search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
implement breakpoint API (breakpoints don't actually trigger yet)
[swfdec.git] / libswfdec / js / jsinterp.c
bloba9b49820781933aad2784bdebda3527bc4ba36d2
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 *
3 * ***** BEGIN LICENSE BLOCK *****
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 *
6 * The contents of this file are subject to the Mozilla Public License Version
7 * 1.1 (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at
9 * http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS" basis,
12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 * for the specific language governing rights and limitations under the
14 * License.
15 *
16 * The Original Code is Mozilla Communicator client code, released
17 * March 31, 1998.
18 *
19 * The Initial Developer of the Original Code is
20 * Netscape Communications Corporation.
21 * Portions created by the Initial Developer are Copyright (C) 1998
22 * the Initial Developer. All Rights Reserved.
23 *
24 * Contributor(s):
25 *
26 * Alternatively, the contents of this file may be used under the terms of
27 * either of the GNU General Public License Version 2 or later (the "GPL"),
28 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29 * in which case the provisions of the GPL or the LGPL are applicable instead
30 * of those above. If you wish to allow use of your version of this file only
31 * under the terms of either the GPL or the LGPL, and not to allow others to
32 * use your version of this file under the terms of the MPL, indicate your
33 * decision by deleting the provisions above and replace them with the notice
34 * and other provisions required by the GPL or the LGPL. If you do not delete
35 * the provisions above, a recipient may use your version of this file under
36 * the terms of any one of the MPL, the GPL or the LGPL.
37 *
38 * ***** END LICENSE BLOCK ***** */
39
40 /* build on macs with low memory */
41 #if defined(XP_MAC) && defined(MOZ_MAC_LOWMEM)
42 #pragma optimization_level 1
43 #endif
44
45 /*
46 * JavaScript bytecode interpreter.
47 */
48 #include "jsstddef.h"
49 #include <stdio.h>
50 #include <string.h>
51 #include <math.h>
52 #include "jstypes.h"
53 #include "jsarena.h" /* Added by JSIFY */
54 #include "jsutil.h" /* Added by JSIFY */
55 #include "jsprf.h"
56 #include "jsapi.h"
57 #include "jsarray.h"
58 #include "jsatom.h"
59 #include "jsbool.h"
60 #include "jscntxt.h"
61 #include "jsconfig.h"
62 #include "jsdbgapi.h"
63 #include "jsfun.h"
64 #include "jsgc.h"
65 #include "jsinterp.h"
66 #include "jslock.h"
67 #include "jsnum.h"
68 #include "jsobj.h"
69 #include "jsopcode.h"
70 #include "jsscope.h"
71 #include "jsscript.h"
72 #include "jsstr.h"
73
74 #if JS_HAS_JIT
75 #include "jsjit.h"
76 #endif
77
78 #ifdef DEBUG
79 #define ASSERT_CACHE_IS_EMPTY(cache) \
80 JS_BEGIN_MACRO \
81 JSPropertyCacheEntry *end_, *pce_, entry_; \
82 JSPropertyCache *cache_ = (cache); \
83 JS_ASSERT(cache_->empty); \
84 end_ = &cache_->table[PROPERTY_CACHE_SIZE]; \
85 for (pce_ = &cache_->table[0]; pce_ < end_; pce_++) { \
86 PCE_LOAD(cache_, pce_, entry_); \
87 JS_ASSERT(!PCE_OBJECT(entry_)); \
88 JS_ASSERT(!PCE_PROPERTY(entry_)); \
89 } \
90 JS_END_MACRO
91 #else
92 #define ASSERT_CACHE_IS_EMPTY(cache) ((void)0)
93 #endif
94
95 void
96 js_FlushPropertyCache(JSContext *cx)
97 {
98 JSPropertyCache *cache;
99
100 cache = &cx->runtime->propertyCache;
101 if (cache->empty) {
102 ASSERT_CACHE_IS_EMPTY(cache);
103 return;
104 }
105 memset(cache->table, 0, sizeof cache->table);
106 cache->empty = JS_TRUE;
107 #ifdef JS_PROPERTY_CACHE_METERING
108 cache->flushes++;
109 #endif
110 }
111
112 void
113 js_DisablePropertyCache(JSContext *cx)
114 {
115 JS_ASSERT(!cx->runtime->propertyCache.disabled);
116 cx->runtime->propertyCache.disabled = JS_TRUE;
117 }
118
119 void
120 js_EnablePropertyCache(JSContext *cx)
121 {
122 JS_ASSERT(cx->runtime->propertyCache.disabled);
123 ASSERT_CACHE_IS_EMPTY(&cx->runtime->propertyCache);
124 cx->runtime->propertyCache.disabled = JS_FALSE;
125 }
126
127 /*
128 * Class for for/in loop property iterator objects.
129 */
130 #define JSSLOT_ITER_STATE JSSLOT_PRIVATE
131
132 static void
133 prop_iterator_finalize(JSContext *cx, JSObject *obj)
134 {
135 jsval iter_state;
136 jsval iteratee;
137
138 /* Protect against stillborn iterators. */
139 iter_state = obj->slots[JSSLOT_ITER_STATE];
140 iteratee = obj->slots[JSSLOT_PARENT];
141 if (!JSVAL_IS_NULL(iter_state) && !JSVAL_IS_PRIMITIVE(iteratee)) {
142 OBJ_ENUMERATE(cx, JSVAL_TO_OBJECT(iteratee), JSENUMERATE_DESTROY,
143 &iter_state, NULL);
144 }
145 js_RemoveRoot(cx->runtime, &obj->slots[JSSLOT_PARENT]);
146
147 /* XXX force the GC to restart so we can collect iteratee, if possible,
148 during the current collector activation */
149 cx->runtime->gcLevel++;
150 }
151
152 static JSClass prop_iterator_class = {
153 "PropertyIterator",
154 0,
155 JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
156 JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, prop_iterator_finalize,
157 JSCLASS_NO_OPTIONAL_MEMBERS
158 };
159
160 /*
161 * Stack macros and functions. These all use a local variable, jsval *sp, to
162 * point to the next free stack slot. SAVE_SP must be called before any call
163 * to a function that may invoke the interpreter. RESTORE_SP must be called
164 * only after return from js_Invoke, because only js_Invoke changes fp->sp.
165 */
166 #define PUSH(v) (*sp++ = (v))
167 #define POP() (*--sp)
168 #ifdef DEBUG
169 #define SAVE_SP(fp) \
170 (JS_ASSERT((fp)->script || !(fp)->spbase || (sp) == (fp)->spbase), \
171 (fp)->sp = sp)
172 #else
173 #define SAVE_SP(fp) ((fp)->sp = sp)
174 #endif
175 #define RESTORE_SP(fp) (sp = (fp)->sp)
176
177 /*
178 * Push the generating bytecode's pc onto the parallel pc stack that runs
179 * depth slots below the operands.
180 *
181 * NB: PUSH_OPND uses sp, depth, and pc from its lexical environment. See
182 * js_Interpret for these local variables' declarations and uses.
183 */
184 #define PUSH_OPND(v) (sp[-depth] = (jsval)pc, PUSH(v))
185 #define STORE_OPND(n,v) (sp[(n)-depth] = (jsval)pc, sp[n] = (v))
186 #define POP_OPND() POP()
187 #define FETCH_OPND(n) (sp[n])
188
189 /*
190 * Push the jsdouble d using sp, depth, and pc from the lexical environment.
191 * Try to convert d to a jsint that fits in a jsval, otherwise GC-alloc space
192 * for it and push a reference.
193 */
194 #define STORE_NUMBER(cx, n, d) \
195 JS_BEGIN_MACRO \
196 jsint i_; \
197 jsval v_; \
198 \
199 if (JSDOUBLE_IS_INT(d, i_) && INT_FITS_IN_JSVAL(i_)) { \
200 v_ = INT_TO_JSVAL(i_); \
201 } else { \
202 ok = js_NewDoubleValue(cx, d, &v_); \
203 if (!ok) \
204 goto out; \
205 } \
206 STORE_OPND(n, v_); \
207 JS_END_MACRO
208
209 #define FETCH_NUMBER(cx, n, d) \
210 JS_BEGIN_MACRO \
211 jsval v_; \
212 \
213 v_ = FETCH_OPND(n); \
214 VALUE_TO_NUMBER(cx, v_, d); \
215 JS_END_MACRO
216
217 #define FETCH_INT(cx, n, i) \
218 JS_BEGIN_MACRO \
219 jsval v_ = FETCH_OPND(n); \
220 if (JSVAL_IS_INT(v_)) { \
221 i = JSVAL_TO_INT(v_); \
222 } else { \
223 SAVE_SP(fp); \
224 ok = js_ValueToECMAInt32(cx, v_, &i); \
225 if (!ok) \
226 goto out; \
227 } \
228 JS_END_MACRO
229
230 #define FETCH_UINT(cx, n, ui) \
231 JS_BEGIN_MACRO \
232 jsval v_ = FETCH_OPND(n); \
233 jsint i_; \
234 if (JSVAL_IS_INT(v_) && (i_ = JSVAL_TO_INT(v_)) >= 0) { \
235 ui = (uint32) i_; \
236 } else { \
237 SAVE_SP(fp); \
238 ok = js_ValueToECMAUint32(cx, v_, &ui); \
239 if (!ok) \
240 goto out; \
241 } \
242 JS_END_MACRO
243
244 /*
245 * Optimized conversion macros that test for the desired type in v before
246 * homing sp and calling a conversion function.
247 */
248 #define VALUE_TO_NUMBER(cx, v, d) \
249 JS_BEGIN_MACRO \
250 if (JSVAL_IS_INT(v)) { \
251 d = (jsdouble)JSVAL_TO_INT(v); \
252 } else if (JSVAL_IS_DOUBLE(v)) { \
253 d = *JSVAL_TO_DOUBLE(v); \
254 } else { \
255 SAVE_SP(fp); \
256 ok = js_ValueToNumber(cx, v, &d); \
257 if (!ok) \
258 goto out; \
259 } \
260 JS_END_MACRO
261
262 #define POP_BOOLEAN(cx, v, b) \
263 JS_BEGIN_MACRO \
264 v = FETCH_OPND(-1); \
265 if (v == JSVAL_NULL) { \
266 b = JS_FALSE; \
267 } else if (JSVAL_IS_BOOLEAN(v)) { \
268 b = JSVAL_TO_BOOLEAN(v); \
269 } else { \
270 SAVE_SP(fp); \
271 ok = js_ValueToBoolean(cx, v, &b); \
272 if (!ok) \
273 goto out; \
274 } \
275 sp--; \
276 JS_END_MACRO
277
278 #define VALUE_TO_OBJECT(cx, v, obj) \
279 JS_BEGIN_MACRO \
280 if (JSVAL_IS_OBJECT(v) && v != JSVAL_NULL) { \
281 obj = JSVAL_TO_OBJECT(v); \
282 } else { \
283 SAVE_SP(fp); \
284 obj = js_ValueToNonNullObject(cx, v); \
285 if (!obj) { \
286 ok = JS_FALSE; \
287 goto out; \
288 } \
289 } \
290 JS_END_MACRO
291
292 #if JS_BUG_VOID_TOSTRING
293 #define CHECK_VOID_TOSTRING(cx, v) \
294 if (JSVAL_IS_VOID(v)) { \
295 JSString *str_; \
296 str_ = ATOM_TO_STRING(cx->runtime->atomState.typeAtoms[JSTYPE_VOID]); \
297 v = STRING_TO_JSVAL(str_); \
298 }
299 #else
300 #define CHECK_VOID_TOSTRING(cx, v) ((void)0)
301 #endif
302
303 #if JS_BUG_EAGER_TOSTRING
304 #define CHECK_EAGER_TOSTRING(hint) (hint = JSTYPE_STRING)
305 #else
306 #define CHECK_EAGER_TOSTRING(hint) ((void)0)
307 #endif
308
309 #define VALUE_TO_PRIMITIVE(cx, v, hint, vp) \
310 JS_BEGIN_MACRO \
311 if (JSVAL_IS_PRIMITIVE(v)) { \
312 CHECK_VOID_TOSTRING(cx, v); \
313 *vp = v; \
314 } else { \
315 SAVE_SP(fp); \
316 CHECK_EAGER_TOSTRING(hint); \
317 ok = OBJ_DEFAULT_VALUE(cx, JSVAL_TO_OBJECT(v), hint, vp); \
318 if (!ok) \
319 goto out; \
320 } \
321 JS_END_MACRO
322
323 JS_FRIEND_API(jsval *)
324 js_AllocRawStack(JSContext *cx, uintN nslots, void **markp)
325 {
326 jsval *sp;
327
328 if (markp)
329 *markp = JS_ARENA_MARK(&cx->stackPool);
330 JS_ARENA_ALLOCATE_CAST(sp, jsval *, &cx->stackPool, nslots * sizeof(jsval));
331 if (!sp) {
332 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_STACK_OVERFLOW,
333 (cx->fp && cx->fp->fun)
334 ? JS_GetFunctionName(cx->fp->fun)
335 : "script");
336 }
337 return sp;
338 }
339
340 JS_FRIEND_API(void)
341 js_FreeRawStack(JSContext *cx, void *mark)
342 {
343 JS_ARENA_RELEASE(&cx->stackPool, mark);
344 }
345
346 JS_FRIEND_API(jsval *)
347 js_AllocStack(JSContext *cx, uintN nslots, void **markp)
348 {
349 jsval *sp, *vp, *end;
350 JSArena *a;
351 JSStackHeader *sh;
352 JSStackFrame *fp;
353
354 /* Callers don't check for zero nslots: we do to avoid empty segments. */
355 if (nslots == 0) {
356 *markp = NULL;
357 return JS_ARENA_MARK(&cx->stackPool);
358 }
359
360 /* Allocate 2 extra slots for the stack segment header we'll likely need. */
361 sp = js_AllocRawStack(cx, 2 + nslots, markp);
362 if (!sp)
363 return NULL;
364
365 /* Try to avoid another header if we can piggyback on the last segment. */
366 a = cx->stackPool.current;
367 sh = cx->stackHeaders;
368 if (sh && JS_STACK_SEGMENT(sh) + sh->nslots == sp) {
369 /* Extend the last stack segment, give back the 2 header slots. */
370 sh->nslots += nslots;
371 a->avail -= 2 * sizeof(jsval);
372 } else {
373 /*
374 * Need a new stack segment, so we must initialize unused slots in the
375 * current frame. See js_GC, just before marking the "operand" jsvals,
376 * where we scan from fp->spbase to fp->sp or through fp->script->depth
377 * (whichever covers fewer slots).
378 */
379 fp = cx->fp;
380 if (fp && fp->script && fp->spbase) {
381 #ifdef DEBUG
382 jsuword depthdiff = fp->script->depth * sizeof(jsval);
383 JS_ASSERT(JS_UPTRDIFF(fp->sp, fp->spbase) <= depthdiff);
384 JS_ASSERT(JS_UPTRDIFF(*markp, fp->spbase) >= depthdiff);
385 #endif
386 end = fp->spbase + fp->script->depth;
387 for (vp = fp->sp; vp < end; vp++)
388 *vp = JSVAL_VOID;
389 }
390
391 /* Allocate and push a stack segment header from the 2 extra slots. */
392 sh = (JSStackHeader *)sp;
393 sh->nslots = nslots;
394 sh->down = cx->stackHeaders;
395 cx->stackHeaders = sh;
396 sp += 2;
397 }
398
399 return sp;
400 }
401
402 JS_FRIEND_API(void)
403 js_FreeStack(JSContext *cx, void *mark)
404 {
405 JSStackHeader *sh;
406 jsuword slotdiff;
407
408 /* Check for zero nslots allocation special case. */
409 if (!mark)
410 return;
411
412 /* We can assert because js_FreeStack always balances js_AllocStack. */
413 sh = cx->stackHeaders;
414 JS_ASSERT(sh);
415
416 /* If mark is in the current segment, reduce sh->nslots, else pop sh. */
417 slotdiff = JS_UPTRDIFF(mark, JS_STACK_SEGMENT(sh)) / sizeof(jsval);
418 if (slotdiff < (jsuword)sh->nslots)
419 sh->nslots = slotdiff;
420 else
421 cx->stackHeaders = sh->down;
422
423 /* Release the stackPool space allocated since mark was set. */
424 JS_ARENA_RELEASE(&cx->stackPool, mark);
425 }
426
427 /*
428 * To economize on slots space in functions, the compiler records arguments and
429 * local variables as shared (JSPROP_SHARED) properties with well-known getters
430 * and setters: js_{Get,Set}Argument, js_{Get,Set}LocalVariable. Now, we could
431 * record args and vars in lists or hash tables in function-private data, but
432 * that means more duplication in code, and more data at runtime in the hash
433 * table case due to round-up to powers of two, just to recapitulate the scope
434 * machinery in the function object.
435 *
436 * What's more, for a long time (to the dawn of "Mocha" in 1995), these getters
437 * and setters knew how to search active stack frames in a context to find the
438 * top activation of the function f, in order to satisfy a get or set of f.a,
439 * for argument a, or f.x, for local variable x. You could use f.a instead of
440 * just a in function f(a) { return f.a }, for example, to return the actual
441 * parameter.
442 *
443 * ECMA requires that we give up on this ancient extension, because it is not
444 * compatible with the standard as used by real-world scripts. While Chapter
445 * 16 does allow for additional properties to be defined on native objects by
446 * a conforming implementation, these magic getters and setters cause f.a's
447 * meaning to vary unexpectedly. Real-world scripts set f.A = 42 to define
448 * "class static" (after Java) constants, for example, but if A also names an
449 * arg or var in f, the constant is not available while f is active, and any
450 * non-constant class-static can't be set while f is active.
451 *
452 * So, to label arg and var properties in functions without giving them magic
453 * abilities to affect active frame stack slots, while keeping the properties
454 * shared (slot-less) to save space in the common case (where no assignment
455 * sets a function property with the same name as an arg or var), the setters
456 * for args and vars must handle two special cases here.
457 *
458 * XXX functions tend to have few args and vars, so we risk O(n^2) growth here
459 * XXX ECMA *really* wants args and vars to be stored in function-private data,
460 * not as function object properties.
461 */
462 static JSBool
463 SetFunctionSlot(JSContext *cx, JSObject *obj, JSPropertyOp setter, jsid id,
464 jsval v)
465 {
466 uintN slot;
467 JSObject *origobj;
468 JSScope *scope;
469 JSScopeProperty *sprop;
470 JSString *str;
471 JSBool ok;
472
473 slot = (uintN) JSVAL_TO_INT(id);
474 if (OBJ_GET_CLASS(cx, obj) != &js_FunctionClass) {
475 /*
476 * Given a non-function object obj that has a function object in its
477 * prototype chain, where an argument or local variable property named
478 * by (setter, slot) is being set, override the shared property in the
479 * prototype with an unshared property in obj. This situation arises
480 * in real-world JS due to .prototype setting and collisions among a
481 * function's "static property" names and arg or var names, believe it
482 * or not.
483 */
484 origobj = obj;
485 do {
486 obj = OBJ_GET_PROTO(cx, obj);
487 if (!obj)
488 return JS_TRUE;
489 } while (OBJ_GET_CLASS(cx, obj) != &js_FunctionClass);
490
491 JS_LOCK_OBJ(cx, obj);
492 scope = OBJ_SCOPE(obj);
493 for (sprop = SCOPE_LAST_PROP(scope); sprop; sprop = sprop->parent) {
494 if (sprop->setter == setter) {
495 JS_ASSERT(!JSVAL_IS_INT(sprop->id) &&
496 ATOM_IS_STRING((JSAtom *)sprop->id) &&
497 (sprop->flags & SPROP_HAS_SHORTID));
498
499 if ((uintN) sprop->shortid == slot) {
500 str = ATOM_TO_STRING((JSAtom *)sprop->id);
501 JS_UNLOCK_SCOPE(cx, scope);
502
503 return JS_DefineUCProperty(cx, origobj,
504 JSSTRING_CHARS(str),
505 JSSTRING_LENGTH(str),
506 v, NULL, NULL,
507 JSPROP_ENUMERATE);
508 }
509 }
510 }
511 JS_UNLOCK_SCOPE(cx, scope);
512 return JS_TRUE;
513 }
514
515 /*
516 * Argument and local variable properties of function objects are shared
517 * by default (JSPROP_SHARED), therefore slot-less. But if for function
518 * f(a) {}, f.a = 42 is evaluated, f.a should be 42 after the assignment,
519 * whether or not f is active. So js_SetArgument and js_SetLocalVariable
520 * must be prepared to change an arg or var from shared to unshared status,
521 * allocating a slot in obj to hold v.
