| blob | f4f5d3909f030f7db51479c6ffcc8ed0aad4b979 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /*
8 * JS parser.
9 *
10 * This is a recursive-descent parser for the JavaScript language specified by
11 * "The JavaScript 1.5 Language Specification". It uses lexical and semantic
12 * feedback to disambiguate non-LL(1) structures. It generates trees of nodes
13 * induced by the recursive parsing (not precise syntax trees, see Parser.h).
14 * After tree construction, it rewrites trees to fold constants and evaluate
15 * compile-time expressions.
16 *
17 * This parser attempts no error recovery.
18 */
59 /* Read a token. Report an error and return null() if that token isn't of type tt. */
60 #define MUST_MATCH_TOKEN(tt, errno) \
61 JS_BEGIN_MACRO \
62 TokenKind token; \
63 if (!tokenStream.getToken(&token)) \
64 return null(); \
65 if (token != tt) { \
66 report(ParseError, false, null(), errno); \
67 return null(); \
68 } \
69 JS_END_MACRO
74 bool
76 {
80 }
84 }
93 static void
95 {
98 }
101 bool
103 {
107 }
109 }
111 static void
113 {
121 // In ES6, lexical bindings cannot be accessed until initialized.
122 // Distinguish hoisted uses as a different JSOp for easier compilation.
127 }
128 }
130 // See comment on member function declaration.
132 bool
135 {
142 else
160 }
169 }
172 }
194 }
213 }
228 }
230 // In ES6, lexical bindings cannot be accessed until initialized. If
231 // the definition has existing uses, they need to be marked so that we
232 // emit dead zone checks.
241 }
244 }
247 bool
249 {
251 }
254 bool
257 {
263 // Keep track of the number of arguments in args_, for fun->nargs.
270 }
271 }
274 }
277 void
278 ParseContext<ParseHandler>::prepareToAddDuplicateArg(HandlePropertyName name, DefinitionNode prevDecl)
279 {
282 }
285 void
287 {
297 }
312 }
313 }
316 void
318 {
322 }
325 static void
328 {
336 // Treat body-level let declarations as var bindings by falling
337 // through. The fact that the binding is in fact a let declaration
338 // is reflected in the slot. All body-level lets go after the
339 // vars.
352 }
354 /*
355 * Bindings::init does not check for duplicates so we must ensure that
356 * only one binding with a given name is marked aliased. pc->decls
357 * maintains the canonical definition for each name, so use that.
358 */
367 }
368 }
371 bool
375 {
380 /*
381 * Avoid pathological edge cases by explicitly limiting the total number of
382 * bindings to what will fit in a uint32_t.
383 */
387 // Fix up the slots of body-level lets to come after the vars now that we
388 // know how many vars there are.
393 }
400 }
413 packedBindings);
414 }
417 bool
420 {
427 result =
436 }
438 }
441 bool
442 Parser<ParseHandler>::report(ParseReportKind kind, bool strict, Node pn, unsigned errorNumber, ...)
443 {
451 }
454 bool
455 Parser<ParseHandler>::reportNoOffset(ParseReportKind kind, bool strict, unsigned errorNumber, ...)
456 {
462 }
465 bool
468 {
474 }
477 bool
479 {
482 }
485 bool
487 {
490 }
508 #ifdef DEBUG
510 #endif
520 {
521 {
524 }
526 // The Mozilla specific JSOPTION_EXTRA_WARNINGS option adds extra warnings
527 // which are not generated if functions are parsed lazily. Note that the
528 // standard "use strict" does not inhibit lazy parsing.
533 }
536 bool
538 {
539 #ifdef DEBUG
541 #endif
547 }
551 {
558 /*
559 * The parser can allocate enormous amounts of memory for large functions.
560 * Eagerly free the memory now (which otherwise won't be freed until the
561 * next GC) to avoid unnecessary OOMs.
562 */
565 {
568 }
569 }
572 ObjectBox*
574 {
577 /*
578 * We use JSContext.tempLifoAlloc to allocate parsed objects and place them
579 * on a list in this Parser to ensure GC safety. Thus the tempLifoAlloc
580 * arenas containing the entries must be alive until we are done with
581 * scanning, parsing and code generation for the whole script or top-level
582 * function.
583 */
589 }
594 }
616 {
617 // Functions created at parse time may be set singleton after parsing and
618 // baked into JIT code, so they must be allocated tenured. They are held by
619 // the JSScript so cannot be collected during a minor GC anyway.
626 // This covers cases that don't involve eval(). For example:
627 //
628 // with (o) { (function() { g(); })(); }
629 //
630 // In this case, |outerpc| corresponds to global code, and
631 // outerpc->parsingWith is true.
635 // This covers the case where a function is nested within an eval()
636 // within a |with| statement.
637 //
638 // with (o) { eval("(function() { g(); })();"); }
639 //
640 // In this case, |outerpc| corresponds to the eval(),
641 // outerpc->parsingWith is false because the eval() breaks the
642 // ParseContext chain, and |parent| is nullptr (again because of the
643 // eval(), so we have to look at |outerpc|'s scopeChain.
644 //
650 }
652 // This is like the above case, but for more deeply nested functions.
653 // For example:
654 //
655 // with (o) { eval("(function() { (function() { g(); })(); })();"); } }
656 //
657 // In this case, the inner anonymous function needs to inherit the
658 // setting of |inWith| from the outer one.
662 }
663 }
666 FunctionBox*
667 Parser<ParseHandler>::newFunctionBox(Node fn, JSFunction* fun, ParseContext<ParseHandler>* outerpc,
669 {
672 /*
673 * We use JSContext.tempLifoAlloc to allocate parsed objects and place them
674 * on a list in this Parser to ensure GC safety. Thus the tempLifoAlloc
675 * arenas containing the entries must be alive until we are done with
676 * scanning, parsing and code generation for the whole script or top-level
677 * function.
678 */
682 generatorKind);
686 }
693 }
696 void
698 {
700 }
702 void
704 {
706 }
708 /*
709 * Parse a top-level JS script.
710 */
714 {
717 /*
718 * Protect atoms from being collected by a GC activation, which might
719 * - nest on this thread due to out of memory (the so-called "last ditch"
720 * GC attempted within js_NewGCThing), or
721 * - run for any reason on another thread if this thread is suspended on
722 * an object lock before it finishes generating bytecode into a script
723 * protected from the GC by a root or a stack frame reference.
724 */
736 TokenKind tt;
743 }
747 }
748 }
750 }
753 bool
756 {
757 JSAutoByteString name;
764 }
766 }
768 /*
769 * Check that assigning to lhs is permitted. Assigning to 'eval' or
770 * 'arguments' is banned in strict mode.
771 */
773 bool
775 {
784 JSAutoByteString name;
790 }
792 }
794 /*
795 * Check that it is permitted to introduce a binding for atom. Strict mode
796 * forbids introducing new definitions for 'eval', 'arguments', or for any
797 * strict mode reserved keyword. Use pn for reporting error locations, or use
798 * pc's token stream if pn is nullptr.
799 */
801 bool
803 {
808 JSAutoByteString bytes;
813 }
816 }
819 ParseNode*
820 Parser<FullParseHandler>::standaloneFunctionBody(HandleFunction fun, const AutoNameVector& formals,
821 GeneratorKind generatorKind,
822 Directives inheritedDirectives,
824 {
839 generatorKind);
854 }
860 TokenKind tt;
867 }
881 }
884 bool
886 {
887 /*
888 * Non-top-level functions use JSOP_DEFFUN which is a dynamic scope
889 * operation which means it aliases any bindings with the same name.
890 */
896 }
897 }
899 /* Time to implement the odd semantics of 'arguments'. */
902 /*
903 * As explained by the ContextFlags::funArgumentsHasLocalBinding comment,
904 * create a declaration for 'arguments' if there are any unbound uses in
905 * the function body.
906 */
916 }
917 }
919 /*
920 * Report error if both rest parameters and 'arguments' are used. Do this
921 * check before adding artificial 'arguments' below.
922 */
925 // ES6 9.2.13.17 says that a lexical binding of 'arguments' shadows the
926 // arguments object.
934 }
936 /*
937 * Even if 'arguments' isn't explicitly mentioned, dynamic name lookup
938 * forces an 'arguments' binding. The exception is that functions with rest
939 * parameters are free from 'arguments'.
940 */
949 }
951 /*
952 * Now that all possible 'arguments' bindings have been added, note whether
953 * 'arguments' has a local binding and whether it unconditionally needs an
954 * arguments object. (Also see the flags' comments in ContextFlags.)
955 */
960 /*
961 * If a script has both explicit mentions of 'arguments' and dynamic
962 * name lookups which could access the arguments, an arguments object
963 * must be created eagerly. The SSA analysis used for lazy arguments
964 * cannot cope with dynamic name accesses, so any 'arguments' accessed
965 * via a NAME opcode must force construction of the arguments object.
966 */
970 /*
971 * If a script contains the debugger statement either directly or
972 * within an inner function, the arguments object must be created
973 * eagerly. The debugger can walk the scope chain and observe any
974 * values along it.
975 */
979 /*
980 * Check whether any parameters have been assigned within this
981 * function. In strict mode parameters do not alias arguments[i], and
982 * to make the arguments object reflect initial parameter values prior
983 * to any mutation we create it eagerly whenever parameters are (or
984 * might, in the case of calls to eval) be assigned.
985 */
993 }
994 }
995 /* Watch for mutation of arguments through e.g. eval(). */
998 }
999 }
1002 }
1005 bool
1007 {
1015 }
1021 }
1022 }
1025 }
1030 {
1034 #ifdef DEBUG
1036 #endif
1038 Node pn;
1054 }
1062 // FIXME: Catch these errors eagerly, in yieldExpression().
1068 }
1071 JSMSG_BAD_GENERATOR_RETURN,
1072 JSMSG_BAD_ANON_GENERATOR_RETURN);
1074 }
1081 }
1097 }
1106 }
1108 /* Define the 'arguments' binding if necessary. */
1113 }
1115 /* See comment for use in Parser::functionDef. */
1117 bool
1119 {
1120 /* Turn pn into a definition. */
1123 /* Change all uses of dn to be uses of pn. */
1129 }
1133 /*
1134 * A PNK_FUNCTION node must be a definition, so convert shadowed function
1135 * statements into nops. This is valid since all body-level function
1136 * statement initialization happens at the beginning of the function
1137 * (thus, only the last statement's effect is visible). E.g., in
1138 *
1139 * function outer() {
1140 * function g() { return 1 }
1141 * assertEq(g(), 2);
1142 * function g() { return 2 }
1143 * assertEq(g(), 2);
1144 * }
1145 *
1146 * both asserts are valid.
