| blob | 476ee70b94777baad81bdfae8c6cb0bc9ccfa2dd |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set sw=4 ts=8 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JS bytecode descriptors, disassemblers, and decompilers.
43 */
44 #ifdef HAVE_MEMORY_H
45 #include <memory.h>
46 #endif
47 #include <stdarg.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
82 /*
83 * Index limit must stay within 32 bits.
84 */
87 /* Verify JSOP_XXX_LENGTH constant definitions. */
88 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
89 JS_STATIC_ASSERT(op##_LENGTH == length);
91 #undef OPDEF
97 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
98 {length,nuses,ndefs,prec,format},
100 #undef OPDEF
101 };
105 /*
106 * Each element of the array is either a source literal associated with JS
107 * bytecode or null.
108 */
110 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
111 token,
113 #undef OPDEF
114 };
116 #if defined(DEBUG) || defined(JS_JIT_SPEW)
117 /*
118 * Array of JS bytecode names used by DEBUG-only js_Disassemble and by
119 * JIT debug spew.
120 */
122 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
123 name,
125 #undef OPDEF
126 };
127 #endif
129 /************************************************************************/
131 static ptrdiff_t
133 {
134 uint32 type;
140 }
142 uintN
145 {
146 JSOp op;
152 /*
153 * We need to detect index base prefix. It presents when resetbase
154 * follows the bytecode.
155 */
164 }
165 }
167 }
169 uintN
171 {
172 JSOp op;
184 do_table:
185 /* Structure: default-jump case-low case-high case1-jump ... */
199 do_lookup:
200 /* Structure: default-jump case-count (case1-value case1-jump) ... */
204 }
205 }
207 uintN
209 {
224 /* stack: fun, this, [argc arguments] */
229 }
230 }
232 uintN
234 {
240 }
242 #ifdef DEBUG
246 {
248 uintN len;
261 }
263 }
265 JSBool
267 {
269 }
273 {
281 sprop;
289 }
299 }
307 }
314 }
315 }
318 }
323 {
324 JSOp op;
327 uint32 type;
329 uintN index;
331 jsval v;
333 jsint i;
343 }
356 }
375 else
378 }
388 /* FALL THROUGH */
396 {
414 }
417 }
421 {
423 jsatomid npairs;
443 npairs--;
444 }
447 }
467 }
490 print_int:
500 }
501 }
504 }
508 /************************************************************************/
510 /*
511 * Sprintf, but with unlimited and automatically allocated buffering.
512 */
521 #define INIT_SPRINTER(cx, sp, ap, off) \
522 ((sp)->context = cx, (sp)->pool = ap, (sp)->base = NULL, (sp)->size = 0, \
523 (sp)->offset = off)
525 #define OFF2STR(sp,off) ((sp)->base + (off))
526 #define STR2OFF(sp,str) ((str) - (sp)->base)
527 #define RETRACT(sp,str) ((sp)->offset = STR2OFF(sp, str))
529 static JSBool
531 {
543 }
547 }
551 }
553 static ptrdiff_t
555 {
559 /* Allocate space for s, including the '\0' at the end. */
563 /* Advance offset and copy s into sp's buffer. */
570 }
572 static ptrdiff_t
574 {
576 }
578 static ptrdiff_t
580 {
599 }
602 static ptrdiff_t
604 {
615 }
619 }
632 };
634 #define DONT_ESCAPE 0x10000
638 {
646 /* Sample off first for later return value pointer computation. */
653 /* Loop control variables: z points at end of string sentinel. */
656 /* Move t forward from s past un-quote-worthy characters. */
663 }
666 /* Allocate space for s, including the '\0' at the end. */
670 /* Advance sp->offset and copy s into sp's buffer. */
680 /* Use js_EscapeMap, \u, or \x only if necessary. */
682 ok = dontEscape
687 }
690 }
692 /* Sprint the closing quote and return the quoted string. */
696 /*
697 * If we haven't Sprint'd anything yet, Sprint an empty string so that
698 * the OFF2STR below gives a valid result.
699 */
703 }
705 JSString *
707 {
709 Sprinter sprinter;
719 }
721 /************************************************************************/
735 };
737 JSPrinter *
740 {
762 }
763 }
765 }
767 void
769 {
772 }
774 JSString *
776 {
789 }
791 /*
792 * NB: Indexed by SRC_DECL_* defines from jsemit.h.
793 */
798 {
803 }
805 }
807 int
809 {
819 /* If pretty-printing, expand magic tab into a run of jp->indent spaces. */
821 format++;
825 }
826 }
828 /* Suppress newlines (must be once per format, at the end) if not pretty. */
835 }
838 }
840 /* Allocate temp space, convert format, and put. */
845 }
850 }
859 }
861 JSBool
863 {
865 }
867 /************************************************************************/
879 /*
880 * Find the depth of the operand stack when the interpreter reaches the given
881 * pc in script. pcstack must have space for least script->depth elements. On
882 * return it will contain pointers to opcodes that populated the interpreter's
883 * current operand stack.
884 *
885 * This function cannot raise an exception or error. However, due to a risk of
886 * potential bugs when modeling the stack, the function returns -1 if it
887 * detects an inconsistency in the model. Such an inconsistency triggers an
888 * assert in a debug build.
889 */
890 static intN
894 #define FAILED_EXPRESSION_DECOMPILER ((char *) 1)
896 /*
897 * Decompile a part of expression up to the given pc. The function returns
898 * NULL on out-of-memory, or the FAILED_EXPRESSION_DECOMPILER sentinel when
899 * the decompiler fails due to a bug and/or unimplemented feature, or the
900 * decompiled string on success.
901 */
906 /*
907 * Get a stacked offset from ss->sprinter.base, or if the stacked value |off|
908 * is negative, fetch the generating pc from printer->pcstack[-2 - off] and
909 * decompile the code that generated the missing value. This is used when
910 * reporting errors, where the model stack will lack |pcdepth| non-negative
911 * offsets (see DecompileExpression and DecompileCode).
