search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Followup for bug 335051, E4X literals should be acceptable values for sharp variables...
[mozilla-central.git] / js / src / jsparse.cpp
blob594259af8f67f14b5869e479c483c20080f4087c
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
40
41 /*
42 * JS parser.
43 *
44 * This is a recursive-descent parser for the JavaScript language specified by
45 * "The JavaScript 1.5 Language Specification". It uses lexical and semantic
46 * feedback to disambiguate non-LL(1) structures. It generates trees of nodes
47 * induced by the recursive parsing (not precise syntax trees, see jsparse.h).
48 * After tree construction, it rewrites trees to fold constants and evaluate
49 * compile-time expressions. Finally, it calls js_EmitTree (see jsemit.h) to
50 * generate bytecode.
51 *
52 * This parser attempts no error recovery.
53 */
54 #include <stdlib.h>
55 #include <string.h>
56 #include <math.h>
57 #include "jstypes.h"
58 #include "jsstdint.h"
59 #include "jsarena.h" /* Added by JSIFY */
60 #include "jsutil.h" /* Added by JSIFY */
61 #include "jsapi.h"
62 #include "jsarray.h"
63 #include "jsatom.h"
64 #include "jscntxt.h"
65 #include "jsversion.h"
66 #include "jsemit.h"
67 #include "jsfun.h"
68 #include "jsinterp.h"
69 #include "jsiter.h"
70 #include "jslock.h"
71 #include "jsnum.h"
72 #include "jsobj.h"
73 #include "jsopcode.h"
74 #include "jsparse.h"
75 #include "jsscan.h"
76 #include "jsscope.h"
77 #include "jsscript.h"
78 #include "jsstr.h"
79 #include "jsstaticcheck.h"
80 #include "jslibmath.h"
81 #include "jsvector.h"
82
83 #if JS_HAS_XML_SUPPORT
84 #include "jsxml.h"
85 #endif
86
87 #if JS_HAS_DESTRUCTURING
88 #include "jsdhash.h"
89 #endif
90
91 using namespace js;
92
93 /*
94 * Asserts to verify assumptions behind pn_ macros.
95 */
96 #define pn_offsetof(m) offsetof(JSParseNode, m)
97
98 JS_STATIC_ASSERT(pn_offsetof(pn_link) == pn_offsetof(dn_uses));
99 JS_STATIC_ASSERT(pn_offsetof(pn_u.name.atom) == pn_offsetof(pn_u.apair.atom));
100
101 #undef pn_offsetof
102
103 /*
104 * Insist that the next token be of type tt, or report errno and return null.
105 * NB: this macro uses cx and ts from its lexical environment.
106 */
107 #define MUST_MATCH_TOKEN_WITH_FLAGS(tt, errno, __flags) \
108 JS_BEGIN_MACRO \
109 if (tokenStream.getToken((__flags)) != tt) { \
110 reportErrorNumber(NULL, JSREPORT_ERROR, errno); \
111 return NULL; \
112 } \
113 JS_END_MACRO
114 #define MUST_MATCH_TOKEN(tt, errno) MUST_MATCH_TOKEN_WITH_FLAGS(tt, errno, 0)
115
116 #ifdef METER_PARSENODES
117 static uint32 parsenodes = 0;
118 static uint32 maxparsenodes = 0;
119 static uint32 recyclednodes = 0;
120 #endif
121
122 void
123 JSParseNode::become(JSParseNode *pn2)
124 {
125 JS_ASSERT(!pn_defn);
126 JS_ASSERT(!pn2->pn_defn);
127
128 JS_ASSERT(!pn_used);
129 if (pn2->pn_used) {
130 JSParseNode **pnup = &pn2->pn_lexdef->dn_uses;
131 while (*pnup != pn2)
132 pnup = &(*pnup)->pn_link;
133 *pnup = this;
134 pn_link = pn2->pn_link;
135 pn_used = true;
136 pn2->pn_link = NULL;
137 pn2->pn_used = false;
138 }
139
140 /* If this is a function node fix up the pn_funbox->node back-pointer. */
141 if (PN_TYPE(pn2) == TOK_FUNCTION && pn2->pn_arity == PN_FUNC)
142 pn2->pn_funbox->node = this;
143
144 pn_type = pn2->pn_type;
145 pn_op = pn2->pn_op;
146 pn_arity = pn2->pn_arity;
147 pn_parens = pn2->pn_parens;
148 pn_u = pn2->pn_u;
149 pn2->clear();
150 }
151
152 void
153 JSParseNode::clear()
154 {
155 pn_type = TOK_EOF;
156 pn_op = JSOP_NOP;
157 pn_used = pn_defn = false;
158 pn_arity = PN_NULLARY;
159 pn_parens = false;
160 }
161
162 bool
163 Parser::init(const jschar *base, size_t length,
164 FILE *fp, const char *filename, uintN lineno)
165 {
166 JSContext *cx = context;
167
168 tempPoolMark = JS_ARENA_MARK(&cx->tempPool);
169 if (!tokenStream.init(base, length, fp, filename, lineno)) {
170 JS_ARENA_RELEASE(&cx->tempPool, tempPoolMark);
171 return false;
172 }
173 return true;
174 }
175
176 Parser::~Parser()
177 {
178 JSContext *cx = context;
179
180 if (principals)
181 JSPRINCIPALS_DROP(cx, principals);
182 tokenStream.close();
183 JS_ARENA_RELEASE(&cx->tempPool, tempPoolMark);
184 }
185
186 void
187 Parser::setPrincipals(JSPrincipals *prin)
188 {
189 JS_ASSERT(!principals);
190 if (prin)
191 JSPRINCIPALS_HOLD(context, prin);
192 principals = prin;
193 }
194
195 JSObjectBox *
196 Parser::newObjectBox(JSObject *obj)
197 {
198 JS_ASSERT(obj);
199
200 /*
201 * We use JSContext.tempPool to allocate parsed objects and place them on
202 * a list in this Parser to ensure GC safety. Thus the tempPool arenas
203 * containing the entries must be alive until we are done with scanning,
204 * parsing and code generation for the whole script or top-level function.
205 */
206 JSObjectBox *objbox;
207 JS_ARENA_ALLOCATE_TYPE(objbox, JSObjectBox, &context->tempPool);
208 if (!objbox) {
209 js_ReportOutOfScriptQuota(context);
210 return NULL;
211 }
212 objbox->traceLink = traceListHead;
213 traceListHead = objbox;
214 objbox->emitLink = NULL;
215 objbox->object = obj;
216 return objbox;
217 }
218
219 JSFunctionBox *
220 Parser::newFunctionBox(JSObject *obj, JSParseNode *fn, JSTreeContext *tc)
221 {
222 JS_ASSERT(obj);
223 JS_ASSERT(obj->isFunction());
224
225 /*
226 * We use JSContext.tempPool to allocate parsed objects and place them on
227 * a list in this Parser to ensure GC safety. Thus the tempPool arenas
228 * containing the entries must be alive until we are done with scanning,
229 * parsing and code generation for the whole script or top-level function.
230 */
231 JSFunctionBox *funbox;
232 JS_ARENA_ALLOCATE_TYPE(funbox, JSFunctionBox, &context->tempPool);
233 if (!funbox) {
234 js_ReportOutOfScriptQuota(context);
235 return NULL;
236 }
237 funbox->traceLink = traceListHead;
238 traceListHead = funbox;
239 funbox->emitLink = NULL;
240 funbox->object = obj;
241 funbox->node = fn;
242 funbox->siblings = tc->functionList;
243 tc->functionList = funbox;
244 ++tc->parser->functionCount;
245 funbox->kids = NULL;
246 funbox->parent = tc->funbox;
247 funbox->methods = NULL;
248 funbox->queued = false;
249 funbox->inLoop = false;
250 for (JSStmtInfo *stmt = tc->topStmt; stmt; stmt = stmt->down) {
251 if (STMT_IS_LOOP(stmt)) {
252 funbox->inLoop = true;
253 break;
254 }
255 }
256 funbox->level = tc->staticLevel;
257 funbox->tcflags = (TCF_IN_FUNCTION | (tc->flags & (TCF_COMPILE_N_GO | TCF_STRICT_MODE_CODE)));
258 return funbox;
259 }
260
261 bool
262 JSFunctionBox::joinable() const
263 {
264 return FUN_NULL_CLOSURE((JSFunction *) object) &&
265 !(tcflags & (TCF_FUN_USES_ARGUMENTS | TCF_FUN_USES_OWN_NAME));
266 }
267
268 bool
269 JSFunctionBox::shouldUnbrand(uintN methods, uintN slowMethods) const
270 {
271 if (slowMethods != 0) {
272 for (const JSFunctionBox *funbox = this; funbox; funbox = funbox->parent) {
273 if (!(funbox->tcflags & TCF_FUN_MODULE_PATTERN))
274 return true;
275 if (funbox->inLoop)
276 return true;
277 }
278 }
279 return false;
280 }
281
282 void
283 Parser::trace(JSTracer *trc)
284 {
285 JSObjectBox *objbox = traceListHead;
286 while (objbox) {
287 JS_CALL_OBJECT_TRACER(trc, objbox->object, "parser.object");
288 objbox = objbox->traceLink;
289 }
290 }
291
292 static void
293 UnlinkFunctionBoxes(JSParseNode *pn, JSTreeContext *tc);
294
295 static void
296 UnlinkFunctionBox(JSParseNode *pn, JSTreeContext *tc)
297 {
298 JSFunctionBox *funbox = pn->pn_funbox;
299 if (funbox) {
300 JS_ASSERT(funbox->node == pn);
301 funbox->node = NULL;
302
303 if (funbox->parent && PN_OP(pn) == JSOP_LAMBDA) {
304 /*
305 * Remove pn from funbox->parent's methods list if it's there. See
306 * the TOK_SEMI case in Statement, near the bottom, the TOK_ASSIGN
307 * sub-case matching a constructor method assignment pattern.
308 */
309 JS_ASSERT(!pn->pn_defn);
310 JS_ASSERT(!pn->pn_used);
311 JSParseNode **pnp = &funbox->parent->methods;
312 while (JSParseNode *method = *pnp) {
313 if (method == pn) {
314 *pnp = method->pn_link;
315 break;
316 }
317 pnp = &method->pn_link;
318 }
319 }
320
321 JSFunctionBox **funboxp = &tc->functionList;
322 while (*funboxp) {
323 if (*funboxp == funbox) {
324 *funboxp = funbox->siblings;
325 break;
326 }
327 funboxp = &(*funboxp)->siblings;
328 }
329
330 uint32 oldflags = tc->flags;
331 JSFunctionBox *oldlist = tc->functionList;
332
333 tc->flags = funbox->tcflags;
334 tc->functionList = funbox->kids;
335 UnlinkFunctionBoxes(pn->pn_body, tc);
336 funbox->kids = tc->functionList;
337 tc->flags = oldflags;
338 tc->functionList = oldlist;
339
340 // FIXME: use a funbox freelist (consolidate aleFreeList and nodeList).
341 pn->pn_funbox = NULL;
342 }
343 }
344
345 static void
346 UnlinkFunctionBoxes(JSParseNode *pn, JSTreeContext *tc)
347 {
348 if (pn) {
349 switch (pn->pn_arity) {
350 case PN_NULLARY:
351 return;
352 case PN_UNARY:
353 UnlinkFunctionBoxes(pn->pn_kid, tc);
354 return;
355 case PN_BINARY:
356 UnlinkFunctionBoxes(pn->pn_left, tc);
357 UnlinkFunctionBoxes(pn->pn_right, tc);
358 return;
359 case PN_TERNARY:
360 UnlinkFunctionBoxes(pn->pn_kid1, tc);
361 UnlinkFunctionBoxes(pn->pn_kid2, tc);
362 UnlinkFunctionBoxes(pn->pn_kid3, tc);
363 return;
364 case PN_LIST:
365 for (JSParseNode *pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next)
366 UnlinkFunctionBoxes(pn2, tc);
367 return;
368 case PN_FUNC:
369 UnlinkFunctionBox(pn, tc);
370 return;
371 case PN_NAME:
372 UnlinkFunctionBoxes(pn->maybeExpr(), tc);
373 return;
374 case PN_NAMESET:
375 UnlinkFunctionBoxes(pn->pn_tree, tc);
376 }
377 }
378 }
379
380 static void
381 RecycleFuncNameKids(JSParseNode *pn, JSTreeContext *tc);
382
383 static JSParseNode *
384 RecycleTree(JSParseNode *pn, JSTreeContext *tc)
385 {
386 JSParseNode *next, **head;
387
388 if (!pn)
389 return NULL;
390
391 /* Catch back-to-back dup recycles. */
392 JS_ASSERT(pn != tc->parser->nodeList);
393 next = pn->pn_next;
394 if (pn->pn_used || pn->pn_defn) {
395 /*
396 * JSAtomLists own definition nodes along with their used-node chains.
397 * Defer recycling such nodes until we unwind to top level to avoid
398 * linkage overhead or (alternatively) unlinking runtime complexity.
399 * Yes, this means dead code can contribute to static analysis results!
400 *
401 * Do recycle kids here, since they are no longer needed.
402 */
403 pn->pn_next = NULL;
404 RecycleFuncNameKids(pn, tc);
405 } else {
406 UnlinkFunctionBoxes(pn, tc);
407 head = &tc->parser->nodeList;
408 pn->pn_next = *head;
409 *head = pn;
410 #ifdef METER_PARSENODES
411 recyclednodes++;
412 #endif
413 }
414 return next;
415 }
416
417 static void
418 RecycleFuncNameKids(JSParseNode *pn, JSTreeContext *tc)
419 {
420 switch (pn->pn_arity) {
421 case PN_FUNC:
422 UnlinkFunctionBox(pn, tc);
423 /* FALL THROUGH */
424
425 case PN_NAME:
426 /*
427 * Only a definition node might have a non-null strong pn_expr link
428 * to recycle, but we test !pn_used to handle PN_FUNC fall through.
429 * Every node with the pn_used flag set has a non-null pn_lexdef
430 * weak reference to its definition node.
431 */
432 if (!pn->pn_used && pn->pn_expr) {
433 RecycleTree(pn->pn_expr, tc);
434 pn->pn_expr = NULL;
435 }
436 break;
437
438 default:
439 JS_ASSERT(PN_TYPE(pn) == TOK_FUNCTION);
440 }
441 }
442
443 /*
444 * Allocate a JSParseNode from tc's node freelist or, failing that, from cx's
445 * temporary arena.
446 */
447 static JSParseNode *
448 NewOrRecycledNode(JSTreeContext *tc)
449 {
450 JSParseNode *pn, *pn2;
451
452 pn = tc->parser->nodeList;
453 if (!pn) {
454 JSContext *cx = tc->parser->context;
455
456 JS_ARENA_ALLOCATE_TYPE(pn, JSParseNode, &cx->tempPool);
457 if (!pn)
458 js_ReportOutOfScriptQuota(cx);
459 } else {
460 tc->parser->nodeList = pn->pn_next;
461
462 /* Recycle immediate descendents only, to save work and working set. */
463 switch (pn->pn_arity) {
464 case PN_FUNC:
465 RecycleTree(pn->pn_body, tc);
466 break;
467 case PN_LIST:
468 pn2 = pn->pn_head;
469 if (pn2) {
470 while (pn2 && !pn2->pn_used && !pn2->pn_defn)
471 pn2 = pn2->pn_next;
472 if (pn2) {
473 pn2 = pn->pn_head;
474 do {
475 pn2 = RecycleTree(pn2, tc);
476 } while (pn2);
477 } else {
478 *pn->pn_tail = tc->parser->nodeList;
479 tc->parser->nodeList = pn->pn_head;
480 #ifdef METER_PARSENODES
481 recyclednodes += pn->pn_count;
482 #endif
483 break;
484 }
485 }
486 break;
487 case PN_TERNARY:
488 RecycleTree(pn->pn_kid1, tc);
489 RecycleTree(pn->pn_kid2, tc);
490 RecycleTree(pn->pn_kid3, tc);
491 break;
492 case PN_BINARY:
493 if (pn->pn_left != pn->pn_right)
494 RecycleTree(pn->pn_left, tc);
495 RecycleTree(pn->pn_right, tc);
496 break;
497 case PN_UNARY:
498 RecycleTree(pn->pn_kid, tc);
499 break;
500 case PN_NAME:
501 if (!pn->pn_used)
502 RecycleTree(pn->pn_expr, tc);
503 break;
504 case PN_NULLARY:
505 break;
506 }
507 }
508 if (pn) {
509 #ifdef METER_PARSENODES
510 parsenodes++;
511 if (parsenodes - recyclednodes > maxparsenodes)
512 maxparsenodes = parsenodes - recyclednodes;
513 #endif
514 pn->pn_used = pn->pn_defn = false;
515 memset(&pn->pn_u, 0, sizeof pn->pn_u);
516 pn->pn_next = NULL;
517 }
518 return pn;
519 }
520
521 /* used only by static create methods of subclasses */
522
523 JSParseNode *
524 JSParseNode::create(JSParseNodeArity arity, JSTreeContext *tc)
525 {
526 JSParseNode *pn = NewOrRecycledNode(tc);
527 if (!pn)
528 return NULL;
529 const Token &tok = tc->parser->tokenStream.currentToken();
530 pn->init(tok.type, JSOP_NOP, arity);
531 pn->pn_pos = tok.pos;
532 return pn;
533 }
534
535 JSParseNode *
536 JSParseNode::newBinaryOrAppend(TokenKind tt, JSOp op, JSParseNode *left, JSParseNode *right,
537 JSTreeContext *tc)
538 {
539 JSParseNode *pn, *pn1, *pn2;
540
541 if (!left || !right)
542 return NULL;
543
544 /*
545 * Flatten a left-associative (left-heavy) tree of a given operator into
546 * a list, to reduce js_FoldConstants and js_EmitTree recursion.
547 */
548 if (PN_TYPE(left) == tt &&
549 PN_OP(left) == op &&
550 (js_CodeSpec[op].format & JOF_LEFTASSOC)) {
551 if (left->pn_arity != PN_LIST) {
552 pn1 = left->pn_left, pn2 = left->pn_right;
553 left->pn_arity = PN_LIST;
554 left->pn_parens = false;
555 left->initList(pn1);
556 left->append(pn2);
557 if (tt == TOK_PLUS) {
558 if (pn1->pn_type == TOK_STRING)
559 left->pn_xflags |= PNX_STRCAT;
560 else if (pn1->pn_type != TOK_NUMBER)
561 left->pn_xflags |= PNX_CANTFOLD;
562 if (pn2->pn_type == TOK_STRING)
563 left->pn_xflags |= PNX_STRCAT;
564 else if (pn2->pn_type != TOK_NUMBER)
565 left->pn_xflags |= PNX_CANTFOLD;
566 }
567 }
568 left->append(right);
569 left->pn_pos.end = right->pn_pos.end;
570 if (tt == TOK_PLUS) {
571 if (right->pn_type == TOK_STRING)
572 left->pn_xflags |= PNX_STRCAT;
573 else if (right->pn_type != TOK_NUMBER)
574 left->pn_xflags |= PNX_CANTFOLD;
575 }
576 return left;
577 }
578
579 /*
580 * Fold constant addition immediately, to conserve node space and, what's
581 * more, so js_FoldConstants never sees mixed addition and concatenation
582 * operations with more than one leading non-string operand in a PN_LIST
583 * generated for expressions such as 1 + 2 + "pt" (which should evaluate
584 * to "3pt", not "12pt").
585 */
586 if (tt == TOK_PLUS &&
587 left->pn_type == TOK_NUMBER &&
588 right->pn_type == TOK_NUMBER) {
589 left->pn_dval += right->pn_dval;
590 left->pn_pos.end = right->pn_pos.end;
591 RecycleTree(right, tc);
592 return left;
593 }
594
595 pn = NewOrRecycledNode(tc);
596 if (!pn)
597 return NULL;
598 pn->init(tt, op, PN_BINARY);
599 pn->pn_pos.begin = left->pn_pos.begin;
600 pn->pn_pos.end = right->pn_pos.end;
601 pn->pn_left = left;
602 pn->pn_right = right;
603 return (BinaryNode *)pn;
604 }
605
606 namespace js {
607
608 inline void
609 NameNode::initCommon(JSTreeContext *tc)
610 {
611 pn_expr = NULL;
612 pn_cookie = FREE_UPVAR_COOKIE;
613 pn_dflags = tc->atTopLevel() ? PND_TOPLEVEL : 0;
614 if (!tc->topStmt || tc->topStmt->type == STMT_BLOCK)
615 pn_dflags |= PND_BLOCKCHILD;
616 pn_blockid = tc->blockid();
617 }
618
619 NameNode *
620 NameNode::create(JSAtom *atom, JSTreeContext *tc)
621 {
622 JSParseNode *pn;
623
624 pn = JSParseNode::create(PN_NAME, tc);
625 if (pn) {
626 pn->pn_atom = atom;
627 ((NameNode *)pn)->initCommon(tc);
628 }
629 return (NameNode *)pn;
630 }
631
632 } /* namespace js */
633
634 static bool
635 GenerateBlockId(JSTreeContext *tc, uint32& blockid)
636 {
637 if (tc->blockidGen == JS_BIT(20)) {
638 JS_ReportErrorNumber(tc->parser->context, js_GetErrorMessage, NULL,
639 JSMSG_NEED_DIET, "program");
640 return false;
641 }
642 blockid = tc->blockidGen++;
643 return true;
644 }
645
646 static bool
647 GenerateBlockIdForStmtNode(JSParseNode *pn, JSTreeContext *tc)
648 {
649 JS_ASSERT(tc->topStmt);
650 JS_ASSERT(STMT_MAYBE_SCOPE(tc->topStmt));
651 JS_ASSERT(pn->pn_type == TOK_LC || pn->pn_type == TOK_LEXICALSCOPE);
652 if (!GenerateBlockId(tc, tc->topStmt->blockid))
653 return false;
654 pn->pn_blockid = tc->topStmt->blockid;
655 return true;
656 }
657
658 /*
659 * Parse a top-level JS script.
660 */
661 JSParseNode *
662 Parser::parse(JSObject *chain)
663 {
664 /*
665 * Protect atoms from being collected by a GC activation, which might
666 * - nest on this thread due to out of memory (the so-called "last ditch"
667 * GC attempted within js_NewGCThing), or
668 * - run for any reason on another thread if this thread is suspended on
669 * an object lock before it finishes generating bytecode into a script
670 * protected from the GC by a root or a stack frame reference.
671 */
672 JSTreeContext globaltc(this);
673 globaltc.scopeChain = chain;
674 if (!GenerateBlockId(&globaltc, globaltc.bodyid))
675 return NULL;
676
677 JSParseNode *pn = statements();
678 if (pn) {
679 if (!tokenStream.matchToken(TOK_EOF)) {
680 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
681 pn = NULL;
682 } else {
683 if (!js_FoldConstants(context, pn, &globaltc))
684 pn = NULL;
685 }
686 }
687 return pn;
688 }
689
690 JS_STATIC_ASSERT(FREE_STATIC_LEVEL == JS_BITMASK(JSFB_LEVEL_BITS));
691
692 static inline bool
693 SetStaticLevel(JSTreeContext *tc, uintN staticLevel)
694 {
695 /*
696 * Reserve FREE_STATIC_LEVEL (0xffff) in order to reserve FREE_UPVAR_COOKIE
697 * (0xffffffff) and other cookies with that level.
698 *
699 * This is a lot simpler than error-checking every MAKE_UPVAR_COOKIE, and
700 * practically speaking it leaves more than enough room for upvars. In fact
701 * we might want to split cookie fields giving fewer bits for skip and more
702 * for slot, but only based on evidence.
703 */
704 if (staticLevel >= FREE_STATIC_LEVEL) {
705 JS_ReportErrorNumber(tc->parser->context, js_GetErrorMessage, NULL,
706 JSMSG_TOO_DEEP, js_function_str);
707 return false;
708 }
709 tc->staticLevel = staticLevel;
710 return true;
711 }
712
713 /*
714 * Compile a top-level script.
715 */
716 JSScript *
717 Compiler::compileScript(JSContext *cx, JSObject *scopeChain, JSStackFrame *callerFrame,
718 JSPrincipals *principals, uint32 tcflags,
719 const jschar *chars, size_t length,
720 FILE *file, const char *filename, uintN lineno,
721 JSString *source /* = NULL */,
722 unsigned staticLevel /* = 0 */)
723 {
724 JSArenaPool codePool, notePool;
725 TokenKind tt;
726 JSParseNode *pn;
727 uint32 scriptGlobals;
728 JSScript *script;
729 bool inDirectivePrologue;
730 #ifdef METER_PARSENODES
731 void *sbrk(ptrdiff_t), *before = sbrk(0);
732 #endif
733
734 JS_ASSERT(!(tcflags & ~(TCF_COMPILE_N_GO | TCF_NO_SCRIPT_RVAL | TCF_NEED_MUTABLE_SCRIPT)));
735
736 /*
737 * The scripted callerFrame can only be given for compile-and-go scripts
738 * and non-zero static level requires callerFrame.
739 */
740 JS_ASSERT_IF(callerFrame, tcflags & TCF_COMPILE_N_GO);
741 JS_ASSERT_IF(staticLevel != 0, callerFrame);
742
743 Compiler compiler(cx, principals, callerFrame);
744 if (!compiler.init(chars, length, file, filename, lineno))
745 return NULL;
746
747 JS_InitArenaPool(&codePool, "code", 1024, sizeof(jsbytecode),
748 &cx->scriptStackQuota);
749 JS_InitArenaPool(&notePool, "note", 1024, sizeof(jssrcnote),
750 &cx->scriptStackQuota);
751
752 Parser &parser = compiler.parser;
753 TokenStream &tokenStream = parser.tokenStream;
754
755 JSCodeGenerator cg(&parser, &codePool, &notePool, tokenStream.getLineno());
756 if (!cg.init())
757 return NULL;
758
759 MUST_FLOW_THROUGH("out");
760
761 /* Null script early in case of error, to reduce our code footprint. */
762 script = NULL;
763
764 cg.flags |= tcflags;
765 cg.scopeChain = scopeChain;
766 if (!SetStaticLevel(&cg, staticLevel))
767 goto out;
768
769 /* If this is a direct call to eval, inherit the caller's strictness. */
770 if (callerFrame &&
771 callerFrame->script &&
772 callerFrame->script->strictModeCode) {
773 cg.flags |= TCF_STRICT_MODE_CODE;
774 tokenStream.setStrictMode();
775 }
776
777 /*
778 * If funbox is non-null after we create the new script, callerFrame->fun
779 * was saved in the 0th object table entry.
780 */
781 JSObjectBox *funbox;
782 funbox = NULL;
783
784 if (tcflags & TCF_COMPILE_N_GO) {
785 if (source) {
786 /*
787 * Save eval program source in script->atomMap.vector[0] for the
788 * eval cache (see obj_eval in jsobj.cpp).
789 */
790 JSAtom *atom = js_AtomizeString(cx, source, 0);
791 if (!atom || !cg.atomList.add(&parser, atom))
792 goto out;
793 }
794
795 if (callerFrame && callerFrame->fun) {
796 /*
797 * An eval script in a caller frame needs to have its enclosing
798 * function captured in case it refers to an upvar, and someone
799 * wishes to decompile it while it's running.
800 */
801 funbox = parser.newObjectBox(FUN_OBJECT(callerFrame->fun));
802 if (!funbox)
803 goto out;
804 funbox->emitLink = cg.objectList.lastbox;
805 cg.objectList.lastbox = funbox;
806 cg.objectList.length++;
807 }
808 }
809
810 /*
811 * Inline this->statements to emit as we go to save AST space. We must
812 * generate our script-body blockid since we aren't calling Statements.
813 */
814 uint32 bodyid;
815 if (!GenerateBlockId(&cg, bodyid))
816 goto out;
817 cg.bodyid = bodyid;
818
819 #if JS_HAS_XML_SUPPORT
820 pn = NULL;
821 bool onlyXML;
822 onlyXML = true;
823 #endif
824
825 CG_SWITCH_TO_PROLOG(&cg);
826 if (js_Emit1(cx, &cg, JSOP_TRACE) < 0)
827 goto out;
828 CG_SWITCH_TO_MAIN(&cg);
829
830 inDirectivePrologue = true;
831 for (;;) {
832 tt = tokenStream.peekToken(TSF_OPERAND);
833 if (tt <= TOK_EOF) {
834 if (tt == TOK_EOF)
835 break;
836 JS_ASSERT(tt == TOK_ERROR);
837 goto out;
838 }
839
840 pn = parser.statement();
841 if (!pn)
842 goto out;
843 JS_ASSERT(!cg.blockNode);
844
845 if (inDirectivePrologue)
846 inDirectivePrologue = parser.recognizeDirectivePrologue(pn);
847
848 if (!js_FoldConstants(cx, pn, &cg))
849 goto out;
850
851 if (cg.functionList) {
852 if (!parser.analyzeFunctions(cg.functionList, cg.flags))
853 goto out;
854 cg.functionList = NULL;
855 }
856
857 if (!js_EmitTree(cx, &cg, pn))
858 goto out;
859 #if JS_HAS_XML_SUPPORT
860 if (PN_TYPE(pn) != TOK_SEMI ||
861 !pn->pn_kid ||
862 !TreeTypeIsXML(PN_TYPE(pn->pn_kid))) {
863 onlyXML = false;
864 }
865 #endif
866 RecycleTree(pn, &cg);
867 }
868
869 #if JS_HAS_XML_SUPPORT
870 /*
871 * Prevent XML data theft via <script src="http://victim.com/foo.xml">.
872 * For background, see:
873 *
874 * https://bugzilla.mozilla.org/show_bug.cgi?id=336551
875 */
876 if (pn && onlyXML && (tcflags & TCF_NO_SCRIPT_RVAL)) {
877 parser.reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_XML_WHOLE_PROGRAM);
878 goto out;
879 }
880 #endif
881
882 /*
883 * Global variables (gvars) share the atom index space with locals. Due to
884 * incremental code generation we need to patch the bytecode to adjust the
885 * local references to skip the globals.
886 */
887 scriptGlobals = cg.ngvars;
888 if (scriptGlobals != 0 || cg.hasSharps()) {
889 jsbytecode *code, *end;
890 JSOp op;
891 const JSCodeSpec *cs;
892 uintN len, slot;
893
894 if (scriptGlobals >= SLOTNO_LIMIT)
895 goto too_many_slots;
896 code = CG_BASE(&cg);
897 for (end = code + CG_OFFSET(&cg); code != end; code += len) {
898 JS_ASSERT(code < end);
899 op = (JSOp) *code;
900 cs = &js_CodeSpec[op];
901 len = (cs->length > 0)
902 ? (uintN) cs->length
903 : js_GetVariableBytecodeLength(code);
904 if ((cs->format & JOF_SHARPSLOT) ||
905 JOF_TYPE(cs->format) == JOF_LOCAL ||
906 (JOF_TYPE(cs->format) == JOF_SLOTATOM)) {
907 /*
908 * JSOP_GETARGPROP also has JOF_SLOTATOM type, but it may be
909 * emitted only for a function.
910 */
911 JS_ASSERT_IF(!(cs->format & JOF_SHARPSLOT),
912 (JOF_TYPE(cs->format) == JOF_SLOTATOM) ==
913 (op == JSOP_GETLOCALPROP));
914 slot = GET_SLOTNO(code);
915 slot += scriptGlobals;
916 if (!(cs->format & JOF_SHARPSLOT))
917 slot += cg.sharpSlots();
918 if (slot >= SLOTNO_LIMIT)
919 goto too_many_slots;
920 SET_SLOTNO(code, slot);
921 }
922 }
923 }
924
925 #ifdef METER_PARSENODES
926 printf("Parser growth: %d (%u nodes, %u max, %u unrecycled)\n",
927 (char *)sbrk(0) - (char *)before,
928 parsenodes,
929 maxparsenodes,
930 parsenodes - recyclednodes);
931 before = sbrk(0);
932 #endif
933
934 /*
935 * Nowadays the threaded interpreter needs a stop instruction, so we
936 * do have to emit that here.
937 */
938 if (js_Emit1(cx, &cg, JSOP_STOP) < 0)
939 goto out;
940 #ifdef METER_PARSENODES
941 printf("Code-gen growth: %d (%u bytecodes, %u srcnotes)\n",
942 (char *)sbrk(0) - (char *)before, CG_OFFSET(&cg), cg.noteCount);
943 #endif
944 #ifdef JS_ARENAMETER
945 JS_DumpArenaStats(stdout);
946 #endif
947 script = js_NewScriptFromCG(cx, &cg);
948 if (script && funbox && script != script->emptyScript())
949 script->savedCallerFun = true;
950
951 #ifdef JS_SCOPE_DEPTH_METER
952 if (script) {
953 JSObject *obj = scopeChain;
954 uintN depth = 1;
955 while ((obj = obj->getParent()) != NULL)
956 ++depth;
957 JS_BASIC_STATS_ACCUM(&cx->runtime->hostenvScopeDepthStats, depth);
958 }
959 #endif
960
961 out:
962 JS_FinishArenaPool(&codePool);
963 JS_FinishArenaPool(&notePool);
964 return script;
965
966 too_many_slots:
967 parser.reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_TOO_MANY_LOCALS);
968 script = NULL;
969 goto out;
970 }
971
972 /*
973 * Insist on a final return before control flows out of pn. Try to be a bit
974 * smart about loops: do {...; return e2;} while(0) at the end of a function
975 * that contains an early return e1 will get a strict warning. Similarly for
976 * iloops: while (true){...} is treated as though ... returns.
977 */
978 #define ENDS_IN_OTHER 0
979 #define ENDS_IN_RETURN 1
980 #define ENDS_IN_BREAK 2
981
982 static int
983 HasFinalReturn(JSParseNode *pn)
984 {
985 JSParseNode *pn2, *pn3;
986 uintN rv, rv2, hasDefault;
987
988 switch (pn->pn_type) {
989 case TOK_LC:
990 if (!pn->pn_head)
991 return ENDS_IN_OTHER;
992 return HasFinalReturn(pn->last());
993
994 case TOK_IF:
995 if (!pn->pn_kid3)
996 return ENDS_IN_OTHER;
997 return HasFinalReturn(pn->pn_kid2) & HasFinalReturn(pn->pn_kid3);
998
999 case TOK_WHILE:
1000 pn2 = pn->pn_left;
1001 if (pn2->pn_type == TOK_PRIMARY && pn2->pn_op == JSOP_TRUE)
1002 return ENDS_IN_RETURN;
1003 if (pn2->pn_type == TOK_NUMBER && pn2->pn_dval)
1004 return ENDS_IN_RETURN;
1005 return ENDS_IN_OTHER;
1006
1007 case TOK_DO:
1008 pn2 = pn->pn_right;
1009 if (pn2->pn_type == TOK_PRIMARY) {
1010 if (pn2->pn_op == JSOP_FALSE)
1011 return HasFinalReturn(pn->pn_left);
1012 if (pn2->pn_op == JSOP_TRUE)
1013 return ENDS_IN_RETURN;
1014 }
1015 if (pn2->pn_type == TOK_NUMBER) {
1016 if (pn2->pn_dval == 0)
1017 return HasFinalReturn(pn->pn_left);
1018 return ENDS_IN_RETURN;
1019 }
1020 return ENDS_IN_OTHER;
1021
1022 case TOK_FOR:
1023 pn2 = pn->pn_left;
1024 if (pn2->pn_arity == PN_TERNARY && !pn2->pn_kid2)
1025 return ENDS_IN_RETURN;
1026 return ENDS_IN_OTHER;
1027
1028 case TOK_SWITCH:
1029 rv = ENDS_IN_RETURN;
1030 hasDefault = ENDS_IN_OTHER;
1031 pn2 = pn->pn_right;
1032 if (pn2->pn_type == TOK_LEXICALSCOPE)
1033 pn2 = pn2->expr();
1034 for (pn2 = pn2->pn_head; rv && pn2; pn2 = pn2->pn_next) {
1035 if (pn2->pn_type == TOK_DEFAULT)
1036 hasDefault = ENDS_IN_RETURN;
1037 pn3 = pn2->pn_right;
1038 JS_ASSERT(pn3->pn_type == TOK_LC);
1039 if (pn3->pn_head) {
1040 rv2 = HasFinalReturn(pn3->last());
1041 if (rv2 == ENDS_IN_OTHER && pn2->pn_next)
1042 /* Falling through to next case or default. */;
1043 else
1044 rv &= rv2;
1045 }
1046 }
1047 /* If a final switch has no default case, we judge it harshly. */
1048 rv &= hasDefault;
1049 return rv;
1050
1051 case TOK_BREAK:
1052 return ENDS_IN_BREAK;
1053
1054 case TOK_WITH:
1055 return HasFinalReturn(pn->pn_right);
1056
1057 case TOK_RETURN:
1058 return ENDS_IN_RETURN;
1059
1060 case TOK_COLON:
1061 case TOK_LEXICALSCOPE:
1062 return HasFinalReturn(pn->expr());
1063
1064 case TOK_THROW:
1065 return ENDS_IN_RETURN;
1066
1067 case TOK_TRY:
1068 /* If we have a finally block that returns, we are done. */
1069 if (pn->pn_kid3) {
1070 rv = HasFinalReturn(pn->pn_kid3);
1071 if (rv == ENDS_IN_RETURN)
1072 return rv;
1073 }
1074
1075 /* Else check the try block and any and all catch statements. */
1076 rv = HasFinalReturn(pn->pn_kid1);
1077 if (pn->pn_kid2) {
1078 JS_ASSERT(pn->pn_kid2->pn_arity == PN_LIST);
1079 for (pn2 = pn->pn_kid2->pn_head; pn2; pn2 = pn2->pn_next)
1080 rv &= HasFinalReturn(pn2);
1081 }
1082 return rv;
1083
1084 case TOK_CATCH:
1085 /* Check this catch block's body. */
1086 return HasFinalReturn(pn->pn_kid3);
1087
1088 case TOK_LET:
1089 /* Non-binary let statements are let declarations. */
1090 if (pn->pn_arity != PN_BINARY)
1091 return ENDS_IN_OTHER;
1092 return HasFinalReturn(pn->pn_right);
1093
1094 default:
1095 return ENDS_IN_OTHER;
1096 }
1097 }
1098
1099 static JSBool
1100 ReportBadReturn(JSContext *cx, JSTreeContext *tc, uintN flags, uintN errnum,
1101 uintN anonerrnum)
1102 {
1103 const char *name;
1104
1105 JS_ASSERT(tc->inFunction());
1106 if (tc->fun->atom) {
1107 name = js_AtomToPrintableString(cx, tc->fun->atom);
1108 } else {
1109 errnum = anonerrnum;
1110 name = NULL;
1111 }
1112 return ReportCompileErrorNumber(cx, TS(tc->parser), NULL, flags, errnum, name);
1113 }
1114
1115 static JSBool
1116 CheckFinalReturn(JSContext *cx, JSTreeContext *tc, JSParseNode *pn)
1117 {
1118 JS_ASSERT(tc->inFunction());
1119 return HasFinalReturn(pn) == ENDS_IN_RETURN ||
1120 ReportBadReturn(cx, tc, JSREPORT_WARNING | JSREPORT_STRICT,
1121 JSMSG_NO_RETURN_VALUE, JSMSG_ANON_NO_RETURN_VALUE);
1122 }
1123
1124 /*
1125 * Check that it is permitted to assign to lhs. Strict mode code may not
1126 * assign to 'eval' or 'arguments'.
1127 */
1128 bool
1129 CheckStrictAssignment(JSContext *cx, JSTreeContext *tc, JSParseNode *lhs)
1130 {
1131 if (tc->needStrictChecks() &&
1132 lhs->pn_type == TOK_NAME) {
1133 JSAtom *atom = lhs->pn_atom;
1134 JSAtomState *atomState = &cx->runtime->atomState;
1135 if (atom == atomState->evalAtom || atom == atomState->argumentsAtom) {
1136 const char *name = js_AtomToPrintableString(cx, atom);
1137 if (!name ||
1138 !ReportStrictModeError(cx, TS(tc->parser), tc, lhs, JSMSG_DEPRECATED_ASSIGN,
1139 name)) {
1140 return false;
1141 }
1142 }
1143 }
1144 return true;
1145 }
1146
1147 /*
1148 * Check that it is permitted to introduce a binding for atom. Strict
1149 * mode forbids introducing new definitions for 'eval' or 'arguments'.
1150 * Use pn for reporting error locations, or use tc's token stream if
1151 * pn is NULL.
1152 */
1153 bool
1154 CheckStrictBinding(JSContext *cx, JSTreeContext *tc, JSAtom *atom, JSParseNode *pn)
1155 {
1156 if (!tc->needStrictChecks())
1157 return true;
1158
1159 JSAtomState *atomState = &cx->runtime->atomState;
1160 if (atom == atomState->evalAtom || atom == atomState->argumentsAtom) {
1161 const char *name = js_AtomToPrintableString(cx, atom);
1162 if (name)
1163 ReportStrictModeError(cx, TS(tc->parser), tc, pn, JSMSG_BAD_BINDING, name);
1164 return false;
1165 }
1166 return true;
1167 }
1168
1169 /*
1170 * In strict mode code, all formal parameter names must be distinct. If fun's
1171 * formals are legit given fun's strictness level, return true. Otherwise,
1172 * report an error and return false. Use pn for error position reporting,
1173 * unless we can find something more accurate in tc's decls.
1174 *
1175 * In some cases the code to parse the argument list will already have noticed
1176 * the duplication; we could try to use that knowledge instead of re-checking
1177 * here. But since the strictness of the function's body determines what
1178 * constraints to apply to the argument list, we can't report the error until
1179 * after we've parsed the body. And as it turns out, the function's local name
1180 * list makes it reasonably cheap to find duplicates after the fact.
1181 */
1182 static bool
1183 CheckStrictFormals(JSContext *cx, JSTreeContext *tc, JSFunction *fun,
1184 JSParseNode *pn)
1185 {
1186 JSAtom *atom;
1187
1188 if (!tc->needStrictChecks())
1189 return true;
1190
1191 atom = fun->findDuplicateFormal();
1192 if (atom) {
1193 /*
1194 * We have found a duplicate parameter name. If we can find the
1195 * JSDefinition for the argument, that will have a more accurate source
1196 * location.
1197 */
1198 JSDefinition *dn = ALE_DEFN(tc->decls.lookup(atom));
1199 if (dn->pn_op == JSOP_GETARG)
1200 pn = dn;
1201 const char *name = js_AtomToPrintableString(cx, atom);
1202 if (!name ||
1203 !ReportStrictModeError(cx, TS(tc->parser), tc, pn, JSMSG_DUPLICATE_FORMAL, name)) {
1204 return false;
1205 }
1206 }
1207
1208 if (tc->flags & (TCF_FUN_PARAM_ARGUMENTS | TCF_FUN_PARAM_EVAL)) {
1209 JSAtomState *atoms = &cx->runtime->atomState;
1210 atom = (tc->flags & TCF_FUN_PARAM_ARGUMENTS
1211 ? atoms->argumentsAtom : atoms->evalAtom);
1212 /* The definition's source position will be more precise. */
1213 JSDefinition *dn = ALE_DEFN(tc->decls.lookup(atom));
1214 JS_ASSERT(dn->pn_atom == atom);
1215 const char *name = js_AtomToPrintableString(cx, atom);
1216 if (!name ||
1217 !ReportStrictModeError(cx, TS(tc->parser), tc, dn, JSMSG_BAD_BINDING, name)) {
1218 return false;
1219 }
1220 }
1221
1222 return true;
1223 }
1224
1225 JSParseNode *
1226 Parser::functionBody()
1227 {
1228 JSStmtInfo stmtInfo;
1229 uintN oldflags, firstLine;
1230 JSParseNode *pn;
1231
1232 JS_ASSERT(tc->inFunction());
1233 js_PushStatement(tc, &stmtInfo, STMT_BLOCK, -1);
1234 stmtInfo.flags = SIF_BODY_BLOCK;
1235
1236 oldflags = tc->flags;
1237 tc->flags &= ~(TCF_RETURN_EXPR | TCF_RETURN_VOID);
1238
1239 /*
1240 * Save the body's first line, and store it in pn->pn_pos.begin.lineno
1241 * later, because we may have not peeked in tokenStream yet, so statements
1242 * won't acquire a valid pn->pn_pos.begin from the current token.
