| blob | 5893026231286d958b5f691696c43481ecb5f2b7 |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JavaScript bytecode interpreter.
43 */
44 #include <stdio.h>
45 #include <string.h>
46 #include <math.h>
82 #ifdef INCLUDE_MOZILLA_DTRACE
84 #endif
86 #if JS_HAS_XML_SUPPORT
88 #endif
92 /* jsinvoke_cpp___ indicates inclusion from jsinvoke.cpp. */
93 #if !JS_LONE_INTERPRET ^ defined jsinvoke_cpp___
95 JS_REQUIRES_STACK JSPropCacheEntry *
99 {
104 JSOp op;
106 jsuword vword;
114 /* FIXME bug 489098: consider enabling the property cache for eval. */
118 }
120 /*
121 * Check for fill from js_SetPropertyHelper where the setter removed sprop
122 * from pobj's scope (via unwatch or delete, e.g.).
123 */
128 }
130 /*
131 * Check for overdeep scope and prototype chain. Because resolve, getter,
132 * and setter hooks can change the prototype chain using JS_SetPrototype
133 * after js_LookupPropertyWithFlags has returned the nominal protoIndex,
134 * we have to validate protoIndex if it is non-zero. If it is zero, then
135 * we know thanks to the scope->has test above, combined with the fact that
136 * obj == pobj, that protoIndex is invariant.
137 *
138 * The scopeIndex can't be wrong. We require JS_SetParent calls to happen
139 * before any running script might consult a parent-linked scope chain. If
140 * this requirement is not satisfied, the fill in progress will never hit,
141 * but vcap vs. scope shape tests ensure nothing malfunctions.
142 */
156 /*
157 * We cannot cache properties coming from native objects behind
158 * non-native ones on the prototype chain. The non-natives can
159 * mutate in arbitrary way without changing any shapes.
160 */
164 }
168 }
169 }
174 }
176 /*
177 * Optimize the cached vword based on our parameters and the current pc's
178 * opcode format flags.
179 */
186 /*
187 * Check for a prototype "plain old method" callee computation. What
188 * is a plain old method? It's a function-valued property with stub
189 * getter, so get of a function is idempotent.
190 */
192 jsval v;
195 /*
196 * A compiler-created function object, AKA a method, already
197 * memoized in the property tree.
198 */
205 }
211 /*
212 * Great, we have a function-valued prototype property
213 * where the getter is JS_PropertyStub. The type id in
214 * pobj's scope does not evolve with changes to property
215 * values, however.
216 *
217 * So here, on first cache fill for this method, we brand
218 * the scope with a new shape and set the JSScope::BRANDED
219 * flag. Once this flag is set, any property assignment
220 * that changes the value from or to a different function
221 * object will result in shape being regenerated.
222 */
225 #ifdef DEBUG_notme
232 #endif
237 }
240 }
241 }
242 }
244 /* If getting a value via a stub getter, we can cache the slot. */
248 /* Great, let's cache sprop's slot and use it on cache hit. */
251 /* Best we can do is to cache sprop (still a nice speedup). */
256 /*
257 * Our caller added a new property. We also know that a setter
258 * that js_NativeSet could have run has not mutated the scope,
259 * so the added property is still the last one added, and the
260 * scope is not branded.
261 *
262 * We want to cache under scope's shape before the property
263 * addition to bias for the case when the mutator opcode
264 * always adds the same property. This allows us to optimize
265 * periodic execution of object initializers or other explicit
266 * initialization sequences such as
267 *
268 * obj = {}; obj.x = 1; obj.y = 2;
269 *
270 * We assume that on average the win from this optimization is
271 * greater than the cost of an extra mismatch per loop owing to
272 * the bias for the following case:
273 *
274 * obj = {}; ... for (...) { ... obj.x = ... }
275 *
276 * On the first iteration of such a for loop, JSOP_SETPROP
277 * fills the cache with the shape of the newly created object
278 * obj, not the shape of obj after obj.x has been assigned.
279 * That mismatches obj's shape on the second iteration. Note
280 * that on the third and subsequent iterations the cache will
281 * be hit because the shape is no longer updated.
282 */
287 /*
288 * If obj had its own empty scope before, with a unique
289 * shape, that is lost. Here we only attempt to find a
290 * matching empty scope. In unusual cases involving
291 * __proto__ assignment we may not find one.
292 */
300 }
302 }
304 /*
305 * When adding we predict no prototype object will later gain a
306 * readonly property or setter.
307 */
309 }
310 }
316 }
328 }
330 #ifdef DEBUG
334 }
335 #endif
344 /*
345 * Make sure that a later shadowing assignment will enter
346 * PurgeProtoChain and invalidate this entry, bug 479198.
347 *
348 * This is thread-safe even though obj is not locked. Only the
349 * DELEGATE bit of obj->classword can change at runtime, given that
350 * obj is native; and the bit is only set, never cleared. And on
351 * platforms where another CPU can fail to see this write, it's OK
352 * because the property cache and JIT cache are thread-local.
353 */
355 }
356 }
369 /*
370 * The modfills counter is not exact. It increases if a getter or setter
371 * recurse into the interpreter.
372 */
376 }
378 JS_REQUIRES_STACK JSAtom *
382 {
383 JSOp op;
389 uint32 vcap;
401 }
412 #ifdef DEBUG_notme
415 "id miss for %s from %s:%u"
427 #endif
430 }
435 }
446 }
449 }
457 }
460 #ifdef DEBUG
466 #endif
469 }
473 }
475 #ifdef DEBUG
476 #define ASSERT_CACHE_IS_EMPTY(cache) \
477 JS_BEGIN_MACRO \
478 JSPropertyCache *cache_ = (cache); \
479 uintN i_; \
480 JS_ASSERT(cache_->empty); \
481 for (i_ = 0; i_ < PROPERTY_CACHE_SIZE; i_++) { \
482 JS_ASSERT(!cache_->table[i_].kpc); \
483 JS_ASSERT(!cache_->table[i_].kshape); \
484 JS_ASSERT(!cache_->table[i_].vcap); \
485 JS_ASSERT(!cache_->table[i_].vword); \
486 } \
487 JS_END_MACRO
488 #else
489 #define ASSERT_CACHE_IS_EMPTY(cache) ((void)0)
490 #endif
494 void
496 {
500 }
505 #ifdef JS_PROPERTY_CACHE_METERING
511 #ifdef JS_THREADSAFE
513 #endif
546 # undef P
556 }
557 }
558 #endif
561 }
563 void
565 {
571 entry++) {
575 #ifdef DEBUG
577 #endif
578 }
579 }
580 }
582 /*
583 * Check if the current arena has enough space to fit nslots after sp and, if
584 * so, reserve the necessary space.
