| blob | ef68cc8855bd02bd8168366d4ff6ff9a21a31c5b |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef vm_EnvironmentObject_h
8 #define vm_EnvironmentObject_h
10 #include <type_traits>
29 /*
30 * Return a shape representing the static scope containing the variable
31 * accessed by the ALIASEDVAR op at 'pc'.
32 */
36 // Return the name being accessed by the given ALIASEDVAR op. This function is
37 // relatively slow so it should not be used on hot paths.
41 /*** Environment objects ****************************************************/
43 // clang-format off
44 /*
45 * [SMDOC] Environment Objects
46 *
47 * About environments
48 * ------------------
49 *
50 * See also: https://tc39.es/ecma262/#sec-environment-records
51 *
52 * Scoping in ES is specified in terms of "Environment Records". There's a
53 * global Environment Record per realm, and a new Environment Record is created
54 * whenever control enters a function, block, or other scope.
55 *
56 * A "Lexical Environment" is a list of nested Environment Records, innermost
57 * first: everything that's in scope. Throughout SpiderMonkey, "environment"
58 * means a Lexical Environment.
59 *
60 * N.B.: "Scope" means something different: a static scope, the compile-time
61 * analogue of an environment. See Scope.h.
62 *
63 * How SpiderMonkey represents environments
64 * ----------------------------------------
65 *
66 * Some environments are stored as JSObjects. Several kinds of objects
67 * represent environments:
68 *
69 * JSObject
70 * |
71 * +--NativeObject
72 * | |
73 * | +--EnvironmentObject Engine-internal environment
74 * | | |
75 * | | +--CallObject Environment of entire function
76 * | | |
77 * | | +--VarEnvironmentObject See VarScope in Scope.h.
78 * | | |
79 * | | +--ModuleEnvironmentObject
80 * | | | Module top-level environment
81 * | | |
82 * | | +--WasmInstanceEnvironmentObject
83 * | | |
84 * | | +--WasmFunctionCallObject
85 * | | |
86 * | | +--LexicalEnvironmentObject
87 * | | | |
88 * | | | +--ScopedLexicalEnvironmentObject
89 * | | | | | Non-extensible lexical environment
90 * | | | | |
91 * | | | | +--BlockLexicalEnvironmentObject
92 * | | | | | | Blocks and such: syntactic,
93 * | | | | | | non-extensible
94 * | | | | | |
95 * | | | | | +--NamedLambdaObject
96 * | | | | | Environment for `(function f(){...})`
97 * | | | | | containing only a binding for `f`
98 * | | | | |
99 * | | | | +--ClassBodyLexicalEnvironmentObject
100 * | | | | Environment for class body, containing
101 * | | | | private names, private brands, and
102 * | | | | static initializers list
103 * | | | |
104 * | | | +--ExtensibleLexicalEnvironmentObject
105 * | | | |
106 * | | | +--GlobalLexicalEnvironmentObject
107 * | | | | Top-level let/const/class in scripts
108 * | | | |
109 * | | | +--NonSyntacticLexicalEnvironmentObject
110 * | | | See "Non-syntactic environments" below
111 * | | |
112 * | | +--NonSyntacticVariablesObject
113 * | | | See "Non-syntactic environments" below
114 * | | |
115 * | | +--WithEnvironmentObject Presents object properties as bindings
116 * | | |
117 * | | +--RuntimeLexicalErrorObject
118 * | | Special value represents uninitialized
119 * | | lexical slots
120 * | |
121 * | +--GlobalObject The global environment (dynamically
122 * | presents its properties as bindings)
123 * +--ProxyObject
124 * |
125 * +--DebugEnvironmentProxy Environment for debugger eval-in-frame
126 *
127 * EnvironmentObjects are technically real JSObjects but only belong on the
128 * environment chain (that is, fp->environmentChain() or fun->environment()).
129 * They are never exposed to scripts.
130 *
131 * Note that reserved slots in any base classes shown above are fixed for all
132 * derived classes. So e.g. EnvironmentObject::enclosingEnvironment() can
133 * simply access a fixed slot without further dynamic type information.
134 *
135 * When the current environment is represented by an object, the stack frame
136 * has a pointer to that object (see AbstractFramePtr::environmentChain()).