912 *
913 * If the stacked offset is -1, return 0 to index the NUL padding at the start
914 * of ss->sprinter.base. If this happens, it means there is a decompiler bug
915 * to fix, but it won't violate memory safety.
916 */
917 static ptrdiff_t
919 {
943 }
947 }
948 }
950 }
954 {
957 /*
958 * Must call GetOff before using ss->sprinter.base, since it may be null
959 * until bootstrapped by GetOff.
960 */
963 }
965 /*
966 * Gap between stacked strings to allow for insertion of parens and commas
967 * when auto-parenthesizing expressions and decompiling array initialisers
968 * (see the JSOP_NEWARRAY case in Decompile).
969 */
970 #define PAREN_SLOP (2 + 1)
972 /*
973 * These pseudo-ops help js_DecompileValueGenerator decompile JSOP_SETNAME,
974 * JSOP_SETPROP, and JSOP_SETELEM, respectively. They are never stored in
975 * bytecode, so they don't preempt valid opcodes.
976 */
977 #define JSOP_GETPROP2 JSOP_LIMIT
978 #define JSOP_GETELEM2 JSOP_LIMIT + 1
981 static void
983 {
986 }
988 static JSBool
990 {
991 uintN top;
996 /* ss->top points to the next free slot; be paranoid about overflow. */
1002 }
1004 /* The opcodes stack must contain real bytecodes that index js_CodeSpec. */
1012 }
1014 static ptrdiff_t
1016 {
1017 uintN top;
1021 /* ss->top points to the next free slot; be paranoid about underflow. */
1035 }
1037 }
1041 {
1046 }
1048 static ptrdiff_t
1050 {
1052 }
1056 {
1058 }
1061 jsval key;
1067 static JSBool
1069 {
1079 }
1081 static ptrdiff_t
1083 {
1084 jsdouble d;
1094 /* Don't use Infinity and NaN, they're mutable. */
1107 }
1113 }
1115 }
1120 static JSBool
1124 {
1129 uintN i;
1130 jsval key;
1136 /* JSOP_CONDSWITCH doesn't pop, unlike JSOP_{LOOKUP,TABLE}SWITCH. */
1151 }
1163 /*
1164 * key encodes the JSOP_CASE bytecode's offset from switchtop.
1165 * The next case expression follows immediately, unless we are
1166 * at the last case.
1167 */
1174 }
1177 /* Balance the stack as if this JSOP_CASE matched. */
1180 /*
1181 * key comes from an atom, not the decompiler, so we need to
1182 * quote it if it's a string literal. But if table[i].label
1183 * is non-null, key was constant-propagated and label is the
1184 * name of the const we should show as the case label. We set
1185 * key to undefined so this identifier is escaped, if required
1186 * by non-ASCII characters, but not quoted, by QuoteString.
1187 */
1193 JSOp junk;
1201 }
1209 }
1213 }
1222 }
1226 }
1231 /* Re-balance as if last JSOP_CASE or JSOP_DEFAULT mismatched. */
1234 }
1235 }
1241 }
1244 /* By the end of a JSOP_CONDSWITCH, the discriminant has been popped. */
1248 }
1250 #define LOCAL_ASSERT_CUSTOM(expr, BAD_EXIT) \
1251 JS_BEGIN_MACRO \
1252 JS_ASSERT(expr); \
1253 if (!(expr)) { BAD_EXIT; } \
1254 JS_END_MACRO
1256 #define LOCAL_ASSERT_RV(expr, rv) \
1257 LOCAL_ASSERT_CUSTOM(expr, return (rv))
1261 {
1267 #if !JS_HAS_DESTRUCTURING
1269 #endif
1271 }
1275 {
1292 /*
1293 * We must be called from js_DecompileValueGenerator (via Decompile) when
1294 * dereferencing a local that's undefined or null. Search script->objects
1295 * for the block containing this local by its stack index, i.
1296 *
1297 * In case of destructuring's use of JSOP_GETLOCAL, however, there may be
1298 * no such local. This could mean no blocks (no script objects at all, or
1299 * none of the script's object literals are blocks), or the stack slot i is
1300 * not in a block. In either case, return GetStr(ss, i).
1301 */
1315 }
1316 }
1322 }
1332 #undef LOCAL_ASSERT
1333 }
1335 static JSBool
1337 {
1338 uintN slot;
1342 /* The slot refers to a variable with name stored in jp->localNames. */
1345 }
1347 /* We have a local which index is relative to the stack base. */
1352 }
1354 #define LOAD_ATOM(PCOFF) \
1355 GET_ATOM_FROM_BYTECODE(jp->script, pc, PCOFF, atom)
1357 #if JS_HAS_DESTRUCTURING
1359 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1360 #define LOAD_OP_DATA(pc) (oplen = (cs = &js_CodeSpec[op=(JSOp)*pc])->length)
1368 {
1371 JSOp op;
1373 uintN oplen;
1374 jsint i;
1408 /* FALL THROUGH */
1423 }
1436 }
1440 /*
1441 * We may need to auto-parenthesize the left-most value decompiled
1442 * here, so add back PAREN_SLOP temporarily. Then decompile until the
1443 * opcode that would reduce the stack depth to (ss->top-1), which we
1444 * pass to Decompile encoded as -(ss->top-1) - 1 or just -ss->top for
1445 * the nb parameter.
1446 */
1460 /* lval is from JSOP_BINDNAME, so just print xval. */
1463 /* xval is from JSOP_SETCALL or JSOP_BINDXMLNAME, print lval. */
1471 }
1473 }
1481 }
1483 /*
1484 * Starting with a SRC_DESTRUCT-annotated JSOP_DUP, decompile a destructuring
1485 * left-hand side object or array initialiser, including nested destructuring
1486 * initialisers. On successful return, the decompilation will be pushed on ss
1487 * and the return value will point to the POP or GROUP bytecode following the
1488 * destructuring expression.
1489 *
1490 * At any point, if pc is equal to endpc and would otherwise advance, we stop
1491 * immediately and return endpc.