585 */
586 static JS_REQUIRES_STACK JSBool
588 {
589 uintN surplus;
598 /*
599 * No room before current->avail, check if the arena has enough space to
600 * fit the missing slots before the limit.
601 */
609 }
611 JS_STATIC_INTERPRET JS_REQUIRES_STACK jsval *
613 {
627 }
629 }
637 }
639 JS_STATIC_INTERPRET JS_REQUIRES_STACK void
641 {
643 }
647 {
652 /* Callers don't check for zero nslots: we do to avoid empty segments. */
656 }
658 /* Allocate 2 extra slots for the stack segment header we'll likely need. */
663 /* Try to avoid another header if we can piggyback on the last segment. */
667 /* Extend the last stack segment, give back the 2 header slots. */
671 /*
672 * Need a new stack segment, so allocate and push a stack segment
673 * header from the 2 extra slots.
674 */
680 }
682 /*
683 * Store JSVAL_NULL using memset, to let compilers optimize as they see
684 * fit, in case a caller allocates and pushes GC-things one by one, which
685 * could nest a last-ditch GC that will scan this segment.
686 */
689 }
693 {
695 jsuword slotdiff;
697 /* Check for zero nslots allocation special case. */
701 /* We can assert because js_FreeStack always balances js_AllocStack. */
705 /* If mark is in the current segment, reduce sh->nslots, else pop sh. */
709 else
712 /* Release the stackPool space allocated since mark was set. */
714 }
716 JSObject *
718 {
722 /*
723 * Don't force a call object for a lightweight function call, but do
724 * insist that there is a call object for a heavyweight function call.
725 */
731 }
733 /* We don't handle cloning blocks on trace. */
736 /*
737 * We have one or more lexical scopes to reflect into fp->scopeChain, so
738 * make sure there's a call object at the current head of the scope chain,
739 * if this frame is a call frame.
740 *
741 * Also, identify the innermost compiler-allocated block we needn't clone.
742 */
750 /* We know we must clone everything on blockChain. */
753 /*
754 * scopeChain includes all blocks whose static scope we're within that
755 * have already been cloned. Find the innermost such block. Its
756 * prototype should appear on blockChain; we'll clone blockChain up
757 * to, but not including, that prototype.
758 */
764 /*
765 * It may seem like we don't know enough about limitClone to be able
766 * to just grab its prototype as we do here, but it's actually okay.
767 *
768 * If limitClone is a block object belonging to this frame, then its
769 * prototype is the innermost entry in blockChain that we have already
770 * cloned, and is thus the place to stop when we clone below.
771 *
772 * Otherwise, there are no blocks for this frame on scopeChain, and we
773 * need to clone the whole blockChain. In this case, limitBlock can
774 * point to any object known not to be on blockChain, since we simply
775 * loop until we hit limitBlock or NULL. If limitClone is a block, it
776 * isn't a block from this function, since blocks can't be nested
777 * within themselves on scopeChain (recursion is dynamic nesting, not
778 * static nesting). If limitClone isn't a block, its prototype won't
779 * be a block either. So we can just grab limitClone's prototype here
780 * regardless of its type or which frame it belongs to.
781 */
784 /* If the innermost block has already been cloned, we are done. */
787 }
789 /*
790 * Special-case cloning the innermost block; this doesn't have enough in
791 * common with subsequent steps to include in the loop.
792 *
793 * js_CloneBlockObject leaves the clone's parent slot uninitialized. We
794 * populate it below.
795 */
801 /*
802 * Clone our way towards outer scopes until we reach the innermost
803 * enclosing function, or the innermost block we've already cloned.
804 */
810 /* Sometimes limitBlock will be NULL, so check that first. */
814 /* As in the call above, we don't know the real parent yet. */
815 JSObject *clone
820 /*
821 * Avoid OBJ_SET_PARENT overhead as newChild cannot escape to
822 * other threads.
823 */
826 }
830 /*
831 * If we found a limit block belonging to this frame, then we should have
832 * found it in blockChain.
833 */
837 sharedBlock);
839 /* Place our newly cloned blocks at the head of the scope chain. */
842 }
844 JSBool
846 {
847 jsval v;
856 }
859 }
861 /* Some objects (e.g., With) delegate 'this' to another object. */
864 {
870 }
872 /*
873 * ECMA requires "the global object", but in embeddings such as the browser,
874 * which have multiple top-level objects (windows, frames, etc. in the DOM),
875 * we prefer fun's parent. An example that causes this code to run:
876 *
877 * // in window w1
878 * function f() { return this }
879 * function g() { return f }
880 *
881 * // in window w2
882 * var h = w1.g()
883 * alert(h() == w1)
884 *
885 * The alert should display "true".
886 */
887 JS_STATIC_INTERPRET JSObject *
889 {
897 jsid id;
898 jsval v;
899 uintN attrs;
900 JSBool ok;
903 /*
904 * Walk up the parent chain, first checking that the running script
905 * has access to the callee's parent object. Note that if lazy, the
906 * running script whose principals we want to check is the script
907 * associated with fp->down, not with fp.
908 *
909 * FIXME: 417851 -- this access check should not be required, as it
910 * imposes a performance penalty on all js_ComputeGlobalThis calls,
911 * and it represents a maintenance hazard.
912 */
920 }
930 }
939 }
942 }
946 {
955 }
962 }
964 JSObject *
966 {
970 }
972 #if JS_HAS_NO_SUCH_METHOD
977 JSClass js_NoSuchMethodClass = {
983 };
985 /*
986 * When JSOP_CALLPROP or JSOP_CALLELEM does not find the method property of
987 * the base object, we search for the __noSuchMethod__ method in the base.
988 * If it exists, we store the method and the property's id into an object of
989 * NoSuchMethod class and store this object into the callee's stack slot.
990 * Later, js_Invoke will recognise such an object and transfer control to
991 * NoSuchMethod that invokes the method like:
992 *
993 * this.__noSuchMethod__(id, args)
994 *
995 * where id is the name of the method that this invocation attempted to
996 * call by name, and args is an Array containing this invocation's actual
997 * parameters.
998 */
999 JS_STATIC_INTERPRET JSBool
1001 {
1012 #if JS_HAS_XML_SUPPORT
1013 /* Extract the function name from function::name qname. */
1020 }
1021 #endif
1029 }
1031 }
1033 static JS_REQUIRES_STACK JSBool
1035 {
1038 JSBool ok;
1062 }
1065 }
1069 /*
1070 * We check if the function accepts a primitive value as |this|. For that we
1071 * use a table that maps value's tag into the corresponding function flag.
