search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 559408: Arena macros to methods. (r=galish)
[mozilla-central.git] / js / src / jsfun.cpp
blobcb609747d89e8e8e05e7be0e82758a8e9e58b463
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
40
41 /*
42 * JS function support.
43 */
44 #include <string.h>
45 #include "jstypes.h"
46 #include "jsstdint.h"
47 #include "jsbit.h"
48 #include "jsutil.h" /* Added by JSIFY */
49 #include "jsapi.h"
50 #include "jsarray.h"
51 #include "jsatom.h"
52 #include "jsbool.h"
53 #include "jsbuiltins.h"
54 #include "jscntxt.h"
55 #include "jsversion.h"
56 #include "jsdbgapi.h"
57 #include "jsemit.h"
58 #include "jsfun.h"
59 #include "jsgc.h"
60 #include "jsinterp.h"
61 #include "jslock.h"
62 #include "jsnum.h"
63 #include "jsobj.h"
64 #include "jsopcode.h"
65 #include "jsparse.h"
66 #include "jsproxy.h"
67 #include "jsscan.h"
68 #include "jsscope.h"
69 #include "jsscript.h"
70 #include "jsstr.h"
71 #include "jsexn.h"
72 #include "jsstaticcheck.h"
73 #include "jstracer.h"
74
75 #if JS_HAS_GENERATORS
76 # include "jsiter.h"
77 #endif
78
79 #if JS_HAS_XDR
80 # include "jsxdrapi.h"
81 #endif
82
83 #include "jsatominlines.h"
84 #include "jscntxtinlines.h"
85 #include "jsobjinlines.h"
86
87 using namespace js;
88
89 static inline void
90 SetArgsPrivateNative(JSObject *argsobj, ArgsPrivateNative *apn)
91 {
92 JS_ASSERT(argsobj->isArguments());
93 uintptr_t p = (uintptr_t) apn;
94 argsobj->setPrivate((void*) (p | 2));
95 }
96
97 JSBool
98 js_GetArgsValue(JSContext *cx, JSStackFrame *fp, jsval *vp)
99 {
100 JSObject *argsobj;
101
102 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
103 JS_ASSERT(fp->callobj);
104 jsid id = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
105 return fp->callobj->getProperty(cx, id, vp);
106 }
107 argsobj = js_GetArgsObject(cx, fp);
108 if (!argsobj)
109 return JS_FALSE;
110 *vp = OBJECT_TO_JSVAL(argsobj);
111 return JS_TRUE;
112 }
113
114 JSBool
115 js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp)
116 {
117 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
118 JS_ASSERT(fp->callobj);
119
120 jsid argumentsid = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
121 jsval v;
122 if (!fp->callobj->getProperty(cx, argumentsid, &v))
123 return false;
124
125 JSObject *obj;
126 if (JSVAL_IS_PRIMITIVE(v)) {
127 obj = js_ValueToNonNullObject(cx, v);
128 if (!obj)
129 return false;
130 } else {
131 obj = JSVAL_TO_OBJECT(v);
132 }
133 return obj->getProperty(cx, id, vp);
134 }
135
136 *vp = JSVAL_VOID;
137 if (JSID_IS_INT(id)) {
138 uint32 arg = uint32(JSID_TO_INT(id));
139 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
140 if (arg < fp->argc) {
141 if (argsobj) {
142 jsval v = argsobj->getArgsElement(arg);
143 if (v == JSVAL_HOLE)
144 return argsobj->getProperty(cx, id, vp);
145 }
146 *vp = fp->argv[arg];
147 } else {
148 /*
149 * Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share
150 * storage between the formal parameter and arguments[k] for all
151 * fp->argc <= k && k < fp->fun->nargs. For example, in
152 *
153 * function f(x) { x = 42; return arguments[0]; }
154 * f();
155 *
156 * the call to f should return undefined, not 42. If fp->argsobj
157 * is null at this point, as it would be in the example, return
158 * undefined in *vp.
159 */
160 if (argsobj)
161 return argsobj->getProperty(cx, id, vp);
162 }
163 } else if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
164 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
165 if (argsobj && argsobj->isArgsLengthOverridden())
166 return argsobj->getProperty(cx, id, vp);
167 *vp = INT_TO_JSVAL(jsint(fp->argc));
168 }
169 return true;
170 }
171
172 static JSObject *
173 NewArguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee)
174 {
175 JSObject *proto;
176 if (!js_GetClassPrototype(cx, parent, JSProto_Object, &proto))
177 return NULL;
178
179 JSObject *argsobj = js_NewGCObject(cx);
180 if (!argsobj)
181 return NULL;
182
183 /* Init immediately to avoid GC seeing a half-init'ed object. */
184 argsobj->init(&js_ArgumentsClass, proto, parent, JSVAL_NULL);
185 argsobj->setArgsCallee(OBJECT_TO_JSVAL(callee));
186 argsobj->setArgsLength(argc);
187
188 argsobj->map = cx->runtime->emptyArgumentsScope->hold();
189
190 /* This must come after argsobj->map has been set. */
191 if (!js_EnsureReservedSlots(cx, argsobj, argc))
192 return NULL;
193 return argsobj;
194 }
195
196 static void
197 PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
198 {
199 uint32 argc = argsobj->getArgsLength();
200 for (uint32 i = 0; i != argc; ++i) {
201 jsval v = argsobj->getArgsElement(i);
202 if (v != JSVAL_HOLE)
203 argsobj->setArgsElement(i, args[i]);
204 }
205 }
206
207 JSObject *
208 js_GetArgsObject(JSContext *cx, JSStackFrame *fp)
209 {
210 /*
211 * We must be in a function activation; the function must be lightweight
212 * or else fp must have a variable object.
213 */
214 JS_ASSERT(fp->fun);
215 JS_ASSERT_IF(fp->fun->flags & JSFUN_HEAVYWEIGHT,
216 fp->varobj(cx->containingCallStack(fp)));
217
218 /* Skip eval and debugger frames. */
219 while (fp->flags & JSFRAME_SPECIAL)
220 fp = fp->down;
221
222 /* Create an arguments object for fp only if it lacks one. */
223 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
224 if (argsobj)
225 return argsobj;
226
227 /* Compute the arguments object's parent slot from fp's scope chain. */
228 JSObject *global = fp->scopeChain->getGlobal();
229 argsobj = NewArguments(cx, global, fp->argc, JSVAL_TO_OBJECT(fp->argv[-2]));
230 if (!argsobj)
231 return argsobj;
232
233 /* Link the new object to fp so it can get actual argument values. */
234 argsobj->setPrivate(fp);
235 fp->argsobj = OBJECT_TO_JSVAL(argsobj);
236 return argsobj;
237 }
238
239 void
240 js_PutArgsObject(JSContext *cx, JSStackFrame *fp)
241 {
242 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
243 JS_ASSERT(argsobj->getPrivate() == fp);
244 PutArguments(cx, argsobj, fp->argv);
245 argsobj->setPrivate(NULL);
246 fp->argsobj = JSVAL_NULL;
247 }
248
249 /*
250 * Traced versions of js_GetArgsObject and js_PutArgsObject.
251 */
252
253 #ifdef JS_TRACER
254 JSObject * JS_FASTCALL
255 js_Arguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee,
256 double *argv, ArgsPrivateNative *apn)
257 {
258 JSObject *argsobj = NewArguments(cx, parent, argc, callee);
259 if (!argsobj)
260 return NULL;
261 apn->argv = argv;
262 SetArgsPrivateNative(argsobj, apn);
263 return argsobj;
264 }
265 #endif
266
267 JS_DEFINE_CALLINFO_6(extern, OBJECT, js_Arguments, CONTEXT, OBJECT, UINT32, OBJECT,
268 DOUBLEPTR, APNPTR, 0, nanojit::ACC_STORE_ANY)
269
270 /* FIXME change the return type to void. */
271 JSBool JS_FASTCALL
272 js_PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
273 {
274 JS_ASSERT(GetArgsPrivateNative(argsobj));
275 PutArguments(cx, argsobj, args);
276 argsobj->setPrivate(NULL);
277 return true;
278 }
279
280 JS_DEFINE_CALLINFO_3(extern, BOOL, js_PutArguments, CONTEXT, OBJECT, JSVALPTR, 0,
281 nanojit::ACC_STORE_ANY)
282
283 static JSBool
284 args_delProperty(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
285 {
286 JS_ASSERT(obj->isArguments());
287
288 if (JSVAL_IS_INT(idval)) {
289 uintN arg = uintN(JSVAL_TO_INT(idval));
290 if (arg < obj->getArgsLength())
291 obj->setArgsElement(arg, JSVAL_HOLE);
292 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
293 obj->setArgsLengthOverridden();
294 } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
295 obj->setArgsCallee(JSVAL_HOLE);
296 }
297 return true;
298 }
299
300 static JS_REQUIRES_STACK JSObject *
301 WrapEscapingClosure(JSContext *cx, JSStackFrame *fp, JSObject *funobj, JSFunction *fun)
302 {
303 JS_ASSERT(GET_FUNCTION_PRIVATE(cx, funobj) == fun);
304 JS_ASSERT(fun->optimizedClosure());
305 JS_ASSERT(!fun->u.i.wrapper);
306
307 /*
308 * We do not attempt to reify Call and Block objects on demand for outer
309 * scopes. This could be done (see the "v8" patch in bug 494235) but it is
310 * fragile in the face of ongoing compile-time optimization. Instead, the
311 * _DBG* opcodes used by wrappers created here must cope with unresolved
312 * upvars and throw them as reference errors. Caveat debuggers!
313 */
314 JSObject *scopeChain = js_GetScopeChain(cx, fp);
315 if (!scopeChain)
316 return NULL;
317
318 /*
319 * We must wrap funobj with a JSFunction, so use NewObjectWithGivenProto.
320 * This helper has a special case for js_FunctionClass, triggered here and
321 * also possibly via the JS_NewObjectForGivenProto and JS_NewObject APIs.
322 */
323 JSObject *wfunobj = NewObjectWithGivenProto(cx, &js_FunctionClass,
324 funobj, scopeChain);
325 if (!wfunobj)
326 return NULL;
327 AutoValueRooter tvr(cx, wfunobj);
328
329 JSFunction *wfun = (JSFunction *) wfunobj;
330 wfunobj->setPrivate(wfun);
331 wfun->nargs = 0;
332 wfun->flags = fun->flags | JSFUN_HEAVYWEIGHT;
333 wfun->u.i.nvars = 0;
334 wfun->u.i.nupvars = 0;
335 wfun->u.i.skipmin = fun->u.i.skipmin;
336 wfun->u.i.wrapper = true;
337 wfun->u.i.script = NULL;
338 wfun->u.i.names.taggedAtom = NULL;
339 wfun->atom = fun->atom;
340
341 if (fun->hasLocalNames()) {
342 void *mark = cx->tempPool.getMark();
343 jsuword *names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
344 if (!names)
345 return NULL;
346
347 JSBool ok = true;
348 for (uintN i = 0, n = fun->countLocalNames(); i != n; i++) {
349 jsuword name = names[i];
350 JSAtom *atom = JS_LOCAL_NAME_TO_ATOM(name);
351 JSLocalKind localKind = (i < fun->nargs)
352 ? JSLOCAL_ARG
353 : (i < fun->countArgsAndVars())
354 ? (JS_LOCAL_NAME_IS_CONST(name)
355 ? JSLOCAL_CONST
356 : JSLOCAL_VAR)
357 : JSLOCAL_UPVAR;
358
359 ok = js_AddLocal(cx, wfun, atom, localKind);
360 if (!ok)
361 break;
362 }
363
364 cx->tempPool.release(mark);
365 if (!ok)
366 return NULL;
367 JS_ASSERT(wfun->nargs == fun->nargs);
368 JS_ASSERT(wfun->u.i.nvars == fun->u.i.nvars);
369 JS_ASSERT(wfun->u.i.nupvars == fun->u.i.nupvars);
370 js_FreezeLocalNames(cx, wfun);
371 }
372
373 JSScript *script = fun->u.i.script;
374 jssrcnote *snbase = script->notes();
375 jssrcnote *sn = snbase;
376 while (!SN_IS_TERMINATOR(sn))
377 sn = SN_NEXT(sn);
378 uintN nsrcnotes = (sn - snbase) + 1;
379
380 /* NB: GC must not occur before wscript is homed in wfun->u.i.script. */
381 JSScript *wscript = js_NewScript(cx, script->length, nsrcnotes,
382 script->atomMap.length,
383 (script->objectsOffset != 0)
384 ? script->objects()->length
385 : 0,
386 fun->u.i.nupvars,
387 (script->regexpsOffset != 0)
388 ? script->regexps()->length
389 : 0,
390 (script->trynotesOffset != 0)
391 ? script->trynotes()->length
392 : 0);
393 if (!wscript)
394 return NULL;
395
396 memcpy(wscript->code, script->code, script->length);
397 wscript->main = wscript->code + (script->main - script->code);
398
399 memcpy(wscript->notes(), snbase, nsrcnotes * sizeof(jssrcnote));
400 memcpy(wscript->atomMap.vector, script->atomMap.vector,
401 wscript->atomMap.length * sizeof(JSAtom *));
402 if (script->objectsOffset != 0) {
403 memcpy(wscript->objects()->vector, script->objects()->vector,
404 wscript->objects()->length * sizeof(JSObject *));
405 }
406 if (script->regexpsOffset != 0) {
407 memcpy(wscript->regexps()->vector, script->regexps()->vector,
408 wscript->regexps()->length * sizeof(JSObject *));
409 }
410 if (script->trynotesOffset != 0) {
411 memcpy(wscript->trynotes()->vector, script->trynotes()->vector,
412 wscript->trynotes()->length * sizeof(JSTryNote));
413 }
414
415 if (wfun->u.i.nupvars != 0) {
416 JS_ASSERT(wfun->u.i.nupvars == wscript->upvars()->length);
417 memcpy(wscript->upvars()->vector, script->upvars()->vector,
418 wfun->u.i.nupvars * sizeof(uint32));
419 }
420
421 jsbytecode *pc = wscript->code;
422 while (*pc != JSOP_STOP) {
423 /* XYZZYbe should copy JSOP_TRAP? */
424 JSOp op = js_GetOpcode(cx, wscript, pc);
425 const JSCodeSpec *cs = &js_CodeSpec[op];
426 ptrdiff_t oplen = cs->length;
427 if (oplen < 0)
428 oplen = js_GetVariableBytecodeLength(pc);
429
430 /*
431 * Rewrite JSOP_{GET,CALL}DSLOT as JSOP_{GET,CALL}UPVAR_DBG for the
432 * case where fun is an escaping flat closure. This works because the
433 * UPVAR and DSLOT ops by design have the same format: an upvar index
434 * immediate operand.
