Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: a821f8a428
Fetching contributors…

Cannot retrieve contributors at this time

7464 lines (6761 sloc) 262.322 kb
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
* vim: set ts=8 sw=4 et tw=99:
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator client code, released
* March 31, 1998.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either of the GNU General Public License Version 2 or later (the "GPL"),
* or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* JS bytecode generation.
*/
#ifdef HAVE_MEMORY_H
#include <memory.h>
#endif
#include <new>
#include <string.h>
#include "jstypes.h"
#include "jsstdint.h"
#include "jsarena.h" /* Added by JSIFY */
#include "jsutil.h" /* Added by JSIFY */
#include "jsbit.h"
#include "jsprf.h"
#include "jsapi.h"
#include "jsatom.h"
#include "jsbool.h"
#include "jscntxt.h"
#include "jsversion.h"
#include "jsemit.h"
#include "jsfun.h"
#include "jsnum.h"
#include "jsopcode.h"
#include "jsparse.h"
#include "jsregexp.h"
#include "jsscan.h"
#include "jsscope.h"
#include "jsscript.h"
#include "jsautooplen.h"
#include "jsstaticcheck.h"
/* Allocation chunk counts, must be powers of two in general. */
#define BYTECODE_CHUNK 256 /* code allocation increment */
#define SRCNOTE_CHUNK 64 /* initial srcnote allocation increment */
#define TRYNOTE_CHUNK 64 /* trynote allocation increment */
/* Macros to compute byte sizes from typed element counts. */
#define BYTECODE_SIZE(n) ((n) * sizeof(jsbytecode))
#define SRCNOTE_SIZE(n) ((n) * sizeof(jssrcnote))
#define TRYNOTE_SIZE(n) ((n) * sizeof(JSTryNote))
static JSBool
NewTryNote(JSContext *cx, JSCodeGenerator *cg, JSTryNoteKind kind,
uintN stackDepth, size_t start, size_t end);
JSCodeGenerator::JSCodeGenerator(JSCompiler *jsc,
JSArenaPool *cpool, JSArenaPool *npool,
uintN lineno)
: JSTreeContext(jsc),
codePool(cpool), notePool(npool),
codeMark(JS_ARENA_MARK(cpool)), noteMark(JS_ARENA_MARK(npool)),
stackDepth(0), maxStackDepth(0),
ntrynotes(0), lastTryNode(NULL),
spanDeps(NULL), jumpTargets(NULL), jtFreeList(NULL),
numSpanDeps(0), numJumpTargets(0), spanDepTodo(0),
arrayCompDepth(0),
emitLevel(0)
{
flags = TCF_COMPILING;
memset(&prolog, 0, sizeof prolog);
memset(&main, 0, sizeof main);
current = &main;
firstLine = prolog.currentLine = main.currentLine = lineno;
prolog.noteMask = main.noteMask = SRCNOTE_CHUNK - 1;
memset(&upvarMap, 0, sizeof upvarMap);
}
JSCodeGenerator::~JSCodeGenerator()
{
JS_ARENA_RELEASE(codePool, codeMark);
JS_ARENA_RELEASE(notePool, noteMark);
/* NB: non-null only after OOM. */
if (spanDeps)
compiler->context->free(spanDeps);
if (upvarMap.vector)
compiler->context->free(upvarMap.vector);
}
static ptrdiff_t
EmitCheck(JSContext *cx, JSCodeGenerator *cg, JSOp op, ptrdiff_t delta)
{
jsbytecode *base, *limit, *next;
ptrdiff_t offset, length;
size_t incr, size;
base = CG_BASE(cg);
next = CG_NEXT(cg);
limit = CG_LIMIT(cg);
offset = next - base;
if (next + delta > limit) {
length = offset + delta;
length = (length <= BYTECODE_CHUNK)
? BYTECODE_CHUNK
: JS_BIT(JS_CeilingLog2(length));
incr = BYTECODE_SIZE(length);
if (!base) {
JS_ARENA_ALLOCATE_CAST(base, jsbytecode *, cg->codePool, incr);
} else {
size = BYTECODE_SIZE(limit - base);
incr -= size;
JS_ARENA_GROW_CAST(base, jsbytecode *, cg->codePool, size, incr);
}
if (!base) {
js_ReportOutOfScriptQuota(cx);
return -1;
}
CG_BASE(cg) = base;
CG_LIMIT(cg) = base + length;
CG_NEXT(cg) = base + offset;
}
return offset;
}
static void
UpdateDepth(JSContext *cx, JSCodeGenerator *cg, ptrdiff_t target)
{
jsbytecode *pc;
JSOp op;
const JSCodeSpec *cs;
uintN extra, depth, nuses;
intN ndefs;
pc = CG_CODE(cg, target);
op = (JSOp) *pc;
cs = &js_CodeSpec[op];
#ifdef JS_TRACER
extern uint8 js_opcode2extra[];
extra = js_opcode2extra[op];
#else
extra = 0;
#endif
if ((cs->format & JOF_TMPSLOT_MASK) || extra) {
depth = (uintN) cg->stackDepth +
((cs->format & JOF_TMPSLOT_MASK) >> JOF_TMPSLOT_SHIFT) +
extra;
if (depth > cg->maxStackDepth)
cg->maxStackDepth = depth;
}
nuses = js_GetStackUses(cs, op, pc);
cg->stackDepth -= nuses;
JS_ASSERT(cg->stackDepth >= 0);
if (cg->stackDepth < 0) {
char numBuf[12];
JSTokenStream *ts;
JS_snprintf(numBuf, sizeof numBuf, "%d", target);
ts = &cg->compiler->tokenStream;
JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING,
js_GetErrorMessage, NULL,
JSMSG_STACK_UNDERFLOW,
ts->filename ? ts->filename : "stdin",
numBuf);
}
ndefs = cs->ndefs;
if (ndefs < 0) {
JSObject *blockObj;
/* We just executed IndexParsedObject */
JS_ASSERT(op == JSOP_ENTERBLOCK);
JS_ASSERT(nuses == 0);
blockObj = cg->objectList.lastbox->object;
JS_ASSERT(STOBJ_GET_CLASS(blockObj) == &js_BlockClass);
JS_ASSERT(JSVAL_IS_VOID(blockObj->fslots[JSSLOT_BLOCK_DEPTH]));
OBJ_SET_BLOCK_DEPTH(cx, blockObj, cg->stackDepth);
ndefs = OBJ_BLOCK_COUNT(cx, blockObj);
}
cg->stackDepth += ndefs;
if ((uintN)cg->stackDepth > cg->maxStackDepth)
cg->maxStackDepth = cg->stackDepth;
}
ptrdiff_t
js_Emit1(JSContext *cx, JSCodeGenerator *cg, JSOp op)
{
ptrdiff_t offset = EmitCheck(cx, cg, op, 1);
if (offset >= 0) {
*CG_NEXT(cg)++ = (jsbytecode)op;
UpdateDepth(cx, cg, offset);
}
return offset;
}
ptrdiff_t
js_Emit2(JSContext *cx, JSCodeGenerator *cg, JSOp op, jsbytecode op1)
{
ptrdiff_t offset = EmitCheck(cx, cg, op, 2);
if (offset >= 0) {
jsbytecode *next = CG_NEXT(cg);
next[0] = (jsbytecode)op;
next[1] = op1;
CG_NEXT(cg) = next + 2;
UpdateDepth(cx, cg, offset);
}
return offset;
}
ptrdiff_t
js_Emit3(JSContext *cx, JSCodeGenerator *cg, JSOp op, jsbytecode op1,
jsbytecode op2)
{
ptrdiff_t offset = EmitCheck(cx, cg, op, 3);
if (offset >= 0) {
jsbytecode *next = CG_NEXT(cg);
next[0] = (jsbytecode)op;
next[1] = op1;
next[2] = op2;
CG_NEXT(cg) = next + 3;
UpdateDepth(cx, cg, offset);
}
return offset;
}
ptrdiff_t
js_EmitN(JSContext *cx, JSCodeGenerator *cg, JSOp op, size_t extra)
{
ptrdiff_t length = 1 + (ptrdiff_t)extra;
ptrdiff_t offset = EmitCheck(cx, cg, op, length);
if (offset >= 0) {
jsbytecode *next = CG_NEXT(cg);
*next = (jsbytecode)op;
memset(next + 1, 0, BYTECODE_SIZE(extra));
CG_NEXT(cg) = next + length;
/*
* Don't UpdateDepth if op's use-count comes from the immediate
* operand yet to be stored in the extra bytes after op.
*/
if (js_CodeSpec[op].nuses >= 0)
UpdateDepth(cx, cg, offset);
}
return offset;
}
/* XXX too many "... statement" L10N gaffes below -- fix via js.msg! */
const char js_with_statement_str[] = "with statement";
const char js_finally_block_str[] = "finally block";
const char js_script_str[] = "script";
static const char *statementName[] = {
"label statement", /* LABEL */
"if statement", /* IF */
"else statement", /* ELSE */
"destructuring body", /* BODY */
"switch statement", /* SWITCH */
"block", /* BLOCK */
js_with_statement_str, /* WITH */
"catch block", /* CATCH */
"try block", /* TRY */
js_finally_block_str, /* FINALLY */
js_finally_block_str, /* SUBROUTINE */
"do loop", /* DO_LOOP */
"for loop", /* FOR_LOOP */
"for/in loop", /* FOR_IN_LOOP */
"while loop", /* WHILE_LOOP */
};
JS_STATIC_ASSERT(JS_ARRAY_LENGTH(statementName) == STMT_LIMIT);
static const char *
StatementName(JSCodeGenerator *cg)
{
if (!cg->topStmt)
return js_script_str;
return statementName[cg->topStmt->type];
}
static void
ReportStatementTooLarge(JSContext *cx, JSCodeGenerator *cg)
{
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NEED_DIET,
StatementName(cg));
}
/**
Span-dependent instructions in JS bytecode consist of the jump (JOF_JUMP)
and switch (JOF_LOOKUPSWITCH, JOF_TABLESWITCH) format opcodes, subdivided
into unconditional (gotos and gosubs), and conditional jumps or branches
(which pop a value, test it, and jump depending on its value). Most jumps
have just one immediate operand, a signed offset from the jump opcode's pc
to the target bytecode. The lookup and table switch opcodes may contain
many jump offsets.
Mozilla bug #80981 (http://bugzilla.mozilla.org/show_bug.cgi?id=80981) was
fixed by adding extended "X" counterparts to the opcodes/formats (NB: X is
suffixed to prefer JSOP_ORX thereby avoiding a JSOP_XOR name collision for
the extended form of the JSOP_OR branch opcode). The unextended or short
formats have 16-bit signed immediate offset operands, the extended or long
formats have 32-bit signed immediates. The span-dependency problem consists
of selecting as few long instructions as possible, or about as few -- since
jumps can span other jumps, extending one jump may cause another to need to
be extended.
Most JS scripts are short, so need no extended jumps. We optimize for this
case by generating short jumps until we know a long jump is needed. After
that point, we keep generating short jumps, but each jump's 16-bit immediate
offset operand is actually an unsigned index into cg->spanDeps, an array of
JSSpanDep structs. Each struct tells the top offset in the script of the
opcode, the "before" offset of the jump (which will be the same as top for
simplex jumps, but which will index further into the bytecode array for a
non-initial jump offset in a lookup or table switch), the after "offset"
adjusted during span-dependent instruction selection (initially the same
value as the "before" offset), and the jump target (more below).
Since we generate cg->spanDeps lazily, from within js_SetJumpOffset, we must
ensure that all bytecode generated so far can be inspected to discover where
the jump offset immediate operands lie within CG_CODE(cg). But the bonus is
that we generate span-dependency records sorted by their offsets, so we can
binary-search when trying to find a JSSpanDep for a given bytecode offset,
or the nearest JSSpanDep at or above a given pc.
To avoid limiting scripts to 64K jumps, if the cg->spanDeps index overflows
65534, we store SPANDEP_INDEX_HUGE in the jump's immediate operand. This
tells us that we need to binary-search for the cg->spanDeps entry by the
jump opcode's bytecode offset (sd->before).
Jump targets need to be maintained in a data structure that lets us look
up an already-known target by its address (jumps may have a common target),
and that also lets us update the addresses (script-relative, a.k.a. absolute
offsets) of targets that come after a jump target (for when a jump below
that target needs to be extended). We use an AVL tree, implemented using
recursion, but with some tricky optimizations to its height-balancing code
(see http://www.cmcrossroads.com/bradapp/ftp/src/libs/C++/AvlTrees.html).
A final wrinkle: backpatch chains are linked by jump-to-jump offsets with
positive sign, even though they link "backward" (i.e., toward lower bytecode
address). We don't want to waste space and search time in the AVL tree for
such temporary backpatch deltas, so we use a single-bit wildcard scheme to
tag true JSJumpTarget pointers and encode untagged, signed (positive) deltas
in JSSpanDep.target pointers, depending on whether the JSSpanDep has a known
target, or is still awaiting backpatching.
Note that backpatch chains would present a problem for BuildSpanDepTable,
which inspects bytecode to build cg->spanDeps on demand, when the first
short jump offset overflows. To solve this temporary problem, we emit a
proxy bytecode (JSOP_BACKPATCH; JSOP_BACKPATCH_POP for branch ops) whose
nuses/ndefs counts help keep the stack balanced, but whose opcode format
distinguishes its backpatch delta immediate operand from a normal jump
offset.