1072 */
1085 JSFUN_THISP_NUMBER /* INT */
1086 };
1088 /*
1089 * Find a function reference and its 'this' object implicit first parameter
1090 * under argc arguments on cx's stack, and call the function. Push missing
1091 * required arguments, allocate declared local variables, and pop everything
1092 * when done. Then push the return value.
1093 */
1096 {
1098 JSStackFrame frame;
1100 jsval v;
1102 JSBool ok;
1105 JSNative native;
1109 uint32 rootedArgsFlag;
1110 JSInterpreterHook hook;
1115 /* [vp .. vp + 2 + argc) must belong to the last JS stack arena. */
1119 /* Mark the top of stack and load frequently-used registers. */
1131 #if JS_HAS_NO_SUCH_METHOD
1135 }
1136 #endif
1138 /* Function is inlined, all other classes use object ops. */
1141 /*
1142 * XXX this makes no sense -- why convert to function if clasp->call?
1143 * XXX better to call that hook without converting
1144 *
1145 * FIXME bug 408416: try converting to function, for API compatibility
1146 * if there is a call op defined.
1147 */
1154 /* Make vp refer to funobj to keep it available as argv[-2]. */
1159 }
1160 }
1165 /* Try a call or construct native object op. */
1171 }
1175 }
1179 have_fun:
1180 /* Get private data and set derived locals from it. */
1195 }
1198 }
1203 }
1206 /* Handle bound method special case. */
1212 }
1213 }
1218 /*
1219 * We must call js_ComputeThis in case we are not called from the
1220 * interpreter, where a prior bytecode has computed an appropriate
1221 * |this| already.
1222 *
1223 * But we need to compute |this| eagerly only for so-called "slow"
1224 * (i.e., not fast) native functions. Fast natives must use either
1225 * JS_THIS or JS_THIS_OBJECT, and scripted functions will go through
1226 * the appropriate this-computing bytecode, e.g., JSOP_THIS.
1227 */
1232 }
1234 }
1235 }
1237 start_call:
1239 #ifdef DEBUG_NOT_THROWING
1241 #endif
1245 #ifdef DEBUG_NOT_THROWING
1248 #endif
1250 }
1257 /*
1258 * The extra slots required by the function continue with argument
1259 * slots. Thus, when the last stack pool arena does not have room to
1260 * fit nslots right after sp and AllocateAfterSP fails, we have to copy
1261 * [vp..vp+2+argc) slots and clear rootedArgsFlag to root the copy.
1262 */
1269 }
1273 }
1275 /* Push void to initialize missing args. */
1280 }
1282 /* Allocate space for local variables and stack of interpreted function. */
1285 /* NB: Discontinuity between argv and slots, stack slots. */
1290 }
1291 }
1293 /* Push void to initialize local variables. */
1296 }
1298 /*
1299 * Initialize the frame.
1300 */
1310 /* Default return value for a constructor is the new object. */
1326 /* Init these now in case we goto out before first hook call. */
1331 /* If native, use caller varobj and scopeChain for eval. */
1337 }
1339 /* But ensure that we have a scope chain. */
1343 /* Use parent scope so js_GetCallObject can find the right "Call". */
1346 /* Scope with a call object parented by the callee's parent. */
1350 }
1351 }
1353 }
1355 /* Call the hook if present after we fully initialized the frame. */
1359 #ifdef INCLUDE_MOZILLA_DTRACE
1360 /* DTrace function entry, non-inlines */
1367 #endif
1369 /* Call the function, either a native method or an interpreted script. */
1371 #ifdef DEBUG_NOT_THROWING
1373 #endif
1374 /* Primitive |this| should not be passed to slow natives. */
1378 #ifdef DEBUG_NOT_THROWING
1381 #endif
1385 }
1387 #ifdef INCLUDE_MOZILLA_DTRACE
1388 /* DTrace function return, non-inlines */
1393 #endif
1395 out:
1400 }
1406 /* Restore cx->fp now that we're done releasing frame objects. */
1409 out2:
1410 /* Pop everything we may have allocated off the stack. */
1416 bad:
1420 }
1422 JSBool
1425 {
1428 JSBool ok;
1441 /*
1442 * Store *rval in the a scoped local root if a scope is open, else in
1443 * the lastInternalResult pigeon-hole GC root, solely so users of
1444 * js_InternalInvoke and its direct and indirect (js_ValueToString for
1445 * example) callers do not need to manage roots for local, temporary
1446 * references to such results.
1447 */
1456 }
1457 }
1458 }
1462 }
1464 JSBool
1467 {
1470 /*
1471 * js_InternalInvoke could result in another try to get or set the same id
1472 * again, see bug 355497.
1473 */
1477 }
1479 JSBool
1482 {
1483 JSInterpreterHook hook;
1487 JSBool ok;
1493 }
1497 #ifdef INCLUDE_MOZILLA_DTRACE
1500 #endif
1507 /* Propagate arg state for eval and the debugger API. */
1525 }
1532 }
1540 }
1543 #if JS_HAS_SHARP_VARS
1558 }
1563 }
1564 }
1565 #endif
1568 }
1578 /*
1579 * Here we wrap the call to js_Interpret with code to (conditionally)
1580 * save and restore the old stack frame chain into a chain of 'dormant'
1581 * frame chains. Since we are replacing cx->fp, we were running into
1582 * the problem that if GC was called under this frame, some of the GC
1583 * things associated with the old frame chain (available here only in
1584 * the C variable 'oldfp') were not rooted and were being collected.
1585 *
1586 * So, now we preserve the links to these 'dormant' frame chains in cx
1587 * before calling js_Interpret and cleanup afterwards. The GC walks
1588 * these dormant chains and marks objects in the same way that it marks
1589 * objects in the primary cx->fp chain.
1590 */
1595 }
1608 }
1611 }
1616 }
1626 }
1628 out2:
1637 }
1639 out:
1640 #ifdef INCLUDE_MOZILLA_DTRACE
1643 #endif
1645 }
1647 JSBool
1650 {
1655 jsval value;
1658 /*
1659 * Both objp and propp must be either null or given. When given, *propp
1660 * must be null. This way we avoid an extra "if (propp) *propp = NULL" for
1661 * the common case of a non-existing property.
1662 */
1666 /* The JSPROP_INITIALIZER case below may generate a warning. Since we must
1667 * drop the property before reporting it, we insists on !propp to avoid
1668 * looking up the property again after the reporting is done.
