()) \
3454 DEFAULT_VALUE(cx, -1, JSTYPE_VOID, rval); \
3455 if (lval.isString() && rval.isString()) { \
3456 JSString *l = lval.toString(), *r = rval.toString(); \
3457 JSBool equal; \
3458 if (!EqualStrings(cx, l, r, &equal)) \
3459 goto error; \
3460 cond = equal OP JS_TRUE; \
3461 } else { \
3462 double l, r; \
3463 if (!ValueToNumber(cx, lval, &l) || \
3464 !ValueToNumber(cx, rval, &r)) { \
3465 goto error; \
3466 } \
3467 cond = JSDOUBLE_COMPARE(l, OP, r, IFNAN); \
3468 } \
3469 } \
3470 } \
3471 TRY_BRANCH_AFTER_COND(cond, 2); \
3472 regs.sp--; \
3473 regs.sp[-1].setBoolean(cond); \
3474 JS_END_MACRO
3484 #undef EQUALITY_OP
3485 #undef XML_EQUALITY_OP
3486 #undef EXTENDED_EQUALITY_OP
3488 #define STRICT_EQUALITY_OP(OP, COND) \
3489 JS_BEGIN_MACRO \
3490 const Value &rref = regs.sp[-1]; \
3491 const Value &lref = regs.sp[-2]; \
3492 JSBool equal; \
3493 if (!StrictlyEqual(cx, lref, rref, &equal)) \
3494 goto error; \
3495 COND = equal OP JS_TRUE; \
3496 regs.sp--; \
3497 JS_END_MACRO
3500 {
3504 }
3508 {
3512 }
3516 {
3523 }
3524 }
3528 {
3535 }
3536 }
3539 #undef STRICT_EQUALITY_OP
3541 #define RELATIONAL_OP(OP) \
3542 JS_BEGIN_MACRO \
3543 Value rval = regs.sp[-1]; \
3544 Value lval = regs.sp[-2]; \
3545 bool cond; \
3547 if (lval.isInt32() && rval.isInt32()) { \
3548 cond = lval.toInt32() OP rval.toInt32(); \
3549 } else { \
3550 if (lval.isObject()) \
3551 DEFAULT_VALUE(cx, -2, JSTYPE_NUMBER, lval); \
3552 if (rval.isObject()) \
3553 DEFAULT_VALUE(cx, -1, JSTYPE_NUMBER, rval); \
3554 if (lval.isString() && rval.isString()) { \
3555 JSString *l = lval.toString(), *r = rval.toString(); \
3556 int32 result; \
3557 if (!CompareStrings(cx, l, r, &result)) \
3558 goto error; \
3559 cond = result OP 0; \
3560 } else { \
3561 double l, r; \
3562 if (!ValueToNumber(cx, lval, &l) || \
3563 !ValueToNumber(cx, rval, &r)) { \
3564 goto error; \
3565 } \
3566 cond = JSDOUBLE_COMPARE(l, OP, r, false); \
3567 } \
3568 } \
3569 TRY_BRANCH_AFTER_COND(cond, 2); \
3570 regs.sp--; \
3571 regs.sp[-1].setBoolean(cond); \
3572 JS_END_MACRO
3590 #undef RELATIONAL_OP
3592 #define SIGNED_SHIFT_OP(OP) \
3593 JS_BEGIN_MACRO \
3594 int32_t i, j; \
3595 if (!ValueToECMAInt32(cx, regs.sp[-2], &i)) \
3596 goto error; \
3597 if (!ValueToECMAInt32(cx, regs.sp[-1], &j)) \
3598 goto error; \
3599 i = i OP (j & 31); \
3600 regs.sp--; \
3601 regs.sp[-1].setInt32(i); \
3602 JS_END_MACRO
3612 #undef SIGNED_SHIFT_OP
3615 {
3627 }
3631 {
3641 else
3644 #if JS_HAS_XML_SUPPORT
3651 #endif
3652 {
3667 }
3675 }
3688 }
3689 }
3690 }
3693 #define BINARY_OP(OP) \
3694 JS_BEGIN_MACRO \
3695 double d1, d2; \
3696 if (!ValueToNumber(cx, regs.sp[-2], &d1) || \
3697 !ValueToNumber(cx, regs.sp[-1], &d2)) { \
3698 goto error; \
3699 } \
3700 double d = d1 OP d2; \
3701 regs.sp--; \
3702 regs.sp[-1].setNumber(d); \
3703 JS_END_MACRO
3713 #undef BINARY_OP
3716 {
3721 }
3725 #ifdef XP_WIN
3726 /* XXX MSVC miscompiles such that (NaN == 0) */
3729 else
3730 #endif
3735 else
3741 }
3742 }
3746 {
3760 }
3767 }
3768 }
3769 }
3773 {
3778 }
3782 {
3788 }
3792 {
3793 /*
3794 * When the operand is int jsval, INT32_FITS_IN_JSVAL(i) implies
3795 * INT32_FITS_IN_JSVAL(-i) unless i is 0 or INT32_MIN when the
3796 * results, -0.0 or INT32_MAX + 1, are jsdouble values.
