| blob | 00f9f5267ca25c578eca95756497aa02329efc8e |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /*
8 * JS bytecode generation.
9 */
18 #include <string.h>
52 static bool
53 SetSrcNoteOffset(ExclusiveContext* cx, BytecodeEmitter* bce, unsigned index, unsigned which, ptrdiff_t offset);
55 static bool
59 {
70 /*
71 * To reuse space, alias two of the ptrdiff_t fields for use during
72 * try/catch/finally code generation and backpatching.
73 *
74 * Only a loop, switch, or label statement info record can have breaks and
75 * continues, and only a for loop has an update backpatch chain, so it's
76 * safe to overlay these for the "trying" StmtTypes.
77 */
82 }
87 }
88 };
94 {
98 // Can we OSR into Ion from here? True unless there is non-loop state on the stack.
106 }
107 };
142 {
144 }
146 bool
148 {
150 }
152 static ptrdiff_t
154 {
157 // Start it off moderately large to avoid repeated resizings early on.
165 }
167 }
169 static void
171 {
177 /*
178 * An opcode may temporarily consume stack space during execution.
179 * Account for this in maxStackDepth separately from uses/defs here.
180 */
185 }
195 }
197 ptrdiff_t
199 {
208 }
210 ptrdiff_t
212 {
222 }
224 ptrdiff_t
226 jsbytecode op2)
227 {
228 /* These should filter through EmitVarOp. */
242 }
244 ptrdiff_t
246 {
254 /* The remaining |extra| bytes are set by the caller */
256 /*
257 * Don't UpdateDepth if op's use-count comes from the immediate
258 * operand yet to be stored in the extra bytes after op.
259 */
264 }
266 static ptrdiff_t
268 {
278 }
280 static ptrdiff_t
281 EmitCall(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp op, uint16_t argc, ParseNode* pn=nullptr)
282 {
286 }
288 // Dup the var in operand stack slot "slot". The first item on the operand
289 // stack is one slot past the last fixed slot. The last (most recent) item is
290 // slot bce->stackDepth - 1.
291 //
292 // The instruction that is written (JSOP_DUPAT) switches the depth around so
293 // that it is addressed from the sp instead of from the fp. This is useful when
294 // you don't know the size of the fixed stack segment (nfixed), as is the case
295 // when compiling scripts (because each statement is parsed and compiled
296 // separately, but they all together form one script with one fixed stack
297 // frame).
298 static bool
300 {
302 // The slot's position on the operand stack, measured from the top.
307 }
314 }
316 /* XXX too many "... statement" L10N gaffes below -- fix via js.msg! */
339 };
345 {
349 }
351 static void
353 {
355 }
357 /*
358 * Emit a backpatch op with offset pointing to the previous jump of this type,
359 * so that we can walk back up the chain fixing up the op and jump offset.
360 */
361 static ptrdiff_t
363 {
371 }
375 {
377 }
379 /* Updates line number notes, not column notes. */
382 {
391 /*
392 * Encode any change in the current source line number by using
393 * either several SRC_NEWLINE notes or just one SRC_SETLINE note,
394 * whichever consumes less space.
395 *
396 * NB: We handle backward line number deltas (possible with for
397 * loops where the update part is emitted after the body, but its
398 * line number is <= any line number in the body) here by letting
399 * unsigned delta_ wrap to a very large number, which triggers a
400 * SRC_SETLINE.
401 */
412 }
413 }
415 }
417 /* Updates the line number and column number information in the source notes. */
418 static bool
420 {
430 // If the column span is so large that we can't store it, then just
431 // discard this information because column information would most
432 // likely be useless anyway once the column numbers are ~4000000.
433 // This has been known to happen with scripts that have been
434 // minimized and put into all one line.
436 }
440 }
442 }
444 static ptrdiff_t
446 {
448 /*
449 * Try to give the JSOP_LOOPHEAD the same line number as the next
450 * instruction. nextpn is often a block, in which case the next
451 * instruction typically comes from the first statement inside.
452 */
458 }
461 }
463 static bool
465 {
467 /* Update the line number, as for LOOPHEAD. */
473 }
480 }
482 /*
483 * If op is JOF_TYPESET (see the type barriers comment in jsinfer.h), reserve
484 * a type set to store its result.
485 */
488 {
492 }
493 }
495 /*
496 * Macro to emit a bytecode followed by a uint16_t immediate operand stored in
497 * big-endian order.
498 *
499 * NB: We use cx and bce from our caller's lexical environment, and return
500 * false on error.
501 */
502 #define EMIT_UINT16_IMM_OP(op, i) \
503 JS_BEGIN_MACRO \
504 if (Emit3(cx, bce, op, UINT16_HI(i), UINT16_LO(i)) < 0) \
505 return false; \
506 CheckTypeSet(cx, bce, op); \
507 JS_END_MACRO
509 static bool
511 {
516 }
518 static bool
520 {
524 }
551 }
553 }
554 }
555 }
561 }
571 }
574 };
576 /*
577 * Emit additional bytecode(s) for non-local jumps.
578 */
579 bool
581 {
584 #define FLUSH_POPS() if (npops && !FlushPops(cx, bce, &npops)) return false
617 /*
618 * There's a [exception or hole, retsub pc-index] pair on the
619 * stack that we need to pop.
620 */
625 }
637 }
638 }
639 }
644 #undef FLUSH_POPS
645 }
649 static ptrdiff_t
652 {
661 }
664 }
666 static bool
667 BackPatch(ExclusiveContext* cx, BytecodeEmitter* bce, ptrdiff_t last, jsbytecode* target, jsbytecode op)
668 {
680 }
682 }
684 #define SET_STATEMENT_TOP(stmt, top) \
685 ((stmt)->update = (top), (stmt)->breaks = (stmt)->continues = (-1))
687 static void
689 {
692 }
694 static void
696 {
699 }
701 static void
703 {
712 }
713 }
725 else
733 else
735 }
737 /*
738 * Return the enclosing lexical scope, which is the innermost enclosing static
739 * block object or compiler created function.
740 */
743 {
750 }
753 }
755 #ifdef DEBUG
756 static bool
758 {
763 }
764 #endif
766 static bool
767 ComputeAliasedSlots(ExclusiveContext* cx, BytecodeEmitter* bce, Handle<StaticBlockObject*> blockObj)
768 {
775 {
777 }
779 #ifdef DEBUG
784 }
785 #endif
788 }
793 }
795 static bool
798 // In a function, block-scoped locals go after the vars, and form part of the
799 // fixed part of a stack frame. Outside a function, there are no fixed vars,
800 // but block-scoped locals still form part of the fixed part of a stack frame
801 // and are thus addressable via GETLOCAL and friends.
802 static void
803 ComputeLocalOffset(ExclusiveContext* cx, BytecodeEmitter* bce, Handle<StaticBlockObject*> blockObj)
804 {
815 }
816 }
817 }
823 }
825 // ~ Nested Scopes ~
826 //
827 // A nested scope is a region of a compilation unit (function, script, or eval
828 // code) with an additional node on the scope chain. This node may either be a
829 // "with" object or a "block" object. "With" objects represent "with" scopes.
830 // Block objects represent lexical scopes, and contain named block-scoped
831 // bindings, for example "let" bindings or the exception in a catch block.
832 // Those variables may be local and thus accessible directly from the stack, or
833 // "aliased" (accessed by name from nested functions, or dynamically via nested
834 // "eval" or "with") and only accessible through the scope chain.
835 //
836 // All nested scopes are present on the "static scope chain". A nested scope
837 // that is a "with" scope will be present on the scope chain at run-time as
838 // well. A block scope may or may not have a corresponding link on the run-time
839 // scope chain; if no variable declared in the block scope is "aliased", then no
840 // scope chain node is allocated.
841 //
842 // To help debuggers, the bytecode emitter arranges to record the PC ranges
843 // comprehended by a nested scope, and ultimately attach them to the JSScript.
844 // An element in the "block scope array" specifies the PC range, and links to a
845 // NestedScopeObject in the object list of the script. That scope object is
846 // linked to the previous link in the static scope chain, if any. The static
847 // scope chain at any pre-retire PC can be retrieved using
848 // JSScript::getStaticScope(jsbytecode* pc).
849 //
850 // Block scopes store their locals in the fixed part of a stack frame, after the
851 // "fixed var" bindings. A fixed var binding is a "var" or legacy "const"
852 // binding that occurs in a function (as opposed to a script or in eval code).
853 // Only functions have fixed var bindings.
854 //
855 // To assist the debugger, we emit a DEBUGLEAVEBLOCK opcode before leaving a
856 // block scope, even if the block has no aliased locals. This allows
857 // DebugScopes to invalidate any association between a debugger scope object,
858 // which can proxy access to unaliased stack locals, and the actual live frame.
859 // In normal, non-debug mode, this opcode does not cause any baseline code to be
860 // emitted.
861 //
862 // Enter a nested scope with EnterNestedScope. It will emit
863 // PUSHBLOCKSCOPE/ENTERWITH if needed, and arrange to record the PC bounds of
864 // the scope. Leave a nested scope with LeaveNestedScope, which, for blocks,
865 // will emit DEBUGLEAVEBLOCK and may emit POPBLOCKSCOPE. (For "with" scopes it
866 // emits LEAVEWITH, of course.) Pass EnterNestedScope a fresh StmtInfoBCE
867 // object, and pass that same object to the corresponding LeaveNestedScope. If
868 // the statement is a block scope, pass STMT_BLOCK as stmtType; otherwise for
869 // with scopes pass STMT_WITH.
870 //
871 static bool
872 EnterNestedScope(ExclusiveContext* cx, BytecodeEmitter* bce, StmtInfoBCE* stmt, ObjectBox* objbox,
873 StmtType stmtType)
874 {
890 }
892 }
900 }
906 }
919 }
921 // Patches |breaks| and |continues| unless the top statement info record
922 // represents a try-catch-finally suite. May fail if a jump offset overflows.