1669 */
1678 /* Use prop as a speedup hint to obj->getAttributes. */
1682 }
1684 /*
1685 * If our caller doesn't want prop, drop it (we don't need it any longer).
1686 */
1693 }
1696 /* Allow the new object to override properties. */
1700 /* The property must be dropped already. */
1704 #ifdef __GNUC__
1706 #endif
1708 /* We allow redeclaring some non-readonly properties. */
1710 /* Allow redeclaration of variables and functions. */
1714 /*
1715 * Allow adding a getter only if a property already has a setter
1716 * but no getter and similarly for adding a setter. That is, we
1717 * allow only the following transitions:
1718 *
1719 * no-property --> getter --> getter + setter
1720 * no-property --> setter --> getter + setter
1721 */
1725 /*
1726 * Allow redeclaration of an impermanent property (in which case
1727 * anyone could delete it and redefine it, willy-nilly).
1728 */
1731 }
1741 }
1742 }
1747 ? js_getter_str
1749 ? js_setter_str
1751 ? js_const_str
1752 : isFunction
1753 ? js_function_str
1760 JSMSG_REDECLARED_VAR,
1762 }
1764 JSBool
1766 {
1775 }
1780 }
1791 }
1793 }
1798 }
1803 }
1805 }
1809 {
1811 }
1815 {
1817 }
1819 JSBool
1821 {
1829 }
1831 JS_REQUIRES_STACK JSBool
1833 {
1844 /* XXX clean up to avoid special cases above ObjectOps layer */
1847 {
1851 }
1858 /*
1859 * Get the constructor prototype object for this function.
1860 * Use the nominal 'this' parameter slot, vp[1], as a local
1861 * root to protect this prototype, in case it has no other
1862 * strong refs.
1863 */
1867 }
1876 }
1877 }
1882 /* Now we have an object with a constructor method; call it. */
1887 /* Check the return value and if it's primitive, force it to be obj. */
1891 /* native [[Construct]] returning primitive is error */
1893 JSMSG_BAD_NEW_RESULT,
1896 }
1898 }
1902 }
1904 JSBool
1906 {
1909 #if JS_HAS_XML_SUPPORT
1914 }
1919 }
1920 #endif
1923 }
1925 /*
1926 * Enter the new with scope using an object at sp[-1] and associate the depth
1927 * of the with block with sp + stackIndex.
1928 */
1929 JS_STATIC_INTERPRET JS_REQUIRES_STACK JSBool
1931 {
1948 }
1965 }
1967 JS_STATIC_INTERPRET JS_REQUIRES_STACK void
1969 {
1978 }
1980 JS_REQUIRES_STACK JSClass *
1982 {
1990 }
1992 }
1994 /*
1995 * Unwind block and scope chains to match the given depth. The function sets
1996 * fp->sp on return to stackDepth.
1997 */
1998 JS_REQUIRES_STACK JSBool
2000 JSBool normalUnwind)
2001 {
2012 }
2021 /* Don't fail until after we've updated all stacks. */
2025 }
2026 }
2030 }
2032 JS_STATIC_INTERPRET JSBool
2034 {
2035 jsval v;
2036 jsdouble d;
2049 /* Store the result of v conversion back in vp for post increments. */
2054 }
2055 }
2064 }
2066 jsval&
2068 {
2089 }
2092 }
2094 #ifdef DEBUG
2096 JS_STATIC_INTERPRET JS_REQUIRES_STACK void
2098 {
2105 JSOp op;
2112 /*
2113 * Operations in prologues don't produce interesting values, and
2114 * js_DecompileValueGenerator isn't set up to handle them anyway.
2115 */
2121 /*
2122 * If there aren't that many elements on the stack, then we have
2123 * probably entered a new frame, and printing output would just be
2124 * misleading.
2125 */
2130 NULL);
2134 bytes);
2136 }
2137 }
2139 }
2145 else
2148 }
2150 }
2162 NULL);
2166 bytes);
2168 }
2169 }
2171 }
2174 /* It's nice to have complete traces when debugging a crash. */
2176 }
2180 #ifdef JS_OPMETER
2182 # include <stdlib.h>
2184 # define HIST_NSLOTS 8
2186 /*
2187 * The second dimension is hardcoded at 256 because we know that many bits fit
2188 * in a byte, and mainly to optimize away multiplying by JSOP_LIMIT to address
2189 * any particular row.
2190 */
2194 JS_STATIC_INTERPRET void
2196 {
2199 }
2201 JS_STATIC_INTERPRET void
2203 {
2206 }
2211 uint32 count;
2214 static int
2216 {
2221 }
2223 void
2225 {
2239 }
2248 }
2249 }
2250 }
2252 # define SIGNIFICANT(count,total) (200. * (count) >= (total))
2264 }
2265 }
2266 }
2269 # undef SIGNIFICANT
2278 }
2282 }
2294 }
2306 /* Reuse j in the next loop, since we break after. */
2312 }
2313 }
2314 }
2316 }
2322 #ifndef jsinvoke_cpp___
2324 #define PUSH(v) (*regs.sp++ = (v))
2325 #define PUSH_OPND(v) PUSH(v)
2326 #define STORE_OPND(n,v) (regs.sp[n] = (v))
2327 #define POP() (*--regs.sp)
2328 #define POP_OPND() POP()
2329 #define FETCH_OPND(n) (regs.sp[n])
2331 /*
2332 * Push the jsdouble d using sp from the lexical environment. Try to convert d
2333 * to a jsint that fits in a jsval, otherwise GC-alloc space for it and push a
2334 * reference.