3797 */
3809 }
3810 }
3819 {
3828 /* Strict mode code should never contain JSOP_DELNAME opcodes. */
3831 /* ECMA says to return true if name is undefined or inherited. */
3836 }
3837 }
3841 {
3849 Value rval;
3854 }
3858 {
3859 /* Fetch the left part and resolve it to a non-null object. */
3863 /* Fetch index and convert it to id suitable for use with obj. */
3864 jsid id;
3867 /* Get or set the element. */
3872 }
3877 {
3882 }
3889 {
3892 jsid id;
3893 jsint i;
3900 /*
3901 * Delay fetching of id until we have the object to ensure the proper
3902 * evaluation order. See bug 372331.
3903 */
3916 fetch_incop_obj:
3930 {
3952 }
3953 }
3955 }
3964 }
3965 }
3967 do_incop:
3968 {
3969 /*
3970 * We need a root to store the value to leave on the stack until
3971 * we have done with obj->setProperty.
3972 */
3986 else
3994 /*
3995 * We must set regs.sp[-1] to tmp for both post and pre increments
3996 * as the setter overwrites regs.sp[-1].
3997 */
4000 /* We need an extra root for the result. */
4010 }
4013 /* regs.sp[-1] already contains the result of name increment. */
4017 }
4020 }
4021 }
4023 {
4025 uint32 slot;
4028 /* Position cases so the most frequent i++ does not need a jump. */
4038 do_arg_incop:
4054 /*
4055 * do_local_incop comes right before do_int_fast_incop as we want to
4056 * avoid an extra jump for variable cases as local++ is more frequent
4057 * than arg++.
4058 */
4059 do_local_incop:
4065 do_int_fast_incop:
4076 }
4080 }
4089 {
4097 }
4098 }
4101 {
4104 jsint i;
4114 {
4120 }
4123 {
4129 }
4135 do_getprop_body:
4138 do_getprop_with_lval:
4141 {
4142 Value rval;
4144 /*
4145 * We do not impose the method read barrier if in an imacro,
4146 * assuming any property gets it does (e.g., for 'toString'
4147 * from JSOP_NEW) will not be leaked to the calling script.
4148 */
4168 }
4170 }
4182 }
4189 }
4190 END_VARLEN_CASE
4208 }
4212 }
4215 }
4218 {
4221 Value objv;
4225 JSProtoKey protoKey;
4236 }
4241 }
4244 Value rval;
4261 }
4266 /*
4267 * Cache miss: use the immediate atom that was loaded for us under
4268 * PropertyCache::test.
4269 */
4270 jsid id;
4281 }
4291 }
4295 }
4296 }
4297 #if JS_HAS_NO_SUCH_METHOD
4303 }
4304 #endif
4305 }
4317 {
4330 /*
4331 * Probe the property cache, specializing for two important
4332 * set-property cases. First:
4333 *
4334 * function f(a, b, c) {
4335 * var o = {p:a, q:b, r:c};
4336 * return o;
4337 * }
4338 *
4339 * or similar real-world cases, which evolve a newborn native
4340 * object predicatably through some bounded number of property
4341 * additions. And second:
4342 *
4343 * o.p = x;
4344 *
4345 * in a frequently executed method or loop body, where p will
4346 * (possibly after the first iteration) always exist in native
4347 * object o.