*/
static int
BalanceJumpTargets(JSJumpTarget **jtp)
{
JSJumpTarget *jt, *jt2, *root;
int dir, otherDir, heightChanged;
JSBool doubleRotate;
jt = *jtp;
JS_ASSERT(jt->balance != 0);
if (jt->balance < -1) {
dir = JT_RIGHT;
doubleRotate = (jt->kids[JT_LEFT]->balance > 0);
} else if (jt->balance > 1) {
dir = JT_LEFT;
doubleRotate = (jt->kids[JT_RIGHT]->balance < 0);
} else {
return 0;
}
otherDir = JT_OTHER_DIR(dir);
if (doubleRotate) {
jt2 = jt->kids[otherDir];
*jtp = root = jt2->kids[dir];
jt->kids[otherDir] = root->kids[dir];
root->kids[dir] = jt;
jt2->kids[dir] = root->kids[otherDir];
root->kids[otherDir] = jt2;
heightChanged = 1;
root->kids[JT_LEFT]->balance = -JS_MAX(root->balance, 0);
root->kids[JT_RIGHT]->balance = -JS_MIN(root->balance, 0);
root->balance = 0;
} else {
*jtp = root = jt->kids[otherDir];
jt->kids[otherDir] = root->kids[dir];
root->kids[dir] = jt;
heightChanged = (root->balance != 0);
jt->balance = -((dir == JT_LEFT) ? --root->balance : ++root->balance);
}
return heightChanged;
}
typedef struct AddJumpTargetArgs {
JSContext *cx;
JSCodeGenerator *cg;
ptrdiff_t offset;
JSJumpTarget *node;
} AddJumpTargetArgs;
static int
AddJumpTarget(AddJumpTargetArgs *args, JSJumpTarget **jtp)
{
JSJumpTarget *jt;
int balanceDelta;
jt = *jtp;
if (!jt) {
JSCodeGenerator *cg = args->cg;
jt = cg->jtFreeList;
if (jt) {
cg->jtFreeList = jt->kids[JT_LEFT];
} else {
JS_ARENA_ALLOCATE_CAST(jt, JSJumpTarget *, &args->cx->tempPool,
sizeof *jt);
if (!jt) {
js_ReportOutOfScriptQuota(args->cx);
return 0;
}
}
jt->offset = args->offset;
jt->balance = 0;
jt->kids[JT_LEFT] = jt->kids[JT_RIGHT] = NULL;
cg->numJumpTargets++;
args->node = jt;
*jtp = jt;
return 1;
}
if (jt->offset == args->offset) {
args->node = jt;
return 0;
}
if (args->offset < jt->offset)
balanceDelta = -AddJumpTarget(args, &jt->kids[JT_LEFT]);
else
balanceDelta = AddJumpTarget(args, &jt->kids[JT_RIGHT]);
if (!args->node)
return 0;
jt->balance += balanceDelta;
return (balanceDelta && jt->balance)
? 1 - BalanceJumpTargets(jtp)
: 0;
}
#ifdef DEBUG_brendan
static int AVLCheck(JSJumpTarget *jt)
{
int lh, rh;
if (!jt) return 0;
JS_ASSERT(-1 <= jt->balance && jt->balance <= 1);
lh = AVLCheck(jt->kids[JT_LEFT]);
rh = AVLCheck(jt->kids[JT_RIGHT]);
JS_ASSERT(jt->balance == rh - lh);
return 1 + JS_MAX(lh, rh);
}
#endif
static JSBool
SetSpanDepTarget(JSContext *cx, JSCodeGenerator *cg, JSSpanDep *sd,
ptrdiff_t off)
{
AddJumpTargetArgs args;
if (off < JUMPX_OFFSET_MIN || JUMPX_OFFSET_MAX < off) {
ReportStatementTooLarge(cx, cg);
return JS_FALSE;
}
args.cx = cx;
args.cg = cg;
args.offset = sd->top + off;
args.node = NULL;
AddJumpTarget(&args, &cg->jumpTargets);
if (!args.node)
return JS_FALSE;
#ifdef DEBUG_brendan
AVLCheck(cg->jumpTargets);
#endif
SD_SET_TARGET(sd, args.node);
return JS_TRUE;
}
#define SPANDEPS_MIN 256
#define SPANDEPS_SIZE(n) ((n) * sizeof(JSSpanDep))
#define SPANDEPS_SIZE_MIN SPANDEPS_SIZE(SPANDEPS_MIN)
static JSBool
AddSpanDep(JSContext *cx, JSCodeGenerator *cg, jsbytecode *pc, jsbytecode *pc2,
ptrdiff_t off)
{
uintN index;
JSSpanDep *sdbase, *sd;
size_t size;
index = cg->numSpanDeps;
if (index + 1 == 0) {
ReportStatementTooLarge(cx, cg);
return JS_FALSE;
}
if ((index & (index - 1)) == 0 &&
(!(sdbase = cg->spanDeps) || index >= SPANDEPS_MIN)) {
size = sdbase ? SPANDEPS_SIZE(index) : SPANDEPS_SIZE_MIN / 2;
sdbase = (JSSpanDep *) cx->realloc(sdbase, size + size);
if (!sdbase)
return JS_FALSE;
cg->spanDeps = sdbase;
}
cg->numSpanDeps = index + 1;
sd = cg->spanDeps + index;
sd->top = pc - CG_BASE(cg);
sd->offset = sd->before = pc2 - CG_BASE(cg);
if (js_CodeSpec[*pc].format & JOF_BACKPATCH) {
/* Jump offset will be backpatched if off is a non-zero "bpdelta". */
if (off != 0) {
JS_ASSERT(off >= 1 + JUMP_OFFSET_LEN);
if (off > BPDELTA_MAX) {
ReportStatementTooLarge(cx, cg);
return JS_FALSE;
}
}
SD_SET_BPDELTA(sd, off);
} else if (off == 0) {
/* Jump offset will be patched directly, without backpatch chaining. */
SD_SET_TARGET(sd, 0);
} else {
/* The jump offset in off is non-zero, therefore it's already known. */
if (!SetSpanDepTarget(cx, cg, sd, off))
return JS_FALSE;
}
if (index > SPANDEP_INDEX_MAX)
index = SPANDEP_INDEX_HUGE;
SET_SPANDEP_INDEX(pc2, index);
return JS_TRUE;
}
static jsbytecode *
AddSwitchSpanDeps(JSContext *cx, JSCodeGenerator *cg, jsbytecode *pc)
{
JSOp op;
jsbytecode *pc2;
ptrdiff_t off;
jsint low, high;
uintN njumps, indexlen;
op = (JSOp) *pc;
JS_ASSERT(op == JSOP_TABLESWITCH || op == JSOP_LOOKUPSWITCH);
pc2 = pc;
off = GET_JUMP_OFFSET(pc2);
if (!AddSpanDep(cx, cg, pc, pc2, off))
return NULL;
pc2 += JUMP_OFFSET_LEN;
if (op == JSOP_TABLESWITCH) {
low = GET_JUMP_OFFSET(pc2);
pc2 += JUMP_OFFSET_LEN;
high = GET_JUMP_OFFSET(pc2);
pc2 += JUMP_OFFSET_LEN;
njumps = (uintN) (high - low + 1);
indexlen = 0;
} else {
njumps = GET_UINT16(pc2);
pc2 += UINT16_LEN;
indexlen = INDEX_LEN;
}
while (njumps) {
--njumps;
pc2 += indexlen;
off = GET_JUMP_OFFSET(pc2);
if (!AddSpanDep(cx, cg, pc, pc2, off))
return NULL;
pc2 += JUMP_OFFSET_LEN;
}
return 1 + pc2;
}
static JSBool
BuildSpanDepTable(JSContext *cx, JSCodeGenerator *cg)
{
jsbytecode *pc, *end;
JSOp op;
const JSCodeSpec *cs;
ptrdiff_t off;
pc = CG_BASE(cg) + cg->spanDepTodo;
end = CG_NEXT(cg);
while (pc != end) {
JS_ASSERT(pc < end);
op = (JSOp)*pc;
cs = &js_CodeSpec[op];
switch (JOF_TYPE(cs->format)) {
case JOF_TABLESWITCH:
case JOF_LOOKUPSWITCH:
pc = AddSwitchSpanDeps(cx, cg, pc);
if (!pc)
return JS_FALSE;
break;
case JOF_JUMP:
off = GET_JUMP_OFFSET(pc);
if (!AddSpanDep(cx, cg, pc, pc, off))
return JS_FALSE;
/* FALL THROUGH */
default:
pc += cs->length;
break;
}
}
return JS_TRUE;
}
static JSSpanDep *
GetSpanDep(JSCodeGenerator *cg, jsbytecode *pc)
{
uintN index;
ptrdiff_t offset;
int lo, hi, mid;
JSSpanDep *sd;
index = GET_SPANDEP_INDEX(pc);
if (index != SPANDEP_INDEX_HUGE)
return cg->spanDeps + index;
offset = pc - CG_BASE(cg);
lo = 0;
hi = cg->numSpanDeps - 1;
while (lo <= hi) {
mid = (lo + hi) / 2;
sd = cg->spanDeps + mid;
if (sd->before == offset)
return sd;
if (sd->before < offset)
lo = mid + 1;
else
hi = mid - 1;
}
JS_ASSERT(0);
return NULL;
}
static JSBool
SetBackPatchDelta(JSContext *cx, JSCodeGenerator *cg, jsbytecode *pc,
ptrdiff_t delta)
{
JSSpanDep *sd;
JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN);
if (!cg->spanDeps && delta < JUMP_OFFSET_MAX) {
SET_JUMP_OFFSET(pc, delta);
return JS_TRUE;
}
if (delta > BPDELTA_MAX) {
ReportStatementTooLarge(cx, cg);
return JS_FALSE;
}
if (!cg->spanDeps && !BuildSpanDepTable(cx, cg))
return JS_FALSE;
sd = GetSpanDep(cg, pc);
JS_ASSERT(SD_GET_BPDELTA(sd) == 0);
SD_SET_BPDELTA(sd, delta);
return JS_TRUE;
}
static void
UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta)
{
if (jt->offset > pivot) {
jt->offset += delta;
if (jt->kids[JT_LEFT])
UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta);
}
if (jt->kids[JT_RIGHT])
UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta);
}
static JSSpanDep *
FindNearestSpanDep(JSCodeGenerator *cg, ptrdiff_t offset, int lo,
JSSpanDep *guard)
{
int num, hi, mid;
JSSpanDep *sdbase, *sd;
num = cg->numSpanDeps;
JS_ASSERT(num > 0);
hi = num - 1;
sdbase = cg->spanDeps;
while (lo <= hi) {
mid = (lo + hi) / 2;
sd = sdbase + mid;
if (sd->before == offset)
return sd;
if (sd->before < offset)
lo = mid + 1;
else
hi = mid - 1;
}
if (lo == num)
return guard;
sd = sdbase + lo;
JS_ASSERT(sd->before >= offset && (lo == 0 || sd[-1].before < offset));
return sd;
}
static void
FreeJumpTargets(JSCodeGenerator *cg, JSJumpTarget *jt)
{
if (jt->kids[JT_LEFT])
FreeJumpTargets(cg, jt->kids[JT_LEFT]);
if (jt->kids[JT_RIGHT])
FreeJumpTargets(cg, jt->kids[JT_RIGHT]);
jt->kids[JT_LEFT] = cg->jtFreeList;
cg->jtFreeList = jt;
}
static JSBool
OptimizeSpanDeps(JSContext *cx, JSCodeGenerator *cg)
{
jsbytecode *pc, *oldpc, *base, *limit, *next;
JSSpanDep *sd, *sd2, *sdbase, *sdlimit, *sdtop, guard;
ptrdiff_t offset, growth, delta, top, pivot, span, length, target;
JSBool done;
JSOp op;
uint32 type;
size_t size, incr;
jssrcnote *sn, *snlimit;
JSSrcNoteSpec *spec;
uintN i, n, noteIndex;
JSTryNode *tryNode;
#ifdef DEBUG_brendan
int passes = 0;
#endif
base = CG_BASE(cg);
sdbase = cg->spanDeps;
sdlimit = sdbase + cg->numSpanDeps;
offset = CG_OFFSET(cg);
growth = 0;
do {
done = JS_TRUE;
delta = 0;
top = pivot = -1;
sdtop = NULL;
pc = NULL;
op = JSOP_NOP;
type = 0;
#ifdef DEBUG_brendan
passes++;
#endif
for (sd = sdbase; sd < sdlimit; sd++) {
JS_ASSERT(JT_HAS_TAG(sd->target));
sd->offset += delta;
if (sd->top != top) {
sdtop = sd;
top = sd->top;
JS_ASSERT(top == sd->before);
pivot = sd->offset;
pc = base + top;
op = (JSOp) *pc;
type = JOF_OPTYPE(op);
if (JOF_TYPE_IS_EXTENDED_JUMP(type)) {
/*
* We already extended all the jump offset operands for
* the opcode at sd->top. Jumps and branches have only
* one jump offset operand, but switches have many, all
* of which are adjacent in cg->spanDeps.
*/
continue;
}
JS_ASSERT(type == JOF_JUMP ||
type == JOF_TABLESWITCH ||
type == JOF_LOOKUPSWITCH);
}
if (!JOF_TYPE_IS_EXTENDED_JUMP(type)) {
span = SD_SPAN(sd, pivot);
if (span < JUMP_OFFSET_MIN || JUMP_OFFSET_MAX < span) {
ptrdiff_t deltaFromTop = 0;
done = JS_FALSE;
switch (op) {
case JSOP_GOTO: op = JSOP_GOTOX; break;
case JSOP_IFEQ: op = JSOP_IFEQX; break;
case JSOP_IFNE: op = JSOP_IFNEX; break;
case JSOP_OR: op = JSOP_ORX; break;
case JSOP_AND: op = JSOP_ANDX; break;
case JSOP_GOSUB: op = JSOP_GOSUBX; break;
case JSOP_CASE: op = JSOP_CASEX; break;
case JSOP_DEFAULT: op = JSOP_DEFAULTX; break;
case JSOP_TABLESWITCH: op = JSOP_TABLESWITCHX; break;
case JSOP_LOOKUPSWITCH: op = JSOP_LOOKUPSWITCHX; break;
default:
ReportStatementTooLarge(cx, cg);
return JS_FALSE;
}
*pc = (jsbytecode) op;
for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) {
if (sd2 <= sd) {
/*
* sd2->offset already includes delta as it stood
* before we entered this loop, but it must also
* include the delta relative to top due to all the
* extended jump offset immediates for the opcode
* starting at top, which we extend in this loop.
