| blob | 8f289fe27408914a012145ccee2ed204f7b1c379 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /*
8 * JS bytecode generation.
9 */
19 #include <string.h>
56 static bool
57 SetSrcNoteOffset(ExclusiveContext* cx, BytecodeEmitter* bce, unsigned index, unsigned which, ptrdiff_t offset);
59 static bool
63 {
74 /*
75 * To reuse space, alias two of the ptrdiff_t fields for use during
76 * try/catch/finally code generation and backpatching.
77 *
78 * Only a loop, switch, or label statement info record can have breaks and
79 * continues, and only a for loop has an update backpatch chain, so it's
80 * safe to overlay these for the "trying" StmtTypes.
81 */
86 }
91 }
92 };
98 {
102 // Can we OSR into Ion from here? True unless there is non-loop state on the stack.
110 }
111 };
149 {
152 }
154 bool
156 {
158 }
160 bool
162 {
163 // Assign stack slots to unaliased locals (aliased locals are stored in the
164 // call object and don't need their own stack slots). We do this by filling
165 // a Vector that can be used to map a local to its stack slot.
168 // CompileScript calls updateNumBlockScoped to update the block scope
169 // depth. Do nothing if the depth didn't change.
171 }
185 else
187 }
193 }
195 static ptrdiff_t
197 {
200 // Start it off moderately large to avoid repeated resizings early on.
201 // ~98% of cases fit within 1024 bytes.
209 }
211 }
213 static void
215 {
221 /*
222 * An opcode may temporarily consume stack space during execution.
223 * Account for this in maxStackDepth separately from uses/defs here.
224 */
229 }
239 }
241 #ifdef DEBUG
242 static bool
244 {
250 }
251 #endif
253 ptrdiff_t
255 {
265 }
267 ptrdiff_t
269 {
280 }
282 ptrdiff_t
284 jsbytecode op2)
285 {
288 /* These should filter through EmitVarOp. */
302 }
304 ptrdiff_t
306 {
315 /* The remaining |extra| bytes are set by the caller */
317 /*
318 * Don't UpdateDepth if op's use-count comes from the immediate
319 * operand yet to be stored in the extra bytes after op.
320 */
325 }
327 static ptrdiff_t
329 {
339 }
341 static ptrdiff_t
342 EmitCall(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp op, uint16_t argc, ParseNode* pn=nullptr)
343 {
347 }
349 // Dup the var in operand stack slot "slot". The first item on the operand
350 // stack is one slot past the last fixed slot. The last (most recent) item is
351 // slot bce->stackDepth - 1.
352 //
353 // The instruction that is written (JSOP_DUPAT) switches the depth around so
354 // that it is addressed from the sp instead of from the fp. This is useful when
355 // you don't know the size of the fixed stack segment (nfixed), as is the case
356 // when compiling scripts (because each statement is parsed and compiled
357 // separately, but they all together form one script with one fixed stack
358 // frame).
359 static bool
361 {
363 // The slot's position on the operand stack, measured from the top.
368 }
375 }
377 /* XXX too many "... statement" L10N gaffes below -- fix via js.msg! */
400 };
407 {
411 }
413 static void
415 {
417 }
419 /*
420 * Emit a backpatch op with offset pointing to the previous jump of this type,
421 * so that we can walk back up the chain fixing up the op and jump offset.
422 */
423 static ptrdiff_t
425 {
433 }
437 {
439 }
441 /* Updates line number notes, not column notes. */
444 {
453 /*
454 * Encode any change in the current source line number by using
455 * either several SRC_NEWLINE notes or just one SRC_SETLINE note,
456 * whichever consumes less space.
457 *
458 * NB: We handle backward line number deltas (possible with for
459 * loops where the update part is emitted after the body, but its
460 * line number is <= any line number in the body) here by letting
461 * unsigned delta_ wrap to a very large number, which triggers a
462 * SRC_SETLINE.
463 */
474 }
475 }
477 }
479 /* Updates the line number and column number information in the source notes. */
480 static bool
482 {
489 // If the column span is so large that we can't store it, then just
490 // discard this information. This can happen with minimized or otherwise
491 // machine-generated code. Even gigantic column numbers are still
492 // valuable if you have a source map to relate them to something real;
493 // but it's better to fail soft here.
499 }
501 }
503 static ptrdiff_t
505 {
507 /*
508 * Try to give the JSOP_LOOPHEAD the same line number as the next
509 * instruction. nextpn is often a block, in which case the next
510 * instruction typically comes from the first statement inside.
511 */
517 }
520 }
522 static bool
524 {
526 /* Update the line number, as for LOOPHEAD. */
532 }
539 }
541 /*
542 * If op is JOF_TYPESET (see the type barriers comment in jsinfer.h), reserve
543 * a type set to store its result.
544 */
547 {
551 }
552 }
554 /*
555 * Macro to emit a bytecode followed by a uint16_t immediate operand stored in
556 * big-endian order.
557 *
558 * NB: We use cx and bce from our caller's lexical environment, and return
559 * false on error.
560 */
561 #define EMIT_UINT16_IMM_OP(op, i) \
562 JS_BEGIN_MACRO \
563 if (Emit3(cx, bce, op, UINT16_HI(i), UINT16_LO(i)) < 0) \
564 return false; \
565 CheckTypeSet(cx, bce, op); \
566 JS_END_MACRO
568 static bool
570 {
575 }
577 static bool
579 {
583 }
610 }
612 }
613 }
614 }
620 }
630 }
633 };
635 /*
636 * Emit additional bytecode(s) for non-local jumps.
637 */
638 bool
640 {
643 #define FLUSH_POPS() if (npops && !FlushPops(cx, bce, &npops)) return false
666 /* The iterator and the current value are on the stack. */
678 /*
679 * There's a [exception or hole, retsub pc-index] pair on the
680 * stack that we need to pop.
681 */
686 }
698 }
699 }
700 }
705 #undef FLUSH_POPS
706 }
710 static ptrdiff_t
713 {
722 }
725 }
727 static bool
728 BackPatch(ExclusiveContext* cx, BytecodeEmitter* bce, ptrdiff_t last, jsbytecode* target, jsbytecode op)
729 {
741 }
743 }
745 #define SET_STATEMENT_TOP(stmt, top) \
746 ((stmt)->update = (top), (stmt)->breaks = (stmt)->continues = (-1))
748 static void
750 {
753 }
755 static void
757 {
760 }
762 static void
764 {
773 }
774 }
784 else
792 else
794 }
796 /*
797 * Return the enclosing lexical scope, which is the innermost enclosing static
798 * block object or compiler created function.
799 */
802 {
809 }
812 }
814 #ifdef DEBUG
815 static bool
817 {
822 }
823 #endif
825 static bool
826 ComputeAliasedSlots(ExclusiveContext* cx, BytecodeEmitter* bce, Handle<StaticBlockObject*> blockObj)
827 {
835 // blockIndexToLocalIndex returns the frame slot following the unaliased
836 // locals. We add numAliased so that the cookie's slot value comes after
837 // all (aliased and unaliased) body level locals.
840 {
842 }
844 #ifdef DEBUG
849 }
850 #endif
853 }
858 }
860 static bool
863 // In a function, block-scoped locals go after the vars, and form part of the
864 // fixed part of a stack frame. Outside a function, there are no fixed vars,
865 // but block-scoped locals still form part of the fixed part of a stack frame
866 // and are thus addressable via GETLOCAL and friends.
867 static void
868 ComputeLocalOffset(ExclusiveContext* cx, BytecodeEmitter* bce, Handle<StaticBlockObject*> blockObj)
869 {
882 }
883 }
884 }
890 }
892 // ~ Nested Scopes ~
893 //
894 // A nested scope is a region of a compilation unit (function, script, or eval
895 // code) with an additional node on the scope chain. This node may either be a
896 // "with" object or a "block" object. "With" objects represent "with" scopes.
897 // Block objects represent lexical scopes, and contain named block-scoped
898 // bindings, for example "let" bindings or the exception in a catch block.
899 // Those variables may be local and thus accessible directly from the stack, or
900 // "aliased" (accessed by name from nested functions, or dynamically via nested
901 // "eval" or "with") and only accessible through the scope chain.
902 //
903 // All nested scopes are present on the "static scope chain". A nested scope
904 // that is a "with" scope will be present on the scope chain at run-time as
905 // well. A block scope may or may not have a corresponding link on the run-time
906 // scope chain; if no variable declared in the block scope is "aliased", then no
907 // scope chain node is allocated.
908 //
909 // To help debuggers, the bytecode emitter arranges to record the PC ranges
910 // comprehended by a nested scope, and ultimately attach them to the JSScript.
911 // An element in the "block scope array" specifies the PC range, and links to a
912 // NestedScopeObject in the object list of the script. That scope object is
913 // linked to the previous link in the static scope chain, if any. The static
914 // scope chain at any pre-retire PC can be retrieved using
915 // JSScript::getStaticScope(jsbytecode* pc).
916 //
917 // Block scopes store their locals in the fixed part of a stack frame, after the
918 // "fixed var" bindings. A fixed var binding is a "var" or legacy "const"
919 // binding that occurs in a function (as opposed to a script or in eval code).
920 // Only functions have fixed var bindings.
921 //
922 // To assist the debugger, we emit a DEBUGLEAVEBLOCK opcode before leaving a
923 // block scope, even if the block has no aliased locals. This allows
924 // DebugScopes to invalidate any association between a debugger scope object,
925 // which can proxy access to unaliased stack locals, and the actual live frame.
926 // In normal, non-debug mode, this opcode does not cause any baseline code to be
927 // emitted.
928 //
929 // Enter a nested scope with EnterNestedScope. It will emit
930 // PUSHBLOCKSCOPE/ENTERWITH if needed, and arrange to record the PC bounds of
931 // the scope. Leave a nested scope with LeaveNestedScope, which, for blocks,
932 // will emit DEBUGLEAVEBLOCK and may emit POPBLOCKSCOPE. (For "with" scopes it
933 // emits LEAVEWITH, of course.) Pass EnterNestedScope a fresh StmtInfoBCE
934 // object, and pass that same object to the corresponding LeaveNestedScope. If
935 // the statement is a block scope, pass STMT_BLOCK as stmtType; otherwise for
936 // with scopes pass STMT_WITH.
937 //
938 static bool
939 EnterNestedScope(ExclusiveContext* cx, BytecodeEmitter* bce, StmtInfoBCE* stmt, ObjectBox* objbox,
940 StmtType stmtType)
941 {
957 }
959 }
967 }
973 }
986 }
988 // Patches |breaks| and |continues| unless the top statement info record
989 // represents a try-catch-finally suite. May fail if a jump offset overflows.