1492 */
1495 {
1501 uintN oplen;
1503 jsdouble d;
1508 JSBool hole;
1513 /*
1514 * Set head so we can rewrite '[' to '{' as needed. Back up PAREN_SLOP
1515 * chars so the destructuring decompilation accumulates contiguously in
1516 * ss->sprinter starting with "[".
1517 */
1530 #if JS_HAS_DESTRUCTURING_SHORTHAND
1532 #endif
1542 /* Handle the optimized number-pushing opcodes. */
1556 do_getelem:
1564 /* Distinguish object from array by opcode or source note. */
1570 /* Sanity check for the gnarly control flow above. */
1573 /* Fill in any holes (holes at the end don't matter). */
1577 }
1578 }
1588 do_destructure_atom:
1591 #if JS_HAS_DESTRUCTURING_SHORTHAND
1593 #endif
1597 }
1604 }
1610 /*
1611 * Decompile the left-hand side expression whose bytecode starts at pc
1612 * and continues for a bounded number of bytecodes or stack operations
1613 * (and which in any event stops before endpc).
1614 */
1619 #if JS_HAS_DESTRUCTURING_SHORTHAND
1628 /* Early check to rule out odd "name: lval" length. */
1633 /*
1634 * Even "name: lval" string length: check for "x: x" and the
1635 * like, and apply the shorthand if we can.
1636 */
1644 }
1645 }
1646 }
1647 #endif
1652 /*
1653 * We should stop if JSOP_DUP is either without notes or its note is
1654 * not SRC_CONTINUE. The former happens when JSOP_DUP duplicates the
1655 * last destructuring reference implementing an op= assignment like in
1656 * '([t] = z).y += x'. In the latter case the note is SRC_DESTRUCT and
1657 * means another destructuring initialiser abuts this one like in
1658 * '[a] = [b] = c'.
1659 */
1666 }
1672 }
1674 out:
1679 }
1684 {
1685 JSOp op;
1689 JSBool hole;
1714 }
1728 }
1729 }
1737 }
1739 #undef LOCAL_ASSERT
1740 #undef LOAD_OP_DATA
1744 static JSBool
1746 {
1752 /* Allocate the parallel (to avoid padding) offset and opcode stacks. */
1759 }
1767 }
1769 /*
1770 * If nb is non-negative, decompile nb bytecodes starting at pc. Otherwise
1771 * the decompiler starts at pc and continues until it reaches an opcode for
1772 * which decompiling would result in the stack depth equaling -(nb + 1).
1773 *
1774 * The nextop parameter is either JSOP_NOP or the "next" opcode in order of
1775 * abstract interpretation (not necessarily physically next in a bytecode
1776 * vector). So nextop is JSOP_POP for the last operand in a comma expression,
1777 * or JSOP_AND for the right operand of &&.
1778 */
1781 {
1790 uintN nuses;
1797 JSBool ok;
1798 #if JS_HAS_XML_SUPPORT
1800 #else
1801 #define inXML JS_FALSE
1802 #endif
1803 jsval val;
1819 /* Argument and variables decompilation uses the following to share code. */
1822 /*
1823 * Local macros
1824 */
1825 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1826 #define DECOMPILE_CODE(pc,nb) if (!Decompile(ss, pc, nb, JSOP_NOP)) return NULL
1827 #define NEXT_OP(pc) (((pc) + (len) == endpc) ? nextop : pc[len])
1828 #define TOP_STR() GetStr(ss, ss->top - 1)
1829 #define POP_STR() PopStr(ss, op)
1830 #define POP_STR_PREC(prec) PopStrPrec(ss, prec)
1832 /*
1833 * Pop a condition expression for if/while. JSOP_IFEQ's precedence forces
1834 * extra parens around assignment, which avoids a strict-mode warning.
1835 */
1836 #define POP_COND_STR() \
1837 PopStr(ss, (js_CodeSpec[ss->opcodes[ss->top - 1]].format & JOF_SET) \
1838 ? JSOP_IFEQ \
1839 : JSOP_NOP)
1841 /*
1842 * Callers know that ATOM_IS_STRING(atom), and we leave it to the optimizer to
1843 * common ATOM_TO_STRING(atom) here and near the call sites.
1844 */
1845 #define ATOM_IS_IDENTIFIER(atom) js_IsIdentifier(ATOM_TO_STRING(atom))
1846 #define ATOM_IS_KEYWORD(atom) \
1847 (js_CheckKeyword(ATOM_TO_STRING(atom)->chars(), \
1848 ATOM_TO_STRING(atom)->length()) != TOK_EOF)
1850 /*
1851 * Given an atom already fetched from jp->script's atom map, quote/escape its
1852 * string appropriately into rval, and select fmt from the quoted and unquoted
1853 * alternatives.
1854 */
1855 #define GET_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1856 JS_BEGIN_MACRO \
1857 jschar quote_; \
1858 if (!ATOM_IS_IDENTIFIER(atom)) { \
1860 fmt = qfmt; \
1861 } else { \
1862 quote_ = 0; \
1863 fmt = ufmt; \
1864 } \
1865 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), quote_); \
1866 if (!rval) \
1867 return NULL; \
1868 JS_END_MACRO
1870 #define LOAD_OBJECT(PCOFF) \
1871 GET_OBJECT_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1873 #define LOAD_FUNCTION(PCOFF) \
1874 GET_FUNCTION_FROM_BYTECODE(jp->script, pc, PCOFF, fun)
1876 #define LOAD_REGEXP(PCOFF) \
1877 GET_REGEXP_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1879 #define GET_SOURCE_NOTE_ATOM(sn, atom) \
1880 JS_BEGIN_MACRO \
1881 jsatomid atomIndex_ = (jsatomid) js_GetSrcNoteOffset((sn), 0); \
1882 \
1883 LOCAL_ASSERT(atomIndex_ < jp->script->atomMap.length); \
1884 (atom) = jp->script->atomMap.vector[atomIndex_]; \
1885 JS_END_MACRO
1887 /*
1888 * Get atom from jp->script's atom map, quote/escape its string appropriately
1889 * into rval, and select fmt from the quoted and unquoted alternatives.