1147 */
1155 }
1157 /*
1158 * If dn is in [var, const, let] and has an initializer, then we
1159 * must rewrite it to be an assignment node, whose freshly allocated
1160 * left-hand side becomes a use of pn.
1161 */
1170 }
1171 }
1173 /* Turn dn into a use of pn. */
1184 }
1186 /*
1187 * Parameter block types for the several Binder functions. We use a common
1188 * helper function signature in order to share code among destructuring and
1189 * simple variable declaration parsers. In the destructuring case, the binder
1190 * function is called indirectly from the variable declaration parser by way
1191 * of checkDestructuring and its friends.
1192 */
1195 struct BindData
1196 {
1202 /* name node for definition processing and error source coordinates */
1211 VarContext varContext;
1212 RootedStaticBlockObject blockObj;
1225 }
1231 }
1232 };
1235 JSFunction*
1238 {
1241 /*
1242 * Find the global compilation context in order to pre-set the newborn
1243 * function's parent slot to pc->sc->as<GlobalObject>()->scopeChain. If the
1244 * global context is a compile-and-go one, we leave the pre-set parent
1245 * intact; otherwise we clear parent and proto.
1246 */
1266 }
1268 static bool
1270 {
1271 TokenKind tt;
1275 /* Advance the scanner for proper error location reporting. */
1279 }
1282 }
1286 Parser<ParseHandler>::getOrCreateLexicalDependency(ParseContext<ParseHandler>* pc, JSAtom* atom)
1287 {
1299 }
1301 static bool
1304 {
1311 /*
1312 * Since 'dn' is a placeholder, it has not been defined in the
1313 * ParseContext and hence we must manually flag a closed-over
1314 * callee name as needing a dynamic scope (this is done for all
1315 * definitions in the ParseContext by generateFunctionBindings).
1316 *
1317 * If 'dn' has been assigned to, then we also flag the function
1318 * scope has needing a dynamic scope so that dynamic scope
1319 * setter can either ignore the set (in non-strict mode) or
1320 * produce an error (in strict mode).
1321 */
1325 }
1327 static bool
1330 {
1336 }
1338 static void
1341 {
1349 }
1353 }
1355 /*
1356 * Beware: this function is called for functions nested in other functions or
1357 * global scripts but not for functions compiled through the Function
1358 * constructor or JSAPI. To always execute code when a function has finished
1359 * parsing, use Parser::functionBody.
1360 */
1362 bool
1363 Parser<FullParseHandler>::leaveFunction(ParseNode* fn, ParseContext<FullParseHandler>* outerpc,
1364 FunctionSyntaxKind kind)
1365 {
1372 /* Propagate unresolved lexical names up to outerpc->lexdeps. */
1383 }
1387 /*
1388 * Make sure to deoptimize lexical dependencies that are polluted
1389 * by eval and function statements (which both flag the function as
1390 * having an extensible scope) or any enclosing 'with'.
1391 */
1396 /*
1397 * Create a new placeholder for our outer lexdep. We could
1398 * simply re-use the inner placeholder, but that introduces
1399 * subtleties in the case where we find a later definition
1400 * that captures an existing lexdep. For example:
1401 *
1402 * function f() { function g() { x; } let x; }
1403 *
1404 * Here, g's TOK_UPVARS node lists the placeholder for x,
1405 * which must be captured by the 'let' declaration later,
1406 * since 'let's are hoisted. Taking g's placeholder as our
1407 * own would work fine. But consider:
1408 *
1409 * function f() { x; { function g() { x; } let x; } }
1410 *
1411 * Here, the 'let' must not capture all the uses of f's
1412 * lexdep entry for x, but it must capture the x node
1413 * referred to from g's TOK_UPVARS node. Always turning
1414 * inherited lexdeps into uses of a new outer definition
1415 * allows us to handle both these cases in a natural way.
1416 */
1420 }
1422 /*
1423 * Insert dn's uses list at the front of outer_dn's list.
1424 *
1425 * Without loss of generality or correctness, we allow a dn to
1426 * be in inner and outer lexdeps, since the purpose of lexdeps
1427 * is one-pass coordination of name use and definition across
1428 * functions, and if different dn's are used we'll merge lists
1429 * when leaving the inner function.
1430 *
1431 * The dn == outer_dn case arises with generator expressions
1432 * (see LegacyCompExprTransplanter::transplant, the PN_CODE/PN_NAME
1433 * case), and nowhere else, currently.
1434 */
1437 // In ES6, lexical bindings cannot be accessed until
1438 // initialized. If we are parsing a body-level function,
1439 // it is hoisted to the top, so we conservatively mark all
1440 // uses linked to an outer lexical binding as needing TDZ
1441 // checks. e.g.,
1442 //
1443 // function outer() {
1444 // inner2();
1445 // function inner() { use(x); }
1446 // function inner2() { inner(); }
1447 // let x;
1448 // }
1449 //
1450 // The use of 'x' inside 'inner' needs to be marked.
1451 //
1452 // Note that to not be fully conservative requires a call
1453 // graph analysis of all body-level functions to compute
1454 // the transitive closure of which hoisted body level use
1455 // of which function forces TDZ checks on which uses. This
1456 // is unreasonably difficult to do in a single pass parser
1457 // like ours.
1458 //
1459 // Similarly, if we are closing over a lexical binding
1460 // from another case in a switch, those uses also need to
1461 // be marked as needing dead zone checks.
1467 }
1470 }
1472 /* Mark the outer dn as escaping. */
1474 }
1475 }
1480 }
1483 bool
1485 FunctionSyntaxKind kind)
1486 {
1491 }
1493 /*
1494 * defineArg is called for both the arguments of a regular function definition
1495 * and the arguments specified by the Function constructor.
1496 *
1497 * The 'disallowDuplicateArgs' bool indicates whether the use of another
1498 * feature (destructuring or default arguments) disables duplicate arguments.
1499 * (ECMA-262 requires us to support duplicate parameter names, but, for newer
1500 * features, we consider the code to have "opted in" to higher standards and
1501 * forbid duplicates.)
1502 *
1503 * If 'duplicatedArg' is non-null, then DefineArg assigns to it any previous
1504 * argument with the same name. The caller may use this to report an error when
1505 * one of the abovementioned features occurs after a duplicate.
1506 */
1508 bool
1511 {
1514 /* Handle duplicate argument names. */
1518 /*
1519 * Strict-mode disallows duplicate args. We may not know whether we are
1520 * in strict mode or not (since the function body hasn't been parsed).
1521 * In such cases, report will queue up the potential error and return
1522 * 'true'.
1523 */
1525 JSAutoByteString bytes;
1530 {
1532 }
1533 }
1538 }
1543 /* ParseContext::define assumes and asserts prevDecl is not in decls. */
1546 }
1557 }
1563 {
1570 }
1576 }
1579 bool
1582 {
1589 TokenKind tt;
1594 }
1596 TokenKind tt;
1603 }
1605 // Record the start of function source (for FunctionToString). If we
1606 // are parenFreeArrow, we will set this below, after consuming the NAME.
1608 }
1624 }
1634 }
1636 TokenKind tt;
1643 {
1644 /* See comment below in the TOK_NAME case. */
1648 }
1653 }
1657 /*
1658 * A destructuring formal parameter turns into one or more
1659 * local variables initialized from properties of a single
1660 * anonymous positional parameter, so here we must tweak our
1661 * binder and its data.
1662 */
1671 /*
1672 * Synthesize a destructuring assignment from the single
1673 * anonymous positional parameter into the destructuring
1674 * left-hand-side expression and accumulate it in list.
1675 */
1694 }
1696 }
1704 {
1711 }
1713 }
1715 TOK_NAME:
1717 {
1730 // A default argument without parentheses would look like:
1731 // a = expr => body, but both operators are right-associative, so
1732 // that would have been parsed as a = (expr => body) instead.
1733 // Therefore it's impossible to get here with parenFreeArrow.
1739 }
1743 }
1747 // The Function.length property is the number of formals
1748 // before the first default argument.
1750 }
1755 }
1758 }
1763 }
1773 }
1776 TokenKind tt;
1782 }
1783 }
1787 }
1790 }
1793 bool
1797 {
1801 /* Function statements add a binding to the enclosing scope. */
1805 /*
1806 * Handle redeclaration and optimize cases where we can statically bind the
1807 * function (thereby avoiding JSOP_DEFFUN and dynamic name lookup).
1808 */
1817 JSAutoByteString name;
1818 ParseReportKind reporter = throwRedeclarationError
1819 ? ParseError
1824 {
1826 }
1827 }
1829 /*
1830 * Body-level function statements are effectively variable
1831 * declarations where the initialization is hoisted to the
1832 * beginning of the block. This means that any other variable
1833 * declaration with the same name is really just an assignment to
1834 * the function's binding (which is mutable), so turn any existing
1835 * declaration into a use.
1836 */
1839 // The exception to the above comment is when the function
1840 // has the same name as an argument. Then the argument node
1841 // remains a definition. But change the function node pn so
1842 // that it knows where the argument is located.
1851 }
1852 }
1854 /*
1855 * If this function was used before it was defined, claim the
1856 * pre-created definition node for this function that primaryExpr
1857 * put in pc->lexdeps on first forward reference, and recycle pn.
1858 */
1872 }
1876 }
1883 /*
1884 * As a SpiderMonkey-specific extension, non-body-level function
1885 * statements (e.g., functions in an "if" or "while" block) are
1886 * dynamically bound when control flow reaches the statement.
1887 */
1894 }
1897 /*
1898 * Instead of setting bindingsAccessedDynamically, which would be
1899 * overly conservative, remember the names of all function
1900 * statements and mark any bindings with the same as aliased at the
1901 * end of functionBody.
1902 */
1907 }
1911 /*
1912 * Due to the implicit declaration mechanism, 'arguments' will not
1913 * have decls and, even if it did, they will not be noted as closed
1914 * in the emitter. Thus, in the corner case of function statements
1915 * overridding arguments, flag the whole scope as dynamic.