522 */
523 ok = JS_TRUE;
524 JS_LOCK_OBJ(cx, obj);
525 scope = OBJ_SCOPE(obj);
526 for (sprop = SCOPE_LAST_PROP(scope); sprop; sprop = sprop->parent) {
527 if (sprop->setter == setter && (uintN) sprop->shortid == slot) {
528 if (sprop->attrs & JSPROP_SHARED) {
529 sprop = js_ChangeScopePropertyAttrs(cx, scope, sprop,
530 0, ~JSPROP_SHARED,
531 sprop->getter, setter);
532 if (!sprop) {
533 ok = JS_FALSE;
534 } else {
535 /* See js_SetProperty, near the bottom. */
536 GC_POKE(cx, pval);
537 LOCKED_OBJ_SET_SLOT(obj, sprop->slot, v);
538 }
539 }
540 break;
541 }
542 }
543 JS_UNLOCK_SCOPE(cx, scope);
544 return ok;
545 }
546
547 JSBool
548 js_GetArgument(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
549 {
550 return JS_TRUE;
551 }
552
553 JSBool
554 js_SetArgument(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
555 {
556 return SetFunctionSlot(cx, obj, js_SetArgument, id, *vp);
557 }
558
559 JSBool
560 js_GetLocalVariable(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
561 {
562 return JS_TRUE;
563 }
564
565 JSBool
566 js_SetLocalVariable(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
567 {
568 return SetFunctionSlot(cx, obj, js_SetLocalVariable, id, *vp);
569 }
570
571 /*
572 * Compute the 'this' parameter and store it in frame as frame.thisp.
573 * Activation objects ("Call" objects not created with "new Call()", i.e.,
574 * "Call" objects that have private data) may not be referred to by 'this',
575 * as dictated by ECMA.
576 *
577 * N.B.: fp->argv must be set, fp->argv[-1] the nominal 'this' paramter as
578 * a jsval, and fp->argv[-2] must be the callee object reference, usually a
579 * function object. Also, fp->flags must contain JSFRAME_CONSTRUCTING if we
580 * are preparing for a constructor call.
581 */
582 static JSBool
583 ComputeThis(JSContext *cx, JSObject *thisp, JSStackFrame *fp)
584 {
585 JSObject *parent;
586
587 if (thisp && OBJ_GET_CLASS(cx, thisp) != &js_CallClass) {
588 /* Some objects (e.g., With) delegate 'this' to another object. */
589 thisp = OBJ_THIS_OBJECT(cx, thisp);
590 if (!thisp)
591 return JS_FALSE;
592
593 /* Default return value for a constructor is the new object. */
594 if (fp->flags & JSFRAME_CONSTRUCTING)
595 fp->rval = OBJECT_TO_JSVAL(thisp);
596 } else {
597 /*
598 * ECMA requires "the global object", but in the presence of multiple
599 * top-level objects (windows, frames, or certain layers in the client
600 * object model), we prefer fun's parent. An example that causes this
601 * code to run:
602 *
603 * // in window w1
604 * function f() { return this }
605 * function g() { return f }
606 *
607 * // in window w2
608 * var h = w1.g()
609 * alert(h() == w1)
610 *
611 * The alert should display "true".
612 */
613 JS_ASSERT(!(fp->flags & JSFRAME_CONSTRUCTING));
614 if (JSVAL_IS_PRIMITIVE(fp->argv[-2]) ||
615 !(parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(fp->argv[-2])))) {
616 thisp = cx->globalObject;
617 } else {
618 /* walk up to find the top-level object */
619 thisp = parent;
620 while ((parent = OBJ_GET_PARENT(cx, thisp)) != NULL)
621 thisp = parent;
622 }
623 }
624 fp->thisp = thisp;
625 fp->argv[-1] = OBJECT_TO_JSVAL(thisp);
626 return JS_TRUE;
627 }
628
629 /*
630 * Find a function reference and its 'this' object implicit first parameter
631 * under argc arguments on cx's stack, and call the function. Push missing
632 * required arguments, allocate declared local variables, and pop everything
633 * when done. Then push the return value.
634 */
635 JS_FRIEND_API(JSBool)
636 js_Invoke(JSContext *cx, uintN argc, uintN flags)
637 {
638 void *mark;
639 JSStackFrame *fp, frame;
640 jsval *sp, *newsp, *limit;
641 jsval *vp, v;
642 JSObject *funobj, *parent, *thisp;
643 JSBool ok;
644 JSClass *clasp;
645 JSObjectOps *ops;
646 JSNative native;
647 JSFunction *fun;
648 JSScript *script;
649 uintN minargs, nvars;
650 intN nslots, nalloc, surplus;
651 JSInterpreterHook hook;
652 void *hookData;
653
654 /* Mark the top of stack and load frequently-used registers. */
655 mark = JS_ARENA_MARK(&cx->stackPool);
656 fp = cx->fp;
657 sp = fp->sp;
658
659 /*
660 * Set vp to the callee value's stack slot (it's where rval goes).
661 * Once vp is set, control should flow through label out2: to return.
662 * Set frame.rval early so native class and object ops can throw and
663 * return false, causing a goto out2 with ok set to false. Also set
664 * frame.flags to flags so that ComputeThis can test bits in it.
665 */
666 vp = sp - (2 + argc);
667 v = *vp;
668 frame.rval = JSVAL_VOID;
669 frame.flags = flags;
670 thisp = JSVAL_TO_OBJECT(vp[1]);
671
672 /*
673 * A callee must be an object reference, unless its |this| parameter
674 * implements the __noSuchMethod__ method, in which case that method will
675 * be called like so:
676 *
677 * thisp.__noSuchMethod__(id, args)
678 *
679 * where id is the name of the method that this invocation attempted to
680 * call by name, and args is an Array containing this invocation's actual
681 * parameters.
682 */
683 if (JSVAL_IS_PRIMITIVE(v)) {
684 #if JS_HAS_NO_SUCH_METHOD
685 jsbytecode *pc;
686 jsatomid atomIndex;
687 JSAtom *atom;
688 JSObject *argsobj;
689 JSArena *a;
690
691 if (!fp->script || (flags & JSINVOKE_INTERNAL))
692 goto bad;
693
694 /*
695 * We must ComputeThis here to censor Call objects; performance hit,
696 * but at least it's idempotent.
697 *
698 * Normally, we call ComputeThis after all frame members have been
699 * set, and in particular, after any revision of the callee value at
700 * *vp due to clasp->convert (see below). This matters because
701 * ComputeThis may access *vp via fp->argv[-2], to follow the parent
702 * chain to a global object to use as the |this| parameter.
703 *
704 * Obviously, here in the JSVAL_IS_PRIMITIVE(v) case, there can't be
705 * any such defaulting of |this| to callee (v, *vp) ancestor.
706 */
707 frame.argv = vp + 2;
708 ok = ComputeThis(cx, thisp, &frame);
709 if (!ok)
710 goto out2;
711 thisp = frame.thisp;
712
713 ok = OBJ_GET_PROPERTY(cx, thisp,
714 (jsid)cx->runtime->atomState.noSuchMethodAtom,
715 &v);
716 if (!ok)
717 goto out2;
718 if (JSVAL_IS_PRIMITIVE(v))
719 goto bad;
720
721 pc = (jsbytecode *) vp[-(intN)fp->script->depth];
722 switch ((JSOp) *pc) {
723 case JSOP_NAME:
724 case JSOP_GETPROP:
725 atomIndex = GET_ATOM_INDEX(pc);
726 atom = js_GetAtom(cx, &fp->script->atomMap, atomIndex);
727 argsobj = js_NewArrayObject(cx, argc, vp + 2);
728 if (!argsobj) {
729 ok = JS_FALSE;
730 goto out2;
731 }
732
733 sp = vp + 4;
734 if (argc < 2) {
735 a = cx->stackPool.current;
736 if ((jsuword)sp > a->limit) {
737 /*
738 * Arguments must be contiguous, and must include argv[-1]
739 * and argv[-2], so allocate more stack, advance sp, and
740 * set newsp[1] to thisp (vp[1]). The other argv elements
741 * will be set below, using negative indexing from sp.
742 */
743 newsp = js_AllocRawStack(cx, 4, NULL);
744 if (!newsp) {
745 ok = JS_FALSE;
746 goto out2;
747 }
748 newsp[1] = OBJECT_TO_JSVAL(thisp);
749 sp = newsp + 4;
750 } else if ((jsuword)sp > a->avail) {
751 /*
752 * Inline, optimized version of JS_ARENA_ALLOCATE to claim
753 * the small number of words not already allocated as part
754 * of the caller's operand stack.
755 */
756 JS_ArenaCountAllocation(pool, (jsuword)sp - a->avail);
757 a->avail = (jsuword)sp;
758 }
759 }
760
761 sp[-4] = v;
762 JS_ASSERT(sp[-3] == OBJECT_TO_JSVAL(thisp));
763 sp[-2] = ATOM_KEY(atom);
764 sp[-1] = OBJECT_TO_JSVAL(argsobj);
765 fp->sp = sp;
766 argc = 2;
767 break;
768
769 default:
770 goto bad;
771 }
772 #else
773 goto bad;
774 #endif
775 }
776
777 funobj = JSVAL_TO_OBJECT(v);
778 parent = OBJ_GET_PARENT(cx, funobj);
779 clasp = OBJ_GET_CLASS(cx, funobj);
780 if (clasp != &js_FunctionClass) {
781 /* Function is inlined, all other classes use object ops. */
782 ops = funobj->map->ops;
783
784 /*
785 * XXX
786 * Try converting to function, for closure and API compatibility.
787 * We attempt the conversion under all circumstances for 1.2, but
788 * only if there is a call op defined otherwise.
789 */
790 if (cx->version == JSVERSION_1_2 ||
791 ((ops == &js_ObjectOps) ? clasp->call : ops->call)) {
792 ok = clasp->convert(cx, funobj, JSTYPE_FUNCTION, &v);
793 if (!ok)
794 goto out2;
795
796 if (JSVAL_IS_FUNCTION(cx, v)) {
797 /* Make vp refer to funobj to keep it available as argv[-2]. */
798 *vp = v;
799 funobj = JSVAL_TO_OBJECT(v);
800 parent = OBJ_GET_PARENT(cx, funobj);
801 goto have_fun;
802 }
803 }
804 fun = NULL;
805 script = NULL;
806 minargs = nvars = 0;
807
808 /* Try a call or construct native object op. */
809 native = (flags & JSINVOKE_CONSTRUCT) ? ops->construct : ops->call;
810 if (!native)
811 goto bad;
812 } else {
813 have_fun:
814 /* Get private data and set derived locals from it. */
815 fun = (JSFunction *) JS_GetPrivate(cx, funobj);
816 native = fun->native;
817 script = fun->script;
818 minargs = fun->nargs + fun->extra;
819 nvars = fun->nvars;
820
821 /* Handle bound method special case. */
822 if (fun->flags & JSFUN_BOUND_METHOD)
823 thisp = parent;
824 }
825
826 /* Initialize the rest of frame, except for sp (set by SAVE_SP later). */
827 frame.varobj = NULL;
828 frame.callobj = frame.argsobj = NULL;
829 frame.script = script;
830 frame.fun = fun;
831 frame.argc = argc;
832 frame.argv = sp - argc;
833 frame.nvars = nvars;
834 frame.vars = sp;
835 frame.down = fp;
836 frame.annotation = NULL;
837 frame.scopeChain = NULL; /* set below for real, after cx->fp is set */
838 frame.pc = NULL;
839 frame.spbase = NULL;
840 frame.sharpDepth = 0;
841 frame.sharpArray = NULL;
842 frame.dormantNext = NULL;
843 frame.objAtomMap = NULL;
844
845 /* Compute the 'this' parameter and store it in frame as frame.thisp. */
846 ok = ComputeThis(cx, thisp, &frame);
847 if (!ok)
848 goto out2;
849
850 /* From here on, control must flow through label out: to return. */
851 cx->fp = &frame;
852
853 /* Init these now in case we goto out before first hook call. */
854 hook = cx->runtime->callHook;
855 hookData = NULL;
856
857 /* Check for missing arguments expected by the function. */
858 nslots = (intN)((argc < minargs) ? minargs - argc : 0);
859 if (nslots) {
860 /* All arguments must be contiguous, so we may have to copy actuals. */
861 nalloc = nslots;
862 limit = (jsval *) cx->stackPool.current->limit;
863 if (sp + nslots > limit) {
864 /* Hit end of arena: we have to copy argv[-2..(argc+nslots-1)]. */
865 nalloc += 2 + argc;
866 } else {
867 /* Take advantage of surplus slots in the caller's frame depth. */
868 surplus = (jsval *)mark - sp;
869 JS_ASSERT(surplus >= 0);
870 nalloc -= surplus;
871 }
872
873 /* Check whether we have enough space in the caller's frame. */
874 if (nalloc > 0) {
875 /* Need space for actuals plus missing formals minus surplus. */
876 newsp = js_AllocRawStack(cx, (uintN)nalloc, NULL);
877 if (!newsp) {
878 ok = JS_FALSE;
879 goto out;
880 }
881
882 /* If we couldn't allocate contiguous args, copy actuals now. */
883 if (newsp != mark) {
884 JS_ASSERT(sp + nslots > limit);
885 JS_ASSERT(2 + argc + nslots == (uintN)nalloc);
886 *newsp++ = vp[0];
887 *newsp++ = vp[1];
888 if (argc)
889 memcpy(newsp, frame.argv, argc * sizeof(jsval));
890 frame.argv = newsp;
891 sp = frame.vars = newsp + argc;
892 }
893 }
894
895 /* Advance frame.vars to make room for the missing args. */
896 frame.vars += nslots;
897
898 /* Push void to initialize missing args. */
899 while (--nslots >= 0)
900 PUSH(JSVAL_VOID);
901 }
902
903 /* Now allocate stack space for local variables. */
904 nslots = (intN)frame.nvars;
905 if (nslots) {
906 surplus = (intN)((jsval *)cx->stackPool.current->avail - frame.vars);
907 if (surplus < nslots) {
908 newsp = js_AllocRawStack(cx, (uintN)nslots, NULL);
909 if (!newsp) {
910 ok = JS_FALSE;
911 goto out;
912 }
913 if (newsp != sp) {
914 /* NB: Discontinuity between argv and vars. */
915 sp = frame.vars = newsp;
916 }
917 }
918
919 /* Push void to initialize local variables. */
920 while (--nslots >= 0)
921 PUSH(JSVAL_VOID);
922 }
923
924 /* Store the current sp in frame before calling fun. */
925 SAVE_SP(&frame);
926
927 /* call the hook if present */
928 if (hook && (native || script))
929 hookData = hook(cx, &frame, JS_TRUE, 0, cx->runtime->callHookData);
930
931 /* Call the function, either a native method or an interpreted script. */
932 if (native) {
933 #if JS_HAS_LVALUE_RETURN
934 /* Set by JS_SetCallReturnValue2, used to return reference types. */
935 cx->rval2set = JS_FALSE;
936 #endif
937
938 /* If native, use caller varobj and scopeChain for eval. */
939 frame.varobj = fp->varobj;
940 frame.scopeChain = fp->scopeChain;
941 ok = native(cx, frame.thisp, argc, frame.argv, &frame.rval);
942 JS_RUNTIME_METER(cx->runtime, nativeCalls);
943 } else if (script) {
944 /* Use parent scope so js_GetCallObject can find the right "Call". */
945 frame.scopeChain = parent;
946 if (fun->flags & JSFUN_HEAVYWEIGHT) {
947 #if JS_HAS_CALL_OBJECT
948 /* Scope with a call object parented by the callee's parent. */
949 if (!js_GetCallObject(cx, &frame, parent)) {
950 ok = JS_FALSE;
951 goto out;
952 }
953 #else
954 /* Bad old code used the function as a proxy for all calls to it. */
955 frame.scopeChain = funobj;
956 #endif
957 }
958 ok = js_Interpret(cx, &v);
959 } else {
960 /* fun might be onerror trying to report a syntax error in itself. */
961 frame.scopeChain = NULL;
962 ok = JS_TRUE;
963 }
964
965 out:
966 if (hookData) {
967 hook = cx->runtime->callHook;
968 if (hook)
969 hook(cx, &frame, JS_FALSE, &ok, hookData);
970 }
971 #if JS_HAS_CALL_OBJECT
972 /* If frame has a call object, sync values and clear back-pointer. */
973 if (frame.callobj)
974 ok &= js_PutCallObject(cx, &frame);
975 #endif
976 #if JS_HAS_ARGS_OBJECT
977 /* If frame has an arguments object, sync values and clear back-pointer. */
978 if (frame.argsobj)
979 ok &= js_PutArgsObject(cx, &frame);
980 #endif
981
982 /* Restore cx->fp now that we're done releasing frame objects. */
983 cx->fp = fp;
984
985 out2:
986 /* Pop everything we may have allocated off the stack. */
987 JS_ARENA_RELEASE(&cx->stackPool, mark);
988
989 /* Store the return value and restore sp just above it. */
990 *vp = frame.rval;
991 fp->sp = vp + 1;
992
993 /*
994 * Store the location of the JSOP_CALL or JSOP_EVAL that generated the
995 * return value, but only if this is an external (compiled from script
996 * source) call that has stack budget for the generating pc.
997 */
998 if (fp->script && !(flags & JSINVOKE_INTERNAL))
999 vp[-(intN)fp->script->depth] = (jsval)fp->pc;
1000 return ok;
1001
1002 bad:
1003 js_ReportIsNotFunction(cx, vp, flags & JSINVOKE_CONSTRUCT);
1004 ok = JS_FALSE;
1005 goto out2;
1006 }
1007
1008 JSBool
1009 js_InternalInvoke(JSContext *cx, JSObject *obj, jsval fval, uintN flags,
1010 uintN argc, jsval *argv, jsval *rval)
1011 {
1012 JSStackFrame *fp, *oldfp, frame;
1013 jsval *oldsp, *sp;
1014 void *mark;
1015 uintN i;
1016 JSBool ok;
1017
1018 fp = oldfp = cx->fp;
1019 if (!fp) {
1020 memset(&frame, 0, sizeof frame);
1021 cx->fp = fp = &frame;
1022 }
1023 oldsp = fp->sp;
1024 sp = js_AllocStack(cx, 2 + argc, &mark);
1025 if (!sp) {
1026 ok = JS_FALSE;
1027 goto out;
1028 }
1029
1030 PUSH(fval);
1031 PUSH(OBJECT_TO_JSVAL(obj));
1032 for (i = 0; i < argc; i++)
1033 PUSH(argv[i]);
1034 fp->sp = sp;
1035 ok = js_Invoke(cx, argc, flags | JSINVOKE_INTERNAL);
1036 if (ok) {
1037 RESTORE_SP(fp);
1038 *rval = POP_OPND();
1039 }
1040
1041 js_FreeStack(cx, mark);
1042 out:
1043 fp->sp = oldsp;
1044 if (oldfp != fp)
1045 cx->fp = oldfp;
1046
1047 return ok;
1048 }
1049
1050 JSBool
1051 js_InternalGetOrSet(JSContext *cx, JSObject *obj, jsid id, jsval fval,
1052 JSAccessMode mode, uintN argc, jsval *argv, jsval *rval)
1053 {
1054 /*
1055 * Check general (not object-ops/class-specific) access from the running
1056 * script to obj.id only if id has a scripted getter or setter that we're
1057 * about to invoke. If we don't check this case, nothing else will -- no
1058 * other native code has the chance to check.
1059 *
1060 * Contrast this non-native (scripted) case with native getter and setter
1061 * accesses, where the native itself must do an access check, if security
1062 * policies requires it. We make a checkAccess or checkObjectAccess call
1063 * back to the embedding program only in those cases where we're not going
1064 * to call an embedding-defined native function, getter, setter, or class
1065 * hook anyway. Where we do call such a native, there's no need for the
1066 * engine to impose a separate access check callback on all embeddings --
1067 * many embeddings have no security policy at all.
1068 */
1069 JS_ASSERT(mode == JSACC_READ || mode == JSACC_WRITE);
1070 if (cx->runtime->checkObjectAccess &&
1071 JSVAL_IS_FUNCTION(cx, fval) &&
1072 ((JSFunction *) JS_GetPrivate(cx, JSVAL_TO_OBJECT(fval)))->script &&
1073 !cx->runtime->checkObjectAccess(cx, obj, ID_TO_VALUE(id), mode,
1074 &fval)) {
1075 return JS_FALSE;
1076 }
1077
1078 return js_InternalCall(cx, obj, fval, argc, argv, rval);
1079 }
1080
1081 JSBool
1082 js_Execute(JSContext *cx, JSObject *chain, JSScript *script,
1083 JSStackFrame *down, uintN special, jsval *result)
1084 {
1085 JSStackFrame *oldfp, frame;
1086 JSObject *obj, *tmp;
1087 JSBool ok;
1088 JSInterpreterHook hook;
1089 void *hookData;
1090
1091 hook = cx->runtime->executeHook;
1092 hookData = NULL;
1093 oldfp = cx->fp;
1094 frame.callobj = frame.argsobj = NULL;
1095 frame.script = script;
1096 if (down) {
1097 /* Propagate arg/var state for eval and the debugger API. */
1098 frame.varobj = down->varobj;
1099 frame.fun = down->fun;
1100 frame.thisp = down->thisp;
1101 frame.argc = down->argc;
1102 frame.argv = down->argv;
1103 frame.nvars = down->nvars;
1104 frame.vars = down->vars;
1105 frame.annotation = down->annotation;
1106 frame.sharpArray = down->sharpArray;
1107 } else {
1108 obj = chain;
1109 if (cx->options & JSOPTION_VAROBJFIX) {
1110 while ((tmp = OBJ_GET_PARENT(cx, obj)) != NULL)
1111 obj = tmp;
1112 }
1113 frame.varobj = obj;
1114 frame.fun = NULL;
1115 frame.thisp = chain;
1116 frame.argc = frame.nvars = 0;
1117 frame.argv = frame.vars = NULL;
1118 frame.annotation = NULL;
1119 frame.sharpArray = NULL;
1120 }
1121 frame.rval = JSVAL_VOID;
1122 frame.down = down;
1123 frame.scopeChain = chain;
1124 frame.pc = NULL;
1125 frame.sp = oldfp ? oldfp->sp : NULL;
1126 frame.spbase = NULL;
1127 frame.sharpDepth = 0;
1128 frame.flags = special;
1129 frame.dormantNext = NULL;
1130 frame.objAtomMap = NULL;
1131
1132 /*
1133 * Here we wrap the call to js_Interpret with code to (conditionally)
1134 * save and restore the old stack frame chain into a chain of 'dormant'
1135 * frame chains. Since we are replacing cx->fp, we were running into
1136 * the problem that if GC was called under this frame, some of the GC
1137 * things associated with the old frame chain (available here only in
1138 * the C variable 'oldfp') were not rooted and were being collected.
