https://github.com/mozilla/gecko-dev
Tip revision: ba36715b3b9584b7746306c7709f0530c6f643a5 authored by ffxbld on 06 September 2018, 06:31:42 UTC
No bug, Automated blocklist update from host bld-linux64-spot-302 - a=blocklist-update
No bug, Automated blocklist update from host bld-linux64-spot-302 - a=blocklist-update
Tip revision: ba36715
BytecodeEmitter.cpp
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
* vim: set ts=8 sts=4 et sw=4 tw=99:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* JS bytecode generation.
*/
#include "frontend/BytecodeEmitter.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/DebugOnly.h"
#include "mozilla/FloatingPoint.h"
#include "mozilla/Maybe.h"
#include "mozilla/PodOperations.h"
#include <string.h>
#include "jsapi.h"
#include "jsatom.h"
#include "jscntxt.h"
#include "jsfun.h"
#include "jsnum.h"
#include "jsopcode.h"
#include "jsscript.h"
#include "jstypes.h"
#include "jsutil.h"
#include "frontend/Parser.h"
#include "frontend/TokenStream.h"
#include "vm/Debugger.h"
#include "vm/GeneratorObject.h"
#include "vm/Stack.h"
#include "wasm/AsmJS.h"
#include "jsatominlines.h"
#include "jsobjinlines.h"
#include "jsscriptinlines.h"
#include "frontend/ParseNode-inl.h"
#include "vm/EnvironmentObject-inl.h"
#include "vm/NativeObject-inl.h"
using namespace js;
using namespace js::gc;
using namespace js::frontend;
using mozilla::AssertedCast;
using mozilla::DebugOnly;
using mozilla::Maybe;
using mozilla::Nothing;
using mozilla::NumberIsInt32;
using mozilla::PodCopy;
using mozilla::Some;
class BreakableControl;
class LabelControl;
class LoopControl;
class TryFinallyControl;
static bool
ParseNodeRequiresSpecialLineNumberNotes(ParseNode* pn)
{
return pn->getKind() == PNK_WHILE || pn->getKind() == PNK_FOR;
}
// A cache that tracks superfluous TDZ checks.
//
// Each basic block should have a TDZCheckCache in scope. Some NestableControl
// subclasses contain a TDZCheckCache.
class BytecodeEmitter::TDZCheckCache : public Nestable<BytecodeEmitter::TDZCheckCache>
{
PooledMapPtr<CheckTDZMap> cache_;
MOZ_MUST_USE bool ensureCache(BytecodeEmitter* bce) {
return cache_ || cache_.acquire(bce->cx);
}
public:
explicit TDZCheckCache(BytecodeEmitter* bce)
: Nestable<TDZCheckCache>(&bce->innermostTDZCheckCache),
cache_(bce->cx->frontendCollectionPool())
{ }
Maybe<MaybeCheckTDZ> needsTDZCheck(BytecodeEmitter* bce, JSAtom* name);
MOZ_MUST_USE bool noteTDZCheck(BytecodeEmitter* bce, JSAtom* name, MaybeCheckTDZ check);
};
class BytecodeEmitter::NestableControl : public Nestable<BytecodeEmitter::NestableControl>
{
StatementKind kind_;
// The innermost scope when this was pushed.
EmitterScope* emitterScope_;
protected:
NestableControl(BytecodeEmitter* bce, StatementKind kind)
: Nestable<NestableControl>(&bce->innermostNestableControl),
kind_(kind),
emitterScope_(bce->innermostEmitterScope)
{ }
public:
using Nestable<NestableControl>::enclosing;
using Nestable<NestableControl>::findNearest;
StatementKind kind() const {
return kind_;
}
EmitterScope* emitterScope() const {
return emitterScope_;
}
template <typename T>
bool is() const;
template <typename T>
T& as() {
MOZ_ASSERT(this->is<T>());
return static_cast<T&>(*this);
}
};
// Template specializations are disallowed in different namespaces; specialize
// all the NestableControl subtypes up front.
namespace js {
namespace frontend {
template <>
bool
BytecodeEmitter::NestableControl::is<BreakableControl>() const
{
return StatementKindIsUnlabeledBreakTarget(kind_) || kind_ == StatementKind::Label;
}
template <>
bool
BytecodeEmitter::NestableControl::is<LabelControl>() const
{
return kind_ == StatementKind::Label;
}
template <>
bool
BytecodeEmitter::NestableControl::is<LoopControl>() const
{
return StatementKindIsLoop(kind_);
}
template <>
bool
BytecodeEmitter::NestableControl::is<TryFinallyControl>() const
{
return kind_ == StatementKind::Try || kind_ == StatementKind::Finally;
}
} // namespace frontend
} // namespace js
class BreakableControl : public BytecodeEmitter::NestableControl
{
public:
// Offset of the last break.
JumpList breaks;
BreakableControl(BytecodeEmitter* bce, StatementKind kind)
: NestableControl(bce, kind)
{
MOZ_ASSERT(is<BreakableControl>());
}
MOZ_MUST_USE bool patchBreaks(BytecodeEmitter* bce) {
return bce->emitJumpTargetAndPatch(breaks);
}
};
class LabelControl : public BreakableControl
{
RootedAtom label_;
// The code offset when this was pushed. Used for effectfulness checking.
ptrdiff_t startOffset_;
public:
LabelControl(BytecodeEmitter* bce, JSAtom* label, ptrdiff_t startOffset)
: BreakableControl(bce, StatementKind::Label),
label_(bce->cx, label),
startOffset_(startOffset)
{ }
HandleAtom label() const {
return label_;
}
ptrdiff_t startOffset() const {
return startOffset_;
}
};
class LoopControl : public BreakableControl
{
// Loops' children are emitted in dominance order, so they can always
// have a TDZCheckCache.
BytecodeEmitter::TDZCheckCache tdzCache_;
// Stack depth when this loop was pushed on the control stack.
int32_t stackDepth_;
// The loop nesting depth. Used as a hint to Ion.
uint32_t loopDepth_;
// Can we OSR into Ion from here? True unless there is non-loop state on the stack.
bool canIonOsr_;
public:
// The target of continue statement jumps, e.g., the update portion of a
// for(;;) loop.
JumpTarget continueTarget;
// Offset of the last continue in the loop.
JumpList continues;
LoopControl(BytecodeEmitter* bce, StatementKind loopKind)
: BreakableControl(bce, loopKind),
tdzCache_(bce),
continueTarget({ -1 })
{
MOZ_ASSERT(is<LoopControl>());
LoopControl* enclosingLoop = findNearest<LoopControl>(enclosing());
stackDepth_ = bce->stackDepth;
loopDepth_ = enclosingLoop ? enclosingLoop->loopDepth_ + 1 : 1;
int loopSlots;
if (loopKind == StatementKind::Spread)
loopSlots = 3;
else if (loopKind == StatementKind::ForInLoop || loopKind == StatementKind::ForOfLoop)
loopSlots = 2;
else
loopSlots = 0;
MOZ_ASSERT(loopSlots <= stackDepth_);
if (enclosingLoop) {
canIonOsr_ = (enclosingLoop->canIonOsr_ &&
stackDepth_ == enclosingLoop->stackDepth_ + loopSlots);
} else {
canIonOsr_ = stackDepth_ == loopSlots;
}
}
uint32_t loopDepth() const {
return loopDepth_;
}
bool canIonOsr() const {
return canIonOsr_;
}
MOZ_MUST_USE bool patchBreaksAndContinues(BytecodeEmitter* bce) {
MOZ_ASSERT(continueTarget.offset != -1);
if (!patchBreaks(bce))
return false;
bce->patchJumpsToTarget(continues, continueTarget);
return true;
}
};
class TryFinallyControl : public BytecodeEmitter::NestableControl
{
bool emittingSubroutine_;
public:
// The subroutine when emitting a finally block.
JumpList gosubs;
// Offset of the last catch guard, if any.
JumpList guardJump;
TryFinallyControl(BytecodeEmitter* bce, StatementKind kind)
: NestableControl(bce, kind),
emittingSubroutine_(false)
{
MOZ_ASSERT(is<TryFinallyControl>());
}
void setEmittingSubroutine() {
emittingSubroutine_ = true;
}
bool emittingSubroutine() const {
return emittingSubroutine_;
}
};
static bool
ScopeKindIsInBody(ScopeKind kind)
{
return kind == ScopeKind::Lexical ||
kind == ScopeKind::SimpleCatch ||
kind == ScopeKind::Catch ||
kind == ScopeKind::With ||
kind == ScopeKind::FunctionBodyVar ||
kind == ScopeKind::ParameterExpressionVar;
}
static inline void
MarkAllBindingsClosedOver(LexicalScope::Data& data)
{
BindingName* names = data.names;
for (uint32_t i = 0; i < data.length; i++)
names[i] = BindingName(names[i].name(), true);
}
// A scope that introduces bindings.
class BytecodeEmitter::EmitterScope : public Nestable<BytecodeEmitter::EmitterScope>
{
// The cache of bound names that may be looked up in the
// scope. Initially populated as the set of names this scope binds. As
// names are looked up in enclosing scopes, they are cached on the
// current scope.
PooledMapPtr<NameLocationMap> nameCache_;
// If this scope's cache does not include free names, such as the
// global scope, the NameLocation to return.
Maybe<NameLocation> fallbackFreeNameLocation_;
// True if there is a corresponding EnvironmentObject on the environment
// chain, false if all bindings are stored in frame slots on the stack.
bool hasEnvironment_;
// The number of enclosing environments. Used for error checking.
uint8_t environmentChainLength_;
// The next usable slot on the frame for not-closed over bindings.
//
// The initial frame slot when assigning slots to bindings is the
// enclosing scope's nextFrameSlot. For the first scope in a frame,
// the initial frame slot is 0.
uint32_t nextFrameSlot_;
// The index in the BytecodeEmitter's interned scope vector, otherwise
// ScopeNote::NoScopeIndex.
uint32_t scopeIndex_;
// If kind is Lexical, Catch, or With, the index in the BytecodeEmitter's
// block scope note list. Otherwise ScopeNote::NoScopeNote.
uint32_t noteIndex_;
MOZ_MUST_USE bool ensureCache(BytecodeEmitter* bce) {
return nameCache_.acquire(bce->cx);
}
template <typename BindingIter>
MOZ_MUST_USE bool checkSlotLimits(BytecodeEmitter* bce, const BindingIter& bi) {
if (bi.nextFrameSlot() >= LOCALNO_LIMIT ||
bi.nextEnvironmentSlot() >= ENVCOORD_SLOT_LIMIT)
{
return bce->reportError(nullptr, JSMSG_TOO_MANY_LOCALS);
}
return true;
}
MOZ_MUST_USE bool checkEnvironmentChainLength(BytecodeEmitter* bce) {
uint32_t hops;
if (EmitterScope* emitterScope = enclosing(&bce))
hops = emitterScope->environmentChainLength_;
else
hops = bce->sc->compilationEnclosingScope()->environmentChainLength();
if (hops >= ENVCOORD_HOPS_LIMIT - 1)
return bce->reportError(nullptr, JSMSG_TOO_DEEP, js_function_str);
environmentChainLength_ = mozilla::AssertedCast<uint8_t>(hops + 1);
return true;
}
void updateFrameFixedSlots(BytecodeEmitter* bce, const BindingIter& bi) {
nextFrameSlot_ = bi.nextFrameSlot();
if (nextFrameSlot_ > bce->maxFixedSlots)
bce->maxFixedSlots = nextFrameSlot_;
MOZ_ASSERT_IF(bce->sc->isFunctionBox() && bce->sc->asFunctionBox()->isGenerator(),
bce->maxFixedSlots == 0);
}
MOZ_MUST_USE bool putNameInCache(BytecodeEmitter* bce, JSAtom* name, NameLocation loc) {
NameLocationMap& cache = *nameCache_;
NameLocationMap::AddPtr p = cache.lookupForAdd(name);
MOZ_ASSERT(!p);
if (!cache.add(p, name, loc)) {
ReportOutOfMemory(bce->cx);
return false;
}
return true;
}
Maybe<NameLocation> lookupInCache(BytecodeEmitter* bce, JSAtom* name) {
if (NameLocationMap::Ptr p = nameCache_->lookup(name))
return Some(p->value().wrapped);
if (fallbackFreeNameLocation_ && nameCanBeFree(bce, name))
return fallbackFreeNameLocation_;
return Nothing();
}
friend bool BytecodeEmitter::needsImplicitThis();
EmitterScope* enclosing(BytecodeEmitter** bce) const {
// There is an enclosing scope with access to the same frame.
if (EmitterScope* inFrame = enclosingInFrame())
return inFrame;
// We are currently compiling the enclosing script, look in the
// enclosing BCE.
if ((*bce)->parent) {
*bce = (*bce)->parent;
return (*bce)->innermostEmitterScope;
}
return nullptr;
}
Scope* enclosingScope(BytecodeEmitter* bce) const {
if (EmitterScope* es = enclosing(&bce))
return es->scope(bce);
// The enclosing script is already compiled or the current script is the
// global script.
return bce->sc->compilationEnclosingScope();
}
static bool nameCanBeFree(BytecodeEmitter* bce, JSAtom* name) {
// '.generator' cannot be accessed by name.
return name != bce->cx->names().dotGenerator;
}
static NameLocation searchInEnclosingScope(JSAtom* name, Scope* scope, uint8_t hops);
NameLocation searchAndCache(BytecodeEmitter* bce, JSAtom* name);
template <typename ScopeCreator>
MOZ_MUST_USE bool internScope(BytecodeEmitter* bce, ScopeCreator createScope);
template <typename ScopeCreator>
MOZ_MUST_USE bool internBodyScope(BytecodeEmitter* bce, ScopeCreator createScope);
MOZ_MUST_USE bool appendScopeNote(BytecodeEmitter* bce);
MOZ_MUST_USE bool deadZoneFrameSlotRange(BytecodeEmitter* bce, uint32_t slotStart,
uint32_t slotEnd);
public:
explicit EmitterScope(BytecodeEmitter* bce)
: Nestable<EmitterScope>(&bce->innermostEmitterScope),
nameCache_(bce->cx->frontendCollectionPool()),
hasEnvironment_(false),
environmentChainLength_(0),
nextFrameSlot_(0),
scopeIndex_(ScopeNote::NoScopeIndex),
noteIndex_(ScopeNote::NoScopeNoteIndex)
{ }
void dump(BytecodeEmitter* bce);
MOZ_MUST_USE bool enterLexical(BytecodeEmitter* bce, ScopeKind kind,
Handle<LexicalScope::Data*> bindings);
MOZ_MUST_USE bool enterNamedLambda(BytecodeEmitter* bce, FunctionBox* funbox);
MOZ_MUST_USE bool enterComprehensionFor(BytecodeEmitter* bce,
Handle<LexicalScope::Data*> bindings);
MOZ_MUST_USE bool enterFunction(BytecodeEmitter* bce, FunctionBox* funbox);
MOZ_MUST_USE bool enterFunctionExtraBodyVar(BytecodeEmitter* bce, FunctionBox* funbox);
MOZ_MUST_USE bool enterParameterExpressionVar(BytecodeEmitter* bce);
MOZ_MUST_USE bool enterGlobal(BytecodeEmitter* bce, GlobalSharedContext* globalsc);
MOZ_MUST_USE bool enterEval(BytecodeEmitter* bce, EvalSharedContext* evalsc);
MOZ_MUST_USE bool enterModule(BytecodeEmitter* module, ModuleSharedContext* modulesc);
MOZ_MUST_USE bool enterWith(BytecodeEmitter* bce);
MOZ_MUST_USE bool deadZoneFrameSlots(BytecodeEmitter* bce);
MOZ_MUST_USE bool leave(BytecodeEmitter* bce, bool nonLocal = false);
uint32_t index() const {
MOZ_ASSERT(scopeIndex_ != ScopeNote::NoScopeIndex, "Did you forget to intern a Scope?");
return scopeIndex_;
}
uint32_t noteIndex() const {
return noteIndex_;
}
Scope* scope(const BytecodeEmitter* bce) const {
return bce->scopeList.vector[index()];
}
bool hasEnvironment() const {
return hasEnvironment_;
}
// The first frame slot used.
uint32_t frameSlotStart() const {
if (EmitterScope* inFrame = enclosingInFrame())
return inFrame->nextFrameSlot_;
return 0;
}
// The last frame slot used + 1.
uint32_t frameSlotEnd() const {
return nextFrameSlot_;
}
uint32_t numFrameSlots() const {
return frameSlotEnd() - frameSlotStart();
}
EmitterScope* enclosingInFrame() const {
return Nestable<EmitterScope>::enclosing();
}
NameLocation lookup(BytecodeEmitter* bce, JSAtom* name) {
if (Maybe<NameLocation> loc = lookupInCache(bce, name))
return *loc;
return searchAndCache(bce, name);
}
Maybe<NameLocation> locationBoundInScope(BytecodeEmitter* bce, JSAtom* name,
EmitterScope* target);
};
void
BytecodeEmitter::EmitterScope::dump(BytecodeEmitter* bce)
{
fprintf(stdout, "EmitterScope [%s] %p\n", ScopeKindString(scope(bce)->kind()), this);
for (NameLocationMap::Range r = nameCache_->all(); !r.empty(); r.popFront()) {
const NameLocation& l = r.front().value();
JSAutoByteString bytes;
if (!AtomToPrintableString(bce->cx, r.front().key(), &bytes))
return;
if (l.kind() != NameLocation::Kind::Dynamic)
fprintf(stdout, " %s %s ", BindingKindString(l.bindingKind()), bytes.ptr());
else
fprintf(stdout, " %s ", bytes.ptr());
switch (l.kind()) {
case NameLocation::Kind::Dynamic:
fprintf(stdout, "dynamic\n");
break;
case NameLocation::Kind::Global:
fprintf(stdout, "global\n");
break;
case NameLocation::Kind::Intrinsic:
fprintf(stdout, "intrinsic\n");
break;
case NameLocation::Kind::NamedLambdaCallee:
fprintf(stdout, "named lambda callee\n");
break;
case NameLocation::Kind::Import:
fprintf(stdout, "import\n");
break;
case NameLocation::Kind::ArgumentSlot:
fprintf(stdout, "arg slot=%u\n", l.argumentSlot());
break;
case NameLocation::Kind::FrameSlot:
fprintf(stdout, "frame slot=%u\n", l.frameSlot());
break;
case NameLocation::Kind::EnvironmentCoordinate:
fprintf(stdout, "environment hops=%u slot=%u\n",
l.environmentCoordinate().hops(), l.environmentCoordinate().slot());
break;
case NameLocation::Kind::DynamicAnnexBVar:
fprintf(stdout, "dynamic annex b var\n");
break;
}
}
fprintf(stdout, "\n");
}
template <typename ScopeCreator>
bool
BytecodeEmitter::EmitterScope::internScope(BytecodeEmitter* bce, ScopeCreator createScope)
{
RootedScope enclosing(bce->cx, enclosingScope(bce));
Scope* scope = createScope(bce->cx, enclosing);
if (!scope)
return false;
hasEnvironment_ = scope->hasEnvironment();
scopeIndex_ = bce->scopeList.length();
return bce->scopeList.append(scope);
}
template <typename ScopeCreator>
bool
BytecodeEmitter::EmitterScope::internBodyScope(BytecodeEmitter* bce, ScopeCreator createScope)
{
MOZ_ASSERT(bce->bodyScopeIndex == UINT32_MAX, "There can be only one body scope");
bce->bodyScopeIndex = bce->scopeList.length();
return internScope(bce, createScope);
}
bool
BytecodeEmitter::EmitterScope::appendScopeNote(BytecodeEmitter* bce)
{
MOZ_ASSERT(ScopeKindIsInBody(scope(bce)->kind()) && enclosingInFrame(),
"Scope notes are not needed for body-level scopes.");
noteIndex_ = bce->scopeNoteList.length();
return bce->scopeNoteList.append(index(), bce->offset(), bce->inPrologue(),
enclosingInFrame() ? enclosingInFrame()->noteIndex()
: ScopeNote::NoScopeNoteIndex);
}
#ifdef DEBUG
static bool
NameIsOnEnvironment(Scope* scope, JSAtom* name)
{
for (BindingIter bi(scope); bi; bi++) {
// If found, the name must already be on the environment or an import,
// or else there is a bug in the closed-over name analysis in the
// Parser.
if (bi.name() == name) {
BindingLocation::Kind kind = bi.location().kind();
if (bi.hasArgumentSlot()) {
JSScript* script = scope->as<FunctionScope>().script();
if (!script->strict() && !script->functionHasParameterExprs()) {
// Check for duplicate positional formal parameters.
for (BindingIter bi2(bi); bi2 && bi2.hasArgumentSlot(); bi2++) {
if (bi2.name() == name)
kind = bi2.location().kind();
}
}
}
return kind == BindingLocation::Kind::Global ||
kind == BindingLocation::Kind::Environment ||
kind == BindingLocation::Kind::Import;
}
}
// If not found, assume it's on the global or dynamically accessed.
return true;
}
#endif
/* static */ NameLocation
BytecodeEmitter::EmitterScope::searchInEnclosingScope(JSAtom* name, Scope* scope, uint8_t hops)
{
for (ScopeIter si(scope); si; si++) {
MOZ_ASSERT(NameIsOnEnvironment(si.scope(), name));
bool hasEnv = si.hasSyntacticEnvironment();
switch (si.kind()) {
case ScopeKind::Function:
if (hasEnv) {
JSScript* script = si.scope()->as<FunctionScope>().script();
if (script->funHasExtensibleScope())
return NameLocation::Dynamic();
for (BindingIter bi(si.scope()); bi; bi++) {
if (bi.name() != name)
continue;
BindingLocation bindLoc = bi.location();
if (bi.hasArgumentSlot() &&
!script->strict() &&
!script->functionHasParameterExprs())
{
// Check for duplicate positional formal parameters.
for (BindingIter bi2(bi); bi2 && bi2.hasArgumentSlot(); bi2++) {
if (bi2.name() == name)
bindLoc = bi2.location();
}
}
MOZ_ASSERT(bindLoc.kind() == BindingLocation::Kind::Environment);
return NameLocation::EnvironmentCoordinate(bi.kind(), hops, bindLoc.slot());
}
}
break;
case ScopeKind::FunctionBodyVar:
case ScopeKind::ParameterExpressionVar:
case ScopeKind::Lexical:
case ScopeKind::NamedLambda:
case ScopeKind::StrictNamedLambda:
case ScopeKind::SimpleCatch:
case ScopeKind::Catch:
if (hasEnv) {
for (BindingIter bi(si.scope()); bi; bi++) {
if (bi.name() != name)
continue;
// The name must already have been marked as closed
// over. If this assertion is hit, there is a bug in the
// name analysis.
BindingLocation bindLoc = bi.location();
MOZ_ASSERT(bindLoc.kind() == BindingLocation::Kind::Environment);
return NameLocation::EnvironmentCoordinate(bi.kind(), hops, bindLoc.slot());
}
}
break;
case ScopeKind::Module:
if (hasEnv) {
for (BindingIter bi(si.scope()); bi; bi++) {
if (bi.name() != name)
continue;
BindingLocation bindLoc = bi.location();
// Imports are on the environment but are indirect
// bindings and must be accessed dynamically instead of
// using an EnvironmentCoordinate.
if (bindLoc.kind() == BindingLocation::Kind::Import) {
MOZ_ASSERT(si.kind() == ScopeKind::Module);
return NameLocation::Import();
}
MOZ_ASSERT(bindLoc.kind() == BindingLocation::Kind::Environment);
return NameLocation::EnvironmentCoordinate(bi.kind(), hops, bindLoc.slot());
}
}
break;
case ScopeKind::Eval:
case ScopeKind::StrictEval:
// As an optimization, if the eval doesn't have its own var
// environment and its immediate enclosing scope is a global
// scope, all accesses are global.
if (!hasEnv && si.scope()->enclosing()->is<GlobalScope>())
return NameLocation::Global(BindingKind::Var);
return NameLocation::Dynamic();
case ScopeKind::Global:
return NameLocation::Global(BindingKind::Var);
case ScopeKind::With:
case ScopeKind::NonSyntactic:
return NameLocation::Dynamic();
}
if (hasEnv) {
MOZ_ASSERT(hops < ENVCOORD_HOPS_LIMIT - 1);
hops++;
}
}
MOZ_CRASH("Malformed scope chain");
}
NameLocation
BytecodeEmitter::EmitterScope::searchAndCache(BytecodeEmitter* bce, JSAtom* name)
{
Maybe<NameLocation> loc;
uint8_t hops = hasEnvironment() ? 1 : 0;
DebugOnly<bool> inCurrentScript = enclosingInFrame();
// Start searching in the current compilation.
for (EmitterScope* es = enclosing(&bce); es; es = es->enclosing(&bce)) {
loc = es->lookupInCache(bce, name);
if (loc) {
if (loc->kind() == NameLocation::Kind::EnvironmentCoordinate)
*loc = loc->addHops(hops);
break;
}
if (es->hasEnvironment())
hops++;
#ifdef DEBUG
if (!es->enclosingInFrame())
inCurrentScript = false;
#endif
}
// If the name is not found in the current compilation, walk the Scope
// chain encompassing the compilation.
if (!loc) {
inCurrentScript = false;
loc = Some(searchInEnclosingScope(name, bce->sc->compilationEnclosingScope(), hops));
}
// Each script has its own frame. A free name that is accessed
// from an inner script must not be a frame slot access. If this
// assertion is hit, it is a bug in the free name analysis in the
// parser.
MOZ_ASSERT_IF(!inCurrentScript, loc->kind() != NameLocation::Kind::FrameSlot);
// It is always correct to not cache the location. Ignore OOMs to make
// lookups infallible.
if (!putNameInCache(bce, name, *loc))
bce->cx->recoverFromOutOfMemory();
return *loc;
}
Maybe<NameLocation>
BytecodeEmitter::EmitterScope::locationBoundInScope(BytecodeEmitter* bce, JSAtom* name,
EmitterScope* target)
{
// The target scope must be an intra-frame enclosing scope of this
// one. Count the number of extra hops to reach it.
uint8_t extraHops = 0;
for (EmitterScope* es = this; es != target; es = es->enclosingInFrame()) {
if (es->hasEnvironment())
extraHops++;
}
// Caches are prepopulated with bound names. So if the name is bound in a
// particular scope, it must already be in the cache. Furthermore, don't
// consult the fallback location as we only care about binding names.
Maybe<NameLocation> loc;
if (NameLocationMap::Ptr p = target->nameCache_->lookup(name)) {
NameLocation l = p->value().wrapped;
if (l.kind() == NameLocation::Kind::EnvironmentCoordinate)
loc = Some(l.addHops(extraHops));
else
loc = Some(l);
}
return loc;
}
bool
BytecodeEmitter::EmitterScope::deadZoneFrameSlotRange(BytecodeEmitter* bce, uint32_t slotStart,
uint32_t slotEnd)
{
// Lexical bindings throw ReferenceErrors if they are used before
// initialization. See ES6 8.1.1.1.6.
//
// For completeness, lexical bindings are initialized in ES6 by calling
// InitializeBinding, after which touching the binding will no longer
// throw reference errors. See 13.1.11, 9.2.13, 13.6.3.4, 13.6.4.6,
// 13.6.4.8, 13.14.5, 15.1.8, and 15.2.0.15.
if (slotStart != slotEnd) {
if (!bce->emit1(JSOP_UNINITIALIZED))
return false;
for (uint32_t slot = slotStart; slot < slotEnd; slot++) {
if (!bce->emitLocalOp(JSOP_INITLEXICAL, slot))
return false;
}
if (!bce->emit1(JSOP_POP))
return false;
}
return true;
}
bool
BytecodeEmitter::EmitterScope::deadZoneFrameSlots(BytecodeEmitter* bce)
{
return deadZoneFrameSlotRange(bce, frameSlotStart(), frameSlotEnd());
}
bool
BytecodeEmitter::EmitterScope::enterLexical(BytecodeEmitter* bce, ScopeKind kind,
Handle<LexicalScope::Data*> bindings)
{
MOZ_ASSERT(kind != ScopeKind::NamedLambda && kind != ScopeKind::StrictNamedLambda);
MOZ_ASSERT(this == bce->innermostEmitterScope);
if (!ensureCache(bce))
return false;
// Marks all names as closed over if the the context requires it. This
// cannot be done in the Parser as we may not know if the context requires
// all bindings to be closed over until after parsing is finished. For
// example, legacy generators require all bindings to be closed over but
// it is unknown if a function is a legacy generator until the first
// 'yield' expression is parsed.
//
// This is not a problem with other scopes, as all other scopes with
// bindings are body-level. At the time of their creation, whether or not
// the context requires all bindings to be closed over is already known.
if (bce->sc->allBindingsClosedOver())
MarkAllBindingsClosedOver(*bindings);
// Resolve bindings.
TDZCheckCache* tdzCache = bce->innermostTDZCheckCache;
uint32_t firstFrameSlot = frameSlotStart();
BindingIter bi(*bindings, firstFrameSlot, /* isNamedLambda = */ false);
for (; bi; bi++) {
if (!checkSlotLimits(bce, bi))
return false;
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
if (!putNameInCache(bce, bi.name(), loc))
return false;
if (!tdzCache->noteTDZCheck(bce, bi.name(), CheckTDZ))
return false;
}
updateFrameFixedSlots(bce, bi);
// Create and intern the VM scope.
auto createScope = [kind, bindings, firstFrameSlot](ExclusiveContext* cx,
HandleScope enclosing)
{
return LexicalScope::create(cx, kind, bindings, firstFrameSlot, enclosing);
};
if (!internScope(bce, createScope))
return false;
if (ScopeKindIsInBody(kind) && hasEnvironment()) {
// After interning the VM scope we can get the scope index.
if (!bce->emitInternedScopeOp(index(), JSOP_PUSHLEXICALENV))
return false;
}
// Lexical scopes need notes to be mapped from a pc.
if (!appendScopeNote(bce))
return false;
// Put frame slots in TDZ. Environment slots are poisoned during
// environment creation.
//
// This must be done after appendScopeNote to be considered in the extent
// of the scope.
if (!deadZoneFrameSlotRange(bce, firstFrameSlot, frameSlotEnd()))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::enterNamedLambda(BytecodeEmitter* bce, FunctionBox* funbox)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
MOZ_ASSERT(funbox->namedLambdaBindings());
if (!ensureCache(bce))
return false;
// See comment in enterLexical about allBindingsClosedOver.
if (funbox->allBindingsClosedOver())
MarkAllBindingsClosedOver(*funbox->namedLambdaBindings());
BindingIter bi(*funbox->namedLambdaBindings(), LOCALNO_LIMIT, /* isNamedLambda = */ true);
MOZ_ASSERT(bi.kind() == BindingKind::NamedLambdaCallee);
// The lambda name, if not closed over, is accessed via JSOP_CALLEE and
// not a frame slot. Do not update frame slot information.
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
if (!putNameInCache(bce, bi.name(), loc))
return false;
bi++;
MOZ_ASSERT(!bi, "There should be exactly one binding in a NamedLambda scope");
auto createScope = [funbox](ExclusiveContext* cx, HandleScope enclosing) {
ScopeKind scopeKind =
funbox->strict() ? ScopeKind::StrictNamedLambda : ScopeKind::NamedLambda;
return LexicalScope::create(cx, scopeKind, funbox->namedLambdaBindings(),
LOCALNO_LIMIT, enclosing);
};
if (!internScope(bce, createScope))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::enterComprehensionFor(BytecodeEmitter* bce,
Handle<LexicalScope::Data*> bindings)
{
if (!enterLexical(bce, ScopeKind::Lexical, bindings))
return false;
// For comprehensions, initialize all lexical names up front to undefined
// because they're now a dead feature and don't interact properly with
// TDZ.
auto nop = [](BytecodeEmitter*, const NameLocation&, bool) {
return true;
};
if (!bce->emit1(JSOP_UNDEFINED))
return false;
RootedAtom name(bce->cx);
for (BindingIter bi(*bindings, frameSlotStart(), /* isNamedLambda = */ false); bi; bi++) {
name = bi.name();
if (!bce->emitInitializeName(name, nop))
return false;
}
if (!bce->emit1(JSOP_POP))
return false;
return true;
}
bool
BytecodeEmitter::EmitterScope::enterParameterExpressionVar(BytecodeEmitter* bce)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
if (!ensureCache(bce))
return false;
// Parameter expressions var scopes have no pre-set bindings and are
// always extensible, as they are needed for eval.
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
// Create and intern the VM scope.
uint32_t firstFrameSlot = frameSlotStart();
auto createScope = [firstFrameSlot](ExclusiveContext* cx, HandleScope enclosing) {
return VarScope::create(cx, ScopeKind::ParameterExpressionVar,
/* data = */ nullptr, firstFrameSlot,
/* needsEnvironment = */ true, enclosing);
};
if (!internScope(bce, createScope))
return false;
MOZ_ASSERT(hasEnvironment());
if (!bce->emitInternedScopeOp(index(), JSOP_PUSHVARENV))
return false;
// The extra var scope needs a note to be mapped from a pc.
if (!appendScopeNote(bce))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::enterFunction(BytecodeEmitter* bce, FunctionBox* funbox)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
// If there are parameter expressions, there is an extra var scope.
if (!funbox->hasExtraBodyVarScope())
bce->setVarEmitterScope(this);
if (!ensureCache(bce))
return false;
// Resolve body-level bindings, if there are any.
auto bindings = funbox->functionScopeBindings();
Maybe<uint32_t> lastLexicalSlot;
if (bindings) {
NameLocationMap& cache = *nameCache_;
BindingIter bi(*bindings, funbox->hasParameterExprs);
for (; bi; bi++) {
if (!checkSlotLimits(bce, bi))
return false;
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
NameLocationMap::AddPtr p = cache.lookupForAdd(bi.name());
// The only duplicate bindings that occur are simple formal
// parameters, in which case the last position counts, so update the
// location.
if (p) {
MOZ_ASSERT(bi.kind() == BindingKind::FormalParameter);
MOZ_ASSERT(!funbox->hasDestructuringArgs);
MOZ_ASSERT(!funbox->function()->hasRest());
p->value() = loc;
continue;
}
if (!cache.add(p, bi.name(), loc)) {
ReportOutOfMemory(bce->cx);
return false;
}
}
updateFrameFixedSlots(bce, bi);
} else {
nextFrameSlot_ = 0;
}
// If the function's scope may be extended at runtime due to sloppy direct
// eval and there is no extra var scope, any names beyond the function
// scope must be accessed dynamically as we don't know if the name will
// become a 'var' binding due to direct eval.
if (!funbox->hasParameterExprs && funbox->hasExtensibleScope())
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
// In case of parameter expressions, the parameters are lexical
// bindings and have TDZ.
if (funbox->hasParameterExprs && nextFrameSlot_) {
uint32_t paramFrameSlotEnd = 0;
for (BindingIter bi(*bindings, true); bi; bi++) {
if (!BindingKindIsLexical(bi.kind()))
break;
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
if (loc.kind() == NameLocation::Kind::FrameSlot) {
MOZ_ASSERT(paramFrameSlotEnd <= loc.frameSlot());
paramFrameSlotEnd = loc.frameSlot() + 1;
}
}
if (!deadZoneFrameSlotRange(bce, 0, paramFrameSlotEnd))
return false;
}
// Create and intern the VM scope.
auto createScope = [funbox](ExclusiveContext* cx, HandleScope enclosing) {
RootedFunction fun(cx, funbox->function());
return FunctionScope::create(cx, funbox->functionScopeBindings(),
funbox->hasParameterExprs,
funbox->needsCallObjectRegardlessOfBindings(),
fun, enclosing);
};
if (!internBodyScope(bce, createScope))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::enterFunctionExtraBodyVar(BytecodeEmitter* bce, FunctionBox* funbox)
{
MOZ_ASSERT(funbox->hasParameterExprs);
MOZ_ASSERT(funbox->extraVarScopeBindings() ||
funbox->needsExtraBodyVarEnvironmentRegardlessOfBindings());
MOZ_ASSERT(this == bce->innermostEmitterScope);
// The extra var scope is never popped once it's entered. It replaces the
// function scope as the var emitter scope.
bce->setVarEmitterScope(this);
if (!ensureCache(bce))
return false;
// Resolve body-level bindings, if there are any.
uint32_t firstFrameSlot = frameSlotStart();
if (auto bindings = funbox->extraVarScopeBindings()) {
BindingIter bi(*bindings, firstFrameSlot);
for (; bi; bi++) {
if (!checkSlotLimits(bce, bi))
return false;
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
if (!putNameInCache(bce, bi.name(), loc))
return false;
}
updateFrameFixedSlots(bce, bi);
} else {
nextFrameSlot_ = firstFrameSlot;
}
// If the extra var scope may be extended at runtime due to sloppy
// direct eval, any names beyond the var scope must be accessed
// dynamically as we don't know if the name will become a 'var' binding
// due to direct eval.
if (funbox->hasExtensibleScope())
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
// Create and intern the VM scope.
auto createScope = [funbox, firstFrameSlot](ExclusiveContext* cx, HandleScope enclosing) {
return VarScope::create(cx, ScopeKind::FunctionBodyVar,
funbox->extraVarScopeBindings(), firstFrameSlot,
funbox->needsExtraBodyVarEnvironmentRegardlessOfBindings(),
enclosing);
};
if (!internScope(bce, createScope))
return false;
if (hasEnvironment()) {
if (!bce->emitInternedScopeOp(index(), JSOP_PUSHVARENV))
return false;
}
// The extra var scope needs a note to be mapped from a pc.
if (!appendScopeNote(bce))
return false;
return checkEnvironmentChainLength(bce);
}
class DynamicBindingIter : public BindingIter
{
public:
explicit DynamicBindingIter(GlobalSharedContext* sc)
: BindingIter(*sc->bindings)
{ }
explicit DynamicBindingIter(EvalSharedContext* sc)
: BindingIter(*sc->bindings, /* strict = */ false)
{
MOZ_ASSERT(!sc->strict());
}
JSOp bindingOp() const {
switch (kind()) {
case BindingKind::Var:
return JSOP_DEFVAR;
case BindingKind::Let:
return JSOP_DEFLET;
case BindingKind::Const:
return JSOP_DEFCONST;
default:
MOZ_CRASH("Bad BindingKind");
}
}
};
bool
BytecodeEmitter::EmitterScope::enterGlobal(BytecodeEmitter* bce, GlobalSharedContext* globalsc)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
bce->setVarEmitterScope(this);
if (!ensureCache(bce))
return false;
if (bce->emitterMode == BytecodeEmitter::SelfHosting) {
// In self-hosting, it is incorrect to consult the global scope because
// self-hosted scripts are cloned into their target compartments before
// they are run. Instead of Global, Intrinsic is used for all names.