137 * However, that isn't always the case. Where possible, we store binding values
138 * in JS stack slots. For block and function scopes where all bindings can be
139 * stored in stack slots, nothing is allocated in the heap; there is no
140 * environment object.
141 *
142 * Full information about the environment chain is always recoverable:
143 * EnvironmentIter can do it, and we construct a fake environment for debugger
144 * eval-in-frame (see "Debug environment objects" below).
145 *
146 * Syntactic Environments
147 * ----------------------
148 *
149 * Environments may be syntactic, i.e., corresponding to source text, or
150 * non-syntactic, i.e., specially created by embedding. The distinction is
151 * necessary to maintain invariants about the environment chain: non-syntactic
152 * environments may not occur in arbitrary positions in the chain.
153 *
154 * CallObject, ModuleEnvironmentObject, BlockLexicalEnvironmentObject, and
155 * GlobalLexicalEnvironmentObject always represent syntactic
156 * environments. (CallObject is considered syntactic even when it's used as the
157 * scope of strict eval code.) WithEnvironmentObject is syntactic when it's
158 * used to represent the scope of a `with` block.
159 *
160 *
161 * Non-syntactic Environments
162 * --------------------------
163 *
164 * A non-syntactic environment is one that was not created due to JS source
165 * code. On the scope chain, a single NonSyntactic GlobalScope maps to 0+
166 * non-syntactic environment objects. This is contrasted with syntactic
167 * environments, where each scope corresponds to 0 or 1 environment object.
168 *
169 * There are 3 kinds of dynamic environment objects:
170 *
171 * 1. WithEnvironmentObject
172 *
173 * When the embedding compiles or executes a script, it has the option to
174 * pass in a vector of objects to be used as the initial env chain, ordered
175 * from outermost env to innermost env. Each of those objects is wrapped by
176 * a WithEnvironmentObject.
177 *
178 * The innermost object passed in by the embedding becomes a qualified
179 * variables object that captures 'var' bindings. That is, it wraps the
180 * holder object of 'var' bindings.
181 *
182 * Does not hold 'let' or 'const' bindings.
183 *
184 * 2. NonSyntacticVariablesObject
185 *
186 * When the embedding wants qualified 'var' bindings and unqualified
187 * bareword assignments to go on a different object than the global
188 * object. While any object can be made into a qualified variables object,
189 * only the GlobalObject and NonSyntacticVariablesObject are considered
190 * unqualified variables objects.
191 *
192 * Unlike WithEnvironmentObjects that delegate to the object they wrap,
193 * this object is itself the holder of 'var' bindings.
194 *
195 * Does not hold 'let' or 'const' bindings.
196 *
197 * 3. NonSyntacticLexicalEnvironmentObject
198 *
199 * Each non-syntactic object used as a qualified variables object needs to
200 * enclose a non-syntactic lexical environment to hold 'let' and 'const'
201 * bindings. There is a bijection per realm between the non-syntactic
202 * variables objects and their non-syntactic LexicalEnvironmentObjects.
203 *
204 * Does not hold 'var' bindings.
205 *
206 * The embedding (Gecko) and debugger uses non-syntactic envs for various
207 * things, all of which are detailed below. All env chain listings below are,
208 * from top to bottom, outermost to innermost.
209 *
210 * A. JSM loading
211 *
212 * Most JSMs are loaded into a shared system global in order to save the memory
213 * consumption and avoid CCWs. To support this, a NonSyntacticVariablesObject
214 * is used for each JSM to provide a basic form of isolation.
215 * NonSyntacticLexicalEnvironmentObject and
216 * NonSyntacticVariablesObject are allocated for each JSM, and
217 * NonSyntacticLexicalEnvironmentObject holds lexical variables and
218 * NonSyntacticVariablesObject holds qualified variables. JSMs cannot have
219 * unqualified names, but if unqualified names are used by subscript, they
220 * goes to NonSyntacticVariablesObject (see B.3 and B.4).
221 * They have the following env chain:
222 *
223 * BackstagePass global
224 * |
225 * GlobalLexicalEnvironmentObject[this=global]
226 * |
227 * NonSyntacticVariablesObject (qualified 'var's (and unqualified names))
228 * |
229 * NonSyntacticLexicalEnvironmentObject[this=nsvo] (lexical vars)
230 *
231 * B.1 Subscript loading into a target object
232 *
233 * Subscripts may be loaded into a target object and it's associated global.