990 static bool
992 {
997 {
999 }
1003 }
1005 static bool
1007 {
1013 #ifdef DEBUG
1021 #endif
1034 }
1037 }
1039 static bool
1041 {
1055 }
1057 static bool
1059 {
1073 }
1075 static bool
1077 {
1080 // .generator and .genrval lookups should be emitted as JSOP_GETALIASEDVAR
1081 // instead of JSOP_GETNAME etc, to bypass |with| objects on the scope chain.
1085 /* Specialize length accesses for the interpreter. */
1087 }
1089 jsatomid index;
1094 }
1096 static bool
1098 {
1101 }
1103 static bool
1105 {
1109 }
1111 static bool
1113 {
1115 }
1117 static bool
1120 {
1124 }
1126 static bool
1128 {
1130 }
1132 /*
1133 * To catch accidental misuse, EMIT_UINT16_IMM_OP/Emit3 assert that they are
1134 * not used to unconditionally emit JSOP_GETLOCAL. Variable access should
1135 * instead be emitted using EmitVarOp. In special cases, when the caller
1136 * definitely knows that a given local slot is unaliased, this function may be
1137 * used as a non-asserting version of EMIT_UINT16_IMM_OP.
1138 */
1139 static bool
1141 {
1151 }
1153 static bool
1154 EmitUnaliasedVarOp(ExclusiveContext* cx, JSOp op, uint32_t slot, MaybeCheckLexical checkLexical,
1156 {
1160 // Only unaliased locals have stack slots assigned to them. Convert the
1161 // var index (which includes unaliased and aliased locals) to the stack
1162 // slot index.
1170 }
1173 }
1182 }
1184 static bool
1186 {
1203 }
1205 static bool
1206 EmitAliasedVarOp(ExclusiveContext* cx, JSOp op, ScopeCoordinate sc, MaybeCheckLexical checkLexical,
1208 {
1213 }
1216 }
1218 // Compute the number of nested scope objects that will actually be on the scope
1219 // chain at runtime, given the BCE's current staticScope.
1220 static unsigned
1222 {
1227 }
1230 }
1232 static bool
1233 LookupAliasedName(BytecodeEmitter* bce, HandleScript script, PropertyName* name, uint32_t* pslot,
1235 {
1243 }
1245 /*
1246 * Beware: BindingIter may contain more than one Binding for a given name
1247 * (in the case of |function f(x,x) {}|) but only one will be aliased.
1248 */
1254 // Check if the free variable from a lazy script was marked as
1255 // a possible hoisted use and is a lexical binding. If so,
1256 // mark it as such so we emit a dead zone check.
1264 }
1267 }
1268 }
1269 }
1273 }
1274 slot++;
1275 }
1276 bindingIndex++;
1277 }
1279 }
1281 static bool
1284 {
1291 }
1293 /*
1294 * Use this function instead of assigning directly to 'hops' to guard for
1295 * uint8_t overflows.
1296 */
1297 static bool
1299 {
1303 }
1307 }
1311 {
1313 }
1315 static bool
1317 {
1318 /*
1319 * While pn->pn_cookie tells us how many function scopes are between the use and the def this
1320 * is not the same as how many hops up the dynamic scope chain are needed. In particular:
1321 * - a lexical function scope only contributes a hop if it is "heavyweight" (has a dynamic
1322 * scope object).
1323 * - a heavyweight named function scope contributes an extra scope to the scope chain (a
1324 * DeclEnvObject that holds just the name).
1325 * - all the intervening let/catch blocks must be counted.
1326 */
1330 /*
1331 * As explained in BindNameToSlot, the 'level' of a use indicates how
1332 * many function scopes (i.e., BytecodeEmitters) to skip to find the
1333 * enclosing function scope of the definition being accessed.
1334 */
1339 skippedScopes++;
1341 skippedScopes++;
1342 }
1344 }
1348 }
1350 /*
1351 * The final part of the skippedScopes computation depends on the type of
1352 * variable. An arg or local variable is at the outer scope of a function
1353 * and so includes the full DynamicNestedScopeDepth. A let/catch-binding
1354 * requires a search of the block chain to see how many (dynamic) block
1355 * objects to skip.
1356 */
1357 ScopeCoordinate sc;
1376 skippedScopes++;
1378 }
1382 }
1383 }
1386 }
1388 static bool
1390 {
1395 ScopeCoordinate sc;
1399 }
1408 }
1415 }
1418 }
1420 static JSOp
1422 {
1427 }
1429 static bool
1431 {
1450 }
1468 }
1470 bool
1472 {
1478 /* If dn is in an enclosing function, it is definitely aliased. */
1485 /*
1486 * There are two ways to alias a let variable: nested functions and
1487 * dynamic scope operations. (This is overly conservative since the
1488 * bindingsAccessedDynamically flag, checked by allLocalsAliased, is
1489 * function-wide.)
1490 *
1491 * In addition all locals in generators are marked as aliased, to ensure
1492 * that they are allocated on scope chains instead of on the stack. See
1493 * the definition of SharedContext::allLocalsAliased.
1494 */
1497 /*
1498 * Consult the bindings, since they already record aliasing. We might
1499 * be tempted to use the same definition as VAR/CONST/LET, but there is
1500 * a problem caused by duplicate arguments: only the last argument with
1501 * a given name is aliased. This is necessary to avoid generating a
1502 * shape for the call object with with more than one name for a given
1503 * slot (which violates internal engine invariants). All this means that
1504 * the '|| sc->allLocalsAliased()' disjunct is incorrect since it will
1505 * mark both parameters in function(x,x) as aliased.
1506 */
1516 }
1518 }
1520 static JSOp
1522 {
1533 }
1535 }
1537 static void
1539 {
1541 }
1543 /*
1544 * Try to convert a *NAME op with a free name to a more specialized GNAME,
1545 * INTRINSIC or ALIASEDVAR op, which optimize accesses on that name.
1546 * Return true if a conversion was made.
1547 */
1548 static bool
1550 {
1551 /*
1552 * In self-hosting mode, JSOP_*NAME is unconditionally converted to
1553 * JSOP_*INTRINSIC. This causes lookups to be redirected to the special
1554 * intrinsics holder in the global object, into which any missing values are
1555 * cloned lazily upon first access.
1556 */
1558 JSOp op;
1562 /* Other *NAME ops aren't (yet) supported in self-hosted code. */
1564 }
1567 }
1569 /*
1570 * When parsing inner functions lazily, parse nodes for outer functions no
1571 * longer exist and only the function's scope chain is available for
1572 * resolving upvar accesses within the inner function.
1573 */
1575 // The only statements within a lazy function which can push lexical
1576 // scopes are try/catch blocks. Use generic ops in this case.
1580 }
1589 hops++;
1591 hops++;
1592 }
1599 // Use generic ops if a catch block is encountered.
1601 }
1603 hops++;
1605 }
1612 JSOp op;
1617 }
1622 }
1623 hops++;
1624 }
1628 }
1629 }
1631 // Unbound names aren't recognizable global-property references if the
1632 // script isn't running against its global object.
1636 // Deoptimized names also aren't necessarily globals.
1641 // Unbound names in function code may not be globals if new locals can
1642 // be added to this function (or an enclosing one) to alias a global
1643 // reference.
1647 }
1649 // If this is eval code, being evaluated inside strict mode eval code,
1650 // an "unbound" name might be a binding local to that outer eval:
1651 //
1652 // var x = "GLOBAL";
1653 // eval('"use strict"; ' +
1654 // 'var x; ' +
1655 // 'eval("print(x)");'); // "undefined", not "GLOBAL"
1656 //
1657 // Given the enclosing eval code's strictness and its bindings (neither is
1658 // readily available now), we could exactly check global-ness, but it's not
1659 // worth the trouble for doubly-nested eval code. So we conservatively
1660 // approximate. If the outer eval code is strict, then this eval code will
1661 // be: thus, don't optimize if we're compiling strict code inside an eval.
1665 JSOp op;
1670 // Not supported.
1673 }
1676 }
1678 /*
1679 * BindNameToSlotHelper attempts to optimize name gets and sets to stack slot
1680 * loads and stores, given the compile-time information in bce and a PNK_NAME
1681 * node pn. It returns false on error, true on success.
1682 *
1683 * The caller can test pn->pn_cookie.isFree() to tell whether optimization
1684 * occurred, in which case BindNameToSlotHelper also updated pn->pn_op. If
1685 * pn->pn_cookie.isFree() is still true on return, pn->pn_op still may have
1686 * been optimized, e.g., from JSOP_GETNAME to JSOP_CALLEE. Whether or not
1687 * pn->pn_op was modified, if this function finds an argument or local variable
1688 * name, PND_CONST will be set in pn_dflags for read-only properties after a
1689 * successful return.
1690 *
1691 * NB: if you add more opcodes specialized from JSOP_GETNAME, etc., don't forget
1692 * to update the special cases in EmitFor (for-in) and EmitAssignment (= and
1693 * op=, e.g. +=).
1694 */
1695 static bool
1697 {
1702 /* Don't attempt if 'pn' is already bound or deoptimized or a function. */
1706 /* JSOP_CALLEE is pre-bound by definition. */
1711 /*
1712 * The parser already linked name uses to definitions when (where not
1713 * prevented by non-lexical constructs like 'with' and 'eval').
1714 */
1725 }
1727 // Throw an error on attempts to mutate const-declared bindings.
1734 JSAutoByteString name;
1739 }
1740 }
1746 /*
1747 * Don't generate upvars on the left side of a for loop. See
1748 * bug 470758.
1749 */
1753 /*
1754 * If this is an eval in the global scope, then unbound variables
1755 * must be globals, so try to use GNAME ops.
1756 */
1760 }
1762 /*
1763 * Out of tricks, so we must rely on PICs to optimize named
1764 * accesses from direct eval called from function code.
1765 */
1767 }
1769 /* Optimize accesses to undeclared globals. */
1775 }
1777 /*
1778 * At this point, we are only dealing with uses that have already been
1779 * bound to definitions via pn_lexdef. The rest of this routine converts
1780 * the parse node of the use from its initial JSOP_*NAME* op to a LOCAL/ARG
1781 * op. This requires setting the node's pn_cookie with a pair (level, slot)
1782 * where 'level' is the number of function scopes between the use and the
1783 * def and 'slot' is the index to emit as the immediate of the ARG/LOCAL
1784 * op. For example, in this code:
1785 *
1786 * function(a,b,x) { return x }
1787 * function(y) { function() { return y } }
1788 *
1789 * x will get (level = 0, slot = 2) and y will get (level = 1, slot = 0).
1790 */
1796 /*
1797 * We are compiling a function body and may be able to optimize name
1798 * to stack slot. Look for an argument or variable in the function and
1799 * rewrite pn_op and update pn accordingly.