923 static bool
925 {
930 {
932 }
936 }
938 static bool
940 {
946 #ifdef DEBUG
954 #endif
967 }
970 }
972 static bool
974 {
987 }
989 static bool
991 {
1004 }
1006 static bool
1008 {
1012 /* Specialize length accesses for the interpreter. */
1014 }
1016 jsatomid index;
1021 }
1023 static bool
1025 {
1028 }
1030 static bool
1032 {
1036 }
1038 static bool
1040 {
1042 }
1044 static bool
1047 {
1051 }
1053 static bool
1055 {
1057 }
1059 /*
1060 * To catch accidental misuse, EMIT_UINT16_IMM_OP/Emit3 assert that they are
1061 * not used to unconditionally emit JSOP_GETLOCAL. Variable access should
1062 * instead be emitted using EmitVarOp. In special cases, when the caller
1063 * definitely knows that a given local slot is unaliased, this function may be
1064 * used as a non-asserting version of EMIT_UINT16_IMM_OP.
1065 */
1066 static bool
1068 {
1078 }
1087 }
1089 static bool
1091 {
1108 }
1110 // Compute the number of nested scope objects that will actually be on the scope
1111 // chain at runtime, given the BCE's current staticScope.
1112 static unsigned
1114 {
1119 }
1122 }
1124 static bool
1126 {
1127 /*
1128 * Beware: BindingIter may contain more than one Binding for a given name
1129 * (in the case of |function f(x,x) {}|) but only one will be aliased.
1130 */
1137 }
1138 slot++;
1139 }
1140 }
1142 }
1144 static bool
1146 {
1153 }
1155 /*
1156 * Use this function instead of assigning directly to 'hops' to guard for
1157 * uint8_t overflows.
1158 */
1159 static bool
1161 {
1165 }
1169 }
1171 static bool
1173 {
1174 /*
1175 * While pn->pn_cookie tells us how many function scopes are between the use and the def this
1176 * is not the same as how many hops up the dynamic scope chain are needed. In particular:
1177 * - a lexical function scope only contributes a hop if it is "heavyweight" (has a dynamic
1178 * scope object).
1179 * - a heavyweight named function scope contributes an extra scope to the scope chain (a
1180 * DeclEnvObject that holds just the name).
1181 * - all the intervening let/catch blocks must be counted.
1182 */
1186 /*
1187 * As explained in BindNameToSlot, the 'level' of a use indicates how
1188 * many function scopes (i.e., BytecodeEmitters) to skip to find the
1189 * enclosing function scope of the definition being accessed.
1190 */
1195 skippedScopes++;
1197 skippedScopes++;
1198 }
1200 }
1204 }
1206 /*
1207 * The final part of the skippedScopes computation depends on the type of
1208 * variable. An arg or local variable is at the outer scope of a function
1209 * and so includes the full DynamicNestedScopeDepth. A let/catch-binding
1210 * requires a search of the block chain to see how many (dynamic) block
1211 * objects to skip.
1212 */
1213 ScopeCoordinate sc;
1231 skippedScopes++;
1233 }
1237 }
1238 }
1241 }
1243 static bool
1245 {
1250 ScopeCoordinate sc;
1254 }
1263 }
1269 }
1272 }
1274 static JSOp
1276 {
1281 }
1283 static bool
1285 {
1304 }
1322 }
1324 bool
1326 {
1332 /* If dn is in an enclosing function, it is definitely aliased. */
1338 /*
1339 * There are two ways to alias a let variable: nested functions and
1340 * dynamic scope operations. (This is overly conservative since the
1341 * bindingsAccessedDynamically flag, checked by allLocalsAliased, is
1342 * function-wide.)
1343 *
1344 * In addition all locals in generators are marked as aliased, to ensure
1345 * that they are allocated on scope chains instead of on the stack. See
1346 * the definition of SharedContext::allLocalsAliased.
1347 */
1350 /*
1351 * Consult the bindings, since they already record aliasing. We might
1352 * be tempted to use the same definition as VAR/CONST/LET, but there is
1353 * a problem caused by duplicate arguments: only the last argument with
1354 * a given name is aliased. This is necessary to avoid generating a
1355 * shape for the call object with with more than one name for a given
1356 * slot (which violates internal engine invariants). All this means that
1357 * the '|| sc->allLocalsAliased()' disjunct is incorrect since it will
1358 * mark both parameters in function(x,x) as aliased.
1359 */
1369 }
1371 }
1373 /*
1374 * Try to convert a *NAME op with a free name to a more specialized GNAME,
1375 * INTRINSIC or ALIASEDVAR op, which optimize accesses on that name.
1376 * Return true if a conversion was made.
1377 */
1378 static bool
1380 {
1381 /*
1382 * In self-hosting mode, JSOP_*NAME is unconditionally converted to
1383 * JSOP_*INTRINSIC. This causes lookups to be redirected to the special
1384 * intrinsics holder in the global object, into which any missing values are
1385 * cloned lazily upon first access.
1386 */
1388 JSOp op;
1392 /* Other *NAME ops aren't (yet) supported in self-hosted code. */
1394 }
1397 }
1399 /*
1400 * When parsing inner functions lazily, parse nodes for outer functions no
1401 * longer exist and only the function's scope chain is available for
1402 * resolving upvar accesses within the inner function.
1403 */
1405 // The only statements within a lazy function which can push lexical
1406 // scopes are try/catch blocks. Use generic ops in this case.
1410 }
1419 hops++;
1421 hops++;
1422 }
1429 // Use generic ops if a catch block is encountered.
1431 }
1433 hops++;
1435 }
1442 JSOp op;
1447 }
1451 }
1452 hops++;
1453 }
1457 }
1458 }
1460 // Unbound names aren't recognizable global-property references if the
1461 // script isn't running against its global object.
1465 // Deoptimized names also aren't necessarily globals.
1470 // Unbound names in function code may not be globals if new locals can
1471 // be added to this function (or an enclosing one) to alias a global
1472 // reference.
1476 }
1478 // If this is eval code, being evaluated inside strict mode eval code,
1479 // an "unbound" name might be a binding local to that outer eval:
1480 //
1481 // var x = "GLOBAL";
1482 // eval('"use strict"; ' +
1483 // 'var x; ' +
1484 // 'eval("print(x)");'); // "undefined", not "GLOBAL"
1485 //
1486 // Given the enclosing eval code's strictness and its bindings (neither is
1487 // readily available now), we could exactly check global-ness, but it's not
1488 // worth the trouble for doubly-nested eval code. So we conservatively
1489 // approximate. If the outer eval code is strict, then this eval code will
1490 // be: thus, don't optimize if we're compiling strict code inside an eval.
1494 JSOp op;
1499 // Not supported.
1502 }
1505 }
1507 /*
1508 * BindNameToSlotHelper attempts to optimize name gets and sets to stack slot
1509 * loads and stores, given the compile-time information in bce and a PNK_NAME
1510 * node pn. It returns false on error, true on success.
1511 *
1512 * The caller can test pn->pn_cookie.isFree() to tell whether optimization
1513 * occurred, in which case BindNameToSlotHelper also updated pn->pn_op. If
1514 * pn->pn_cookie.isFree() is still true on return, pn->pn_op still may have
1515 * been optimized, e.g., from JSOP_NAME to JSOP_CALLEE. Whether or not
1516 * pn->pn_op was modified, if this function finds an argument or local variable
1517 * name, PND_CONST will be set in pn_dflags for read-only properties after a
1518 * successful return.
1519 *
1520 * NB: if you add more opcodes specialized from JSOP_NAME, etc., don't forget
1521 * to update the special cases in EmitFor (for-in) and EmitAssignment (= and
1522 * op=, e.g. +=).
1523 */
1524 static bool
1526 {
1531 /* Don't attempt if 'pn' is already bound or deoptimized or a function. */
1535 /* JSOP_CALLEE is pre-bound by definition. */
1540 /*
1541 * The parser already linked name uses to definitions when (where not
1542 * prevented by non-lexical constructs like 'with' and 'eval').
1543 */
1554 }
1556 /*
1557 * Turn attempts to mutate const-declared bindings into get ops (for
1558 * pre-increment and pre-decrement ops, our caller will have to emit
1559 * JSOP_POS, JSOP_ONE, and JSOP_ADD as well).
1560 *
1561 * Turn JSOP_DELNAME into JSOP_FALSE if dn is known, as all declared
1562 * bindings visible to the compiler are permanent in JS unless the
1563 * declaration originates at top level in eval code.
1564 */
1572 JSAutoByteString name;
1575 {
1577 }
1578 }
1580 }
1581 }
1587 /*
1588 * Don't generate upvars on the left side of a for loop. See
1589 * bug 470758.
1590 */
1594 /*
1595 * If this is an eval in the global scope, then unbound variables
1596 * must be globals, so try to use GNAME ops.
1597 */
1601 }
1603 /*
1604 * Out of tricks, so we must rely on PICs to optimize named
1605 * accesses from direct eval called from function code.
1606 */
1608 }
1610 /* Optimize accesses to undeclared globals. */
1616 }
1618 /*
1619 * At this point, we are only dealing with uses that have already been
1620 * bound to definitions via pn_lexdef. The rest of this routine converts
1621 * the parse node of the use from its initial JSOP_*NAME* op to a LOCAL/ARG
1622 * op. This requires setting the node's pn_cookie with a pair (level, slot)
1623 * where 'level' is the number of function scopes between the use and the
1624 * def and 'slot' is the index to emit as the immediate of the ARG/LOCAL
1625 * op. For example, in this code:
1626 *
1627 * function(a,b,x) { return x }
1628 * function(y) { function() { return y } }
1629 *
1630 * x will get (level = 0, slot = 2) and y will get (level = 1, slot = 0).