234 * NonSyntacticLexicalEnvironmentObject holds lexical variables and
235 * WithEnvironmentObject holds qualified variables. Unqualified names goes
236 * to the target object's global.
237 * They have the following env chain:
238 *
239 * Target object's global (unqualified names)
240 * |
241 * GlobalLexicalEnvironmentObject[this=global]
242 * |
243 * WithEnvironmentObject wrapping target (qualified 'var's)
244 * |
245 * NonSyntacticLexicalEnvironmentObject[this=target] (lexical vars)
246 *
247 * B.2 Subscript loading into global this
248 *
249 * Subscript may be loaded into global this. In this case no extra environment
250 * object is created.
251 *
252 * global (qualified 'var's and unqualified names)
253 * |
254 * GlobalLexicalEnvironmentObject[this=global] (lexical vars)
255 *
256 * B.3 Subscript loading into a target object in JSM
257 *
258 * The target object of a subscript load may be in a JSM, in which case we will
259 * also have the NonSyntacticVariablesObject on the chain.
260 * NonSyntacticLexicalEnvironmentObject for target object holds lexical
261 * variables and WithEnvironmentObject holds qualified variables.
262 * Unqualified names goes to NonSyntacticVariablesObject.
263 *
264 * BackstagePass global
265 * |
266 * GlobalLexicalEnvironmentObject[this=global]
267 * |
268 * NonSyntacticVariablesObject (unqualified names)
269 * |
270 * NonSyntacticLexicalEnvironmentObject[this=nsvo]
271 * |
272 * WithEnvironmentObject wrapping target (qualified 'var's)
273 * |
274 * NonSyntacticLexicalEnvironmentObject[this=target] (lexical vars)
275 *
276 * B.4 Subscript loading into per-JSM this
277 *
278 * Subscript may be loaded into global this. In this case no extra environment
279 * object is created.
280 *
281 * BackstagePass global
282 * |
283 * GlobalLexicalEnvironmentObject[this=global]
284 * |
285 * NonSyntacticVariablesObject (qualified 'var's and unqualified names)
286 * |
287 * NonSyntacticLexicalEnvironmentObject[this=nsvo] (lexical vars)
288 *
289 * C.1. Frame scripts with unique scope
290 *
291 * XUL frame scripts with unique scope are loaded in the same global as
292 * JSMs, with a NonSyntacticVariablesObject as a "polluting global" for
293 * both qualified 'var' variables and unqualified names, and a with
294 * environment wrapping a message manager object, and
295 * NonSyntacticLexicalEnvironmentObject holding the message manager as `this`,
296 * that holds lexical variables.
297 * These environment objects except for globals are created for each run and
298 * not shared across multiple runs. This is done exclusively in
299 * js::ExecuteInFrameScriptEnvironment.
300 *
301 * BackstagePass global
302 * |
303 * GlobalLexicalEnvironmentObject[this=global]
304 * |
305 * NonSyntacticVariablesObject (qualified 'var's and unqualified names)
306 * |
307 * WithEnvironmentObject wrapping messageManager
308 * |
309 * NonSyntacticLexicalEnvironmentObject[this=messageManager] (lexical vars)
310 *
311 * C.2. Frame scripts without unique scope
312 *
313 * XUL frame scripts without unique scope are loaded in the same global as
314 * JSMs, with a with environment wrapping a message manager object for
315 * qualified 'var' variables, and NonSyntacticLexicalEnvironmentObject holding
316 * the message manager as `this`, that holds lexical variables.
317 * The environment chain is associated with the message manager object
318 * and cached for subsequent runs.
319 *
320 * BackstagePass global (unqualified names)
321 * |
322 * GlobalLexicalEnvironmentObject[this=global]
323 * |
324 * WithEnvironmentObject wrapping messageManager (qualified 'var's)
325 * |
326 * NonSyntacticLexicalEnvironmentObject[this=messageManager] (lexical vars)
327 *
328 * D.1. DOM event handlers without direct eval
329 *
330 * DOM event handlers are compiled as functions with HTML elements on the
331 * environment chain. For a chain of elements e0, e1, ..., eN, where innerrmost
332 * element is the target element, enclosing elements are such as forms, and the
333 * outermost one is the document.