1890 */
1891 #define GET_ATOM_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1892 JS_BEGIN_MACRO \
1893 LOAD_ATOM(0); \
1894 GET_QUOTE_AND_FMT(qfmt, ufmt, rval); \
1895 JS_END_MACRO
1897 /*
1898 * Per spec, new x(y).z means (new x(y))).z. For example new (x(y).z) must
1899 * decompile with the constructor parenthesized, but new x.z should not. The
1900 * normal rules give x(y).z and x.z identical precedence: both are produced by
1901 * JSOP_GETPROP.
1902 *
1903 * Therefore, we need to know in case JSOP_NEW whether the constructor
1904 * expression contains any unparenthesized function calls. So when building a
1905 * MemberExpression or CallExpression, we set ss->opcodes[n] to JSOP_CALL if
1906 * this is true. x(y).z gets JSOP_CALL, not JSOP_GETPROP.
1907 */
1908 #define PROPAGATE_CALLNESS() \
1909 JS_BEGIN_MACRO \
1910 if (ss->opcodes[ss->top - 1] == JSOP_CALL) \
1911 saveop = JSOP_CALL; \
1912 JS_END_MACRO
1925 #if JS_HAS_XML_SUPPORT
1927 #endif
1930 /*
1931 * Move saveop to lastop so prefixed bytecodes can take special action
1932 * while sharing maximal code. Set op and saveop to the new bytecode,
1933 * use op in POP_STR to trigger automatic parenthesization, but push
1934 * saveop at the bottom of the loop if this op pushes. Thus op may be
1935 * set to nop or otherwise mutated to suppress auto-parens.
1936 */
1941 /*
1942 * The decompiler uses js_GetIndexFromBytecode to get atoms and
1943 * objects and ignores these suffix/prefix bytecodes, thus
1944 * simplifying code that must process JSOP_GETTER/JSOP_SETTER
1945 * prefixes.
1946 */
1952 }
1957 /*
1958 * Here it is possible that nuses > ss->top when the op has a hidden
1959 * source note. But when nb < 0 we assume that the caller knows that
1960 * Decompile would never meet such opcodes.
1961 */
1967 }
1969 /*
1970 * Save source literal associated with JS now before the following
1971 * rewrite changes op. See bug 380197.
1972 */
1979 /*
1980 * Rewrite non-get ops to their "get" format if the error is in
1981 * the bytecode at pc, so we don't decompile more than the error
1982 * expression.
1983 */
1991 /*
1992 * JOF_NAME does not imply JOF_ATOM, so we must check for
1993 * the QARG and QVAR format types, and translate those to
1994 * JSOP_GETARG or JSOP_GETLOCAL appropriately, instead of
1995 * to JSOP_NAME.
1996 */
1999 ? JSOP_GETARG
2001 ? JSOP_GETLOCAL
2009 /*
2010 * We must replace the faulting pc's bytecode with a
2011 * corresponding JSOP_GET* code. For JSOP_SET{PROP,ELEM},
2012 * we must use the "2nd" form of JSOP_GET{PROP,ELEM}, to
2013 * throw away the assignment op's right-hand operand and
2014 * decompile it as if it were a GET of its left-hand
2015 * operand.
2016 */
2019 ? JSOP_GETPROP2
2023 ? JSOP_GETELEM2
2026 /*
2027 * Unknown mode (including mode 0) means that op is
2028 * uncategorized for our purposes, so we must write
2029 * per-op special case code here.
2030 */
2040 /*
2041 * NB: JSOP_GETTHISPROP can't fail due to |this|
2042 * being null or undefined at runtime (beware that
2043 * this may change for ES4). Therefore any error
2044 * resulting from this op must be due to the value
2045 * of the property accessed via |this|, so do not
2046 * rewrite op to JSOP_THIS.
2047 *
2048 * The next two cases should not change op if
2049 * js_DecompileValueGenerator was called from the
2050 * the property getter. They should rewrite only
2051 * if the base object in the arg/var/local is null
2052 * or undefined. FIXME: bug 431569.
2053 */
2063 }
2064 }
2065 }
2066 }
2078 }
2079 }
2084 }
2091 /*
2092 * Avoid over-parenthesizing y in x op= y based on its
2093 * expansion: x = x op y (replace y by z = w to see the
2094 * problem).
2095 */
2099 /* Print only the right operand of the assignment-op. */
2108 /* In XML, just concatenate the two operands. */
2113 }
2128 }
2132 /*
2133 * Check for a do-while loop, a for-loop with an empty
2134 * initializer part, a labeled statement, a function
2135 * definition, or try/finally.
2136 */
2158 do_forloop:
2161 /* Skip the JSOP_NOP or JSOP_POP bytecode. */
2164 /* Get the cond, next, and loop-closing tail offsets. */
2169 /*
2170 * If this loop has a condition, then pc points at a goto
2171 * targeting the condition.
2172 */
2177 }
2180 /* Print the keyword and the possibly empty init-part. */
2184 /* Decompile the loop condition. */
2187 }
2189 /* Need a semicolon whether or not there was a cond. */
2193 /*
2194 * Decompile the loop updater. It may end in a JSOP_POP
2195 * that we skip; or in a JSOP_POPN that we do not skip,
2196 * followed by a JSOP_NOP (skipped as if it's a POP).
2197 * We cope with the difference between these two cases
2198 * by checking for stack imbalance and popping if there
2199 * is an rval.
2200 */
2209 }
2211 /* Do the loop body. */
2219 /* Set len so pc skips over the entire loop. */
2251 do_function:
2277 }
2281 #if JS_HAS_DESTRUCTURING
2290 }
2291 #endif
2292 /* FALL THROUGH */
2309 /*
2310 * We push push the pair of exception/restsub cookies to
2311 * simulate the effects [gosub] or control transfer during
2312 * exception capturing on the stack.
2313 */
2330 /*
2331 * JSOP_GOSUB and GOSUBX have no effect on the decompiler's
2332 * string stack because the next op in bytecode order finds
2333 * the stack balanced by a JSOP_RETSUB executed elsewhere.