435 */
436 switch (op) {
437 case JSOP_GETUPVAR: *pc = JSOP_GETUPVAR_DBG; break;
438 case JSOP_CALLUPVAR: *pc = JSOP_CALLUPVAR_DBG; break;
439 case JSOP_GETDSLOT: *pc = JSOP_GETUPVAR_DBG; break;
440 case JSOP_CALLDSLOT: *pc = JSOP_CALLUPVAR_DBG; break;
441 case JSOP_DEFFUN_FC: *pc = JSOP_DEFFUN_DBGFC; break;
442 case JSOP_DEFLOCALFUN_FC: *pc = JSOP_DEFLOCALFUN_DBGFC; break;
443 case JSOP_LAMBDA_FC: *pc = JSOP_LAMBDA_DBGFC; break;
444 default:;
445 }
446 pc += oplen;
447 }
448
449 /*
450 * Fill in the rest of wscript. This means if you add members to JSScript
451 * you must update this code. FIXME: factor into JSScript::clone method.
452 */
453 wscript->noScriptRval = script->noScriptRval;
454 wscript->savedCallerFun = script->savedCallerFun;
455 wscript->hasSharps = script->hasSharps;
456 wscript->strictModeCode = script->strictModeCode;
457 wscript->version = script->version;
458 wscript->nfixed = script->nfixed;
459 wscript->filename = script->filename;
460 wscript->lineno = script->lineno;
461 wscript->nslots = script->nslots;
462 wscript->staticLevel = script->staticLevel;
463 wscript->principals = script->principals;
464 if (wscript->principals)
465 JSPRINCIPALS_HOLD(cx, wscript->principals);
466 #ifdef CHECK_SCRIPT_OWNER
467 wscript->owner = script->owner;
468 #endif
469
470 /* Deoptimize wfun from FUN_{FLAT,NULL}_CLOSURE to FUN_INTERPRETED. */
471 FUN_SET_KIND(wfun, JSFUN_INTERPRETED);
472 wfun->u.i.script = wscript;
473 return wfunobj;
474 }
475
476 static JSBool
477 ArgGetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
478 {
479 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
480 return true;
481
482 if (JSVAL_IS_INT(idval)) {
483 /*
484 * arg can exceed the number of arguments if a script changed the
485 * prototype to point to another Arguments object with a bigger argc.
486 */
487 uintN arg = uintN(JSVAL_TO_INT(idval));
488 if (arg < obj->getArgsLength()) {
489 #ifdef JS_TRACER
490 ArgsPrivateNative *argp = GetArgsPrivateNative(obj);
491 if (argp) {
492 if (NativeToValue(cx, *vp, argp->typemap()[arg], &argp->argv[arg]))
493 return true;
494 LeaveTrace(cx);
495 return false;
496 }
497 #endif
498
499 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
500 if (fp) {
501 *vp = fp->argv[arg];
502 } else {
503 jsval v = obj->getArgsElement(arg);
504 if (v != JSVAL_HOLE)
505 *vp = v;
506 }
507 }
508 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
509 if (!obj->isArgsLengthOverridden())
510 *vp = INT_TO_JSVAL(obj->getArgsLength());
511 } else {
512 JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
513 jsval v = obj->getArgsCallee();
514 if (v != JSVAL_HOLE) {
515 /*
516 * If this function or one in it needs upvars that reach above it
517 * in the scope chain, it must not be a null closure (it could be a
518 * flat closure, or an unoptimized closure -- the latter itself not
519 * necessarily heavyweight). Rather than wrap here, we simply throw
520 * to reduce code size and tell debugger users the truth instead of
521 * passing off a fibbing wrapper.
522 */
523 if (GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
524 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
525 JSMSG_OPTIMIZED_CLOSURE_LEAK);
526 return false;
527 }
528 *vp = v;
529 }
530 }
531 return true;
532 }
533
534 static JSBool
535 ArgSetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
536 {
537 #ifdef JS_TRACER
538 // To be able to set a property here on trace, we would have to make
539 // sure any updates also get written back to the trace native stack.
540 // For simplicity, we just leave trace, since this is presumably not
541 // a common operation.
542 if (JS_ON_TRACE(cx)) {
543 DeepBail(cx);
544 return false;
545 }
546 #endif
547
548 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
549 return true;
550
551 if (JSVAL_IS_INT(idval)) {
552 uintN arg = uintN(JSVAL_TO_INT(idval));
553 if (arg < obj->getArgsLength()) {
554 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
555 if (fp) {
556 fp->argv[arg] = *vp;
557 return true;
558 }
559 }
560 } else {
561 JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.lengthAtom) ||
562 idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
563 }
564
565 /*
566 * For simplicity we use delete/set to replace the property with one
567 * backed by the default Object getter and setter. Note the we rely on
568 * args_delete to clear the corresponding reserved slot so the GC can
569 * collect its value.
570 */
571 JS_ASSERT_IF(JSVAL_IS_STRING(idval), JSVAL_TO_STRING(idval)->isAtomized());
572 jsid id = (jsid)idval;
573
574 AutoValueRooter tvr(cx);
575 return js_DeleteProperty(cx, obj, id, tvr.addr()) &&
576 js_SetProperty(cx, obj, id, vp);
577 }
578
579 static JSBool
580 args_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
581 JSObject **objp)
582 {
583 JS_ASSERT(obj->isArguments());
584
585 *objp = NULL;
586 jsid id = 0;
587 if (JSVAL_IS_INT(idval)) {
588 uint32 arg = uint32(JSVAL_TO_INT(idval));
589 if (arg < obj->getArgsLength() && obj->getArgsElement(arg) != JSVAL_HOLE)
590 id = INT_JSVAL_TO_JSID(idval);
591 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
592 if (!obj->isArgsLengthOverridden())
593 id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
594 } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
595 if (obj->getArgsCallee() != JSVAL_HOLE)
596 id = ATOM_TO_JSID(cx->runtime->atomState.calleeAtom);
597 }
598
599 if (id != 0) {
600 /*
601 * XXX ECMA specs DontEnum even for indexed properties, contrary to
602 * other array-like objects.
603 */
604 if (!js_DefineProperty(cx, obj, id, JSVAL_VOID, ArgGetter, ArgSetter, JSPROP_SHARED))
605 return JS_FALSE;
606 *objp = obj;
607 }
608 return true;
609 }
610
611 static JSBool
612 args_enumerate(JSContext *cx, JSObject *obj)
613 {
614 JS_ASSERT(obj->isArguments());
615
616 /*
617 * Trigger reflection in args_resolve using a series of js_LookupProperty
618 * calls.
619 */
620 int argc = int(obj->getArgsLength());
621 for (int i = -2; i != argc; i++) {
622 jsid id = (i == -2)
623 ? ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)
624 : (i == -1)
625 ? ATOM_TO_JSID(cx->runtime->atomState.calleeAtom)
626 : INT_JSVAL_TO_JSID(INT_TO_JSVAL(i));
627
628 JSObject *pobj;
629 JSProperty *prop;
630 if (!js_LookupProperty(cx, obj, id, &pobj, &prop))
631 return false;
632
633 /* prop is null when the property was deleted. */
634 if (prop)
635 pobj->dropProperty(cx, prop);
636 }
637 return true;
638 }
639
640 #if JS_HAS_GENERATORS
641 /*
642 * If a generator's arguments or call object escapes, and the generator frame
643 * is not executing, the generator object needs to be marked because it is not
644 * otherwise reachable. An executing generator is rooted by its invocation. To
645 * distinguish the two cases (which imply different access paths to the
646 * generator object), we use the JSFRAME_FLOATING_GENERATOR flag, which is only
647 * set on the JSStackFrame kept in the generator object's JSGenerator.
648 */
649 static void
650 args_or_call_trace(JSTracer *trc, JSObject *obj)
651 {
652 if (obj->isArguments()) {
653 if (GetArgsPrivateNative(obj))
654 return;
655 } else {
656 JS_ASSERT(obj->getClass() == &js_CallClass);
657 }
658
659 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
660 if (fp && fp->isFloatingGenerator()) {
661 JSObject *obj = js_FloatingFrameToGenerator(fp)->obj;
662 JS_CALL_OBJECT_TRACER(trc, obj, "generator object");
663 }
664 }
665 #else
666 # define args_or_call_trace NULL
667 #endif
668
669 /*
670 * The Arguments class is not initialized via JS_InitClass, and must not be,
671 * because its name is "Object". Per ECMA, that causes instances of it to
672 * delegate to the object named by Object.prototype. It also ensures that
673 * arguments.toString() returns "[object Object]".
674 *
675 * The JSClass functions below collaborate to lazily reflect and synchronize
676 * actual argument values, argument count, and callee function object stored
677 * in a JSStackFrame with their corresponding property values in the frame's
678 * arguments object.
679 */
680 JSClass js_ArgumentsClass = {
681 js_Object_str,
682 JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE |
683 JSCLASS_HAS_RESERVED_SLOTS(JSObject::ARGS_FIXED_RESERVED_SLOTS) |
684 JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
685 JS_PropertyStub, args_delProperty,
686 JS_PropertyStub, JS_PropertyStub,
687 args_enumerate, (JSResolveOp) args_resolve,
688 JS_ConvertStub, NULL,
689 NULL, NULL,
690 NULL, NULL,
691 NULL, NULL,
692 JS_CLASS_TRACE(args_or_call_trace), NULL
693 };
694
695 const uint32 JSSLOT_CALLEE = JSSLOT_PRIVATE + 1;
696 const uint32 JSSLOT_CALL_ARGUMENTS = JSSLOT_PRIVATE + 2;
697 const uint32 CALL_CLASS_FIXED_RESERVED_SLOTS = 2;
698
699 /*
700 * A Declarative Environment object stores its active JSStackFrame pointer in
701 * its private slot, just as Call and Arguments objects do.
702 */
703 JSClass js_DeclEnvClass = {
704 js_Object_str,
705 JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
706 JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
707 JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, NULL,
708 JSCLASS_NO_OPTIONAL_MEMBERS
709 };
710
711 static JSBool
712 CheckForEscapingClosure(JSContext *cx, JSObject *obj, jsval *vp)
713 {
714 JS_ASSERT(obj->getClass() == &js_CallClass ||
715 obj->getClass() == &js_DeclEnvClass);
716
717 jsval v = *vp;
718
719 if (VALUE_IS_FUNCTION(cx, v)) {
720 JSObject *funobj = JSVAL_TO_OBJECT(v);
721 JSFunction *fun = GET_FUNCTION_PRIVATE(cx, funobj);
722
723 /*
724 * Any escaping null or flat closure that reaches above itself or
725 * contains nested functions that reach above it must be wrapped.
726 * We can wrap only when this Call or Declarative Environment obj
727 * still has an active stack frame associated with it.
728 */
729 if (fun->needsWrapper()) {
730 LeaveTrace(cx);
731
732 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
733 if (fp) {
734 JSObject *wrapper = WrapEscapingClosure(cx, fp, funobj, fun);
735 if (!wrapper)
736 return false;
737 *vp = OBJECT_TO_JSVAL(wrapper);
738 return true;
739 }
740
741 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
742 JSMSG_OPTIMIZED_CLOSURE_LEAK);
743 return false;
744 }
745 }
746 return true;
747 }
748
749 static JSBool
750 CalleeGetter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
751 {
752 return CheckForEscapingClosure(cx, obj, vp);
753 }
754
755 static JSObject *
756 NewCallObject(JSContext *cx, JSFunction *fun, JSObject *scopeChain)
757 {
758 JSObject *callobj = js_NewGCObject(cx);
759 if (!callobj)
760 return NULL;
761
762 /* Init immediately to avoid GC seeing a half-init'ed object. */
763 callobj->init(&js_CallClass, NULL, scopeChain, JSVAL_NULL);
764 callobj->map = cx->runtime->emptyCallScope->hold();
765
766 /* This must come after callobj->map has been set. */
767 if (!js_EnsureReservedSlots(cx, callobj, fun->countArgsAndVars()))
768 return NULL;
769 return callobj;
770 }
771
772 static inline JSObject *
773 NewDeclEnvObject(JSContext *cx, JSStackFrame *fp)
774 {
775 JSObject *envobj = js_NewGCObject(cx);
776 if (!envobj)
777 return NULL;
778
779 /* Init immediately to avoid GC seeing a half-init'ed object. */
780 envobj->init(&js_DeclEnvClass, NULL, fp->scopeChain, reinterpret_cast<jsval>(fp));
781 envobj->map = cx->runtime->emptyDeclEnvScope->hold();
782 return envobj;
783 }
784
785 JSObject *
786 js_GetCallObject(JSContext *cx, JSStackFrame *fp)
787 {
788 JSObject *callobj;
789
790 /* Create a call object for fp only if it lacks one. */
791 JS_ASSERT(fp->fun);
792 callobj = fp->callobj;
793 if (callobj)
794 return callobj;
795
796 #ifdef DEBUG
797 /* A call object should be a frame's outermost scope chain element. */
798 JSClass *classp = fp->scopeChain->getClass();
799 if (classp == &js_WithClass || classp == &js_BlockClass)
800 JS_ASSERT(fp->scopeChain->getPrivate() != js_FloatingFrameIfGenerator(cx, fp));
801 else if (classp == &js_CallClass)
802 JS_ASSERT(fp->scopeChain->getPrivate() != fp);
803 #endif
804
805 /*
806 * Create the call object, using the frame's enclosing scope as its
807 * parent, and link the call to its stack frame. For a named function
808 * expression Call's parent points to an environment object holding
809 * function's name.
810 */
811 JSAtom *lambdaName = (fp->fun->flags & JSFUN_LAMBDA) ? fp->fun->atom : NULL;
812 if (lambdaName) {
813 JSObject *envobj = NewDeclEnvObject(cx, fp);
814 if (!envobj)
815 return NULL;
816
817 /* Root envobj before js_DefineNativeProperty (-> JSClass.addProperty). */
818 fp->scopeChain = envobj;
819 JS_ASSERT(fp->argv);
820 if (!js_DefineNativeProperty(cx, fp->scopeChain, ATOM_TO_JSID(lambdaName),
821 fp->calleeValue(),
822 CalleeGetter, NULL,
823 JSPROP_PERMANENT | JSPROP_READONLY,
824 0, 0, NULL)) {
825 return NULL;
826 }
827 }
828
829 callobj = NewCallObject(cx, fp->fun, fp->scopeChain);
830 if (!callobj)
831 return NULL;
832
833 callobj->setPrivate(fp);
834 JS_ASSERT(fp->argv);
835 JS_ASSERT(fp->fun == GET_FUNCTION_PRIVATE(cx, fp->calleeObject()));
836 callobj->setSlot(JSSLOT_CALLEE, fp->calleeValue());
837 fp->callobj = callobj;
838
839 /*
840 * Push callobj on the top of the scope chain, and make it the
841 * variables object.