//
// Intrinsic lookups are redirected to the special intrinsics holder
// in the global object, into which any missing values are cloned
// lazily upon first access.
fallbackFreeNameLocation_ = Some(NameLocation::Intrinsic());
auto createScope = [](ExclusiveContext* cx, HandleScope enclosing) {
MOZ_ASSERT(!enclosing);
return &cx->global()->emptyGlobalScope();
};
return internBodyScope(bce, createScope);
}
// Resolve binding names and emit DEF{VAR,LET,CONST} prologue ops.
if (globalsc->bindings) {
for (DynamicBindingIter bi(globalsc); bi; bi++) {
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
JSAtom* name = bi.name();
if (!putNameInCache(bce, name, loc))
return false;
// Define the name in the prologue. Do not emit DEFVAR for
// functions that we'll emit DEFFUN for.
if (bi.isTopLevelFunction())
continue;
if (!bce->emitAtomOp(name, bi.bindingOp()))
return false;
}
}
// Note that to save space, we don't add free names to the cache for
// global scopes. They are assumed to be global vars in the syntactic
// global scope, dynamic accesses under non-syntactic global scope.
if (globalsc->scopeKind() == ScopeKind::Global)
fallbackFreeNameLocation_ = Some(NameLocation::Global(BindingKind::Var));
else
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
auto createScope = [globalsc](ExclusiveContext* cx, HandleScope enclosing) {
MOZ_ASSERT(!enclosing);
return GlobalScope::create(cx, globalsc->scopeKind(), globalsc->bindings);
};
return internBodyScope(bce, createScope);
}
bool
BytecodeEmitter::EmitterScope::enterEval(BytecodeEmitter* bce, EvalSharedContext* evalsc)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
bce->setVarEmitterScope(this);
if (!ensureCache(bce))
return false;
// For simplicity, treat all free name lookups in eval scripts as dynamic.
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
// Create the `var` scope. Note that there is also a lexical scope, created
// separately in emitScript().
auto createScope = [evalsc](ExclusiveContext* cx, HandleScope enclosing) {
ScopeKind scopeKind = evalsc->strict() ? ScopeKind::StrictEval : ScopeKind::Eval;
return EvalScope::create(cx, scopeKind, evalsc->bindings, enclosing);
};
if (!internBodyScope(bce, createScope))
return false;
if (hasEnvironment()) {
if (!bce->emitInternedScopeOp(index(), JSOP_PUSHVARENV))
return false;
} else {
// Resolve binding names and emit DEFVAR prologue ops if we don't have
// an environment (i.e., a sloppy eval not in a parameter expression).
// Eval scripts always have their own lexical scope, but non-strict
// scopes may introduce 'var' bindings to the nearest var scope.
//
// TODO: We may optimize strict eval bindings in the future to be on
// the frame. For now, handle everything dynamically.
if (!hasEnvironment() && evalsc->bindings) {
for (DynamicBindingIter bi(evalsc); bi; bi++) {
MOZ_ASSERT(bi.bindingOp() == JSOP_DEFVAR);
if (bi.isTopLevelFunction())
continue;
if (!bce->emitAtomOp(bi.name(), JSOP_DEFVAR))
return false;
}
}
// As an optimization, if the eval does not have its own var
// environment and is directly enclosed in a global scope, then all
// free name lookups are global.
if (scope(bce)->enclosing()->is<GlobalScope>())
fallbackFreeNameLocation_ = Some(NameLocation::Global(BindingKind::Var));
}
return true;
}
bool
BytecodeEmitter::EmitterScope::enterModule(BytecodeEmitter* bce, ModuleSharedContext* modulesc)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
bce->setVarEmitterScope(this);
if (!ensureCache(bce))
return false;
// Resolve body-level bindings, if there are any.
TDZCheckCache* tdzCache = bce->innermostTDZCheckCache;
Maybe<uint32_t> firstLexicalFrameSlot;
if (ModuleScope::Data* bindings = modulesc->bindings) {
BindingIter bi(*bindings);
for (; bi; bi++) {
if (!checkSlotLimits(bce, bi))
return false;
NameLocation loc = NameLocation::fromBinding(bi.kind(), bi.location());
if (!putNameInCache(bce, bi.name(), loc))
return false;
if (BindingKindIsLexical(bi.kind())) {
if (loc.kind() == NameLocation::Kind::FrameSlot && !firstLexicalFrameSlot)
firstLexicalFrameSlot = Some(loc.frameSlot());
if (!tdzCache->noteTDZCheck(bce, bi.name(), CheckTDZ))
return false;
}
}
updateFrameFixedSlots(bce, bi);
} else {
nextFrameSlot_ = 0;
}
// Modules are toplevel, so any free names are global.
fallbackFreeNameLocation_ = Some(NameLocation::Global(BindingKind::Var));
// Put lexical frame slots in TDZ. Environment slots are poisoned during
// environment creation.
if (firstLexicalFrameSlot) {
if (!deadZoneFrameSlotRange(bce, *firstLexicalFrameSlot, frameSlotEnd()))
return false;
}
// Create and intern the VM scope.
auto createScope = [modulesc](ExclusiveContext* cx, HandleScope enclosing) {
return ModuleScope::create(cx, modulesc->bindings, modulesc->module(), enclosing);
};
if (!internBodyScope(bce, createScope))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::enterWith(BytecodeEmitter* bce)
{
MOZ_ASSERT(this == bce->innermostEmitterScope);
if (!ensureCache(bce))
return false;
// 'with' make all accesses dynamic and unanalyzable.
fallbackFreeNameLocation_ = Some(NameLocation::Dynamic());
auto createScope = [](ExclusiveContext* cx, HandleScope enclosing) {
return WithScope::create(cx, enclosing);
};
if (!internScope(bce, createScope))
return false;
if (!bce->emitInternedScopeOp(index(), JSOP_ENTERWITH))
return false;
if (!appendScopeNote(bce))
return false;
return checkEnvironmentChainLength(bce);
}
bool
BytecodeEmitter::EmitterScope::leave(BytecodeEmitter* bce, bool nonLocal)
{
// If we aren't leaving the scope due to a non-local jump (e.g., break),
// we must be the innermost scope.
MOZ_ASSERT_IF(!nonLocal, this == bce->innermostEmitterScope);
ScopeKind kind = scope(bce)->kind();
switch (kind) {
case ScopeKind::Lexical:
case ScopeKind::SimpleCatch:
case ScopeKind::Catch:
if (!bce->emit1(hasEnvironment() ? JSOP_POPLEXICALENV : JSOP_DEBUGLEAVELEXICALENV))
return false;
break;
case ScopeKind::With:
if (!bce->emit1(JSOP_LEAVEWITH))
return false;
break;
case ScopeKind::ParameterExpressionVar:
MOZ_ASSERT(hasEnvironment());
if (!bce->emit1(JSOP_POPVARENV))
return false;
break;
case ScopeKind::Function:
case ScopeKind::FunctionBodyVar:
case ScopeKind::NamedLambda:
case ScopeKind::StrictNamedLambda:
case ScopeKind::Eval:
case ScopeKind::StrictEval:
case ScopeKind::Global:
case ScopeKind::NonSyntactic:
case ScopeKind::Module:
break;
}
// Finish up the scope if we are leaving it in LIFO fashion.
if (!nonLocal) {
// Popping scopes due to non-local jumps generate additional scope
// notes. See NonLocalExitControl::prepareForNonLocalJump.
if (ScopeKindIsInBody(kind)) {
// The extra function var scope is never popped once it's pushed,
// so its scope note extends until the end of any possible code.
uint32_t offset = kind == ScopeKind::FunctionBodyVar ? UINT32_MAX : bce->offset();
bce->scopeNoteList.recordEnd(noteIndex_, offset, bce->inPrologue());
}
}
return true;
}
Maybe<MaybeCheckTDZ>
BytecodeEmitter::TDZCheckCache::needsTDZCheck(BytecodeEmitter* bce, JSAtom* name)
{
if (!ensureCache(bce))
return Nothing();
CheckTDZMap::AddPtr p = cache_->lookupForAdd(name);
if (p)
return Some(p->value().wrapped);
MaybeCheckTDZ rv = CheckTDZ;
for (TDZCheckCache* it = enclosing(); it; it = it->enclosing()) {
if (it->cache_) {
if (CheckTDZMap::Ptr p2 = it->cache_->lookup(name)) {
rv = p2->value();
break;
}
}
}
if (!cache_->add(p, name, rv)) {
ReportOutOfMemory(bce->cx);
return Nothing();
}
return Some(rv);
}
bool
BytecodeEmitter::TDZCheckCache::noteTDZCheck(BytecodeEmitter* bce, JSAtom* name,
MaybeCheckTDZ check)
{
if (!ensureCache(bce))
return false;
CheckTDZMap::AddPtr p = cache_->lookupForAdd(name);
if (p) {
MOZ_ASSERT(!check, "TDZ only needs to be checked once per binding per basic block.");
p->value() = check;
} else {
if (!cache_->add(p, name, check))
return false;
}
return true;
}
BytecodeEmitter::BytecodeEmitter(BytecodeEmitter* parent,
Parser<FullParseHandler>* parser, SharedContext* sc,
HandleScript script, Handle<LazyScript*> lazyScript,
uint32_t lineNum, EmitterMode emitterMode)
: sc(sc),
cx(sc->context),
parent(parent),
script(cx, script),
lazyScript(cx, lazyScript),
prologue(cx, lineNum),
main(cx, lineNum),
current(&main),
parser(parser),
atomIndices(cx->frontendCollectionPool()),
firstLine(lineNum),
maxFixedSlots(0),
maxStackDepth(0),
stackDepth(0),
arrayCompDepth(0),
emitLevel(0),
bodyScopeIndex(UINT32_MAX),
varEmitterScope(nullptr),
innermostNestableControl(nullptr),
innermostEmitterScope(nullptr),
innermostTDZCheckCache(nullptr),
constList(cx),
scopeList(cx),
tryNoteList(cx),
scopeNoteList(cx),
yieldOffsetList(cx),
typesetCount(0),
hasSingletons(false),
hasTryFinally(false),
emittingRunOnceLambda(false),
emitterMode(emitterMode),
functionBodyEndPosSet(false)
{
MOZ_ASSERT_IF(emitterMode == LazyFunction, lazyScript);
}
BytecodeEmitter::BytecodeEmitter(BytecodeEmitter* parent,
Parser<FullParseHandler>* parser, SharedContext* sc,
HandleScript script, Handle<LazyScript*> lazyScript,
TokenPos bodyPosition, EmitterMode emitterMode)
: BytecodeEmitter(parent, parser, sc, script, lazyScript,
parser->tokenStream.srcCoords.lineNum(bodyPosition.begin),
emitterMode)
{
setFunctionBodyEndPos(bodyPosition);
}
bool
BytecodeEmitter::init()
{
return atomIndices.acquire(cx);
}
template <typename Predicate /* (NestableControl*) -> bool */>
BytecodeEmitter::NestableControl*
BytecodeEmitter::findInnermostNestableControl(Predicate predicate) const
{
return NestableControl::findNearest(innermostNestableControl, predicate);
}
template <typename T>
T*
BytecodeEmitter::findInnermostNestableControl() const
{
return NestableControl::findNearest<T>(innermostNestableControl);
}
template <typename T, typename Predicate /* (T*) -> bool */>
T*
BytecodeEmitter::findInnermostNestableControl(Predicate predicate) const
{
return NestableControl::findNearest<T>(innermostNestableControl, predicate);
}
NameLocation
BytecodeEmitter::lookupName(JSAtom* name)
{
return innermostEmitterScope->lookup(this, name);
}
Maybe<NameLocation>
BytecodeEmitter::locationOfNameBoundInScope(JSAtom* name, EmitterScope* target)
{
return innermostEmitterScope->locationBoundInScope(this, name, target);
}
Maybe<NameLocation>
BytecodeEmitter::locationOfNameBoundInFunctionScope(JSAtom* name, EmitterScope* source)
{
EmitterScope* funScope = source;
while (!funScope->scope(this)->is<FunctionScope>())
funScope = funScope->enclosingInFrame();
return source->locationBoundInScope(this, name, funScope);
}
bool
BytecodeEmitter::emitCheck(ptrdiff_t delta, ptrdiff_t* offset)
{
*offset = code().length();
// Start it off moderately large to avoid repeated resizings early on.
// ~98% of cases fit within 1024 bytes.
if (code().capacity() == 0 && !code().reserve(1024))
return false;
if (!code().growBy(delta)) {
ReportOutOfMemory(cx);
return false;
}
return true;
}
void
BytecodeEmitter::updateDepth(ptrdiff_t target)
{
jsbytecode* pc = code(target);
int nuses = StackUses(nullptr, pc);
int ndefs = StackDefs(nullptr, pc);
stackDepth -= nuses;
MOZ_ASSERT(stackDepth >= 0);
stackDepth += ndefs;
if ((uint32_t)stackDepth > maxStackDepth)
maxStackDepth = stackDepth;
}
#ifdef DEBUG
bool
BytecodeEmitter::checkStrictOrSloppy(JSOp op)
{
if (IsCheckStrictOp(op) && !sc->strict())
return false;
if (IsCheckSloppyOp(op) && sc->strict())
return false;
return true;
}
#endif
bool
BytecodeEmitter::emit1(JSOp op)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
ptrdiff_t offset;
if (!emitCheck(1, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emit2(JSOp op, uint8_t op1)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
ptrdiff_t offset;
if (!emitCheck(2, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
code[1] = jsbytecode(op1);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emit3(JSOp op, jsbytecode op1, jsbytecode op2)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
/* These should filter through emitVarOp. */
MOZ_ASSERT(!IsArgOp(op));
MOZ_ASSERT(!IsLocalOp(op));
ptrdiff_t offset;
if (!emitCheck(3, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
code[1] = op1;
code[2] = op2;
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emitN(JSOp op, size_t extra, ptrdiff_t* offset)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
ptrdiff_t length = 1 + ptrdiff_t(extra);
ptrdiff_t off;
if (!emitCheck(length, &off))
return false;
jsbytecode* code = this->code(off);
code[0] = jsbytecode(op);
/* The remaining |extra| bytes are set by the caller */
/*
* Don't updateDepth if op's use-count comes from the immediate
* operand yet to be stored in the extra bytes after op.
*/
if (CodeSpec[op].nuses >= 0)
updateDepth(off);
if (offset)
*offset = off;
return true;
}
bool
BytecodeEmitter::emitJumpTarget(JumpTarget* target)
{
ptrdiff_t off = offset();
// Alias consecutive jump targets.
if (off == current->lastTarget.offset + ptrdiff_t(JSOP_JUMPTARGET_LENGTH)) {
target->offset = current->lastTarget.offset;
return true;
}
target->offset = off;
current->lastTarget.offset = off;
if (!emit1(JSOP_JUMPTARGET))
return false;
return true;
}
void
JumpList::push(jsbytecode* code, ptrdiff_t jumpOffset)
{
SET_JUMP_OFFSET(&code[jumpOffset], offset - jumpOffset);
offset = jumpOffset;
}
void
JumpList::patchAll(jsbytecode* code, JumpTarget target)
{
ptrdiff_t delta;
for (ptrdiff_t jumpOffset = offset; jumpOffset != -1; jumpOffset += delta) {
jsbytecode* pc = &code[jumpOffset];
MOZ_ASSERT(IsJumpOpcode(JSOp(*pc)) || JSOp(*pc) == JSOP_LABEL);
delta = GET_JUMP_OFFSET(pc);
MOZ_ASSERT(delta < 0);
ptrdiff_t span = target.offset - jumpOffset;
SET_JUMP_OFFSET(pc, span);
}
}
bool
BytecodeEmitter::emitJumpNoFallthrough(JSOp op, JumpList* jump)
{
ptrdiff_t offset;
if (!emitCheck(5, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
MOZ_ASSERT(-1 <= jump->offset && jump->offset < offset);
jump->push(this->code(0), offset);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emitJump(JSOp op, JumpList* jump)
{
if (!emitJumpNoFallthrough(op, jump))
return false;
if (BytecodeFallsThrough(op)) {
JumpTarget fallthrough;
if (!emitJumpTarget(&fallthrough))
return false;
}
return true;
}
bool
BytecodeEmitter::emitBackwardJump(JSOp op, JumpTarget target, JumpList* jump, JumpTarget* fallthrough)
{
if (!emitJumpNoFallthrough(op, jump))
return false;
patchJumpsToTarget(*jump, target);
// Unconditionally create a fallthrough for closing iterators, and as a
// target for break statements.
if (!emitJumpTarget(fallthrough))
return false;
return true;
}
void
BytecodeEmitter::patchJumpsToTarget(JumpList jump, JumpTarget target)
{
MOZ_ASSERT(-1 <= jump.offset && jump.offset <= offset());
MOZ_ASSERT(0 <= target.offset && target.offset <= offset());
MOZ_ASSERT_IF(jump.offset != -1 && target.offset + 4 <= offset(),
BytecodeIsJumpTarget(JSOp(*code(target.offset))));
jump.patchAll(code(0), target);
}
bool
BytecodeEmitter::emitJumpTargetAndPatch(JumpList jump)
{
if (jump.offset == -1)
return true;
JumpTarget target;
if (!emitJumpTarget(&target))
return false;
patchJumpsToTarget(jump, target);
return true;
}
bool
BytecodeEmitter::emitCall(JSOp op, uint16_t argc, ParseNode* pn)
{
if (pn && !updateSourceCoordNotes(pn->pn_pos.begin))
return false;
return emit3(op, ARGC_HI(argc), ARGC_LO(argc));
}
bool
BytecodeEmitter::emitDupAt(unsigned slotFromTop)
{
MOZ_ASSERT(slotFromTop < unsigned(stackDepth));
if (slotFromTop >= JS_BIT(24)) {
reportError(nullptr, JSMSG_TOO_MANY_LOCALS);
return false;
}
ptrdiff_t off;
if (!emitN(JSOP_DUPAT, 3, &off))
return false;
jsbytecode* pc = code(off);
SET_UINT24(pc, slotFromTop);
return true;
}
bool
BytecodeEmitter::emitCheckIsObj(CheckIsObjectKind kind)
{
return emit2(JSOP_CHECKISOBJ, uint8_t(kind));
}
static inline unsigned
LengthOfSetLine(unsigned line)
{
return 1 /* SN_SETLINE */ + (line > SN_4BYTE_OFFSET_MASK ? 4 : 1);
}
/* Updates line number notes, not column notes. */
bool
BytecodeEmitter::updateLineNumberNotes(uint32_t offset)
{
TokenStream* ts = &parser->tokenStream;
bool onThisLine;
if (!ts->srcCoords.isOnThisLine(offset, currentLine(), &onThisLine))
return ts->reportError(JSMSG_OUT_OF_MEMORY);
if (!onThisLine) {
unsigned line = ts->srcCoords.lineNum(offset);
unsigned delta = line - currentLine();
/*
* Encode any change in the current source line number by using
* either several SRC_NEWLINE notes or just one SRC_SETLINE note,
* whichever consumes less space.
*
* NB: We handle backward line number deltas (possible with for
* loops where the update part is emitted after the body, but its
* line number is <= any line number in the body) here by letting
* unsigned delta_ wrap to a very large number, which triggers a
* SRC_SETLINE.
*/
current->currentLine = line;
current->lastColumn = 0;
if (delta >= LengthOfSetLine(line)) {
if (!newSrcNote2(SRC_SETLINE, ptrdiff_t(line)))
return false;
} else {
do {
if (!newSrcNote(SRC_NEWLINE))
return false;
} while (--delta != 0);
}
}
return true;
}
/* Updates the line number and column number information in the source notes. */
bool
BytecodeEmitter::updateSourceCoordNotes(uint32_t offset)
{
if (!updateLineNumberNotes(offset))
return false;
uint32_t columnIndex = parser->tokenStream.srcCoords.columnIndex(offset);
ptrdiff_t colspan = ptrdiff_t(columnIndex) - ptrdiff_t(current->lastColumn);
if (colspan != 0) {
// If the column span is so large that we can't store it, then just
// discard this information. This can happen with minimized or otherwise
// machine-generated code. Even gigantic column numbers are still
// valuable if you have a source map to relate them to something real;
// but it's better to fail soft here.
if (!SN_REPRESENTABLE_COLSPAN(colspan))
return true;
if (!newSrcNote2(SRC_COLSPAN, SN_COLSPAN_TO_OFFSET(colspan)))
return false;
current->lastColumn = columnIndex;
}
return true;
}
bool
BytecodeEmitter::emitLoopHead(ParseNode* nextpn, JumpTarget* top)
{
if (nextpn) {
/*
* Try to give the JSOP_LOOPHEAD the same line number as the next
* instruction. nextpn is often a block, in which case the next
* instruction typically comes from the first statement inside.
*/
if (nextpn->isKind(PNK_LEXICALSCOPE))
nextpn = nextpn->scopeBody();
MOZ_ASSERT_IF(nextpn->isKind(PNK_STATEMENTLIST), nextpn->isArity(PN_LIST));
if (nextpn->isKind(PNK_STATEMENTLIST) && nextpn->pn_head)
nextpn = nextpn->pn_head;
if (!updateSourceCoordNotes(nextpn->pn_pos.begin))
return false;
}
*top = { offset() };
return emit1(JSOP_LOOPHEAD);
}
bool
BytecodeEmitter::emitLoopEntry(ParseNode* nextpn, JumpList entryJump)
{
if (nextpn) {
/* Update the line number, as for LOOPHEAD. */
if (nextpn->isKind(PNK_LEXICALSCOPE))
nextpn = nextpn->scopeBody();
MOZ_ASSERT_IF(nextpn->isKind(PNK_STATEMENTLIST), nextpn->isArity(PN_LIST));
if (nextpn->isKind(PNK_STATEMENTLIST) && nextpn->pn_head)
nextpn = nextpn->pn_head;
if (!updateSourceCoordNotes(nextpn->pn_pos.begin))
return false;
}
JumpTarget entry{ offset() };
patchJumpsToTarget(entryJump, entry);
LoopControl& loopInfo = innermostNestableControl->as<LoopControl>();
MOZ_ASSERT(loopInfo.loopDepth() > 0);
uint8_t loopDepthAndFlags = PackLoopEntryDepthHintAndFlags(loopInfo.loopDepth(),
loopInfo.canIonOsr());
return emit2(JSOP_LOOPENTRY, loopDepthAndFlags);
}
void
BytecodeEmitter::checkTypeSet(JSOp op)
{
if (CodeSpec[op].format & JOF_TYPESET) {
if (typesetCount < UINT16_MAX)
typesetCount++;
}
}
bool
BytecodeEmitter::emitUint16Operand(JSOp op, uint32_t operand)
{
MOZ_ASSERT(operand <= UINT16_MAX);
if (!emit3(op, UINT16_HI(operand), UINT16_LO(operand)))
return false;
checkTypeSet(op);
return true;
}
bool
BytecodeEmitter::emitUint32Operand(JSOp op, uint32_t operand)
{
ptrdiff_t off;
if (!emitN(op, 4, &off))
return false;
SET_UINT32(code(off), operand);
checkTypeSet(op);
return true;
}
bool
BytecodeEmitter::flushPops(int* npops)
{
MOZ_ASSERT(*npops != 0);
if (!emitUint16Operand(JSOP_POPN, *npops))
return false;
*npops = 0;
return true;
}
namespace {
class NonLocalExitControl {
BytecodeEmitter* bce_;
const uint32_t savedScopeNoteIndex_;
const int savedDepth_;
uint32_t openScopeNoteIndex_;
NonLocalExitControl(const NonLocalExitControl&) = delete;
MOZ_MUST_USE bool leaveScope(BytecodeEmitter::EmitterScope* scope);
public:
explicit NonLocalExitControl(BytecodeEmitter* bce)
: bce_(bce),
savedScopeNoteIndex_(bce->scopeNoteList.length()),
savedDepth_(bce->stackDepth),
openScopeNoteIndex_(bce->innermostEmitterScope->noteIndex())
{ }
~NonLocalExitControl() {
for (uint32_t n = savedScopeNoteIndex_; n < bce_->scopeNoteList.length(); n++)
bce_->scopeNoteList.recordEnd(n, bce_->offset(), bce_->inPrologue());
bce_->stackDepth = savedDepth_;
}
MOZ_MUST_USE bool prepareForNonLocalJump(BytecodeEmitter::NestableControl* target);
MOZ_MUST_USE bool prepareForNonLocalJumpToOutermost() {
return prepareForNonLocalJump(nullptr);
}
};
bool
NonLocalExitControl::leaveScope(BytecodeEmitter::EmitterScope* es)
{
if (!es->leave(bce_, /* nonLocal = */ true))
return false;
// As we pop each scope due to the non-local jump, emit notes that
// record the extent of the enclosing scope. These notes will have
// their ends recorded in ~NonLocalExitControl().
uint32_t enclosingScopeIndex = ScopeNote::NoScopeIndex;
if (es->enclosingInFrame())
enclosingScopeIndex = es->enclosingInFrame()->index();
if (!bce_->scopeNoteList.append(enclosingScopeIndex, bce_->offset(), bce_->inPrologue(),
openScopeNoteIndex_))
return false;
openScopeNoteIndex_ = bce_->scopeNoteList.length() - 1;
return true;
}
/*
* Emit additional bytecode(s) for non-local jumps.
*/
bool
NonLocalExitControl::prepareForNonLocalJump(BytecodeEmitter::NestableControl* target)
{
using NestableControl = BytecodeEmitter::NestableControl;
using EmitterScope = BytecodeEmitter::EmitterScope;
EmitterScope* es = bce_->innermostEmitterScope;
int npops = 0;
auto flushPops = [&npops](BytecodeEmitter* bce) {
if (npops && !bce->flushPops(&npops))
return false;
return true;
};
// Walk the nestable control stack and patch jumps.
for (NestableControl* control = bce_->innermostNestableControl;
control != target;
control = control->enclosing())
{
// Walk the scope stack and leave the scopes we entered. Leaving a scope
// may emit administrative ops like JSOP_POPLEXICALENV but never anything
// that manipulates the stack.
for (; es != control->emitterScope(); es = es->enclosingInFrame()) {
if (!leaveScope(es))
return false;
}
switch (control->kind()) {
case StatementKind::Finally: {
TryFinallyControl& finallyControl = control->as<TryFinallyControl>();
if (finallyControl.emittingSubroutine()) {
/*
* There's a [exception or hole, retsub pc-index] pair and the
* possible return value on the stack that we need to pop.
*/
npops += 3;
} else {
if (!flushPops(bce_))
return false;
if (!bce_->emitJump(JSOP_GOSUB, &finallyControl.gosubs))
return false;
}
break;
}
case StatementKind::ForOfLoop:
npops += 2;
break;
case StatementKind::ForInLoop:
/* The iterator and the current value are on the stack. */
npops += 1;
if (!flushPops(bce_))
return false;
if (!bce_->emit1(JSOP_ENDITER))
return false;
break;
default:
break;
}
}
EmitterScope* targetEmitterScope = target ? target->emitterScope() : bce_->varEmitterScope;
for (; es != targetEmitterScope; es = es->enclosingInFrame()) {
if (!leaveScope(es))
return false;
}
return flushPops(bce_);
}
} // anonymous namespace
bool
BytecodeEmitter::emitGoto(NestableControl* target, JumpList* jumplist, SrcNoteType noteType)
{
NonLocalExitControl nle(this);
if (!nle.prepareForNonLocalJump(target))
return false;
if (noteType != SRC_NULL) {
if (!newSrcNote(noteType))
return false;
}
return emitJump(JSOP_GOTO, jumplist);
}
Scope*
BytecodeEmitter::innermostScope() const
{
return innermostEmitterScope->scope(this);
}
bool
BytecodeEmitter::emitIndex32(JSOp op, uint32_t index)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
const size_t len = 1 + UINT32_INDEX_LEN;
MOZ_ASSERT(len == size_t(CodeSpec[op].length));
ptrdiff_t offset;
if (!emitCheck(len, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
SET_UINT32_INDEX(code, index);
checkTypeSet(op);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emitIndexOp(JSOp op, uint32_t index)
{
MOZ_ASSERT(checkStrictOrSloppy(op));
const size_t len = CodeSpec[op].length;
MOZ_ASSERT(len >= 1 + UINT32_INDEX_LEN);
ptrdiff_t offset;
if (!emitCheck(len, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = jsbytecode(op);
SET_UINT32_INDEX(code, index);
checkTypeSet(op);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::emitAtomOp(JSAtom* atom, JSOp op)
{
MOZ_ASSERT(atom);
MOZ_ASSERT(JOF_OPTYPE(op) == JOF_ATOM);
// .generator lookups should be emitted as JSOP_GETALIASEDVAR instead of
// JSOP_GETNAME etc, to bypass |with| objects on the scope chain.
// It's safe to emit .this lookups though because |with| objects skip
// those.
MOZ_ASSERT_IF(op == JSOP_GETNAME || op == JSOP_GETGNAME,
atom != cx->names().dotGenerator);
if (op == JSOP_GETPROP && atom == cx->names().length) {
/* Specialize length accesses for the interpreter. */
op = JSOP_LENGTH;
}
uint32_t index;
if (!makeAtomIndex(atom, &index))
return false;
return emitIndexOp(op, index);
}
bool
BytecodeEmitter::emitAtomOp(ParseNode* pn, JSOp op)
{
MOZ_ASSERT(pn->pn_atom != nullptr);
return emitAtomOp(pn->pn_atom, op);
}
bool
BytecodeEmitter::emitInternedScopeOp(uint32_t index, JSOp op)
{
MOZ_ASSERT(JOF_OPTYPE(op) == JOF_SCOPE);
MOZ_ASSERT(index < scopeList.length());
return emitIndex32(op, index);
}
bool
BytecodeEmitter::emitInternedObjectOp(uint32_t index, JSOp op)
{
MOZ_ASSERT(JOF_OPTYPE(op) == JOF_OBJECT);
MOZ_ASSERT(index < objectList.length);
return emitIndex32(op, index);
}
bool
BytecodeEmitter::emitObjectOp(ObjectBox* objbox, JSOp op)
{
return emitInternedObjectOp(objectList.add(objbox), op);
}
bool
BytecodeEmitter::emitObjectPairOp(ObjectBox* objbox1, ObjectBox* objbox2, JSOp op)
{
uint32_t index = objectList.add(objbox1);
objectList.add(objbox2);
return emitInternedObjectOp(index, op);
}
bool
BytecodeEmitter::emitRegExp(uint32_t index)
{
return emitIndex32(JSOP_REGEXP, index);
}
bool
BytecodeEmitter::emitLocalOp(JSOp op, uint32_t slot)
{
MOZ_ASSERT(JOF_OPTYPE(op) != JOF_ENVCOORD);
MOZ_ASSERT(IsLocalOp(op));
ptrdiff_t off;
if (!emitN(op, LOCALNO_LEN, &off))
return false;
SET_LOCALNO(code(off), slot);
return true;
}
bool
BytecodeEmitter::emitArgOp(JSOp op, uint16_t slot)
{
MOZ_ASSERT(IsArgOp(op));
ptrdiff_t off;
if (!emitN(op, ARGNO_LEN, &off))
return false;
SET_ARGNO(code(off), slot);
return true;
}
bool
BytecodeEmitter::emitEnvCoordOp(JSOp op, EnvironmentCoordinate ec)
{
MOZ_ASSERT(JOF_OPTYPE(op) == JOF_ENVCOORD);
unsigned n = ENVCOORD_HOPS_LEN + ENVCOORD_SLOT_LEN;
MOZ_ASSERT(int(n) + 1 /* op */ == CodeSpec[op].length);
ptrdiff_t off;
if (!emitN(op, n, &off))
return false;
jsbytecode* pc = code(off);
SET_ENVCOORD_HOPS(pc, ec.hops());
pc += ENVCOORD_HOPS_LEN;
SET_ENVCOORD_SLOT(pc, ec.slot());
pc += ENVCOORD_SLOT_LEN;
checkTypeSet(op);
return true;
}
static JSOp
GetIncDecInfo(ParseNodeKind kind, bool* post)
{
MOZ_ASSERT(kind == PNK_POSTINCREMENT || kind == PNK_PREINCREMENT ||
kind == PNK_POSTDECREMENT || kind == PNK_PREDECREMENT);
*post = kind == PNK_POSTINCREMENT || kind == PNK_POSTDECREMENT;
return (kind == PNK_POSTINCREMENT || kind == PNK_PREINCREMENT) ? JSOP_ADD : JSOP_SUB;
}
JSOp
BytecodeEmitter::strictifySetNameOp(JSOp op)
{
switch (op) {
case JSOP_SETNAME:
if (sc->strict())
op = JSOP_STRICTSETNAME;
break;
case JSOP_SETGNAME:
if (sc->strict())
op = JSOP_STRICTSETGNAME;
break;
default:;
}
return op;
}
bool
BytecodeEmitter::checkSideEffects(ParseNode* pn, bool* answer)
{
JS_CHECK_RECURSION(cx, return false);
restart:
switch (pn->getKind()) {
// Trivial cases with no side effects.
case PNK_NOP:
case PNK_STRING:
case PNK_TEMPLATE_STRING:
case PNK_REGEXP:
case PNK_TRUE:
case PNK_FALSE:
case PNK_NULL:
case PNK_ELISION:
case PNK_GENERATOR:
case PNK_NUMBER:
case PNK_OBJECT_PROPERTY_NAME:
MOZ_ASSERT(pn->isArity(PN_NULLARY));
*answer = false;
return true;
// |this| can throw in derived class constructors, including nested arrow
// functions or eval.
case PNK_THIS:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = sc->needsThisTDZChecks();
return true;
// Trivial binary nodes with more token pos holders.
case PNK_NEWTARGET:
MOZ_ASSERT(pn->isArity(PN_BINARY));
MOZ_ASSERT(pn->pn_left->isKind(PNK_POSHOLDER));
MOZ_ASSERT(pn->pn_right->isKind(PNK_POSHOLDER));
*answer = false;
return true;
case PNK_BREAK:
case PNK_CONTINUE:
case PNK_DEBUGGER:
MOZ_ASSERT(pn->isArity(PN_NULLARY));
*answer = true;
return true;
// Watch out for getters!
case PNK_DOT:
MOZ_ASSERT(pn->isArity(PN_NAME));
*answer = true;
return true;
// Unary cases with side effects only if the child has them.
case PNK_TYPEOFEXPR:
case PNK_VOID:
case PNK_NOT:
MOZ_ASSERT(pn->isArity(PN_UNARY));
return checkSideEffects(pn->pn_kid, answer);
// Even if the name expression is effect-free, performing ToPropertyKey on
// it might not be effect-free:
//
// RegExp.prototype.toString = () => { throw 42; };
// ({ [/regex/]: 0 }); // ToPropertyKey(/regex/) throws 42
//
// function Q() {
// ({ [new.target]: 0 });
// }
// Q.toString = () => { throw 17; };
// new Q; // new.target will be Q, ToPropertyKey(Q) throws 17
case PNK_COMPUTED_NAME:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// Looking up or evaluating the associated name could throw.
case PNK_TYPEOFNAME:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// These unary cases have side effects on the enclosing object/array,
// sure. But that's not the question this function answers: it's
// whether the operation may have a side effect on something *other* than
// the result of the overall operation in which it's embedded. The
// answer to that is no, for an object literal having a mutated prototype
// and an array comprehension containing no other effectful operations
// only produce a value, without affecting anything else.
case PNK_MUTATEPROTO:
case PNK_ARRAYPUSH:
MOZ_ASSERT(pn->isArity(PN_UNARY));
return checkSideEffects(pn->pn_kid, answer);
// Unary cases with obvious side effects.
case PNK_PREINCREMENT:
case PNK_POSTINCREMENT:
case PNK_PREDECREMENT:
case PNK_POSTDECREMENT:
case PNK_THROW:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// These might invoke valueOf/toString, even with a subexpression without
// side effects! Consider |+{ valueOf: null, toString: null }|.
case PNK_BITNOT:
case PNK_POS:
case PNK_NEG:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// This invokes the (user-controllable) iterator protocol.
case PNK_SPREAD:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
case PNK_YIELD_STAR:
case PNK_YIELD:
case PNK_AWAIT:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
// Deletion generally has side effects, even if isolated cases have none.
case PNK_DELETENAME:
case PNK_DELETEPROP:
case PNK_DELETEELEM:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// Deletion of a non-Reference expression has side effects only through
// evaluating the expression.
case PNK_DELETEEXPR: {
MOZ_ASSERT(pn->isArity(PN_UNARY));
ParseNode* expr = pn->pn_kid;
return checkSideEffects(expr, answer);
}
case PNK_SEMI:
MOZ_ASSERT(pn->isArity(PN_UNARY));
if (ParseNode* expr = pn->pn_kid)
return checkSideEffects(expr, answer);
*answer = false;
return true;
// Binary cases with obvious side effects.
case PNK_ASSIGN:
case PNK_ADDASSIGN:
case PNK_SUBASSIGN:
case PNK_BITORASSIGN:
case PNK_BITXORASSIGN:
case PNK_BITANDASSIGN:
case PNK_LSHASSIGN:
case PNK_RSHASSIGN:
case PNK_URSHASSIGN:
case PNK_MULASSIGN:
case PNK_DIVASSIGN:
case PNK_MODASSIGN:
case PNK_POWASSIGN:
case PNK_SETTHIS:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
case PNK_STATEMENTLIST:
case PNK_CATCHLIST:
// Strict equality operations and logical operators are well-behaved and
// perform no conversions.
case PNK_OR:
case PNK_AND:
case PNK_STRICTEQ:
case PNK_STRICTNE:
// Any subexpression of a comma expression could be effectful.
case PNK_COMMA:
MOZ_ASSERT(pn->pn_count > 0);
MOZ_FALLTHROUGH;
// Subcomponents of a literal may be effectful.
case PNK_ARRAY:
case PNK_OBJECT:
MOZ_ASSERT(pn->isArity(PN_LIST));
for (ParseNode* item = pn->pn_head; item; item = item->pn_next) {
if (!checkSideEffects(item, answer))
return false;
if (*answer)
return true;
}
return true;
// Most other binary operations (parsed as lists in SpiderMonkey) may
// perform conversions triggering side effects. Math operations perform
// ToNumber and may fail invoking invalid user-defined toString/valueOf:
// |5 < { toString: null }|. |instanceof| throws if provided a
// non-object constructor: |null instanceof null|. |in| throws if given
// a non-object RHS: |5 in null|.
case PNK_BITOR:
case PNK_BITXOR:
case PNK_BITAND:
case PNK_EQ:
case PNK_NE:
case PNK_LT:
case PNK_LE:
case PNK_GT:
case PNK_GE:
case PNK_INSTANCEOF:
case PNK_IN:
case PNK_LSH:
case PNK_RSH:
case PNK_URSH:
case PNK_ADD:
case PNK_SUB:
case PNK_STAR:
case PNK_DIV:
case PNK_MOD:
case PNK_POW:
MOZ_ASSERT(pn->isArity(PN_LIST));
MOZ_ASSERT(pn->pn_count >= 2);
*answer = true;
return true;
case PNK_COLON:
case PNK_CASE:
MOZ_ASSERT(pn->isArity(PN_BINARY));
if (!checkSideEffects(pn->pn_left, answer))
return false;
if (*answer)
return true;
return checkSideEffects(pn->pn_right, answer);
// More getters.
case PNK_ELEM:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
// These affect visible names in this code, or in other code.
case PNK_IMPORT:
case PNK_EXPORT_FROM:
case PNK_EXPORT_DEFAULT:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
// Likewise.
case PNK_EXPORT:
MOZ_ASSERT(pn->isArity(PN_UNARY));
*answer = true;
return true;
// Every part of a loop might be effect-free, but looping infinitely *is*
// an effect. (Language lawyer trivia: C++ says threads can be assumed
// to exit or have side effects, C++14 [intro.multithread]p27, so a C++
// implementation's equivalent of the below could set |*answer = false;|
// if all loop sub-nodes set |*answer = false|!)
case PNK_DOWHILE:
case PNK_WHILE:
case PNK_FOR:
case PNK_COMPREHENSIONFOR:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
// Declarations affect the name set of the relevant scope.
case PNK_VAR:
case PNK_CONST:
case PNK_LET:
MOZ_ASSERT(pn->isArity(PN_LIST));
*answer = true;
return true;
case PNK_IF:
case PNK_CONDITIONAL:
MOZ_ASSERT(pn->isArity(PN_TERNARY));
if (!checkSideEffects(pn->pn_kid1, answer))
return false;
if (*answer)
return true;
if (!checkSideEffects(pn->pn_kid2, answer))
return false;
if (*answer)
return true;
if ((pn = pn->pn_kid3))
goto restart;
return true;
// Function calls can invoke non-local code.
case PNK_NEW:
case PNK_CALL:
case PNK_TAGGED_TEMPLATE:
case PNK_SUPERCALL:
MOZ_ASSERT(pn->isArity(PN_LIST));
*answer = true;
return true;
// Classes typically introduce names. Even if no name is introduced,
// the heritage and/or class body (through computed property names)
// usually have effects.
case PNK_CLASS:
MOZ_ASSERT(pn->isArity(PN_TERNARY));
*answer = true;
return true;
// |with| calls |ToObject| on its expression and so throws if that value
// is null/undefined.
case PNK_WITH:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
case PNK_RETURN:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
case PNK_NAME:
MOZ_ASSERT(pn->isArity(PN_NAME));
*answer = true;
return true;
// Shorthands could trigger getters: the |x| in the object literal in
// |with ({ get x() { throw 42; } }) ({ x });|, for example, triggers
// one. (Of course, it isn't necessary to use |with| for a shorthand to
// trigger a getter.)
case PNK_SHORTHAND:
MOZ_ASSERT(pn->isArity(PN_BINARY));
*answer = true;
return true;
case PNK_FUNCTION:
MOZ_ASSERT(pn->isArity(PN_CODE));
/*
* A named function, contrary to ES3, is no longer effectful, because
* we bind its name lexically (using JSOP_CALLEE) instead of creating
* an Object instance and binding a readonly, permanent property in it
* (the object and binding can be detected and hijacked or captured).