1139 *
1140 * So, now we preserve the links to these 'dormant' frame chains in cx
1141 * before calling js_Interpret and cleanup afterwards. The GC walks
1142 * these dormant chains and marks objects in the same way that it marks
1143 * objects in the primary cx->fp chain.
1144 */
1145 if (oldfp && oldfp != down) {
1146 JS_ASSERT(!oldfp->dormantNext);
1147 oldfp->dormantNext = cx->dormantFrameChain;
1148 cx->dormantFrameChain = oldfp;
1149 }
1150
1151 cx->fp = &frame;
1152 if (hook)
1153 hookData = hook(cx, &frame, JS_TRUE, 0, cx->runtime->executeHookData);
1154
1155 /*
1156 * Use frame.rval, not result, so the last result stays rooted across any
1157 * GC activations nested within this js_Interpret.
1158 */
1159 ok = js_Interpret(cx, &frame.rval);
1160 *result = frame.rval;
1161
1162 if (hookData) {
1163 hook = cx->runtime->executeHook;
1164 if (hook)
1165 hook(cx, &frame, JS_FALSE, &ok, hookData);
1166 }
1167 cx->fp = oldfp;
1168
1169 if (oldfp && oldfp != down) {
1170 JS_ASSERT(cx->dormantFrameChain == oldfp);
1171 cx->dormantFrameChain = oldfp->dormantNext;
1172 oldfp->dormantNext = NULL;
1173 }
1174
1175 return ok;
1176 }
1177
1178 #if JS_HAS_EXPORT_IMPORT
1179 /*
1180 * If id is JSVAL_VOID, import all exported properties from obj.
1181 */
1182 static JSBool
1183 ImportProperty(JSContext *cx, JSObject *obj, jsid id)
1184 {
1185 JSBool ok;
1186 JSIdArray *ida;
1187 JSProperty *prop;
1188 JSObject *obj2, *target, *funobj, *closure;
1189 JSString *str;
1190 uintN attrs;
1191 jsint i;
1192 jsval value;
1193
1194 if (JSVAL_IS_VOID(id)) {
1195 ida = JS_Enumerate(cx, obj);
1196 if (!ida)
1197 return JS_FALSE;
1198 ok = JS_TRUE;
1199 if (ida->length == 0)
1200 goto out;
1201 } else {
1202 ida = NULL;
1203 if (!OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop))
1204 return JS_FALSE;
1205 if (!prop) {
1206 str = js_DecompileValueGenerator(cx, JSDVG_IGNORE_STACK,
1207 ID_TO_VALUE(id), NULL);
1208 if (str)
1209 js_ReportIsNotDefined(cx, JS_GetStringBytes(str));
1210 return JS_FALSE;
1211 }
1212 ok = OBJ_GET_ATTRIBUTES(cx, obj, id, prop, &attrs);
1213 OBJ_DROP_PROPERTY(cx, obj2, prop);
1214 if (!ok)
1215 return JS_FALSE;
1216 if (!(attrs & JSPROP_EXPORTED)) {
1217 str = js_DecompileValueGenerator(cx, JSDVG_IGNORE_STACK,
1218 ID_TO_VALUE(id), NULL);
1219 if (str) {
1220 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1221 JSMSG_NOT_EXPORTED,
1222 JS_GetStringBytes(str));
1223 }
1224 return JS_FALSE;
1225 }
1226 }
1227
1228 target = cx->fp->varobj;
1229 i = 0;
1230 do {
1231 if (ida) {
1232 id = ida->vector[i];
1233 ok = OBJ_GET_ATTRIBUTES(cx, obj, id, NULL, &attrs);
1234 if (!ok)
1235 goto out;
1236 if (!(attrs & JSPROP_EXPORTED))
1237 continue;
1238 }
1239 ok = OBJ_CHECK_ACCESS(cx, obj, id, JSACC_IMPORT, &value, &attrs);
1240 if (!ok)
1241 goto out;
1242 if (JSVAL_IS_FUNCTION(cx, value)) {
1243 funobj = JSVAL_TO_OBJECT(value);
1244 closure = js_CloneFunctionObject(cx, funobj, obj);
1245 if (!closure) {
1246 ok = JS_FALSE;
1247 goto out;
1248 }
1249 value = OBJECT_TO_JSVAL(closure);
1250 }
1251
1252 /*
1253 * Handle the case of importing a property that refers to a local
1254 * variable or formal parameter of a function activation. These
1255 * properties are accessed by opcodes using stack slot numbers
1256 * generated by the compiler rather than runtime name-lookup. These
1257 * local references, therefore, bypass the normal scope chain lookup.
1258 * So, instead of defining a new property in the activation object,
1259 * modify the existing value in the stack slot.
1260 */
1261 if (OBJ_GET_CLASS(cx, target) == &js_CallClass) {
1262 ok = OBJ_LOOKUP_PROPERTY(cx, target, id, &obj2, &prop);
1263 if (!ok)
1264 goto out;
1265 } else {
1266 prop = NULL;
1267 }
1268 if (prop && target == obj2) {
1269 ok = OBJ_SET_PROPERTY(cx, target, id, &value);
1270 } else {
1271 ok = OBJ_DEFINE_PROPERTY(cx, target, id, value, NULL, NULL,
1272 attrs & ~JSPROP_EXPORTED,
1273 NULL);
1274 }
1275 if (prop)
1276 OBJ_DROP_PROPERTY(cx, obj2, prop);
1277 if (!ok)
1278 goto out;
1279 } while (ida && ++i < ida->length);
1280
1281 out:
1282 if (ida)
1283 JS_DestroyIdArray(cx, ida);
1284 return ok;
1285 }
1286 #endif /* JS_HAS_EXPORT_IMPORT */
1287
1288 JSBool
1289 js_CheckRedeclaration(JSContext *cx, JSObject *obj, jsid id, uintN attrs,
1290 JSBool *foundp)
1291 {
1292 JSObject *obj2;
1293 JSProperty *prop;
1294 JSBool ok;
1295 uintN oldAttrs, report;
1296 JSBool isFunction;
1297 jsval value;
1298 const char *type, *name;
1299
1300 if (!OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop))
1301 return JS_FALSE;
1302 *foundp = (prop != NULL);
1303 if (!prop)
1304 return JS_TRUE;
1305 ok = OBJ_GET_ATTRIBUTES(cx, obj2, id, prop, &oldAttrs);
1306 OBJ_DROP_PROPERTY(cx, obj2, prop);
1307 if (!ok)
1308 return JS_FALSE;
1309
1310 /* If either property is readonly, we have an error. */
1311 report = ((oldAttrs | attrs) & JSPROP_READONLY)
1312 ? JSREPORT_ERROR
1313 : JSREPORT_WARNING | JSREPORT_STRICT;
1314
1315 if (report != JSREPORT_ERROR) {
1316 /*
1317 * Allow redeclaration of variables and functions, but insist that the
1318 * new value is not a getter if the old value was, ditto for setters --
1319 * unless prop is impermanent (in which case anyone could delete it and
1320 * redefine it, willy-nilly).
1321 */
1322 if (!(attrs & (JSPROP_GETTER | JSPROP_SETTER)))
1323 return JS_TRUE;
1324 if ((~(oldAttrs ^ attrs) & (JSPROP_GETTER | JSPROP_SETTER)) == 0)
1325 return JS_TRUE;
1326 if (!(oldAttrs & JSPROP_PERMANENT))
1327 return JS_TRUE;
1328 report = JSREPORT_ERROR;
1329 }
1330
1331 isFunction = (oldAttrs & (JSPROP_GETTER | JSPROP_SETTER)) != 0;
1332 if (!isFunction) {
1333 if (!OBJ_GET_PROPERTY(cx, obj, id, &value))
1334 return JS_FALSE;
1335 isFunction = JSVAL_IS_FUNCTION(cx, value);
1336 }
1337 type = (oldAttrs & attrs & JSPROP_GETTER)
1338 ? js_getter_str
1339 : (oldAttrs & attrs & JSPROP_SETTER)
1340 ? js_setter_str
1341 : (oldAttrs & JSPROP_READONLY)
1342 ? js_const_str
1343 : isFunction
1344 ? js_function_str
1345 : js_var_str;
1346 name = js_AtomToPrintableString(cx, (JSAtom *)id);
1347 if (!name)
1348 return JS_FALSE;
1349 return JS_ReportErrorFlagsAndNumber(cx, report,
1350 js_GetErrorMessage, NULL,
1351 JSMSG_REDECLARED_VAR,
1352 type, name);
1353 }
1354
1355 #ifndef MAX_INTERP_LEVEL
1356 #if defined(XP_OS2)
1357 #define MAX_INTERP_LEVEL 250
1358 #elif defined _MSC_VER && _MSC_VER <= 800
1359 #define MAX_INTERP_LEVEL 30
1360 #else
1361 #define MAX_INTERP_LEVEL 1000
1362 #endif
1363 #endif
1364
1365 #define MAX_INLINE_CALL_COUNT 1000
1366
1367 JSBool
1368 js_Interpret(JSContext *cx, jsval *result)
1369 {
1370 JSRuntime *rt;
1371 JSStackFrame *fp;
1372 JSScript *script;
1373 uintN inlineCallCount;
1374 JSObject *obj, *obj2, *proto, *parent;
1375 JSVersion currentVersion, originalVersion;
1376 JSBranchCallback onbranch;
1377 JSBool ok, cond;
1378 JSTrapHandler interruptHandler;
1379 jsint depth, len;
1380 jsval *sp = NULL, *newsp;
1381 void *mark;
1382 jsbytecode *pc, *pc2, *endpc;
1383 JSOp op, op2;
1384 const JSCodeSpec *cs = NULL;
1385 JSAtom *atom;
1386 uintN argc, slot, attrs;
1387 jsval *vp, lval, rval, ltmp, rtmp;
1388 jsid id = 0;
1389 JSObject *withobj, *origobj, *propobj;
1390 jsval iter_state;
1391 JSProperty *prop;
1392 JSScopeProperty *sprop;
1393 JSString *str, *str2;
1394 jsint i, j;
1395 jsdouble d, d2;
1396 JSClass *clasp, *funclasp;
1397 JSFunction *fun;
1398 JSType type;
1399 #ifdef DEBUG
1400 FILE *tracefp = NULL;
1401 #endif
1402 #if JS_HAS_EXPORT_IMPORT
1403 JSIdArray *ida;
1404 #endif
1405 #if JS_HAS_SWITCH_STATEMENT
1406 jsint low, high, off, npairs;
1407 JSBool match;
1408 #endif
1409 #if JS_HAS_GETTER_SETTER
1410 JSPropertyOp getter, setter;
1411 #endif
1412 int stackDummy;
1413
1414 *result = JSVAL_VOID;
1415 rt = cx->runtime;
1416
1417 /* Set registerized frame pointer and derived script pointer. */
1418 fp = cx->fp;
1419 script = fp->script;
1420
1421 /* Count of JS function calls that nest in this C js_Interpret frame. */
1422 inlineCallCount = 0;
1423
1424 /*
1425 * Optimized Get and SetVersion for proper script language versioning.
1426 *
1427 * If any native method or JSClass/JSObjectOps hook calls JS_SetVersion
1428 * and changes cx->version, the effect will "stick" and we will stop
1429 * maintaining currentVersion. This is relied upon by testsuites, for
1430 * the most part -- web browsers select version before compiling and not
1431 * at run-time.
1432 */
1433 currentVersion = script->version;
1434 originalVersion = cx->version;
1435 if (currentVersion != originalVersion)
1436 JS_SetVersion(cx, currentVersion);
1437
1438 /*
1439 * Prepare to call a user-supplied branch handler, and abort the script
1440 * if it returns false. We reload onbranch after calling out to native
1441 * functions (but not to getters, setters, or other native hooks).
1442 */
1443 #define LOAD_BRANCH_CALLBACK(cx) (onbranch = (cx)->branchCallback)
1444
1445 LOAD_BRANCH_CALLBACK(cx);
1446 ok = JS_TRUE;
1447 #define CHECK_BRANCH(len) \
1448 JS_BEGIN_MACRO \
1449 if (len <= 0 && onbranch) { \
1450 SAVE_SP(fp); \
1451 if (!(ok = (*onbranch)(cx, script))) \
1452 goto out; \
1453 } \
1454 JS_END_MACRO
1455
1456 /*
1457 * Load the debugger's interrupt hook here and after calling out to native
1458 * functions (but not to getters, setters, or other native hooks), so we do
1459 * not have to reload it each time through the interpreter loop -- we hope
1460 * the compiler can keep it in a register.
1461 * XXX if it spills, we still lose
1462 */
1463 #define LOAD_INTERRUPT_HANDLER(rt) (interruptHandler = (rt)->interruptHandler)
1464
1465 LOAD_INTERRUPT_HANDLER(rt);
1466
1467 pc = script->code;
1468 endpc = pc + script->length;
1469 depth = (jsint) script->depth;
1470 len = -1;
1471
1472 /* Check for too much js_Interpret nesting, or too deep a C stack. */
1473 if (++cx->interpLevel == MAX_INTERP_LEVEL ||
1474 !JS_CHECK_STACK_SIZE(cx, stackDummy)) {
1475 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_OVER_RECURSED);
1476 ok = JS_FALSE;
1477 goto out;
1478 }
1479
1480 /*
1481 * Allocate operand and pc stack slots for the script's worst-case depth.
1482 */
1483 newsp = js_AllocRawStack(cx, (uintN)(2 * depth), &mark);
1484 if (!newsp) {
1485 ok = JS_FALSE;
1486 goto out;
1487 }
1488 sp = newsp + depth;
1489 fp->spbase = sp;
1490 SAVE_SP(fp);
1491
1492 while (pc < endpc) {
1493 fp->pc = pc;
1494 op = (JSOp) *pc;
1495 do_op:
1496 cs = &js_CodeSpec[op];
1497 len = cs->length;
1498
1499 #ifdef DEBUG
1500 tracefp = (FILE *) cx->tracefp;
1501 if (tracefp) {
1502 intN nuses, n;
1503
1504 fprintf(tracefp, "%4u: ", js_PCToLineNumber(cx, script, pc));
1505 js_Disassemble1(cx, script, pc,
1506 PTRDIFF(pc, script->code, jsbytecode), JS_FALSE,
1507 tracefp);
1508 nuses = cs->nuses;
1509 if (nuses) {
1510 SAVE_SP(fp);
1511 for (n = -nuses; n < 0; n++) {
1512 str = js_DecompileValueGenerator(cx, n, sp[n], NULL);
1513 if (str != NULL) {
1514 fprintf(tracefp, "%s %s",
1515 (n == -nuses) ? " inputs:" : ",",
1516 JS_GetStringBytes(str));
1517 }
1518 }
1519 fprintf(tracefp, " @ %d\n", sp - fp->spbase);
1520 }
1521 }
1522 #endif
1523
1524 if (interruptHandler) {
1525 SAVE_SP(fp);
1526 switch (interruptHandler(cx, script, pc, &rval,
1527 rt->interruptHandlerData)) {
1528 case JSTRAP_ERROR:
1529 ok = JS_FALSE;
1530 goto out;
1531 case JSTRAP_CONTINUE:
1532 break;
1533 case JSTRAP_RETURN:
1534 fp->rval = rval;
1535 goto out;
1536 #if JS_HAS_EXCEPTIONS
1537 case JSTRAP_THROW:
1538 cx->throwing = JS_TRUE;
1539 cx->exception = rval;
1540 ok = JS_FALSE;
1541 goto out;
1542 #endif /* JS_HAS_EXCEPTIONS */
1543 default:;
1544 }
1545 LOAD_INTERRUPT_HANDLER(rt);
1546 }
1547
1548 switch (op) {
1549 case JSOP_NOP:
1550 break;
1551
1552 case JSOP_GROUP:
1553 obj = NULL;
1554 break;
1555
1556 case JSOP_PUSH:
1557 PUSH_OPND(JSVAL_VOID);
1558 break;
1559
1560 case JSOP_POP:
1561 sp--;
1562 break;
1563
1564 case JSOP_POP2:
1565 sp -= 2;
1566 break;
1567
1568 case JSOP_FLASHSWAP:
1569 id = pc[1] << 8 | pc[2];
1570 ltmp = sp[-1];
1571 sp[-1] = sp[-id];
1572 sp[-id] = ltmp;
1573 break;
1574 case JSOP_SWAP:
1575 /*
1576 * N.B. JSOP_SWAP doesn't swap the corresponding generating pcs
1577 * for the operands it swaps.