1800 */
1810 }
1827 }
1834 /*
1835 * Currently, the ALIASEDVAR ops do not support accessing the
1836 * callee of a DeclEnvObject, so use NAME.
1837 */
1845 /*
1846 * Leave pn->isOp(JSOP_GETNAME) if bce->fun is heavyweight to
1847 * address two cases: a new binding introduced by eval, and
1848 * assignment to the name in strict mode.
1849 *
1850 * var fun = (function f(s) { eval(s); return f; });
1851 * assertEq(fun("var f = 42"), 42);
1852 *
1853 * ECMAScript specifies that a function expression's name is bound
1854 * in a lexical environment distinct from that used to bind its
1855 * named parameters, the arguments object, and its variables. The
1856 * new binding for "var f = 42" shadows the binding for the
1857 * function itself, so the name of the function will not refer to
1858 * the function.
1859 *
1860 * (function f() { "use strict"; f = 12; })();
1861 *
1862 * Outside strict mode, assignment to a function expression's name
1863 * has no effect. But in strict mode, this attempt to mutate an
1864 * immutable binding must throw a TypeError. We implement this by
1865 * not optimizing such assignments and by marking such functions as
1866 * heavyweight, ensuring that the function name is represented in
1867 * the scope chain so that assignment will throw a TypeError.
1868 */
1872 }
1877 }
1884 }
1886 /*
1887 * The difference between the current static level and the static level of
1888 * the definition is the number of function scopes between the current
1889 * scope and dn's scope.
1890 */
1894 /*
1895 * Explicitly disallow accessing var/let bindings in global scope from
1896 * nested functions. The reason for this limitation is that, since the
1897 * global script is not included in the static scope chain (1. because it
1898 * has no object to stand in the static scope chain, 2. to minimize memory
1899 * bloat where a single live function keeps its whole global script
1900 * alive.), ScopeCoordinateToTypeSet is not able to find the var/let's
1901 * associated types::TypeSet.
1902 */
1909 }
1918 }
1920 /*
1921 * Attempts to bind the name, then checks that no dynamic scope lookup ops are
1922 * emitted in self-hosting mode. NAME ops do lookups off current scope chain,
1923 * and we do not want to allow self-hosted code to use the dynamic scope.
1924 */
1925 static bool
1927 {
1936 }
1939 }
1941 /*
1942 * If pn contains a useful expression, return true with *answer set to true.
1943 * If pn contains a useless expression, return true with *answer set to false.
1944 * Return false on error.
1945 *
1946 * The caller should initialize *answer to false and invoke this function on
1947 * an expression statement or similar subtree to decide whether the tree could
1948 * produce code that has any side effects. For an expression statement, we
1949 * define useless code as code with no side effects, because the main effect,
1950 * the value left on the stack after the code executes, will be discarded by a
1951 * pop bytecode.
1952 */
1953 static bool
1955 {
1961 /*
1962 * A named function, contrary to ES3, is no longer useful, because we
1963 * bind its name lexically (using JSOP_CALLEE) instead of creating an
1964 * Object instance and binding a readonly, permanent property in it
1965 * (the object and binding can be detected and hijacked or captured).
1966 * This is a bug fix to ES3; it is fixed in ES3.1 drafts.
1967 */
1974 /*
1975 * Non-operators along with ||, &&, ===, and !== never invoke
1976 * toString or valueOf.
1977 */
1982 }
1985 /* Generator-expressions are harmless if the result is ignored. */
1988 }
1990 /*
1991 * All invocation operations (construct: PNK_NEW, call: PNK_CALL)
1992 * are presumed to be useful, because they may have side effects
1993 * even if their main effect (their return value) is discarded.
1994 *
1995 * PNK_ELEM binary trees of 3+ nodes are flattened into lists to
1996 * avoid too much recursion. All such lists must be presumed to be
1997 * useful because each index operation could invoke a getter.
1998 *
1999 * Likewise, array and object initialisers may call prototype
2000 * setters (the __defineSetter__ built-in, and writable __proto__
2001 * on Array.prototype create this hazard). Initialiser list nodes
2002 * have JSOP_NEWINIT in their pn_op.
2003 */
2015 /*
2016 * Assignment is presumed to be useful, even if the next operation
2017 * is another assignment overwriting this one's ostensible effect,
2018 * because the left operand may be a property with a setter that
2019 * has side effects.
2020 *
2021 * The only exception is assignment of a useless value to a const
2022 * declared in the function currently being compiled.
2023 */
2034 }
2036 }
2040 /*
2041 * ||, &&, ===, and !== do not convert their operands via
2042 * toString or valueOf method calls.
2043 */
2046 }
2048 /*
2049 * We can't easily prove that neither operand ever denotes an
2050 * object with a toString or valueOf method.
2051 */
2058 {
2067 }
2068 /* FALL THROUGH */
2072 /* All these delete addressing modes have effects too. */
2077 }
2079 }
2086 /* ! does not convert its operand via toString or valueOf. */
2088 }
2089 /* FALL THROUGH */
2092 /*
2093 * All of PNK_INC, PNK_DEC and PNK_THROW have direct effects. Of
2094 * the remaining unary-arity node types, we can't easily prove that
2095 * the operand never denotes an object with a toString or valueOf
2096 * method.
2097 */
2100 }
2104 /*
2105 * Take care to avoid trying to bind a label name (labels, both for
2106 * statements and property values in object initialisers, have pn_op
2107 * defaulted to JSOP_NOP).
2108 */
2113 /*
2114 * Not a use of an unshadowed named function expression's given
2115 * name, so this expression could invoke a getter that has side
2116 * effects.
2117 */
2119 }
2120 }
2123 // Hoisted uses of lexical bindings throw on access.
2125 }
2128 /* Dotted property references in general can call getters. */
2130 }
2137 }
2139 }
2141 bool
2143 {
2147 }
2149 }
2151 bool
2153 {
2158 }
2160 bool
2162 {
2175 }
2176 }
2181 }
2183 }
2185 void
2187 {
2188 // Note: when parsing off thread the resulting scripts need to be handed to
2189 // the debugger after rejoining to the main thread.
2193 // Lazy scripts are never top level (despite always being invoked with a
2194 // nullptr parent), and so the hook should never be fired.
2200 }
2201 }
2205 {
2207 }
2209 bool
2211 {
2220 }
2222 bool
2224 {
2232 }
2234 bool
2236 {
2245 }
2247 static bool
2249 {
2264 }
2266 static bool
2268 {
2280 JSPROP_ENUMERATE))
2281 {
2283 }
2285 JSPROP_ENUMERATE))
2286 {
2288 }
2297 }
2299 static bool
2301 {
2307 }
2310 }
2312 static bool
2314 {
2315 jsatomid value_id;
2318 jsatomid done_id;
2329 }
2331 static bool
2333 {
2350 }
2351 }
2353 /* Need to provide |this| value for call */
2361 }
2362 }
2365 }
2367 static bool
2369 {
2373 /*
2374 * If the object operand is also a dotted property reference, reverse the
2375 * list linked via pn_expr temporarily so we can iterate over it from the
2376 * bottom up (reversing again as we go), to avoid excessive recursion.
2377 */
2383 /* Reverse pndot->pn_expr to point up, not down. */
2392 }
2394 /* pndown is a primary expression, not a dotted property reference. */
2399 /* Walk back up the list, emitting annotated name ops. */
2403 /* Reverse the pn_expr link again. */
2409 }
2411 // The non-optimized case.
2413 }
2415 static bool
2417 {
2433 }
2435 static bool
2437 {
2464 }
2473 }
2475 static bool
2477 {
2502 }
2511 }
2513 /*
2514 * Emit bytecode to put operands for a JSOP_GETELEM/CALLELEM/SETELEM/DELELEM
2515 * opcode onto the stack in the right order. In the case of SETELEM, the
2516 * value to be assigned must already be pushed.
2517 */
2518 static bool
2520 {
2532 }
2536 {
2541 }
2543 static bool
2545 {
2547 }
2549 static bool
2551 {
2560 /*
2561 * We need to convert the key to an object id first, so that we do not do
2562 * it inside both the GETELEM and the SETELEM.
2563 */
2564 // OBJ KEY*
2587 }
2596 }
2598 static bool
2600 {
2629 }
2631 }
2637 }
2641 {
2643 }
2645 static bool
2647 {
2652 }
2654 }
2656 static bool
2659 {
2662 ScopeCoordinate sc;
2668 // blockIndexToLocalIndex returns the slot index after the unaliased
2669 // locals stored in the frame. EmitUnaliasedVarOp expects the slot index
2670 // to include both unaliased and aliased locals, so we have to add the
2671 // number of aliased locals.
2676 }
2679 }
2681 }
2683 static bool
2686 {
2687 // Initial values for block-scoped locals. Whether it is undefined or the
2688 // JS_UNINITIALIZED_LEXICAL magic value depends on the context. The
2689 // current way we emit for-in and for-of heads means its let bindings will
2690 // always be initialized, so we can initialize them to undefined.
2702 }
2704 /*
2705 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047.
2706 * LLVM is deciding to inline this function which uses a lot of stack space
2707 * into EmitTree which is recursive and uses relatively little stack space.
2708 */
2709 MOZ_NEVER_INLINE static bool
2711 {
2712 JSOp switchOp;
2721 /* Try for most optimal, fall back if not dense ints. */
2729 /* Push the discriminant. */
2740 /* Advance pn2 to refer to the switch case list. */
2746 }
2748 /* Switch bytecodes run from here till end of final case. */
2756 }
2766 #define INTMAP_LENGTH 256
2779 }
2792 }
2798 }
2803 }
2809 /*
2810 * Check for duplicates, which require a JSOP_CONDSWITCH.
2811 * We bias i by 65536 if it's negative, and hope that's a rare
2812 * case (because it requires a malloc'd bitmap).
2813 */
2822 /* Just grab 8K for the worst-case bitmap. */
2828 }
2829 }
2831 }
2835 }
2837 }
2844 /*
2845 * Compute table length and select condswitch instead if overlarge or
2846 * more than half-sparse.
2847 */
2852 }
2853 }
2855 /*
2856 * The note has one or two offsets: first tells total switch code length;
2857 * second (if condswitch) tells offset to first JSOP_CASE.
2858 */
2860 /* 0 bytes of immediate for unoptimized switch. */
2866 /* 3 offsets (len, low, high) before the table, 1 per entry. */
2869 }
2873 /* Emit switchOp followed by switchSize bytes of jump or lookup table. */
2882 /* Emit code for evaluating cases and jumping to case statements. */
2888 /* off is the previous JSOP_CASE's bytecode offset. */
2891 }
2895 }
2906 /* Switch note's second offset is to first JSOP_CASE. */
2914 }
2915 }
2917 /*
2918 * If we didn't have an explicit default (which could fall in between
2919 * cases, preventing us from fusing this SetSrcNoteOffset with the call
2920 * in the loop above), link the last case to the implicit default for
2921 * the benefit of IonBuilder.