842 */
843 fp->scopeChain = callobj;
844 return callobj;
845 }
846
847 JSObject * JS_FASTCALL
848 js_CreateCallObjectOnTrace(JSContext *cx, JSFunction *fun, JSObject *callee, JSObject *scopeChain)
849 {
850 JS_ASSERT(!js_IsNamedLambda(fun));
851 JSObject *callobj = NewCallObject(cx, fun, scopeChain);
852 if (!callobj)
853 return NULL;
854 callobj->setSlot(JSSLOT_CALLEE, OBJECT_TO_JSVAL(callee));
855 return callobj;
856 }
857
858 JS_DEFINE_CALLINFO_4(extern, OBJECT, js_CreateCallObjectOnTrace, CONTEXT, FUNCTION, OBJECT, OBJECT,
859 0, nanojit::ACC_STORE_ANY)
860
861 JSFunction *
862 js_GetCallObjectFunction(JSObject *obj)
863 {
864 jsval v;
865
866 JS_ASSERT(obj->getClass() == &js_CallClass);
867 v = obj->getSlot(JSSLOT_CALLEE);
868 if (JSVAL_IS_VOID(v)) {
869 /* Newborn or prototype object. */
870 return NULL;
871 }
872 JS_ASSERT(!JSVAL_IS_PRIMITIVE(v));
873 return GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v));
874 }
875
876 inline static void
877 CopyValuesToCallObject(JSObject *callobj, int nargs, jsval *argv, int nvars, jsval *slots)
878 {
879 memcpy(callobj->dslots, argv, nargs * sizeof(jsval));
880 memcpy(callobj->dslots + nargs, slots, nvars * sizeof(jsval));
881 }
882
883 void
884 js_PutCallObject(JSContext *cx, JSStackFrame *fp)
885 {
886 JSObject *callobj = fp->callobj;
887 JS_ASSERT(callobj);
888
889 /* Get the arguments object to snapshot fp's actual argument values. */
890 if (fp->argsobj) {
891 if (!(fp->flags & JSFRAME_OVERRIDE_ARGS))
892 callobj->setSlot(JSSLOT_CALL_ARGUMENTS, fp->argsobj);
893 js_PutArgsObject(cx, fp);
894 }
895
896 JSFunction *fun = fp->fun;
897 JS_ASSERT(fun == js_GetCallObjectFunction(callobj));
898 uintN n = fun->countArgsAndVars();
899
900 /*
901 * Since for a call object all fixed slots happen to be taken, we can copy
902 * arguments and variables straight into JSObject.dslots.
903 */
904 JS_STATIC_ASSERT(JS_INITIAL_NSLOTS - JSSLOT_PRIVATE ==
905 1 + CALL_CLASS_FIXED_RESERVED_SLOTS);
906 if (n != 0) {
907 JS_ASSERT(callobj->numSlots() >= JS_INITIAL_NSLOTS + n);
908 n += JS_INITIAL_NSLOTS;
909 CopyValuesToCallObject(callobj, fun->nargs, fp->argv, fun->u.i.nvars, fp->slots());
910 }
911
912 /* Clear private pointers to fp, which is about to go away (js_Invoke). */
913 if (js_IsNamedLambda(fun)) {
914 JSObject *env = callobj->getParent();
915
916 JS_ASSERT(env->getClass() == &js_DeclEnvClass);
917 JS_ASSERT(env->getPrivate() == fp);
918 env->setPrivate(NULL);
919 }
920
921 callobj->setPrivate(NULL);
922 fp->callobj = NULL;
923 }
924
925 JSBool JS_FASTCALL
926 js_PutCallObjectOnTrace(JSContext *cx, JSObject *scopeChain, uint32 nargs, jsval *argv,
927 uint32 nvars, jsval *slots)
928 {
929 JS_ASSERT(scopeChain->hasClass(&js_CallClass));
930 JS_ASSERT(!scopeChain->getPrivate());
931
932 uintN n = nargs + nvars;
933 if (n != 0)
934 CopyValuesToCallObject(scopeChain, nargs, argv, nvars, slots);
935
936 return true;
937 }
938
939 JS_DEFINE_CALLINFO_6(extern, BOOL, js_PutCallObjectOnTrace, CONTEXT, OBJECT, UINT32, JSVALPTR,
940 UINT32, JSVALPTR, 0, nanojit::ACC_STORE_ANY)
941
942 static JSBool
943 call_enumerate(JSContext *cx, JSObject *obj)
944 {
945 JSFunction *fun;
946 uintN n, i;
947 void *mark;
948 jsuword *names;
949 JSBool ok;
950 JSAtom *name;
951 JSObject *pobj;
952 JSProperty *prop;
953
954 fun = js_GetCallObjectFunction(obj);
955 n = fun ? fun->countArgsAndVars() : 0;
956 if (n == 0)
957 return JS_TRUE;
958
959 mark = cx->tempPool.getMark();
960
961 MUST_FLOW_THROUGH("out");
962 names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
963 if (!names) {
964 ok = JS_FALSE;
965 goto out;
966 }
967
968 for (i = 0; i != n; ++i) {
969 name = JS_LOCAL_NAME_TO_ATOM(names[i]);
970 if (!name)
971 continue;
972
973 /*
974 * Trigger reflection by looking up the name of the argument or
975 * variable.
976 */
977 ok = js_LookupProperty(cx, obj, ATOM_TO_JSID(name), &pobj, &prop);
978 if (!ok)
979 goto out;
980
981 /*
982 * The call object will always have a property corresponding to the
983 * argument or variable name because call_resolve creates the property
984 * using JSPROP_PERMANENT.
985 */
986 JS_ASSERT(prop);
987 JS_ASSERT(pobj == obj);
988 pobj->dropProperty(cx, prop);
989 }
990 ok = JS_TRUE;
991
992 out:
993 cx->tempPool.release(mark);
994 return ok;
995 }
996
997 enum JSCallPropertyKind {
998 JSCPK_ARGUMENTS,
999 JSCPK_ARG,
1000 JSCPK_VAR,
1001 JSCPK_UPVAR
1002 };
1003
1004 static JSBool
1005 CallPropertyOp(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
1006 JSCallPropertyKind kind, JSBool setter = false)
1007 {
1008 JS_ASSERT(obj->getClass() == &js_CallClass);
1009
1010 uintN i = 0;
1011 if (kind != JSCPK_ARGUMENTS) {
1012 JS_ASSERT((int16) JSVAL_TO_INT(id) == JSVAL_TO_INT(id));
1013 i = (uint16) JSVAL_TO_INT(id);
1014 }
1015
1016 jsval *array;
1017 if (kind == JSCPK_UPVAR) {
1018 JSObject *callee = JSVAL_TO_OBJECT(obj->getSlot(JSSLOT_CALLEE));
1019
1020 #ifdef DEBUG
1021 JSFunction *callee_fun = (JSFunction *) callee->getPrivate();
1022 JS_ASSERT(FUN_FLAT_CLOSURE(callee_fun));
1023 JS_ASSERT(i < callee_fun->u.i.nupvars);
1024 #endif
1025
1026 array = callee->dslots;
1027 } else {
1028 JSFunction *fun = js_GetCallObjectFunction(obj);
1029 JS_ASSERT_IF(kind == JSCPK_ARG, i < fun->nargs);
1030 JS_ASSERT_IF(kind == JSCPK_VAR, i < fun->u.i.nvars);
1031
1032 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
1033
1034 if (kind == JSCPK_ARGUMENTS) {
1035 if (setter) {
1036 if (fp)
1037 fp->flags |= JSFRAME_OVERRIDE_ARGS;
1038 obj->setSlot(JSSLOT_CALL_ARGUMENTS, *vp);
1039 } else {
1040 if (fp && !(fp->flags & JSFRAME_OVERRIDE_ARGS)) {
1041 JSObject *argsobj;
1042
1043 argsobj = js_GetArgsObject(cx, fp);
1044 if (!argsobj)
1045 return false;
1046 *vp = OBJECT_TO_JSVAL(argsobj);
1047 } else {
1048 *vp = obj->getSlot(JSSLOT_CALL_ARGUMENTS);
1049 }
1050 }
1051 return true;
1052 }
1053
1054 if (!fp) {
1055 i += CALL_CLASS_FIXED_RESERVED_SLOTS;
1056 if (kind == JSCPK_VAR)
1057 i += fun->nargs;
1058 else
1059 JS_ASSERT(kind == JSCPK_ARG);
1060 return setter
1061 ? JS_SetReservedSlot(cx, obj, i, *vp)
1062 : JS_GetReservedSlot(cx, obj, i, vp);
1063 }
1064
1065 if (kind == JSCPK_ARG) {
1066 array = fp->argv;
1067 } else {
1068 JS_ASSERT(kind == JSCPK_VAR);
1069 array = fp->slots();
1070 }
1071 }
1072
1073 if (setter) {
1074 GC_POKE(cx, array[i]);
1075 array[i] = *vp;
1076 } else {
1077 *vp = array[i];
1078 }
1079 return true;
1080 }
1081
1082 static JSBool
1083 GetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1084 {
1085 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS);
1086 }
1087
1088 static JSBool
1089 SetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1090 {
1091 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, true);
1092 }
1093
1094 JSBool
1095 js_GetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1096 {
1097 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG);
1098 }
1099
1100 JSBool
1101 SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1102 {
1103 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, true);
1104 }
1105
1106 JSBool
1107 GetFlatUpvar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1108 {
1109 return CallPropertyOp(cx, obj, id, vp, JSCPK_UPVAR);
1110 }
1111
1112 JSBool
1113 SetFlatUpvar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1114 {
1115 return CallPropertyOp(cx, obj, id, vp, JSCPK_UPVAR, true);
1116 }
1117
1118 JSBool
1119 js_GetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1120 {
1121 return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR);
1122 }
1123
1124 JSBool
1125 js_GetCallVarChecked(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1126 {
1127 if (!CallPropertyOp(cx, obj, id, vp, JSCPK_VAR))
1128 return false;
1129
1130 return CheckForEscapingClosure(cx, obj, vp);
1131 }
1132
1133 JSBool
1134 SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1135 {
1136 return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, true);
1137 }
1138
1139 JSBool JS_FASTCALL
1140 js_SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval v)
1141 {
1142 return CallPropertyOp(cx, obj, id, &v, JSCPK_ARG, true);
1143 }
1144
1145 JSBool JS_FASTCALL
1146 js_SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval v)
1147 {
1148 return CallPropertyOp(cx, obj, id, &v, JSCPK_VAR, true);
1149 }
1150
1151 JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallArg, CONTEXT, OBJECT, JSID, JSVAL, 0,
1152 nanojit::ACC_STORE_ANY)
1153 JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallVar, CONTEXT, OBJECT, JSID, JSVAL, 0,
1154 nanojit::ACC_STORE_ANY)
1155
1156 static JSBool
1157 call_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
1158 JSObject **objp)
1159 {
1160 jsval callee;
1161 JSFunction *fun;
1162 JSLocalKind localKind;
1163 JSPropertyOp getter, setter;
1164 uintN slot, attrs;
1165
1166 JS_ASSERT(obj->getClass() == &js_CallClass);
1167 JS_ASSERT(!obj->getProto());
1168
1169 if (!JSVAL_IS_STRING(idval))
1170 return JS_TRUE;
1171
1172 JS_ASSERT(JSVAL_TO_STRING(idval)->isAtomized());
1173 jsid id = (jsval)idval;
1174
1175 callee = obj->getSlot(JSSLOT_CALLEE);
1176 if (JSVAL_IS_VOID(callee))
1177 return JS_TRUE;
1178 fun = GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(callee));
1179
1180 /*
1181 * Check whether the id refers to a formal parameter, local variable or
1182 * the arguments special name.
1183 *
1184 * We define all such names using JSDNP_DONT_PURGE to avoid an expensive
1185 * shape invalidation in js_DefineNativeProperty. If such an id happens to
1186 * shadow a global or upvar of the same name, any inner functions can
1187 * never access the outer binding. Thus it cannot invalidate any property
1188 * cache entries or derived trace guards for the outer binding. See also
1189 * comments in js_PurgeScopeChainHelper from jsobj.cpp.
1190 */
1191 localKind = js_LookupLocal(cx, fun, JSID_TO_ATOM(id), &slot);
1192 if (localKind != JSLOCAL_NONE) {
1193 JS_ASSERT((uint16) slot == slot);
1194
1195 /*
1196 * We follow 10.2.3 of ECMA 262 v3 and make argument and variable
1197 * properties of the Call objects enumerable.
1198 */
1199 attrs = JSPROP_ENUMERATE | JSPROP_PERMANENT | JSPROP_SHARED;
1200 if (localKind == JSLOCAL_ARG) {
1201 JS_ASSERT(slot < fun->nargs);
1202 getter = js_GetCallArg;
1203 setter = SetCallArg;
1204 } else {
1205 JSCallPropertyKind cpkind;
1206 if (localKind == JSLOCAL_UPVAR) {
1207 if (!FUN_FLAT_CLOSURE(fun))
1208 return JS_TRUE;
1209 getter = GetFlatUpvar;
1210 setter = SetFlatUpvar;
1211 cpkind = JSCPK_UPVAR;
1212 } else {
1213 JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
1214 JS_ASSERT(slot < fun->u.i.nvars);
1215 getter = js_GetCallVar;
1216 setter = SetCallVar;
1217 cpkind = JSCPK_VAR;
1218 if (localKind == JSLOCAL_CONST)
1219 attrs |= JSPROP_READONLY;
1220 }
1221
1222 /*
1223 * Use js_GetCallVarChecked if the local's value is a null closure.
1224 * This way we penalize performance only slightly on first use of a
1225 * null closure, not on every use.