*
* If there is only one extended jump offset, then
* sd2->offset won't change and this for loop will
* iterate once only.
*/
sd2->offset += deltaFromTop;
deltaFromTop += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN;
} else {
/*
* sd2 comes after sd, and won't be revisited by
* the outer for loop, so we have to increase its
* offset by delta, not merely by deltaFromTop.
*/
sd2->offset += delta;
}
delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN;
UpdateJumpTargets(cg->jumpTargets, sd2->offset,
JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN);
}
sd = sd2 - 1;
}
}
}
growth += delta;
} while (!done);
if (growth) {
#ifdef DEBUG_brendan
JSTokenStream *ts = &cg->compiler->tokenStream;
printf("%s:%u: %u/%u jumps extended in %d passes (%d=%d+%d)\n",
ts->filename ? ts->filename : "stdin", cg->firstLine,
growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps,
passes, offset + growth, offset, growth);
#endif
/*
* Ensure that we have room for the extended jumps, but don't round up
* to a power of two -- we're done generating code, so we cut to fit.
*/
limit = CG_LIMIT(cg);
length = offset + growth;
next = base + length;
if (next > limit) {
JS_ASSERT(length > BYTECODE_CHUNK);
size = BYTECODE_SIZE(limit - base);
incr = BYTECODE_SIZE(length) - size;
JS_ARENA_GROW_CAST(base, jsbytecode *, cg->codePool, size, incr);
if (!base) {
js_ReportOutOfScriptQuota(cx);
return JS_FALSE;
}
CG_BASE(cg) = base;
CG_LIMIT(cg) = next = base + length;
}
CG_NEXT(cg) = next;
/*
* Set up a fake span dependency record to guard the end of the code
* being generated. This guard record is returned as a fencepost by
* FindNearestSpanDep if there is no real spandep at or above a given
* unextended code offset.
*/
guard.top = -1;
guard.offset = offset + growth;
guard.before = offset;
guard.target = NULL;
}
/*
* Now work backwards through the span dependencies, copying chunks of
* bytecode between each extended jump toward the end of the grown code
* space, and restoring immediate offset operands for all jump bytecodes.
* The first chunk of bytecodes, starting at base and ending at the first
* extended jump offset (NB: this chunk includes the operation bytecode
* just before that immediate jump offset), doesn't need to be copied.
*/
JS_ASSERT(sd == sdlimit);
top = -1;
while (--sd >= sdbase) {
if (sd->top != top) {
top = sd->top;
op = (JSOp) base[top];
type = JOF_OPTYPE(op);
for (sd2 = sd - 1; sd2 >= sdbase && sd2->top == top; sd2--)
continue;
sd2++;
pivot = sd2->offset;
JS_ASSERT(top == sd2->before);
}
oldpc = base + sd->before;
span = SD_SPAN(sd, pivot);
/*
* If this jump didn't need to be extended, restore its span immediate
* offset operand now, overwriting the index of sd within cg->spanDeps
* that was stored temporarily after *pc when BuildSpanDepTable ran.
*
* Note that span might fit in 16 bits even for an extended jump op,
* if the op has multiple span operands, not all of which overflowed
* (e.g. JSOP_LOOKUPSWITCH or JSOP_TABLESWITCH where some cases are in
* range for a short jump, but others are not).
*/
if (!JOF_TYPE_IS_EXTENDED_JUMP(type)) {
JS_ASSERT(JUMP_OFFSET_MIN <= span && span <= JUMP_OFFSET_MAX);
SET_JUMP_OFFSET(oldpc, span);
continue;
}
/*
* Set up parameters needed to copy the next run of bytecode starting
* at offset (which is a cursor into the unextended, original bytecode
* vector), down to sd->before (a cursor of the same scale as offset,
* it's the index of the original jump pc). Reuse delta to count the
* nominal number of bytes to copy.
*/
pc = base + sd->offset;
delta = offset - sd->before;
JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN);
/*
* Don't bother copying the jump offset we're about to reset, but do
* copy the bytecode at oldpc (which comes just before its immediate
* jump offset operand), on the next iteration through the loop, by
* including it in offset's new value.
*/
offset = sd->before + 1;
size = BYTECODE_SIZE(delta - (1 + JUMP_OFFSET_LEN));
if (size) {
memmove(pc + 1 + JUMPX_OFFSET_LEN,
oldpc + 1 + JUMP_OFFSET_LEN,
size);
}
SET_JUMPX_OFFSET(pc, span);
}
if (growth) {
/*
* Fix source note deltas. Don't hardwire the delta fixup adjustment,
* even though currently it must be JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN
* at each sd that moved. The future may bring different offset sizes
* for span-dependent instruction operands. However, we fix only main
* notes here, not prolog notes -- we know that prolog opcodes are not
* span-dependent, and aren't likely ever to be.
*/
offset = growth = 0;
sd = sdbase;
for (sn = cg->main.notes, snlimit = sn + cg->main.noteCount;
sn < snlimit;
sn = SN_NEXT(sn)) {
/*
* Recall that the offset of a given note includes its delta, and
* tells the offset of the annotated bytecode from the main entry
* point of the script.
*/
offset += SN_DELTA(sn);
while (sd < sdlimit && sd->before < offset) {
/*
* To compute the delta to add to sn, we need to look at the
* spandep after sd, whose offset - (before + growth) tells by
* how many bytes sd's instruction grew.
*/
sd2 = sd + 1;
if (sd2 == sdlimit)
sd2 = &guard;
delta = sd2->offset - (sd2->before + growth);
if (delta > 0) {
JS_ASSERT(delta == JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN);
sn = js_AddToSrcNoteDelta(cx, cg, sn, delta);
if (!sn)
return JS_FALSE;
snlimit = cg->main.notes + cg->main.noteCount;
growth += delta;
}
sd++;
}
/*
* If sn has span-dependent offset operands, check whether each
* covers further span-dependencies, and increase those operands
* accordingly. Some source notes measure offset not from the
* annotated pc, but from that pc plus some small bias. NB: we
* assume that spec->offsetBias can't itself span span-dependent
* instructions!
*/
spec = &js_SrcNoteSpec[SN_TYPE(sn)];
if (spec->isSpanDep) {
pivot = offset + spec->offsetBias;
n = spec->arity;
for (i = 0; i < n; i++) {
span = js_GetSrcNoteOffset(sn, i);
if (span == 0)
continue;
target = pivot + span * spec->isSpanDep;
sd2 = FindNearestSpanDep(cg, target,
(target >= pivot)
? sd - sdbase
: 0,
&guard);
/*
* Increase target by sd2's before-vs-after offset delta,
* which is absolute (i.e., relative to start of script,
* as is target). Recompute the span by subtracting its
* adjusted pivot from target.
*/
target += sd2->offset - sd2->before;
span = target - (pivot + growth);
span *= spec->isSpanDep;
noteIndex = sn - cg->main.notes;
if (!js_SetSrcNoteOffset(cx, cg, noteIndex, i, span))
return JS_FALSE;
sn = cg->main.notes + noteIndex;
snlimit = cg->main.notes + cg->main.noteCount;
}
}
}
cg->main.lastNoteOffset += growth;
/*
* Fix try/catch notes (O(numTryNotes * log2(numSpanDeps)), but it's
* not clear how we can beat that).
*/
for (tryNode = cg->lastTryNode; tryNode; tryNode = tryNode->prev) {
/*
* First, look for the nearest span dependency at/above tn->start.
* There may not be any such spandep, in which case the guard will
* be returned.
*/
offset = tryNode->note.start;
sd = FindNearestSpanDep(cg, offset, 0, &guard);
delta = sd->offset - sd->before;
tryNode->note.start = offset + delta;
/*
* Next, find the nearest spandep at/above tn->start + tn->length.
* Use its delta minus tn->start's delta to increase tn->length.
*/
length = tryNode->note.length;
sd2 = FindNearestSpanDep(cg, offset + length, sd - sdbase, &guard);
if (sd2 != sd) {
tryNode->note.length =
length + sd2->offset - sd2->before - delta;
}
}
}
#ifdef DEBUG_brendan
{
uintN bigspans = 0;
top = -1;
for (sd = sdbase; sd < sdlimit; sd++) {
offset = sd->offset;
/* NB: sd->top cursors into the original, unextended bytecode vector. */
if (sd->top != top) {
JS_ASSERT(top == -1 ||
!JOF_TYPE_IS_EXTENDED_JUMP(type) ||
bigspans != 0);
bigspans = 0;
top = sd->top;
JS_ASSERT(top == sd->before);
op = (JSOp) base[offset];
type = JOF_OPTYPE(op);
JS_ASSERT(type == JOF_JUMP ||
type == JOF_JUMPX ||
type == JOF_TABLESWITCH ||
type == JOF_TABLESWITCHX ||
type == JOF_LOOKUPSWITCH ||
type == JOF_LOOKUPSWITCHX);
pivot = offset;
}
pc = base + offset;
if (JOF_TYPE_IS_EXTENDED_JUMP(type)) {
span = GET_JUMPX_OFFSET(pc);
if (span < JUMP_OFFSET_MIN || JUMP_OFFSET_MAX < span) {
bigspans++;
} else {
JS_ASSERT(type == JOF_TABLESWITCHX ||
type == JOF_LOOKUPSWITCHX);
}
} else {
span = GET_JUMP_OFFSET(pc);
}
JS_ASSERT(SD_SPAN(sd, pivot) == span);
}
JS_ASSERT(!JOF_TYPE_IS_EXTENDED_JUMP(type) || bigspans != 0);
}
#endif
/*
* Reset so we optimize at most once -- cg may be used for further code
* generation of successive, independent, top-level statements. No jump
* can span top-level statements, because JS lacks goto.
*/
size = SPANDEPS_SIZE(JS_BIT(JS_CeilingLog2(cg->numSpanDeps)));
cx->free(cg->spanDeps);
cg->spanDeps = NULL;
FreeJumpTargets(cg, cg->jumpTargets);
cg->jumpTargets = NULL;
cg->numSpanDeps = cg->numJumpTargets = 0;
cg->spanDepTodo = CG_OFFSET(cg);
return JS_TRUE;
}
static ptrdiff_t
EmitJump(JSContext *cx, JSCodeGenerator *cg, JSOp op, ptrdiff_t off)
{
JSBool extend;
ptrdiff_t jmp;
jsbytecode *pc;
extend = off < JUMP_OFFSET_MIN || JUMP_OFFSET_MAX < off;
if (extend && !cg->spanDeps && !BuildSpanDepTable(cx, cg))
return -1;
jmp = js_Emit3(cx, cg, op, JUMP_OFFSET_HI(off), JUMP_OFFSET_LO(off));
if (jmp >= 0 && (extend || cg->spanDeps)) {
pc = CG_CODE(cg, jmp);
if (!AddSpanDep(cx, cg, pc, pc, off))
return -1;
}
return jmp;
}
static ptrdiff_t
GetJumpOffset(JSCodeGenerator *cg, jsbytecode *pc)
{
JSSpanDep *sd;
JSJumpTarget *jt;
ptrdiff_t top;
if (!cg->spanDeps)
return GET_JUMP_OFFSET(pc);
sd = GetSpanDep(cg, pc);
jt = sd->target;
if (!JT_HAS_TAG(jt))
return JT_TO_BPDELTA(jt);
top = sd->top;
while (--sd >= cg->spanDeps && sd->top == top)
continue;
sd++;
return JT_CLR_TAG(jt)->offset - sd->offset;
}
JSBool
js_SetJumpOffset(JSContext *cx, JSCodeGenerator *cg, jsbytecode *pc,
ptrdiff_t off)
{
if (!cg->spanDeps) {
if (JUMP_OFFSET_MIN <= off && off <= JUMP_OFFSET_MAX) {
SET_JUMP_OFFSET(pc, off);
return JS_TRUE;
}
if (!BuildSpanDepTable(cx, cg))
return JS_FALSE;
}
return SetSpanDepTarget(cx, cg, GetSpanDep(cg, pc), off);
}
bool
JSTreeContext::inStatement(JSStmtType type)
{
for (JSStmtInfo *stmt = topStmt; stmt; stmt = stmt->down) {
if (stmt->type == type)
return true;
}
return false;
}
bool
JSTreeContext::ensureSharpSlots()
{
#if JS_HAS_SHARP_VARS
JS_STATIC_ASSERT(SHARP_NSLOTS == 2);
if (sharpSlotBase >= 0) {
JS_ASSERT(flags & TCF_HAS_SHARPS);
return true;
}
JS_ASSERT(!(flags & TCF_HAS_SHARPS));
if (flags & TCF_IN_FUNCTION) {
JSContext *cx = compiler->context;
JSAtom *sharpArrayAtom = js_Atomize(cx, "#array", 6, 0);
JSAtom *sharpDepthAtom = js_Atomize(cx, "#depth", 6, 0);
if (!sharpArrayAtom || !sharpDepthAtom)
return false;
sharpSlotBase = fun->u.i.nvars;
if (!js_AddLocal(cx, fun, sharpArrayAtom, JSLOCAL_VAR))
return false;
if (!js_AddLocal(cx, fun, sharpDepthAtom, JSLOCAL_VAR))
return false;
} else {
/*
* JSCompiler::compileScript will rebase immediate operands indexing
* the sharp slots to come at the end of the global script's |nfixed|
* slots storage, after gvars and regexps.