1631 */
1637 /*
1638 * We are compiling a function body and may be able to optimize name
1639 * to stack slot. Look for an argument or variable in the function and
1640 * rewrite pn_op and update pn accordingly.
1641 */
1648 }
1660 }
1667 /*
1668 * Currently, the ALIASEDVAR ops do not support accessing the
1669 * callee of a DeclEnvObject, so use NAME.
1670 */
1678 /*
1679 * Leave pn->isOp(JSOP_NAME) if bce->fun is heavyweight to
1680 * address two cases: a new binding introduced by eval, and
1681 * assignment to the name in strict mode.
1682 *
1683 * var fun = (function f(s) { eval(s); return f; });
1684 * assertEq(fun("var f = 42"), 42);
1685 *
1686 * ECMAScript specifies that a function expression's name is bound
1687 * in a lexical environment distinct from that used to bind its
1688 * named parameters, the arguments object, and its variables. The
1689 * new binding for "var f = 42" shadows the binding for the
1690 * function itself, so the name of the function will not refer to
1691 * the function.
1692 *
1693 * (function f() { "use strict"; f = 12; })();
1694 *
1695 * Outside strict mode, assignment to a function expression's name
1696 * has no effect. But in strict mode, this attempt to mutate an
1697 * immutable binding must throw a TypeError. We implement this by
1698 * not optimizing such assignments and by marking such functions as
1699 * heavyweight, ensuring that the function name is represented in
1700 * the scope chain so that assignment will throw a TypeError.
1701 */
1705 }
1710 }
1717 }
1719 /*
1720 * The difference between the current static level and the static level of
1721 * the definition is the number of function scopes between the current
1722 * scope and dn's scope.
1723 */
1727 /*
1728 * Explicitly disallow accessing var/let bindings in global scope from
1729 * nested functions. The reason for this limitation is that, since the
1730 * global script is not included in the static scope chain (1. because it
1731 * has no object to stand in the static scope chain, 2. to minimize memory
1732 * bloat where a single live function keeps its whole global script
1733 * alive.), ScopeCoordinateToTypeSet is not able to find the var/let's
1734 * associated types::TypeSet.
1735 */
1742 }
1751 }
1753 /*
1754 * Attempts to bind the name, then checks that no dynamic scope lookup ops are
1755 * emitted in self-hosting mode. NAME ops do lookups off current scope chain,
1756 * and we do not want to allow self-hosted code to use the dynamic scope.
1757 */
1758 static bool
1760 {
1767 }
1770 }
1772 /*
1773 * If pn contains a useful expression, return true with *answer set to true.
1774 * If pn contains a useless expression, return true with *answer set to false.
1775 * Return false on error.
1776 *
1777 * The caller should initialize *answer to false and invoke this function on
1778 * an expression statement or similar subtree to decide whether the tree could
1779 * produce code that has any side effects. For an expression statement, we
1780 * define useless code as code with no side effects, because the main effect,
1781 * the value left on the stack after the code executes, will be discarded by a
1782 * pop bytecode.
1783 */
1784 static bool
1786 {
1792 /*
1793 * A named function, contrary to ES3, is no longer useful, because we
1794 * bind its name lexically (using JSOP_CALLEE) instead of creating an
1795 * Object instance and binding a readonly, permanent property in it
1796 * (the object and binding can be detected and hijacked or captured).
1797 * This is a bug fix to ES3; it is fixed in ES3.1 drafts.
1798 */
1805 /*
1806 * Non-operators along with ||, &&, ===, and !== never invoke
1807 * toString or valueOf.
1808 */
1813 }
1816 /* Generator-expressions are harmless if the result is ignored. */
1819 }
1821 /*
1822 * All invocation operations (construct: PNK_NEW, call: PNK_CALL)
1823 * are presumed to be useful, because they may have side effects
1824 * even if their main effect (their return value) is discarded.
1825 *
1826 * PNK_ELEM binary trees of 3+ nodes are flattened into lists to
1827 * avoid too much recursion. All such lists must be presumed to be
1828 * useful because each index operation could invoke a getter.
1829 *
1830 * Likewise, array and object initialisers may call prototype
1831 * setters (the __defineSetter__ built-in, and writable __proto__
1832 * on Array.prototype create this hazard). Initialiser list nodes
1833 * have JSOP_NEWINIT in their pn_op.
1834 */
1846 /*
1847 * Assignment is presumed to be useful, even if the next operation
1848 * is another assignment overwriting this one's ostensible effect,
1849 * because the left operand may be a property with a setter that
1850 * has side effects.
1851 *
1852 * The only exception is assignment of a useless value to a const
1853 * declared in the function currently being compiled.
1854 */
1865 }
1867 }
1871 /*
1872 * ||, &&, ===, and !== do not convert their operands via
1873 * toString or valueOf method calls.
1874 */
1877 }
1879 /*
1880 * We can't easily prove that neither operand ever denotes an
1881 * object with a toString or valueOf method.
1882 */
1889 {
1898 }
1899 /* FALL THROUGH */
1903 /* All these delete addressing modes have effects too. */
1908 }
1910 }
1917 /* ! does not convert its operand via toString or valueOf. */
1919 }
1920 /* FALL THROUGH */
1923 /*
1924 * All of PNK_INC, PNK_DEC, PNK_THROW, PNK_YIELD, and PNK_YIELD_STAR
1925 * have direct effects. Of the remaining unary-arity node types, we
1926 * can't easily prove that the operand never denotes an object with
1927 * a toString or valueOf method.
1928 */
1931 }
1935 /*
1936 * Take care to avoid trying to bind a label name (labels, both for
1937 * statements and property values in object initialisers, have pn_op
1938 * defaulted to JSOP_NOP).
1939 */
1944 /*
1945 * Not a use of an unshadowed named function expression's given
1946 * name, so this expression could invoke a getter that has side
1947 * effects.
1948 */
1950 }
1951 }
1953 /* Dotted property references in general can call getters. */
1955 }
1962 }
1964 }
1966 bool
1968 {
1972 }
1974 }
1976 bool
1978 {
1983 }
1985 bool
1987 {
2000 }
2001 }
2006 }
2008 }
2010 void
2012 {
2013 // Note: when parsing off thread the resulting scripts need to be handed to
2014 // the debugger after rejoining to the main thread.
2018 // Lazy scripts are never top level (despite always being invoked with a
2019 // nullptr parent), and so the hook should never be fired.
2025 }
2026 }
2030 {
2032 }
2034 bool
2036 {
2045 }
2047 bool
2049 {
2057 }
2059 bool
2061 {
2070 }
2072 static bool
2074 {
2089 }
2091 static bool
2093 {
2105 JSPROP_ENUMERATE))
2108 JSPROP_ENUMERATE))
2118 }
2120 static bool
2122 {
2128 }
2131 }
2133 static bool
2135 {
2136 jsatomid value_id;
2139 jsatomid done_id;
2152 }
2154 static bool
2156 {
2173 }
2174 }
2176 /* Need to provide |this| value for call */
2184 }
2185 }
2188 }
2190 static bool
2192 {
2196 /*
2197 * If the object operand is also a dotted property reference, reverse the
2198 * list linked via pn_expr temporarily so we can iterate over it from the
2199 * bottom up (reversing again as we go), to avoid excessive recursion.
2200 */
2206 /* Reverse pndot->pn_expr to point up, not down. */
2215 }
2217 /* pndown is a primary expression, not a dotted property reference. */
2222 /* Walk back up the list, emitting annotated name ops. */
2226 /* Reverse the pn_expr link again. */
2232 }
2234 // The non-optimized case.
2236 }
2238 static bool
2240 {
2256 }
2258 static bool
2260 {
2287 }
2295 }
2297 static bool
2299 {
2324 }
2332 }
2334 /*
2335 * Emit bytecode to put operands for a JSOP_GETELEM/CALLELEM/SETELEM/DELELEM
2336 * opcode onto the stack in the right order. In the case of SETELEM, the
2337 * value to be assigned must already be pushed.
2338 */
2339 static bool
2341 {
2352 }
2356 {
2364 }
2366 }
2368 static bool
2370 {
2372 }
2374 static bool
2376 {
2385 /*
2386 * We need to convert the key to an object id first, so that we do not do
2387 * it inside both the GETELEM and the SETELEM.
2388 */
2389 // OBJ KEY*
2412 }
2420 }
2422 static bool
2424 {
2453 }
2455 }
2461 }
2465 {
2467 }
2469 static bool
2471 {
2475 }
2477 }
2479 static bool
2482 {
2485 ScopeCoordinate sc;
2494 }
2497 }
2499 }
2501 static bool
2504 {
2505 // Initial values for block-scoped locals.
2517 }
2519 /*
2520 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047.
2521 * LLVM is deciding to inline this function which uses a lot of stack space
2522 * into EmitTree which is recursive and uses relatively little stack space.
2523 */
2524 MOZ_NEVER_INLINE static bool
2526 {
2527 JSOp switchOp;
2536 /* Try for most optimal, fall back if not dense ints. */
2544 /* Push the discriminant. */
2555 /* Advance pn2 to refer to the switch case list. */
2561 }
2563 /* Switch bytecodes run from here till end of final case. */
2571 }
2581 #define INTMAP_LENGTH 256
2594 }
2607 }
2613 }
2618 }
2624 /*
2625 * Check for duplicates, which require a JSOP_CONDSWITCH.
2626 * We bias i by 65536 if it's negative, and hope that's a rare
2627 * case (because it requires a malloc'd bitmap).
2628 */
2637 /* Just grab 8K for the worst-case bitmap. */
2643 }
2644 }
2646 }
2650 }
2652 }
2659 /*
2660 * Compute table length and select condswitch instead if overlarge or
2661 * more than half-sparse.
2662 */
2667 }
2668 }
2670 /*
2671 * The note has one or two offsets: first tells total switch code length;
2672 * second (if condswitch) tells offset to first JSOP_CASE.