1226 */
1227 jsval v;
1228 if (!CallPropertyOp(cx, obj, INT_TO_JSID((int16)slot), &v, cpkind))
1229 return JS_FALSE;
1230 if (VALUE_IS_FUNCTION(cx, v) &&
1231 GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
1232 getter = js_GetCallVarChecked;
1233 }
1234 }
1235 if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID, getter, setter,
1236 attrs, JSScopeProperty::HAS_SHORTID, (int16) slot,
1237 NULL, JSDNP_DONT_PURGE)) {
1238 return JS_FALSE;
1239 }
1240 *objp = obj;
1241 return JS_TRUE;
1242 }
1243
1244 /*
1245 * Resolve arguments so that we never store a particular Call object's
1246 * arguments object reference in a Call prototype's |arguments| slot.
1247 */
1248 if (id == ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom)) {
1249 if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID,
1250 GetCallArguments, SetCallArguments,
1251 JSPROP_PERMANENT | JSPROP_SHARED,
1252 0, 0, NULL, JSDNP_DONT_PURGE)) {
1253 return JS_FALSE;
1254 }
1255 *objp = obj;
1256 return JS_TRUE;
1257 }
1258
1259 /* Control flow reaches here only if id was not resolved. */
1260 return JS_TRUE;
1261 }
1262
1263 JS_FRIEND_DATA(JSClass) js_CallClass = {
1264 "Call",
1265 JSCLASS_HAS_PRIVATE |
1266 JSCLASS_HAS_RESERVED_SLOTS(CALL_CLASS_FIXED_RESERVED_SLOTS) |
1267 JSCLASS_NEW_RESOLVE | JSCLASS_IS_ANONYMOUS | JSCLASS_MARK_IS_TRACE,
1268 JS_PropertyStub, JS_PropertyStub,
1269 JS_PropertyStub, JS_PropertyStub,
1270 call_enumerate, (JSResolveOp)call_resolve,
1271 NULL, NULL,
1272 NULL, NULL,
1273 NULL, NULL,
1274 NULL, NULL,
1275 JS_CLASS_TRACE(args_or_call_trace), NULL
1276 };
1277
1278 /* Generic function tinyids. */
1279 enum {
1280 FUN_ARGUMENTS = -1, /* predefined arguments local variable */
1281 FUN_LENGTH = -2, /* number of actual args, arity if inactive */
1282 FUN_ARITY = -3, /* number of formal parameters; desired argc */
1283 FUN_NAME = -4, /* function name, "" if anonymous */
1284 FUN_CALLER = -5 /* Function.prototype.caller, backward compat */
1285 };
1286
1287 static JSBool
1288 fun_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
1289 {
1290 if (!JSVAL_IS_INT(id))
1291 return JS_TRUE;
1292
1293 jsint slot = JSVAL_TO_INT(id);
1294
1295 /*
1296 * Loop because getter and setter can be delegated from another class,
1297 * but loop only for FUN_LENGTH because we must pretend that f.length
1298 * is in each function instance f, per ECMA-262, instead of only in the
1299 * Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED
1300 * to make it appear so).
1301 *
1302 * This code couples tightly to the attributes for lazy_function_props[]
1303 * initializers above, and to js_SetProperty and js_HasOwnProperty.
1304 *
1305 * It's important to allow delegating objects, even though they inherit
1306 * this getter (fun_getProperty), to override arguments, arity, caller,
1307 * and name. If we didn't return early for slot != FUN_LENGTH, we would
1308 * clobber *vp with the native property value, instead of letting script
1309 * override that value in delegating objects.
1310 *
1311 * Note how that clobbering is what simulates JSPROP_READONLY for all of
1312 * the non-standard properties when the directly addressed object (obj)
1313 * is a function object (i.e., when this loop does not iterate).
1314 */
1315 JSFunction *fun;
1316 while (!(fun = (JSFunction *)
1317 JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL))) {
1318 if (slot != FUN_LENGTH)
1319 return JS_TRUE;
1320 obj = obj->getProto();
1321 if (!obj)
1322 return JS_TRUE;
1323 }
1324
1325 /* Find fun's top-most activation record. */
1326 JSStackFrame *fp;
1327 for (fp = js_GetTopStackFrame(cx);
1328 fp && (fp->fun != fun || (fp->flags & JSFRAME_SPECIAL));
1329 fp = fp->down) {
1330 continue;
1331 }
1332
1333 switch (slot) {
1334 case FUN_ARGUMENTS:
1335 /* Warn if strict about f.arguments or equivalent unqualified uses. */
1336 if (!JS_ReportErrorFlagsAndNumber(cx,
1337 JSREPORT_WARNING | JSREPORT_STRICT,
1338 js_GetErrorMessage, NULL,
1339 JSMSG_DEPRECATED_USAGE,
1340 js_arguments_str)) {
1341 return JS_FALSE;
1342 }
1343 if (fp) {
1344 if (!js_GetArgsValue(cx, fp, vp))
1345 return JS_FALSE;
1346 } else {
1347 *vp = JSVAL_NULL;
1348 }
1349 break;
1350
1351 case FUN_LENGTH:
1352 case FUN_ARITY:
1353 *vp = INT_TO_JSVAL((jsint)fun->nargs);
1354 break;
1355
1356 case FUN_NAME:
1357 *vp = fun->atom
1358 ? ATOM_KEY(fun->atom)
1359 : STRING_TO_JSVAL(cx->runtime->emptyString);
1360 break;
1361
1362 case FUN_CALLER:
1363 if (fp && fp->down && fp->down->fun) {
1364 JSFunction *caller = fp->down->fun;
1365 /*
1366 * See equivalent condition in args_getProperty for ARGS_CALLEE,
1367 * but here we do not want to throw, since this escape can happen
1368 * via foo.caller alone, without any debugger or indirect eval. And
1369 * it seems foo.caller is still used on the Web.
1370 */
1371 if (caller->needsWrapper()) {
1372 JSObject *wrapper = WrapEscapingClosure(cx, fp->down, FUN_OBJECT(caller), caller);
1373 if (!wrapper)
1374 return JS_FALSE;
1375 *vp = OBJECT_TO_JSVAL(wrapper);
1376 return JS_TRUE;
1377 }
1378
1379 JS_ASSERT(fp->down->argv);
1380 *vp = fp->down->calleeValue();
1381 } else {
1382 *vp = JSVAL_NULL;
1383 }
1384
1385 /* Censor the caller if it is from another compartment. */
1386 if (!JSVAL_IS_PRIMITIVE(*vp)) {
1387 if (JSVAL_TO_OBJECT(*vp)->getCompartment(cx) != cx->compartment)
1388 *vp = JSVAL_NULL;
1389 }
1390 break;
1391
1392 default:
1393 /* XXX fun[0] and fun.arguments[0] are equivalent. */
1394 if (fp && fp->fun && (uintN)slot < fp->fun->nargs)
1395 *vp = fp->argv[slot];
1396 break;
1397 }
1398
1399 return JS_TRUE;
1400 }
1401
1402 struct LazyFunctionProp {
1403 uint16 atomOffset;
1404 int8 tinyid;
1405 uint8 attrs;
1406 };
1407
1408 /* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */
1409 static LazyFunctionProp lazy_function_props[] = {
1410 {ATOM_OFFSET(arguments), FUN_ARGUMENTS, JSPROP_PERMANENT},
1411 {ATOM_OFFSET(arity), FUN_ARITY, JSPROP_PERMANENT},
1412 {ATOM_OFFSET(caller), FUN_CALLER, JSPROP_PERMANENT},
1413 {ATOM_OFFSET(name), FUN_NAME, JSPROP_PERMANENT},
1414 };
1415
1416 static JSBool
1417 fun_enumerate(JSContext *cx, JSObject *obj)
1418 {
1419 JS_ASSERT(obj->isFunction());
1420
1421 jsval v;
1422 jsid id = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1423 if (!JS_LookupPropertyById(cx, obj, id, &v))
1424 return false;
1425 id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
1426 if (!JS_LookupPropertyById(cx, obj, id, &v))
1427 return false;
1428
1429 for (uintN i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) {
1430 LazyFunctionProp &lfp = lazy_function_props[i];
1431 id = ATOM_TO_JSID(OFFSET_TO_ATOM(cx->runtime, lfp.atomOffset));
1432 if (!JS_LookupPropertyById(cx, obj, id, &v))
1433 return false;
1434 }
1435
1436 return true;
1437 }
1438
1439 static JSBool
1440 fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
1441 JSObject **objp)
1442 {
1443 if (!JSVAL_IS_STRING(id))
1444 return JS_TRUE;
1445
1446 JSFunction *fun = GET_FUNCTION_PRIVATE(cx, obj);
1447
1448 /*
1449 * No need to reflect fun.prototype in 'fun.prototype = ... '. Assert that
1450 * fun is not a compiler-created function object, which must never leak to
1451 * script or embedding code and then be mutated.
1452 */
1453 if ((flags & JSRESOLVE_ASSIGNING) && id != ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
1454 JS_ASSERT(!IsInternalFunctionObject(obj));
1455 return JS_TRUE;
1456 }
1457
1458 /*
1459 * Ok, check whether id is 'prototype' and bootstrap the function object's
1460 * prototype property.
1461 */
1462 JSAtom *atom = cx->runtime->atomState.classPrototypeAtom;
1463 if (id == ATOM_TO_JSID(atom)) {
1464 JS_ASSERT(!IsInternalFunctionObject(obj));
1465
1466 /*
1467 * Beware of the wacky case of a user function named Object -- trying
1468 * to find a prototype for that will recur back here _ad perniciem_.
1469 */
1470 if (fun->atom == CLASS_ATOM(cx, Object))
1471 return JS_TRUE;
1472
1473 /*
1474 * Make the prototype object an instance of Object with the same parent
1475 * as the function object itself.
1476 */
1477 JSObject *parent = obj->getParent();
1478 JSObject *proto;
1479 if (!js_GetClassPrototype(cx, parent, JSProto_Object, &proto))
1480 return JS_FALSE;
1481 proto = NewNativeClassInstance(cx, &js_ObjectClass, proto, parent);
1482 if (!proto)
1483 return JS_FALSE;
1484
1485 /*
1486 * ECMA (15.3.5.2) says that constructor.prototype is DontDelete for
1487 * user-defined functions, but DontEnum | ReadOnly | DontDelete for
1488 * native "system" constructors such as Object or Function. So lazily
1489 * set the former here in fun_resolve, but eagerly define the latter
1490 * in JS_InitClass, with the right attributes.
1491 */
1492 if (!js_SetClassPrototype(cx, obj, proto, JSPROP_PERMANENT))
1493 return JS_FALSE;
1494
1495 *objp = obj;
1496 return JS_TRUE;
1497 }
1498
1499 atom = cx->runtime->atomState.lengthAtom;
1500 if (id == ATOM_TO_JSID(atom)) {
1501 JS_ASSERT(!IsInternalFunctionObject(obj));
1502 if (!js_DefineNativeProperty(cx, obj, ATOM_TO_JSID(atom), INT_TO_JSVAL(jsint(fun->nargs)),
1503 JS_PropertyStub, JS_PropertyStub,
1504 JSPROP_PERMANENT | JSPROP_READONLY, 0, 0, NULL)) {
1505 return JS_FALSE;
1506 }
1507 *objp = obj;
1508 return JS_TRUE;
1509 }
1510
1511 for (uintN i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) {
1512 LazyFunctionProp *lfp = &lazy_function_props[i];
1513
1514 atom = OFFSET_TO_ATOM(cx->runtime, lfp->atomOffset);
1515 if (id == ATOM_KEY(atom)) {
1516 JS_ASSERT(!IsInternalFunctionObject(obj));
1517
1518 if (!js_DefineNativeProperty(cx, obj,
1519 ATOM_TO_JSID(atom), JSVAL_VOID,
1520 fun_getProperty, JS_PropertyStub,
1521 lfp->attrs, JSScopeProperty::HAS_SHORTID,
1522 lfp->tinyid, NULL)) {
1523 return JS_FALSE;
1524 }
1525 *objp = obj;
1526 return JS_TRUE;
1527 }
1528 }
1529
1530 return JS_TRUE;
1531 }
1532
1533 #if JS_HAS_XDR
1534
1535 /* XXX store parent and proto, if defined */
1536 JSBool
1537 js_XDRFunctionObject(JSXDRState *xdr, JSObject **objp)
1538 {
1539 JSContext *cx;
1540 JSFunction *fun;
1541 uint32 firstword; /* flag telling whether fun->atom is non-null,
1542 plus for fun->u.i.skipmin, fun->u.i.wrapper,
1543 and 14 bits reserved for future use */
1544 uintN nargs, nvars, nupvars, n;
1545 uint32 localsword; /* word for argument and variable counts */
1546 uint32 flagsword; /* word for fun->u.i.nupvars and fun->flags */
1547
1548 cx = xdr->cx;
1549 if (xdr->mode == JSXDR_ENCODE) {
1550 fun = GET_FUNCTION_PRIVATE(cx, *objp);
1551 if (!FUN_INTERPRETED(fun)) {
1552 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1553 JSMSG_NOT_SCRIPTED_FUNCTION,
1554 JS_GetFunctionName(fun));
1555 return false;
1556 }
1557 if (fun->u.i.wrapper) {
1558 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1559 JSMSG_XDR_CLOSURE_WRAPPER,
1560 JS_GetFunctionName(fun));
1561 return false;
1562 }
1563 JS_ASSERT((fun->u.i.wrapper & ~1U) == 0);
1564 firstword = (fun->u.i.skipmin << 2) | (fun->u.i.wrapper << 1) | !!fun->atom;
1565 nargs = fun->nargs;
1566 nvars = fun->u.i.nvars;
1567 nupvars = fun->u.i.nupvars;
1568 localsword = (nargs << 16) | nvars;
1569 flagsword = (nupvars << 16) | fun->flags;
1570 } else {
1571 fun = js_NewFunction(cx, NULL, NULL, 0, JSFUN_INTERPRETED, NULL, NULL);
1572 if (!fun)
1573 return false;
1574 FUN_OBJECT(fun)->clearParent();
1575 FUN_OBJECT(fun)->clearProto();
1576 #ifdef __GNUC__
1577 nvars = nargs = nupvars = 0; /* quell GCC uninitialized warning */
1578 #endif
1579 }
1580
1581 AutoValueRooter tvr(cx, FUN_OBJECT(fun));
1582
1583 if (!JS_XDRUint32(xdr, &firstword))
1584 return false;
1585 if ((firstword & 1U) && !js_XDRStringAtom(xdr, &fun->atom))
1586 return false;
1587 if (!JS_XDRUint32(xdr, &localsword) ||
1588 !JS_XDRUint32(xdr, &flagsword)) {
1589 return false;
1590 }
1591
1592 if (xdr->mode == JSXDR_DECODE) {
1593 nargs = localsword >> 16;
1594 nvars = uint16(localsword);
1595 JS_ASSERT((flagsword & JSFUN_KINDMASK) >= JSFUN_INTERPRETED);
1596 nupvars = flagsword >> 16;
1597 fun->flags = uint16(flagsword);
1598 fun->u.i.skipmin = uint16(firstword >> 2);
1599 fun->u.i.wrapper = JSPackedBool((firstword >> 1) & 1);
1600 }
1601
1602 /* do arguments and local vars */
1603 n = nargs + nvars + nupvars;
1604 if (n != 0) {
1605 JSArenaPool &tempPool = xdr->cx->tempPool;
1606 void *mark = tempPool.getMark();
1607 uintN i;
1608 jsuword *names;
1609 JSAtom *name;
1610 JSLocalKind localKind;
1611 bool ok = true;
1612
1613 /*
1614 * From this point the control must flow via the label release_mark.