2922 */
2926 {
2928 }
2930 /* Emit default even if no explicit default statement. */
2938 /* Fill in switch bounds, which we know fit in 16-bit offsets. */
2944 /*
2945 * Use malloc to avoid arena bloat for programs with many switches.
2946 * UniquePtr takes care of freeing it on exit.
2947 */
2967 }
2968 }
2969 }
2971 /* Emit code for each case's statements, copying pn_offset up to pn3. */
2981 }
2984 /* If no default case, offset for default is to end of switch. */
2986 }
2988 /* We better have set "off" by now. */
2991 /* Set the default offset (to end of switch if no default). */
3000 }
3002 /* Set the SRC_SWITCH note's offset operand to tell end of switch. */
3008 /* Skip over the already-initialized switch bounds. */
3011 /* Fill in the jump table, if there is one. */
3017 }
3018 }
3026 }
3029 }
3031 bool
3033 {
3034 // The run once lambda flags set by the parser are approximate, and we look
3035 // at properties of the function itself before deciding to emit a function
3036 // as a run once lambda.
3040 {
3042 }
3048 }
3050 static bool
3052 {
3066 }
3074 }
3076 bool
3078 {
3082 /*
3083 * IonBuilder has assumptions about what may occur immediately after
3084 * script->main (e.g., in the case of destructuring params). Thus, put the
3085 * following ops into the range [script->code, script->main). Note:
3086 * execution starts from script->code, so this has no semantic effect.
3087 */
3098 ScopeCoordinate sc;
3106 }
3110 }
3112 /*
3113 * Emit a prologue for run-once scripts which will deoptimize JIT code if
3114 * the script ends up running multiple times via foo.caller related
3115 * shenanigans.
3116 */
3123 }
3128 // If we fall off the end of a generator, do a final yield.
3142 ScopeCoordinate sc;
3143 // We know that .generator is on the top scope chain node, as we are
3144 // at the function end.
3150 // No need to check for finally blocks, etc as in EmitReturn.
3153 }
3155 /*
3156 * Always end the script with a JSOP_RETRVAL. Some other parts of the codebase
3157 * depend on this opcode, e.g. js_InternalInterpret.
3158 */
3162 // If all locals are aliased, the frame's block slots won't be used, so we
3163 // can set numBlockScoped = 0. This is nice for generators as it ensures
3164 // nfixed == 0, so we don't have to initialize any local slots when resuming
3165 // a generator.
3172 /*
3173 * If this function is only expected to run once, mark the script so that
3174 * initializers created within it may be given more precise types.
3175 */
3179 }
3181 /* Initialize fun->script() so that the debugger has a valid fun->script(). */
3187 else
3193 }
3195 static bool
3198 {
3199 jsatomid atomIndex;
3206 }
3210 {
3217 }
3222 }
3224 /*
3225 * This enum tells EmitVariables and the destructuring functions how emit the
3226 * given Parser::variables parse tree. In the base case, DefineVars, the caller
3227 * only wants variables to be defined in the prologue (if necessary). For
3228 * PushInitialValues, variable initializer expressions are evaluated and left
3229 * on the stack. For InitializeVars, the initializer expressions values are
3230 * assigned (to local variables) and popped.
3231 */
3232 enum VarEmitOption
3233 {
3237 };
3240 (*DestructuringDeclEmitter)(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp prologOp, ParseNode* pn);
3243 static bool
3246 {
3255 }
3262 }
3263 }
3265 }
3281 }
3282 }
3284 }
3286 bool
3287 EmitDestructuringDecl(ExclusiveContext* cx, BytecodeEmitter* bce, JSOp prologOp, ParseNode* pn)
3288 {
3295 }
3300 {
3302 }
3304 bool
3307 {
3311 }
3313 // Emit code to initialize all destructured names to the value on the top of
3314 // the stack.
3318 {
3321 }
3323 static bool
3325 VarEmitOption emitOption);
3327 /*
3328 * EmitDestructuringLHS assumes the to-be-destructured value has been pushed on
3329 * the stack and emits code to destructure a single lhs expression (either a
3330 * name or a compound []/{} expression).
3331 *
3332 * If emitOption is InitializeVars, the to-be-destructured value is assigned to
3333 * locals and ultimately the initial slot is popped (-1 total depth change).
3334 *
3335 * If emitOption is PushInitialValues, the to-be-destructured value is replaced
3336 * with the initial values of the N (where 0 <= N) variables assigned in the
3337 * lhs expression. (Same post-condition as EmitDestructuringOpsHelper)
3338 */
3339 static bool
3340 EmitDestructuringLHS(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, VarEmitOption emitOption)
3341 {
3344 // Now emit the lvalue opcode sequence. If the lvalue is a nested
3345 // destructuring initialiser-form, call ourselves to handle it, then pop
3346 // the matched value. Otherwise emit an lvalue bytecode sequence followed
3347 // by an assignment op.
3354 // Per its post-condition, EmitDestructuringOpsHelper has left the
3355 // to-be-destructured value on top of the stack.
3358 }
3360 // The lhs is a simple name so the to-be-destructured value is
3361 // its initial value and there is nothing to do.
3376 // This is like ordinary assignment, but with one difference.
3377 //
3378 // In `a = b`, we first determine a binding for `a` (using
3379 // JSOP_BINDNAME or JSOP_BINDGNAME), then we evaluate `b`, then
3380 // a JSOP_SETNAME instruction.
3381 //
3382 // In `[a] = [b]`, per spec, `b` is evaluated first, then we
3383 // determine a binding for `a`. Then we need to do assignment--
3384 // but the operands are on the stack in the wrong order for
3385 // JSOP_SETPROP, so we have to add a JSOP_SWAP.
3386 jsatomid atomIndex;
3397 }
3402 }
3413 }
3417 {
3418 // See the (PNK_NAME, JSOP_SETNAME) case above.
3419 //
3420 // In `a.x = b`, `a` is evaluated first, then `b`, then a
3421 // JSOP_SETPROP instruction.
3422 //
3423 // In `[a.x] = [b]`, per spec, `b` is evaluated before `a`. Then we
3424 // need a property set -- but the operands are on the stack in the
3425 // wrong order for JSOP_SETPROP, so we have to add a JSOP_SWAP.
3434 }
3437 {
3438 // See the comment at `case PNK_DOT:` above. This case,
3439 // `[a[x]] = [b]`, is handled much the same way. The JSOP_SWAP
3440 // is emitted by EmitElemOperands.
3445 }
3452 // Pop the call return value. Below, we pop the RHS too, balancing
3453 // the stack --- presumably for the benefit of bytecode
3454 // analysis. (The interpreter will never reach these instructions
3455 // since we just emitted JSOP_SETCALL, which always throws. It's
3456 // possible no analyses actually depend on this either.)
3463 }
3465 // Pop the assigned value.
3468 }
3471 }
3476 /**
3477 * EmitIteratorNext will pop iterator from the top of the stack.
3478 * It will push the result of |.next()| onto the stack.
3479 */
3480 static bool
3482 {
3484 ".next() iteration is prohibited in self-hosted code because it "
3497 }
3499 static bool
3500 EmitDestructuringOpsArrayHelper(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pattern,
3501 VarEmitOption emitOption)
3502 {
3507 /*
3508 * Use an iterator to destructure the RHS, instead of index lookup.
3509 * InitializeVars expects us to leave the *original* value on the stack.
3510 */
3514 }
3520 /*
3521 * Now push the property name currently being matched, which is the
3522 * current property name "label" on the left of a colon in the object
3523 * initializer.
3524 */
3526 /* Create a new array with the rest of the iterator */
3551 // Emit (result.done ? undefined : result.value)
3552 // This is mostly copied from EmitConditionalExpression, except that this code
3553 // does not push new values onto the stack.
3566 /* Jump around else, fixup the branch, emit else, fixup jump. */
3578 }
3580 // Destructure into the pattern the element contains.
3583 // The value destructuring into an elision just gets ignored.
3587 }
3594 /*
3595 * After '[x,y]' in 'let ([[x,y], z] = o)', the stack is
3596 * | to-be-destructured-value | x | y |
3597 * The goal is:
3598 * | x | y | z |
3599 * so emit a pick to produce the intermediate state
3600 * | x | y | to-be-destructured-value |
3601 * before destructuring z. This gives the loop invariant that
3602 * the to-be-destructured-value is always on top of the stack.
3603 */
3610 }
3613 }
3614 }
3615 }
3621 }
3623 static bool
3624 EmitDestructuringOpsObjectHelper(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pattern,
3625 VarEmitOption emitOption)
3626 {
3633 // Duplicate the value being destructured to use as a reference base.
3637 // Now push the property name currently being matched, which is the
3638 // current property name "label" on the left of a colon in the object
3639 // initialiser.
3658 // The parser already checked for atoms representing indexes and
3659 // used PNK_NUMBER instead, but also watch for ids which TI treats
3660 // as indexes for simplification of downstream analysis.
3669 }
3674 }
3677 }
3679 // Get the property value if not done already.
3683 // Destructure PROP per this member's subpattern.
3688 // If emitOption is InitializeVars, destructuring initialized each
3689 // target in the subpattern's LHS as it went, then popped PROP. We've
3690 // correctly returned to the loop-entry stack, and we continue to the
3691 // next member.
3697 // EmitDestructuringLHS removed PROP, and it pushed a value per target
3698 // name in LHS (for |emitOption == PushInitialValues| only makes sense
3699 // when multiple values need to be pushed onto the stack to initialize
3700 // a single lexical scope). It also preserved OBJ deep in the stack as
3701 // the original object to be destructed into remaining target names in
3702 // the LHS object pattern. (We use PushInitialValues *only* as part of
3703 // SpiderMonkey's proprietary let block statements, which assign their
3704 // targets all in a single go [akin to Scheme's let, and distinct from
3705 // let*/letrec].) Thus for:
3706 //
3707 // let ({arr: [x, y], z} = obj) { ... }
3708 //
3709 // we have this stack after the above acts upon the [x, y] subpattern:
3710 //
3711 // ... OBJ x y
3712 //
3713 // (where of course x = obj.arr[0] and y = obj.arr[1], and []-indexing
3714 // is really iteration-indexing). We want to have:
3715 //
3716 // ... x y OBJ
3717 //
3718 // so that we can continue, ready to destruct z from OBJ. Pick OBJ out
3719 // of the stack, moving it to the top, to accomplish this.