1578 */
1579 ltmp = sp[-1];
1580 sp[-1] = sp[-2];
1581 sp[-2] = ltmp;
1582 break;
1583
1584 case JSOP_POPV:
1585 *result = POP_OPND();
1586 break;
1587
1588 case JSOP_ENTERWITH:
1589 rval = FETCH_OPND(-1);
1590 VALUE_TO_OBJECT(cx, rval, obj);
1591 withobj = js_NewObject(cx, &js_WithClass, obj, fp->scopeChain);
1592 if (!withobj)
1593 goto out;
1594 fp->scopeChain = withobj;
1595 STORE_OPND(-1, OBJECT_TO_JSVAL(withobj));
1596 break;
1597
1598 case JSOP_LEAVEWITH:
1599 rval = POP_OPND();
1600 JS_ASSERT(JSVAL_IS_OBJECT(rval));
1601 withobj = JSVAL_TO_OBJECT(rval);
1602 JS_ASSERT(OBJ_GET_CLASS(cx, withobj) == &js_WithClass);
1603
1604 rval = OBJ_GET_SLOT(cx, withobj, JSSLOT_PARENT);
1605 JS_ASSERT(JSVAL_IS_OBJECT(rval));
1606 fp->scopeChain = JSVAL_TO_OBJECT(rval);
1607 break;
1608
1609 case JSOP_SETRVAL:
1610 fp->rval = POP_OPND();
1611 break;
1612
1613 case JSOP_RETURN:
1614 CHECK_BRANCH(-1);
1615 fp->rval = POP_OPND();
1616 /* FALL THROUGH */
1617
1618 case JSOP_RETRVAL: /* fp->rval already set */
1619 if (inlineCallCount)
1620 inline_return:
1621 {
1622 JSInlineFrame *ifp = (JSInlineFrame *) fp;
1623 void *hookData = ifp->hookData;
1624
1625 if (hookData) {
1626 JSInterpreterHook hook = cx->runtime->callHook;
1627 if (hook) {
1628 hook(cx, fp, JS_FALSE, &ok, hookData);
1629 LOAD_INTERRUPT_HANDLER(rt);
1630 }
1631 }
1632 #if JS_HAS_ARGS_OBJECT
1633 if (fp->argsobj)
1634 ok &= js_PutArgsObject(cx, fp);
1635 #endif
1636
1637 /* Restore context version only if callee hasn't set version. */
1638 if (cx->version == currentVersion) {
1639 currentVersion = ifp->callerVersion;
1640 if (currentVersion != cx->version)
1641 JS_SetVersion(cx, currentVersion);
1642 }
1643
1644 /* Store the return value in the caller's operand frame. */
1645 vp = fp->argv - 2;
1646 *vp = fp->rval;
1647
1648 /* Restore cx->fp and release the inline frame's space. */
1649 cx->fp = fp = fp->down;
1650 JS_ARENA_RELEASE(&cx->stackPool, ifp->mark);
1651
1652 /* Restore sp to point just above the return value. */
1653 fp->sp = vp + 1;
1654 RESTORE_SP(fp);
1655
1656 /* Restore the calling script's interpreter registers. */
1657 script = fp->script;
1658 depth = (jsint) script->depth;
1659 pc = fp->pc;
1660 endpc = script->code + script->length;
1661
1662 /* Store the generating pc for the return value. */
1663 vp[-depth] = (jsval)pc;
1664
1665 /* Set remaining variables for 'goto advance_pc'. */
1666 op = (JSOp) *pc;
1667 cs = &js_CodeSpec[op];
1668 len = cs->length;
1669
1670 /* Resume execution in the calling frame. */
1671 inlineCallCount--;
1672 if (ok)
1673 goto advance_pc;
1674 }
1675 goto out;
1676
1677 #if JS_HAS_SWITCH_STATEMENT
1678 case JSOP_DEFAULT:
1679 (void) POP();
1680 /* FALL THROUGH */
1681 #endif
1682 case JSOP_GOTO:
1683 len = GET_JUMP_OFFSET(pc);
1684 CHECK_BRANCH(len);
1685 break;
1686
1687 case JSOP_IFEQ:
1688 POP_BOOLEAN(cx, rval, cond);
1689 if (cond == JS_FALSE) {
1690 len = GET_JUMP_OFFSET(pc);
1691 CHECK_BRANCH(len);
1692 }
1693 break;
1694
1695 case JSOP_IFNE:
1696 POP_BOOLEAN(cx, rval, cond);
1697 if (cond != JS_FALSE) {
1698 len = GET_JUMP_OFFSET(pc);
1699 CHECK_BRANCH(len);
1700 }
1701 break;
1702
1703 case JSOP_OR:
1704 POP_BOOLEAN(cx, rval, cond);
1705 if (cond == JS_TRUE) {
1706 len = GET_JUMP_OFFSET(pc);
1707 PUSH_OPND(rval);
1708 }
1709 break;
1710
1711 case JSOP_AND:
1712 POP_BOOLEAN(cx, rval, cond);
1713 if (cond == JS_FALSE) {
1714 len = GET_JUMP_OFFSET(pc);
1715 PUSH_OPND(rval);
1716 }
1717 break;
1718
1719
1720 #if JS_HAS_SWITCH_STATEMENT
1721 case JSOP_DEFAULTX:
1722 (void) POP();
1723 /* FALL THROUGH */
1724 #endif
1725 case JSOP_GOTOX:
1726 len = GET_JUMPX_OFFSET(pc);
1727 CHECK_BRANCH(len);
1728 break;
1729
1730 case JSOP_IFEQX:
1731 POP_BOOLEAN(cx, rval, cond);
1732 if (cond == JS_FALSE) {
1733 len = GET_JUMPX_OFFSET(pc);
1734 CHECK_BRANCH(len);
1735 }
1736 break;
1737
1738 case JSOP_IFNEX:
1739 POP_BOOLEAN(cx, rval, cond);
1740 if (cond != JS_FALSE) {
1741 len = GET_JUMPX_OFFSET(pc);
1742 CHECK_BRANCH(len);
1743 }
1744 break;
1745
1746 case JSOP_ORX:
1747 POP_BOOLEAN(cx, rval, cond);
1748 if (cond == JS_TRUE) {
1749 len = GET_JUMPX_OFFSET(pc);
1750 PUSH_OPND(rval);
1751 }
1752 break;
1753
1754 case JSOP_ANDX:
1755 POP_BOOLEAN(cx, rval, cond);
1756 if (cond == JS_FALSE) {
1757 len = GET_JUMPX_OFFSET(pc);
1758 PUSH_OPND(rval);
1759 }
1760 break;
1761
1762 case JSOP_TOOBJECT:
1763 SAVE_SP(fp);
1764 ok = js_ValueToObject(cx, FETCH_OPND(-1), &obj);
1765 if (!ok)
1766 goto out;
1767 STORE_OPND(-1, OBJECT_TO_JSVAL(obj));
1768 break;
1769
1770 #define FETCH_ELEMENT_ID(n, id) \
1771 JS_BEGIN_MACRO \
1772 /* If the index is not a jsint, atomize it. */ \
1773 id = (jsid) FETCH_OPND(n); \
1774 if (JSVAL_IS_INT(id)) { \
1775 atom = NULL; \
1776 } else { \
1777 SAVE_SP(fp); \
1778 atom = js_ValueToStringAtom(cx, (jsval)id); \
1779 if (!atom) { \
1780 ok = JS_FALSE; \
1781 goto out; \
1782 } \
1783 id = (jsid)atom; \
1784 } \
1785 JS_END_MACRO
1786
1787 #define POP_ELEMENT_ID(id) \
1788 JS_BEGIN_MACRO \
1789 FETCH_ELEMENT_ID(-1, id); \
1790 sp--; \
1791 JS_END_MACRO
1792
1793 #if JS_HAS_IN_OPERATOR
1794 case JSOP_IN:
1795 SAVE_SP(fp);
1796 rval = FETCH_OPND(-1);
1797 if (JSVAL_IS_PRIMITIVE(rval)) {
1798 str = js_DecompileValueGenerator(cx, -1, rval, NULL);
1799 if (str) {
1800 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1801 JSMSG_IN_NOT_OBJECT,
1802 JS_GetStringBytes(str));
1803 }
1804 ok = JS_FALSE;
1805 goto out;
1806 }
1807 obj = JSVAL_TO_OBJECT(rval);
1808 FETCH_ELEMENT_ID(-2, id);
1809 ok = OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop);
1810 if (!ok)
1811 goto out;
1812 sp--;
1813 STORE_OPND(-1, BOOLEAN_TO_JSVAL(prop != NULL));
1814 if (prop)
1815 OBJ_DROP_PROPERTY(cx, obj2, prop);
1816 break;
1817 #endif /* JS_HAS_IN_OPERATOR */
1818
1819 case JSOP_FORPROP:
1820 /*
1821 * Handle JSOP_FORPROP first, so the cost of the goto do_forinloop
1822 * is not paid for the more common cases.
1823 */
1824 lval = FETCH_OPND(-1);
1825 atom = GET_ATOM(cx, script, pc);
1826 id = (jsid)atom;
1827 i = -2;
1828 goto do_forinloop;
1829
1830 case JSOP_FORNAME:
1831 atom = GET_ATOM(cx, script, pc);
1832 id = (jsid)atom;
1833
1834 /*
1835 * ECMA 12.6.3 says to eval the LHS after looking for properties
1836 * to enumerate, and bail without LHS eval if there are no props.
1837 * We do Find here to share the most code at label do_forinloop.
1838 * If looking for enumerable properties could have side effects,
1839 * then we'd have to move this into the common code and condition
1840 * it on op == JSOP_FORNAME.
1841 */
1842 SAVE_SP(fp);
1843 ok = js_FindProperty(cx, id, &obj, &obj2, &prop);
1844 if (!ok)
1845 goto out;
1846 if (prop)
1847 OBJ_DROP_PROPERTY(cx, obj2, prop);
1848 lval = OBJECT_TO_JSVAL(obj);
1849 /* FALL THROUGH */
1850
1851 case JSOP_FORARG:
1852 case JSOP_FORVAR:
1853 /*
1854 * JSOP_FORARG and JSOP_FORVAR don't require any lval computation
1855 * here, because they address slots on the stack (in fp->args and
1856 * fp->vars, respectively).
1857 */
1858 /* FALL THROUGH */
1859
1860 case JSOP_FORELEM:
1861 /*
1862 * JSOP_FORELEM simply initializes or updates the iteration state
1863 * and leaves the index expression evaluation and assignment to the
1864 * enumerator until after the next property has been acquired, via
1865 * a JSOP_ENUMELEM bytecode.
1866 */
1867 i = -1;
1868
1869 do_forinloop:
1870 /*
1871 * ECMA-compatible for/in evals the object just once, before loop.
1872 * Bad old bytecodes (since removed) did it on every iteration.
1873 */
1874 obj = JSVAL_TO_OBJECT(sp[i]);
1875
1876 /* If the thing to the right of 'in' has no properties, break. */
1877 if (!obj) {
1878 rval = JSVAL_FALSE;
1879 goto end_forinloop;
1880 }
1881
1882 /*
1883 * Save the thing to the right of 'in' as origobj. Later on, we
1884 * use this variable to suppress enumeration of shadowed prototype
1885 * properties.
1886 */
1887 origobj = obj;
1888
1889 /*
1890 * Reach under the top of stack to find our property iterator, a
1891 * JSObject that contains the iteration state. (An object is used
1892 * rather than a native struct so that the iteration state is
1893 * cleaned up via GC if the for-in loop terminates abruptly.)
1894 */
1895 vp = &sp[i - 1];
1896 rval = *vp;
1897
1898 /*
1899 * Save sp in fp now, before any OBJ_* call-outs that might nest
1900 * an interpreter or GC activation on this context.
1901 */
1902 SAVE_SP(fp);
1903
1904 /* Is this the first iteration ? */
1905 if (JSVAL_IS_VOID(rval)) {
1906 /* Yes, create a new JSObject to hold the iterator state */
1907 propobj = js_NewObject(cx, &prop_iterator_class, NULL, obj);
1908 if (!propobj) {
1909 ok = JS_FALSE;
1910 goto out;
1911 }
1912 propobj->slots[JSSLOT_ITER_STATE] = JSVAL_NULL;
1913
1914 /*
1915 * Root the parent slot so we can get it even in our finalizer
1916 * (otherwise, it would live as long as we do, but it might be
1917 * finalized first).
1918 */
1919 ok = js_AddRoot(cx, &propobj->slots[JSSLOT_PARENT],
1920 "propobj->parent");
1921 if (!ok)
1922 goto out;
1923
1924 /*
1925 * Rewrite the iterator so we know to do the next case.
1926 * Do this before calling the enumerator, which could
1927 * displace cx->newborn and cause GC.
1928 */
1929 *vp = OBJECT_TO_JSVAL(propobj);
1930
1931 ok = OBJ_ENUMERATE(cx, obj, JSENUMERATE_INIT, &iter_state, 0);
1932
1933 /*
1934 * Stash private iteration state into property iterator object.
1935 * We do this before checking 'ok' to ensure that propobj is
1936 * in a valid state even if OBJ_ENUMERATE returned JS_FALSE.
1937 * NB: This code knows that the first slots are pre-allocated.
1938 */
1939 #if JS_INITIAL_NSLOTS < 5
1940 #error JS_INITIAL_NSLOTS must be greater than or equal to 5.
1941 #endif
1942 propobj->slots[JSSLOT_ITER_STATE] = iter_state;
1943 if (!ok)
1944 goto out;
1945 } else {
1946 /* This is not the first iteration. Recover iterator state. */
1947 propobj = JSVAL_TO_OBJECT(rval);
1948 JS_ASSERT(OBJ_GET_CLASS(cx, propobj) == &prop_iterator_class);
1949 obj = JSVAL_TO_OBJECT(propobj->slots[JSSLOT_PARENT]);
1950 iter_state = propobj->slots[JSSLOT_ITER_STATE];
1951 }
1952
1953 enum_next_property:
1954 /* Get the next jsid to be enumerated and store it in rval. */
1955 OBJ_ENUMERATE(cx, obj, JSENUMERATE_NEXT, &iter_state, &rval);
1956 propobj->slots[JSSLOT_ITER_STATE] = iter_state;
1957
1958 /* No more jsids to iterate in obj? */
1959 if (iter_state == JSVAL_NULL) {
1960 /* Enumerate the properties on obj's prototype chain. */
1961 obj = OBJ_GET_PROTO(cx, obj);
1962 if (!obj) {
1963 /* End of property list -- terminate loop. */
1964 rval = JSVAL_FALSE;
1965 goto end_forinloop;
1966 }
1967
1968 ok = OBJ_ENUMERATE(cx, obj, JSENUMERATE_INIT, &iter_state, 0);
1969
1970 /*
1971 * Stash private iteration state into property iterator object.
1972 * We do this before checking 'ok' to ensure that propobj is
1973 * in a valid state even if OBJ_ENUMERATE returned JS_FALSE.
1974 * NB: This code knows that the first slots are pre-allocated.
1975 */
1976 propobj->slots[JSSLOT_ITER_STATE] = iter_state;
1977 if (!ok)
1978 goto out;
1979
1980 /*
1981 * Update the iterator JSObject's parent link to refer to the
1982 * current object. This is used in the iterator JSObject's
1983 * finalizer.
1984 */
1985 propobj->slots[JSSLOT_PARENT] = OBJECT_TO_JSVAL(obj);
1986 goto enum_next_property;
1987 }
1988
1989 /* Skip properties not owned by obj, and leave next id in rval. */
1990 ok = OBJ_LOOKUP_PROPERTY(cx, origobj, rval, &obj2, &prop);
1991 if (!ok)
1992 goto out;
1993 if (prop)
1994 OBJ_DROP_PROPERTY(cx, obj2, prop);
1995
1996 /* If the id was deleted, or found in a prototype, skip it. */
1997 if (!prop || obj2 != obj)
1998 goto enum_next_property;
1999
2000 /* Make sure rval is a string for uniformity and compatibility. */
2001 if (!JSVAL_IS_INT(rval)) {
2002 rval = ATOM_KEY((JSAtom *)rval);
2003 } else if (cx->version != JSVERSION_1_2) {
2004 str = js_NumberToString(cx, (jsdouble) JSVAL_TO_INT(rval));
2005 if (!str) {
2006 ok = JS_FALSE;
2007 goto out;
2008 }
2009
2010 rval = STRING_TO_JSVAL(str);
2011 }
2012
2013 switch (op) {
2014 case JSOP_FORARG:
2015 slot = GET_ARGNO(pc);
2016 JS_ASSERT(slot < fp->fun->nargs);
2017 fp->argv[slot] = rval;
2018 break;
2019
2020 case JSOP_FORVAR:
2021 slot = GET_VARNO(pc);
2022 JS_ASSERT(slot < fp->fun->nvars);
2023 fp->vars[slot] = rval;
2024 break;
2025
2026 case JSOP_FORELEM:
2027 /* FORELEM is not a SET operation, it's more like BINDNAME. */
2028 PUSH_OPND(rval);
2029 break;
2030
2031 default:
2032 /* Convert lval to a non-null object containing id. */
2033 VALUE_TO_OBJECT(cx, lval, obj);
2034
2035 /* Set the variable obj[id] to refer to rval. */
2036 fp->flags |= JSFRAME_ASSIGNING;
2037 ok = OBJ_SET_PROPERTY(cx, obj, id, &rval);
2038 fp->flags &= ~JSFRAME_ASSIGNING;
2039 if (!ok)
2040 goto out;
2041 break;
2042 }
2043
2044 /* Push true to keep looping through properties. */
2045 rval = JSVAL_TRUE;
2046
2047 end_forinloop:
2048 sp += i + 1;
2049 PUSH_OPND(rval);
2050 break;
2051
2052 case JSOP_DUP:
2053 JS_ASSERT(sp > fp->spbase);
2054 rval = sp[-1];
2055 PUSH_OPND(rval);
2056 break;
2057
2058 case JSOP_DUP2:
2059 JS_ASSERT(sp - 1 > fp->spbase);
2060 lval = FETCH_OPND(-2);
2061 rval = FETCH_OPND(-1);
2062 PUSH_OPND(lval);
2063 PUSH_OPND(rval);
2064 break;
2065
2066 #define PROPERTY_OP(n, call) \
2067 JS_BEGIN_MACRO \
2068 /* Pop the left part and resolve it to a non-null object. */ \
2069 lval = FETCH_OPND(n); \
2070 VALUE_TO_OBJECT(cx, lval, obj); \
2071 \
2072 /* Get or set the property, set ok false if error, true if success. */\
2073 SAVE_SP(fp); \
2074 call; \
2075 if (!ok) \
2076 goto out; \
2077 JS_END_MACRO
2078
2079 #define ELEMENT_OP(n, call) \
2080 JS_BEGIN_MACRO \
2081 FETCH_ELEMENT_ID(n, id); \
2082 PROPERTY_OP(n-1, call); \
2083 JS_END_MACRO
2084
2085 /*
2086 * Direct callers, i.e. those who do not wrap CACHED_GET and CACHED_SET calls
2087 * in PROPERTY_OP or ELEMENT_OP macro calls must SAVE_SP(fp); beforehand, just
2088 * in case a getter or setter function is invoked.