4348 */
4353 /*
4354 * Property cache hit, only partially confirmed by testForSet. We
4355 * know that the entry applies to regs.pc and that obj's shape
4356 * matches.
4357 *
4358 * The entry predicts either a new property to be added directly to
4359 * obj by this set, or on an existing "own" property, or on a
4360 * prototype property that has a setter.
4361 */
4366 /*
4367 * Fastest path: check whether obj already has the cached shape and
4368 * call NATIVE_SET and break to get out of the do-while(0). But we
4369 * can call NATIVE_SET only for a direct or proto-setter hit.
4370 */
4374 {
4375 #ifdef DEBUG
4383 }
4384 #endif
4390 }
4397 }
4399 uint32 slot;
4406 /*
4407 * Fast path: adding a plain old property that was once at
4408 * the frontier of the property tree, whose slot is next to
4409 * claim among the already-allocated slots in obj, where
4410 * shape->table has not been created yet.
4411 */
4421 }
4423 /* Simply extend obj's property tree path with shape! */
4426 /*
4427 * No method change check here because here we are adding a
4428 * new property, not updating an existing slot's value that
4429 * might contain a method of a branded shape.
4430 */
4434 /*
4435 * Purge the property cache of the id we may have just
4436 * shadowed in obj's scope and proto chains.
4437 */
4440 }
4441 }
4447 }
4451 uintN defineHow;
4456 else
4464 }
4466 }
4470 {
4484 }
4485 }
4491 Value rval;
4492 jsid id;
4502 }
4512 }
4513 }
4514 }
4517 else
4524 intern_big_int:
4527 }
4528 }
4534 end_getelem:
4538 }
4542 {
4543 /* Find the object on which to look for |this|'s properties. */
4549 /* Fetch index and convert it to id suitable for use with obj. */
4550 jsid id;
4553 /* Get the method. */
4557 #if JS_HAS_NO_SUCH_METHOD
4559 /* For js_OnUnknownMethod, sp[-2] is the index, and sp[-1] is the object missing it. */
4565 #endif
4566 {
4568 }
4569 }
4573 {
4576 jsid id;
4578 Value rval;
4589 }
4592 }
4593 }
4598 end_setelem:;
4599 }
4603 {
4604 /* Funky: the value to set is under the [obj, id] pair. */
4607 jsid id;
4613 }
4619 uint32 flags;
4620 uintN argc;
4624 {
4625 /* Get immediate argc and find the constructor function. */
4630 /*
4631 * Assign lval, callee, and newfun exactly as the code at inline_call: expects to
4632 * find them, to avoid nesting a js_Interpret call via js_InvokeConstructor.
4633 */
4644 }
4648 }
4649 }
4657 end_new:;
4658 }
4662 {
4675 }
4681 {
4688 /* Clear frame flags since this is not a constructor call. */
4691 inline_call:
4692 {
4698 }
4700 /* Restrict recursion of lightweight functions. */
4704 }
4706 /* Get pointer to new frame/slots, prepare arguments. */
4713 /* Initialize frame, locals. */
4717 /* Officially push the frame. */
4720 /* Refresh interpreter locals. */
4726 /* Now that the new frame is rooted, maybe create a call object. */
4730 inlineCallCount++;
4737 #ifdef JS_METHODJIT
4738 /* Try to ensure methods are method JIT'd. */
4749 }
4750 #endif
4757 /* Load first op and dispatch it (safe since JSOP_STOP). */
4760 }
4770 }
4772 call_using_invoke:
4782 end_call:;
4783 }
4789 {
4792 }
4795 #define SLOW_PUSH_THISV(cx, obj) \
4796 JS_BEGIN_MACRO \
4797 Class *clasp; \
4798 JSObject *thisp = obj; \
4799 if (!thisp->getParent() || \
4800 (clasp = thisp->getClass()) == &js_CallClass || \
4801 clasp == &js_BlockClass || \
4802 clasp == &js_DeclEnvClass) { \
4807 PUSH_UNDEFINED(); \
4808 } else { \
4809 thisp = thisp->thisObject(cx); \
4810 if (!thisp) \
4811 goto error; \
4812 PUSH_OBJECT(*thisp); \
4813 } \
4814 JS_END_MACRO
4820 {
4824 Value rval;
4842 }
4844 /*
4845 * Push results, the same as below, but with a prop$ hit there
4846 * is no need to test for the unusual and uncacheable case where
4847 * the caller determines |this|.