1243 */
1244 firstLine = tokenStream.getLineno();
1245 #if JS_HAS_EXPR_CLOSURES
1246 if (tokenStream.currentToken().type == TOK_LC) {
1247 pn = statements();
1248 } else {
1249 pn = UnaryNode::create(tc);
1250 if (pn) {
1251 pn->pn_kid = assignExpr();
1252 if (!pn->pn_kid) {
1253 pn = NULL;
1254 } else {
1255 if (tc->flags & TCF_FUN_IS_GENERATOR) {
1256 ReportBadReturn(context, tc, JSREPORT_ERROR,
1257 JSMSG_BAD_GENERATOR_RETURN,
1258 JSMSG_BAD_ANON_GENERATOR_RETURN);
1259 pn = NULL;
1260 } else {
1261 pn->pn_type = TOK_RETURN;
1262 pn->pn_op = JSOP_RETURN;
1263 pn->pn_pos.end = pn->pn_kid->pn_pos.end;
1264 }
1265 }
1266 }
1267 }
1268 #else
1269 pn = statements();
1270 #endif
1271
1272 if (pn) {
1273 JS_ASSERT(!(tc->topStmt->flags & SIF_SCOPE));
1274 js_PopStatement(tc);
1275 pn->pn_pos.begin.lineno = firstLine;
1276
1277 /* Check for falling off the end of a function that returns a value. */
1278 if (JS_HAS_STRICT_OPTION(context) && (tc->flags & TCF_RETURN_EXPR) &&
1279 !CheckFinalReturn(context, tc, pn)) {
1280 pn = NULL;
1281 }
1282 }
1283
1284 tc->flags = oldflags | (tc->flags & TCF_FUN_FLAGS);
1285 return pn;
1286 }
1287
1288 static JSAtomListElement *
1289 MakePlaceholder(JSParseNode *pn, JSTreeContext *tc)
1290 {
1291 JSAtomListElement *ale = tc->lexdeps.add(tc->parser, pn->pn_atom);
1292 if (!ale)
1293 return NULL;
1294
1295 JSDefinition *dn = (JSDefinition *)NameNode::create(pn->pn_atom, tc);
1296 if (!dn)
1297 return NULL;
1298
1299 ALE_SET_DEFN(ale, dn);
1300 dn->pn_defn = true;
1301 dn->pn_dflags |= PND_PLACEHOLDER;
1302 return ale;
1303 }
1304
1305 static bool
1306 Define(JSParseNode *pn, JSAtom *atom, JSTreeContext *tc, bool let = false)
1307 {
1308 JS_ASSERT(!pn->pn_used);
1309 JS_ASSERT_IF(pn->pn_defn, pn->isPlaceholder());
1310
1311 JSHashEntry **hep;
1312 JSAtomListElement *ale = NULL;
1313 JSAtomList *list = NULL;
1314
1315 if (let)
1316 ale = (list = &tc->decls)->rawLookup(atom, hep);
1317 if (!ale)
1318 ale = (list = &tc->lexdeps)->rawLookup(atom, hep);
1319
1320 if (ale) {
1321 JSDefinition *dn = ALE_DEFN(ale);
1322 if (dn != pn) {
1323 JSParseNode **pnup = &dn->dn_uses;
1324 JSParseNode *pnu;
1325 uintN start = let ? pn->pn_blockid : tc->bodyid;
1326
1327 while ((pnu = *pnup) != NULL && pnu->pn_blockid >= start) {
1328 JS_ASSERT(pnu->pn_used);
1329 pnu->pn_lexdef = (JSDefinition *) pn;
1330 pn->pn_dflags |= pnu->pn_dflags & PND_USE2DEF_FLAGS;
1331 pnup = &pnu->pn_link;
1332 }
1333
1334 if (pnu != dn->dn_uses) {
1335 *pnup = pn->dn_uses;
1336 pn->dn_uses = dn->dn_uses;
1337 dn->dn_uses = pnu;
1338
1339 if ((!pnu || pnu->pn_blockid < tc->bodyid) && list != &tc->decls)
1340 list->rawRemove(tc->parser, ale, hep);
1341 }
1342 }
1343 }
1344
1345 ale = tc->decls.add(tc->parser, atom, let ? JSAtomList::SHADOW : JSAtomList::UNIQUE);
1346 if (!ale)
1347 return false;
1348 ALE_SET_DEFN(ale, pn);
1349 pn->pn_defn = true;
1350 pn->pn_dflags &= ~PND_PLACEHOLDER;
1351 return true;
1352 }
1353
1354 static void
1355 LinkUseToDef(JSParseNode *pn, JSDefinition *dn, JSTreeContext *tc)
1356 {
1357 JS_ASSERT(!pn->pn_used);
1358 JS_ASSERT(!pn->pn_defn);
1359 JS_ASSERT(pn != dn->dn_uses);
1360 pn->pn_link = dn->dn_uses;
1361 dn->dn_uses = pn;
1362 dn->pn_dflags |= pn->pn_dflags & PND_USE2DEF_FLAGS;
1363 pn->pn_used = true;
1364 pn->pn_lexdef = dn;
1365 }
1366
1367 static void
1368 ForgetUse(JSParseNode *pn)
1369 {
1370 if (!pn->pn_used) {
1371 JS_ASSERT(!pn->pn_defn);
1372 return;
1373 }
1374
1375 JSParseNode **pnup = &pn->lexdef()->dn_uses;
1376 JSParseNode *pnu;
1377 while ((pnu = *pnup) != pn)
1378 pnup = &pnu->pn_link;
1379 *pnup = pn->pn_link;
1380 pn->pn_used = false;
1381 }
1382
1383 static JSParseNode *
1384 MakeAssignment(JSParseNode *pn, JSParseNode *rhs, JSTreeContext *tc)
1385 {
1386 JSParseNode *lhs = NewOrRecycledNode(tc);
1387 if (!lhs)
1388 return NULL;
1389 *lhs = *pn;
1390
1391 if (pn->pn_used) {
1392 JSDefinition *dn = pn->pn_lexdef;
1393 JSParseNode **pnup = &dn->dn_uses;
1394
1395 while (*pnup != pn)
1396 pnup = &(*pnup)->pn_link;
1397 *pnup = lhs;
1398 lhs->pn_link = pn->pn_link;
1399 pn->pn_link = NULL;
1400 }
1401
1402 pn->pn_type = TOK_ASSIGN;
1403 pn->pn_op = JSOP_NOP;
1404 pn->pn_arity = PN_BINARY;
1405 pn->pn_parens = false;
1406 pn->pn_used = pn->pn_defn = false;
1407 pn->pn_left = lhs;
1408 pn->pn_right = rhs;
1409 return lhs;
1410 }
1411
1412 static JSParseNode *
1413 MakeDefIntoUse(JSDefinition *dn, JSParseNode *pn, JSAtom *atom, JSTreeContext *tc)
1414 {
1415 /*
1416 * If dn is var, const, or let, and it has an initializer, then we must
1417 * rewrite it to be an assignment node, whose freshly allocated left-hand
1418 * side becomes a use of pn.
1419 */
1420 if (dn->isBindingForm()) {
1421 JSParseNode *rhs = dn->expr();
1422 if (rhs) {
1423 JSParseNode *lhs = MakeAssignment(dn, rhs, tc);
1424 if (!lhs)
1425 return NULL;
1426 //pn->dn_uses = lhs;
1427 dn = (JSDefinition *) lhs;
1428 }
1429
1430 dn->pn_op = (js_CodeSpec[dn->pn_op].format & JOF_SET) ? JSOP_SETNAME : JSOP_NAME;
1431 } else if (dn->kind() == JSDefinition::FUNCTION) {
1432 JS_ASSERT(dn->isTopLevel());
1433 JS_ASSERT(dn->pn_op == JSOP_NOP);
1434 dn->pn_type = TOK_NAME;
1435 dn->pn_arity = PN_NAME;
1436 dn->pn_atom = atom;
1437 }
1438
1439 /* Now make dn no longer a definition, rather a use of pn. */
1440 JS_ASSERT(dn->pn_type == TOK_NAME);
1441 JS_ASSERT(dn->pn_arity == PN_NAME);
1442 JS_ASSERT(dn->pn_atom == atom);
1443
1444 for (JSParseNode *pnu = dn->dn_uses; pnu; pnu = pnu->pn_link) {
1445 JS_ASSERT(pnu->pn_used);
1446 JS_ASSERT(!pnu->pn_defn);
1447 pnu->pn_lexdef = (JSDefinition *) pn;
1448 pn->pn_dflags |= pnu->pn_dflags & PND_USE2DEF_FLAGS;
1449 }
1450 pn->pn_dflags |= dn->pn_dflags & PND_USE2DEF_FLAGS;
1451 pn->dn_uses = dn;
1452
1453 dn->pn_defn = false;
1454 dn->pn_used = true;
1455 dn->pn_lexdef = (JSDefinition *) pn;
1456 dn->pn_cookie = FREE_UPVAR_COOKIE;
1457 dn->pn_dflags &= ~PND_BOUND;
1458 return dn;
1459 }
1460
1461 static bool
1462 DefineArg(JSParseNode *pn, JSAtom *atom, uintN i, JSTreeContext *tc)
1463 {
1464 JSParseNode *argpn, *argsbody;
1465
1466 /* Flag tc so we don't have to lookup arguments on every use. */
1467 if (atom == tc->parser->context->runtime->atomState.argumentsAtom)
1468 tc->flags |= TCF_FUN_PARAM_ARGUMENTS;
1469 if (atom == tc->parser->context->runtime->atomState.evalAtom)
1470 tc->flags |= TCF_FUN_PARAM_EVAL;
1471
1472 /*
1473 * Make an argument definition node, distinguished by being in tc->decls
1474 * but having TOK_NAME type and JSOP_NOP op. Insert it in a TOK_ARGSBODY
1475 * list node returned via pn->pn_body.
1476 */
1477 argpn = NameNode::create(atom, tc);
1478 if (!argpn)
1479 return false;
1480 JS_ASSERT(PN_TYPE(argpn) == TOK_NAME && PN_OP(argpn) == JSOP_NOP);
1481
1482 /* Arguments are initialized by definition. */
1483 argpn->pn_dflags |= PND_INITIALIZED;
1484 if (!Define(argpn, atom, tc))
1485 return false;
1486
1487 argsbody = pn->pn_body;
1488 if (!argsbody) {
1489 argsbody = ListNode::create(tc);
1490 if (!argsbody)
1491 return false;
1492 argsbody->pn_type = TOK_ARGSBODY;
1493 argsbody->pn_op = JSOP_NOP;
1494 argsbody->makeEmpty();
1495 pn->pn_body = argsbody;
1496 }
1497 argsbody->append(argpn);
1498
1499 argpn->pn_op = JSOP_GETARG;
1500 argpn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, i);
1501 argpn->pn_dflags |= PND_BOUND;
1502 return true;
1503 }
1504
1505 /*
1506 * Compile a JS function body, which might appear as the value of an event
1507 * handler attribute in an HTML <INPUT> tag.
1508 */
1509 bool
1510 Compiler::compileFunctionBody(JSContext *cx, JSFunction *fun, JSPrincipals *principals,
1511 const jschar *chars, size_t length,
1512 const char *filename, uintN lineno)
1513 {
1514 Compiler compiler(cx, principals);
1515
1516 if (!compiler.init(chars, length, NULL, filename, lineno))
1517 return false;
1518
1519 /* No early return from after here until the js_FinishArenaPool calls. */
1520 JSArenaPool codePool, notePool;
1521 JS_InitArenaPool(&codePool, "code", 1024, sizeof(jsbytecode),
1522 &cx->scriptStackQuota);
1523 JS_InitArenaPool(&notePool, "note", 1024, sizeof(jssrcnote),
1524 &cx->scriptStackQuota);
1525
1526 Parser &parser = compiler.parser;
1527 TokenStream &tokenStream = parser.tokenStream;
1528
1529 JSCodeGenerator funcg(&parser, &codePool, &notePool, tokenStream.getLineno());
1530 if (!funcg.init())
1531 return NULL;
1532
1533 funcg.flags |= TCF_IN_FUNCTION;
1534 funcg.fun = fun;
1535 if (!GenerateBlockId(&funcg, funcg.bodyid))
1536 return NULL;
1537
1538 /* FIXME: make Function format the source for a function definition. */
1539 tokenStream.mungeCurrentToken(TOK_NAME);
1540 JSParseNode *fn = FunctionNode::create(&funcg);
1541 if (fn) {
1542 fn->pn_body = NULL;
1543 fn->pn_cookie = FREE_UPVAR_COOKIE;
1544
1545 uintN nargs = fun->nargs;
1546 if (nargs) {
1547 jsuword *names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
1548 if (!names) {
1549 fn = NULL;
1550 } else {
1551 for (uintN i = 0; i < nargs; i++) {
1552 JSAtom *name = JS_LOCAL_NAME_TO_ATOM(names[i]);
1553 if (!DefineArg(fn, name, i, &funcg)) {
1554 fn = NULL;
1555 break;
1556 }
1557 }
1558 }
1559 }
1560 }
1561
1562 /*
1563 * Farble the body so that it looks like a block statement to js_EmitTree,
1564 * which is called from js_EmitFunctionBody (see jsemit.cpp). After we're
1565 * done parsing, we must fold constants, analyze any nested functions, and
1566 * generate code for this function, including a stop opcode at the end.
1567 */
1568 tokenStream.mungeCurrentToken(TOK_LC);
1569 JSParseNode *pn = fn ? parser.functionBody() : NULL;
1570 if (pn) {
1571 if (!CheckStrictFormals(cx, &funcg, fun, pn)) {
1572 pn = NULL;
1573 } else if (!tokenStream.matchToken(TOK_EOF)) {
1574 parser.reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
1575 pn = NULL;
1576 } else if (!js_FoldConstants(cx, pn, &funcg)) {
1577 /* js_FoldConstants reported the error already. */
1578 pn = NULL;
1579 } else if (funcg.functionList &&
1580 !parser.analyzeFunctions(funcg.functionList, funcg.flags)) {
1581 pn = NULL;
1582 } else {
1583 if (fn->pn_body) {
1584 JS_ASSERT(PN_TYPE(fn->pn_body) == TOK_ARGSBODY);
1585 fn->pn_body->append(pn);
1586 fn->pn_body->pn_pos = pn->pn_pos;
1587 pn = fn->pn_body;
1588 }
1589
1590 if (!js_EmitFunctionScript(cx, &funcg, pn))
1591 pn = NULL;
1592 }
1593 }
1594
1595 /* Restore saved state and release code generation arenas. */
1596 JS_FinishArenaPool(&codePool);
1597 JS_FinishArenaPool(&notePool);
1598 return pn != NULL;
1599 }
1600
1601 /*
1602 * Parameter block types for the several Binder functions. We use a common
1603 * helper function signature in order to share code among destructuring and
1604 * simple variable declaration parsers. In the destructuring case, the binder
1605 * function is called indirectly from the variable declaration parser by way
1606 * of CheckDestructuring and its friends.
1607 */
1608 typedef JSBool
1609 (*Binder)(JSContext *cx, BindData *data, JSAtom *atom, JSTreeContext *tc);
1610
1611 struct BindData {
1612 BindData() : fresh(true) {}
1613
1614 JSParseNode *pn; /* name node for definition processing and
1615 error source coordinates */
1616 JSOp op; /* prolog bytecode or nop */
1617 Binder binder; /* binder, discriminates u */
1618 union {
1619 struct {
1620 uintN overflow;
1621 } let;
1622 };
1623 bool fresh;
1624 };
1625
1626 static JSBool
1627 BindLocalVariable(JSContext *cx, JSFunction *fun, JSAtom *atom,
1628 JSLocalKind localKind, bool isArg)
1629 {
1630 JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
1631
1632 /*
1633 * Don't bind a variable with the hidden name 'arguments', per ECMA-262.
1634 * Instead 'var arguments' always restates the predefined property of the
1635 * activation objects whose name is 'arguments'. Assignment to such a
1636 * variable must be handled specially.
1637 *
1638 * Special case: an argument named 'arguments' *does* shadow the predefined
1639 * arguments property.
1640 */
1641 if (atom == cx->runtime->atomState.argumentsAtom && !isArg)
1642 return JS_TRUE;
1643
1644 return js_AddLocal(cx, fun, atom, localKind);
1645 }
1646
1647 #if JS_HAS_DESTRUCTURING
1648 static JSBool
1649 BindDestructuringArg(JSContext *cx, BindData *data, JSAtom *atom,
1650 JSTreeContext *tc)
1651 {
1652 JSParseNode *pn;
1653
1654 /* Flag tc so we don't have to lookup arguments on every use. */
1655 if (atom == tc->parser->context->runtime->atomState.argumentsAtom)
1656 tc->flags |= TCF_FUN_PARAM_ARGUMENTS;
1657 if (atom == tc->parser->context->runtime->atomState.evalAtom)
1658 tc->flags |= TCF_FUN_PARAM_EVAL;
1659
1660 JS_ASSERT(tc->inFunction());
1661
1662 JSLocalKind localKind = js_LookupLocal(cx, tc->fun, atom, NULL);
1663 if (localKind != JSLOCAL_NONE) {
1664 ReportCompileErrorNumber(cx, TS(tc->parser), NULL, JSREPORT_ERROR,
1665 JSMSG_DESTRUCT_DUP_ARG);
1666 return JS_FALSE;
1667 }
1668 JS_ASSERT(!tc->decls.lookup(atom));
1669
1670 pn = data->pn;
1671 if (!Define(pn, atom, tc))
1672 return JS_FALSE;
1673
1674 uintN index = tc->fun->u.i.nvars;
1675 if (!BindLocalVariable(cx, tc->fun, atom, JSLOCAL_VAR, true))
1676 return JS_FALSE;
1677 pn->pn_op = JSOP_SETLOCAL;
1678 pn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, index);
1679 pn->pn_dflags |= PND_BOUND;
1680 return JS_TRUE;
1681 }
1682 #endif /* JS_HAS_DESTRUCTURING */
1683
1684 JSFunction *
1685 Parser::newFunction(JSTreeContext *tc, JSAtom *atom, uintN lambda)
1686 {
1687 JSObject *parent;
1688 JSFunction *fun;
1689
1690 JS_ASSERT((lambda & ~JSFUN_LAMBDA) == 0);
1691
1692 /*
1693 * Find the global compilation context in order to pre-set the newborn
1694 * function's parent slot to tc->scopeChain. If the global context is a
1695 * compile-and-go one, we leave the pre-set parent intact; otherwise we
1696 * clear parent and proto.
1697 */
1698 while (tc->parent)
1699 tc = tc->parent;
1700 parent = tc->inFunction() ? NULL : tc->scopeChain;
1701
1702 fun = js_NewFunction(context, NULL, NULL, 0, JSFUN_INTERPRETED | lambda,
1703 parent, atom);
1704
1705 if (fun && !tc->compileAndGo()) {
1706 FUN_OBJECT(fun)->clearParent();
1707 FUN_OBJECT(fun)->clearProto();
1708 }
1709 return fun;
1710 }
1711
1712 static JSBool
1713 MatchOrInsertSemicolon(JSContext *cx, TokenStream *ts)
1714 {
1715 TokenKind tt = ts->peekTokenSameLine(TSF_OPERAND);
1716 if (tt == TOK_ERROR)
1717 return JS_FALSE;
1718 if (tt != TOK_EOF && tt != TOK_EOL && tt != TOK_SEMI && tt != TOK_RC) {
1719 ReportCompileErrorNumber(cx, ts, NULL, JSREPORT_ERROR, JSMSG_SEMI_BEFORE_STMNT);
1720 return JS_FALSE;
1721 }
1722 (void) ts->matchToken(TOK_SEMI);
1723 return JS_TRUE;
1724 }
1725
1726 bool
1727 Parser::analyzeFunctions(JSFunctionBox *funbox, uint32& tcflags)
1728 {
1729 if (!markFunArgs(funbox, tcflags))
1730 return false;
1731 setFunctionKinds(funbox, tcflags);
1732 return true;
1733 }
1734
1735 /*
1736 * Mark as funargs any functions that reach up to one or more upvars across an
1737 * already-known funarg. The parser will flag the o_m lambda as a funarg in:
1738 *
1739 * function f(o, p) {
1740 * o.m = function o_m(a) {
1741 * function g() { return p; }
1742 * function h() { return a; }
1743 * return g() + h();
1744 * }
1745 * }
1746 *
1747 * but without this extra marking phase, function g will not be marked as a
1748 * funarg since it is called from within its parent scope. But g reaches up to
1749 * f's parameter p, so if o_m escapes f's activation scope, g does too and
1750 * cannot use JSOP_GETUPVAR to reach p. In contast function h neither escapes
1751 * nor uses an upvar "above" o_m's level.
1752 *
1753 * If function g itself contained lambdas that contained non-lambdas that reach
1754 * up above its level, then those non-lambdas would have to be marked too. This
1755 * process is potentially exponential in the number of functions, but generally
1756 * not so complex. But it can't be done during a single recursive traversal of
1757 * the funbox tree, so we must use a work queue.
1758 *
1759 * Return the minimal "skipmin" for funbox and its siblings. This is the delta
1760 * between the static level of the bodies of funbox and its peers (which must
1761 * be funbox->level + 1), and the static level of the nearest upvar among all
1762 * the upvars contained by funbox and its peers. If there are no upvars, return
1763 * FREE_STATIC_LEVEL. Thus this function never returns 0.
1764 */
1765 static uintN
1766 FindFunArgs(JSFunctionBox *funbox, int level, JSFunctionBoxQueue *queue)
1767 {
1768 uintN allskipmin = FREE_STATIC_LEVEL;
1769
1770 do {
1771 JSParseNode *fn = funbox->node;
1772 JSFunction *fun = (JSFunction *) funbox->object;
1773 int fnlevel = level;
1774
1775 /*
1776 * An eval can leak funbox, functions along its ancestor line, and its
1777 * immediate kids. Since FindFunArgs uses DFS and the parser propagates
1778 * TCF_FUN_HEAVYWEIGHT bottom up, funbox's ancestor function nodes have
1779 * already been marked as funargs by this point. Therefore we have to
1780 * flag only funbox->node and funbox->kids' nodes here.
1781 */
1782 if (funbox->tcflags & TCF_FUN_HEAVYWEIGHT) {
1783 fn->setFunArg();
1784 for (JSFunctionBox *kid = funbox->kids; kid; kid = kid->siblings)
1785 kid->node->setFunArg();
1786 }
1787
1788 /*
1789 * Compute in skipmin the least distance from fun's static level up to
1790 * an upvar, whether used directly by fun, or indirectly by a function
1791 * nested in fun.
1792 */
1793 uintN skipmin = FREE_STATIC_LEVEL;
1794 JSParseNode *pn = fn->pn_body;
1795
1796 if (pn->pn_type == TOK_UPVARS) {
1797 JSAtomList upvars(pn->pn_names);
1798 JS_ASSERT(upvars.count != 0);
1799
1800 JSAtomListIterator iter(&upvars);
1801 JSAtomListElement *ale;
1802
1803 while ((ale = iter()) != NULL) {
1804 JSDefinition *lexdep = ALE_DEFN(ale)->resolve();
1805
1806 if (!lexdep->isFreeVar()) {
1807 uintN upvarLevel = lexdep->frameLevel();
1808
1809 if (int(upvarLevel) <= fnlevel)
1810 fn->setFunArg();
1811
1812 uintN skip = (funbox->level + 1) - upvarLevel;
1813 if (skip < skipmin)
1814 skipmin = skip;
1815 }
1816 }
1817 }
1818
1819 /*
1820 * If this function escapes, whether directly (the parser detects such
1821 * escapes) or indirectly (because this non-escaping function uses an
1822 * upvar that reaches across an outer function boundary where the outer
1823 * function escapes), enqueue it for further analysis, and bump fnlevel
1824 * to trap any non-escaping children.
1825 */
1826 if (fn->isFunArg()) {
1827 queue->push(funbox);
1828 fnlevel = int(funbox->level);
1829 }
1830
1831 /*
1832 * Now process the current function's children, and recalibrate their
1833 * cumulative skipmin to be relative to the current static level.
1834 */
1835 if (funbox->kids) {
1836 uintN kidskipmin = FindFunArgs(funbox->kids, fnlevel, queue);
1837
1838 JS_ASSERT(kidskipmin != 0);
1839 if (kidskipmin != FREE_STATIC_LEVEL) {
1840 --kidskipmin;
1841 if (kidskipmin != 0 && kidskipmin < skipmin)
1842 skipmin = kidskipmin;
1843 }
1844 }
1845
1846 /*
1847 * Finally, after we've traversed all of the current function's kids,
1848 * minimize fun's skipmin against our accumulated skipmin. Do likewise
1849 * with allskipmin, but minimize across funbox and all of its siblings,
1850 * to compute our return value.
1851 */
1852 if (skipmin != FREE_STATIC_LEVEL) {
1853 fun->u.i.skipmin = skipmin;
1854 if (skipmin < allskipmin)
1855 allskipmin = skipmin;
1856 }
1857 } while ((funbox = funbox->siblings) != NULL);
1858
1859 return allskipmin;
1860 }
1861
1862 bool
1863 Parser::markFunArgs(JSFunctionBox *funbox, uintN tcflags)
1864 {
1865 JSFunctionBoxQueue queue;
1866 if (!queue.init(functionCount))
1867 return false;
1868
1869 FindFunArgs(funbox, -1, &queue);
1870 while ((funbox = queue.pull()) != NULL) {
1871 JSParseNode *fn = funbox->node;
1872 JS_ASSERT(fn->isFunArg());
1873
1874 JSParseNode *pn = fn->pn_body;
1875 if (pn->pn_type == TOK_UPVARS) {
1876 JSAtomList upvars(pn->pn_names);
1877 JS_ASSERT(upvars.count != 0);
1878
1879 JSAtomListIterator iter(&upvars);
1880 JSAtomListElement *ale;
1881
1882 while ((ale = iter()) != NULL) {
1883 JSDefinition *lexdep = ALE_DEFN(ale)->resolve();
1884
1885 if (!lexdep->isFreeVar() &&
1886 !lexdep->isFunArg() &&
1887 (lexdep->kind() == JSDefinition::FUNCTION ||
1888 PN_OP(lexdep) == JSOP_CALLEE)) {
1889 /*
1890 * Mark this formerly-Algol-like function as an escaping
1891 * function (i.e., as a funarg), because it is used from a
1892 * funarg and therefore can not use JSOP_{GET,CALL}UPVAR to
1893 * access upvars.
1894 *
1895 * Progress is guaranteed because we set the funarg flag
1896 * here, which suppresses revisiting this function (thanks
1897 * to the !lexdep->isFunArg() test just above).
1898 */
1899 lexdep->setFunArg();
1900
1901 JSFunctionBox *afunbox;
1902 if (PN_OP(lexdep) == JSOP_CALLEE) {
1903 /*
1904 * A named function expression will not appear to be a
1905 * funarg if it is immediately applied. However, if its
1906 * name is used in an escaping function nested within
1907 * it, then it must become flagged as a funarg again.
1908 * See bug 545980.
1909 */
1910 afunbox = funbox;
1911 uintN calleeLevel = UPVAR_FRAME_SKIP(lexdep->pn_cookie);
1912 uintN staticLevel = afunbox->level + 1U;
1913 while (staticLevel != calleeLevel) {
1914 afunbox = afunbox->parent;
1915 --staticLevel;
1916 }
1917 afunbox->node->setFunArg();
1918 } else {
1919 afunbox = lexdep->pn_funbox;
1920 }
1921 queue.push(afunbox);
1922
1923 /*
1924 * Walk over nested functions again, now that we have
1925 * changed the level across which it is unsafe to access
1926 * upvars using the runtime dynamic link (frame chain).
1927 */
1928 if (afunbox->kids)
1929 FindFunArgs(afunbox->kids, afunbox->level, &queue);
1930 }
1931 }
1932 }
1933 }
1934 return true;
1935 }
1936
1937 static uint32
1938 MinBlockId(JSParseNode *fn, uint32 id)
1939 {
1940 if (fn->pn_blockid < id)
1941 return false;
1942 if (fn->pn_defn) {
1943 for (JSParseNode *pn = fn->dn_uses; pn; pn = pn->pn_link) {
1944 if (pn->pn_blockid < id)
1945 return false;
1946 }
1947 }
1948 return true;
1949 }
1950
1951 static inline bool
1952 CanFlattenUpvar(JSDefinition *dn, JSFunctionBox *funbox, uint32 tcflags)
1953 {
1954 /*
1955 * Consider the current function (the lambda, innermost below) using a var
1956 * x defined two static levels up:
1957 *
1958 * function f() {
1959 * // z = g();
1960 * var x = 42;
1961 * function g() {
1962 * return function () { return x; };
1963 * }
1964 * return g();
1965 * }
1966 *
1967 * So long as (1) the initialization in 'var x = 42' dominates all uses of
1968 * g and (2) x is not reassigned, it is safe to optimize the lambda to a
1969 * flat closure. Uncommenting the early call to g makes this optimization
1970 * unsafe (z could name a global setter that calls its argument).
1971 */
1972 JSFunctionBox *afunbox = funbox;
1973 uintN dnLevel = dn->frameLevel();
1974
1975 JS_ASSERT(dnLevel <= funbox->level);
1976 while (afunbox->level != dnLevel) {
1977 afunbox = afunbox->parent;
1978
1979 /*
1980 * NB: afunbox can't be null because we are sure to find a function box
1981 * whose level == dnLevel before we would try to walk above the root of
1982 * the funbox tree. See bug 493260 comments 16-18.
1983 *
1984 * Assert but check anyway, to protect future changes that bind eval
1985 * upvars in the parser.
1986 */
1987 JS_ASSERT(afunbox);
1988
1989 /*
1990 * If this function is reaching up across an enclosing funarg, then we
1991 * cannot copy dn's value into a flat closure slot (the display stops
1992 * working once the funarg escapes).
1993 */
1994 if (!afunbox || afunbox->node->isFunArg())
1995 return false;
1996
1997 /*
1998 * Reaching up for dn across a generator also means we can't flatten,
1999 * since the generator iterator does not run until later, in general.
2000 * See bug 563034.
2001 */
2002 if (afunbox->tcflags & TCF_FUN_IS_GENERATOR)
2003 return false;
2004 }
2005
2006 /*
2007 * If afunbox's function (which is at the same level as dn) is in a loop,
2008 * pessimistically assume the variable initializer may be in the same loop.
2009 * A flat closure would then be unsafe, as the captured variable could be
2010 * assigned after the closure is created. See bug 493232.
2011 */
2012 if (afunbox->inLoop)
2013 return false;
2014
2015 /*
2016 * |with| and eval used as an operator defeat lexical scoping: they can be
2017 * used to assign to any in-scope variable. Therefore they must disable
2018 * flat closures that use such upvars. The parser detects these as special
2019 * forms and marks the function heavyweight.
2020 */
2021 if ((afunbox->parent ? afunbox->parent->tcflags : tcflags) & TCF_FUN_HEAVYWEIGHT)
2022 return false;
2023
2024 /*
2025 * If afunbox's function is not a lambda, it will be hoisted, so it could
2026 * capture the undefined value that by default initializes var, let, and
2027 * const bindings. And if dn is a function that comes at (meaning a
2028 * function refers to its own name) or strictly after afunbox, we also
2029 * defeat the flat closure optimization for this dn.
2030 */
2031 JSFunction *afun = (JSFunction *) afunbox->object;
2032 if (!(afun->flags & JSFUN_LAMBDA)) {
2033 if (dn->isBindingForm() || dn->pn_pos >= afunbox->node->pn_pos)
2034 return false;
2035 }
2036
2037 if (!dn->isInitialized())
2038 return false;
2039
2040 JSDefinition::Kind dnKind = dn->kind();
2041 if (dnKind != JSDefinition::CONST) {
2042 if (dn->isAssigned())
2043 return false;
2044
2045 /*
2046 * Any formal could be mutated behind our back via the arguments
2047 * object, so deoptimize if the outer function uses arguments.
2048 *
2049 * In a Function constructor call where the final argument -- the body
2050 * source for the function to create -- contains a nested function
2051 * definition or expression, afunbox->parent will be null. The body
2052 * source might use |arguments| outside of any nested functions it may
2053 * contain, so we have to check the tcflags parameter that was passed
2054 * in from Compiler::compileFunctionBody.
2055 */
2056 if (dnKind == JSDefinition::ARG &&
2057 ((afunbox->parent ? afunbox->parent->tcflags : tcflags) & TCF_FUN_USES_ARGUMENTS)) {
2058 return false;
2059 }
2060 }
2061
2062 /*
2063 * Check quick-and-dirty dominance relation. Function definitions dominate
2064 * their uses thanks to hoisting. Other binding forms hoist as undefined,
2065 * of course, so check forward-reference and blockid relations.
2066 */
2067 if (dnKind != JSDefinition::FUNCTION) {
2068 /*
2069 * Watch out for code such as
2070 *
2071 * (function () {
2072 * ...
2073 * var jQuery = ... = function (...) {
2074 * return new jQuery.foo.bar(baz);
2075 * }
2076 * ...
2077 * })();
2078 *
2079 * where the jQuery variable is not reassigned, but of course is not
2080 * initialized at the time that the would-be-flat closure containing
2081 * the jQuery upvar is formed.
2082 */
2083 if (dn->pn_pos.end >= afunbox->node->pn_pos.end)
2084 return false;
2085 if (!MinBlockId(afunbox->node, dn->pn_blockid))
2086 return false;
2087 }
2088 return true;
2089 }
2090
2091 static void
2092 FlagHeavyweights(JSDefinition *dn, JSFunctionBox *funbox, uint32& tcflags)
2093 {
2094 uintN dnLevel = dn->frameLevel();
2095
2096 while ((funbox = funbox->parent) != NULL) {
2097 /*
2098 * Notice that funbox->level is the static level of the definition or
2099 * expression of the function parsed into funbox, not the static level
2100 * of its body. Therefore we must add 1 to match dn's level to find the
2101 * funbox whose body contains the dn definition.
2102 */
2103 if (funbox->level + 1U == dnLevel || (dnLevel == 0 && dn->isLet())) {
2104 funbox->tcflags |= TCF_FUN_HEAVYWEIGHT;
2105 break;
2106 }
2107 funbox->tcflags |= TCF_FUN_ENTRAINS_SCOPES;
2108 }
2109
2110 if (!funbox && (tcflags & TCF_IN_FUNCTION))
2111 tcflags |= TCF_FUN_HEAVYWEIGHT;
2112 }
2113
2114 static void
2115 DeoptimizeUsesWithin(JSDefinition *dn, JSFunctionBox *funbox, uint32& tcflags)
2116 {
2117 uintN ndeoptimized = 0;
2118 const TokenPos &pos = funbox->node->pn_body->pn_pos;
2119
2120 for (JSParseNode *pnu = dn->dn_uses; pnu; pnu = pnu->pn_link) {
2121 JS_ASSERT(pnu->pn_used);
2122 JS_ASSERT(!pnu->pn_defn);
2123 if (pnu->pn_pos.begin >= pos.begin && pnu->pn_pos.end <= pos.end) {
2124 pnu->pn_dflags |= PND_DEOPTIMIZED;
2125 ++ndeoptimized;
2126 }
2127 }
2128
2129 if (ndeoptimized != 0)
2130 FlagHeavyweights(dn, funbox, tcflags);
2131 }
2132
2133 void
2134 Parser::setFunctionKinds(JSFunctionBox *funbox, uint32& tcflags)
2135 {
2136 #ifdef JS_FUNCTION_METERING
2137 # define FUN_METER(x) JS_RUNTIME_METER(context->runtime, functionMeter.x)
2138 #else
2139 # define FUN_METER(x) ((void)0)
2140 #endif
2141
2142 for (;;) {
2143 JSParseNode *fn = funbox->node;
2144 JSParseNode *pn = fn->pn_body;
2145
2146 if (funbox->kids) {
2147 setFunctionKinds(funbox->kids, tcflags);
2148
2149 /*
2150 * We've unwound from recursively setting our kids' kinds, which
2151 * also classifies enclosing functions holding upvars referenced in
2152 * those descendants' bodies. So now we can check our "methods".
2153 *
2154 * Despecialize from branded method-identity-based shape to sprop-
2155 * or slot-based shape if this function smells like a constructor
2156 * and too many of its methods are *not* joinable null closures
2157 * (i.e., they have one or more upvars fetched via the display).
2158 */
2159 JSParseNode *pn2 = pn;
2160 if (PN_TYPE(pn2) == TOK_UPVARS)
2161 pn2 = pn2->pn_tree;
2162 if (PN_TYPE(pn2) == TOK_ARGSBODY)
2163 pn2 = pn2->last();
2164
2165 #if JS_HAS_EXPR_CLOSURES
2166 if (PN_TYPE(pn2) == TOK_LC)
2167 #endif
2168 if (!(funbox->tcflags & TCF_RETURN_EXPR)) {
2169 uintN methodSets = 0, slowMethodSets = 0;
2170
2171 for (JSParseNode *method = funbox->methods; method; method = method->pn_link) {
2172 JS_ASSERT(PN_OP(method) == JSOP_LAMBDA || PN_OP(method) == JSOP_LAMBDA_FC);
2173 ++methodSets;
2174 if (!method->pn_funbox->joinable())
2175 ++slowMethodSets;
2176 }
2177
2178 if (funbox->shouldUnbrand(methodSets, slowMethodSets))
2179 funbox->tcflags |= TCF_FUN_UNBRAND_THIS;
2180 }
2181 }
2182
2183 JSFunction *fun = (JSFunction *) funbox->object;
2184
2185 JS_ASSERT(FUN_KIND(fun) == JSFUN_INTERPRETED);
2186
2187 FUN_METER(allfun);
2188 if (funbox->tcflags & TCF_FUN_HEAVYWEIGHT) {
2189 FUN_METER(heavy);
2190 } else if (pn->pn_type != TOK_UPVARS) {
2191 /*
2192 * No lexical dependencies => null closure, for best performance.
2193 * A null closure needs no scope chain, but alas we've coupled
2194 * principals-finding to scope (for good fundamental reasons, but
2195 * the implementation overloads the parent slot and we should fix
2196 * that). See, e.g., the JSOP_LAMBDA case in jsinterp.cpp.
2197 *
2198 * In more detail: the ES3 spec allows the implementation to create
2199 * "joined function objects", or not, at its discretion. But real-
2200 * world implementations always create unique function objects for
2201 * closures, and this can be detected via mutation. Open question:
2202 * do popular implementations create unique function objects for
2203 * null closures?
2204 *
2205 * FIXME: bug 476950.
2206 */
2207 FUN_METER(nofreeupvar);
2208 FUN_SET_KIND(fun, JSFUN_NULL_CLOSURE);
2209 } else {
2210 JSAtomList upvars(pn->pn_names);
2211 JS_ASSERT(upvars.count != 0);
2212
2213 JSAtomListIterator iter(&upvars);
2214 JSAtomListElement *ale;
2215
2216 if (!fn->isFunArg()) {
2217 /*
2218 * This function is Algol-like, it never escapes. So long as it
2219 * does not assign to outer variables, it needs only an upvars
2220 * array in its script and JSOP_{GET,CALL}UPVAR opcodes in its
2221 * bytecode to reach up the frame stack at runtime based on
2222 * those upvars' cookies.
2223 *
2224 * Any assignments to upvars from functions called by this one
2225 * will be coherent because of the JSOP_{GET,CALL}UPVAR ops,
2226 * which load from stack homes when interpreting or from native
2227 * stack slots when executing a trace.
2228 *
2229 * We could add JSOP_SETUPVAR, etc., but it is uncommon for a
2230 * nested function to assign to an outer lexical variable, so
2231 * we defer adding yet more code footprint in the absence of
2232 * evidence motivating these opcodes.
2233 */
2234 bool mutation = !!(funbox->tcflags & TCF_FUN_SETS_OUTER_NAME);
2235 uintN nupvars = 0;
2236
2237 /*
2238 * Check that at least one outer lexical binding was assigned
2239 * to (global variables don't count). This is conservative: we
2240 * could limit assignments to those in the current function,
2241 * but that's too much work. As with flat closures (handled
2242 * below), we optimize for the case where outer bindings are
2243 * not reassigned anywhere.
2244 */
2245 while ((ale = iter()) != NULL) {
2246 JSDefinition *lexdep = ALE_DEFN(ale)->resolve();
2247
2248 if (!lexdep->isFreeVar()) {
2249 JS_ASSERT(lexdep->frameLevel() <= funbox->level);
2250 ++nupvars;
2251 if (lexdep->isAssigned())
2252 break;
2253 }
2254 }
2255 if (!ale)
2256 mutation = false;
2257
2258 if (nupvars == 0) {
2259 FUN_METER(onlyfreevar);
2260 FUN_SET_KIND(fun, JSFUN_NULL_CLOSURE);
2261 } else if (!mutation &&
2262 !(funbox->tcflags & (TCF_FUN_IS_GENERATOR | TCF_FUN_ENTRAINS_SCOPES))) {
2263 /*
2264 * Algol-like functions can read upvars using the dynamic
2265 * link (cx->fp/fp->down), optimized using the cx->display
2266 * lookup table indexed by static level. They do not need
2267 * to entrain and search their environment objects.
2268 */
2269 FUN_METER(display);
2270 FUN_SET_KIND(fun, JSFUN_NULL_CLOSURE);
2271 } else {
2272 if (!(funbox->tcflags & TCF_FUN_IS_GENERATOR))
2273 FUN_METER(setupvar);
2274 }
2275 } else {
2276 uintN nupvars = 0, nflattened = 0;
2277
2278 /*
2279 * For each lexical dependency from this closure to an outer
2280 * binding, analyze whether it is safe to copy the binding's
2281 * value into a flat closure slot when the closure is formed.
2282 */
2283 while ((ale = iter()) != NULL) {
2284 JSDefinition *lexdep = ALE_DEFN(ale)->resolve();
2285
2286 if (!lexdep->isFreeVar()) {
2287 ++nupvars;
2288 if (CanFlattenUpvar(lexdep, funbox, tcflags)) {
2289 ++nflattened;
2290 continue;
2291 }
2292 DeoptimizeUsesWithin(lexdep, funbox, tcflags);
2293 }
2294 }
2295
2296 if (nupvars == 0) {
2297 FUN_METER(onlyfreevar);
2298 FUN_SET_KIND(fun, JSFUN_NULL_CLOSURE);
2299 } else if (nflattened == nupvars) {
2300 /* FIXME bug 545759: to test nflattened != 0 */
2301 /*
2302 * We made it all the way through the upvar loop, so it's
2303 * safe to optimize to a flat closure.
2304 */
2305 FUN_METER(flat);
2306 FUN_SET_KIND(fun, JSFUN_FLAT_CLOSURE);
2307 switch (PN_OP(fn)) {
2308 case JSOP_DEFFUN:
2309 fn->pn_op = JSOP_DEFFUN_FC;
2310 break;
2311 case JSOP_DEFLOCALFUN:
2312 fn->pn_op = JSOP_DEFLOCALFUN_FC;
2313 break;
2314 case JSOP_LAMBDA:
2315 fn->pn_op = JSOP_LAMBDA_FC;
2316 break;
2317 default:
2318 /* js_EmitTree's case TOK_FUNCTION: will select op. */
2319 JS_ASSERT(PN_OP(fn) == JSOP_NOP);
2320 }
2321 } else {
2322 FUN_METER(badfunarg);
2323 }
2324 }
2325 }
2326
2327 if (FUN_KIND(fun) == JSFUN_INTERPRETED && pn->pn_type == TOK_UPVARS) {
2328 /*
2329 * One or more upvars cannot be safely snapshot into a flat
2330 * closure's dslot (see JSOP_GETDSLOT), so we loop again over
2331 * all upvars, and for each non-free upvar, ensure that its
2332 * containing function has been flagged as heavyweight.
2333 *
2334 * The emitter must see TCF_FUN_HEAVYWEIGHT accurately before
2335 * generating any code for a tree of nested functions.