334 * If the DOM event handlers don't have direct eval, the function's scopes are
335 * optimized and frame slots are used for qualified 'var's and lexical vars.
336 * NonSyntacticLexicalEnvironmentObject's `this` value is not used, given
337 * the function's `this` value is used instead:
338 *
339 * global (unqualified names)
340 * |
341 * GlobalLexicalEnvironmentObject[this=global]
342 * |
343 * WithEnvironmentObject wrapping eN
344 * |
345 * ...
346 * |
347 * WithEnvironmentObject wrapping e1
348 * |
349 * WithEnvironmentObject wrapping e0
350 * |
351 * NonSyntacticLexicalEnvironmentObject [this=*unused*]
352 *
353 * D.2. DOM event handlers with direct eval
354 *
355 * If DOM event handlers have direct eval, the function's scopes are allocated
356 * as environment object:
357 *
358 * global (unqualified names)
359 * |
360 * GlobalLexicalEnvironmentObject[this=global]
361 * |
362 * ...
363 * |
364 * WithEnvironmentObject wrapping e1
365 * |
366 * WithEnvironmentObject wrapping e0
367 * |
368 * NonSyntacticLexicalEnvironmentObject [this=*unused*]
369 * |
370 * CallObject (qualified 'var's)
371 * |
372 * BlockLexicalEnvironmentObject (lexical vars)
373 *
374 * E.1. Debugger.Frame.prototype.evalWithBindings
375 *
376 * Debugger.Frame.prototype.evalWithBindings uses WithEnvironmentObject for
377 * given bindings, and the frame's enclosing scope.
378 *
379 * If qualified 'var's or unqualified names conflict with the bindings object's
380 * properties, they go to the WithEnvironmentObject.
381 *
382 * If the frame is function, it has the following env chain.
383 * lexical variables are optimized and uses frame slots, regardless of the name
384 * conflicts with bindings:
385 *
386 * global (unqualified names)
387 * |
388 * [DebugProxy] GlobalLexicalEnvironmentObject[this=global]
389 * |
390 * [DebugProxy] CallObject (qualified 'var's)
391 * |
392 * WithEnvironmentObject wrapping bindings (conflicting 'var's and names)
393 *
394 * If the script has direct eval, BlockLexicalEnvironmentObject is created for
395 * it:
396 *
397 * global (unqualified names)
398 * |
399 * [DebugProxy] GlobalLexicalEnvironmentObject[this=global]
400 * |
401 * [DebugProxy] CallObject (qualified 'var's)
402 * |
403 * WithEnvironmentObject wrapping bindings (conflicting 'var's and names)
404 * |
405 * BlockLexicalEnvironmentObject (lexical vars, and conflicting lexical vars)
406 *
407 * NOTE: Debugger.Frame.prototype.eval uses the frame's enclosing scope only,
408 * and it doesn't use any dynamic environment, but still uses
409 * non-syntactic scope to perform `eval` operation.
410 *
411 * E.2. Debugger.Object.prototype.executeInGlobalWithBindings
412 *
413 * Debugger.Object.prototype.executeInGlobalWithBindings uses
414 * WithEnvironmentObject for given bindings, and the object's global scope.
415 *
416 * If `options.useInnerBindings` is not true, if bindings conflict with
417 * qualified 'var's or global lexicals, those bindings are shadowed and not
418 * stored into the bindings object wrapped by WithEnvironmentObject.
419 *
420 * global (qualified 'var's and unqualified names)
421 * |
422 * GlobalLexicalEnvironmentObject[this=global] (lexical vars)
423 * |
424 * WithEnvironmentObject wrapping object with not-conflicting bindings
425 *
426 * If `options.useInnerBindings` is true, all bindings are stored into the
427 * bindings object wrapped by WithEnvironmentObject, and they shadow globals
428 *
429 * global (qualified 'var's and unqualified names)
430 * |
431 * GlobalLexicalEnvironmentObject[this=global] (lexical vars)
432 * |
433 * WithEnvironmentObject wrapping object with all bindings
434 *
435 * NOTE: If `options.useInnerBindings` is true, and if lexical variable names
436 * conflict with the bindings object's properties, the write on them
437 * within declarations is done for the GlobalLexicalEnvironmentObject,
438 * but the write within assignments and the read on lexicals are done
439 * from the WithEnvironmentObject (bug 1841964 and bug 1847219).