2673 */
2675 /* 0 bytes of immediate for unoptimized switch. */
2681 /* 3 offsets (len, low, high) before the table, 1 per entry. */
2684 }
2688 /* Emit switchOp followed by switchSize bytes of jump or lookup table. */
2697 /* Emit code for evaluating cases and jumping to case statements. */
2703 /* off is the previous JSOP_CASE's bytecode offset. */
2706 }
2710 }
2721 /* Switch note's second offset is to first JSOP_CASE. */
2729 }
2730 }
2732 /*
2733 * If we didn't have an explicit default (which could fall in between
2734 * cases, preventing us from fusing this SetSrcNoteOffset with the call
2735 * in the loop above), link the last case to the implicit default for
2736 * the benefit of IonBuilder.
2737 */
2741 {
2743 }
2745 /* Emit default even if no explicit default statement. */
2753 /* Fill in switch bounds, which we know fit in 16-bit offsets. */
2759 /*
2760 * Use malloc to avoid arena bloat for programs with many switches.
2761 * UniquePtr takes care of freeing it on exit.
2762 */
2782 }
2783 }
2784 }
2786 /* Emit code for each case's statements, copying pn_offset up to pn3. */
2796 }
2799 /* If no default case, offset for default is to end of switch. */
2801 }
2803 /* We better have set "off" by now. */
2806 /* Set the default offset (to end of switch if no default). */
2815 }
2817 /* Set the SRC_SWITCH note's offset operand to tell end of switch. */
2823 /* Skip over the already-initialized switch bounds. */
2826 /* Fill in the jump table, if there is one. */
2832 }
2833 }
2841 }
2844 }
2846 bool
2848 {
2849 // The run once lambda flags set by the parser are approximate, and we look
2850 // at properties of the function itself before deciding to emit a function
2851 // as a run once lambda.
2860 }
2862 bool
2864 {
2865 /*
2866 * IonBuilder has assumptions about what may occur immediately after
2867 * script->main (e.g., in the case of destructuring params). Thus, put the
2868 * following ops into the range [script->code, script->main). Note:
2869 * execution starts from script->code, so this has no semantic effect.
2870 */
2881 ScopeCoordinate sc;
2889 }
2893 }
2900 }
2902 /*
2903 * Emit a prologue for run-once scripts which will deoptimize JIT code if
2904 * the script ends up running multiple times via foo.caller related
2905 * shenanigans.
2906 */
2913 }
2918 // If we fall off the end of an ES6 generator, return a boxed iterator
2919 // result object of the form { value: undefined, done: true }.
2928 // No need to check for finally blocks, etc as in EmitReturn.
2931 }
2933 /*
2934 * Always end the script with a JSOP_RETRVAL. Some other parts of the codebase
2935 * depend on this opcode, e.g. js_InternalInterpret.
2936 */
2943 /*
2944 * If this function is only expected to run once, mark the script so that
2945 * initializers created within it may be given more precise types.
2946 */
2950 }
2952 /* Initialize fun->script() so that the debugger has a valid fun->script(). */
2958 else
2964 }
2966 static bool
2969 {
2970 jsatomid atomIndex;
2977 }
2981 {
2988 }
2993 }
2995 /*
2996 * This enum tells EmitVariables and the destructuring functions how emit the
2997 * given Parser::variables parse tree. In the base case, DefineVars, the caller
2998 * only wants variables to be defined in the prologue (if necessary). For
2999 * PushInitialValues, variable initializer expressions are evaluated and left
3000 * on the stack. For InitializeVars, the initializer expressions values are
3001 * assigned (to local variables) and popped.
3002 */
3003 enum VarEmitOption
3004 {
3008 };
3011 (*DestructuringDeclEmitter)(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp prologOp, ParseNode* pn);
3013 static bool
3014 EmitDestructuringDecl(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp prologOp, ParseNode* pn)
3015 {
3022 }
3024 static bool
3027 {
3036 }
3037 DestructuringDeclEmitter emitter =
3041 }
3043 }
3048 DestructuringDeclEmitter emitter =
3052 }
3054 }
3056 static bool
3058 VarEmitOption emitOption);
3060 /*
3061 * EmitDestructuringLHS assumes the to-be-destructured value has been pushed on
3062 * the stack and emits code to destructure a single lhs expression (either a
3063 * name or a compound []/{} expression).
3064 *
3065 * If emitOption is InitializeVars, the to-be-destructured value is assigned to
3066 * locals and ultimately the initial slot is popped (-1 total depth change).
3067 *
3068 * If emitOption is PushInitialValues, the to-be-destructured value is replaced
3069 * with the initial values of the N (where 0 <= N) variables assigned in the
3070 * lhs expression. (Same post-condition as EmitDestructuringOpsHelper)
3071 */
3072 static bool
3073 EmitDestructuringLHS(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, VarEmitOption emitOption)
3074 {
3077 // Now emit the lvalue opcode sequence. If the lvalue is a nested
3078 // destructuring initialiser-form, call ourselves to handle it, then pop
3079 // the matched value. Otherwise emit an lvalue bytecode sequence followed
3080 // by an assignment op.
3087 // Per its post-condition, EmitDestructuringOpsHelper has left the
3088 // to-be-destructured value on top of the stack.
3091 }
3093 // The lhs is a simple name so the to-be-destructured value is
3094 // its initial value and there is nothing to do.
3103 // Allow 'const [x,y] = o', make 'const x,y; [x,y] = o' a nop.
3111 // This is like ordinary assignment, but with one difference.
3112 //
3113 // In `a = b`, we first determine a binding for `a` (using
3114 // JSOP_BINDNAME or JSOP_BINDGNAME), then we evaluate `b`, then
3115 // a JSOP_SETNAME instruction.
3116 //
3117 // In `[a] = [b]`, per spec, `b` is evaluated first, then we
3118 // determine a binding for `a`. Then we need to do assignment--
3119 // but the operands are on the stack in the wrong order for
3120 // JSOP_SETPROP, so we have to add a JSOP_SWAP.
3121 jsatomid atomIndex;
3131 }
3136 }
3146 }
3150 // See the (PNK_NAME, JSOP_SETNAME) case above.
3151 //
3152 // In `a.x = b`, `a` is evaluated first, then `b`, then a
3153 // JSOP_SETPROP instruction.
3154 //
3155 // In `[a.x] = [b]`, per spec, `b` is evaluated before `a`. Then we
3156 // need a property set -- but the operands are on the stack in the
3157 // wrong order for JSOP_SETPROP, so we have to add a JSOP_SWAP.
3167 // See the comment at `case PNK_DOT:` above. This case,
3168 // `[a[x]] = [b]`, is handled much the same way. The JSOP_SWAP
3169 // is emitted by EmitElemOperands.
3179 // Pop the call return value. Below, we pop the RHS too, balancing
3180 // the stack --- presumably for the benefit of bytecode
3181 // analysis. (The interpreter will never reach these instructions
3182 // since we just emitted JSOP_SETCALL, which always throws. It's
3183 // possible no analyses actually depend on this either.)
3190 }
3192 // Pop the assigned value.
3195 }
3198 }
3203 /**
3204 * EmitIteratorNext will pop iterator from the top of the stack.
3205 * It will push the result of |.next()| onto the stack.
3206 */
3207 static bool
3209 {
3220 }
3222 /*
3223 * Recursive helper for EmitDestructuringOps.
3224 * EmitDestructuringOpsHelper assumes the to-be-destructured value has been
3225 * pushed on the stack and emits code to destructure each part of a [] or {}
3226 * lhs expression.
3227 *
3228 * If emitOption is InitializeVars, the initial to-be-destructured value is
3229 * left untouched on the stack and the overall depth is not changed.
3230 *
3231 * If emitOption is PushInitialValues, the to-be-destructured value is replaced
3232 * with the initial values of the N (where 0 <= N) variables assigned in the
3233 * lhs expression. (Same post-condition as EmitDestructuringLHS)
3234 */
3235 static bool
3237 VarEmitOption emitOption)
3238 {
3245 #ifdef DEBUG
3250 #endif
3252 /*
3253 * When destructuring an array, use an iterator to walk it, instead of index lookup.
3254 * InitializeVars expects us to leave the *original* value on the stack.
3255 */
3260 }
3264 }
3267 /*
3268 * Now push the property name currently being matched, which is the
3269 * current property name "label" on the left of a colon in the object initialiser.
3270 * Set pn3 to the lvalue node, which is in the value-initializing position.
3271 */
3276 /* Duplicate the value being destructured to use as a reference base. */
3287 // The parser already checked for atoms representing indexes and
3288 // used PNK_NUMBER instead, but also watch for ids which TI treats
3289 // as indexes for simplification of downstream analysis.
3298 }
3303 }
3306 /*
3307 * Ok, get the value of the matching property name. This leaves
3308 * that value on top of the value being destructured, so the stack
3309 * is one deeper than when we started.
3310 */
3314 }
3321 /* Create a new array with the rest of the iterator */
3348 // Emit (result.done ? undefined : result.value)
3349 // This is mostly copied from EmitConditionalExpression, except that this code
3350 // does not push new values onto the stack.
3363 /* Jump around else, fixup the branch, emit else, fixup jump. */
3375 }
3378 }
3380 /* Elision node makes a hole in the array destructurer. */
3393 /*
3394 * After '[x,y]' in 'let ([[x,y], z] = o)', the stack is
3395 * | to-be-destructured-value | x | y |
3396 * The goal is:
3397 * | x | y | z |
3398 * so emit a pick to produce the intermediate state
3399 * | x | y | to-be-destructured-value |
3400 * before destructuring z. This gives the loop invariant that
3401 * the to-be-destructured-value is always on top of the stack.
3402 */
3409 }
3412 }
3413 }
3414 }
3415 }
3421 /*
3422 * Per the above loop invariant, to-be-destructured-value is at the top
3423 * of the stack. To achieve the post-condition, pop it.