4848 */
4849 #if DEBUG
4855 #endif
4860 }
4862 jsid id;
4868 /* Kludge to allow (typeof foo == "undefined") tests. */
4874 }
4877 }
4879 /* Take the slow path if prop was not found in a native object. */
4889 }
4893 /* obj must be on the scope chain, thus not a function. */
4896 }
4916 /*
4917 * Here atoms can exceed script->atomMap.length as we use atoms as a
4918 * segment register for object literals as well.
4919 */
4935 {
4940 }
4944 {
4948 }
4952 {
4956 }
4960 {
4961 /*
4962 * Push a regexp object cloned from the regexp literal object mapped by the
4963 * bytecode at pc. ES5 finally fixed this bad old ES3 design flaw which was
4964 * flouted by many browser-based implementations.
4965 *
4966 * We avoid the GetScopeChain call here and pass fp->scopeChain as
4967 * js_GetClassPrototype uses the latter only to locate the global.
4968 */
4978 }
5001 {
5003 {
5007 /*
5008 * ECMAv2+ forbids conversion of discriminant, so we will skip to the
5009 * default case if the discriminant isn't already an int jsval. (This
5010 * opcode is emitted only for dense jsint-domain switches.)
5011 */
5018 /* Don't use JSDOUBLE_IS_INT32; treat -0 (double) as 0. */
5021 }
5034 }
5035 }
5036 END_VARLEN_CASE
5037 }
5039 {
5041 {
5045 /*
5046 * ECMAv2+ forbids conversion of discriminant, so we will skip to the
5047 * default case if the discriminant isn't already an int jsval. (This
5048 * opcode is emitted only for dense jsint-domain switches.)
5049 */
5055 /* Treat -0 (double) as 0. */
5059 }
5072 }
5073 }
5074 END_VARLEN_CASE
5075 }
5077 {
5079 {
5080 jsint off;
5087 do_lookup_switch:
5088 /*
5089 * JSOP_LOOKUPSWITCH and JSOP_LOOKUPSWITCHX are never used if any atom
5090 * index in it would exceed 64K limit.
5091 */
5103 jsint npairs;
5109 #define SEARCH_PAIRS(MATCH_CODE) \
5110 for (;;) { \
5111 Value rval = script->getConst(GET_INDEX(pc2)); \
5112 MATCH_CODE \
5113 pc2 += INDEX_LEN; \
5114 if (match) \
5115 break; \
5116 pc2 += off; \
5117 if (--npairs == 0) { \
5118 pc2 = regs.pc; \
5119 break; \
5120 } \
5121 }
5132 )
5137 )
5141 )
5142 }
5143 #undef SEARCH_PAIRS
5145 end_lookup_switch:
5149 }
5150 END_VARLEN_CASE
5151 }
5154 {
5155 Value rval;
5169 }
5176 }
5179 {
5180 Value rval;
5184 }
5188 {
5190 Value rval;
5194 }
5198 {
5200 Value rval;
5204 }
5209 {
5216 }
5220 {
5225 }
5229 {
5233 }
5237 {
5242 }
5246 {
5250 }
5255 {
5260 /* Scope for tempPool mark and local names allocation in it. */
5263 jsid id;
5265 {
5276 }
5281 }
5283 /* Minimize footprint with generic code instead of NATIVE_GET. */
5291 }
5296 {
5305 }
5310 {
5318 }
5323 {
5333 /* Lookup id in order to check for redeclaration problems. */
5337 /*
5338 * Redundant declaration of a |var|, even one for a non-writable
5339 * property like |undefined| in ES5, does nothing.
5340 */
5352 /*
5353 * As attrs includes readonly, CheckRedeclaration can succeed only
5354 * if prop does not exist.