2334 */
2339 {
2342 /*
2343 * The compiler models operand stack depth and fixes the stack
2344 * pointer on entry to a catch clause based on its depth model.
2345 * The decompiler must match the code generator's model, which
2346 * is why JSOP_FINALLY pushes a cookie that JSOP_RETSUB pops.
2347 */
2356 #if JS_HAS_DESTRUCTURING
2369 }
2370 }
2374 /*
2375 * If this is an empty group assignment, we have no stack
2376 * budget into which we can push our result string. Adjust
2377 * ss->sprinter.offset so that our consumer can find the
2378 * empty group assignment decompilation.
2379 */
2383 /*
2384 * Kill newtop before the end_groupassignment: label by
2385 * retracting/popping early. Control will either jump
2386 * to do_forloop: or do_letheadbody: or else break from
2387 * our case JSOP_POPN: after the switch (*pc2) below.
2388 */
2392 }
2394 end_groupassignment:
2397 /*
2398 * Thread directly to the next opcode if we can, to handle
2399 * the special cases of a group assignment in the first or
2400 * last part of a for(;;) loop head, or in a let block or
2401 * expression head.
2402 *
2403 * NB: todo at this point indexes space in ss->sprinter
2404 * that is liable to be overwritten. The code below knows
2405 * exactly how long rval lives, or else copies it down via
2406 * SprintCString.
2407 */
2418 }
2422 /*
2423 * This must be an empty destructuring
2424 * in the head of a let whose body block
2425 * is also empty.
2426 */
2433 }
2440 }
2442 /*
2443 * An unnannotated NOP following a POPN must be the
2444 * third part of for(;;) loop head. If the POPN's
2445 * immediate operand is 0, then we may have no slot
2446 * on the sprint-stack in which to push our result
2447 * string. In this case the result can be recovered
2448 * at ss->sprinter.base + ss->sprinter.offset.
2449 */
2454 }
2455 }
2457 /*
2458 * If control flow reaches this point with todo still -2,
2459 * just print rval as an expression statement.
2460 */
2464 }
2465 #endif
2469 }
2471 }
2474 /* The catch decompiler handles this op itself. */
2479 /*
2480 * By default, do not automatically parenthesize when popping
2481 * a stacked expression decompilation. We auto-parenthesize
2482 * only when JSOP_POP is annotated with SRC_PCDELTA, meaning
2483 * comma operator.
2484 */
2486 /* FALL THROUGH */
2492 /* Force parens around 'in' expression at 'for' front. */
2500 /* Comma operator: use JSOP_POP for correct precedence. */
2503 /* Pop and save to avoid blowing stack depth budget. */
2508 /*
2509 * The offset tells distance to the end of the right-hand
2510 * operand of the comma operator.
2511 */
2519 }
2521 /* Pop Decompile result and print comma expression. */
2528 /*
2529 * Hide this pop. Don't adjust our stack depth model if
2530 * it's from a goto in a with or for/in.
2531 */
2538 /* This pop is at the end of the let block/expr head. */
2540 #if JS_HAS_DESTRUCTURING
2541 do_letheadbody:
2542 #endif
2558 /* Set saveop to reflect what we will push. */
2563 }
2571 }
2575 /* Turn off parens around a yield statement. */
2581 /*
2582 * Don't emit decompiler-pushed strings that are not
2583 * handled by other opcodes. They are pushed onto the
2584 * stack to help model the interpreter stack and should
2585 * not appear in the decompiler's output.
2586 */
2594 rval);
2598 }
2601 }
2625 {
2637 }
2640 #define LOCAL_ASSERT_OUT(expr) LOCAL_ASSERT_CUSTOM(expr, ok = JS_FALSE; \
2641 goto enterblock_out)
2648 }
2657 }
2658 }
2662 #if JS_HAS_BLOCK_SCOPE
2674 #endif
2688 }
2693 /*
2694 * This is a dup to save the exception for later.
2695 * It is emitted only when the catch head contains
2696 * an exception guard.
2697 */
2705 }
2706 }
2707 }
2709 #if JS_HAS_DESTRUCTURING
2715 }
2721 #endif
2730 }
2731 #if JS_HAS_DESTRUCTURING
2732 }
2733 #endif
2735 /*
2736 * Pop the exception_cookie (or its dup in the case of a
2737 * guarded catch head) off the stack now.
2738 */
2754 }
2762 }
2766 #undef LOCAL_ASSERT_OUT
2767 enterblock_out:
2772 }
2777 {
2790 /*
2791 * This JSOP_LEAVEBLOCK must be for a catch block. If sn's
2792 * offset does not equal the model stack depth, there must
2793 * be a copy of the exception value on the stack due to a
2794 * catch guard (see above, the JSOP_ENTERBLOCK + SRC_CATCH
2795 * case code).
2796 */
2803 }
2804 }
2814 }
2822 {
2826 }
2836 #ifdef DEBUG
2837 /*
2838 * We must be in an eval called from jp->fun, where
2839 * jp->script is the eval-compiled script.
2840 *
2841 * However, it's possible that a js_Invoke already
2842 * pushed a frame trying to call js_Construct on an
2843 * object that's not a constructor, causing us to be
2844 * called with an intervening frame on the stack.
2845 */
2855 }
2856 #endif
2859 }
2862 }
2870 }
2874 #if JS_HAS_DESTRUCTURING
2876 /*
2877 * Distinguish a js_DecompileValueGenerator call that
2878 * targets op alone, from decompilation of a full group
2879 * assignment sequence, triggered by SRC_GROUPASSIGN
2880 * annotating the first JSOP_GETLOCAL in the sequence.