3726 }
3729 }
3730 }
3733 // Per the above loop invariant, the value being destructured into this
3734 // object pattern is atop the stack. Pop it to achieve the
3735 // post-condition.
3738 }
3741 }
3743 /*
3744 * Recursive helper for EmitDestructuringOps.
3745 * EmitDestructuringOpsHelper assumes the to-be-destructured value has been
3746 * pushed on the stack and emits code to destructure each part of a [] or {}
3747 * lhs expression.
3748 *
3749 * If emitOption is InitializeVars, the initial to-be-destructured value is
3750 * left untouched on the stack and the overall depth is not changed.
3751 *
3752 * If emitOption is PushInitialValues, the to-be-destructured value is replaced
3753 * with the initial values of the N (where 0 <= N) variables assigned in the
3754 * lhs expression. (Same post-condition as EmitDestructuringLHS)
3755 */
3756 static bool
3758 VarEmitOption emitOption)
3759 {
3765 }
3767 static bool
3770 {
3771 /*
3772 * Call our recursive helper to emit the destructuring assignments and
3773 * related stack manipulations.
3774 */
3777 }
3779 static bool
3781 {
3786 // We update source notes before emitting the expression
3789 }
3794 // We need to convert the expression to a string
3797 }
3800 // We've pushed two strings onto the stack. Add them together, leaving just one.
3803 }
3805 }
3807 }
3809 static bool
3810 EmitVariables(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, VarEmitOption emitOption,
3812 {
3825 // If the emit option is DefineVars, emit variable binding
3826 // ops, but not destructuring ops. The parser (see
3827 // Parser::variables) has ensured that our caller will be the
3828 // PNK_FOR/PNK_FORIN/PNK_FOROF case in EmitTree (we don't have
3829 // to worry about this being a variable declaration, as
3830 // destructuring declarations without initializers, e.g., |var
3831 // [x]|, are not legal syntax), and that case will emit the
3832 // destructuring code only after emitting an enumerating
3833 // opcode and a branch that tests whether the enumeration
3834 // ended. Thus, each iteration's assignment is responsible for
3835 // initializing, and nothing needs to be done here.
3836 //
3837 // Otherwise this is emitting destructuring let binding
3838 // initialization for a legacy comprehension expression. See
3839 // EmitForInOrOfVariables.
3845 // Lexical bindings cannot be used before they are
3846 // initialized. Similar to the JSOP_INITLEXICAL case below.
3853 }
3855 }
3857 /*
3858 * A destructuring initialiser assignment preceded by var will
3859 * never occur to the left of 'in' in a for-in loop. As with 'for
3860 * (var x = i in o)...', this will cause the entire 'var [a, b] =
3861 * i' to be hoisted out of the loop.
3862 */
3867 /*
3868 * To allow the front end to rewrite var f = x; as f = x; when a
3869 * function f(){} precedes the var, detect simple name assignment
3870 * here and initialize the name.
3871 */
3876 }
3888 /* If we are not initializing, nothing to pop. */
3893 }
3895 }
3897 /*
3898 * Load initializer early to share code above that jumps to do_name.
3899 * NB: if this var redeclares an existing binding, then pn2 is linked
3900 * on its definition's use-chain and pn_expr has been overlayed with
3901 * pn_lexdef.
3902 */
3905 do_name:
3910 JSOp op;
3915 jsatomid atomIndex;
3926 {
3928 JSOp bindOp;
3933 else
3937 }
3945 // 'let' bindings cannot be used before they are
3946 // initialized. JSOP_INITLEXICAL distinguishes the binding site.
3951 }
3953 // If we are not initializing, nothing to pop. If we are initializing
3954 // lets, we must emit the pops.
3959 }
3968 }
3970 emit_note_pop:
3975 }
3980 }
3983 }
3985 static bool
3986 EmitAssignment(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* lhs, JSOp op, ParseNode* rhs)
3987 {
3988 /*
3989 * Check left operand type and generate specialized code for it.
3990 * Specialize to avoid ECMA "reference type" values on the operand
3991 * stack, which impose pervasive runtime "GetValue" costs.
3992 */
4004 JSOp bindOp;
4009 else
4013 offset++;
4014 }
4015 }
4020 offset++;
4044 }
4061 }
4076 JSOp op;
4082 }
4085 }
4094 }
4102 /*
4103 * We just emitted a JSOP_SETCALL (which will always throw) and
4104 * popped the call's return value. Push a random value to make sure
4105 * the stack depth is correct.
4106 */
4112 }
4113 }
4115 /* Now emit the right operand (it may affect the namespace). */
4120 /*
4121 * The value to assign is the next enumeration value in a for-in or
4122 * for-of loop. That value has already been emitted: by JSOP_ITERNEXT
4123 * in the for-in case, or via a GETPROP "value" on the result object in
4124 * the for-of case. If offset == 1, that slot is already at the top of
4125 * the stack. Otherwise, rearrange the stack to put that value on top.
4126 */
4129 }
4131 /* If += etc., emit the binary operator with a source note. */
4133 /*
4134 * Take care to avoid SRC_ASSIGNOP if the left-hand side is a const
4135 * declared in the current compilation unit, as in this case (just
4136 * a bit further below) we will avoid emitting the assignment op.
4137 */
4141 }
4144 }
4146 /* Finally, emit the specialized assignment bytecode. */
4155 }
4158 {
4163 }
4165 /* Do nothing. The JSOP_SETCALL we emitted will always throw. */
4169 {
4174 }
4182 }
4184 }
4186 bool
4187 ParseNode::getConstantValue(ExclusiveContext* cx, AllowConstantObjects allowObjects, MutableHandleValue vp)
4188 {
4215 }
4226 }
4228 RootedArrayObject obj(cx, NewDenseFullyAllocatedArray(cx, count, nullptr, MaybeSingletonObject));
4240 }
4244 }
4250 }
4258 }
4275 }
4284 }
4289 JSPROP_ENUMERATE))
4290 {
4292 }
4295 }
4308 {
4310 }
4311 }
4312 }
4317 }
4320 }
4322 }
4324 static bool
4326 {
4340 }
4342 static bool
4344 {
4365 }
4367 /* See the SRC_FOR source note offsetBias comments later in this file. */
4373 class EmitLevelManager
4374 {
4379 };
4383 static bool
4385 {
4386 /*
4387 * Morph STMT_BLOCK to STMT_CATCH, note the block entry code offset,
4388 * and save the block object atom.
4389 */
4394 /* Go up one statement info record to the TRY or FINALLY record. */
4398 /* Pick up the pending exception and bind it to the catch variable. */
4402 /*
4403 * Dup the exception object if there is a guard for rethrowing to use
4404 * it later when rethrowing or in other catches.
4405 */
4420 /* Inline and specialize BindNameToSlot for pn2. */
4430 }
4432 // If there is a guard expression, emit it and arrange to jump to the next
4433 // catch block if the guard expression is false.
4438 // If the guard expression is false, fall through, pop the block scope,
4439 // and jump to the next catch block. Otherwise jump over that code and
4440 // pop the dupped exception.
4445 {
4448 // Move exception back to cx->exception to prepare for
4449 // the next catch.
4453 // Leave the scope for this catch block.
4457 // Jump to the next handler. The jump target is backpatched by EmitTry.
4462 }
4464 // Back to normal control flow.
4467 // Pop duplicated exception object as we no longer need it.
4470 }
4472 /* Emit the catch body. */
4474 }
4476 // Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See the
4477 // comment on EmitSwitch.
4478 //
4479 MOZ_NEVER_INLINE static bool
4481 {
4484 // Push stmtInfo to track jumps-over-catches and gosubs-to-finally
4485 // for later fixup.
4486 //
4487 // When a finally block is active (STMT_FINALLY in our parse context),
4488 // non-local jumps (including jumps-over-catches) result in a GOSUB
4489 // being written into the bytecode stream and fixed-up later (c.f.
4490 // EmitBackPatchOp and BackPatch).
4491 //
4494 // Since an exception can be thrown at any place inside the try block,
4495 // we need to restore the stack and the scope chain before we transfer
4496 // the control to the exception handler.
4497 //
4498 // For that we store in a try note associated with the catch or
4499 // finally block the stack depth upon the try entry. The interpreter
4500 // uses this depth to properly unwind the stack and the scope chain.
4501 //
4504 // Record the try location, then emit the try block.
4513 // GOSUB to finally, if present.
4517 }
4519 // Source note points to the jump at the end of the try block.
4523 // Emit jump over catch and/or finally.
4530 // If this try has a catch block, emit it.
4532 // The emitted code for a catch block looks like:
4533 //
4534 // [pushblockscope] only if any local aliased
4535 // exception
4536 // if there is a catchguard:
4537 // dup
4538 // setlocal 0; pop assign or possibly destructure exception
4539 // if there is a catchguard:
4540 // < catchguard code >
4541 // ifne POST
4542 // debugleaveblock
4543 // [popblockscope] only if any local aliased
4544 // throwing pop exception to cx->exception
4545 // goto <next catch block>
4546 // POST: pop
4547 // < catch block contents >
4548 // debugleaveblock
4549 // [popblockscope] only if any local aliased
4550 // goto <end of catch blocks> non-local; finally applies
4551 //
4552 // If there's no catch block without a catchguard, the last <next catch
4553 // block> points to rethrow code. This code will [gosub] to the finally
4554 // code if appropriate, and is also used for the catch-all trynote for
4555 // capturing exceptions thrown from catch{} blocks.
4556 //
4560 // Emit the lexical scope and catch body.
4565 // gosub <finally>, if required.
4570 }
4572 // Jump over the remaining catch blocks. This will get fixed
4573 // up to jump to after catch/finally.
4577 // If this catch block had a guard clause, patch the guard jump to
4578 // come here.
4583 // If this catch block is the last one, rethrow, delegating
4584 // execution of any finally block to the exception handler.
4590 }
4591 }
4592 }
4593 }
4597 // Emit the finally handler, if there is one.
4600 // Fix up the gosubs that might have been emitted before non-local
4601 // jumps to the finally code.
4607 // Indicate that we're emitting a subroutine body.
4614 {
4616 }
4618 }
4622 // ReconstructPCStack needs a NOP here to mark the end of the last catch block.
4626 // Fix up the end-of-try/catch jumps to come here.
4630 // Add the try note last, to let post-order give us the right ordering
4631 // (first to last for a given nesting level, inner to outer by level).
4635 // If we've got a finally, mark try+catch region with additional
4636 // trynote to catch exceptions (re)thrown from a catch block or
4637 // for the try{}finally{} case.
4642 }
4644 static bool
4646 {
4649 /* Initialize so we can detect else-if chains and avoid recursion. */
4655 if_again:
4656 /* Emit code for the condition before pushing stmtInfo. */
4663 /*
4664 * We came here from the goto further below that detects else-if
4665 * chains, so we must mutate stmtInfo back into a STMT_IF record.