5355 */
5357 }
5359 /* Bind a variable only if it's not yet defined. */
5364 }
5365 }
5369 {
5370 /*
5371 * A top-level function defined in Global or Eval code (see ECMA-262
5372 * Ed. 3), or else a SpiderMonkey extension: a named function statement in
5373 * a compound statement (not at the top statement level of global code, or
5374 * at the top level of a function body).
5375 */
5382 /*
5383 * Even a null closure needs a parent for principals finding.
5384 * FIXME: bug 476950, although debugger users may also demand some kind
5385 * of scope link for debugger-assisted eval-in-frame.
5386 */
5394 }
5396 /*
5397 * If static link is not current scope, clone fun's object to link to the
5398 * current scope via parent. We do this to enable sharing of compiled
5399 * functions among multiple equivalent scopes, amortizing the cost of
5400 * compilation over a number of executions. Examples include XUL scripts
5401 * and event handlers shared among Firefox or other Mozilla app chrome
5402 * windows, and user-defined JS functions precompiled and then shared among
5403 * requests in server-side JS.
5404 */
5409 }
5411 /*
5412 * ECMA requires functions defined when entering Eval code to be
5413 * impermanent.
5414 */
5416 ? JSPROP_ENUMERATE
5419 /*
5420 * We define the function as a property of the variable object and not the
5421 * current scope chain even for the case of function expression statements
5422 * and functions defined by eval inside let or with blocks.
5423 */
5426 /* ES5 10.5 (NB: with subsequent errata). */
5436 /* Steps 5d, 5f. */
5441 }
5443 /* Step 5e. */
5451 }
5454 JSAutoByteString bytes;
5458 }
5460 }
5461 }
5463 /*
5464 * Non-global properties, and global properties which we aren't simply
5465 * redefining, must be set. First, this preserves their attributes.
5466 * Second, this will produce warnings and/or errors as necessary if the
5467 * specified Call object property is not writable (const).
5468 */
5470 /* Step 5f. */
5474 }
5479 {
5492 ? JSPROP_ENUMERATE
5505 }
5506 }
5510 {
5511 /*
5512 * Define a local function (i.e., one nested at the top level of another
5513 * function), parented by the current scope chain, stored in a local
5514 * variable slot that the compiler allocated. This is an optimization over
5515 * JSOP_DEFFUN that avoids requiring a call object for the outer function's
5516 * activation.
5517 */
5530 JSOP_DEFLOCALFUN_LENGTH);
5535 #ifdef JS_TRACER
5538 #endif
5542 }
5543 }
5549 }
5553 {
5565 }
5569 {
5579 }
5583 {
5584 /* Load the specified function object literal. */
5589 /* do-while(0) so we can break instead of using a goto. */
5599 /*
5600 * Optimize var obj = {method: function () { ... }, ...},
5601 * this.method = function () { ... }; and other significant
5602 * single-use-of-null-closure bytecode sequences.
5603 *
5604 * WARNING: code in TraceRecorder::record_JSOP_LAMBDA must
5605 * match the optimization cases in the following code that
5606 * break from the outer do-while(0).
5607 */
5609 #ifdef DEBUG
5614 #endif
5619 }
5622 #ifdef DEBUG
5625 #endif
5631 }
5634 /*
5635 * Array.prototype.sort and String.prototype.replace are
5636 * optimized as if they are special form. We know that they
5637 * won't leak the joined function object in obj, therefore
5638 * we don't need to clone that compiler- created function
5639 * object for identity/mutation reasons.
5640 */
5643 /*
5644 * Note that we have not yet pushed obj as the final argument,
5645 * so regs.sp[1 - (iargc + 2)], and not regs.sp[-(iargc + 2)],
5646 * is the callee for this JSOP_CALL.
5647 */
5657 }
5661 }
5662 }
5663 }
5671 }
5672 }
5673 }
5674 }
5676 #ifdef DEBUG
5678 // No locking, this is mainly for js shell testing.
5689 }
5690 }
5691 #endif
5696 }
5704 }
5708 {
5717 }
5721 {
5730 }
5740 {
5741 do_getter_setter:
5743 jsid id;
5744 Value rval;
5745 jsint i;
5760 {
5767 }
5772 gs_pop_lval:
5777 {
5785 }
5793 gs_get_lval:
5794 {
5799 }
5800 }
5802 /* Ensure that id has a type suitable for use with obj. */
5808 JSMSG_BAD_GETTER_OR_SETTER,
5810 ? js_getter_str
5813 }
5815 /*
5816 * Getters and setters are just like watchpoints from an access control
5817 * point of view.