1615 *
1616 * To xdr the names we prefix the names with a bitmap descriptor and
1617 * then xdr the names as strings. For argument names (indexes below
1618 * nargs) the corresponding bit in the bitmap is unset when the name
1619 * is null. Such null names are not encoded or decoded. For variable
1620 * names (indexes starting from nargs) bitmap's bit is set when the
1621 * name is declared as const, not as ordinary var.
1622 * */
1623 MUST_FLOW_THROUGH("release_mark");
1624 uintN bitmapLength = JS_HOWMANY(n, JS_BITS_PER_UINT32);
1625 uint32 *bitmap;
1626 tempPool.allocateCast<uint32 *>(bitmap, bitmapLength * sizeof *bitmap);
1627 if (!bitmap) {
1628 js_ReportOutOfScriptQuota(xdr->cx);
1629 ok = false;
1630 goto release_mark;
1631 }
1632 if (xdr->mode == JSXDR_ENCODE) {
1633 names = js_GetLocalNameArray(xdr->cx, fun, &tempPool);
1634 if (!names) {
1635 ok = false;
1636 goto release_mark;
1637 }
1638 PodZero(bitmap, bitmapLength);
1639 for (i = 0; i != n; ++i) {
1640 if (i < fun->nargs
1641 ? JS_LOCAL_NAME_TO_ATOM(names[i]) != NULL
1642 : JS_LOCAL_NAME_IS_CONST(names[i])) {
1643 bitmap[i >> JS_BITS_PER_UINT32_LOG2] |=
1644 JS_BIT(i & (JS_BITS_PER_UINT32 - 1));
1645 }
1646 }
1647 }
1648 #ifdef __GNUC__
1649 else {
1650 names = NULL; /* quell GCC uninitialized warning */
1651 }
1652 #endif
1653 for (i = 0; i != bitmapLength; ++i) {
1654 ok = !!JS_XDRUint32(xdr, &bitmap[i]);
1655 if (!ok)
1656 goto release_mark;
1657 }
1658 for (i = 0; i != n; ++i) {
1659 if (i < nargs &&
1660 !(bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1661 JS_BIT(i & (JS_BITS_PER_UINT32 - 1)))) {
1662 if (xdr->mode == JSXDR_DECODE) {
1663 ok = !!js_AddLocal(xdr->cx, fun, NULL, JSLOCAL_ARG);
1664 if (!ok)
1665 goto release_mark;
1666 } else {
1667 JS_ASSERT(!JS_LOCAL_NAME_TO_ATOM(names[i]));
1668 }
1669 continue;
1670 }
1671 if (xdr->mode == JSXDR_ENCODE)
1672 name = JS_LOCAL_NAME_TO_ATOM(names[i]);
1673 ok = !!js_XDRStringAtom(xdr, &name);
1674 if (!ok)
1675 goto release_mark;
1676 if (xdr->mode == JSXDR_DECODE) {
1677 localKind = (i < nargs)
1678 ? JSLOCAL_ARG
1679 : (i < nargs + nvars)
1680 ? (bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1681 JS_BIT(i & (JS_BITS_PER_UINT32 - 1))
1682 ? JSLOCAL_CONST
1683 : JSLOCAL_VAR)
1684 : JSLOCAL_UPVAR;
1685 ok = !!js_AddLocal(xdr->cx, fun, name, localKind);
1686 if (!ok)
1687 goto release_mark;
1688 }
1689 }
1690
1691 release_mark:
1692 tempPool.release(mark);
1693 if (!ok)
1694 return false;
1695
1696 if (xdr->mode == JSXDR_DECODE)
1697 js_FreezeLocalNames(cx, fun);
1698 }
1699
1700 if (!js_XDRScript(xdr, &fun->u.i.script, false, NULL))
1701 return false;
1702
1703 if (xdr->mode == JSXDR_DECODE) {
1704 *objp = FUN_OBJECT(fun);
1705 if (fun->u.i.script != JSScript::emptyScript()) {
1706 #ifdef CHECK_SCRIPT_OWNER
1707 fun->u.i.script->owner = NULL;
1708 #endif
1709 js_CallNewScriptHook(cx, fun->u.i.script, fun);
1710 }
1711 }
1712
1713 return true;
1714 }
1715
1716 #else /* !JS_HAS_XDR */
1717
1718 #define js_XDRFunctionObject NULL
1719
1720 #endif /* !JS_HAS_XDR */
1721
1722 /*
1723 * [[HasInstance]] internal method for Function objects: fetch the .prototype
1724 * property of its 'this' parameter, and walks the prototype chain of v (only
1725 * if v is an object) returning true if .prototype is found.
1726 */
1727 static JSBool
1728 fun_hasInstance(JSContext *cx, JSObject *obj, jsval v, JSBool *bp)
1729 {
1730 jsval pval;
1731 jsid id = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1732 if (!obj->getProperty(cx, id, &pval))
1733 return JS_FALSE;
1734
1735 if (JSVAL_IS_PRIMITIVE(pval)) {
1736 /*
1737 * Throw a runtime error if instanceof is called on a function that
1738 * has a non-object as its .prototype value.
1739 */
1740 js_ReportValueError(cx, JSMSG_BAD_PROTOTYPE,
1741 -1, OBJECT_TO_JSVAL(obj), NULL);
1742 return JS_FALSE;
1743 }
1744
1745 return js_IsDelegate(cx, JSVAL_TO_OBJECT(pval), v, bp);
1746 }
1747
1748 static void
1749 TraceLocalNames(JSTracer *trc, JSFunction *fun);
1750
1751 static void
1752 DestroyLocalNames(JSContext *cx, JSFunction *fun);
1753
1754 static void
1755 fun_trace(JSTracer *trc, JSObject *obj)
1756 {
1757 /* A newborn function object may have a not yet initialized private slot. */
1758 JSFunction *fun = (JSFunction *) obj->getPrivate();
1759 if (!fun)
1760 return;
1761
1762 if (FUN_OBJECT(fun) != obj) {
1763 /* obj is cloned function object, trace the original. */
1764 JS_CALL_TRACER(trc, FUN_OBJECT(fun), JSTRACE_OBJECT, "private");
1765 return;
1766 }
1767 if (fun->atom)
1768 JS_CALL_STRING_TRACER(trc, ATOM_TO_STRING(fun->atom), "atom");
1769 if (FUN_INTERPRETED(fun)) {
1770 if (fun->u.i.script)
1771 js_TraceScript(trc, fun->u.i.script);
1772 TraceLocalNames(trc, fun);
1773 }
1774 }
1775
1776 static void
1777 fun_finalize(JSContext *cx, JSObject *obj)
1778 {
1779 /* Ignore newborn and cloned function objects. */
1780 JSFunction *fun = (JSFunction *) obj->getPrivate();
1781 if (!fun || FUN_OBJECT(fun) != obj)
1782 return;
1783
1784 /*
1785 * Null-check of u.i.script is required since the parser sets interpreted
1786 * very early.
1787 */
1788 if (FUN_INTERPRETED(fun)) {
1789 if (fun->u.i.script)
1790 js_DestroyScript(cx, fun->u.i.script);
1791 DestroyLocalNames(cx, fun);
1792 }
1793 }
1794
1795 int
1796 JSFunction::sharpSlotBase(JSContext *cx)
1797 {
1798 #if JS_HAS_SHARP_VARS
1799 JSAtom *name = js_Atomize(cx, "#array", 6, 0);
1800 if (name) {
1801 uintN index = uintN(-1);
1802 #ifdef DEBUG
1803 JSLocalKind kind =
1804 #endif
1805 js_LookupLocal(cx, this, name, &index);
1806 JS_ASSERT(kind == JSLOCAL_VAR);
1807 return int(index);
1808 }
1809 #endif
1810 return -1;
1811 }
1812
1813 uint32
1814 JSFunction::countInterpretedReservedSlots() const
1815 {
1816 JS_ASSERT(FUN_INTERPRETED(this));
1817
1818 return (u.i.nupvars == 0) ? 0 : u.i.script->upvars()->length;
1819 }
1820
1821 /*
1822 * Reserve two slots in all function objects for XPConnect. Note that this
1823 * does not bloat every instance, only those on which reserved slots are set,
1824 * and those on which ad-hoc properties are defined.
1825 */
1826 JS_FRIEND_DATA(JSClass) js_FunctionClass = {
1827 js_Function_str,
1828 JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(2) |
1829 JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Function),
1830 JS_PropertyStub, JS_PropertyStub,
1831 JS_PropertyStub, JS_PropertyStub,
1832 fun_enumerate, (JSResolveOp)fun_resolve,
1833 JS_ConvertStub, fun_finalize,
1834 NULL, NULL,
1835 NULL, NULL,
1836 js_XDRFunctionObject, fun_hasInstance,
1837 JS_CLASS_TRACE(fun_trace), NULL
1838 };
1839
1840 namespace js {
1841
1842 JSString *
1843 fun_toStringHelper(JSContext *cx, JSObject *obj, uintN indent)
1844 {
1845 if (!obj->isFunction()) {
1846 if (obj->isFunctionProxy())
1847 return JSProxy::fun_toString(cx, obj, indent);
1848 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1849 JSMSG_INCOMPATIBLE_PROTO,
1850 js_Function_str, js_toString_str,
1851 "object");
1852 return NULL;
1853 }
1854
1855 JSFunction *fun = GET_FUNCTION_PRIVATE(cx, obj);
1856 if (!fun)
1857 return NULL;
1858 return JS_DecompileFunction(cx, fun, indent);
1859 }
1860
1861 }
1862
1863 static JSBool
1864 fun_toString(JSContext *cx, uintN argc, jsval *vp)
1865 {
1866 JS_ASSERT(VALUE_IS_FUNCTION(cx, vp[0]));
1867 uint32_t indent = 0;
1868
1869 if (argc != 0 && !ValueToECMAUint32(cx, vp[2], &indent))
1870 return false;
1871
1872 JSObject *obj = JS_THIS_OBJECT(cx, vp);
1873 if (!obj)
1874 return false;
1875
1876 JSString *str = fun_toStringHelper(cx, obj, indent);
1877 if (!str)
1878 return false;
1879
1880 *vp = STRING_TO_JSVAL(str);
1881 return true;
1882 }
1883
1884 #if JS_HAS_TOSOURCE
1885 static JSBool
1886 fun_toSource(JSContext *cx, uintN argc, jsval *vp)
1887 {
1888 JS_ASSERT(VALUE_IS_FUNCTION(cx, vp[0]));
1889
1890 JSObject *obj = JS_THIS_OBJECT(cx, vp);
1891 if (!obj)
1892 return false;
1893
1894 JSString *str = fun_toStringHelper(cx, obj, JS_DONT_PRETTY_PRINT);
1895 if (!str)
1896 return false;
1897
1898 *vp = STRING_TO_JSVAL(str);
1899 return true;
1900 }
1901 #endif
1902
1903 JSBool
1904 js_fun_call(JSContext *cx, uintN argc, jsval *vp)
1905 {
1906 JSObject *obj;
1907 jsval fval, *argv;
1908 JSString *str;
1909 JSBool ok;
1910
1911 LeaveTrace(cx);
1912
1913 obj = JS_THIS_OBJECT(cx, vp);
1914 if (!obj)
1915 return JS_FALSE;
1916 fval = vp[1];
1917
1918 if (!js_IsCallable(fval)) {
1919 str = JS_ValueToString(cx, fval);
1920 if (str) {
1921 const char *bytes = js_GetStringBytes(cx, str);
1922
1923 if (bytes) {
1924 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1925 JSMSG_INCOMPATIBLE_PROTO,
1926 js_Function_str, js_call_str,
1927 bytes);
1928 }
1929 }
1930 return JS_FALSE;
1931 }
1932
1933 argv = vp + 2;
1934 if (argc == 0) {
1935 /* Call fun with its global object as the 'this' param if no args. */
1936 obj = NULL;
1937 } else {
1938 /* Otherwise convert the first arg to 'this' and skip over it. */
1939 if (!JSVAL_IS_PRIMITIVE(argv[0]))
1940 obj = JSVAL_TO_OBJECT(argv[0]);
1941 else if (!js_ValueToObject(cx, argv[0], &obj))
1942 return JS_FALSE;
1943 argc--;
1944 argv++;
1945 }
1946
1947 /* Allocate stack space for fval, obj, and the args. */
1948 InvokeArgsGuard args;
1949 if (!cx->stack().pushInvokeArgs(cx, argc, args))
1950 return JS_FALSE;
1951
1952 /* Push fval, obj, and the args. */
1953 args.getvp()[0] = fval;
1954 args.getvp()[1] = OBJECT_TO_JSVAL(obj);
1955 memcpy(args.getvp() + 2, argv, argc * sizeof *argv);
1956
1957 ok = js_Invoke(cx, args, 0);
1958 *vp = *args.getvp();
1959 return ok;
1960 }
1961
1962 JSBool
1963 js_fun_apply(JSContext *cx, uintN argc, jsval *vp)
1964 {
1965 JSObject *obj, *aobj;
1966 jsval fval, *sp;
1967 JSString *str;
1968 jsuint length;
1969 JSBool arraylike;
1970 uintN i;
1971
1972 if (argc == 0) {
1973 /* Will get globalObject as 'this' and no other arguments. */
1974 return js_fun_call(cx, argc, vp);
1975 }
1976
1977 LeaveTrace(cx);
1978
1979 obj = JS_THIS_OBJECT(cx, vp);
1980 if (!obj)
1981 return JS_FALSE;
1982 fval = vp[1];
1983
1984 if (!js_IsCallable(fval)) {
1985 str = JS_ValueToString(cx, fval);
1986 if (str) {
1987 const char *bytes = js_GetStringBytes(cx, str);
1988
1989 if (bytes) {
1990 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1991 JSMSG_INCOMPATIBLE_PROTO,
1992 js_Function_str, js_apply_str,
1993 bytes);
1994 }
1995 }
1996 return JS_FALSE;
1997 }
1998
1999 /* Quell GCC overwarnings. */
2000 aobj = NULL;
2001 length = 0;
2002
2003 if (argc >= 2) {
2004 /* If the 2nd arg is null or void, call the function with 0 args. */
2005 if (JSVAL_IS_NULL(vp[3]) || JSVAL_IS_VOID(vp[3])) {
2006 argc = 0;
2007 } else {
2008 /* The second arg must be an array (or arguments object). */
2009 arraylike = JS_FALSE;
2010 if (!JSVAL_IS_PRIMITIVE(vp[3])) {
2011 aobj = JSVAL_TO_OBJECT(vp[3]);
2012 if (!js_IsArrayLike(cx, aobj, &arraylike, &length))
2013 return JS_FALSE;
2014 }
2015 if (!arraylike) {
2016 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2017 JSMSG_BAD_APPLY_ARGS, js_apply_str);
2018 return JS_FALSE;
2019 }
2020 }
2021 }
2022
2023 /* Convert the first arg to 'this' and skip over it. */
2024 if (!JSVAL_IS_PRIMITIVE(vp[2]))
2025 obj = JSVAL_TO_OBJECT(vp[2]);
2026 else if (!js_ValueToObject(cx, vp[2], &obj))
2027 return JS_FALSE;
2028
2029 /* Allocate stack space for fval, obj, and the args. */
2030 argc = (uintN)JS_MIN(length, JS_ARGS_LENGTH_MAX);
2031
2032 InvokeArgsGuard args;
2033 if (!cx->stack().pushInvokeArgs(cx, argc, args))
2034 return JS_FALSE;
2035
2036 /* Push fval, obj, and aobj's elements as args. */
2037 sp = args.getvp();
2038 *sp++ = fval;
2039 *sp++ = OBJECT_TO_JSVAL(obj);
2040 if (aobj && aobj->isArguments() && !aobj->isArgsLengthOverridden()) {
2041 /*
2042 * Two cases, two loops: note how in the case of an active stack frame
2043 * backing aobj, even though we copy from fp->argv, we still must check
2044 * aobj->getArgsElement(i) for a hole, to handle a delete on the
2045 * corresponding arguments element. See args_delProperty.