* This is a bug fix to ES3; it is fixed in ES3.1 drafts.
*/
*answer = false;
return true;
case PNK_MODULE:
*answer = false;
return true;
// Generator expressions have no side effects on their own.
case PNK_GENEXP:
MOZ_ASSERT(pn->isArity(PN_LIST));
*answer = false;
return true;
case PNK_TRY:
MOZ_ASSERT(pn->isArity(PN_TERNARY));
if (!checkSideEffects(pn->pn_kid1, answer))
return false;
if (*answer)
return true;
if (ParseNode* catchList = pn->pn_kid2) {
MOZ_ASSERT(catchList->isKind(PNK_CATCHLIST));
if (!checkSideEffects(catchList, answer))
return false;
if (*answer)
return true;
}
if (ParseNode* finallyBlock = pn->pn_kid3) {
if (!checkSideEffects(finallyBlock, answer))
return false;
}
return true;
case PNK_CATCH:
MOZ_ASSERT(pn->isArity(PN_TERNARY));
if (!checkSideEffects(pn->pn_kid1, answer))
return false;
if (*answer)
return true;
if (ParseNode* cond = pn->pn_kid2) {
if (!checkSideEffects(cond, answer))
return false;
if (*answer)
return true;
}
return checkSideEffects(pn->pn_kid3, answer);
case PNK_SWITCH:
MOZ_ASSERT(pn->isArity(PN_BINARY));
if (!checkSideEffects(pn->pn_left, answer))
return false;
return *answer || checkSideEffects(pn->pn_right, answer);
case PNK_LABEL:
MOZ_ASSERT(pn->isArity(PN_NAME));
return checkSideEffects(pn->expr(), answer);
case PNK_LEXICALSCOPE:
MOZ_ASSERT(pn->isArity(PN_SCOPE));
return checkSideEffects(pn->scopeBody(), answer);
// We could methodically check every interpolated expression, but it's
// probably not worth the trouble. Treat template strings as effect-free
// only if they don't contain any substitutions.
case PNK_TEMPLATE_STRING_LIST:
MOZ_ASSERT(pn->isArity(PN_LIST));
MOZ_ASSERT(pn->pn_count > 0);
MOZ_ASSERT((pn->pn_count % 2) == 1,
"template strings must alternate template and substitution "
"parts");
*answer = pn->pn_count > 1;
return true;
case PNK_ARRAYCOMP:
MOZ_ASSERT(pn->isArity(PN_LIST));
MOZ_ASSERT(pn->pn_count == 1);
return checkSideEffects(pn->pn_head, answer);
// This should be unreachable but is left as-is for now.
case PNK_PARAMSBODY:
*answer = true;
return true;
case PNK_FORIN: // by PNK_FOR/PNK_COMPREHENSIONFOR
case PNK_FOROF: // by PNK_FOR/PNK_COMPREHENSIONFOR
case PNK_FORHEAD: // by PNK_FOR/PNK_COMPREHENSIONFOR
case PNK_CLASSMETHOD: // by PNK_CLASS
case PNK_CLASSNAMES: // by PNK_CLASS
case PNK_CLASSMETHODLIST: // by PNK_CLASS
case PNK_IMPORT_SPEC_LIST: // by PNK_IMPORT
case PNK_IMPORT_SPEC: // by PNK_IMPORT
case PNK_EXPORT_BATCH_SPEC:// by PNK_EXPORT
case PNK_EXPORT_SPEC_LIST: // by PNK_EXPORT
case PNK_EXPORT_SPEC: // by PNK_EXPORT
case PNK_CALLSITEOBJ: // by PNK_TAGGED_TEMPLATE
case PNK_POSHOLDER: // by PNK_NEWTARGET
case PNK_SUPERBASE: // by PNK_ELEM and others
MOZ_CRASH("handled by parent nodes");
case PNK_LIMIT: // invalid sentinel value
MOZ_CRASH("invalid node kind");
}
MOZ_CRASH("invalid, unenumerated ParseNodeKind value encountered in "
"BytecodeEmitter::checkSideEffects");
}
bool
BytecodeEmitter::isInLoop()
{
return findInnermostNestableControl<LoopControl>();
}
bool
BytecodeEmitter::checkSingletonContext()
{
if (!script->treatAsRunOnce() || sc->isFunctionBox() || isInLoop())
return false;
hasSingletons = true;
return true;
}
bool
BytecodeEmitter::checkRunOnceContext()
{
return checkSingletonContext() || (!isInLoop() && isRunOnceLambda());
}
bool
BytecodeEmitter::needsImplicitThis()
{
// Short-circuit if there is an enclosing 'with' scope.
if (sc->inWith())
return true;
// Otherwise see if the current point is under a 'with'.
for (EmitterScope* es = innermostEmitterScope; es; es = es->enclosingInFrame()) {
if (es->scope(this)->kind() == ScopeKind::With)
return true;
}
return false;
}
bool
BytecodeEmitter::maybeSetDisplayURL()
{
if (tokenStream()->hasDisplayURL()) {
if (!parser->ss->setDisplayURL(cx, tokenStream()->displayURL()))
return false;
}
return true;
}
bool
BytecodeEmitter::maybeSetSourceMap()
{
if (tokenStream()->hasSourceMapURL()) {
MOZ_ASSERT(!parser->ss->hasSourceMapURL());
if (!parser->ss->setSourceMapURL(cx, tokenStream()->sourceMapURL()))
return false;
}
/*
* Source map URLs passed as a compile option (usually via a HTTP source map
* header) override any source map urls passed as comment pragmas.
*/
if (parser->options().sourceMapURL()) {
// Warn about the replacement, but use the new one.
if (parser->ss->hasSourceMapURL()) {
if(!parser->report(ParseWarning, false, nullptr, JSMSG_ALREADY_HAS_PRAGMA,
parser->ss->filename(), "//# sourceMappingURL"))
return false;
}
if (!parser->ss->setSourceMapURL(cx, parser->options().sourceMapURL()))
return false;
}
return true;
}
void
BytecodeEmitter::tellDebuggerAboutCompiledScript(ExclusiveContext* cx)
{
// Note: when parsing off thread the resulting scripts need to be handed to
// the debugger after rejoining to the main thread.
if (!cx->isJSContext())
return;
// Lazy scripts are never top level (despite always being invoked with a
// nullptr parent), and so the hook should never be fired.
if (emitterMode != LazyFunction && !parent) {
Debugger::onNewScript(cx->asJSContext(), script);
}
}
inline TokenStream*
BytecodeEmitter::tokenStream()
{
return &parser->tokenStream;
}
bool
BytecodeEmitter::reportError(ParseNode* pn, unsigned errorNumber, ...)
{
TokenPos pos = pn ? pn->pn_pos : tokenStream()->currentToken().pos;
va_list args;
va_start(args, errorNumber);
bool result = tokenStream()->reportCompileErrorNumberVA(pos.begin, JSREPORT_ERROR,
errorNumber, args);
va_end(args);
return result;
}
bool
BytecodeEmitter::reportStrictWarning(ParseNode* pn, unsigned errorNumber, ...)
{
TokenPos pos = pn ? pn->pn_pos : tokenStream()->currentToken().pos;
va_list args;
va_start(args, errorNumber);
bool result = tokenStream()->reportStrictWarningErrorNumberVA(pos.begin, errorNumber, args);
va_end(args);
return result;
}
bool
BytecodeEmitter::reportStrictModeError(ParseNode* pn, unsigned errorNumber, ...)
{
TokenPos pos = pn ? pn->pn_pos : tokenStream()->currentToken().pos;
va_list args;
va_start(args, errorNumber);
bool result = tokenStream()->reportStrictModeErrorNumberVA(pos.begin, sc->strict(),
errorNumber, args);
va_end(args);
return result;
}
bool
BytecodeEmitter::emitNewInit(JSProtoKey key)
{
const size_t len = 1 + UINT32_INDEX_LEN;
ptrdiff_t offset;
if (!emitCheck(len, &offset))
return false;
jsbytecode* code = this->code(offset);
code[0] = JSOP_NEWINIT;
code[1] = jsbytecode(key);
code[2] = 0;
code[3] = 0;
code[4] = 0;
checkTypeSet(JSOP_NEWINIT);
updateDepth(offset);
return true;
}
bool
BytecodeEmitter::iteratorResultShape(unsigned* shape)
{
// No need to do any guessing for the object kind, since we know exactly how
// many properties we plan to have.
gc::AllocKind kind = gc::GetGCObjectKind(2);
RootedPlainObject obj(cx, NewBuiltinClassInstance<PlainObject>(cx, kind, TenuredObject));
if (!obj)
return false;
Rooted<jsid> value_id(cx, AtomToId(cx->names().value));
Rooted<jsid> done_id(cx, AtomToId(cx->names().done));
if (!NativeDefineProperty(cx, obj, value_id, UndefinedHandleValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
if (!NativeDefineProperty(cx, obj, done_id, UndefinedHandleValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
ObjectBox* objbox = parser->newObjectBox(obj);
if (!objbox)
return false;
*shape = objectList.add(objbox);
return true;
}
bool
BytecodeEmitter::emitPrepareIteratorResult()
{
unsigned shape;
if (!iteratorResultShape(&shape))
return false;
return emitIndex32(JSOP_NEWOBJECT, shape);
}
bool
BytecodeEmitter::emitFinishIteratorResult(bool done)
{
uint32_t value_id;
if (!makeAtomIndex(cx->names().value, &value_id))
return false;
uint32_t done_id;
if (!makeAtomIndex(cx->names().done, &done_id))
return false;
if (!emitIndex32(JSOP_INITPROP, value_id))
return false;
if (!emit1(done ? JSOP_TRUE : JSOP_FALSE))
return false;
if (!emitIndex32(JSOP_INITPROP, done_id))
return false;
return true;
}
bool
BytecodeEmitter::emitGetNameAtLocation(JSAtom* name, const NameLocation& loc, bool callContext)
{
switch (loc.kind()) {
case NameLocation::Kind::Dynamic:
if (!emitAtomOp(name, JSOP_GETNAME))
return false;
break;
case NameLocation::Kind::Global:
if (!emitAtomOp(name, JSOP_GETGNAME))
return false;
break;
case NameLocation::Kind::Intrinsic:
if (!emitAtomOp(name, JSOP_GETINTRINSIC))
return false;
break;
case NameLocation::Kind::NamedLambdaCallee:
if (!emit1(JSOP_CALLEE))
return false;
break;
case NameLocation::Kind::Import:
if (!emitAtomOp(name, JSOP_GETIMPORT))
return false;
break;
case NameLocation::Kind::ArgumentSlot:
if (!emitArgOp(JSOP_GETARG, loc.argumentSlot()))
return false;
break;
case NameLocation::Kind::FrameSlot:
if (loc.isLexical()) {
if (!emitTDZCheckIfNeeded(name, loc))
return false;
}
if (!emitLocalOp(JSOP_GETLOCAL, loc.frameSlot()))
return false;
break;
case NameLocation::Kind::EnvironmentCoordinate:
if (loc.isLexical()) {
if (!emitTDZCheckIfNeeded(name, loc))
return false;
}
if (!emitEnvCoordOp(JSOP_GETALIASEDVAR, loc.environmentCoordinate()))
return false;
break;
case NameLocation::Kind::DynamicAnnexBVar:
MOZ_CRASH("Synthesized vars for Annex B.3.3 should only be used in initialization");
}
// Need to provide |this| value for call.
if (callContext) {
switch (loc.kind()) {
case NameLocation::Kind::Dynamic: {
JSOp thisOp = needsImplicitThis() ? JSOP_IMPLICITTHIS : JSOP_GIMPLICITTHIS;
if (!emitAtomOp(name, thisOp))
return false;
break;
}
case NameLocation::Kind::Global:
if (!emitAtomOp(name, JSOP_GIMPLICITTHIS))
return false;
break;
case NameLocation::Kind::Intrinsic:
case NameLocation::Kind::NamedLambdaCallee:
case NameLocation::Kind::Import:
case NameLocation::Kind::ArgumentSlot:
case NameLocation::Kind::FrameSlot:
case NameLocation::Kind::EnvironmentCoordinate:
if (!emit1(JSOP_UNDEFINED))
return false;
break;
case NameLocation::Kind::DynamicAnnexBVar:
MOZ_CRASH("Synthesized vars for Annex B.3.3 should only be used in initialization");
}
}
return true;
}
bool
BytecodeEmitter::emitGetName(ParseNode* pn, bool callContext)
{
return emitGetName(pn->name(), callContext);
}
template <typename RHSEmitter>
bool
BytecodeEmitter::emitSetOrInitializeNameAtLocation(HandleAtom name, const NameLocation& loc,
RHSEmitter emitRhs, bool initialize)
{
bool emittedBindOp = false;
switch (loc.kind()) {
case NameLocation::Kind::Dynamic:
case NameLocation::Kind::Import:
case NameLocation::Kind::DynamicAnnexBVar: {
uint32_t atomIndex;
if (!makeAtomIndex(name, &atomIndex))
return false;
if (loc.kind() == NameLocation::Kind::DynamicAnnexBVar) {
// Annex B vars always go on the nearest variable environment,
// even if lexical environments in between contain same-named
// bindings.
if (!emit1(JSOP_BINDVAR))
return false;
} else {
if (!emitIndexOp(JSOP_BINDNAME, atomIndex))
return false;
}
emittedBindOp = true;
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (!emitIndexOp(strictifySetNameOp(JSOP_SETNAME), atomIndex))
return false;
break;
}
case NameLocation::Kind::Global: {
JSOp op;
uint32_t atomIndex;
if (!makeAtomIndex(name, &atomIndex))
return false;
if (loc.isLexical() && initialize) {
// INITGLEXICAL always gets the global lexical scope. It doesn't
// need a BINDGNAME.
MOZ_ASSERT(innermostScope()->is<GlobalScope>());
op = JSOP_INITGLEXICAL;
} else {
if (!emitIndexOp(JSOP_BINDGNAME, atomIndex))
return false;
emittedBindOp = true;
op = strictifySetNameOp(JSOP_SETGNAME);
}
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (!emitIndexOp(op, atomIndex))
return false;
break;
}
case NameLocation::Kind::Intrinsic:
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (!emitAtomOp(name, JSOP_SETINTRINSIC))
return false;
break;
case NameLocation::Kind::NamedLambdaCallee:
if (!emitRhs(this, loc, emittedBindOp))
return false;
// Assigning to the named lambda is a no-op in sloppy mode but
// throws in strict mode.
if (sc->strict() && !emit1(JSOP_THROWSETCALLEE))
return false;
break;
case NameLocation::Kind::ArgumentSlot: {
// If we assign to a positional formal parameter and the arguments
// object is unmapped (strict mode or function with
// default/rest/destructing args), parameters do not alias
// arguments[i], and to make the arguments object reflect initial
// parameter values prior to any mutation we create it eagerly
// whenever parameters are (or might, in the case of calls to eval)
// assigned.
FunctionBox* funbox = sc->asFunctionBox();
if (funbox->argumentsHasLocalBinding() && !funbox->hasMappedArgsObj())
funbox->setDefinitelyNeedsArgsObj();
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (!emitArgOp(JSOP_SETARG, loc.argumentSlot()))
return false;
break;
}
case NameLocation::Kind::FrameSlot: {
JSOp op = JSOP_SETLOCAL;
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (loc.isLexical()) {
if (initialize) {
op = JSOP_INITLEXICAL;
} else {
if (loc.isConst())
op = JSOP_THROWSETCONST;
if (!emitTDZCheckIfNeeded(name, loc))
return false;
}
}
if (!emitLocalOp(op, loc.frameSlot()))
return false;
if (op == JSOP_INITLEXICAL) {
if (!innermostTDZCheckCache->noteTDZCheck(this, name, DontCheckTDZ))
return false;
}
break;
}
case NameLocation::Kind::EnvironmentCoordinate: {
JSOp op = JSOP_SETALIASEDVAR;
if (!emitRhs(this, loc, emittedBindOp))
return false;
if (loc.isLexical()) {
if (initialize) {
op = JSOP_INITALIASEDLEXICAL;
} else {
if (loc.isConst())
op = JSOP_THROWSETALIASEDCONST;
if (!emitTDZCheckIfNeeded(name, loc))
return false;
}
}
if (loc.bindingKind() == BindingKind::NamedLambdaCallee) {
// Assigning to the named lambda is a no-op in sloppy mode and throws
// in strict mode.
op = JSOP_THROWSETALIASEDCONST;
if (sc->strict() && !emitEnvCoordOp(op, loc.environmentCoordinate()))
return false;
} else {
if (!emitEnvCoordOp(op, loc.environmentCoordinate()))
return false;
}
if (op == JSOP_INITALIASEDLEXICAL) {
if (!innermostTDZCheckCache->noteTDZCheck(this, name, DontCheckTDZ))
return false;
}
break;
}
}
return true;
}
bool
BytecodeEmitter::emitTDZCheckIfNeeded(JSAtom* name, const NameLocation& loc)
{
// Dynamic accesses have TDZ checks built into their VM code and should
// never emit explicit TDZ checks.
MOZ_ASSERT(loc.hasKnownSlot());
MOZ_ASSERT(loc.isLexical());
Maybe<MaybeCheckTDZ> check = innermostTDZCheckCache->needsTDZCheck(this, name);
if (!check)
return false;
// We've already emitted a check in this basic block.
if (*check == DontCheckTDZ)
return true;
if (loc.kind() == NameLocation::Kind::FrameSlot) {
if (!emitLocalOp(JSOP_CHECKLEXICAL, loc.frameSlot()))
return false;
} else {
if (!emitEnvCoordOp(JSOP_CHECKALIASEDLEXICAL, loc.environmentCoordinate()))
return false;
}
return innermostTDZCheckCache->noteTDZCheck(this, name, DontCheckTDZ);
}
bool
BytecodeEmitter::emitPropLHS(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_DOT));
MOZ_ASSERT(!pn->as<PropertyAccess>().isSuper());
ParseNode* pn2 = pn->pn_expr;
/*
* If the object operand is also a dotted property reference, reverse the
* list linked via pn_expr temporarily so we can iterate over it from the
* bottom up (reversing again as we go), to avoid excessive recursion.
*/
if (pn2->isKind(PNK_DOT) && !pn2->as<PropertyAccess>().isSuper()) {
ParseNode* pndot = pn2;
ParseNode* pnup = nullptr;
ParseNode* pndown;
for (;;) {
/* Reverse pndot->pn_expr to point up, not down. */
pndown = pndot->pn_expr;
pndot->pn_expr = pnup;
if (!pndown->isKind(PNK_DOT) || pndown->as<PropertyAccess>().isSuper())
break;
pnup = pndot;
pndot = pndown;
}
/* pndown is a primary expression, not a dotted property reference. */
if (!emitTree(pndown))
return false;
do {
/* Walk back up the list, emitting annotated name ops. */
if (!emitAtomOp(pndot, JSOP_GETPROP))
return false;
/* Reverse the pn_expr link again. */
pnup = pndot->pn_expr;
pndot->pn_expr = pndown;
pndown = pndot;
} while ((pndot = pnup) != nullptr);
return true;
}
// The non-optimized case.
return emitTree(pn2);
}
bool
BytecodeEmitter::emitSuperPropLHS(ParseNode* superBase, bool isCall)
{
if (!emitGetThisForSuperBase(superBase))
return false;
if (isCall && !emit1(JSOP_DUP))
return false;
if (!emit1(JSOP_SUPERBASE))
return false;
return true;
}
bool
BytecodeEmitter::emitPropOp(ParseNode* pn, JSOp op)
{
MOZ_ASSERT(pn->isArity(PN_NAME));
if (!emitPropLHS(pn))
return false;
if (op == JSOP_CALLPROP && !emit1(JSOP_DUP))
return false;
if (!emitAtomOp(pn, op))
return false;
if (op == JSOP_CALLPROP && !emit1(JSOP_SWAP))
return false;
return true;
}
bool
BytecodeEmitter::emitSuperPropOp(ParseNode* pn, JSOp op, bool isCall)
{
ParseNode* base = &pn->as<PropertyAccess>().expression();
if (!emitSuperPropLHS(base, isCall))
return false;
if (!emitAtomOp(pn, op))
return false;
if (isCall && !emit1(JSOP_SWAP))
return false;
return true;
}
bool
BytecodeEmitter::emitPropIncDec(ParseNode* pn)
{
MOZ_ASSERT(pn->pn_kid->isKind(PNK_DOT));
bool post;
bool isSuper = pn->pn_kid->as<PropertyAccess>().isSuper();
JSOp binop = GetIncDecInfo(pn->getKind(), &post);
if (isSuper) {
ParseNode* base = &pn->pn_kid->as<PropertyAccess>().expression();
if (!emitSuperPropLHS(base)) // THIS OBJ
return false;
if (!emit1(JSOP_DUP2)) // THIS OBJ THIS OBJ
return false;
} else {
if (!emitPropLHS(pn->pn_kid)) // OBJ
return false;
if (!emit1(JSOP_DUP)) // OBJ OBJ
return false;
}
if (!emitAtomOp(pn->pn_kid, isSuper? JSOP_GETPROP_SUPER : JSOP_GETPROP)) // OBJ V
return false;
if (!emit1(JSOP_POS)) // OBJ N
return false;
if (post && !emit1(JSOP_DUP)) // OBJ N? N
return false;
if (!emit1(JSOP_ONE)) // OBJ N? N 1
return false;
if (!emit1(binop)) // OBJ N? N+1
return false;
if (post) {
if (!emit2(JSOP_PICK, 2 + isSuper)) // N? N+1 OBJ
return false;
if (!emit1(JSOP_SWAP)) // N? OBJ N+1
return false;
if (isSuper) {
if (!emit2(JSOP_PICK, 3)) // N THIS N+1 OBJ
return false;
if (!emit1(JSOP_SWAP)) // N THIS OBJ N+1
return false;
}
}
JSOp setOp = isSuper ? sc->strict() ? JSOP_STRICTSETPROP_SUPER : JSOP_SETPROP_SUPER
: sc->strict() ? JSOP_STRICTSETPROP : JSOP_SETPROP;
if (!emitAtomOp(pn->pn_kid, setOp)) // N? N+1
return false;
if (post && !emit1(JSOP_POP)) // RESULT
return false;
return true;
}
bool
BytecodeEmitter::emitNameIncDec(ParseNode* pn)
{
MOZ_ASSERT(pn->pn_kid->isKind(PNK_NAME));
bool post;
JSOp binop = GetIncDecInfo(pn->getKind(), &post);
auto emitRhs = [pn, post, binop](BytecodeEmitter* bce, const NameLocation& loc,
bool emittedBindOp)
{
JSAtom* name = pn->pn_kid->name();
if (!bce->emitGetNameAtLocation(name, loc, false)) // SCOPE? V
return false;
if (!bce->emit1(JSOP_POS)) // SCOPE? N
return false;
if (post && !bce->emit1(JSOP_DUP)) // SCOPE? N? N
return false;
if (!bce->emit1(JSOP_ONE)) // SCOPE? N? N 1
return false;
if (!bce->emit1(binop)) // SCOPE? N? N+1
return false;
if (post && emittedBindOp) {
if (!bce->emit2(JSOP_PICK, 2)) // N? N+1 SCOPE?
return false;
if (!bce->emit1(JSOP_SWAP)) // N? SCOPE? N+1
return false;
}
return true;
};
if (!emitSetName(pn->pn_kid, emitRhs))
return false;
if (post && !emit1(JSOP_POP))
return false;
return true;
}
bool
BytecodeEmitter::emitElemOperands(ParseNode* pn, EmitElemOption opts)
{
MOZ_ASSERT(pn->isArity(PN_BINARY));
if (!emitTree(pn->pn_left))
return false;
if (opts == EmitElemOption::IncDec) {
if (!emit1(JSOP_CHECKOBJCOERCIBLE))
return false;
} else if (opts == EmitElemOption::Call) {
if (!emit1(JSOP_DUP))
return false;
}
if (!emitTree(pn->pn_right))
return false;
if (opts == EmitElemOption::Set) {
if (!emit2(JSOP_PICK, 2))
return false;
} else if (opts == EmitElemOption::IncDec || opts == EmitElemOption::CompoundAssign) {
if (!emit1(JSOP_TOID))
return false;
}
return true;
}
bool
BytecodeEmitter::emitSuperElemOperands(ParseNode* pn, EmitElemOption opts)
{
MOZ_ASSERT(pn->isKind(PNK_ELEM) && pn->as<PropertyByValue>().isSuper());
// The ordering here is somewhat screwy. We need to evaluate the propval
// first, by spec. Do a little dance to not emit more than one JSOP_THIS.
// Since JSOP_THIS might throw in derived class constructors, we cannot
// just push it earlier as the receiver. We have to swap it down instead.
if (!emitTree(pn->pn_right))
return false;
// We need to convert the key to an object id first, so that we do not do
// it inside both the GETELEM and the SETELEM.
if (opts == EmitElemOption::IncDec || opts == EmitElemOption::CompoundAssign) {
if (!emit1(JSOP_TOID))
return false;
}
if (!emitGetThisForSuperBase(pn->pn_left))
return false;
if (opts == EmitElemOption::Call) {
if (!emit1(JSOP_SWAP))
return false;
// We need another |this| on top, also
if (!emitDupAt(1))
return false;
}
if (!emit1(JSOP_SUPERBASE))
return false;
if (opts == EmitElemOption::Set && !emit2(JSOP_PICK, 3))
return false;
return true;
}
bool
BytecodeEmitter::emitElemOpBase(JSOp op)
{
if (!emit1(op))
return false;
checkTypeSet(op);
return true;
}
bool
BytecodeEmitter::emitElemOp(ParseNode* pn, JSOp op)
{
EmitElemOption opts = EmitElemOption::Get;
if (op == JSOP_CALLELEM)
opts = EmitElemOption::Call;
else if (op == JSOP_SETELEM || op == JSOP_STRICTSETELEM)
opts = EmitElemOption::Set;
return emitElemOperands(pn, opts) && emitElemOpBase(op);
}
bool
BytecodeEmitter::emitSuperElemOp(ParseNode* pn, JSOp op, bool isCall)
{
EmitElemOption opts = EmitElemOption::Get;
if (isCall)
opts = EmitElemOption::Call;
else if (op == JSOP_SETELEM_SUPER || op == JSOP_STRICTSETELEM_SUPER)
opts = EmitElemOption::Set;
if (!emitSuperElemOperands(pn, opts))
return false;
if (!emitElemOpBase(op))
return false;
if (isCall && !emit1(JSOP_SWAP))
return false;
return true;
}
bool
BytecodeEmitter::emitElemIncDec(ParseNode* pn)
{
MOZ_ASSERT(pn->pn_kid->isKind(PNK_ELEM));
bool isSuper = pn->pn_kid->as<PropertyByValue>().isSuper();
// We need to convert the key to an object id first, so that we do not do
// it inside both the GETELEM and the SETELEM. This is done by
// emit(Super)ElemOperands.
if (isSuper) {
if (!emitSuperElemOperands(pn->pn_kid, EmitElemOption::IncDec))
return false;
} else {
if (!emitElemOperands(pn->pn_kid, EmitElemOption::IncDec))
return false;
}
bool post;
JSOp binop = GetIncDecInfo(pn->getKind(), &post);
JSOp getOp;
if (isSuper) {
// There's no such thing as JSOP_DUP3, so we have to be creative.
// Note that pushing things again is no fewer JSOps.
if (!emitDupAt(2)) // KEY THIS OBJ KEY
return false;
if (!emitDupAt(2)) // KEY THIS OBJ KEY THIS
return false;
if (!emitDupAt(2)) // KEY THIS OBJ KEY THIS OBJ
return false;
getOp = JSOP_GETELEM_SUPER;
} else {
// OBJ KEY
if (!emit1(JSOP_DUP2)) // OBJ KEY OBJ KEY
return false;
getOp = JSOP_GETELEM;
}
if (!emitElemOpBase(getOp)) // OBJ KEY V
return false;
if (!emit1(JSOP_POS)) // OBJ KEY N
return false;
if (post && !emit1(JSOP_DUP)) // OBJ KEY N? N
return false;
if (!emit1(JSOP_ONE)) // OBJ KEY N? N 1
return false;
if (!emit1(binop)) // OBJ KEY N? N+1
return false;
if (post) {
if (isSuper) {
// We have one more value to rotate around, because of |this|
// on the stack
if (!emit2(JSOP_PICK, 4))
return false;
}
if (!emit2(JSOP_PICK, 3 + isSuper)) // KEY N N+1 OBJ
return false;
if (!emit2(JSOP_PICK, 3 + isSuper)) // N N+1 OBJ KEY
return false;
if (!emit2(JSOP_PICK, 2 + isSuper)) // N OBJ KEY N+1
return false;
}
JSOp setOp = isSuper ? (sc->strict() ? JSOP_STRICTSETELEM_SUPER : JSOP_SETELEM_SUPER)
: (sc->strict() ? JSOP_STRICTSETELEM : JSOP_SETELEM);
if (!emitElemOpBase(setOp)) // N? N+1
return false;
if (post && !emit1(JSOP_POP)) // RESULT
return false;
return true;
}
bool
BytecodeEmitter::emitCallIncDec(ParseNode* incDec)
{
MOZ_ASSERT(incDec->isKind(PNK_PREINCREMENT) ||
incDec->isKind(PNK_POSTINCREMENT) ||
incDec->isKind(PNK_PREDECREMENT) ||
incDec->isKind(PNK_POSTDECREMENT));
MOZ_ASSERT(incDec->pn_kid->isKind(PNK_CALL));
ParseNode* call = incDec->pn_kid;
if (!emitTree(call)) // CALLRESULT
return false;
if (!emit1(JSOP_POS)) // N
return false;
// The increment/decrement has no side effects, so proceed to throw for
// invalid assignment target.
return emitUint16Operand(JSOP_THROWMSG, JSMSG_BAD_LEFTSIDE_OF_ASS);
}
bool
BytecodeEmitter::emitNumberOp(double dval)
{
int32_t ival;
if (NumberIsInt32(dval, &ival)) {
if (ival == 0)
return emit1(JSOP_ZERO);
if (ival == 1)
return emit1(JSOP_ONE);
if ((int)(int8_t)ival == ival)
return emit2(JSOP_INT8, uint8_t(int8_t(ival)));
uint32_t u = uint32_t(ival);
if (u < JS_BIT(16)) {
if (!emitUint16Operand(JSOP_UINT16, u))
return false;
} else if (u < JS_BIT(24)) {
ptrdiff_t off;
if (!emitN(JSOP_UINT24, 3, &off))
return false;
SET_UINT24(code(off), u);
} else {
ptrdiff_t off;
if (!emitN(JSOP_INT32, 4, &off))
return false;
SET_INT32(code(off), ival);
}
return true;
}
if (!constList.append(DoubleValue(dval)))
return false;
return emitIndex32(JSOP_DOUBLE, constList.length() - 1);
}
/*
* Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047.
* LLVM is deciding to inline this function which uses a lot of stack space
* into emitTree which is recursive and uses relatively little stack space.
*/
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitSwitch(ParseNode* pn)
{
ParseNode* cases = pn->pn_right;
MOZ_ASSERT(cases->isKind(PNK_LEXICALSCOPE) || cases->isKind(PNK_STATEMENTLIST));
// Emit code for the discriminant.
if (!emitTree(pn->pn_left))
return false;
// Enter the scope before pushing the switch BreakableControl since all
// breaks are under this scope.
Maybe<TDZCheckCache> tdzCache;
Maybe<EmitterScope> emitterScope;
if (cases->isKind(PNK_LEXICALSCOPE)) {
if (!cases->isEmptyScope()) {
tdzCache.emplace(this);
emitterScope.emplace(this);
if (!emitterScope->enterLexical(this, ScopeKind::Lexical, cases->scopeBindings()))
return false;
}
// Advance |cases| to refer to the switch case list.
cases = cases->scopeBody();
// A switch statement may contain hoisted functions inside its
// cases. The PNX_FUNCDEFS flag is propagated from the STATEMENTLIST
// bodies of the cases to the case list.
if (cases->pn_xflags & PNX_FUNCDEFS) {
MOZ_ASSERT(emitterScope);
for (ParseNode* caseNode = cases->pn_head; caseNode; caseNode = caseNode->pn_next) {
if (caseNode->pn_right->pn_xflags & PNX_FUNCDEFS) {
if (!emitHoistedFunctionsInList(caseNode->pn_right))
return false;
}
}
}
}
// After entering the scope, push the switch control.
BreakableControl controlInfo(this, StatementKind::Switch);
ptrdiff_t top = offset();
// Switch bytecodes run from here till end of final case.
uint32_t caseCount = cases->pn_count;
if (caseCount > JS_BIT(16)) {
parser->tokenStream.reportError(JSMSG_TOO_MANY_CASES);
return false;
}
// Try for most optimal, fall back if not dense ints.
JSOp switchOp = JSOP_TABLESWITCH;
uint32_t tableLength = 0;
int32_t low, high;
bool hasDefault = false;
CaseClause* firstCase = cases->pn_head ? &cases->pn_head->as<CaseClause>() : nullptr;
if (caseCount == 0 ||
(caseCount == 1 && (hasDefault = firstCase->isDefault())))
{
caseCount = 0;
low = 0;
high = -1;
} else {
Vector<jsbitmap, 128, SystemAllocPolicy> intmap;
int32_t intmapBitLength = 0;
low = JSVAL_INT_MAX;
high = JSVAL_INT_MIN;
for (CaseClause* caseNode = firstCase; caseNode; caseNode = caseNode->next()) {
if (caseNode->isDefault()) {
hasDefault = true;
caseCount--; // one of the "cases" was the default
continue;
}
if (switchOp == JSOP_CONDSWITCH)
continue;
MOZ_ASSERT(switchOp == JSOP_TABLESWITCH);
ParseNode* caseValue = caseNode->caseExpression();
if (caseValue->getKind() != PNK_NUMBER) {
switchOp = JSOP_CONDSWITCH;
continue;
}
int32_t i;
if (!NumberIsInt32(caseValue->pn_dval, &i)) {
switchOp = JSOP_CONDSWITCH;
continue;
}
if (unsigned(i + int(JS_BIT(15))) >= unsigned(JS_BIT(16))) {
switchOp = JSOP_CONDSWITCH;
continue;
}
if (i < low)
low = i;
if (i > high)
high = i;
// Check for duplicates, which require a JSOP_CONDSWITCH.