2336 */
2337 JSAtomList upvars(pn->pn_names);
2338 JS_ASSERT(upvars.count != 0);
2339
2340 JSAtomListIterator iter(&upvars);
2341 JSAtomListElement *ale;
2342
2343 while ((ale = iter()) != NULL) {
2344 JSDefinition *lexdep = ALE_DEFN(ale)->resolve();
2345 if (!lexdep->isFreeVar())
2346 FlagHeavyweights(lexdep, funbox, tcflags);
2347 }
2348 }
2349
2350 funbox = funbox->siblings;
2351 if (!funbox)
2352 break;
2353 }
2354
2355 #undef FUN_METER
2356 }
2357
2358 const char js_argument_str[] = "argument";
2359 const char js_variable_str[] = "variable";
2360 const char js_unknown_str[] = "unknown";
2361
2362 const char *
2363 JSDefinition::kindString(Kind kind)
2364 {
2365 static const char *table[] = {
2366 js_var_str, js_const_str, js_let_str,
2367 js_function_str, js_argument_str, js_unknown_str
2368 };
2369
2370 JS_ASSERT(unsigned(kind) <= unsigned(ARG));
2371 return table[kind];
2372 }
2373
2374 static JSFunctionBox *
2375 EnterFunction(JSParseNode *fn, JSTreeContext *funtc, JSAtom *funAtom = NULL,
2376 uintN lambda = JSFUN_LAMBDA)
2377 {
2378 JSTreeContext *tc = funtc->parent;
2379 JSFunction *fun = tc->parser->newFunction(tc, funAtom, lambda);
2380 if (!fun)
2381 return NULL;
2382
2383 /* Create box for fun->object early to protect against last-ditch GC. */
2384 JSFunctionBox *funbox = tc->parser->newFunctionBox(FUN_OBJECT(fun), fn, tc);
2385 if (!funbox)
2386 return NULL;
2387
2388 /* Initialize non-default members of funtc. */
2389 funtc->flags |= funbox->tcflags;
2390 funtc->blockidGen = tc->blockidGen;
2391 if (!GenerateBlockId(funtc, funtc->bodyid))
2392 return NULL;
2393 funtc->fun = fun;
2394 funtc->funbox = funbox;
2395 if (!SetStaticLevel(funtc, tc->staticLevel + 1))
2396 return NULL;
2397
2398 return funbox;
2399 }
2400
2401 static bool
2402 LeaveFunction(JSParseNode *fn, JSTreeContext *funtc, JSAtom *funAtom = NULL,
2403 uintN lambda = JSFUN_LAMBDA)
2404 {
2405 JSTreeContext *tc = funtc->parent;
2406 tc->blockidGen = funtc->blockidGen;
2407
2408 JSFunctionBox *funbox = fn->pn_funbox;
2409 funbox->tcflags |= funtc->flags & (TCF_FUN_FLAGS | TCF_COMPILE_N_GO | TCF_RETURN_EXPR);
2410
2411 fn->pn_dflags |= PND_INITIALIZED;
2412 JS_ASSERT_IF(tc->atTopLevel() && lambda == 0 && funAtom,
2413 fn->pn_dflags & PND_TOPLEVEL);
2414 if (!tc->topStmt || tc->topStmt->type == STMT_BLOCK)
2415 fn->pn_dflags |= PND_BLOCKCHILD;
2416
2417 /*
2418 * Propagate unresolved lexical names up to tc->lexdeps, and save a copy
2419 * of funtc->lexdeps in a TOK_UPVARS node wrapping the function's formal
2420 * params and body. We do this only if there are lexical dependencies not
2421 * satisfied by the function's declarations, to avoid penalizing functions
2422 * that use only their arguments and other local bindings.
2423 */
2424 if (funtc->lexdeps.count != 0) {
2425 JSAtomListIterator iter(&funtc->lexdeps);
2426 JSAtomListElement *ale;
2427 int foundCallee = 0;
2428
2429 while ((ale = iter()) != NULL) {
2430 JSAtom *atom = ALE_ATOM(ale);
2431 JSDefinition *dn = ALE_DEFN(ale);
2432 JS_ASSERT(dn->isPlaceholder());
2433
2434 if (atom == funAtom && lambda != 0) {
2435 dn->pn_op = JSOP_CALLEE;
2436 dn->pn_cookie = MAKE_UPVAR_COOKIE(funtc->staticLevel, CALLEE_UPVAR_SLOT);
2437 dn->pn_dflags |= PND_BOUND;
2438
2439 /*
2440 * If this named function expression uses its own name other
2441 * than to call itself, flag this function specially.
2442 */
2443 if (dn->isFunArg())
2444 funbox->tcflags |= TCF_FUN_USES_OWN_NAME;
2445 foundCallee = 1;
2446 continue;
2447 }
2448
2449 if (!(funbox->tcflags & TCF_FUN_SETS_OUTER_NAME) &&
2450 dn->isAssigned()) {
2451 /*
2452 * Make sure we do not fail to set TCF_FUN_SETS_OUTER_NAME if
2453 * any use of dn in funtc assigns. See NoteLValue for the easy
2454 * backward-reference case; this is the hard forward-reference
2455 * case where we pay a higher price.
2456 */
2457 for (JSParseNode *pnu = dn->dn_uses; pnu; pnu = pnu->pn_link) {
2458 if (pnu->isAssigned() && pnu->pn_blockid >= funtc->bodyid) {
2459 funbox->tcflags |= TCF_FUN_SETS_OUTER_NAME;
2460 break;
2461 }
2462 }
2463 }
2464
2465 JSAtomListElement *outer_ale = tc->decls.lookup(atom);
2466 if (!outer_ale)
2467 outer_ale = tc->lexdeps.lookup(atom);
2468 if (outer_ale) {
2469 /*
2470 * Insert dn's uses list at the front of outer_dn's list.
2471 *
2472 * Without loss of generality or correctness, we allow a dn to
2473 * be in inner and outer lexdeps, since the purpose of lexdeps
2474 * is one-pass coordination of name use and definition across
2475 * functions, and if different dn's are used we'll merge lists
2476 * when leaving the inner function.
2477 *
2478 * The dn == outer_dn case arises with generator expressions
2479 * (see CompExprTransplanter::transplant, the PN_FUNC/PN_NAME
2480 * case), and nowhere else, currently.
2481 */
2482 JSDefinition *outer_dn = ALE_DEFN(outer_ale);
2483
2484 if (dn != outer_dn) {
2485 JSParseNode **pnup = &dn->dn_uses;
2486 JSParseNode *pnu;
2487
2488 while ((pnu = *pnup) != NULL) {
2489 pnu->pn_lexdef = outer_dn;
2490 pnup = &pnu->pn_link;
2491 }
2492
2493 /*
2494 * Make dn be a use that redirects to outer_dn, because we
2495 * can't replace dn with outer_dn in all the pn_namesets in
2496 * the AST where it may be. Instead we make it forward to
2497 * outer_dn. See JSDefinition::resolve.
2498 */
2499 *pnup = outer_dn->dn_uses;
2500 outer_dn->dn_uses = dn;
2501 outer_dn->pn_dflags |= dn->pn_dflags & ~PND_PLACEHOLDER;
2502 dn->pn_defn = false;
2503 dn->pn_used = true;
2504 dn->pn_lexdef = outer_dn;
2505 }
2506 } else {
2507 /* Add an outer lexical dependency for ale's definition. */
2508 outer_ale = tc->lexdeps.add(tc->parser, atom);
2509 if (!outer_ale)
2510 return false;
2511 ALE_SET_DEFN(outer_ale, ALE_DEFN(ale));
2512 }
2513 }
2514
2515 if (funtc->lexdeps.count - foundCallee != 0) {
2516 JSParseNode *body = fn->pn_body;
2517
2518 fn->pn_body = NameSetNode::create(tc);
2519 if (!fn->pn_body)
2520 return false;
2521
2522 fn->pn_body->pn_type = TOK_UPVARS;
2523 fn->pn_body->pn_pos = body->pn_pos;
2524 if (foundCallee)
2525 funtc->lexdeps.remove(tc->parser, funAtom);
2526 fn->pn_body->pn_names = funtc->lexdeps;
2527 fn->pn_body->pn_tree = body;
2528 }
2529
2530 funtc->lexdeps.clear();
2531 }
2532
2533 return true;
2534 }
2535
2536 JSParseNode *
2537 Parser::functionDef(uintN lambda, bool namePermitted)
2538 {
2539 JSParseNode *pn, *body, *result;
2540 TokenKind tt;
2541 JSAtomListElement *ale;
2542 #if JS_HAS_DESTRUCTURING
2543 JSParseNode *item, *list = NULL;
2544 bool destructuringArg = false;
2545 JSAtom *duplicatedArg = NULL;
2546 #endif
2547
2548 /*
2549 * Save the current op for later so we can tag the created function as a
2550 * getter/setter if necessary.
2551 */
2552 JSOp op = tokenStream.currentToken().t_op;
2553
2554 /* Make a TOK_FUNCTION node. */
2555 pn = FunctionNode::create(tc);
2556 if (!pn)
2557 return NULL;
2558 pn->pn_body = NULL;
2559 pn->pn_cookie = FREE_UPVAR_COOKIE;
2560
2561 /*
2562 * If a lambda, give up on JSOP_{GET,CALL}UPVAR usage unless this function
2563 * is immediately applied (we clear PND_FUNARG if so -- see memberExpr).
2564 *
2565 * Also treat function sub-statements (non-lambda, non-top-level functions)
2566 * as escaping funargs, since we can't statically analyze their definitions
2567 * and uses.
2568 */
2569 bool topLevel = tc->atTopLevel();
2570 pn->pn_dflags = (lambda || !topLevel) ? PND_FUNARG : 0;
2571
2572 /* Scan the optional function name into funAtom. */
2573 JSAtom *funAtom = NULL;
2574 if (namePermitted) {
2575 tt = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
2576 if (tt == TOK_NAME) {
2577 funAtom = tokenStream.currentToken().t_atom;
2578 } else {
2579 if (lambda == 0 && (context->options & JSOPTION_ANONFUNFIX)) {
2580 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
2581 return NULL;
2582 }
2583 tokenStream.ungetToken();
2584 }
2585 }
2586
2587 /*
2588 * Record names for function statements in tc->decls so we know when to
2589 * avoid optimizing variable references that might name a function.
2590 */
2591 if (lambda == 0 && funAtom) {
2592 ale = tc->decls.lookup(funAtom);
2593 if (ale) {
2594 JSDefinition *dn = ALE_DEFN(ale);
2595 JSDefinition::Kind dn_kind = dn->kind();
2596
2597 JS_ASSERT(!dn->pn_used);
2598 JS_ASSERT(dn->pn_defn);
2599
2600 if (JS_HAS_STRICT_OPTION(context) || dn_kind == JSDefinition::CONST) {
2601 const char *name = js_AtomToPrintableString(context, funAtom);
2602 if (!name ||
2603 !reportErrorNumber(NULL,
2604 (dn_kind != JSDefinition::CONST)
2605 ? JSREPORT_WARNING | JSREPORT_STRICT
2606 : JSREPORT_ERROR,
2607 JSMSG_REDECLARED_VAR,
2608 JSDefinition::kindString(dn_kind),
2609 name)) {
2610 return NULL;
2611 }
2612 }
2613
2614 if (topLevel) {
2615 ALE_SET_DEFN(ale, pn);
2616 pn->pn_defn = true;
2617 pn->dn_uses = dn; /* dn->dn_uses is now pn_link */
2618
2619 if (!MakeDefIntoUse(dn, pn, funAtom, tc))
2620 return NULL;
2621 }
2622 } else if (topLevel) {
2623 /*
2624 * If this function was used before it was defined, claim the
2625 * pre-created definition node for this function that primaryExpr
2626 * put in tc->lexdeps on first forward reference, and recycle pn.
2627 */
2628 JSHashEntry **hep;
2629
2630 ale = tc->lexdeps.rawLookup(funAtom, hep);
2631 if (ale) {
2632 JSDefinition *fn = ALE_DEFN(ale);
2633
2634 JS_ASSERT(fn->pn_defn);
2635 fn->pn_type = TOK_FUNCTION;
2636 fn->pn_arity = PN_FUNC;
2637 fn->pn_pos.begin = pn->pn_pos.begin;
2638 fn->pn_body = NULL;
2639 fn->pn_cookie = FREE_UPVAR_COOKIE;
2640
2641 tc->lexdeps.rawRemove(tc->parser, ale, hep);
2642 RecycleTree(pn, tc);
2643 pn = fn;
2644 }
2645
2646 if (!Define(pn, funAtom, tc))
2647 return NULL;
2648 }
2649
2650 /*
2651 * A function nested at top level inside another's body needs only a
2652 * local variable to bind its name to its value, and not an activation
2653 * object property (it might also need the activation property, if the
2654 * outer function contains with statements, e.g., but the stack slot
2655 * wins when jsemit.c's BindNameToSlot can optimize a JSOP_NAME into a
2656 * JSOP_GETLOCAL bytecode).
2657 */
2658 if (topLevel) {
2659 pn->pn_dflags |= PND_TOPLEVEL;
2660
2661 if (tc->inFunction()) {
2662 JSLocalKind localKind;
2663 uintN index;
2664
2665 /*
2666 * Define a local in the outer function so that BindNameToSlot
2667 * can properly optimize accesses. Note that we need a local
2668 * variable, not an argument, for the function statement. Thus
2669 * we add a variable even if a parameter with the given name
2670 * already exists.
2671 */
2672 localKind = js_LookupLocal(context, tc->fun, funAtom, &index);
2673 switch (localKind) {
2674 case JSLOCAL_NONE:
2675 case JSLOCAL_ARG:
2676 index = tc->fun->u.i.nvars;
2677 if (!js_AddLocal(context, tc->fun, funAtom, JSLOCAL_VAR))
2678 return NULL;
2679 /* FALL THROUGH */
2680
2681 case JSLOCAL_VAR:
2682 pn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, index);
2683 pn->pn_dflags |= PND_BOUND;
2684 break;
2685
2686 default:;
2687 }
2688 }
2689 }
2690 }
2691
2692 JSTreeContext *outertc = tc;
2693
2694 /* Initialize early for possible flags mutation via destructuringExpr. */
2695 JSTreeContext funtc(tc->parser);
2696
2697 JSFunctionBox *funbox = EnterFunction(pn, &funtc, funAtom, lambda);
2698 if (!funbox)
2699 return NULL;
2700
2701 JSFunction *fun = (JSFunction *) funbox->object;
2702
2703 if (op != JSOP_NOP)
2704 fun->flags |= (op == JSOP_GETTER) ? JSPROP_GETTER : JSPROP_SETTER;
2705
2706 /* Now parse formal argument list and compute fun->nargs. */
2707 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_FORMAL);
2708 if (!tokenStream.matchToken(TOK_RP)) {
2709 do {
2710 tt = tokenStream.getToken();
2711 switch (tt) {
2712 #if JS_HAS_DESTRUCTURING
2713 case TOK_LB:
2714 case TOK_LC:
2715 {
2716 BindData data;
2717 JSParseNode *lhs, *rhs;
2718 jsint slot;
2719
2720 /* See comment below in the TOK_NAME case. */
2721 if (duplicatedArg)
2722 goto report_dup_and_destructuring;
2723 destructuringArg = true;
2724
2725 /*
2726 * A destructuring formal parameter turns into one or more
2727 * local variables initialized from properties of a single
2728 * anonymous positional parameter, so here we must tweak our
2729 * binder and its data.
2730 */
2731 data.pn = NULL;
2732 data.op = JSOP_DEFVAR;
2733 data.binder = BindDestructuringArg;
2734 lhs = destructuringExpr(&data, tt);
2735 if (!lhs)
2736 return NULL;
2737
2738 /*
2739 * Adjust fun->nargs to count the single anonymous positional
2740 * parameter that is to be destructured.
2741 */
2742 slot = fun->nargs;
2743 if (!js_AddLocal(context, fun, NULL, JSLOCAL_ARG))
2744 return NULL;
2745
2746 /*
2747 * Synthesize a destructuring assignment from the single
2748 * anonymous positional parameter into the destructuring
2749 * left-hand-side expression and accumulate it in list.
2750 */
2751 rhs = NameNode::create(context->runtime->atomState.emptyAtom, &funtc);
2752 if (!rhs)
2753 return NULL;
2754 rhs->pn_type = TOK_NAME;
2755 rhs->pn_op = JSOP_GETARG;
2756 rhs->pn_cookie = MAKE_UPVAR_COOKIE(funtc.staticLevel, slot);
2757 rhs->pn_dflags |= PND_BOUND;
2758
2759 item = JSParseNode::newBinaryOrAppend(TOK_ASSIGN, JSOP_NOP, lhs, rhs, &funtc);
2760 if (!item)
2761 return NULL;
2762 if (!list) {
2763 list = ListNode::create(&funtc);
2764 if (!list)
2765 return NULL;
2766 list->pn_type = TOK_COMMA;
2767 list->makeEmpty();
2768 }
2769 list->append(item);
2770 break;
2771 }
2772 #endif /* JS_HAS_DESTRUCTURING */
2773
2774 case TOK_NAME:
2775 {
2776 JSAtom *atom = tokenStream.currentToken().t_atom;
2777 if (!DefineArg(pn, atom, fun->nargs, &funtc))
2778 return NULL;
2779 #ifdef JS_HAS_DESTRUCTURING
2780 /*
2781 * ECMA-262 requires us to support duplicate parameter names, but if the
2782 * parameter list includes destructuring, we consider the code to have
2783 * opted in to higher standards, and forbid duplicates. We may see a
2784 * destructuring parameter later, so always note duplicates now.
2785 *
2786 * Duplicates are warned about (strict option) or cause errors (strict
2787 * mode code), but we do those tests in one place below, after having
2788 * parsed the body.
2789 */
2790 if (js_LookupLocal(context, fun, atom, NULL) != JSLOCAL_NONE) {
2791 duplicatedArg = atom;
2792 if (destructuringArg)
2793 goto report_dup_and_destructuring;
2794 }
2795 #endif
2796 if (!js_AddLocal(context, fun, atom, JSLOCAL_ARG))
2797 return NULL;
2798 break;
2799 }
2800
2801 default:
2802 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_MISSING_FORMAL);
2803 /* FALL THROUGH */
2804 case TOK_ERROR:
2805 return NULL;
2806
2807 #if JS_HAS_DESTRUCTURING
2808 report_dup_and_destructuring:
2809 JSDefinition *dn = ALE_DEFN(funtc.decls.lookup(duplicatedArg));
2810 reportErrorNumber(dn, JSREPORT_ERROR, JSMSG_DESTRUCT_DUP_ARG);
2811 return NULL;
2812 #endif
2813 }
2814 } while (tokenStream.matchToken(TOK_COMMA));
2815
2816 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_FORMAL);
2817 }
2818
2819 #if JS_HAS_EXPR_CLOSURES
2820 tt = tokenStream.getToken(TSF_OPERAND);
2821 if (tt != TOK_LC) {
2822 tokenStream.ungetToken();
2823 fun->flags |= JSFUN_EXPR_CLOSURE;
2824 }
2825 #else
2826 MUST_MATCH_TOKEN(TOK_LC, JSMSG_CURLY_BEFORE_BODY);
2827 #endif
2828
2829 body = functionBody();
2830 if (!body)
2831 return NULL;
2832
2833 if (!CheckStrictBinding(context, &funtc, funAtom, pn))
2834 return NULL;
2835
2836 if (!CheckStrictFormals(context, &funtc, fun, pn))
2837 return NULL;
2838
2839 #if JS_HAS_EXPR_CLOSURES
2840 if (tt == TOK_LC)
2841 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_BODY);
2842 else if (lambda == 0 && !MatchOrInsertSemicolon(context, &tokenStream))
2843 return NULL;
2844 #else
2845 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_BODY);
2846 #endif
2847 pn->pn_pos.end = tokenStream.currentToken().pos.end;
2848
2849 #if JS_HAS_DESTRUCTURING
2850 /*
2851 * If there were destructuring formal parameters, prepend the initializing
2852 * comma expression that we synthesized to body. If the body is a lexical
2853 * scope node, we must make a special TOK_SEQ node, to prepend the formal
2854 * parameter destructuring code without bracing the decompilation of the
2855 * function body's lexical scope.
2856 */
2857 if (list) {
2858 if (body->pn_arity != PN_LIST) {
2859 JSParseNode *block;
2860
2861 block = ListNode::create(outertc);
2862 if (!block)
2863 return NULL;
2864 block->pn_type = TOK_SEQ;
2865 block->pn_pos = body->pn_pos;
2866 block->initList(body);
2867
2868 body = block;
2869 }
2870
2871 item = UnaryNode::create(outertc);
2872 if (!item)
2873 return NULL;
2874
2875 item->pn_type = TOK_SEMI;
2876 item->pn_pos.begin = item->pn_pos.end = body->pn_pos.begin;
2877 item->pn_kid = list;
2878 item->pn_next = body->pn_head;
2879 body->pn_head = item;
2880 if (body->pn_tail == &body->pn_head)
2881 body->pn_tail = &item->pn_next;
2882 ++body->pn_count;
2883 body->pn_xflags |= PNX_DESTRUCT;
2884 }
2885 #endif
2886
2887 /*
2888 * If we collected flags that indicate nested heavyweight functions, or
2889 * this function contains heavyweight-making statements (with statement,
2890 * visible eval call, or assignment to 'arguments'), flag the function as
2891 * heavyweight (requiring a call object per invocation).
2892 */
2893 if (funtc.flags & TCF_FUN_HEAVYWEIGHT) {
2894 fun->flags |= JSFUN_HEAVYWEIGHT;
2895 outertc->flags |= TCF_FUN_HEAVYWEIGHT;
2896 } else {
2897 /*
2898 * If this function is a named statement function not at top-level
2899 * (i.e. not a top-level function definiton or expression), then our
2900 * enclosing function, if any, must be heavyweight.
2901 */
2902 if (!topLevel && lambda == 0 && funAtom)
2903 outertc->flags |= TCF_FUN_HEAVYWEIGHT;
2904 }
2905
2906 result = pn;
2907 if (lambda != 0) {
2908 /*
2909 * ECMA ed. 3 standard: function expression, possibly anonymous.
2910 */
2911 op = JSOP_LAMBDA;
2912 } else if (!funAtom) {
2913 /*
2914 * If this anonymous function definition is *not* embedded within a
2915 * larger expression, we treat it as an expression statement, not as
2916 * a function declaration -- and not as a syntax error (as ECMA-262
2917 * Edition 3 would have it). Backward compatibility must trump all,
2918 * unless JSOPTION_ANONFUNFIX is set.
2919 */
2920 result = UnaryNode::create(outertc);
2921 if (!result)
2922 return NULL;
2923 result->pn_type = TOK_SEMI;
2924 result->pn_pos = pn->pn_pos;
2925 result->pn_kid = pn;
2926 op = JSOP_LAMBDA;
2927 } else if (!topLevel) {
2928 /*
2929 * ECMA ed. 3 extension: a function expression statement not at the
2930 * top level, e.g., in a compound statement such as the "then" part
2931 * of an "if" statement, binds a closure only if control reaches that
2932 * sub-statement.
2933 */
2934 op = JSOP_DEFFUN;
2935 } else {
2936 op = JSOP_NOP;
2937 }
2938
2939 funbox->kids = funtc.functionList;
2940
2941 pn->pn_funbox = funbox;
2942 pn->pn_op = op;
2943 if (pn->pn_body) {
2944 pn->pn_body->append(body);
2945 pn->pn_body->pn_pos = body->pn_pos;
2946 } else {
2947 pn->pn_body = body;
2948 }
2949
2950 pn->pn_blockid = outertc->blockid();
2951
2952 if (!LeaveFunction(pn, &funtc, funAtom, lambda))
2953 return NULL;
2954
2955 /* If the surrounding function is not strict code, reset the lexer. */
2956 if (!(outertc->flags & TCF_STRICT_MODE_CODE))
2957 tokenStream.setStrictMode(false);
2958
2959 return result;
2960 }
2961
2962 JSParseNode *
2963 Parser::functionStmt()
2964 {
2965 return functionDef(0, true);
2966 }
2967
2968 JSParseNode *
2969 Parser::functionExpr()
2970 {
2971 return functionDef(JSFUN_LAMBDA, true);
2972 }
2973
2974 /*
2975 * Recognize Directive Prologue members and directives. Assuming pn
2976 * is a candidate for membership in a directive prologue, return
2977 * true if it is in fact a member. Recognize directives and set
2978 * tc's flags accordingly.
2979 *
2980 * Note that the following is a strict mode function:
2981 *
2982 * function foo() {
2983 * "blah" // inserted semi colon
2984 * "blurgh"
2985 * "use\x20loose"
2986 * "use strict"
2987 * }
2988 *
2989 * That is, a statement can be a Directive Prologue member, even
2990 * if it can't possibly be a directive, now or in the future.
2991 */
2992 bool
2993 Parser::recognizeDirectivePrologue(JSParseNode *pn)
2994 {
2995 if (!pn->isDirectivePrologueMember())
2996 return false;
2997 if (pn->isDirective()) {
2998 JSAtom *directive = pn->pn_kid->pn_atom;
2999 if (directive == context->runtime->atomState.useStrictAtom) {
3000 tc->flags |= TCF_STRICT_MODE_CODE;
3001 tokenStream.setStrictMode();
3002 }
3003 }
3004 return true;
3005 }
3006
3007 /*
3008 * Parse the statements in a block, creating a TOK_LC node that lists the
3009 * statements' trees. If called from block-parsing code, the caller must
3010 * match { before and } after.
3011 */
3012 JSParseNode *
3013 Parser::statements()
3014 {
3015 JSParseNode *pn, *pn2, *saveBlock;
3016 TokenKind tt;
3017 bool inDirectivePrologue = tc->atTopLevel();
3018
3019 JS_CHECK_RECURSION(context, return NULL);
3020
3021 pn = ListNode::create(tc);
3022 if (!pn)
3023 return NULL;
3024 pn->pn_type = TOK_LC;
3025 pn->makeEmpty();
3026 pn->pn_blockid = tc->blockid();
3027 saveBlock = tc->blockNode;
3028 tc->blockNode = pn;
3029
3030 for (;;) {
3031 tt = tokenStream.peekToken(TSF_OPERAND);
3032 if (tt <= TOK_EOF || tt == TOK_RC) {
3033 if (tt == TOK_ERROR) {
3034 if (tokenStream.isEOF())
3035 tokenStream.setUnexpectedEOF();
3036 return NULL;
3037 }
3038 break;
3039 }
3040 pn2 = statement();
3041 if (!pn2) {
3042 if (tokenStream.isEOF())
3043 tokenStream.setUnexpectedEOF();
3044 return NULL;
3045 }
3046
3047 if (inDirectivePrologue)
3048 inDirectivePrologue = recognizeDirectivePrologue(pn2);
3049
3050 if (pn2->pn_type == TOK_FUNCTION) {
3051 /*
3052 * PNX_FUNCDEFS notifies the emitter that the block contains top-
3053 * level function definitions that should be processed before the
3054 * rest of nodes.
3055 *
3056 * TCF_HAS_FUNCTION_STMT is for the TOK_LC case in Statement. It
3057 * is relevant only for function definitions not at top-level,
3058 * which we call function statements.
3059 */
3060 if (tc->atTopLevel())
3061 pn->pn_xflags |= PNX_FUNCDEFS;
3062 else
3063 tc->flags |= TCF_HAS_FUNCTION_STMT;
3064 }
3065 pn->append(pn2);
3066 }
3067
3068 /*
3069 * Handle the case where there was a let declaration under this block. If
3070 * it replaced tc->blockNode with a new block node then we must refresh pn
3071 * and then restore tc->blockNode.
3072 */
3073 if (tc->blockNode != pn)
3074 pn = tc->blockNode;
3075 tc->blockNode = saveBlock;
3076
3077 pn->pn_pos.end = tokenStream.currentToken().pos.end;
3078 return pn;
3079 }
3080
3081 JSParseNode *
3082 Parser::condition()
3083 {
3084 JSParseNode *pn;
3085
3086 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_COND);
3087 pn = parenExpr(NULL, NULL);
3088 if (!pn)
3089 return NULL;
3090 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_COND);
3091
3092 /* Check for (a = b) and warn about possible (a == b) mistype. */
3093 if (pn->pn_type == TOK_ASSIGN &&
3094 pn->pn_op == JSOP_NOP &&
3095 !pn->pn_parens &&
3096 !reportErrorNumber(NULL, JSREPORT_WARNING | JSREPORT_STRICT, JSMSG_EQUAL_AS_ASSIGN, "")) {
3097 return NULL;
3098 }
3099 return pn;
3100 }
3101
3102 static JSBool
3103 MatchLabel(JSContext *cx, TokenStream *ts, JSParseNode *pn)
3104 {
3105 JSAtom *label;
3106 TokenKind tt;
3107
3108 tt = ts->peekTokenSameLine();
3109 if (tt == TOK_ERROR)
3110 return JS_FALSE;
3111 if (tt == TOK_NAME) {
3112 (void) ts->getToken();
3113 label = ts->currentToken().t_atom;
3114 } else {
3115 label = NULL;
3116 }
3117 pn->pn_atom = label;
3118 return JS_TRUE;
3119 }
3120
3121 static JSBool
3122 BindLet(JSContext *cx, BindData *data, JSAtom *atom, JSTreeContext *tc)
3123 {
3124 JSParseNode *pn;
3125 JSObject *blockObj;
3126 JSAtomListElement *ale;
3127 jsint n;
3128
3129 /*
3130 * Top-level 'let' is the same as 'var' currently -- this may change in a
3131 * successor standard to ES3.1 that specifies 'let'.
3132 */
3133 JS_ASSERT(!tc->atTopLevel());
3134
3135 pn = data->pn;
3136 if (!CheckStrictBinding(cx, tc, atom, pn))
3137 return false;
3138
3139 blockObj = tc->blockChain;
3140 ale = tc->decls.lookup(atom);
3141 if (ale && ALE_DEFN(ale)->pn_blockid == tc->blockid()) {
3142 const char *name = js_AtomToPrintableString(cx, atom);
3143 if (name) {
3144 ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3145 JSREPORT_ERROR, JSMSG_REDECLARED_VAR,
3146 (ale && ALE_DEFN(ale)->isConst())
3147 ? js_const_str
3148 : js_variable_str,
3149 name);
3150 }
3151 return JS_FALSE;
3152 }
3153
3154 n = OBJ_BLOCK_COUNT(cx, blockObj);
3155 if (n == JS_BIT(16)) {
3156 ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3157 JSREPORT_ERROR, data->let.overflow);
3158 return JS_FALSE;
3159 }
3160
3161 /*
3162 * Pass push = true to Define so it pushes an ale ahead of any outer scope.
3163 * This is balanced by PopStatement, defined immediately below.
3164 */
3165 if (!Define(pn, atom, tc, true))
3166 return JS_FALSE;
3167
3168 /*
3169 * Assign block-local index to pn->pn_cookie right away, encoding it as an
3170 * upvar cookie whose skip tells the current static level. The emitter will
3171 * adjust the node's slot based on its stack depth model -- and, for global
3172 * and eval code, Compiler::compileScript will adjust the slot again to
3173 * include script->nfixed.
3174 */
3175 pn->pn_op = JSOP_GETLOCAL;
3176 pn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, n);
3177 pn->pn_dflags |= PND_LET | PND_BOUND;
3178
3179 /*
3180 * Define the let binding's property before storing pn in a reserved slot,
3181 * since block_reserveSlots depends on blockObj->scope()->entryCount.
3182 */
3183 if (!js_DefineBlockVariable(cx, blockObj, ATOM_TO_JSID(atom), n))
3184 return JS_FALSE;
3185
3186 /*
3187 * Store pn temporarily in what would be reserved slots in a cloned block
3188 * object (once the prototype's final population is known, after all 'let'
3189 * bindings for this block have been parsed). We will free these reserved
3190 * slots in jsemit.cpp:EmitEnterBlock.
3191 */
3192 uintN slot = JSSLOT_FREE(&js_BlockClass) + n;
3193 if (slot >= blockObj->numSlots() &&
3194 !blockObj->growSlots(cx, slot + 1)) {
3195 return JS_FALSE;
3196 }
3197 blockObj->scope()->freeslot = slot + 1;
3198 blockObj->setSlot(slot, PRIVATE_TO_JSVAL(pn));
3199 return JS_TRUE;
3200 }
3201
3202 static void
3203 PopStatement(JSTreeContext *tc)
3204 {
3205 JSStmtInfo *stmt = tc->topStmt;
3206
3207 if (stmt->flags & SIF_SCOPE) {
3208 JSObject *obj = stmt->blockObj;
3209 JSScope *scope = obj->scope();
3210 JS_ASSERT(!OBJ_IS_CLONED_BLOCK(obj));
3211
3212 for (JSScopeProperty *sprop = scope->lastProperty(); sprop; sprop = sprop->parent) {
3213 JSAtom *atom = JSID_TO_ATOM(sprop->id);
3214
3215 /* Beware the empty destructuring dummy. */
3216 if (atom == tc->parser->context->runtime->atomState.emptyAtom)
3217 continue;
3218 tc->decls.remove(tc->parser, atom);
3219 }
3220 }
3221 js_PopStatement(tc);
3222 }
3223
3224 static inline bool
3225 OuterLet(JSTreeContext *tc, JSStmtInfo *stmt, JSAtom *atom)
3226 {
3227 while (stmt->downScope) {
3228 stmt = js_LexicalLookup(tc, atom, NULL, stmt->downScope);
3229 if (!stmt)
3230 return false;
3231 if (stmt->type == STMT_BLOCK)
3232 return true;
3233 }
3234 return false;
3235 }
3236
3237 /*
3238 * If we are generating global or eval-called-from-global code, bind a "gvar"
3239 * here, as soon as possible. The JSOP_GETGVAR, etc., ops speed up interpreted
3240 * global variable access by memoizing name-to-slot mappings during execution
3241 * of the script prolog (via JSOP_DEFVAR/JSOP_DEFCONST). If the memoization
3242 * can't be done due to a pre-existing property of the same name as the var or
3243 * const but incompatible attributes/getter/setter/etc, these ops devolve to
3244 * JSOP_NAME, etc.
3245 *
3246 * For now, don't try to lookup eval frame variables at compile time. This is
3247 * sub-optimal: we could handle eval-called-from-global-code gvars since eval
3248 * gets its own script and frame. The eval-from-function-code case is harder,
3249 * since functions do not atomize gvars and then reserve their atom indexes as
3250 * stack frame slots.
3251 */
3252 static bool
3253 BindGvar(JSParseNode *pn, JSTreeContext *tc, bool inWith = false)
3254 {
3255 JS_ASSERT(pn->pn_op == JSOP_NAME);
3256 JS_ASSERT(!tc->inFunction());
3257
3258 if (tc->compiling() && !tc->parser->callerFrame) {
3259 JSCodeGenerator *cg = (JSCodeGenerator *) tc;
3260
3261 /* Index pn->pn_atom so we can map fast global number to name. */
3262 JSAtomListElement *ale = cg->atomList.add(tc->parser, pn->pn_atom);
3263 if (!ale)
3264 return false;
3265
3266 /* Defend against cg->ngvars 16-bit overflow. */
3267 uintN slot = ALE_INDEX(ale);
3268 if ((slot + 1) >> 16)
3269 return true;
3270
3271 if ((uint16)(slot + 1) > cg->ngvars)
3272 cg->ngvars = (uint16)(slot + 1);
3273
3274 if (!inWith) {
3275 pn->pn_op = JSOP_GETGVAR;
3276 pn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, slot);
3277 pn->pn_dflags |= PND_BOUND | PND_GVAR;
3278 }
3279 }
3280
3281 return true;
3282 }
3283
3284 static JSBool
3285 BindVarOrConst(JSContext *cx, BindData *data, JSAtom *atom, JSTreeContext *tc)
3286 {
3287 JSParseNode *pn = data->pn;
3288
3289 /* Default best op for pn is JSOP_NAME; we'll try to improve below. */
3290 pn->pn_op = JSOP_NAME;
3291
3292 if (!CheckStrictBinding(cx, tc, atom, pn))
3293 return false;
3294
3295 JSStmtInfo *stmt = js_LexicalLookup(tc, atom, NULL);
3296
3297 if (stmt && stmt->type == STMT_WITH) {
3298 data->fresh = false;
3299 return tc->inFunction() || BindGvar(pn, tc, true);
3300 }
3301
3302 JSAtomListElement *ale = tc->decls.lookup(atom);
3303 JSOp op = data->op;
3304
3305 if (stmt || ale) {
3306 JSDefinition *dn = ale ? ALE_DEFN(ale) : NULL;
3307 JSDefinition::Kind dn_kind = dn ? dn->kind() : JSDefinition::VAR;
3308 const char *name;
3309
3310 if (dn_kind == JSDefinition::ARG) {
3311 name = js_AtomToPrintableString(cx, atom);
3312 if (!name)
3313 return JS_FALSE;
3314
3315 if (op == JSOP_DEFCONST) {
3316 ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3317 JSREPORT_ERROR, JSMSG_REDECLARED_PARAM,
3318 name);
3319 return JS_FALSE;
3320 }
3321 if (!ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3322 JSREPORT_WARNING | JSREPORT_STRICT,
3323 JSMSG_VAR_HIDES_ARG, name)) {
3324 return JS_FALSE;
3325 }
3326 } else {
3327 bool error = (op == JSOP_DEFCONST ||
3328 dn_kind == JSDefinition::CONST ||
3329 (dn_kind == JSDefinition::LET &&
3330 (stmt->type != STMT_CATCH || OuterLet(tc, stmt, atom))));
3331
3332 if (JS_HAS_STRICT_OPTION(cx)
3333 ? op != JSOP_DEFVAR || dn_kind != JSDefinition::VAR
3334 : error) {
3335 name = js_AtomToPrintableString(cx, atom);
3336 if (!name ||
3337 !ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3338 !error
3339 ? JSREPORT_WARNING | JSREPORT_STRICT
3340 : JSREPORT_ERROR,
3341 JSMSG_REDECLARED_VAR,
3342 JSDefinition::kindString(dn_kind),
3343 name)) {
3344 return JS_FALSE;
3345 }
3346 }
3347 }
3348 }
3349
3350 if (!ale) {
3351 if (!Define(pn, atom, tc))
3352 return JS_FALSE;
3353 } else {
3354 /*
3355 * A var declaration never recreates an existing binding, it restates
3356 * it and possibly reinitializes its value. Beware that if pn becomes a
3357 * use of ALE_DEFN(ale), and if we have an initializer for this var or
3358 * const (typically a const would ;-), then pn must be rewritten into a
3359 * TOK_ASSIGN node. See Variables, further below.
3360 *
3361 * A case such as let (x = 1) { var x = 2; print(x); } is even harder.
3362 * There the x definition is hoisted but the x = 2 assignment mutates
3363 * the block-local binding of x.
3364 */
3365 JSDefinition *dn = ALE_DEFN(ale);
3366
3367 data->fresh = false;
3368
3369 if (!pn->pn_used) {
3370 /* Make pnu be a fresh name node that uses dn. */
3371 JSParseNode *pnu = pn;
3372
3373 if (pn->pn_defn) {
3374 pnu = NameNode::create(atom, tc);
3375 if (!pnu)
3376 return JS_FALSE;
3377 }
3378
3379 LinkUseToDef(pnu, dn, tc);
3380 pnu->pn_op = JSOP_NAME;
3381 }
3382
3383 while (dn->kind() == JSDefinition::LET) {
3384 do {
3385 ale = ALE_NEXT(ale);
3386 } while (ale && ALE_ATOM(ale) != atom);
3387 if (!ale)
3388 break;
3389 dn = ALE_DEFN(ale);
3390 }
3391
3392 if (ale) {
3393 JS_ASSERT_IF(data->op == JSOP_DEFCONST,
3394 dn->kind() == JSDefinition::CONST);
3395 return JS_TRUE;
3396 }
3397
3398 /*
3399 * A var or const that is shadowed by one or more let bindings of the
3400 * same name, but that has not been declared until this point, must be
3401 * hoisted above the let bindings.
3402 */
3403 if (!pn->pn_defn) {
3404 JSHashEntry **hep;
3405
3406 ale = tc->lexdeps.rawLookup(atom, hep);
3407 if (ale) {
3408 pn = ALE_DEFN(ale);
3409 tc->lexdeps.rawRemove(tc->parser, ale, hep);
3410 } else {
3411 JSParseNode *pn2 = NameNode::create(atom, tc);
3412 if (!pn2)
3413 return JS_FALSE;
3414
3415 /* The token stream may be past the location for pn. */
3416 pn2->pn_type = TOK_NAME;
3417 pn2->pn_pos = pn->pn_pos;
3418 pn = pn2;
3419 }
3420 pn->pn_op = JSOP_NAME;
3421 }
3422
3423 ale = tc->decls.add(tc->parser, atom, JSAtomList::HOIST);
3424 if (!ale)
3425 return JS_FALSE;
3426 ALE_SET_DEFN(ale, pn);
3427 pn->pn_defn = true;
3428 pn->pn_dflags &= ~PND_PLACEHOLDER;
3429 }
3430
3431 if (data->op == JSOP_DEFCONST)
3432 pn->pn_dflags |= PND_CONST;
3433
3434 if (!tc->inFunction())
3435 return BindGvar(pn, tc);
3436
3437 if (atom == cx->runtime->atomState.argumentsAtom) {
3438 pn->pn_op = JSOP_ARGUMENTS;
3439 pn->pn_dflags |= PND_BOUND;
3440 return JS_TRUE;
3441 }
3442
3443 JSLocalKind localKind = js_LookupLocal(cx, tc->fun, atom, NULL);
3444 if (localKind == JSLOCAL_NONE) {
3445 /*
3446 * Property not found in current variable scope: we have not seen this
3447 * variable before. Define a new local variable by adding a property to
3448 * the function's scope and allocating one slot in the function's vars
3449 * frame. Any locals declared in a with statement body are handled at
3450 * runtime, by script prolog JSOP_DEFVAR opcodes generated for global
3451 * and heavyweight-function-local vars.
3452 */
3453 localKind = (data->op == JSOP_DEFCONST) ? JSLOCAL_CONST : JSLOCAL_VAR;
3454
3455 uintN index = tc->fun->u.i.nvars;
3456 if (!BindLocalVariable(cx, tc->fun, atom, localKind, false))
3457 return JS_FALSE;
3458 pn->pn_op = JSOP_GETLOCAL;
3459 pn->pn_cookie = MAKE_UPVAR_COOKIE(tc->staticLevel, index);
3460 pn->pn_dflags |= PND_BOUND;
3461 return JS_TRUE;
3462 }
3463
3464 if (localKind == JSLOCAL_ARG) {
3465 /* We checked errors and strict warnings earlier -- see above. */
3466 JS_ASSERT(ale && ALE_DEFN(ale)->kind() == JSDefinition::ARG);
3467 } else {
3468 /* Not an argument, must be a redeclared local var. */
3469 JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
3470 }
3471 return JS_TRUE;
3472 }
3473
3474 static JSBool
3475 MakeSetCall(JSContext *cx, JSParseNode *pn, JSTreeContext *tc, uintN msg)
3476 {
3477 JSParseNode *pn2;
3478
3479 JS_ASSERT(pn->pn_arity == PN_LIST);
3480 JS_ASSERT(pn->pn_op == JSOP_CALL || pn->pn_op == JSOP_EVAL || pn->pn_op == JSOP_APPLY);
3481 pn2 = pn->pn_head;
3482 if (pn2->pn_type == TOK_FUNCTION && (pn2->pn_funbox->tcflags & TCF_GENEXP_LAMBDA)) {
3483 ReportCompileErrorNumber(cx, TS(tc->parser), pn, JSREPORT_ERROR, msg);
3484 return JS_FALSE;
3485 }
3486 pn->pn_op = JSOP_SETCALL;
3487 return JS_TRUE;
3488 }
3489
3490 static void
3491 NoteLValue(JSContext *cx, JSParseNode *pn, JSTreeContext *tc, uintN dflag = PND_ASSIGNED)
3492 {
3493 if (pn->pn_used) {
3494 JSDefinition *dn = pn->pn_lexdef;
3495
3496 /*
3497 * Save the win of PND_INITIALIZED if we can prove 'var x;' and 'x = y'
3498 * occur as direct kids of the same block with no forward refs to x.