440 *
441 * // bindings = { x: 10, y: 20 };
442 *
443 * let x = 11; // written to GlobalLexicalEnvironmentObject
444 * x; // read from WithEnvironmentObject
445 * let y;
446 * y = 21; // written to WithEnvironmentObject
447 * y; // read from WithEnvironmentObject
448 *
449 * NOTE: Debugger.Object.prototype.executeInGlobal uses the object's global
450 * scope only, and it doesn't use any dynamic environment or
451 * non-syntactic scope.
452 * NOTE: If no extra bindings are used by script,
453 * Debugger.Object.prototype.executeInGlobalWithBindings uses the object's
454 * global scope only, and it doesn't use any dynamic environment or
455 * non-syntactic scope.
456 *
457 */
458 // clang-format on
462 // The enclosing environment. Either another EnvironmentObject, a
463 // GlobalObject, or a non-syntactic environment object.
469 // Since every env chain terminates with a global object, whether
470 // GlobalObject or a non-syntactic one, and since those objects do not
471 // derive EnvironmentObject (they have completely different layouts), the
472 // enclosing environment of an EnvironmentObject is necessarily non-null.
475 }
479 }
482 // For non-extensible environment objects isFixedSlot(slot) is equivalent to
483 // slot < MAX_FIXED_SLOTS.
485 }
489 }
491 // Get or set a name contained in this environment.
497 }
503 // For JITs.
506 }
512 #if defined(DEBUG) || defined(JS_JITSPEW)
515 };
530 /* These functions are internal and are exposed only for JITs. */
532 /*
533 * Construct a bare-bones call object given a shape.
534 * The call object must be further initialized to be usable.
535 */
539 HandleObject enclosing);
545 // If `env` or any enclosing environment is a CallObject, return that
546 // CallObject; else null.
547 //
548 // `env` may be a DebugEnvironmentProxy, but not a hollow environment.
551 /*
552 * When an aliased formal (var accessed by nested closures) is also
553 * aliased by the arguments object, it must of course exist in one
554 * canonical location and that location is always the CallObject. For this
555 * to work, the ArgumentsObject stores special MagicValue in its array for
556 * forwarded-to-CallObject variables. This MagicValue's payload is the
557 * slot of the CallObject to access.
558 */
561 }
567 }
569 /* For jit access. */
573 };
580 HandleObject enclosing,
588 }
598 AbstractFramePtr frame);
612 }
616 };
645 // If `env` or any enclosing environment is a ModuleEnvironmentObject,
646 // return that ModuleEnvironmentObject; else null.
647 //
648 // `env` may be a DebugEnvironmentProxy, but not a hollow environment.
667 MutableHandleIdVector properties,
669 };
672 // Currently WasmInstanceScopes do not use their scopes in a
673 // meaningful way. However, it is an invariant of DebugEnvironments that
674 // environments kept in those maps have live scopes, thus this strong
675 // reference.
690 }
691 };
694 // Currently WasmFunctionCallObjects do not use their scopes in a
695 // meaningful way. However, it is an invariant of DebugEnvironments that
696 // environments kept in those maps have live scopes, thus this strong
697 // reference.
703 // TODO Check what Debugger behavior should be when it evaluates a
704 // var declaration.
714 }
715 };
717 // Abstract base class for environments that can contain let/const bindings,
718 // plus a few other kinds of environments, such as `catch` blocks, that have
719 // similar behavior.
722 // Global and non-syntactic lexical environments need to store a 'this'
723 // object and all other lexical environments have a fixed shape and store a
724 // backpointer to the LexicalScope.
725 //
726 // Since the two sets are disjoint, we only use one slot to save space.
737 HandleObject enclosing,
741 // Is this the global lexical scope?
744 // Global and non-syntactic lexical scopes are extensible. All other
745 // lexical scopes are not.
748 // Is this a syntactic (i.e. corresponds to a source text) lexical
749 // environment?
751 };
753 // A non-extensible lexical environment.