2881 */
2889 }
2891 /* Null sn to prevent bogus VarPrefix'ing below. */
2893 }
2894 #endif
2906 }
2917 }
2927 }
2939 /* Turn on parens around comma-expression here. */
2943 rval,
2949 }
2950 /* FALL THROUGH */
2956 else
2961 #if JS_HAS_GENERATORS
2963 #if JS_HAS_GENERATOR_EXPRS
2965 #endif
2966 {
2967 /* Turn off most parens. */
2979 }
2981 #if JS_HAS_GENERATOR_EXPRS
2983 /* FALL THROUGH */
2984 #endif
2987 {
2991 /* Turn off most parens. */
2994 /* Pop the expression being pushed or yielded. */
2997 /*
2998 * Skip the for loop head stacked by JSOP_FORLOCAL until we hit
2999 * a block local slot (note empty destructuring patterns result
3000 * in unit-count blocks).
3001 */
3007 }
3010 /*
3011 * Here, forpos must index the space before the left-most |for|
3012 * in the single string of accumulated |for| heads and optional
3013 * final |if (condition)|.
3014 */
3018 /*
3019 * Now move pos downward over the block's local slots. Even an
3020 * empty destructuring pattern has one (dummy) local.
3021 */
3026 }
3028 #if JS_HAS_GENERATOR_EXPRS
3030 /*
3031 * Generator expression: decompile just rval followed by
3032 * the string starting at forpos. Leave the result string
3033 * in ss->offsets[0] so it can be recovered by our caller
3034 * (the JSOP_ANONFUNOBJ with SRC_GENEXP case). Bump the
3035 * top of stack to balance yield, which is an expression
3036 * (so has neutral stack balance).
3037 */
3047 }
3050 /*
3051 * Array comprehension: retract the sprinter to the beginning
3052 * of the array initialiser and decompile "[<rval> for ...]".
3053 */
3071 }
3089 JSITER_FOREACH;
3111 /*
3112 * The loop back-edge carries +1 stack balance, for the
3113 * flag processed by JSOP_IFNE. We do not decompile the
3114 * JSOP_IFNE, and instead push the left-hand side of 'in'
3115 * after the loop edge in this stack slot (the JSOP_FOR*
3116 * opcodes' decompilers do this pushing).
3117 */
3135 }
3137 /*
3138 * Do not AddParentSlop here, as we will push the
3139 * top-most offset again, which will add paren slop
3140 * for us. We must push to balance the stack budget
3141 * when nesting for heads in a comprehension.
3142 */
3148 }
3153 /*
3154 * As above, rval or an extension of it must remain
3155 * stacked during loop body decompilation.
3156 */
3165 }
3215 }
3221 {
3224 if_again:
3241 rval);
3243 }
3258 /*
3259 * If the second offset for sn is non-zero, it tells
3260 * the distance from the goto around the else, to the
3261 * ifeq for the if inside the else that forms an "if
3262 * else if" chain. Thus cond spans the condition of
3263 * the second if, so we simply decompile it and start
3264 * over at label if_again.
3265 */
3272 }
3277 }
3282 }
3296 }
3311 }
3313 }
3324 do_logical_connective:
3325 /* Top of stack is the first clause in a disjunction (||). */
3335 }
3347 }
3352 }
3372 }
3374 do_forvarslot:
3398 }
3409 }
3418 /*
3419 * The stack has the object under the (top) index expression.
3420 * The "rval" property id is underneath those two on the stack.
3421 * The for loop body net and gross lengths can now be adjusted
3422 * to account for the length of the indexing expression that
3423 * came after JSOP_FORELEM and before JSOP_ENUMELEM.
3424 */
3438 ? dot_format
3441 }
3444 #if JS_HAS_GETTER_SETTER
3449 #endif
3457 }
3458 /* FALL THROUGH */
3461 #if JS_HAS_DESTRUCTURING
3477 // Skip POP so the SRC_FOR_IN code can pop for itself.
3483 }
3485 }
3486 #endif
3503 do_setname:
3511 do_setlval:
3515 lval,
3517 ? js_getter_str
3519 ? js_setter_str
3521 rval);
3526 }
3534 }
3538 {
3553 }
3561 }
3563 /*
3564 * The only way that our next op could be a JSOP_ADD is
3565 * if we are about to concatenate at least one non-string
3566 * literal. Deal with that here in order to avoid extra
3567 * parentheses (because JSOP_ADD is left-associative).
3568 */
3574 out:
3580 }
3598 /* Skip the JSOP_PUSHOBJ-created empty string. */
3602 /*
3603 * Special case: new (x(y)(z)) must be parenthesized like so.
3604 * Same for new (x(y).z) -- contrast with new x(y).z.
3605 * See PROPAGATE_CALLNESS.
3606 */
3614 ? JSOP_NAME
3631 }
3641 }
3642 }
3655 }
3664 do_delete_lval:
3689 #if JS_HAS_XML_SUPPORT
3697 #endif
3705 rval);
3719 do_incatom:
3724 do_inclval:
3733 /*
3734 * Force precedence below the numeric literal opcodes, so that
3735 * 42..foo or 10000..toString(16), e.g., decompile with parens
3736 * around the left-hand side of dot.
3737 */
3754 ? predot_format
3761 }
3775 do_atominc:
3780 do_lvalinc:
3789 /*
3790 * Force precedence below the numeric literal opcodes, so that
3791 * 42..foo or 10000..toString(16), e.g., decompile with parens
3792 * around the left-hand side of dot.
3793 */
3809 ? postdot_format
3816 }
3827 /* FALL THROUGH */
3834 do_getprop:
3836 do_getprop_lval:
3849 /* Get the name of the argument or variable. */
3852 do_getarg_prop:
3860 /* Get the name of the property. */
3883 /*
3884 * Force precedence below the numeric literal opcodes, so that
3885 * 42..foo or 10000..toString(16), e.g., decompile with parens
3886 * around the left-hand side of dot.
3887 */
3894 ? js_getter_str
3896 ? js_setter_str
3899 rval);
3905 /* FALL THROUGH */
3919 ? dot_format
3922 }
3943 ? js_getter_str
3945 ? js_setter_str
3948 rval);
3966 #if JS_HAS_DESTRUCTURING
3970 }
3971 #else
3973 #endif
3981 do_name:
3983 #if JS_HAS_XML_SUPPORT
3984 do_qname:
3985 #endif
4010 do_sprint_int:
4033 #if JS_HAS_GENERATOR_EXPRS
4039 SprintStack ss2;
4044 /*
4045 * All allocation when decompiling is LIFO, using malloc
4046 * or, more commonly, arena-allocating from cx->tempPool.