*/
sharpSlotBase = 0;
}
flags |= TCF_HAS_SHARPS;
#endif
return true;
}
bool
JSTreeContext::skipSpansGenerator(unsigned skip)
{
JSTreeContext *tc = this;
for (unsigned i = 0; i < skip; ++i, tc = tc->parent) {
if (!tc)
return false;
if (tc->flags & TCF_FUN_IS_GENERATOR)
return true;
}
return false;
}
void
js_PushStatement(JSTreeContext *tc, JSStmtInfo *stmt, JSStmtType type,
ptrdiff_t top)
{
stmt->type = type;
stmt->flags = 0;
stmt->blockid = tc->blockid();
SET_STATEMENT_TOP(stmt, top);
stmt->label = NULL;
JS_ASSERT(!stmt->blockObj);
stmt->down = tc->topStmt;
tc->topStmt = stmt;
if (STMT_LINKS_SCOPE(stmt)) {
stmt->downScope = tc->topScopeStmt;
tc->topScopeStmt = stmt;
} else {
stmt->downScope = NULL;
}
}
void
js_PushBlockScope(JSTreeContext *tc, JSStmtInfo *stmt, JSObject *blockObj,
ptrdiff_t top)
{
js_PushStatement(tc, stmt, STMT_BLOCK, top);
stmt->flags |= SIF_SCOPE;
STOBJ_SET_PARENT(blockObj, tc->blockChain);
stmt->downScope = tc->topScopeStmt;
tc->topScopeStmt = stmt;
tc->blockChain = blockObj;
stmt->blockObj = blockObj;
}
/*
* Emit a backpatch op with offset pointing to the previous jump of this type,
* so that we can walk back up the chain fixing up the op and jump offset.
*/
static ptrdiff_t
EmitBackPatchOp(JSContext *cx, JSCodeGenerator *cg, JSOp op, ptrdiff_t *lastp)
{
ptrdiff_t offset, delta;
offset = CG_OFFSET(cg);
delta = offset - *lastp;
*lastp = offset;
JS_ASSERT(delta > 0);
return EmitJump(cx, cg, op, delta);
}
/*
* Macro to emit a bytecode followed by a uint16 immediate operand stored in
* big-endian order, used for arg and var numbers as well as for atomIndexes.
* NB: We use cx and cg from our caller's lexical environment, and return
* false on error.
*/
#define EMIT_UINT16_IMM_OP(op, i) \
JS_BEGIN_MACRO \
if (js_Emit3(cx, cg, op, UINT16_HI(i), UINT16_LO(i)) < 0) \
return JS_FALSE; \
JS_END_MACRO
#define EMIT_UINT16PAIR_IMM_OP(op, i, j) \
JS_BEGIN_MACRO \
ptrdiff_t off_ = js_EmitN(cx, cg, op, 2 * UINT16_LEN); \
if (off_ < 0) \
return JS_FALSE; \
jsbytecode *pc_ = CG_CODE(cg, off_); \
SET_UINT16(pc_, i); \
pc_ += UINT16_LEN; \
SET_UINT16(pc_, j); \
JS_END_MACRO
static JSBool
FlushPops(JSContext *cx, JSCodeGenerator *cg, intN *npops)
{
JS_ASSERT(*npops != 0);
if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0)
return JS_FALSE;
EMIT_UINT16_IMM_OP(JSOP_POPN, *npops);
*npops = 0;
return JS_TRUE;
}
/*
* Emit additional bytecode(s) for non-local jumps.
*/
static JSBool
EmitNonLocalJumpFixup(JSContext *cx, JSCodeGenerator *cg, JSStmtInfo *toStmt)
{
intN depth, npops;
JSStmtInfo *stmt;
/*
* The non-local jump fixup we emit will unbalance cg->stackDepth, because
* the fixup replicates balanced code such as JSOP_LEAVEWITH emitted at the
* end of a with statement, so we save cg->stackDepth here and restore it
* just before a successful return.
*/
depth = cg->stackDepth;
npops = 0;
#define FLUSH_POPS() if (npops && !FlushPops(cx, cg, &npops)) return JS_FALSE
for (stmt = cg->topStmt; stmt != toStmt; stmt = stmt->down) {
switch (stmt->type) {
case STMT_FINALLY:
FLUSH_POPS();
if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0)
return JS_FALSE;
if (EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, &GOSUBS(*stmt)) < 0)
return JS_FALSE;
break;
case STMT_WITH:
/* There's a With object on the stack that we need to pop. */
FLUSH_POPS();
if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0)
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_LEAVEWITH) < 0)
return JS_FALSE;
break;
case STMT_FOR_IN_LOOP:
/*
* The iterator and the object being iterated need to be popped.
*/
FLUSH_POPS();
if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0)
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_ENDITER) < 0)
return JS_FALSE;
break;
case STMT_SUBROUTINE:
/*
* There's a [exception or hole, retsub pc-index] pair on the
* stack that we need to pop.
*/
npops += 2;
break;
default:;
}
if (stmt->flags & SIF_SCOPE) {
uintN i;
/* There is a Block object with locals on the stack to pop. */
FLUSH_POPS();
if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0)
return JS_FALSE;
i = OBJ_BLOCK_COUNT(cx, stmt->blockObj);
EMIT_UINT16_IMM_OP(JSOP_LEAVEBLOCK, i);
}
}
FLUSH_POPS();
cg->stackDepth = depth;
return JS_TRUE;
#undef FLUSH_POPS
}
static ptrdiff_t
EmitGoto(JSContext *cx, JSCodeGenerator *cg, JSStmtInfo *toStmt,
ptrdiff_t *lastp, JSAtomListElement *label, JSSrcNoteType noteType)
{
intN index;
if (!EmitNonLocalJumpFixup(cx, cg, toStmt))
return -1;
if (label)
index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label));
else if (noteType != SRC_NULL)
index = js_NewSrcNote(cx, cg, noteType);
else
index = 0;
if (index < 0)
return -1;
return EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, lastp);
}
static JSBool
BackPatch(JSContext *cx, JSCodeGenerator *cg, ptrdiff_t last,
jsbytecode *target, jsbytecode op)
{
jsbytecode *pc, *stop;
ptrdiff_t delta, span;
pc = CG_CODE(cg, last);
stop = CG_CODE(cg, -1);
while (pc != stop) {
delta = GetJumpOffset(cg, pc);
span = target - pc;
CHECK_AND_SET_JUMP_OFFSET(cx, cg, pc, span);
/*
* Set *pc after jump offset in case bpdelta didn't overflow, but span
* does (if so, CHECK_AND_SET_JUMP_OFFSET might call BuildSpanDepTable
* and need to see the JSOP_BACKPATCH* op at *pc).
*/
*pc = op;
pc -= delta;
}
return JS_TRUE;
}
void
js_PopStatement(JSTreeContext *tc)
{
JSStmtInfo *stmt;
stmt = tc->topStmt;
tc->topStmt = stmt->down;
if (STMT_LINKS_SCOPE(stmt)) {
tc->topScopeStmt = stmt->downScope;
if (stmt->flags & SIF_SCOPE) {
tc->blockChain = STOBJ_GET_PARENT(stmt->blockObj);
JS_SCOPE_DEPTH_METERING(--tc->scopeDepth);
}
}
}
JSBool
js_PopStatementCG(JSContext *cx, JSCodeGenerator *cg)
{
JSStmtInfo *stmt;
stmt = cg->topStmt;
if (!STMT_IS_TRYING(stmt) &&
(!BackPatch(cx, cg, stmt->breaks, CG_NEXT(cg), JSOP_GOTO) ||
!BackPatch(cx, cg, stmt->continues, CG_CODE(cg, stmt->update),
JSOP_GOTO))) {
return JS_FALSE;
}
js_PopStatement(cg);
return JS_TRUE;
}
JSBool
js_DefineCompileTimeConstant(JSContext *cx, JSCodeGenerator *cg, JSAtom *atom,
JSParseNode *pn)
{
jsdouble dval;
jsint ival;
JSAtom *valueAtom;
jsval v;
JSAtomListElement *ale;
/* XXX just do numbers for now */
if (pn->pn_type == TOK_NUMBER) {
dval = pn->pn_dval;
if (JSDOUBLE_IS_INT(dval, ival) && INT_FITS_IN_JSVAL(ival)) {
v = INT_TO_JSVAL(ival);
} else {
/*
* We atomize double to root a jsdouble instance that we wrap as
* jsval and store in cg->constList. This works because atoms are
* protected from GC during compilation.
*/
valueAtom = js_AtomizeDouble(cx, dval);
if (!valueAtom)
return JS_FALSE;
v = ATOM_KEY(valueAtom);
}
ale = cg->constList.add(cg->compiler, atom);
if (!ale)
return JS_FALSE;
ALE_SET_VALUE(ale, v);
}
return JS_TRUE;
}
JSStmtInfo *
js_LexicalLookup(JSTreeContext *tc, JSAtom *atom, jsint *slotp, JSStmtInfo *stmt)
{
JSObject *obj;
JSScope *scope;
JSScopeProperty *sprop;
if (!stmt)
stmt = tc->topScopeStmt;
for (; stmt; stmt = stmt->downScope) {
if (stmt->type == STMT_WITH)
break;
/* Skip "maybe scope" statements that don't contain let bindings. */
if (!(stmt->flags & SIF_SCOPE))
continue;
obj = stmt->blockObj;
JS_ASSERT(obj->getClass() == &js_BlockClass);
scope = OBJ_SCOPE(obj);
sprop = scope->lookup(ATOM_TO_JSID(atom));
if (sprop) {
JS_ASSERT(sprop->hasShortID());
if (slotp) {
JS_ASSERT(JSVAL_IS_INT(obj->fslots[JSSLOT_BLOCK_DEPTH]));
*slotp = JSVAL_TO_INT(obj->fslots[JSSLOT_BLOCK_DEPTH]) +
sprop->shortid;
}
return stmt;
}
}
if (slotp)
*slotp = -1;
return stmt;
}
/*
* Check if the attributes describe a property holding a compile-time constant
* or a permanent, read-only property without a getter.
*/
#define IS_CONSTANT_PROPERTY(attrs) \
(((attrs) & (JSPROP_READONLY | JSPROP_PERMANENT | JSPROP_GETTER)) == \
(JSPROP_READONLY | JSPROP_PERMANENT))
/*
* The function sets vp to JSVAL_HOLE when the atom does not corresponds to a
* name defining a constant.
*/
static JSBool
LookupCompileTimeConstant(JSContext *cx, JSCodeGenerator *cg, JSAtom *atom,
jsval *vp)
{
JSBool ok;
JSStmtInfo *stmt;
JSAtomListElement *ale;
JSObject *obj, *objbox;
JSProperty *prop;
uintN attrs;
/*
* Chase down the cg stack, but only until we reach the outermost cg.
* This enables propagating consts from top-level into switch cases in a
* function compiled along with the top-level script.
*/
*vp = JSVAL_HOLE;
do {
if (cg->flags & (TCF_IN_FUNCTION | TCF_COMPILE_N_GO)) {
/* XXX this will need revising if 'const' becomes block-scoped. */
stmt = js_LexicalLookup(cg, atom, NULL);
if (stmt)
return JS_TRUE;
ale = cg->constList.lookup(atom);
if (ale) {
JS_ASSERT(ALE_VALUE(ale) != JSVAL_HOLE);
*vp = ALE_VALUE(ale);
return JS_TRUE;
}
/*
* Try looking in the variable object for a direct property that
* is readonly and permanent. We know such a property can't be
* shadowed by another property on obj's prototype chain, or a
* with object or catch variable; nor can prop's value be changed,
* nor can prop be deleted.
*/
if (cg->flags & TCF_IN_FUNCTION) {
if (js_LookupLocal(cx, cg->fun, atom, NULL) != JSLOCAL_NONE)
break;
} else {
JS_ASSERT(cg->flags & TCF_COMPILE_N_GO);
obj = cg->scopeChain;
ok = obj->lookupProperty(cx, ATOM_TO_JSID(atom), &objbox, &prop);
if (!ok)
return JS_FALSE;
if (objbox == obj) {
/*
* We're compiling code that will be executed immediately,
* not re-executed against a different scope chain and/or
* variable object. Therefore we can get constant values
* from our variable object here.
*/
ok = obj->getAttributes(cx, ATOM_TO_JSID(atom), prop, &attrs);
if (ok && IS_CONSTANT_PROPERTY(attrs)) {
ok = obj->getProperty(cx, ATOM_TO_JSID(atom), vp);
JS_ASSERT_IF(ok, *vp != JSVAL_HOLE);
}
}
if (prop)
objbox->dropProperty(cx, prop);
if (!ok)
return JS_FALSE;
if (prop)
break;
}
}
} while ((cg = (JSCodeGenerator *) cg->parent) != NULL);
return JS_TRUE;
}
/*
* Return JSOP_NOP to indicate that index fits 2 bytes and no index segment
* reset instruction is necessary, JSOP_FALSE to indicate an error or either
* JSOP_RESETBASE0 or JSOP_RESETBASE1 to indicate the reset bytecode to issue
* after the main bytecode sequence.
*/
static JSOp
EmitBigIndexPrefix(JSContext *cx, JSCodeGenerator *cg, uintN index)
{
uintN indexBase;
/*
* We have max 3 bytes for indexes and check for INDEX_LIMIT overflow only
* for big indexes.
*/
JS_STATIC_ASSERT(INDEX_LIMIT <= JS_BIT(24));
JS_STATIC_ASSERT(INDEX_LIMIT >=
(JSOP_INDEXBASE3 - JSOP_INDEXBASE1 + 2) << 16);
if (index < JS_BIT(16))
return JSOP_NOP;
indexBase = index >> 16;
if (indexBase <= JSOP_INDEXBASE3 - JSOP_INDEXBASE1 + 1) {
if (js_Emit1(cx, cg, (JSOp)(JSOP_INDEXBASE1 + indexBase - 1)) < 0)
return JSOP_FALSE;
return JSOP_RESETBASE0;
}
if (index >= INDEX_LIMIT) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_TOO_MANY_LITERALS);
return JSOP_FALSE;
}
if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0)
return JSOP_FALSE;
return JSOP_RESETBASE;
}
/*
* Emit a bytecode and its 2-byte constant index immediate operand. If the
* index requires more than 2 bytes, emit a prefix op whose 8-bit immediate
* operand effectively extends the 16-bit immediate of the prefixed opcode,
* by changing index "segment" (see jsinterp.c). We optimize segments 1-3
* with single-byte JSOP_INDEXBASE[123] codes.
*
* Such prefixing currently requires a suffix to restore the "zero segment"
* register setting, but this could be optimized further.