2335 */
2336 #define STORE_NUMBER(cx, n, d) \
2337 JS_BEGIN_MACRO \
2338 jsint i_; \
2339 \
2340 if (JSDOUBLE_IS_INT(d, i_) && INT_FITS_IN_JSVAL(i_)) \
2341 regs.sp[n] = INT_TO_JSVAL(i_); \
2342 else if (!js_NewDoubleInRootedValue(cx, d, ®s.sp[n])) \
2343 goto error; \
2344 JS_END_MACRO
2346 #define STORE_INT(cx, n, i) \
2347 JS_BEGIN_MACRO \
2348 if (INT_FITS_IN_JSVAL(i)) \
2349 regs.sp[n] = INT_TO_JSVAL(i); \
2350 else if (!js_NewDoubleInRootedValue(cx, (jsdouble) (i), ®s.sp[n])) \
2351 goto error; \
2352 JS_END_MACRO
2354 #define STORE_UINT(cx, n, u) \
2355 JS_BEGIN_MACRO \
2356 if ((u) <= JSVAL_INT_MAX) \
2357 regs.sp[n] = INT_TO_JSVAL(u); \
2358 else if (!js_NewDoubleInRootedValue(cx, (jsdouble) (u), ®s.sp[n])) \
2359 goto error; \
2360 JS_END_MACRO
2362 #define FETCH_NUMBER(cx, n, d) \
2363 JS_BEGIN_MACRO \
2364 jsval v_; \
2365 \
2366 v_ = FETCH_OPND(n); \
2367 VALUE_TO_NUMBER(cx, n, v_, d); \
2368 JS_END_MACRO
2370 #define FETCH_INT(cx, n, i) \
2371 JS_BEGIN_MACRO \
2372 jsval v_; \
2373 \
2374 v_= FETCH_OPND(n); \
2375 if (JSVAL_IS_INT(v_)) { \
2376 i = JSVAL_TO_INT(v_); \
2377 } else { \
2378 i = js_ValueToECMAInt32(cx, ®s.sp[n]); \
2379 if (JSVAL_IS_NULL(regs.sp[n])) \
2380 goto error; \
2381 } \
2382 JS_END_MACRO
2384 #define FETCH_UINT(cx, n, ui) \
2385 JS_BEGIN_MACRO \
2386 jsval v_; \
2387 \
2388 v_= FETCH_OPND(n); \
2389 if (JSVAL_IS_INT(v_)) { \
2390 ui = (uint32) JSVAL_TO_INT(v_); \
2391 } else { \
2392 ui = js_ValueToECMAUint32(cx, ®s.sp[n]); \
2393 if (JSVAL_IS_NULL(regs.sp[n])) \
2394 goto error; \
2395 } \
2396 JS_END_MACRO
2398 /*
2399 * Optimized conversion macros that test for the desired type in v before
2400 * homing sp and calling a conversion function.
2401 */
2402 #define VALUE_TO_NUMBER(cx, n, v, d) \
2403 JS_BEGIN_MACRO \
2404 JS_ASSERT(v == regs.sp[n]); \
2405 if (JSVAL_IS_INT(v)) { \
2406 d = (jsdouble)JSVAL_TO_INT(v); \
2407 } else if (JSVAL_IS_DOUBLE(v)) { \
2408 d = *JSVAL_TO_DOUBLE(v); \
2409 } else { \
2410 d = js_ValueToNumber(cx, ®s.sp[n]); \
2411 if (JSVAL_IS_NULL(regs.sp[n])) \
2412 goto error; \
2413 JS_ASSERT(JSVAL_IS_NUMBER(regs.sp[n]) || \
2414 regs.sp[n] == JSVAL_TRUE); \
2415 } \
2416 JS_END_MACRO
2418 #define POP_BOOLEAN(cx, v, b) \
2419 JS_BEGIN_MACRO \
2420 v = FETCH_OPND(-1); \
2421 if (v == JSVAL_NULL) { \
2422 b = JS_FALSE; \
2423 } else if (JSVAL_IS_BOOLEAN(v)) { \
2424 b = JSVAL_TO_BOOLEAN(v); \
2425 } else { \
2426 b = js_ValueToBoolean(v); \
2427 } \
2428 regs.sp--; \
2429 JS_END_MACRO
2431 #define VALUE_TO_OBJECT(cx, n, v, obj) \
2432 JS_BEGIN_MACRO \
2433 if (!JSVAL_IS_PRIMITIVE(v)) { \
2434 obj = JSVAL_TO_OBJECT(v); \
2435 } else { \
2436 obj = js_ValueToNonNullObject(cx, v); \
2437 if (!obj) \
2438 goto error; \
2439 STORE_OPND(n, OBJECT_TO_JSVAL(obj)); \
2440 } \
2441 JS_END_MACRO
2443 #define FETCH_OBJECT(cx, n, v, obj) \
2444 JS_BEGIN_MACRO \
2445 v = FETCH_OPND(n); \
2446 VALUE_TO_OBJECT(cx, n, v, obj); \
2447 JS_END_MACRO
2449 #define DEFAULT_VALUE(cx, n, hint, v) \
2450 JS_BEGIN_MACRO \
2451 JS_ASSERT(!JSVAL_IS_PRIMITIVE(v)); \
2452 JS_ASSERT(v == regs.sp[n]); \
2453 if (!JSVAL_TO_OBJECT(v)->defaultValue(cx, hint, ®s.sp[n])) \
2454 goto error; \
2455 v = regs.sp[n]; \
2456 JS_END_MACRO
2458 /*
2459 * Quickly test if v is an int from the [-2**29, 2**29) range, that is, when
2460 * the lowest bit of v is 1 and the bits 30 and 31 are both either 0 or 1. For
2461 * such v we can do increment or decrement via adding or subtracting two
2462 * without checking that the result overflows JSVAL_INT_MIN or JSVAL_INT_MAX.
2463 */
2464 #define CAN_DO_FAST_INC_DEC(v) (((((v) << 1) ^ v) & 0x80000001) == 1)
2470 /*
2471 * Conditional assert to detect failure to clear a pending exception that is
2472 * suppressed (or unintentional suppression of a wanted exception).
2473 */
2474 #if defined DEBUG_brendan || defined DEBUG_mrbkap || defined DEBUG_shaver
2475 # define DEBUG_NOT_THROWING 1
2476 #endif
2478 #ifdef DEBUG_NOT_THROWING
2479 # define ASSERT_NOT_THROWING(cx) JS_ASSERT(!(cx)->throwing)
2480 #else
2482 #endif
2484 /*
2485 * Define JS_OPMETER to instrument bytecode succession, generating a .dot file
2486 * on shutdown that shows the graph of significant predecessor/successor pairs
2487 * executed, where the edge labels give the succession counts. The .dot file
2488 * is named by the JS_OPMETER_FILE envariable, and defaults to /tmp/ops.dot.
2489 *
2490 * Bonus feature: JS_OPMETER also enables counters for stack-addressing ops
2491 * such as JSOP_GETLOCAL, JSOP_INCARG, via METER_SLOT_OP. The resulting counts
2492 * are written to JS_OPMETER_HIST, defaulting to /tmp/ops.hist.
2493 */
2494 #ifndef JS_OPMETER
2498 #else
2500 /*
2501 * The second dimension is hardcoded at 256 because we know that many bits fit
2502 * in a byte, and mainly to optimize away multiplying by JSOP_LIMIT to address
2503 * any particular row.