// We bias i by 65536 if it's negative, and hope that's a rare
// case (because it requires a malloc'd bitmap).
if (i < 0)
i += JS_BIT(16);
if (i >= intmapBitLength) {
size_t newLength = (i / JS_BITMAP_NBITS) + 1;
if (!intmap.resize(newLength))
return false;
intmapBitLength = newLength * JS_BITMAP_NBITS;
}
if (JS_TEST_BIT(intmap, i)) {
switchOp = JSOP_CONDSWITCH;
continue;
}
JS_SET_BIT(intmap, i);
}
// Compute table length and select condswitch instead if overlarge or
// more than half-sparse.
if (switchOp == JSOP_TABLESWITCH) {
tableLength = uint32_t(high - low + 1);
if (tableLength >= JS_BIT(16) || tableLength > 2 * caseCount)
switchOp = JSOP_CONDSWITCH;
}
}
// The note has one or two offsets: first tells total switch code length;
// second (if condswitch) tells offset to first JSOP_CASE.
unsigned noteIndex;
size_t switchSize;
if (switchOp == JSOP_CONDSWITCH) {
// 0 bytes of immediate for unoptimized switch.
switchSize = 0;
if (!newSrcNote3(SRC_CONDSWITCH, 0, 0, ¬eIndex))
return false;
} else {
MOZ_ASSERT(switchOp == JSOP_TABLESWITCH);
// 3 offsets (len, low, high) before the table, 1 per entry.
switchSize = size_t(JUMP_OFFSET_LEN * (3 + tableLength));
if (!newSrcNote2(SRC_TABLESWITCH, 0, ¬eIndex))
return false;
}
// Emit switchOp followed by switchSize bytes of jump or lookup table.
MOZ_ASSERT(top == offset());
if (!emitN(switchOp, switchSize))
return false;
Vector<CaseClause*, 32, SystemAllocPolicy> table;
JumpList condSwitchDefaultOff;
if (switchOp == JSOP_CONDSWITCH) {
unsigned caseNoteIndex;
bool beforeCases = true;
ptrdiff_t lastCaseOffset = -1;
// The case conditions need their own TDZ cache since they might not
// all execute.
TDZCheckCache tdzCache(this);
// Emit code for evaluating cases and jumping to case statements.
for (CaseClause* caseNode = firstCase; caseNode; caseNode = caseNode->next()) {
ParseNode* caseValue = caseNode->caseExpression();
// If the expression is a literal, suppress line number emission so
// that debugging works more naturally.
if (caseValue) {
if (!emitTree(caseValue,
caseValue->isLiteral() ? SUPPRESS_LINENOTE : EMIT_LINENOTE))
{
return false;
}
}
if (!beforeCases) {
// prevCase is the previous JSOP_CASE's bytecode offset.
if (!setSrcNoteOffset(caseNoteIndex, 0, offset() - lastCaseOffset))
return false;
}
if (!caseValue) {
// This is the default clause.
continue;
}
if (!newSrcNote2(SRC_NEXTCASE, 0, &caseNoteIndex))
return false;
// The case clauses are produced before any of the case body. The
// JumpList is saved on the parsed tree, then later restored and
// patched when generating the cases body.
JumpList caseJump;
if (!emitJump(JSOP_CASE, &caseJump))
return false;
caseNode->setOffset(caseJump.offset);
lastCaseOffset = caseJump.offset;
if (beforeCases) {
// Switch note's second offset is to first JSOP_CASE.
unsigned noteCount = notes().length();
if (!setSrcNoteOffset(noteIndex, 1, lastCaseOffset - top))
return false;
unsigned noteCountDelta = notes().length() - noteCount;
if (noteCountDelta != 0)
caseNoteIndex += noteCountDelta;
beforeCases = false;
}
}
// If we didn't have an explicit default (which could fall in between
// cases, preventing us from fusing this setSrcNoteOffset with the call
// in the loop above), link the last case to the implicit default for
// the benefit of IonBuilder.
if (!hasDefault &&
!beforeCases &&
!setSrcNoteOffset(caseNoteIndex, 0, offset() - lastCaseOffset))
{
return false;
}
// Emit default even if no explicit default statement.
if (!emitJump(JSOP_DEFAULT, &condSwitchDefaultOff))
return false;
} else {
MOZ_ASSERT(switchOp == JSOP_TABLESWITCH);
// skip default offset.
jsbytecode* pc = code(top + JUMP_OFFSET_LEN);
// Fill in switch bounds, which we know fit in 16-bit offsets.
SET_JUMP_OFFSET(pc, low);
pc += JUMP_OFFSET_LEN;
SET_JUMP_OFFSET(pc, high);
pc += JUMP_OFFSET_LEN;
if (tableLength != 0) {
if (!table.growBy(tableLength))
return false;
for (CaseClause* caseNode = firstCase; caseNode; caseNode = caseNode->next()) {
if (ParseNode* caseValue = caseNode->caseExpression()) {
MOZ_ASSERT(caseValue->isKind(PNK_NUMBER));
int32_t i = int32_t(caseValue->pn_dval);
MOZ_ASSERT(double(i) == caseValue->pn_dval);
i -= low;
MOZ_ASSERT(uint32_t(i) < tableLength);
MOZ_ASSERT(!table[i]);
table[i] = caseNode;
}
}
}
}
JumpTarget defaultOffset{ -1 };
// Emit code for each case's statements.
for (CaseClause* caseNode = firstCase; caseNode; caseNode = caseNode->next()) {
if (switchOp == JSOP_CONDSWITCH && !caseNode->isDefault()) {
// The case offset got saved in the caseNode structure after
// emitting the JSOP_CASE jump instruction above.
JumpList caseCond;
caseCond.offset = caseNode->offset();
if (!emitJumpTargetAndPatch(caseCond))
return false;
}
JumpTarget here;
if (!emitJumpTarget(&here))
return false;
if (caseNode->isDefault())
defaultOffset = here;
// If this is emitted as a TABLESWITCH, we'll need to know this case's
// offset later when emitting the table. Store it in the node's
// pn_offset (giving the field a different meaning vs. how we used it
// on the immediately preceding line of code).
caseNode->setOffset(here.offset);
TDZCheckCache tdzCache(this);
if (!emitTree(caseNode->statementList()))
return false;
}
if (!hasDefault) {
// If no default case, offset for default is to end of switch.
if (!emitJumpTarget(&defaultOffset))
return false;
}
MOZ_ASSERT(defaultOffset.offset != -1);
// Set the default offset (to end of switch if no default).
jsbytecode* pc;
if (switchOp == JSOP_CONDSWITCH) {
pc = nullptr;
patchJumpsToTarget(condSwitchDefaultOff, defaultOffset);
} else {
MOZ_ASSERT(switchOp == JSOP_TABLESWITCH);
pc = code(top);
SET_JUMP_OFFSET(pc, defaultOffset.offset - top);
pc += JUMP_OFFSET_LEN;
}
// Set the SRC_SWITCH note's offset operand to tell end of switch.
if (!setSrcNoteOffset(noteIndex, 0, lastNonJumpTargetOffset() - top))
return false;
if (switchOp == JSOP_TABLESWITCH) {
// Skip over the already-initialized switch bounds.
pc += 2 * JUMP_OFFSET_LEN;
// Fill in the jump table, if there is one.
for (uint32_t i = 0; i < tableLength; i++) {
CaseClause* caseNode = table[i];
ptrdiff_t off = caseNode ? caseNode->offset() - top : 0;
SET_JUMP_OFFSET(pc, off);
pc += JUMP_OFFSET_LEN;
}
}
// Patch breaks before leaving the scope, as all breaks are under the
// lexical scope if it exists.
if (!controlInfo.patchBreaks(this))
return false;
if (emitterScope && !emitterScope->leave(this))
return false;
return true;
}
bool
BytecodeEmitter::isRunOnceLambda()
{
// The run once lambda flags set by the parser are approximate, and we look
// at properties of the function itself before deciding to emit a function
// as a run once lambda.
if (!(parent && parent->emittingRunOnceLambda) &&
(emitterMode != LazyFunction || !lazyScript->treatAsRunOnce()))
{
return false;
}
FunctionBox* funbox = sc->asFunctionBox();
return !funbox->argumentsHasLocalBinding() &&
!funbox->isGenerator() &&
!funbox->function()->name();
}
bool
BytecodeEmitter::emitYieldOp(JSOp op)
{
if (op == JSOP_FINALYIELDRVAL)
return emit1(JSOP_FINALYIELDRVAL);
MOZ_ASSERT(op == JSOP_INITIALYIELD || op == JSOP_YIELD);
ptrdiff_t off;
if (!emitN(op, 3, &off))
return false;
uint32_t yieldIndex = yieldOffsetList.length();
if (yieldIndex >= JS_BIT(24)) {
reportError(nullptr, JSMSG_TOO_MANY_YIELDS);
return false;
}
SET_UINT24(code(off), yieldIndex);
if (!yieldOffsetList.append(offset()))
return false;
return emit1(JSOP_DEBUGAFTERYIELD);
}
bool
BytecodeEmitter::emitSetThis(ParseNode* pn)
{
// PNK_SETTHIS is used to update |this| after a super() call in a derived
// class constructor.
MOZ_ASSERT(pn->isKind(PNK_SETTHIS));
MOZ_ASSERT(pn->pn_left->isKind(PNK_NAME));
RootedAtom name(cx, pn->pn_left->name());
auto emitRhs = [&name, pn](BytecodeEmitter* bce, const NameLocation&, bool) {
// Emit the new |this| value.
if (!bce->emitTree(pn->pn_right))
return false;
// Get the original |this| and throw if we already initialized
// it. Do *not* use the NameLocation argument, as that's the special
// lexical location below to deal with super() semantics.
if (!bce->emitGetName(name))
return false;
if (!bce->emit1(JSOP_CHECKTHISREINIT))
return false;
if (!bce->emit1(JSOP_POP))
return false;
return true;
};
// The 'this' binding is not lexical, but due to super() semantics this
// initialization needs to be treated as a lexical one.
NameLocation loc = lookupName(name);
NameLocation lexicalLoc;
if (loc.kind() == NameLocation::Kind::FrameSlot) {
lexicalLoc = NameLocation::FrameSlot(BindingKind::Let, loc.frameSlot());
} else if (loc.kind() == NameLocation::Kind::EnvironmentCoordinate) {
EnvironmentCoordinate coord = loc.environmentCoordinate();
uint8_t hops = AssertedCast<uint8_t>(coord.hops());
lexicalLoc = NameLocation::EnvironmentCoordinate(BindingKind::Let, hops, coord.slot());
} else {
MOZ_ASSERT(loc.kind() == NameLocation::Kind::Dynamic);
lexicalLoc = loc;
}
return emitSetOrInitializeNameAtLocation(name, lexicalLoc, emitRhs, true);
}
bool
BytecodeEmitter::emitScript(ParseNode* body)
{
TDZCheckCache tdzCache(this);
EmitterScope emitterScope(this);
if (sc->isGlobalContext()) {
switchToPrologue();
if (!emitterScope.enterGlobal(this, sc->asGlobalContext()))
return false;
switchToMain();
} else if (sc->isEvalContext()) {
switchToPrologue();
if (!emitterScope.enterEval(this, sc->asEvalContext()))
return false;
switchToMain();
} else {
MOZ_ASSERT(sc->isModuleContext());
if (!emitterScope.enterModule(this, sc->asModuleContext()))
return false;
}
setFunctionBodyEndPos(body->pn_pos);
if (sc->isEvalContext() && !sc->strict() &&
body->isKind(PNK_LEXICALSCOPE) && !body->isEmptyScope())
{
// Sloppy eval scripts may need to emit DEFFUNs in the prologue. If there is
// an immediately enclosed lexical scope, we need to enter the lexical
// scope in the prologue for the DEFFUNs to pick up the right
// environment chain.
EmitterScope lexicalEmitterScope(this);
switchToPrologue();
if (!lexicalEmitterScope.enterLexical(this, ScopeKind::Lexical, body->scopeBindings()))
return false;
switchToMain();
if (!emitLexicalScopeBody(body->scopeBody()))
return false;
if (!lexicalEmitterScope.leave(this))
return false;
} else {
if (!emitTree(body))
return false;
}
if (!emit1(JSOP_RETRVAL))
return false;
if (!emitterScope.leave(this))
return false;
if (!JSScript::fullyInitFromEmitter(cx, script, this))
return false;
// URL and source map information must be set before firing
// Debugger::onNewScript.
if (!maybeSetDisplayURL() || !maybeSetSourceMap())
return false;
tellDebuggerAboutCompiledScript(cx);
return true;
}
bool
BytecodeEmitter::emitFunctionScript(ParseNode* body)
{
FunctionBox* funbox = sc->asFunctionBox();
// The ordering of these EmitterScopes is important. The named lambda
// scope needs to enclose the function scope needs to enclose the extra
// var scope.
Maybe<EmitterScope> namedLambdaEmitterScope;
if (funbox->namedLambdaBindings()) {
namedLambdaEmitterScope.emplace(this);
if (!namedLambdaEmitterScope->enterNamedLambda(this, funbox))
return false;
}
/*
* Emit a prologue for run-once scripts which will deoptimize JIT code
* if the script ends up running multiple times via foo.caller related
* shenanigans.
*
* Also mark the script so that initializers created within it may be
* given more precise types.
*/
if (isRunOnceLambda()) {
script->setTreatAsRunOnce();
MOZ_ASSERT(!script->hasRunOnce());
switchToPrologue();
if (!emit1(JSOP_RUNONCE))
return false;
switchToMain();
}
setFunctionBodyEndPos(body->pn_pos);
if (!emitTree(body))
return false;
if (!updateSourceCoordNotes(body->pn_pos.end))
return false;
// Always end the script with a JSOP_RETRVAL. Some other parts of the
// codebase depend on this opcode,
// e.g. InterpreterRegs::setToEndOfScript.
if (!emit1(JSOP_RETRVAL))
return false;
if (namedLambdaEmitterScope) {
if (!namedLambdaEmitterScope->leave(this))
return false;
namedLambdaEmitterScope.reset();
}
if (!JSScript::fullyInitFromEmitter(cx, script, this))
return false;
// URL and source map information must be set before firing
// Debugger::onNewScript. Only top-level functions need this, as compiling
// the outer scripts of nested functions already processed the source.
if (emitterMode != LazyFunction && !parent) {
if (!maybeSetDisplayURL() || !maybeSetSourceMap())
return false;
tellDebuggerAboutCompiledScript(cx);
}
return true;
}
template <typename NameEmitter>
bool
BytecodeEmitter::emitDestructuringDeclsWithEmitter(ParseNode* pattern, NameEmitter emitName)
{
if (pattern->isKind(PNK_ARRAY)) {
for (ParseNode* element = pattern->pn_head; element; element = element->pn_next) {
if (element->isKind(PNK_ELISION))
continue;
ParseNode* target = element;
if (element->isKind(PNK_SPREAD)) {
target = element->pn_kid;
}
if (target->isKind(PNK_ASSIGN))
target = target->pn_left;
if (target->isKind(PNK_NAME)) {
if (!emitName(this, target))
return false;
} else {
if (!emitDestructuringDeclsWithEmitter(target, emitName))
return false;
}
}
return true;
}
MOZ_ASSERT(pattern->isKind(PNK_OBJECT));
for (ParseNode* member = pattern->pn_head; member; member = member->pn_next) {
MOZ_ASSERT(member->isKind(PNK_MUTATEPROTO) ||
member->isKind(PNK_COLON) ||
member->isKind(PNK_SHORTHAND));
ParseNode* target = member->isKind(PNK_MUTATEPROTO) ? member->pn_kid : member->pn_right;
if (target->isKind(PNK_ASSIGN))
target = target->pn_left;
if (target->isKind(PNK_NAME)) {
if (!emitName(this, target))
return false;
} else {
if (!emitDestructuringDeclsWithEmitter(target, emitName))
return false;
}
}
return true;
}
bool
BytecodeEmitter::emitDestructuringLHS(ParseNode* target, DestructuringFlavor flav)
{
// Now emit the lvalue opcode sequence. If the lvalue is a nested
// destructuring initialiser-form, call ourselves to handle it, then pop
// the matched value. Otherwise emit an lvalue bytecode sequence followed
// by an assignment op.
if (target->isKind(PNK_SPREAD))
target = target->pn_kid;
else if (target->isKind(PNK_ASSIGN))
target = target->pn_left;
if (target->isKind(PNK_ARRAY) || target->isKind(PNK_OBJECT)) {
if (!emitDestructuringOps(target, flav))
return false;
// Per its post-condition, emitDestructuringOps has left the
// to-be-destructured value on top of the stack.
if (!emit1(JSOP_POP))
return false;
} else {
switch (target->getKind()) {
case PNK_NAME: {
auto emitSwapScopeAndRhs = [](BytecodeEmitter* bce, const NameLocation&,
bool emittedBindOp)
{
if (emittedBindOp) {
// This is like ordinary assignment, but with one
// difference.
//
// In `a = b`, we first determine a binding for `a` (using
// JSOP_BINDNAME or JSOP_BINDGNAME), then we evaluate `b`,
// then a JSOP_SETNAME instruction.
//
// In `[a] = [b]`, per spec, `b` is evaluated first, then
// we determine a binding for `a`. Then we need to do
// assignment-- but the operands are on the stack in the
// wrong order for JSOP_SETPROP, so we have to add a
// JSOP_SWAP.
//
// In the cases where we are emitting a name op, emit a
// swap because of this.
return bce->emit1(JSOP_SWAP);
}
// In cases of emitting a frame slot or environment slot,
// nothing needs be done.
return true;
};
RootedAtom name(cx, target->name());
switch (flav) {
case DestructuringDeclaration:
if (!emitInitializeName(name, emitSwapScopeAndRhs))
return false;
break;
case DestructuringFormalParameterInVarScope: {
// If there's an parameter expression var scope, the
// destructuring declaration needs to initialize the name in
// the function scope. The innermost scope is the var scope,
// and its enclosing scope is the function scope.
EmitterScope* funScope = innermostEmitterScope->enclosingInFrame();
NameLocation paramLoc = *locationOfNameBoundInScope(name, funScope);
if (!emitSetOrInitializeNameAtLocation(name, paramLoc, emitSwapScopeAndRhs, true))
return false;
break;
}
case DestructuringAssignment:
if (!emitSetName(name, emitSwapScopeAndRhs))
return false;
break;
}
break;
}
case PNK_DOT: {
// See the (PNK_NAME, JSOP_SETNAME) case above.
//
// In `a.x = b`, `a` is evaluated first, then `b`, then a
// JSOP_SETPROP instruction.
//
// In `[a.x] = [b]`, per spec, `b` is evaluated before `a`. Then we
// need a property set -- but the operands are on the stack in the
// wrong order for JSOP_SETPROP, so we have to add a JSOP_SWAP.
JSOp setOp;
if (target->as<PropertyAccess>().isSuper()) {
if (!emitSuperPropLHS(&target->as<PropertyAccess>().expression()))
return false;
if (!emit2(JSOP_PICK, 2))
return false;
setOp = sc->strict() ? JSOP_STRICTSETPROP_SUPER : JSOP_SETPROP_SUPER;
} else {
if (!emitTree(target->pn_expr))
return false;
if (!emit1(JSOP_SWAP))
return false;
setOp = sc->strict() ? JSOP_STRICTSETPROP : JSOP_SETPROP;
}
if (!emitAtomOp(target, setOp))
return false;
break;
}
case PNK_ELEM: {
// See the comment at `case PNK_DOT:` above. This case,
// `[a[x]] = [b]`, is handled much the same way. The JSOP_SWAP
// is emitted by emitElemOperands.
if (target->as<PropertyByValue>().isSuper()) {
JSOp setOp = sc->strict() ? JSOP_STRICTSETELEM_SUPER : JSOP_SETELEM_SUPER;
if (!emitSuperElemOp(target, setOp))
return false;
} else {
JSOp setOp = sc->strict() ? JSOP_STRICTSETELEM : JSOP_SETELEM;
if (!emitElemOp(target, setOp))
return false;
}
break;
}
case PNK_CALL:
MOZ_ASSERT_UNREACHABLE("Parser::reportIfNotValidSimpleAssignmentTarget "
"rejects function calls as assignment "
"targets in destructuring assignments");
break;
default:
MOZ_CRASH("emitDestructuringLHS: bad lhs kind");
}
// Pop the assigned value.
if (!emit1(JSOP_POP))
return false;
}
return true;
}
bool
BytecodeEmitter::emitConditionallyExecutedDestructuringLHS(ParseNode* target, DestructuringFlavor flav)
{
TDZCheckCache tdzCache(this);
return emitDestructuringLHS(target, flav);
}
bool
BytecodeEmitter::emitIteratorNext(ParseNode* pn, bool allowSelfHosted)
{
MOZ_ASSERT(allowSelfHosted || emitterMode != BytecodeEmitter::SelfHosting,
".next() iteration is prohibited in self-hosted code because it "
"can run user-modifiable iteration code");
if (!emit1(JSOP_DUP)) // ... ITER ITER
return false;
if (!emitAtomOp(cx->names().next, JSOP_CALLPROP)) // ... ITER NEXT
return false;
if (!emit1(JSOP_SWAP)) // ... NEXT ITER
return false;
if (!emitCall(JSOP_CALL, 0, pn)) // ... RESULT
return false;
if (!emitCheckIsObj(CheckIsObjectKind::IteratorNext)) // ... RESULT
return false;
checkTypeSet(JSOP_CALL);
return true;
}
bool
BytecodeEmitter::emitDefault(ParseNode* defaultExpr)
{
if (!emit1(JSOP_DUP)) // VALUE VALUE
return false;
if (!emit1(JSOP_UNDEFINED)) // VALUE VALUE UNDEFINED
return false;
if (!emit1(JSOP_STRICTEQ)) // VALUE EQL?
return false;
// Emit source note to enable ion compilation.
if (!newSrcNote(SRC_IF))
return false;
JumpList jump;
if (!emitJump(JSOP_IFEQ, &jump)) // VALUE
return false;
if (!emit1(JSOP_POP)) // .
return false;
if (!emitConditionallyExecutedTree(defaultExpr)) // DEFAULTVALUE
return false;
if (!emitJumpTargetAndPatch(jump))
return false;
return true;
}
class MOZ_STACK_CLASS IfThenElseEmitter
{
BytecodeEmitter* bce_;
JumpList jumpAroundThen_;
JumpList jumpsAroundElse_;
unsigned noteIndex_;
int32_t thenDepth_;
#ifdef DEBUG
int32_t pushed_;
bool calculatedPushed_;
#endif
enum State {
Start,
If,
Cond,
IfElse,
Else,
End
};
State state_;
public:
explicit IfThenElseEmitter(BytecodeEmitter* bce)
: bce_(bce),
noteIndex_(-1),
thenDepth_(0),
#ifdef DEBUG
pushed_(0),
calculatedPushed_(false),
#endif
state_(Start)
{}
~IfThenElseEmitter()
{}
private:
bool emitIf(State nextState) {
MOZ_ASSERT(state_ == Start || state_ == Else);
MOZ_ASSERT(nextState == If || nextState == IfElse || nextState == Cond);
// Clear jumpAroundThen_ offset that points previous JSOP_IFEQ.
if (state_ == Else)
jumpAroundThen_ = JumpList();
// Emit an annotated branch-if-false around the then part.
SrcNoteType type = nextState == If ? SRC_IF : nextState == IfElse ? SRC_IF_ELSE : SRC_COND;
if (!bce_->newSrcNote(type, ¬eIndex_))
return false;
if (!bce_->emitJump(JSOP_IFEQ, &jumpAroundThen_))
return false;
// To restore stack depth in else part, save depth of the then part.
#ifdef DEBUG
// If DEBUG, this is also necessary to calculate |pushed_|.
thenDepth_ = bce_->stackDepth;
#else
if (nextState == IfElse || nextState == Cond)
thenDepth_ = bce_->stackDepth;
#endif
state_ = nextState;
return true;
}
public:
bool emitIf() {
return emitIf(If);
}
bool emitCond() {
return emitIf(Cond);
}
bool emitIfElse() {
return emitIf(IfElse);
}
bool emitElse() {
MOZ_ASSERT(state_ == IfElse || state_ == Cond);
calculateOrCheckPushed();
// Emit a jump from the end of our then part around the else part. The
// patchJumpsToTarget call at the bottom of this function will fix up
// the offset with jumpsAroundElse value.
if (!bce_->emitJump(JSOP_GOTO, &jumpsAroundElse_))
return false;
// Ensure the branch-if-false comes here, then emit the else.
if (!bce_->emitJumpTargetAndPatch(jumpAroundThen_))
return false;
// Annotate SRC_IF_ELSE or SRC_COND with the offset from branch to
// jump, for IonMonkey's benefit. We can't just "back up" from the pc
// of the else clause, because we don't know whether an extended
// jump was required to leap from the end of the then clause over
// the else clause.
if (!bce_->setSrcNoteOffset(noteIndex_, 0,
jumpsAroundElse_.offset - jumpAroundThen_.offset))
{
return false;
}
// Restore stack depth of the then part.
bce_->stackDepth = thenDepth_;
state_ = Else;
return true;
}
bool emitEnd() {
MOZ_ASSERT(state_ == If || state_ == Else);
calculateOrCheckPushed();
if (state_ == If) {
// No else part, fixup the branch-if-false to come here.
if (!bce_->emitJumpTargetAndPatch(jumpAroundThen_))
return false;
}
// Patch all the jumps around else parts.
if (!bce_->emitJumpTargetAndPatch(jumpsAroundElse_))
return false;
state_ = End;
return true;
}
void calculateOrCheckPushed() {
#ifdef DEBUG
if (!calculatedPushed_) {
pushed_ = bce_->stackDepth - thenDepth_;
calculatedPushed_ = true;
} else {
MOZ_ASSERT(pushed_ == bce_->stackDepth - thenDepth_);
}
#endif
}
#ifdef DEBUG
int32_t pushed() const {
return pushed_;
}
int32_t popped() const {
return -pushed_;
}
#endif
};
bool
BytecodeEmitter::emitDestructuringOpsArray(ParseNode* pattern, DestructuringFlavor flav)
{
MOZ_ASSERT(pattern->isKind(PNK_ARRAY));
MOZ_ASSERT(pattern->isArity(PN_LIST));
MOZ_ASSERT(this->stackDepth != 0);
// Here's pseudo code for |let [a, b, , c=y, ...d] = x;|
//
// let x, y;
// let a, b, c, d;
// let tmp, done, iter, result; // stack values
//
// iter = x[Symbol.iterator]();
//
// // ==== emitted by loop for a ====
// result = iter.next();
// done = result.done;
//
// if (done) {
// a = undefined;
//
// result = undefined;
// done = true;
// } else {
// a = result.value;
//
// // Do next element's .next() and .done access here
// result = iter.next();
// done = result.done;
// }
//
// // ==== emitted by loop for b ====
// if (done) {
// b = undefined;
//
// result = undefined;
// done = true;
// } else {
// b = result.value;
//
// result = iter.next();
// done = result.done;
// }
//
// // ==== emitted by loop for elision ====
// if (done) {
// result = undefined
// done = true
// } else {
// result.value;
//
// result = iter.next();
// done = result.done;
// }
//
// // ==== emitted by loop for c ====
// if (done) {
// c = y;
// } else {
// tmp = result.value;
// if (tmp === undefined)
// tmp = y;
// c = tmp;
//
// // Don't do next element's .next() and .done access if
// // this is the last non-spread element.
// }
//
// // ==== emitted by loop for d ====
// if (done) {
// // Assing empty array when completed
// d = [];
// } else {
// d = [...iter];
// }
/*
* Use an iterator to destructure the RHS, instead of index lookup. We
* must leave the *original* value on the stack.
*/
if (!emit1(JSOP_DUP)) // ... OBJ OBJ
return false;
if (!emitIterator()) // ... OBJ? ITER
return false;
bool needToPopIterator = true;
for (ParseNode* member = pattern->pn_head; member; member = member->pn_next) {
bool isHead = member == pattern->pn_head;
if (member->isKind(PNK_SPREAD)) {
IfThenElseEmitter ifThenElse(this);
if (!isHead) {
// If spread is not the first element of the pattern,
// iterator can already be completed.
if (!ifThenElse.emitIfElse()) // ... OBJ? ITER
return false;
if (!emit1(JSOP_POP)) // ... OBJ?
return false;
if (!emitUint32Operand(JSOP_NEWARRAY, 0)) // ... OBJ? ARRAY
return false;
if (!emitConditionallyExecutedDestructuringLHS(member, flav)) // ... OBJ?
return false;
if (!ifThenElse.emitElse()) // ... OBJ? ITER
return false;
}
// If iterator is not completed, create a new array with the rest
// of the iterator.
if (!emitUint32Operand(JSOP_NEWARRAY, 0)) // ... OBJ? ITER ARRAY
return false;
if (!emitNumberOp(0)) // ... OBJ? ITER ARRAY INDEX
return false;
if (!emitSpread()) // ... OBJ? ARRAY INDEX
return false;
if (!emit1(JSOP_POP)) // ... OBJ? ARRAY
return false;
if (!emitConditionallyExecutedDestructuringLHS(member, flav)) // ... OBJ?
return false;
if (!isHead) {
if (!ifThenElse.emitEnd())
return false;
MOZ_ASSERT(ifThenElse.popped() == 1);
}
needToPopIterator = false;
MOZ_ASSERT(!member->pn_next);
break;
}
ParseNode* pndefault = nullptr;
ParseNode* subpattern = member;
if (subpattern->isKind(PNK_ASSIGN)) {
pndefault = subpattern->pn_right;
subpattern = subpattern->pn_left;
}
bool isElision = subpattern->isKind(PNK_ELISION);
bool hasNextNonSpread = member->pn_next && !member->pn_next->isKind(PNK_SPREAD);
bool hasNextSpread = member->pn_next && member->pn_next->isKind(PNK_SPREAD);
MOZ_ASSERT(!subpattern->isKind(PNK_SPREAD));
auto emitNext = [pattern](ExclusiveContext* cx, BytecodeEmitter* bce) {
if (!bce->emit1(JSOP_DUP)) // ... OBJ? ITER ITER
return false;
if (!bce->emitIteratorNext(pattern)) // ... OBJ? ITER RESULT
return false;
if (!bce->emit1(JSOP_DUP)) // ... OBJ? ITER RESULT RESULT
return false;
if (!bce->emitAtomOp(cx->names().done, JSOP_GETPROP)) // ... OBJ? ITER RESULT DONE?
return false;
return true;
};
if (isHead) {
if (!emitNext(cx, this)) // ... OBJ? ITER RESULT DONE?
return false;
}
IfThenElseEmitter ifThenElse(this);
if (!ifThenElse.emitIfElse()) // ... OBJ? ITER RESULT
return false;
if (!emit1(JSOP_POP)) // ... OBJ? ITER
return false;
if (pndefault) {
// Emit only pndefault tree here, as undefined check in emitDefault
// should always be true.
if (!emitConditionallyExecutedTree(pndefault)) // ... OBJ? ITER VALUE
return false;
} else {
if (!isElision) {
if (!emit1(JSOP_UNDEFINED)) // ... OBJ? ITER UNDEFINED
return false;
if (!emit1(JSOP_NOP_DESTRUCTURING))
return false;
}
}
if (!isElision) {
if (!emitConditionallyExecutedDestructuringLHS(subpattern, flav)) // ... OBJ? ITER
return false;
} else if (pndefault) {
if (!emit1(JSOP_POP)) // ... OBJ? ITER
return false;
}
// Setup next element's result when the iterator is done.
if (hasNextNonSpread) {
if (!emit1(JSOP_UNDEFINED)) // ... OBJ? ITER RESULT
return false;
if (!emit1(JSOP_NOP_DESTRUCTURING))
return false;
if (!emit1(JSOP_TRUE)) // ... OBJ? ITER RESULT DONE?
return false;
} else if (hasNextSpread) {
if (!emit1(JSOP_TRUE)) // ... OBJ? ITER DONE?
return false;
}
if (!ifThenElse.emitElse()) // ... OBJ? ITER RESULT
return false;
if (!emitAtomOp(cx->names().value, JSOP_GETPROP)) // ... OBJ? ITER VALUE
return false;
if (pndefault) {
if (!emitDefault(pndefault)) // ... OBJ? ITER VALUE
return false;
}
if (!isElision) {
if (!emitConditionallyExecutedDestructuringLHS(subpattern, flav)) // ... OBJ? ITER
return false;
} else {
if (!emit1(JSOP_POP)) // ... OBJ? ITER
return false;
}
// Setup next element's result when the iterator is not done.
if (hasNextNonSpread) {
if (!emitNext(cx, this)) // ... OBJ? ITER RESULT DONE?
return false;
} else if (hasNextSpread) {
if (!emit1(JSOP_FALSE)) // ... OBJ? ITER DONE?
return false;
}
if (!ifThenElse.emitEnd())
return false;
if (hasNextNonSpread)
MOZ_ASSERT(ifThenElse.pushed() == 1);
else if (hasNextSpread)
MOZ_ASSERT(ifThenElse.pushed() == 0);
else
MOZ_ASSERT(ifThenElse.popped() == 1);
}
if (needToPopIterator) {
if (!emit1(JSOP_POP)) // ... OBJ?
return false;
}
return true;
}
bool
BytecodeEmitter::emitComputedPropertyName(ParseNode* computedPropName)
{
MOZ_ASSERT(computedPropName->isKind(PNK_COMPUTED_NAME));
return emitTree(computedPropName->pn_kid) && emit1(JSOP_TOID);
}
bool
BytecodeEmitter::emitDestructuringOpsObject(ParseNode* pattern, DestructuringFlavor flav)
{
MOZ_ASSERT(pattern->isKind(PNK_OBJECT));
MOZ_ASSERT(pattern->isArity(PN_LIST));
MOZ_ASSERT(this->stackDepth > 0); // ... RHS
if (!emitRequireObjectCoercible()) // ... RHS
return false;
for (ParseNode* member = pattern->pn_head; member; member = member->pn_next) {
// Duplicate the value being destructured to use as a reference base.
if (!emit1(JSOP_DUP)) // ... RHS RHS
return false;
// Now push the property name currently being matched, which is the
// current property name "label" on the left of a colon in the object
// initialiser.
bool needsGetElem = true;
ParseNode* subpattern;
if (member->isKind(PNK_MUTATEPROTO)) {
if (!emitAtomOp(cx->names().proto, JSOP_GETPROP)) // ... RHS PROP
return false;
needsGetElem = false;
subpattern = member->pn_kid;
} else {
MOZ_ASSERT(member->isKind(PNK_COLON) || member->isKind(PNK_SHORTHAND));
ParseNode* key = member->pn_left;
if (key->isKind(PNK_NUMBER)) {
if (!emitNumberOp(key->pn_dval)) // ... RHS RHS KEY
return false;
} else if (key->isKind(PNK_OBJECT_PROPERTY_NAME) || key->isKind(PNK_STRING)) {
PropertyName* name = key->pn_atom->asPropertyName();
// The parser already checked for atoms representing indexes and
// used PNK_NUMBER instead, but also watch for ids which TI treats
// as indexes for simplification of downstream analysis.
jsid id = NameToId(name);
if (id != IdToTypeId(id)) {
if (!emitTree(key)) // ... RHS RHS KEY
return false;
} else {
if (!emitAtomOp(name, JSOP_GETPROP)) // ...RHS PROP
return false;
needsGetElem = false;
}
} else {
if (!emitComputedPropertyName(key)) // ... RHS RHS KEY
return false;
}
subpattern = member->pn_right;
}
// Get the property value if not done already.
if (needsGetElem && !emitElemOpBase(JSOP_GETELEM)) // ... RHS PROP
return false;
if (subpattern->isKind(PNK_ASSIGN)) {
if (!emitDefault(subpattern->pn_right))
return false;
subpattern = subpattern->pn_left;
}
// Destructure PROP per this member's subpattern.
if (!emitDestructuringLHS(subpattern, flav))
return false;
}
return true;
}
bool
BytecodeEmitter::emitDestructuringOps(ParseNode* pattern, DestructuringFlavor flav)
{
if (pattern->isKind(PNK_ARRAY))
return emitDestructuringOpsArray(pattern, flav);
return emitDestructuringOpsObject(pattern, flav);
}
bool
BytecodeEmitter::emitTemplateString(ParseNode* pn)
{
MOZ_ASSERT(pn->isArity(PN_LIST));
bool pushedString = false;
for (ParseNode* pn2 = pn->pn_head; pn2 != NULL; pn2 = pn2->pn_next) {
bool isString = (pn2->getKind() == PNK_STRING || pn2->getKind() == PNK_TEMPLATE_STRING);
// Skip empty strings. These are very common: a template string like
// `${a}${b}` has three empty strings and without this optimization
// we'd emit four JSOP_ADD operations instead of just one.
if (isString && pn2->pn_atom->empty())
continue;
if (!isString) {
// We update source notes before emitting the expression
if (!updateSourceCoordNotes(pn2->pn_pos.begin))
return false;
}
if (!emitTree(pn2))
return false;
if (!isString) {
// We need to convert the expression to a string
if (!emit1(JSOP_TOSTRING))
return false;
}
if (pushedString) {
// We've pushed two strings onto the stack. Add them together, leaving just one.
if (!emit1(JSOP_ADD))
return false;
} else {
pushedString = true;
}
}
if (!pushedString) {
// All strings were empty, this can happen for something like `${""}`.
// Just push an empty string.
if (!emitAtomOp(cx->names().empty, JSOP_STRING))
return false;
}
return true;
}
bool
BytecodeEmitter::emitDeclarationList(ParseNode* declList)
{
MOZ_ASSERT(declList->isArity(PN_LIST));
ParseNode* next;
for (ParseNode* decl = declList->pn_head; decl; decl = next) {
if (!updateSourceCoordNotes(decl->pn_pos.begin))
return false;
next = decl->pn_next;
if (decl->isKind(PNK_ASSIGN)) {
MOZ_ASSERT(decl->isOp(JSOP_NOP));
ParseNode* pattern = decl->pn_left;
MOZ_ASSERT(pattern->isKind(PNK_ARRAY) || pattern->isKind(PNK_OBJECT));
if (!emitTree(decl->pn_right))
return false;
if (!emitDestructuringOps(pattern, DestructuringDeclaration))
return false;
if (!emit1(JSOP_POP))
return false;
} else {
if (!emitSingleDeclaration(declList, decl, decl->expr()))
return false;
}
}
return true;
}
bool
BytecodeEmitter::emitSingleDeclaration(ParseNode* declList, ParseNode* decl,
ParseNode* initializer)
{
MOZ_ASSERT(decl->isKind(PNK_NAME));
// Nothing to do for initializer-less 'var' declarations, as there's no TDZ.
if (!initializer && declList->isKind(PNK_VAR))
return true;
auto emitRhs = [initializer, declList](BytecodeEmitter* bce, const NameLocation&, bool) {
if (!initializer) {
// Lexical declarations are initialized to undefined without an
// initializer.