3424 * In case of array destructuring, the above POP already took care of the iterator.
3425 */
3428 }
3431 }
3433 static bool
3434 EmitDestructuringOps(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, bool isLet = false)
3435 {
3436 /*
3437 * Call our recursive helper to emit the destructuring assignments and
3438 * related stack manipulations.
3439 */
3442 }
3444 static bool
3446 {
3451 // We update source notes before emitting the expression
3454 }
3459 // We need to convert the expression to a string
3462 }
3465 // We've pushed two strings onto the stack. Add them together, leaving just one.
3468 }
3470 }
3472 }
3474 static bool
3475 EmitVariables(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, VarEmitOption emitOption,
3477 {
3490 /*
3491 * Emit variable binding ops, but not destructuring ops. The
3492 * parser (see Parser::variables) has ensured that our caller
3493 * will be the PNK_FOR/PNK_FORIN/PNK_FOROF case in EmitTree, and
3494 * that case will emit the destructuring code only after
3495 * emitting an enumerating opcode and a branch that tests
3496 * whether the enumeration ended.
3497 */
3503 }
3505 /*
3506 * A destructuring initialiser assignment preceded by var will
3507 * never occur to the left of 'in' in a for-in loop. As with 'for
3508 * (var x = i in o)...', this will cause the entire 'var [a, b] =
3509 * i' to be hoisted out of the loop.
3510 */
3515 /*
3516 * To allow the front end to rewrite var f = x; as f = x; when a
3517 * function f(){} precedes the var, detect simple name assignment
3518 * here and initialize the name.
3519 */
3524 }
3536 /* If we are not initializing, nothing to pop. */
3541 }
3543 }
3545 /*
3546 * Load initializer early to share code above that jumps to do_name.
3547 * NB: if this var redeclares an existing binding, then pn2 is linked
3548 * on its definition's use-chain and pn_expr has been overlayed with
3549 * pn_lexdef.
3550 */
3553 do_name:
3558 JSOp op;
3563 jsatomid atomIndex;
3571 JSOp bindOp;
3576 else
3580 }
3588 /* JSOP_ENTERLETx expects at least 1 slot to have been pushed. */
3591 }
3593 /* If we are not initializing, nothing to pop. */
3598 }
3607 }
3609 emit_note_pop:
3614 }
3619 }
3622 }
3624 static bool
3625 EmitAssignment(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* lhs, JSOp op, ParseNode* rhs)
3626 {
3627 /*
3628 * Check left operand type and generate specialized code for it.
3629 * Specialize to avoid ECMA "reference type" values on the operand
3630 * stack, which impose pervasive runtime "GetValue" costs.
3631 */
3643 JSOp bindOp;
3648 else
3652 offset++;
3653 }
3654 }
3659 offset++;
3683 }
3700 }
3715 JSOp op;
3721 }
3724 }
3733 }
3741 /*
3742 * We just emitted a JSOP_SETCALL (which will always throw) and
3743 * popped the call's return value. Push a random value to make sure
3744 * the stack depth is correct.
3745 */
3751 }
3752 }
3754 /* Now emit the right operand (it may affect the namespace). */
3759 /*
3760 * The value to assign is the next enumeration value in a for-in or
3761 * for-of loop. That value has already been emitted: by JSOP_ITERNEXT
3762 * in the for-in case, or via a GETPROP "value" on the result object in
3763 * the for-of case. If offset == 1, that slot is already at the top of
3764 * the stack. Otherwise, rearrange the stack to put that value on top.
3765 */
3768 }
3770 /* If += etc., emit the binary operator with a source note. */
3772 /*
3773 * Take care to avoid SRC_ASSIGNOP if the left-hand side is a const
3774 * declared in the current compilation unit, as in this case (just
3775 * a bit further below) we will avoid emitting the assignment op.
3776 */
3780 }
3783 }
3785 /* Finally, emit the specialized assignment bytecode. */
3792 }
3794 }
3801 }
3808 /* Do nothing. The JSOP_SETCALL we emitted will always throw. */
3822 }
3824 }
3826 bool
3827 ParseNode::getConstantValue(ExclusiveContext* cx, AllowConstantObjects allowObjects, MutableHandleValue vp)
3828 {
3866 }
3880 }
3886 }
3897 RootedObject obj(cx, NewBuiltinClassInstance(cx, &JSObject::class_, kind, MaybeSingletonObject));
3913 }
3918 JSPROP_ENUMERATE))
3919 {
3921 }
3924 }
3937 {
3939 }
3940 }
3941 }
3946 }
3949 }
3951 }
3953 static bool
3955 {
3969 }
3971 static bool
3973 {
3994 }
3996 /* See the SRC_FOR source note offsetBias comments later in this file. */
4002 class EmitLevelManager
4003 {
4008 };
4012 static bool
4014 {
4015 /*
4016 * Morph STMT_BLOCK to STMT_CATCH, note the block entry code offset,
4017 * and save the block object atom.
4018 */
4023 /* Go up one statement info record to the TRY or FINALLY record. */
4027 /* Pick up the pending exception and bind it to the catch variable. */
4031 /*
4032 * Dup the exception object if there is a guard for rethrowing to use
4033 * it later when rethrowing or in other catches.
4034 */
4049 /* Inline and specialize BindNameToSlot for pn2. */
4059 }
4061 // If there is a guard expression, emit it and arrange to jump to the next
4062 // catch block if the guard expression is false.
4067 // If the guard expression is false, fall through, pop the block scope,
4068 // and jump to the next catch block. Otherwise jump over that code and
4069 // pop the dupped exception.
4074 {
4077 // Move exception back to cx->exception to prepare for
4078 // the next catch.
4082 // Leave the scope for this catch block.
4086 // Jump to the next handler. The jump target is backpatched by EmitTry.
4091 }
4093 // Back to normal control flow.
4096 // Pop duplicated exception object as we no longer need it.
4099 }
4101 /* Emit the catch body. */
4103 }
4105 // Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See the
4106 // comment on EmitSwitch.
4107 //
4108 MOZ_NEVER_INLINE static bool
4110 {
4113 // Push stmtInfo to track jumps-over-catches and gosubs-to-finally
4114 // for later fixup.
4115 //
4116 // When a finally block is active (STMT_FINALLY in our parse context),
4117 // non-local jumps (including jumps-over-catches) result in a GOSUB
4118 // being written into the bytecode stream and fixed-up later (c.f.
4119 // EmitBackPatchOp and BackPatch).
4120 //
4123 // Since an exception can be thrown at any place inside the try block,
4124 // we need to restore the stack and the scope chain before we transfer
4125 // the control to the exception handler.
4126 //
4127 // For that we store in a try note associated with the catch or
4128 // finally block the stack depth upon the try entry. The interpreter
4129 // uses this depth to properly unwind the stack and the scope chain.
4130 //
4133 // Record the try location, then emit the try block.
4142 // GOSUB to finally, if present.
4146 }
4148 // Source note points to the jump at the end of the try block.
4152 // Emit jump over catch and/or finally.
4159 // If this try has a catch block, emit it.
4161 // The emitted code for a catch block looks like:
4162 //
4163 // [pushblockscope] only if any local aliased
4164 // exception
4165 // if there is a catchguard:
4166 // dup
4167 // setlocal 0; pop assign or possibly destructure exception
4168 // if there is a catchguard:
4169 // < catchguard code >
4170 // ifne POST
4171 // debugleaveblock
4172 // [popblockscope] only if any local aliased
4173 // throwing pop exception to cx->exception
4174 // goto <next catch block>
4175 // POST: pop
4176 // < catch block contents >
4177 // debugleaveblock
4178 // [popblockscope] only if any local aliased
4179 // goto <end of catch blocks> non-local; finally applies
4180 //
4181 // If there's no catch block without a catchguard, the last <next catch
4182 // block> points to rethrow code. This code will [gosub] to the finally
4183 // code if appropriate, and is also used for the catch-all trynote for
4184 // capturing exceptions thrown from catch{} blocks.
4185 //
4189 // Emit the lexical scope and catch body.
4194 // gosub <finally>, if required.
4199 }
4201 // Jump over the remaining catch blocks. This will get fixed
4202 // up to jump to after catch/finally.
4206 // If this catch block had a guard clause, patch the guard jump to
4207 // come here.
4212 // If this catch block is the last one, rethrow, delegating
4213 // execution of any finally block to the exception handler.
4219 }
4220 }
4221 }
4222 }
4226 // Emit the finally handler, if there is one.
4229 // Fix up the gosubs that might have been emitted before non-local
4230 // jumps to the finally code.
4236 // Indicate that we're emitting a subroutine body.
4243 {
4245 }
4247 }
4251 // ReconstructPCStack needs a NOP here to mark the end of the last catch block.
4255 // Fix up the end-of-try/catch jumps to come here.
4259 // Add the try note last, to let post-order give us the right ordering
4260 // (first to last for a given nesting level, inner to outer by level).
4264 // If we've got a finally, mark try+catch region with additional
4265 // trynote to catch exceptions (re)thrown from a catch block or
4266 // for the try{}finally{} case.
4271 }
4273 static bool
4275 {
4278 /* Initialize so we can detect else-if chains and avoid recursion. */
4284 if_again:
4285 /* Emit code for the condition before pushing stmtInfo. */
4292 /*
4293 * We came here from the goto further below that detects else-if
4294 * chains, so we must mutate stmtInfo back into a STMT_IF record.
4295 * Also we need a note offset for SRC_IF_ELSE to help IonMonkey.
4296 */
4302 }
4304 /* Emit an annotated branch-if-false around the then part. */
4313 /* Emit code for the then and optional else parts. */
4317 /* Modify stmtInfo so we know we're in the else part. */
4320 /*
4321 * Emit a JSOP_BACKPATCH op to jump from the end of our then part
4322 * around the else part. The PopStatementBCE call at the bottom of
4323 * this function will fix up the backpatch chain linked from
4324 * stmtInfo.breaks.