*/
static JSBool
EmitIndexOp(JSContext *cx, JSOp op, uintN index, JSCodeGenerator *cg)
{
JSOp bigSuffix;
bigSuffix = EmitBigIndexPrefix(cx, cg, index);
if (bigSuffix == JSOP_FALSE)
return JS_FALSE;
EMIT_UINT16_IMM_OP(op, index);
return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0;
}
/*
* Slight sugar for EmitIndexOp, again accessing cx and cg from the macro
* caller's lexical environment, and embedding a false return on error.
*/
#define EMIT_INDEX_OP(op, index) \
JS_BEGIN_MACRO \
if (!EmitIndexOp(cx, op, index, cg)) \
return JS_FALSE; \
JS_END_MACRO
static JSBool
EmitAtomOp(JSContext *cx, JSParseNode *pn, JSOp op, JSCodeGenerator *cg)
{
JSAtomListElement *ale;
JS_ASSERT(JOF_OPTYPE(op) == JOF_ATOM);
if (op == JSOP_GETPROP &&
pn->pn_atom == cx->runtime->atomState.lengthAtom) {
return js_Emit1(cx, cg, JSOP_LENGTH) >= 0;
}
ale = cg->atomList.add(cg->compiler, pn->pn_atom);
if (!ale)
return JS_FALSE;
return EmitIndexOp(cx, op, ALE_INDEX(ale), cg);
}
static JSBool
EmitObjectOp(JSContext *cx, JSObjectBox *objbox, JSOp op,
JSCodeGenerator *cg)
{
JS_ASSERT(JOF_OPTYPE(op) == JOF_OBJECT);
return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg);
}
/*
* What good are ARGNO_LEN and SLOTNO_LEN, you ask? The answer is that, apart
* from EmitSlotIndexOp, they abstract out the detail that both are 2, and in
* other parts of the code there's no necessary relationship between the two.
* The abstraction cracks here in order to share EmitSlotIndexOp code among
* the JSOP_DEFLOCALFUN and JSOP_GET{ARG,VAR,LOCAL}PROP cases.
*/
JS_STATIC_ASSERT(ARGNO_LEN == 2);
JS_STATIC_ASSERT(SLOTNO_LEN == 2);
static JSBool
EmitSlotIndexOp(JSContext *cx, JSOp op, uintN slot, uintN index,
JSCodeGenerator *cg)
{
JSOp bigSuffix;
ptrdiff_t off;
jsbytecode *pc;
JS_ASSERT(JOF_OPTYPE(op) == JOF_SLOTATOM ||
JOF_OPTYPE(op) == JOF_SLOTOBJECT);
bigSuffix = EmitBigIndexPrefix(cx, cg, index);
if (bigSuffix == JSOP_FALSE)
return JS_FALSE;
/* Emit [op, slot, index]. */
off = js_EmitN(cx, cg, op, 2 + INDEX_LEN);
if (off < 0)
return JS_FALSE;
pc = CG_CODE(cg, off);
SET_UINT16(pc, slot);
pc += 2;
SET_INDEX(pc, index);
return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0;
}
/*
* Adjust the slot for a block local to account for the number of variables
* that share the same index space with locals. Due to the incremental code
* generation for top-level script, we do the adjustment via code patching in
* JSCompiler::compileScript; see comments there.
*
* The function returns -1 on failures.
*/
static jsint
AdjustBlockSlot(JSContext *cx, JSCodeGenerator *cg, jsint slot)
{
JS_ASSERT((jsuint) slot < cg->maxStackDepth);
if (cg->flags & TCF_IN_FUNCTION) {
slot += cg->fun->u.i.nvars;
if ((uintN) slot >= SLOTNO_LIMIT) {
js_ReportCompileErrorNumber(cx, CG_TS(cg), NULL,
JSREPORT_ERROR,
JSMSG_TOO_MANY_LOCALS);
slot = -1;
}
}
return slot;
}
static bool
EmitEnterBlock(JSContext *cx, JSParseNode *pn, JSCodeGenerator *cg)
{
JS_ASSERT(PN_TYPE(pn) == TOK_LEXICALSCOPE);
if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg))
return false;
JSObject *blockObj = pn->pn_objbox->object;
jsint depth = AdjustBlockSlot(cx, cg, OBJ_BLOCK_DEPTH(cx, blockObj));
if (depth < 0)
return false;
for (uintN slot = JSSLOT_FREE(&js_BlockClass),
limit = slot + OBJ_BLOCK_COUNT(cx, blockObj);
slot < limit; slot++) {
jsval v = STOBJ_GET_SLOT(blockObj, slot);
/* Beware the empty destructuring dummy. */
if (JSVAL_IS_VOID(v)) {
JS_ASSERT(slot + 1 <= limit);
continue;
}
JSDefinition *dn = (JSDefinition *) JSVAL_TO_PRIVATE(v);
JS_ASSERT(dn->pn_defn);
JS_ASSERT(uintN(dn->frameSlot() + depth) < JS_BIT(16));
dn->pn_cookie += depth;
#ifdef DEBUG
for (JSParseNode *pnu = dn->dn_uses; pnu; pnu = pnu->pn_link) {
JS_ASSERT(pnu->pn_lexdef == dn);
JS_ASSERT(!(pnu->pn_dflags & PND_BOUND));
JS_ASSERT(pnu->pn_cookie == FREE_UPVAR_COOKIE);
}
#endif
}
OBJ_SCOPE(blockObj)->freeslot = JSSLOT_FREE(&js_BlockClass);
return js_GrowSlots(cx, blockObj, JSSLOT_FREE(&js_BlockClass));
}
/*
* When eval is called from a function, the eval code or function code it
* compiles may reference upvars that live in the eval-calling function. The
* eval-invoked compiler does not have explicit definitions for these upvars
* and we do not attempt to create them a-priori (by inspecting the function's
* args and vars) -- we could, but we'd take an avoidable penalty for each
* function local not referenced by any upvar. Instead, we map such upvars
* lazily, growing upvarMap.vector by powers of two.
*
* This function knows that it is called with pn pointing to a PN_NAME-arity
* node, and cg->compiler->callerFrame having a non-null fun member, and the
* static level of cg at least one greater than the eval-calling function's
* static level.
*/
static bool
MakeUpvarForEval(JSParseNode *pn, JSCodeGenerator *cg)
{
JSContext *cx = cg->compiler->context;
JSFunction *fun = cg->compiler->callerFrame->fun;
uintN upvarLevel = fun->u.i.script->staticLevel;
JSFunctionBox *funbox = cg->funbox;
if (funbox) {
/*
* Treat top-level function definitions as escaping (i.e., as funargs),
* required since we compile each such top level function or statement
* and throw away the AST, so we can't yet see all funarg uses of this
* function being compiled (cg->funbox->object). See bug 493177.
*/
if (funbox->level == fun->u.i.script->staticLevel + 1U &&
!(((JSFunction *) funbox->object)->flags & JSFUN_LAMBDA)) {
JS_ASSERT_IF(cx->options & JSOPTION_ANONFUNFIX,
((JSFunction *) funbox->object)->atom);
return true;
}
while (funbox->level >= upvarLevel) {
if (funbox->node->pn_dflags & PND_FUNARG)
return true;
funbox = funbox->parent;
if (!funbox)
break;
}
}
JSAtom *atom = pn->pn_atom;
uintN index;
JSLocalKind localKind = js_LookupLocal(cx, fun, atom, &index);
if (localKind == JSLOCAL_NONE)
return true;
JS_ASSERT(cg->staticLevel > upvarLevel);
if (cg->staticLevel >= JS_DISPLAY_SIZE || upvarLevel >= JS_DISPLAY_SIZE)
return true;
JSAtomListElement *ale = cg->upvarList.lookup(atom);
if (!ale) {
if ((cg->flags & TCF_IN_FUNCTION) &&
!js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR)) {
return false;
}
ale = cg->upvarList.add(cg->compiler, atom);
if (!ale)
return false;
JS_ASSERT(ALE_INDEX(ale) == cg->upvarList.count - 1);
uint32 *vector = cg->upvarMap.vector;
uint32 length = cg->upvarMap.length;
JS_ASSERT(ALE_INDEX(ale) <= length);
if (ALE_INDEX(ale) == length) {
length = 2 * JS_MAX(2, length);
vector = (uint32 *) cx->realloc(vector, length * sizeof *vector);
if (!vector)
return false;
cg->upvarMap.vector = vector;
cg->upvarMap.length = length;
}
if (localKind != JSLOCAL_ARG)
index += fun->nargs;
JS_ASSERT(index < JS_BIT(16));
uintN skip = cg->staticLevel - upvarLevel;
vector[ALE_INDEX(ale)] = MAKE_UPVAR_COOKIE(skip, index);
}
pn->pn_op = JSOP_GETUPVAR;
pn->pn_cookie = MAKE_UPVAR_COOKIE(cg->staticLevel, ALE_INDEX(ale));
pn->pn_dflags |= PND_BOUND;
return true;
}
/*
* BindNameToSlot attempts to optimize name gets and sets to stack slot loads
* and stores, given the compile-time information in cg and a TOK_NAME node pn.
* It returns false on error, true on success.
*
* The caller can inspect pn->pn_cookie for FREE_UPVAR_COOKIE to tell whether
* optimization occurred, in which case BindNameToSlot also updated pn->pn_op.
* If pn->pn_cookie is still FREE_UPVAR_COOKIE on return, pn->pn_op still may
* have been optimized, e.g., from JSOP_NAME to JSOP_CALLEE. Whether or not
* pn->pn_op was modified, if this function finds an argument or local variable
* name, PND_CONST will be set in pn_dflags for read-only properties after a
* successful return.
*
* NB: if you add more opcodes specialized from JSOP_NAME, etc., don't forget
* to update the TOK_FOR (for-in) and TOK_ASSIGN (op=, e.g. +=) special cases
* in js_EmitTree.
*/
static JSBool
BindNameToSlot(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn)
{
JSDefinition *dn;
JSOp op;
JSAtom *atom;
uint32 cookie;
JSDefinition::Kind dn_kind;
JSAtomListElement *ale;
uintN index;
JS_ASSERT(pn->pn_type == TOK_NAME);
/* Idempotency tests come first, since we may be called more than once. */
if (pn->pn_dflags & PND_BOUND)
return JS_TRUE;
/* No cookie initialized for these two, they're pre-bound by definition. */
JS_ASSERT(pn->pn_op != JSOP_ARGUMENTS && pn->pn_op != JSOP_CALLEE);
/*
* The parser linked all uses (including forward references) to their
* definitions, unless a with statement or direct eval intervened.
*/
if (pn->pn_used) {
JS_ASSERT(pn->pn_cookie == FREE_UPVAR_COOKIE);
dn = pn->pn_lexdef;
JS_ASSERT(dn->pn_defn);
if (pn->isDeoptimized())
return JS_TRUE;
pn->pn_dflags |= (dn->pn_dflags & PND_CONST);
} else {
if (!pn->pn_defn)
return JS_TRUE;
dn = (JSDefinition *) pn;
}
op = PN_OP(pn);
if (op == JSOP_NOP)
return JS_TRUE;
JS_ASSERT(JOF_OPTYPE(op) == JOF_ATOM);
atom = pn->pn_atom;
cookie = dn->pn_cookie;
dn_kind = dn->kind();
/*
* Turn attempts to mutate const-declared bindings into get ops (for
* pre-increment and pre-decrement ops, our caller will have to emit
* JSOP_POS, JSOP_ONE, and JSOP_ADD as well).
*
* Turn JSOP_DELNAME into JSOP_FALSE if dn is known, as all declared
* bindings visible to the compiler are permanent in JS unless the
* declaration originates in eval code. We detect eval code by testing
* cg->compiler->callerFrame, which is set only by eval or a debugger
* equivalent.
*
* Note that this callerFrame non-null test must be qualified by testing
* !cg->funbox to exclude function code nested in eval code, which is not
* subject to the deletable binding exception.
*/
switch (op) {
case JSOP_NAME:
case JSOP_SETCONST:
break;
case JSOP_DELNAME:
if (dn_kind != JSDefinition::UNKNOWN) {
if (cg->compiler->callerFrame && !cg->funbox)
JS_ASSERT(cg->flags & TCF_COMPILE_N_GO);
else
pn->pn_op = JSOP_FALSE;
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
break;
default:
if (pn->isConst())
pn->pn_op = op = JSOP_NAME;
}
if (cookie == FREE_UPVAR_COOKIE) {
JSStackFrame *caller = cg->compiler->callerFrame;
if (caller) {
JS_ASSERT(cg->flags & TCF_COMPILE_N_GO);
/*
* Don't generate upvars on the left side of a for loop. See
* bug 470758.
*/
if (cg->flags & TCF_IN_FOR_INIT)
return JS_TRUE;
JS_ASSERT(caller->script);
if (!caller->fun)
return JS_TRUE;
/*
* Make sure the variable object used by the compiler to initialize
* parent links matches the caller's varobj. Compile-n-go compiler-
* created function objects have the top-level cg's scopeChain set
* as their parent by JSCompiler::newFunction.
*/
JSObject *scopeobj = (cg->flags & TCF_IN_FUNCTION)
? STOBJ_GET_PARENT(FUN_OBJECT(cg->fun))
: cg->scopeChain;
if (scopeobj != caller->varobj(cx))
return JS_TRUE;
/*
* We are compiling eval or debug script inside a function frame
* and the scope chain matches the function's variable object.
* Optimize access to function's arguments and variable and the
* arguments object.
*/
if (op != JSOP_NAME)
return JS_TRUE;
/*
* Generator functions may be resumed from any call stack, which
* defeats the display optimization to static link searching used
* by JSOP_{GET,CALL}UPVAR.
*/
JSFunction *fun = cg->compiler->callerFrame->fun;
JS_ASSERT(cg->staticLevel >= fun->u.i.script->staticLevel);
unsigned skip = cg->staticLevel - fun->u.i.script->staticLevel;
if (cg->skipSpansGenerator(skip))
return JS_TRUE;
return MakeUpvarForEval(pn, cg);
}
return JS_TRUE;
}
if (dn->pn_dflags & PND_GVAR) {
/*
* If this is a global reference from within a function, leave pn_op as
* JSOP_NAME, etc. We could emit JSOP_*GVAR ops within function code if
* only we could depend on the global frame's slots being valid for all
* calls to the function.