2046 */
2047 JSStackFrame *fp = (JSStackFrame *) aobj->getPrivate();
2048 if (fp) {
2049 memcpy(sp, fp->argv, argc * sizeof(jsval));
2050 for (i = 0; i < argc; i++) {
2051 if (aobj->getArgsElement(i) == JSVAL_HOLE) // suppress deleted element
2052 sp[i] = JSVAL_VOID;
2053 }
2054 } else {
2055 for (i = 0; i < argc; i++) {
2056 sp[i] = aobj->getArgsElement(i);
2057 if (sp[i] == JSVAL_HOLE)
2058 sp[i] = JSVAL_VOID;
2059 }
2060 }
2061 } else {
2062 for (i = 0; i < argc; i++) {
2063 if (!aobj->getProperty(cx, INT_TO_JSID(jsint(i)), sp))
2064 return JS_FALSE;
2065 sp++;
2066 }
2067 }
2068
2069 JSBool ok = js_Invoke(cx, args, 0);
2070 *vp = *args.getvp();
2071 return ok;
2072 }
2073
2074 #ifdef NARCISSUS
2075 static JS_REQUIRES_STACK JSBool
2076 fun_applyConstructor(JSContext *cx, uintN argc, jsval *vp)
2077 {
2078 JSObject *aobj;
2079 uintN length, i;
2080
2081 if (JSVAL_IS_PRIMITIVE(vp[2]) ||
2082 (aobj = JSVAL_TO_OBJECT(vp[2]),
2083 !aobj->isArray() &&
2084 !aobj->isArguments())) {
2085 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2086 JSMSG_BAD_APPLY_ARGS, "__applyConstruct__");
2087 return JS_FALSE;
2088 }
2089
2090 if (!js_GetLengthProperty(cx, aobj, &length))
2091 return JS_FALSE;
2092
2093 if (length > JS_ARGS_LENGTH_MAX)
2094 length = JS_ARGS_LENGTH_MAX;
2095
2096 InvokeArgsGuard args;
2097 if (!cx->stack().pushInvokeArgs(cx, length, args))
2098 return JS_FALSE;
2099
2100 jsval *sp = args.getvp();
2101 *sp++ = vp[1];
2102 *sp++ = JSVAL_NULL; /* this is filled automagically */
2103 for (i = 0; i < length; i++) {
2104 if (!aobj->getProperty(cx, INT_TO_JSID(jsint(i)), sp))
2105 return JS_FALSE;
2106 sp++;
2107 }
2108
2109 JSBool ok = js_InvokeConstructor(cx, args);
2110 *vp = *args.getvp();
2111 return ok;
2112 }
2113 #endif
2114
2115 static JSFunctionSpec function_methods[] = {
2116 #if JS_HAS_TOSOURCE
2117 JS_FN(js_toSource_str, fun_toSource, 0,0),
2118 #endif
2119 JS_FN(js_toString_str, fun_toString, 0,0),
2120 JS_FN(js_apply_str, js_fun_apply, 2,0),
2121 JS_FN(js_call_str, js_fun_call, 1,0),
2122 #ifdef NARCISSUS
2123 JS_FN("__applyConstructor__", fun_applyConstructor, 1,0),
2124 #endif
2125 JS_FS_END
2126 };
2127
2128 static JSBool
2129 Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
2130 {
2131 JSFunction *fun;
2132 JSObject *parent;
2133 JSStackFrame *fp, *caller;
2134 uintN i, n, lineno;
2135 JSAtom *atom;
2136 const char *filename;
2137 JSBool ok;
2138 JSString *str, *arg;
2139 TokenStream ts(cx);
2140 JSPrincipals *principals;
2141 jschar *collected_args, *cp;
2142 void *mark;
2143 size_t arg_length, args_length, old_args_length;
2144 TokenKind tt;
2145
2146 if (!JS_IsConstructing(cx)) {
2147 obj = NewObject(cx, &js_FunctionClass, NULL, NULL);
2148 if (!obj)
2149 return JS_FALSE;
2150 *rval = OBJECT_TO_JSVAL(obj);
2151 } else {
2152 /*
2153 * The constructor is called before the private slot is initialized so
2154 * we must use getPrivate, not GET_FUNCTION_PRIVATE here.
2155 */
2156 if (obj->getPrivate())
2157 return JS_TRUE;
2158 }
2159
2160 /*
2161 * NB: (new Function) is not lexically closed by its caller, it's just an
2162 * anonymous function in the top-level scope that its constructor inhabits.
2163 * Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42,
2164 * and so would a call to f from another top-level's script or function.
2165 *
2166 * In older versions, before call objects, a new Function was adopted by
2167 * its running context's globalObject, which might be different from the
2168 * top-level reachable from scopeChain (in HTML frames, e.g.).
2169 */
2170 parent = JSVAL_TO_OBJECT(argv[-2])->getParent();
2171
2172 fun = js_NewFunction(cx, obj, NULL, 0, JSFUN_LAMBDA | JSFUN_INTERPRETED,
2173 parent, cx->runtime->atomState.anonymousAtom);
2174
2175 if (!fun)
2176 return JS_FALSE;
2177
2178 /*
2179 * Function is static and not called directly by other functions in this
2180 * file, therefore it is callable only as a native function by js_Invoke.
2181 * Find the scripted caller, possibly skipping other native frames such as
2182 * are built for Function.prototype.call or .apply activations that invoke
2183 * Function indirectly from a script.
2184 */
2185 fp = js_GetTopStackFrame(cx);
2186 JS_ASSERT(!fp->script && fp->fun && fp->fun->u.n.native == Function);
2187 caller = js_GetScriptedCaller(cx, fp);
2188 if (caller) {
2189 principals = JS_EvalFramePrincipals(cx, fp, caller);
2190 filename = js_ComputeFilename(cx, caller, principals, &lineno);
2191 } else {
2192 filename = NULL;
2193 lineno = 0;
2194 principals = NULL;
2195 }
2196
2197 /* Belt-and-braces: check that the caller has access to parent. */
2198 if (!js_CheckPrincipalsAccess(cx, parent, principals,
2199 CLASS_ATOM(cx, Function))) {
2200 return JS_FALSE;
2201 }
2202
2203 /*
2204 * CSP check: whether new Function() is allowed at all.
2205 * Report errors via CSP is done in the script security manager.
2206 * js_CheckContentSecurityPolicy is defined in jsobj.cpp
2207 */
2208 if (!js_CheckContentSecurityPolicy(cx)) {
2209 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2210 JSMSG_CSP_BLOCKED_FUNCTION);
2211 return JS_FALSE;
2212 }
2213
2214 n = argc ? argc - 1 : 0;
2215 if (n > 0) {
2216 enum { OK, BAD, BAD_FORMAL } state;
2217
2218 /*
2219 * Collect the function-argument arguments into one string, separated
2220 * by commas, then make a tokenstream from that string, and scan it to
2221 * get the arguments. We need to throw the full scanner at the
2222 * problem, because the argument string can legitimately contain
2223 * comments and linefeeds. XXX It might be better to concatenate
2224 * everything up into a function definition and pass it to the
2225 * compiler, but doing it this way is less of a delta from the old
2226 * code. See ECMA 15.3.2.1.
2227 */
2228 state = BAD_FORMAL;
2229 args_length = 0;
2230 for (i = 0; i < n; i++) {
2231 /* Collect the lengths for all the function-argument arguments. */
2232 arg = js_ValueToString(cx, argv[i]);
2233 if (!arg)
2234 return JS_FALSE;
2235 argv[i] = STRING_TO_JSVAL(arg);
2236
2237 /*
2238 * Check for overflow. The < test works because the maximum
2239 * JSString length fits in 2 fewer bits than size_t has.
2240 */
2241 old_args_length = args_length;
2242 args_length = old_args_length + arg->length();
2243 if (args_length < old_args_length) {
2244 js_ReportAllocationOverflow(cx);
2245 return JS_FALSE;
2246 }
2247 }
2248
2249 /* Add 1 for each joining comma and check for overflow (two ways). */
2250 old_args_length = args_length;
2251 args_length = old_args_length + n - 1;
2252 if (args_length < old_args_length ||
2253 args_length >= ~(size_t)0 / sizeof(jschar)) {
2254 js_ReportAllocationOverflow(cx);
2255 return JS_FALSE;
2256 }
2257
2258 /*
2259 * Allocate a string to hold the concatenated arguments, including room
2260 * for a terminating 0. Mark cx->tempPool for later release, to free
2261 * collected_args and its tokenstream in one swoop.
2262 */
2263 mark = cx->tempPool.getMark();
2264 cx->tempPool.allocateCast<jschar *>(cp, (args_length + 1) * sizeof(jschar));
2265 if (!cp) {
2266 js_ReportOutOfScriptQuota(cx);
2267 return JS_FALSE;
2268 }
2269 collected_args = cp;
2270
2271 /*
2272 * Concatenate the arguments into the new string, separated by commas.
2273 */
2274 for (i = 0; i < n; i++) {
2275 arg = JSVAL_TO_STRING(argv[i]);
2276 arg_length = arg->length();
2277 (void) js_strncpy(cp, arg->chars(), arg_length);
2278 cp += arg_length;
2279
2280 /* Add separating comma or terminating 0. */
2281 *cp++ = (i + 1 < n) ? ',' : 0;
2282 }
2283
2284 /* Initialize a tokenstream that reads from the given string. */
2285 if (!ts.init(collected_args, args_length, NULL, filename, lineno)) {
2286 cx->tempPool.release(mark);
2287 return JS_FALSE;
2288 }
2289
2290 /* The argument string may be empty or contain no tokens. */
2291 tt = ts.getToken();
2292 if (tt != TOK_EOF) {
2293 for (;;) {
2294 /*
2295 * Check that it's a name. This also implicitly guards against
2296 * TOK_ERROR, which was already reported.
2297 */
2298 if (tt != TOK_NAME)
2299 goto after_args;
2300
2301 /*
2302 * Get the atom corresponding to the name from the token
2303 * stream; we're assured at this point that it's a valid
2304 * identifier.
2305 */
2306 atom = ts.currentToken().t_atom;
2307
2308 /* Check for a duplicate parameter name. */
2309 if (js_LookupLocal(cx, fun, atom, NULL) != JSLOCAL_NONE) {
2310 const char *name;
2311
2312 name = js_AtomToPrintableString(cx, atom);
2313 ok = name && ReportCompileErrorNumber(cx, &ts, NULL,
2314 JSREPORT_WARNING | JSREPORT_STRICT,
2315 JSMSG_DUPLICATE_FORMAL, name);
2316 if (!ok)
2317 goto after_args;
2318 }
2319 if (!js_AddLocal(cx, fun, atom, JSLOCAL_ARG))
2320 goto after_args;
2321
2322 /*
2323 * Get the next token. Stop on end of stream. Otherwise
2324 * insist on a comma, get another name, and iterate.
2325 */
2326 tt = ts.getToken();
2327 if (tt == TOK_EOF)
2328 break;
2329 if (tt != TOK_COMMA)
2330 goto after_args;
2331 tt = ts.getToken();
2332 }
2333 }
2334
2335 state = OK;
2336 after_args:
2337 if (state == BAD_FORMAL && !ts.isError()) {
2338 /*
2339 * Report "malformed formal parameter" iff no illegal char or
2340 * similar scanner error was already reported.