1916 */
1919 }
1921 /* No further binding (in BindNameToSlot) is needed for functions. */
1924 /* A function expression does not introduce any binding. */
1926 }
1928 // When a lazily-parsed function is called, we only fully parse (and emit)
1929 // that function, not any of its nested children. The initial syntax-only
1930 // parse recorded the free variables of nested functions and their extents,
1931 // so we can skip over them after accounting for their free variables.
1943 // The position passed to tokenStream.advance() is an offset of the sort
1944 // returned by userbuf.offset() and expected by userbuf.rawCharPtrAt(),
1945 // while LazyScript::{begin,end} offsets are relative to the outermost
1946 // script source.
1953 }
1956 }
1961 {
1966 }
1969 bool
1972 {
1973 // Update any definition nodes in this context according to free variables
1974 // in a lazily parsed inner function.
1982 // 'arguments' will be implicitly bound within the inner function.
1992 }
1994 // In ES6, lexical bindings are unaccessible before initialization. If
1995 // the inner function closes over a placeholder definition, we need to
1996 // mark the variable as maybe needing a dead zone check when we emit
1997 // bytecode.
1998 //
1999 // Note that body-level function declaration statements are always
2000 // hoisted to the top, so all accesses to free let variables need the
2001 // dead zone check.
2002 //
2003 // Subtlety: we don't need to check for closing over a non-dominating
2004 // lexical binding in a switch, as lexical declarations currently
2005 // disable syntax parsing. So a non-dominating but textually preceding
2006 // lexical declaration would have aborted syntax parsing, and a
2007 // textually following declaration would return true for
2008 // handler.isPlaceholderDefinition(dn) below.
2012 /* Mark the outer dn as escaping. */
2014 }
2018 }
2021 bool
2025 {
2028 /* Function statements add a binding to the enclosing scope. */
2032 /*
2033 * Handle redeclaration and optimize cases where we can statically bind the
2034 * function (thereby avoiding JSOP_DEFFUN and dynamic name lookup).
2035 */
2040 {
2041 JSAutoByteString name;
2045 {
2047 }
2048 }
2055 }
2059 }
2062 /* Arrow functions cannot yet be parsed lazily. */
2064 }
2067 }
2070 bool
2072 {
2078 TokenKind tt;
2084 }
2087 }
2090 bool
2092 {
2106 }
2109 }
2114 {
2120 TokenKind tt;
2132 }
2138 GeneratorKind generatorKind)
2139 {
2142 /* Make a TOK_FUNCTION node. */
2156 // If we are off the main thread, the generator meta-objects have
2157 // already been created by js::StartOffThreadParseScript, so cx will not
2158 // be necessary.
2163 }
2168 // Speculatively parse using the directives of the parent parsing context.
2169 // If a directive is encountered (e.g., "use strict") that changes how the
2170 // function should have been parsed, we backup and reparse with the new set
2171 // of directives.
2184 // Assignment must be monotonic to prevent reparsing iloops
2191 // functionArgsAndBody may have already set pn->pn_body before failing.
2193 }
2196 }
2199 bool
2202 {
2205 /*
2206 * If there were destructuring formal parameters, prepend the initializing
2207 * comma expression that we synthesized to body. If the body is a return
2208 * node, we must make a special PNK_SEQ node, to prepend the destructuring
2209 * code without bracing the decompilation of the function body.
2210 */
2222 }
2236 }
2244 }
2247 bool
2250 {
2251 // The LazyScript for a lazily parsed function needs to be constructed
2252 // while its ParseContext and associated lexdeps and inner functions are
2253 // still available.
2287 }
2290 bool
2293 GeneratorKind generatorKind,
2294 Directives inheritedDirectives,
2296 {
2299 // Create box for fun->object early to protect against last-ditch GC.
2304 // Try a syntax parse for this inner function.
2310 {
2311 // Move the syntax parser to the current position in the stream.
2325 {
2327 // Try again with a full parse.
2332 }
2334 }
2338 // Advance this parser over tokens processed by the syntax parser.
2343 // Update the end position of the parse node.
2345 }
2355 // Continue doing a full parse for this inner function.
2370 /*
2371 * Fruit of the poisonous tree: if a closure contains a dynamic name access
2372 * (eval, with, etc), we consider the parent to do the same. The reason is
2373 * that the deoptimizing effects of dynamic name access apply equally to
2374 * parents: any local can be read at runtime.
2375 */
2378 }
2381 bool
2384 GeneratorKind generatorKind,
2385 Directives inheritedDirectives,
2387 {
2390 // Create box for fun->object early to protect against last-ditch GC.
2395 // Initialize early for possible flags mutation via destructuringExpr.
2408 // This is a lazy function inner to another lazy function. Remember the
2409 // inner function so that if the outer function is eventually parsed we do
2410 // not need any further parsing or processing of the inner function.
2413 }
2416 bool
2418 {
2431 }
2434 ParseNode*
2437 {
2444 // Our tokenStream has no current token, so pn's position is garbage.
2445 // Substitute the position of the first token in our source.
2451 generatorKind);
2466 }
2473 }
2474 }
2485 }
2488 bool
2489 Parser<ParseHandler>::functionArgsAndBodyGeneric(Node pn, HandleFunction fun, FunctionType type,
2490 FunctionSyntaxKind kind)
2491 {
2492 // Given a properly initialized parse context, try to parse an actual
2493 // function without concern for conversion to strict mode, use of lazy
2494 // parsing and such.
2510 }
2514 }
2523 }
2524 }
2526 // Parse the function body.
2528 TokenKind tt;
2535 }
2543 }
2552 #if JS_HAS_EXPR_CLOSURES
2554 #endif
2561 }
2563 #if JS_HAS_EXPR_CLOSURES
2570 }
2571 #endif
2574 }
2577 bool
2579 {
2580 // In star generators and in JS >= 1.7, yield is a keyword. Otherwise in
2581 // strict mode, yield is a future reserved word.
2585 }
2587 }
2592 {
2597 TokenKind tt;
2605 }
2614 /* Unnamed function expressions are forbidden in statement context. */
2617 }
2619 /* We forbid function statements in strict mode code. */
2625 }
2630 {
2634 TokenKind tt;
2642 }
2653 }
2656 }
2658 /*
2659 * Return true if this node, known to be an unparenthesized string literal,
2660 * could be the string of a directive in a Directive Prologue. Directive
2661 * strings never contain escape sequences or line continuations.
2662 * isEscapeFreeStringLiteral, below, checks whether the node itself could be
2663 * a directive.
2664 */
2667 {
2668 /*
2669 * If the string's length in the source code is its length as a value,
2670 * accounting for the quotes, then it must not contain any escape
2671 * sequences or line continuations.
2672 */
2674 }
2677 bool
2679 {
2680 // While asm.js could technically be validated and compiled during syntax
2681 // parsing, we have no guarantee that some later JS wouldn't abort the
2682 // syntax parse and cause us to re-parse (and re-compile) the asm.js module.
2683 // For simplicity, unconditionally abort the syntax parse when "use asm" is
2684 // encountered so that asm.js is always validated/compiled exactly once
2685 // during a full parse.
2688 }
2691 bool
2693 {
2694 // Disable syntax parsing in anything nested inside the asm.js module.
2697 // We should be encountering the "use asm" directive for the first time; if
2698 // the directive is already, we must have failed asm.js validation and we're
2699 // reparsing. In that case, don't try to validate again. A non-null
2700 // newDirectives means we're not in a normal function.
2704 // If there is no ScriptSource, then we are doing a non-compiling parse and
2705 // so we shouldn't (and can't, without a ScriptSource) compile.
2711 // Attempt to validate and compile this asm.js module. On success, the
2712 // tokenStream has been advanced to the closing }. On failure, the
2713 // tokenStream is in an indeterminate state and we must reparse the
2714 // function from the beginning. Reparsing is triggered by marking that a
2715 // new directive has been encountered and returning 'false'.
2722 }
2725 }
2727 /*
2728 * Recognize Directive Prologue members and directives. Assuming |pn| is a
2729 * candidate for membership in a directive prologue, recognize directives and
2730 * set |pc|'s flags accordingly. If |pn| is indeed part of a prologue, set its
2731 * |pn_prologue| flag.
2732 *
2733 * Note that the following is a strict mode function:
2734 *
2735 * function foo() {
2736 * "blah" // inserted semi colon
2737 * "blurgh"
2738 * "use\x20loose"
2739 * "use strict"
2740 * }
2741 *
2742 * That is, even though "use\x20loose" can never be a directive, now or in the
2743 * future (because of the hex escape), the Directive Prologue extends through it
2744 * to the "use strict" statement, which is indeed a directive.
2745 */
2747 bool
2749 {
2750 TokenPos directivePos;
2758 // Mark this statement as being a possibly legitimate part of a
2759 // directive prologue, so the bytecode emitter won't warn about it being
2760 // useless code. (We mustn't just omit the statement entirely yet, as it
2761 // could be producing the value of an eval or JSScript execution.)
2762 //
2763 // Note that even if the string isn't one we recognize as a directive,
2764 // the emitter still shouldn't flag it as useless, as it could become a
2765 // directive in the future. We don't want to interfere with people
2766 // taking advantage of directive-prologue-enabled features that appear
2767 // in other browsers first.
2771 // We're going to be in strict mode. Note that this scope explicitly
2772 // had "use strict";
2776 // Request that this function be reparsed as strict.
2780 // We don't reparse global scopes, so we keep track of the
2781 // one possible strict violation that could occur in the
2782 // directive prologue -- octal escapes -- and complain now.
2786 }
2788 }
2789 }
2794 }
2795 }
2797 }
2799 /*
2800 * Parse the statements in a block, creating a StatementList node that lists
2801 * the statements. If called from block-parsing code, the caller must match
2802 * '{' before and '}' after.
2803 */
2807 {
2819 TokenKind tt;
2824 }
2832 }
2837 }
2840 }
2842 /*
2843 * Handle the case where there was a let declaration under this block. If
2844 * it replaced pc->blockNode with a new block node then we must refresh pn
2845 * and then restore pc->blockNode.