3499 */
3500 if (!(dn->pn_dflags & (PND_INITIALIZED | PND_CONST | PND_PLACEHOLDER)) &&
3501 dn->isBlockChild() &&
3502 pn->isBlockChild() &&
3503 dn->pn_blockid == pn->pn_blockid &&
3504 dn->pn_pos.end <= pn->pn_pos.begin &&
3505 dn->dn_uses == pn) {
3506 dflag = PND_INITIALIZED;
3507 }
3508
3509 dn->pn_dflags |= dflag;
3510
3511 if (dn->frameLevel() != tc->staticLevel) {
3512 /*
3513 * The above condition takes advantage of the all-ones nature of
3514 * FREE_UPVAR_COOKIE, and the reserved level FREE_STATIC_LEVEL.
3515 * We make a stronger assertion by excluding FREE_UPVAR_COOKIE.
3516 */
3517 JS_ASSERT_IF(dn->pn_cookie != FREE_UPVAR_COOKIE,
3518 dn->frameLevel() < tc->staticLevel);
3519 tc->flags |= TCF_FUN_SETS_OUTER_NAME;
3520 }
3521 }
3522
3523 pn->pn_dflags |= dflag;
3524
3525 if (pn->pn_atom == cx->runtime->atomState.argumentsAtom)
3526 tc->flags |= TCF_FUN_HEAVYWEIGHT;
3527 }
3528
3529 #if JS_HAS_DESTRUCTURING
3530
3531 static JSBool
3532 BindDestructuringVar(JSContext *cx, BindData *data, JSParseNode *pn,
3533 JSTreeContext *tc)
3534 {
3535 JSAtom *atom;
3536
3537 /*
3538 * Destructuring is a form of assignment, so just as for an initialized
3539 * simple variable, we must check for assignment to 'arguments' and flag
3540 * the enclosing function (if any) as heavyweight.
3541 */
3542 JS_ASSERT(pn->pn_type == TOK_NAME);
3543 atom = pn->pn_atom;
3544 if (atom == cx->runtime->atomState.argumentsAtom)
3545 tc->flags |= TCF_FUN_HEAVYWEIGHT;
3546
3547 data->pn = pn;
3548 if (!data->binder(cx, data, atom, tc))
3549 return JS_FALSE;
3550
3551 /*
3552 * Select the appropriate name-setting opcode, respecting eager selection
3553 * done by the data->binder function.
3554 */
3555 if (pn->pn_dflags & PND_BOUND) {
3556 pn->pn_op = (pn->pn_op == JSOP_ARGUMENTS)
3557 ? JSOP_SETNAME
3558 : (pn->pn_dflags & PND_GVAR)
3559 ? JSOP_SETGVAR
3560 : JSOP_SETLOCAL;
3561 } else {
3562 pn->pn_op = (data->op == JSOP_DEFCONST)
3563 ? JSOP_SETCONST
3564 : JSOP_SETNAME;
3565 }
3566
3567 if (data->op == JSOP_DEFCONST)
3568 pn->pn_dflags |= PND_CONST;
3569
3570 NoteLValue(cx, pn, tc, PND_INITIALIZED);
3571 return JS_TRUE;
3572 }
3573
3574 /*
3575 * Here, we are destructuring {... P: Q, ...} = R, where P is any id, Q is any
3576 * LHS expression except a destructuring initialiser, and R is on the stack.
3577 * Because R is already evaluated, the usual LHS-specialized bytecodes won't
3578 * work. After pushing R[P] we need to evaluate Q's "reference base" QB and
3579 * then push its property name QN. At this point the stack looks like
3580 *
3581 * [... R, R[P], QB, QN]
3582 *
3583 * We need to set QB[QN] = R[P]. This is a job for JSOP_ENUMELEM, which takes
3584 * its operands with left-hand side above right-hand side:
3585 *
3586 * [rval, lval, xval]
3587 *
3588 * and pops all three values, setting lval[xval] = rval. But we cannot select
3589 * JSOP_ENUMELEM yet, because the LHS may turn out to be an arg or local var,
3590 * which can be optimized further. So we select JSOP_SETNAME.
3591 */
3592 static JSBool
3593 BindDestructuringLHS(JSContext *cx, JSParseNode *pn, JSTreeContext *tc)
3594 {
3595 switch (pn->pn_type) {
3596 case TOK_NAME:
3597 NoteLValue(cx, pn, tc);
3598 /* FALL THROUGH */
3599
3600 case TOK_DOT:
3601 case TOK_LB:
3602 pn->pn_op = JSOP_SETNAME;
3603 break;
3604
3605 case TOK_LP:
3606 if (!MakeSetCall(cx, pn, tc, JSMSG_BAD_LEFTSIDE_OF_ASS))
3607 return JS_FALSE;
3608 break;
3609
3610 #if JS_HAS_XML_SUPPORT
3611 case TOK_UNARYOP:
3612 if (pn->pn_op == JSOP_XMLNAME) {
3613 pn->pn_op = JSOP_BINDXMLNAME;
3614 break;
3615 }
3616 /* FALL THROUGH */
3617 #endif
3618
3619 default:
3620 ReportCompileErrorNumber(cx, TS(tc->parser), pn,
3621 JSREPORT_ERROR, JSMSG_BAD_LEFTSIDE_OF_ASS);
3622 return JS_FALSE;
3623 }
3624
3625 return JS_TRUE;
3626 }
3627
3628 typedef struct FindPropValData {
3629 uint32 numvars; /* # of destructuring vars in left side */
3630 uint32 maxstep; /* max # of steps searching right side */
3631 JSDHashTable table; /* hash table for O(1) right side search */
3632 } FindPropValData;
3633
3634 typedef struct FindPropValEntry {
3635 JSDHashEntryHdr hdr;
3636 JSParseNode *pnkey;
3637 JSParseNode *pnval;
3638 } FindPropValEntry;
3639
3640 #define ASSERT_VALID_PROPERTY_KEY(pnkey) \
3641 JS_ASSERT(((pnkey)->pn_arity == PN_NULLARY && \
3642 ((pnkey)->pn_type == TOK_NUMBER || \
3643 (pnkey)->pn_type == TOK_STRING || \
3644 (pnkey)->pn_type == TOK_NAME)) || \
3645 ((pnkey)->pn_arity == PN_NAME && (pnkey)->pn_type == TOK_NAME))
3646
3647 static JSDHashNumber
3648 HashFindPropValKey(JSDHashTable *table, const void *key)
3649 {
3650 const JSParseNode *pnkey = (const JSParseNode *)key;
3651
3652 ASSERT_VALID_PROPERTY_KEY(pnkey);
3653 return (pnkey->pn_type == TOK_NUMBER)
3654 ? (JSDHashNumber) JS_HASH_DOUBLE(pnkey->pn_dval)
3655 : ATOM_HASH(pnkey->pn_atom);
3656 }
3657
3658 static JSBool
3659 MatchFindPropValEntry(JSDHashTable *table,
3660 const JSDHashEntryHdr *entry,
3661 const void *key)
3662 {
3663 const FindPropValEntry *fpve = (const FindPropValEntry *)entry;
3664 const JSParseNode *pnkey = (const JSParseNode *)key;
3665
3666 ASSERT_VALID_PROPERTY_KEY(pnkey);
3667 return pnkey->pn_type == fpve->pnkey->pn_type &&
3668 ((pnkey->pn_type == TOK_NUMBER)
3669 ? pnkey->pn_dval == fpve->pnkey->pn_dval
3670 : pnkey->pn_atom == fpve->pnkey->pn_atom);
3671 }
3672
3673 static const JSDHashTableOps FindPropValOps = {
3674 JS_DHashAllocTable,
3675 JS_DHashFreeTable,
3676 HashFindPropValKey,
3677 MatchFindPropValEntry,
3678 JS_DHashMoveEntryStub,
3679 JS_DHashClearEntryStub,
3680 JS_DHashFinalizeStub,
3681 NULL
3682 };
3683
3684 #define STEP_HASH_THRESHOLD 10
3685 #define BIG_DESTRUCTURING 5
3686 #define BIG_OBJECT_INIT 20
3687
3688 static JSParseNode *
3689 FindPropertyValue(JSParseNode *pn, JSParseNode *pnid, FindPropValData *data)
3690 {
3691 FindPropValEntry *entry;
3692 JSParseNode *pnhit, *pnhead, *pnprop, *pnkey;
3693 uint32 step;
3694
3695 /* If we have a hash table, use it as the sole source of truth. */
3696 if (data->table.ops) {
3697 entry = (FindPropValEntry *)
3698 JS_DHashTableOperate(&data->table, pnid, JS_DHASH_LOOKUP);
3699 return JS_DHASH_ENTRY_IS_BUSY(&entry->hdr) ? entry->pnval : NULL;
3700 }
3701
3702 /* If pn is not an object initialiser node, we can't do anything here. */
3703 if (pn->pn_type != TOK_RC)
3704 return NULL;
3705
3706 /*
3707 * We must search all the way through pn's list, to handle the case of an
3708 * id duplicated for two or more property initialisers.
3709 */
3710 pnhit = NULL;
3711 step = 0;
3712 ASSERT_VALID_PROPERTY_KEY(pnid);
3713 pnhead = pn->pn_head;
3714 if (pnid->pn_type == TOK_NUMBER) {
3715 for (pnprop = pnhead; pnprop; pnprop = pnprop->pn_next) {
3716 JS_ASSERT(pnprop->pn_type == TOK_COLON);
3717 if (pnprop->pn_op == JSOP_NOP) {
3718 pnkey = pnprop->pn_left;
3719 ASSERT_VALID_PROPERTY_KEY(pnkey);
3720 if (pnkey->pn_type == TOK_NUMBER &&
3721 pnkey->pn_dval == pnid->pn_dval) {
3722 pnhit = pnprop;
3723 }
3724 ++step;
3725 }
3726 }
3727 } else {
3728 for (pnprop = pnhead; pnprop; pnprop = pnprop->pn_next) {
3729 JS_ASSERT(pnprop->pn_type == TOK_COLON);
3730 if (pnprop->pn_op == JSOP_NOP) {
3731 pnkey = pnprop->pn_left;
3732 ASSERT_VALID_PROPERTY_KEY(pnkey);
3733 if (pnkey->pn_type == pnid->pn_type &&
3734 pnkey->pn_atom == pnid->pn_atom) {
3735 pnhit = pnprop;
3736 }
3737 ++step;
3738 }
3739 }
3740 }
3741 if (!pnhit)
3742 return NULL;
3743
3744 /* Hit via full search -- see whether it's time to create the hash table. */
3745 JS_ASSERT(!data->table.ops);
3746 if (step > data->maxstep) {
3747 data->maxstep = step;
3748 if (step >= STEP_HASH_THRESHOLD &&
3749 data->numvars >= BIG_DESTRUCTURING &&
3750 pn->pn_count >= BIG_OBJECT_INIT &&
3751 JS_DHashTableInit(&data->table, &FindPropValOps, pn,
3752 sizeof(FindPropValEntry),
3753 JS_DHASH_DEFAULT_CAPACITY(pn->pn_count)))
3754 {
3755 for (pn = pnhead; pn; pn = pn->pn_next) {
3756 JS_ASSERT(pnprop->pn_type == TOK_COLON);
3757 ASSERT_VALID_PROPERTY_KEY(pn->pn_left);
3758 entry = (FindPropValEntry *)
3759 JS_DHashTableOperate(&data->table, pn->pn_left,
3760 JS_DHASH_ADD);
3761 entry->pnval = pn->pn_right;
3762 }
3763 }
3764 }
3765 return pnhit->pn_right;
3766 }
3767
3768 /*
3769 * Destructuring patterns can appear in two kinds of contexts:
3770 *
3771 * - assignment-like: assignment expressions and |for| loop heads. In
3772 * these cases, the patterns' property value positions can be
3773 * arbitrary lvalue expressions; the destructuring is just a fancy
3774 * assignment.
3775 *
3776 * - declaration-like: |var| and |let| declarations, functions' formal
3777 * parameter lists, |catch| clauses, and comprehension tails. In
3778 * these cases, the patterns' property value positions must be
3779 * simple names; the destructuring defines them as new variables.
3780 *
3781 * In both cases, other code parses the pattern as an arbitrary
3782 * primaryExpr, and then, here in CheckDestructuring, verify that the
3783 * tree is a valid destructuring expression.
3784 *
3785 * In assignment-like contexts, we parse the pattern with the
3786 * TCF_DECL_DESTRUCTURING flag clear, so the lvalue expressions in the
3787 * pattern are parsed normally. primaryExpr links variable references
3788 * into the appropriate use chains; creates placeholder definitions;
3789 * and so on. CheckDestructuring is called with |data| NULL (since we
3790 * won't be binding any new names), and we specialize lvalues as
3791 * appropriate. If right is NULL, we just check for well-formed lvalues.
3792 *
3793 * In declaration-like contexts, the normal variable reference
3794 * processing would just be an obstruction, because we're going to
3795 * define the names that appear in the property value positions as new
3796 * variables anyway. In this case, we parse the pattern with
3797 * TCF_DECL_DESTRUCTURING set, which directs primaryExpr to leave
3798 * whatever name nodes it creates unconnected. Then, here in
3799 * CheckDestructuring, we require the pattern's property value
3800 * positions to be simple names, and define them as appropriate to the
3801 * context. For these calls, |data| points to the right sort of
3802 * BindData.
3803 *
3804 * See also UndominateInitializers, immediately below. If you change
3805 * either of these functions, you might have to change the other to
3806 * match.
3807 */
3808 static JSBool
3809 CheckDestructuring(JSContext *cx, BindData *data,
3810 JSParseNode *left, JSParseNode *right,
3811 JSTreeContext *tc)
3812 {
3813 JSBool ok;
3814 FindPropValData fpvd;
3815 JSParseNode *lhs, *rhs, *pn, *pn2;
3816
3817 if (left->pn_type == TOK_ARRAYCOMP) {
3818 ReportCompileErrorNumber(cx, TS(tc->parser), left, JSREPORT_ERROR,
3819 JSMSG_ARRAY_COMP_LEFTSIDE);
3820 return JS_FALSE;
3821 }
3822
3823 #if JS_HAS_DESTRUCTURING_SHORTHAND
3824 if (right && right->pn_arity == PN_LIST && (right->pn_xflags & PNX_DESTRUCT)) {
3825 ReportCompileErrorNumber(cx, TS(tc->parser), right, JSREPORT_ERROR,
3826 JSMSG_BAD_OBJECT_INIT);
3827 return JS_FALSE;
3828 }
3829 #endif
3830
3831 fpvd.table.ops = NULL;
3832 lhs = left->pn_head;
3833 if (left->pn_type == TOK_RB) {
3834 rhs = (right && right->pn_type == left->pn_type)
3835 ? right->pn_head
3836 : NULL;
3837
3838 while (lhs) {
3839 pn = lhs, pn2 = rhs;
3840
3841 /* Nullary comma is an elision; binary comma is an expression.*/
3842 if (pn->pn_type != TOK_COMMA || pn->pn_arity != PN_NULLARY) {
3843 if (pn->pn_type == TOK_RB || pn->pn_type == TOK_RC) {
3844 ok = CheckDestructuring(cx, data, pn, pn2, tc);
3845 } else {
3846 if (data) {
3847 if (pn->pn_type != TOK_NAME)
3848 goto no_var_name;
3849
3850 ok = BindDestructuringVar(cx, data, pn, tc);
3851 } else {
3852 ok = BindDestructuringLHS(cx, pn, tc);
3853 }
3854 }
3855 if (!ok)
3856 goto out;
3857 }
3858
3859 lhs = lhs->pn_next;
3860 if (rhs)
3861 rhs = rhs->pn_next;
3862 }
3863 } else {
3864 JS_ASSERT(left->pn_type == TOK_RC);
3865 fpvd.numvars = left->pn_count;
3866 fpvd.maxstep = 0;
3867 rhs = NULL;
3868
3869 while (lhs) {
3870 JS_ASSERT(lhs->pn_type == TOK_COLON);
3871 pn = lhs->pn_right;
3872
3873 if (pn->pn_type == TOK_RB || pn->pn_type == TOK_RC) {
3874 if (right)
3875 rhs = FindPropertyValue(right, lhs->pn_left, &fpvd);
3876 ok = CheckDestructuring(cx, data, pn, rhs, tc);
3877 } else if (data) {
3878 if (pn->pn_type != TOK_NAME)
3879 goto no_var_name;
3880
3881 ok = BindDestructuringVar(cx, data, pn, tc);
3882 } else {
3883 ok = BindDestructuringLHS(cx, pn, tc);
3884 }
3885 if (!ok)
3886 goto out;
3887
3888 lhs = lhs->pn_next;
3889 }
3890 }
3891
3892 /*
3893 * The catch/finally handler implementation in the interpreter assumes
3894 * that any operation that introduces a new scope (like a "let" or "with"
3895 * block) increases the stack depth. This way, it is possible to restore
3896 * the scope chain based on stack depth of the handler alone. "let" with
3897 * an empty destructuring pattern like in
3898 *
3899 * let [] = 1;
3900 *
3901 * would violate this assumption as the there would be no let locals to
3902 * store on the stack. To satisfy it we add an empty property to such
3903 * blocks so that OBJ_BLOCK_COUNT(cx, blockObj), which gives the number of
3904 * slots, would be always positive.
3905 *
3906 * Note that we add such a property even if the block has locals due to
3907 * later let declarations in it. We optimize for code simplicity here,
3908 * not the fastest runtime performance with empty [] or {}.
3909 */
3910 if (data &&
3911 data->binder == BindLet &&
3912 OBJ_BLOCK_COUNT(cx, tc->blockChain) == 0) {
3913 ok = !!js_DefineNativeProperty(cx, tc->blockChain,
3914 ATOM_TO_JSID(cx->runtime->
3915 atomState.emptyAtom),
3916 JSVAL_VOID, NULL, NULL,
3917 JSPROP_ENUMERATE |
3918 JSPROP_PERMANENT |
3919 JSPROP_SHARED,
3920 JSScopeProperty::HAS_SHORTID, 0, NULL);
3921 if (!ok)
3922 goto out;
3923 }
3924
3925 ok = JS_TRUE;
3926
3927 out:
3928 if (fpvd.table.ops)
3929 JS_DHashTableFinish(&fpvd.table);
3930 return ok;
3931
3932 no_var_name:
3933 ReportCompileErrorNumber(cx, TS(tc->parser), pn, JSREPORT_ERROR,
3934 JSMSG_NO_VARIABLE_NAME);
3935 ok = JS_FALSE;
3936 goto out;
3937 }
3938
3939 /*
3940 * This is a greatly pared down version of CheckDestructuring that extends the
3941 * pn_pos.end source coordinate of each name in a destructuring binding such as
3942 *
3943 * var [x, y] = [function () y, 42];
3944 *
3945 * to cover its corresponding initializer, so that the initialized binding does
3946 * not appear to dominate any closures in its initializer. See bug 496134.
3947 *
3948 * The quick-and-dirty dominance computation in Parser::setFunctionKinds is not
3949 * very precise. With one-pass SSA construction from structured source code
3950 * (see "Single-Pass Generation of Static Single Assignment Form for Structured
3951 * Languages", Brandis and Mössenböck), we could do much better.
3952 *
3953 * See CheckDestructuring, immediately above. If you change either of these
3954 * functions, you might have to change the other to match.
3955 */
3956 static JSBool
3957 UndominateInitializers(JSParseNode *left, JSParseNode *right, JSTreeContext *tc)
3958 {
3959 FindPropValData fpvd;
3960 JSParseNode *lhs, *rhs;
3961
3962 JS_ASSERT(left->pn_type != TOK_ARRAYCOMP);
3963 JS_ASSERT(right);
3964
3965 #if JS_HAS_DESTRUCTURING_SHORTHAND
3966 if (right->pn_arity == PN_LIST && (right->pn_xflags & PNX_DESTRUCT)) {
3967 ReportCompileErrorNumber(tc->parser->context, TS(tc->parser), right, JSREPORT_ERROR,
3968 JSMSG_BAD_OBJECT_INIT);
3969 return JS_FALSE;
3970 }
3971 #endif
3972
3973 if (right->pn_type != left->pn_type)
3974 return JS_TRUE;
3975
3976 fpvd.table.ops = NULL;
3977 lhs = left->pn_head;
3978 if (left->pn_type == TOK_RB) {
3979 rhs = right->pn_head;
3980
3981 while (lhs && rhs) {
3982 /* Nullary comma is an elision; binary comma is an expression.*/
3983 if (lhs->pn_type != TOK_COMMA || lhs->pn_arity != PN_NULLARY) {
3984 if (lhs->pn_type == TOK_RB || lhs->pn_type == TOK_RC) {
3985 if (!UndominateInitializers(lhs, rhs, tc))
3986 return JS_FALSE;
3987 } else {
3988 lhs->pn_pos.end = rhs->pn_pos.end;
3989 }
3990 }
3991
3992 lhs = lhs->pn_next;
3993 rhs = rhs->pn_next;
3994 }
3995 } else {
3996 JS_ASSERT(left->pn_type == TOK_RC);
3997 fpvd.numvars = left->pn_count;
3998 fpvd.maxstep = 0;
3999
4000 while (lhs) {
4001 JS_ASSERT(lhs->pn_type == TOK_COLON);
4002 JSParseNode *pn = lhs->pn_right;
4003
4004 rhs = FindPropertyValue(right, lhs->pn_left, &fpvd);
4005 if (pn->pn_type == TOK_RB || pn->pn_type == TOK_RC) {
4006 if (rhs && !UndominateInitializers(pn, rhs, tc))
4007 return JS_FALSE;
4008 } else {
4009 if (rhs)
4010 pn->pn_pos.end = rhs->pn_pos.end;
4011 }
4012
4013 lhs = lhs->pn_next;
4014 }
4015 }
4016 return JS_TRUE;
4017 }
4018
4019 JSParseNode *
4020 Parser::destructuringExpr(BindData *data, TokenKind tt)
4021 {
4022 JSParseNode *pn;
4023
4024 tc->flags |= TCF_DECL_DESTRUCTURING;
4025 pn = primaryExpr(tt, JS_FALSE);
4026 tc->flags &= ~TCF_DECL_DESTRUCTURING;
4027 if (!pn)
4028 return NULL;
4029 if (!CheckDestructuring(context, data, pn, NULL, tc))
4030 return NULL;
4031 return pn;
4032 }
4033
4034 /*
4035 * Currently used only #if JS_HAS_DESTRUCTURING, in Statement's TOK_FOR case.
4036 * This function assumes the cloned tree is for use in the same statement and
4037 * binding context as the original tree.
4038 */
4039 static JSParseNode *
4040 CloneParseTree(JSParseNode *opn, JSTreeContext *tc)
4041 {
4042 JSParseNode *pn, *pn2, *opn2;
4043
4044 pn = NewOrRecycledNode(tc);
4045 if (!pn)
4046 return NULL;
4047 pn->pn_type = opn->pn_type;
4048 pn->pn_pos = opn->pn_pos;
4049 pn->pn_op = opn->pn_op;
4050 pn->pn_used = opn->pn_used;
4051 pn->pn_defn = opn->pn_defn;
4052 pn->pn_arity = opn->pn_arity;
4053 pn->pn_parens = opn->pn_parens;
4054
4055 switch (pn->pn_arity) {
4056 #define NULLCHECK(e) JS_BEGIN_MACRO if (!(e)) return NULL; JS_END_MACRO
4057
4058 case PN_FUNC:
4059 NULLCHECK(pn->pn_funbox =
4060 tc->parser->newFunctionBox(opn->pn_funbox->object, pn, tc));
4061 NULLCHECK(pn->pn_body = CloneParseTree(opn->pn_body, tc));
4062 pn->pn_cookie = opn->pn_cookie;
4063 pn->pn_dflags = opn->pn_dflags;
4064 pn->pn_blockid = opn->pn_blockid;
4065 break;
4066
4067 case PN_LIST:
4068 pn->makeEmpty();
4069 for (opn2 = opn->pn_head; opn2; opn2 = opn2->pn_next) {
4070 NULLCHECK(pn2 = CloneParseTree(opn2, tc));
4071 pn->append(pn2);
4072 }
4073 pn->pn_xflags = opn->pn_xflags;
4074 break;
4075
4076 case PN_TERNARY:
4077 NULLCHECK(pn->pn_kid1 = CloneParseTree(opn->pn_kid1, tc));
4078 NULLCHECK(pn->pn_kid2 = CloneParseTree(opn->pn_kid2, tc));
4079 NULLCHECK(pn->pn_kid3 = CloneParseTree(opn->pn_kid3, tc));
4080 break;
4081
4082 case PN_BINARY:
4083 NULLCHECK(pn->pn_left = CloneParseTree(opn->pn_left, tc));
4084 if (opn->pn_right != opn->pn_left)
4085 NULLCHECK(pn->pn_right = CloneParseTree(opn->pn_right, tc));
4086 else
4087 pn->pn_right = pn->pn_left;
4088 pn->pn_val = opn->pn_val;
4089 pn->pn_iflags = opn->pn_iflags;
4090 break;
4091
4092 case PN_UNARY:
4093 NULLCHECK(pn->pn_kid = CloneParseTree(opn->pn_kid, tc));
4094 pn->pn_num = opn->pn_num;
4095 pn->pn_hidden = opn->pn_hidden;
4096 break;
4097
4098 case PN_NAME:
4099 // PN_NAME could mean several arms in pn_u, so copy the whole thing.
4100 pn->pn_u = opn->pn_u;
4101 if (opn->pn_used) {
4102 /*
4103 * The old name is a use of its pn_lexdef. Make the clone also be a
4104 * use of that definition.
4105 */
4106 JSDefinition *dn = pn->pn_lexdef;
4107
4108 pn->pn_link = dn->dn_uses;
4109 dn->dn_uses = pn;
4110 } else if (opn->pn_expr) {
4111 NULLCHECK(pn->pn_expr = CloneParseTree(opn->pn_expr, tc));
4112
4113 /*
4114 * If the old name is a definition, the new one has pn_defn set.
4115 * Make the old name a use of the new node.
4116 */
4117 if (opn->pn_defn) {
4118 opn->pn_defn = false;
4119 LinkUseToDef(opn, (JSDefinition *) pn, tc);
4120 }
4121 }
4122 break;
4123
4124 case PN_NAMESET:
4125 pn->pn_names = opn->pn_names;
4126 NULLCHECK(pn->pn_tree = CloneParseTree(opn->pn_tree, tc));
4127 break;
4128
4129 case PN_NULLARY:
4130 // Even PN_NULLARY may have data (apair for E4X -- what a botch).
4131 pn->pn_u = opn->pn_u;
4132 break;
4133
4134 #undef NULLCHECK
4135 }
4136 return pn;
4137 }
4138
4139 #endif /* JS_HAS_DESTRUCTURING */
4140
4141 extern const char js_with_statement_str[];
4142
4143 static JSParseNode *
4144 ContainsStmt(JSParseNode *pn, TokenKind tt)
4145 {
4146 JSParseNode *pn2, *pnt;
4147
4148 if (!pn)
4149 return NULL;
4150 if (PN_TYPE(pn) == tt)
4151 return pn;
4152 switch (pn->pn_arity) {
4153 case PN_LIST:
4154 for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) {
4155 pnt = ContainsStmt(pn2, tt);
4156 if (pnt)
4157 return pnt;
4158 }
4159 break;
4160 case PN_TERNARY:
4161 pnt = ContainsStmt(pn->pn_kid1, tt);
4162 if (pnt)
4163 return pnt;
4164 pnt = ContainsStmt(pn->pn_kid2, tt);
4165 if (pnt)
4166 return pnt;
4167 return ContainsStmt(pn->pn_kid3, tt);
4168 case PN_BINARY:
4169 /*
4170 * Limit recursion if pn is a binary expression, which can't contain a
4171 * var statement.
4172 */
4173 if (pn->pn_op != JSOP_NOP)
4174 return NULL;
4175 pnt = ContainsStmt(pn->pn_left, tt);
4176 if (pnt)
4177 return pnt;
4178 return ContainsStmt(pn->pn_right, tt);
4179 case PN_UNARY:
4180 if (pn->pn_op != JSOP_NOP)
4181 return NULL;
4182 return ContainsStmt(pn->pn_kid, tt);
4183 case PN_NAME:
4184 return ContainsStmt(pn->maybeExpr(), tt);
4185 case PN_NAMESET:
4186 return ContainsStmt(pn->pn_tree, tt);
4187 default:;
4188 }
4189 return NULL;
4190 }
4191
4192 JSParseNode *
4193 Parser::returnOrYield(bool useAssignExpr)
4194 {
4195 TokenKind tt, tt2;
4196 JSParseNode *pn, *pn2;
4197
4198 tt = tokenStream.currentToken().type;
4199 if (tt == TOK_RETURN && !tc->inFunction()) {
4200 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_RETURN_OR_YIELD, js_return_str);
4201 return NULL;
4202 }
4203
4204 pn = UnaryNode::create(tc);
4205 if (!pn)
4206 return NULL;
4207
4208 #if JS_HAS_GENERATORS
4209 if (tt == TOK_YIELD)
4210 tc->flags |= TCF_FUN_IS_GENERATOR;
4211 #endif
4212
4213 /* This is ugly, but we don't want to require a semicolon. */
4214 tt2 = tokenStream.peekTokenSameLine(TSF_OPERAND);
4215 if (tt2 == TOK_ERROR)
4216 return NULL;
4217
4218 if (tt2 != TOK_EOF && tt2 != TOK_EOL && tt2 != TOK_SEMI && tt2 != TOK_RC
4219 #if JS_HAS_GENERATORS
4220 && (tt != TOK_YIELD ||
4221 (tt2 != tt && tt2 != TOK_RB && tt2 != TOK_RP &&
4222 tt2 != TOK_COLON && tt2 != TOK_COMMA))
4223 #endif
4224 ) {
4225 pn2 = useAssignExpr ? assignExpr() : expr();
4226 if (!pn2)
4227 return NULL;
4228 #if JS_HAS_GENERATORS
4229 if (tt == TOK_RETURN)
4230 #endif
4231 tc->flags |= TCF_RETURN_EXPR;
4232 pn->pn_pos.end = pn2->pn_pos.end;
4233 pn->pn_kid = pn2;
4234 } else {
4235 #if JS_HAS_GENERATORS
4236 if (tt == TOK_RETURN)
4237 #endif
4238 tc->flags |= TCF_RETURN_VOID;
4239 }
4240
4241 if ((~tc->flags & (TCF_RETURN_EXPR | TCF_FUN_IS_GENERATOR)) == 0) {
4242 /* As in Python (see PEP-255), disallow return v; in generators. */
4243 ReportBadReturn(context, tc, JSREPORT_ERROR,
4244 JSMSG_BAD_GENERATOR_RETURN,
4245 JSMSG_BAD_ANON_GENERATOR_RETURN);
4246 return NULL;
4247 }
4248
4249 if (JS_HAS_STRICT_OPTION(context) &&
4250 (~tc->flags & (TCF_RETURN_EXPR | TCF_RETURN_VOID)) == 0 &&
4251 !ReportBadReturn(context, tc, JSREPORT_WARNING | JSREPORT_STRICT,
4252 JSMSG_NO_RETURN_VALUE,
4253 JSMSG_ANON_NO_RETURN_VALUE)) {
4254 return NULL;
4255 }
4256
4257 return pn;
4258 }
4259
4260 static JSParseNode *
4261 PushLexicalScope(JSContext *cx, TokenStream *ts, JSTreeContext *tc,
4262 JSStmtInfo *stmt)
4263 {
4264 JSParseNode *pn;
4265 JSObject *obj;
4266 JSObjectBox *blockbox;
4267
4268 pn = LexicalScopeNode::create(tc);
4269 if (!pn)
4270 return NULL;
4271
4272 obj = js_NewBlockObject(cx);
4273 if (!obj)
4274 return NULL;
4275
4276 blockbox = tc->parser->newObjectBox(obj);
4277 if (!blockbox)
4278 return NULL;
4279
4280 js_PushBlockScope(tc, stmt, obj, -1);
4281 pn->pn_type = TOK_LEXICALSCOPE;
4282 pn->pn_op = JSOP_LEAVEBLOCK;
4283 pn->pn_objbox = blockbox;
4284 pn->pn_cookie = FREE_UPVAR_COOKIE;
4285 pn->pn_dflags = 0;
4286 if (!GenerateBlockId(tc, stmt->blockid))
4287 return NULL;
4288 pn->pn_blockid = stmt->blockid;
4289 return pn;
4290 }
4291
4292 #if JS_HAS_BLOCK_SCOPE
4293
4294 JSParseNode *
4295 Parser::letBlock(JSBool statement)
4296 {
4297 JSParseNode *pn, *pnblock, *pnlet;
4298 JSStmtInfo stmtInfo;
4299
4300 JS_ASSERT(tokenStream.currentToken().type == TOK_LET);
4301
4302 /* Create the let binary node. */
4303 pnlet = BinaryNode::create(tc);
4304 if (!pnlet)
4305 return NULL;
4306
4307 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_LET);
4308
4309 /* This is a let block or expression of the form: let (a, b, c) .... */
4310 pnblock = PushLexicalScope(context, &tokenStream, tc, &stmtInfo);
4311 if (!pnblock)
4312 return NULL;
4313 pn = pnblock;
4314 pn->pn_expr = pnlet;
4315
4316 pnlet->pn_left = variables(true);
4317 if (!pnlet->pn_left)
4318 return NULL;
4319 pnlet->pn_left->pn_xflags = PNX_POPVAR;
4320
4321 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_LET);
4322
4323 if (statement && !tokenStream.matchToken(TOK_LC, TSF_OPERAND)) {
4324 /*
4325 * If this is really an expression in let statement guise, then we
4326 * need to wrap the TOK_LET node in a TOK_SEMI node so that we pop
4327 * the return value of the expression.
4328 */
4329 pn = UnaryNode::create(tc);
4330 if (!pn)
4331 return NULL;
4332 pn->pn_type = TOK_SEMI;
4333 pn->pn_num = -1;
4334 pn->pn_kid = pnblock;
4335
4336 statement = JS_FALSE;
4337 }
4338
4339 if (statement) {
4340 pnlet->pn_right = statements();
4341 if (!pnlet->pn_right)
4342 return NULL;
4343 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_LET);
4344 } else {
4345 /*
4346 * Change pnblock's opcode to the variant that propagates the last
4347 * result down after popping the block, and clear statement.
4348 */
4349 pnblock->pn_op = JSOP_LEAVEBLOCKEXPR;
4350 pnlet->pn_right = assignExpr();
4351 if (!pnlet->pn_right)
4352 return NULL;
4353 }
4354
4355 PopStatement(tc);
4356 return pn;
4357 }
4358
4359 #endif /* JS_HAS_BLOCK_SCOPE */
4360
4361 static bool
4362 PushBlocklikeStatement(JSStmtInfo *stmt, JSStmtType type, JSTreeContext *tc)
4363 {
4364 js_PushStatement(tc, stmt, type, -1);
4365 return GenerateBlockId(tc, stmt->blockid);
4366 }
4367
4368 static JSParseNode *
4369 NewBindingNode(JSAtom *atom, JSTreeContext *tc, bool let = false)
4370 {
4371 JSParseNode *pn = NULL;
4372
4373 JSAtomListElement *ale = tc->decls.lookup(atom);
4374 if (ale) {
4375 pn = ALE_DEFN(ale);
4376 JS_ASSERT(!pn->isPlaceholder());
4377 } else {
4378 ale = tc->lexdeps.lookup(atom);
4379 if (ale) {
4380 pn = ALE_DEFN(ale);
4381 JS_ASSERT(pn->isPlaceholder());
4382 }
4383 }
4384
4385 if (pn) {
4386 JS_ASSERT(pn->pn_defn);
4387
4388 /*
4389 * A let binding at top level becomes a var before we get here, so if
4390 * pn and tc have the same blockid then that id must not be the bodyid.
4391 * If pn is a forward placeholder definition from the same or a higher
4392 * block then we claim it.
4393 */
4394 JS_ASSERT_IF(let && pn->pn_blockid == tc->blockid(),
4395 pn->pn_blockid != tc->bodyid);
4396
4397 if (pn->isPlaceholder() && pn->pn_blockid >= (let ? tc->blockid() : tc->bodyid)) {
4398 if (let)
4399 pn->pn_blockid = tc->blockid();
4400
4401 tc->lexdeps.remove(tc->parser, atom);
4402 return pn;
4403 }
4404 }
4405
4406 /* Make a new node for this declarator name (or destructuring pattern). */
4407 pn = NameNode::create(atom, tc);
4408 if (!pn)
4409 return NULL;
4410 return pn;
4411 }
4412
4413 #if JS_HAS_BLOCK_SCOPE
4414 static bool
4415 RebindLets(JSParseNode *pn, JSTreeContext *tc)
4416 {
4417 if (!pn)
4418 return true;
4419
4420 switch (pn->pn_arity) {
4421 case PN_LIST:
4422 for (JSParseNode *pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next)
4423 RebindLets(pn2, tc);
4424 break;
4425
4426 case PN_TERNARY:
4427 RebindLets(pn->pn_kid1, tc);
4428 RebindLets(pn->pn_kid2, tc);
4429 RebindLets(pn->pn_kid3, tc);
4430 break;
4431
4432 case PN_BINARY:
4433 RebindLets(pn->pn_left, tc);
4434 RebindLets(pn->pn_right, tc);
4435 break;
4436
4437 case PN_UNARY:
4438 RebindLets(pn->pn_kid, tc);
4439 break;
4440
4441 case PN_FUNC:
4442 RebindLets(pn->pn_body, tc);
4443 break;
4444
4445 case PN_NAME:
4446 RebindLets(pn->maybeExpr(), tc);
4447
4448 if (pn->pn_defn) {
4449 JS_ASSERT(pn->pn_blockid > tc->topStmt->blockid);
4450 } else if (pn->pn_used) {
4451 if (pn->pn_lexdef->pn_blockid == tc->topStmt->blockid) {
4452 ForgetUse(pn);
4453
4454 JSAtomListElement *ale = tc->decls.lookup(pn->pn_atom);
4455 if (ale) {
4456 while ((ale = ALE_NEXT(ale)) != NULL) {
4457 if (ALE_ATOM(ale) == pn->pn_atom) {
4458 LinkUseToDef(pn, ALE_DEFN(ale), tc);
4459 return true;
4460 }
4461 }
4462 }
4463
4464 ale = tc->lexdeps.lookup(pn->pn_atom);
4465 if (!ale) {
4466 ale = MakePlaceholder(pn, tc);
4467 if (!ale)
4468 return NULL;
4469
4470 JSDefinition *dn = ALE_DEFN(ale);
4471 dn->pn_type = TOK_NAME;
4472 dn->pn_op = JSOP_NOP;
4473 }
4474 LinkUseToDef(pn, ALE_DEFN(ale), tc);
4475 }
4476 }
4477 break;
4478
4479 case PN_NAMESET:
4480 RebindLets(pn->pn_tree, tc);
4481 break;
4482 }
4483
4484 return true;
4485 }
4486 #endif /* JS_HAS_BLOCK_SCOPE */
4487
4488 JSParseNode *
4489 Parser::statement()
4490 {
4491 TokenKind tt;
4492 JSParseNode *pn, *pn1, *pn2, *pn3, *pn4;
4493 JSStmtInfo stmtInfo, *stmt, *stmt2;
4494 JSAtom *label;
4495
4496 JS_CHECK_RECURSION(context, return NULL);
4497
4498 tt = tokenStream.getToken(TSF_OPERAND);
4499
4500 switch (tt) {
4501 case TOK_FUNCTION:
4502 #if JS_HAS_XML_SUPPORT
4503 tt = tokenStream.peekToken(TSF_KEYWORD_IS_NAME);
4504 if (tt == TOK_DBLCOLON)
4505 goto expression;
4506 #endif
4507 return functionStmt();
4508
4509 case TOK_IF:
4510 /* An IF node has three kids: condition, then, and optional else. */
4511 pn = TernaryNode::create(tc);
4512 if (!pn)
4513 return NULL;
4514 pn1 = condition();
4515 if (!pn1)
4516 return NULL;
4517 js_PushStatement(tc, &stmtInfo, STMT_IF, -1);
4518 pn2 = statement();
4519 if (!pn2)
4520 return NULL;
4521 if (tokenStream.matchToken(TOK_ELSE, TSF_OPERAND)) {
4522 stmtInfo.type = STMT_ELSE;
4523 pn3 = statement();
4524 if (!pn3)
4525 return NULL;
4526 pn->pn_pos.end = pn3->pn_pos.end;
4527 } else {
4528 pn3 = NULL;
4529 pn->pn_pos.end = pn2->pn_pos.end;
4530 }
4531 PopStatement(tc);
4532 pn->pn_kid1 = pn1;
4533 pn->pn_kid2 = pn2;
4534 pn->pn_kid3 = pn3;
4535 return pn;
4536
4537 case TOK_SWITCH:
4538 {
4539 JSParseNode *pn5, *saveBlock;
4540 JSBool seenDefault = JS_FALSE;
4541
4542 pn = BinaryNode::create(tc);
4543 if (!pn)
4544 return NULL;
4545 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_SWITCH);
4546
4547 /* pn1 points to the switch's discriminant. */
4548 pn1 = parenExpr(NULL, NULL);
4549 if (!pn1)
4550 return NULL;
4551
4552 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_SWITCH);
4553 MUST_MATCH_TOKEN(TOK_LC, JSMSG_CURLY_BEFORE_SWITCH);
4554
4555 /*
4556 * NB: we must push stmtInfo before calling GenerateBlockIdForStmtNode
4557 * because that function states tc->topStmt->blockid.
4558 */
4559 js_PushStatement(tc, &stmtInfo, STMT_SWITCH, -1);
4560
4561 /* pn2 is a list of case nodes. The default case has pn_left == NULL */
4562 pn2 = ListNode::create(tc);
4563 if (!pn2)
4564 return NULL;
4565 pn2->makeEmpty();
4566 if (!GenerateBlockIdForStmtNode(pn2, tc))
4567 return NULL;
4568 saveBlock = tc->blockNode;
4569 tc->blockNode = pn2;
4570
4571 while ((tt = tokenStream.getToken()) != TOK_RC) {
4572 switch (tt) {
4573 case TOK_DEFAULT:
4574 if (seenDefault) {
4575 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_TOO_MANY_DEFAULTS);
4576 return NULL;
4577 }
4578 seenDefault = JS_TRUE;
4579 /* FALL THROUGH */
4580
4581 case TOK_CASE:
4582 pn3 = BinaryNode::create(tc);
4583 if (!pn3)
4584 return NULL;
4585 if (tt == TOK_CASE) {
4586 pn3->pn_left = expr();
4587 if (!pn3->pn_left)
4588 return NULL;
4589 }
4590 pn2->append(pn3);
4591 if (pn2->pn_count == JS_BIT(16)) {
4592 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_TOO_MANY_CASES);
4593 return NULL;
4594 }
4595 break;
4596
4597 case TOK_ERROR:
4598 return NULL;
4599
4600 default:
4601 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_SWITCH);
4602 return NULL;
4603 }
4604 MUST_MATCH_TOKEN(TOK_COLON, JSMSG_COLON_AFTER_CASE);
4605
4606 pn4 = ListNode::create(tc);
4607 if (!pn4)
4608 return NULL;
4609 pn4->pn_type = TOK_LC;
4610 pn4->makeEmpty();
4611 while ((tt = tokenStream.peekToken(TSF_OPERAND)) != TOK_RC &&
4612 tt != TOK_CASE && tt != TOK_DEFAULT) {
4613 if (tt == TOK_ERROR)
4614 return NULL;
4615 pn5 = statement();
4616 if (!pn5)
4617 return NULL;
4618 pn4->pn_pos.end = pn5->pn_pos.end;
4619 pn4->append(pn5);
4620 }
4621
4622 /* Fix the PN_LIST so it doesn't begin at the TOK_COLON. */
4623 if (pn4->pn_head)
4624 pn4->pn_pos.begin = pn4->pn_head->pn_pos.begin;
4625 pn3->pn_pos.end = pn4->pn_pos.end;
4626 pn3->pn_right = pn4;
4627 }
4628
4629 /*
4630 * Handle the case where there was a let declaration in any case in
4631 * the switch body, but not within an inner block. If it replaced
4632 * tc->blockNode with a new block node then we must refresh pn2 and
4633 * then restore tc->blockNode.