2089 */
2090 #define CACHED_GET(call) \
2091 JS_BEGIN_MACRO \
2092 if (!OBJ_IS_NATIVE(obj)) { \
2093 ok = call; \
2094 } else { \
2095 JS_LOCK_OBJ(cx, obj); \
2096 PROPERTY_CACHE_TEST(&rt->propertyCache, obj, id, sprop); \
2097 if (sprop) { \
2098 JSScope *scope_ = OBJ_SCOPE(obj); \
2099 slot = (uintN)sprop->slot; \
2100 rval = (slot != SPROP_INVALID_SLOT) \
2101 ? LOCKED_OBJ_GET_SLOT(obj, slot) \
2102 : JSVAL_VOID; \
2103 JS_UNLOCK_SCOPE(cx, scope_); \
2104 ok = SPROP_GET(cx, sprop, obj, obj, &rval); \
2105 JS_LOCK_SCOPE(cx, scope_); \
2106 if (ok && SPROP_HAS_VALID_SLOT(sprop, scope_)) \
2107 LOCKED_OBJ_SET_SLOT(obj, slot, rval); \
2108 JS_UNLOCK_SCOPE(cx, scope_); \
2109 } else { \
2110 JS_UNLOCK_OBJ(cx, obj); \
2111 ok = call; \
2112 /* No fill here: js_GetProperty fills the cache. */ \
2113 } \
2114 } \
2115 JS_END_MACRO
2116
2117 #define CACHED_SET(call) \
2118 JS_BEGIN_MACRO \
2119 if (!OBJ_IS_NATIVE(obj)) { \
2120 ok = call; \
2121 } else { \
2122 JSScope *scope_; \
2123 JS_LOCK_OBJ(cx, obj); \
2124 PROPERTY_CACHE_TEST(&rt->propertyCache, obj, id, sprop); \
2125 if (sprop && \
2126 !(sprop->attrs & JSPROP_READONLY) && \
2127 (scope_ = OBJ_SCOPE(obj), !SCOPE_IS_SEALED(scope_))) { \
2128 JS_UNLOCK_SCOPE(cx, scope_); \
2129 ok = SPROP_SET(cx, sprop, obj, obj, &rval); \
2130 JS_LOCK_SCOPE(cx, scope_); \
2131 if (ok && SPROP_HAS_VALID_SLOT(sprop, scope_)) { \
2132 LOCKED_OBJ_SET_SLOT(obj, sprop->slot, rval); \
2133 GC_POKE(cx, JSVAL_NULL); /* XXX second arg ignored */ \
2134 } \
2135 JS_UNLOCK_SCOPE(cx, scope_); \
2136 } else { \
2137 JS_UNLOCK_OBJ(cx, obj); \
2138 ok = call; \
2139 /* No fill here: js_SetProperty writes through the cache. */ \
2140 } \
2141 } \
2142 JS_END_MACRO
2143
2144 case JSOP_SETCONST:
2145 obj = fp->varobj;
2146 atom = GET_ATOM(cx, script, pc);
2147 rval = FETCH_OPND(-1);
2148 SAVE_SP(fp);
2149 ok = OBJ_DEFINE_PROPERTY(cx, obj, (jsid)atom, rval, NULL, NULL,
2150 JSPROP_ENUMERATE | JSPROP_PERMANENT |
2151 JSPROP_READONLY,
2152 NULL);
2153 if (!ok)
2154 goto out;
2155 STORE_OPND(-1, rval);
2156 break;
2157
2158 case JSOP_BINDNAME:
2159 atom = GET_ATOM(cx, script, pc);
2160 SAVE_SP(fp);
2161 obj = js_FindIdentifierBase(cx, (jsid)atom);
2162 if (!obj) {
2163 ok = JS_FALSE;
2164 goto out;
2165 }
2166 PUSH_OPND(OBJECT_TO_JSVAL(obj));
2167 break;
2168
2169 case JSOP_SETNAME:
2170 atom = GET_ATOM(cx, script, pc);
2171 id = (jsid)atom;
2172 rval = FETCH_OPND(-1);
2173 lval = FETCH_OPND(-2);
2174 JS_ASSERT(!JSVAL_IS_PRIMITIVE(lval));
2175 obj = JSVAL_TO_OBJECT(lval);
2176 SAVE_SP(fp);
2177 CACHED_SET(OBJ_SET_PROPERTY(cx, obj, id, &rval));
2178 if (!ok)
2179 goto out;
2180 sp--;
2181 STORE_OPND(-1, rval);
2182 break;
2183
2184 #define INTEGER_OP(OP, EXTRA_CODE) \
2185 JS_BEGIN_MACRO \
2186 FETCH_INT(cx, -1, j); \
2187 FETCH_INT(cx, -2, i); \
2188 if (!ok) \
2189 goto out; \
2190 EXTRA_CODE \
2191 d = i OP j; \
2192 sp--; \
2193 STORE_NUMBER(cx, -1, d); \
2194 JS_END_MACRO
2195
2196 #define BITWISE_OP(OP) INTEGER_OP(OP, (void) 0;)
2197 #define SIGNED_SHIFT_OP(OP) INTEGER_OP(OP, j &= 31;)
2198
2199 case JSOP_BITOR:
2200 BITWISE_OP(|);
2201 break;
2202
2203 case JSOP_BITXOR:
2204 BITWISE_OP(^);
2205 break;
2206
2207 case JSOP_BITAND:
2208 BITWISE_OP(&);
2209 break;
2210
2211 #if defined(XP_WIN)
2212 #define COMPARE_DOUBLES(LVAL, OP, RVAL, IFNAN) \
2213 ((JSDOUBLE_IS_NaN(LVAL) || JSDOUBLE_IS_NaN(RVAL)) \
2214 ? (IFNAN) \
2215 : (LVAL) OP (RVAL))
2216 #else
2217 #define COMPARE_DOUBLES(LVAL, OP, RVAL, IFNAN) ((LVAL) OP (RVAL))
2218 #endif
2219
2220 #define RELATIONAL_OP(OP) \
2221 JS_BEGIN_MACRO \
2222 rval = FETCH_OPND(-1); \
2223 lval = FETCH_OPND(-2); \
2224 /* Optimize for two int-tagged operands (typical loop control). */ \
2225 if ((lval & rval) & JSVAL_INT) { \
2226 ltmp = lval ^ JSVAL_VOID; \
2227 rtmp = rval ^ JSVAL_VOID; \
2228 if (ltmp && rtmp) { \
2229 cond = JSVAL_TO_INT(lval) OP JSVAL_TO_INT(rval); \
2230 } else { \
2231 d = ltmp ? JSVAL_TO_INT(lval) : *rt->jsNaN; \
2232 d2 = rtmp ? JSVAL_TO_INT(rval) : *rt->jsNaN; \
2233 cond = COMPARE_DOUBLES(d, OP, d2, JS_FALSE); \
2234 } \
2235 } else { \
2236 VALUE_TO_PRIMITIVE(cx, lval, JSTYPE_NUMBER, &lval); \
2237 VALUE_TO_PRIMITIVE(cx, rval, JSTYPE_NUMBER, &rval); \
2238 if (JSVAL_IS_STRING(lval) && JSVAL_IS_STRING(rval)) { \
2239 str = JSVAL_TO_STRING(lval); \
2240 str2 = JSVAL_TO_STRING(rval); \
2241 cond = js_CompareStrings(str, str2) OP 0; \
2242 } else { \
2243 VALUE_TO_NUMBER(cx, lval, d); \
2244 VALUE_TO_NUMBER(cx, rval, d2); \
2245 cond = COMPARE_DOUBLES(d, OP, d2, JS_FALSE); \
2246 } \
2247 } \
2248 sp--; \
2249 STORE_OPND(-1, BOOLEAN_TO_JSVAL(cond)); \
2250 JS_END_MACRO
2251
2252 #define EQUALITY_OP(OP, IFNAN) \
2253 JS_BEGIN_MACRO \
2254 rval = FETCH_OPND(-1); \
2255 lval = FETCH_OPND(-2); \
2256 ltmp = JSVAL_TAG(lval); \
2257 rtmp = JSVAL_TAG(rval); \
2258 if (ltmp == rtmp) { \
2259 if (ltmp == JSVAL_STRING) { \
2260 str = JSVAL_TO_STRING(lval); \
2261 str2 = JSVAL_TO_STRING(rval); \
2262 cond = js_CompareStrings(str, str2) OP 0; \
2263 } else if (ltmp == JSVAL_DOUBLE) { \
2264 d = *JSVAL_TO_DOUBLE(lval); \
2265 d2 = *JSVAL_TO_DOUBLE(rval); \
2266 cond = COMPARE_DOUBLES(d, OP, d2, IFNAN); \
2267 } else { \
2268 /* Handle all undefined (=>NaN) and int combinations. */ \
2269 cond = lval OP rval; \
2270 } \
2271 } else { \
2272 if (JSVAL_IS_NULL(lval) || JSVAL_IS_VOID(lval)) { \
2273 cond = (JSVAL_IS_NULL(rval) || JSVAL_IS_VOID(rval)) OP 1; \
2274 } else if (JSVAL_IS_NULL(rval) || JSVAL_IS_VOID(rval)) { \
2275 cond = 1 OP 0; \
2276 } else { \
2277 if (ltmp == JSVAL_OBJECT) { \
2278 VALUE_TO_PRIMITIVE(cx, lval, JSTYPE_VOID, &lval); \
2279 ltmp = JSVAL_TAG(lval); \
2280 } else if (rtmp == JSVAL_OBJECT) { \
2281 VALUE_TO_PRIMITIVE(cx, rval, JSTYPE_VOID, &rval); \
2282 rtmp = JSVAL_TAG(rval); \
2283 } \
2284 if (ltmp == JSVAL_STRING && rtmp == JSVAL_STRING) { \
2285 str = JSVAL_TO_STRING(lval); \
2286 str2 = JSVAL_TO_STRING(rval); \
2287 cond = js_CompareStrings(str, str2) OP 0; \
2288 } else { \
2289 VALUE_TO_NUMBER(cx, lval, d); \
2290 VALUE_TO_NUMBER(cx, rval, d2); \
2291 cond = COMPARE_DOUBLES(d, OP, d2, IFNAN); \
2292 } \
2293 } \
2294 } \
2295 sp--; \
2296 STORE_OPND(-1, BOOLEAN_TO_JSVAL(cond)); \
2297 JS_END_MACRO
2298
2299 case JSOP_EQ:
2300 EQUALITY_OP(==, JS_FALSE);
2301 break;
2302
2303 case JSOP_NE:
2304 EQUALITY_OP(!=, JS_TRUE);
2305 break;
2306
2307 #if !JS_BUG_FALLIBLE_EQOPS
2308 #define NEW_EQUALITY_OP(OP, IFNAN) \
2309 JS_BEGIN_MACRO \
2310 rval = FETCH_OPND(-1); \
2311 lval = FETCH_OPND(-2); \
2312 ltmp = JSVAL_TAG(lval); \
2313 rtmp = JSVAL_TAG(rval); \
2314 if (ltmp == rtmp) { \
2315 if (ltmp == JSVAL_STRING) { \
2316 str = JSVAL_TO_STRING(lval); \
2317 str2 = JSVAL_TO_STRING(rval); \
2318 cond = js_CompareStrings(str, str2) OP 0; \
2319 } else if (ltmp == JSVAL_DOUBLE) { \
2320 d = *JSVAL_TO_DOUBLE(lval); \
2321 d2 = *JSVAL_TO_DOUBLE(rval); \
2322 cond = COMPARE_DOUBLES(d, OP, d2, IFNAN); \
2323 } else { \
2324 cond = lval OP rval; \
2325 } \
2326 } else { \
2327 if (ltmp == JSVAL_DOUBLE && JSVAL_IS_INT(rval)) { \
2328 d = *JSVAL_TO_DOUBLE(lval); \
2329 d2 = JSVAL_TO_INT(rval); \
2330 cond = COMPARE_DOUBLES(d, OP, d2, IFNAN); \
2331 } else if (JSVAL_IS_INT(lval) && rtmp == JSVAL_DOUBLE) { \
2332 d = JSVAL_TO_INT(lval); \
2333 d2 = *JSVAL_TO_DOUBLE(rval); \
2334 cond = COMPARE_DOUBLES(d, OP, d2, IFNAN); \
2335 } else { \
2336 cond = lval OP rval; \
2337 } \
2338 } \
2339 sp--; \
2340 STORE_OPND(-1, BOOLEAN_TO_JSVAL(cond)); \
2341 JS_END_MACRO
2342
2343 case JSOP_NEW_EQ:
2344 NEW_EQUALITY_OP(==, JS_FALSE);
2345 break;
2346
2347 case JSOP_NEW_NE:
2348 NEW_EQUALITY_OP(!=, JS_TRUE);
2349 break;
2350
2351 #if JS_HAS_SWITCH_STATEMENT
2352 case JSOP_CASE:
2353 NEW_EQUALITY_OP(==, JS_FALSE);
2354 (void) POP();
2355 if (cond) {
2356 len = GET_JUMP_OFFSET(pc);
2357 CHECK_BRANCH(len);
2358 } else {
2359 PUSH(lval);
2360 }
2361 break;
2362
2363 case JSOP_CASEX:
2364 NEW_EQUALITY_OP(==, JS_FALSE);
2365 (void) POP();
2366 if (cond) {
2367 len = GET_JUMPX_OFFSET(pc);
2368 CHECK_BRANCH(len);
2369 } else {
2370 PUSH(lval);
2371 }
2372 break;
2373 #endif
2374
2375 #endif /* !JS_BUG_FALLIBLE_EQOPS */
2376
2377 case JSOP_LT:
2378 RELATIONAL_OP(<);
2379 break;
2380
2381 case JSOP_LE:
2382 RELATIONAL_OP(<=);
2383 break;
2384
2385 case JSOP_GT:
2386 RELATIONAL_OP(>);
2387 break;
2388
2389 case JSOP_GE:
2390 RELATIONAL_OP(>=);
2391 break;
2392
2393 #undef EQUALITY_OP
2394 #undef RELATIONAL_OP
2395
2396 case JSOP_LSH:
2397 SIGNED_SHIFT_OP(<<);
2398 break;
2399
2400 case JSOP_RSH:
2401 SIGNED_SHIFT_OP(>>);
2402 break;
2403
2404 case JSOP_URSH:
2405 {
2406 uint32 u;
2407
2408 FETCH_INT(cx, -1, j);
2409 FETCH_UINT(cx, -2, u);
2410 j &= 31;
2411 d = u >> j;
2412 sp--;
2413 STORE_NUMBER(cx, -1, d);
2414 break;
2415 }
2416
2417 #undef INTEGER_OP
2418 #undef BITWISE_OP
2419 #undef SIGNED_SHIFT_OP
2420
2421 case JSOP_ADD:
2422 rval = FETCH_OPND(-1);
2423 lval = FETCH_OPND(-2);
2424 VALUE_TO_PRIMITIVE(cx, lval, JSTYPE_VOID, &ltmp);
2425 VALUE_TO_PRIMITIVE(cx, rval, JSTYPE_VOID, &rtmp);
2426 if ((cond = JSVAL_IS_STRING(ltmp)) || JSVAL_IS_STRING(rtmp)) {
2427 SAVE_SP(fp);
2428 if (cond) {
2429 str = JSVAL_TO_STRING(ltmp);
2430 ok = (str2 = js_ValueToString(cx, rtmp)) != NULL;
2431 } else {
2432 str2 = JSVAL_TO_STRING(rtmp);
2433 ok = (str = js_ValueToString(cx, ltmp)) != NULL;
2434 }
2435 if (!ok)
2436 goto out;
2437 str = js_ConcatStrings(cx, str, str2);
2438 if (!str) {
2439 ok = JS_FALSE;
2440 goto out;
2441 }
2442 sp--;
2443 STORE_OPND(-1, STRING_TO_JSVAL(str));
2444 } else {
2445 VALUE_TO_NUMBER(cx, lval, d);
2446 VALUE_TO_NUMBER(cx, rval, d2);
2447 d += d2;
2448 sp--;
2449 STORE_NUMBER(cx, -1, d);
2450 }
2451 break;
2452
2453 #define BINARY_OP(OP) \
2454 JS_BEGIN_MACRO \
2455 FETCH_NUMBER(cx, -1, d2); \
2456 FETCH_NUMBER(cx, -2, d); \
2457 d = d OP d2; \
2458 sp--; \
2459 STORE_NUMBER(cx, -1, d); \
2460 JS_END_MACRO
2461
2462 case JSOP_SUB:
2463 BINARY_OP(-);
2464 break;
2465
2466 case JSOP_MUL:
2467 BINARY_OP(*);
2468 break;
2469
2470 case JSOP_DIV:
2471 FETCH_NUMBER(cx, -1, d2);
2472 FETCH_NUMBER(cx, -2, d);
2473 sp--;
2474 if (d2 == 0) {
2475 #if defined(XP_WIN)
2476 /* XXX MSVC miscompiles such that (NaN == 0) */
2477 if (JSDOUBLE_IS_NaN(d2))
2478 rval = DOUBLE_TO_JSVAL(rt->jsNaN);
2479 else
2480 #endif
2481 if (d == 0 || JSDOUBLE_IS_NaN(d))
2482 rval = DOUBLE_TO_JSVAL(rt->jsNaN);
2483 else if ((JSDOUBLE_HI32(d) ^ JSDOUBLE_HI32(d2)) >> 31)
2484 rval = DOUBLE_TO_JSVAL(rt->jsNegativeInfinity);
2485 else
2486 rval = DOUBLE_TO_JSVAL(rt->jsPositiveInfinity);
2487 STORE_OPND(-1, rval);
2488 } else {
2489 d /= d2;
2490 STORE_NUMBER(cx, -1, d);
2491 }
2492 break;
2493
2494 case JSOP_MOD:
2495 FETCH_NUMBER(cx, -1, d2);
2496 FETCH_NUMBER(cx, -2, d);
2497 sp--;
2498 if (d2 == 0) {
2499 STORE_OPND(-1, DOUBLE_TO_JSVAL(rt->jsNaN));
2500 } else {
2501 #if defined(XP_WIN)
2502 /* Workaround MS fmod bug where 42 % (1/0) => NaN, not 42. */
2503 if (!(JSDOUBLE_IS_FINITE(d) && JSDOUBLE_IS_INFINITE(d2)))
2504 #endif
2505 d = fmod(d, d2);
2506 STORE_NUMBER(cx, -1, d);
2507 }
2508 break;
2509
2510 case JSOP_NOT:
2511 POP_BOOLEAN(cx, rval, cond);
2512 PUSH_OPND(BOOLEAN_TO_JSVAL(!cond));
2513 break;
2514
2515 case JSOP_BITNOT:
2516 FETCH_INT(cx, -1, i);
2517 d = (jsdouble) ~i;
2518 STORE_NUMBER(cx, -1, d);
2519 break;
2520
2521 case JSOP_NEG:
2522 FETCH_NUMBER(cx, -1, d);
2523 #ifdef HPUX
2524 /*
2525 * Negation of a zero doesn't produce a negative
2526 * zero on HPUX. Perform the operation by bit
2527 * twiddling.
2528 */
2529 JSDOUBLE_HI32(d) ^= JSDOUBLE_HI32_SIGNBIT;
2530 #else
2531 d = -d;
2532 #endif
2533 STORE_NUMBER(cx, -1, d);
2534 break;
2535
2536 case JSOP_POS:
2537 FETCH_NUMBER(cx, -1, d);
2538 STORE_NUMBER(cx, -1, d);
2539 break;
2540
2541 case JSOP_NEW:
2542 /* Get immediate argc and find the constructor function. */
2543 argc = GET_ARGC(pc);
2544
2545 #if JS_HAS_INITIALIZERS
2546 do_new:
2547 #endif
2548 SAVE_SP(fp);
2549 vp = sp - (2 + argc);
2550 JS_ASSERT(vp >= fp->spbase);
2551
2552 fun = NULL;
2553 obj2 = NULL;
2554 lval = *vp;
2555 if (!JSVAL_IS_OBJECT(lval) ||
2556 (obj2 = JSVAL_TO_OBJECT(lval)) == NULL ||
2557 /* XXX clean up to avoid special cases above ObjectOps layer */
2558 OBJ_GET_CLASS(cx, obj2) == &js_FunctionClass ||
2559 !obj2->map->ops->construct)
2560 {
2561 fun = js_ValueToFunction(cx, vp, JSV2F_CONSTRUCT);
2562 if (!fun) {
2563 ok = JS_FALSE;
2564 goto out;
2565 }
2566 }
2567
2568 clasp = &js_ObjectClass;
2569 if (!obj2) {
2570 proto = parent = NULL;
2571 fun = NULL;
2572 } else {
2573 /* Get the constructor prototype object for this function. */
2574 ok = OBJ_GET_PROPERTY(cx, obj2,
2575 (jsid)rt->atomState.classPrototypeAtom,
2576 &rval);
2577 if (!ok)
2578 goto out;
2579 proto = JSVAL_IS_OBJECT(rval) ? JSVAL_TO_OBJECT(rval) : NULL;
2580 parent = OBJ_GET_PARENT(cx, obj2);
2581
2582 if (OBJ_GET_CLASS(cx, obj2) == &js_FunctionClass) {
2583 funclasp = ((JSFunction *)JS_GetPrivate(cx, obj2))->clasp;
2584 if (funclasp)
2585 clasp = funclasp;
2586 }
2587 }
2588 obj = js_NewObject(cx, clasp, proto, parent);
2589 if (!obj) {
2590 ok = JS_FALSE;
2591 goto out;
2592 }
2593
2594 /* Now we have an object with a constructor method; call it. */
2595 vp[1] = OBJECT_TO_JSVAL(obj);
2596 ok = js_Invoke(cx, argc, JSINVOKE_CONSTRUCT);
2597 RESTORE_SP(fp);
2598 LOAD_BRANCH_CALLBACK(cx);
2599 LOAD_INTERRUPT_HANDLER(rt);
2600 if (!ok) {
2601 cx->newborn[GCX_OBJECT] = NULL;
2602 goto out;
2603 }
2604
2605 /* Check the return value and update obj from it. */
2606 rval = *vp;
2607 if (JSVAL_IS_PRIMITIVE(rval)) {
2608 if (fun || !JSVERSION_IS_ECMA(cx->version)) {
2609 *vp = OBJECT_TO_JSVAL(obj);
2610 break;
2611 }
2612 /* native [[Construct]] returning primitive is error */
2613 str = js_ValueToString(cx, rval);
2614 if (str) {
2615 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2616 JSMSG_BAD_NEW_RESULT,
2617 JS_GetStringBytes(str));
2618 }
2619 ok = JS_FALSE;
2620 goto out;
2621 }
2622 obj = JSVAL_TO_OBJECT(rval);
2623 JS_RUNTIME_METER(rt, constructs);
2624 break;
2625
2626 case JSOP_DELNAME:
2627 atom = GET_ATOM(cx, script, pc);
2628 id = (jsid)atom;
2629
2630 SAVE_SP(fp);
2631 ok = js_FindProperty(cx, id, &obj, &obj2, &prop);
2632 if (!ok)
2633 goto out;
2634
2635 /* ECMA says to return true if name is undefined or inherited. */
2636 rval = JSVAL_TRUE;
2637 if (prop) {
2638 OBJ_DROP_PROPERTY(cx, obj2, prop);
2639 ok = OBJ_DELETE_PROPERTY(cx, obj, id, &rval);
2640 if (!ok)
2641 goto out;
2642 }
2643 PUSH_OPND(rval);
2644 break;
2645
2646 case JSOP_DELPROP:
2647 atom = GET_ATOM(cx, script, pc);
2648 id = (jsid)atom;
2649 PROPERTY_OP(-1, ok = OBJ_DELETE_PROPERTY(cx, obj, id, &rval));
2650 STORE_OPND(-1, rval);
2651 break;
2652
2653 case JSOP_DELELEM:
2654 ELEMENT_OP(-1, ok = OBJ_DELETE_PROPERTY(cx, obj, id, &rval));
2655 sp--;
2656 STORE_OPND(-1, rval);
2657 break;
2658
2659 case JSOP_TYPEOF:
2660 rval = POP_OPND();
2661 type = JS_TypeOfValue(cx, rval);
2662 atom = rt->atomState.typeAtoms[type];
2663 str = ATOM_TO_STRING(atom);
2664 PUSH_OPND(STRING_TO_JSVAL(str));
2665 break;
2666
2667 case JSOP_VOID:
2668 (void) POP_OPND();
2669 PUSH_OPND(JSVAL_VOID);
2670 break;
2671
2672 case JSOP_INCNAME:
2673 case JSOP_DECNAME:
2674 case JSOP_NAMEINC:
2675 case JSOP_NAMEDEC:
2676 atom = GET_ATOM(cx, script, pc);
2677 id = (jsid)atom;
2678
2679 SAVE_SP(fp);
2680 ok = js_FindProperty(cx, id, &obj, &obj2, &prop);
2681 if (!ok)
2682 goto out;
2683 if (!prop)
2684 goto atom_not_defined;
2685
2686 OBJ_DROP_PROPERTY(cx, obj2, prop);
2687 lval = OBJECT_TO_JSVAL(obj);
2688 goto do_incop;
2689
2690 case JSOP_INCPROP:
2691 case JSOP_DECPROP:
2692 case JSOP_PROPINC:
2693 case JSOP_PROPDEC:
2694 atom = GET_ATOM(cx, script, pc);
2695 id = (jsid)atom;
2696 lval = POP_OPND();
2697 goto do_incop;
2698
2699 case JSOP_INCELEM:
2700 case JSOP_DECELEM:
2701 case JSOP_ELEMINC:
2702 case JSOP_ELEMDEC:
2703 POP_ELEMENT_ID(id);
2704 lval = POP_OPND();
2705
2706 do_incop:
2707 VALUE_TO_OBJECT(cx, lval, obj);
2708
2709 /* The operand must contain a number. */
2710 SAVE_SP(fp);
2711 CACHED_GET(OBJ_GET_PROPERTY(cx, obj, id, &rval));
2712 if (!ok)
2713 goto out;
2714
2715 /* The expression result goes in rtmp, the updated value in rval. */
2716 if (JSVAL_IS_INT(rval) &&
2717 rval != INT_TO_JSVAL(JSVAL_INT_MIN) &&
2718 rval != INT_TO_JSVAL(JSVAL_INT_MAX)) {
2719 if (cs->format & JOF_POST) {
2720 rtmp = rval;
2721 (cs->format & JOF_INC) ? (rval += 2) : (rval -= 2);
2722 } else {
2723 (cs->format & JOF_INC) ? (rval += 2) : (rval -= 2);
2724 rtmp = rval;
2725 }
2726 } else {
2727
2728 /*
2729 * Initially, rval contains the value to increment or decrement, which is not
2730 * yet converted. As above, the expression result goes in rtmp, the updated
2731 * value goes in rval.