4325 */
4330 /* Ensure the branch-if-false comes here, then emit the else. */
4335 }
4340 /*
4341 * Annotate SRC_IF_ELSE with the offset from branch to jump, for
4342 * IonMonkey's benefit. We can't just "back up" from the pc
4343 * of the else clause, because we don't know whether an extended
4344 * jump was required to leap from the end of the then clause over
4345 * the else clause.
4346 */
4350 /* No else part, fixup the branch-if-false to come here. */
4352 }
4354 }
4356 /*
4357 * pnLet represents one of:
4358 *
4359 * let-expression: (let (x = y) EXPR)
4360 * let-statement: let (x = y) { ... }
4361 *
4362 * For a let-expression 'let (x = a, [y,z] = b) e', EmitLet produces:
4363 *
4364 * bytecode stackDepth srcnotes
4365 * evaluate a +1
4366 * evaluate b +1
4367 * dup +1
4368 * destructure y
4369 * pick 1
4370 * dup +1
4371 * destructure z
4372 * pick 1
4373 * pop -1
4374 * setlocal 2 -1
4375 * setlocal 1 -1
4376 * setlocal 0 -1
4377 * pushblockscope (if needed)
4378 * evaluate e +1
4379 * debugleaveblock
4380 * popblockscope (if needed)
4381 *
4382 * Note that, since pushblockscope simply changes fp->scopeChain and does not
4383 * otherwise touch the stack, evaluation of the let-var initializers must leave
4384 * the initial value in the let-var's future slot.
4385 */
4386 /*
4387 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
4388 * the comment on EmitSwitch.
4389 */
4390 MOZ_NEVER_INLINE static bool
4392 {
4404 /* Push storage for hoisted let decls (e.g. 'let (x) { let y }'). */
4417 }
4419 /*
4420 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
4421 * the comment on EmitSwitch.
4422 */
4423 MOZ_NEVER_INLINE static bool
4425 {
4439 }
4441 static bool
4443 {
4454 }
4456 /**
4457 * EmitIterator expects the iterable to already be on the stack.
4458 * It will replace that stack value with the corresponding iterator
4459 */
4460 static bool
4462 {
4463 // Convert iterable to iterator.
4474 }
4476 /**
4477 * If type is STMT_FOR_OF_LOOP, it emits bytecode for for-of loop.
4478 * pn should be PNK_FOR, and pn->pn_left should be PNK_FOROF.
4479 *
4480 * If type is STMT_SPREAD, it emits bytecode for spread operator.
4481 * pn should be nullptr.
4482 * Please refer the comment above EmitSpread for additional information about
4483 * stack convention.
4484 */
4485 static bool
4486 EmitForOf(ExclusiveContext* cx, BytecodeEmitter* bce, StmtType type, ParseNode* pn, ptrdiff_t top)
4487 {
4499 // If the left part is 'var x', emit code to define x if necessary using a
4500 // prolog opcode, but do not emit a pop.
4508 }
4511 // For-of loops run with two values on the stack: the iterator and the
4512 // current result object.
4514 // Compile the object expression to the right of 'of'.
4520 // Push a dummy result so that we properly enter iteration midstream.
4523 }
4525 // Enter the block before the loop body, after evaluating the obj.
4530 }
4535 // Jump down to the loop condition to minimize overhead assuming at least
4536 // one iteration, as the other loop forms do. Annotate so IonMonkey can
4537 // find the loop-closing jump.
4553 #ifdef DEBUG
4555 #endif
4557 // Emit code to assign result.value to the iteration variable.
4561 }
4570 // The stack should be balanced around the assignment opcode sequence.
4573 // Emit code for the loop body.
4577 // Set loop and enclosing "update" offsets, for continue.
4588 // STMT_SPREAD never contain continue, so do not set "update" offset.
4589 }
4591 // COME FROM the beginning of the loop to here.
4604 }
4618 // Let Ion know where the closing jump of this loop is.
4622 // Fixup breaks and continues.
4623 // For STMT_SPREAD, just pop pc->topStmt.
4630 }
4635 }
4637 // Pop the result and the iter.
4641 }
4643 static bool
4645 {
4653 /*
4654 * If the left part is 'var x', emit code to define x if necessary
4655 * using a prolog opcode, but do not emit a pop. If the left part was
4656 * originally 'var x = i', the parser will have rewritten it; see
4657 * Parser::forStatement. 'for (let x = i in o)' is mercifully banned.
4658 */
4666 }
4668 /* Compile the object expression to the right of 'in'. */
4672 /*
4673 * Emit a bytecode to convert top of stack value to the iterator
4674 * object depending on the loop variant (for-in, for-each-in, or
4675 * destructuring for-in).
4676 */
4681 /* Enter the block before the loop body, after evaluating the obj. */
4686 }
4691 /* Annotate so IonMonkey can find the loop-closing jump. */
4696 /*
4697 * Jump down to the loop condition to minimize overhead assuming at
4698 * least one iteration, as the other loop forms do.
4699 */
4709 #ifdef DEBUG
4711 #endif
4713 /*
4714 * Emit code to get the next enumeration value and assign it to the
4715 * left hand side.
4716 */
4725 /* The stack should be balanced around the assignment opcode sequence. */
4728 /* Emit code for the loop body. */
4732 /* Set loop and enclosing "update" offsets, for continue. */
4738 /*
4739 * Fixup the goto that starts the loop to jump down to JSOP_MOREITER.
4740 */
4750 /* Set the srcnote offset so we can find the closing jump. */
4754 // Fix up breaks and continues.
4766 }
4769 }
4771 static bool
4773 {
4780 /* C-style for (init; cond; update) ... loop. */
4784 // No initializer, but emit a nop so that there's somewhere to put the
4785 // SRC_FOR annotation that IonBuilder will look for.
4794 }
4796 /*
4797 * NB: the SRC_FOR note has offsetBias 1 (JSOP_{NOP,POP}_LENGTH).
4798 * Use tmp to hold the biased srcnote "top" offset, which differs
4799 * from the top local variable by the length of the JSOP_GOTO
4800 * emitted in between tmp and top if this loop has a condition.
4801 */
4809 /* Goto the loop condition, which branches back to iterate. */
4816 }
4821 /* Emit code for the loop body. */
4829 /* Set the second note offset so we can find the update part. */
4833 /* Set loop and enclosing "update" offsets, for continue. */
4839 /* Check for update code to do before the condition (if any). */
4848 /* Always emit the POP or NOP to help IonBuilder. */
4852 /* Restore the absolute line number for source note readers. */
4859 }
4860 }
4865 /* Fix up the goto from top to target the loop condition. */
4873 }
4875 /* Set the first note offset so we can find the loop condition. */
4880 /* The third note offset helps us find the loop-closing jump. */
4884 /* If no loop condition, just emit a loop-closing jump. */
4892 /* Now fixup all breaks and continues. */
4894 }
4898 {
4907 }
4911 {
4916 /*
4917 * Set the EMITTEDFUNCTION flag in function definitions once they have been
4918 * emitted. Function definitions that need hoisting to the top of the
4919 * function will be seen by EmitFunc in two places.
4920 */
4926 }
4930 /*
4931 * Mark as singletons any function which will only be executed once, or
4932 * which is inner to a lambda we only expect to run once. In the latter
4933 * case, if the lambda runs multiple times then CloneFunctionObject will
4934 * make a deep clone of its contents.
4935 */
4952 }
4962 // Inherit most things (principals, version, etc) from the parent.
4976 sourceObject,
4990 /* We measured the max scope depth when we parsed the function. */
4996 }
4999 }
5001 /* Make the function object a literal in the outer script's pool. */
5004 /* Non-hoisted functions simply emit their respective op. */
5006 /* JSOP_LAMBDA_ARROW is always preceded by JSOP_THIS. */
5011 }
5013 /*
5014 * For a script we emit the code as we parse. Thus the bytecode for
5015 * top-level functions should go in the prolog to predefine their
5016 * names in the variable object before the already-generated main code
5017 * is executed. This extra work for top-level scripts is not necessary
5018 * when we emit the code for a function. It is fully parsed prior to
5019 * invocation of the emitter and calls to EmitTree for function
5020 * definitions can be scheduled before generating the rest of code.
5021 */
5033 #ifdef DEBUG
5036 bi++;
5040 #endif
5050 }
5053 }
5055 static bool
5057 {
5058 /* Emit an annotated nop so IonBuilder can recognize the 'do' loop. */
5067 /* Compile the loop body. */
5081 /* Set loop and enclosing label update offsets, for continue. */
5088 /* Compile the loop condition, now that continues know where to go. */
5099 /*
5100 * Update the annotations with the update and back edge positions, for
5101 * IonBuilder.
5102 *
5103 * Be careful: We must set noteIndex2 before noteIndex in case the noteIndex
5104 * note gets bigger.
5105 */
5112 }
5114 static bool
5116 {
5117 /*
5118 * Minimize bytecodes issued for one or more iterations by jumping to
5119 * the condition below the body and closing the loop if the condition
5120 * is true with a backward branch. For iteration count i:
5121 *
5122 * i test at the top test at the bottom
5123 * = =============== ==================
5124 * 0 ifeq-pass goto; ifne-fail
5125 * 1 ifeq-fail; goto; ifne-pass goto; ifne-pass; ifne-fail
5126 * 2 2*(ifeq-fail; goto); ifeq-pass goto; 2*ifne-pass; ifne-fail
5127 * . . .
5128 * N N*(ifeq-fail; goto); ifeq-pass goto; N*ifne-pass; ifne-fail
5129 */
5165 }
5167 static bool
5169 {
5171 SrcNoteType noteType;
5180 }
5183 }
5185 static bool
5187 {
5190 /* Find the loop statement enclosed by the matching label. */
5196 }
5201 }
5204 }
5206 static bool
5208 {
5215 }
5217 /* Push a return value */
5222 /* No explicit return value provided */
5225 }
5230 }
5232 /*
5233 * EmitNonLocalJumpFixup may add fixup bytecode to close open try
5234 * blocks having finally clauses and to exit intermingled let blocks.