4666 * Also we need a note offset for SRC_IF_ELSE to help IonMonkey.
4667 */
4673 }
4675 /* Emit an annotated branch-if-false around the then part. */
4684 /* Emit code for the then and optional else parts. */
4688 /* Modify stmtInfo so we know we're in the else part. */
4691 /*
4692 * Emit a JSOP_BACKPATCH op to jump from the end of our then part
4693 * around the else part. The PopStatementBCE call at the bottom of
4694 * this function will fix up the backpatch chain linked from
4695 * stmtInfo.breaks.
4696 */
4701 /* Ensure the branch-if-false comes here, then emit the else. */
4706 }
4711 /*
4712 * Annotate SRC_IF_ELSE with the offset from branch to jump, for
4713 * IonMonkey's benefit. We can't just "back up" from the pc
4714 * of the else clause, because we don't know whether an extended
4715 * jump was required to leap from the end of the then clause over
4716 * the else clause.
4717 */
4721 /* No else part, fixup the branch-if-false to come here. */
4723 }
4725 }
4727 /*
4728 * pnLet represents one of:
4729 *
4730 * let-expression: (let (x = y) EXPR)
4731 * let-statement: let (x = y) { ... }
4732 *
4733 * For a let-expression 'let (x = a, [y,z] = b) e', EmitLet produces:
4734 *
4735 * bytecode stackDepth srcnotes
4736 * evaluate a +1
4737 * evaluate b +1
4738 * dup +1
4739 * destructure y
4740 * pick 1
4741 * dup +1
4742 * destructure z
4743 * pick 1
4744 * pop -1
4745 * setlocal 2 -1
4746 * setlocal 1 -1
4747 * setlocal 0 -1
4748 * pushblockscope (if needed)
4749 * evaluate e +1
4750 * debugleaveblock
4751 * popblockscope (if needed)
4752 *
4753 * Note that, since pushblockscope simply changes fp->scopeChain and does not
4754 * otherwise touch the stack, evaluation of the let-var initializers must leave
4755 * the initial value in the let-var's future slot.
4756 */
4757 /*
4758 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
4759 * the comment on EmitSwitch.
4760 */
4761 MOZ_NEVER_INLINE static bool
4763 {
4775 /* Push storage for hoisted let decls (e.g. 'let (x) { let y }'). */
4778 if (!EnterBlockScope(cx, bce, &stmtInfo, letBody->pn_objbox, JSOP_UNINITIALIZED, valuesPushed))
4788 }
4790 /*
4791 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
4792 * the comment on EmitSwitch.
4793 */
4794 MOZ_NEVER_INLINE static bool
4796 {
4810 }
4812 static bool
4814 {
4825 }
4827 /**
4828 * EmitIterator expects the iterable to already be on the stack.
4829 * It will replace that stack value with the corresponding iterator
4830 */
4831 static bool
4833 {
4834 // Convert iterable to iterator.
4837 #ifdef JS_HAS_SYMBOLS
4838 if (Emit2(cx, bce, JSOP_SYMBOL, jsbytecode(JS::SymbolCode::iterator)) < 0) // OBJ OBJ @@ITERATOR
4842 #else
4845 #endif
4852 }
4854 static bool
4855 EmitForInOrOfVariables(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, bool* letDecl)
4856 {
4860 // If the left part is 'var x', emit code to define x if necessary using a
4861 // prolog opcode, but do not emit a pop. If it is 'let x', EnterBlockScope
4862 // will initialize let bindings in EmitForOf and EmitForIn with
4863 // undefineds.
4864 //
4865 // Due to the horror of legacy comprehensions, there is a third case where
4866 // we have PNK_LET without a lexical scope, because those expressions are
4867 // parsed with single lexical scope for the entire comprehension. In this
4868 // case we must initialize the lets to not trigger dead zone checks via
4869 // InitializeVars.
4879 }
4881 }
4884 }
4887 /**
4888 * If type is STMT_FOR_OF_LOOP, it emits bytecode for for-of loop.
4889 * pn should be PNK_FOR, and pn->pn_left should be PNK_FOROF.
4890 *
4891 * If type is STMT_SPREAD, it emits bytecode for spread operator.
4892 * pn should be nullptr.
4893 * Please refer the comment above EmitSpread for additional information about
4894 * stack convention.
4895 */
4896 static bool
4897 EmitForOf(ExclusiveContext* cx, BytecodeEmitter* bce, StmtType type, ParseNode* pn, ptrdiff_t top)
4898 {
4913 // For-of loops run with two values on the stack: the iterator and the
4914 // current result object.
4916 // Compile the object expression to the right of 'of'.
4922 // Push a dummy result so that we properly enter iteration midstream.
4925 }
4927 // Enter the block before the loop body, after evaluating the obj.
4928 // Initialize let bindings with undefined when entering, as the name
4929 // assigned to is a plain assignment.
4934 }
4939 // Jump down to the loop condition to minimize overhead assuming at least
4940 // one iteration, as the other loop forms do. Annotate so IonMonkey can
4941 // find the loop-closing jump.
4957 #ifdef DEBUG
4959 #endif
4961 // Emit code to assign result.value to the iteration variable.
4965 }
4974 // The stack should be balanced around the assignment opcode sequence.
4977 // Emit code for the loop body.
4981 // Set loop and enclosing "update" offsets, for continue.
4992 // STMT_SPREAD never contain continue, so do not set "update" offset.
4993 }
4995 // COME FROM the beginning of the loop to here.
5008 }
5022 // Let Ion know where the closing jump of this loop is.
5026 // Fixup breaks and continues.
5027 // For STMT_SPREAD, just pop pc->topStmt.
5037 }
5042 }
5044 // Pop the result and the iter.
5048 }
5050 static bool
5052 {
5061 /* Compile the object expression to the right of 'in'. */
5065 /*
5066 * Emit a bytecode to convert top of stack value to the iterator
5067 * object depending on the loop variant (for-in, for-each-in, or
5068 * destructuring for-in).
5069 */
5074 // For-in loops have both the iterator and the value on the stack. Push
5075 // undefined to balance the stack.
5079 // Enter the block before the loop body, after evaluating the obj.
5080 // Initialize let bindings with undefined when entering, as the name
5081 // assigned to is a plain assignment.
5086 }
5091 /* Annotate so IonMonkey can find the loop-closing jump. */
5096 /*
5097 * Jump down to the loop condition to minimize overhead assuming at
5098 * least one iteration, as the other loop forms do.
5099 */
5109 #ifdef DEBUG
5111 #endif
5113 // Emit code to assign the enumeration value to the left hand side, but
5114 // also leave it on the stack.
5118 /* The stack should be balanced around the assignment opcode sequence. */
5121 /* Emit code for the loop body. */
5125 /* Set loop and enclosing "update" offsets, for continue. */
5131 /*
5132 * Fixup the goto that starts the loop to jump down to JSOP_MOREITER.
5133 */
5147 /* Set the srcnote offset so we can find the closing jump. */
5151 // Fix up breaks and continues.
5155 // Pop the enumeration value.
5167 }
5170 }
5172 static bool
5174 {
5181 /* C-style for (init; cond; update) ... loop. */
5185 // No initializer, but emit a nop so that there's somewhere to put the
5186 // SRC_FOR annotation that IonBuilder will look for.
5195 }
5197 /*
5198 * NB: the SRC_FOR note has offsetBias 1 (JSOP_{NOP,POP}_LENGTH).
5199 * Use tmp to hold the biased srcnote "top" offset, which differs
5200 * from the top local variable by the length of the JSOP_GOTO
5201 * emitted in between tmp and top if this loop has a condition.
5202 */
5210 /* Goto the loop condition, which branches back to iterate. */
5217 }
5222 /* Emit code for the loop body. */
5230 /* Set the second note offset so we can find the update part. */
5234 /* Set loop and enclosing "update" offsets, for continue. */
5240 /* Check for update code to do before the condition (if any). */
5249 /* Always emit the POP or NOP to help IonBuilder. */
5253 /* Restore the absolute line number for source note readers. */
5260 }
5261 }
5266 /* Fix up the goto from top to target the loop condition. */
5274 }
5276 /* Set the first note offset so we can find the loop condition. */
5281 /* The third note offset helps us find the loop-closing jump. */
5285 /* If no loop condition, just emit a loop-closing jump. */
5293 /* Now fixup all breaks and continues. */
5295 }
5299 {
5308 }
5312 {
5317 /*
5318 * Set the EMITTEDFUNCTION flag in function definitions once they have been
5319 * emitted. Function definitions that need hoisting to the top of the
5320 * function will be seen by EmitFunc in two places.
5321 */
5327 }
5331 /*
5332 * Mark as singletons any function which will only be executed once, or
5333 * which is inner to a lambda we only expect to run once. In the latter
5334 * case, if the lambda runs multiple times then CloneFunctionObject will
5335 * make a deep clone of its contents.
5336 */
5353 }
5363 // Inherit most things (principals, version, etc) from the parent.
5377 sourceObject,
5391 /* We measured the max scope depth when we parsed the function. */
5397 }
5400 }
5402 /* Make the function object a literal in the outer script's pool. */
5405 /* Non-hoisted functions simply emit their respective op. */
5407 /* JSOP_LAMBDA_ARROW is always preceded by JSOP_THIS. */
5412 }
5414 /*
5415 * For a script we emit the code as we parse. Thus the bytecode for
5416 * top-level functions should go in the prolog to predefine their
5417 * names in the variable object before the already-generated main code
5418 * is executed. This extra work for top-level scripts is not necessary
5419 * when we emit the code for a function. It is fully parsed prior to
5420 * invocation of the emitter and calls to EmitTree for function
5421 * definitions can be scheduled before generating the rest of code.
5422 */
5434 #ifdef DEBUG
5437 bi++;
5441 #endif
5451 }
5454 }
5456 static bool
5458 {
5459 /* Emit an annotated nop so IonBuilder can recognize the 'do' loop. */
5468 /* Compile the loop body. */
5482 /* Set loop and enclosing label update offsets, for continue. */
5489 /* Compile the loop condition, now that continues know where to go. */
5500 /*
5501 * Update the annotations with the update and back edge positions, for
5502 * IonBuilder.
5503 *
5504 * Be careful: We must set noteIndex2 before noteIndex in case the noteIndex
5505 * note gets bigger.
5506 */
5513 }
5515 static bool
5517 {
5518 /*
5519 * Minimize bytecodes issued for one or more iterations by jumping to
5520 * the condition below the body and closing the loop if the condition
5521 * is true with a backward branch. For iteration count i:
5522 *
5523 * i test at the top test at the bottom
5524 * = =============== ==================
5525 * 0 ifeq-pass goto; ifne-fail
5526 * 1 ifeq-fail; goto; ifne-pass goto; ifne-pass; ifne-fail
5527 * 2 2*(ifeq-fail; goto); ifeq-pass goto; 2*ifne-pass; ifne-fail
5528 * . . .