2732 */
2733 #define NONINT_INCREMENT_OP() \
2734 JS_BEGIN_MACRO \
2735 VALUE_TO_NUMBER(cx, rval, d); \
2736 if (cs->format & JOF_POST) { \
2737 rtmp = rval; \
2738 if (!JSVAL_IS_NUMBER(rtmp)) { \
2739 ok = js_NewNumberValue(cx, d, &rtmp); \
2740 if (!ok) \
2741 goto out; \
2742 } \
2743 (cs->format & JOF_INC) ? d++ : d--; \
2744 ok = js_NewNumberValue(cx, d, &rval); \
2745 } else { \
2746 (cs->format & JOF_INC) ? ++d : --d; \
2747 ok = js_NewNumberValue(cx, d, &rval); \
2748 rtmp = rval; \
2749 } \
2750 if (!ok) \
2751 goto out; \
2752 JS_END_MACRO
2753
2754 NONINT_INCREMENT_OP();
2755 }
2756
2757 CACHED_SET(OBJ_SET_PROPERTY(cx, obj, id, &rval));
2758 if (!ok)
2759 goto out;
2760 PUSH_OPND(rtmp);
2761 break;
2762
2763 /*
2764 * NB: This macro can't use JS_BEGIN_MACRO/JS_END_MACRO around its body because
2765 * it must break from the switch case that calls it, not from the do...while(0)
2766 * loop created by the JS_BEGIN/END_MACRO brackets.
2767 */
2768 #define FAST_INCREMENT_OP(SLOT,COUNT,BASE,PRE,OP,MINMAX) \
2769 slot = (uintN)SLOT; \
2770 JS_ASSERT(slot < fp->fun->COUNT); \
2771 vp = fp->BASE + slot; \
2772 rval = *vp; \
2773 if (JSVAL_IS_INT(rval) && \
2774 rval != INT_TO_JSVAL(JSVAL_INT_##MINMAX)) { \
2775 PRE = rval; \
2776 rval OP 2; \
2777 *vp = rval; \
2778 PUSH_OPND(PRE); \
2779 break; \
2780 } \
2781 goto do_nonint_fast_incop;
2782
2783 case JSOP_INCARG:
2784 FAST_INCREMENT_OP(GET_ARGNO(pc), nargs, argv, rval, +=, MAX);
2785 case JSOP_DECARG:
2786 FAST_INCREMENT_OP(GET_ARGNO(pc), nargs, argv, rval, -=, MIN);
2787 case JSOP_ARGINC:
2788 FAST_INCREMENT_OP(GET_ARGNO(pc), nargs, argv, rtmp, +=, MAX);
2789 case JSOP_ARGDEC:
2790 FAST_INCREMENT_OP(GET_ARGNO(pc), nargs, argv, rtmp, -=, MIN);
2791
2792 case JSOP_INCVAR:
2793 FAST_INCREMENT_OP(GET_VARNO(pc), nvars, vars, rval, +=, MAX);
2794 case JSOP_DECVAR:
2795 FAST_INCREMENT_OP(GET_VARNO(pc), nvars, vars, rval, -=, MIN);
2796 case JSOP_VARINC:
2797 FAST_INCREMENT_OP(GET_VARNO(pc), nvars, vars, rtmp, +=, MAX);
2798 case JSOP_VARDEC:
2799 FAST_INCREMENT_OP(GET_VARNO(pc), nvars, vars, rtmp, -=, MIN);
2800
2801 #undef FAST_INCREMENT_OP
2802
2803 do_nonint_fast_incop:
2804 NONINT_INCREMENT_OP();
2805 *vp = rval;
2806 PUSH_OPND(rtmp);
2807 break;
2808
2809 case JSOP_GETPROP:
2810 /* Get an immediate atom naming the property. */
2811 atom = GET_ATOM(cx, script, pc);
2812 id = (jsid)atom;
2813 PROPERTY_OP(-1, CACHED_GET(OBJ_GET_PROPERTY(cx, obj, id, &rval)));
2814 STORE_OPND(-1, rval);
2815 break;
2816
2817 case JSOP_SETPROP:
2818 /* Pop the right-hand side into rval for OBJ_SET_PROPERTY. */
2819 rval = FETCH_OPND(-1);
2820
2821 /* Get an immediate atom naming the property. */
2822 atom = GET_ATOM(cx, script, pc);
2823 id = (jsid)atom;
2824 PROPERTY_OP(-2, CACHED_SET(OBJ_SET_PROPERTY(cx, obj, id, &rval)));
2825 sp--;
2826 STORE_OPND(-1, rval);
2827 break;
2828
2829 case JSOP_GETELEM:
2830 ELEMENT_OP(-1, CACHED_GET(OBJ_GET_PROPERTY(cx, obj, id, &rval)));
2831 sp--;
2832 STORE_OPND(-1, rval);
2833 break;
2834
2835 case JSOP_SETELEM:
2836 rval = FETCH_OPND(-1);
2837 ELEMENT_OP(-2, CACHED_SET(OBJ_SET_PROPERTY(cx, obj, id, &rval)));
2838 sp -= 2;
2839 STORE_OPND(-1, rval);
2840 break;
2841
2842 case JSOP_ENUMELEM:
2843 /* Funky: the value to set is under the [obj, id] pair. */
2844 FETCH_ELEMENT_ID(-1, id);
2845 lval = FETCH_OPND(-2);
2846 VALUE_TO_OBJECT(cx, lval, obj);
2847 rval = FETCH_OPND(-3);
2848 SAVE_SP(fp);
2849 ok = OBJ_SET_PROPERTY(cx, obj, id, &rval);
2850 if (!ok)
2851 goto out;
2852 sp -= 3;
2853 break;
2854
2855 /*
2856 * LAZY_ARGS_THISP allows the JSOP_ARGSUB bytecode to defer creation of the
2857 * arguments object until it is truly needed. JSOP_ARGSUB optimizes away
2858 * arguments objects when the only uses of the 'arguments' parameter are to
2859 * fetch individual actual parameters. But if such a use were then invoked,
2860 * e.g., arguments[i](), the 'this' parameter would and must bind to the
2861 * caller's arguments object. So JSOP_ARGSUB sets obj to LAZY_ARGS_THISP.
2862 */
2863 #define LAZY_ARGS_THISP ((JSObject *) 1)
2864
2865 case JSOP_PUSHOBJ:
2866 if (obj == LAZY_ARGS_THISP && !(obj = js_GetArgsObject(cx, fp))) {
2867 ok = JS_FALSE;
2868 goto out;
2869 }
2870 PUSH_OPND(OBJECT_TO_JSVAL(obj));
2871 break;
2872
2873 case JSOP_FLASHCALL:
2874 /* rewrite the stack */
2875 FETCH_INT(cx, -3, j);
2876 argc = j;
2877 vp = sp - (argc + 3);
2878 sp[-3] = sp[-1];
2879 sp--;
2880 for (i = 0; i < (j / 2 + 1); i++) {
2881 ltmp = sp[-i-1];
2882 sp[-i-1] = vp[i];
2883 vp[i] = ltmp;
2884 }
2885 /* treat it like a CALL */
2886 goto do_call;
2887 case JSOP_CALL:
2888 case JSOP_EVAL:
2889 argc = GET_ARGC(pc);
2890 vp = sp - (argc + 2);
2891 do_call:
2892 lval = *vp;
2893 SAVE_SP(fp);
2894
2895 if (JSVAL_IS_FUNCTION(cx, lval) &&
2896 (obj = JSVAL_TO_OBJECT(lval),
2897 fun = (JSFunction *) JS_GetPrivate(cx, obj),
2898 !fun->native &&
2899 !(fun->flags & (JSFUN_HEAVYWEIGHT | JSFUN_BOUND_METHOD)) &&
2900 argc >= (uintN)(fun->nargs + fun->extra)))
2901 /* inline_call: */
2902 {
2903 uintN nframeslots, nvars;
2904 void *newmark;
2905 JSInlineFrame *newifp;
2906 JSInterpreterHook hook;
2907
2908 /* Restrict recursion of lightweight functions. */
2909 if (inlineCallCount == MAX_INLINE_CALL_COUNT) {
2910 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2911 JSMSG_OVER_RECURSED);
2912 ok = JS_FALSE;
2913 goto out;
2914 }
2915
2916 #if JS_HAS_JIT
2917 /* ZZZbe should do this only if interpreted often enough. */
2918 ok = jsjit_Compile(cx, fun);
2919 if (!ok)
2920 goto out;
2921 #endif
2922
2923 /* Compute the number of stack slots needed for fun. */
2924 nframeslots = (sizeof(JSInlineFrame) + sizeof(jsval) - 1)
2925 / sizeof(jsval);
2926 nvars = fun->nvars;
2927 script = fun->script;
2928 depth = (jsint) script->depth;
2929
2930 /* Allocate the frame and space for vars and operands. */
2931 newsp = js_AllocRawStack(cx, nframeslots + nvars + 2 * depth,
2932 &newmark);
2933 if (!newsp) {
2934 ok = JS_FALSE;
2935 goto bad_inline_call;
2936 }
2937 newifp = (JSInlineFrame *) newsp;
2938 newsp += nframeslots;
2939
2940 /* Initialize the stack frame. */
2941 memset(newifp, 0, sizeof(JSInlineFrame));
2942 newifp->frame.script = script;
2943 newifp->frame.fun = fun;
2944 newifp->frame.argc = argc;
2945 newifp->frame.argv = vp + 2;
2946 newifp->frame.rval = JSVAL_VOID;
2947 newifp->frame.nvars = nvars;
2948 newifp->frame.vars = newsp;
2949 newifp->frame.down = fp;
2950 newifp->frame.scopeChain = OBJ_GET_PARENT(cx, obj);
2951 newifp->mark = newmark;
2952
2953 /* Compute the 'this' parameter now that argv is set. */
2954 ok = ComputeThis(cx, JSVAL_TO_OBJECT(vp[1]), &newifp->frame);
2955 if (!ok) {
2956 js_FreeRawStack(cx, newmark);
2957 goto bad_inline_call;
2958 }
2959
2960 /* Push void to initialize local variables. */
2961 sp = newsp;
2962 while (nvars--)
2963 PUSH(JSVAL_VOID);
2964 sp += depth;
2965 newifp->frame.spbase = sp;
2966 SAVE_SP(&newifp->frame);
2967
2968 /* Call the debugger hook if present. */
2969 hook = cx->runtime->callHook;
2970 if (hook) {
2971 newifp->hookData = hook(cx, &newifp->frame, JS_TRUE, 0,
2972 cx->runtime->callHookData);
2973 LOAD_INTERRUPT_HANDLER(rt);
2974 }
2975
2976 /* Switch to new version if currentVersion wasn't overridden. */
2977 newifp->callerVersion = cx->version;
2978 if (cx->version == currentVersion) {
2979 currentVersion = script->version;
2980 if (currentVersion != cx->version)
2981 JS_SetVersion(cx, currentVersion);
2982 }
2983
2984 /* Push the frame and set interpreter registers. */
2985 cx->fp = fp = &newifp->frame;
2986 pc = script->code;
2987 endpc = pc + script->length;
2988 inlineCallCount++;
2989 JS_RUNTIME_METER(rt, inlineCalls);
2990 continue;
2991
2992 bad_inline_call:
2993 script = fp->script;
2994 depth = (jsint) script->depth;
2995 goto out;
2996 }
2997
2998 ok = js_Invoke(cx, argc, 0);
2999 RESTORE_SP(fp);
3000 LOAD_BRANCH_CALLBACK(cx);
3001 LOAD_INTERRUPT_HANDLER(rt);
3002 if (!ok)
3003 goto out;
3004 JS_RUNTIME_METER(rt, nonInlineCalls);
3005 #if JS_HAS_LVALUE_RETURN
3006 if (cx->rval2set) {
3007 /*
3008 * Sneaky: use the stack depth we didn't claim in our budget,
3009 * but that we know is there on account of [fun, this] already
3010 * having been pushed, at a minimum (if no args). Those two
3011 * slots have been popped and [rval] has been pushed, which
3012 * leaves one more slot for rval2 before we might overflow.
3013 *
3014 * NB: rval2 must be the property identifier, and rval the
3015 * object from which to get the property. The pair form an
3016 * ECMA "reference type", which can be used on the right- or
3017 * left-hand side of assignment ops. Only native methods can
3018 * return reference types. See JSOP_SETCALL just below for
3019 * the left-hand-side case.
3020 */
3021 PUSH_OPND(cx->rval2);
3022 cx->rval2set = JS_FALSE;
3023 ELEMENT_OP(-1, ok = OBJ_GET_PROPERTY(cx, obj, id, &rval));
3024 sp--;
3025 STORE_OPND(-1, rval);
3026 }
3027 #endif
3028 obj = NULL;
3029 break;
3030
3031 #if JS_HAS_LVALUE_RETURN
3032 case JSOP_SETCALL:
3033 argc = GET_ARGC(pc);
3034 SAVE_SP(fp);
3035 ok = js_Invoke(cx, argc, 0);
3036 RESTORE_SP(fp);
3037 LOAD_BRANCH_CALLBACK(cx);
3038 LOAD_INTERRUPT_HANDLER(rt);
3039 if (!ok)
3040 goto out;
3041 if (!cx->rval2set) {
3042 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
3043 JSMSG_BAD_LEFTSIDE_OF_ASS);
3044 ok = JS_FALSE;
3045 goto out;
3046 }
3047 PUSH_OPND(cx->rval2);
3048 cx->rval2set = JS_FALSE;
3049 obj = NULL;
3050 break;
3051 #endif
3052
3053 case JSOP_NAME:
3054 atom = GET_ATOM(cx, script, pc);
3055 id = (jsid)atom;
3056 SAVE_SP(fp);
3057 ok = js_FindProperty(cx, id, &obj, &obj2, &prop);
3058 if (!ok)
3059 goto out;
3060 if (!prop) {
3061 /* Kludge to allow (typeof foo == "undefined") tests. */
3062 for (pc2 = pc + len; pc2 < endpc; pc2++) {
3063 op2 = (JSOp)*pc2;
3064 if (op2 == JSOP_TYPEOF) {
3065 PUSH_OPND(JSVAL_VOID);
3066 goto advance_pc;
3067 }
3068 if (op2 != JSOP_GROUP)
3069 break;
3070 }
3071 goto atom_not_defined;
3072 }
3073
3074 /* Take the slow path if prop was not found in a native object. */
3075 if (!OBJ_IS_NATIVE(obj) || !OBJ_IS_NATIVE(obj2)) {
3076 OBJ_DROP_PROPERTY(cx, obj2, prop);
3077 ok = OBJ_GET_PROPERTY(cx, obj, id, &rval);
3078 if (!ok)
3079 goto out;
3080 PUSH_OPND(rval);
3081 break;
3082 }
3083
3084 /* Get and push the obj[id] property's value. */
3085 sprop = (JSScopeProperty *)prop;
3086 slot = (uintN)sprop->slot;
3087 rval = (slot != SPROP_INVALID_SLOT)
3088 ? LOCKED_OBJ_GET_SLOT(obj2, slot)
3089 : JSVAL_VOID;
3090 JS_UNLOCK_OBJ(cx, obj2);
3091 ok = SPROP_GET(cx, sprop, obj, obj2, &rval);
3092 JS_LOCK_OBJ(cx, obj2);
3093 if (!ok) {
3094 OBJ_DROP_PROPERTY(cx, obj2, prop);
3095 goto out;
3096 }
3097 if (SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(obj2)))
3098 LOCKED_OBJ_SET_SLOT(obj2, slot, rval);
3099 OBJ_DROP_PROPERTY(cx, obj2, prop);
3100 PUSH_OPND(rval);
3101 break;
3102
3103 case JSOP_UINT16:
3104 i = (jsint) GET_ATOM_INDEX(pc);
3105 rval = INT_TO_JSVAL(i);
3106 PUSH_OPND(rval);
3107 obj = NULL;
3108 break;
3109
3110 case JSOP_NUMBER:
3111 case JSOP_STRING:
3112 atom = GET_ATOM(cx, script, pc);
3113 PUSH_OPND(ATOM_KEY(atom));
3114 obj = NULL;
3115 break;
3116
3117 case JSOP_OBJECT:
3118 {
3119 #if 0
3120 jsatomid atomIndex;
3121 JSAtomMap *atomMap;
3122
3123 /*
3124 * Get a suitable object from an atom mapped by the bytecode at pc.
3125 *
3126 * We must handle the case where a regexp object literal is used in
3127 * a different global at execution time from the global with which
3128 * it was scanned at compile time, in order to rewrap the JSRegExp
3129 * struct with a new object having the right prototype and parent.
3130 *
3131 * Unlike JSOP_DEFFUN and other prolog bytecodes, we don't want to
3132 * pay a script prolog execution price for all regexp literals in a
3133 * script (many may not be used by a particular execution of that
3134 * script, depending on control flow), so we do all fp->objAtomMap
3135 * initialization lazily, here under JSOP_OBJECT.
3136 *
3137 * XXX This code is specific to regular expression objects. If we
3138 * need JSOP_OBJECT for other kinds of object literals, we should
3139 * push cloning down under JSObjectOps. Also, fp->objAtomMap is
3140 * used only for object atoms, so it's sparse (wasting some stack
3141 * space) and as its name implies, you can't get non-object atoms
3142 * from it.
3143 */
3144 atomIndex = GET_ATOM_INDEX(pc);
3145 atomMap = fp->objAtomMap;
3146 atom = atomMap ? atomMap->vector[atomIndex] : NULL;
3147 if (!atom) {
3148 /* Let atom and obj denote the regexp (object) mapped by pc. */
3149 atom = js_GetAtom(cx, &script->atomMap, atomIndex);
3150 JS_ASSERT(ATOM_IS_OBJECT(atom));
3151 obj = ATOM_TO_OBJECT(atom);
3152 JS_ASSERT(OBJ_GET_CLASS(cx, obj) == &js_RegExpClass);
3153
3154 /* Compute the current global object in obj2. */
3155 obj2 = fp->scopeChain;
3156 while ((parent = OBJ_GET_PARENT(cx, obj2)) != NULL)
3157 obj2 = parent;
3158
3159 /*
3160 * If obj's parent is not obj2, we must clone obj so that it
3161 * has the right parent, and therefore, the right prototype.
3162 *
3163 * Yes, this means we assume that the correct RegExp.prototype
3164 * to which regexp instances (including literals) delegate can
3165 * be distinguished solely by the instance's parent, which was
3166 * set to the parent of the RegExp constructor function object
3167 * when the instance was created. In other words,
3168 *
3169 * (/x/.__parent__ == RegExp.__parent__) implies
3170 * (/x/.__proto__ == RegExp.prototype)
3171 *
3172 * (unless you assign a different object to RegExp.prototype
3173 * at runtime, in which case, ECMA doesn't specify operation,
3174 * and you get what you deserve).
3175 *
3176 * This same coupling between instance parent and constructor
3177 * parent turns up elsewhere (see jsobj.c's FindConstructor,
3178 * js_ConstructObject, and js_NewObject). It's fundamental.
3179 */
3180 if (OBJ_GET_PARENT(cx, obj) != obj2) {
3181 obj = js_CloneRegExpObject(cx, obj, obj2);
3182 if (!obj) {
3183 ok = JS_FALSE;
3184 goto out;
3185 }
3186
3187 atom = js_AtomizeObject(cx, obj, 0);
3188 if (!atom) {
3189 ok = JS_FALSE;
3190 goto out;
3191 }
3192 }
3193
3194 /*
3195 * If fp->objAtomMap is null, initialize it now so we can map
3196 * atom (whether atom is newly created for a cloned object, or
3197 * the original atom mapped by script) for faster performance
3198 * next time through JSOP_OBJECT.