754 //
755 // Used for blocks (ScopeKind::Lexical) and several other scope kinds,
756 // including Catch, NamedLambda, FunctionLexical, and ClassBody.
765 }
771 }
772 };
778 HandleObject enclosing,
796 // Create a new BlockLexicalEnvironmentObject with the same enclosing env and
797 // variable values as this.
801 // Create a new BlockLexicalEnvironmentObject with the same enclosing env as
802 // this, with all variables uninitialized.
806 // The LexicalScope that created this environment.
809 }
810 };
818 HandleFunction callee);
821 HandleFunction callee);
825 // For JITs.
830 }
831 };
833 class ClassBodyLexicalEnvironmentObject
849 // The ClassBodyScope that created this environment.
852 }
855 };
857 // Global and non-syntactic lexical environments are extensible.
862 // For a given global object or JSMEnvironment `obj`, return the associated
863 // global lexical or non-syntactic lexical environment, where top-level `let`
864 // bindings are added.
872 }
873 };
875 // The global lexical environment, where global let/const/class bindings are
876 // added.
877 class GlobalLexicalEnvironmentObject
885 }
891 }
892 };
894 // Non-standard. See "Non-syntactic Environments" above.
895 class NonSyntacticLexicalEnvironmentObject
899 HandleObject enclosing,
900 HandleObject thisv);
901 };
903 // A non-syntactic dynamic scope object that captures non-lexical
904 // bindings. That is, a scope object that captures both qualified var
905 // assignments and unqualified bareword assignments. Its parent is always the
906 // global lexical environment.
907 //
908 // This is used in ExecuteInGlobalAndReturnScope and sits in front of the
909 // global scope to store 'var' bindings, and to store fresh properties created
910 // by assignments to undeclared variables that otherwise would have gone on
911 // the global object.
920 };
924 MutableHandleObject env);
926 // With environment objects on the run-time environment chain.
939 HandleObject enclosing,
942 HandleObject object,
943 HandleObject enclosing);
945 /* Return the 'o' in 'with (o)'. */
948 /* Return object for GetThisValue. */
951 /*
952 * Return whether this object is a syntactic with object. If not, this is
953 * a With object we inserted between the outermost syntactic scope and the
954 * global object to wrap the environment chain someone explicitly passed
955 * via JSAPI to CompileFunction or script evaluation.
956 */
959 // For syntactic with environment objects, the with scope.
965 };
967 // Internal scope object used by JSOp::BindName upon encountering an
968 // uninitialized lexical slot or an assignment to a 'const' binding.
969 //
970 // ES6 lexical bindings cannot be accessed in any way (throwing
971 // ReferenceErrors) until initialized. Normally, NAME operations
972 // unconditionally check for uninitialized lexical slots. When getting or
973 // looking up names, this can be done without slowing down normal operations
974 // on the return value. When setting names, however, we do not want to pollute
975 // all set-property paths with uninitialized lexical checks. For setting names
976 // (i.e. JSOp::SetName), we emit an accompanying, preceding JSOp::BindName which
977 // finds the right scope on which to set the name. Moreover, when the name on
978 // the scope is an uninitialized lexical, we cannot throw eagerly, as the spec
979 // demands that the error be thrown after evaluating the RHS of
980 // assignments. Instead, this sentinel scope object is pushed on the stack.
981 // Attempting to access anything on this scope throws the appropriate
982 // ReferenceError.
983 //
984 // ES6 'const' bindings induce a runtime error when assigned to outside
985 // of initialization, regardless of strictness.
994 HandleObject enclosing,
998 };
1000 /****************************************************************************/
1002 // A environment iterator describes the active environments starting from an
1003 // environment, scope pair. This pair may be derived from the current point of
1004 // execution in a frame. If derived in such a fashion, the EnvironmentIter
1005 // tracks whether the current scope is within the extent of this initial
1006 // frame. Here, "frame" means a single activation of: a function, eval, or
1007 // global code.
1010 RootedObject env_;
1011 AbstractFramePtr frame_;
1016 // No value semantics.
1020 // Constructing from a copy of an existing EnvironmentIter.
1023 // Constructing from an environment, scope pair. All environments
1024 // considered not to be withinInitialFrame, since no frame is given.
1027 // Constructing from a frame. Places the EnvironmentIter on the innermost
1028 // environment at pc.