2504 */
2505 # define METER_OP_INIT(op) ((op) = JSOP_STOP)
2506 # define METER_OP_PAIR(op1,op2) (js_MeterOpcodePair(op1, op2))
2507 # define METER_SLOT_OP(op,slot) (js_MeterSlotOpcode(op, slot))
2509 #endif
2511 /*
2512 * Threaded interpretation via computed goto appears to be well-supported by
2513 * GCC 3 and higher. IBM's C compiler when run with the right options (e.g.,
2514 * -qlanglvl=extended) also supports threading. Ditto the SunPro C compiler.
2515 * Currently it's broken for JS_VERSION < 160, though this isn't worth fixing.
2516 * Add your compiler support macros here.
2517 */
2518 #ifndef JS_THREADED_INTERP
2519 # if JS_VERSION >= 160 && ( \
2520 __GNUC__ >= 3 || \
2521 (__IBMC__ >= 700 && defined __IBM_COMPUTED_GOTO) || \
2522 __SUNPRO_C >= 0x570)
2523 # define JS_THREADED_INTERP 1
2524 # else
2525 # define JS_THREADED_INTERP 0
2526 # endif
2527 #endif
2529 /*
2530 * Deadlocks or else bad races are likely if JS_THREADSAFE, so we must rely on
2531 * single-thread DEBUG js shell testing to verify property cache hits.
2532 */
2533 #if defined DEBUG && !defined JS_THREADSAFE
2535 # define ASSERT_VALID_PROPERTY_CACHE_HIT(pcoff,obj,pobj,entry) \
2536 JS_BEGIN_MACRO \
2537 if (!AssertValidPropertyCacheHit(cx, script, regs, pcoff, obj, pobj, \
2538 entry)) { \
2539 goto error; \
2540 } \
2541 JS_END_MACRO
2543 static bool
2547 {
2553 else
2558 JSBool ok;
2565 }
2572 }
2585 jsval v;
2598 }
2599 }
2603 }
2605 #else
2606 # define ASSERT_VALID_PROPERTY_CACHE_HIT(pcoff,obj,pobj,entry) ((void) 0)
2607 #endif
2609 /*
2610 * Ensure that the intrepreter switch can close call-bytecode cases in the
2611 * same way as non-call bytecodes.
2612 */
2623 /*
2624 * Same for debuggable flat closures defined at top level in another function
2625 * or program fragment.
2626 */
2629 /*
2630 * Same for JSOP_SETNAME and JSOP_SETPROP, which differ only slightly but
2631 * remain distinct for the decompiler. Likewise for JSOP_INIT{PROP,METHOD}.
2632 */
2637 /* See TRY_BRANCH_AFTER_COND. */
2641 /* For the fastest case inder JSOP_INCNAME, etc. */
2646 #ifdef JS_TRACER
2647 # define ABORT_RECORDING(cx, reason) \
2648 JS_BEGIN_MACRO \
2649 if (TRACE_RECORDER(cx)) \
2650 js_AbortRecording(cx, reason); \
2651 JS_END_MACRO
2652 #else
2653 # define ABORT_RECORDING(cx, reason) ((void) 0)
2654 #endif
2656 JS_REQUIRES_STACK JSBool
2658 {
2659 #ifdef MOZ_TRACEVIS
2661 #endif
2666 uintN inlineCallCount;
2669 JSFrameRegs regs;
2672 jsint len;
2675 jsatomid index;
2678 uint32 slot;
2680 jsid id;
2688 JSType type;
2690 JSBool match;
2691 #if JS_HAS_GETTER_SETTER
2693 #endif
2696 # ifdef DEBUG
2697 /*
2698 * We call this macro from BEGIN_CASE in threaded interpreters,
2699 * and before entering the switch in non-threaded interpreters.
2700 * However, reaching such points doesn't mean we've actually
2701 * fetched an OP from the instruction stream: some opcodes use
2702 * 'op=x; DO_OP()' to let another opcode's implementation finish
2703 * their work, and many opcodes share entry points with a run of
2704 * consecutive BEGIN_CASEs.
2705 *
2706 * Take care to trace OP only when it is the opcode fetched from
2707 * the instruction stream, so the trace matches what one would
2708 * expect from looking at the code. (We do omit POPs after SETs;
2709 * unfortunate, but not worth fixing.)
2710 */
2711 # define TRACE_OPCODE(OP) JS_BEGIN_MACRO \
2712 if (JS_UNLIKELY(cx->tracefp != NULL) && \
2713 (OP) == *regs.pc) \
2714 js_TraceOpcode(cx); \
2715 JS_END_MACRO
2716 # else
2717 # define TRACE_OPCODE(OP) ((void) 0)
2718 # endif
2720 #if JS_THREADED_INTERP
2722 # define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
2723 JS_EXTENSION &&L_##op,
2725 # undef OPDEF
2726 };
2729 # define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
2730 JS_EXTENSION &&interrupt,
2732 # undef OPDEF
2733 };
2739 # define ENABLE_INTERRUPTS() ((void) (jumpTable = interruptJumpTable))
2741 # ifdef JS_TRACER
2742 # define CHECK_RECORDER() \
2743 JS_ASSERT_IF(TRACE_RECORDER(cx), jumpTable == interruptJumpTable)
2744 # else
2745 # define CHECK_RECORDER() ((void)0)
2746 # endif
2748 # define DO_OP() JS_BEGIN_MACRO \
2749 CHECK_RECORDER(); \
2750 JS_EXTENSION_(goto *jumpTable[op]); \
2751 JS_END_MACRO
2752 # define DO_NEXT_OP(n) JS_BEGIN_MACRO \
2753 METER_OP_PAIR(op, regs.pc[n]); \
2754 op = (JSOp) *(regs.pc += (n)); \
2755 DO_OP(); \
2756 JS_END_MACRO
2758 # define BEGIN_CASE(OP) L_##OP: TRACE_OPCODE(OP); CHECK_RECORDER();
2759 # define END_CASE(OP) DO_NEXT_OP(OP##_LENGTH);
2760 # define END_VARLEN_CASE DO_NEXT_OP(len);
2761 # define ADD_EMPTY_CASE(OP) BEGIN_CASE(OP) \
2762 JS_ASSERT(js_CodeSpec[OP].length == 1); \
2763 op = (JSOp) *++regs.pc; \
2764 DO_OP();
2766 # define END_EMPTY_CASES
2771 intN switchOp;
2773 # define ENABLE_INTERRUPTS() ((void) (switchMask = -1))
2775 # ifdef JS_TRACER
2776 # define CHECK_RECORDER() \
2777 JS_ASSERT_IF(TRACE_RECORDER(cx), switchMask == -1)
2778 # else
2779 # define CHECK_RECORDER() ((void)0)
2780 # endif
2782 # define DO_OP() goto do_op
2783 # define DO_NEXT_OP(n) JS_BEGIN_MACRO \
2784 JS_ASSERT((n) == len); \
2785 goto advance_pc; \
2786 JS_END_MACRO
2788 # define BEGIN_CASE(OP) case OP: CHECK_RECORDER();
2789 # define END_CASE(OP) END_CASE_LEN(OP##_LENGTH)
2790 # define END_CASE_LEN(n) END_CASE_LENX(n)
2791 # define END_CASE_LENX(n) END_CASE_LEN##n
2793 /*
2794 * To share the code for all len == 1 cases we use the specialized label with
2795 * code that falls through to advance_pc: .