*/
if (cg->flags & TCF_IN_FUNCTION)
return JS_TRUE;
/*
* We are optimizing global variables and there may be no pre-existing
* global property named atom when this global script runs. If atom was
* declared via const or var, optimize pn to access fp->vars using the
* appropriate JSOP_*GVAR op.
*
* FIXME: should be able to optimize global function access too.
*/
JS_ASSERT(dn_kind == JSDefinition::VAR || dn_kind == JSDefinition::CONST);
switch (op) {
case JSOP_NAME: op = JSOP_GETGVAR; break;
case JSOP_SETNAME: op = JSOP_SETGVAR; break;
case JSOP_SETCONST: /* NB: no change */ break;
case JSOP_INCNAME: op = JSOP_INCGVAR; break;
case JSOP_NAMEINC: op = JSOP_GVARINC; break;
case JSOP_DECNAME: op = JSOP_DECGVAR; break;
case JSOP_NAMEDEC: op = JSOP_GVARDEC; break;
case JSOP_FORNAME: /* NB: no change */ break;
case JSOP_DELNAME: /* NB: no change */ break;
default: JS_NOT_REACHED("gvar");
}
pn->pn_op = op;
pn->pn_cookie = cookie;
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
uintN level = UPVAR_FRAME_SKIP(cookie);
JS_ASSERT(cg->staticLevel >= level);
/*
* A JSDefinition witnessed as a declaration by the parser cannot be an
* upvar, unless it is the degenerate kind of upvar selected above (in the
* code before the PND_GVAR test) for the special case of compile-and-go
* code generated from eval called from a function, where the eval code
* uses local vars defined in the function. We detect this upvar-for-eval
* case by checking dn's op.
*/
if (PN_OP(dn) == JSOP_GETUPVAR) {
JS_ASSERT(cg->staticLevel >= level);
if (op != JSOP_NAME)
return JS_TRUE;
#ifdef DEBUG
JSStackFrame *caller = cg->compiler->callerFrame;
#endif
JS_ASSERT(caller);
JS_ASSERT(caller->script);
JSTreeContext *tc = cg;
while (tc->staticLevel != level)
tc = tc->parent;
JS_ASSERT(tc->flags & TCF_COMPILING);
JSCodeGenerator *evalcg = (JSCodeGenerator *) tc;
JS_ASSERT(evalcg->flags & TCF_COMPILE_N_GO);
JS_ASSERT(caller->fun && caller->varobj(cx) == evalcg->scopeChain);
/*
* Don't generate upvars on the left side of a for loop. See
* bug 470758 and bug 520513.
*/
if (evalcg->flags & TCF_IN_FOR_INIT)
return JS_TRUE;
if (cg->staticLevel == level) {
pn->pn_op = JSOP_GETUPVAR;
pn->pn_cookie = cookie;
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
return MakeUpvarForEval(pn, cg);
}
uintN skip = cg->staticLevel - level;
if (skip != 0) {
JS_ASSERT(cg->flags & TCF_IN_FUNCTION);
JS_ASSERT_IF(UPVAR_FRAME_SLOT(cookie) != CALLEE_UPVAR_SLOT,
cg->lexdeps.lookup(atom));
JS_ASSERT(JOF_OPTYPE(op) == JOF_ATOM);
JS_ASSERT(cg->fun->u.i.skipmin <= skip);
/*
* If op is a mutating opcode, this upvar's static level is too big to
* index into the display, or the function is heavyweight, we fall back
* on JSOP_*NAME*.
*/
if (op != JSOP_NAME)
return JS_TRUE;
if (level >= JS_DISPLAY_SIZE)
return JS_TRUE;
if (cg->flags & TCF_FUN_HEAVYWEIGHT)
return JS_TRUE;
if (FUN_FLAT_CLOSURE(cg->fun)) {
op = JSOP_GETDSLOT;
} else {
/*
* The function we're compiling may not be heavyweight, but if it
* escapes as a funarg, we can't use JSOP_GETUPVAR/JSOP_CALLUPVAR.
* JSCompiler::analyzeFunctions has arranged for this function's
* enclosing functions to be heavyweight, so we can safely stick
* with JSOP_NAME/JSOP_CALLNAME.
*/
if (cg->funbox->node->pn_dflags & PND_FUNARG)
return JS_TRUE;
/*
* Generator functions may be resumed from any call stack, which
* defeats the display optimization to static link searching used
* by JSOP_{GET,CALL}UPVAR.
*/
if (cg->skipSpansGenerator(skip))
return JS_TRUE;
op = JSOP_GETUPVAR;
}
ale = cg->upvarList.lookup(atom);
if (ale) {
index = ALE_INDEX(ale);
} else {
if (!js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR))
return JS_FALSE;
ale = cg->upvarList.add(cg->compiler, atom);
if (!ale)
return JS_FALSE;
index = ALE_INDEX(ale);
JS_ASSERT(index == cg->upvarList.count - 1);
uint32 *vector = cg->upvarMap.vector;
if (!vector) {
uint32 length = cg->lexdeps.count;
vector = (uint32 *) js_calloc(length * sizeof *vector);
if (!vector) {
JS_ReportOutOfMemory(cx);
return JS_FALSE;
}
cg->upvarMap.vector = vector;
cg->upvarMap.length = length;
}
uintN slot = UPVAR_FRAME_SLOT(cookie);
if (slot != CALLEE_UPVAR_SLOT && dn_kind != JSDefinition::ARG) {
JSTreeContext *tc = cg;
do {
tc = tc->parent;
} while (tc->staticLevel != level);
if (tc->flags & TCF_IN_FUNCTION)
slot += tc->fun->nargs;
}
vector[index] = MAKE_UPVAR_COOKIE(skip, slot);
}
pn->pn_op = op;
pn->pn_cookie = index;
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
/*
* We are compiling a function body and may be able to optimize name
* to stack slot. Look for an argument or variable in the function and
* rewrite pn_op and update pn accordingly.
*/
switch (dn_kind) {
case JSDefinition::UNKNOWN:
return JS_TRUE;
case JSDefinition::LET:
switch (op) {
case JSOP_NAME: op = JSOP_GETLOCAL; break;
case JSOP_SETNAME: op = JSOP_SETLOCAL; break;
case JSOP_INCNAME: op = JSOP_INCLOCAL; break;
case JSOP_NAMEINC: op = JSOP_LOCALINC; break;
case JSOP_DECNAME: op = JSOP_DECLOCAL; break;
case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break;
case JSOP_FORNAME: op = JSOP_FORLOCAL; break;
default: JS_NOT_REACHED("let");
}
break;
case JSDefinition::ARG:
switch (op) {
case JSOP_NAME: op = JSOP_GETARG; break;
case JSOP_SETNAME: op = JSOP_SETARG; break;
case JSOP_INCNAME: op = JSOP_INCARG; break;
case JSOP_NAMEINC: op = JSOP_ARGINC; break;
case JSOP_DECNAME: op = JSOP_DECARG; break;
case JSOP_NAMEDEC: op = JSOP_ARGDEC; break;
case JSOP_FORNAME: op = JSOP_FORARG; break;
default: JS_NOT_REACHED("arg");
}
JS_ASSERT(!pn->isConst());
break;
case JSDefinition::VAR:
if (PN_OP(dn) == JSOP_CALLEE) {
JS_ASSERT(op != JSOP_CALLEE);
JS_ASSERT((cg->fun->flags & JSFUN_LAMBDA) && atom == cg->fun->atom);
/*
* Leave pn->pn_op == JSOP_NAME if cg->fun is heavyweight, as we
* cannot be sure cg->fun is not something of the form:
*
* var ff = (function f(s) { eval(s); return f; });
*
* where a caller invokes ff("var f = 42"). The result returned for
* such an invocation must be 42, since the callee name is
* lexically bound in an outer declarative environment from the
* function's activation. See jsfun.cpp:call_resolve.
*/
JS_ASSERT(op != JSOP_DELNAME);
if (!(cg->flags & TCF_FUN_HEAVYWEIGHT)) {
op = JSOP_CALLEE;
pn->pn_dflags |= PND_CONST;
}
pn->pn_op = op;
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
/* FALL THROUGH */
default:
JS_ASSERT_IF(dn_kind != JSDefinition::FUNCTION,
dn_kind == JSDefinition::VAR ||
dn_kind == JSDefinition::CONST);
switch (op) {
case JSOP_NAME: op = JSOP_GETLOCAL; break;
case JSOP_SETNAME: op = JSOP_SETLOCAL; break;
case JSOP_SETCONST: op = JSOP_SETLOCAL; break;
case JSOP_INCNAME: op = JSOP_INCLOCAL; break;
case JSOP_NAMEINC: op = JSOP_LOCALINC; break;
case JSOP_DECNAME: op = JSOP_DECLOCAL; break;
case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break;
case JSOP_FORNAME: op = JSOP_FORLOCAL; break;
default: JS_NOT_REACHED("local");
}
JS_ASSERT_IF(dn_kind == JSDefinition::CONST, pn->pn_dflags & PND_CONST);
break;
}
JS_ASSERT(op != PN_OP(pn));
pn->pn_op = op;
pn->pn_cookie = UPVAR_FRAME_SLOT(cookie);
pn->pn_dflags |= PND_BOUND;
return JS_TRUE;
}
/*
* If pn contains a useful expression, return true with *answer set to true.
* If pn contains a useless expression, return true with *answer set to false.
* Return false on error.
*
* The caller should initialize *answer to false and invoke this function on
* an expression statement or similar subtree to decide whether the tree could
* produce code that has any side effects. For an expression statement, we
* define useless code as code with no side effects, because the main effect,
* the value left on the stack after the code executes, will be discarded by a
* pop bytecode.
*/
static JSBool
CheckSideEffects(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn,
JSBool *answer)
{
JSBool ok;
JSParseNode *pn2;
ok = JS_TRUE;
if (!pn || *answer)
return ok;
switch (pn->pn_arity) {
case PN_FUNC:
/*
* A named function, contrary to ES3, is no longer useful, because we
* bind its name lexically (using JSOP_CALLEE) instead of creating an
* Object instance and binding a readonly, permanent property in it
* (the object and binding can be detected and hijacked or captured).
* This is a bug fix to ES3; it is fixed in ES3.1 drafts.
*/
*answer = JS_FALSE;
break;
case PN_LIST:
if (pn->pn_op == JSOP_NOP ||
pn->pn_op == JSOP_OR || pn->pn_op == JSOP_AND ||
pn->pn_op == JSOP_STRICTEQ || pn->pn_op == JSOP_STRICTNE) {
/*
* Non-operators along with ||, &&, ===, and !== never invoke
* toString or valueOf.
*/
for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next)
ok &= CheckSideEffects(cx, cg, pn2, answer);
} else {
/*
* All invocation operations (construct: TOK_NEW, call: TOK_LP)
* are presumed to be useful, because they may have side effects
* even if their main effect (their return value) is discarded.
*
* TOK_LB binary trees of 3 or more nodes are flattened into lists
* to avoid too much recursion. All such lists must be presumed
* to be useful because each index operation could invoke a getter
* (the JSOP_ARGUMENTS special case below, in the PN_BINARY case,
* does not apply here: arguments[i][j] might invoke a getter).
*
* Likewise, array and object initialisers may call prototype
* setters (the __defineSetter__ built-in, and writable __proto__
* on Array.prototype create this hazard). Initialiser list nodes
* have JSOP_NEWINIT in their pn_op.
*/
*answer = JS_TRUE;
}
break;
case PN_TERNARY:
ok = CheckSideEffects(cx, cg, pn->pn_kid1, answer) &&
CheckSideEffects(cx, cg, pn->pn_kid2, answer) &&
CheckSideEffects(cx, cg, pn->pn_kid3, answer);
break;
case PN_BINARY:
if (pn->pn_type == TOK_ASSIGN) {
/*
* Assignment is presumed to be useful, even if the next operation
* is another assignment overwriting this one's ostensible effect,
* because the left operand may be a property with a setter that
* has side effects.
*
* The only exception is assignment of a useless value to a const
* declared in the function currently being compiled.
*/
pn2 = pn->pn_left;
if (pn2->pn_type != TOK_NAME) {
*answer = JS_TRUE;
} else {
if (!BindNameToSlot(cx, cg, pn2))
return JS_FALSE;
if (!CheckSideEffects(cx, cg, pn->pn_right, answer))
return JS_FALSE;
if (!*answer && (pn->pn_op != JSOP_NOP || !pn2->isConst()))
*answer = JS_TRUE;
}
} else {
if (pn->pn_op == JSOP_OR || pn->pn_op == JSOP_AND ||
pn->pn_op == JSOP_STRICTEQ || pn->pn_op == JSOP_STRICTNE) {
/*
* ||, &&, ===, and !== do not convert their operands via
* toString or valueOf method calls.
*/
ok = CheckSideEffects(cx, cg, pn->pn_left, answer) &&
CheckSideEffects(cx, cg, pn->pn_right, answer);
} else {
/*
* We can't easily prove that neither operand ever denotes an
* object with a toString or valueOf method.
*/
*answer = JS_TRUE;
}
}
break;
case PN_UNARY:
switch (pn->pn_type) {
case TOK_DELETE:
pn2 = pn->pn_kid;
switch (pn2->pn_type) {
case TOK_NAME:
if (!BindNameToSlot(cx, cg, pn2))
return JS_FALSE;
if (pn2->isConst()) {
*answer = JS_FALSE;
break;
}
/* FALL THROUGH */
case TOK_DOT:
#if JS_HAS_XML_SUPPORT
case TOK_DBLDOT:
#endif
case TOK_LP:
case TOK_LB:
/* All these delete addressing modes have effects too. */
*answer = JS_TRUE;
break;
default:
ok = CheckSideEffects(cx, cg, pn2, answer);
break;
}
break;
case TOK_UNARYOP:
if (pn->pn_op == JSOP_NOT) {
/* ! does not convert its operand via toString or valueOf. */
ok = CheckSideEffects(cx, cg, pn->pn_kid, answer);
break;
}
/* FALL THROUGH */
default:
/*
* All of TOK_INC, TOK_DEC, TOK_THROW, TOK_YIELD, and TOK_DEFSHARP
* have direct effects. Of the remaining unary-arity node types,
* we can't easily prove that the operand never denotes an object
* with a toString or valueOf method.