MOZ_ASSERT(declList->isKind(PNK_LET),
"var declarations without initializers handled above, "
"and const declarations must have initializers");
return bce->emit1(JSOP_UNDEFINED);
}
MOZ_ASSERT(initializer);
return bce->emitTree(initializer);
};
if (!emitInitializeName(decl, emitRhs))
return false;
// Pop the RHS.
return emit1(JSOP_POP);
}
static bool
EmitAssignmentRhs(BytecodeEmitter* bce, ParseNode* rhs, uint8_t offset)
{
// If there is a RHS tree, emit the tree.
if (rhs)
return bce->emitTree(rhs);
// Otherwise the RHS value to assign is already on the stack, i.e., the
// next enumeration value in a for-in or for-of loop. Depending on how
// many other values have been pushed on the stack, we need to get the
// already-pushed RHS value.
if (offset != 1 && !bce->emit2(JSOP_PICK, offset - 1))
return false;
return true;
}
bool
BytecodeEmitter::emitAssignment(ParseNode* lhs, JSOp op, ParseNode* rhs)
{
// Name assignments are handled separately because choosing ops and when
// to emit BINDNAME is involved and should avoid duplication.
if (lhs->isKind(PNK_NAME)) {
auto emitRhs = [op, lhs, rhs](BytecodeEmitter* bce, const NameLocation& lhsLoc,
bool emittedBindOp)
{
// For compound assignments, first get the LHS value, then emit
// the RHS and the op.
if (op != JSOP_NOP) {
if (lhsLoc.kind() == NameLocation::Kind::Dynamic) {
// For dynamic accesses we can do better than a GETNAME
// since the assignment already emitted a BINDNAME on the
// top of the stack. As an optimization, use that to get
// the name.
if (!bce->emit1(JSOP_DUP))
return false;
if (!bce->emitAtomOp(lhs, JSOP_GETXPROP))
return false;
} else {
if (!bce->emitGetNameAtLocation(lhs->name(), lhsLoc))
return false;
}
}
// Emit the RHS. If we emitted a BIND[G]NAME, then the scope is on
// the top of the stack and we need to pick the right RHS value.
if (!EmitAssignmentRhs(bce, rhs, emittedBindOp ? 2 : 1))
return false;
// Emit the compound assignment op if there is one.
if (op != JSOP_NOP && !bce->emit1(op))
return false;
return true;
};
return emitSetName(lhs, emitRhs);
}
// Deal with non-name assignments.
uint32_t atomIndex = (uint32_t) -1;
uint8_t offset = 1;
switch (lhs->getKind()) {
case PNK_DOT:
if (lhs->as<PropertyAccess>().isSuper()) {
if (!emitSuperPropLHS(&lhs->as<PropertyAccess>().expression()))
return false;
offset += 2;
} else {
if (!emitTree(lhs->expr()))
return false;
offset += 1;
}
if (!makeAtomIndex(lhs->pn_atom, &atomIndex))
return false;
break;
case PNK_ELEM: {
MOZ_ASSERT(lhs->isArity(PN_BINARY));
EmitElemOption opt = op == JSOP_NOP ? EmitElemOption::Get : EmitElemOption::CompoundAssign;
if (lhs->as<PropertyByValue>().isSuper()) {
if (!emitSuperElemOperands(lhs, opt))
return false;
offset += 3;
} else {
if (!emitElemOperands(lhs, opt))
return false;
offset += 2;
}
break;
}
case PNK_ARRAY:
case PNK_OBJECT:
break;
case PNK_CALL:
if (!emitTree(lhs))
return false;
// Assignment to function calls is forbidden, but we have to make the
// call first. Now we can throw.
if (!emitUint16Operand(JSOP_THROWMSG, JSMSG_BAD_LEFTSIDE_OF_ASS))
return false;
// Rebalance the stack to placate stack-depth assertions.
if (!emit1(JSOP_POP))
return false;
break;
default:
MOZ_ASSERT(0);
}
if (op != JSOP_NOP) {
MOZ_ASSERT(rhs);
switch (lhs->getKind()) {
case PNK_DOT: {
JSOp getOp;
if (lhs->as<PropertyAccess>().isSuper()) {
if (!emit1(JSOP_DUP2))
return false;
getOp = JSOP_GETPROP_SUPER;
} else {
if (!emit1(JSOP_DUP))
return false;
bool isLength = (lhs->pn_atom == cx->names().length);
getOp = isLength ? JSOP_LENGTH : JSOP_GETPROP;
}
if (!emitIndex32(getOp, atomIndex))
return false;
break;
}
case PNK_ELEM: {
JSOp elemOp;
if (lhs->as<PropertyByValue>().isSuper()) {
if (!emitDupAt(2))
return false;
if (!emitDupAt(2))
return false;
if (!emitDupAt(2))
return false;
elemOp = JSOP_GETELEM_SUPER;
} else {
if (!emit1(JSOP_DUP2))
return false;
elemOp = JSOP_GETELEM;
}
if (!emitElemOpBase(elemOp))
return false;
break;
}
case PNK_CALL:
// We just emitted a JSOP_THROWMSG and popped the call's return
// value. Push a random value to make sure the stack depth is
// correct.
if (!emit1(JSOP_NULL))
return false;
break;
default:;
}
}
if (!EmitAssignmentRhs(this, rhs, offset))
return false;
/* If += etc., emit the binary operator with a source note. */
if (op != JSOP_NOP) {
if (!newSrcNote(SRC_ASSIGNOP))
return false;
if (!emit1(op))
return false;
}
/* Finally, emit the specialized assignment bytecode. */
switch (lhs->getKind()) {
case PNK_DOT: {
JSOp setOp = lhs->as<PropertyAccess>().isSuper() ?
(sc->strict() ? JSOP_STRICTSETPROP_SUPER : JSOP_SETPROP_SUPER) :
(sc->strict() ? JSOP_STRICTSETPROP : JSOP_SETPROP);
if (!emitIndexOp(setOp, atomIndex))
return false;
break;
}
case PNK_CALL:
// We threw above, so nothing to do here.
break;
case PNK_ELEM: {
JSOp setOp = lhs->as<PropertyByValue>().isSuper() ?
sc->strict() ? JSOP_STRICTSETELEM_SUPER : JSOP_SETELEM_SUPER :
sc->strict() ? JSOP_STRICTSETELEM : JSOP_SETELEM;
if (!emit1(setOp))
return false;
break;
}
case PNK_ARRAY:
case PNK_OBJECT:
if (!emitDestructuringOps(lhs, DestructuringAssignment))
return false;
break;
default:
MOZ_ASSERT(0);
}
return true;
}
bool
ParseNode::getConstantValue(ExclusiveContext* cx, AllowConstantObjects allowObjects,
MutableHandleValue vp, Value* compare, size_t ncompare,
NewObjectKind newKind)
{
MOZ_ASSERT(newKind == TenuredObject || newKind == SingletonObject);
switch (getKind()) {
case PNK_NUMBER:
vp.setNumber(pn_dval);
return true;
case PNK_TEMPLATE_STRING:
case PNK_STRING:
vp.setString(pn_atom);
return true;
case PNK_TRUE:
vp.setBoolean(true);
return true;
case PNK_FALSE:
vp.setBoolean(false);
return true;
case PNK_NULL:
vp.setNull();
return true;
case PNK_CALLSITEOBJ:
case PNK_ARRAY: {
unsigned count;
ParseNode* pn;
if (allowObjects == DontAllowObjects) {
vp.setMagic(JS_GENERIC_MAGIC);
return true;
}
ObjectGroup::NewArrayKind arrayKind = ObjectGroup::NewArrayKind::Normal;
if (allowObjects == ForCopyOnWriteArray) {
arrayKind = ObjectGroup::NewArrayKind::CopyOnWrite;
allowObjects = DontAllowObjects;
}
if (getKind() == PNK_CALLSITEOBJ) {
count = pn_count - 1;
pn = pn_head->pn_next;
} else {
MOZ_ASSERT(isOp(JSOP_NEWINIT) && !(pn_xflags & PNX_NONCONST));
count = pn_count;
pn = pn_head;
}
AutoValueVector values(cx);
if (!values.appendN(MagicValue(JS_ELEMENTS_HOLE), count))
return false;
size_t idx;
for (idx = 0; pn; idx++, pn = pn->pn_next) {
if (!pn->getConstantValue(cx, allowObjects, values[idx], values.begin(), idx))
return false;
if (values[idx].isMagic(JS_GENERIC_MAGIC)) {
vp.setMagic(JS_GENERIC_MAGIC);
return true;
}
}
MOZ_ASSERT(idx == count);
JSObject* obj = ObjectGroup::newArrayObject(cx, values.begin(), values.length(),
newKind, arrayKind);
if (!obj)
return false;
if (!CombineArrayElementTypes(cx, obj, compare, ncompare))
return false;
vp.setObject(*obj);
return true;
}
case PNK_OBJECT: {
MOZ_ASSERT(isOp(JSOP_NEWINIT));
MOZ_ASSERT(!(pn_xflags & PNX_NONCONST));
if (allowObjects == DontAllowObjects) {
vp.setMagic(JS_GENERIC_MAGIC);
return true;
}
MOZ_ASSERT(allowObjects == AllowObjects);
Rooted<IdValueVector> properties(cx, IdValueVector(cx));
RootedValue value(cx), idvalue(cx);
for (ParseNode* pn = pn_head; pn; pn = pn->pn_next) {
if (!pn->pn_right->getConstantValue(cx, allowObjects, &value))
return false;
if (value.isMagic(JS_GENERIC_MAGIC)) {
vp.setMagic(JS_GENERIC_MAGIC);
return true;
}
ParseNode* pnid = pn->pn_left;
if (pnid->isKind(PNK_NUMBER)) {
idvalue = NumberValue(pnid->pn_dval);
} else {
MOZ_ASSERT(pnid->isKind(PNK_OBJECT_PROPERTY_NAME) || pnid->isKind(PNK_STRING));
MOZ_ASSERT(pnid->pn_atom != cx->names().proto);
idvalue = StringValue(pnid->pn_atom);
}
RootedId id(cx);
if (!ValueToId<CanGC>(cx, idvalue, &id))
return false;
if (!properties.append(IdValuePair(id, value)))
return false;
}
JSObject* obj = ObjectGroup::newPlainObject(cx, properties.begin(), properties.length(),
newKind);
if (!obj)
return false;
if (!CombinePlainObjectPropertyTypes(cx, obj, compare, ncompare))
return false;
vp.setObject(*obj);
return true;
}
default:
MOZ_CRASH("Unexpected node");
}
return false;
}
bool
BytecodeEmitter::emitSingletonInitialiser(ParseNode* pn)
{
NewObjectKind newKind = (pn->getKind() == PNK_OBJECT) ? SingletonObject : TenuredObject;
RootedValue value(cx);
if (!pn->getConstantValue(cx, ParseNode::AllowObjects, &value, nullptr, 0, newKind))
return false;
MOZ_ASSERT_IF(newKind == SingletonObject, value.toObject().isSingleton());
ObjectBox* objbox = parser->newObjectBox(&value.toObject());
if (!objbox)
return false;
return emitObjectOp(objbox, JSOP_OBJECT);
}
bool
BytecodeEmitter::emitCallSiteObject(ParseNode* pn)
{
RootedValue value(cx);
if (!pn->getConstantValue(cx, ParseNode::AllowObjects, &value))
return false;
MOZ_ASSERT(value.isObject());
ObjectBox* objbox1 = parser->newObjectBox(&value.toObject());
if (!objbox1)
return false;
if (!pn->as<CallSiteNode>().getRawArrayValue(cx, &value))
return false;
MOZ_ASSERT(value.isObject());
ObjectBox* objbox2 = parser->newObjectBox(&value.toObject());
if (!objbox2)
return false;
return emitObjectPairOp(objbox1, objbox2, JSOP_CALLSITEOBJ);
}
/* See the SRC_FOR source note offsetBias comments later in this file. */
JS_STATIC_ASSERT(JSOP_NOP_LENGTH == 1);
JS_STATIC_ASSERT(JSOP_POP_LENGTH == 1);
namespace {
class EmitLevelManager
{
BytecodeEmitter* bce;
public:
explicit EmitLevelManager(BytecodeEmitter* bce) : bce(bce) { bce->emitLevel++; }
~EmitLevelManager() { bce->emitLevel--; }
};
} /* anonymous namespace */
bool
BytecodeEmitter::emitCatch(ParseNode* pn)
{
// We must be nested under a try-finally statement.
TryFinallyControl& controlInfo = innermostNestableControl->as<TryFinallyControl>();
/* Pick up the pending exception and bind it to the catch variable. */
if (!emit1(JSOP_EXCEPTION))
return false;
/*
* Dup the exception object if there is a guard for rethrowing to use
* it later when rethrowing or in other catches.
*/
if (pn->pn_kid2 && !emit1(JSOP_DUP))
return false;
ParseNode* pn2 = pn->pn_kid1;
switch (pn2->getKind()) {
case PNK_ARRAY:
case PNK_OBJECT:
if (!emitDestructuringOps(pn2, DestructuringDeclaration))
return false;
if (!emit1(JSOP_POP))
return false;
break;
case PNK_NAME:
if (!emitLexicalInitialization(pn2))
return false;
if (!emit1(JSOP_POP))
return false;
break;
default:
MOZ_ASSERT(0);
}
// If there is a guard expression, emit it and arrange to jump to the next
// catch block if the guard expression is false.
if (pn->pn_kid2) {
if (!emitTree(pn->pn_kid2))
return false;
// If the guard expression is false, fall through, pop the block scope,
// and jump to the next catch block. Otherwise jump over that code and
// pop the dupped exception.
JumpList guardCheck;
if (!emitJump(JSOP_IFNE, &guardCheck))
return false;
{
NonLocalExitControl nle(this);
// Move exception back to cx->exception to prepare for
// the next catch.
if (!emit1(JSOP_THROWING))
return false;
// Leave the scope for this catch block.
if (!nle.prepareForNonLocalJump(&controlInfo))
return false;
// Jump to the next handler added by emitTry.
if (!emitJump(JSOP_GOTO, &controlInfo.guardJump))
return false;
}
// Back to normal control flow.
if (!emitJumpTargetAndPatch(guardCheck))
return false;
// Pop duplicated exception object as we no longer need it.
if (!emit1(JSOP_POP))
return false;
}
/* Emit the catch body. */
return emitTree(pn->pn_kid3);
}
// Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See the
// comment on EmitSwitch.
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitTry(ParseNode* pn)
{
// Track jumps-over-catches and gosubs-to-finally for later fixup.
//
// When a finally block is active, non-local jumps (including
// jumps-over-catches) result in a GOSUB being written into the bytecode
// stream and fixed-up later.
//
TryFinallyControl controlInfo(this, pn->pn_kid3 ? StatementKind::Finally : StatementKind::Try);
// Since an exception can be thrown at any place inside the try block,
// we need to restore the stack and the scope chain before we transfer
// the control to the exception handler.
//
// For that we store in a try note associated with the catch or
// finally block the stack depth upon the try entry. The interpreter
// uses this depth to properly unwind the stack and the scope chain.
//
int depth = stackDepth;
// Record the try location, then emit the try block.
unsigned noteIndex;
if (!newSrcNote(SRC_TRY, ¬eIndex))
return false;
if (!emit1(JSOP_TRY))
return false;
ptrdiff_t tryStart = offset();
if (!emitTree(pn->pn_kid1))
return false;
MOZ_ASSERT(depth == stackDepth);
// GOSUB to finally, if present.
if (pn->pn_kid3) {
if (!emitJump(JSOP_GOSUB, &controlInfo.gosubs))
return false;
}
// Source note points to the jump at the end of the try block.
if (!setSrcNoteOffset(noteIndex, 0, offset() - tryStart + JSOP_TRY_LENGTH))
return false;
// Emit jump over catch and/or finally.
JumpList catchJump;
if (!emitJump(JSOP_GOTO, &catchJump))
return false;
JumpTarget tryEnd;
if (!emitJumpTarget(&tryEnd))
return false;
// If this try has a catch block, emit it.
ParseNode* catchList = pn->pn_kid2;
if (catchList) {
MOZ_ASSERT(catchList->isKind(PNK_CATCHLIST));
// The emitted code for a catch block looks like:
//
// [pushlexicalenv] only if any local aliased
// exception
// if there is a catchguard:
// dup
// setlocal 0; pop assign or possibly destructure exception
// if there is a catchguard:
// < catchguard code >
// ifne POST
// debugleaveblock
// [poplexicalenv] only if any local aliased
// throwing pop exception to cx->exception
// goto <next catch block>
// POST: pop
// < catch block contents >
// debugleaveblock
// [poplexicalenv] only if any local aliased
// goto <end of catch blocks> non-local; finally applies
//
// If there's no catch block without a catchguard, the last <next catch
// block> points to rethrow code. This code will [gosub] to the finally
// code if appropriate, and is also used for the catch-all trynote for
// capturing exceptions thrown from catch{} blocks.
//
for (ParseNode* pn3 = catchList->pn_head; pn3; pn3 = pn3->pn_next) {
MOZ_ASSERT(this->stackDepth == depth);
// Clear the frame's return value that might have been set by the
// try block:
//
// eval("try { 1; throw 2 } catch(e) {}"); // undefined, not 1
if (!emit1(JSOP_UNDEFINED))
return false;
if (!emit1(JSOP_SETRVAL))
return false;
// Emit the lexical scope and catch body.
MOZ_ASSERT(pn3->isKind(PNK_LEXICALSCOPE));
if (!emitTree(pn3))
return false;
// gosub <finally>, if required.
if (pn->pn_kid3) {
if (!emitJump(JSOP_GOSUB, &controlInfo.gosubs))
return false;
MOZ_ASSERT(this->stackDepth == depth);
}
// Jump over the remaining catch blocks. This will get fixed
// up to jump to after catch/finally.
if (!emitJump(JSOP_GOTO, &catchJump))
return false;
// If this catch block had a guard clause, patch the guard jump to
// come here.
if (controlInfo.guardJump.offset != -1) {
if (!emitJumpTargetAndPatch(controlInfo.guardJump))
return false;
controlInfo.guardJump.offset = -1;
// If this catch block is the last one, rethrow, delegating
// execution of any finally block to the exception handler.
if (!pn3->pn_next) {
if (!emit1(JSOP_EXCEPTION))
return false;
if (!emit1(JSOP_THROW))
return false;
}
}
}
}
MOZ_ASSERT(this->stackDepth == depth);
// Emit the finally handler, if there is one.
JumpTarget finallyStart{ 0 };
if (pn->pn_kid3) {
if (!emitJumpTarget(&finallyStart))
return false;
// Fix up the gosubs that might have been emitted before non-local
// jumps to the finally code.
patchJumpsToTarget(controlInfo.gosubs, finallyStart);
// Indicate that we're emitting a subroutine body.
controlInfo.setEmittingSubroutine();
if (!updateSourceCoordNotes(pn->pn_kid3->pn_pos.begin))
return false;
if (!emit1(JSOP_FINALLY))
return false;
if (!emit1(JSOP_GETRVAL))
return false;
// Clear the frame's return value to make break/continue return
// correct value even if there's no other statement before them:
//
// eval("x: try { 1 } finally { break x; }"); // undefined, not 1
if (!emit1(JSOP_UNDEFINED))
return false;
if (!emit1(JSOP_SETRVAL))
return false;
if (!emitTree(pn->pn_kid3))
return false;
if (!emit1(JSOP_SETRVAL))
return false;
if (!emit1(JSOP_RETSUB))
return false;
hasTryFinally = true;
MOZ_ASSERT(this->stackDepth == depth);
}
// ReconstructPCStack needs a NOP here to mark the end of the last catch block.
if (!emit1(JSOP_NOP))
return false;
// Fix up the end-of-try/catch jumps to come here.
if (!emitJumpTargetAndPatch(catchJump))
return false;
// Add the try note last, to let post-order give us the right ordering
// (first to last for a given nesting level, inner to outer by level).
if (catchList && !tryNoteList.append(JSTRY_CATCH, depth, tryStart, tryEnd.offset))
return false;
// If we've got a finally, mark try+catch region with additional
// trynote to catch exceptions (re)thrown from a catch block or
// for the try{}finally{} case.
if (pn->pn_kid3 && !tryNoteList.append(JSTRY_FINALLY, depth, tryStart, finallyStart.offset))
return false;
return true;
}
bool
BytecodeEmitter::emitIf(ParseNode* pn)
{
IfThenElseEmitter ifThenElse(this);
if_again:
/* Emit code for the condition before pushing stmtInfo. */
if (!emitConditionallyExecutedTree(pn->pn_kid1))
return false;
ParseNode* elseNode = pn->pn_kid3;
if (elseNode) {
if (!ifThenElse.emitIfElse())
return false;
} else {
if (!ifThenElse.emitIf())
return false;
}
/* Emit code for the then part. */
if (!emitConditionallyExecutedTree(pn->pn_kid2))
return false;
if (elseNode) {
if (!ifThenElse.emitElse())
return false;
if (elseNode->isKind(PNK_IF)) {
pn = elseNode;
goto if_again;
}
/* Emit code for the else part. */
if (!emitConditionallyExecutedTree(elseNode))
return false;
}
if (!ifThenElse.emitEnd())
return false;
return true;
}
bool
BytecodeEmitter::emitHoistedFunctionsInList(ParseNode* list)
{
MOZ_ASSERT(list->pn_xflags & PNX_FUNCDEFS);
for (ParseNode* pn = list->pn_head; pn; pn = pn->pn_next) {
ParseNode* maybeFun = pn;
if (!sc->strict()) {
while (maybeFun->isKind(PNK_LABEL))
maybeFun = maybeFun->as<LabeledStatement>().statement();
}
if (maybeFun->isKind(PNK_FUNCTION) && maybeFun->functionIsHoisted()) {
if (!emitTree(maybeFun))
return false;
}
}
return true;
}
bool
BytecodeEmitter::emitLexicalScopeBody(ParseNode* body, EmitLineNumberNote emitLineNote)
{
if (body->isKind(PNK_STATEMENTLIST) && body->pn_xflags & PNX_FUNCDEFS) {
// This block contains function statements whose definitions are
// hoisted to the top of the block. Emit these as a separate pass
// before the rest of the block.
if (!emitHoistedFunctionsInList(body))
return false;
}
// Line notes were updated by emitLexicalScope.
return emitTree(body, emitLineNote);
}
// Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
// the comment on emitSwitch.
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitLexicalScope(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_LEXICALSCOPE));
TDZCheckCache tdzCache(this);
ParseNode* body = pn->scopeBody();
if (pn->isEmptyScope())
return emitLexicalScopeBody(body);
// Update line number notes before emitting TDZ poison in
// EmitterScope::enterLexical to avoid spurious pausing on seemingly
// non-effectful lines in Debugger.
//
// For example, consider the following code.
//
// L1: {
// L2: let x = 42;
// L3: }
//
// If line number notes were not updated before the TDZ poison, the TDZ
// poison bytecode sequence of 'uninitialized; initlexical' will have line
// number L1, and the Debugger will pause there.
if (!ParseNodeRequiresSpecialLineNumberNotes(body)) {
ParseNode* pnForPos = body;
if (body->isKind(PNK_STATEMENTLIST) && body->pn_head)
pnForPos = body->pn_head;
if (!updateLineNumberNotes(pnForPos->pn_pos.begin))
return false;
}
EmitterScope emitterScope(this);
ScopeKind kind;
if (body->isKind(PNK_CATCH))
kind = body->pn_kid1->isKind(PNK_NAME) ? ScopeKind::SimpleCatch : ScopeKind::Catch;
else
kind = ScopeKind::Lexical;
if (!emitterScope.enterLexical(this, kind, pn->scopeBindings()))
return false;
if (body->isKind(PNK_FOR)) {
// for loops need to emit {FRESHEN,RECREATE}LEXICALENV if there are
// lexical declarations in the head. Signal this by passing a
// non-nullptr lexical scope.
if (!emitFor(body, &emitterScope))
return false;
} else {
if (!emitLexicalScopeBody(body, SUPPRESS_LINENOTE))
return false;
}
return emitterScope.leave(this);
}
bool
BytecodeEmitter::emitWith(ParseNode* pn)
{
if (!emitTree(pn->pn_left))
return false;
EmitterScope emitterScope(this);
if (!emitterScope.enterWith(this))
return false;
if (!emitTree(pn->pn_right))
return false;
return emitterScope.leave(this);
}
bool
BytecodeEmitter::emitRequireObjectCoercible()
{
// For simplicity, handle this in self-hosted code, at cost of 13 bytes of
// bytecode versus 1 byte for a dedicated opcode. As more places need this
// behavior, we may want to reconsider this tradeoff.
#ifdef DEBUG
auto depth = this->stackDepth;
#endif
MOZ_ASSERT(depth > 0); // VAL
if (!emit1(JSOP_DUP)) // VAL VAL
return false;
// Note that "intrinsic" is a misnomer: we're calling a *self-hosted*
// function that's not an intrinsic! But it nonetheless works as desired.
if (!emitAtomOp(cx->names().RequireObjectCoercible,
JSOP_GETINTRINSIC)) // VAL VAL REQUIREOBJECTCOERCIBLE
{
return false;
}
if (!emit1(JSOP_UNDEFINED)) // VAL VAL REQUIREOBJECTCOERCIBLE UNDEFINED
return false;
if (!emit2(JSOP_PICK, 2)) // VAL REQUIREOBJECTCOERCIBLE UNDEFINED VAL
return false;
if (!emitCall(JSOP_CALL, 1)) // VAL IGNORED
return false;
checkTypeSet(JSOP_CALL);
if (!emit1(JSOP_POP)) // VAL
return false;
MOZ_ASSERT(depth == this->stackDepth);
return true;
}
bool
BytecodeEmitter::emitIterator()
{
// Convert iterable to iterator.
if (!emit1(JSOP_DUP)) // OBJ OBJ
return false;
if (!emit2(JSOP_SYMBOL, uint8_t(JS::SymbolCode::iterator))) // OBJ OBJ @@ITERATOR
return false;
if (!emitElemOpBase(JSOP_CALLELEM)) // OBJ ITERFN
return false;
if (!emit1(JSOP_SWAP)) // ITERFN OBJ
return false;
if (!emitCall(JSOP_CALLITER, 0)) // ITER
return false;
checkTypeSet(JSOP_CALLITER);
if (!emitCheckIsObj(CheckIsObjectKind::GetIterator)) // ITER
return false;
return true;
}
bool
BytecodeEmitter::emitSpread(bool allowSelfHosted)
{
LoopControl loopInfo(this, StatementKind::Spread);
// Jump down to the loop condition to minimize overhead assuming at least
// one iteration, as the other loop forms do. Annotate so IonMonkey can
// find the loop-closing jump.
unsigned noteIndex;
if (!newSrcNote(SRC_FOR_OF, ¬eIndex))
return false;
// Jump down to the loop condition to minimize overhead, assuming at least
// one iteration. (This is also what we do for loops; whether this
// assumption holds for spreads is an unanswered question.)
JumpList initialJump;
if (!emitJump(JSOP_GOTO, &initialJump)) // ITER ARR I (during the goto)
return false;
JumpTarget top{ -1 };
if (!emitLoopHead(nullptr, &top)) // ITER ARR I
return false;
// When we enter the goto above, we have ITER ARR I on the stack. But when
// we reach this point on the loop backedge (if spreading produces at least
// one value), we've additionally pushed a RESULT iteration value.
// Increment manually to reflect this.
this->stackDepth++;
JumpList beq;
JumpTarget breakTarget{ -1 };
{
#ifdef DEBUG
auto loopDepth = this->stackDepth;
#endif
// Emit code to assign result.value to the iteration variable.
if (!emitAtomOp(cx->names().value, JSOP_GETPROP)) // ITER ARR I VALUE
return false;
if (!emit1(JSOP_INITELEM_INC)) // ITER ARR (I+1)
return false;
MOZ_ASSERT(this->stackDepth == loopDepth - 1);
// Spread operations can't contain |continue|, so don't bother setting loop
// and enclosing "update" offsets, as we do with for-loops.
// COME FROM the beginning of the loop to here.
if (!emitLoopEntry(nullptr, initialJump)) // ITER ARR I
return false;
if (!emitDupAt(2)) // ITER ARR I ITER
return false;
if (!emitIteratorNext(nullptr, allowSelfHosted)) // ITER ARR I RESULT
return false;
if (!emit1(JSOP_DUP)) // ITER ARR I RESULT RESULT
return false;
if (!emitAtomOp(cx->names().done, JSOP_GETPROP)) // ITER ARR I RESULT DONE?
return false;
if (!emitBackwardJump(JSOP_IFEQ, top, &beq, &breakTarget)) // ITER ARR I RESULT
return false;
MOZ_ASSERT(this->stackDepth == loopDepth);
}
// Let Ion know where the closing jump of this loop is.
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - initialJump.offset))
return false;
// No breaks or continues should occur in spreads.
MOZ_ASSERT(loopInfo.breaks.offset == -1);
MOZ_ASSERT(loopInfo.continues.offset == -1);
if (!tryNoteList.append(JSTRY_FOR_OF, stackDepth, top.offset, breakTarget.offset))
return false;
if (!emit2(JSOP_PICK, 3)) // ARR FINAL_INDEX RESULT ITER
return false;
return emitUint16Operand(JSOP_POPN, 2); // ARR FINAL_INDEX
}
bool
BytecodeEmitter::emitInitializeForInOrOfTarget(ParseNode* forHead)
{
MOZ_ASSERT(forHead->isKind(PNK_FORIN) || forHead->isKind(PNK_FOROF));
MOZ_ASSERT(forHead->isArity(PN_TERNARY));
MOZ_ASSERT(this->stackDepth >= 1,
"must have a per-iteration value for initializing");
ParseNode* target = forHead->pn_kid1;
MOZ_ASSERT(!forHead->pn_kid2);
// If the for-in/of loop didn't have a variable declaration, per-loop
// initialization is just assigning the iteration value to a target
// expression.
if (!parser->handler.isDeclarationList(target))
return emitAssignment(target, JSOP_NOP, nullptr); // ... ITERVAL
// Otherwise, per-loop initialization is (possibly) declaration
// initialization. If the declaration is a lexical declaration, it must be
// initialized. If the declaration is a variable declaration, an
// assignment to that name (which does *not* necessarily assign to the
// variable!) must be generated.
if (!updateSourceCoordNotes(target->pn_pos.begin))
return false;
MOZ_ASSERT(target->isForLoopDeclaration());
target = parser->handler.singleBindingFromDeclaration(target);
if (target->isKind(PNK_NAME)) {
auto emitSwapScopeAndRhs = [](BytecodeEmitter* bce, const NameLocation&,
bool emittedBindOp)
{
if (emittedBindOp) {
// Per-iteration initialization in for-in/of loops computes the
// iteration value *before* initializing. Thus the
// initializing value may be buried under a bind-specific value
// on the stack. Swap it to the top of the stack.
MOZ_ASSERT(bce->stackDepth >= 2);
return bce->emit1(JSOP_SWAP);
}
// In cases of emitting a frame slot or environment slot,
// nothing needs be done.
MOZ_ASSERT(bce->stackDepth >= 1);
return true;
};
// The caller handles removing the iteration value from the stack.
return emitInitializeName(target, emitSwapScopeAndRhs);
}
MOZ_ASSERT(!target->isKind(PNK_ASSIGN),
"for-in/of loop destructuring declarations can't have initializers");
MOZ_ASSERT(target->isKind(PNK_ARRAY) || target->isKind(PNK_OBJECT));
return emitDestructuringOps(target, DestructuringDeclaration);
}
bool
BytecodeEmitter::emitForOf(ParseNode* forOfLoop, EmitterScope* headLexicalEmitterScope)
{
MOZ_ASSERT(forOfLoop->isKind(PNK_FOR));
MOZ_ASSERT(forOfLoop->isArity(PN_BINARY));
ParseNode* forOfHead = forOfLoop->pn_left;
MOZ_ASSERT(forOfHead->isKind(PNK_FOROF));
MOZ_ASSERT(forOfHead->isArity(PN_TERNARY));
// Evaluate the expression being iterated.
ParseNode* forHeadExpr = forOfHead->pn_kid3;
if (!emitTree(forHeadExpr)) // ITERABLE
return false;
if (!emitIterator()) // ITER
return false;
// For-of loops have both the iterator and the value on the stack. Push
// undefined to balance the stack.
if (!emit1(JSOP_UNDEFINED)) // ITER RESULT
return false;
LoopControl loopInfo(this, StatementKind::ForOfLoop);
// Annotate so IonMonkey can find the loop-closing jump.
unsigned noteIndex;
if (!newSrcNote(SRC_FOR_OF, ¬eIndex))
return false;
JumpList initialJump;
if (!emitJump(JSOP_GOTO, &initialJump)) // ITER RESULT
return false;
JumpTarget top{ -1 };
if (!emitLoopHead(nullptr, &top)) // ITER RESULT
return false;
// If the loop had an escaping lexical declaration, replace the current
// environment with an dead zoned one to implement TDZ semantics.
if (headLexicalEmitterScope) {
// The environment chain only includes an environment for the for-of
// loop head *if* a scope binding is captured, thereby requiring
// recreation each iteration. If a lexical scope exists for the head,
// it must be the innermost one. If that scope has closed-over
// bindings inducing an environment, recreate the current environment.
DebugOnly<ParseNode*> forOfTarget = forOfHead->pn_kid1;
MOZ_ASSERT(forOfTarget->isKind(PNK_LET) || forOfTarget->isKind(PNK_CONST));
MOZ_ASSERT(headLexicalEmitterScope == innermostEmitterScope);
MOZ_ASSERT(headLexicalEmitterScope->scope(this)->kind() == ScopeKind::Lexical);
if (headLexicalEmitterScope->hasEnvironment()) {
if (!emit1(JSOP_RECREATELEXICALENV)) // ITER RESULT
return false;
}
// For uncaptured bindings, put them back in TDZ.
if (!headLexicalEmitterScope->deadZoneFrameSlots(this))
return false;
}
JumpList beq;
JumpTarget breakTarget{ -1 };
{
#ifdef DEBUG
auto loopDepth = this->stackDepth;
#endif
// Emit code to assign result.value to the iteration variable.
if (!emit1(JSOP_DUP)) // ITER RESULT RESULT
return false;
if (!emitAtomOp(cx->names().value, JSOP_GETPROP)) // ITER RESULT VALUE
return false;
if (!emitInitializeForInOrOfTarget(forOfHead)) // ITER RESULT VALUE
return false;
if (!emit1(JSOP_POP)) // ITER RESULT
return false;
MOZ_ASSERT(this->stackDepth == loopDepth,
"the stack must be balanced around the initializing "
"operation");
// Perform the loop body.
ParseNode* forBody = forOfLoop->pn_right;
if (!emitTree(forBody)) // ITER RESULT
return false;
// Set offset for continues.
loopInfo.continueTarget = { offset() };
if (!emitLoopEntry(forHeadExpr, initialJump)) // ITER RESULT
return false;
if (!emit1(JSOP_POP)) // ITER
return false;
if (!emit1(JSOP_DUP)) // ITER ITER
return false;
if (!emitIteratorNext(forOfHead)) // ITER RESULT
return false;
if (!emit1(JSOP_DUP)) // ITER RESULT RESULT
return false;
if (!emitAtomOp(cx->names().done, JSOP_GETPROP)) // ITER RESULT DONE?
return false;
if (!emitBackwardJump(JSOP_IFEQ, top, &beq, &breakTarget))
return false; // ITER RESULT
MOZ_ASSERT(this->stackDepth == loopDepth);
}
// Let Ion know where the closing jump of this loop is.
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - initialJump.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
if (!tryNoteList.append(JSTRY_FOR_OF, stackDepth, top.offset, breakTarget.offset))
return false;
return emitUint16Operand(JSOP_POPN, 2); //
}
bool
BytecodeEmitter::emitForIn(ParseNode* forInLoop, EmitterScope* headLexicalEmitterScope)
{
MOZ_ASSERT(forInLoop->isKind(PNK_FOR));
MOZ_ASSERT(forInLoop->isArity(PN_BINARY));
MOZ_ASSERT(forInLoop->isOp(JSOP_ITER));
ParseNode* forInHead = forInLoop->pn_left;
MOZ_ASSERT(forInHead->isKind(PNK_FORIN));
MOZ_ASSERT(forInHead->isArity(PN_TERNARY));
// Annex B: Evaluate the var-initializer expression if present.
// |for (var i = initializer in expr) { ... }|
ParseNode* forInTarget = forInHead->pn_kid1;
if (parser->handler.isDeclarationList(forInTarget)) {
ParseNode* decl = parser->handler.singleBindingFromDeclaration(forInTarget);
if (decl->isKind(PNK_NAME)) {
if (ParseNode* initializer = decl->expr()) {
MOZ_ASSERT(forInTarget->isKind(PNK_VAR),
"for-in initializers are only permitted for |var| declarations");
if (!updateSourceCoordNotes(decl->pn_pos.begin))
return false;
auto emitRhs = [initializer](BytecodeEmitter* bce, const NameLocation&, bool) {
return bce->emitTree(initializer);
};
if (!emitInitializeName(decl, emitRhs))
return false;
// Pop the initializer.
if (!emit1(JSOP_POP))
return false;
}
}
}
// Evaluate the expression being iterated.
ParseNode* expr = forInHead->pn_kid3;
if (!emitTree(expr)) // EXPR
return false;
// Convert the value to the appropriate sort of iterator object for the
// loop variant (for-in, for-each-in, or destructuring for-in).
unsigned iflags = forInLoop->pn_iflags;
MOZ_ASSERT(0 == (iflags & ~(JSITER_FOREACH | JSITER_ENUMERATE)));
if (!emit2(JSOP_ITER, AssertedCast<uint8_t>(iflags))) // ITER
return false;
// For-in loops have both the iterator and the value on the stack. Push
// undefined to balance the stack.
if (!emit1(JSOP_UNDEFINED)) // ITER ITERVAL
return false;
LoopControl loopInfo(this, StatementKind::ForInLoop);
/* Annotate so IonMonkey can find the loop-closing jump. */
unsigned noteIndex;
if (!newSrcNote(SRC_FOR_IN, ¬eIndex))
return false;
// Jump down to the loop condition to minimize overhead (assuming at least
// one iteration, just like the other loop forms).