2796 */
2797 # define END_CASE_LEN1 goto advance_pc_by_one;
2798 # define END_CASE_LEN2 len = 2; goto advance_pc;
2799 # define END_CASE_LEN3 len = 3; goto advance_pc;
2800 # define END_CASE_LEN4 len = 4; goto advance_pc;
2801 # define END_CASE_LEN5 len = 5; goto advance_pc;
2802 # define END_VARLEN_CASE goto advance_pc;
2803 # define ADD_EMPTY_CASE(OP) BEGIN_CASE(OP)
2804 # define END_EMPTY_CASES goto advance_pc_by_one;
2808 /* Check for too deep of a native thread stack. */
2813 /* Set registerized frame pointer and derived script pointer. */
2819 /* Count of JS function calls that nest in this C js_Interpret frame. */
2822 /*
2823 * Initialize the index segment register used by LOAD_ATOM and
2824 * GET_FULL_INDEX macros below. As a register we use a pointer based on
2825 * the atom map to turn frequently executed LOAD_ATOM into simple array
2826 * access. For less frequent object and regexp loads we have to recover
2827 * the segment from atoms pointer first.
2828 */
2831 #define LOAD_ATOM(PCOFF) \
2832 JS_BEGIN_MACRO \
2833 JS_ASSERT(fp->imacpc \
2834 ? atoms == COMMON_ATOMS_START(&rt->atomState) && \
2835 GET_INDEX(regs.pc + PCOFF) < js_common_atom_count \
2836 : (size_t)(atoms - script->atomMap.vector) < \
2837 (size_t)(script->atomMap.length - \
2838 GET_INDEX(regs.pc + PCOFF))); \
2839 atom = atoms[GET_INDEX(regs.pc + PCOFF)]; \
2840 JS_END_MACRO
2842 #define GET_FULL_INDEX(PCOFF) \
2843 (atoms - script->atomMap.vector + GET_INDEX(regs.pc + PCOFF))
2845 #define LOAD_OBJECT(PCOFF) \
2846 (obj = script->getObject(GET_FULL_INDEX(PCOFF)))
2848 #define LOAD_FUNCTION(PCOFF) \
2849 (fun = script->getFunction(GET_FULL_INDEX(PCOFF)))
2851 #ifdef JS_TRACER
2853 #ifdef MOZ_TRACEVIS
2854 #if JS_THREADED_INTERP
2855 #define MONITOR_BRANCH_TRACEVIS \
2856 JS_BEGIN_MACRO \
2857 if (jumpTable != interruptJumpTable) \
2858 js_EnterTraceVisState(cx, S_RECORD, R_NONE); \
2859 JS_END_MACRO
2861 #define MONITOR_BRANCH_TRACEVIS \
2862 JS_BEGIN_MACRO \
2863 js_EnterTraceVisState(cx, S_RECORD, R_NONE); \
2864 JS_END_MACRO
2865 #endif
2866 #else
2867 #define MONITOR_BRANCH_TRACEVIS
2868 #endif
2870 #define RESTORE_INTERP_VARS() \
2871 JS_BEGIN_MACRO \
2872 fp = cx->fp; \
2873 script = fp->script; \
2874 atoms = FrameAtomBase(cx, fp); \
2875 currentVersion = (JSVersion) script->version; \
2876 JS_ASSERT(fp->regs == ®s); \
2877 if (cx->throwing) \
2878 goto error; \
2879 JS_END_MACRO
2881 #define MONITOR_BRANCH(reason) \
2882 JS_BEGIN_MACRO \
2883 if (TRACING_ENABLED(cx)) { \
2884 if (js_MonitorLoopEdge(cx, inlineCallCount, reason)) { \
2885 JS_ASSERT(TRACE_RECORDER(cx)); \
2886 MONITOR_BRANCH_TRACEVIS; \
2887 ENABLE_INTERRUPTS(); \
2888 } \
2889 RESTORE_INTERP_VARS(); \
2890 } \
2891 JS_END_MACRO
2895 #define MONITOR_BRANCH(reason) ((void) 0)
2899 /*
2900 * Prepare to call a user-supplied branch handler, and abort the script
2901 * if it returns false.
2902 */
2903 #define CHECK_BRANCH() \
2904 JS_BEGIN_MACRO \
2905 if (!JS_CHECK_OPERATION_LIMIT(cx)) \
2906 goto error; \
2907 JS_END_MACRO
2909 #ifndef TRACE_RECORDER
2910 #define TRACE_RECORDER(cx) (false)
2911 #endif
2913 #define BRANCH(n) \
2914 JS_BEGIN_MACRO \
2915 regs.pc += (n); \
2916 op = (JSOp) *regs.pc; \
2917 if ((n) <= 0) { \
2918 CHECK_BRANCH(); \
2919 if (op == JSOP_NOP) { \
2920 if (TRACE_RECORDER(cx)) { \
2921 MONITOR_BRANCH(Record_Branch); \
2922 op = (JSOp) *regs.pc; \
2923 } else { \
2924 op = (JSOp) *++regs.pc; \
2925 } \
2926 } else if (op == JSOP_TRACE) { \
2927 MONITOR_BRANCH(Record_Branch); \
2928 op = (JSOp) *regs.pc; \
2929 } \
2930 } \
2931 DO_OP(); \
2932 JS_END_MACRO
2937 /*
2938 * Optimized Get and SetVersion for proper script language versioning.
2939 *
2940 * If any native method or JSClass/JSObjectOps hook calls js_SetVersion
2941 * and changes cx->version, the effect will "stick" and we will stop
2942 * maintaining currentVersion. This is relied upon by testsuites, for
2943 * the most part -- web browsers select version before compiling and not
2944 * at run-time.