*/
*answer = JS_TRUE;
break;
}
break;
case PN_NAME:
/*
* Take care to avoid trying to bind a label name (labels, both for
* statements and property values in object initialisers, have pn_op
* defaulted to JSOP_NOP).
*/
if (pn->pn_type == TOK_NAME && pn->pn_op != JSOP_NOP) {
if (!BindNameToSlot(cx, cg, pn))
return JS_FALSE;
if (pn->pn_op != JSOP_ARGUMENTS && pn->pn_op != JSOP_CALLEE &&
pn->pn_cookie == FREE_UPVAR_COOKIE) {
/*
* Not an argument or local variable use, and not a use of a
* unshadowed named function expression's given name, so this
* expression could invoke a getter that has side effects.
*/
*answer = JS_TRUE;
}
}
pn2 = pn->maybeExpr();
if (pn->pn_type == TOK_DOT) {
if (pn2->pn_type == TOK_NAME && !BindNameToSlot(cx, cg, pn2))
return JS_FALSE;
if (!(pn2->pn_op == JSOP_ARGUMENTS &&
pn->pn_atom == cx->runtime->atomState.lengthAtom)) {
/*
* Any dotted property reference could call a getter, except
* for arguments.length where arguments is unambiguous.
*/
*answer = JS_TRUE;
}
}
ok = CheckSideEffects(cx, cg, pn2, answer);
break;
case PN_NAMESET:
ok = CheckSideEffects(cx, cg, pn->pn_tree, answer);
break;
case PN_NULLARY:
if (pn->pn_type == TOK_DEBUGGER)
*answer = JS_TRUE;
break;
}
return ok;
}
static JSBool
EmitNameOp(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn,
JSBool callContext)
{
JSOp op;
if (!BindNameToSlot(cx, cg, pn))
return JS_FALSE;
op = PN_OP(pn);
if (callContext) {
switch (op) {
case JSOP_NAME:
op = JSOP_CALLNAME;
break;
case JSOP_GETGVAR:
JS_ASSERT(!cg->funbox);
op = JSOP_CALLGVAR;
break;
case JSOP_GETARG:
op = JSOP_CALLARG;
break;
case JSOP_GETLOCAL:
op = JSOP_CALLLOCAL;
break;
case JSOP_GETUPVAR:
op = JSOP_CALLUPVAR;
break;
case JSOP_GETDSLOT:
op = JSOP_CALLDSLOT;
break;
default:
JS_ASSERT(op == JSOP_ARGUMENTS || op == JSOP_CALLEE);
break;
}
}
if (op == JSOP_ARGUMENTS || op == JSOP_CALLEE) {
if (js_Emit1(cx, cg, op) < 0)
return JS_FALSE;
if (callContext && js_Emit1(cx, cg, JSOP_NULL) < 0)
return JS_FALSE;
} else {
if (pn->pn_cookie != FREE_UPVAR_COOKIE) {
EMIT_UINT16_IMM_OP(op, pn->pn_cookie);
} else {
if (!EmitAtomOp(cx, pn, op, cg))
return JS_FALSE;
}
}
return JS_TRUE;
}
#if JS_HAS_XML_SUPPORT
static JSBool
EmitXMLName(JSContext *cx, JSParseNode *pn, JSOp op, JSCodeGenerator *cg)
{
JSParseNode *pn2;
uintN oldflags;
JS_ASSERT(pn->pn_type == TOK_UNARYOP);
JS_ASSERT(pn->pn_op == JSOP_XMLNAME);
JS_ASSERT(op == JSOP_XMLNAME || op == JSOP_CALLXMLNAME);
pn2 = pn->pn_kid;
oldflags = cg->flags;
cg->flags &= ~TCF_IN_FOR_INIT;
if (!js_EmitTree(cx, cg, pn2))
return JS_FALSE;
cg->flags |= oldflags & TCF_IN_FOR_INIT;
if (js_NewSrcNote2(cx, cg, SRC_PCBASE,
CG_OFFSET(cg) - pn2->pn_offset) < 0) {
return JS_FALSE;
}
return js_Emit1(cx, cg, op) >= 0;
}
#endif
static JSBool
EmitSpecialPropOp(JSContext *cx, JSParseNode *pn, JSOp op, JSCodeGenerator *cg)
{
/*
* Special case for obj.__proto__, obj.__parent__, obj.__count__ to
* deoptimize away from fast paths in the interpreter and trace recorder,
* which skip dense array instances by going up to Array.prototype before
* looking up the property name.
*/
JSAtomListElement *ale = cg->atomList.add(cg->compiler, pn->pn_atom);
if (!ale)
return JS_FALSE;
if (!EmitIndexOp(cx, JSOP_QNAMEPART, ALE_INDEX(ale), cg))
return JS_FALSE;
if (js_Emit1(cx, cg, op) < 0)
return JS_FALSE;
return JS_TRUE;
}
static JSBool
EmitPropOp(JSContext *cx, JSParseNode *pn, JSOp op, JSCodeGenerator *cg,
JSBool callContext)
{
JSParseNode *pn2, *pndot, *pnup, *pndown;
ptrdiff_t top;
JS_ASSERT(pn->pn_arity == PN_NAME);
pn2 = pn->maybeExpr();
/* Special case deoptimization on __proto__, __count__ and __parent__. */
if ((op == JSOP_GETPROP || op == JSOP_CALLPROP) &&
(pn->pn_atom == cx->runtime->atomState.protoAtom ||
pn->pn_atom == cx->runtime->atomState.parentAtom ||
pn->pn_atom == cx->runtime->atomState.countAtom)) {
if (pn2 && !js_EmitTree(cx, cg, pn2))
return JS_FALSE;
return EmitSpecialPropOp(cx, pn, callContext ? JSOP_CALLELEM : JSOP_GETELEM, cg);
}
if (callContext) {
JS_ASSERT(pn->pn_type == TOK_DOT);
JS_ASSERT(op == JSOP_GETPROP);
op = JSOP_CALLPROP;
} else if (op == JSOP_GETPROP && pn->pn_type == TOK_DOT) {
if (pn2->pn_op == JSOP_THIS) {
if (pn->pn_atom != cx->runtime->atomState.lengthAtom) {
/* Fast path for gets of |this.foo|. */
return EmitAtomOp(cx, pn, JSOP_GETTHISPROP, cg);
}
} else if (pn2->pn_type == TOK_NAME) {
/*
* Try to optimize:
* - arguments.length into JSOP_ARGCNT
* - argname.prop into JSOP_GETARGPROP
* - localname.prop into JSOP_GETLOCALPROP
* but don't do this if the property is 'length' -- prefer to emit
* JSOP_GETARG, etc., and then JSOP_LENGTH.
*/
if (!BindNameToSlot(cx, cg, pn2))
return JS_FALSE;
if (pn->pn_atom == cx->runtime->atomState.lengthAtom) {
if (pn2->pn_op == JSOP_ARGUMENTS)
return js_Emit1(cx, cg, JSOP_ARGCNT) >= 0;
} else {
switch (pn2->pn_op) {
case JSOP_GETARG:
op = JSOP_GETARGPROP;
goto do_indexconst;
case JSOP_GETLOCAL:
op = JSOP_GETLOCALPROP;
do_indexconst: {
JSAtomListElement *ale;
jsatomid atomIndex;
ale = cg->atomList.add(cg->compiler, pn->pn_atom);
if (!ale)
return JS_FALSE;
atomIndex = ALE_INDEX(ale);
return EmitSlotIndexOp(cx, op, pn2->pn_cookie, atomIndex, cg);
}
default:;
}
}
}
}
/*
* If the object operand is also a dotted property reference, reverse the
* list linked via pn_expr temporarily so we can iterate over it from the
* bottom up (reversing again as we go), to avoid excessive recursion.
*/
if (pn2->pn_type == TOK_DOT) {
pndot = pn2;
pnup = NULL;
top = CG_OFFSET(cg);
for (;;) {
/* Reverse pndot->pn_expr to point up, not down. */
pndot->pn_offset = top;
JS_ASSERT(!pndot->pn_used);
pndown = pndot->pn_expr;
pndot->pn_expr = pnup;
if (pndown->pn_type != TOK_DOT)
break;
pnup = pndot;
pndot = pndown;
}
/* pndown is a primary expression, not a dotted property reference. */
if (!js_EmitTree(cx, cg, pndown))
return JS_FALSE;
do {
/* Walk back up the list, emitting annotated name ops. */
if (js_NewSrcNote2(cx, cg, SRC_PCBASE,
CG_OFFSET(cg) - pndown->pn_offset) < 0) {
return JS_FALSE;
}
/*
* Special case deoptimization on __proto__, __count__ and
* __parent__, as above.
*/
if (pndot->pn_arity == PN_NAME &&
(pndot->pn_atom == cx->runtime->atomState.protoAtom ||
pndot->pn_atom == cx->runtime->atomState.parentAtom ||
pndot->pn_atom == cx->runtime->atomState.countAtom)) {
if (!EmitSpecialPropOp(cx, pndot, JSOP_GETELEM, cg))
return JS_FALSE;
} else if (!EmitAtomOp(cx, pndot, PN_OP(pndot), cg)) {
return JS_FALSE;
}
/* Reverse the pn_expr link again. */
pnup = pndot->pn_expr;
pndot->pn_expr = pndown;
pndown = pndot;
} while ((pndot = pnup) != NULL);
} else {
if (!js_EmitTree(cx, cg, pn2))
return JS_FALSE;
}
if (js_NewSrcNote2(cx, cg, SRC_PCBASE,
CG_OFFSET(cg) - pn2->pn_offset) < 0) {
return JS_FALSE;
}
return EmitAtomOp(cx, pn, op, cg);
}
static JSBool
EmitElemOp(JSContext *cx, JSParseNode *pn, JSOp op, JSCodeGenerator *cg)
{
ptrdiff_t top;
JSParseNode *left, *right, *next, ltmp, rtmp;
jsint slot;
top = CG_OFFSET(cg);
if (pn->pn_arity == PN_LIST) {
/* Left-associative operator chain to avoid too much recursion. */
JS_ASSERT(pn->pn_op == JSOP_GETELEM);
JS_ASSERT(pn->pn_count >= 3);
left = pn->pn_head;
right = pn->last();
next = left->pn_next;
JS_ASSERT(next != right);
/*
* Try to optimize arguments[0][j]... into JSOP_ARGSUB<0> followed by
* one or more index expression and JSOP_GETELEM op pairs.
*/
if (left->pn_type == TOK_NAME && next->pn_type == TOK_NUMBER) {
if (!BindNameToSlot(cx, cg, left))
return JS_FALSE;
if (left->pn_op == JSOP_ARGUMENTS &&
JSDOUBLE_IS_INT(next->pn_dval, slot) &&
(jsuint)slot < JS_BIT(16)) {
/*
* arguments[i]() requires arguments object as "this".
* Check that we never generates list for that usage.
*/
JS_ASSERT(op != JSOP_CALLELEM || next->pn_next);
left->pn_offset = next->pn_offset = top;
EMIT_UINT16_IMM_OP(JSOP_ARGSUB, (jsatomid)slot);
left = next;
next = left->pn_next;
}
}
/*
* Check whether we generated JSOP_ARGSUB, just above, and have only
* one more index expression to emit. Given arguments[0][j], we must
* skip the while loop altogether, falling through to emit code for j
* (in the subtree referenced by right), followed by the annotated op,
* at the bottom of this function.
*/
JS_ASSERT(next != right || pn->pn_count == 3);
if (left == pn->pn_head) {
if (!js_EmitTree(cx, cg, left))
return JS_FALSE;
}
while (next != right) {
if (!js_EmitTree(cx, cg, next))
return JS_FALSE;
if (js_NewSrcNote2(cx, cg, SRC_PCBASE, CG_OFFSET(cg) - top) < 0)
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_GETELEM) < 0)
return JS_FALSE;
next = next->pn_next;
}
} else {
if (pn->pn_arity == PN_NAME) {
/*
* Set left and right so pn appears to be a TOK_LB node, instead
* of a TOK_DOT node. See the TOK_FOR/IN case in js_EmitTree, and
* EmitDestructuringOps nearer below. In the destructuring case,
* the base expression (pn_expr) of the name may be null, which
* means we have to emit a JSOP_BINDNAME.