4634 */
4635 if (tc->blockNode != pn2)
4636 pn2 = tc->blockNode;
4637 tc->blockNode = saveBlock;
4638 PopStatement(tc);
4639
4640 pn->pn_pos.end = pn2->pn_pos.end = tokenStream.currentToken().pos.end;
4641 pn->pn_left = pn1;
4642 pn->pn_right = pn2;
4643 return pn;
4644 }
4645
4646 case TOK_WHILE:
4647 pn = BinaryNode::create(tc);
4648 if (!pn)
4649 return NULL;
4650 js_PushStatement(tc, &stmtInfo, STMT_WHILE_LOOP, -1);
4651 pn2 = condition();
4652 if (!pn2)
4653 return NULL;
4654 pn->pn_left = pn2;
4655 pn2 = statement();
4656 if (!pn2)
4657 return NULL;
4658 PopStatement(tc);
4659 pn->pn_pos.end = pn2->pn_pos.end;
4660 pn->pn_right = pn2;
4661 return pn;
4662
4663 case TOK_DO:
4664 pn = BinaryNode::create(tc);
4665 if (!pn)
4666 return NULL;
4667 js_PushStatement(tc, &stmtInfo, STMT_DO_LOOP, -1);
4668 pn2 = statement();
4669 if (!pn2)
4670 return NULL;
4671 pn->pn_left = pn2;
4672 MUST_MATCH_TOKEN(TOK_WHILE, JSMSG_WHILE_AFTER_DO);
4673 pn2 = condition();
4674 if (!pn2)
4675 return NULL;
4676 PopStatement(tc);
4677 pn->pn_pos.end = pn2->pn_pos.end;
4678 pn->pn_right = pn2;
4679 if (JSVERSION_NUMBER(context) != JSVERSION_ECMA_3) {
4680 /*
4681 * All legacy and extended versions must do automatic semicolon
4682 * insertion after do-while. See the testcase and discussion in
4683 * http://bugzilla.mozilla.org/show_bug.cgi?id=238945.
4684 */
4685 (void) tokenStream.matchToken(TOK_SEMI);
4686 return pn;
4687 }
4688 break;
4689
4690 case TOK_FOR:
4691 {
4692 JSParseNode *pnseq = NULL;
4693 #if JS_HAS_BLOCK_SCOPE
4694 JSParseNode *pnlet = NULL;
4695 JSStmtInfo blockInfo;
4696 #endif
4697
4698 /* A FOR node is binary, left is loop control and right is the body. */
4699 pn = BinaryNode::create(tc);
4700 if (!pn)
4701 return NULL;
4702 js_PushStatement(tc, &stmtInfo, STMT_FOR_LOOP, -1);
4703
4704 pn->pn_op = JSOP_ITER;
4705 pn->pn_iflags = 0;
4706 if (tokenStream.matchToken(TOK_NAME)) {
4707 if (tokenStream.currentToken().t_atom == context->runtime->atomState.eachAtom)
4708 pn->pn_iflags = JSITER_FOREACH;
4709 else
4710 tokenStream.ungetToken();
4711 }
4712
4713 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_AFTER_FOR);
4714 tt = tokenStream.peekToken(TSF_OPERAND);
4715
4716 #if JS_HAS_BLOCK_SCOPE
4717 bool let = false;
4718 #endif
4719
4720 if (tt == TOK_SEMI) {
4721 if (pn->pn_iflags & JSITER_FOREACH)
4722 goto bad_for_each;
4723
4724 /* No initializer -- set first kid of left sub-node to null. */
4725 pn1 = NULL;
4726 } else {
4727 /*
4728 * Set pn1 to a var list or an initializing expression.
4729 *
4730 * Set the TCF_IN_FOR_INIT flag during parsing of the first clause
4731 * of the for statement. This flag will be used by the RelExpr
4732 * production; if it is set, then the 'in' keyword will not be
4733 * recognized as an operator, leaving it available to be parsed as
4734 * part of a for/in loop.
4735 *
4736 * A side effect of this restriction is that (unparenthesized)
4737 * expressions involving an 'in' operator are illegal in the init
4738 * clause of an ordinary for loop.
4739 */
4740 tc->flags |= TCF_IN_FOR_INIT;
4741 if (tt == TOK_VAR) {
4742 (void) tokenStream.getToken();
4743 pn1 = variables(false);
4744 #if JS_HAS_BLOCK_SCOPE
4745 } else if (tt == TOK_LET) {
4746 let = true;
4747 (void) tokenStream.getToken();
4748 if (tokenStream.peekToken() == TOK_LP) {
4749 pn1 = letBlock(JS_FALSE);
4750 tt = TOK_LEXICALSCOPE;
4751 } else {
4752 pnlet = PushLexicalScope(context, &tokenStream, tc, &blockInfo);
4753 if (!pnlet)
4754 return NULL;
4755 blockInfo.flags |= SIF_FOR_BLOCK;
4756 pn1 = variables(false);
4757 }
4758 #endif
4759 } else {
4760 pn1 = expr();
4761 }
4762 tc->flags &= ~TCF_IN_FOR_INIT;
4763 if (!pn1)
4764 return NULL;
4765 }
4766
4767 /*
4768 * We can be sure that it's a for/in loop if there's still an 'in'
4769 * keyword here, even if JavaScript recognizes 'in' as an operator,
4770 * as we've excluded 'in' from being parsed in RelExpr by setting
4771 * the TCF_IN_FOR_INIT flag in our JSTreeContext.
4772 */
4773 if (pn1 && tokenStream.matchToken(TOK_IN)) {
4774 pn->pn_iflags |= JSITER_ENUMERATE;
4775 stmtInfo.type = STMT_FOR_IN_LOOP;
4776
4777 /* Check that the left side of the 'in' is valid. */
4778 JS_ASSERT(!TokenKindIsDecl(tt) || PN_TYPE(pn1) == tt);
4779 if (TokenKindIsDecl(tt)
4780 ? (pn1->pn_count > 1 || pn1->pn_op == JSOP_DEFCONST
4781 #if JS_HAS_DESTRUCTURING
4782 || (JSVERSION_NUMBER(context) == JSVERSION_1_7 &&
4783 pn->pn_op == JSOP_ITER &&
4784 !(pn->pn_iflags & JSITER_FOREACH) &&
4785 (pn1->pn_head->pn_type == TOK_RC ||
4786 (pn1->pn_head->pn_type == TOK_RB &&
4787 pn1->pn_head->pn_count != 2) ||
4788 (pn1->pn_head->pn_type == TOK_ASSIGN &&
4789 (pn1->pn_head->pn_left->pn_type != TOK_RB ||
4790 pn1->pn_head->pn_left->pn_count != 2))))
4791 #endif
4792 )
4793 : (pn1->pn_type != TOK_NAME &&
4794 pn1->pn_type != TOK_DOT &&
4795 #if JS_HAS_DESTRUCTURING
4796 ((JSVERSION_NUMBER(context) == JSVERSION_1_7 &&
4797 pn->pn_op == JSOP_ITER &&
4798 !(pn->pn_iflags & JSITER_FOREACH))
4799 ? (pn1->pn_type != TOK_RB || pn1->pn_count != 2)
4800 : (pn1->pn_type != TOK_RB && pn1->pn_type != TOK_RC)) &&
4801 #endif
4802 pn1->pn_type != TOK_LP &&
4803 #if JS_HAS_XML_SUPPORT
4804 (pn1->pn_type != TOK_UNARYOP ||
4805 pn1->pn_op != JSOP_XMLNAME) &&
4806 #endif
4807 pn1->pn_type != TOK_LB)) {
4808 reportErrorNumber(pn1, JSREPORT_ERROR, JSMSG_BAD_FOR_LEFTSIDE);
4809 return NULL;
4810 }
4811
4812 /* pn2 points to the name or destructuring pattern on in's left. */
4813 pn2 = NULL;
4814 uintN dflag = PND_ASSIGNED;
4815
4816 if (TokenKindIsDecl(tt)) {
4817 /* Tell js_EmitTree(TOK_VAR) that pn1 is part of a for/in. */
4818 pn1->pn_xflags |= PNX_FORINVAR;
4819
4820 /*
4821 * Rewrite 'for (<decl> x = i in o)' where <decl> is 'let',
4822 * 'var', or 'const' to hoist the initializer or the entire
4823 * decl out of the loop head. TOK_VAR is the type for both
4824 * 'var' and 'const'.
4825 */
4826 pn2 = pn1->pn_head;
4827 if ((pn2->pn_type == TOK_NAME && pn2->maybeExpr())
4828 #if JS_HAS_DESTRUCTURING
4829 || pn2->pn_type == TOK_ASSIGN
4830 #endif
4831 ) {
4832 pnseq = ListNode::create(tc);
4833 if (!pnseq)
4834 return NULL;
4835 pnseq->pn_type = TOK_SEQ;
4836 pnseq->pn_pos.begin = pn->pn_pos.begin;
4837
4838 #if JS_HAS_BLOCK_SCOPE
4839 if (tt == TOK_LET) {
4840 /*
4841 * Hoist just the 'i' from 'for (let x = i in o)' to
4842 * before the loop, glued together via pnseq.
4843 */
4844 pn3 = UnaryNode::create(tc);
4845 if (!pn3)
4846 return NULL;
4847 pn3->pn_type = TOK_SEMI;
4848 pn3->pn_op = JSOP_NOP;
4849 #if JS_HAS_DESTRUCTURING
4850 if (pn2->pn_type == TOK_ASSIGN) {
4851 pn4 = pn2->pn_right;
4852 pn2 = pn1->pn_head = pn2->pn_left;
4853 } else
4854 #endif
4855 {
4856 pn4 = pn2->pn_expr;
4857 pn2->pn_expr = NULL;
4858 }
4859 if (!RebindLets(pn4, tc))
4860 return NULL;
4861 pn3->pn_pos = pn4->pn_pos;
4862 pn3->pn_kid = pn4;
4863 pnseq->initList(pn3);
4864 } else
4865 #endif /* JS_HAS_BLOCK_SCOPE */
4866 {
4867 dflag = PND_INITIALIZED;
4868
4869 /*
4870 * All of 'var x = i' is hoisted above 'for (x in o)',
4871 * so clear PNX_FORINVAR.
4872 *
4873 * Request JSOP_POP here since the var is for a simple
4874 * name (it is not a destructuring binding's left-hand
4875 * side) and it has an initializer.
4876 */
4877 pn1->pn_xflags &= ~PNX_FORINVAR;
4878 pn1->pn_xflags |= PNX_POPVAR;
4879 pnseq->initList(pn1);
4880
4881 #if JS_HAS_DESTRUCTURING
4882 if (pn2->pn_type == TOK_ASSIGN) {
4883 pn1 = CloneParseTree(pn2->pn_left, tc);
4884 if (!pn1)
4885 return NULL;
4886 } else
4887 #endif
4888 {
4889 JS_ASSERT(pn2->pn_type == TOK_NAME);
4890 pn1 = NameNode::create(pn2->pn_atom, tc);
4891 if (!pn1)
4892 return NULL;
4893 pn1->pn_type = TOK_NAME;
4894 pn1->pn_op = JSOP_NAME;
4895 pn1->pn_pos = pn2->pn_pos;
4896 if (pn2->pn_defn)
4897 LinkUseToDef(pn1, (JSDefinition *) pn2, tc);
4898 }
4899 pn2 = pn1;
4900 }
4901 }
4902 }
4903
4904 if (!pn2) {
4905 pn2 = pn1;
4906 if (pn2->pn_type == TOK_LP &&
4907 !MakeSetCall(context, pn2, tc, JSMSG_BAD_LEFTSIDE_OF_ASS)) {
4908 return NULL;
4909 }
4910 #if JS_HAS_XML_SUPPORT
4911 if (pn2->pn_type == TOK_UNARYOP)
4912 pn2->pn_op = JSOP_BINDXMLNAME;
4913 #endif
4914 }
4915
4916 switch (pn2->pn_type) {
4917 case TOK_NAME:
4918 /* Beware 'for (arguments in ...)' with or without a 'var'. */
4919 NoteLValue(context, pn2, tc, dflag);
4920 break;
4921
4922 #if JS_HAS_DESTRUCTURING
4923 case TOK_ASSIGN:
4924 pn2 = pn2->pn_left;
4925 JS_ASSERT(pn2->pn_type == TOK_RB || pn2->pn_type == TOK_RC);
4926 /* FALL THROUGH */
4927 case TOK_RB:
4928 case TOK_RC:
4929 /* Check for valid lvalues in var-less destructuring for-in. */
4930 if (pn1 == pn2 && !CheckDestructuring(context, NULL, pn2, NULL, tc))
4931 return NULL;
4932
4933 if (JSVERSION_NUMBER(context) == JSVERSION_1_7) {
4934 /*
4935 * Destructuring for-in requires [key, value] enumeration
4936 * in JS1.7.
4937 */
4938 JS_ASSERT(pn->pn_op == JSOP_ITER);
4939 if (!(pn->pn_iflags & JSITER_FOREACH))
4940 pn->pn_iflags |= JSITER_FOREACH | JSITER_KEYVALUE;
4941 }
4942 break;
4943 #endif
4944
4945 default:;
4946 }
4947
4948 /*
4949 * Parse the object expression as the right operand of 'in', first
4950 * removing the top statement from the statement-stack if this is a
4951 * 'for (let x in y)' loop.
4952 */
4953 #if JS_HAS_BLOCK_SCOPE
4954 JSStmtInfo *save = tc->topStmt;
4955 if (let)
4956 tc->topStmt = save->down;
4957 #endif
4958 pn2 = expr();
4959 #if JS_HAS_BLOCK_SCOPE
4960 if (let)
4961 tc->topStmt = save;
4962 #endif
4963
4964 pn2 = JSParseNode::newBinaryOrAppend(TOK_IN, JSOP_NOP, pn1, pn2, tc);
4965 if (!pn2)
4966 return NULL;
4967 pn->pn_left = pn2;
4968 } else {
4969 if (pn->pn_iflags & JSITER_FOREACH)
4970 goto bad_for_each;
4971 pn->pn_op = JSOP_NOP;
4972
4973 /* Parse the loop condition or null into pn2. */
4974 MUST_MATCH_TOKEN(TOK_SEMI, JSMSG_SEMI_AFTER_FOR_INIT);
4975 tt = tokenStream.peekToken(TSF_OPERAND);
4976 if (tt == TOK_SEMI) {
4977 pn2 = NULL;
4978 } else {
4979 pn2 = expr();
4980 if (!pn2)
4981 return NULL;
4982 }
4983
4984 /* Parse the update expression or null into pn3. */
4985 MUST_MATCH_TOKEN(TOK_SEMI, JSMSG_SEMI_AFTER_FOR_COND);
4986 tt = tokenStream.peekToken(TSF_OPERAND);
4987 if (tt == TOK_RP) {
4988 pn3 = NULL;
4989 } else {
4990 pn3 = expr();
4991 if (!pn3)
4992 return NULL;
4993 }
4994
4995 /* Build the FORHEAD node to use as the left kid of pn. */
4996 pn4 = TernaryNode::create(tc);
4997 if (!pn4)
4998 return NULL;
4999 pn4->pn_type = TOK_FORHEAD;
5000 pn4->pn_op = JSOP_NOP;
5001 pn4->pn_kid1 = pn1;
5002 pn4->pn_kid2 = pn2;
5003 pn4->pn_kid3 = pn3;
5004 pn->pn_left = pn4;
5005 }
5006
5007 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_FOR_CTRL);
5008
5009 /* Parse the loop body into pn->pn_right. */
5010 pn2 = statement();
5011 if (!pn2)
5012 return NULL;
5013 pn->pn_right = pn2;
5014
5015 /* Record the absolute line number for source note emission. */
5016 pn->pn_pos.end = pn2->pn_pos.end;
5017
5018 #if JS_HAS_BLOCK_SCOPE
5019 if (pnlet) {
5020 PopStatement(tc);
5021 pnlet->pn_expr = pn;
5022 pn = pnlet;
5023 }
5024 #endif
5025 if (pnseq) {
5026 pnseq->pn_pos.end = pn->pn_pos.end;
5027 pnseq->append(pn);
5028 pn = pnseq;
5029 }
5030 PopStatement(tc);
5031 return pn;
5032
5033 bad_for_each:
5034 reportErrorNumber(pn, JSREPORT_ERROR, JSMSG_BAD_FOR_EACH_LOOP);
5035 return NULL;
5036 }
5037
5038 case TOK_TRY: {
5039 JSParseNode *catchList, *lastCatch;
5040
5041 /*
5042 * try nodes are ternary.
5043 * kid1 is the try statement
5044 * kid2 is the catch node list or null
5045 * kid3 is the finally statement
5046 *
5047 * catch nodes are ternary.
5048 * kid1 is the lvalue (TOK_NAME, TOK_LB, or TOK_LC)
5049 * kid2 is the catch guard or null if no guard
5050 * kid3 is the catch block
5051 *
5052 * catch lvalue nodes are either:
5053 * TOK_NAME for a single identifier
5054 * TOK_RB or TOK_RC for a destructuring left-hand side
5055 *
5056 * finally nodes are TOK_LC statement lists.
5057 */
5058 pn = TernaryNode::create(tc);
5059 if (!pn)
5060 return NULL;
5061 pn->pn_op = JSOP_NOP;
5062
5063 MUST_MATCH_TOKEN(TOK_LC, JSMSG_CURLY_BEFORE_TRY);
5064 if (!PushBlocklikeStatement(&stmtInfo, STMT_TRY, tc))
5065 return NULL;
5066 pn->pn_kid1 = statements();
5067 if (!pn->pn_kid1)
5068 return NULL;
5069 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_TRY);
5070 PopStatement(tc);
5071
5072 catchList = NULL;
5073 tt = tokenStream.getToken();
5074 if (tt == TOK_CATCH) {
5075 catchList = ListNode::create(tc);
5076 if (!catchList)
5077 return NULL;
5078 catchList->pn_type = TOK_RESERVED;
5079 catchList->makeEmpty();
5080 lastCatch = NULL;
5081
5082 do {
5083 JSParseNode *pnblock;
5084 BindData data;
5085
5086 /* Check for another catch after unconditional catch. */
5087 if (lastCatch && !lastCatch->pn_kid2) {
5088 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_CATCH_AFTER_GENERAL);
5089 return NULL;
5090 }
5091
5092 /*
5093 * Create a lexical scope node around the whole catch clause,
5094 * including the head.
5095 */
5096 pnblock = PushLexicalScope(context, &tokenStream, tc, &stmtInfo);
5097 if (!pnblock)
5098 return NULL;
5099 stmtInfo.type = STMT_CATCH;
5100
5101 /*
5102 * Legal catch forms are:
5103 * catch (lhs)
5104 * catch (lhs if <boolean_expression>)
5105 * where lhs is a name or a destructuring left-hand side.
5106 * (the latter is legal only #ifdef JS_HAS_CATCH_GUARD)
5107 */
5108 pn2 = TernaryNode::create(tc);
5109 if (!pn2)
5110 return NULL;
5111 pnblock->pn_expr = pn2;
5112 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_CATCH);
5113
5114 /*
5115 * Contrary to ECMA Ed. 3, the catch variable is lexically
5116 * scoped, not a property of a new Object instance. This is
5117 * an intentional change that anticipates ECMA Ed. 4.
5118 */
5119 data.pn = NULL;
5120 data.op = JSOP_NOP;
5121 data.binder = BindLet;
5122 data.let.overflow = JSMSG_TOO_MANY_CATCH_VARS;
5123
5124 tt = tokenStream.getToken();
5125 switch (tt) {
5126 #if JS_HAS_DESTRUCTURING
5127 case TOK_LB:
5128 case TOK_LC:
5129 pn3 = destructuringExpr(&data, tt);
5130 if (!pn3)
5131 return NULL;
5132 break;
5133 #endif
5134
5135 case TOK_NAME:
5136 label = tokenStream.currentToken().t_atom;
5137 pn3 = NewBindingNode(label, tc, true);
5138 if (!pn3)
5139 return NULL;
5140 data.pn = pn3;
5141 if (!data.binder(context, &data, label, tc))
5142 return NULL;
5143 break;
5144
5145 default:
5146 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_CATCH_IDENTIFIER);
5147 return NULL;
5148 }
5149
5150 pn2->pn_kid1 = pn3;
5151 #if JS_HAS_CATCH_GUARD
5152 /*
5153 * We use 'catch (x if x === 5)' (not 'catch (x : x === 5)')
5154 * to avoid conflicting with the JS2/ECMAv4 type annotation
5155 * catchguard syntax.
5156 */
5157 if (tokenStream.matchToken(TOK_IF)) {
5158 pn2->pn_kid2 = expr();
5159 if (!pn2->pn_kid2)
5160 return NULL;
5161 }
5162 #endif
5163 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_CATCH);
5164
5165 MUST_MATCH_TOKEN(TOK_LC, JSMSG_CURLY_BEFORE_CATCH);
5166 pn2->pn_kid3 = statements();
5167 if (!pn2->pn_kid3)
5168 return NULL;
5169 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_CATCH);
5170 PopStatement(tc);
5171
5172 catchList->append(pnblock);
5173 lastCatch = pn2;
5174 tt = tokenStream.getToken(TSF_OPERAND);
5175 } while (tt == TOK_CATCH);
5176 }
5177 pn->pn_kid2 = catchList;
5178
5179 if (tt == TOK_FINALLY) {
5180 MUST_MATCH_TOKEN(TOK_LC, JSMSG_CURLY_BEFORE_FINALLY);
5181 if (!PushBlocklikeStatement(&stmtInfo, STMT_FINALLY, tc))
5182 return NULL;
5183 pn->pn_kid3 = statements();
5184 if (!pn->pn_kid3)
5185 return NULL;
5186 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_AFTER_FINALLY);
5187 PopStatement(tc);
5188 } else {
5189 tokenStream.ungetToken();
5190 }
5191 if (!catchList && !pn->pn_kid3) {
5192 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_CATCH_OR_FINALLY);
5193 return NULL;
5194 }
5195 return pn;
5196 }
5197
5198 case TOK_THROW:
5199 pn = UnaryNode::create(tc);
5200 if (!pn)
5201 return NULL;
5202
5203 /* ECMA-262 Edition 3 says 'throw [no LineTerminator here] Expr'. */
5204 tt = tokenStream.peekTokenSameLine(TSF_OPERAND);
5205 if (tt == TOK_ERROR)
5206 return NULL;
5207 if (tt == TOK_EOF || tt == TOK_EOL || tt == TOK_SEMI || tt == TOK_RC) {
5208 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
5209 return NULL;
5210 }
5211
5212 pn2 = expr();
5213 if (!pn2)
5214 return NULL;
5215 pn->pn_pos.end = pn2->pn_pos.end;
5216 pn->pn_op = JSOP_THROW;
5217 pn->pn_kid = pn2;
5218 break;
5219
5220 /* TOK_CATCH and TOK_FINALLY are both handled in the TOK_TRY case */
5221 case TOK_CATCH:
5222 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_CATCH_WITHOUT_TRY);
5223 return NULL;
5224
5225 case TOK_FINALLY:
5226 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_FINALLY_WITHOUT_TRY);
5227 return NULL;
5228
5229 case TOK_BREAK:
5230 pn = NullaryNode::create(tc);
5231 if (!pn)
5232 return NULL;
5233 if (!MatchLabel(context, &tokenStream, pn))
5234 return NULL;
5235 stmt = tc->topStmt;
5236 label = pn->pn_atom;
5237 if (label) {
5238 for (; ; stmt = stmt->down) {
5239 if (!stmt) {
5240 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_LABEL_NOT_FOUND);
5241 return NULL;
5242 }
5243 if (stmt->type == STMT_LABEL && stmt->label == label)
5244 break;
5245 }
5246 } else {
5247 for (; ; stmt = stmt->down) {
5248 if (!stmt) {
5249 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_TOUGH_BREAK);
5250 return NULL;
5251 }
5252 if (STMT_IS_LOOP(stmt) || stmt->type == STMT_SWITCH)
5253 break;
5254 }
5255 }
5256 if (label)
5257 pn->pn_pos.end = tokenStream.currentToken().pos.end;
5258 break;
5259
5260 case TOK_CONTINUE:
5261 pn = NullaryNode::create(tc);
5262 if (!pn)
5263 return NULL;
5264 if (!MatchLabel(context, &tokenStream, pn))
5265 return NULL;
5266 stmt = tc->topStmt;
5267 label = pn->pn_atom;
5268 if (label) {
5269 for (stmt2 = NULL; ; stmt = stmt->down) {
5270 if (!stmt) {
5271 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_LABEL_NOT_FOUND);
5272 return NULL;
5273 }
5274 if (stmt->type == STMT_LABEL) {
5275 if (stmt->label == label) {
5276 if (!stmt2 || !STMT_IS_LOOP(stmt2)) {
5277 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_CONTINUE);
5278 return NULL;
5279 }
5280 break;
5281 }
5282 } else {
5283 stmt2 = stmt;
5284 }
5285 }
5286 } else {
5287 for (; ; stmt = stmt->down) {
5288 if (!stmt) {
5289 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_CONTINUE);
5290 return NULL;
5291 }
5292 if (STMT_IS_LOOP(stmt))
5293 break;
5294 }
5295 }
5296 if (label)
5297 pn->pn_pos.end = tokenStream.currentToken().pos.end;
5298 break;
5299
5300 case TOK_WITH:
5301 /*
5302 * In most cases, we want the constructs forbidden in strict mode
5303 * code to be a subset of those that JSOPTION_STRICT warns about, and
5304 * we should use ReportStrictModeError. However, 'with' is the sole
5305 * instance of a construct that is forbidden in strict mode code, but
5306 * doesn't even merit a warning under JSOPTION_STRICT. See
5307 * https://bugzilla.mozilla.org/show_bug.cgi?id=514576#c1.
5308 */
5309 if (tc->flags & TCF_STRICT_MODE_CODE) {
5310 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_STRICT_CODE_WITH);
5311 return NULL;
5312 }
5313
5314 pn = BinaryNode::create(tc);
5315 if (!pn)
5316 return NULL;
5317 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_BEFORE_WITH);
5318 pn2 = parenExpr(NULL, NULL);
5319 if (!pn2)
5320 return NULL;
5321 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_WITH);
5322 pn->pn_left = pn2;
5323
5324 js_PushStatement(tc, &stmtInfo, STMT_WITH, -1);
5325 pn2 = statement();
5326 if (!pn2)
5327 return NULL;
5328 PopStatement(tc);
5329
5330 pn->pn_pos.end = pn2->pn_pos.end;
5331 pn->pn_right = pn2;
5332 tc->flags |= TCF_FUN_HEAVYWEIGHT;
5333 return pn;
5334
5335 case TOK_VAR:
5336 pn = variables(false);
5337 if (!pn)
5338 return NULL;
5339
5340 /* Tell js_EmitTree to generate a final POP. */
5341 pn->pn_xflags |= PNX_POPVAR;
5342 break;
5343
5344 #if JS_HAS_BLOCK_SCOPE
5345 case TOK_LET:
5346 {
5347 JSObject *obj;
5348 JSObjectBox *blockbox;
5349
5350 /* Check for a let statement or let expression. */
5351 if (tokenStream.peekToken() == TOK_LP) {
5352 pn = letBlock(JS_TRUE);
5353 if (!pn || pn->pn_op == JSOP_LEAVEBLOCK)
5354 return pn;
5355
5356 /* Let expressions require automatic semicolon insertion. */
5357 JS_ASSERT(pn->pn_type == TOK_SEMI ||
5358 pn->pn_op == JSOP_LEAVEBLOCKEXPR);
5359 break;
5360 }
5361
5362 /*
5363 * This is a let declaration. We must be directly under a block per
5364 * the proposed ES4 specs, but not an implicit block created due to
5365 * 'for (let ...)'. If we pass this error test, make the enclosing
5366 * JSStmtInfo be our scope. Further let declarations in this block
5367 * will find this scope statement and use the same block object.
5368 *
5369 * If we are the first let declaration in this block (i.e., when the
5370 * enclosing maybe-scope JSStmtInfo isn't yet a scope statement) then
5371 * we also need to set tc->blockNode to be our TOK_LEXICALSCOPE.
5372 */
5373 stmt = tc->topStmt;
5374 if (stmt &&
5375 (!STMT_MAYBE_SCOPE(stmt) || (stmt->flags & SIF_FOR_BLOCK))) {
5376 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_LET_DECL_NOT_IN_BLOCK);
5377 return NULL;
5378 }
5379
5380 if (stmt && (stmt->flags & SIF_SCOPE)) {
5381 JS_ASSERT(tc->blockChain == stmt->blockObj);
5382 obj = tc->blockChain;
5383 } else {
5384 if (!stmt || (stmt->flags & SIF_BODY_BLOCK)) {
5385 /*
5386 * ES4 specifies that let at top level and at body-block scope
5387 * does not shadow var, so convert back to var.
5388 */
5389 tokenStream.mungeCurrentToken(TOK_VAR, JSOP_DEFVAR);
5390
5391 pn = variables(false);
5392 if (!pn)
5393 return NULL;
5394 pn->pn_xflags |= PNX_POPVAR;
5395 break;
5396 }
5397
5398 /*
5399 * Some obvious assertions here, but they may help clarify the
5400 * situation. This stmt is not yet a scope, so it must not be a
5401 * catch block (catch is a lexical scope by definition).
5402 */
5403 JS_ASSERT(!(stmt->flags & SIF_SCOPE));
5404 JS_ASSERT(stmt != tc->topScopeStmt);
5405 JS_ASSERT(stmt->type == STMT_BLOCK ||
5406 stmt->type == STMT_SWITCH ||
5407 stmt->type == STMT_TRY ||
5408 stmt->type == STMT_FINALLY);
5409 JS_ASSERT(!stmt->downScope);
5410
5411 /* Convert the block statement into a scope statement. */
5412 JSObject *obj = js_NewBlockObject(tc->parser->context);
5413 if (!obj)
5414 return NULL;
5415
5416 blockbox = tc->parser->newObjectBox(obj);
5417 if (!blockbox)
5418 return NULL;
5419
5420 /*
5421 * Insert stmt on the tc->topScopeStmt/stmtInfo.downScope linked
5422 * list stack, if it isn't already there. If it is there, but it
5423 * lacks the SIF_SCOPE flag, it must be a try, catch, or finally
5424 * block.
5425 */
5426 stmt->flags |= SIF_SCOPE;
5427 stmt->downScope = tc->topScopeStmt;
5428 tc->topScopeStmt = stmt;
5429 JS_SCOPE_DEPTH_METERING(++tc->scopeDepth > tc->maxScopeDepth &&
5430 (tc->maxScopeDepth = tc->scopeDepth));
5431
5432 obj->setParent(tc->blockChain);
5433 tc->blockChain = obj;
5434 stmt->blockObj = obj;
5435
5436 #ifdef DEBUG
5437 pn1 = tc->blockNode;
5438 JS_ASSERT(!pn1 || pn1->pn_type != TOK_LEXICALSCOPE);
5439 #endif
5440
5441 /* Create a new lexical scope node for these statements. */
5442 pn1 = LexicalScopeNode::create(tc);
5443 if (!pn1)
5444 return NULL;
5445
5446 pn1->pn_type = TOK_LEXICALSCOPE;
5447 pn1->pn_op = JSOP_LEAVEBLOCK;
5448 pn1->pn_pos = tc->blockNode->pn_pos;
5449 pn1->pn_objbox = blockbox;
5450 pn1->pn_expr = tc->blockNode;
5451 pn1->pn_blockid = tc->blockNode->pn_blockid;
5452 tc->blockNode = pn1;
5453 }
5454
5455 pn = variables(false);
5456 if (!pn)
5457 return NULL;
5458 pn->pn_xflags = PNX_POPVAR;
5459 break;
5460 }
5461 #endif /* JS_HAS_BLOCK_SCOPE */
5462
5463 case TOK_RETURN:
5464 pn = returnOrYield(false);
5465 if (!pn)
5466 return NULL;
5467 break;
5468
5469 case TOK_LC:
5470 {
5471 uintN oldflags;
5472
5473 oldflags = tc->flags;
5474 tc->flags = oldflags & ~TCF_HAS_FUNCTION_STMT;
5475 if (!PushBlocklikeStatement(&stmtInfo, STMT_BLOCK, tc))
5476 return NULL;
5477 pn = statements();
5478 if (!pn)
5479 return NULL;
5480
5481 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_IN_COMPOUND);
5482 PopStatement(tc);
5483
5484 /*
5485 * If we contain a function statement and our container is top-level
5486 * or another block, flag pn to preserve braces when decompiling.
5487 */
5488 if ((tc->flags & TCF_HAS_FUNCTION_STMT) &&
5489 (!tc->topStmt || tc->topStmt->type == STMT_BLOCK)) {
5490 pn->pn_xflags |= PNX_NEEDBRACES;
5491 }
5492 tc->flags = oldflags | (tc->flags & (TCF_FUN_FLAGS | TCF_RETURN_FLAGS));
5493 return pn;
5494 }
5495
5496 case TOK_EOL:
5497 case TOK_SEMI:
5498 pn = UnaryNode::create(tc);
5499 if (!pn)
5500 return NULL;
5501 pn->pn_type = TOK_SEMI;
5502 return pn;
5503
5504 #if JS_HAS_DEBUGGER_KEYWORD
5505 case TOK_DEBUGGER:
5506 pn = NullaryNode::create(tc);
5507 if (!pn)
5508 return NULL;
5509 pn->pn_type = TOK_DEBUGGER;
5510 tc->flags |= TCF_FUN_HEAVYWEIGHT;
5511 break;
5512 #endif /* JS_HAS_DEBUGGER_KEYWORD */
5513
5514 #if JS_HAS_XML_SUPPORT
5515 case TOK_DEFAULT:
5516 pn = UnaryNode::create(tc);
5517 if (!pn)
5518 return NULL;
5519 if (!tokenStream.matchToken(TOK_NAME) ||
5520 tokenStream.currentToken().t_atom != context->runtime->atomState.xmlAtom ||
5521 !tokenStream.matchToken(TOK_NAME) ||
5522 tokenStream.currentToken().t_atom != context->runtime->atomState.namespaceAtom ||
5523 !tokenStream.matchToken(TOK_ASSIGN) ||
5524 tokenStream.currentToken().t_op != JSOP_NOP) {
5525 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_DEFAULT_XML_NAMESPACE);
5526 return NULL;
5527 }
5528
5529 /* Is this an E4X dagger I see before me? */
5530 tc->flags |= TCF_FUN_HEAVYWEIGHT;
5531 pn2 = expr();
5532 if (!pn2)
5533 return NULL;
5534 pn->pn_op = JSOP_DEFXMLNS;
5535 pn->pn_pos.end = pn2->pn_pos.end;
5536 pn->pn_kid = pn2;
5537 break;
5538 #endif
5539
5540 case TOK_ERROR:
5541 return NULL;
5542
5543 default:
5544 #if JS_HAS_XML_SUPPORT
5545 expression:
5546 #endif
5547 tokenStream.ungetToken();
5548 pn2 = expr();
5549 if (!pn2)
5550 return NULL;
5551
5552 if (tokenStream.peekToken() == TOK_COLON) {
5553 if (pn2->pn_type != TOK_NAME) {
5554 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_LABEL);
5555 return NULL;
5556 }
5557 label = pn2->pn_atom;
5558 for (stmt = tc->topStmt; stmt; stmt = stmt->down) {
5559 if (stmt->type == STMT_LABEL && stmt->label == label) {
5560 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_DUPLICATE_LABEL);
5561 return NULL;
5562 }
5563 }
5564 ForgetUse(pn2);
5565
5566 (void) tokenStream.getToken();
5567
5568 /* Push a label struct and parse the statement. */
5569 js_PushStatement(tc, &stmtInfo, STMT_LABEL, -1);
5570 stmtInfo.label = label;
5571 pn = statement();
5572 if (!pn)
5573 return NULL;
5574
5575 /* Normalize empty statement to empty block for the decompiler. */
5576 if (pn->pn_type == TOK_SEMI && !pn->pn_kid) {
5577 pn->pn_type = TOK_LC;
5578 pn->pn_arity = PN_LIST;
5579 pn->makeEmpty();
5580 }
5581
5582 /* Pop the label, set pn_expr, and return early. */
5583 PopStatement(tc);
5584 pn2->pn_type = TOK_COLON;
5585 pn2->pn_pos.end = pn->pn_pos.end;
5586 pn2->pn_expr = pn;
5587 return pn2;
5588 }
5589
5590 pn = UnaryNode::create(tc);
5591 if (!pn)
5592 return NULL;
5593 pn->pn_type = TOK_SEMI;
5594 pn->pn_pos = pn2->pn_pos;
5595 pn->pn_kid = pn2;
5596
5597 switch (PN_TYPE(pn2)) {
5598 case TOK_LP:
5599 /*
5600 * Flag lambdas immediately applied as statements as instances of
5601 * the JS "module pattern". See CheckForImmediatelyAppliedLambda.
5602 */
5603 if (PN_TYPE(pn2->pn_head) == TOK_FUNCTION &&
5604 !pn2->pn_head->pn_funbox->node->isFunArg()) {
5605 pn2->pn_head->pn_funbox->tcflags |= TCF_FUN_MODULE_PATTERN;
5606 }
5607 break;
5608 case TOK_ASSIGN:
5609 /*
5610 * Keep track of all apparent methods created by assignments such
5611 * as this.foo = function (...) {...} in a function that could end
5612 * up a constructor function. See Parser::setFunctionKinds.
5613 */
5614 if (tc->funbox &&
5615 PN_OP(pn2) == JSOP_NOP &&
5616 PN_OP(pn2->pn_left) == JSOP_SETPROP &&
5617 PN_OP(pn2->pn_left->pn_expr) == JSOP_THIS &&
5618 PN_OP(pn2->pn_right) == JSOP_LAMBDA) {
5619 JS_ASSERT(!pn2->pn_defn);
5620 JS_ASSERT(!pn2->pn_used);
5621 pn2->pn_right->pn_link = tc->funbox->methods;
5622 tc->funbox->methods = pn2->pn_right;
5623 }
5624 break;
5625 default:;
5626 }
5627 break;
5628 }
5629
5630 /* Check termination of this primitive statement. */
5631 return MatchOrInsertSemicolon(context, &tokenStream) ? pn : NULL;
5632 }
5633
5634 static void
5635 NoteArgumentsUse(JSTreeContext *tc)
5636 {
5637 JS_ASSERT(tc->inFunction());
5638 tc->flags |= TCF_FUN_USES_ARGUMENTS;
5639 if (tc->funbox)
5640 tc->funbox->node->pn_dflags |= PND_FUNARG;
5641 }
5642
5643 JSParseNode *
5644 Parser::variables(bool inLetHead)
5645 {
5646 TokenKind tt;
5647 bool let;
5648 JSStmtInfo *scopeStmt;
5649 BindData data;
5650 JSParseNode *pn, *pn2;
5651 JSAtom *atom;
5652
5653 /*
5654 * The three options here are:
5655 * - TOK_LET: We are parsing a let declaration.
5656 * - TOK_LP: We are parsing the head of a let block.
5657 * - Otherwise, we're parsing var declarations.
5658 */
5659 tt = tokenStream.currentToken().type;
5660 let = (tt == TOK_LET || tt == TOK_LP);
5661 JS_ASSERT(let || tt == TOK_VAR);
5662
5663 #if JS_HAS_BLOCK_SCOPE
5664 bool popScope = (inLetHead || (let && (tc->flags & TCF_IN_FOR_INIT)));
5665 JSStmtInfo *save = tc->topStmt, *saveScope = tc->topScopeStmt;
5666 #endif
5667
5668 /* Make sure that statement set up the tree context correctly. */
5669 scopeStmt = tc->topScopeStmt;
5670 if (let) {
5671 while (scopeStmt && !(scopeStmt->flags & SIF_SCOPE)) {
5672 JS_ASSERT(!STMT_MAYBE_SCOPE(scopeStmt));
5673 scopeStmt = scopeStmt->downScope;
5674 }
5675 JS_ASSERT(scopeStmt);
5676 }
5677
5678 data.op = let ? JSOP_NOP : tokenStream.currentToken().t_op;
5679 pn = ListNode::create(tc);
5680 if (!pn)
5681 return NULL;
5682 pn->pn_op = data.op;
5683 pn->makeEmpty();
5684
5685 /*
5686 * SpiderMonkey const is really "write once per initialization evaluation"
5687 * var, whereas let is block scoped. ES-Harmony wants block-scoped const so
5688 * this code will change soon.