3199 */
3200 if (!atomMap) {
3201 jsatomid mapLength = script->atomMap.length;
3202 size_t vectorBytes = mapLength * sizeof(JSAtom *);
3203
3204 /* Allocate an override atom map from cx->stackPool. */
3205 JS_ARENA_ALLOCATE_CAST(atomMap, JSAtomMap *,
3206 &cx->stackPool,
3207 sizeof(JSAtomMap) + vectorBytes);
3208 if (!atomMap) {
3209 JS_ReportOutOfMemory(cx);
3210 ok = JS_FALSE;
3211 goto out;
3212 }
3213
3214 atomMap->length = mapLength;
3215 atomMap->vector = (JSAtom **)(atomMap + 1);
3216 memset(atomMap->vector, 0, vectorBytes);
3217 fp->objAtomMap = atomMap;
3218 }
3219 atomMap->vector[atomIndex] = atom;
3220 }
3221 #else
3222 atom = GET_ATOM(cx, script, pc);
3223 JS_ASSERT(ATOM_IS_OBJECT(atom));
3224 #endif
3225 rval = ATOM_KEY(atom);
3226 PUSH_OPND(rval);
3227 obj = NULL;
3228 break;
3229 }
3230
3231 case JSOP_ZERO:
3232 PUSH_OPND(JSVAL_ZERO);
3233 obj = NULL;
3234 break;
3235
3236 case JSOP_ONE:
3237 PUSH_OPND(JSVAL_ONE);
3238 obj = NULL;
3239 break;
3240
3241 case JSOP_NULL:
3242 PUSH_OPND(JSVAL_NULL);
3243 obj = NULL;
3244 break;
3245
3246 case JSOP_THIS:
3247 PUSH_OPND(OBJECT_TO_JSVAL(fp->thisp));
3248 obj = NULL;
3249 break;
3250
3251 case JSOP_FALSE:
3252 PUSH_OPND(JSVAL_FALSE);
3253 obj = NULL;
3254 break;
3255
3256 case JSOP_TRUE:
3257 PUSH_OPND(JSVAL_TRUE);
3258 obj = NULL;
3259 break;
3260
3261 #if JS_HAS_SWITCH_STATEMENT
3262 case JSOP_TABLESWITCH:
3263 pc2 = pc;
3264 len = GET_JUMP_OFFSET(pc2);
3265
3266 /*
3267 * ECMAv2 forbids conversion of discriminant, so we will skip to
3268 * the default case if the discriminant isn't already an int jsval.
3269 * (This opcode is emitted only for dense jsint-domain switches.)
3270 */
3271 if (cx->version == JSVERSION_DEFAULT ||
3272 cx->version >= JSVERSION_1_4) {
3273 rval = POP_OPND();
3274 if (!JSVAL_IS_INT(rval))
3275 break;
3276 i = JSVAL_TO_INT(rval);
3277 } else {
3278 FETCH_INT(cx, -1, i);
3279 sp--;
3280 }
3281
3282 pc2 += JUMP_OFFSET_LEN;
3283 low = GET_JUMP_OFFSET(pc2);
3284 pc2 += JUMP_OFFSET_LEN;
3285 high = GET_JUMP_OFFSET(pc2);
3286
3287 i -= low;
3288 if ((jsuint)i < (jsuint)(high - low + 1)) {
3289 pc2 += JUMP_OFFSET_LEN + JUMP_OFFSET_LEN * i;
3290 off = (jsint) GET_JUMP_OFFSET(pc2);
3291 if (off)
3292 len = off;
3293 }
3294 break;
3295
3296 case JSOP_LOOKUPSWITCH:
3297 lval = POP_OPND();
3298 pc2 = pc;
3299 len = GET_JUMP_OFFSET(pc2);
3300
3301 if (!JSVAL_IS_NUMBER(lval) &&
3302 !JSVAL_IS_STRING(lval) &&
3303 !JSVAL_IS_BOOLEAN(lval)) {
3304 goto advance_pc;
3305 }
3306
3307 pc2 += JUMP_OFFSET_LEN;
3308 npairs = (jsint) GET_ATOM_INDEX(pc2);
3309 pc2 += ATOM_INDEX_LEN;
3310
3311 #define SEARCH_PAIRS(MATCH_CODE) \
3312 while (npairs) { \
3313 atom = GET_ATOM(cx, script, pc2); \
3314 rval = ATOM_KEY(atom); \
3315 MATCH_CODE \
3316 if (match) { \
3317 pc2 += ATOM_INDEX_LEN; \
3318 len = GET_JUMP_OFFSET(pc2); \
3319 goto advance_pc; \
3320 } \
3321 pc2 += ATOM_INDEX_LEN + JUMP_OFFSET_LEN; \
3322 npairs--; \
3323 }
3324 if (JSVAL_IS_STRING(lval)) {
3325 str = JSVAL_TO_STRING(lval);
3326 SEARCH_PAIRS(
3327 match = (JSVAL_IS_STRING(rval) &&
3328 ((str2 = JSVAL_TO_STRING(rval)) == str ||
3329 !js_CompareStrings(str2, str)));
3330 )
3331 } else if (JSVAL_IS_DOUBLE(lval)) {
3332 d = *JSVAL_TO_DOUBLE(lval);
3333 SEARCH_PAIRS(
3334 match = (JSVAL_IS_DOUBLE(rval) &&
3335 *JSVAL_TO_DOUBLE(rval) == d);
3336 )
3337 } else {
3338 SEARCH_PAIRS(
3339 match = (lval == rval);
3340 )
3341 }
3342 #undef SEARCH_PAIRS
3343 break;
3344
3345 case JSOP_TABLESWITCHX:
3346 pc2 = pc;
3347 len = GET_JUMPX_OFFSET(pc2);
3348
3349 /*
3350 * ECMAv2 forbids conversion of discriminant, so we will skip to
3351 * the default case if the discriminant isn't already an int jsval.
3352 * (This opcode is emitted only for dense jsint-domain switches.)
3353 */
3354 if (cx->version == JSVERSION_DEFAULT ||
3355 cx->version >= JSVERSION_1_4) {
3356 rval = POP_OPND();
3357 if (!JSVAL_IS_INT(rval))
3358 break;
3359 i = JSVAL_TO_INT(rval);
3360 } else {
3361 FETCH_INT(cx, -1, i);
3362 sp--;
3363 }
3364
3365 pc2 += JUMPX_OFFSET_LEN;
3366 low = GET_JUMP_OFFSET(pc2);
3367 pc2 += JUMP_OFFSET_LEN;
3368 high = GET_JUMP_OFFSET(pc2);
3369
3370 i -= low;
3371 if ((jsuint)i < (jsuint)(high - low + 1)) {
3372 pc2 += JUMP_OFFSET_LEN + JUMPX_OFFSET_LEN * i;
3373 off = (jsint) GET_JUMPX_OFFSET(pc2);
3374 if (off)
3375 len = off;
3376 }
3377 break;
3378
3379 case JSOP_LOOKUPSWITCHX:
3380 lval = POP_OPND();
3381 pc2 = pc;
3382 len = GET_JUMPX_OFFSET(pc2);
3383
3384 if (!JSVAL_IS_NUMBER(lval) &&
3385 !JSVAL_IS_STRING(lval) &&
3386 !JSVAL_IS_BOOLEAN(lval)) {
3387 goto advance_pc;
3388 }
3389
3390 pc2 += JUMPX_OFFSET_LEN;
3391 npairs = (jsint) GET_ATOM_INDEX(pc2);
3392 pc2 += ATOM_INDEX_LEN;
3393
3394 #define SEARCH_EXTENDED_PAIRS(MATCH_CODE) \
3395 while (npairs) { \
3396 atom = GET_ATOM(cx, script, pc2); \
3397 rval = ATOM_KEY(atom); \
3398 MATCH_CODE \
3399 if (match) { \
3400 pc2 += ATOM_INDEX_LEN; \
3401 len = GET_JUMPX_OFFSET(pc2); \
3402 goto advance_pc; \
3403 } \
3404 pc2 += ATOM_INDEX_LEN + JUMPX_OFFSET_LEN; \
3405 npairs--; \
3406 }
3407 if (JSVAL_IS_STRING(lval)) {
3408 str = JSVAL_TO_STRING(lval);
3409 SEARCH_EXTENDED_PAIRS(
3410 match = (JSVAL_IS_STRING(rval) &&
3411 ((str2 = JSVAL_TO_STRING(rval)) == str ||
3412 !js_CompareStrings(str2, str)));
3413 )
3414 } else if (JSVAL_IS_DOUBLE(lval)) {
3415 d = *JSVAL_TO_DOUBLE(lval);
3416 SEARCH_EXTENDED_PAIRS(
3417 match = (JSVAL_IS_DOUBLE(rval) &&
3418 *JSVAL_TO_DOUBLE(rval) == d);
3419 )
3420 } else {
3421 SEARCH_EXTENDED_PAIRS(
3422 match = (lval == rval);
3423 )
3424 }
3425 #undef SEARCH_EXTENDED_PAIRS
3426 break;
3427
3428 case JSOP_CONDSWITCH:
3429 break;
3430
3431 #endif /* JS_HAS_SWITCH_STATEMENT */
3432
3433 #if JS_HAS_EXPORT_IMPORT
3434 case JSOP_EXPORTALL:
3435 SAVE_SP(fp);
3436 obj = fp->varobj;
3437 ida = JS_Enumerate(cx, obj);
3438 if (!ida) {
3439 ok = JS_FALSE;
3440 } else {
3441 for (i = 0, j = ida->length; i < j; i++) {
3442 id = ida->vector[i];
3443 ok = OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop);
3444 if (!ok)
3445 break;
3446 if (!prop)
3447 continue;
3448 ok = OBJ_GET_ATTRIBUTES(cx, obj, id, prop, &attrs);
3449 if (ok) {
3450 attrs |= JSPROP_EXPORTED;
3451 ok = OBJ_SET_ATTRIBUTES(cx, obj, id, prop, &attrs);
3452 }
3453 OBJ_DROP_PROPERTY(cx, obj2, prop);
3454 if (!ok)
3455 break;
3456 }
3457 JS_DestroyIdArray(cx, ida);
3458 }
3459 break;
3460
3461 case JSOP_EXPORTNAME:
3462 atom = GET_ATOM(cx, script, pc);
3463 id = (jsid)atom;
3464 obj = fp->varobj;
3465 SAVE_SP(fp);
3466 ok = OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop);
3467 if (!ok)
3468 goto out;
3469 if (!prop) {
3470 ok = OBJ_DEFINE_PROPERTY(cx, obj, id, JSVAL_VOID, NULL, NULL,
3471 JSPROP_EXPORTED, NULL);
3472 } else {
3473 ok = OBJ_GET_ATTRIBUTES(cx, obj, id, prop, &attrs);
3474 if (ok) {
3475 attrs |= JSPROP_EXPORTED;
3476 ok = OBJ_SET_ATTRIBUTES(cx, obj, id, prop, &attrs);
3477 }
3478 OBJ_DROP_PROPERTY(cx, obj2, prop);
3479 }
3480 if (!ok)
3481 goto out;
3482 break;
3483
3484 case JSOP_IMPORTALL:
3485 id = (jsid)JSVAL_VOID;
3486 PROPERTY_OP(-1, ok = ImportProperty(cx, obj, id));
3487 sp--;
3488 break;
3489
3490 case JSOP_IMPORTPROP:
3491 /* Get an immediate atom naming the property. */
3492 atom = GET_ATOM(cx, script, pc);
3493 id = (jsid)atom;
3494 PROPERTY_OP(-1, ok = ImportProperty(cx, obj, id));
3495 sp--;
3496 break;
3497
3498 case JSOP_IMPORTELEM:
3499 ELEMENT_OP(-1, ok = ImportProperty(cx, obj, id));
3500 sp -= 2;
3501 break;
3502 #endif /* JS_HAS_EXPORT_IMPORT */
3503
3504 case JSOP_TRAP:
3505 switch (JS_HandleTrap(cx, script, pc, &rval)) {
3506 case JSTRAP_ERROR:
3507 ok = JS_FALSE;
3508 goto out;
3509 case JSTRAP_CONTINUE:
3510 JS_ASSERT(JSVAL_IS_INT(rval));
3511 op = (JSOp) JSVAL_TO_INT(rval);
3512 JS_ASSERT((uintN)op < (uintN)JSOP_LIMIT);
3513 LOAD_INTERRUPT_HANDLER(rt);
3514 goto do_op;
3515 case JSTRAP_RETURN:
3516 fp->rval = rval;
3517 goto out;
3518 #if JS_HAS_EXCEPTIONS
3519 case JSTRAP_THROW:
3520 cx->throwing = JS_TRUE;
3521 cx->exception = rval;
3522 ok = JS_FALSE;
3523 goto out;
3524 #endif /* JS_HAS_EXCEPTIONS */
3525 default:;
3526 }
3527 LOAD_INTERRUPT_HANDLER(rt);
3528 break;
3529
3530 case JSOP_ARGUMENTS:
3531 SAVE_SP(fp);
3532 ok = js_GetArgsValue(cx, fp, &rval);
3533 if (!ok)
3534 goto out;
3535 PUSH_OPND(rval);
3536 break;
3537
3538 case JSOP_ARGSUB:
3539 id = (jsid) INT_TO_JSVAL(GET_ARGNO(pc));
3540 SAVE_SP(fp);
3541 ok = js_GetArgsProperty(cx, fp, id, &obj, &rval);
3542 if (!ok)
3543 goto out;
3544 if (!obj) {
3545 /*
3546 * If arguments was not overridden by eval('arguments = ...'),
3547 * set obj to the magic cookie respected by JSOP_PUSHOBJ, just
3548 * in case this bytecode is part of an 'arguments[i](j, k)' or
3549 * similar such invocation sequence, where the function that
3550 * is invoked expects its 'this' parameter to be the caller's
3551 * arguments object.
3552 */
3553 obj = LAZY_ARGS_THISP;
3554 }
3555 PUSH_OPND(rval);
3556 break;
3557
3558 #undef LAZY_ARGS_THISP
3559
3560 case JSOP_ARGCNT:
3561 id = (jsid) rt->atomState.lengthAtom;
3562 SAVE_SP(fp);
3563 ok = js_GetArgsProperty(cx, fp, id, &obj, &rval);
3564 if (!ok)
3565 goto out;
3566 PUSH_OPND(rval);
3567 break;
3568
3569 case JSOP_GETARG:
3570 slot = GET_ARGNO(pc);
3571 JS_ASSERT(slot < fp->fun->nargs);
3572 PUSH_OPND(fp->argv[slot]);
3573 obj = NULL;
3574 break;
3575
3576 case JSOP_SETARG:
3577 slot = GET_ARGNO(pc);
3578 JS_ASSERT(slot < fp->fun->nargs);
3579 vp = &fp->argv[slot];
3580 GC_POKE(cx, *vp);
3581 *vp = FETCH_OPND(-1);
3582 obj = NULL;
3583 break;
3584
3585 case JSOP_GETVAR:
3586 slot = GET_VARNO(pc);
3587 JS_ASSERT(slot < fp->fun->nvars);
3588 PUSH_OPND(fp->vars[slot]);
3589 obj = NULL;
3590 break;
3591
3592 case JSOP_SETVAR:
3593 slot = GET_VARNO(pc);
3594 JS_ASSERT(slot < fp->fun->nvars);
3595 vp = &fp->vars[slot];
3596 GC_POKE(cx, *vp);
3597 *vp = FETCH_OPND(-1);
3598 obj = NULL;
3599 break;
3600
3601 case JSOP_DEFCONST:
3602 case JSOP_DEFVAR:
3603 {
3604 JSBool defined;
3605
3606 atom = GET_ATOM(cx, script, pc);
3607 obj = fp->varobj;
3608 attrs = JSPROP_ENUMERATE;
3609 if (!(fp->flags & JSFRAME_EVAL))
3610 attrs |= JSPROP_PERMANENT;
3611 if (op == JSOP_DEFCONST)
3612 attrs |= JSPROP_READONLY;
3613
3614 /* Lookup id in order to check for redeclaration problems. */
3615 id = (jsid)atom;
3616 ok = js_CheckRedeclaration(cx, obj, id, attrs, &defined);
3617 if (!ok)
3618 goto out;
3619
3620 /* Bind a variable only if it's not yet defined. */
3621 if (!defined) {
3622 ok = OBJ_DEFINE_PROPERTY(cx, obj, id, JSVAL_VOID, NULL, NULL,
3623 attrs, NULL);
3624 if (!ok)
3625 goto out;
3626 }
3627 break;
3628 }
3629
3630 case JSOP_DEFFUN:
3631 {
3632 uintN flags;
3633
3634 atom = GET_ATOM(cx, script, pc);
3635 obj = ATOM_TO_OBJECT(atom);
3636 fun = (JSFunction *) JS_GetPrivate(cx, obj);
3637 id = (jsid) fun->atom;
3638
3639 /*
3640 * We must be at top-level (either outermost block that forms a
3641 * function's body, or a global) scope, not inside an expression
3642 * (JSOP_{ANON,NAMED}FUNOBJ) or compound statement (JSOP_CLOSURE)
3643 * in the same compilation unit (ECMA Program).
3644 *
3645 * However, we could be in a Program being eval'd from inside a
3646 * with statement, so we need to distinguish variables object from
3647 * scope chain head. Hence the two assignments to parent below.
3648 * First we make sure the function object we're defining has the
3649 * right scope chain. Then we define its name in fp->varobj.
3650 *
3651 * If static link is not current scope, clone fun's object to link
3652 * to the current scope via parent. This clause exists to enable
3653 * sharing of compiled functions among multiple equivalent scopes,
3654 * splitting the cost of compilation evenly among the scopes and
3655 * amortizing it over a number of executions. Examples include XUL
3656 * scripts and event handlers shared among Mozilla chrome windows,
3657 * and server-side JS user-defined functions shared among requests.
3658 *
3659 * NB: The Script object exposes compile and exec in the language,
3660 * such that this clause introduces an incompatible change from old
3661 * JS versions that supported Script. Such a JS version supported
3662 * executing a script that defined and called functions scoped by
3663 * the compile-time static link, not by the exec-time scope chain.
3664 *
3665 * We sacrifice compatibility, breaking such scripts, in order to
3666 * promote compile-cost sharing and amortizing, and because Script
3667 * is not and will not be standardized.
3668 */
3669 parent = fp->scopeChain;
3670 if (OBJ_GET_PARENT(cx, obj) != parent) {
3671 obj = js_CloneFunctionObject(cx, obj, parent);
3672 if (!obj) {
3673 ok = JS_FALSE;
3674 goto out;
3675 }
3676 }
3677
3678 /*
3679 * ECMA requires functions defined when entering Global code to be
3680 * permanent, and functions defined when entering Eval code to be
3681 * impermanent.
3682 */
3683 attrs = JSPROP_ENUMERATE;
3684 if (!(fp->flags & JSFRAME_EVAL))
3685 attrs |= JSPROP_PERMANENT;
3686
3687 /*
3688 * Load function flags that are also property attributes. Getters
3689 * and setters do not need a slot, their value is stored elsewhere
3690 * in the property itself, not in obj->slots.
3691 */
3692 flags = fun->flags & (JSFUN_GETTER | JSFUN_SETTER);
3693 if (flags)
3694 attrs |= flags | JSPROP_SHARED;
3695
3696 /*
3697 * Check for a const property of the same name -- or any kind
3698 * of property if executing with the strict option. We check
3699 * here at runtime as well as at compile-time, to handle eval
3700 * as well as multiple HTML script tags.
3701 */
3702 parent = fp->varobj;
3703 ok = js_CheckRedeclaration(cx, parent, id, attrs, &cond);
3704 if (!ok)
3705 goto out;
3706
3707 ok = OBJ_DEFINE_PROPERTY(cx, parent, id,
3708 flags ? JSVAL_VOID : OBJECT_TO_JSVAL(obj),
3709 (flags & JSFUN_GETTER)
3710 ? (JSPropertyOp) obj
3711 : NULL,
3712 (flags & JSFUN_SETTER)
3713 ? (JSPropertyOp) obj
3714 : NULL,
3715 attrs,
3716 NULL);
3717 if (!ok)
3718 goto out;
3719 break;
3720 }
3721
3722 #if JS_HAS_LEXICAL_CLOSURE
3723 case JSOP_DEFLOCALFUN:
3724 /*
3725 * Define a local function (i.e., one nested at the top level of
3726 * another function), parented by the current scope chain, and
3727 * stored in a local variable slot that the compiler allocated.
3728 * This is an optimization over JSOP_DEFFUN that avoids requiring
3729 * a call object for the outer function's activation.
3730 */
3731 pc2 = pc;
3732 slot = GET_VARNO(pc2);
3733 pc2 += VARNO_LEN;
3734 atom = GET_ATOM(cx, script, pc2);
3735 obj = ATOM_TO_OBJECT(atom);
3736 fun = (JSFunction *) JS_GetPrivate(cx, obj);
3737
3738 parent = fp->scopeChain;
3739 if (OBJ_GET_PARENT(cx, obj) != parent) {
3740 obj = js_CloneFunctionObject(cx, obj, parent);
3741 if (!obj) {
3742 ok = JS_FALSE;
3743 goto out;
3744 }
3745 }
3746 fp->vars[slot] = OBJECT_TO_JSVAL(obj);
3747 break;
3748
3749 case JSOP_ANONFUNOBJ:
3750 /* Push the specified function object literal. */
3751 atom = GET_ATOM(cx, script, pc);
3752 obj = ATOM_TO_OBJECT(atom);
3753
3754 /* If re-parenting, push a clone of the function object. */
3755 parent = fp->scopeChain;
3756 if (OBJ_GET_PARENT(cx, obj) != parent) {
3757 obj = js_CloneFunctionObject(cx, obj, parent);
3758 if (!obj) {
3759 ok = JS_FALSE;
3760 goto out;
3761 }
3762 }
3763 PUSH_OPND(OBJECT_TO_JSVAL(obj));
3764 break;
3765
3766 case JSOP_NAMEDFUNOBJ:
3767 /* ECMA ed. 3 FunctionExpression: function Identifier [etc.]. */
3768 atom = GET_ATOM(cx, script, pc);
3769 rval = ATOM_KEY(atom);
3770 JS_ASSERT(JSVAL_IS_FUNCTION(cx, rval));
3771
3772 /*
3773 * 1. Create a new object as if by the expression new Object().