2341 */
2342 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2343 JSMSG_BAD_FORMAL);
2344 }
2345 ts.close();
2346 cx->tempPool.release(mark);
2347 if (state != OK)
2348 return JS_FALSE;
2349 }
2350
2351 if (argc) {
2352 str = js_ValueToString(cx, argv[argc-1]);
2353 if (!str)
2354 return JS_FALSE;
2355 argv[argc-1] = STRING_TO_JSVAL(str);
2356 } else {
2357 str = cx->runtime->emptyString;
2358 }
2359
2360 return Compiler::compileFunctionBody(cx, fun, principals,
2361 str->chars(), str->length(),
2362 filename, lineno);
2363 }
2364
2365 JSObject *
2366 js_InitFunctionClass(JSContext *cx, JSObject *obj)
2367 {
2368 JSObject *proto;
2369 JSFunction *fun;
2370
2371 proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1,
2372 NULL, function_methods, NULL, NULL);
2373 if (!proto)
2374 return NULL;
2375 fun = js_NewFunction(cx, proto, NULL, 0, JSFUN_INTERPRETED, obj, NULL);
2376 if (!fun)
2377 return NULL;
2378 fun->u.i.script = JSScript::emptyScript();
2379 return proto;
2380 }
2381
2382 JSFunction *
2383 js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
2384 uintN flags, JSObject *parent, JSAtom *atom)
2385 {
2386 JSFunction *fun;
2387
2388 if (funobj) {
2389 JS_ASSERT(funobj->isFunction());
2390 funobj->setParent(parent);
2391 } else {
2392 funobj = NewObject(cx, &js_FunctionClass, NULL, parent);
2393 if (!funobj)
2394 return NULL;
2395 }
2396 JS_ASSERT(!funobj->getPrivate());
2397 fun = (JSFunction *) funobj;
2398
2399 /* Initialize all function members. */
2400 fun->nargs = uint16(nargs);
2401 fun->flags = flags & (JSFUN_FLAGS_MASK | JSFUN_KINDMASK | JSFUN_TRCINFO);
2402 if ((flags & JSFUN_KINDMASK) >= JSFUN_INTERPRETED) {
2403 JS_ASSERT(!native);
2404 JS_ASSERT(nargs == 0);
2405 fun->u.i.nvars = 0;
2406 fun->u.i.nupvars = 0;
2407 fun->u.i.skipmin = 0;
2408 fun->u.i.wrapper = false;
2409 fun->u.i.script = NULL;
2410 #ifdef DEBUG
2411 fun->u.i.names.taggedAtom = 0;
2412 #endif
2413 } else {
2414 fun->u.n.extra = 0;
2415 fun->u.n.spare = 0;
2416 fun->u.n.clasp = NULL;
2417 if (flags & JSFUN_TRCINFO) {
2418 #ifdef JS_TRACER
2419 JSNativeTraceInfo *trcinfo =
2420 JS_FUNC_TO_DATA_PTR(JSNativeTraceInfo *, native);
2421 fun->u.n.native = (JSNative) trcinfo->native;
2422 fun->u.n.trcinfo = trcinfo;
2423 #else
2424 fun->u.n.trcinfo = NULL;
2425 #endif
2426 } else {
2427 fun->u.n.native = native;
2428 fun->u.n.trcinfo = NULL;
2429 }
2430 JS_ASSERT(fun->u.n.native);
2431 }
2432 fun->atom = atom;
2433
2434 /* Set private to self to indicate non-cloned fully initialized function. */
2435 FUN_OBJECT(fun)->setPrivate(fun);
2436 return fun;
2437 }
2438
2439 JSObject * JS_FASTCALL
2440 js_CloneFunctionObject(JSContext *cx, JSFunction *fun, JSObject *parent,
2441 JSObject *proto)
2442 {
2443 JS_ASSERT(parent);
2444 JS_ASSERT(proto);
2445
2446 /*
2447 * The cloned function object does not need the extra JSFunction members
2448 * beyond JSObject as it points to fun via the private slot.
2449 */
2450 JSObject *clone = NewNativeClassInstance(cx, &js_FunctionClass, proto, parent);
2451 if (!clone)
2452 return NULL;
2453 clone->setPrivate(fun);
2454 return clone;
2455 }
2456
2457 #ifdef JS_TRACER
2458 JS_DEFINE_CALLINFO_4(extern, OBJECT, js_CloneFunctionObject, CONTEXT, FUNCTION, OBJECT, OBJECT, 0,
2459 nanojit::ACC_STORE_ANY)
2460 #endif
2461
2462 /*
2463 * Create a new flat closure, but don't initialize the imported upvar
2464 * values. The tracer calls this function and then initializes the upvar
2465 * slots on trace.
2466 */
2467 JSObject * JS_FASTCALL
2468 js_AllocFlatClosure(JSContext *cx, JSFunction *fun, JSObject *scopeChain)
2469 {
2470 JS_ASSERT(FUN_FLAT_CLOSURE(fun));
2471 JS_ASSERT((fun->u.i.script->upvarsOffset
2472 ? fun->u.i.script->upvars()->length
2473 : 0) == fun->u.i.nupvars);
2474
2475 JSObject *closure = CloneFunctionObject(cx, fun, scopeChain);
2476 if (!closure)
2477 return closure;
2478
2479 uint32 nslots = fun->countInterpretedReservedSlots();
2480 if (nslots == 0)
2481 return closure;
2482 if (!js_EnsureReservedSlots(cx, closure, nslots))
2483 return NULL;
2484
2485 return closure;
2486 }
2487
2488 JS_DEFINE_CALLINFO_3(extern, OBJECT, js_AllocFlatClosure,
2489 CONTEXT, FUNCTION, OBJECT, 0, nanojit::ACC_STORE_ANY)
2490
2491 JS_REQUIRES_STACK JSObject *
2492 js_NewFlatClosure(JSContext *cx, JSFunction *fun)
2493 {
2494 /*
2495 * Flat closures can be partial, they may need to search enclosing scope
2496 * objects via JSOP_NAME, etc.
2497 */
2498 JSObject *scopeChain = js_GetScopeChain(cx, cx->fp);
2499 if (!scopeChain)
2500 return NULL;
2501
2502 JSObject *closure = js_AllocFlatClosure(cx, fun, scopeChain);
2503 if (!closure || fun->u.i.nupvars == 0)
2504 return closure;
2505
2506 JSUpvarArray *uva = fun->u.i.script->upvars();
2507 JS_ASSERT(uva->length <= size_t(closure->dslots[-1]));
2508
2509 uintN level = fun->u.i.script->staticLevel;
2510 for (uint32 i = 0, n = uva->length; i < n; i++)
2511 closure->dslots[i] = js_GetUpvar(cx, level, uva->vector[i]);
2512
2513 return closure;
2514 }
2515
2516 JSObject *
2517 js_NewDebuggableFlatClosure(JSContext *cx, JSFunction *fun)
2518 {
2519 JS_ASSERT(cx->fp->fun->flags & JSFUN_HEAVYWEIGHT);
2520 JS_ASSERT(!cx->fp->fun->optimizedClosure());
2521 JS_ASSERT(FUN_FLAT_CLOSURE(fun));
2522
2523 return WrapEscapingClosure(cx, cx->fp, FUN_OBJECT(fun), fun);
2524 }
2525
2526 JSFunction *
2527 js_DefineFunction(JSContext *cx, JSObject *obj, JSAtom *atom, JSNative native,
2528 uintN nargs, uintN attrs)
2529 {
2530 JSPropertyOp gsop;
2531 JSFunction *fun;
2532
2533 if (attrs & JSFUN_STUB_GSOPS) {
2534 /*
2535 * JSFUN_STUB_GSOPS is a request flag only, not stored in fun->flags or
2536 * the defined property's attributes. This allows us to encode another,
2537 * internal flag using the same bit, JSFUN_EXPR_CLOSURE -- see jsfun.h
2538 * for more on this.
2539 */
2540 attrs &= ~JSFUN_STUB_GSOPS;
2541 gsop = JS_PropertyStub;
2542 } else {
2543 gsop = NULL;
2544 }
2545 fun = js_NewFunction(cx, NULL, native, nargs, attrs, obj, atom);
2546 if (!fun)
2547 return NULL;
2548 if (!obj->defineProperty(cx, ATOM_TO_JSID(atom), OBJECT_TO_JSVAL(FUN_OBJECT(fun)),
2549 gsop, gsop, attrs & ~JSFUN_FLAGS_MASK)) {
2550 return NULL;
2551 }
2552 return fun;
2553 }
2554
2555 #if (JSV2F_CONSTRUCT & JSV2F_SEARCH_STACK)
2556 # error "JSINVOKE_CONSTRUCT and JSV2F_SEARCH_STACK are not disjoint!"
2557 #endif
2558
2559 JSFunction *
2560 js_ValueToFunction(JSContext *cx, jsval *vp, uintN flags)
2561 {
2562 jsval v;
2563
2564 v = *vp;
2565 if (!VALUE_IS_FUNCTION(cx, v)) {
2566 js_ReportIsNotFunction(cx, vp, flags);
2567 return NULL;
2568 }
2569 return GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v));
2570 }
2571
2572 JSObject *
2573 js_ValueToFunctionObject(JSContext *cx, jsval *vp, uintN flags)
2574 {
2575 JSFunction *fun;
2576 JSStackFrame *caller;
2577 JSPrincipals *principals;
2578
2579 if (VALUE_IS_FUNCTION(cx, *vp))
2580 return JSVAL_TO_OBJECT(*vp);
2581
2582 fun = js_ValueToFunction(cx, vp, flags);
2583 if (!fun)
2584 return NULL;
2585 *vp = OBJECT_TO_JSVAL(FUN_OBJECT(fun));
2586
2587 caller = js_GetScriptedCaller(cx, NULL);
2588 if (caller) {
2589 principals = JS_StackFramePrincipals(cx, caller);
2590 } else {
2591 /* No scripted caller, don't allow access. */
2592 principals = NULL;
2593 }
2594
2595 if (!js_CheckPrincipalsAccess(cx, FUN_OBJECT(fun), principals,
2596 fun->atom
2597 ? fun->atom
2598 : cx->runtime->atomState.anonymousAtom)) {
2599 return NULL;
2600 }
2601 return FUN_OBJECT(fun);
2602 }
2603
2604 JSObject *
2605 js_ValueToCallableObject(JSContext *cx, jsval *vp, uintN flags)
2606 {
2607 JSObject *callable = JSVAL_IS_OBJECT(*vp) ? JSVAL_TO_OBJECT(*vp) : NULL;
2608
2609 if (callable && callable->isCallable()) {
2610 *vp = OBJECT_TO_JSVAL(callable);
2611 return callable;
2612 }
2613 return js_ValueToFunctionObject(cx, vp, flags);
2614 }
2615
2616 void
2617 js_ReportIsNotFunction(JSContext *cx, jsval *vp, uintN flags)
2618 {
2619 const char *name = NULL, *source = NULL;
2620 AutoValueRooter tvr(cx);
2621 uintN error = (flags & JSV2F_CONSTRUCT) ? JSMSG_NOT_CONSTRUCTOR : JSMSG_NOT_FUNCTION;
2622 LeaveTrace(cx);
2623 FrameRegsIter i(cx);
2624 while (!i.done() && !i.pc())
2625 ++i;
2626
2627 ptrdiff_t spindex =
2628 (!i.done() && StackBase(i.fp()) <= vp && vp < i.sp())
2629 ? vp - i.sp()
2630 : ((flags & JSV2F_SEARCH_STACK) ? JSDVG_SEARCH_STACK : JSDVG_IGNORE_STACK);
2631
2632 js_ReportValueError3(cx, error, spindex, *vp, NULL, name, source);
2633 }
2634
2635 /*
2636 * When a function has between 2 and MAX_ARRAY_LOCALS arguments and variables,
2637 * their name are stored as the JSLocalNames.array.
2638 */
2639 #define MAX_ARRAY_LOCALS 8
2640
2641 JS_STATIC_ASSERT(2 <= MAX_ARRAY_LOCALS);
2642 JS_STATIC_ASSERT(MAX_ARRAY_LOCALS < JS_BITMASK(16));
2643
2644 /*
2645 * We use the lowest bit of the string atom to distinguish const from var
2646 * name when there is only single name or when names are stored as an array.
2647 */
2648 JS_STATIC_ASSERT((JSVAL_STRING & 1) == 0);
2649
2650 /*
2651 * When we use a hash table to store the local names, we use a singly linked
2652 * list to record the indexes of duplicated parameter names to preserve the
2653 * duplicates for the decompiler.
2654 */
2655 typedef struct JSNameIndexPair JSNameIndexPair;
2656
2657 struct JSNameIndexPair {
2658 JSAtom *name;
2659 uint16 index;
2660 JSNameIndexPair *link;
2661 };
2662
2663 struct JSLocalNameMap {
2664 JSDHashTable names;
2665 JSNameIndexPair *lastdup;
2666 };
2667
2668 typedef struct JSLocalNameHashEntry {
2669 JSDHashEntryHdr hdr;
2670 JSAtom *name;
2671 uint16 index;
2672 uint8 localKind;
2673 } JSLocalNameHashEntry;
2674
2675 static void
2676 FreeLocalNameHash(JSContext *cx, JSLocalNameMap *map)
2677 {
2678 JSNameIndexPair *dup, *next;
2679
2680 for (dup = map->lastdup; dup; dup = next) {
2681 next = dup->link;
2682 cx->free(dup);
2683 }
2684 JS_DHashTableFinish(&map->names);
2685 cx->free(map);
2686 }
2687
2688 static JSBool
2689 HashLocalName(JSContext *cx, JSLocalNameMap *map, JSAtom *name,
2690 JSLocalKind localKind, uintN index)
2691 {
2692 JSLocalNameHashEntry *entry;
2693 JSNameIndexPair *dup;
2694
2695 JS_ASSERT(index <= JS_BITMASK(16));
2696 #if JS_HAS_DESTRUCTURING
2697 if (!name) {
2698 /* A destructuring pattern does not need a hash entry. */
2699 JS_ASSERT(localKind == JSLOCAL_ARG);
2700 return JS_TRUE;
2701 }
2702 #endif
2703 JS_ASSERT(ATOM_IS_STRING(name));
2704 entry = (JSLocalNameHashEntry *)
2705 JS_DHashTableOperate(&map->names, name, JS_DHASH_ADD);
2706 if (!entry) {
2707 JS_ReportOutOfMemory(cx);
2708 return JS_FALSE;
2709 }
2710 if (entry->name) {
2711 JS_ASSERT(entry->name == name);
2712 JS_ASSERT(entry->localKind == JSLOCAL_ARG && localKind == JSLOCAL_ARG);
2713 dup = (JSNameIndexPair *) cx->malloc(sizeof *dup);
2714 if (!dup)
2715 return JS_FALSE;
2716 dup->name = entry->name;
2717 dup->index = entry->index;
2718 dup->link = map->lastdup;
2719 map->lastdup = dup;
2720 }
2721 entry->name = name;
2722 entry->index = (uint16) index;
2723 entry->localKind = (uint8) localKind;
2724 return JS_TRUE;
2725 }
2726
2727 JSBool
2728 js_AddLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, JSLocalKind kind)
2729 {
2730 jsuword taggedAtom;
2731 uint16 *indexp;
2732 uintN n, i;
2733 jsuword *array;
2734 JSLocalNameMap *map;
2735
2736 JS_ASSERT(FUN_INTERPRETED(fun));
2737 JS_ASSERT(!fun->u.i.script);
2738 JS_ASSERT(((jsuword) atom & 1) == 0);
2739 taggedAtom = (jsuword) atom;
2740 if (kind == JSLOCAL_ARG) {
2741 indexp = &fun->nargs;
2742 } else if (kind == JSLOCAL_UPVAR) {
2743 indexp = &fun->u.i.nupvars;
2744 } else {
2745 indexp = &fun->u.i.nvars;
2746 if (kind == JSLOCAL_CONST)
2747 taggedAtom |= 1;
2748 else
2749 JS_ASSERT(kind == JSLOCAL_VAR);
2750 }
2751 n = fun->countLocalNames();
2752 if (n == 0) {
2753 JS_ASSERT(fun->u.i.names.taggedAtom == 0);
2754 fun->u.i.names.taggedAtom = taggedAtom;
2755 } else if (n < MAX_ARRAY_LOCALS) {
2756 if (n > 1) {
2757 array = fun->u.i.names.array;
2758 } else {
2759 array = (jsuword *) cx->malloc(MAX_ARRAY_LOCALS * sizeof *array);
2760 if (!array)
2761 return JS_FALSE;
2762 array[0] = fun->u.i.names.taggedAtom;
2763 fun->u.i.names.array = array;
2764 }
2765 if (kind == JSLOCAL_ARG) {
2766 /*
2767 * A destructuring argument pattern adds variables, not arguments,
2768 * so for the following arguments nvars != 0.