JumpList initialJump;
if (!emitJump(JSOP_GOTO, &initialJump)) // ITER ITERVAL
return false;
JumpTarget top{ -1 };
if (!emitLoopHead(nullptr, &top)) // ITER ITERVAL
return false;
// If the loop had an escaping lexical declaration, replace the current
// environment with an dead zoned one to implement TDZ semantics.
if (headLexicalEmitterScope) {
// The environment chain only includes an environment for the for-in
// loop head *if* a scope binding is captured, thereby requiring
// recreation each iteration. If a lexical scope exists for the head,
// it must be the innermost one. If that scope has closed-over
// bindings inducing an environment, recreate the current environment.
MOZ_ASSERT(forInTarget->isKind(PNK_LET) || forInTarget->isKind(PNK_CONST));
MOZ_ASSERT(headLexicalEmitterScope == innermostEmitterScope);
MOZ_ASSERT(headLexicalEmitterScope->scope(this)->kind() == ScopeKind::Lexical);
if (headLexicalEmitterScope->hasEnvironment()) {
if (!emit1(JSOP_RECREATELEXICALENV)) // ITER ITERVAL
return false;
}
// For uncaptured bindings, put them back in TDZ.
if (!headLexicalEmitterScope->deadZoneFrameSlots(this))
return false;
}
{
#ifdef DEBUG
auto loopDepth = this->stackDepth;
#endif
MOZ_ASSERT(loopDepth >= 2);
if (!emitInitializeForInOrOfTarget(forInHead)) // ITER ITERVAL
return false;
MOZ_ASSERT(this->stackDepth == loopDepth,
"iterator and iterval must be left on the stack");
}
// Perform the loop body.
ParseNode* forBody = forInLoop->pn_right;
if (!emitTree(forBody)) // ITER ITERVAL
return false;
// Set offset for continues.
loopInfo.continueTarget = { offset() };
if (!emitLoopEntry(nullptr, initialJump)) // ITER ITERVAL
return false;
if (!emit1(JSOP_POP)) // ITER
return false;
if (!emit1(JSOP_MOREITER)) // ITER NEXTITERVAL?
return false;
if (!emit1(JSOP_ISNOITER)) // ITER NEXTITERVAL? ISNOITER
return false;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFEQ, top, &beq, &breakTarget))
return false; // ITER NEXTITERVAL
// Set the srcnote offset so we can find the closing jump.
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - initialJump.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
// Pop the enumeration value.
if (!emit1(JSOP_POP)) // ITER
return false;
if (!tryNoteList.append(JSTRY_FOR_IN, this->stackDepth, top.offset, offset()))
return false;
return emit1(JSOP_ENDITER); //
}
/* C-style `for (init; cond; update) ...` loop. */
bool
BytecodeEmitter::emitCStyleFor(ParseNode* pn, EmitterScope* headLexicalEmitterScope)
{
LoopControl loopInfo(this, StatementKind::ForLoop);
ParseNode* forHead = pn->pn_left;
ParseNode* forBody = pn->pn_right;
// If the head of this for-loop declared any lexical variables, the parser
// wrapped this PNK_FOR node in a PNK_LEXICALSCOPE representing the
// implicit scope of those variables. By the time we get here, we have
// already entered that scope. So far, so good.
//
// ### Scope freshening
//
// Each iteration of a `for (let V...)` loop creates a fresh loop variable
// binding for V, even if the loop is a C-style `for(;;)` loop:
//
// var funcs = [];
// for (let i = 0; i < 2; i++)
// funcs.push(function() { return i; });
// assertEq(funcs[0](), 0); // the two closures capture...
// assertEq(funcs[1](), 1); // ...two different `i` bindings
//
// This is implemented by "freshening" the implicit block -- changing the
// scope chain to a fresh clone of the instantaneous block object -- each
// iteration, just before evaluating the "update" in for(;;) loops.
//
// No freshening occurs in `for (const ...;;)` as there's no point: you
// can't reassign consts. This is observable through the Debugger API. (The
// ES6 spec also skips cloning the environment in this case.)
bool forLoopRequiresFreshening = false;
if (ParseNode* init = forHead->pn_kid1) {
// Emit the `init` clause, whether it's an expression or a variable
// declaration. (The loop variables were hoisted into an enclosing
// scope, but we still need to emit code for the initializers.)
if (!updateSourceCoordNotes(init->pn_pos.begin))
return false;
if (!emitTree(init))
return false;
if (!init->isForLoopDeclaration()) {
// 'init' is an expression, not a declaration. emitTree left its
// value on the stack.
if (!emit1(JSOP_POP))
return false;
}
// ES 13.7.4.8 step 2. The initial freshening.
//
// If an initializer let-declaration may be captured during loop iteration,
// the current scope has an environment. If so, freshen the current
// environment to expose distinct bindings for each loop iteration.
forLoopRequiresFreshening = init->isKind(PNK_LET) && headLexicalEmitterScope;
if (forLoopRequiresFreshening) {
// The environment chain only includes an environment for the for(;;)
// loop head's let-declaration *if* a scope binding is captured, thus
// requiring a fresh environment each iteration. If a lexical scope
// exists for the head, it must be the innermost one. If that scope
// has closed-over bindings inducing an environment, recreate the
// current environment.
MOZ_ASSERT(headLexicalEmitterScope == innermostEmitterScope);
MOZ_ASSERT(headLexicalEmitterScope->scope(this)->kind() == ScopeKind::Lexical);
if (headLexicalEmitterScope->hasEnvironment()) {
if (!emit1(JSOP_FRESHENLEXICALENV))
return false;
}
}
}
/*
* NB: the SRC_FOR note has offsetBias 1 (JSOP_NOP_LENGTH).
* Use tmp to hold the biased srcnote "top" offset, which differs
* from the top local variable by the length of the JSOP_GOTO
* emitted in between tmp and top if this loop has a condition.
*/
unsigned noteIndex;
if (!newSrcNote(SRC_FOR, ¬eIndex))
return false;
if (!emit1(JSOP_NOP))
return false;
ptrdiff_t tmp = offset();
JumpList jmp;
if (forHead->pn_kid2) {
/* Goto the loop condition, which branches back to iterate. */
if (!emitJump(JSOP_GOTO, &jmp))
return false;
}
/* Emit code for the loop body. */
JumpTarget top{ -1 };
if (!emitLoopHead(forBody, &top))
return false;
if (jmp.offset == -1 && !emitLoopEntry(forBody, jmp))
return false;
if (!emitConditionallyExecutedTree(forBody))
return false;
// Set loop and enclosing "update" offsets, for continue. Note that we
// continue to immediately *before* the block-freshening: continuing must
// refresh the block.
if (!emitJumpTarget(&loopInfo.continueTarget))
return false;
// ES 13.7.4.8 step 3.e. The per-iteration freshening.
if (forLoopRequiresFreshening) {
MOZ_ASSERT(headLexicalEmitterScope == innermostEmitterScope);
MOZ_ASSERT(headLexicalEmitterScope->scope(this)->kind() == ScopeKind::Lexical);
if (headLexicalEmitterScope->hasEnvironment()) {
if (!emit1(JSOP_FRESHENLEXICALENV))
return false;
}
}
// Check for update code to do before the condition (if any).
// The update code may not be executed at all; it needs its own TDZ cache.
if (ParseNode* update = forHead->pn_kid3) {
TDZCheckCache tdzCache(this);
if (!updateSourceCoordNotes(update->pn_pos.begin))
return false;
if (!emitTree(update))
return false;
if (!emit1(JSOP_POP))
return false;
/* Restore the absolute line number for source note readers. */
uint32_t lineNum = parser->tokenStream.srcCoords.lineNum(pn->pn_pos.end);
if (currentLine() != lineNum) {
if (!newSrcNote2(SRC_SETLINE, ptrdiff_t(lineNum)))
return false;
current->currentLine = lineNum;
current->lastColumn = 0;
}
}
ptrdiff_t tmp3 = offset();
if (forHead->pn_kid2) {
/* Fix up the goto from top to target the loop condition. */
MOZ_ASSERT(jmp.offset >= 0);
if (!emitLoopEntry(forHead->pn_kid2, jmp))
return false;
if (!emitTree(forHead->pn_kid2))
return false;
} else if (!forHead->pn_kid3) {
// If there is no condition clause and no update clause, mark
// the loop-ending "goto" with the location of the "for".
// This ensures that the debugger will stop on each loop
// iteration.
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
}
/* Set the first note offset so we can find the loop condition. */
if (!setSrcNoteOffset(noteIndex, 0, tmp3 - tmp))
return false;
if (!setSrcNoteOffset(noteIndex, 1, loopInfo.continueTarget.offset - tmp))
return false;
/* If no loop condition, just emit a loop-closing jump. */
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(forHead->pn_kid2 ? JSOP_IFNE : JSOP_GOTO, top, &beq, &breakTarget))
return false;
/* The third note offset helps us find the loop-closing jump. */
if (!setSrcNoteOffset(noteIndex, 2, beq.offset - tmp))
return false;
if (!tryNoteList.append(JSTRY_LOOP, stackDepth, top.offset, breakTarget.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
return true;
}
bool
BytecodeEmitter::emitFor(ParseNode* pn, EmitterScope* headLexicalEmitterScope)
{
MOZ_ASSERT(pn->isKind(PNK_FOR));
if (pn->pn_left->isKind(PNK_FORHEAD))
return emitCStyleFor(pn, headLexicalEmitterScope);
if (!updateLineNumberNotes(pn->pn_pos.begin))
return false;
if (pn->pn_left->isKind(PNK_FORIN))
return emitForIn(pn, headLexicalEmitterScope);
MOZ_ASSERT(pn->pn_left->isKind(PNK_FOROF));
return emitForOf(pn, headLexicalEmitterScope);
}
bool
BytecodeEmitter::emitComprehensionForInOrOfVariables(ParseNode* pn, bool* lexicalScope)
{
// ES6 specifies that lexical for-loop variables get a fresh binding each
// iteration, and that evaluation of the expression looped over occurs with
// these variables dead zoned. But these rules only apply to *standard*
// for-in/of loops, and we haven't extended these requirements to
// comprehension syntax.
*lexicalScope = pn->isKind(PNK_LEXICALSCOPE);
if (*lexicalScope) {
// This is initially-ES7-tracked syntax, now with considerably murkier
// outlook. The scope work is done by the caller by instantiating an
// EmitterScope. There's nothing to do here.
} else {
// This is legacy comprehension syntax. We'll have PNK_LET here, using
// a lexical scope provided by/for the entire comprehension. Name
// analysis assumes declarations initialize lets, but as we're handling
// this declaration manually, we must also initialize manually to avoid
// triggering dead zone checks.
MOZ_ASSERT(pn->isKind(PNK_LET));
MOZ_ASSERT(pn->pn_count == 1);
if (!emitDeclarationList(pn))
return false;
}
return true;
}
bool
BytecodeEmitter::emitComprehensionForOf(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_COMPREHENSIONFOR));
ParseNode* forHead = pn->pn_left;
MOZ_ASSERT(forHead->isKind(PNK_FOROF));
ParseNode* forHeadExpr = forHead->pn_kid3;
ParseNode* forBody = pn->pn_right;
ParseNode* loopDecl = forHead->pn_kid1;
bool lexicalScope = false;
if (!emitComprehensionForInOrOfVariables(loopDecl, &lexicalScope))
return false;
// For-of loops run with two values on the stack: the iterator and the
// current result object.
// Evaluate the expression to the right of 'of'.
if (!emitTree(forHeadExpr)) // EXPR
return false;
if (!emitIterator()) // ITER
return false;
// Push a dummy result so that we properly enter iteration midstream.
if (!emit1(JSOP_UNDEFINED)) // ITER RESULT
return false;
// Enter the block before the loop body, after evaluating the obj.
// Initialize let bindings with undefined when entering, as the name
// assigned to is a plain assignment.
TDZCheckCache tdzCache(this);
Maybe<EmitterScope> emitterScope;
ParseNode* loopVariableName;
if (lexicalScope) {
loopVariableName = parser->handler.singleBindingFromDeclaration(loopDecl->pn_expr);
emitterScope.emplace(this);
if (!emitterScope->enterComprehensionFor(this, loopDecl->scopeBindings()))
return false;
} else {
loopVariableName = parser->handler.singleBindingFromDeclaration(loopDecl);
}
LoopControl loopInfo(this, StatementKind::ForOfLoop);
// Jump down to the loop condition to minimize overhead assuming at least
// one iteration, as the other loop forms do. Annotate so IonMonkey can
// find the loop-closing jump.
unsigned noteIndex;
if (!newSrcNote(SRC_FOR_OF, ¬eIndex))
return false;
JumpList jmp;
if (!emitJump(JSOP_GOTO, &jmp))
return false;
JumpTarget top{ -1 };
if (!emitLoopHead(nullptr, &top))
return false;
#ifdef DEBUG
int loopDepth = this->stackDepth;
#endif
// Emit code to assign result.value to the iteration variable.
if (!emit1(JSOP_DUP)) // ITER RESULT RESULT
return false;
if (!emitAtomOp(cx->names().value, JSOP_GETPROP)) // ITER RESULT VALUE
return false;
if (!emitAssignment(loopVariableName, JSOP_NOP, nullptr)) // ITER RESULT VALUE
return false;
if (!emit1(JSOP_POP)) // ITER RESULT
return false;
// The stack should be balanced around the assignment opcode sequence.
MOZ_ASSERT(this->stackDepth == loopDepth);
// Emit code for the loop body.
if (!emitTree(forBody))
return false;
// Set offset for continues.
loopInfo.continueTarget = { offset() };
if (!emitLoopEntry(forHeadExpr, jmp))
return false;
if (!emit1(JSOP_POP)) // ITER
return false;
if (!emit1(JSOP_DUP)) // ITER ITER
return false;
if (!emitIteratorNext(forHead)) // ITER RESULT
return false;
if (!emit1(JSOP_DUP)) // ITER RESULT RESULT
return false;
if (!emitAtomOp(cx->names().done, JSOP_GETPROP)) // ITER RESULT DONE?
return false;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFEQ, top, &beq, &breakTarget)) // ITER RESULT
return false;
MOZ_ASSERT(this->stackDepth == loopDepth);
// Let Ion know where the closing jump of this loop is.
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - jmp.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
if (!tryNoteList.append(JSTRY_FOR_OF, stackDepth, top.offset, breakTarget.offset))
return false;
if (emitterScope) {
if (!emitterScope->leave(this))
return false;
emitterScope.reset();
}
// Pop the result and the iter.
return emitUint16Operand(JSOP_POPN, 2); //
}
bool
BytecodeEmitter::emitComprehensionForIn(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_COMPREHENSIONFOR));
ParseNode* forHead = pn->pn_left;
MOZ_ASSERT(forHead->isKind(PNK_FORIN));
ParseNode* forBody = pn->pn_right;
ParseNode* loopDecl = forHead->pn_kid1;
bool lexicalScope = false;
if (loopDecl && !emitComprehensionForInOrOfVariables(loopDecl, &lexicalScope))
return false;
// Evaluate the expression to the right of 'in'.
if (!emitTree(forHead->pn_kid3))
return false;
/*
* Emit a bytecode to convert top of stack value to the iterator
* object depending on the loop variant (for-in, for-each-in, or
* destructuring for-in).
*/
MOZ_ASSERT(pn->isOp(JSOP_ITER));
if (!emit2(JSOP_ITER, (uint8_t) pn->pn_iflags))
return false;
// For-in loops have both the iterator and the value on the stack. Push
// undefined to balance the stack.
if (!emit1(JSOP_UNDEFINED))
return false;
// Enter the block before the loop body, after evaluating the obj.
// Initialize let bindings with undefined when entering, as the name
// assigned to is a plain assignment.
TDZCheckCache tdzCache(this);
Maybe<EmitterScope> emitterScope;
if (lexicalScope) {
emitterScope.emplace(this);
if (!emitterScope->enterComprehensionFor(this, loopDecl->scopeBindings()))
return false;
}
LoopControl loopInfo(this, StatementKind::ForInLoop);
/* Annotate so IonMonkey can find the loop-closing jump. */
unsigned noteIndex;
if (!newSrcNote(SRC_FOR_IN, ¬eIndex))
return false;
/*
* Jump down to the loop condition to minimize overhead assuming at
* least one iteration, as the other loop forms do.
*/
JumpList jmp;
if (!emitJump(JSOP_GOTO, &jmp))
return false;
JumpTarget top{ -1 };
if (!emitLoopHead(nullptr, &top))
return false;
#ifdef DEBUG
int loopDepth = this->stackDepth;
#endif
// Emit code to assign the enumeration value to the left hand side, but
// also leave it on the stack.
if (!emitAssignment(forHead->pn_kid2, JSOP_NOP, nullptr))
return false;
/* The stack should be balanced around the assignment opcode sequence. */
MOZ_ASSERT(this->stackDepth == loopDepth);
/* Emit code for the loop body. */
if (!emitTree(forBody))
return false;
// Set offset for continues.
loopInfo.continueTarget = { offset() };
if (!emitLoopEntry(nullptr, jmp))
return false;
if (!emit1(JSOP_POP))
return false;
if (!emit1(JSOP_MOREITER))
return false;
if (!emit1(JSOP_ISNOITER))
return false;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFEQ, top, &beq, &breakTarget))
return false;
/* Set the srcnote offset so we can find the closing jump. */
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - jmp.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
// Pop the enumeration value.
if (!emit1(JSOP_POP))
return false;
JumpTarget endIter{ offset() };
if (!tryNoteList.append(JSTRY_FOR_IN, this->stackDepth, top.offset, endIter.offset))
return false;
if (!emit1(JSOP_ENDITER))
return false;
if (emitterScope) {
if (!emitterScope->leave(this))
return false;
emitterScope.reset();
}
return true;
}
bool
BytecodeEmitter::emitComprehensionFor(ParseNode* compFor)
{
MOZ_ASSERT(compFor->pn_left->isKind(PNK_FORIN) ||
compFor->pn_left->isKind(PNK_FOROF));
if (!updateLineNumberNotes(compFor->pn_pos.begin))
return false;
return compFor->pn_left->isKind(PNK_FORIN)
? emitComprehensionForIn(compFor)
: emitComprehensionForOf(compFor);
}
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitFunction(ParseNode* pn, bool needsProto)
{
FunctionBox* funbox = pn->pn_funbox;
RootedFunction fun(cx, funbox->function());
RootedAtom name(cx, fun->name());
MOZ_ASSERT_IF(fun->isInterpretedLazy(), fun->lazyScript());
MOZ_ASSERT_IF(pn->isOp(JSOP_FUNWITHPROTO), needsProto);
/*
* Set the |wasEmitted| flag in the funbox once the function has been
* emitted. Function definitions that need hoisting to the top of the
* function will be seen by emitFunction in two places.
*/
if (funbox->wasEmitted && pn->functionIsHoisted()) {
// Annex B block-scoped functions are hoisted like any other
// block-scoped function to the top of their scope. When their
// definitions are seen for the second time, we need to emit the
// assignment that assigns the function to the outer 'var' binding.
if (funbox->isAnnexB) {
auto emitRhs = [&name](BytecodeEmitter* bce, const NameLocation&, bool) {
// The RHS is the value of the lexically bound name in the
// innermost scope.
return bce->emitGetName(name);
};
// Get the location of the 'var' binding in the body scope. The
// name must be found, else there is a bug in the Annex B handling
// in Parser.
//
// In sloppy eval contexts, this location is dynamic.
Maybe<NameLocation> lhsLoc = locationOfNameBoundInScope(name, varEmitterScope);
// If there are parameter expressions, the var name could be a
// parameter.
if (!lhsLoc && sc->isFunctionBox() && sc->asFunctionBox()->hasExtraBodyVarScope())
lhsLoc = locationOfNameBoundInScope(name, varEmitterScope->enclosingInFrame());
if (!lhsLoc) {
lhsLoc = Some(NameLocation::DynamicAnnexBVar());
} else {
MOZ_ASSERT(lhsLoc->bindingKind() == BindingKind::Var ||
lhsLoc->bindingKind() == BindingKind::FormalParameter ||
(lhsLoc->bindingKind() == BindingKind::Let &&
sc->asFunctionBox()->hasParameterExprs));
}
if (!emitSetOrInitializeNameAtLocation(name, *lhsLoc, emitRhs, false))
return false;
if (!emit1(JSOP_POP))
return false;
}
MOZ_ASSERT_IF(fun->hasScript(), fun->nonLazyScript());
MOZ_ASSERT(pn->functionIsHoisted());
return true;
}
funbox->wasEmitted = true;
/*
* Mark as singletons any function which will only be executed once, or
* which is inner to a lambda we only expect to run once. In the latter
* case, if the lambda runs multiple times then CloneFunctionObject will
* make a deep clone of its contents.
*/
if (fun->isInterpreted()) {
bool singleton = checkRunOnceContext();
if (!JSFunction::setTypeForScriptedFunction(cx, fun, singleton))
return false;
SharedContext* outersc = sc;
if (fun->isInterpretedLazy()) {
// We need to update the static scope chain regardless of whether
// the LazyScript has already been initialized, due to the case
// where we previously successfully compiled an inner function's
// lazy script but failed to compile the outer script after the
// fact. If we attempt to compile the outer script again, the
// static scope chain will be newly allocated and will mismatch
// the previously compiled LazyScript's.
ScriptSourceObject* source = &script->sourceObject()->as<ScriptSourceObject>();
fun->lazyScript()->setEnclosingScopeAndSource(innermostScope(), source);
if (emittingRunOnceLambda)
fun->lazyScript()->setTreatAsRunOnce();
} else {
MOZ_ASSERT_IF(outersc->strict(), funbox->strictScript);
// Inherit most things (principals, version, etc) from the
// parent. Use default values for the rest.
Rooted<JSScript*> parent(cx, script);
MOZ_ASSERT(parent->getVersion() == parser->options().version);
MOZ_ASSERT(parent->mutedErrors() == parser->options().mutedErrors());
const TransitiveCompileOptions& transitiveOptions = parser->options();
CompileOptions options(cx, transitiveOptions);
Rooted<JSObject*> sourceObject(cx, script->sourceObject());
Rooted<JSScript*> script(cx, JSScript::Create(cx, options, sourceObject,
funbox->bufStart, funbox->bufEnd));
if (!script)
return false;
BytecodeEmitter bce2(this, parser, funbox, script, /* lazyScript = */ nullptr,
pn->pn_pos, emitterMode);
if (!bce2.init())
return false;
/* We measured the max scope depth when we parsed the function. */
if (!bce2.emitFunctionScript(pn->pn_body))
return false;
if (funbox->isLikelyConstructorWrapper())
script->setLikelyConstructorWrapper();
}
if (outersc->isFunctionBox())
outersc->asFunctionBox()->setHasInnerFunctions();
} else {
MOZ_ASSERT(IsAsmJSModule(fun));
}
/* Make the function object a literal in the outer script's pool. */
unsigned index = objectList.add(pn->pn_funbox);
/* Non-hoisted functions simply emit their respective op. */
if (!pn->functionIsHoisted()) {
/* JSOP_LAMBDA_ARROW is always preceded by a new.target */
MOZ_ASSERT(fun->isArrow() == (pn->getOp() == JSOP_LAMBDA_ARROW));
if (funbox->isAsync()) {
MOZ_ASSERT(!needsProto);
return emitAsyncWrapper(index, funbox->needsHomeObject(), fun->isArrow());
}
if (fun->isArrow()) {
if (sc->allowNewTarget()) {
if (!emit1(JSOP_NEWTARGET))
return false;
} else {
if (!emit1(JSOP_NULL))
return false;
}
}
if (needsProto) {
MOZ_ASSERT(pn->getOp() == JSOP_FUNWITHPROTO || pn->getOp() == JSOP_LAMBDA);
pn->setOp(JSOP_FUNWITHPROTO);
}
if (pn->getOp() == JSOP_DEFFUN) {
if (!emitIndex32(JSOP_LAMBDA, index))
return false;
return emit1(JSOP_DEFFUN);
}
return emitIndex32(pn->getOp(), index);
}
MOZ_ASSERT(!needsProto);
bool topLevelFunction;
if (sc->isFunctionBox() || (sc->isEvalContext() && sc->strict())) {
// No nested functions inside other functions are top-level.
topLevelFunction = false;
} else {
// In sloppy eval scripts, top-level functions in are accessed
// dynamically. In global and module scripts, top-level functions are
// those bound in the var scope.
NameLocation loc = lookupName(name);
topLevelFunction = loc.kind() == NameLocation::Kind::Dynamic ||
loc.bindingKind() == BindingKind::Var;
}
if (topLevelFunction) {
if (sc->isModuleContext()) {
// For modules, we record the function and instantiate the binding
// during ModuleDeclarationInstantiation(), before the script is run.
RootedModuleObject module(cx, sc->asModuleContext()->module());
if (!module->noteFunctionDeclaration(cx, name, fun))
return false;
} else {
MOZ_ASSERT(sc->isGlobalContext() || sc->isEvalContext());
MOZ_ASSERT(pn->getOp() == JSOP_NOP);
switchToPrologue();
if (funbox->isAsync()) {
if (!emitAsyncWrapper(index, fun->isMethod(), fun->isArrow()))
return false;
} else {
if (!emitIndex32(JSOP_LAMBDA, index))
return false;
}
if (!emit1(JSOP_DEFFUN))
return false;
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
switchToMain();
}
} else {
// For functions nested within functions and blocks, make a lambda and
// initialize the binding name of the function in the current scope.
bool isAsync = funbox->isAsync();
auto emitLambda = [index, isAsync](BytecodeEmitter* bce, const NameLocation&, bool) {
if (isAsync) {
return bce->emitAsyncWrapper(index, /* needsHomeObject = */ false,
/* isArrow = */ false);
}
return bce->emitIndexOp(JSOP_LAMBDA, index);
};
if (!emitInitializeName(name, emitLambda))
return false;
if (!emit1(JSOP_POP))
return false;
}
return true;
}
bool
BytecodeEmitter::emitAsyncWrapperLambda(unsigned index, bool isArrow) {
if (isArrow) {
if (sc->allowNewTarget()) {
if (!emit1(JSOP_NEWTARGET))
return false;
} else {
if (!emit1(JSOP_NULL))
return false;
}
if (!emitIndex32(JSOP_LAMBDA_ARROW, index))
return false;
} else {
if (!emitIndex32(JSOP_LAMBDA, index))
return false;
}
return true;
}
bool
BytecodeEmitter::emitAsyncWrapper(unsigned index, bool needsHomeObject, bool isArrow)
{
// needsHomeObject can be true for propertyList for extended class.
// In that case push both unwrapped and wrapped function, in order to
// initialize home object of unwrapped function, and set wrapped function
// as a property.
//
// lambda // unwrapped
// dup // unwrapped unwrapped
// toasync // unwrapped wrapped
//
// Emitted code is surrounded by the following code.
//
// // classObj classCtor classProto
// (emitted code) // classObj classCtor classProto unwrapped wrapped
// swap // classObj classCtor classProto wrapped unwrapped
// inithomeobject 1 // classObj classCtor classProto wrapped unwrapped
// // initialize the home object of unwrapped
// // with classProto here
// pop // classObj classCtor classProto wrapped
// inithiddenprop // classObj classCtor classProto wrapped
// // initialize the property of the classProto
// // with wrapped function here
// pop // classObj classCtor classProto
//
// needsHomeObject is false for other cases, push wrapped function only.
if (!emitAsyncWrapperLambda(index, isArrow))
return false;
if (needsHomeObject) {
if (!emit1(JSOP_DUP))
return false;
}
if (!emit1(JSOP_TOASYNC))
return false;
return true;
}
bool
BytecodeEmitter::emitDo(ParseNode* pn)
{
/* Emit an annotated nop so IonBuilder can recognize the 'do' loop. */
unsigned noteIndex;
if (!newSrcNote(SRC_WHILE, ¬eIndex))
return false;
if (!emit1(JSOP_NOP))
return false;
unsigned noteIndex2;
if (!newSrcNote(SRC_WHILE, ¬eIndex2))
return false;
/* Compile the loop body. */
JumpTarget top;
if (!emitLoopHead(pn->pn_left, &top))
return false;
LoopControl loopInfo(this, StatementKind::DoLoop);
JumpList empty;
if (!emitLoopEntry(nullptr, empty))
return false;
if (!emitTree(pn->pn_left))
return false;
// Set the offset for continues.
if (!emitJumpTarget(&loopInfo.continueTarget))
return false;
/* Compile the loop condition, now that continues know where to go. */
if (!emitTree(pn->pn_right))
return false;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFNE, top, &beq, &breakTarget))
return false;
if (!tryNoteList.append(JSTRY_LOOP, stackDepth, top.offset, breakTarget.offset))
return false;
/*
* Update the annotations with the update and back edge positions, for
* IonBuilder.
*
* Be careful: We must set noteIndex2 before noteIndex in case the noteIndex
* note gets bigger.
*/
if (!setSrcNoteOffset(noteIndex2, 0, beq.offset - top.offset))
return false;
if (!setSrcNoteOffset(noteIndex, 0, 1 + (loopInfo.continueTarget.offset - top.offset)))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
return true;
}
bool
BytecodeEmitter::emitWhile(ParseNode* pn)
{
/*
* Minimize bytecodes issued for one or more iterations by jumping to
* the condition below the body and closing the loop if the condition
* is true with a backward branch. For iteration count i:
*
* i test at the top test at the bottom
* = =============== ==================
* 0 ifeq-pass goto; ifne-fail
* 1 ifeq-fail; goto; ifne-pass goto; ifne-pass; ifne-fail
* 2 2*(ifeq-fail; goto); ifeq-pass goto; 2*ifne-pass; ifne-fail
* . . .
* N N*(ifeq-fail; goto); ifeq-pass goto; N*ifne-pass; ifne-fail
*/
// If we have a single-line while, like "while (x) ;", we want to
// emit the line note before the initial goto, so that the
// debugger sees a single entry point. This way, if there is a
// breakpoint on the line, it will only fire once; and "next"ing
// will skip the whole loop. However, for the multi-line case we
// want to emit the line note after the initial goto, so that
// "cont" stops on each iteration -- but without a stop before the
// first iteration.
if (parser->tokenStream.srcCoords.lineNum(pn->pn_pos.begin) ==
parser->tokenStream.srcCoords.lineNum(pn->pn_pos.end) &&
!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
JumpTarget top{ -1 };
if (!emitJumpTarget(&top))
return false;
LoopControl loopInfo(this, StatementKind::WhileLoop);
loopInfo.continueTarget = top;
unsigned noteIndex;
if (!newSrcNote(SRC_WHILE, ¬eIndex))
return false;
JumpList jmp;
if (!emitJump(JSOP_GOTO, &jmp))
return false;
if (!emitLoopHead(pn->pn_right, &top))
return false;
if (!emitConditionallyExecutedTree(pn->pn_right))
return false;
if (!emitLoopEntry(pn->pn_left, jmp))
return false;
if (!emitTree(pn->pn_left))
return false;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFNE, top, &beq, &breakTarget))
return false;
if (!tryNoteList.append(JSTRY_LOOP, stackDepth, top.offset, breakTarget.offset))
return false;
if (!setSrcNoteOffset(noteIndex, 0, beq.offset - jmp.offset))
return false;
if (!loopInfo.patchBreaksAndContinues(this))
return false;
return true;
}
bool
BytecodeEmitter::emitBreak(PropertyName* label)
{
BreakableControl* target;
SrcNoteType noteType;
if (label) {
// Any statement with the matching label may be the break target.
auto hasSameLabel = [label](LabelControl* labelControl) {
return labelControl->label() == label;
};
target = findInnermostNestableControl<LabelControl>(hasSameLabel);
noteType = SRC_BREAK2LABEL;
} else {
auto isNotLabel = [](BreakableControl* control) {
return !control->is<LabelControl>();
};
target = findInnermostNestableControl<BreakableControl>(isNotLabel);
noteType = (target->kind() == StatementKind::Switch) ? SRC_SWITCHBREAK : SRC_BREAK;
}
return emitGoto(target, &target->breaks, noteType);
}
bool
BytecodeEmitter::emitContinue(PropertyName* label)
{
LoopControl* target = nullptr;
if (label) {
// Find the loop statement enclosed by the matching label.
NestableControl* control = innermostNestableControl;
while (!control->is<LabelControl>() || control->as<LabelControl>().label() != label) {
if (control->is<LoopControl>())
target = &control->as<LoopControl>();
control = control->enclosing();
}
} else {
target = findInnermostNestableControl<LoopControl>();
}
return emitGoto(target, &target->continues, SRC_CONTINUE);
}
bool
BytecodeEmitter::emitGetFunctionThis(ParseNode* pn)
{
MOZ_ASSERT(sc->thisBinding() == ThisBinding::Function);
MOZ_ASSERT(pn->isKind(PNK_NAME));
MOZ_ASSERT(pn->name() == cx->names().dotThis);
if (!emitTree(pn))
return false;
if (sc->needsThisTDZChecks() && !emit1(JSOP_CHECKTHIS))
return false;
return true;
}
bool
BytecodeEmitter::emitGetThisForSuperBase(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_SUPERBASE));
return emitGetFunctionThis(pn->pn_kid);
}
bool
BytecodeEmitter::emitThisLiteral(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_THIS));
if (ParseNode* thisName = pn->pn_kid)
return emitGetFunctionThis(thisName);
if (sc->thisBinding() == ThisBinding::Module)
return emit1(JSOP_UNDEFINED);
MOZ_ASSERT(sc->thisBinding() == ThisBinding::Global);
return emit1(JSOP_GLOBALTHIS);
}
bool
BytecodeEmitter::emitCheckDerivedClassConstructorReturn()
{
MOZ_ASSERT(lookupName(cx->names().dotThis).hasKnownSlot());
if (!emitGetName(cx->names().dotThis))
return false;
if (!emit1(JSOP_CHECKRETURN))
return false;
return true;
}
bool
BytecodeEmitter::emitReturn(ParseNode* pn)
{
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
if (sc->isFunctionBox() && sc->asFunctionBox()->isStarGenerator()) {
if (!emitPrepareIteratorResult())
return false;
}
/* Push a return value */
if (ParseNode* pn2 = pn->pn_kid) {
if (!emitTree(pn2))
return false;
} else {
/* No explicit return value provided */
if (!emit1(JSOP_UNDEFINED))
return false;
}
if (sc->isFunctionBox() && sc->asFunctionBox()->isStarGenerator()) {
if (!emitFinishIteratorResult(true))
return false;
}
// We know functionBodyEndPos is set because "return" is only
// valid in a function, and so we've passed through
// emitFunctionScript.
MOZ_ASSERT(functionBodyEndPosSet);
if (!updateSourceCoordNotes(functionBodyEndPos))
return false;
/*
* EmitNonLocalJumpFixup may add fixup bytecode to close open try
* blocks having finally clauses and to exit intermingled let blocks.
* We can't simply transfer control flow to our caller in that case,
* because we must gosub to those finally clauses from inner to outer,
* with the correct stack pointer (i.e., after popping any with,
* for/in, etc., slots nested inside the finally's try).
*
* In this case we mutate JSOP_RETURN into JSOP_SETRVAL and add an
* extra JSOP_RETRVAL after the fixups.
*/
ptrdiff_t top = offset();
bool isGenerator = sc->isFunctionBox() && sc->asFunctionBox()->isGenerator();
bool isDerivedClassConstructor =
sc->isFunctionBox() && sc->asFunctionBox()->isDerivedClassConstructor();
if (!emit1((isGenerator || isDerivedClassConstructor) ? JSOP_SETRVAL : JSOP_RETURN))
return false;
// Make sure that we emit this before popping the blocks in prepareForNonLocalJump,
// to ensure that the error is thrown while the scope-chain is still intact.
if (isDerivedClassConstructor) {
if (!emitCheckDerivedClassConstructorReturn())
return false;
}
NonLocalExitControl nle(this);
if (!nle.prepareForNonLocalJumpToOutermost())
return false;
if (isGenerator) {
// We know that .generator is on the function scope, as we just exited
// all nested scopes.