4047 * Therefore after InitSprintStack succeeds, we must
4048 * release to mark before returning.
4049 */
4057 }
4062 }
4065 /*
4066 * Recursively decompile this generator function as an
4067 * un-parenthesized generator expression. The ss->inGenExp
4068 * special case of JSOP_YIELD shares array comprehension
4069 * decompilation code that leaves the result as the single
4070 * string pushed on ss2.
4071 */
4086 }
4088 /*
4089 * Advance over this op and its global |this| push, and
4090 * arrange to advance over the call to this lambda.
4091 */
4099 /*
4100 * Arrange to parenthesize this genexp unless:
4101 *
4102 * 1. It is the complete expression consumed by a control
4103 * flow bytecode such as JSOP_TABLESWITCH whose syntax
4104 * always parenthesizes the controlling expression.
4105 * 2. It is the sole argument to a function call.
4106 *
4107 * But if this genexp runs up against endpc, parenthesize
4108 * regardless. (This can happen if we are called from
4109 * DecompileExpression or recursively from case
4110 * JSOP_{NOP,AND,OR}.)
4111 *
4112 * There's no special case for |if (genexp)| because the
4113 * compiler optimizes that to |if (true)|.
4114 */
4129 ? JSOP_POP
4132 /*
4133 * Stack this result as if it's a name and not an
4134 * anonymous function, so it doesn't get decompiled as
4135 * a generator function in a getter or setter context.
4136 * The precedence level is the same for JSOP_NAME and
4137 * JSOP_LAMBDA.
4138 */
4142 }
4144 /*
4145 * Alas, we have to malloc a copy of the result left on
4146 * the top of ss2 because both ss and ss2 arena-allocate
4147 * from cx's tempPool.
4148 */
4156 }
4158 /* FALL THROUGH */
4161 {
4162 /*
4163 * Always parenthesize expression closures. We can't force
4164 * saveop to a low-precedence op to arrange for auto-magic
4165 * parenthesization without confusing getter/setter code
4166 * that checks for JSOP_LAMBDA.
4167 */
4172 js_DecompileFunction);
4175 }
4176 sprint_string:
4192 do_regexp:
4200 {
4236 }
4240 j++;
4241 }
4243 }
4253 }
4254 }
4258 JS_FALSE);
4259 }
4265 }
4269 {
4296 }
4303 }
4306 JS_FALSE);
4312 }
4315 {
4317 jsint ncases;
4325 /*
4326 * Count the cases using offsets from switch to first case,
4327 * and case to case, stored in srcnote immediates.
4328 */
4336 /* End of cases, but count default as a case. */
4342 }
4343 }
4345 /*
4346 * Allocate table and rescan the cases using their srcnotes,
4347 * stashing each case's delta from switch top in table[i].key,
4348 * and the distance to its statements in table[i].offset.
4349 */
4367 }
4368 }
4370 /*
4371 * Find offset of default code by fetching the default offset
4372 * from the end of table. JSOP_CONDSWITCH always has a default
4373 * case at the end.
4374 */
4380 JS_TRUE);
4386 }
4390 {
4397 }
4427 }
4449 }
4450 }
4466 {
4471 #if JS_HAS_SHARP_VARS
4483 }
4484 }
4493 }
4495 }
4498 {
4499 JSBool inArray;
4505 /* Skip any #n= prefix to find the opening bracket. */
4512 rval,
4516 }
4518 {
4519 JSBool isFirst;
4525 /* Turn off most parens. */
4529 /* Turn off all parens for xval and lval, which we control. */
4538 }
4541 lval,
4542 maybeComma,
4543 rval);
4557 /* fall through */
4559 do_initprop:
4561 #ifdef OLD_GETTER_SETTER
4563 lval,
4564 maybeComma,
4565 xval,
4571 rval);
4572 #else
4581 lval,
4582 maybeComma,
4583 xval,
4587 rval);
4598 lval,
4599 maybeComma,
4602 xval,
4605 }
4609 }
4610 #endif
4612 }
4614 #if JS_HAS_SHARP_VARS
4627 #if JS_HAS_DEBUGGER_KEYWORD
4634 #if JS_HAS_XML_SUPPORT
4654 }
4664 }
4697 /* This gets reset by all XML tag expressions. */
4706 else
4711 /* Leave the name stacked and push a dummy string. */
4716 /* Pop the r.h.s., the dummy string, and the name. */
4726 /* If we're an attribute value, we shouldn't quote this. */
4740 /* These ops indicate the end of XML expressions. */
4768 DONT_ESCAPE))
4777 DONT_ESCAPE))
4806 }
4807 }
4810 /* -2 means "don't push", -1 means reported error. */
4816 }
4822 }
4825 }
4827 /*
4828 * Undefine local macros.
4829 */
4830 #undef inXML
4831 #undef DECOMPILE_CODE
4832 #undef NEXT_OP
4833 #undef TOP_STR
4834 #undef POP_STR
4835 #undef POP_STR_PREC
4836 #undef LOCAL_ASSERT
4837 #undef ATOM_IS_IDENTIFIER
4838 #undef GET_QUOTE_AND_FMT
4839 #undef GET_ATOM_QUOTE_AND_FMT
4842 }
4844 static JSBool
4846 uintN pcdepth)
4847 {
4849 SprintStack ss;
4852 JSBool ok;
4860 /* Initialize a sprinter for use with the offset stack. */
4867 /*
4868 * If we are called from js_DecompileValueGenerator with a portion of
4869 * script's bytecode that starts with a non-zero model stack depth given
4870 * by pcdepth, attempt to initialize the missing string offsets in ss to
4871 * |spindex| negative indexes from fp->sp for the activation fp in which
4872 * the error arose.