5689 */
5690 if (let) {
5691 JS_ASSERT(tc->blockChain == scopeStmt->blockObj);
5692 data.binder = BindLet;
5693 data.let.overflow = JSMSG_TOO_MANY_LOCALS;
5694 } else {
5695 data.binder = BindVarOrConst;
5696 }
5697
5698 do {
5699 tt = tokenStream.getToken();
5700 #if JS_HAS_DESTRUCTURING
5701 if (tt == TOK_LB || tt == TOK_LC) {
5702 tc->flags |= TCF_DECL_DESTRUCTURING;
5703 pn2 = primaryExpr(tt, JS_FALSE);
5704 tc->flags &= ~TCF_DECL_DESTRUCTURING;
5705 if (!pn2)
5706 return NULL;
5707
5708 if (!CheckDestructuring(context, &data, pn2, NULL, tc))
5709 return NULL;
5710 if ((tc->flags & TCF_IN_FOR_INIT) &&
5711 tokenStream.peekToken() == TOK_IN) {
5712 pn->append(pn2);
5713 continue;
5714 }
5715
5716 MUST_MATCH_TOKEN(TOK_ASSIGN, JSMSG_BAD_DESTRUCT_DECL);
5717 if (tokenStream.currentToken().t_op != JSOP_NOP)
5718 goto bad_var_init;
5719
5720 #if JS_HAS_BLOCK_SCOPE
5721 if (popScope) {
5722 tc->topStmt = save->down;
5723 tc->topScopeStmt = saveScope->downScope;
5724 }
5725 #endif
5726 JSParseNode *init = assignExpr();
5727 #if JS_HAS_BLOCK_SCOPE
5728 if (popScope) {
5729 tc->topStmt = save;
5730 tc->topScopeStmt = saveScope;
5731 }
5732 #endif
5733
5734 if (!init || !UndominateInitializers(pn2, init, tc))
5735 return NULL;
5736
5737 pn2 = JSParseNode::newBinaryOrAppend(TOK_ASSIGN, JSOP_NOP, pn2, init, tc);
5738 if (!pn2)
5739 return NULL;
5740 pn->append(pn2);
5741 continue;
5742 }
5743 #endif /* JS_HAS_DESTRUCTURING */
5744
5745 if (tt != TOK_NAME) {
5746 if (tt != TOK_ERROR) {
5747 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_NO_VARIABLE_NAME);
5748 }
5749 return NULL;
5750 }
5751
5752 atom = tokenStream.currentToken().t_atom;
5753 pn2 = NewBindingNode(atom, tc, let);
5754 if (!pn2)
5755 return NULL;
5756 if (data.op == JSOP_DEFCONST)
5757 pn2->pn_dflags |= PND_CONST;
5758 data.pn = pn2;
5759 if (!data.binder(context, &data, atom, tc))
5760 return NULL;
5761 pn->append(pn2);
5762
5763 if (tokenStream.matchToken(TOK_ASSIGN)) {
5764 if (tokenStream.currentToken().t_op != JSOP_NOP)
5765 goto bad_var_init;
5766
5767 #if JS_HAS_BLOCK_SCOPE
5768 if (popScope) {
5769 tc->topStmt = save->down;
5770 tc->topScopeStmt = saveScope->downScope;
5771 }
5772 #endif
5773 JSParseNode *init = assignExpr();
5774 #if JS_HAS_BLOCK_SCOPE
5775 if (popScope) {
5776 tc->topStmt = save;
5777 tc->topScopeStmt = saveScope;
5778 }
5779 #endif
5780 if (!init)
5781 return NULL;
5782
5783 if (pn2->pn_used) {
5784 pn2 = MakeAssignment(pn2, init, tc);
5785 if (!pn2)
5786 return NULL;
5787 } else {
5788 pn2->pn_expr = init;
5789 }
5790
5791 pn2->pn_op = (PN_OP(pn2) == JSOP_ARGUMENTS)
5792 ? JSOP_SETNAME
5793 : (pn2->pn_dflags & PND_GVAR)
5794 ? JSOP_SETGVAR
5795 : (pn2->pn_dflags & PND_BOUND)
5796 ? JSOP_SETLOCAL
5797 : (data.op == JSOP_DEFCONST)
5798 ? JSOP_SETCONST
5799 : JSOP_SETNAME;
5800
5801 NoteLValue(context, pn2, tc, data.fresh ? PND_INITIALIZED : PND_ASSIGNED);
5802
5803 /* The declarator's position must include the initializer. */
5804 pn2->pn_pos.end = init->pn_pos.end;
5805
5806 if (tc->inFunction() &&
5807 atom == context->runtime->atomState.argumentsAtom) {
5808 NoteArgumentsUse(tc);
5809 if (!let)
5810 tc->flags |= TCF_FUN_HEAVYWEIGHT;
5811 }
5812 }
5813 } while (tokenStream.matchToken(TOK_COMMA));
5814
5815 pn->pn_pos.end = pn->last()->pn_pos.end;
5816 return pn;
5817
5818 bad_var_init:
5819 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_VAR_INIT);
5820 return NULL;
5821 }
5822
5823 JSParseNode *
5824 Parser::expr()
5825 {
5826 JSParseNode *pn = assignExpr();
5827 if (pn && tokenStream.matchToken(TOK_COMMA)) {
5828 JSParseNode *pn2 = ListNode::create(tc);
5829 if (!pn2)
5830 return NULL;
5831 pn2->pn_pos.begin = pn->pn_pos.begin;
5832 pn2->initList(pn);
5833 pn = pn2;
5834 do {
5835 #if JS_HAS_GENERATORS
5836 pn2 = pn->last();
5837 if (pn2->pn_type == TOK_YIELD && !pn2->pn_parens) {
5838 reportErrorNumber(pn2, JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX, js_yield_str);
5839 return NULL;
5840 }
5841 #endif
5842 pn2 = assignExpr();
5843 if (!pn2)
5844 return NULL;
5845 pn->append(pn2);
5846 } while (tokenStream.matchToken(TOK_COMMA));
5847 pn->pn_pos.end = pn->last()->pn_pos.end;
5848 }
5849 return pn;
5850 }
5851
5852 JSParseNode *
5853 Parser::assignExpr()
5854 {
5855 JS_CHECK_RECURSION(context, return NULL);
5856
5857 #if JS_HAS_GENERATORS
5858 if (tokenStream.matchToken(TOK_YIELD, TSF_OPERAND))
5859 return returnOrYield(true);
5860 #endif
5861
5862 JSParseNode *pn = condExpr();
5863 if (!pn)
5864 return NULL;
5865
5866 TokenKind tt = tokenStream.getToken();
5867 if (tt != TOK_ASSIGN) {
5868 tokenStream.ungetToken();
5869 return pn;
5870 }
5871
5872 JSOp op = tokenStream.currentToken().t_op;
5873 switch (pn->pn_type) {
5874 case TOK_NAME:
5875 if (!CheckStrictAssignment(context, tc, pn))
5876 return NULL;
5877 pn->pn_op = JSOP_SETNAME;
5878 NoteLValue(context, pn, tc);
5879 break;
5880 case TOK_DOT:
5881 pn->pn_op = JSOP_SETPROP;
5882 break;
5883 case TOK_LB:
5884 pn->pn_op = JSOP_SETELEM;
5885 break;
5886 #if JS_HAS_DESTRUCTURING
5887 case TOK_RB:
5888 case TOK_RC:
5889 {
5890 if (op != JSOP_NOP) {
5891 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_DESTRUCT_ASS);
5892 return NULL;
5893 }
5894 JSParseNode *rhs = assignExpr();
5895 if (!rhs || !CheckDestructuring(context, NULL, pn, rhs, tc))
5896 return NULL;
5897 return JSParseNode::newBinaryOrAppend(TOK_ASSIGN, op, pn, rhs, tc);
5898 }
5899 #endif
5900 case TOK_LP:
5901 if (!MakeSetCall(context, pn, tc, JSMSG_BAD_LEFTSIDE_OF_ASS))
5902 return NULL;
5903 break;
5904 #if JS_HAS_XML_SUPPORT
5905 case TOK_UNARYOP:
5906 if (pn->pn_op == JSOP_XMLNAME) {
5907 pn->pn_op = JSOP_SETXMLNAME;
5908 break;
5909 }
5910 /* FALL THROUGH */
5911 #endif
5912 default:
5913 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_LEFTSIDE_OF_ASS);
5914 return NULL;
5915 }
5916
5917 JSParseNode *rhs = assignExpr();
5918 if (rhs && PN_TYPE(pn) == TOK_NAME && pn->pn_used) {
5919 JSDefinition *dn = pn->pn_lexdef;
5920
5921 /*
5922 * If the definition is not flagged as assigned, we must have imputed
5923 * the initialized flag to it, to optimize for flat closures. But that
5924 * optimization uses source coordinates to check dominance relations,
5925 * so we must extend the end of the definition to cover the right-hand
5926 * side of this assignment, i.e., the initializer.
5927 */
5928 if (!dn->isAssigned()) {
5929 JS_ASSERT(dn->isInitialized());
5930 dn->pn_pos.end = rhs->pn_pos.end;
5931 }
5932 }
5933
5934 return JSParseNode::newBinaryOrAppend(TOK_ASSIGN, op, pn, rhs, tc);
5935 }
5936
5937 JSParseNode *
5938 Parser::condExpr()
5939 {
5940 JSParseNode *pn = orExpr();
5941 if (pn && tokenStream.matchToken(TOK_HOOK)) {
5942 JSParseNode *pn1 = pn;
5943 pn = TernaryNode::create(tc);
5944 if (!pn)
5945 return NULL;
5946
5947 /*
5948 * Always accept the 'in' operator in the middle clause of a ternary,
5949 * where it's unambiguous, even if we might be parsing the init of a
5950 * for statement.
5951 */
5952 uintN oldflags = tc->flags;
5953 tc->flags &= ~TCF_IN_FOR_INIT;
5954 JSParseNode *pn2 = assignExpr();
5955 tc->flags = oldflags | (tc->flags & TCF_FUN_FLAGS);
5956
5957 if (!pn2)
5958 return NULL;
5959 MUST_MATCH_TOKEN(TOK_COLON, JSMSG_COLON_IN_COND);
5960 JSParseNode *pn3 = assignExpr();
5961 if (!pn3)
5962 return NULL;
5963 pn->pn_pos.begin = pn1->pn_pos.begin;
5964 pn->pn_pos.end = pn3->pn_pos.end;
5965 pn->pn_kid1 = pn1;
5966 pn->pn_kid2 = pn2;
5967 pn->pn_kid3 = pn3;
5968 }
5969 return pn;
5970 }
5971
5972 JSParseNode *
5973 Parser::orExpr()
5974 {
5975 JSParseNode *pn = andExpr();
5976 while (pn && tokenStream.matchToken(TOK_OR))
5977 pn = JSParseNode::newBinaryOrAppend(TOK_OR, JSOP_OR, pn, andExpr(), tc);
5978 return pn;
5979 }
5980
5981 JSParseNode *
5982 Parser::andExpr()
5983 {
5984 JSParseNode *pn = bitOrExpr();
5985 while (pn && tokenStream.matchToken(TOK_AND))
5986 pn = JSParseNode::newBinaryOrAppend(TOK_AND, JSOP_AND, pn, bitOrExpr(), tc);
5987 return pn;
5988 }
5989
5990 JSParseNode *
5991 Parser::bitOrExpr()
5992 {
5993 JSParseNode *pn = bitXorExpr();
5994 while (pn && tokenStream.matchToken(TOK_BITOR))
5995 pn = JSParseNode::newBinaryOrAppend(TOK_BITOR, JSOP_BITOR, pn, bitXorExpr(), tc);
5996 return pn;
5997 }
5998
5999 JSParseNode *
6000 Parser::bitXorExpr()
6001 {
6002 JSParseNode *pn = bitAndExpr();
6003 while (pn && tokenStream.matchToken(TOK_BITXOR)) {
6004 pn = JSParseNode::newBinaryOrAppend(TOK_BITXOR, JSOP_BITXOR, pn, bitAndExpr(), tc);
6005 }
6006 return pn;
6007 }
6008
6009 JSParseNode *
6010 Parser::bitAndExpr()
6011 {
6012 JSParseNode *pn = eqExpr();
6013 while (pn && tokenStream.matchToken(TOK_BITAND))
6014 pn = JSParseNode::newBinaryOrAppend(TOK_BITAND, JSOP_BITAND, pn, eqExpr(), tc);
6015 return pn;
6016 }
6017
6018 JSParseNode *
6019 Parser::eqExpr()
6020 {
6021 JSParseNode *pn = relExpr();
6022 while (pn && tokenStream.matchToken(TOK_EQOP)) {
6023 JSOp op = tokenStream.currentToken().t_op;
6024 pn = JSParseNode::newBinaryOrAppend(TOK_EQOP, op, pn, relExpr(), tc);
6025 }
6026 return pn;
6027 }
6028
6029 JSParseNode *
6030 Parser::relExpr()
6031 {
6032 uintN inForInitFlag = tc->flags & TCF_IN_FOR_INIT;
6033
6034 /*
6035 * Uses of the in operator in shiftExprs are always unambiguous,
6036 * so unset the flag that prohibits recognizing it.
6037 */
6038 tc->flags &= ~TCF_IN_FOR_INIT;
6039
6040 JSParseNode *pn = shiftExpr();
6041 while (pn &&
6042 (tokenStream.matchToken(TOK_RELOP) ||
6043 /*
6044 * Recognize the 'in' token as an operator only if we're not
6045 * currently in the init expr of a for loop.
6046 */
6047 (inForInitFlag == 0 && tokenStream.matchToken(TOK_IN)) ||
6048 tokenStream.matchToken(TOK_INSTANCEOF))) {
6049 TokenKind tt = tokenStream.currentToken().type;
6050 JSOp op = tokenStream.currentToken().t_op;
6051 pn = JSParseNode::newBinaryOrAppend(tt, op, pn, shiftExpr(), tc);
6052 }
6053 /* Restore previous state of inForInit flag. */
6054 tc->flags |= inForInitFlag;
6055
6056 return pn;
6057 }
6058
6059 JSParseNode *
6060 Parser::shiftExpr()
6061 {
6062 JSParseNode *pn = addExpr();
6063 while (pn && tokenStream.matchToken(TOK_SHOP)) {
6064 JSOp op = tokenStream.currentToken().t_op;
6065 pn = JSParseNode::newBinaryOrAppend(TOK_SHOP, op, pn, addExpr(), tc);
6066 }
6067 return pn;
6068 }
6069
6070 JSParseNode *
6071 Parser::addExpr()
6072 {
6073 JSParseNode *pn = mulExpr();
6074 while (pn &&
6075 (tokenStream.matchToken(TOK_PLUS) ||
6076 tokenStream.matchToken(TOK_MINUS))) {
6077 TokenKind tt = tokenStream.currentToken().type;
6078 JSOp op = (tt == TOK_PLUS) ? JSOP_ADD : JSOP_SUB;
6079 pn = JSParseNode::newBinaryOrAppend(tt, op, pn, mulExpr(), tc);
6080 }
6081 return pn;
6082 }
6083
6084 JSParseNode *
6085 Parser::mulExpr()
6086 {
6087 JSParseNode *pn = unaryExpr();
6088 while (pn && (tokenStream.matchToken(TOK_STAR) || tokenStream.matchToken(TOK_DIVOP))) {
6089 TokenKind tt = tokenStream.currentToken().type;
6090 JSOp op = tokenStream.currentToken().t_op;
6091 pn = JSParseNode::newBinaryOrAppend(tt, op, pn, unaryExpr(), tc);
6092 }
6093 return pn;
6094 }
6095
6096 static JSParseNode *
6097 SetLvalKid(JSContext *cx, TokenStream *ts, JSTreeContext *tc,
6098 JSParseNode *pn, JSParseNode *kid, const char *name)
6099 {
6100 if (kid->pn_type != TOK_NAME &&
6101 kid->pn_type != TOK_DOT &&
6102 (kid->pn_type != TOK_LP ||
6103 (kid->pn_op != JSOP_CALL && kid->pn_op != JSOP_EVAL && kid->pn_op != JSOP_APPLY)) &&
6104 #if JS_HAS_XML_SUPPORT
6105 (kid->pn_type != TOK_UNARYOP || kid->pn_op != JSOP_XMLNAME) &&
6106 #endif
6107 kid->pn_type != TOK_LB) {
6108 ReportCompileErrorNumber(cx, ts, NULL, JSREPORT_ERROR, JSMSG_BAD_OPERAND, name);
6109 return NULL;
6110 }
6111 if (!CheckStrictAssignment(cx, tc, kid))
6112 return NULL;
6113 pn->pn_kid = kid;
6114 return kid;
6115 }
6116
6117 static const char incop_name_str[][10] = {"increment", "decrement"};
6118
6119 static JSBool
6120 SetIncOpKid(JSContext *cx, TokenStream *ts, JSTreeContext *tc,
6121 JSParseNode *pn, JSParseNode *kid,
6122 TokenKind tt, JSBool preorder)
6123 {
6124 JSOp op;
6125
6126 kid = SetLvalKid(cx, ts, tc, pn, kid, incop_name_str[tt == TOK_DEC]);
6127 if (!kid)
6128 return JS_FALSE;
6129 switch (kid->pn_type) {
6130 case TOK_NAME:
6131 op = (tt == TOK_INC)
6132 ? (preorder ? JSOP_INCNAME : JSOP_NAMEINC)
6133 : (preorder ? JSOP_DECNAME : JSOP_NAMEDEC);
6134 NoteLValue(cx, kid, tc);
6135 break;
6136
6137 case TOK_DOT:
6138 op = (tt == TOK_INC)
6139 ? (preorder ? JSOP_INCPROP : JSOP_PROPINC)
6140 : (preorder ? JSOP_DECPROP : JSOP_PROPDEC);
6141 break;
6142
6143 case TOK_LP:
6144 if (!MakeSetCall(cx, kid, tc, JSMSG_BAD_INCOP_OPERAND))
6145 return JS_FALSE;
6146 /* FALL THROUGH */
6147 #if JS_HAS_XML_SUPPORT
6148 case TOK_UNARYOP:
6149 if (kid->pn_op == JSOP_XMLNAME)
6150 kid->pn_op = JSOP_SETXMLNAME;
6151 /* FALL THROUGH */
6152 #endif
6153 case TOK_LB:
6154 op = (tt == TOK_INC)
6155 ? (preorder ? JSOP_INCELEM : JSOP_ELEMINC)
6156 : (preorder ? JSOP_DECELEM : JSOP_ELEMDEC);
6157 break;
6158
6159 default:
6160 JS_ASSERT(0);
6161 op = JSOP_NOP;
6162 }
6163 pn->pn_op = op;
6164 return JS_TRUE;
6165 }
6166
6167 JSParseNode *
6168 Parser::unaryExpr()
6169 {
6170 JSParseNode *pn, *pn2;
6171
6172 JS_CHECK_RECURSION(context, return NULL);
6173
6174 TokenKind tt = tokenStream.getToken(TSF_OPERAND);
6175 switch (tt) {
6176 case TOK_UNARYOP:
6177 case TOK_PLUS:
6178 case TOK_MINUS:
6179 pn = UnaryNode::create(tc);
6180 if (!pn)
6181 return NULL;
6182 pn->pn_type = TOK_UNARYOP; /* PLUS and MINUS are binary */
6183 pn->pn_op = tokenStream.currentToken().t_op;
6184 pn2 = unaryExpr();
6185 if (!pn2)
6186 return NULL;
6187 pn->pn_pos.end = pn2->pn_pos.end;
6188 pn->pn_kid = pn2;
6189 break;
6190
6191 case TOK_INC:
6192 case TOK_DEC:
6193 pn = UnaryNode::create(tc);
6194 if (!pn)
6195 return NULL;
6196 pn2 = memberExpr(JS_TRUE);
6197 if (!pn2)
6198 return NULL;
6199 if (!SetIncOpKid(context, &tokenStream, tc, pn, pn2, tt, JS_TRUE))
6200 return NULL;
6201 pn->pn_pos.end = pn2->pn_pos.end;
6202 break;
6203
6204 case TOK_DELETE:
6205 {
6206 pn = UnaryNode::create(tc);
6207 if (!pn)
6208 return NULL;
6209 pn2 = unaryExpr();
6210 if (!pn2)
6211 return NULL;
6212 pn->pn_pos.end = pn2->pn_pos.end;
6213
6214 /*
6215 * Under ECMA3, deleting any unary expression is valid -- it simply
6216 * returns true. Here we fold constants before checking for a call
6217 * expression, in order to rule out delete of a generator expression.
6218 */
6219 if (!js_FoldConstants(context, pn2, tc))
6220 return NULL;
6221 switch (pn2->pn_type) {
6222 case TOK_LP:
6223 if (pn2->pn_op != JSOP_SETCALL &&
6224 !MakeSetCall(context, pn2, tc, JSMSG_BAD_DELETE_OPERAND)) {
6225 return NULL;
6226 }
6227 break;
6228 case TOK_NAME:
6229 if (!ReportStrictModeError(context, &tokenStream, tc, pn,
6230 JSMSG_DEPRECATED_DELETE_OPERAND))
6231 return NULL;
6232 pn2->pn_op = JSOP_DELNAME;
6233 if (pn2->pn_atom == context->runtime->atomState.argumentsAtom)
6234 tc->flags |= TCF_FUN_HEAVYWEIGHT;
6235 break;
6236 default:;
6237 }
6238 pn->pn_kid = pn2;
6239 break;
6240 }
6241 case TOK_ERROR:
6242 return NULL;
6243
6244 default:
6245 tokenStream.ungetToken();
6246 pn = memberExpr(JS_TRUE);
6247 if (!pn)
6248 return NULL;
6249
6250 /* Don't look across a newline boundary for a postfix incop. */
6251 if (tokenStream.onCurrentLine(pn->pn_pos)) {
6252 tt = tokenStream.peekTokenSameLine(TSF_OPERAND);
6253 if (tt == TOK_INC || tt == TOK_DEC) {
6254 (void) tokenStream.getToken();
6255 pn2 = UnaryNode::create(tc);
6256 if (!pn2)
6257 return NULL;
6258 if (!SetIncOpKid(context, &tokenStream, tc, pn2, pn, tt, JS_FALSE))
6259 return NULL;
6260 pn2->pn_pos.begin = pn->pn_pos.begin;
6261 pn = pn2;
6262 }
6263 }
6264 break;
6265 }
6266 return pn;
6267 }
6268
6269 #if JS_HAS_GENERATORS
6270
6271 /*
6272 * A dedicated helper for transplanting the comprehension expression E in
6273 *
6274 * [E for (V in I)] // array comprehension
6275 * (E for (V in I)) // generator expression
6276 *
6277 * from its initial location in the AST, on the left of the 'for', to its final
6278 * position on the right. To avoid a separate pass we do this by adjusting the
6279 * blockids and name binding links that were established when E was parsed.
6280 *
6281 * A generator expression desugars like so:
6282 *
6283 * (E for (V in I)) => (function () { for (var V in I) yield E; })()
6284 *
6285 * so the transplanter must adjust static level as well as blockid. E's source
6286 * coordinates in root->pn_pos are critical to deciding which binding links to
6287 * preserve and which to cut.
6288 *
6289 * NB: This is not a general tree transplanter -- it knows in particular that
6290 * the one or more bindings induced by V have not yet been created.
6291 */
6292 class CompExprTransplanter {
6293 JSParseNode *root;
6294 JSTreeContext *tc;
6295 bool genexp;
6296 uintN adjust;
6297 uintN funcLevel;
6298
6299 public:
6300 CompExprTransplanter(JSParseNode *pn, JSTreeContext *tc, bool ge, uintN adj)
6301 : root(pn), tc(tc), genexp(ge), adjust(adj), funcLevel(0)
6302 {
6303 }
6304
6305 bool transplant(JSParseNode *pn);
6306 };
6307
6308 /*
6309 * Any definitions nested within the comprehension expression of a generator
6310 * expression must move "down" one static level, which of course increases the
6311 * upvar-frame-skip count.
6312 */
6313 static bool
6314 BumpStaticLevel(JSParseNode *pn, JSTreeContext *tc)
6315 {
6316 if (pn->pn_cookie != FREE_UPVAR_COOKIE) {
6317 uintN level = UPVAR_FRAME_SKIP(pn->pn_cookie) + 1;
6318
6319 JS_ASSERT(level >= tc->staticLevel);
6320 if (level >= FREE_STATIC_LEVEL) {
6321 JS_ReportErrorNumber(tc->parser->context, js_GetErrorMessage, NULL,
6322 JSMSG_TOO_DEEP, js_function_str);
6323 return false;
6324 }
6325
6326 pn->pn_cookie = MAKE_UPVAR_COOKIE(level, UPVAR_FRAME_SLOT(pn->pn_cookie));
6327 }
6328 return true;
6329 }
6330
6331 static void
6332 AdjustBlockId(JSParseNode *pn, uintN adjust, JSTreeContext *tc)
6333 {
6334 JS_ASSERT(pn->pn_arity == PN_LIST || pn->pn_arity == PN_FUNC || pn->pn_arity == PN_NAME);
6335 pn->pn_blockid += adjust;
6336 if (pn->pn_blockid >= tc->blockidGen)
6337 tc->blockidGen = pn->pn_blockid + 1;
6338 }
6339
6340 bool
6341 CompExprTransplanter::transplant(JSParseNode *pn)
6342 {
6343 if (!pn)
6344 return true;
6345
6346 switch (pn->pn_arity) {
6347 case PN_LIST:
6348 for (JSParseNode *pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next)
6349 transplant(pn2);
6350 if (pn->pn_pos >= root->pn_pos)
6351 AdjustBlockId(pn, adjust, tc);
6352 break;
6353
6354 case PN_TERNARY:
6355 transplant(pn->pn_kid1);
6356 transplant(pn->pn_kid2);
6357 transplant(pn->pn_kid3);
6358 break;
6359
6360 case PN_BINARY:
6361 transplant(pn->pn_left);
6362
6363 /* Binary TOK_COLON nodes can have left == right. See bug 492714. */
6364 if (pn->pn_right != pn->pn_left)
6365 transplant(pn->pn_right);
6366 break;
6367
6368 case PN_UNARY:
6369 transplant(pn->pn_kid);
6370 break;
6371
6372 case PN_FUNC:
6373 {
6374 /*
6375 * Only the first level of transplant recursion through functions needs
6376 * to reparent the funbox, since all descendant functions are correctly
6377 * linked under the top-most funbox. But every visit to this case needs
6378 * to update funbox->level.
6379 *
6380 * Recall that funbox->level is the static level of the code containing
6381 * the definition or expression of the function and not the static level
6382 * of the function's body.
6383 */
6384 JSFunctionBox *funbox = pn->pn_funbox;
6385
6386 funbox->level = tc->staticLevel + funcLevel;
6387 if (++funcLevel == 1 && genexp) {
6388 JSFunctionBox *parent = tc->funbox;
6389
6390 JSFunctionBox **funboxp = &tc->parent->functionList;
6391 while (*funboxp != funbox)
6392 funboxp = &(*funboxp)->siblings;
6393 *funboxp = funbox->siblings;
6394
6395 funbox->parent = parent;
6396 funbox->siblings = parent->kids;
6397 parent->kids = funbox;
6398 funbox->level = tc->staticLevel;
6399 }
6400 /* FALL THROUGH */
6401 }
6402
6403 case PN_NAME:
6404 transplant(pn->maybeExpr());
6405 if (pn->pn_arity == PN_FUNC)
6406 --funcLevel;
6407
6408 if (pn->pn_defn) {
6409 if (genexp && !BumpStaticLevel(pn, tc))
6410 return false;
6411 } else if (pn->pn_used) {
6412 JS_ASSERT(pn->pn_op != JSOP_NOP);
6413 JS_ASSERT(pn->pn_cookie == FREE_UPVAR_COOKIE);
6414
6415 JSDefinition *dn = pn->pn_lexdef;
6416 JS_ASSERT(dn->pn_defn);
6417
6418 /*
6419 * Adjust the definition's block id only if it is a placeholder not
6420 * to the left of the root node, and if pn is the last use visited
6421 * in the comprehension expression (to avoid adjusting the blockid
6422 * multiple times).
6423 *
6424 * Non-placeholder definitions within the comprehension expression
6425 * will be visited further below.
6426 */
6427 if (dn->isPlaceholder() && dn->pn_pos >= root->pn_pos && dn->dn_uses == pn) {
6428 if (genexp && !BumpStaticLevel(dn, tc))
6429 return false;
6430 AdjustBlockId(dn, adjust, tc);
6431 }
6432
6433 JSAtom *atom = pn->pn_atom;
6434 #ifdef DEBUG
6435 JSStmtInfo *stmt = js_LexicalLookup(tc, atom, NULL);
6436 JS_ASSERT(!stmt || stmt != tc->topStmt);
6437 #endif
6438 if (genexp && PN_OP(dn) != JSOP_CALLEE) {
6439 JS_ASSERT(!tc->decls.lookup(atom));
6440
6441 if (dn->pn_pos < root->pn_pos || dn->isPlaceholder()) {
6442 JSAtomListElement *ale = tc->lexdeps.add(tc->parser, dn->pn_atom);
6443 if (!ale)
6444 return false;
6445
6446 if (dn->pn_pos >= root->pn_pos) {
6447 tc->parent->lexdeps.remove(tc->parser, atom);
6448 } else {
6449 JSDefinition *dn2 = (JSDefinition *)NameNode::create(dn->pn_atom, tc);
6450 if (!dn2)
6451 return false;
6452
6453 dn2->pn_type = dn->pn_type;
6454 dn2->pn_pos = root->pn_pos;
6455 dn2->pn_defn = true;
6456 dn2->pn_dflags |= PND_PLACEHOLDER;
6457
6458 JSParseNode **pnup = &dn->dn_uses;
6459 JSParseNode *pnu;
6460 while ((pnu = *pnup) != NULL && pnu->pn_pos >= root->pn_pos) {
6461 pnu->pn_lexdef = dn2;
6462 dn2->pn_dflags |= pnu->pn_dflags & PND_USE2DEF_FLAGS;
6463 pnup = &pnu->pn_link;
6464 }
6465 dn2->dn_uses = dn->dn_uses;
6466 dn->dn_uses = *pnup;
6467 *pnup = NULL;
6468
6469 dn = dn2;
6470 }
6471
6472 ALE_SET_DEFN(ale, dn);
6473 }
6474 }
6475 }
6476
6477 if (pn->pn_pos >= root->pn_pos)
6478 AdjustBlockId(pn, adjust, tc);
6479 break;
6480
6481 case PN_NAMESET:
6482 transplant(pn->pn_tree);
6483 break;
6484 }
6485 return true;
6486 }
6487
6488 /*
6489 * Starting from a |for| keyword after the first array initialiser element or
6490 * an expression in an open parenthesis, parse the tail of the comprehension
6491 * or generator expression signified by this |for| keyword in context.
6492 *
6493 * Return null on failure, else return the top-most parse node for the array
6494 * comprehension or generator expression, with a unary node as the body of the
6495 * (possibly nested) for-loop, initialized by |type, op, kid|.
6496 */
6497 JSParseNode *
6498 Parser::comprehensionTail(JSParseNode *kid, uintN blockid,
6499 TokenKind type, JSOp op)
6500 {
6501 uintN adjust;
6502 JSParseNode *pn, *pn2, *pn3, **pnp;
6503 JSStmtInfo stmtInfo;
6504 BindData data;
6505 TokenKind tt;
6506 JSAtom *atom;
6507
6508 JS_ASSERT(tokenStream.currentToken().type == TOK_FOR);
6509
6510 if (type == TOK_SEMI) {
6511 /*
6512 * Generator expression desugars to an immediately applied lambda that
6513 * yields the next value from a for-in loop (possibly nested, and with
6514 * optional if guard). Make pn be the TOK_LC body node.
6515 */
6516 pn = PushLexicalScope(context, &tokenStream, tc, &stmtInfo);
6517 if (!pn)
6518 return NULL;
6519 adjust = pn->pn_blockid - blockid;
6520 } else {
6521 JS_ASSERT(type == TOK_ARRAYPUSH);
6522
6523 /*
6524 * Make a parse-node and literal object representing the block scope of
6525 * this array comprehension. Our caller in primaryExpr, the TOK_LB case
6526 * aka the array initialiser case, has passed the blockid to claim for
6527 * the comprehension's block scope. We allocate that id or one above it
6528 * here, by calling js_PushLexicalScope.
6529 *
6530 * In the case of a comprehension expression that has nested blocks
6531 * (e.g., let expressions), we will allocate a higher blockid but then
6532 * slide all blocks "to the right" to make room for the comprehension's
6533 * block scope.
6534 */
6535 adjust = tc->blockid();
6536 pn = PushLexicalScope(context, &tokenStream, tc, &stmtInfo);
6537 if (!pn)
6538 return NULL;
6539
6540 JS_ASSERT(blockid <= pn->pn_blockid);
6541 JS_ASSERT(blockid < tc->blockidGen);
6542 JS_ASSERT(tc->bodyid < blockid);
6543 pn->pn_blockid = stmtInfo.blockid = blockid;
6544 JS_ASSERT(adjust < blockid);
6545 adjust = blockid - adjust;
6546 }
6547
6548 pnp = &pn->pn_expr;
6549
6550 CompExprTransplanter transplanter(kid, tc, type == TOK_SEMI, adjust);
6551 transplanter.transplant(kid);
6552
6553 data.pn = NULL;
6554 data.op = JSOP_NOP;
6555 data.binder = BindLet;
6556 data.let.overflow = JSMSG_ARRAY_INIT_TOO_BIG;
6557
6558 do {
6559 /*
6560 * FOR node is binary, left is loop control and right is body. Use
6561 * index to count each block-local let-variable on the left-hand side
6562 * of the IN.
6563 */
6564 pn2 = BinaryNode::create(tc);
6565 if (!pn2)
6566 return NULL;
6567
6568 pn2->pn_op = JSOP_ITER;
6569 pn2->pn_iflags = JSITER_ENUMERATE;
6570 if (tokenStream.matchToken(TOK_NAME)) {
6571 if (tokenStream.currentToken().t_atom == context->runtime->atomState.eachAtom)
6572 pn2->pn_iflags |= JSITER_FOREACH;
6573 else
6574 tokenStream.ungetToken();
6575 }
6576 MUST_MATCH_TOKEN(TOK_LP, JSMSG_PAREN_AFTER_FOR);
6577
6578 atom = NULL;
6579 tt = tokenStream.getToken();
6580 switch (tt) {
6581 #if JS_HAS_DESTRUCTURING
6582 case TOK_LB:
6583 case TOK_LC:
6584 tc->flags |= TCF_DECL_DESTRUCTURING;
6585 pn3 = primaryExpr(tt, JS_FALSE);
6586 tc->flags &= ~TCF_DECL_DESTRUCTURING;
6587 if (!pn3)
6588 return NULL;
6589 break;
6590 #endif
6591
6592 case TOK_NAME:
6593 atom = tokenStream.currentToken().t_atom;
6594
6595 /*
6596 * Create a name node with pn_op JSOP_NAME. We can't set pn_op to
6597 * JSOP_GETLOCAL here, because we don't yet know the block's depth
6598 * in the operand stack frame. The code generator computes that,
6599 * and it tries to bind all names to slots, so we must let it do
6600 * the deed.
6601 */
6602 pn3 = NewBindingNode(atom, tc, true);
6603 if (!pn3)
6604 return NULL;
6605 break;
6606
6607 default:
6608 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_NO_VARIABLE_NAME);
6609
6610 case TOK_ERROR:
6611 return NULL;
6612 }
6613
6614 MUST_MATCH_TOKEN(TOK_IN, JSMSG_IN_AFTER_FOR_NAME);
6615 JSParseNode *pn4 = expr();
6616 if (!pn4)
6617 return NULL;
6618 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_AFTER_FOR_CTRL);
6619
6620 switch (tt) {
6621 #if JS_HAS_DESTRUCTURING
6622 case TOK_LB:
6623 case TOK_LC:
6624 if (!CheckDestructuring(context, &data, pn3, NULL, tc))
6625 return NULL;
6626
6627 if (JSVERSION_NUMBER(context) == JSVERSION_1_7) {
6628 /* Destructuring requires [key, value] enumeration in JS1.7. */
6629 if (pn3->pn_type != TOK_RB || pn3->pn_count != 2) {
6630 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_FOR_LEFTSIDE);
6631 return NULL;
6632 }
6633
6634 JS_ASSERT(pn2->pn_op == JSOP_ITER);
6635 JS_ASSERT(pn2->pn_iflags & JSITER_ENUMERATE);
6636 if (!(pn2->pn_iflags & JSITER_FOREACH))
6637 pn2->pn_iflags |= JSITER_FOREACH | JSITER_KEYVALUE;
6638 }
6639 break;
6640 #endif
6641
6642 case TOK_NAME:
6643 data.pn = pn3;
6644 if (!data.binder(context, &data, atom, tc))
6645 return NULL;
6646 break;
6647
6648 default:;
6649 }
6650
6651 pn2->pn_left = JSParseNode::newBinaryOrAppend(TOK_IN, JSOP_NOP, pn3, pn4, tc);
6652 if (!pn2->pn_left)
6653 return NULL;
6654 *pnp = pn2;
6655 pnp = &pn2->pn_right;
6656 } while (tokenStream.matchToken(TOK_FOR));
6657
6658 if (tokenStream.matchToken(TOK_IF)) {
6659 pn2 = TernaryNode::create(tc);
6660 if (!pn2)
6661 return NULL;
6662 pn2->pn_kid1 = condition();
6663 if (!pn2->pn_kid1)
6664 return NULL;
6665 *pnp = pn2;
6666 pnp = &pn2->pn_kid2;
6667 }
6668
6669 pn2 = UnaryNode::create(tc);
6670 if (!pn2)
6671 return NULL;
6672 pn2->pn_type = type;
6673 pn2->pn_op = op;
6674 pn2->pn_kid = kid;
6675 *pnp = pn2;
6676
6677 PopStatement(tc);
6678 return pn;
6679 }
6680
6681 #if JS_HAS_GENERATOR_EXPRS
6682
6683 /*
6684 * Starting from a |for| keyword after an expression, parse the comprehension
6685 * tail completing this generator expression. Wrap the expression at kid in a
6686 * generator function that is immediately called to evaluate to the generator
6687 * iterator that is the value of this generator expression.
6688 *
6689 * Callers pass a blank unary node via pn, which generatorExpr fills in as the
6690 * yield expression, which ComprehensionTail in turn wraps in a TOK_SEMI-type
6691 * expression-statement node that constitutes the body of the |for| loop(s) in
6692 * the generator function.
6693 *
6694 * Note how unlike Python, we do not evaluate the expression to the right of
6695 * the first |in| in the chain of |for| heads. Instead, a generator expression
6696 * is merely sugar for a generator function expression and its application.
6697 */
6698 JSParseNode *
6699 Parser::generatorExpr(JSParseNode *pn, JSParseNode *kid)
6700 {
6701 /* Initialize pn, connecting it to kid. */
6702 JS_ASSERT(pn->pn_arity == PN_UNARY);
6703 pn->pn_type = TOK_YIELD;
6704 pn->pn_op = JSOP_YIELD;
6705 pn->pn_parens = true;
6706 pn->pn_pos = kid->pn_pos;
6707 pn->pn_kid = kid;
6708 pn->pn_hidden = true;
6709
6710 /* Make a new node for the desugared generator function. */
6711 JSParseNode *genfn = FunctionNode::create(tc);
6712 if (!genfn)
6713 return NULL;
6714 genfn->pn_type = TOK_FUNCTION;
6715 genfn->pn_op = JSOP_LAMBDA;
6716 JS_ASSERT(!genfn->pn_body);
6717 genfn->pn_dflags = PND_FUNARG;
6718
6719 {
6720 JSTreeContext *outertc = tc;
6721 JSTreeContext gentc(tc->parser);
6722
6723 JSFunctionBox *funbox = EnterFunction(genfn, &gentc);
6724 if (!funbox)
6725 return NULL;
6726
6727 /*
6728 * We have to dance around a bit to propagate sharp variables from
6729 * outertc to gentc before setting TCF_HAS_SHARPS implicitly by
6730 * propagating all of outertc's TCF_FUN_FLAGS flags. As below, we have
6731 * to be conservative by leaving TCF_HAS_SHARPS set in outertc if we
6732 * do propagate to gentc.
6733 */
6734 if (outertc->flags & TCF_HAS_SHARPS) {
6735 gentc.flags |= TCF_IN_FUNCTION;
6736 if (!gentc.ensureSharpSlots())
6737 return NULL;
6738 }
6739
6740 /*
6741 * We assume conservatively that any deoptimization flag in tc->flags
6742 * besides TCF_FUN_PARAM_ARGUMENTS can come from the kid. So we
6743 * propagate these flags into genfn. For code simplicity we also do
6744 * not detect if the flags were only set in the kid and could be
6745 * removed from tc->flags.
6746 */
6747 gentc.flags |= TCF_FUN_IS_GENERATOR | TCF_GENEXP_LAMBDA |
6748 (tc->flags & (TCF_FUN_FLAGS & ~TCF_FUN_PARAM_ARGUMENTS));
6749 funbox->tcflags |= gentc.flags;
6750 genfn->pn_funbox = funbox;
6751 genfn->pn_blockid = gentc.bodyid;
6752
6753 JSParseNode *body = comprehensionTail(pn, outertc->blockid());
6754 if (!body)
6755 return NULL;
6756 JS_ASSERT(!genfn->pn_body);
6757 genfn->pn_body = body;
6758 genfn->pn_pos.begin = body->pn_pos.begin = kid->pn_pos.begin;
6759 genfn->pn_pos.end = body->pn_pos.end = tokenStream.currentToken().pos.end;
6760
6761 if (!LeaveFunction(genfn, &gentc))
6762 return NULL;
6763 }
6764
6765 /*
6766 * Our result is a call expression that invokes the anonymous generator
6767 * function object.
6768 */
6769 JSParseNode *result = ListNode::create(tc);
6770 if (!result)
6771 return NULL;
6772 result->pn_type = TOK_LP;
6773 result->pn_op = JSOP_CALL;
6774 result->pn_pos.begin = genfn->pn_pos.begin;
6775 result->initList(genfn);
6776 return result;
6777 }
6778
6779 static const char js_generator_str[] = "generator";
6780
6781 #endif /* JS_HAS_GENERATOR_EXPRS */
6782 #endif /* JS_HAS_GENERATORS */
6783
6784 JSBool
6785 Parser::argumentList(JSParseNode *listNode)
6786 {
6787 if (tokenStream.matchToken(TOK_RP, TSF_OPERAND))
6788 return JS_TRUE;
6789
6790 do {
6791 JSParseNode *argNode = assignExpr();
6792 if (!argNode)
6793 return JS_FALSE;
6794 #if JS_HAS_GENERATORS
6795 if (argNode->pn_type == TOK_YIELD &&
6796 !argNode->pn_parens &&
6797 tokenStream.peekToken() == TOK_COMMA) {
6798 reportErrorNumber(argNode, JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX, js_yield_str);
6799 return JS_FALSE;
6800 }
6801 #endif
6802 #if JS_HAS_GENERATOR_EXPRS
6803 if (tokenStream.matchToken(TOK_FOR)) {
6804 JSParseNode *pn = UnaryNode::create(tc);
6805 if (!pn)
6806 return JS_FALSE;
6807 argNode = generatorExpr(pn, argNode);
6808 if (!argNode)
6809 return JS_FALSE;
6810 if (listNode->pn_count > 1 ||
6811 tokenStream.peekToken() == TOK_COMMA) {
6812 reportErrorNumber(argNode, JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX,
6813 js_generator_str);
6814 return JS_FALSE;
6815 }
6816 }
6817 #endif
6818 listNode->append(argNode);
6819 } while (tokenStream.matchToken(TOK_COMMA));
6820
6821 if (tokenStream.getToken() != TOK_RP) {
6822 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_PAREN_AFTER_ARGS);
6823 return JS_FALSE;
6824 }
6825 return JS_TRUE;
6826 }
6827
6828 /* Check for an immediately-applied (new'ed) lambda and clear PND_FUNARG. */
6829 static JSParseNode *
6830 CheckForImmediatelyAppliedLambda(JSParseNode *pn)
6831 {
6832 if (pn->pn_type == TOK_FUNCTION) {
6833 JS_ASSERT(pn->pn_arity == PN_FUNC);
6834
6835 JSFunctionBox *funbox = pn->pn_funbox;
6836 JS_ASSERT(((JSFunction *) funbox->object)->flags & JSFUN_LAMBDA);
6837 if (!(funbox->tcflags & (TCF_FUN_USES_ARGUMENTS | TCF_FUN_USES_OWN_NAME)))
6838 pn->pn_dflags &= ~PND_FUNARG;
6839 }
6840 return pn;
6841 }
6842
6843 JSParseNode *
6844 Parser::memberExpr(JSBool allowCallSyntax)
6845 {
6846 JSParseNode *pn, *pn2, *pn3;
6847
6848 JS_CHECK_RECURSION(context, return NULL);
6849
6850 /* Check for new expression first. */
6851 TokenKind tt = tokenStream.getToken(TSF_OPERAND);
6852 if (tt == TOK_NEW) {
6853 pn = ListNode::create(tc);
6854 if (!pn)
6855 return NULL;
6856 pn2 = memberExpr(JS_FALSE);
6857 if (!pn2)
6858 return NULL;
6859 pn2 = CheckForImmediatelyAppliedLambda(pn2);
6860 pn->pn_op = JSOP_NEW;
6861 pn->initList(pn2);
6862 pn->pn_pos.begin = pn2->pn_pos.begin;
6863
6864 if (tokenStream.matchToken(TOK_LP) && !argumentList(pn))
6865 return NULL;
6866 if (pn->pn_count > ARGC_LIMIT) {
6867 JS_ReportErrorNumber(context, js_GetErrorMessage, NULL,
6868 JSMSG_TOO_MANY_CON_ARGS);
6869 return NULL;
6870 }
6871 pn->pn_pos.end = pn->last()->pn_pos.end;
6872 } else {
6873 pn = primaryExpr(tt, JS_FALSE);
6874 if (!pn)
6875 return NULL;
6876
6877 if (pn->pn_type == TOK_ANYNAME ||
6878 pn->pn_type == TOK_AT ||
6879 pn->pn_type == TOK_DBLCOLON) {
6880 pn2 = NewOrRecycledNode(tc);
6881 if (!pn2)
6882 return NULL;
6883 pn2->pn_type = TOK_UNARYOP;
6884 pn2->pn_pos = pn->pn_pos;
6885 pn2->pn_op = JSOP_XMLNAME;
6886 pn2->pn_arity = PN_UNARY;
6887 pn2->pn_parens = false;
6888 pn2->pn_kid = pn;
6889 pn = pn2;
6890 }
6891 }
6892
6893 while ((tt = tokenStream.getToken()) > TOK_EOF) {
6894 if (tt == TOK_DOT) {
6895 pn2 = NameNode::create(NULL, tc);
6896 if (!pn2)
6897 return NULL;
6898 #if JS_HAS_XML_SUPPORT
6899 tt = tokenStream.getToken(TSF_OPERAND | TSF_KEYWORD_IS_NAME);
6900 pn3 = primaryExpr(tt, JS_TRUE);
6901 if (!pn3)
6902 return NULL;
6903
6904 /* Check both tt and pn_type, to distinguish |x.(y)| and |x.y::z| from |x.y|. */
6905 if (tt == TOK_NAME && pn3->pn_type == TOK_NAME) {
6906 pn2->pn_op = JSOP_GETPROP;
6907 pn2->pn_expr = pn;
6908 pn2->pn_atom = pn3->pn_atom;
6909 RecycleTree(pn3, tc);
6910 } else {
6911 if (tt == TOK_LP) {
6912 pn2->pn_type = TOK_FILTER;
6913 pn2->pn_op = JSOP_FILTER;
6914
6915 /* A filtering predicate is like a with statement. */
6916 tc->flags |= TCF_FUN_HEAVYWEIGHT;
6917 } else if (TokenKindIsXML(PN_TYPE(pn3))) {
6918 pn2->pn_type = TOK_LB;
6919 pn2->pn_op = JSOP_GETELEM;
6920 } else {
6921 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_NAME_AFTER_DOT);
6922 return NULL;
6923 }
6924 pn2->pn_arity = PN_BINARY;
6925 pn2->pn_left = pn;
6926 pn2->pn_right = pn3;
6927 }
6928 #else
6929 MUST_MATCH_TOKEN_WITH_FLAGS(TOK_NAME, JSMSG_NAME_AFTER_DOT, TSF_KEYWORD_IS_NAME);
6930 pn2->pn_op = JSOP_GETPROP;
6931 pn2->pn_expr = pn;
6932 pn2->pn_atom = tokenStream.currentToken().t_atom;
6933 #endif
6934 pn2->pn_pos.begin = pn->pn_pos.begin;
6935 pn2->pn_pos.end = tokenStream.currentToken().pos.end;
6936 #if JS_HAS_XML_SUPPORT
6937 } else if (tt == TOK_DBLDOT) {
6938 pn2 = BinaryNode::create(tc);
6939 if (!pn2)
6940 return NULL;
6941 tt = tokenStream.getToken(TSF_OPERAND | TSF_KEYWORD_IS_NAME);
6942 pn3 = primaryExpr(tt, JS_TRUE);
6943 if (!pn3)
6944 return NULL;
6945 tt = PN_TYPE(pn3);
6946 if (tt == TOK_NAME && !pn3->pn_parens) {
6947 pn3->pn_type = TOK_STRING;
6948 pn3->pn_arity = PN_NULLARY;
6949 pn3->pn_op = JSOP_QNAMEPART;
6950 } else if (!TokenKindIsXML(tt)) {
6951 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_NAME_AFTER_DOT);
6952 return NULL;
6953 }
6954 pn2->pn_op = JSOP_DESCENDANTS;
6955 pn2->pn_left = pn;
6956 pn2->pn_right = pn3;
6957 pn2->pn_pos.begin = pn->pn_pos.begin;
6958 pn2->pn_pos.end = tokenStream.currentToken().pos.end;
6959 #endif
6960 } else if (tt == TOK_LB) {
6961 pn2 = BinaryNode::create(tc);
6962 if (!pn2)
6963 return NULL;
6964 pn3 = expr();
6965 if (!pn3)
6966 return NULL;
6967
6968 MUST_MATCH_TOKEN(TOK_RB, JSMSG_BRACKET_IN_INDEX);
6969 pn2->pn_pos.begin = pn->pn_pos.begin;
6970 pn2->pn_pos.end = tokenStream.currentToken().pos.end;
6971
6972 /*
6973 * Optimize o['p'] to o.p by rewriting pn2, but avoid rewriting
6974 * o['0'] to use JSOP_GETPROP, to keep fast indexing disjoint in
6975 * the interpreter from fast property access. However, if the
6976 * bracketed string is a uint32, we rewrite pn3 to be a number
6977 * instead of a string.