2846 */
2851 }
2856 {
2863 /* Check for (a = b) and warn about possible (a == b) mistype. */
2866 {
2868 }
2870 }
2873 bool
2875 {
2876 TokenKind tt;
2889 }
2891 }
2894 bool
2895 Parser<ParseHandler>::reportRedeclaration(Node pn, Definition::Kind redeclKind, HandlePropertyName name)
2896 {
2897 JSAutoByteString printable;
2910 }
2911 }
2913 }
2915 /*
2916 * Define a lexical binding in a block, let-expression, or comprehension scope. pc
2917 * must already be in such a scope.
2918 *
2919 * Throw a SyntaxError if 'atom' is an invalid name. Otherwise create a
2920 * property for the new variable on the block object, pc->staticScope;
2921 * populate data->pn->pn_{op,cookie,defn,dflags}; and stash a pointer to
2922 * data->pn in a slot of the block object.
2923 */
2928 {
2943 }
2945 // If we don't have a block object, we are parsing a body-level let,
2946 // in which case we use a bogus index. See comment block below in
2947 // setting the pn_cookie for explanation on how it gets adjusted.
2949 }
2951 // For block-level lets, assign block-local index to pn->pn_cookie right
2952 // away, encoding it as an upvar cookie whose skip tells the current
2953 // static level. The emitter will adjust the node's slot based on its
2954 // stack depth model -- and, for global and eval code,
2955 // js::frontend::CompileScript will adjust the slot again to include
2956 // script->nfixed and body-level lets.
2957 //
2958 // For body-level lets, the index is bogus at this point and is adjusted
2959 // when creating Bindings. See ParseContext::generateFunctionBindings and
2960 // AppendPackedBindings.
2967 /*
2968 * For bindings that are hoisted to the beginning of the block/function,
2969 * define() right now. Otherwise, delay define until PushLetScope.
2970 */
2976 }
2985 // The only way to be redeclared without a previous definition is if we're in a
2986 // comma separated list in a DontHoistVars block, so a let block of for header. In
2987 // that case, we must be redeclaring the same type of definition as we're trying to
2988 // make.
2991 }
2993 }
2995 /* Store pn in the static block object. */
2998 // Body-level lets are hoisted and need to have been defined via
2999 // pc->define above.
3002 }
3005 }
3011 {
3016 }
3022 {
3023 for (Shape::Range<CanGC> r(ts.context(), blockObj->lastProperty()); !r.empty(); r.popFront()) {
3026 /* Beware the destructuring dummy slots. */
3032 }
3034 }
3040 {
3043 }
3044 };
3046 // We compute the maximum block scope depth, in slots, of a compilation unit at
3047 // parse-time. Each nested statement has a field indicating the maximum block
3048 // scope depth that is nested inside it. When we leave a nested statement, we
3049 // add the number of slots in the statement to the nested depth, and use that to
3050 // update the maximum block scope depth of the outer statement or parse
3051 // context. In the end, pc->blockScopeDepth will indicate the number of slots
3052 // to reserve in the fixed part of a stack frame.
3053 //
3055 static void
3057 {
3070 }
3071 }
3074 static void
3076 {
3088 }
3090 }
3091 }
3093 /*
3094 * The function LexicalLookup searches a static binding for the given name in
3095 * the stack of statements enclosing the statement currently being parsed. Each
3096 * statement that introduces a new scope has a corresponding scope object, on
3097 * which the bindings for that scope are stored. LexicalLookup either returns
3098 * the innermost statement which has a scope object containing a binding with
3099 * the given name, or nullptr.
3100 */
3104 {
3110 /*
3111 * With-statements introduce dynamic bindings. Since dynamic bindings
3112 * can potentially override any static bindings introduced by statements
3113 * further up the stack, we have to abort the search.
3114 */
3118 // Skip statements that do not introduce a new scope
3128 }
3129 }
3134 }
3139 {
3146 }
3148 }
3154 {
3160 /* Default best op for pn is JSOP_GETNAME; we'll try to improve below. */
3173 }
3175 /*
3176 * This definition isn't being added to the parse context's
3177 * declarations, so make sure to indicate the need to deoptimize
3178 * the script's arguments object. Mark the function as if it
3179 * contained a debugger statement, which will deoptimize arguments
3180 * as much as possible.
3181 */
3186 }
3194 }
3196 /*
3197 * There was a previous declaration with the same name. The standard
3198 * disallows several forms of redeclaration. Critically,
3199 * let (x) { var x; } // error
3200 * is not allowed which allows us to turn any non-error redeclaration
3201 * into a use of the initial declaration.
3202 */
3206 JSAutoByteString bytes;
3213 }
3227 {
3228 JSAutoByteString bytes;
3238 {
3240 }
3241 }
3242 }
3246 }
3249 bool
3251 {
3263 }
3266 bool
3268 {
3269 /*
3270 * The asm.js validator does all its own symbol-table management so, as an
3271 * optimization, avoid doing any work here. Use-def links are only necessary
3272 * for emitting bytecode and successfully-validated asm.js does not emit
3273 * bytecode. (On validation failure, the asm.js module is reparsed.)
3274 */
3282 DefinitionNode dn;
3286 /*
3287 * No definition before this use in any lexical scope.
3288 * Create a placeholder definition node to either:
3289 * - Be adopted when we parse the real defining
3290 * declaration, or
3291 * - Be left as a free variable definition if we never
3292 * see the real definition.
3293 */
3297 }
3305 // See comments above StmtInfoPC and switchStatement for how
3306 // firstDominatingLexicalInCase is computed.
3310 }
3311 }
3314 }
3317 bool
3318 Parser<FullParseHandler>::bindDestructuringVar(BindData<FullParseHandler>* data, ParseNode* pn)
3319 {
3328 /*
3329 * Select the appropriate name-setting opcode, respecting eager selection
3330 * done by the data->binder function.
3331 */
3338 else
3346 }
3349 bool
3350 Parser<FullParseHandler>::checkDestructuring(BindData<FullParseHandler>* data, ParseNode* left);
3353 bool
3356 {
3366 }
3375 }
3379 }
3382 }
3385 }
3388 bool
3391 {
3403 }
3406 // The RestElement should not support nested patterns.
3410 }
3411 }
3421 }
3425 }
3426 }
3429 }
3432 }
3434 /*
3435 * Destructuring patterns can appear in two kinds of contexts:
3436 *
3437 * - assignment-like: assignment expressions and |for| loop heads. In
3438 * these cases, the patterns' property value positions can be
3439 * arbitrary lvalue expressions; the destructuring is just a fancy
3440 * assignment.
3441 *
3442 * - binding-like: |var| and |let| declarations, functions' formal
3443 * parameter lists, |catch| clauses, and comprehension tails. In
3444 * these cases, the patterns' property value positions must be
3445 * simple names; the destructuring defines them as new variables.
3446 *
3447 * In both cases, other code parses the pattern as an arbitrary
3448 * primaryExpr, and then, here in checkDestructuring, verify that the
3449 * tree is a valid AssignmentPattern or BindingPattern.
3450 *
3451 * In assignment-like contexts, we parse the pattern with
3452 * pc->inDeclDestructuring clear, so the lvalue expressions in the
3453 * pattern are parsed normally. primaryExpr links variable references
3454 * into the appropriate use chains; creates placeholder definitions;
3455 * and so on. checkDestructuring is called with |data| nullptr (since
3456 * we won't be binding any new names), and we specialize lvalues as
3457 * appropriate.
3458 *
3459 * In declaration-like contexts, the normal variable reference
3460 * processing would just be an obstruction, because we're going to
3461 * define the names that appear in the property value positions as new
3462 * variables anyway. In this case, we parse the pattern with
3463 * pc->inDeclDestructuring set, which directs primaryExpr to leave
3464 * whatever name nodes it creates unconnected. Then, here in
3465 * checkDestructuring, we require the pattern's property value
3466 * positions to be simple names, and define them as appropriate to the
3467 * context. For these calls, |data| points to the right sort of
3468 * BindData.
3469 */
3471 bool
3472 Parser<FullParseHandler>::checkDestructuring(BindData<FullParseHandler>* data, ParseNode* left)
3473 {
3477 }
3482 }
3485 bool
3487 {
3489 }
3494 {
3505 }
3509 Parser<ParseHandler>::destructuringExprWithoutYield(BindData<ParseHandler>* data, TokenKind tt,
3511 {
3518 }
3520 }
3525 {
3545 }
3550 {
3556 }
3558 struct AddLetDecl
3559 {
3566 {
3571 }
3572 };
3575 ParseNode*
3577 {
3585 /* Populate the new scope with decls found in the head with updated blockid. */
3590 }
3595 {
3598 }
3600 /*
3601 * Parse a let block statement or let expression (determined by 'letContext').
3602 * In both cases, bindings are not hoisted to the top of the enclosing block
3603 * and thus must be carefully injected between variables() and the let body.
3604 */
3608 {
3641 /*
3642 * Strict mode eliminates a grammar ambiguity with unparenthesized
3643 * LetExpressions in an ExpressionStatement. If followed immediately
3644 * by an arguments list, it's ambiguous whether the let expression
3645 * is the callee or the call is inside the let expression body.
3646 *
3647 * function id(x) { return x; }
3648 * var x = "outer";
3649 * // Does this parse as
3650 * // (let (loc = "inner") id)(loc) // "outer"
3651 * // or as
3652 * // let (loc = "inner") (id(loc)) // "inner"
3653 * let (loc = "inner") id(loc);
3654 *
3655 * See bug 569464.
3656 */
3658 JSMSG_STRICT_CODE_LET_EXPR_STMT))
3659 {
3661 }
3663 /*
3664 * If this is really an expression in let statement guise, then we
3665 * need to wrap the PNK_LET node in a PNK_SEMI node so that we pop
3666 * the return value of the expression.
3667 */
3670 }
3671 }
3673 Node expr;
3692 }
3702 }
3704 }
3707 static bool
3710 {
3713 }
3718 {
3732 }
3736 Parser<ParseHandler>::newBindingNode(PropertyName* name, bool functionScope, VarContext varContext)
3737 {
3738 /*
3739 * If this name is being injected into an existing block/function, see if
3740 * it has already been declared or if it resolves an outstanding lexdep.
3741 * Otherwise, this is a let block/expr that introduces a new scope and thus
3742 * shadows existing decls and doesn't resolve existing lexdeps. Duplicate
3743 * names are caught by bindLet.