2769 */
2770 #if JS_HAS_DESTRUCTURING
2771 if (fun->u.i.nvars != 0) {
2772 memmove(array + fun->nargs + 1, array + fun->nargs,
2773 fun->u.i.nvars * sizeof *array);
2774 }
2775 #else
2776 JS_ASSERT(fun->u.i.nvars == 0);
2777 #endif
2778 array[fun->nargs] = taggedAtom;
2779 } else {
2780 array[n] = taggedAtom;
2781 }
2782 } else if (n == MAX_ARRAY_LOCALS) {
2783 array = fun->u.i.names.array;
2784 map = (JSLocalNameMap *) cx->malloc(sizeof *map);
2785 if (!map)
2786 return JS_FALSE;
2787 if (!JS_DHashTableInit(&map->names, JS_DHashGetStubOps(),
2788 NULL, sizeof(JSLocalNameHashEntry),
2789 JS_DHASH_DEFAULT_CAPACITY(MAX_ARRAY_LOCALS
2790 * 2))) {
2791 JS_ReportOutOfMemory(cx);
2792 cx->free(map);
2793 return JS_FALSE;
2794 }
2795
2796 map->lastdup = NULL;
2797 for (i = 0; i != MAX_ARRAY_LOCALS; ++i) {
2798 taggedAtom = array[i];
2799 uintN j = i;
2800 JSLocalKind k = JSLOCAL_ARG;
2801 if (j >= fun->nargs) {
2802 j -= fun->nargs;
2803 if (j < fun->u.i.nvars) {
2804 k = (taggedAtom & 1) ? JSLOCAL_CONST : JSLOCAL_VAR;
2805 } else {
2806 j -= fun->u.i.nvars;
2807 k = JSLOCAL_UPVAR;
2808 }
2809 }
2810 if (!HashLocalName(cx, map, (JSAtom *) (taggedAtom & ~1), k, j)) {
2811 FreeLocalNameHash(cx, map);
2812 return JS_FALSE;
2813 }
2814 }
2815 if (!HashLocalName(cx, map, atom, kind, *indexp)) {
2816 FreeLocalNameHash(cx, map);
2817 return JS_FALSE;
2818 }
2819
2820 /*
2821 * At this point the entry is added and we cannot fail. It is time
2822 * to replace fun->u.i.names with the built map.
2823 */
2824 fun->u.i.names.map = map;
2825 cx->free(array);
2826 } else {
2827 if (*indexp == JS_BITMASK(16)) {
2828 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2829 (kind == JSLOCAL_ARG)
2830 ? JSMSG_TOO_MANY_FUN_ARGS
2831 : JSMSG_TOO_MANY_LOCALS);
2832 return JS_FALSE;
2833 }
2834 if (!HashLocalName(cx, fun->u.i.names.map, atom, kind, *indexp))
2835 return JS_FALSE;
2836 }
2837
2838 /* Update the argument or variable counter. */
2839 ++*indexp;
2840 return JS_TRUE;
2841 }
2842
2843 JSLocalKind
2844 js_LookupLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, uintN *indexp)
2845 {
2846 uintN n, i, upvar_base;
2847 jsuword *array;
2848 JSLocalNameHashEntry *entry;
2849
2850 JS_ASSERT(FUN_INTERPRETED(fun));
2851 n = fun->countLocalNames();
2852 if (n == 0)
2853 return JSLOCAL_NONE;
2854 if (n <= MAX_ARRAY_LOCALS) {
2855 array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2856
2857 /* Search from the tail to pick up the last duplicated name. */
2858 i = n;
2859 upvar_base = fun->countArgsAndVars();
2860 do {
2861 --i;
2862 if (atom == JS_LOCAL_NAME_TO_ATOM(array[i])) {
2863 if (i < fun->nargs) {
2864 if (indexp)
2865 *indexp = i;
2866 return JSLOCAL_ARG;
2867 }
2868 if (i >= upvar_base) {
2869 if (indexp)
2870 *indexp = i - upvar_base;
2871 return JSLOCAL_UPVAR;
2872 }
2873 if (indexp)
2874 *indexp = i - fun->nargs;
2875 return JS_LOCAL_NAME_IS_CONST(array[i])
2876 ? JSLOCAL_CONST
2877 : JSLOCAL_VAR;
2878 }
2879 } while (i != 0);
2880 } else {
2881 entry = (JSLocalNameHashEntry *)
2882 JS_DHashTableOperate(&fun->u.i.names.map->names, atom,
2883 JS_DHASH_LOOKUP);
2884 if (JS_DHASH_ENTRY_IS_BUSY(&entry->hdr)) {
2885 JS_ASSERT(entry->localKind != JSLOCAL_NONE);
2886 if (indexp)
2887 *indexp = entry->index;
2888 return (JSLocalKind) entry->localKind;
2889 }
2890 }
2891 return JSLOCAL_NONE;
2892 }
2893
2894 typedef struct JSLocalNameEnumeratorArgs {
2895 JSFunction *fun;
2896 jsuword *names;
2897 #ifdef DEBUG
2898 uintN nCopiedArgs;
2899 uintN nCopiedVars;
2900 #endif
2901 } JSLocalNameEnumeratorArgs;
2902
2903 static JSDHashOperator
2904 get_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2905 uint32 number, void *arg)
2906 {
2907 JSLocalNameHashEntry *entry;
2908 JSLocalNameEnumeratorArgs *args;
2909 uint i;
2910 jsuword constFlag;
2911
2912 entry = (JSLocalNameHashEntry *) hdr;
2913 args = (JSLocalNameEnumeratorArgs *) arg;
2914 JS_ASSERT(entry->name);
2915 if (entry->localKind == JSLOCAL_ARG) {
2916 JS_ASSERT(entry->index < args->fun->nargs);
2917 JS_ASSERT(args->nCopiedArgs++ < args->fun->nargs);
2918 i = entry->index;
2919 constFlag = 0;
2920 } else {
2921 JS_ASSERT(entry->localKind == JSLOCAL_VAR ||
2922 entry->localKind == JSLOCAL_CONST ||
2923 entry->localKind == JSLOCAL_UPVAR);
2924 JS_ASSERT(entry->index < args->fun->u.i.nvars + args->fun->u.i.nupvars);
2925 JS_ASSERT(args->nCopiedVars++ < unsigned(args->fun->u.i.nvars + args->fun->u.i.nupvars));
2926 i = args->fun->nargs;
2927 if (entry->localKind == JSLOCAL_UPVAR)
2928 i += args->fun->u.i.nvars;
2929 i += entry->index;
2930 constFlag = (entry->localKind == JSLOCAL_CONST);
2931 }
2932 args->names[i] = (jsuword) entry->name | constFlag;
2933 return JS_DHASH_NEXT;
2934 }
2935
2936 JS_FRIEND_API(jsuword *)
2937 js_GetLocalNameArray(JSContext *cx, JSFunction *fun, JSArenaPool *pool)
2938 {
2939 uintN n;
2940 jsuword *names;
2941 JSLocalNameMap *map;
2942 JSLocalNameEnumeratorArgs args;
2943 JSNameIndexPair *dup;
2944
2945 JS_ASSERT(fun->hasLocalNames());
2946 n = fun->countLocalNames();
2947
2948 if (n <= MAX_ARRAY_LOCALS)
2949 return (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2950
2951 /*
2952 * No need to check for overflow of the allocation size as we are making a
2953 * copy of already allocated data. As such it must fit size_t.
2954 */
2955 pool->allocateCast<jsuword *>(names, (size_t) n * sizeof *names);
2956 if (!names) {
2957 js_ReportOutOfScriptQuota(cx);
2958 return NULL;
2959 }
2960
2961 #if JS_HAS_DESTRUCTURING
2962 /* Some parameter names can be NULL due to destructuring patterns. */
2963 PodZero(names, fun->nargs);
2964 #endif
2965 map = fun->u.i.names.map;
2966 args.fun = fun;
2967 args.names = names;
2968 #ifdef DEBUG
2969 args.nCopiedArgs = 0;
2970 args.nCopiedVars = 0;
2971 #endif
2972 JS_DHashTableEnumerate(&map->names, get_local_names_enumerator, &args);
2973 for (dup = map->lastdup; dup; dup = dup->link) {
2974 JS_ASSERT(dup->index < fun->nargs);
2975 JS_ASSERT(args.nCopiedArgs++ < fun->nargs);
2976 names[dup->index] = (jsuword) dup->name;
2977 }
2978 #if !JS_HAS_DESTRUCTURING
2979 JS_ASSERT(args.nCopiedArgs == fun->nargs);
2980 #endif
2981 JS_ASSERT(args.nCopiedVars == fun->u.i.nvars + fun->u.i.nupvars);
2982
2983 return names;
2984 }
2985
2986 static JSDHashOperator
2987 trace_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2988 uint32 number, void *arg)
2989 {
2990 JSLocalNameHashEntry *entry;
2991 JSTracer *trc;
2992
2993 entry = (JSLocalNameHashEntry *) hdr;
2994 JS_ASSERT(entry->name);
2995 trc = (JSTracer *) arg;
2996 JS_SET_TRACING_INDEX(trc,
2997 entry->localKind == JSLOCAL_ARG ? "arg" : "var",
2998 entry->index);
2999 js_CallGCMarker(trc, ATOM_TO_STRING(entry->name), JSTRACE_STRING);
3000 return JS_DHASH_NEXT;
3001 }
3002
3003 static void
3004 TraceLocalNames(JSTracer *trc, JSFunction *fun)
3005 {
3006 uintN n, i;
3007 JSAtom *atom;
3008 jsuword *array;
3009
3010 JS_ASSERT(FUN_INTERPRETED(fun));
3011 n = fun->countLocalNames();
3012 if (n == 0)
3013 return;
3014 if (n <= MAX_ARRAY_LOCALS) {
3015 array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
3016 i = n;
3017 do {
3018 --i;
3019 atom = (JSAtom *) (array[i] & ~1);
3020 if (atom) {
3021 JS_SET_TRACING_INDEX(trc,
3022 i < fun->nargs ? "arg" : "var",
3023 i < fun->nargs ? i : i - fun->nargs);
3024 js_CallGCMarker(trc, ATOM_TO_STRING(atom), JSTRACE_STRING);
3025 }
3026 } while (i != 0);
3027 } else {
3028 JS_DHashTableEnumerate(&fun->u.i.names.map->names,
3029 trace_local_names_enumerator, trc);
3030
3031 /*
3032 * No need to trace the list of duplicates in map->lastdup as the
3033 * names there are traced when enumerating the hash table.
3034 */
3035 }
3036 }
3037
3038 void
3039 DestroyLocalNames(JSContext *cx, JSFunction *fun)
3040 {
3041 uintN n;
3042
3043 n = fun->countLocalNames();
3044 if (n <= 1)
3045 return;
3046 if (n <= MAX_ARRAY_LOCALS)
3047 cx->free(fun->u.i.names.array);
3048 else
3049 FreeLocalNameHash(cx, fun->u.i.names.map);
3050 }
3051
3052 void
3053 js_FreezeLocalNames(JSContext *cx, JSFunction *fun)
3054 {
3055 uintN n;
3056 jsuword *array;
3057
3058 JS_ASSERT(FUN_INTERPRETED(fun));
3059 JS_ASSERT(!fun->u.i.script);
3060 n = fun->nargs + fun->u.i.nvars + fun->u.i.nupvars;
3061 if (2 <= n && n < MAX_ARRAY_LOCALS) {
3062 /* Shrink over-allocated array ignoring realloc failures. */
3063 array = (jsuword *) cx->realloc(fun->u.i.names.array,
3064 n * sizeof *array);
3065 if (array)
3066 fun->u.i.names.array = array;
3067 }
3068 #ifdef DEBUG
3069 if (n > MAX_ARRAY_LOCALS)
3070 JS_DHashMarkTableImmutable(&fun->u.i.names.map->names);
3071 #endif
3072 }
3073
3074 JSAtom *
3075 JSFunction::findDuplicateFormal() const
3076 {
3077 if (nargs <= 1)
3078 return NULL;
3079
3080 /* Function with two to MAX_ARRAY_LOCALS parameters use an aray. */
3081 unsigned n = nargs + u.i.nvars + u.i.nupvars;
3082 if (n <= MAX_ARRAY_LOCALS) {
3083 jsuword *array = u.i.names.array;
3084
3085 /* Quadratic, but MAX_ARRAY_LOCALS is 8, so at most 28 comparisons. */
3086 for (unsigned i = 0; i < nargs; i++) {
3087 for (unsigned j = i + 1; j < nargs; j++) {
3088 if (array[i] == array[j])
3089 return JS_LOCAL_NAME_TO_ATOM(array[i]);
3090 }
3091 }
3092 return NULL;
3093 }
3094
3095 /*
3096 * Functions with more than MAX_ARRAY_LOCALS parameters use a hash
3097 * table. Hashed local name maps have already made a list of any
3098 * duplicate argument names for us.
3099 */
3100 JSNameIndexPair *dup = u.i.names.map->lastdup;
3101 return dup ? dup->name : NULL;
3102 }
git mirror of mozilla-central