3774 * 2. Add Result(1) to the front of the scope chain.
3775 *
3776 * Step 2 is achieved by making the new object's parent be the
3777 * current scope chain, and then making the new object the parent
3778 * of the Function object clone.
3779 */
3780 SAVE_SP(fp);
3781 parent = js_ConstructObject(cx, &js_ObjectClass, NULL,
3782 fp->scopeChain, 0, NULL);
3783 if (!parent) {
3784 ok = JS_FALSE;
3785 goto out;
3786 }
3787
3788 /*
3789 * 3. Create a new Function object as specified in section 13.2
3790 * with [parameters and body specified by the function expression
3791 * that was parsed by the compiler into a Function object, and
3792 * saved in the script's atom map].
3793 */
3794 obj = js_CloneFunctionObject(cx, JSVAL_TO_OBJECT(rval), parent);
3795 if (!obj) {
3796 ok = JS_FALSE;
3797 goto out;
3798 }
3799
3800 /*
3801 * 4. Create a property in the object Result(1). The property's
3802 * name is [fun->atom, the identifier parsed by the compiler],
3803 * value is Result(3), and attributes are { DontDelete, ReadOnly }.
3804 */
3805 fun = (JSFunction *) JS_GetPrivate(cx, obj);
3806 attrs = fun->flags & (JSFUN_GETTER | JSFUN_SETTER);
3807 if (attrs)
3808 attrs |= JSPROP_SHARED;
3809 ok = OBJ_DEFINE_PROPERTY(cx, parent, (jsid)fun->atom,
3810 attrs ? JSVAL_VOID : OBJECT_TO_JSVAL(obj),
3811 (attrs & JSFUN_GETTER)
3812 ? (JSPropertyOp) obj
3813 : NULL,
3814 (attrs & JSFUN_SETTER)
3815 ? (JSPropertyOp) obj
3816 : NULL,
3817 attrs |
3818 JSPROP_ENUMERATE | JSPROP_PERMANENT |
3819 JSPROP_READONLY,
3820 NULL);
3821 if (!ok) {
3822 cx->newborn[GCX_OBJECT] = NULL;
3823 goto out;
3824 }
3825
3826 /*
3827 * 5. Remove Result(1) from the front of the scope chain [no-op].
3828 * 6. Return Result(3).
3829 */
3830 PUSH_OPND(OBJECT_TO_JSVAL(obj));
3831 break;
3832
3833 case JSOP_CLOSURE:
3834 /*
3835 * ECMA ed. 3 extension: a named function expression in a compound
3836 * statement (not at the top statement level of global code, or at
3837 * the top level of a function body).
3838 *
3839 * Get immediate operand atom, which is a function object literal.
3840 * From it, get the function to close.
3841 */
3842 atom = GET_ATOM(cx, script, pc);
3843 JS_ASSERT(JSVAL_IS_FUNCTION(cx, ATOM_KEY(atom)));
3844 obj = ATOM_TO_OBJECT(atom);
3845
3846 /*
3847 * Clone the function object with the current scope chain as the
3848 * clone's parent. The original function object is the prototype
3849 * of the clone. Do this only if re-parenting; the compiler may
3850 * have seen the right parent already and created a sufficiently
3851 * well-scoped function object.
3852 */
3853 SAVE_SP(fp);
3854 parent = fp->scopeChain;
3855 if (OBJ_GET_PARENT(cx, obj) != parent) {
3856 obj = js_CloneFunctionObject(cx, obj, parent);
3857 if (!obj) {
3858 ok = JS_FALSE;
3859 goto out;
3860 }
3861 }
3862
3863 /*
3864 * Make a property in fp->varobj with id fun->atom and value obj,
3865 * unless fun is a getter or setter (in which case, obj is cast to
3866 * a JSPropertyOp and passed accordingly).
3867 */
3868 fun = (JSFunction *) JS_GetPrivate(cx, obj);
3869 attrs = fun->flags & (JSFUN_GETTER | JSFUN_SETTER);
3870 if (attrs)
3871 attrs |= JSPROP_SHARED;
3872 ok = OBJ_DEFINE_PROPERTY(cx, fp->varobj, (jsid)fun->atom,
3873 attrs ? JSVAL_VOID : OBJECT_TO_JSVAL(obj),
3874 (attrs & JSFUN_GETTER)
3875 ? (JSPropertyOp) obj
3876 : NULL,
3877 (attrs & JSFUN_SETTER)
3878 ? (JSPropertyOp) obj
3879 : NULL,
3880 attrs | JSPROP_ENUMERATE,
3881 NULL);
3882 if (!ok) {
3883 cx->newborn[GCX_OBJECT] = NULL;
3884 goto out;
3885 }
3886 break;
3887 #endif /* JS_HAS_LEXICAL_CLOSURE */
3888
3889 #if JS_HAS_GETTER_SETTER
3890 case JSOP_GETTER:
3891 case JSOP_SETTER:
3892 JS_ASSERT(len == 1);
3893 op2 = (JSOp) *++pc;
3894 cs = &js_CodeSpec[op2];
3895 len = cs->length;
3896 switch (op2) {
3897 case JSOP_SETNAME:
3898 case JSOP_SETPROP:
3899 atom = GET_ATOM(cx, script, pc);
3900 id = (jsid)atom;
3901 i = -1;
3902 rval = FETCH_OPND(i);
3903 goto gs_pop_lval;
3904
3905 case JSOP_SETELEM:
3906 rval = FETCH_OPND(-1);
3907 i = -2;
3908 FETCH_ELEMENT_ID(i, id);
3909 gs_pop_lval:
3910 lval = FETCH_OPND(i-1);
3911 VALUE_TO_OBJECT(cx, lval, obj);
3912 break;
3913
3914 #if JS_HAS_INITIALIZERS
3915 case JSOP_INITPROP:
3916 JS_ASSERT(sp - fp->spbase >= 2);
3917 i = -1;
3918 rval = FETCH_OPND(i);
3919 atom = GET_ATOM(cx, script, pc);
3920 id = (jsid)atom;
3921 goto gs_get_lval;
3922
3923 case JSOP_INITELEM:
3924 JS_ASSERT(sp - fp->spbase >= 3);
3925 rval = FETCH_OPND(-1);
3926 i = -2;
3927 FETCH_ELEMENT_ID(i, id);
3928 gs_get_lval:
3929 lval = FETCH_OPND(i-1);
3930 JS_ASSERT(JSVAL_IS_OBJECT(lval));
3931 obj = JSVAL_TO_OBJECT(lval);
3932 break;
3933 #endif /* JS_HAS_INITIALIZERS */
3934
3935 default:
3936 JS_ASSERT(0);
3937 }
3938
3939 if (JS_TypeOfValue(cx, rval) != JSTYPE_FUNCTION) {
3940 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
3941 JSMSG_BAD_GETTER_OR_SETTER,
3942 (op == JSOP_GETTER)
3943 ? js_getter_str
3944 : js_setter_str);
3945 ok = JS_FALSE;
3946 goto out;
3947 }
3948
3949 /*
3950 * Getters and setters are just like watchpoints from an access
3951 * control point of view.
3952 */
3953 SAVE_SP(fp);
3954 ok = OBJ_CHECK_ACCESS(cx, obj, id, JSACC_WATCH, &rtmp, &attrs);
3955 if (!ok)
3956 goto out;
3957
3958 if (op == JSOP_GETTER) {
3959 getter = (JSPropertyOp) JSVAL_TO_OBJECT(rval);
3960 setter = NULL;
3961 attrs = JSPROP_GETTER;
3962 } else {
3963 getter = NULL;
3964 setter = (JSPropertyOp) JSVAL_TO_OBJECT(rval);
3965 attrs = JSPROP_SETTER;
3966 }
3967 attrs |= JSPROP_ENUMERATE | JSPROP_SHARED;
3968
3969 /* Check for a readonly or permanent property of the same name. */
3970 ok = js_CheckRedeclaration(cx, obj, id, attrs, &cond);
3971 if (!ok)
3972 goto out;
3973
3974 ok = OBJ_DEFINE_PROPERTY(cx, obj, id, JSVAL_VOID, getter, setter,
3975 attrs, NULL);
3976 if (!ok)
3977 goto out;
3978
3979 sp += i;
3980 if (cs->ndefs)
3981 STORE_OPND(-1, rval);
3982 break;
3983 #endif /* JS_HAS_GETTER_SETTER */
3984
3985 #if JS_HAS_INITIALIZERS
3986 case JSOP_NEWINIT:
3987 argc = 0;
3988 fp->sharpDepth++;
3989 goto do_new;
3990
3991 case JSOP_ENDINIT:
3992 if (--fp->sharpDepth == 0)
3993 fp->sharpArray = NULL;
3994
3995 /* Re-set the newborn root to the top of this object tree. */
3996 JS_ASSERT(sp - fp->spbase >= 1);
3997 lval = FETCH_OPND(-1);
3998 JS_ASSERT(JSVAL_IS_OBJECT(lval));
3999 cx->newborn[GCX_OBJECT] = JSVAL_TO_GCTHING(lval);
4000 break;
4001
4002 case JSOP_INITPROP:
4003 /* Pop the property's value into rval. */
4004 JS_ASSERT(sp - fp->spbase >= 2);
4005 rval = FETCH_OPND(-1);
4006
4007 /* Get the immediate property name into id. */
4008 atom = GET_ATOM(cx, script, pc);
4009 id = (jsid)atom;
4010 i = -1;
4011 goto do_init;
4012
4013 case JSOP_INITELEM:
4014 /* Pop the element's value into rval. */
4015 JS_ASSERT(sp - fp->spbase >= 3);
4016 rval = FETCH_OPND(-1);
4017
4018 /* Pop and conditionally atomize the element id. */
4019 FETCH_ELEMENT_ID(-2, id);
4020 i = -2;
4021
4022 do_init:
4023 /* Find the object being initialized at top of stack. */
4024 lval = FETCH_OPND(i-1);
4025 JS_ASSERT(JSVAL_IS_OBJECT(lval));
4026 obj = JSVAL_TO_OBJECT(lval);
4027
4028 /* Set the property named by obj[id] to rval. */
4029 SAVE_SP(fp);
4030 ok = OBJ_SET_PROPERTY(cx, obj, id, &rval);
4031 if (!ok)
4032 goto out;
4033 sp += i;
4034 break;
4035
4036 #if JS_HAS_SHARP_VARS
4037 case JSOP_DEFSHARP:
4038 SAVE_SP(fp);
4039 obj = fp->sharpArray;
4040 if (!obj) {
4041 obj = js_NewArrayObject(cx, 0, NULL);
4042 if (!obj) {
4043 ok = JS_FALSE;
4044 goto out;
4045 }
4046 fp->sharpArray = obj;
4047 }
4048 i = (jsint) GET_ATOM_INDEX(pc);
4049 id = (jsid) INT_TO_JSVAL(i);
4050 rval = FETCH_OPND(-1);
4051 if (JSVAL_IS_PRIMITIVE(rval)) {
4052 char numBuf[12];
4053 JS_snprintf(numBuf, sizeof numBuf, "%u", (unsigned) i);
4054 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
4055 JSMSG_BAD_SHARP_DEF, numBuf);
4056 ok = JS_FALSE;
4057 goto out;
4058 }
4059 ok = OBJ_SET_PROPERTY(cx, obj, id, &rval);
4060 if (!ok)
4061 goto out;
4062 break;
4063
4064 case JSOP_USESHARP:
4065 i = (jsint) GET_ATOM_INDEX(pc);
4066 id = (jsid) INT_TO_JSVAL(i);
4067 obj = fp->sharpArray;
4068 if (!obj) {
4069 rval = JSVAL_VOID;
4070 } else {
4071 SAVE_SP(fp);
4072 ok = OBJ_GET_PROPERTY(cx, obj, id, &rval);
4073 if (!ok)
4074 goto out;
4075 }
4076 if (!JSVAL_IS_OBJECT(rval)) {
4077 char numBuf[12];
4078 JS_snprintf(numBuf, sizeof numBuf, "%u", (unsigned) i);
4079 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
4080 JSMSG_BAD_SHARP_USE, numBuf);
4081 ok = JS_FALSE;
4082 goto out;
4083 }
4084 PUSH_OPND(rval);
4085 break;
4086 #endif /* JS_HAS_SHARP_VARS */
4087 #endif /* JS_HAS_INITIALIZERS */
4088
4089 #if JS_HAS_EXCEPTIONS
4090 /* No-ops for ease of decompilation and jit'ing. */
4091 case JSOP_TRY:
4092 case JSOP_FINALLY:
4093 break;
4094
4095 /* Reset the stack to the given depth. */
4096 case JSOP_SETSP:
4097 i = (jsint) GET_ATOM_INDEX(pc);
4098 JS_ASSERT(i >= 0);
4099 sp = fp->spbase + i;
4100 break;
4101
4102 case JSOP_GOSUB:
4103 i = PTRDIFF(pc, script->main, jsbytecode) + len;
4104 len = GET_JUMP_OFFSET(pc);
4105 PUSH(INT_TO_JSVAL(i));
4106 break;
4107
4108 case JSOP_GOSUBX:
4109 i = PTRDIFF(pc, script->main, jsbytecode) + len;
4110 len = GET_JUMPX_OFFSET(pc);
4111 PUSH(INT_TO_JSVAL(i));
4112 break;
4113
4114 case JSOP_RETSUB:
4115 rval = POP();
4116 JS_ASSERT(JSVAL_IS_INT(rval));
4117 i = JSVAL_TO_INT(rval);
4118 pc = script->main + i;
4119 len = 0;
4120 break;
4121
4122 case JSOP_EXCEPTION:
4123 PUSH(cx->exception);
4124 break;
4125
4126 case JSOP_THROW:
4127 cx->throwing = JS_TRUE;
4128 cx->exception = POP_OPND();
4129 ok = JS_FALSE;
4130 /* let the code at out try to catch the exception. */
4131 goto out;
4132
4133 case JSOP_INITCATCHVAR:
4134 /* Pop the property's value into rval. */
4135 JS_ASSERT(sp - fp->spbase >= 2);
4136 rval = POP_OPND();
4137
4138 /* Get the immediate catch variable name into id. */
4139 atom = GET_ATOM(cx, script, pc);
4140 id = (jsid)atom;
4141
4142 /* Find the object being initialized at top of stack. */
4143 lval = FETCH_OPND(-1);
4144 JS_ASSERT(JSVAL_IS_OBJECT(lval));
4145 obj = JSVAL_TO_OBJECT(lval);
4146
4147 /* Define obj[id] to contain rval and to be permanent. */
4148 SAVE_SP(fp);
4149 ok = OBJ_DEFINE_PROPERTY(cx, obj, id, rval, NULL, NULL,
4150 JSPROP_PERMANENT, NULL);
4151 if (!ok)
4152 goto out;
4153 break;
4154 #endif /* JS_HAS_EXCEPTIONS */
4155
4156 #if JS_HAS_INSTANCEOF
4157 case JSOP_INSTANCEOF:
4158 rval = FETCH_OPND(-1);
4159 if (JSVAL_IS_PRIMITIVE(rval)) {
4160 SAVE_SP(fp);
4161 str = js_DecompileValueGenerator(cx, -1, rval, NULL);
4162 if (str) {
4163 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
4164 JSMSG_BAD_INSTANCEOF_RHS,
4165 JS_GetStringBytes(str));
4166 }
4167 ok = JS_FALSE;
4168 goto out;
4169 }
4170 obj = JSVAL_TO_OBJECT(rval);
4171 lval = FETCH_OPND(-2);
4172 cond = JS_FALSE;
4173 if (obj->map->ops->hasInstance) {
4174 SAVE_SP(fp);
4175 ok = obj->map->ops->hasInstance(cx, obj, lval, &cond);
4176 if (!ok)
4177 goto out;
4178 }
4179 sp--;
4180 STORE_OPND(-1, BOOLEAN_TO_JSVAL(cond));
4181 break;
4182 #endif /* JS_HAS_INSTANCEOF */
4183
4184 #if JS_HAS_DEBUGGER_KEYWORD
4185 case JSOP_DEBUGGER:
4186 {
4187 JSTrapHandler handler = rt->debuggerHandler;
4188 if (handler) {
4189 SAVE_SP(fp);
4190 switch (handler(cx, script, pc, &rval,
4191 rt->debuggerHandlerData)) {
4192 case JSTRAP_ERROR:
4193 ok = JS_FALSE;
4194 goto out;
4195 case JSTRAP_CONTINUE:
4196 break;
4197 case JSTRAP_RETURN:
4198 fp->rval = rval;
4199 goto out;
4200 #if JS_HAS_EXCEPTIONS
4201 case JSTRAP_THROW:
4202 cx->throwing = JS_TRUE;
4203 cx->exception = rval;
4204 ok = JS_FALSE;
4205 goto out;
4206 #endif /* JS_HAS_EXCEPTIONS */
4207 default:;
4208 }
4209 LOAD_INTERRUPT_HANDLER(rt);
4210 }
4211 break;
4212 }
4213 #endif /* JS_HAS_DEBUGGER_KEYWORD */
4214
4215 default: {
4216 char numBuf[12];
4217 JS_snprintf(numBuf, sizeof numBuf, "%d", op);
4218 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
4219 JSMSG_BAD_BYTECODE, numBuf);
4220 ok = JS_FALSE;
4221 goto out;
4222 }
4223 }
4224
4225 advance_pc:
4226 pc += len;
4227
4228 #ifdef DEBUG
4229 if (tracefp) {
4230 intN ndefs, n;
4231 jsval *siter;
4232
4233 ndefs = cs->ndefs;
4234 if (ndefs) {
4235 SAVE_SP(fp);
4236 for (n = -ndefs; n < 0; n++) {
4237 str = js_DecompileValueGenerator(cx, n, sp[n], NULL);
4238 if (str) {
4239 fprintf(tracefp, "%s %s",
4240 (n == -ndefs) ? " output:" : ",",
4241 JS_GetStringBytes(str));
4242 }
4243 }
4244 fprintf(tracefp, " @ %d\n", sp - fp->spbase);
4245 }
4246 fprintf(tracefp, " stack: ");
4247 for (siter = fp->spbase; siter < sp; siter++) {
4248 str = js_ValueToSource(cx, *siter);
4249 fprintf(tracefp, "%s ",
4250 str ? JS_GetStringBytes(str) : "<null>");
4251 }
4252 fputc('\n', tracefp);
4253 }
4254 #endif
4255 }
4256 out:
4257
4258 #if JS_HAS_EXCEPTIONS
4259 /*
4260 * Has an exception been raised?
4261 */
4262 if (!ok && cx->throwing) {
4263 /*
4264 * Call debugger throw hook if set (XXX thread safety?).
4265 */
4266 JSTrapHandler handler = rt->throwHook;
4267 if (handler) {
4268 SAVE_SP(fp);
4269 switch (handler(cx, script, pc, &rval, rt->throwHookData)) {
4270 case JSTRAP_ERROR:
4271 cx->throwing = JS_FALSE;
4272 goto no_catch;
4273 case JSTRAP_RETURN:
4274 ok = JS_TRUE;
4275 cx->throwing = JS_FALSE;
4276 fp->rval = rval;
4277 goto no_catch;
4278 case JSTRAP_THROW:
4279 cx->exception = rval;
4280 case JSTRAP_CONTINUE:
4281 default:;
4282 }
4283 LOAD_INTERRUPT_HANDLER(rt);
4284 }
4285
4286 /*
4287 * Look for a try block within this frame that can catch the exception.
4288 */
4289 SCRIPT_FIND_CATCH_START(script, pc, pc);
4290 if (pc) {
4291 len = 0;
4292 cx->throwing = JS_FALSE; /* caught */
4293 ok = JS_TRUE;
4294 goto advance_pc;
4295 }
4296 }
4297 no_catch:
4298 #endif
4299
4300 /*
4301 * Check whether control fell off the end of a lightweight function, or an
4302 * exception thrown under such a function was not caught by it. If so, go
4303 * to the inline code under JSOP_RETURN.
4304 */
4305 if (inlineCallCount)
4306 goto inline_return;
4307
4308 /*
4309 * Reset sp before freeing stack slots, because our caller may GC soon.
4310 * Clear spbase to indicate that we've popped the 2 * depth operand slots.
4311 * Restore the previous frame's execution state.
4312 */
4313 fp->sp = fp->spbase;
4314 fp->spbase = NULL;
4315 js_FreeRawStack(cx, mark);
4316 if (cx->version == currentVersion && currentVersion != originalVersion)
4317 JS_SetVersion(cx, originalVersion);
4318 cx->interpLevel--;
4319 return ok;
4320
4321 atom_not_defined:
4322 {
4323 const char *printable = js_AtomToPrintableString(cx, atom);
4324 if (printable)
4325 js_ReportIsNotDefined(cx, printable);
4326 ok = JS_FALSE;
4327 goto out;
4328 }
4329 }
A decoder/renderer for Macromedia Flash animations.