1031 // Constructing from an environment, scope and frame. The frame is given
1032 // to initialize to proper enclosing environment/scope.
1034 AbstractFramePtr frame);
1043 }
1046 }
1051 }
1053 // If done():
1056 // If !done():
1063 }
1068 }
1075 }
1077 }
1086 }
1089 };
1091 // The key in MissingEnvironmentMap. For live frames, maps live frames to
1092 // their synthesized environments. For completely optimized-out environments,
1093 // maps the Scope to their synthesized environments. The env we synthesize for
1094 // Scopes are read-only, and we never use their parent links, so they don't
1095 // need to be distinct.
1096 //
1097 // That is, completely optimized out environments can't be distinguished by
1098 // frame. Note that even if the frame corresponding to the Scope is live on
1099 // the stack, it is unsound to synthesize an environment from that live
1100 // frame. In other words, the provenance of the environment chain is from
1101 // allocated closures (i.e., allocation sites) and is irrecoverable from
1102 // simple stack inspection (i.e., call sites).
1106 AbstractFramePtr frame_;
1122 // For use as hash policy.
1128 }
1132 }
1133 };
1135 // The value in LiveEnvironmentMap, mapped from by live environment objects.
1140 AbstractFramePtr frame_;
1154 };
1156 /****************************************************************************/
1158 /*
1159 * [SMDOC] Debug environment objects
1160 *
1161 * The frontend optimizes unaliased variables into stack slots and can optimize
1162 * away whole EnvironmentObjects. So when the debugger wants to perform an
1163 * unexpected eval-in-frame (or otherwise access the environment),
1164 * `fp->environmentChain` is often incomplete. This is a problem: a major use
1165 * case for eval-in-frame is to access the local variables in debuggee code.
1166 *
1167 * Even when all EnvironmentObjects exist, giving complete information for all
1168 * bindings, stack and heap, there's another issue: eval-in-frame code can
1169 * create closures that capture stack locals. The variable slots go away when
1170 * the frame is popped, but the closure, which uses them, may survive.
1171 *
1172 * To solve both problems, eval-in-frame code is compiled and run against a
1173 * "debug environment chain" of DebugEnvironmentProxy objects rather than real
1174 * EnvironmentObjects. The `GetDebugEnvironmentFor` functions below create
1175 * these proxies, one to sit in front of each existing EnvironmentObject. They
1176 * also create bogus "hollow" EnvironmentObjects to stand in for environments
1177 * that were optimized away; and proxies for those. The frontend sees these
1178 * environments as something like `with` scopes, and emits deoptimized bytecode
1179 * instructions for all variable accesses.
1180 *
1181 * When eval-in-frame code runs, `fp->environmentChain` points to this chain of
1182 * proxies. On each variable access, the proxy laboriously figures out what to
1183 * do. See e.g. `DebuggerEnvironmentProxyHandler::handleUnaliasedAccess`.
1184 *
1185 * There's a limit to what the proxies can manage, since they're proxying
1186 * environments that are already optimized. Some debugger operations, like
1187 * redefining a lexical binding, can fail when a true direct eval would
1188 * succeed. Even plain variable accesses can throw, if the variable has been
1189 * optimized away.
1190 *
1191 * To support accessing stack variables after they've gone out of scope, we
1192 * copy the variables to the heap as they leave scope. See
1193 * `DebugEnvironments::onPopCall` and `onPopLexical`.
1194 *
1195 * `GetDebugEnvironmentFor*` guarantees that the same DebugEnvironmentProxy is
1196 * always produced for the same underlying environment (optimized or not!).
1197 * This is maintained by some bookkeeping information stored in
1198 * `DebugEnvironments`.
1199 */
1202 HandleFunction fun);
1208 AbstractFramePtr frame,
1214 /* Provides debugger access to a environment. */
1216 /*
1217 * The enclosing environment on the dynamic environment chain. This slot is
1218 * analogous to the ENCLOSING_ENV_SLOT of a EnvironmentObject.
1219 */
1222 /*
1223 * NullValue or a dense array holding the unaliased variables of a function
1224 * frame that has been popped.