5529 * N N*(ifeq-fail; goto); ifeq-pass goto; N*ifne-pass; ifne-fail
5530 */
5566 }
5568 static bool
5570 {
5572 SrcNoteType noteType;
5581 }
5584 }
5586 static bool
5588 {
5591 /* Find the loop statement enclosed by the matching label. */
5597 }
5602 }
5605 }
5607 static bool
5609 {
5613 }
5615 }
5617 static bool
5619 {
5626 }
5628 /* Push a return value */
5633 /* No explicit return value provided */
5636 }
5641 }
5643 /*
5644 * EmitNonLocalJumpFixup may add fixup bytecode to close open try
5645 * blocks having finally clauses and to exit intermingled let blocks.
5646 * We can't simply transfer control flow to our caller in that case,
5647 * because we must gosub to those finally clauses from inner to outer,
5648 * with the correct stack pointer (i.e., after popping any with,
5649 * for/in, etc., slots nested inside the finally's try).
5650 *
5651 * In this case we mutate JSOP_RETURN into JSOP_SETRVAL and add an
5652 * extra JSOP_RETRVAL after the fixups.
5653 */
5660 // Emit JSOP_SETALIASEDVAR .genrval to store the return value on the
5661 // scope chain, so it's not lost when we yield in a finally block.
5671 }
5675 }
5683 ScopeCoordinate sc;
5684 // We know that .generator and .genrval are on the top scope chain node,
5685 // as we just exited nested scopes.
5693 }
5704 }
5707 }
5709 static bool
5711 {
5718 }
5725 }
5729 }
5732 }
5744 }
5746 static bool
5748 {
5757 // Initial send value is undefined.
5768 // Try prologue. // ITER RESULT
5777 // Load the generator object.
5781 // Yield RESULT as-is, without re-boxing.
5785 // Try epilogue.
5793 // Catch location.
5797 // THROW? = 'throw' in ITER
5810 // if (THROW?) goto delegate
5820 // RESULT = ITER.throw(EXCEPTION) // EXCEPTION ITER
5840 // Catch epilogue.
5843 // This is a peace offering to ReconstructPCStack. See the note in EmitTry.
5849 // After the try/catch block: send the received value to the iterator.
5855 // Send location.
5856 // result = iter.next(received) // ITER RECEIVED
5876 // if (!result.done) goto tryStart; // ITER RESULT
5881 // if (!DONE) goto tryStart;
5885 // result.value
5896 }
5898 static bool
5900 {
5914 }
5917 }
5919 static bool
5921 {
5931 /*
5932 * Top-level or called-from-a-native JS_Execute/EvaluateScript,
5933 * debugger, and eval frames may need the value of the ultimate
5934 * expression statement as the script's result, despite the fact
5935 * that it appears useless to the compiler.
5936 *
5937 * API users may also set the JSOPTION_NO_SCRIPT_RVAL option when
5938 * calling JS_Compile* to suppress JSOP_SETRVAL.
5939 */
5946 }
5948 /* Don't eliminate expressions with side effects. */
5953 /*
5954 * Don't eliminate apparently useless expressions if they are
5955 * labeled expression statements. The pc->topStmt->update test
5956 * catches the case where we are nesting in EmitTree for a labeled
5957 * compound statement.
5958 */
5962 {
5964 }
5965 }
5975 // Don't complain about directive prologue members; just don't emit
5976 // their code.
5979 // Warn if encountering a non-directive prologue member string
5980 // expression statement, that is inconsistent with the current
5981 // directive prologue. That is, a script *not* starting with
5982 // "use strict" should warn for any "use strict" statements seen
5983 // later in the script, because such statements are misleading.
5993 }
5994 }
5999 }
6005 }
6006 }
6009 }
6011 static bool
6013 {
6014 /*
6015 * Under ECMA 3, deleting a non-reference returns true -- but alas we
6016 * must evaluate the operand if it appears it might have side effects.
6017 */
6027 {
6032 }
6034 {
6039 }
6041 {
6042 /*
6043 * If useless, just emit JSOP_TRUE; otherwise convert delete foo()
6044 * to foo(), true (a comma expression).
6045 */
6056 }
6060 }
6061 }
6064 }
6066 static bool
6069 static bool
6071 {
6072 // Special-casing of callFunction to emit bytecode that directly
6073 // invokes the callee with the correct |this| object and arguments.
6074 // callFunction(fun, thisArg, arg0, arg1) thus becomes:
6075 // - emit lookup for fun
6076 // - emit lookup for thisArg
6077 // - emit lookups for arg0, arg1
6078 //
6079 // argc is set to the amount of actually emitted args and the
6080 // emitting of args below is disabled by setting emitArgs to false.
6084 }
6101 }
6111 }
6113 static bool
6115 {
6116 // Syntax: resumeGenerator(gen, value, 'next'|'throw'|'close')
6120 }
6141 }
6143 static bool
6145 {
6151 }
6153 static bool
6155 {
6157 /*
6158 * Emit callable invocation or operator new (constructor call) code.
6159 * First, emit code for the left operand to evaluate the callable or
6160 * constructable object expression.
6161 *
6162 * For operator new, we emit JSOP_GETPROP instead of JSOP_CALLPROP, etc.
6163 * This is necessary to interpose the lambda-initialized method read
6164 * barrier -- see the code in jsinterp.cpp for JSOP_LAMBDA followed by
6165 * JSOP_{SET,INIT}PROP.
6166 *
6167 * Then (or in a call case that has no explicit reference-base
6168 * object) we emit JSOP_UNDEFINED to produce the undefined |this|
6169 * value required for calls (which non-strict mode functions
6170 * will box into the global object).
6171 */
6176 ? JSMSG_TOO_MANY_FUN_ARGS
6179 }
6186 // We shouldn't see foo(bar) = x in self-hosted code.
6189 // Calls to "forceInterpreter", "callFunction" or "resumeGenerator"
6190 // in self-hosted code generate inline bytecode.
6197 // Fall through.
6198 }
6212 }
6215 /*
6216 * Top level lambdas which are immediately invoked should be
6217 * treated as only running once. Every time they execute we will
6218 * create new types and scripts for their contents, to increase
6219 * the quality of type information within them and enable more
6220 * backend optimizations. Note that this does not depend on the
6221 * lambda being invoked at most once (it may be named or be
6222 * accessed via foo.caller indirection), as multiple executions
6223 * will just cause the inner scripts to be repeatedly cloned.
6224 */
6234 }
6242 }
6247 }
6249 /*
6250 * Emit code for each argument in order, then emit the JSOP_*CALL or
6251 * JSOP_NEW bytecode with a two-byte immediate telling how many args
6252 * were pushed on the operand stack.
6253 */
6260 }
6264 }
6273 }
6279 {
6282 }
6286 }
6288 }
6290 static bool
6292 {
6293 /*
6294 * JSOP_OR converts the operand on the stack to boolean, leaves the original
6295 * value on the stack and jumps if true; otherwise it falls into the next
6296 * bytecode, which pops the left operand and then evaluates the right operand.
6297 * The jump goes around the right operand evaluation.
6298 *
6299 * JSOP_AND converts the operand on the stack to boolean and jumps if false;
6300 * otherwise it falls into the right operand's bytecode.
6301 */
6318 }
6323 /* Left-associative operator chain: avoid too much recursion. */
6333 /* Emit nodes between the head and the tail. */
6345 }
6360 }
6362 /*
6363 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
6364 * the comment on EmitSwitch.
6365 */
6366 MOZ_NEVER_INLINE static bool
6368 {
6369 /* Emit lvalue-specialized code for ++/-- operators. */
6404 }
6415 }
6424 }
6426 }
6437 }
6438 }
6439 }
6441 }
6443 /*
6444 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
6445 * the comment on EmitSwitch.
6446 */
6447 MOZ_NEVER_INLINE static bool
6449 {
6450 /*
6451 * Emit a JSOP_LABEL instruction. The argument is the offset to the statement
6452 * following the labeled statement.
6453 */
6454 jsatomid index;
6462 /* Emit code for the labeled statement. */
6471 /* Patch the JSOP_LABEL offset. */
6474 }
6476 static bool
6477 EmitSyntheticStatements(ExclusiveContext* cx, BytecodeEmitter* bce, ParseNode* pn, ptrdiff_t top)
6478 {
6488 }
6490 }
6492 static bool
6493 EmitConditionalExpression(ExclusiveContext* cx, BytecodeEmitter* bce, ConditionalExpression& conditional)
6494 {
6495 /* Emit the condition, then branch if false to the else part. */
6505 /* Jump around else, fixup the branch, emit else, fixup jump. */
6511 /*
6512 * Because each branch pushes a single value, but our stack budgeting
6513 * analysis ignores branches, we now have to adjust bce->stackDepth to
6514 * ignore the value pushed by the first branch. Execution will follow
6515 * only one path, so we must decrement bce->stackDepth.
6516 *
6517 * Failing to do this will foil code, such as let expression and block
6518 * code generation, which must use the stack depth to compute local
6519 * stack indexes correctly.
6520 */
6527 }
6529 /*
6530 * Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
6531 * the comment on EmitSwitch.
6532 */
6533 MOZ_NEVER_INLINE static bool
6535 {
6539 /*
6540 * Emit code for {p:a, '%q':b, 2:c} that is equivalent to constructing
6541 * a new object and defining (in source order) each property on the object
6542 * (or mutating the object's [[Prototype]], in the case of __proto__).
6543 */
6548 /*
6549 * Try to construct the shape of the object as we go, so we can emit a
6550 * JSOP_NEWOBJECT with the final shape instead.
6551 */
6558 }
6564 // Handle __proto__: v specially because *only* this form, and no other
6565 // involving "__proto__", performs [[Prototype]] mutation.
6573 }
6575 /* Emit an index for t[2] for later consumption by JSOP_INITELEM. */
6583 // The parser already checked for atoms representing indexes and
6584 // used PNK_NUMBER instead, but also watch for ids which TI treats
6585 // as indexes for simpliciation of downstream analysis.
6591 }
6597 }
6599 /* Emit code for the property initializer. */
6618 }
6624 jsatomid index;
6633 JSPROP_ENUMERATE))
6634 {
6636 }
6639 }
6643 }
6644 }
6647 /*
6648 * The object survived and has a predictable shape: update the original
6649 * bytecode.