3744 */
3756 }
3757 }
3758 }
3760 /* Make a new node for this declarator name (or destructuring pattern). */
3762 }
3764 /*
3765 * The 'blockObj' parameter is non-null when parsing the 'vars' in a let
3766 * expression, block statement, non-top-level let declaration in statement
3767 * context, and the let-initializer of a for-statement.
3768 */
3773 {
3774 /*
3775 * The four options here are:
3776 * - PNK_VAR: We're parsing var declarations.
3777 * - PNK_CONST: We're parsing const declarations.
3778 * - PNK_GLOBALCONST: We're parsing const declarations at toplevel (see bug 589119).
3779 * - PNK_LET: We are parsing a let declaration.
3780 */
3781 MOZ_ASSERT(kind == PNK_VAR || kind == PNK_CONST || kind == PNK_LET || kind == PNK_GLOBALCONST);
3783 /*
3784 * The simple flag is set if the declaration has the form 'var x', with
3785 * only one variable declared and no initializer expression.
3786 */
3799 /*
3800 * SpiderMonkey const is really "write once per initialization evaluation"
3801 * var, whereas let is block scoped. ES-Harmony wants block-scoped const so
3802 * this code will change soon.
3803 */
3810 }
3813 Node pn2;
3820 TokenKind tt;
3839 }
3841 // See comment below for bindBeforeInitializer in the code that
3842 // handles the non-destructuring case.
3844 parsingForInOrOfInit;
3852 }
3868 }
3877 }
3878 }
3897 // In ES6, lexical bindings may not be accessed until
3898 // initialized. So a declaration of the form |let x = x| results
3899 // in a ReferenceError, as the 'x' on the RHS is accessing the let
3900 // binding before it is initialized.
3901 //
3902 // If we are not parsing a let declaration, bind the name
3903 // now. Otherwise we must wait until after parsing the initializing
3904 // assignment.
3922 }
3926 }
3934 }
3937 }
3940 ParseNode*
3942 {
3948 /*
3949 * This is a let declaration. We must be directly under a block per the
3950 * proposed ES4 specs, but not an implicit block created due to
3951 * 'for (let ...)'. If we pass this error test, make the enclosing
3952 * StmtInfoPC be our scope. Further let declarations in this block will
3953 * find this scope statement and use the same block object.
3954 *
3955 * If we are the first let declaration in this block (i.e., when the
3956 * enclosing maybe-scope StmtInfoPC isn't yet a scope statement) then
3957 * we also need to set pc->blockNode to be our PNK_LEXICALSCOPE.
3958 */
3964 }
3970 /*
3971 * When bug 589199 is fixed, let variables will be stored in
3972 * the slots of a new scope chain object, encountered just
3973 * before the global object in the overall chain. This extra
3974 * object is present in the scope chain for all code in that
3975 * global, including self-hosted code. But self-hosted code
3976 * must be usable against *any* global object, including ones
3977 * with other let variables -- variables possibly placed in
3978 * conflicting slots. Forbid top-level let declarations to
3979 * prevent such conflicts from ever occurring.
3980 */
3986 }
3988 /*
3989 * Parse body-level lets without a new block object. ES6 specs
3990 * that an execution environment's initial lexical environment
3991 * is the VariableEnvironment, i.e., body-level lets are in
3992 * the same environment record as vars.
3993 *
3994 * However, they cannot be parsed exactly as vars, as ES6
3995 * requires that uninitialized lets throw ReferenceError on use.
3996 *
3997 * See 8.1.1.1.6 and the note in 13.2.1.
3998 *
3999 * FIXME global-level lets are still considered vars until
4000 * other bugs are fixed.
4001 */
4012 }
4014 /*
4015 * Some obvious assertions here, but they may help clarify the
4016 * situation. This stmt is not yet a scope, so it must not be a
4017 * catch block (catch is a lexical scope by definition).
4018 */
4027 /* Convert the block statement into a scope statement. */
4036 /*
4037 * Insert stmt on the pc->topScopeStmt/stmtInfo.downScope linked
4038 * list stack, if it isn't already there. If it is there, but it
4039 * lacks the SIF_SCOPE flag, it must be a try, catch, or finally
4040 * block.
4041 */
4050 #ifdef DEBUG
4053 #endif
4055 /* Create a new lexical scope node for these statements. */
4065 }
4075 }
4080 {
4083 }
4086 ParseNode*
4088 {
4091 /* Check for a let statement or let expression. */
4093 TokenKind tt;
4101 }
4103 }
4108 {
4111 }
4116 {
4122 }
4125 TokenKind tt;
4135 // Handle the form |import a from 'b'|, by adding a single import
4136 // specifier to the list, with 'default' as the import name and
4137 // 'a' as the binding name. This is equivalent to
4138 // |import { default as a } from 'b'|.
4154 // Handle the forms |import {} from 'a'| and
4155 // |import { ..., } from 'a'| (where ... is non empty), by
4156 // escaping the loop early if the next token is }.
4162 // If the next token is a keyword, the previous call to
4163 // peekToken matched it as a TOK_NAME, and put it in the
4164 // lookahead buffer, so this call will match keywords as well.
4178 }
4180 // Keywords cannot be bound to themselves, so an import name
4181 // that is a keyword is a syntax error if it is not followed
4182 // by the keyword 'as'.
4184 JSAutoByteString bytes;
4189 }
4191 }
4207 }
4210 }
4217 }
4224 }
4226 // Handle the form |import 'a'| by leaving the list empty. This is
4227 // equivalent to |import {} from 'a'|.
4229 }
4240 }
4245 {
4248 }
4253 {
4259 }
4263 Node kid;
4264 TokenKind tt;
4276 // Handle the forms |export {}| and |export { ..., }| (where ...
4277 // is non empty), by escaping the loop early if the next token
4278 // is }.
4297 }
4300 }
4316 }
4320 // Handle the form |export *| by adding a special export batch
4321 // specifier to the list.
4327 }
4343 }
4368 // Handle the form |export a| in the same way as |export let a|, by
4369 // acting as if we've just seen the let keyword. Simply unget the token
4370 // and fall through.
4382 }
4385 }
4390 {
4393 }
4398 {
4406 }
4411 {
4414 /* An IF node has three kids: condition, then, and optional else. */
4419 TokenKind tt;
4425 }
4433 Node elseBranch;
4444 }
4448 }
4453 {
4466 // The semicolon after do-while is even more optional than most
4467 // semicolons in JS. Web compat required this by 2004:
4468 // http://bugzilla.mozilla.org/show_bug.cgi?id=238945
4469 // ES3 and ES5 disagreed, but ES6 conforms to Web reality:
4470 // https://bugs.ecmascript.org/show_bug.cgi?id=157
4475 }
4480 {
4492 }
4495 bool
4497 {
4498 TokenKind tt;
4506 }
4509 bool
4512 ParseNodeKind headKind)
4513 {
4520 // In JS 1.7 only, for (var [K, V] in EXPR) has a special meaning.
4521 // Hence all other destructuring decls are banned there.
4531 }
4533 }
4544 // In JS 1.7 only, for ([K, V] in EXPR) has a special meaning.
4545 // Hence all other destructuring left-hand sides are banned there.
4552 }
4553 }
4556 bool
4558 {
4566 // PNK_ASSIGN nodes (destructuring assignment) are always assignments.
4567 }
4569 }
4572 ParseNode*
4574 {
4595 }
4596 }
4597 }
4601 /*
4602 * True if we have 'for (var/let/const ...)', except in the oddball case
4603 * where 'let' begins a let-expression in 'for (let (...) ...)'.
4604 */
4607 /* Non-null when isForDecl is true for a 'for (let ...)' statement. */
4610 /* Set to 'x' in 'for (x ;... ;...)' or 'for (x in ...)'. */
4613 {
4614 TokenKind tt;
4620 /*
4621 * Set pn1 to a var list or an initializing expression.
4622 *
4623 * Set the parsingForInit flag during parsing of the first clause
4624 * of the for statement. This flag will be used by the RelExpr
4625 * production; if it is set, then the 'in' keyword will not be
4626 * recognized as an operator, leaving it available to be parsed as
4627 * part of a for/in loop.
4628 *
4629 * A side effect of this restriction is that (unparenthesized)
4630 * expressions involving an 'in' operator are illegal in the init
4631 * clause of an ordinary for loop.
4632 */
4652 DontHoistVars);
4653 }
4656 }
4660 }
4661 }
4666 // The form 'for (let <vars>; <expr2>; <expr3>) <stmt>' generates an
4667 // implicit block even if stmt is not a BlockStatement.
4668 // If the loop has that exact form, then:
4669 // - forLetImpliedBlock is the node for the implicit block scope.
4670 // - forLetDecl is the node for the decl 'let <vars>'.
4671 // Otherwise both are null.
4675 // If non-null, the node for the decl 'var v = expr1' in the weirdo form
4676 // 'for (var v = expr1 in expr2) stmt'.
4679 /*
4680 * We can be sure that it's a for/in loop if there's still an 'in'
4681 * keyword here, even if JavaScript recognizes 'in' as an operator,
4682 * as we've excluded 'in' from being parsed in RelExpr by setting
4683 * pc->parsingForInit.
4684 */
4696 }
4699 /*
4700 * Parse the rest of the for/in or for/of head.
4701 *
4702 * Here pn1 is everything to the left of 'in' or 'of'. At the end of
4703 * this block, pn1 is a decl or nullptr, pn2 is the assignment target
4704 * that receives the enumeration value each iteration, and pn3 is the
4705 * rhs of 'in'.
4706 */
4713 }
4717 }
4719 /* Check that the left side of the 'in' or 'of' is valid. */
4723 }
4725 /*
4726 * After the following if-else, pn2 will point to the name or
4727 * destructuring pattern on in's left. pn1 will point to the decl, if
4728 * any, else nullptr. Note that the "declaration with initializer" case
4729 * rewrites the loop-head, moving the decl and setting pn1 to nullptr.
4730 */
4734 /*
4735 * Declaration with initializer.
4736 *
4737 * Rewrite 'for (<decl> x = i in o)' where <decl> is 'var' or
4738 * 'const' to hoist the initializer or the entire decl out of
4739 * the loop head.