5235 * We can't simply transfer control flow to our caller in that case,
5236 * because we must gosub to those finally clauses from inner to outer,
5237 * with the correct stack pointer (i.e., after popping any with,
5238 * for/in, etc., slots nested inside the finally's try).
5239 *
5240 * In this case we mutate JSOP_RETURN into JSOP_SETRVAL and add an
5241 * extra JSOP_RETRVAL after the fixups.
5242 */
5257 }
5260 }
5262 static bool
5264 {
5271 // Convert iterable to iterator.
5285 // Initial send value is undefined.
5292 // Try prologue. // ITER RESULT
5301 // Yield RESULT as-is, without re-boxing.
5305 // Try epilogue.
5313 // Catch location.
5314 // THROW? = 'throw' in ITER // ITER
5328 // if (THROW?) goto delegate
5338 // RESULT = ITER.throw(EXCEPTION) // EXCEPTION ITER
5358 // Catch epilogue.
5361 // This is a peace offering to ReconstructPCStack. See the note in EmitTry.
5367 // After the try/catch block: send the received value to the iterator.
5373 // Send location.
5374 // result = iter.next(received) // ITER RECEIVED
5394 // if (!result.done) goto tryStart; // ITER RESULT
5399 // if (!DONE) goto tryStart;
5403 // result.value
5414 }
5416 static bool
5418 {
5432 }
5435 }
5437 static bool
5439 {
5449 /*
5450 * Top-level or called-from-a-native JS_Execute/EvaluateScript,
5451 * debugger, and eval frames may need the value of the ultimate
5452 * expression statement as the script's result, despite the fact
5453 * that it appears useless to the compiler.
5454 *
5455 * API users may also set the JSOPTION_NO_SCRIPT_RVAL option when
5456 * calling JS_Compile* to suppress JSOP_SETRVAL.
5457 */
5464 }
5466 /* Don't eliminate expressions with side effects. */
5471 /*
5472 * Don't eliminate apparently useless expressions if they are
5473 * labeled expression statements. The pc->topStmt->update test
5474 * catches the case where we are nesting in EmitTree for a labeled
5475 * compound statement.
5476 */
5480 {
5482 }
5483 }
5493 // Don't complain about directive prologue members; just don't emit
5494 // their code.
5497 // Warn if encountering a non-directive prologue member string
5498 // expression statement, that is inconsistent with the current
5499 // directive prologue. That is, a script *not* starting with
5500 // "use strict" should warn for any "use strict" statements seen
5501 // later in the script, because such statements are misleading.
5511 }
5512 }
5517 }
5523 }
5524 }
5527 }
5529 static bool
5531 {
5532 /*
5533 * Under ECMA 3, deleting a non-reference returns true -- but alas we
5534 * must evaluate the operand if it appears it might have side effects.
5535 */
5539 {
5549 }
5551 }
5561 {
5562 /*
5563 * If useless, just emit JSOP_TRUE; otherwise convert delete foo()
5564 * to foo(), true (a comma expression).
5565 */
5576 }
5580 }
5581 }
5584 }
5586 static bool
5589 static bool
5591 {
5593 /*
5594 * Emit callable invocation or operator new (constructor call) code.
5595 * First, emit code for the left operand to evaluate the callable or
5596 * constructable object expression.
5597 *
5598 * For operator new, we emit JSOP_GETPROP instead of JSOP_CALLPROP, etc.
5599 * This is necessary to interpose the lambda-initialized method read
5600 * barrier -- see the code in jsinterp.cpp for JSOP_LAMBDA followed by
5601 * JSOP_{SET,INIT}PROP.
5602 *
5603 * Then (or in a call case that has no explicit reference-base
5604 * object) we emit JSOP_UNDEFINED to produce the undefined |this|
5605 * value required for calls (which non-strict mode functions
5606 * will box into the global object).
5607 */
5612 ? JSMSG_TOO_MANY_FUN_ARGS
5615 }
5625 {
5626 /*
5627 * Special-casing of callFunction to emit bytecode that directly
5628 * invokes the callee with the correct |this| object and arguments.
5629 * callFunction(fun, thisArg, arg0, arg1) thus becomes:
5630 * - emit lookup for fun
5631 * - emit lookup for thisArg
5632 * - emit lookups for arg0, arg1
5633 *
5634 * argc is set to the amount of actually emitted args and the
5635 * emitting of args below is disabled by setting emitArgs to false.
5636 */
5640 }
5652 }
5657 }
5670 /*
5671 * Top level lambdas which are immediately invoked should be
5672 * treated as only running once. Every time they execute we will
5673 * create new types and scripts for their contents, to increase
5674 * the quality of type information within them and enable more
5675 * backend optimizations. Note that this does not depend on the
5676 * lambda being invoked at most once (it may be named or be
5677 * accessed via foo.caller indirection), as multiple executions
5678 * will just cause the inner scripts to be repeatedly cloned.
5679 */
5689 }
5697 }
5702 }
5705 /*
5706 * Emit code for each argument in order, then emit the JSOP_*CALL or
5707 * JSOP_NEW bytecode with a two-byte immediate telling how many args
5708 * were pushed on the operand stack.
5709 */
5716 }
5720 }
5722 }
5730 }
5735 }
5739 }
5741 }
5743 static bool
5745 {
5746 /*
5747 * JSOP_OR converts the operand on the stack to boolean, leaves the original
5748 * value on the stack and jumps if true; otherwise it falls into the next
5749 * bytecode, which pops the left operand and then evaluates the right operand.
5750 * The jump goes around the right operand evaluation.
5751 *
5752 * JSOP_AND converts the operand on the stack to boolean and jumps if false;
5753 * otherwise it falls into the right operand's bytecode.
5754 */
5771 }
5776 /* Left-associative operator chain: avoid too much recursion. */
5786 /* Emit nodes between the head and the tail. */
5798 }
5813 }
5815 /*
5816 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
5817 * the comment on EmitSwitch.
5818 */
5819 MOZ_NEVER_INLINE static bool
5821 {
5822 /* Emit lvalue-specialized code for ++/-- operators. */
5855 }
5866 }
5875 }
5877 }
5888 }
5889 }
5890 }
5892 }
5894 /*
5895 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
5896 * the comment on EmitSwitch.
5897 */
5898 MOZ_NEVER_INLINE static bool
5900 {
5901 /*
5902 * Emit a JSOP_LABEL instruction. The argument is the offset to the statement
5903 * following the labeled statement.
5904 */
5905 jsatomid index;
5913 /* Emit code for the labeled statement. */
5922 /* Patch the JSOP_LABEL offset. */
5925 }
5927 static bool
5928 EmitSyntheticStatements(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, ptrdiff_t top)
5929 {
5939 }
5941 }
5943 static bool
5944 EmitConditionalExpression(ExclusiveContext* cx, BytecodeEmitter* bce, ConditionalExpression& conditional)
5945 {
5946 /* Emit the condition, then branch if false to the else part. */
5956 /* Jump around else, fixup the branch, emit else, fixup jump. */
5962 /*
5963 * Because each branch pushes a single value, but our stack budgeting
5964 * analysis ignores branches, we now have to adjust bce->stackDepth to
5965 * ignore the value pushed by the first branch. Execution will follow
5966 * only one path, so we must decrement bce->stackDepth.
5967 *
5968 * Failing to do this will foil code, such as let expression and block
5969 * code generation, which must use the stack depth to compute local
5970 * stack indexes correctly.
5971 */
5978 }
5980 /*
5981 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
5982 * the comment on EmitSwitch.
5983 */
5984 MOZ_NEVER_INLINE static bool
5986 {
5990 /*
5991 * Emit code for {p:a, '%q':b, 2:c} that is equivalent to constructing
5992 * a new object and defining (in source order) each property on the object
5993 * (or mutating the object's [[Prototype]], in the case of __proto__).
5994 */
5999 /*
6000 * Try to construct the shape of the object as we go, so we can emit a
6001 * JSOP_NEWOBJECT with the final shape instead.
6002 */
6009 }
6015 /* Emit an index for t[2] for later consumption by JSOP_INITELEM. */
6023 // The parser already checked for atoms representing indexes and
6024 // used PNK_NUMBER instead, but also watch for ids which TI treats
6025 // as indexes for simpliciation of downstream analysis.
6031 }
6037 }
6039 /* Emit code for the property initializer. */
6058 }
6064 // If we have { __proto__: expr }, implement prototype mutation.
6070 }
6072 jsatomid index;
6086 {
6088 }
6091 }
6095 }
6096 }
6102 /*
6103 * The object survived and has a predictable shape: update the original
6104 * bytecode.
6105 */
6120 }
6123 }
6125 static bool
6127 {
6131 /*
6132 * Pass the new array's stack index to the PNK_ARRAYPUSH case via
6133 * bce->arrayCompDepth, then simply traverse the PNK_FOR node and
6134 * its kids under pn2 to generate this comprehension.
6135 */
6143 /* Emit the usual op needed for decompilation. */
6145 }
6147 /**
6148 * EmitSpread expects the current index (I) of the array, the array itself and the iterator to be
6149 * on the stack in that order (iterator on the bottom).
6150 * It will pop the iterator and I, then iterate over the iterator by calling |.next()|
6151 * and put the results into the I-th element of array with incrementing I, then
6152 * push the result I (it will be original I + iteration count).
6153 * The stack after iteration will look like |ARRAY INDEX|.