6978 */
6979 do {
6980 if (pn3->pn_type == TOK_STRING) {
6981 jsuint index;
6982
6983 if (!js_IdIsIndex(ATOM_TO_JSID(pn3->pn_atom), &index)) {
6984 pn2->pn_type = TOK_DOT;
6985 pn2->pn_op = JSOP_GETPROP;
6986 pn2->pn_arity = PN_NAME;
6987 pn2->pn_expr = pn;
6988 pn2->pn_atom = pn3->pn_atom;
6989 break;
6990 }
6991 pn3->pn_type = TOK_NUMBER;
6992 pn3->pn_op = JSOP_DOUBLE;
6993 pn3->pn_dval = index;
6994 }
6995 pn2->pn_op = JSOP_GETELEM;
6996 pn2->pn_left = pn;
6997 pn2->pn_right = pn3;
6998 } while (0);
6999 } else if (allowCallSyntax && tt == TOK_LP) {
7000 pn2 = ListNode::create(tc);
7001 if (!pn2)
7002 return NULL;
7003 pn2->pn_op = JSOP_CALL;
7004
7005 pn = CheckForImmediatelyAppliedLambda(pn);
7006 if (pn->pn_op == JSOP_NAME) {
7007 if (pn->pn_atom == context->runtime->atomState.evalAtom) {
7008 /* Select JSOP_EVAL and flag tc as heavyweight. */
7009 pn2->pn_op = JSOP_EVAL;
7010 tc->flags |= TCF_FUN_HEAVYWEIGHT;
7011 }
7012 } else if (pn->pn_op == JSOP_GETPROP) {
7013 if (pn->pn_atom == context->runtime->atomState.applyAtom ||
7014 pn->pn_atom == context->runtime->atomState.callAtom) {
7015 /* Select JSOP_APPLY given foo.apply(...). */
7016 pn2->pn_op = JSOP_APPLY;
7017 }
7018 }
7019
7020 pn2->initList(pn);
7021 pn2->pn_pos.begin = pn->pn_pos.begin;
7022
7023 if (!argumentList(pn2))
7024 return NULL;
7025 if (pn2->pn_count > ARGC_LIMIT) {
7026 JS_ReportErrorNumber(context, js_GetErrorMessage, NULL,
7027 JSMSG_TOO_MANY_FUN_ARGS);
7028 return NULL;
7029 }
7030 pn2->pn_pos.end = tokenStream.currentToken().pos.end;
7031 } else {
7032 tokenStream.ungetToken();
7033 return pn;
7034 }
7035
7036 pn = pn2;
7037 }
7038 if (tt == TOK_ERROR)
7039 return NULL;
7040 return pn;
7041 }
7042
7043 JSParseNode *
7044 Parser::bracketedExpr()
7045 {
7046 uintN oldflags;
7047 JSParseNode *pn;
7048
7049 /*
7050 * Always accept the 'in' operator in a parenthesized expression,
7051 * where it's unambiguous, even if we might be parsing the init of a
7052 * for statement.
7053 */
7054 oldflags = tc->flags;
7055 tc->flags &= ~TCF_IN_FOR_INIT;
7056 pn = expr();
7057 tc->flags = oldflags | (tc->flags & TCF_FUN_FLAGS);
7058 return pn;
7059 }
7060
7061 #if JS_HAS_XML_SUPPORT
7062
7063 JSParseNode *
7064 Parser::endBracketedExpr()
7065 {
7066 JSParseNode *pn;
7067
7068 pn = bracketedExpr();
7069 if (!pn)
7070 return NULL;
7071
7072 MUST_MATCH_TOKEN(TOK_RB, JSMSG_BRACKET_AFTER_ATTR_EXPR);
7073 return pn;
7074 }
7075
7076 /*
7077 * From the ECMA-357 grammar in 11.1.1 and 11.1.2:
7078 *
7079 * AttributeIdentifier:
7080 * @ PropertySelector
7081 * @ QualifiedIdentifier
7082 * @ [ Expression ]
7083 *
7084 * PropertySelector:
7085 * Identifier
7086 * *
7087 *
7088 * QualifiedIdentifier:
7089 * PropertySelector :: PropertySelector
7090 * PropertySelector :: [ Expression ]
7091 *
7092 * We adapt AttributeIdentifier and QualifiedIdentier to be LL(1), like so:
7093 *
7094 * AttributeIdentifier:
7095 * @ QualifiedIdentifier
7096 * @ [ Expression ]
7097 *
7098 * PropertySelector:
7099 * Identifier
7100 * *
7101 *
7102 * QualifiedIdentifier:
7103 * PropertySelector :: PropertySelector
7104 * PropertySelector :: [ Expression ]
7105 * PropertySelector
7106 *
7107 * As PrimaryExpression: Identifier is in ECMA-262 and we want the semantics
7108 * for that rule to result in a name node, but ECMA-357 extends the grammar
7109 * to include PrimaryExpression: QualifiedIdentifier, we must factor further:
7110 *
7111 * QualifiedIdentifier:
7112 * PropertySelector QualifiedSuffix
7113 *
7114 * QualifiedSuffix:
7115 * :: PropertySelector
7116 * :: [ Expression ]
7117 * /nothing/
7118 *
7119 * And use this production instead of PrimaryExpression: QualifiedIdentifier:
7120 *
7121 * PrimaryExpression:
7122 * Identifier QualifiedSuffix
7123 *
7124 * We hoist the :: match into callers of QualifiedSuffix, in order to tweak
7125 * PropertySelector vs. Identifier pn_arity, pn_op, and other members.
7126 */
7127 JSParseNode *
7128 Parser::propertySelector()
7129 {
7130 JSParseNode *pn;
7131
7132 pn = NullaryNode::create(tc);
7133 if (!pn)
7134 return NULL;
7135 if (pn->pn_type == TOK_STAR) {
7136 pn->pn_type = TOK_ANYNAME;
7137 pn->pn_op = JSOP_ANYNAME;
7138 pn->pn_atom = context->runtime->atomState.starAtom;
7139 } else {
7140 JS_ASSERT(pn->pn_type == TOK_NAME);
7141 pn->pn_op = JSOP_QNAMEPART;
7142 pn->pn_arity = PN_NAME;
7143 pn->pn_atom = tokenStream.currentToken().t_atom;
7144 pn->pn_cookie = FREE_UPVAR_COOKIE;
7145 }
7146 return pn;
7147 }
7148
7149 JSParseNode *
7150 Parser::qualifiedSuffix(JSParseNode *pn)
7151 {
7152 JSParseNode *pn2, *pn3;
7153 TokenKind tt;
7154
7155 JS_ASSERT(tokenStream.currentToken().type == TOK_DBLCOLON);
7156 pn2 = NameNode::create(NULL, tc);
7157 if (!pn2)
7158 return NULL;
7159
7160 /* Left operand of :: must be evaluated if it is an identifier. */
7161 if (pn->pn_op == JSOP_QNAMEPART)
7162 pn->pn_op = JSOP_NAME;
7163
7164 tt = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
7165 if (tt == TOK_STAR || tt == TOK_NAME) {
7166 /* Inline and specialize propertySelector for JSOP_QNAMECONST. */
7167 pn2->pn_op = JSOP_QNAMECONST;
7168 pn2->pn_pos.begin = pn->pn_pos.begin;
7169 pn2->pn_atom = (tt == TOK_STAR)
7170 ? context->runtime->atomState.starAtom
7171 : tokenStream.currentToken().t_atom;
7172 pn2->pn_expr = pn;
7173 pn2->pn_cookie = FREE_UPVAR_COOKIE;
7174 return pn2;
7175 }
7176
7177 if (tt != TOK_LB) {
7178 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
7179 return NULL;
7180 }
7181 pn3 = endBracketedExpr();
7182 if (!pn3)
7183 return NULL;
7184
7185 pn2->pn_op = JSOP_QNAME;
7186 pn2->pn_arity = PN_BINARY;
7187 pn2->pn_pos.begin = pn->pn_pos.begin;
7188 pn2->pn_pos.end = pn3->pn_pos.end;
7189 pn2->pn_left = pn;
7190 pn2->pn_right = pn3;
7191 return pn2;
7192 }
7193
7194 JSParseNode *
7195 Parser::qualifiedIdentifier()
7196 {
7197 JSParseNode *pn;
7198
7199 pn = propertySelector();
7200 if (!pn)
7201 return NULL;
7202 if (tokenStream.matchToken(TOK_DBLCOLON)) {
7203 /* Hack for bug 496316. Slowing down E4X won't make it go away, alas. */
7204 tc->flags |= TCF_FUN_HEAVYWEIGHT;
7205 pn = qualifiedSuffix(pn);
7206 }
7207 return pn;
7208 }
7209
7210 JSParseNode *
7211 Parser::attributeIdentifier()
7212 {
7213 JSParseNode *pn, *pn2;
7214 TokenKind tt;
7215
7216 JS_ASSERT(tokenStream.currentToken().type == TOK_AT);
7217 pn = UnaryNode::create(tc);
7218 if (!pn)
7219 return NULL;
7220 pn->pn_op = JSOP_TOATTRNAME;
7221 tt = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
7222 if (tt == TOK_STAR || tt == TOK_NAME) {
7223 pn2 = qualifiedIdentifier();
7224 } else if (tt == TOK_LB) {
7225 pn2 = endBracketedExpr();
7226 } else {
7227 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
7228 return NULL;
7229 }
7230 if (!pn2)
7231 return NULL;
7232 pn->pn_kid = pn2;
7233 return pn;
7234 }
7235
7236 /*
7237 * Make a TOK_LC unary node whose pn_kid is an expression.
7238 */
7239 JSParseNode *
7240 Parser::xmlExpr(JSBool inTag)
7241 {
7242 JSParseNode *pn, *pn2;
7243
7244 JS_ASSERT(tokenStream.currentToken().type == TOK_LC);
7245 pn = UnaryNode::create(tc);
7246 if (!pn)
7247 return NULL;
7248
7249 /*
7250 * Turn off XML tag mode. We save the old value of the flag because it may
7251 * already be off: XMLExpr is called both from within a tag, and from
7252 * within text contained in an element, but outside of any start, end, or
7253 * point tag.
7254 */
7255 bool oldflag = tokenStream.isXMLTagMode();
7256 tokenStream.setXMLTagMode(false);
7257 pn2 = expr();
7258 if (!pn2)
7259 return NULL;
7260
7261 MUST_MATCH_TOKEN(TOK_RC, JSMSG_CURLY_IN_XML_EXPR);
7262 tokenStream.setXMLTagMode(oldflag);
7263 pn->pn_kid = pn2;
7264 pn->pn_op = inTag ? JSOP_XMLTAGEXPR : JSOP_XMLELTEXPR;
7265 return pn;
7266 }
7267
7268 /*
7269 * Make a terminal node for one of TOK_XMLNAME, TOK_XMLATTR, TOK_XMLSPACE,
7270 * TOK_XMLTEXT, TOK_XMLCDATA, TOK_XMLCOMMENT, or TOK_XMLPI. When converting
7271 * parse tree to XML, we preserve a TOK_XMLSPACE node only if it's the sole
7272 * child of a container tag.
7273 */
7274 JSParseNode *
7275 Parser::xmlAtomNode()
7276 {
7277 JSParseNode *pn = NullaryNode::create(tc);
7278 if (!pn)
7279 return NULL;
7280 const Token &tok = tokenStream.currentToken();
7281 pn->pn_op = tok.t_op;
7282 pn->pn_atom = tok.t_atom;
7283 if (tok.type == TOK_XMLPI)
7284 pn->pn_atom2 = tok.t_atom2;
7285 return pn;
7286 }
7287
7288 /*
7289 * Parse the productions:
7290 *
7291 * XMLNameExpr:
7292 * XMLName XMLNameExpr?
7293 * { Expr } XMLNameExpr?
7294 *
7295 * Return a PN_LIST, PN_UNARY, or PN_NULLARY according as XMLNameExpr produces
7296 * a list of names and/or expressions, a single expression, or a single name.
7297 * If PN_LIST or PN_NULLARY, pn_type will be TOK_XMLNAME; if PN_UNARY, pn_type
7298 * will be TOK_LC.
7299 */
7300 JSParseNode *
7301 Parser::xmlNameExpr()
7302 {
7303 JSParseNode *pn, *pn2, *list;
7304 TokenKind tt;
7305
7306 pn = list = NULL;
7307 do {
7308 tt = tokenStream.currentToken().type;
7309 if (tt == TOK_LC) {
7310 pn2 = xmlExpr(JS_TRUE);
7311 if (!pn2)
7312 return NULL;
7313 } else {
7314 JS_ASSERT(tt == TOK_XMLNAME);
7315 pn2 = xmlAtomNode();
7316 if (!pn2)
7317 return NULL;
7318 }
7319
7320 if (!pn) {
7321 pn = pn2;
7322 } else {
7323 if (!list) {
7324 list = ListNode::create(tc);
7325 if (!list)
7326 return NULL;
7327 list->pn_type = TOK_XMLNAME;
7328 list->pn_pos.begin = pn->pn_pos.begin;
7329 list->initList(pn);
7330 list->pn_xflags = PNX_CANTFOLD;
7331 pn = list;
7332 }
7333 pn->pn_pos.end = pn2->pn_pos.end;
7334 pn->append(pn2);
7335 }
7336 } while ((tt = tokenStream.getToken()) == TOK_XMLNAME || tt == TOK_LC);
7337
7338 tokenStream.ungetToken();
7339 return pn;
7340 }
7341
7342 /*
7343 * Macro to test whether an XMLNameExpr or XMLTagContent node can be folded
7344 * at compile time into a JSXML tree.
7345 */
7346 #define XML_FOLDABLE(pn) ((pn)->pn_arity == PN_LIST \
7347 ? ((pn)->pn_xflags & PNX_CANTFOLD) == 0 \
7348 : (pn)->pn_type != TOK_LC)
7349
7350 /*
7351 * Parse the productions:
7352 *
7353 * XMLTagContent:
7354 * XMLNameExpr
7355 * XMLTagContent S XMLNameExpr S? = S? XMLAttr
7356 * XMLTagContent S XMLNameExpr S? = S? { Expr }
7357 *
7358 * Return a PN_LIST, PN_UNARY, or PN_NULLARY according to how XMLTagContent
7359 * produces a list of name and attribute values and/or braced expressions, a
7360 * single expression, or a single name.
7361 *
7362 * If PN_LIST or PN_NULLARY, pn_type will be TOK_XMLNAME for the case where
7363 * XMLTagContent: XMLNameExpr. If pn_type is not TOK_XMLNAME but pn_arity is
7364 * PN_LIST, pn_type will be tagtype. If PN_UNARY, pn_type will be TOK_LC and
7365 * we parsed exactly one expression.
7366 */
7367 JSParseNode *
7368 Parser::xmlTagContent(TokenKind tagtype, JSAtom **namep)
7369 {
7370 JSParseNode *pn, *pn2, *list;
7371 TokenKind tt;
7372
7373 pn = xmlNameExpr();
7374 if (!pn)
7375 return NULL;
7376 *namep = (pn->pn_arity == PN_NULLARY) ? pn->pn_atom : NULL;
7377 list = NULL;
7378
7379 while (tokenStream.matchToken(TOK_XMLSPACE)) {
7380 tt = tokenStream.getToken();
7381 if (tt != TOK_XMLNAME && tt != TOK_LC) {
7382 tokenStream.ungetToken();
7383 break;
7384 }
7385
7386 pn2 = xmlNameExpr();
7387 if (!pn2)
7388 return NULL;
7389 if (!list) {
7390 list = ListNode::create(tc);
7391 if (!list)
7392 return NULL;
7393 list->pn_type = tagtype;
7394 list->pn_pos.begin = pn->pn_pos.begin;
7395 list->initList(pn);
7396 pn = list;
7397 }
7398 pn->append(pn2);
7399 if (!XML_FOLDABLE(pn2))
7400 pn->pn_xflags |= PNX_CANTFOLD;
7401
7402 tokenStream.matchToken(TOK_XMLSPACE);
7403 MUST_MATCH_TOKEN(TOK_ASSIGN, JSMSG_NO_ASSIGN_IN_XML_ATTR);
7404 tokenStream.matchToken(TOK_XMLSPACE);
7405
7406 tt = tokenStream.getToken();
7407 if (tt == TOK_XMLATTR) {
7408 pn2 = xmlAtomNode();
7409 } else if (tt == TOK_LC) {
7410 pn2 = xmlExpr(JS_TRUE);
7411 pn->pn_xflags |= PNX_CANTFOLD;
7412 } else {
7413 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_ATTR_VALUE);
7414 return NULL;
7415 }
7416 if (!pn2)
7417 return NULL;
7418 pn->pn_pos.end = pn2->pn_pos.end;
7419 pn->append(pn2);
7420 }
7421
7422 return pn;
7423 }
7424
7425 #define XML_CHECK_FOR_ERROR_AND_EOF(tt,result) \
7426 JS_BEGIN_MACRO \
7427 if ((tt) <= TOK_EOF) { \
7428 if ((tt) == TOK_EOF) { \
7429 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_END_OF_XML_SOURCE); \
7430 } \
7431 return result; \
7432 } \
7433 JS_END_MACRO
7434
7435 /*
7436 * Consume XML element tag content, including the TOK_XMLETAGO (</) sequence
7437 * that opens the end tag for the container.
7438 */
7439 JSBool
7440 Parser::xmlElementContent(JSParseNode *pn)
7441 {
7442 tokenStream.setXMLTagMode(false);
7443 for (;;) {
7444 TokenKind tt = tokenStream.getToken(TSF_XMLTEXTMODE);
7445 XML_CHECK_FOR_ERROR_AND_EOF(tt, JS_FALSE);
7446
7447 JS_ASSERT(tt == TOK_XMLSPACE || tt == TOK_XMLTEXT);
7448 JSAtom *textAtom = tokenStream.currentToken().t_atom;
7449 if (textAtom) {
7450 /* Non-zero-length XML text scanned. */
7451 JSParseNode *pn2 = xmlAtomNode();
7452 if (!pn2)
7453 return JS_FALSE;
7454 pn->pn_pos.end = pn2->pn_pos.end;
7455 pn->append(pn2);
7456 }
7457
7458 tt = tokenStream.getToken(TSF_OPERAND);
7459 XML_CHECK_FOR_ERROR_AND_EOF(tt, JS_FALSE);
7460 if (tt == TOK_XMLETAGO)
7461 break;
7462
7463 JSParseNode *pn2;
7464 if (tt == TOK_LC) {
7465 pn2 = xmlExpr(JS_FALSE);
7466 pn->pn_xflags |= PNX_CANTFOLD;
7467 } else if (tt == TOK_XMLSTAGO) {
7468 pn2 = xmlElementOrList(JS_FALSE);
7469 if (pn2) {
7470 pn2->pn_xflags &= ~PNX_XMLROOT;
7471 pn->pn_xflags |= pn2->pn_xflags;
7472 }
7473 } else {
7474 JS_ASSERT(tt == TOK_XMLCDATA || tt == TOK_XMLCOMMENT ||
7475 tt == TOK_XMLPI);
7476 pn2 = xmlAtomNode();
7477 }
7478 if (!pn2)
7479 return JS_FALSE;
7480 pn->pn_pos.end = pn2->pn_pos.end;
7481 pn->append(pn2);
7482 }
7483 tokenStream.setXMLTagMode(true);
7484
7485 JS_ASSERT(tokenStream.currentToken().type == TOK_XMLETAGO);
7486 return JS_TRUE;
7487 }
7488
7489 /*
7490 * Return a PN_LIST node containing an XML or XMLList Initialiser.
7491 */
7492 JSParseNode *
7493 Parser::xmlElementOrList(JSBool allowList)
7494 {
7495 JSParseNode *pn, *pn2, *list;
7496 TokenKind tt;
7497 JSAtom *startAtom, *endAtom;
7498
7499 JS_CHECK_RECURSION(context, return NULL);
7500
7501 JS_ASSERT(tokenStream.currentToken().type == TOK_XMLSTAGO);
7502 pn = ListNode::create(tc);
7503 if (!pn)
7504 return NULL;
7505
7506 tokenStream.setXMLTagMode(true);
7507 tt = tokenStream.getToken();
7508 if (tt == TOK_ERROR)
7509 return NULL;
7510
7511 if (tt == TOK_XMLNAME || tt == TOK_LC) {
7512 /*
7513 * XMLElement. Append the tag and its contents, if any, to pn.
7514 */
7515 pn2 = xmlTagContent(TOK_XMLSTAGO, &startAtom);
7516 if (!pn2)
7517 return NULL;
7518 tokenStream.matchToken(TOK_XMLSPACE);
7519
7520 tt = tokenStream.getToken();
7521 if (tt == TOK_XMLPTAGC) {
7522 /* Point tag (/>): recycle pn if pn2 is a list of tag contents. */
7523 if (pn2->pn_type == TOK_XMLSTAGO) {
7524 pn->makeEmpty();
7525 RecycleTree(pn, tc);
7526 pn = pn2;
7527 } else {
7528 JS_ASSERT(pn2->pn_type == TOK_XMLNAME ||
7529 pn2->pn_type == TOK_LC);
7530 pn->initList(pn2);
7531 if (!XML_FOLDABLE(pn2))
7532 pn->pn_xflags |= PNX_CANTFOLD;
7533 }
7534 pn->pn_type = TOK_XMLPTAGC;
7535 pn->pn_xflags |= PNX_XMLROOT;
7536 } else {
7537 /* We had better have a tag-close (>) at this point. */
7538 if (tt != TOK_XMLTAGC) {
7539 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_TAG_SYNTAX);
7540 return NULL;
7541 }
7542 pn2->pn_pos.end = tokenStream.currentToken().pos.end;
7543
7544 /* Make sure pn2 is a TOK_XMLSTAGO list containing tag contents. */
7545 if (pn2->pn_type != TOK_XMLSTAGO) {
7546 pn->initList(pn2);
7547 if (!XML_FOLDABLE(pn2))
7548 pn->pn_xflags |= PNX_CANTFOLD;
7549 pn2 = pn;
7550 pn = ListNode::create(tc);
7551 if (!pn)
7552 return NULL;
7553 }
7554
7555 /* Now make pn a nominal-root TOK_XMLELEM list containing pn2. */
7556 pn->pn_type = TOK_XMLELEM;
7557 pn->pn_pos.begin = pn2->pn_pos.begin;
7558 pn->initList(pn2);
7559 if (!XML_FOLDABLE(pn2))
7560 pn->pn_xflags |= PNX_CANTFOLD;
7561 pn->pn_xflags |= PNX_XMLROOT;
7562
7563 /* Get element contents and delimiting end-tag-open sequence. */
7564 if (!xmlElementContent(pn))
7565 return NULL;
7566
7567 tt = tokenStream.getToken();
7568 XML_CHECK_FOR_ERROR_AND_EOF(tt, NULL);
7569 if (tt != TOK_XMLNAME && tt != TOK_LC) {
7570 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_TAG_SYNTAX);
7571 return NULL;
7572 }
7573
7574 /* Parse end tag; check mismatch at compile-time if we can. */
7575 pn2 = xmlTagContent(TOK_XMLETAGO, &endAtom);
7576 if (!pn2)
7577 return NULL;
7578 if (pn2->pn_type == TOK_XMLETAGO) {
7579 /* Oops, end tag has attributes! */
7580 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_TAG_SYNTAX);
7581 return NULL;
7582 }
7583 if (endAtom && startAtom && endAtom != startAtom) {
7584 JSString *str = ATOM_TO_STRING(startAtom);
7585
7586 /* End vs. start tag name mismatch: point to the tag name. */
7587 reportErrorNumber(pn2, JSREPORT_UC | JSREPORT_ERROR, JSMSG_XML_TAG_NAME_MISMATCH,
7588 str->chars());
7589 return NULL;
7590 }
7591
7592 /* Make a TOK_XMLETAGO list with pn2 as its single child. */
7593 JS_ASSERT(pn2->pn_type == TOK_XMLNAME || pn2->pn_type == TOK_LC);
7594 list = ListNode::create(tc);
7595 if (!list)
7596 return NULL;
7597 list->pn_type = TOK_XMLETAGO;
7598 list->initList(pn2);
7599 pn->append(list);
7600 if (!XML_FOLDABLE(pn2)) {
7601 list->pn_xflags |= PNX_CANTFOLD;
7602 pn->pn_xflags |= PNX_CANTFOLD;
7603 }
7604
7605 tokenStream.matchToken(TOK_XMLSPACE);
7606 MUST_MATCH_TOKEN(TOK_XMLTAGC, JSMSG_BAD_XML_TAG_SYNTAX);
7607 }
7608
7609 /* Set pn_op now that pn has been updated to its final value. */
7610 pn->pn_op = JSOP_TOXML;
7611 } else if (allowList && tt == TOK_XMLTAGC) {
7612 /* XMLList Initialiser. */
7613 pn->pn_type = TOK_XMLLIST;
7614 pn->pn_op = JSOP_TOXMLLIST;
7615 pn->makeEmpty();
7616 pn->pn_xflags |= PNX_XMLROOT;
7617 if (!xmlElementContent(pn))
7618 return NULL;
7619
7620 MUST_MATCH_TOKEN(TOK_XMLTAGC, JSMSG_BAD_XML_LIST_SYNTAX);
7621 } else {
7622 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_NAME_SYNTAX);
7623 return NULL;
7624 }
7625 tokenStream.setXMLTagMode(false);
7626
7627 pn->pn_pos.end = tokenStream.currentToken().pos.end;
7628 return pn;
7629 }
7630
7631 JSParseNode *
7632 Parser::xmlElementOrListRoot(JSBool allowList)
7633 {
7634 uint32 oldopts;
7635 JSParseNode *pn;
7636
7637 /*
7638 * Force XML support to be enabled so that comments and CDATA literals
7639 * are recognized, instead of <! followed by -- starting an HTML comment
7640 * to end of line (used in script tags to hide content from old browsers
7641 * that don't recognize <script>).
7642 */
7643 oldopts = JS_SetOptions(context, context->options | JSOPTION_XML);
7644 pn = xmlElementOrList(allowList);
7645 JS_SetOptions(context, oldopts);
7646 return pn;
7647 }
7648
7649 JSParseNode *
7650 Parser::parseXMLText(JSObject *chain, bool allowList)
7651 {
7652 /*
7653 * Push a compiler frame if we have no frames, or if the top frame is a
7654 * lightweight function activation, or if its scope chain doesn't match
7655 * the one passed to us.
7656 */
7657 JSTreeContext xmltc(this);
7658 xmltc.scopeChain = chain;
7659
7660 /* Set XML-only mode to turn off special treatment of {expr} in XML. */
7661 tokenStream.setXMLOnlyMode();
7662 TokenKind tt = tokenStream.getToken(TSF_OPERAND);
7663
7664 JSParseNode *pn;
7665 if (tt != TOK_XMLSTAGO) {
7666 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_XML_MARKUP);
7667 pn = NULL;
7668 } else {
7669 pn = xmlElementOrListRoot(allowList);
7670 }
7671 tokenStream.setXMLOnlyMode(false);
7672
7673 return pn;
7674 }
7675
7676 #endif /* JS_HAS_XMLSUPPORT */
7677
7678 #if JS_HAS_BLOCK_SCOPE
7679 /*
7680 * Check whether blockid is an active scoping statement in tc. This code is
7681 * necessary to qualify tc->decls.lookup() hits in primaryExpr's TOK_NAME case
7682 * (below) where the hits come from Scheme-ish let bindings in for loop heads
7683 * and let blocks and expressions (not let declarations).
7684 *
7685 * Unlike let declarations ("let as the new var"), which is a kind of letrec
7686 * due to hoisting, let in a for loop head, let block, or let expression acts
7687 * like Scheme's let: initializers are evaluated without the new let bindings
7688 * being in scope.
7689 *
7690 * Name binding analysis is eager with fixups, rather than multi-pass, and let
7691 * bindings push on the front of the tc->decls JSAtomList (either the singular
7692 * list or on a hash chain -- see JSAtomList::AddHow) in order to shadow outer
7693 * scope bindings of the same name.
7694 *
7695 * This simplifies binding lookup code at the price of a linear search here,
7696 * but only if code uses let (var predominates), and even then this function's
7697 * loop iterates more than once only in crazy cases.
7698 */
7699 static inline bool
7700 BlockIdInScope(uintN blockid, JSTreeContext *tc)
7701 {
7702 if (blockid > tc->blockid())
7703 return false;
7704 for (JSStmtInfo *stmt = tc->topScopeStmt; stmt; stmt = stmt->downScope) {
7705 if (stmt->blockid == blockid)
7706 return true;
7707 }
7708 return false;
7709 }
7710 #endif
7711
7712 JSParseNode *
7713 Parser::primaryExpr(TokenKind tt, JSBool afterDot)
7714 {
7715 JSParseNode *pn, *pn2, *pn3;
7716 JSOp op;
7717
7718 JS_CHECK_RECURSION(context, return NULL);
7719
7720 switch (tt) {
7721 case TOK_FUNCTION:
7722 #if JS_HAS_XML_SUPPORT
7723 if (tokenStream.matchToken(TOK_DBLCOLON, TSF_KEYWORD_IS_NAME)) {
7724 pn2 = NullaryNode::create(tc);
7725 if (!pn2)
7726 return NULL;
7727 pn2->pn_type = TOK_FUNCTION;
7728 pn = qualifiedSuffix(pn2);
7729 if (!pn)
7730 return NULL;
7731 break;
7732 }
7733 #endif
7734 pn = functionExpr();
7735 if (!pn)
7736 return NULL;
7737 break;
7738
7739 case TOK_LB:
7740 {
7741 JSBool matched;
7742 jsuint index;
7743
7744 pn = ListNode::create(tc);
7745 if (!pn)
7746 return NULL;
7747 pn->pn_type = TOK_RB;
7748 pn->pn_op = JSOP_NEWINIT;
7749 pn->makeEmpty();
7750
7751 #if JS_HAS_GENERATORS
7752 pn->pn_blockid = tc->blockidGen;
7753 #endif
7754
7755 matched = tokenStream.matchToken(TOK_RB, TSF_OPERAND);
7756 if (!matched) {
7757 for (index = 0; ; index++) {
7758 if (index == JS_ARGS_LENGTH_MAX) {
7759 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_ARRAY_INIT_TOO_BIG);
7760 return NULL;
7761 }
7762
7763 tt = tokenStream.peekToken(TSF_OPERAND);
7764 if (tt == TOK_RB) {
7765 pn->pn_xflags |= PNX_ENDCOMMA;
7766 break;
7767 }
7768
7769 if (tt == TOK_COMMA) {
7770 /* So CURRENT_TOKEN gets TOK_COMMA and not TOK_LB. */
7771 tokenStream.matchToken(TOK_COMMA);
7772 pn2 = NullaryNode::create(tc);
7773 pn->pn_xflags |= PNX_HOLEY;
7774 } else {
7775 pn2 = assignExpr();
7776 }
7777 if (!pn2)
7778 return NULL;
7779 pn->append(pn2);
7780
7781 if (tt != TOK_COMMA) {
7782 /* If we didn't already match TOK_COMMA in above case. */
7783 if (!tokenStream.matchToken(TOK_COMMA))
7784 break;
7785 }
7786 }
7787
7788 #if JS_HAS_GENERATORS
7789 /*
7790 * At this point, (index == 0 && pn->pn_count != 0) implies one
7791 * element initialiser was parsed.
7792 *
7793 * An array comprehension of the form:
7794 *
7795 * [i * j for (i in o) for (j in p) if (i != j)]
7796 *
7797 * translates to roughly the following let expression:
7798 *
7799 * let (array = new Array, i, j) {
7800 * for (i in o) let {
7801 * for (j in p)
7802 * if (i != j)
7803 * array.push(i * j)
7804 * }
7805 * array
7806 * }
7807 *
7808 * where array is a nameless block-local variable. The "roughly"
7809 * means that an implementation may optimize away the array.push.
7810 * An array comprehension opens exactly one block scope, no matter
7811 * how many for heads it contains.
7812 *
7813 * Each let () {...} or for (let ...) ... compiles to:
7814 *
7815 * JSOP_ENTERBLOCK <o> ... JSOP_LEAVEBLOCK <n>
7816 *
7817 * where <o> is a literal object representing the block scope,
7818 * with <n> properties, naming each var declared in the block.
7819 *
7820 * Each var declaration in a let-block binds a name in <o> at
7821 * compile time, and allocates a slot on the operand stack at
7822 * runtime via JSOP_ENTERBLOCK. A block-local var is accessed
7823 * by the JSOP_GETLOCAL and JSOP_SETLOCAL ops, and iterated with
7824 * JSOP_FORLOCAL. These ops all have an immediate operand, the
7825 * local slot's stack index from fp->spbase.
7826 *
7827 * The array comprehension iteration step, array.push(i * j) in
7828 * the example above, is done by <i * j>; JSOP_ARRAYCOMP <array>,
7829 * where <array> is the index of array's stack slot.
7830 */
7831 if (index == 0 && pn->pn_count != 0 && tokenStream.matchToken(TOK_FOR)) {
7832 JSParseNode *pnexp, *pntop;
7833
7834 /* Relabel pn as an array comprehension node. */
7835 pn->pn_type = TOK_ARRAYCOMP;
7836
7837 /*
7838 * Remove the comprehension expression from pn's linked list
7839 * and save it via pnexp. We'll re-install it underneath the
7840 * ARRAYPUSH node after we parse the rest of the comprehension.
7841 */
7842 pnexp = pn->last();
7843 JS_ASSERT(pn->pn_count == 1 || pn->pn_count == 2);
7844 pn->pn_tail = (--pn->pn_count == 1)
7845 ? &pn->pn_head->pn_next
7846 : &pn->pn_head;
7847 *pn->pn_tail = NULL;
7848
7849 pntop = comprehensionTail(pnexp, pn->pn_blockid,
7850 TOK_ARRAYPUSH, JSOP_ARRAYPUSH);
7851 if (!pntop)
7852 return NULL;
7853 pn->append(pntop);
7854 }
7855 #endif /* JS_HAS_GENERATORS */
7856
7857 MUST_MATCH_TOKEN(TOK_RB, JSMSG_BRACKET_AFTER_LIST);
7858 }
7859 pn->pn_pos.end = tokenStream.currentToken().pos.end;
7860 return pn;
7861 }
7862
7863 case TOK_LC:
7864 {
7865 JSBool afterComma;
7866 JSParseNode *pnval;
7867
7868 /*
7869 * A map from property names we've seen thus far to bit masks.
7870 * (We use ALE_INDEX/ALE_SET_INDEX). An atom's mask includes
7871 * JSPROP_SETTER if we've seen a setter for it, JSPROP_GETTER
7872 * if we've seen as getter, and both of those if we've just
7873 * seen an ordinary value.
7874 */
7875 JSAutoAtomList seen(tc->parser);
7876
7877 pn = ListNode::create(tc);
7878 if (!pn)
7879 return NULL;
7880 pn->pn_type = TOK_RC;
7881 pn->pn_op = JSOP_NEWINIT;
7882 pn->makeEmpty();
7883
7884 afterComma = JS_FALSE;
7885 for (;;) {
7886 JSAtom *atom;
7887 tt = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
7888 switch (tt) {
7889 case TOK_NUMBER:
7890 pn3 = NullaryNode::create(tc);
7891 if (!pn3)
7892 return NULL;
7893 pn3->pn_dval = tokenStream.currentToken().t_dval;
7894 if (tc->needStrictChecks()) {
7895 atom = js_AtomizeDouble(context, pn3->pn_dval);
7896 if (!atom)
7897 return NULL;
7898 } else {
7899 atom = NULL; /* for the compiler */
7900 }
7901 break;
7902 case TOK_NAME:
7903 {
7904 atom = tokenStream.currentToken().t_atom;
7905 if (atom == context->runtime->atomState.getAtom)
7906 op = JSOP_GETTER;
7907 else if (atom == context->runtime->atomState.setAtom)
7908 op = JSOP_SETTER;
7909 else
7910 goto property_name;
7911
7912 tt = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
7913 if (tt == TOK_NAME || tt == TOK_STRING) {
7914 atom = tokenStream.currentToken().t_atom;
7915 pn3 = NameNode::create(atom, tc);
7916 if (!pn3)
7917 return NULL;
7918 } else if (tt == TOK_NUMBER) {
7919 pn3 = NullaryNode::create(tc);
7920 if (!pn3)
7921 return NULL;
7922 pn3->pn_dval = tokenStream.currentToken().t_dval;
7923 if (tc->needStrictChecks()) {
7924 atom = js_AtomizeDouble(context, pn3->pn_dval);
7925 if (!atom)
7926 return NULL;
7927 } else {
7928 atom = NULL; /* for the compiler */
7929 }
7930 } else {
7931 tokenStream.ungetToken();
7932 goto property_name;
7933 }
7934
7935 /* We have to fake a 'function' token here. */
7936 tokenStream.mungeCurrentToken(TOK_FUNCTION, JSOP_NOP);
7937 pn2 = functionDef(JSFUN_LAMBDA, false);
7938 pn2 = JSParseNode::newBinaryOrAppend(TOK_COLON, op, pn3, pn2, tc);
7939 goto skip;
7940 }
7941 property_name:
7942 case TOK_STRING:
7943 atom = tokenStream.currentToken().t_atom;
7944 pn3 = NullaryNode::create(tc);
7945 if (!pn3)
7946 return NULL;
7947 pn3->pn_atom = atom;
7948 break;
7949 case TOK_RC:
7950 goto end_obj_init;
7951 default:
7952 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_PROP_ID);
7953 return NULL;
7954 }
7955
7956 op = JSOP_INITPROP;
7957 tt = tokenStream.getToken();
7958 if (tt == TOK_COLON) {
7959 pnval = assignExpr();
7960 } else {
7961 #if JS_HAS_DESTRUCTURING_SHORTHAND
7962 if (tt != TOK_COMMA && tt != TOK_RC) {
7963 #endif
7964 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_COLON_AFTER_ID);
7965 return NULL;
7966 #if JS_HAS_DESTRUCTURING_SHORTHAND
7967 }
7968
7969 /*
7970 * Support, e.g., |var {x, y} = o| as destructuring shorthand
7971 * for |var {x: x, y: y} = o|, per proposed JS2/ES4 for JS1.8.
7972 */
7973 tokenStream.ungetToken();
7974 pn->pn_xflags |= PNX_DESTRUCT;
7975 pnval = pn3;
7976 if (pnval->pn_type == TOK_NAME) {
7977 pnval->pn_arity = PN_NAME;
7978 ((NameNode *)pnval)->initCommon(tc);
7979 }
7980 #endif
7981 }
7982
7983 pn2 = JSParseNode::newBinaryOrAppend(TOK_COLON, op, pn3, pnval, tc);
7984 skip:
7985 if (!pn2)
7986 return NULL;
7987 pn->append(pn2);
7988
7989 /*
7990 * In strict mode code, check for duplicate property names. Treat
7991 * getters and setters as distinct attributes of each property. A
7992 * plain old value conflicts with a getter or a setter.
7993 */
7994 if (tc->needStrictChecks()) {
7995 unsigned attributesMask;
7996 if (op == JSOP_INITPROP) {
7997 attributesMask = JSPROP_GETTER | JSPROP_SETTER;
7998 } else if (op == JSOP_GETTER) {
7999 attributesMask = JSPROP_GETTER;
8000 } else if (op == JSOP_SETTER) {
8001 attributesMask = JSPROP_SETTER;
8002 } else {
8003 JS_NOT_REACHED("bad opcode in object initializer");
8004 attributesMask = 0;
8005 }
8006
8007 /*
8008 * Use only string-valued atoms for detecting duplicate
8009 * properties so that 1 and "1" properly collide.