4740 */
4744 }
4748 }
4752 /*
4753 * All of 'var x = i' is hoisted above 'for (x in o)'.
4754 *
4755 * Request JSOP_POP here since the var is for a simple
4756 * name (it is not a destructuring binding's left-hand
4757 * side) and it has an initializer.
4758 */
4766 }
4767 }
4769 /* Not a declaration. */
4776 }
4783 /*
4784 * Now that the pn3 has been parsed, push the let scope. To hold
4785 * the blockObj for the emitter, wrap the PNK_LEXICALSCOPE node
4786 * created by PushLetScope around the for's initializer. This also
4787 * serves to indicate the let-decl to the emitter.
4788 */
4796 }
4799 /*
4800 * pn2 is part of a declaration. Make a copy that can be passed to
4801 * EmitAssignment. Take care to do this after PushLetScope.
4802 */
4806 }
4810 /* Beware 'for (arguments in ...)' with or without a 'var'. */
4820 /*
4821 * Destructuring for-in requires [key, value] enumeration
4822 * in JS1.7.
4823 */
4827 }
4828 }
4832 }
4837 }
4842 /*
4843 * Desugar 'for (let A; B; C) D' into 'let (A) { for (; B; C) D }'
4844 * to induce the correct scoping for A. Ensure here that the previously
4845 * unchecked assignment mandate for const declarations holds.
4846 */
4850 }
4859 }
4861 /* Parse the loop condition or null into pn2. */
4863 TokenKind tt;
4872 }
4874 /* Parse the update expression or null into pn3. */
4884 }
4885 }
4894 /* Parse the loop body. */
4914 }
4923 }
4925 }
4930 {
4931 /*
4932 * 'for' statement parsing is fantastically complicated and requires being
4933 * able to inspect the parse tree for previous parts of the 'for'. Syntax
4934 * parsing of 'for' statements is thus done separately, and only handles
4935 * the types of 'for' statements likely to be seen in web content.
4936 */
4942 /* Don't parse 'for each' loops. */
4944 TokenKind tt;
4947 // Not all "yield" tokens are names, but the ones that aren't names are
4948 // invalid in this context anyway.
4952 }
4953 }
4957 /* True if we have 'for (var ...)'. */
4961 /* Set to 'x' in 'for (x ;... ;...)' or 'for (x in ...)'. */
4962 Node lhsNode;
4964 {
4965 TokenKind tt;
4971 /* Set lhsNode to a var list or an initializing expression. */
4977 }
4981 }
4984 }
4988 }
4989 }
4991 /*
4992 * We can be sure that it's a for/in loop if there's still an 'in'
4993 * keyword here, even if JavaScript recognizes 'in' as an operator,
4994 * as we've excluded 'in' from being parsed in RelExpr by setting
4995 * pc->parsingForInit.
4996 */
5001 }
5003 /* Parse the rest of the for/in or for/of head. */
5006 /* Check that the left side of the 'in' or 'of' is valid. */
5011 {
5014 }
5019 }
5027 /* Parse the loop condition or null. */
5029 TokenKind tt;
5035 }
5037 /* Parse the update expression or null. */
5044 }
5045 }
5049 /* Parse the loop body. */
5055 }
5060 {
5087 TokenKind tt;
5095 Node caseExpr;
5101 }
5115 }
5132 }
5134 // In ES6, lexical bindings canot be accessed until initialized. If
5135 // there was a 'let' declaration in the case we just parsed, remember
5136 // the slot starting at which new lexical bindings will be
5137 // assigned. Since lexical bindings from previous cases will not
5138 // dominate uses in the current case, any such uses will require a
5139 // dead zone check.
5140 //
5141 // Currently this is overly conservative; we could do better, but
5142 // declaring lexical bindings within switch cases without introducing
5143 // a new block is poor form and should be avoided.
5151 }
5153 /*
5154 * Handle the case where there was a let declaration in any case in
5155 * the switch body, but not within an inner block. If it replaced
5156 * pc->blockNode with a new block node then we must refresh caseList and
5157 * then restore pc->blockNode.
5158 */
5168 }
5173 {
5187 }
5193 }
5195 }
5198 }
5199 }
5205 }
5208 }
5209 }
5215 }
5220 {
5233 }
5236 }
5242 }
5245 }
5246 }
5252 }
5257 {
5264 }
5266 // Parse an optional operand.
5267 //
5268 // This is ugly, but we don't want to require a semicolon.
5269 Node exprNode;
5270 TokenKind tt;
5286 }
5287 }
5301 }
5308 /* Disallow "return v;" in legacy generators. */
5310 JSMSG_BAD_ANON_GENERATOR_RETURN);
5312 }
5315 }
5321 {
5330 }
5335 {
5341 {
5346 Node exprNode;
5348 TokenKind tt;
5352 // TOK_EOL is special; it implements the [no LineTerminator here]
5353 // quirk in the grammar.
5355 // The rest of these make up the complete set of tokens that can
5356 // appear after any of the places where AssignmentExpression is used
5357 // throughout the grammar. Conveniently, none of them can also be the
5358 // start an expression.
5366 // No value.
5372 // Fall through.
5377 }
5379 }
5382 // We are in code that has not seen a yield, but we are in JS 1.7 or
5383 // later. Try to transition to being a legacy generator.
5393 }
5399 /* As in Python (see PEP-255), disallow return v; in generators. */
5401 JSMSG_BAD_ANON_GENERATOR_RETURN);
5403 }
5404 // Fall through.
5407 {
5408 // We are in a legacy generator: a function that has already seen a
5409 // yield, or in a legacy generator comprehension.
5414 // Legacy generators do not require a value.
5415 Node exprNode;
5416 TokenKind tt;
5428 // No value.
5435 }
5438 }
5439 }
5442 }
5445 ParseNode*
5447 {
5448 // test262/ch12/12.10/12.10-0-1.js fails if we try to parse with-statements
5449 // in syntax-parse mode. See bug 892583.
5454 }
5459 // In most cases, we want the constructs forbidden in strict mode code to be
5460 // a subset of those that JSOPTION_EXTRA_WARNINGS warns about, and we should
5461 // use reportStrictModeError. However, 'with' is the sole instance of a
5462 // construct that is forbidden in strict mode code, but doesn't even merit a
5463 // warning under JSOPTION_EXTRA_WARNINGS. See
5464 // https://bugzilla.mozilla.org/show_bug.cgi?id=514576#c1.
5494 /*
5495 * Make sure to deoptimize lexical dependencies inside the |with|
5496 * to safely optimize binding globals (see bug 561923).
5497 */
5503 }
5509 }
5514 {
5517 }
5522 {
5529 }
5530 }
5534 /* Push a label struct and parse the statement. */
5542 /* Pop the label, set pn_expr, and return early. */
5546 }
5551 {
5555 /* ECMA-262 Edition 3 says 'throw [no LineTerminator here] Expr'. */
5556 TokenKind tt;
5562 }
5566 }
5576 }
5581 {
5585 /*
5586 * try nodes are ternary.
5587 * kid1 is the try statement
5588 * kid2 is the catch node list or null
5589 * kid3 is the finally statement
5590 *
5591 * catch nodes are ternary.
5592 * kid1 is the lvalue (TOK_NAME, TOK_LB, or TOK_LC)
5593 * kid2 is the catch guard or null if no guard
5594 * kid3 is the catch block
5595 *
5596 * catch lvalue nodes are either:
5597 * TOK_NAME for a single identifier
5598 * TOK_RB or TOK_RC for a destructuring left-hand side
5599 *
5600 * finally nodes are TOK_LC statement lists.
5601 */
5615 TokenKind tt;
5624 Node pnblock;
5627 /* Check for another catch after unconditional catch. */
5631 }
5633 /*
5634 * Create a lexical scope node around the whole catch clause,
5635 * including the head.
5636 */
5642 /*
5643 * Legal catch forms are:
5644 * catch (lhs)
5645 * catch (lhs if <boolean_expression>)
5646 * where lhs is a name or a destructuring left-hand side.
5647 * (the latter is legal only #ifdef JS_HAS_CATCH_GUARD)
5648 */
5651 /*
5652 * Contrary to ECMA Ed. 3, the catch variable is lexically
5653 * scoped, not a property of a new Object instance. This is
5654 * an intentional change that anticipates ECMA Ed. 4.
5655 */
5657 JSMSG_TOO_MANY_CATCH_VARS);
5662 Node catchName;
5674 // Fall through.
5676 {
5685 }
5690 }
5693 #if JS_HAS_CATCH_GUARD
5694 /*
5695 * We use 'catch (x if x === 5)' (not 'catch (x : x === 5)')
5696 * to avoid conflicting with the JS2/ECMAv4 type annotation
5697 * catchguard syntax.
5698 */
5706 }
5707 #endif
5728 }
5743 }
5747 }
5750 }
5755 {
5756 TokenPos p;
5766 }
5771 {
5776 TokenKind tt;
5793 // Tell js_EmitTree to generate a final POP.
5799 }
5836 /* TOK_CATCH and TOK_FINALLY are both handled in the TOK_TRY case */
5851 }
5855 TokenKind next;
5865 }
5867 }
5870 TokenKind next;
5876 }
5880 }
5881 }
5886 {
5902 }
5913 }
5915 }
5917 }
5920 JSOP_OR,
5921 JSOP_AND,
5922 JSOP_BITOR,
5923 JSOP_BITXOR,
5924 JSOP_BITAND,
5925 JSOP_STRICTEQ,
5926 JSOP_EQ,
5927 JSOP_STRICTNE,
5928 JSOP_NE,
5929 JSOP_LT,
5930 JSOP_LE,
5931 JSOP_GT,
5932 JSOP_GE,
5933 JSOP_INSTANCEOF,
5934 JSOP_IN,
5935 JSOP_LSH,
5936 JSOP_RSH,
5937 JSOP_URSH,
5938 JSOP_ADD,
5939 JSOP_SUB,
5940 JSOP_MUL,
5941 JSOP_DIV,
5942 JSOP_MOD
5943 };
5947 {
5951 }
5953 static bool
5955 {
5957 }
5959 static ParseNodeKind
5961 {
5964 }
5990 };
5994 static int
5996 // Everything binds tighter than PNK_LIMIT, because we want to reduce all
5997 // nodes to a single node when we reach a token that is not another binary
5998 // operator.