5818 */
5819 Value rtmp;
5820 uintN attrs;
5824 PropertyOp getter;
5825 StrictPropertyOp setter;
5834 }
5837 /* Check for a readonly or permanent property of the same name. */
5849 }
5852 }
5859 {
5870 }
5877 }
5881 {
5889 }
5893 {
5904 }
5908 {
5909 /* FIXME remove JSOP_ENDINIT bug 588522 */
5912 }
5917 {
5918 /* Load the property's initial value into rval. */
5922 /* Load the object being initialized into lval/obj. */
5926 /*
5927 * Probe the property cache.
5928 *
5929 * On a hit, if the cached shape has a non-default setter, it must be
5930 * __proto__. If shape->previous() != obj->lastProperty(), there must be a
5931 * repeated property name. The fast path does not handle these two cases.
5932 */
5938 {
5939 /* Fast path. Property cache hit. */
5950 }
5952 /* A new object, or one we just extended in a recent initprop op. */
5957 /*
5958 * No method change check here because here we are adding a new
5959 * property, not updating an existing slot's value that might
5960 * contain a method of a branded shape.
5961 */
5967 /* Get the immediate property name into id. */
5979 defineHow))) {
5981 }
5982 }
5984 /* Common tail for property cache hit and miss cases. */
5986 }
5990 {
5991 /* Pop the element's value into rval. */
5995 /* Find the object being initialized at top of stack. */
6000 /* Fetch id now that we have obj. */
6001 jsid id;
6004 /*
6005 * If rref is a hole, do not call JSObject::defineProperty. In this case,
6006 * obj must be an array, so if the current op is the last element
6007 * initialiser, set the array length to one greater than id.
6008 */
6016 }
6020 }
6022 }
6025 #if JS_HAS_SHARP_VARS
6028 {
6041 }
6051 }
6054 }
6058 {
6063 Value rval;
6071 }
6079 }
6081 }
6085 {
6091 /*
6092 * We peek ahead safely here because empty initialisers get zero
6093 * JSOP_SHARPINIT ops, and non-empty ones get two: the first comes
6094 * immediately after JSOP_NEWINIT followed by one or more property
6095 * initialisers; and the second comes directly before JSOP_ENDINIT.
6096 */
6104 }
6106 }
6111 {
6117 END_VARLEN_CASE
6118 }
6120 {
6126 END_VARLEN_CASE
6127 }
6129 {
6131 /* Pop [exception or hole, retsub pc-index]. */
6137 /*
6138 * Exception was pending during finally, throw it *before* we adjust
6139 * pc, because pc indexes into script->trynotes. This turns out not to
6140 * be necessary, but it seems clearer. And it points out a FIXME:
6141 * 350509, due to Igor Bukanov.
6142 */
6145 }
6149 END_VARLEN_CASE
6150 }
6155 #if defined(JS_TRACER) && defined(JS_METHODJIT)
6159 }
6160 #endif
6169 {
6171 Value v;
6174 }
6178 {
6181 Value v;
6184 /* let the code at error try to catch the exception. */
6186 }
6188 {
6189 /*
6190 * The stack must have a block with at least one local slot below the
6191 * exception object.
6192 */
6197 }
6201 /*
6202 * If the top of stack is of primitive type, jump to our target. Otherwise
6203 * advance to the next opcode.
6204 */
6209 }
6219 }
6226 }
6230 {
6235 }
6243 }
6247 {
6250 Value rval;
6264 }
6266 }
6267 }
6270 #if JS_HAS_XML_SUPPORT
6272 {
6276 }
6280 {
6281 jsid id;
6285 }
6289 {
6293 }
6297 {
6306 }
6310 {
6318 }
6322 {
6323 Value rval;
6328 }
6332 {
6333 Value rval;
6340 }
6345 {
6355 }
6359 {
6360 Value lval;
6363 jsid id;
6368 }
6372 {
6375 jsid id;
6382 }
6387 {
6390 jsid id;
6393 Value rval;
6399 }
6404 {
6416 }
6420 }
6423 {
6425 /*
6426 * We push the hole value before jumping to [enditer] so we can detect the
6427 * first iteration and direct js_StepXMLListFilter to initialize filter's
6428 * state.