4873 *
4874 * See js_DecompileValueGenerator for how its |spindex| parameter is used,
4875 * and see also GetOff, which makes use of the ss.offsets[i] < -1 that are
4876 * potentially stored below.
4877 */
4883 }
4884 }
4886 /* Call recursive subroutine to do the hard work. */
4896 }
4903 }
4906 /* If the given code didn't empty the stack, do it now. */
4912 }
4914 out:
4915 /* Free all temporary stuff allocated under this call. */
4918 }
4920 JSBool
4922 {
4924 }
4926 JSString *
4929 JSDecompilerPtr decompiler)
4930 {
4939 else
4943 }
4947 JSBool
4949 {
4957 }
4961 }
4963 JSBool
4965 {
4967 uintN i;
4971 JSBool ok;
4977 /*
4978 * If pretty, conform to ECMA-262 Edition 3, 15.3.4.2, by decompiling a
4979 * FunctionDeclaration. Otherwise, check the JSFUN_LAMBDA flag and force
4980 * an expression by parenthesizing.
4981 */
4987 }
5006 #if JS_HAS_DESTRUCTURING
5007 SprintStack ss;
5009 #endif
5011 /* Print the parameters. */
5016 /* Skip trace hint if it appears here. */
5017 #if JS_HAS_GENERATORS
5019 #endif
5020 {
5027 }
5028 }
5030 #if JS_HAS_DESTRUCTURING
5034 #endif
5042 #if JS_HAS_DESTRUCTURING
5043 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, JS_FALSE)
5056 }
5061 }
5069 }
5071 }
5073 #undef LOCAL_ASSERT
5074 #endif
5079 }
5080 }
5082 #if JS_HAS_DESTRUCTURING
5085 #endif
5091 /*
5092 * We have no syntax for strict function expressions;
5093 * at least give a hint.
5094 */
5097 }
5105 }
5106 }
5116 }
5117 }
5123 }
5128 {
5133 intN pcdepth;
5151 }
5156 /*
5157 * Prepare computing pcstack containing pointers to opcodes that
5158 * populated interpreter's stack with its current content.
5159 */
5175 /*
5176 * We search from fp->sp to base to find the most recently
5177 * calculated value matching v under assumption that it is
5178 * it that caused exception, see bug 328664.
5179 */
5186 }
5189 /*
5190 * The value may have come from beyond stackBase + pcdepth,
5191 * meaning that it came from a temporary slot that the
5192 * interpreter uses for GC roots or when JSOP_APPLY extended
5193 * the stack to fit the argument array elements. Only update pc
5194 * if beneath stackBase + pcdepth; otherwise blame existing
5195 * (current) PC.
5196 */
5199 }
5201 release_pcstack:
5205 }
5207 {
5213 }
5215 /*
5216 * FIXME: bug 489843. Stack reconstruction may have returned a pc
5217 * value *inside* an imacro; this would confuse the decompiler.
5218 */
5221 else
5227 }
5228 }
5232 do_fallback:
5237 }
5239 }
5244 {
5246 JSOp op;
5252 intN pcdepth;
5268 }
5272 /* None of these stack-writing ops generates novel values. */
5276 /* JSOP_PUSH is used to generate undefined for group assignment holes. */
5280 }
5282 /*
5283 * |this| could convert to a very long object initialiser, so cite it by
5284 * its keyword name instead.
5285 */
5289 }
5291 /*
5292 * JSOP_BINDNAME is special: it generates a value, the base object of a
5293 * reference. But if it is the generating op for a diagnostic produced by
5294 * js_DecompileValueGenerator, the name being bound is irrelevant. Just
5295 * fall back to the base object.
5296 */
5300 }
5302 /* NAME ops are self-contained, others require left or right context. */
5315 }
5327 }
5330 }
5335 }
5342 }
5349 }
5360 }
5362 }
5364 out:
5369 }
5373 }
5375 uintN
5377 {
5379 }
5381 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, -1);
5383 static intN
5386 {
5393 /*
5394 * Fill the slots that the opcode defines withs its pc unless it just
5395 * reshuffles the stack. In the latter case we want to preserve the
5396 * opcode that generated the original value.
5397 */
5403 }
5408 /* Keep the switch value. */
5423 }
5432 }
5434 }
5437 }
5439 #ifdef JS_TRACER
5441 #undef LOCAL_ASSERT
5442 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_CUSTOM(expr, goto failure);
5444 static intN
5448 {
5476 }
5480 }
5481 }
5488 success:
5493 failure:
5496 }
5498 #undef LOCAL_ASSERT
5499 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, -1);
5501 static intN
5505 static intN
5509 {
5510 /*
5511 * Begin with a recursive call back to ReconstructPCStack to pick up
5512 * the state-of-the-world at the *start* of the imacro.
5513 */
5520 }
5523 #endif
5525 static intN
5528 {
5529 /*
5530 * Walk forward from script->main and compute the stack depth and stack of
5531 * operand-generating opcode PCs in pcstack.
5532 *
5533 * FIXME: Code to compute oplen copied from js_Disassemble1 and reduced.
5534 * FIXME: Optimize to use last empty-stack sequence point.
5535 */
5536 #ifdef JS_TRACER
5541 #endif
5554 /*
5555 * A (C ? T : E) expression requires skipping either T (if target is in
5556 * E) or both T and E (if target is after the whole expression) before
5557 * adjusting pcdepth based on the JSOP_IFEQ or JSOP_IFEQX at pc that
5558 * tests condition C. We know that the stack depth can't change from
5559 * what it was with C on top of stack.
5560 */
5575 }
5577 /*
5578 * Ok, target lies in E. Manually pop C off the model stack,
5579 * since we have moved beyond the IFEQ now.
5580 */
5583 }
5584 }
5586 /*
5587 * Ignore early-exit code, which is SRC_HIDDEN, but do not ignore the
5588 * hidden POP that sometimes appears after an UNBRAND. See bug 543565.
5589 */
5593 }
5598 }
5602 #undef LOCAL_ASSERT
5603 }
5605 #undef LOCAL_ASSERT_RV