6154 */
6155 static bool
6157 {
6159 }
6161 static bool
6163 {
6164 /*
6165 * Emit code for [a, b, c] that is equivalent to constructing a new
6166 * array and in source order evaluating each element value and adding
6167 * it to the array, without invoking latent setters. We use the
6168 * JSOP_NEWINIT and JSOP_INITELEM_ARRAY bytecodes to ignore setters and
6169 * to avoid dup'ing and popping the array as each element is added, as
6170 * JSOP_SETELEM/JSOP_SETPROP would do.
6171 */
6176 nspread++;
6177 }
6185 // For arrays with spread, this is a very pessimistic allocation, the
6186 // minimum possible final size.
6190 jsatomid atomIndex;
6197 }
6207 }
6225 }
6226 }
6231 }
6233 /* Emit an op to finish the array and aid in decompilation. */
6235 }
6237 static bool
6239 {
6242 /* Unary op, including unary +/-. */
6256 }
6258 static bool
6260 {
6275 // Emit source note to enable ion compilation.
6288 }
6291 }
6293 bool
6295 {
6304 /* Emit notes to tell the current bytecode's source line number. */
6314 {
6318 // Carefully emit everything in the right order:
6319 // 1. Destructuring
6320 // 2. Defaults
6321 // 3. Functions
6324 // Assign the destructuring arguments before defining any functions,
6325 // see bug 419662.
6331 }
6339 // Defaults with a rest parameter need special handling. The
6340 // rest parameter needs to be undefined while defaults are being
6341 // processed. To do this, we create the rest argument and let it
6342 // sit on the stack while processing defaults. The rest
6343 // parameter's slot is set to undefined for the course of
6344 // default processing.
6353 // Only set the rest parameter if it's not aliased by a nested
6354 // function in the body.
6364 }
6365 }
6373 }
6374 }
6376 // Only bind the parameter if it's not aliased by a nested function
6377 // in the body.
6383 // Fill rest parameter. We handled the case with defaults above.
6394 }
6395 }
6397 // This block contains top-level function definitions. To ensure
6398 // that we emit the bytecode defining them before the rest of code
6399 // in the block we use a separate pass over functions. During the
6400 // main pass later the emitter will add JSOP_NOP with source notes
6401 // for the function to preserve the original functions position
6402 // when decompiling.
6403 //
6404 // Currently this is used only for functions, as compile-as-we go
6405 // mode for scripts does not allow separate emitter passes.
6410 }
6411 }
6412 }
6415 }
6478 }
6485 }
6489 }
6511 {
6521 }
6523 }
6572 /* Left-associative operator chain: avoid too much recursion. */
6582 }
6584 /* Binary operators that evaluate both operands unconditionally. */
6591 }
6642 // TODO: Implement emitter support for modules
6647 /*
6648 * The array object's stack index is in bce->arrayCompDepth. See below
6649 * under the array initialiser code generator for array comprehension
6650 * special casing. Note that the array object is a pure stack value,
6651 * unaliased by blocks, so we can EmitUnaliasedVarOp.
6652 */
6660 }
6669 // Bake in the object entirely if it will only be created once.
6672 }
6674 // If the array consists entirely of primitive values, make a
6675 // template object with copy on write elements that can be reused
6676 // every time the initializer executes.
6681 {
6682 // Note: the type of the template object might not yet reflect
6683 // that the object has copy on write elements. When the
6684 // interpreter or JIT compiler fetches the template, it should
6685 // use types::GetOrFixupCopyOnWriteObject to make sure the type
6686 // for the template is accurate. We don't do this here as we
6687 // want to use types::InitObject, which requires a finished
6688 // script.
6699 }
6700 }
6756 }
6758 /* bce->emitLevel == 1 means we're last on the stack, so finish up. */
6762 }
6765 }
6767 static int
6769 {
6770 // Start it off moderately large to avoid repeated resizings early on.
6778 }
6780 }
6782 int
6784 {
6792 /*
6793 * Compute delta from the last annotated bytecode's offset. If it's too
6794 * big to fit in sn, allocate one or more xdelta notes and reset sn.
6795 */
6808 }
6810 /*
6811 * Initialize type and delta, then allocate the minimum number of notes
6812 * needed for type's arity. Usually, we won't need more, but if an offset
6813 * does take two bytes, SetSrcNoteOffset will grow notes.
6814 */
6819 }
6821 }
6823 int
6824 frontend::NewSrcNote2(ExclusiveContext* cx, BytecodeEmitter* bce, SrcNoteType type, ptrdiff_t offset)
6825 {
6832 }
6834 }
6836 int
6837 frontend::NewSrcNote3(ExclusiveContext* cx, BytecodeEmitter* bce, SrcNoteType type, ptrdiff_t offset1,
6839 {
6848 }
6850 }
6852 bool
6853 frontend::AddToSrcNoteDelta(ExclusiveContext* cx, BytecodeEmitter* bce, jssrcnote* sn, ptrdiff_t delta)
6854 {
6855 /*
6856 * Called only from FinishTakingSrcNotes to add to main script note
6857 * deltas, and only by a small positive amount.
6858 */
6868 jssrcnote xdelta;
6872 }
6874 }
6876 static bool
6879 {
6883 }
6887 /* Find the offset numbered which (i.e., skip exactly which offsets). */
6894 }
6896 /*
6897 * See if the new offset requires three bytes either by being too big or if
6898 * the offset has already been inflated (in which case, we need to stay big
6899 * to not break the srcnote encoding if this isn't the last srcnote).
6900 */
6902 /* Maybe this offset was already set to a three-byte value. */
6904 /* Insert two dummy bytes that will be overwritten shortly. */
6909 {
6912 }
6913 }
6917 }
6920 }
6922 /*
6923 * Finish taking source notes in cx's notePool.
6924 * If successful, the final source note count is stored in the out outparam.
6925 */
6926 bool
6928 {
6938 /*
6939 * Either no prolog srcnotes, or no line number change over prolog.
6940 * We don't need a SRC_SETLINE, but we may need to adjust the offset
6941 * of the first main note, by adding to its delta and possibly even
6942 * prepending SRC_XDELTA notes to it to account for prolog bytecodes
6943 * that came at and after the last annotated bytecode.
6944 */
6948 /* NB: Use as much of the first main note's delta as we can. */
6963 }
6964 }
6965 }
6967 // The prolog count might have changed, so we can't reuse prologCount.
6968 // The + 1 is to account for the final SN_MAKE_TERMINATOR that is appended
6969 // when the notes are copied to their final destination by CopySrcNotes.
6972 }
6974 void
6976 {
6985 }
6987 void
6989 {
6994 }
6996 /*
6997 * Find the index of the given object for code generator.
6998 *
6999 * Since the emitter refers to each parsed object only once, for the index we
7000 * use the number of already indexes objects. We also add the object to a list
7001 * to convert the list to a fixed-size array when we complete code generation,
7002 * see js::CGObjectList::finish below.
7003 *
7004 * Most of the objects go to BytecodeEmitter::objectList but for regexp we use
7005 * a separated BytecodeEmitter::regexpList. In this way the emitted index can
7006 * be directly used to store and fetch a reference to a cloned RegExp object
7007 * that shares the same JSRegExp private data created for the object literal in
7008 * objbox. We need a cloned object to hold lastIndex and other direct
7009 * properties that should not be shared among threads sharing a precompiled
7010 * function or script.
7011 *
7012 * If the code being compiled is function code, allocate a reserved slot in
7013 * the cloned function object that shares its precompiled script with other
7014 * cloned function objects and with the compiler-created clone-parent. There
7015 * are nregexps = script->regexps()->length such reserved slots in each
7016 * function object cloned from fun->object. NB: during compilation, a funobj
7017 * slots element must never be allocated, because JSObject::allocSlot could
7018 * hand out one of the slots that should be given to a regexp clone.
7019 *
7020 * If the code being compiled is global code, the cloned regexp are stored in
7021 * fp->vars slot and to protect regexp slots from GC we set fp->nvars to
7022 * nregexps.
7023 *
7024 * The slots initially contain undefined or null. We populate them lazily when
7025 * JSOP_REGEXP is executed for the first time.
7026 *
7027 * Why clone regexp objects? ECMA specifies that when a regular expression
7028 * literal is scanned, a RegExp object is created. In the spec, compilation
7029 * and execution happen indivisibly, but in this implementation and many of
7030 * its embeddings, code is precompiled early and re-executed in multiple
7031 * threads, or using multiple global objects, or both, for efficiency.
7032 *
7033 * In such cases, naively following ECMA leads to wrongful sharing of RegExp
7034 * objects, which makes for collisions on the lastIndex property (especially
7035 * for global regexps) and on any ad-hoc properties. Also, __proto__ refers to
7036 * the pre-compilation prototype, a pigeon-hole problem for instanceof tests.
7037 */
7038 unsigned
7040 {
7045 }
7047 unsigned
7049 {
7053 index--;
7055 }
7057 void
7059 {
7071 }
7073 ObjectBox*
7075 {
7081 }
7083 bool
7085 {
7090 JSTryNote note;
7097 }
7099 void
7101 {
7106 }
7108 bool
7110 {
7111 BlockScopeNote note;
7119 }
7121 uint32_t
7123 {
7131 // We are looking for the nearest enclosing live scope. If the
7132 // scope contains POS, it should still be open, so its length should
7133 // be zero.
7136 // Conversely, if the length is not zero, it should not contain
7137 // POS.
7139 }
7140 }
7143 }
7145 void
7147 {
7153 }
7155 void
7157 {
7162 }
7164 /*
7165 * We should try to get rid of offsetBias (always 0 or 1, where 1 is
7166 * JSOP_{NOP,POP}_LENGTH), which is used only by SRC_FOR.
7167 */
7169 #define DEFINE_SRC_NOTE_SPEC(sym, name, arity) { name, arity },
7171 #undef DEFINE_SRC_NOTE_SPEC
7172 };
7174 static int
7176 {
7179 }
7183 {
7191 }
7193 }
7197 {
7198 /* Find the offset numbered which (i.e., skip exactly which offsets). */
7204 }
7210 }
7212 }