6005 }
6010 {
6011 // Shift-reduce parser for the left-associative binary operator part of
6012 // the JS syntax.
6014 // Conceptually there's just one stack, a stack of pairs (lhs, op).
6015 // It's implemented using two separate arrays, though.
6023 Node pn;
6029 // If a binary operator follows, consume it and compute the
6030 // corresponding operator.
6031 TokenKind tok;
6034 ParseNodeKind pnk;
6040 }
6042 // If pnk has precedence less than or equal to another operator on the
6043 // stack, reduce. This combines nodes on the stack until we form the
6044 // actual lhs of pnk.
6045 //
6046 // The >= in this condition works because all the operators in question
6047 // are left-associative; if any were not, the case where two operators
6048 // have equal precedence would need to be handled specially, and the
6049 // stack would need to be a Vector.
6051 depth--;
6057 }
6064 depth++;
6066 }
6071 }
6076 {
6081 /*
6082 * Always accept the 'in' operator in the middle clause of a ternary,
6083 * where it's unambiguous, even if we might be parsing the init of a
6084 * for statement.
6085 */
6099 // Advance to the next token; the caller is responsible for interpreting it.
6100 TokenKind ignored;
6104 }
6107 bool
6109 {
6115 /*
6116 * We may be called on a name node that has already been
6117 * specialized, in the very weird "for (var [x] = i in o) ..."
6118 * case. See bug 558633.
6119 */
6124 }
6137 }
6146 }
6153 JSMSG_BAD_LEFTSIDE_OF_ASS;
6156 }
6158 }
6161 bool
6163 {
6164 /* Full syntax checking of valid assignment LHS terms requires a parse tree. */
6168 {
6170 }
6172 }
6177 {
6180 // It's very common at this point to have a "detectably simple" expression,
6181 // i.e. a name/number/string token followed by one of the following tokens
6182 // that obviously isn't part of an expression: , ; : ) ] }
6183 //
6184 // (In Parsemark this happens 81.4% of the time; in code with large
6185 // numeric arrays, such as some Kraken benchmarks, it happens more often.)
6186 //
6187 // In such cases, we can avoid the full expression parsing route through
6188 // assignExpr(), condExpr1(), orExpr1(), unaryExpr(), memberExpr(), and
6189 // primaryExpr().
6191 TokenKind tt;
6202 }
6209 }
6216 }
6223 // Save the tokenizer state in case we find an arrow function and have to
6224 // rewind.
6232 ParseNodeKind kind;
6233 JSOp op;
6253 TokenKind ignored;
6258 }
6264 }
6275 }
6280 bool
6281 Parser<FullParseHandler>::checkAndMarkAsIncOperand(ParseNode* kid, TokenKind tt, bool preorder)
6282 {
6283 // Check.
6293 {
6296 }
6301 // Mark.
6307 }
6309 }
6312 bool
6314 {
6315 // To the extent of what we support in syntax-parse mode, the rules for
6316 // inc/dec operands are the same as for assignment. There are differences,
6317 // such as destructuring; but if we hit any of those cases, we'll abort and
6318 // reparse in full mode.
6320 }
6325 {
6330 }
6335 {
6340 TokenKind tt;
6360 {
6361 TokenKind tt2;
6370 JSOP_NOP,
6371 begin,
6372 pn2);
6373 }
6380 // Per spec, deleting any unary expression is valid -- it simply
6381 // returns true -- except for one case that is illegal in strict mode.
6386 }
6389 }
6396 /* Don't look across a newline boundary for a postfix incop. */
6404 JSOP_NOP,
6405 begin,
6406 pn);
6407 }
6409 }
6410 }
6412 /*
6413 * A dedicated helper for transplanting the legacy comprehension expression E in
6414 *
6415 * [E for (V in I)] // legacy array comprehension
6416 * (E for (V in I)) // legacy generator expression
6417 *
6418 * from its initial location in the AST, on the left of the 'for', to its final
6419 * position on the right. To avoid a separate pass we do this by adjusting the
6420 * blockids and name binding links that were established when E was parsed.
6421 *
6422 * A legacy generator expression desugars like so:
6423 *
6424 * (E for (V in I)) => (function () { for (var V in I) yield E; })()
6425 *
6426 * so the transplanter must adjust static level as well as blockid. E's source
6427 * coordinates in root->pn_pos are critical to deciding which binding links to
6428 * preserve and which to cut.
6429 *
6430 * NB: This is not a general tree transplanter -- it knows in particular that
6431 * the one or more bindings induced by V have not yet been created.
6432 */
6433 class LegacyCompExprTransplanter
6434 {
6438 GeneratorKind comprehensionKind;
6448 {}
6452 }
6455 };
6457 /*
6458 * Any definitions nested within the legacy comprehension expression of a
6459 * generator expression must move "down" one static level, which of course
6460 * increases the upvar-frame-skip count.
6461 */
6463 static bool
6465 {
6472 }
6475 static bool
6477 {
6482 }
6487 }
6489 bool
6491 {
6504 }
6508 }
6523 /* Binary TOK_COLON nodes can have left == right. See bug 492714. */
6527 }
6549 /*
6550 * Adjust the definition's block id only if it is a placeholder not
6551 * to the left of the root node, and if pn is the last use visited
6552 * in the legacy comprehension expression (to avoid adjusting the
6553 * blockid multiple times).
6554 *
6555 * Non-placeholder definitions within the legacy comprehension
6556 * expression will be visited further below.
6557 */
6563 }
6566 #ifdef DEBUG
6569 #endif
6579 }
6581 /*
6582 * The variable originally appeared to be a use of a
6583 * definition or placeholder outside the generator, but now
6584 * we know it is scoped within the legacy comprehension
6585 * tail's clauses. Make it (along with any other uses within
6586 * the generator) a use of a new placeholder in the
6587 * generator's lexdeps.
6588 */
6595 /*
6596 * Change all uses of |dn| that lie within the generator's
6597 * |yield| expression into uses of dn2.
6598 */
6605 }
6615 /*
6616 * The variable first occurs free in the 'yield' expression;
6617 * move the existing placeholder node (and all its uses)
6618 * from the parent's lexdeps into the generator's lexdeps.
6619 */
6625 /*
6626 * Implicit 'arguments' Definition nodes (see
6627 * PND_IMPLICITARGUMENTS in Parser::functionBody) are only
6628 * reachable via the lexdefs of their uses. Unfortunately,
6629 * there may be multiple uses, so we need to maintain a set
6630 * to only bump the definition once.
6631 */
6639 }
6640 }
6641 }
6642 }
6647 }
6651 /* Nothing. */
6653 }
6655 }
6657 // Parsing legacy (JS1.7-style) comprehensions is terrible: we parse the head
6658 // expression as if it's part of a comma expression, then when we see the "for"
6659 // we transplant the parsed expression into the inside of a constructed
6660 // for-of/for-in/for-each tail. Transplanting an already-parsed expression is
6661 // tricky, but the LegacyCompExprTransplanter handles most of that.
6662 //
6663 // The one remaining thing to patch up is the block scope depth. We need to
6664 // compute the maximum block scope depth of a function, so we know how much
6665 // space to reserve in the fixed part of a stack frame. Normally this is done
6666 // whenever we leave a statement, via AccumulateBlockScopeDepth. However if the
6667 // head has a let expression, we need to re-assign that depth to the tail of the
6668 // comprehension.
6669 //
6670 // Thing is, we don't actually know what that depth is, because the only
6671 // information we keep is the maximum nested depth within a statement, so we
6672 // just conservatively propagate the maximum nested depth from the top statement
6673 // to the comprehension tail.
6674 //
6676 static unsigned
6678 {
6680 }
6682 /*
6683 * Starting from a |for| keyword after the first array initialiser element or
6684 * an expression in an open parenthesis, parse the tail of the comprehension
6685 * or generator expression signified by this |for| keyword in context.
6686 *
6687 * Return null on failure, else return the top-most parse node for the array
6688 * comprehension or generator expression, with a unary node as the body of the
6689 * (possibly nested) for-loop, initialized by |kind, op, kid|.
6690 */
6692 ParseNode*
6694 GeneratorKind comprehensionKind,
6697 {
6698 /*
6699 * If we saw any inner functions while processing the generator expression
6700 * then they may have upvars referring to the let vars in this generator
6701 * which were not correctly processed. Bail out and start over without
6702 * allowing lazy parsing.
6703 */
6708 }
6714 TokenKind tt;
6722 /*
6723 * Generator expression desugars to an immediately applied lambda that
6724 * yields the next value from a for-in loop (possibly nested, and with
6725 * optional if guard). Make pn be the TOK_LC body node.
6726 */
6732 /*
6733 * Make a parse-node and literal object representing the block scope of
6734 * this array comprehension. Our caller in primaryExpr, the TOK_LB case
6735 * aka the array initialiser case, has passed the blockid to claim for
6736 * the comprehension's block scope. We allocate that id or one above it
6737 * here, by calling PushLexicalScope.
6738 *
6739 * In the case of a comprehension expression that has nested blocks
6740 * (e.g., let expressions), we will allocate a higher blockid but then
6741 * slide all blocks "to the right" to make room for the comprehension's
6742 * block scope.
6743 */
6755 }
6770 JSMSG_ARRAY_INIT_TOO_BIG);
6773 /*
6774 * FOR node is binary, left is loop control and right is body. Use
6775 * index to count each block-local let-variable on the left-hand side
6776 * of the in/of.
6777 */
6794 }
6795 }
6796 }
6817 /*
6818 * Create a name node with pn_op JSOP_GETNAME. We can't set pn_op to
6819 * JSOP_GETLOCAL here, because we don't yet know the block's depth
6820 * in the operand stack frame. The code generator computes that,
6821 * and it tries to bind all names to slots, so we must let it do
6822 * the deed.
6823 */
6832 }
6840 }
6847 }
6850 }
6861 }
6872 {
6873 /* Destructuring requires [key, value] enumeration in JS1.7. */
6877 }
6883 }
6893 }
6895 /*
6896 * Synthesize a declaration. Every definition must appear in the parse
6897 * tree in order for ComprehensionTranslator to work.
6898 *
6899 * These are lets to tell the bytecode emitter to emit initialization
6900 * code for the temporal dead zone.