6650 */
6665 }
6668 }
6670 static bool
6672 {
6676 /*
6677 * Pass the new array's stack index to the PNK_ARRAYPUSH case via
6678 * bce->arrayCompDepth, then simply traverse the PNK_FOR node and
6679 * its kids under pn2 to generate this comprehension.
6680 */
6689 }
6691 /**
6692 * EmitSpread expects the current index (I) of the array, the array itself and the iterator to be
6693 * on the stack in that order (iterator on the bottom).
6694 * It will pop the iterator and I, then iterate over the iterator by calling |.next()|
6695 * and put the results into the I-th element of array with incrementing I, then
6696 * push the result I (it will be original I + iteration count).
6697 * The stack after iteration will look like |ARRAY INDEX|.
6698 */
6699 static bool
6701 {
6703 }
6705 static bool
6707 {
6708 /*
6709 * Emit code for [a, b, c] that is equivalent to constructing a new
6710 * array and in source order evaluating each element value and adding
6711 * it to the array, without invoking latent setters. We use the
6712 * JSOP_NEWINIT and JSOP_INITELEM_ARRAY bytecodes to ignore setters and
6713 * to avoid dup'ing and popping the array as each element is added, as
6714 * JSOP_SETELEM/JSOP_SETPROP would do.
6715 */
6720 nspread++;
6721 }
6729 // For arrays with spread, this is a very pessimistic allocation, the
6730 // minimum possible final size.
6734 jsatomid atomIndex;
6741 }
6751 }
6769 }
6770 }
6775 }
6777 }
6779 static bool
6781 {
6784 /* Unary op, including unary +/-. */
6798 }
6800 static bool
6802 {
6817 // Emit source note to enable ion compilation.
6830 }
6833 }
6835 bool
6837 {
6846 /* Emit notes to tell the current bytecode's source line number. */
6856 {
6860 // Carefully emit everything in the right order:
6861 // 1. Destructuring
6862 // 2. Defaults
6863 // 3. Functions
6866 // Assign the destructuring arguments before defining any functions,
6867 // see bug 419662.
6873 }
6881 // Defaults with a rest parameter need special handling. The
6882 // rest parameter needs to be undefined while defaults are being
6883 // processed. To do this, we create the rest argument and let it
6884 // sit on the stack while processing defaults. The rest
6885 // parameter's slot is set to undefined for the course of
6886 // default processing.
6895 // Only set the rest parameter if it's not aliased by a nested
6896 // function in the body.
6906 }
6907 }
6915 }
6916 }
6918 // Only bind the parameter if it's not aliased by a nested function
6919 // in the body.
6925 // Fill rest parameter. We handled the case with defaults above.
6936 }
6937 }
6939 // This block contains top-level function definitions. To ensure
6940 // that we emit the bytecode defining them before the rest of code
6941 // in the block we use a separate pass over functions. During the
6942 // main pass later the emitter will add JSOP_NOP with source notes
6943 // for the function to preserve the original functions position
6944 // when decompiling.
6945 //
6946 // Currently this is used only for functions, as compile-as-we go
6947 // mode for scripts does not allow separate emitter passes.
6952 }
6953 }
6954 }
6957 }
7041 {
7051 }
7053 }
7102 /* Left-associative operator chain: avoid too much recursion. */
7112 }
7114 /* Binary operators that evaluate both operands unconditionally. */
7121 }
7175 // TODO: Implement emitter support for modules
7180 /*
7181 * The array object's stack index is in bce->arrayCompDepth. See below
7182 * under the array initialiser code generator for array comprehension
7183 * special casing. Note that the array object is a pure stack value,
7184 * unaliased by blocks, so we can EmitUnaliasedVarOp.
7185 */
7193 }
7202 // Bake in the object entirely if it will only be created once.
7205 }
7207 // If the array consists entirely of primitive values, make a
7208 // template object with copy on write elements that can be reused
7209 // every time the initializer executes.
7215 // Note: the type of the template object might not yet reflect
7216 // that the object has copy on write elements. When the
7217 // interpreter or JIT compiler fetches the template, it should
7218 // use types::GetOrFixupCopyOnWriteObject to make sure the type
7219 // for the template is accurate. We don't do this here as we
7220 // want to use types::InitObject, which requires a finished
7221 // script.
7232 }
7233 }
7234 }
7290 }
7292 /* bce->emitLevel == 1 means we're last on the stack, so finish up. */
7296 }
7299 }
7301 static int
7303 {
7304 // Start it off moderately large to avoid repeated resizings early on.
7305 // ~99% of cases fit within 256 bytes.
7313 }
7315 }
7317 int
7319 {
7327 /*
7328 * Compute delta from the last annotated bytecode's offset. If it's too
7329 * big to fit in sn, allocate one or more xdelta notes and reset sn.
7330 */
7343 }
7345 /*
7346 * Initialize type and delta, then allocate the minimum number of notes
7347 * needed for type's arity. Usually, we won't need more, but if an offset
7348 * does take two bytes, SetSrcNoteOffset will grow notes.
7349 */
7354 }
7356 }
7358 int
7359 frontend::NewSrcNote2(ExclusiveContext* cx, BytecodeEmitter* bce, SrcNoteType type, ptrdiff_t offset)
7360 {
7367 }
7369 }
7371 int
7372 frontend::NewSrcNote3(ExclusiveContext* cx, BytecodeEmitter* bce, SrcNoteType type, ptrdiff_t offset1,
7374 {
7383 }
7385 }
7387 bool
7388 frontend::AddToSrcNoteDelta(ExclusiveContext* cx, BytecodeEmitter* bce, jssrcnote* sn, ptrdiff_t delta)
7389 {
7390 /*
7391 * Called only from FinishTakingSrcNotes to add to main script note
7392 * deltas, and only by a small positive amount.
7393 */
7403 jssrcnote xdelta;
7407 }
7409 }
7411 static bool
7414 {
7418 }
7422 /* Find the offset numbered which (i.e., skip exactly which offsets). */
7429 }
7431 /*
7432 * See if the new offset requires four bytes either by being too big or if
7433 * the offset has already been inflated (in which case, we need to stay big
7434 * to not break the srcnote encoding if this isn't the last srcnote).
7435 */
7437 /* Maybe this offset was already set to a four-byte value. */
7439 /* Insert three dummy bytes that will be overwritten shortly. */
7444 {
7447 }
7448 }
7452 }
7455 }
7457 /*
7458 * Finish taking source notes in cx's notePool.
7459 * If successful, the final source note count is stored in the out outparam.
7460 */
7461 bool
7463 {
7473 /*
7474 * Either no prolog srcnotes, or no line number change over prolog.
7475 * We don't need a SRC_SETLINE, but we may need to adjust the offset
7476 * of the first main note, by adding to its delta and possibly even
7477 * prepending SRC_XDELTA notes to it to account for prolog bytecodes
7478 * that came at and after the last annotated bytecode.
7479 */
7483 /* NB: Use as much of the first main note's delta as we can. */
7498 }
7499 }
7500 }
7502 // The prolog count might have changed, so we can't reuse prologCount.
7503 // The + 1 is to account for the final SN_MAKE_TERMINATOR that is appended
7504 // when the notes are copied to their final destination by CopySrcNotes.
7507 }
7509 void
7511 {
7520 }
7522 void
7524 {
7529 }
7531 /*
7532 * Find the index of the given object for code generator.
7533 *
7534 * Since the emitter refers to each parsed object only once, for the index we
7535 * use the number of already indexes objects. We also add the object to a list
7536 * to convert the list to a fixed-size array when we complete code generation,
7537 * see js::CGObjectList::finish below.
7538 *
7539 * Most of the objects go to BytecodeEmitter::objectList but for regexp we use
7540 * a separated BytecodeEmitter::regexpList. In this way the emitted index can
7541 * be directly used to store and fetch a reference to a cloned RegExp object
7542 * that shares the same JSRegExp private data created for the object literal in
7543 * objbox. We need a cloned object to hold lastIndex and other direct
7544 * properties that should not be shared among threads sharing a precompiled
7545 * function or script.
7546 *
7547 * If the code being compiled is function code, allocate a reserved slot in
7548 * the cloned function object that shares its precompiled script with other
7549 * cloned function objects and with the compiler-created clone-parent. There
7550 * are nregexps = script->regexps()->length such reserved slots in each
7551 * function object cloned from fun->object. NB: during compilation, a funobj
7552 * slots element must never be allocated, because JSObject::allocSlot could
7553 * hand out one of the slots that should be given to a regexp clone.
7554 *
7555 * If the code being compiled is global code, the cloned regexp are stored in
7556 * fp->vars slot and to protect regexp slots from GC we set fp->nvars to
7557 * nregexps.
7558 *
7559 * The slots initially contain undefined or null. We populate them lazily when
7560 * JSOP_REGEXP is executed for the first time.
7561 *
7562 * Why clone regexp objects? ECMA specifies that when a regular expression
7563 * literal is scanned, a RegExp object is created. In the spec, compilation
7564 * and execution happen indivisibly, but in this implementation and many of
7565 * its embeddings, code is precompiled early and re-executed in multiple
7566 * threads, or using multiple global objects, or both, for efficiency.
7567 *
7568 * In such cases, naively following ECMA leads to wrongful sharing of RegExp
7569 * objects, which makes for collisions on the lastIndex property (especially
7570 * for global regexps) and on any ad-hoc properties. Also, __proto__ refers to
7571 * the pre-compilation prototype, a pigeon-hole problem for instanceof tests.
7572 */
7573 unsigned
7575 {
7580 }
7582 unsigned
7584 {
7588 index--;
7590 }
7592 void
7594 {
7606 }
7608 ObjectBox*
7610 {
7616 }
7618 bool
7620 {
7625 JSTryNote note;
7632 }
7634 void
7636 {
7641 }
7643 bool
7645 {
7646 BlockScopeNote note;
7654 }
7656 uint32_t
7658 {
7666 // We are looking for the nearest enclosing live scope. If the
7667 // scope contains POS, it should still be open, so its length should
7668 // be zero.
7671 // Conversely, if the length is not zero, it should not contain
7672 // POS.
7674 }
7675 }
7678 }
7680 void
7682 {
7688 }
7690 void
7692 {
7697 }
7699 void
7701 {
7706 }
7708 /*
7709 * We should try to get rid of offsetBias (always 0 or 1, where 1 is
7710 * JSOP_{NOP,POP}_LENGTH), which is used only by SRC_FOR.
7711 */
7713 #define DEFINE_SRC_NOTE_SPEC(sym, name, arity) { name, arity },
7715 #undef DEFINE_SRC_NOTE_SPEC
7716 };
7718 static int
7720 {
7723 }
7727 {
7735 }
7737 }
7741 {
7742 /* Find the offset numbered which (i.e., skip exactly which offsets). */
7748 }
7754 }
7756 }