8010 */
8011 if (ATOM_IS_DOUBLE(atom)) {
8012 JSString *str = js_NumberToString(context, pn3->pn_dval);
8013 if (!str)
8014 return JS_FALSE;
8015 atom = js_AtomizeString(context, str, 0);
8016 if (!atom)
8017 return JS_FALSE;
8018 }
8019
8020 JSAtomListElement *ale = seen.lookup(atom);
8021 if (ale) {
8022 if (ALE_INDEX(ale) & attributesMask) {
8023 const char *name = js_AtomToPrintableString(context, atom);
8024 if (!name ||
8025 !ReportStrictModeError(context, &tokenStream, tc, NULL,
8026 JSMSG_DUPLICATE_PROPERTY, name)) {
8027 return NULL;
8028 }
8029 }
8030 ALE_SET_INDEX(ale, attributesMask | ALE_INDEX(ale));
8031 } else {
8032 ale = seen.add(tc->parser, atom);
8033 if (!ale)
8034 return NULL;
8035 ALE_SET_INDEX(ale, attributesMask);
8036 }
8037 }
8038
8039 tt = tokenStream.getToken();
8040 if (tt == TOK_RC)
8041 goto end_obj_init;
8042 if (tt != TOK_COMMA) {
8043 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_CURLY_AFTER_LIST);
8044 return NULL;
8045 }
8046 afterComma = JS_TRUE;
8047 }
8048
8049 end_obj_init:
8050 pn->pn_pos.end = tokenStream.currentToken().pos.end;
8051 return pn;
8052 }
8053
8054 #if JS_HAS_BLOCK_SCOPE
8055 case TOK_LET:
8056 pn = letBlock(JS_FALSE);
8057 if (!pn)
8058 return NULL;
8059 break;
8060 #endif
8061
8062 #if JS_HAS_SHARP_VARS
8063 case TOK_DEFSHARP:
8064 pn = UnaryNode::create(tc);
8065 if (!pn)
8066 return NULL;
8067 pn->pn_num = (jsint) tokenStream.currentToken().t_dval;
8068 tt = tokenStream.getToken(TSF_OPERAND);
8069 pn->pn_kid = primaryExpr(tt, JS_FALSE);
8070 if (!pn->pn_kid)
8071 return NULL;
8072 if (PN_TYPE(pn->pn_kid) == TOK_USESHARP ||
8073 PN_TYPE(pn->pn_kid) == TOK_DEFSHARP ||
8074 PN_TYPE(pn->pn_kid) == TOK_STRING ||
8075 PN_TYPE(pn->pn_kid) == TOK_NUMBER ||
8076 PN_TYPE(pn->pn_kid) == TOK_PRIMARY) {
8077 reportErrorNumber(pn->pn_kid, JSREPORT_ERROR, JSMSG_BAD_SHARP_VAR_DEF);
8078 return NULL;
8079 }
8080 if (!tc->ensureSharpSlots())
8081 return NULL;
8082 break;
8083
8084 case TOK_USESHARP:
8085 /* Check for forward/dangling references at runtime, to allow eval. */
8086 pn = NullaryNode::create(tc);
8087 if (!pn)
8088 return NULL;
8089 if (!tc->ensureSharpSlots())
8090 return NULL;
8091 pn->pn_num = (jsint) tokenStream.currentToken().t_dval;
8092 break;
8093 #endif /* JS_HAS_SHARP_VARS */
8094
8095 case TOK_LP:
8096 {
8097 JSBool genexp;
8098
8099 pn = parenExpr(NULL, &genexp);
8100 if (!pn)
8101 return NULL;
8102 pn->pn_parens = true;
8103 if (!genexp)
8104 MUST_MATCH_TOKEN(TOK_RP, JSMSG_PAREN_IN_PAREN);
8105 break;
8106 }
8107
8108 #if JS_HAS_XML_SUPPORT
8109 case TOK_STAR:
8110 pn = qualifiedIdentifier();
8111 if (!pn)
8112 return NULL;
8113 break;
8114
8115 case TOK_AT:
8116 pn = attributeIdentifier();
8117 if (!pn)
8118 return NULL;
8119 break;
8120
8121 case TOK_XMLSTAGO:
8122 pn = xmlElementOrListRoot(JS_TRUE);
8123 if (!pn)
8124 return NULL;
8125 break;
8126 #endif /* JS_HAS_XML_SUPPORT */
8127
8128 case TOK_STRING:
8129 #if JS_HAS_SHARP_VARS
8130 /* FALL THROUGH */
8131 #endif
8132
8133 #if JS_HAS_XML_SUPPORT
8134 case TOK_XMLCDATA:
8135 case TOK_XMLCOMMENT:
8136 case TOK_XMLPI:
8137 #endif
8138 pn = NullaryNode::create(tc);
8139 if (!pn)
8140 return NULL;
8141 pn->pn_atom = tokenStream.currentToken().t_atom;
8142 #if JS_HAS_XML_SUPPORT
8143 if (tt == TOK_XMLPI)
8144 pn->pn_atom2 = tokenStream.currentToken().t_atom2;
8145 else
8146 #endif
8147 pn->pn_op = tokenStream.currentToken().t_op;
8148 break;
8149
8150 case TOK_NAME:
8151 pn = NameNode::create(tokenStream.currentToken().t_atom, tc);
8152 if (!pn)
8153 return NULL;
8154 JS_ASSERT(tokenStream.currentToken().t_op == JSOP_NAME);
8155 pn->pn_op = JSOP_NAME;
8156
8157 if ((tc->flags & (TCF_IN_FUNCTION | TCF_FUN_PARAM_ARGUMENTS)) == TCF_IN_FUNCTION &&
8158 pn->pn_atom == context->runtime->atomState.argumentsAtom) {
8159 /*
8160 * Flag arguments usage so we can avoid unsafe optimizations such
8161 * as formal parameter assignment analysis (because of the hated
8162 * feature whereby arguments alias formals). We do this even for
8163 * a reference of the form foo.arguments, which ancient code may
8164 * still use instead of arguments (more hate).
8165 */
8166 NoteArgumentsUse(tc);
8167
8168 /*
8169 * Bind early to JSOP_ARGUMENTS to relieve later code from having
8170 * to do this work (new rule for the emitter to count on).
8171 */
8172 if (!afterDot && !(tc->flags & TCF_DECL_DESTRUCTURING) && !tc->inStatement(STMT_WITH)) {
8173 pn->pn_op = JSOP_ARGUMENTS;
8174 pn->pn_dflags |= PND_BOUND;
8175 }
8176 } else if ((!afterDot
8177 #if JS_HAS_XML_SUPPORT
8178 || tokenStream.peekToken() == TOK_DBLCOLON
8179 #endif
8180 ) && !(tc->flags & TCF_DECL_DESTRUCTURING)) {
8181 JSStmtInfo *stmt = js_LexicalLookup(tc, pn->pn_atom, NULL);
8182 if (!stmt || stmt->type != STMT_WITH) {
8183 JSDefinition *dn;
8184
8185 JSAtomListElement *ale = tc->decls.lookup(pn->pn_atom);
8186 if (ale) {
8187 dn = ALE_DEFN(ale);
8188 #if JS_HAS_BLOCK_SCOPE
8189 /*
8190 * Skip out-of-scope let bindings along an ALE list or hash
8191 * chain. These can happen due to |let (x = x) x| block and
8192 * expression bindings, where the x on the right of = comes
8193 * from an outer scope. See bug 496532.
8194 */
8195 while (dn->isLet() && !BlockIdInScope(dn->pn_blockid, tc)) {
8196 do {
8197 ale = ALE_NEXT(ale);
8198 } while (ale && ALE_ATOM(ale) != pn->pn_atom);
8199 if (!ale)
8200 break;
8201 dn = ALE_DEFN(ale);
8202 }
8203 #endif
8204 }
8205
8206 if (ale) {
8207 dn = ALE_DEFN(ale);
8208 } else {
8209 ale = tc->lexdeps.lookup(pn->pn_atom);
8210 if (ale) {
8211 dn = ALE_DEFN(ale);
8212 } else {
8213 /*
8214 * No definition before this use in any lexical scope.
8215 * Add a mapping in tc->lexdeps from pn->pn_atom to a
8216 * new node for the forward-referenced definition. This
8217 * placeholder definition node will be adopted when we
8218 * parse the real defining declaration form, or left as
8219 * a free variable definition if we never see the real
8220 * definition.
8221 */
8222 ale = MakePlaceholder(pn, tc);
8223 if (!ale)
8224 return NULL;
8225 dn = ALE_DEFN(ale);
8226
8227 /*
8228 * In case this is a forward reference to a function,
8229 * we pessimistically set PND_FUNARG if the next token
8230 * is not a left parenthesis.
8231 *
8232 * If the definition eventually parsed into dn is not a
8233 * function, this flag won't hurt, and if we do parse a
8234 * function with pn's name, then the PND_FUNARG flag is
8235 * necessary for safe context->display-based optimiza-
8236 * tion of the closure's static link.
8237 */
8238 JS_ASSERT(PN_TYPE(dn) == TOK_NAME);
8239 JS_ASSERT(dn->pn_op == JSOP_NOP);
8240 if (tokenStream.peekToken() != TOK_LP)
8241 dn->pn_dflags |= PND_FUNARG;
8242 }
8243 }
8244
8245 JS_ASSERT(dn->pn_defn);
8246 LinkUseToDef(pn, dn, tc);
8247
8248 /* Here we handle the backward function reference case. */
8249 if (tokenStream.peekToken() != TOK_LP)
8250 dn->pn_dflags |= PND_FUNARG;
8251
8252 pn->pn_dflags |= (dn->pn_dflags & PND_FUNARG);
8253 }
8254 }
8255
8256 #if JS_HAS_XML_SUPPORT
8257 if (tokenStream.matchToken(TOK_DBLCOLON)) {
8258 if (afterDot) {
8259 JSString *str;
8260
8261 /*
8262 * Here primaryExpr is called after . or .. followed by a name
8263 * followed by ::. This is the only case where a keyword after
8264 * . or .. is not treated as a property name.
8265 */
8266 str = ATOM_TO_STRING(pn->pn_atom);
8267 tt = js_CheckKeyword(str->chars(), str->length());
8268 if (tt == TOK_FUNCTION) {
8269 pn->pn_arity = PN_NULLARY;
8270 pn->pn_type = TOK_FUNCTION;
8271 } else if (tt != TOK_EOF) {
8272 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_KEYWORD_NOT_NS);
8273 return NULL;
8274 }
8275 }
8276 pn = qualifiedSuffix(pn);
8277 if (!pn)
8278 return NULL;
8279 }
8280 #endif
8281 break;
8282
8283 case TOK_REGEXP:
8284 {
8285 JSObject *obj;
8286
8287 pn = NullaryNode::create(tc);
8288 if (!pn)
8289 return NULL;
8290
8291 obj = js_NewRegExpObject(context, &tokenStream,
8292 tokenStream.getTokenbuf().begin(),
8293 tokenStream.getTokenbuf().length(),
8294 tokenStream.currentToken().t_reflags);
8295 if (!obj)
8296 return NULL;
8297 if (!tc->compileAndGo()) {
8298 obj->clearParent();
8299 obj->clearProto();
8300 }
8301
8302 pn->pn_objbox = tc->parser->newObjectBox(obj);
8303 if (!pn->pn_objbox)
8304 return NULL;
8305
8306 pn->pn_op = JSOP_REGEXP;
8307 break;
8308 }
8309
8310 case TOK_NUMBER:
8311 pn = NullaryNode::create(tc);
8312 if (!pn)
8313 return NULL;
8314 pn->pn_op = JSOP_DOUBLE;
8315 pn->pn_dval = tokenStream.currentToken().t_dval;
8316 break;
8317
8318 case TOK_PRIMARY:
8319 pn = NullaryNode::create(tc);
8320 if (!pn)
8321 return NULL;
8322 pn->pn_op = tokenStream.currentToken().t_op;
8323 break;
8324
8325 case TOK_ERROR:
8326 /* The scanner or one of its subroutines reported the error. */
8327 return NULL;
8328
8329 default:
8330 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_SYNTAX_ERROR);
8331 return NULL;
8332 }
8333 return pn;
8334 }
8335
8336 JSParseNode *
8337 Parser::parenExpr(JSParseNode *pn1, JSBool *genexp)
8338 {
8339 TokenPtr begin;
8340 JSParseNode *pn;
8341
8342 JS_ASSERT(tokenStream.currentToken().type == TOK_LP);
8343 begin = tokenStream.currentToken().pos.begin;
8344
8345 if (genexp)
8346 *genexp = JS_FALSE;
8347 pn = bracketedExpr();
8348 if (!pn)
8349 return NULL;
8350
8351 #if JS_HAS_GENERATOR_EXPRS
8352 if (tokenStream.matchToken(TOK_FOR)) {
8353 if (pn->pn_type == TOK_YIELD && !pn->pn_parens) {
8354 reportErrorNumber(pn, JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX, js_yield_str);
8355 return NULL;
8356 }
8357 if (pn->pn_type == TOK_COMMA && !pn->pn_parens) {
8358 reportErrorNumber(pn->last(), JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX,
8359 js_generator_str);
8360 return NULL;
8361 }
8362 if (!pn1) {
8363 pn1 = UnaryNode::create(tc);
8364 if (!pn1)
8365 return NULL;
8366 }
8367 pn = generatorExpr(pn1, pn);
8368 if (!pn)
8369 return NULL;
8370 pn->pn_pos.begin = begin;
8371 if (genexp) {
8372 if (tokenStream.getToken() != TOK_RP) {
8373 reportErrorNumber(NULL, JSREPORT_ERROR, JSMSG_BAD_GENERATOR_SYNTAX,
8374 js_generator_str);
8375 return NULL;
8376 }
8377 pn->pn_pos.end = tokenStream.currentToken().pos.end;
8378 *genexp = JS_TRUE;
8379 }
8380 }
8381 #endif /* JS_HAS_GENERATOR_EXPRS */
8382
8383 return pn;
8384 }
8385
8386 /*
8387 * Fold from one constant type to another.
8388 * XXX handles only strings and numbers for now
8389 */
8390 static JSBool
8391 FoldType(JSContext *cx, JSParseNode *pn, TokenKind type)
8392 {
8393 if (PN_TYPE(pn) != type) {
8394 switch (type) {
8395 case TOK_NUMBER:
8396 if (pn->pn_type == TOK_STRING) {
8397 jsdouble d;
8398 if (!JS_ValueToNumber(cx, ATOM_KEY(pn->pn_atom), &d))
8399 return JS_FALSE;
8400 pn->pn_dval = d;
8401 pn->pn_type = TOK_NUMBER;
8402 pn->pn_op = JSOP_DOUBLE;
8403 }
8404 break;
8405
8406 case TOK_STRING:
8407 if (pn->pn_type == TOK_NUMBER) {
8408 JSString *str = js_NumberToString(cx, pn->pn_dval);
8409 if (!str)
8410 return JS_FALSE;
8411 pn->pn_atom = js_AtomizeString(cx, str, 0);
8412 if (!pn->pn_atom)
8413 return JS_FALSE;
8414 pn->pn_type = TOK_STRING;
8415 pn->pn_op = JSOP_STRING;
8416 }
8417 break;
8418
8419 default:;
8420 }
8421 }
8422 return JS_TRUE;
8423 }
8424
8425 /*
8426 * Fold two numeric constants. Beware that pn1 and pn2 are recycled, unless
8427 * one of them aliases pn, so you can't safely fetch pn2->pn_next, e.g., after
8428 * a successful call to this function.
8429 */
8430 static JSBool
8431 FoldBinaryNumeric(JSContext *cx, JSOp op, JSParseNode *pn1, JSParseNode *pn2,
8432 JSParseNode *pn, JSTreeContext *tc)
8433 {
8434 jsdouble d, d2;
8435 int32 i, j;
8436
8437 JS_ASSERT(pn1->pn_type == TOK_NUMBER && pn2->pn_type == TOK_NUMBER);
8438 d = pn1->pn_dval;
8439 d2 = pn2->pn_dval;
8440 switch (op) {
8441 case JSOP_LSH:
8442 case JSOP_RSH:
8443 i = js_DoubleToECMAInt32(d);
8444 j = js_DoubleToECMAInt32(d2);
8445 j &= 31;
8446 d = (op == JSOP_LSH) ? i << j : i >> j;
8447 break;
8448
8449 case JSOP_URSH:
8450 j = js_DoubleToECMAInt32(d2);
8451 j &= 31;
8452 d = js_DoubleToECMAUint32(d) >> j;
8453 break;
8454
8455 case JSOP_ADD:
8456 d += d2;
8457 break;
8458
8459 case JSOP_SUB:
8460 d -= d2;
8461 break;
8462
8463 case JSOP_MUL:
8464 d *= d2;
8465 break;
8466
8467 case JSOP_DIV:
8468 if (d2 == 0) {
8469 #if defined(XP_WIN)
8470 /* XXX MSVC miscompiles such that (NaN == 0) */
8471 if (JSDOUBLE_IS_NaN(d2))
8472 d = js_NaN;
8473 else
8474 #endif
8475 if (d == 0 || JSDOUBLE_IS_NaN(d))
8476 d = js_NaN;
8477 else if (JSDOUBLE_IS_NEG(d) != JSDOUBLE_IS_NEG(d2))
8478 d = js_NegativeInfinity;
8479 else
8480 d = js_PositiveInfinity;
8481 } else {
8482 d /= d2;
8483 }
8484 break;
8485
8486 case JSOP_MOD:
8487 if (d2 == 0) {
8488 d = js_NaN;
8489 } else {
8490 d = js_fmod(d, d2);
8491 }
8492 break;
8493
8494 default:;
8495 }
8496
8497 /* Take care to allow pn1 or pn2 to alias pn. */
8498 if (pn1 != pn)
8499 RecycleTree(pn1, tc);
8500 if (pn2 != pn)
8501 RecycleTree(pn2, tc);
8502 pn->pn_type = TOK_NUMBER;
8503 pn->pn_op = JSOP_DOUBLE;
8504 pn->pn_arity = PN_NULLARY;
8505 pn->pn_dval = d;
8506 return JS_TRUE;
8507 }
8508
8509 #if JS_HAS_XML_SUPPORT
8510
8511 static JSBool
8512 FoldXMLConstants(JSContext *cx, JSParseNode *pn, JSTreeContext *tc)
8513 {
8514 TokenKind tt;
8515 JSParseNode **pnp, *pn1, *pn2;
8516 JSString *accum, *str;
8517 uint32 i, j;
8518
8519 JS_ASSERT(pn->pn_arity == PN_LIST);
8520 tt = PN_TYPE(pn);
8521 pnp = &pn->pn_head;
8522 pn1 = *pnp;
8523 accum = NULL;
8524 if ((pn->pn_xflags & PNX_CANTFOLD) == 0) {
8525 if (tt == TOK_XMLETAGO)
8526 accum = ATOM_TO_STRING(cx->runtime->atomState.etagoAtom);
8527 else if (tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC)
8528 accum = ATOM_TO_STRING(cx->runtime->atomState.stagoAtom);
8529 }
8530
8531 /*
8532 * GC Rooting here is tricky: for most of the loop, |accum| is safe via
8533 * the newborn string root. However, when |pn2->pn_type| is TOK_XMLCDATA,
8534 * TOK_XMLCOMMENT, or TOK_XMLPI it is knocked out of the newborn root.
8535 * Therefore, we have to add additonal protection from GC nesting under
8536 * js_ConcatStrings.
8537 */
8538 for (pn2 = pn1, i = j = 0; pn2; pn2 = pn2->pn_next, i++) {
8539 /* The parser already rejected end-tags with attributes. */
8540 JS_ASSERT(tt != TOK_XMLETAGO || i == 0);
8541 switch (pn2->pn_type) {
8542 case TOK_XMLATTR:
8543 if (!accum)
8544 goto cantfold;
8545 /* FALL THROUGH */
8546 case TOK_XMLNAME:
8547 case TOK_XMLSPACE:
8548 case TOK_XMLTEXT:
8549 case TOK_STRING:
8550 if (pn2->pn_arity == PN_LIST)
8551 goto cantfold;
8552 str = ATOM_TO_STRING(pn2->pn_atom);
8553 break;
8554
8555 case TOK_XMLCDATA:
8556 str = js_MakeXMLCDATAString(cx, ATOM_TO_STRING(pn2->pn_atom));
8557 if (!str)
8558 return JS_FALSE;
8559 break;
8560
8561 case TOK_XMLCOMMENT:
8562 str = js_MakeXMLCommentString(cx, ATOM_TO_STRING(pn2->pn_atom));
8563 if (!str)
8564 return JS_FALSE;
8565 break;
8566
8567 case TOK_XMLPI:
8568 str = js_MakeXMLPIString(cx, ATOM_TO_STRING(pn2->pn_atom),
8569 ATOM_TO_STRING(pn2->pn_atom2));
8570 if (!str)
8571 return JS_FALSE;
8572 break;
8573
8574 cantfold:
8575 default:
8576 JS_ASSERT(*pnp == pn1);
8577 if ((tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC) &&
8578 (i & 1) ^ (j & 1)) {
8579 #ifdef DEBUG_brendanXXX
8580 printf("1: %d, %d => ", i, j);
8581 if (accum)
8582 js_FileEscapedString(stdout, accum, 0);
8583 else
8584 fputs("NULL", stdout);
8585 fputc('\n', stdout);
8586 #endif
8587 } else if (accum && pn1 != pn2) {
8588 while (pn1->pn_next != pn2) {
8589 pn1 = RecycleTree(pn1, tc);
8590 --pn->pn_count;
8591 }
8592 pn1->pn_type = TOK_XMLTEXT;
8593 pn1->pn_op = JSOP_STRING;
8594 pn1->pn_arity = PN_NULLARY;
8595 pn1->pn_atom = js_AtomizeString(cx, accum, 0);
8596 if (!pn1->pn_atom)
8597 return JS_FALSE;
8598 JS_ASSERT(pnp != &pn1->pn_next);
8599 *pnp = pn1;
8600 }
8601 pnp = &pn2->pn_next;
8602 pn1 = *pnp;
8603 accum = NULL;
8604 continue;
8605 }
8606
8607 if (accum) {
8608 {
8609 AutoValueRooter tvr(cx, accum);
8610 str = ((tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC) && i != 0)
8611 ? js_AddAttributePart(cx, i & 1, accum, str)
8612 : js_ConcatStrings(cx, accum, str);
8613 }
8614 if (!str)
8615 return JS_FALSE;
8616 #ifdef DEBUG_brendanXXX
8617 printf("2: %d, %d => ", i, j);
8618 js_FileEscapedString(stdout, str, 0);
8619 printf(" (%u)\n", str->length());
8620 #endif
8621 ++j;
8622 }
8623 accum = str;
8624 }
8625
8626 if (accum) {
8627 str = NULL;
8628 if ((pn->pn_xflags & PNX_CANTFOLD) == 0) {
8629 if (tt == TOK_XMLPTAGC)
8630 str = ATOM_TO_STRING(cx->runtime->atomState.ptagcAtom);
8631 else if (tt == TOK_XMLSTAGO || tt == TOK_XMLETAGO)
8632 str = ATOM_TO_STRING(cx->runtime->atomState.tagcAtom);
8633 }
8634 if (str) {
8635 accum = js_ConcatStrings(cx, accum, str);
8636 if (!accum)
8637 return JS_FALSE;
8638 }
8639
8640 JS_ASSERT(*pnp == pn1);
8641 while (pn1->pn_next) {
8642 pn1 = RecycleTree(pn1, tc);
8643 --pn->pn_count;
8644 }
8645 pn1->pn_type = TOK_XMLTEXT;
8646 pn1->pn_op = JSOP_STRING;
8647 pn1->pn_arity = PN_NULLARY;
8648 pn1->pn_atom = js_AtomizeString(cx, accum, 0);
8649 if (!pn1->pn_atom)
8650 return JS_FALSE;
8651 JS_ASSERT(pnp != &pn1->pn_next);
8652 *pnp = pn1;
8653 }
8654
8655 if (pn1 && pn->pn_count == 1) {
8656 /*
8657 * Only one node under pn, and it has been folded: move pn1 onto pn
8658 * unless pn is an XML root (in which case we need it to tell the code
8659 * generator to emit a JSOP_TOXML or JSOP_TOXMLLIST op). If pn is an
8660 * XML root *and* it's a point-tag, rewrite it to TOK_XMLELEM to avoid
8661 * extra "<" and "/>" bracketing at runtime.
8662 */
8663 if (!(pn->pn_xflags & PNX_XMLROOT)) {
8664 pn->become(pn1);
8665 } else if (tt == TOK_XMLPTAGC) {
8666 pn->pn_type = TOK_XMLELEM;
8667 pn->pn_op = JSOP_TOXML;
8668 }
8669 }
8670 return JS_TRUE;
8671 }
8672
8673 #endif /* JS_HAS_XML_SUPPORT */
8674
8675 static int
8676 Boolish(JSParseNode *pn)
8677 {
8678 switch (pn->pn_op) {
8679 case JSOP_DOUBLE:
8680 return pn->pn_dval != 0 && !JSDOUBLE_IS_NaN(pn->pn_dval);
8681
8682 case JSOP_STRING:
8683 return ATOM_TO_STRING(pn->pn_atom)->length() != 0;
8684
8685 #if JS_HAS_GENERATOR_EXPRS
8686 case JSOP_CALL:
8687 {
8688 /*
8689 * A generator expression as an if or loop condition has no effects, it
8690 * simply results in a truthy object reference. This condition folding
8691 * is needed for the decompiler. See bug 442342 and bug 443074.
8692 */
8693 if (pn->pn_count != 1)
8694 break;
8695 JSParseNode *pn2 = pn->pn_head;
8696 if (pn2->pn_type != TOK_FUNCTION)
8697 break;
8698 if (!(pn2->pn_funbox->tcflags & TCF_GENEXP_LAMBDA))
8699 break;
8700 /* FALL THROUGH */
8701 }
8702 #endif
8703
8704 case JSOP_DEFFUN:
8705 case JSOP_LAMBDA:
8706 case JSOP_THIS:
8707 case JSOP_TRUE:
8708 return 1;
8709
8710 case JSOP_NULL:
8711 case JSOP_FALSE:
8712 return 0;
8713
8714 default:;
8715 }
8716 return -1;
8717 }
8718
8719 JSBool
8720 js_FoldConstants(JSContext *cx, JSParseNode *pn, JSTreeContext *tc, bool inCond)
8721 {
8722 JSParseNode *pn1 = NULL, *pn2 = NULL, *pn3 = NULL;
8723
8724 JS_CHECK_RECURSION(cx, return JS_FALSE);
8725
8726 switch (pn->pn_arity) {
8727 case PN_FUNC:
8728 {
8729 uint32 oldflags = tc->flags;
8730 JSFunctionBox *oldlist = tc->functionList;
8731
8732 tc->flags = pn->pn_funbox->tcflags;
8733 tc->functionList = pn->pn_funbox->kids;
8734 if (!js_FoldConstants(cx, pn->pn_body, tc))
8735 return JS_FALSE;
8736 pn->pn_funbox->kids = tc->functionList;
8737 tc->flags = oldflags;
8738 tc->functionList = oldlist;
8739 break;
8740 }
8741
8742 case PN_LIST:
8743 {
8744 /* Propagate inCond through logical connectives. */
8745 bool cond = inCond && (pn->pn_type == TOK_OR || pn->pn_type == TOK_AND);
8746
8747 /* Don't fold a parenthesized call expression. See bug 537673. */
8748 pn1 = pn2 = pn->pn_head;
8749 if ((pn->pn_type == TOK_LP || pn->pn_type == TOK_NEW) && pn2->pn_parens)
8750 pn2 = pn2->pn_next;
8751
8752 /* Save the list head in pn1 for later use. */
8753 for (; pn2; pn2 = pn2->pn_next) {
8754 if (!js_FoldConstants(cx, pn2, tc, cond))
8755 return JS_FALSE;
8756 }
8757 break;
8758 }
8759
8760 case PN_TERNARY:
8761 /* Any kid may be null (e.g. for (;;)). */
8762 pn1 = pn->pn_kid1;
8763 pn2 = pn->pn_kid2;
8764 pn3 = pn->pn_kid3;
8765 if (pn1 && !js_FoldConstants(cx, pn1, tc, pn->pn_type == TOK_IF))
8766 return JS_FALSE;
8767 if (pn2) {
8768 if (!js_FoldConstants(cx, pn2, tc, pn->pn_type == TOK_FORHEAD))
8769 return JS_FALSE;
8770 if (pn->pn_type == TOK_FORHEAD && pn2->pn_op == JSOP_TRUE) {
8771 RecycleTree(pn2, tc);
8772 pn->pn_kid2 = NULL;
8773 }
8774 }
8775 if (pn3 && !js_FoldConstants(cx, pn3, tc))
8776 return JS_FALSE;
8777 break;
8778
8779 case PN_BINARY:
8780 pn1 = pn->pn_left;
8781 pn2 = pn->pn_right;
8782
8783 /* Propagate inCond through logical connectives. */
8784 if (pn->pn_type == TOK_OR || pn->pn_type == TOK_AND) {
8785 if (!js_FoldConstants(cx, pn1, tc, inCond))
8786 return JS_FALSE;
8787 if (!js_FoldConstants(cx, pn2, tc, inCond))
8788 return JS_FALSE;
8789 break;
8790 }
8791
8792 /* First kid may be null (for default case in switch). */
8793 if (pn1 && !js_FoldConstants(cx, pn1, tc, pn->pn_type == TOK_WHILE))
8794 return JS_FALSE;
8795 if (!js_FoldConstants(cx, pn2, tc, pn->pn_type == TOK_DO))
8796 return JS_FALSE;
8797 break;
8798
8799 case PN_UNARY:
8800 pn1 = pn->pn_kid;
8801
8802 /*
8803 * Kludge to deal with typeof expressions: because constant folding
8804 * can turn an expression into a name node, we have to check here,
8805 * before folding, to see if we should throw undefined name errors.
8806 *
8807 * NB: We know that if pn->pn_op is JSOP_TYPEOF, pn1 will not be
8808 * null. This assumption does not hold true for other unary
8809 * expressions.
8810 */
8811 if (pn->pn_op == JSOP_TYPEOF && pn1->pn_type != TOK_NAME)
8812 pn->pn_op = JSOP_TYPEOFEXPR;
8813
8814 if (pn1 && !js_FoldConstants(cx, pn1, tc, pn->pn_op == JSOP_NOT))
8815 return JS_FALSE;
8816 break;
8817
8818 case PN_NAME:
8819 /*
8820 * Skip pn1 down along a chain of dotted member expressions to avoid
8821 * excessive recursion. Our only goal here is to fold constants (if
8822 * any) in the primary expression operand to the left of the first
8823 * dot in the chain.
8824 */
8825 if (!pn->pn_used) {
8826 pn1 = pn->pn_expr;
8827 while (pn1 && pn1->pn_arity == PN_NAME && !pn1->pn_used)
8828 pn1 = pn1->pn_expr;
8829 if (pn1 && !js_FoldConstants(cx, pn1, tc))
8830 return JS_FALSE;
8831 }
8832 break;
8833
8834 case PN_NAMESET:
8835 pn1 = pn->pn_tree;
8836 if (!js_FoldConstants(cx, pn1, tc))
8837 return JS_FALSE;
8838 break;
8839
8840 case PN_NULLARY:
8841 break;
8842 }
8843
8844 switch (pn->pn_type) {
8845 case TOK_IF:
8846 if (ContainsStmt(pn2, TOK_VAR) || ContainsStmt(pn3, TOK_VAR))
8847 break;
8848 /* FALL THROUGH */
8849
8850 case TOK_HOOK:
8851 /* Reduce 'if (C) T; else E' into T for true C, E for false. */
8852 switch (pn1->pn_type) {
8853 case TOK_NUMBER:
8854 if (pn1->pn_dval == 0 || JSDOUBLE_IS_NaN(pn1->pn_dval))
8855 pn2 = pn3;
8856 break;
8857 case TOK_STRING:
8858 if (ATOM_TO_STRING(pn1->pn_atom)->length() == 0)
8859 pn2 = pn3;
8860 break;
8861 case TOK_PRIMARY:
8862 if (pn1->pn_op == JSOP_TRUE)
8863 break;
8864 if (pn1->pn_op == JSOP_FALSE || pn1->pn_op == JSOP_NULL) {
8865 pn2 = pn3;
8866 break;
8867 }
8868 /* FALL THROUGH */
8869 default:
8870 /* Early return to dodge common code that copies pn2 to pn. */
8871 return JS_TRUE;
8872 }
8873
8874 #if JS_HAS_GENERATOR_EXPRS
8875 /* Don't fold a trailing |if (0)| in a generator expression. */
8876 if (!pn2 && (tc->flags & TCF_GENEXP_LAMBDA))
8877 break;
8878 #endif
8879
8880 if (pn2 && !pn2->pn_defn)
8881 pn->become(pn2);
8882 if (!pn2 || (pn->pn_type == TOK_SEMI && !pn->pn_kid)) {
8883 /*
8884 * False condition and no else, or an empty then-statement was
8885 * moved up over pn. Either way, make pn an empty block (not an
8886 * empty statement, which does not decompile, even when labeled).
8887 * NB: pn must be a TOK_IF as TOK_HOOK can never have a null kid
8888 * or an empty statement for a child.
8889 */
8890 pn->pn_type = TOK_LC;
8891 pn->pn_arity = PN_LIST;
8892 pn->makeEmpty();
8893 }
8894 RecycleTree(pn2, tc);
8895 if (pn3 && pn3 != pn2)
8896 RecycleTree(pn3, tc);
8897 break;
8898
8899 case TOK_OR:
8900 case TOK_AND:
8901 if (inCond) {
8902 if (pn->pn_arity == PN_LIST) {
8903 JSParseNode **pnp = &pn->pn_head;
8904 JS_ASSERT(*pnp == pn1);
8905 do {
8906 int cond = Boolish(pn1);
8907 if (cond == (pn->pn_type == TOK_OR)) {
8908 for (pn2 = pn1->pn_next; pn2; pn2 = pn3) {
8909 pn3 = pn2->pn_next;
8910 RecycleTree(pn2, tc);
8911 --pn->pn_count;
8912 }
8913 pn1->pn_next = NULL;
8914 break;
8915 }
8916 if (cond != -1) {
8917 JS_ASSERT(cond == (pn->pn_type == TOK_AND));
8918 if (pn->pn_count == 1)
8919 break;
8920 *pnp = pn1->pn_next;
8921 RecycleTree(pn1, tc);
8922 --pn->pn_count;
8923 } else {
8924 pnp = &pn1->pn_next;
8925 }
8926 } while ((pn1 = *pnp) != NULL);
8927
8928 // We may have to change arity from LIST to BINARY.
8929 pn1 = pn->pn_head;
8930 if (pn->pn_count == 2) {
8931 pn2 = pn1->pn_next;
8932 pn1->pn_next = NULL;
8933 JS_ASSERT(!pn2->pn_next);
8934 pn->pn_arity = PN_BINARY;
8935 pn->pn_left = pn1;
8936 pn->pn_right = pn2;
8937 } else if (pn->pn_count == 1) {
8938 pn->become(pn1);
8939 RecycleTree(pn1, tc);
8940 }
8941 } else {
8942 int cond = Boolish(pn1);
8943 if (cond == (pn->pn_type == TOK_OR)) {
8944 RecycleTree(pn2, tc);
8945 pn->become(pn1);
8946 } else if (cond != -1) {
8947 JS_ASSERT(cond == (pn->pn_type == TOK_AND));
8948 RecycleTree(pn1, tc);
8949 pn->become(pn2);
8950 }
8951 }
8952 }
8953 break;
8954
8955 case TOK_ASSIGN:
8956 /*
8957 * Compound operators such as *= should be subject to folding, in case
8958 * the left-hand side is constant, and so that the decompiler produces
8959 * the same string that you get from decompiling a script or function
8960 * compiled from that same string. As with +, += is special.
8961 */
8962 if (pn->pn_op == JSOP_NOP)
8963 break;
8964 if (pn->pn_op != JSOP_ADD)
8965 goto do_binary_op;
8966 /* FALL THROUGH */
8967
8968 case TOK_PLUS:
8969 if (pn->pn_arity == PN_LIST) {
8970 size_t length, length2;
8971 jschar *chars;
8972 JSString *str, *str2;
8973
8974 /*
8975 * Any string literal term with all others number or string means
8976 * this is a concatenation. If any term is not a string or number
8977 * literal, we can't fold.
8978 */
8979 JS_ASSERT(pn->pn_count > 2);
8980 if (pn->pn_xflags & PNX_CANTFOLD)
8981 return JS_TRUE;
8982 if (pn->pn_xflags != PNX_STRCAT)
8983 goto do_binary_op;
8984
8985 /* Ok, we're concatenating: convert non-string constant operands. */
8986 length = 0;
8987 for (pn2 = pn1; pn2; pn2 = pn2->pn_next) {
8988 if (!FoldType(cx, pn2, TOK_STRING))
8989 return JS_FALSE;
8990 /* XXX fold only if all operands convert to string */
8991 if (pn2->pn_type != TOK_STRING)
8992 return JS_TRUE;
8993 length += ATOM_TO_STRING(pn2->pn_atom)->flatLength();
8994 }
8995
8996 /* Allocate a new buffer and string descriptor for the result. */
8997 chars = (jschar *) cx->malloc((length + 1) * sizeof(jschar));
8998 if (!chars)
8999 return JS_FALSE;
9000 str = js_NewString(cx, chars, length);
9001 if (!str) {
9002 cx->free(chars);
9003 return JS_FALSE;
9004 }
9005
9006 /* Fill the buffer, advancing chars and recycling kids as we go. */
9007 for (pn2 = pn1; pn2; pn2 = RecycleTree(pn2, tc)) {
9008 str2 = ATOM_TO_STRING(pn2->pn_atom);
9009 length2 = str2->flatLength();
9010 js_strncpy(chars, str2->flatChars(), length2);
9011 chars += length2;
9012 }
9013 *chars = 0;
9014
9015 /* Atomize the result string and mutate pn to refer to it. */
9016 pn->pn_atom = js_AtomizeString(cx, str, 0);
9017 if (!pn->pn_atom)
9018 return JS_FALSE;
9019 pn->pn_type = TOK_STRING;
9020 pn->pn_op = JSOP_STRING;
9021 pn->pn_arity = PN_NULLARY;
9022 break;
9023 }
9024
9025 /* Handle a binary string concatenation. */
9026 JS_ASSERT(pn->pn_arity == PN_BINARY);
9027 if (pn1->pn_type == TOK_STRING || pn2->pn_type == TOK_STRING) {
9028 JSString *left, *right, *str;
9029
9030 if (!FoldType(cx, (pn1->pn_type != TOK_STRING) ? pn1 : pn2,
9031 TOK_STRING)) {
9032 return JS_FALSE;
9033 }
9034 if (pn1->pn_type != TOK_STRING || pn2->pn_type != TOK_STRING)
9035 return JS_TRUE;
9036 left = ATOM_TO_STRING(pn1->pn_atom);
9037 right = ATOM_TO_STRING(pn2->pn_atom);
9038 str = js_ConcatStrings(cx, left, right);
9039 if (!str)
9040 return JS_FALSE;
9041 pn->pn_atom = js_AtomizeString(cx, str, 0);
9042 if (!pn->pn_atom)
9043 return JS_FALSE;
9044 pn->pn_type = TOK_STRING;
9045 pn->pn_op = JSOP_STRING;
9046 pn->pn_arity = PN_NULLARY;
9047 RecycleTree(pn1, tc);
9048 RecycleTree(pn2, tc);
9049 break;
9050 }
9051
9052 /* Can't concatenate string literals, let's try numbers. */
9053 goto do_binary_op;
9054
9055 case TOK_STAR:
9056 case TOK_SHOP:
9057 case TOK_MINUS:
9058 case TOK_DIVOP:
9059 do_binary_op:
9060 if (pn->pn_arity == PN_LIST) {
9061 JS_ASSERT(pn->pn_count > 2);
9062 for (pn2 = pn1; pn2; pn2 = pn2->pn_next) {
9063 if (!FoldType(cx, pn2, TOK_NUMBER))
9064 return JS_FALSE;
9065 }
9066 for (pn2 = pn1; pn2; pn2 = pn2->pn_next) {
9067 /* XXX fold only if all operands convert to number */
9068 if (pn2->pn_type != TOK_NUMBER)
9069 break;
9070 }
9071 if (!pn2) {
9072 JSOp op = PN_OP(pn);
9073
9074 pn2 = pn1->pn_next;
9075 pn3 = pn2->pn_next;
9076 if (!FoldBinaryNumeric(cx, op, pn1, pn2, pn, tc))
9077 return JS_FALSE;
9078 while ((pn2 = pn3) != NULL) {
9079 pn3 = pn2->pn_next;
9080 if (!FoldBinaryNumeric(cx, op, pn, pn2, pn, tc))
9081 return JS_FALSE;
9082 }
9083 }
9084 } else {
9085 JS_ASSERT(pn->pn_arity == PN_BINARY);
9086 if (!FoldType(cx, pn1, TOK_NUMBER) ||
9087 !FoldType(cx, pn2, TOK_NUMBER)) {
9088 return JS_FALSE;
9089 }
9090 if (pn1->pn_type == TOK_NUMBER && pn2->pn_type == TOK_NUMBER) {
9091 if (!FoldBinaryNumeric(cx, PN_OP(pn), pn1, pn2, pn, tc))
9092 return JS_FALSE;
9093 }
9094 }
9095 break;
9096
9097 case TOK_UNARYOP:
9098 if (pn1->pn_type == TOK_NUMBER) {
9099 jsdouble d;
9100
9101 /* Operate on one numeric constant. */
9102 d = pn1->pn_dval;
9103 switch (pn->pn_op) {
9104 case JSOP_BITNOT:
9105 d = ~js_DoubleToECMAInt32(d);
9106 break;
9107
9108 case JSOP_NEG:
9109 d = -d;
9110 break;
9111
9112 case JSOP_POS:
9113 break;
9114
9115 case JSOP_NOT:
9116 pn->pn_type = TOK_PRIMARY;
9117 pn->pn_op = (d == 0 || JSDOUBLE_IS_NaN(d)) ? JSOP_TRUE : JSOP_FALSE;
9118 pn->pn_arity = PN_NULLARY;
9119 /* FALL THROUGH */
9120
9121 default:
9122 /* Return early to dodge the common TOK_NUMBER code. */
9123 return JS_TRUE;
9124 }
9125 pn->pn_type = TOK_NUMBER;
9126 pn->pn_op = JSOP_DOUBLE;
9127 pn->pn_arity = PN_NULLARY;
9128 pn->pn_dval = d;
9129 RecycleTree(pn1, tc);
9130 } else if (pn1->pn_type == TOK_PRIMARY) {
9131 if (pn->pn_op == JSOP_NOT &&
9132 (pn1->pn_op == JSOP_TRUE ||
9133 pn1->pn_op == JSOP_FALSE)) {
9134 pn->become(pn1);
9135 pn->pn_op = (pn->pn_op == JSOP_TRUE) ? JSOP_FALSE : JSOP_TRUE;
9136 RecycleTree(pn1, tc);
9137 }
9138 }
9139 break;
9140
9141 #if JS_HAS_XML_SUPPORT
9142 case TOK_XMLELEM:
9143 case TOK_XMLLIST:
9144 case TOK_XMLPTAGC:
9145 case TOK_XMLSTAGO:
9146 case TOK_XMLETAGO:
9147 case TOK_XMLNAME:
9148 if (pn->pn_arity == PN_LIST) {
9149 JS_ASSERT(pn->pn_type == TOK_XMLLIST || pn->pn_count != 0);
9150 if (!FoldXMLConstants(cx, pn, tc))
9151 return JS_FALSE;
9152 }
9153 break;
9154
9155 case TOK_AT:
9156 if (pn1->pn_type == TOK_XMLNAME) {
9157 jsval v;
9158 JSObjectBox *xmlbox;
9159
9160 v = ATOM_KEY(pn1->pn_atom);
9161 if (!js_ToAttributeName(cx, &v))
9162 return JS_FALSE;
9163 JS_ASSERT(!JSVAL_IS_PRIMITIVE(v));
9164
9165 xmlbox = tc->parser->newObjectBox(JSVAL_TO_OBJECT(v));
9166 if (!xmlbox)
9167 return JS_FALSE;
9168
9169 pn->pn_type = TOK_XMLNAME;
9170 pn->pn_op = JSOP_OBJECT;
9171 pn->pn_arity = PN_NULLARY;
9172 pn->pn_objbox = xmlbox;
9173 RecycleTree(pn1, tc);
9174 }
9175 break;
9176 #endif /* JS_HAS_XML_SUPPORT */
9177
9178 default:;
9179 }
9180
9181 if (inCond) {
9182 int cond = Boolish(pn);
9183 if (cond >= 0) {
9184 switch (pn->pn_arity) {
9185 case PN_LIST:
9186 pn2 = pn->pn_head;
9187 do {
9188 pn3 = pn2->pn_next;
9189 RecycleTree(pn2, tc);
9190 } while ((pn2 = pn3) != NULL);
9191 break;
9192 case PN_FUNC:
9193 RecycleFuncNameKids(pn, tc);
9194 break;
9195 case PN_NULLARY:
9196 break;
9197 default:
9198 JS_NOT_REACHED("unhandled arity");
9199 }
9200 pn->pn_type = TOK_PRIMARY;
9201 pn->pn_op = cond ? JSOP_TRUE : JSOP_FALSE;
9202 pn->pn_arity = PN_NULLARY;
9203 }
9204 }
9205
9206 return JS_TRUE;
9207 }
git mirror of mozilla-central