6901 */
6911 /* Definitions can't be passed directly to EmitAssignment as lhs. */
6927 }
6941 }
6958 }
6968 }
6974 GeneratorKind comprehensionKind,
6977 {
6980 }
6983 ParseNode*
6985 {
6988 // Remove the single element from array's linked list, leaving us with an
6989 // empty array literal and a comprehension expression.
7006 }
7011 {
7014 }
7020 {
7031 // If we are off the main thread, the generator meta-objects have
7032 // already been created by js::StartOffThreadParseScript, so cx will not
7033 // be necessary.
7040 }
7046 // Create box for fun->object early to root it.
7059 /*
7060 * We assume conservatively that any deoptimization flags in pc->sc
7061 * come from the kid. So we propagate these flags into genfn. For code
7062 * simplicity we also do not detect if the flags were only set in the
7063 * kid and could be removed from pc->sc.
7064 */
7083 Node comp;
7094 }
7114 // Note that if we ever start syntax-parsing generators, we will also
7115 // need to propagate the closed-over variable set to the inner
7116 // lazyscript, as in finishFunctionDefinition.
7125 }
7127 #if JS_HAS_GENERATOR_EXPRS
7129 /*
7130 * Starting from a |for| keyword after an expression, parse the comprehension
7131 * tail completing this generator expression. Wrap the expression at kid in a
7132 * generator function that is immediately called to evaluate to the generator
7133 * iterator that is the value of this legacy generator expression.
7134 *
7135 * |kid| must be the expression before the |for| keyword; we return an
7136 * application of a generator function that includes the |for| loops and
7137 * |if| guards, with |kid| as the operand of a |yield| expression as the
7138 * innermost loop body.
7139 *
7140 * Note how unlike Python, we do not evaluate the expression to the right of
7141 * the first |in| in the chain of |for| heads. Instead, a generator expression
7142 * is merely sugar for a generator function expression and its application.
7143 */
7145 ParseNode*
7147 {
7150 /* Make a new node for the desugared generator function. */
7155 /*
7156 * Our result is a call expression that invokes the anonymous generator
7157 * function object.
7158 */
7166 }
7171 {
7174 }
7183 {
7190 // FIXME: Destructuring binding (bug 980828).
7197 }
7204 }
7252 }
7257 {
7268 /* Check for (a = b) and warn about possible (a == b) mistype. */
7271 {
7273 }
7280 }
7285 {
7315 }
7317 // Parse an ES6 generator or array comprehension, starting at the first 'for'.
7318 // The caller is responsible for matching the ending TOK_RP or TOK_RB.
7322 {
7335 }
7338 }
7343 {
7358 }
7363 {
7366 // We have no problem parsing generator comprehensions inside lazy
7367 // functions, but the bytecode emitter currently can't handle them that way,
7368 // because when it goes to emit the code for the inner generator function,
7369 // it expects outer functions to have non-lazy scripts.
7384 }
7389 {
7396 }
7398 }
7401 bool
7403 {
7410 }
7424 }
7433 }
7436 TokenKind tt;
7442 }
7443 }
7444 #if JS_HAS_GENERATOR_EXPRS
7453 }
7460 }
7461 TokenKind tt;
7467 }
7468 }
7469 }
7470 #endif
7480 }
7482 TokenKind tt;
7488 }
7491 }
7496 {
7499 Node lhs;
7503 /* Check for new expression first. */
7526 }
7531 }
7539 Node nextMember;
7551 }
7565 {
7569 else
7577 /* Select JSOP_EVAL and flag pc as heavyweight. */
7581 /*
7582 * In non-strict mode code, direct calls to eval can add
7583 * variables to the call object.
7584 */
7587 }
7589 /* Select JSOP_FUNAPPLY given foo.apply(...). */
7596 }
7597 }
7611 else
7613 }
7617 }
7622 }
7625 }
7627 }
7632 {
7634 }
7639 {
7649 }
7654 {
7656 }
7661 {
7663 }
7669 // Large strings are fast to parse but slow to compress. Stop compression on
7670 // them, so we don't wait for a long time for compression to finish at the
7671 // end of compilation.
7676 }
7681 {
7682 // Create the regexp even when doing a syntax parse, to check the regexp's syntax.
7697 }
7702 {
7710 TokenKind tt;
7714 /*
7715 * Mark empty arrays as non-constant, since we cannot easily
7716 * determine their type.
7717 */
7720 // ES6 array comprehension.
7731 }
7733 TokenKind tt;
7760 }
7763 /* If we didn't already match TOK_COMMA in above case. */
7770 }
7771 }
7772 }
7774 /*
7775 * At this point, (index == 0 && missingTrailingComma) implies one
7776 * element initialiser was parsed.
7777 *
7778 * A legacy array comprehension of the form:
7779 *
7780 * [i * j for (i in o) for (j in p) if (i != j)]
7781 *
7782 * translates to roughly the following let expression:
7783 *
7784 * let (array = new Array, i, j) {
7785 * for (i in o) let {
7786 * for (j in p)
7787 * if (i != j)
7788 * array.push(i * j)
7789 * }
7790 * array
7791 * }
7792 *
7793 * where array is a nameless block-local variable. The "roughly" means
7794 * that an implementation may optimize away the array.push. A legacy
7795 * array comprehension opens exactly one block scope, no matter how many
7796 * for heads it contains.
7797 *
7798 * Each let () {...} or for (let ...) ... compiles to:
7799 *
7800 * JSOP_PUSHN <N> // Push space for block-scoped locals.
7801 * (JSOP_PUSHBLOCKSCOPE <O>) // If a local is aliased, push on scope
7802 * // chain.
7803 * ...
7804 * JSOP_DEBUGLEAVEBLOCK // Invalidate any DebugScope proxies.
7805 * JSOP_POPBLOCKSCOPE? // Pop off scope chain, if needed.
7806 * JSOP_POPN <N> // Pop space for block-scoped locals.
7807 *
7808 * where <o> is a literal object representing the block scope,
7809 * with <n> properties, naming each var declared in the block.
7810 *
7811 * Each var declaration in a let-block binds a name in <o> at compile
7812 * time. A block-local var is accessed by the JSOP_GETLOCAL and
7813 * JSOP_SETLOCAL ops. These ops have an immediate operand, the local
7814 * slot's stack index from fp->spbase.
7815 *
7816 * The legacy array comprehension iteration step, array.push(i * j) in
7817 * the example above, is done by <i * j>; JSOP_ARRAYPUSH <array>, where
7818 * <array> is the index of array's stack slot.
7819 */
7826 }
7829 }
7832 }
7836 {
7837 // This is safe because doubles can not be moved.
7840 }
7845 {
7848 // Turn off the inDeclDestructuring flag when parsing computed property
7849 // names. In short, when parsing 'let {[x + y]: z} = obj;', noteNameUse()
7850 // should be called on x and y, but not on z. See the comment on
7851 // Parser<>::checkDestructuring() for details.
7865 }
7870 {
7880 TokenKind ltok;
7891 }
7896 Node propname;
7910 }
7918 }
7924 }
7931 }
7933 // We have parsed |get| or |set|. Look for an accessor property
7934 // name next.
7935 TokenKind tt;
7958 }
7971 // Not an accessor property after all.
7978 }
7982 }
7995 }
7997 }
8002 }
8005 TokenKind tt;
8013 }
8026 }
8029 // Note: this occurs *only* if we observe TOK_COLON! Only
8030 // __proto__: v mutates [[Prototype]]. Getters, setters,
8031 // method/generator definitions, computed property name
8032 // versions of all of these, and shorthands do not.
8042 }
8044 /*
8045 * Support, e.g., |var {x, y} = o| as destructuring shorthand
8046 * for |var {x: x, y: y} = o|, per proposed JS2/ES4 for JS1.8.
8047 */
8051 }
8070 }
8074 }
8076 /* NB: Getter function in { get x(){} } is unnamed. */
8080 }
8081 }
8083 TokenKind tt;
8091 }
8092 }
8096 }
8099 bool
8102 JSOp op)
8103 {
8107 else
8116 }
8121 {
8139 TokenKind next;
8145 // Not valid expression syntax, but this is valid in an arrow function
8146 // with no params: `() => body`.
8155 }
8157 // Now just return something that will allow parsing to continue.
8158 // It doesn't matter what; when we reach the =>, we will rewind and
8159 // reparse the whole arrow function. See Parser::assignExpr.
8161 }
8175 // Fall through.
8197 TokenKind next;
8199 // This isn't valid expression syntax, but it's valid in an arrow
8200 // function as a trailing rest param: `(a, b, ...rest) => body`. Check
8201 // for a name, closing parenthesis, and arrow, and allow it only if all
8202 // are present.
8209 }
8217 }
8225 }
8229 // Return an arbitrary expression node. See case TOK_RP above.
8231 }
8237 }
8238 }
8243 {
8254 /*
8255 * Always accept the 'in' operator in a parenthesized expression,
8256 * where it's unambiguous, even if we might be parsing the init of a
8257 * for statement.
8258 */
8267 #if JS_HAS_GENERATOR_EXPRS
8275 }
8280 }
8285 TokenKind tt;
8292 }
8296 }
8304 }
8306 // Legacy generator comprehensions can sometimes appear without parentheses.
8307 // For example:
8308 //
8309 // foo(x for (x in bar))
8310 //
8311 // In this case the parens are part of the call, and not part of the generator
8312 // comprehension. This can happen in these contexts:
8313 //
8314 // if (_)
8315 // while (_) {}
8316 // do {} while (_)
8317 // switch (_) {}
8318 // with (_) {}
8319 // foo(_) // must be first and only argument
8320 //
8321 // This is not the case for ES6 generator comprehensions; they must always be in
8322 // parentheses.
8327 {
8332 /*
8333 * Always accept the 'in' operator in a parenthesized expression,
8334 * where it's unambiguous, even if we might be parsing the init of a
8335 * for statement.
8336 */
8345 #if JS_HAS_GENERATOR_EXPRS
8354 }
8359 }
8364 }
8368 }
8371 void
8373 {
8384 // Only report telemetry for web content, not add-ons or chrome JS.
8395 };
8397 // Hazard analysis can't tell that the telemetry callbacks don't GC.
8400 // Call back into Firefox's Telemetry reporter.
8414 }