NameLocation loc =
*locationOfNameBoundInFunctionScope(cx->names().dotGenerator, varEmitterScope);
if (!emitGetNameAtLocation(cx->names().dotGenerator, loc))
return false;
if (!emitYieldOp(JSOP_FINALYIELDRVAL))
return false;
} else if (isDerivedClassConstructor) {
MOZ_ASSERT(code()[top] == JSOP_SETRVAL);
if (!emit1(JSOP_RETRVAL))
return false;
} else if (top + static_cast<ptrdiff_t>(JSOP_RETURN_LENGTH) != offset()) {
code()[top] = JSOP_SETRVAL;
if (!emit1(JSOP_RETRVAL))
return false;
}
return true;
}
bool
BytecodeEmitter::emitYield(ParseNode* pn)
{
MOZ_ASSERT(sc->isFunctionBox());
if (pn->getOp() == JSOP_YIELD) {
if (sc->asFunctionBox()->isStarGenerator()) {
if (!emitPrepareIteratorResult())
return false;
}
if (pn->pn_left) {
if (!emitTree(pn->pn_left))
return false;
} else {
if (!emit1(JSOP_UNDEFINED))
return false;
}
if (sc->asFunctionBox()->isStarGenerator()) {
if (!emitFinishIteratorResult(false))
return false;
}
} else {
MOZ_ASSERT(pn->getOp() == JSOP_INITIALYIELD);
}
if (!emitTree(pn->pn_right))
return false;
if (!emitYieldOp(pn->getOp()))
return false;
if (pn->getOp() == JSOP_INITIALYIELD && !emit1(JSOP_POP))
return false;
return true;
}
bool
BytecodeEmitter::emitYieldStar(ParseNode* iter, ParseNode* gen)
{
MOZ_ASSERT(sc->isFunctionBox());
MOZ_ASSERT(sc->asFunctionBox()->isStarGenerator());
if (!emitTree(iter)) // ITERABLE
return false;
if (!emitIterator()) // ITER
return false;
// Initial send value is undefined.
if (!emit1(JSOP_UNDEFINED)) // ITER RECEIVED
return false;
int depth = stackDepth;
MOZ_ASSERT(depth >= 2);
JumpList send;
if (!emitJump(JSOP_GOTO, &send)) // goto send
return false;
// Try prologue. // ITER RESULT
unsigned noteIndex;
if (!newSrcNote(SRC_TRY, ¬eIndex))
return false;
JumpTarget tryStart{ offset() };
if (!emit1(JSOP_TRY)) // tryStart:
return false;
MOZ_ASSERT(this->stackDepth == depth);
// Load the generator object.
if (!emitTree(gen)) // ITER RESULT GENOBJ
return false;
// Yield RESULT as-is, without re-boxing.
if (!emitYieldOp(JSOP_YIELD)) // ITER RECEIVED
return false;
// Try epilogue.
if (!setSrcNoteOffset(noteIndex, 0, offset() - tryStart.offset))
return false;
if (!emitJump(JSOP_GOTO, &send)) // goto send
return false;
JumpTarget tryEnd;
if (!emitJumpTarget(&tryEnd)) // tryEnd:
return false;
// Catch location.
stackDepth = uint32_t(depth); // ITER RESULT
if (!emit1(JSOP_POP)) // ITER
return false;
// THROW? = 'throw' in ITER
if (!emit1(JSOP_EXCEPTION)) // ITER EXCEPTION
return false;
if (!emit1(JSOP_SWAP)) // EXCEPTION ITER
return false;
if (!emit1(JSOP_DUP)) // EXCEPTION ITER ITER
return false;
if (!emitAtomOp(cx->names().throw_, JSOP_STRING)) // EXCEPTION ITER ITER "throw"
return false;
if (!emit1(JSOP_SWAP)) // EXCEPTION ITER "throw" ITER
return false;
if (!emit1(JSOP_IN)) // EXCEPTION ITER THROW?
return false;
// if (THROW?) goto delegate
JumpList checkThrow;
if (!emitJump(JSOP_IFNE, &checkThrow)) // EXCEPTION ITER
return false;
if (!emit1(JSOP_POP)) // EXCEPTION
return false;
if (!emit1(JSOP_THROW)) // throw EXCEPTION
return false;
if (!emitJumpTargetAndPatch(checkThrow)) // delegate:
return false;
// RESULT = ITER.throw(EXCEPTION) // EXCEPTION ITER
stackDepth = uint32_t(depth);
if (!emit1(JSOP_DUP)) // EXCEPTION ITER ITER
return false;
if (!emit1(JSOP_DUP)) // EXCEPTION ITER ITER ITER
return false;
if (!emitAtomOp(cx->names().throw_, JSOP_CALLPROP)) // EXCEPTION ITER ITER THROW
return false;
if (!emit1(JSOP_SWAP)) // EXCEPTION ITER THROW ITER
return false;
if (!emit2(JSOP_PICK, 3)) // ITER THROW ITER EXCEPTION
return false;
if (!emitCall(JSOP_CALL, 1, iter)) // ITER RESULT
return false;
checkTypeSet(JSOP_CALL);
MOZ_ASSERT(this->stackDepth == depth);
JumpList checkResult;
if (!emitJump(JSOP_GOTO, &checkResult)) // goto checkResult
return false;
// Catch epilogue.
// This is a peace offering to ReconstructPCStack. See the note in EmitTry.
if (!emit1(JSOP_NOP))
return false;
if (!tryNoteList.append(JSTRY_CATCH, depth, tryStart.offset + JSOP_TRY_LENGTH, tryEnd.offset))
return false;
// After the try/catch block: send the received value to the iterator.
if (!emitJumpTargetAndPatch(send)) // send:
return false;
// Send location.
// result = iter.next(received) // ITER RECEIVED
if (!emit1(JSOP_SWAP)) // RECEIVED ITER
return false;
if (!emit1(JSOP_DUP)) // RECEIVED ITER ITER
return false;
if (!emit1(JSOP_DUP)) // RECEIVED ITER ITER ITER
return false;
if (!emitAtomOp(cx->names().next, JSOP_CALLPROP)) // RECEIVED ITER ITER NEXT
return false;
if (!emit1(JSOP_SWAP)) // RECEIVED ITER NEXT ITER
return false;
if (!emit2(JSOP_PICK, 3)) // ITER NEXT ITER RECEIVED
return false;
if (!emitCall(JSOP_CALL, 1, iter)) // ITER RESULT
return false;
if (!emitCheckIsObj(CheckIsObjectKind::IteratorNext)) // ITER RESULT
return false;
checkTypeSet(JSOP_CALL);
MOZ_ASSERT(this->stackDepth == depth);
if (!emitJumpTargetAndPatch(checkResult)) // checkResult:
return false;
// if (!result.done) goto tryStart; // ITER RESULT
if (!emit1(JSOP_DUP)) // ITER RESULT RESULT
return false;
if (!emitAtomOp(cx->names().done, JSOP_GETPROP)) // ITER RESULT DONE
return false;
// if (!DONE) goto tryStart;
JumpList beq;
JumpTarget breakTarget{ -1 };
if (!emitBackwardJump(JSOP_IFEQ, tryStart, &beq, &breakTarget)) // ITER RESULT
return false;
// result.value
if (!emit1(JSOP_SWAP)) // RESULT ITER
return false;
if (!emit1(JSOP_POP)) // RESULT
return false;
if (!emitAtomOp(cx->names().value, JSOP_GETPROP)) // VALUE
return false;
MOZ_ASSERT(this->stackDepth == depth - 1);
return true;
}
bool
BytecodeEmitter::emitStatementList(ParseNode* pn)
{
MOZ_ASSERT(pn->isArity(PN_LIST));
for (ParseNode* pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) {
if (!emitTree(pn2))
return false;
}
return true;
}
bool
BytecodeEmitter::emitStatement(ParseNode* pn)
{
MOZ_ASSERT(pn->isKind(PNK_SEMI));
ParseNode* pn2 = pn->pn_kid;
if (!pn2)
return true;
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
/*
* Top-level or called-from-a-native JS_Execute/EvaluateScript,
* debugger, and eval frames may need the value of the ultimate
* expression statement as the script's result, despite the fact
* that it appears useless to the compiler.
*
* API users may also set the JSOPTION_NO_SCRIPT_RVAL option when
* calling JS_Compile* to suppress JSOP_SETRVAL.
*/
bool wantval = false;
bool useful = false;
if (sc->isFunctionBox())
MOZ_ASSERT(!script->noScriptRval());
else
useful = wantval = !script->noScriptRval();
/* Don't eliminate expressions with side effects. */
if (!useful) {
if (!checkSideEffects(pn2, &useful))
return false;
/*
* Don't eliminate apparently useless expressions if they are labeled
* expression statements. The startOffset() test catches the case
* where we are nesting in emitTree for a labeled compound statement.
*/
if (innermostNestableControl &&
innermostNestableControl->is<LabelControl>() &&
innermostNestableControl->as<LabelControl>().startOffset() >= offset())
{
useful = true;
}
}
if (useful) {
JSOp op = wantval ? JSOP_SETRVAL : JSOP_POP;
MOZ_ASSERT_IF(pn2->isKind(PNK_ASSIGN), pn2->isOp(JSOP_NOP));
if (!emitTree(pn2))
return false;
if (!emit1(op))
return false;
} else if (pn->isDirectivePrologueMember()) {
// Don't complain about directive prologue members; just don't emit
// their code.
} else {
if (JSAtom* atom = pn->isStringExprStatement()) {
// Warn if encountering a non-directive prologue member string
// expression statement, that is inconsistent with the current
// directive prologue. That is, a script *not* starting with
// "use strict" should warn for any "use strict" statements seen
// later in the script, because such statements are misleading.
const char* directive = nullptr;
if (atom == cx->names().useStrict) {
if (!sc->strictScript)
directive = js_useStrict_str;
} else if (atom == cx->names().useAsm) {
if (sc->isFunctionBox()) {
if (IsAsmJSModule(sc->asFunctionBox()->function()))
directive = js_useAsm_str;
}
}
if (directive) {
if (!reportStrictWarning(pn2, JSMSG_CONTRARY_NONDIRECTIVE, directive))
return false;
}
} else {
current->currentLine = parser->tokenStream.srcCoords.lineNum(pn2->pn_pos.begin);
current->lastColumn = 0;
if (!reportStrictWarning(pn2, JSMSG_USELESS_EXPR))
return false;
}
}
return true;
}
bool
BytecodeEmitter::emitDeleteName(ParseNode* node)
{
MOZ_ASSERT(node->isKind(PNK_DELETENAME));
MOZ_ASSERT(node->isArity(PN_UNARY));
ParseNode* nameExpr = node->pn_kid;
MOZ_ASSERT(nameExpr->isKind(PNK_NAME));
return emitAtomOp(nameExpr, JSOP_DELNAME);
}
bool
BytecodeEmitter::emitDeleteProperty(ParseNode* node)
{
MOZ_ASSERT(node->isKind(PNK_DELETEPROP));
MOZ_ASSERT(node->isArity(PN_UNARY));
ParseNode* propExpr = node->pn_kid;
MOZ_ASSERT(propExpr->isKind(PNK_DOT));
if (propExpr->as<PropertyAccess>().isSuper()) {
// Still have to calculate the base, even though we are are going
// to throw unconditionally, as calculating the base could also
// throw.
if (!emit1(JSOP_SUPERBASE))
return false;
return emitUint16Operand(JSOP_THROWMSG, JSMSG_CANT_DELETE_SUPER);
}
JSOp delOp = sc->strict() ? JSOP_STRICTDELPROP : JSOP_DELPROP;
return emitPropOp(propExpr, delOp);
}
bool
BytecodeEmitter::emitDeleteElement(ParseNode* node)
{
MOZ_ASSERT(node->isKind(PNK_DELETEELEM));
MOZ_ASSERT(node->isArity(PN_UNARY));
ParseNode* elemExpr = node->pn_kid;
MOZ_ASSERT(elemExpr->isKind(PNK_ELEM));
if (elemExpr->as<PropertyByValue>().isSuper()) {
// Still have to calculate everything, even though we're gonna throw
// since it may have side effects
if (!emitTree(elemExpr->pn_right))
return false;
if (!emit1(JSOP_SUPERBASE))
return false;
if (!emitUint16Operand(JSOP_THROWMSG, JSMSG_CANT_DELETE_SUPER))
return false;
// Another wrinkle: Balance the stack from the emitter's point of view.
// Execution will not reach here, as the last bytecode threw.
return emit1(JSOP_POP);
}
JSOp delOp = sc->strict() ? JSOP_STRICTDELELEM : JSOP_DELELEM;
return emitElemOp(elemExpr, delOp);
}
bool
BytecodeEmitter::emitDeleteExpression(ParseNode* node)
{
MOZ_ASSERT(node->isKind(PNK_DELETEEXPR));
MOZ_ASSERT(node->isArity(PN_UNARY));
ParseNode* expression = node->pn_kid;
// If useless, just emit JSOP_TRUE; otherwise convert |delete <expr>| to
// effectively |<expr>, true|.
bool useful = false;
if (!checkSideEffects(expression, &useful))
return false;
if (useful) {
if (!emitTree(expression))
return false;
if (!emit1(JSOP_POP))
return false;
}
return emit1(JSOP_TRUE);
}
static const char *
SelfHostedCallFunctionName(JSAtom* name, ExclusiveContext* cx)
{
if (name == cx->names().callFunction)
return "callFunction";
if (name == cx->names().callContentFunction)
return "callContentFunction";
if (name == cx->names().constructContentFunction)
return "constructContentFunction";
MOZ_CRASH("Unknown self-hosted call function name");
}
bool
BytecodeEmitter::emitSelfHostedCallFunction(ParseNode* pn)
{
// Special-casing of callFunction to emit bytecode that directly
// invokes the callee with the correct |this| object and arguments.
// callFunction(fun, thisArg, arg0, arg1) thus becomes:
// - emit lookup for fun
// - emit lookup for thisArg
// - emit lookups for arg0, arg1
//
// argc is set to the amount of actually emitted args and the
// emitting of args below is disabled by setting emitArgs to false.
ParseNode* pn2 = pn->pn_head;
const char* errorName = SelfHostedCallFunctionName(pn2->name(), cx);
if (pn->pn_count < 3) {
reportError(pn, JSMSG_MORE_ARGS_NEEDED, errorName, "2", "s");
return false;
}
JSOp callOp = pn->getOp();
if (callOp != JSOP_CALL) {
reportError(pn, JSMSG_NOT_CONSTRUCTOR, errorName);
return false;
}
bool constructing = pn2->name() == cx->names().constructContentFunction;
ParseNode* funNode = pn2->pn_next;
if (constructing)
callOp = JSOP_NEW;
else if (funNode->getKind() == PNK_NAME && funNode->name() == cx->names().std_Function_apply)
callOp = JSOP_FUNAPPLY;
if (!emitTree(funNode))
return false;
#ifdef DEBUG
if (emitterMode == BytecodeEmitter::SelfHosting &&
pn2->name() == cx->names().callFunction)
{
if (!emit1(JSOP_DEBUGCHECKSELFHOSTED))
return false;
}
#endif
ParseNode* thisOrNewTarget = funNode->pn_next;
if (constructing) {
// Save off the new.target value, but here emit a proper |this| for a
// constructing call.
if (!emit1(JSOP_IS_CONSTRUCTING))
return false;
} else {
// It's |this|, emit it.
if (!emitTree(thisOrNewTarget))
return false;
}
for (ParseNode* argpn = thisOrNewTarget->pn_next; argpn; argpn = argpn->pn_next) {
if (!emitTree(argpn))
return false;
}
if (constructing) {
if (!emitTree(thisOrNewTarget))
return false;
}
uint32_t argc = pn->pn_count - 3;
if (!emitCall(callOp, argc))
return false;
checkTypeSet(callOp);
return true;
}
bool
BytecodeEmitter::emitSelfHostedResumeGenerator(ParseNode* pn)
{
// Syntax: resumeGenerator(gen, value, 'next'|'throw'|'close')
if (pn->pn_count != 4) {
reportError(pn, JSMSG_MORE_ARGS_NEEDED, "resumeGenerator", "1", "s");
return false;
}
ParseNode* funNode = pn->pn_head; // The resumeGenerator node.
ParseNode* genNode = funNode->pn_next;
if (!emitTree(genNode))
return false;
ParseNode* valNode = genNode->pn_next;
if (!emitTree(valNode))
return false;
ParseNode* kindNode = valNode->pn_next;
MOZ_ASSERT(kindNode->isKind(PNK_STRING));
uint16_t operand = GeneratorObject::getResumeKind(cx, kindNode->pn_atom);
MOZ_ASSERT(!kindNode->pn_next);
if (!emitCall(JSOP_RESUME, operand))
return false;
return true;
}
bool
BytecodeEmitter::emitSelfHostedForceInterpreter(ParseNode* pn)
{
if (!emit1(JSOP_FORCEINTERPRETER))
return false;
if (!emit1(JSOP_UNDEFINED))
return false;
return true;
}
bool
BytecodeEmitter::emitSelfHostedAllowContentSpread(ParseNode* pn)
{
if (pn->pn_count != 2) {
reportError(pn, JSMSG_MORE_ARGS_NEEDED, "allowContentSpread", "1", "");
return false;
}
// We're just here as a sentinel. Pass the value through directly.
return emitTree(pn->pn_head->pn_next);
}
bool
BytecodeEmitter::isRestParameter(ParseNode* pn, bool* result)
{
if (!sc->isFunctionBox()) {
*result = false;
return true;
}
FunctionBox* funbox = sc->asFunctionBox();
RootedFunction fun(cx, funbox->function());
if (!fun->hasRest()) {
*result = false;
return true;
}
if (!pn->isKind(PNK_NAME)) {
if (emitterMode == BytecodeEmitter::SelfHosting && pn->isKind(PNK_CALL)) {
ParseNode* pn2 = pn->pn_head;
if (pn2->getKind() == PNK_NAME && pn2->name() == cx->names().allowContentSpread)
return isRestParameter(pn2->pn_next, result);
}
*result = false;
return true;
}
JSAtom* name = pn->name();
Maybe<NameLocation> paramLoc = locationOfNameBoundInFunctionScope(name);
if (paramLoc && lookupName(name) == *paramLoc) {
FunctionScope::Data* bindings = funbox->functionScopeBindings();
if (bindings->nonPositionalFormalStart > 0) {
// |paramName| can be nullptr when the rest destructuring syntax is
// used: `function f(...[]) {}`.
JSAtom* paramName = bindings->names[bindings->nonPositionalFormalStart - 1].name();
*result = paramName && name == paramName;
return true;
}
}
return true;
}
bool
BytecodeEmitter::emitOptimizeSpread(ParseNode* arg0, JumpList* jmp, bool* emitted)
{
// Emit a pereparation code to optimize the spread call with a rest
// parameter:
//
// function f(...args) {
// g(...args);
// }
//
// If the spread operand is a rest parameter and it's optimizable array,
// skip spread operation and pass it directly to spread call operation.
// See the comment in OptimizeSpreadCall in Interpreter.cpp for the
// optimizable conditons.
bool result = false;
if (!isRestParameter(arg0, &result))
return false;
if (!result) {
*emitted = false;
return true;
}
if (!emitTree(arg0))
return false;
if (!emit1(JSOP_OPTIMIZE_SPREADCALL))
return false;
if (!emitJump(JSOP_IFNE, jmp))
return false;
if (!emit1(JSOP_POP))
return false;
*emitted = true;
return true;
}
bool
BytecodeEmitter::emitCallOrNew(ParseNode* pn)
{
bool callop = pn->isKind(PNK_CALL) || pn->isKind(PNK_TAGGED_TEMPLATE);
/*
* Emit callable invocation or operator new (constructor call) code.
* First, emit code for the left operand to evaluate the callable or
* constructable object expression.
*
* For operator new, we emit JSOP_GETPROP instead of JSOP_CALLPROP, etc.
* This is necessary to interpose the lambda-initialized method read
* barrier -- see the code in jsinterp.cpp for JSOP_LAMBDA followed by
* JSOP_{SET,INIT}PROP.
*
* Then (or in a call case that has no explicit reference-base
* object) we emit JSOP_UNDEFINED to produce the undefined |this|
* value required for calls (which non-strict mode functions
* will box into the global object).
*/
uint32_t argc = pn->pn_count - 1;
if (argc >= ARGC_LIMIT) {
parser->tokenStream.reportError(callop
? JSMSG_TOO_MANY_FUN_ARGS
: JSMSG_TOO_MANY_CON_ARGS);
return false;
}
ParseNode* pn2 = pn->pn_head;
bool spread = JOF_OPTYPE(pn->getOp()) == JOF_BYTE;
switch (pn2->getKind()) {
case PNK_NAME:
if (emitterMode == BytecodeEmitter::SelfHosting && !spread) {
// Calls to "forceInterpreter", "callFunction",
// "callContentFunction", or "resumeGenerator" in self-hosted
// code generate inline bytecode.
if (pn2->name() == cx->names().callFunction ||
pn2->name() == cx->names().callContentFunction ||
pn2->name() == cx->names().constructContentFunction)
{
return emitSelfHostedCallFunction(pn);
}
if (pn2->name() == cx->names().resumeGenerator)
return emitSelfHostedResumeGenerator(pn);
if (pn2->name() == cx->names().forceInterpreter)
return emitSelfHostedForceInterpreter(pn);
if (pn2->name() == cx->names().allowContentSpread)
return emitSelfHostedAllowContentSpread(pn);
// Fall through.
}
if (!emitGetName(pn2, callop))
return false;
break;
case PNK_DOT:
MOZ_ASSERT(emitterMode != BytecodeEmitter::SelfHosting);
if (pn2->as<PropertyAccess>().isSuper()) {
if (!emitSuperPropOp(pn2, JSOP_GETPROP_SUPER, /* isCall = */ callop))
return false;
} else {
if (!emitPropOp(pn2, callop ? JSOP_CALLPROP : JSOP_GETPROP))
return false;
}
break;
case PNK_ELEM:
MOZ_ASSERT(emitterMode != BytecodeEmitter::SelfHosting);
if (pn2->as<PropertyByValue>().isSuper()) {
if (!emitSuperElemOp(pn2, JSOP_GETELEM_SUPER, /* isCall = */ callop))
return false;
} else {
if (!emitElemOp(pn2, callop ? JSOP_CALLELEM : JSOP_GETELEM))
return false;
if (callop) {
if (!emit1(JSOP_SWAP))
return false;
}
}
break;
case PNK_FUNCTION:
/*
* Top level lambdas which are immediately invoked should be
* treated as only running once. Every time they execute we will
* create new types and scripts for their contents, to increase
* the quality of type information within them and enable more
* backend optimizations. Note that this does not depend on the
* lambda being invoked at most once (it may be named or be
* accessed via foo.caller indirection), as multiple executions
* will just cause the inner scripts to be repeatedly cloned.
*/
MOZ_ASSERT(!emittingRunOnceLambda);
if (checkRunOnceContext()) {
emittingRunOnceLambda = true;
if (!emitTree(pn2))
return false;
emittingRunOnceLambda = false;
} else {
if (!emitTree(pn2))
return false;
}
callop = false;
break;
case PNK_SUPERBASE:
MOZ_ASSERT(pn->isKind(PNK_SUPERCALL));
MOZ_ASSERT(parser->handler.isSuperBase(pn2));
if (!emit1(JSOP_SUPERFUN))
return false;
break;
default:
if (!emitTree(pn2))
return false;
callop = false; /* trigger JSOP_UNDEFINED after */
break;
}
bool isNewOp = pn->getOp() == JSOP_NEW || pn->getOp() == JSOP_SPREADNEW ||
pn->getOp() == JSOP_SUPERCALL || pn->getOp() == JSOP_SPREADSUPERCALL;
// Emit room for |this|.
if (!callop) {
if (isNewOp) {
if (!emit1(JSOP_IS_CONSTRUCTING))
return false;
} else {
if (!emit1(JSOP_UNDEFINED))
return false;
}
}
/*
* Emit code for each argument in order, then emit the JSOP_*CALL or
* JSOP_NEW bytecode with a two-byte immediate telling how many args
* were pushed on the operand stack.
*/
if (!spread) {
for (ParseNode* pn3 = pn2->pn_next; pn3; pn3 = pn3->pn_next) {
if (!emitTree(pn3))
return false;
}
if (isNewOp) {
if (pn->isKind(PNK_SUPERCALL)) {
if (!emit1(JSOP_NEWTARGET))
return false;
} else {
// Repush the callee as new.target
if (!emitDupAt(argc + 1))
return false;
}
}
} else {
ParseNode* args = pn2->pn_next;
JumpList jmp;
bool optCodeEmitted = false;
if (argc == 1) {
if (!emitOptimizeSpread(args->pn_kid, &jmp, &optCodeEmitted))
return false;
}
if (!emitArray(args, argc, JSOP_SPREADCALLARRAY))
return false;
if (optCodeEmitted) {
if (!emitJumpTargetAndPatch(jmp))
return false;
}
if (isNewOp) {
if (pn->isKind(PNK_SUPERCALL)) {
if (!emit1(JSOP_NEWTARGET))
return false;
} else {
if (!emitDupAt(2))
return false;
}
}
}
if (!spread) {
if (!emitCall(pn->getOp(), argc, pn))
return false;
} else {
if (!emit1(pn->getOp()))
return false;
}
checkTypeSet(pn->getOp());
if (pn->isOp(JSOP_EVAL) ||
pn->isOp(JSOP_STRICTEVAL) ||
pn->isOp(JSOP_SPREADEVAL) ||
pn->isOp(JSOP_STRICTSPREADEVAL))
{
uint32_t lineNum = parser->tokenStream.srcCoords.lineNum(pn->pn_pos.begin);
if (!emitUint32Operand(JSOP_LINENO, lineNum))
return false;
}
return true;
}
bool
BytecodeEmitter::emitRightAssociative(ParseNode* pn)
{
// ** is the only right-associative operator.
MOZ_ASSERT(pn->isKind(PNK_POW));
MOZ_ASSERT(pn->isArity(PN_LIST));
// Right-associative operator chain.
for (ParseNode* subexpr = pn->pn_head; subexpr; subexpr = subexpr->pn_next) {
if (!emitTree(subexpr))
return false;
}
for (uint32_t i = 0; i < pn->pn_count - 1; i++) {
if (!emit1(JSOP_POW))
return false;
}
return true;
}
bool
BytecodeEmitter::emitLeftAssociative(ParseNode* pn)
{
MOZ_ASSERT(pn->isArity(PN_LIST));
// Left-associative operator chain.
if (!emitTree(pn->pn_head))
return false;
JSOp op = pn->getOp();
ParseNode* nextExpr = pn->pn_head->pn_next;
do {
if (!emitTree(nextExpr))
return false;
if (!emit1(op))
return false;
} while ((nextExpr = nextExpr->pn_next));
return true;
}
bool
BytecodeEmitter::emitLogical(ParseNode* pn)
{
MOZ_ASSERT(pn->isArity(PN_LIST));
/*
* JSOP_OR converts the operand on the stack to boolean, leaves the original
* value on the stack and jumps if true; otherwise it falls into the next
* bytecode, which pops the left operand and then evaluates the right operand.
* The jump goes around the right operand evaluation.
*
* JSOP_AND converts the operand on the stack to boolean and jumps if false;
* otherwise it falls into the right operand's bytecode.
*/
TDZCheckCache tdzCache(this);
/* Left-associative operator chain: avoid too much recursion. */
ParseNode* pn2 = pn->pn_head;
if (!emitTree(pn2))
return false;
JSOp op = pn->getOp();
JumpList jump;
if (!emitJump(op, &jump))
return false;
if (!emit1(JSOP_POP))
return false;
/* Emit nodes between the head and the tail. */
while ((pn2 = pn2->pn_next)->pn_next) {
if (!emitTree(pn2))
return false;
if (!emitJump(op, &jump))
return false;
if (!emit1(JSOP_POP))
return false;
}
if (!emitTree(pn2))
return false;
if (!emitJumpTargetAndPatch(jump))
return false;
return true;
}
bool
BytecodeEmitter::emitSequenceExpr(ParseNode* pn)
{
for (ParseNode* child = pn->pn_head; ; child = child->pn_next) {
if (!updateSourceCoordNotes(child->pn_pos.begin))
return false;
if (!emitTree(child))
return false;
if (!child->pn_next)
break;
if (!emit1(JSOP_POP))
return false;
}
return true;
}
// Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
// the comment on emitSwitch.
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitIncOrDec(ParseNode* pn)
{
switch (pn->pn_kid->getKind()) {
case PNK_DOT:
return emitPropIncDec(pn);
case PNK_ELEM:
return emitElemIncDec(pn);
case PNK_CALL:
return emitCallIncDec(pn);
default:
return emitNameIncDec(pn);
}
return true;
}
// Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
// the comment on emitSwitch.
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitLabeledStatement(const LabeledStatement* pn)
{
/*
* Emit a JSOP_LABEL instruction. The argument is the offset to the statement
* following the labeled statement.
*/
uint32_t index;
if (!makeAtomIndex(pn->label(), &index))
return false;
JumpList top;
if (!emitJump(JSOP_LABEL, &top))
return false;
/* Emit code for the labeled statement. */
LabelControl controlInfo(this, pn->label(), offset());
if (!emitTree(pn->statement()))
return false;
/* Patch the JSOP_LABEL offset. */
JumpTarget brk{ lastNonJumpTargetOffset() };
patchJumpsToTarget(top, brk);
if (!controlInfo.patchBreaks(this))
return false;
return true;
}
bool
BytecodeEmitter::emitConditionalExpression(ConditionalExpression& conditional)
{
/* Emit the condition, then branch if false to the else part. */
if (!emitTree(&conditional.condition()))
return false;
IfThenElseEmitter ifThenElse(this);
if (!ifThenElse.emitCond())
return false;
if (!emitConditionallyExecutedTree(&conditional.thenExpression()))
return false;
if (!ifThenElse.emitElse())
return false;
if (!emitConditionallyExecutedTree(&conditional.elseExpression()))
return false;
if (!ifThenElse.emitEnd())
return false;
MOZ_ASSERT(ifThenElse.pushed() == 1);
return true;
}
bool
BytecodeEmitter::emitPropertyList(ParseNode* pn, MutableHandlePlainObject objp, PropListType type)
{
for (ParseNode* propdef = pn->pn_head; propdef; propdef = propdef->pn_next) {
if (!updateSourceCoordNotes(propdef->pn_pos.begin))
return false;
// Handle __proto__: v specially because *only* this form, and no other
// involving "__proto__", performs [[Prototype]] mutation.
if (propdef->isKind(PNK_MUTATEPROTO)) {
MOZ_ASSERT(type == ObjectLiteral);
if (!emitTree(propdef->pn_kid))
return false;
objp.set(nullptr);
if (!emit1(JSOP_MUTATEPROTO))
return false;
continue;
}
bool extraPop = false;
if (type == ClassBody && propdef->as<ClassMethod>().isStatic()) {
extraPop = true;
if (!emit1(JSOP_DUP2))
return false;
if (!emit1(JSOP_POP))
return false;
}
/* Emit an index for t[2] for later consumption by JSOP_INITELEM. */
ParseNode* key = propdef->pn_left;
bool isIndex = false;
if (key->isKind(PNK_NUMBER)) {
if (!emitNumberOp(key->pn_dval))
return false;
isIndex = true;
} else if (key->isKind(PNK_OBJECT_PROPERTY_NAME) || key->isKind(PNK_STRING)) {
// EmitClass took care of constructor already.
if (type == ClassBody && key->pn_atom == cx->names().constructor &&
!propdef->as<ClassMethod>().isStatic())
{
continue;
}
// The parser already checked for atoms representing indexes and
// used PNK_NUMBER instead, but also watch for ids which TI treats
// as indexes for simpliciation of downstream analysis.
jsid id = NameToId(key->pn_atom->asPropertyName());
if (id != IdToTypeId(id)) {
if (!emitTree(key))
return false;
isIndex = true;
}
} else {
if (!emitComputedPropertyName(key))
return false;
isIndex = true;
}
/* Emit code for the property initializer. */
if (!emitTree(propdef->pn_right))
return false;
JSOp op = propdef->getOp();
MOZ_ASSERT(op == JSOP_INITPROP ||
op == JSOP_INITPROP_GETTER ||
op == JSOP_INITPROP_SETTER);
if (op == JSOP_INITPROP_GETTER || op == JSOP_INITPROP_SETTER)
objp.set(nullptr);
if (propdef->pn_right->isKind(PNK_FUNCTION) &&
propdef->pn_right->pn_funbox->needsHomeObject())
{
MOZ_ASSERT(propdef->pn_right->pn_funbox->function()->allowSuperProperty());
bool isAsync = propdef->pn_right->pn_funbox->isAsync();
if (isAsync) {
if (!emit1(JSOP_SWAP))
return false;
}
if (!emit2(JSOP_INITHOMEOBJECT, isIndex + isAsync))
return false;
if (isAsync) {
if (!emit1(JSOP_POP))
return false;
}
}
// Class methods are not enumerable.
if (type == ClassBody) {
switch (op) {
case JSOP_INITPROP: op = JSOP_INITHIDDENPROP; break;
case JSOP_INITPROP_GETTER: op = JSOP_INITHIDDENPROP_GETTER; break;
case JSOP_INITPROP_SETTER: op = JSOP_INITHIDDENPROP_SETTER; break;
default: MOZ_CRASH("Invalid op");
}
}
if (isIndex) {
objp.set(nullptr);
switch (op) {
case JSOP_INITPROP: op = JSOP_INITELEM; break;
case JSOP_INITHIDDENPROP: op = JSOP_INITHIDDENELEM; break;
case JSOP_INITPROP_GETTER: op = JSOP_INITELEM_GETTER; break;
case JSOP_INITHIDDENPROP_GETTER: op = JSOP_INITHIDDENELEM_GETTER; break;
case JSOP_INITPROP_SETTER: op = JSOP_INITELEM_SETTER; break;
case JSOP_INITHIDDENPROP_SETTER: op = JSOP_INITHIDDENELEM_SETTER; break;
default: MOZ_CRASH("Invalid op");
}
if (!emit1(op))
return false;
} else {
MOZ_ASSERT(key->isKind(PNK_OBJECT_PROPERTY_NAME) || key->isKind(PNK_STRING));
uint32_t index;
if (!makeAtomIndex(key->pn_atom, &index))
return false;
if (objp) {
MOZ_ASSERT(type == ObjectLiteral);
MOZ_ASSERT(!IsHiddenInitOp(op));
MOZ_ASSERT(!objp->inDictionaryMode());
Rooted<jsid> id(cx, AtomToId(key->pn_atom));
RootedValue undefinedValue(cx, UndefinedValue());
if (!NativeDefineProperty(cx, objp, id, undefinedValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
if (objp->inDictionaryMode())
objp.set(nullptr);
}
if (!emitIndex32(op, index))
return false;
}
if (extraPop) {
if (!emit1(JSOP_POP))
return false;
}
}
return true;
}
// Using MOZ_NEVER_INLINE in here is a workaround for llvm.org/pr14047. See
// the comment on emitSwitch.
MOZ_NEVER_INLINE bool
BytecodeEmitter::emitObject(ParseNode* pn)
{
if (!(pn->pn_xflags & PNX_NONCONST) && pn->pn_head && checkSingletonContext())
return emitSingletonInitialiser(pn);
/*
* Emit code for {p:a, '%q':b, 2:c} that is equivalent to constructing
* a new object and defining (in source order) each property on the object
* (or mutating the object's [[Prototype]], in the case of __proto__).
*/
ptrdiff_t offset = this->offset();
if (!emitNewInit(JSProto_Object))
return false;
/*
* Try to construct the shape of the object as we go, so we can emit a
* JSOP_NEWOBJECT with the final shape instead.
*/
RootedPlainObject obj(cx);
// No need to do any guessing for the object kind, since we know exactly
// how many properties we plan to have.
gc::AllocKind kind = gc::GetGCObjectKind(pn->pn_count);
obj = NewBuiltinClassInstance<PlainObject>(cx, kind, TenuredObject);
if (!obj)
return false;
if (!emitPropertyList(pn, &obj, ObjectLiteral))
return false;
if (obj) {
/*
* The object survived and has a predictable shape: update the original
* bytecode.
*/
ObjectBox* objbox = parser->newObjectBox(obj);
if (!objbox)
return false;
static_assert(JSOP_NEWINIT_LENGTH == JSOP_NEWOBJECT_LENGTH,
"newinit and newobject must have equal length to edit in-place");
uint32_t index = objectList.add(objbox);
jsbytecode* code = this->code(offset);
code[0] = JSOP_NEWOBJECT;
code[1] = jsbytecode(index >> 24);
code[2] = jsbytecode(index >> 16);
code[3] = jsbytecode(index >> 8);
code[4] = jsbytecode(index);
}
return true;
}
bool
BytecodeEmitter::emitArrayComp(ParseNode* pn)
{
if (!emitNewInit(JSProto_Array))
return false;
/*
* Pass the new array's stack index to the PNK_ARRAYPUSH case via
* arrayCompDepth, then simply traverse the PNK_FOR node and
* its kids under pn2 to generate this comprehension.
*/
MOZ_ASSERT(stackDepth > 0);
uint32_t saveDepth = arrayCompDepth;
arrayCompDepth = (uint32_t) (stackDepth - 1);
if (!emitTree(pn->pn_head))
return false;
arrayCompDepth = saveDepth;
return true;
}
bool
BytecodeEmitter::emitArrayLiteral(ParseNode* pn)
{
if (!(pn->pn_xflags & PNX_NONCONST) && pn->pn_head) {
if (checkSingletonContext()) {
// Bake in the object entirely if it will only be created once.
return emitSingletonInitialiser(pn);
}
// If the array consists entirely of primitive values, make a
// template object with copy on write elements that can be reused
// every time the initializer executes.
if (emitterMode != BytecodeEmitter::SelfHosting && pn->pn_count != 0) {
RootedValue value(cx);
if (!pn->getConstantValue(cx, ParseNode::ForCopyOnWriteArray, &value))
return false;
if (!value.isMagic(JS_GENERIC_MAGIC)) {
// Note: the group of the template object might not yet reflect
// that the object has copy on write elements. When the
// interpreter or JIT compiler fetches the template, it should
// use ObjectGroup::getOrFixupCopyOnWriteObject to make sure the
// group for the template is accurate. We don't do this here as we
// want to use ObjectGroup::allocationSiteGroup, which requires a
// finished script.
JSObject* obj = &value.toObject();
MOZ_ASSERT(obj->is<ArrayObject>() &&
obj->as<ArrayObject>().denseElementsAreCopyOnWrite());
ObjectBox* objbox = parser->newObjectBox(obj);
if (!objbox)
return false;
return emitObjectOp(objbox, JSOP_NEWARRAY_COPYONWRITE);
}
}
}
return emitArray(pn->pn_head, pn->pn_count, JSOP_NEWARRAY);
}
bool
BytecodeEmitter::emitArray(ParseNode* pn, uint32_t count, JSOp op)
{
/*
* Emit code for [a, b, c] that is equivalent to constructing a new
* array and in source order evaluating each element value and adding
* it to the array, without invoking latent setters. We use the
* JSOP_NEWINIT and JSOP_INITELEM_ARRAY bytecodes to ignore setters and
* to avoid dup'ing and popping the array as each element is added, as
* JSOP_SETELEM/JSOP_SETPROP would do.