2945 */
2951 /* Update the static-link display. */
2956 }
2958 # define CHECK_INTERRUPT_HANDLER() \
2959 JS_BEGIN_MACRO \
2960 if (cx->debugHooks->interruptHandler) \
2961 ENABLE_INTERRUPTS(); \
2962 JS_END_MACRO
2964 /*
2965 * Load the debugger's interrupt hook here and after calling out to native
2966 * functions (but not to getters, setters, or other native hooks), so we do
2967 * not have to reload it each time through the interpreter loop -- we hope
2968 * the compiler can keep it in a register when it is non-null.
2969 */
2972 #if !JS_HAS_GENERATORS
2974 #else
2975 /* Initialize the pc and sp registers unless we're resuming a generator. */
2977 #endif
2982 #if JS_HAS_GENERATORS
2994 /*
2995 * To support generator_throw and to catch ignored exceptions,
2996 * fail if cx->throwing is set.
2997 */
2999 #ifdef DEBUG_NOT_THROWING
3003 }
3004 #endif
3006 }
3007 }
3010 #ifdef JS_TRACER
3011 /*
3012 * We cannot reenter the interpreter while recording; wait to abort until
3013 * after cx->fp->regs is set.
3014 */
3017 #endif
3019 /*
3020 * It is important that "op" be initialized before calling DO_OP because
3021 * it is possible for "op" to be specially assigned during the normal
3022 * processing of an opcode while looping. We rely on DO_NEXT_OP to manage
3023 * "op" correctly in all other cases.
3024 */
3028 #if JS_THREADED_INTERP
3029 /*
3030 * This is a loop, but it does not look like a loop. The loop-closing
3031 * jump is distributed throughout goto *jumpTable[op] inside of DO_OP.
3032 * When interrupts are enabled, jumpTable is set to interruptJumpTable
3033 * where all jumps point to the interrupt label. The latter, after
3034 * calling the interrupt handler, dispatches through normalJumpTable to
3035 * continue the normal bytecode processing.
3036 */
3040 advance_pc_by_one:
3043 advance_pc:
3047 do_op:
3051 do_switch:
3053 #endif
3055 /********************** Here we include the operations ***********************/
3057 /*****************************************************************************/
3059 #if !JS_THREADED_INTERP
3061 #endif
3062 #ifndef JS_TRACER
3063 bad_opcode:
3064 #endif
3065 {
3071 }
3073 #if !JS_THREADED_INTERP
3078 error:
3080 // To keep things simple, we hard-code imacro exception handlers here.
3082 // pc may point to JSOP_DUP here due to bug 474854.
3089 }
3091 // Handle other exceptions as if they came from the imacro-calling pc.
3095 }
3099 #ifdef JS_TRACER
3100 /*
3101 * This abort could be weakened to permit tracing through exceptions that
3102 * are thrown and caught within a loop, with the co-operation of the tracer.
3103 * For now just bail on any sign of trouble.
3104 */
3107 #endif
3110 /* This is an error, not a catchable exception, quit the frame ASAP. */
3113 JSTrapHandler handler;
3115 uint32 offset;
3117 /* Call debugger throw hook if set. */
3134 }
3136 }
3138 /*
3139 * Look for a try block in script that can catch this exception.
3140 */
3151 /*
3152 * We have a note that covers the exception pc but we must check
3153 * whether the interpreter has already executed the corresponding
3154 * handler. This is possible when the executed bytecode
3155 * implements break or return from inside a for-in loop.
3156 *
3157 * In this case the emitter generates additional [enditer] and
3158 * [gosub] opcodes to close all outstanding iterators and execute
3159 * the finally blocks. If such an [enditer] throws an exception,
3160 * its pc can still be inside several nested for-in loops and
3161 * try-finally statements even if we have already closed the
3162 * corresponding iterators and invoked the finally blocks.
3163 *
3164 * To address this, we make [enditer] always decrease the stack
3165 * even when its implementation throws an exception. Thus already
3166 * executed [enditer] and [gosub] opcodes will have try notes
3167 * with the stack depth exceeding the current one and this
3168 * condition is what we use to filter them out.
3169 */
3173 /*
3174 * Set pc to the first bytecode after the the try note to point
3175 * to the beginning of catch or finally or to [enditer] closing
3176 * the for-in loop.
3177 */
3183 /*
3184 * Restart the handler search with updated pc and stack depth
3185 * to properly notify the debugger.
3186 */
3188 }
3194 #if JS_HAS_GENERATORS
3195 /* Catch cannot intercept the closing of a generator. */
3198 #endif
3200 /*
3201 * Don't clear cx->throwing to save cx->exception from GC
3202 * until it is pushed to the stack via [exception] in the
3203 * catch block.
3204 */
3209 /*
3210 * Push (true, exception) pair for finally to indicate that
3211 * [retsub] should rethrow the exception.
3212 */
3220 /*
3221 * This is similar to JSOP_ENDITER in the interpreter loop,
3222 * except the code now uses the stack slot normally used by
3223 * JSOP_NEXTITER, namely regs.sp[-1] before the regs.sp -= 2
3224 * adjustment and regs.sp[1] after, to save and restore the
3225 * pending exception.
3226 */
3236 }
3239 no_catch:
3240 /*
3241 * Propagate the exception or error to the caller unless the exception
3242 * is an asynchronous return from a generator.
3243 */
3245 #if JS_HAS_GENERATORS
3250 }
3251 #endif
3252 }
3254 forced_return:
3255 /*
3256 * Unwind the scope making sure that ok stays false even when UnwindScope
3257 * returns true.
3258 *
3259 * When a trap handler returns JSTRAP_RETURN, we jump here with ok set to
3260 * true bypassing any finally blocks.
3261 */
3265 #ifdef DEBUG
3267 #endif
3272 exit:
3273 /*
3274 * At this point we are inevitably leaving an interpreted function or a
3275 * top-level script, and returning to one of:
3276 * (a) an "out of line" call made through js_Invoke;
3277 * (b) a js_Execute activation;
3278 * (c) a generator (SendToGenerator, jsiter.c).
3279 *
3280 * We must not be in an inline frame. The check above ensures that for the
3281 * error case and for a normal return, the code jumps directly to parent's
3282 * frame pc.
3283 */
3286 #ifdef JS_TRACER
3289 #endif
3290 #if JS_HAS_GENERATORS
3299 {
3303 }
3305 /* Undo the remaining effects committed on entry to js_Interpret. */
3314 atom_not_defined:
3315 {
3322 }
3323 }