6429 */
6433 END_VARLEN_CASE
6434 }
6437 {
6440 /* Exit the "with" block left from the previous iteration. */
6442 }
6446 /*
6447 * Decrease sp after EnterWith returns as we use sp[-1] there to root
6448 * temporaries.
6449 */
6457 }
6459 }
6463 {
6469 }
6473 {
6479 }
6483 {
6489 }
6493 {
6502 }
6506 }
6510 {
6518 }
6522 {
6530 }
6534 {
6544 }
6548 {
6549 Value rval;
6553 }
6558 {
6569 #ifdef DEBUG
6570 /*
6571 * The young end of fp->scopeChain may omit blocks if we haven't closed
6572 * over them, but if there are any closure blocks on fp->scopeChain, they'd
6573 * better be (clones of) ancestors of the block we're entering now;
6574 * anything else we should have popped off fp->scopeChain when we left its
6575 * static scope.
6576 */
6588 }
6589 #endif
6590 }
6595 {
6598 #ifdef DEBUG
6602 #endif
6603 /*
6604 * If we're about to leave the dynamic scope of a block that has been
6605 * cloned onto fp->scopeChain, clear its private data, move its locals from
6606 * the stack into the clone, and pop it off the chain.
6607 */
6613 }
6615 /* Move the result of the expression to the new topmost stack slot. */
6625 }
6626 }
6629 #if JS_HAS_GENERATORS
6631 {
6643 }
6652 }
6660 {
6668 }
6672 #if JS_THREADED_INTERP
6673 L_JSOP_BACKPATCH:
6674 L_JSOP_BACKPATCH_POP:
6676 # if !JS_HAS_GENERATORS
6677 L_JSOP_GENERATOR:
6678 L_JSOP_YIELD:
6679 L_JSOP_ARRAYPUSH:
6680 # endif
6682 # if !JS_HAS_SHARP_VARS
6683 L_JSOP_DEFSHARP:
6684 L_JSOP_USESHARP:
6685 L_JSOP_SHARPINIT:
6686 # endif
6688 # if !JS_HAS_DESTRUCTURING
6689 L_JSOP_ENUMCONSTELEM:
6690 # endif
6692 # if !JS_HAS_XML_SUPPORT
6693 L_JSOP_CALLXMLNAME:
6694 L_JSOP_STARTXMLEXPR:
6695 L_JSOP_STARTXML:
6696 L_JSOP_DELDESC:
6697 L_JSOP_GETFUNNS:
6698 L_JSOP_XMLPI:
6699 L_JSOP_XMLCOMMENT:
6700 L_JSOP_XMLCDATA:
6701 L_JSOP_XMLELTEXPR:
6702 L_JSOP_XMLTAGEXPR:
6703 L_JSOP_TOXMLLIST:
6704 L_JSOP_TOXML:
6705 L_JSOP_ENDFILTER:
6706 L_JSOP_FILTER:
6707 L_JSOP_DESCENDANTS:
6708 L_JSOP_XMLNAME:
6709 L_JSOP_SETXMLNAME:
6710 L_JSOP_BINDXMLNAME:
6711 L_JSOP_ADDATTRVAL:
6712 L_JSOP_ADDATTRNAME:
6713 L_JSOP_TOATTRVAL:
6714 L_JSOP_TOATTRNAME:
6715 L_JSOP_QNAME:
6716 L_JSOP_QNAMECONST:
6717 L_JSOP_QNAMEPART:
6718 L_JSOP_ANYNAME:
6719 L_JSOP_DEFXMLNS:
6720 # endif
6723 #if !JS_THREADED_INTERP
6725 #endif
6726 {
6732 }
6734 #if !JS_THREADED_INTERP
6739 error:
6741 #ifdef JS_TRACER
6743 // Handle exceptions as if they came from the imacro-calling pc.