*/
MOZ_ASSERT(op == JSOP_NEWARRAY || op == JSOP_SPREADCALLARRAY);
uint32_t nspread = 0;
for (ParseNode* elt = pn; elt; elt = elt->pn_next) {
if (elt->isKind(PNK_SPREAD))
nspread++;
}
// Array literal's length is limited to NELEMENTS_LIMIT in parser.
static_assert(NativeObject::MAX_DENSE_ELEMENTS_COUNT <= INT32_MAX,
"array literals' maximum length must not exceed limits "
"required by BaselineCompiler::emit_JSOP_NEWARRAY, "
"BaselineCompiler::emit_JSOP_INITELEM_ARRAY, "
"and DoSetElemFallback's handling of JSOP_INITELEM_ARRAY");
MOZ_ASSERT(count >= nspread);
MOZ_ASSERT(count <= NativeObject::MAX_DENSE_ELEMENTS_COUNT,
"the parser must throw an error if the array exceeds maximum "
"length");
// For arrays with spread, this is a very pessimistic allocation, the
// minimum possible final size.
if (!emitUint32Operand(op, count - nspread)) // ARRAY
return false;
ParseNode* pn2 = pn;
uint32_t index;
bool afterSpread = false;
for (index = 0; pn2; index++, pn2 = pn2->pn_next) {
if (!afterSpread && pn2->isKind(PNK_SPREAD)) {
afterSpread = true;
if (!emitNumberOp(index)) // ARRAY INDEX
return false;
}
if (!updateSourceCoordNotes(pn2->pn_pos.begin))
return false;
bool allowSelfHostedSpread = false;
if (pn2->isKind(PNK_ELISION)) {
if (!emit1(JSOP_HOLE))
return false;
} else {
ParseNode* expr;
if (pn2->isKind(PNK_SPREAD)) {
expr = pn2->pn_kid;
if (emitterMode == BytecodeEmitter::SelfHosting &&
expr->isKind(PNK_CALL) &&
expr->pn_head->name() == cx->names().allowContentSpread)
{
allowSelfHostedSpread = true;
}
} else {
expr = pn2;
}
if (!emitTree(expr)) // ARRAY INDEX? VALUE
return false;
}
if (pn2->isKind(PNK_SPREAD)) {
if (!emitIterator()) // ARRAY INDEX ITER
return false;
if (!emit2(JSOP_PICK, 2)) // INDEX ITER ARRAY
return false;
if (!emit2(JSOP_PICK, 2)) // ITER ARRAY INDEX
return false;
if (!emitSpread(allowSelfHostedSpread)) // ARRAY INDEX
return false;
} else if (afterSpread) {
if (!emit1(JSOP_INITELEM_INC))
return false;
} else {
if (!emitUint32Operand(JSOP_INITELEM_ARRAY, index))
return false;
}
}
MOZ_ASSERT(index == count);
if (afterSpread) {
if (!emit1(JSOP_POP)) // ARRAY
return false;
}
return true;
}
bool
BytecodeEmitter::emitUnary(ParseNode* pn)
{
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
/* Unary op, including unary +/-. */
JSOp op = pn->getOp();
ParseNode* pn2 = pn->pn_kid;
if (!emitTree(pn2))
return false;
return emit1(op);
}
bool
BytecodeEmitter::emitTypeof(ParseNode* node, JSOp op)
{
MOZ_ASSERT(op == JSOP_TYPEOF || op == JSOP_TYPEOFEXPR);
if (!updateSourceCoordNotes(node->pn_pos.begin))
return false;
if (!emitTree(node->pn_kid))
return false;
return emit1(op);
}
bool
BytecodeEmitter::emitFunctionFormalParametersAndBody(ParseNode *pn)
{
MOZ_ASSERT(pn->isKind(PNK_PARAMSBODY));
ParseNode* funBody = pn->last();
FunctionBox* funbox = sc->asFunctionBox();
TDZCheckCache tdzCache(this);
if (funbox->hasParameterExprs) {
EmitterScope funEmitterScope(this);
if (!funEmitterScope.enterFunction(this, funbox))
return false;
if (!emitInitializeFunctionSpecialNames())
return false;
if (!emitFunctionFormalParameters(pn))
return false;
{
Maybe<EmitterScope> extraVarEmitterScope;
if (funbox->hasExtraBodyVarScope()) {
extraVarEmitterScope.emplace(this);
if (!extraVarEmitterScope->enterFunctionExtraBodyVar(this, funbox))
return false;
// After emitting expressions for all parameters, copy over any
// formal parameters which have been redeclared as vars. For
// example, in the following, the var y in the body scope is 42:
//
// function f(x, y = 42) { var y; }
//
RootedAtom name(cx);
if (funbox->extraVarScopeBindings() && funbox->functionScopeBindings()) {
for (BindingIter bi(*funbox->functionScopeBindings(), true); bi; bi++) {
name = bi.name();
// There may not be a var binding of the same name.
if (!locationOfNameBoundInScope(name, extraVarEmitterScope.ptr()))
continue;
// The '.this' and '.generator' function special
// bindings should never appear in the extra var
// scope. 'arguments', however, may.
MOZ_ASSERT(name != cx->names().dotThis &&
name != cx->names().dotGenerator);
NameLocation paramLoc = *locationOfNameBoundInScope(name, &funEmitterScope);
auto emitRhs = [&name, ¶mLoc](BytecodeEmitter* bce,
const NameLocation&, bool)
{
return bce->emitGetNameAtLocation(name, paramLoc);
};
if (!emitInitializeName(name, emitRhs))
return false;
if (!emit1(JSOP_POP))
return false;
}
}
}
if (!emitFunctionBody(funBody))
return false;
if (extraVarEmitterScope && !extraVarEmitterScope->leave(this))
return false;
}
return funEmitterScope.leave(this);
}
// No parameter expressions. Enter the function body scope and emit
// everything.
//
// One caveat is that Debugger considers ops in the prologue to be
// unreachable (i.e. cannot set a breakpoint on it). If there are no
// parameter exprs, any unobservable environment ops (like pushing the
// call object, setting '.this', etc) need to go in the prologue, else it
// messes up breakpoint tests.
EmitterScope emitterScope(this);
switchToPrologue();
if (!emitterScope.enterFunction(this, funbox))
return false;
if (!emitInitializeFunctionSpecialNames())
return false;
switchToMain();
if (!emitFunctionFormalParameters(pn))
return false;
if (!emitFunctionBody(funBody))
return false;
return emitterScope.leave(this);
}
bool
BytecodeEmitter::emitFunctionFormalParameters(ParseNode* pn)
{
ParseNode* funBody = pn->last();
FunctionBox* funbox = sc->asFunctionBox();
EmitterScope* funScope = innermostEmitterScope;
bool hasParameterExprs = funbox->hasParameterExprs;
bool hasRest = funbox->function()->hasRest();
uint16_t argSlot = 0;
for (ParseNode* arg = pn->pn_head; arg != funBody; arg = arg->pn_next, argSlot++) {
ParseNode* bindingElement = arg;
ParseNode* initializer = nullptr;
if (arg->isKind(PNK_ASSIGN)) {
bindingElement = arg->pn_left;
initializer = arg->pn_right;
}
// Left-hand sides are either simple names or destructuring patterns.
MOZ_ASSERT(bindingElement->isKind(PNK_NAME) ||
bindingElement->isKind(PNK_ARRAY) ||
bindingElement->isKind(PNK_ARRAYCOMP) ||
bindingElement->isKind(PNK_OBJECT));
// The rest parameter doesn't have an initializer.
bool isRest = hasRest && arg->pn_next == funBody;
MOZ_ASSERT_IF(isRest, !initializer);
bool isDestructuring = !bindingElement->isKind(PNK_NAME);
// ES 14.1.19 says if BindingElement contains an expression in the
// production FormalParameter : BindingElement, it is evaluated in a
// new var environment. This is needed to prevent vars from escaping
// direct eval in parameter expressions.
Maybe<EmitterScope> paramExprVarScope;
if (funbox->hasDirectEvalInParameterExpr && (isDestructuring || initializer)) {
paramExprVarScope.emplace(this);
if (!paramExprVarScope->enterParameterExpressionVar(this))
return false;
}
// First push the RHS if there is a default expression or if it is
// rest.
if (initializer) {
// If we have an initializer, emit the initializer and assign it
// to the argument slot. TDZ is taken care of afterwards.
MOZ_ASSERT(hasParameterExprs);
if (!emitArgOp(JSOP_GETARG, argSlot))
return false;
if (!emit1(JSOP_DUP))
return false;
if (!emit1(JSOP_UNDEFINED))
return false;
if (!emit1(JSOP_STRICTEQ))
return false;
// Emit source note to enable Ion compilation.
if (!newSrcNote(SRC_IF))
return false;
JumpList jump;
if (!emitJump(JSOP_IFEQ, &jump))
return false;
if (!emit1(JSOP_POP))
return false;
if (!emitConditionallyExecutedTree(initializer))
return false;
if (!emitJumpTargetAndPatch(jump))
return false;
} else if (isRest) {
if (!emit1(JSOP_REST))
return false;
checkTypeSet(JSOP_REST);
}
// Initialize the parameter name.
if (isDestructuring) {
// If we had an initializer or the rest parameter, the value is
// already on the stack.
if (!initializer && !isRest && !emitArgOp(JSOP_GETARG, argSlot))
return false;
// If there's an parameter expression var scope, the destructuring
// declaration needs to initialize the name in the function scope,
// which is not the innermost scope.
if (!emitDestructuringOps(bindingElement,
paramExprVarScope
? DestructuringFormalParameterInVarScope
: DestructuringDeclaration))
{
return false;
}
if (!emit1(JSOP_POP))
return false;
} else {
RootedAtom paramName(cx, bindingElement->name());
NameLocation paramLoc = *locationOfNameBoundInScope(paramName, funScope);
if (hasParameterExprs) {
auto emitRhs = [argSlot, initializer, isRest](BytecodeEmitter* bce,
const NameLocation&, bool)
{
// If we had an initializer or a rest parameter, the value is
// already on the stack.
if (!initializer && !isRest)
return bce->emitArgOp(JSOP_GETARG, argSlot);
return true;
};
if (!emitSetOrInitializeNameAtLocation(paramName, paramLoc, emitRhs, true))
return false;
if (!emit1(JSOP_POP))
return false;
} else if (isRest) {
// The rest value is already on top of the stack.
auto nop = [](BytecodeEmitter*, const NameLocation&, bool) {
return true;
};
if (!emitSetOrInitializeNameAtLocation(paramName, paramLoc, nop, true))
return false;
if (!emit1(JSOP_POP))
return false;
}
}
if (paramExprVarScope) {
if (!paramExprVarScope->leave(this))
return false;
}
}
return true;
}
bool
BytecodeEmitter::emitInitializeFunctionSpecialNames()
{
FunctionBox* funbox = sc->asFunctionBox();
auto emitInitializeFunctionSpecialName = [](BytecodeEmitter* bce, HandlePropertyName name,
JSOp op)
{
// A special name must be slotful, either on the frame or on the
// call environment.
MOZ_ASSERT(bce->lookupName(name).hasKnownSlot());
auto emitInitial = [op](BytecodeEmitter* bce, const NameLocation&, bool) {
return bce->emit1(op);
};
if (!bce->emitInitializeName(name, emitInitial))
return false;
if (!bce->emit1(JSOP_POP))
return false;
return true;
};
// Do nothing if the function doesn't have an arguments binding.
if (funbox->argumentsHasLocalBinding()) {
if (!emitInitializeFunctionSpecialName(this, cx->names().arguments, JSOP_ARGUMENTS))
return false;
}
// Do nothing if the function doesn't have a this-binding (this
// happens for instance if it doesn't use this/eval or if it's an
// arrow function).
if (funbox->hasThisBinding()) {
if (!emitInitializeFunctionSpecialName(this, cx->names().dotThis, JSOP_FUNCTIONTHIS))
return false;
}
return true;
}
bool
BytecodeEmitter::emitFunctionBody(ParseNode* funBody)
{
FunctionBox* funbox = sc->asFunctionBox();
if (!emitTree(funBody))
return false;
if (funbox->isGenerator()) {
// If we fall off the end of a generator, do a final yield.
if (funbox->isStarGenerator() && !emitPrepareIteratorResult())
return false;
if (!emit1(JSOP_UNDEFINED))
return false;
if (sc->asFunctionBox()->isStarGenerator() && !emitFinishIteratorResult(true))
return false;
if (!emit1(JSOP_SETRVAL))
return false;
NameLocation loc = *locationOfNameBoundInFunctionScope(cx->names().dotGenerator);
if (!emitGetNameAtLocation(cx->names().dotGenerator, loc))
return false;
// No need to check for finally blocks, etc as in EmitReturn.
if (!emitYieldOp(JSOP_FINALYIELDRVAL))
return false;
} else {
// Non-generator functions just return |undefined|. The
// JSOP_RETRVAL emitted below will do that, except if the
// script has a finally block: there can be a non-undefined
// value in the return value slot. Make sure the return value
// is |undefined|.
if (hasTryFinally) {
if (!emit1(JSOP_UNDEFINED))
return false;
if (!emit1(JSOP_SETRVAL))
return false;
}
}
if (funbox->isDerivedClassConstructor()) {
if (!emitCheckDerivedClassConstructorReturn())
return false;
}
return true;
}
bool
BytecodeEmitter::emitLexicalInitialization(ParseNode* pn)
{
// The caller has pushed the RHS to the top of the stack. Assert that the
// name is lexical and no BIND[G]NAME ops were emitted.
auto assertLexical = [](BytecodeEmitter*, const NameLocation& loc, bool emittedBindOp) {
MOZ_ASSERT(loc.isLexical());
MOZ_ASSERT(!emittedBindOp);
return true;
};
return emitInitializeName(pn, assertLexical);
}
// This follows ES6 14.5.14 (ClassDefinitionEvaluation) and ES6 14.5.15
// (BindingClassDeclarationEvaluation).
bool
BytecodeEmitter::emitClass(ParseNode* pn)
{
ClassNode& classNode = pn->as<ClassNode>();
ClassNames* names = classNode.names();
ParseNode* heritageExpression = classNode.heritage();
ParseNode* classMethods = classNode.methodList();
ParseNode* constructor = nullptr;
for (ParseNode* mn = classMethods->pn_head; mn; mn = mn->pn_next) {
ClassMethod& method = mn->as<ClassMethod>();
ParseNode& methodName = method.name();
if (!method.isStatic() &&
(methodName.isKind(PNK_OBJECT_PROPERTY_NAME) || methodName.isKind(PNK_STRING)) &&
methodName.pn_atom == cx->names().constructor)
{
constructor = &method.method();
break;
}
}
bool savedStrictness = sc->setLocalStrictMode(true);
Maybe<TDZCheckCache> tdzCache;
Maybe<EmitterScope> emitterScope;
if (names) {
tdzCache.emplace(this);
emitterScope.emplace(this);
if (!emitterScope->enterLexical(this, ScopeKind::Lexical, classNode.scopeBindings()))
return false;
}
// This is kind of silly. In order to the get the home object defined on
// the constructor, we have to make it second, but we want the prototype
// on top for EmitPropertyList, because we expect static properties to be
// rarer. The result is a few more swaps than we would like. Such is life.
if (heritageExpression) {
if (!emitTree(heritageExpression))
return false;
if (!emit1(JSOP_CLASSHERITAGE))
return false;
if (!emit1(JSOP_OBJWITHPROTO))
return false;
// JSOP_CLASSHERITAGE leaves both protos on the stack. After
// creating the prototype, swap it to the bottom to make the
// constructor.
if (!emit1(JSOP_SWAP))
return false;
} else {
if (!emitNewInit(JSProto_Object))
return false;
}
if (constructor) {
if (!emitFunction(constructor, !!heritageExpression))
return false;
if (constructor->pn_funbox->needsHomeObject()) {
if (!emit2(JSOP_INITHOMEOBJECT, 0))
return false;
}
} else {
JSAtom *name = names ? names->innerBinding()->pn_atom : cx->names().empty;
if (heritageExpression) {
if (!emitAtomOp(name, JSOP_DERIVEDCONSTRUCTOR))
return false;
} else {
if (!emitAtomOp(name, JSOP_CLASSCONSTRUCTOR))
return false;
}
}
if (!emit1(JSOP_SWAP))
return false;
if (!emit1(JSOP_DUP2))
return false;
if (!emitAtomOp(cx->names().prototype, JSOP_INITLOCKEDPROP))
return false;
if (!emitAtomOp(cx->names().constructor, JSOP_INITHIDDENPROP))
return false;
RootedPlainObject obj(cx);
if (!emitPropertyList(classMethods, &obj, ClassBody))
return false;
if (!emit1(JSOP_POP))
return false;
if (names) {
ParseNode* innerName = names->innerBinding();
if (!emitLexicalInitialization(innerName))
return false;
// Pop the inner scope.
if (!emitterScope->leave(this))
return false;
emitterScope.reset();
ParseNode* outerName = names->outerBinding();
if (outerName) {
if (!emitLexicalInitialization(outerName))
return false;
// Only class statements make outer bindings, and they do not leave
// themselves on the stack.
if (!emit1(JSOP_POP))
return false;
}
}
MOZ_ALWAYS_TRUE(sc->setLocalStrictMode(savedStrictness));
return true;
}
bool
BytecodeEmitter::emitTree(ParseNode* pn, EmitLineNumberNote emitLineNote)
{
JS_CHECK_RECURSION(cx, return false);
EmitLevelManager elm(this);
/* Emit notes to tell the current bytecode's source line number.
However, a couple trees require special treatment; see the
relevant emitter functions for details. */
if (emitLineNote == EMIT_LINENOTE && !ParseNodeRequiresSpecialLineNumberNotes(pn)) {
if (!updateLineNumberNotes(pn->pn_pos.begin))
return false;
}
switch (pn->getKind()) {
case PNK_FUNCTION:
if (!emitFunction(pn))
return false;
break;
case PNK_PARAMSBODY:
if (!emitFunctionFormalParametersAndBody(pn))
return false;
break;
case PNK_IF:
if (!emitIf(pn))
return false;
break;
case PNK_SWITCH:
if (!emitSwitch(pn))
return false;
break;
case PNK_WHILE:
if (!emitWhile(pn))
return false;
break;
case PNK_DOWHILE:
if (!emitDo(pn))
return false;
break;
case PNK_FOR:
if (!emitFor(pn))
return false;
break;
case PNK_COMPREHENSIONFOR:
if (!emitComprehensionFor(pn))
return false;
break;
case PNK_BREAK:
if (!emitBreak(pn->as<BreakStatement>().label()))
return false;
break;
case PNK_CONTINUE:
if (!emitContinue(pn->as<ContinueStatement>().label()))
return false;
break;
case PNK_WITH:
if (!emitWith(pn))
return false;
break;
case PNK_TRY:
if (!emitTry(pn))
return false;
break;
case PNK_CATCH:
if (!emitCatch(pn))
return false;
break;
case PNK_VAR:
if (!emitDeclarationList(pn))
return false;
break;
case PNK_RETURN:
if (!emitReturn(pn))
return false;
break;
case PNK_YIELD_STAR:
if (!emitYieldStar(pn->pn_left, pn->pn_right))
return false;
break;
case PNK_GENERATOR:
if (!emit1(JSOP_GENERATOR))
return false;
break;
case PNK_YIELD:
case PNK_AWAIT:
if (!emitYield(pn))
return false;
break;
case PNK_STATEMENTLIST:
if (!emitStatementList(pn))
return false;
break;
case PNK_SEMI:
if (!emitStatement(pn))
return false;
break;
case PNK_LABEL:
if (!emitLabeledStatement(&pn->as<LabeledStatement>()))
return false;
break;
case PNK_COMMA:
if (!emitSequenceExpr(pn))
return false;
break;
case PNK_ASSIGN:
case PNK_ADDASSIGN:
case PNK_SUBASSIGN:
case PNK_BITORASSIGN:
case PNK_BITXORASSIGN:
case PNK_BITANDASSIGN:
case PNK_LSHASSIGN:
case PNK_RSHASSIGN:
case PNK_URSHASSIGN:
case PNK_MULASSIGN:
case PNK_DIVASSIGN:
case PNK_MODASSIGN:
case PNK_POWASSIGN:
if (!emitAssignment(pn->pn_left, pn->getOp(), pn->pn_right))
return false;
break;
case PNK_CONDITIONAL:
if (!emitConditionalExpression(pn->as<ConditionalExpression>()))
return false;
break;
case PNK_OR:
case PNK_AND:
if (!emitLogical(pn))
return false;
break;
case PNK_ADD:
case PNK_SUB:
case PNK_BITOR:
case PNK_BITXOR:
case PNK_BITAND:
case PNK_STRICTEQ:
case PNK_EQ:
case PNK_STRICTNE:
case PNK_NE:
case PNK_LT:
case PNK_LE:
case PNK_GT:
case PNK_GE:
case PNK_IN:
case PNK_INSTANCEOF:
case PNK_LSH:
case PNK_RSH:
case PNK_URSH:
case PNK_STAR:
case PNK_DIV:
case PNK_MOD:
if (!emitLeftAssociative(pn))
return false;
break;
case PNK_POW:
if (!emitRightAssociative(pn))
return false;
break;
case PNK_TYPEOFNAME:
if (!emitTypeof(pn, JSOP_TYPEOF))
return false;
break;
case PNK_TYPEOFEXPR:
if (!emitTypeof(pn, JSOP_TYPEOFEXPR))
return false;
break;
case PNK_THROW:
case PNK_VOID:
case PNK_NOT:
case PNK_BITNOT:
case PNK_POS:
case PNK_NEG:
if (!emitUnary(pn))
return false;
break;
case PNK_PREINCREMENT:
case PNK_PREDECREMENT:
case PNK_POSTINCREMENT:
case PNK_POSTDECREMENT:
if (!emitIncOrDec(pn))
return false;
break;
case PNK_DELETENAME:
if (!emitDeleteName(pn))
return false;
break;
case PNK_DELETEPROP:
if (!emitDeleteProperty(pn))
return false;
break;
case PNK_DELETEELEM:
if (!emitDeleteElement(pn))
return false;
break;
case PNK_DELETEEXPR:
if (!emitDeleteExpression(pn))
return false;
break;
case PNK_DOT:
if (pn->as<PropertyAccess>().isSuper()) {
if (!emitSuperPropOp(pn, JSOP_GETPROP_SUPER))
return false;
} else {
if (!emitPropOp(pn, JSOP_GETPROP))
return false;
}
break;
case PNK_ELEM:
if (pn->as<PropertyByValue>().isSuper()) {
if (!emitSuperElemOp(pn, JSOP_GETELEM_SUPER))
return false;
} else {
if (!emitElemOp(pn, JSOP_GETELEM))
return false;
}
break;
case PNK_NEW:
case PNK_TAGGED_TEMPLATE:
case PNK_CALL:
case PNK_GENEXP:
case PNK_SUPERCALL:
if (!emitCallOrNew(pn))
return false;
break;
case PNK_LEXICALSCOPE:
if (!emitLexicalScope(pn))
return false;
break;
case PNK_CONST:
case PNK_LET:
if (!emitDeclarationList(pn))
return false;
break;
case PNK_IMPORT:
MOZ_ASSERT(sc->isModuleContext());
break;
case PNK_EXPORT:
MOZ_ASSERT(sc->isModuleContext());
if (pn->pn_kid->getKind() != PNK_EXPORT_SPEC_LIST) {
if (!emitTree(pn->pn_kid))
return false;
}
break;
case PNK_EXPORT_DEFAULT:
MOZ_ASSERT(sc->isModuleContext());
if (!emitTree(pn->pn_kid))
return false;
if (pn->pn_right) {
if (!emitLexicalInitialization(pn->pn_right))
return false;
if (!emit1(JSOP_POP))
return false;
}
break;
case PNK_EXPORT_FROM:
MOZ_ASSERT(sc->isModuleContext());
break;
case PNK_ARRAYPUSH:
/*
* The array object's stack index is in arrayCompDepth. See below
* under the array initialiser code generator for array comprehension
* special casing.
*/
if (!emitTree(pn->pn_kid))
return false;
if (!emitDupAt(this->stackDepth - 1 - arrayCompDepth))
return false;
if (!emit1(JSOP_ARRAYPUSH))
return false;
break;
case PNK_CALLSITEOBJ:
if (!emitCallSiteObject(pn))
return false;
break;
case PNK_ARRAY:
if (!emitArrayLiteral(pn))
return false;
break;
case PNK_ARRAYCOMP:
if (!emitArrayComp(pn))
return false;
break;
case PNK_OBJECT:
if (!emitObject(pn))
return false;
break;
case PNK_NAME:
if (!emitGetName(pn))
return false;
break;
case PNK_TEMPLATE_STRING_LIST:
if (!emitTemplateString(pn))
return false;
break;
case PNK_TEMPLATE_STRING:
case PNK_STRING:
if (!emitAtomOp(pn, JSOP_STRING))
return false;
break;
case PNK_NUMBER:
if (!emitNumberOp(pn->pn_dval))
return false;
break;
case PNK_REGEXP:
if (!emitRegExp(objectList.add(pn->as<RegExpLiteral>().objbox())))
return false;
break;
case PNK_TRUE:
case PNK_FALSE:
case PNK_NULL:
if (!emit1(pn->getOp()))
return false;
break;
case PNK_THIS:
if (!emitThisLiteral(pn))
return false;
break;
case PNK_DEBUGGER:
if (!updateSourceCoordNotes(pn->pn_pos.begin))
return false;
if (!emit1(JSOP_DEBUGGER))
return false;
break;
case PNK_NOP:
MOZ_ASSERT(pn->getArity() == PN_NULLARY);
break;
case PNK_CLASS:
if (!emitClass(pn))
return false;
break;
case PNK_NEWTARGET:
if (!emit1(JSOP_NEWTARGET))
return false;
break;
case PNK_SETTHIS:
if (!emitSetThis(pn))
return false;
break;
case PNK_POSHOLDER:
MOZ_FALLTHROUGH_ASSERT("Should never try to emit PNK_POSHOLDER");
default:
MOZ_ASSERT(0);
}
/* bce->emitLevel == 1 means we're last on the stack, so finish up. */
if (emitLevel == 1) {
if (!updateSourceCoordNotes(pn->pn_pos.end))
return false;
}
return true;
}
bool
BytecodeEmitter::emitConditionallyExecutedTree(ParseNode* pn)
{
// Code that may be conditionally executed always need their own TDZ
// cache.
TDZCheckCache tdzCache(this);
return emitTree(pn);
}
static bool
AllocSrcNote(ExclusiveContext* cx, SrcNotesVector& notes, unsigned* index)
{
// Start it off moderately large to avoid repeated resizings early on.
// ~99% of cases fit within 256 bytes.
if (notes.capacity() == 0 && !notes.reserve(256))
return false;
if (!notes.growBy(1)) {
ReportOutOfMemory(cx);
return false;
}
*index = notes.length() - 1;
return true;
}
bool
BytecodeEmitter::newSrcNote(SrcNoteType type, unsigned* indexp)
{
SrcNotesVector& notes = this->notes();
unsigned index;
if (!AllocSrcNote(cx, notes, &index))
return false;
/*
* Compute delta from the last annotated bytecode's offset. If it's too
* big to fit in sn, allocate one or more xdelta notes and reset sn.
*/
ptrdiff_t offset = this->offset();
ptrdiff_t delta = offset - lastNoteOffset();
current->lastNoteOffset = offset;
if (delta >= SN_DELTA_LIMIT) {
do {
ptrdiff_t xdelta = Min(delta, SN_XDELTA_MASK);
SN_MAKE_XDELTA(¬es[index], xdelta);
delta -= xdelta;
if (!AllocSrcNote(cx, notes, &index))
return false;
} while (delta >= SN_DELTA_LIMIT);
}
/*
* Initialize type and delta, then allocate the minimum number of notes
* needed for type's arity. Usually, we won't need more, but if an offset
* does take two bytes, setSrcNoteOffset will grow notes.
*/
SN_MAKE_NOTE(¬es[index], type, delta);
for (int n = (int)js_SrcNoteSpec[type].arity; n > 0; n--) {
if (!newSrcNote(SRC_NULL))
return false;
}
if (indexp)
*indexp = index;
return true;
}
bool
BytecodeEmitter::newSrcNote2(SrcNoteType type, ptrdiff_t offset, unsigned* indexp)
{
unsigned index;
if (!newSrcNote(type, &index))
return false;
if (!setSrcNoteOffset(index, 0, offset))
return false;
if (indexp)
*indexp = index;
return true;
}
bool
BytecodeEmitter::newSrcNote3(SrcNoteType type, ptrdiff_t offset1, ptrdiff_t offset2,
unsigned* indexp)
{
unsigned index;
if (!newSrcNote(type, &index))
return false;
if (!setSrcNoteOffset(index, 0, offset1))
return false;
if (!setSrcNoteOffset(index, 1, offset2))
return false;
if (indexp)
*indexp = index;
return true;
}
bool
BytecodeEmitter::addToSrcNoteDelta(jssrcnote* sn, ptrdiff_t delta)
{
/*
* Called only from finishTakingSrcNotes to add to main script note
* deltas, and only by a small positive amount.
*/
MOZ_ASSERT(current == &main);
MOZ_ASSERT((unsigned) delta < (unsigned) SN_XDELTA_LIMIT);
ptrdiff_t base = SN_DELTA(sn);
ptrdiff_t limit = SN_IS_XDELTA(sn) ? SN_XDELTA_LIMIT : SN_DELTA_LIMIT;
ptrdiff_t newdelta = base + delta;
if (newdelta < limit) {
SN_SET_DELTA(sn, newdelta);
} else {
jssrcnote xdelta;
SN_MAKE_XDELTA(&xdelta, delta);
if (!main.notes.insert(sn, xdelta))
return false;
}
return true;
}
bool
BytecodeEmitter::setSrcNoteOffset(unsigned index, unsigned which, ptrdiff_t offset)
{
if (!SN_REPRESENTABLE_OFFSET(offset)) {
parser->tokenStream.reportError(JSMSG_NEED_DIET, js_script_str);
return false;
}
SrcNotesVector& notes = this->notes();
/* Find the offset numbered which (i.e., skip exactly which offsets). */
jssrcnote* sn = ¬es[index];
MOZ_ASSERT(SN_TYPE(sn) != SRC_XDELTA);
MOZ_ASSERT((int) which < js_SrcNoteSpec[SN_TYPE(sn)].arity);
for (sn++; which; sn++, which--) {
if (*sn & SN_4BYTE_OFFSET_FLAG)
sn += 3;
}
/*
* See if the new offset requires four bytes either by being too big or if
* the offset has already been inflated (in which case, we need to stay big
* to not break the srcnote encoding if this isn't the last srcnote).
*/
if (offset > (ptrdiff_t)SN_4BYTE_OFFSET_MASK || (*sn & SN_4BYTE_OFFSET_FLAG)) {
/* Maybe this offset was already set to a four-byte value. */
if (!(*sn & SN_4BYTE_OFFSET_FLAG)) {
/* Insert three dummy bytes that will be overwritten shortly. */
jssrcnote dummy = 0;
if (!(sn = notes.insert(sn, dummy)) ||
!(sn = notes.insert(sn, dummy)) ||
!(sn = notes.insert(sn, dummy)))
{
ReportOutOfMemory(cx);
return false;
}
}
*sn++ = (jssrcnote)(SN_4BYTE_OFFSET_FLAG | (offset >> 24));
*sn++ = (jssrcnote)(offset >> 16);
*sn++ = (jssrcnote)(offset >> 8);
}
*sn = (jssrcnote)offset;
return true;
}
bool
BytecodeEmitter::finishTakingSrcNotes(uint32_t* out)
{
MOZ_ASSERT(current == &main);
unsigned prologueCount = prologue.notes.length();
if (prologueCount && prologue.currentLine != firstLine) {
switchToPrologue();
if (!newSrcNote2(SRC_SETLINE, ptrdiff_t(firstLine)))
return false;
switchToMain();
} else {
/*
* Either no prologue srcnotes, or no line number change over prologue.
* We don't need a SRC_SETLINE, but we may need to adjust the offset
* of the first main note, by adding to its delta and possibly even
* prepending SRC_XDELTA notes to it to account for prologue bytecodes
* that came at and after the last annotated bytecode.
*/
ptrdiff_t offset = prologueOffset() - prologue.lastNoteOffset;
MOZ_ASSERT(offset >= 0);
if (offset > 0 && main.notes.length() != 0) {
/* NB: Use as much of the first main note's delta as we can. */
jssrcnote* sn = main.notes.begin();
ptrdiff_t delta = SN_IS_XDELTA(sn)
? SN_XDELTA_MASK - (*sn & SN_XDELTA_MASK)
: SN_DELTA_MASK - (*sn & SN_DELTA_MASK);
if (offset < delta)
delta = offset;
for (;;) {
if (!addToSrcNoteDelta(sn, delta))
return false;
offset -= delta;
if (offset == 0)
break;
delta = Min(offset, SN_XDELTA_MASK);
sn = main.notes.begin();
}
}
}
// The prologue count might have changed, so we can't reuse prologueCount.
// The + 1 is to account for the final SN_MAKE_TERMINATOR that is appended
// when the notes are copied to their final destination by CopySrcNotes.
*out = prologue.notes.length() + main.notes.length() + 1;
return true;
}
void
BytecodeEmitter::copySrcNotes(jssrcnote* destination, uint32_t nsrcnotes)
{
unsigned prologueCount = prologue.notes.length();
unsigned mainCount = main.notes.length();
unsigned totalCount = prologueCount + mainCount;
MOZ_ASSERT(totalCount == nsrcnotes - 1);
if (prologueCount)
PodCopy(destination, prologue.notes.begin(), prologueCount);
PodCopy(destination + prologueCount, main.notes.begin(), mainCount);
SN_MAKE_TERMINATOR(&destination[totalCount]);
}
void
CGConstList::finish(ConstArray* array)
{
MOZ_ASSERT(length() == array->length);
for (unsigned i = 0; i < length(); i++)
array->vector[i] = list[i];
}
bool
CGObjectList::isAdded(ObjectBox* objbox)
{
// An objbox added to CGObjectList as non-first element has non-null
// emitLink member. The first element has null emitLink.
// Check for firstbox to cover the first element.
return objbox->emitLink || objbox == firstbox;
}
/*
* Find the index of the given object for code generator.
*
* Since the emitter refers to each parsed object only once, for the index we
* use the number of already indexed objects. We also add the object to a list
* to convert the list to a fixed-size array when we complete code generation,
* see js::CGObjectList::finish below.
*/
unsigned
CGObjectList::add(ObjectBox* objbox)
{
if (isAdded(objbox))
return indexOf(objbox->object);
objbox->emitLink = lastbox;
lastbox = objbox;
// See the comment in CGObjectList::isAdded.
if (!firstbox)
firstbox = objbox;
return length++;
}
unsigned
CGObjectList::indexOf(JSObject* obj)
{
MOZ_ASSERT(length > 0);
unsigned index = length - 1;
for (ObjectBox* box = lastbox; box->object != obj; box = box->emitLink)
index--;
return index;
}
void
CGObjectList::finish(ObjectArray* array)
{
MOZ_ASSERT(length <= INDEX_LIMIT);
MOZ_ASSERT(length == array->length);
js::GCPtrObject* cursor = array->vector + array->length;
ObjectBox* objbox = lastbox;
do {
--cursor;
MOZ_ASSERT(!*cursor);
MOZ_ASSERT(objbox->object->isTenured());
*cursor = objbox->object;
ObjectBox* tmp = objbox->emitLink;
// Clear emitLink for CGObjectList::isAdded.
objbox->emitLink = nullptr;
objbox = tmp;
} while (objbox != nullptr);
MOZ_ASSERT(cursor == array->vector);
}
ObjectBox*
CGObjectList::find(uint32_t index)
{
MOZ_ASSERT(index < length);
ObjectBox* box = lastbox;
for (unsigned n = length - 1; n > index; n--)
box = box->emitLink;
return box;
}
void
CGScopeList::finish(ScopeArray* array)
{
MOZ_ASSERT(length() <= INDEX_LIMIT);
MOZ_ASSERT(length() == array->length);
for (uint32_t i = 0; i < length(); i++)
array->vector[i].init(vector[i]);
}
bool
CGTryNoteList::append(JSTryNoteKind kind, uint32_t stackDepth, size_t start, size_t end)
{
MOZ_ASSERT(start <= end);
MOZ_ASSERT(size_t(uint32_t(start)) == start);
MOZ_ASSERT(size_t(uint32_t(end)) == end);
JSTryNote note;
note.kind = kind;
note.stackDepth = stackDepth;
note.start = uint32_t(start);
note.length = uint32_t(end - start);
return list.append(note);
}
void
CGTryNoteList::finish(TryNoteArray* array)
{
MOZ_ASSERT(length() == array->length);
for (unsigned i = 0; i < length(); i++)
array->vector[i] = list[i];
}
bool
CGScopeNoteList::append(uint32_t scopeIndex, uint32_t offset, bool inPrologue,
uint32_t parent)
{
CGScopeNote note;
mozilla::PodZero(¬e);
note.index = scopeIndex;
note.start = offset;
note.parent = parent;
note.startInPrologue = inPrologue;
return list.append(note);
}
void
CGScopeNoteList::recordEnd(uint32_t index, uint32_t offset, bool inPrologue)
{
MOZ_ASSERT(index < length());
MOZ_ASSERT(list[index].length == 0);
list[index].end = offset;
list[index].endInPrologue = inPrologue;
}
void
CGScopeNoteList::finish(ScopeNoteArray* array, uint32_t prologueLength)
{
MOZ_ASSERT(length() == array->length);
for (unsigned i = 0; i < length(); i++) {
if (!list[i].startInPrologue)
list[i].start += prologueLength;
if (!list[i].endInPrologue && list[i].end != UINT32_MAX)
list[i].end += prologueLength;
MOZ_ASSERT(list[i].end >= list[i].start);
list[i].length = list[i].end - list[i].start;
array->vector[i] = list[i];
}
}
void
CGYieldOffsetList::finish(YieldOffsetArray& array, uint32_t prologueLength)
{
MOZ_ASSERT(length() == array.length());
for (unsigned i = 0; i < length(); i++)
array[i] = prologueLength + list[i];
}
/*
* We should try to get rid of offsetBias (always 0 or 1, where 1 is
* JSOP_{NOP,POP}_LENGTH), which is used only by SRC_FOR.
*/
const JSSrcNoteSpec js_SrcNoteSpec[] = {
#define DEFINE_SRC_NOTE_SPEC(sym, name, arity) { name, arity },
FOR_EACH_SRC_NOTE_TYPE(DEFINE_SRC_NOTE_SPEC)
#undef DEFINE_SRC_NOTE_SPEC
};
static int
SrcNoteArity(jssrcnote* sn)
{
MOZ_ASSERT(SN_TYPE(sn) < SRC_LAST);
return js_SrcNoteSpec[SN_TYPE(sn)].arity;
}
JS_FRIEND_API(unsigned)
js::SrcNoteLength(jssrcnote* sn)
{
unsigned arity;
jssrcnote* base;
arity = SrcNoteArity(sn);
for (base = sn++; arity; sn++, arity--) {
if (*sn & SN_4BYTE_OFFSET_FLAG)
sn += 3;
}
return sn - base;
}
JS_FRIEND_API(ptrdiff_t)
js::GetSrcNoteOffset(jssrcnote* sn, unsigned which)
{
/* Find the offset numbered which (i.e., skip exactly which offsets). */
MOZ_ASSERT(SN_TYPE(sn) != SRC_XDELTA);
MOZ_ASSERT((int) which < SrcNoteArity(sn));
for (sn++; which; sn++, which--) {
if (*sn & SN_4BYTE_OFFSET_FLAG)
sn += 3;
}
if (*sn & SN_4BYTE_OFFSET_FLAG) {
return (ptrdiff_t)(((uint32_t)(sn[0] & SN_4BYTE_OFFSET_MASK) << 24)
| (sn[1] << 16)
| (sn[2] << 8)
| sn[3]);
}
return (ptrdiff_t)*sn;
}