1225 */
1230 HandleObject enclosing);
1232 // NOTE: The environment may be a debug hollow with invalid
1233 // enclosingEnvironment. Always use the enclosingEnvironment accessor on
1234 // the DebugEnvironmentProxy in order to walk the environment chain.
1238 // May only be called for proxies to function call objects or modules
1239 // with top-level-await.
1243 // Currently, the 'declarative' environments are function, module, and
1244 // lexical environments.
1247 // Get a property by 'id', but returns sentinel values instead of throwing
1248 // on exceptional cases.
1253 // Returns true iff this is a function environment with its own this-binding
1254 // (all functions except arrow functions).
1257 // Does this debug environment not have a real counterpart or was never
1258 // live (and thus does not have a synthesized EnvironmentObject or a
1259 // snapshot)?
1262 #if defined(DEBUG) || defined(JS_JITSPEW)
1265 };
1267 /* Maintains per-realm debug environment bookkeeping information. */
1271 /* The map from (non-debug) environments to debug environments. */
1272 ObjectWeakMap proxiedEnvs;
1274 /*
1275 * The map from live frames which have optimized-away environments to the
1276 * corresponding debug environments.
1277 */
1280 MissingEnvironmentMap;
1281 MissingEnvironmentMap missingEnvs;
1283 /*
1284 * The map from environment objects of live frames to the live frame. This
1285 * map updated lazily whenever the debugger needs the information. In
1286 * between two lazy updates, liveEnvs becomes incomplete (but not invalid,
1287 * onPop* removes environments as they are popped). Thus, two consecutive
1288 * debugger lazy updates of liveEnvs need only fill in the new
1289 * environments.
1290 */
1293 LiveEnvironmentMap;
1294 LiveEnvironmentMap liveEnvs;
1312 #ifdef JS_GC_ZEAL
1314 #endif
1316 // If a live frame has a synthesized entry in missingEnvs, make sure it's not
1317 // collected.
1334 // When a frame bails out from Ion to Baseline, there might be missing
1335 // envs keyed on, and live envs containing, the old
1336 // RematerializedFrame. Forward those values to the new BaselineFrame.
1338 AbstractFramePtr to);
1340 // When an environment is popped, we store a snapshot of its bindings that
1341 // live on the frame.
1342 //
1343 // This is done during frame unwinding, which cannot handle errors
1344 // gracefully. Errors result in no snapshot being set on the
1345 // DebugEnvironmentProxy.
1348 AbstractFramePtr frame);
1350 // In debug-mode, these must be called whenever exiting a scope that might
1351 // have stack-allocated locals.
1360 };
1374 }
1380 }
1386 }
1392 }
1398 }
1404 }
1410 }
1416 }
1426 }
1430 }
1434 }
1438 }
1441 }
1445 }
1449 }
1456 }
1461 }
1463 }
1468 // A frame's initial environment is the innermost environment
1469 // corresponding to the scope chain from frame.script()->bodyScope() to
1470 // frame.script()->outermostScope(). This environment must be on the chain
1471 // for the frame to be considered initialized. That is, it must be on the
1472 // chain for the environment chain to fully match the scope chain at the
1473 // start of execution in the frame.
1474 //
1475 // This logic must be in sync with the HAS_INITIAL_ENV logic in
1476 // BaselineStackBuilder::buildBaselineFrame.
1478 // A function frame's CallObject, if present, is always the initial
1479 // environment.
1482 }
1484 // For an eval frame, the VarEnvironmentObject, if present, is always the
1485 // initial environment.
1489 }
1490 }
1492 // For named lambda frames without CallObjects (i.e., no binding in the
1493 // body of the function was closed over), the NamedLambdaObject
1494 // corresponding to the named lambda scope is the initial environment.
1501 }
1502 }
1505 }
1508 HandleObjectVector chain,
1509 HandleObject terminatingEnv,
1510 MutableHandleObject envObj);
1518 MutableHandleValue res);
1521 MutableHandleValue res);
1535 HandleObject varObj);
1538 HandleObject envChain,
1539 HandleScript script,
1540 GCThingIndex lastFun);
1543 AbstractFramePtr frame);
1546 AbstractFramePtr frame);
1549 AbstractFramePtr frame,
1551 MutableHandleObject env,
1556 MutableHandleObject env,
1559 #ifdef DEBUG
1561 #endif