6746 }
6747 #endif
6752 #ifdef JS_TRACER
6753 /*
6754 * This abort could be weakened to permit tracing through exceptions that
6755 * are thrown and caught within a loop, with the co-operation of the tracer.
6756 * For now just bail on any sign of trouble.
6757 */
6760 # ifdef JS_METHODJIT
6763 # endif
6764 #endif
6767 /* This is an error, not a catchable exception, quit the frame ASAP. */
6770 JSThrowHook handler;
6772 uint32 offset;
6774 /* Restore atoms local in case we will resume. */
6777 /* Call debugger throw hook if set. */
6780 Value rval;
6795 }
6797 }
6799 /*
6800 * Look for a try block in script that can catch this exception.
6801 */
6812 /*
6813 * We have a note that covers the exception pc but we must check
6814 * whether the interpreter has already executed the corresponding
6815 * handler. This is possible when the executed bytecode
6816 * implements break or return from inside a for-in loop.
6817 *
6818 * In this case the emitter generates additional [enditer] and
6819 * [gosub] opcodes to close all outstanding iterators and execute
6820 * the finally blocks. If such an [enditer] throws an exception,
6821 * its pc can still be inside several nested for-in loops and
6822 * try-finally statements even if we have already closed the
6823 * corresponding iterators and invoked the finally blocks.
6824 *
6825 * To address this, we make [enditer] always decrease the stack
6826 * even when its implementation throws an exception. Thus already
6827 * executed [enditer] and [gosub] opcodes will have try notes
6828 * with the stack depth exceeding the current one and this
6829 * condition is what we use to filter them out.
6830 */
6834 /*
6835 * Set pc to the first bytecode after the the try note to point
6836 * to the beginning of catch or finally or to [enditer] closing
6837 * the for-in loop.
6838 */
6844 /*
6845 * Restart the handler search with updated pc and stack depth
6846 * to properly notify the debugger.
6847 */
6849 }
6853 #if JS_HAS_GENERATORS
6854 /* Catch cannot intercept the closing of a generator. */
6857 #endif
6859 /*
6860 * Don't clear exceptions to save cx->exception from GC
6861 * until it is pushed to the stack via [exception] in the
6862 * catch block.
6863 */
6868 /*
6869 * Push (true, exception) pair for finally to indicate that
6870 * [retsub] should rethrow the exception.
6871 */
6879 /* This is similar to JSOP_ENDITER in the interpreter loop. */
6888 }
6889 }
6892 no_catch:
6893 /*
6894 * Propagate the exception or error to the caller unless the exception
6895 * is an asynchronous return from a generator.
6896 */
6898 #if JS_HAS_GENERATORS
6904 }
6905 #endif
6906 }
6908 forced_return:
6909 /*
6910 * Unwind the scope making sure that interpReturnOK stays false even when
6911 * js_UnwindScope returns true.
6912 *
6913 * When a trap handler returns JSTRAP_RETURN, we jump here with
6914 * interpReturnOK set to true bypassing any finally blocks.
6915 */
6919 #ifdef DEBUG
6921 #endif
6926 exit:
6930 /*
6931 * At this point we are inevitably leaving an interpreted function or a
6932 * top-level script, and returning to one of:
6933 * (a) an "out of line" call made through js_Invoke;
6934 * (b) a js_Execute activation;
6935 * (c) a generator (SendToGenerator, jsiter.c).
6936 *
6937 * We must not be in an inline frame. The check above ensures that for the
6938 * error case and for a normal return, the code jumps directly to parent's
6939 * frame pc.
6940 */
6943 #ifdef JS_TRACER
6947 # ifdef JS_METHODJIT
6950 # endif
6951 #endif
6953 JS_ASSERT_IF(!regs.fp->isGeneratorFrame(), !js_IsActiveWithOrBlock(cx, ®s.fp->scopeChain(), 0));
6957 atom_not_defined:
6958 {
6959 JSAutoByteString printable;
6962 }
6965 /*
6966 * This path is used when it's guaranteed the method can be finished
6967 * inside the JIT.
6968 */
6969 #if defined(JS_METHODJIT)
6970 leave_on_safe_point:
6971 #endif
6973 }