*/
left = pn->maybeExpr();
if (!left) {
left = &ltmp;
left->pn_type = TOK_STRING;
left->pn_op = JSOP_BINDNAME;
left->pn_arity = PN_NULLARY;
left->pn_pos = pn->pn_pos;
left->pn_atom = pn->pn_atom;
}
right = &rtmp;
right->pn_type = TOK_STRING;
JS_ASSERT(ATOM_IS_STRING(pn->pn_atom));
right->pn_op = js_IsIdentifier(ATOM_TO_STRING(pn->pn_atom))
? JSOP_QNAMEPART
: JSOP_STRING;
right->pn_arity = PN_NULLARY;
right->pn_pos = pn->pn_pos;
right->pn_atom = pn->pn_atom;
} else {
JS_ASSERT(pn->pn_arity == PN_BINARY);
left = pn->pn_left;
right = pn->pn_right;
}
/* Try to optimize arguments[0] (e.g.) into JSOP_ARGSUB<0>. */
if (op == JSOP_GETELEM &&
left->pn_type == TOK_NAME &&
right->pn_type == TOK_NUMBER) {
if (!BindNameToSlot(cx, cg, left))
return JS_FALSE;
if (left->pn_op == JSOP_ARGUMENTS &&
JSDOUBLE_IS_INT(right->pn_dval, slot) &&
(jsuint)slot < JS_BIT(16)) {
left->pn_offset = right->pn_offset = top;
EMIT_UINT16_IMM_OP(JSOP_ARGSUB, (jsatomid)slot);
return JS_TRUE;
}
}
if (!js_EmitTree(cx, cg, left))
return JS_FALSE;
}
/* The right side of the descendant operator is implicitly quoted. */
JS_ASSERT(op != JSOP_DESCENDANTS || right->pn_type != TOK_STRING ||
right->pn_op == JSOP_QNAMEPART);
if (!js_EmitTree(cx, cg, right))
return JS_FALSE;
if (js_NewSrcNote2(cx, cg, SRC_PCBASE, CG_OFFSET(cg) - top) < 0)
return JS_FALSE;
return js_Emit1(cx, cg, op) >= 0;
}
static JSBool
EmitNumberOp(JSContext *cx, jsdouble dval, JSCodeGenerator *cg)
{
jsint ival;
uint32 u;
ptrdiff_t off;
jsbytecode *pc;
JSAtom *atom;
JSAtomListElement *ale;
if (JSDOUBLE_IS_INT(dval, ival) && INT_FITS_IN_JSVAL(ival)) {
if (ival == 0)
return js_Emit1(cx, cg, JSOP_ZERO) >= 0;
if (ival == 1)
return js_Emit1(cx, cg, JSOP_ONE) >= 0;
if ((jsint)(int8)ival == ival)
return js_Emit2(cx, cg, JSOP_INT8, (jsbytecode)(int8)ival) >= 0;
u = (uint32)ival;
if (u < JS_BIT(16)) {
EMIT_UINT16_IMM_OP(JSOP_UINT16, u);
} else if (u < JS_BIT(24)) {
off = js_EmitN(cx, cg, JSOP_UINT24, 3);
if (off < 0)
return JS_FALSE;
pc = CG_CODE(cg, off);
SET_UINT24(pc, u);
} else {
off = js_EmitN(cx, cg, JSOP_INT32, 4);
if (off < 0)
return JS_FALSE;
pc = CG_CODE(cg, off);
SET_INT32(pc, ival);
}
return JS_TRUE;
}
atom = js_AtomizeDouble(cx, dval);
if (!atom)
return JS_FALSE;
ale = cg->atomList.add(cg->compiler, atom);
if (!ale)
return JS_FALSE;
return EmitIndexOp(cx, JSOP_DOUBLE, ALE_INDEX(ale), cg);
}
static JSBool
EmitSwitch(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn,
JSStmtInfo *stmtInfo)
{
JSOp switchOp;
JSBool ok, hasDefault, constPropagated;
ptrdiff_t top, off, defaultOffset;
JSParseNode *pn2, *pn3, *pn4;
uint32 caseCount, tableLength;
JSParseNode **table;
jsdouble d;
jsint i, low, high;
jsval v;
JSAtom *atom;
JSAtomListElement *ale;
intN noteIndex;
size_t switchSize, tableSize;
jsbytecode *pc, *savepc;
#if JS_HAS_BLOCK_SCOPE
jsint count;
#endif
/* Try for most optimal, fall back if not dense ints, and per ECMAv2. */
switchOp = JSOP_TABLESWITCH;
ok = JS_TRUE;
hasDefault = constPropagated = JS_FALSE;
defaultOffset = -1;
/*
* If the switch contains let variables scoped by its body, model the
* resulting block on the stack first, before emitting the discriminant's
* bytecode (in case the discriminant contains a stack-model dependency
* such as a let expression).
*/
pn2 = pn->pn_right;
#if JS_HAS_BLOCK_SCOPE
if (pn2->pn_type == TOK_LEXICALSCOPE) {
/*
* Push the body's block scope before discriminant code-gen for proper
* static block scope linkage in case the discriminant contains a let
* expression. The block's locals must lie under the discriminant on
* the stack so that case-dispatch bytecodes can find the discriminant
* on top of stack.
*/
count = OBJ_BLOCK_COUNT(cx, pn2->pn_objbox->object);
js_PushBlockScope(cg, stmtInfo, pn2->pn_objbox->object, -1);
stmtInfo->type = STMT_SWITCH;
/* Emit JSOP_ENTERBLOCK before code to evaluate the discriminant. */
if (!EmitEnterBlock(cx, pn2, cg))
return JS_FALSE;
/*
* Pop the switch's statement info around discriminant code-gen. Note
* how this leaves cg->blockChain referencing the switch's
* block scope object, which is necessary for correct block parenting
* in the case where the discriminant contains a let expression.
*/
cg->topStmt = stmtInfo->down;
cg->topScopeStmt = stmtInfo->downScope;
}
#ifdef __GNUC__
else {
count = 0;
}
#endif
#endif
/*
* Emit code for the discriminant first (or nearly first, in the case of a
* switch whose body is a block scope).
*/
if (!js_EmitTree(cx, cg, pn->pn_left))
return JS_FALSE;
/* Switch bytecodes run from here till end of final case. */
top = CG_OFFSET(cg);
#if !JS_HAS_BLOCK_SCOPE
js_PushStatement(cg, stmtInfo, STMT_SWITCH, top);
#else
if (pn2->pn_type == TOK_LC) {
js_PushStatement(cg, stmtInfo, STMT_SWITCH, top);
} else {
/* Re-push the switch's statement info record. */
cg->topStmt = cg->topScopeStmt = stmtInfo;
/* Set the statement info record's idea of top. */
stmtInfo->update = top;
/* Advance pn2 to refer to the switch case list. */
pn2 = pn2->expr();
}
#endif
caseCount = pn2->pn_count;
tableLength = 0;
table = NULL;
if (caseCount == 0 ||
(caseCount == 1 &&
(hasDefault = (pn2->pn_head->pn_type == TOK_DEFAULT)))) {
caseCount = 0;
low = 0;
high = -1;
} else {
#define INTMAP_LENGTH 256
jsbitmap intmap_space[INTMAP_LENGTH];
jsbitmap *intmap = NULL;
int32 intmap_bitlen = 0;
low = JSVAL_INT_MAX;
high = JSVAL_INT_MIN;
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
if (pn3->pn_type == TOK_DEFAULT) {
hasDefault = JS_TRUE;
caseCount--; /* one of the "cases" was the default */
continue;
}
JS_ASSERT(pn3->pn_type == TOK_CASE);
if (switchOp == JSOP_CONDSWITCH)
continue;
pn4 = pn3->pn_left;
while (pn4->pn_type == TOK_RP)
pn4 = pn4->pn_kid;
switch (pn4->pn_type) {
case TOK_NUMBER:
d = pn4->pn_dval;
if (JSDOUBLE_IS_INT(d, i) && INT_FITS_IN_JSVAL(i)) {
pn3->pn_val = INT_TO_JSVAL(i);
} else {
atom = js_AtomizeDouble(cx, d);
if (!atom) {
ok = JS_FALSE;
goto release;
}
pn3->pn_val = ATOM_KEY(atom);
}
break;
case TOK_STRING:
pn3->pn_val = ATOM_KEY(pn4->pn_atom);
break;
case TOK_NAME:
if (!pn4->maybeExpr()) {
ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v);
if (!ok)
goto release;
if (v != JSVAL_HOLE) {
if (!JSVAL_IS_PRIMITIVE(v)) {
/*
* XXX JSOP_LOOKUPSWITCH does not support const-
* propagated object values, see bug 407186.
*/
switchOp = JSOP_CONDSWITCH;
continue;
}
pn3->pn_val = v;
constPropagated = JS_TRUE;
break;
}
}
/* FALL THROUGH */
case TOK_PRIMARY:
if (pn4->pn_op == JSOP_TRUE) {
pn3->pn_val = JSVAL_TRUE;
break;
}
if (pn4->pn_op == JSOP_FALSE) {
pn3->pn_val = JSVAL_FALSE;
break;
}
if (pn4->pn_op == JSOP_NULL) {
pn3->pn_val = JSVAL_NULL;
break;
}
/* FALL THROUGH */
default:
switchOp = JSOP_CONDSWITCH;
continue;
}
JS_ASSERT(JSVAL_IS_PRIMITIVE(pn3->pn_val));
if (switchOp != JSOP_TABLESWITCH)
continue;
if (!JSVAL_IS_INT(pn3->pn_val)) {
switchOp = JSOP_LOOKUPSWITCH;
continue;
}
i = JSVAL_TO_INT(pn3->pn_val);
if ((jsuint)(i + (jsint)JS_BIT(15)) >= (jsuint)JS_BIT(16)) {
switchOp = JSOP_LOOKUPSWITCH;
continue;
}
if (i < low)
low = i;
if (high < i)
high = i;
/*
* Check for duplicates, which require a JSOP_LOOKUPSWITCH.
* We bias i by 65536 if it's negative, and hope that's a rare
* case (because it requires a malloc'd bitmap).
*/
if (i < 0)
i += JS_BIT(16);
if (i >= intmap_bitlen) {
if (!intmap &&
i < (INTMAP_LENGTH << JS_BITS_PER_WORD_LOG2)) {
intmap = intmap_space;
intmap_bitlen = INTMAP_LENGTH << JS_BITS_PER_WORD_LOG2;
} else {
/* Just grab 8K for the worst-case bitmap. */
intmap_bitlen = JS_BIT(16);
intmap = (jsbitmap *)
cx->malloc((JS_BIT(16) >> JS_BITS_PER_WORD_LOG2)
* sizeof(jsbitmap));
if (!intmap) {
JS_ReportOutOfMemory(cx);
return JS_FALSE;
}
}
memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2);
}
if (JS_TEST_BIT(intmap, i)) {
switchOp = JSOP_LOOKUPSWITCH;
continue;
}
JS_SET_BIT(intmap, i);
}
release:
if (intmap && intmap != intmap_space)
cx->free(intmap);
if (!ok)
return JS_FALSE;
/*
* Compute table length and select lookup instead if overlarge or
* more than half-sparse.
*/
if (switchOp == JSOP_TABLESWITCH) {
tableLength = (uint32)(high - low + 1);
if (tableLength >= JS_BIT(16) || tableLength > 2 * caseCount)
switchOp = JSOP_LOOKUPSWITCH;
} else if (switchOp == JSOP_LOOKUPSWITCH) {
/*
* Lookup switch supports only atom indexes below 64K limit.
* Conservatively estimate the maximum possible index during
* switch generation and use conditional switch if it exceeds
* the limit.
*/
if (caseCount + cg->atomList.count > JS_BIT(16))
switchOp = JSOP_CONDSWITCH;
}
}
/*
* Emit a note with two offsets: first tells total switch code length,
* second tells offset to first JSOP_CASE if condswitch.
*/
noteIndex = js_NewSrcNote3(cx, cg, SRC_SWITCH, 0, 0);
if (noteIndex < 0)
return JS_FALSE;
if (switchOp == JSOP_CONDSWITCH) {
/*
* 0 bytes of immediate for unoptimized ECMAv2 switch.
*/
switchSize = 0;
} else if (switchOp == JSOP_TABLESWITCH) {
/*
* 3 offsets (len, low, high) before the table, 1 per entry.
*/
switchSize = (size_t)(JUMP_OFFSET_LEN * (3 + tableLength));
} else {
/*
* JSOP_LOOKUPSWITCH:
* 1 offset (len) and 1 atom index (npairs) before the table,
* 1 atom index and 1 jump offset per entry.
*/
switchSize = (size_t)(JUMP_OFFSET_LEN + INDEX_LEN +
(INDEX_LEN + JUMP_OFFSET_LEN) * caseCount);
}
/*
* Emit switchOp followed by switchSize bytes of jump or lookup table.
*
* If switchOp is JSOP_LOOKUPSWITCH or JSOP_TABLESWITCH, it is crucial
* to emit the immediate operand(s) by which bytecode readers such as
* BuildSpanDepTable discover the length of the switch opcode *before*
* calling js_SetJumpOffset (which may call BuildSpanDepTable). It's
* also important to zero all unknown jump offset immediate operands,
* so they can be converted to span dependencies with null targets to
* be computed later (js_EmitN zeros switchSize bytes after switchOp).
*/
if (js_EmitN(cx, cg, switchOp, switchSize) < 0)
return JS_FALSE;
off = -1;
if (switchOp == JSOP_CONDSWITCH) {
intN caseNoteIndex = -1;
JSBool beforeCases = JS_TRUE;
/* Emit code for evaluating cases and jumping to case statements. */
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
pn4 = pn3->pn_left;
if (pn4 && !js_EmitTree(cx, cg, pn4))
return JS_FALSE;
if (caseNoteIndex >= 0) {
/* off is the previous JSOP_CASE's bytecode offset. */
if (!js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0,
CG_OFFSET(cg) - off)) {
return JS_FALSE;
}
}
if (!pn4) {
JS_ASSERT(pn3->pn_type == TOK_DEFAULT);
continue;
}
caseNoteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0);
if (caseNoteIndex < 0)
return JS_FALSE;
off = EmitJump(cx, cg, JSOP_CASE, 0);
if (off < 0)
return JS_FALSE;
pn3->pn_offset = off;
if (beforeCases) {
uintN noteCount, noteCountDelta;
/* Switch note's second offset is to first JSOP_CASE. */
noteCount = CG_NOTE_COUNT(cg);
if (!js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 1,
off - top)) {
return JS_FALSE;
}
noteCountDelta = CG_NOTE_COUNT(cg) - noteCount;
if (noteCountDelta != 0)
caseNoteIndex += noteCountDelta;
beforeCases = JS_FALSE;
}
}
/*
* If we didn't have an explicit default (which could fall in between
* cases, preventing us from fusing this js_SetSrcNoteOffset with the
* call in the loop above), link the last case to the implicit default
* for the decompiler.
*/
if (!hasDefault &&
caseNoteIndex >= 0 &&
!js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0,
CG_OFFSET(cg) - off)) {
return JS_FALSE;
}
/* Emit default even if no explicit default statement. */
defaultOffset = EmitJump(cx, cg, JSOP_DEFAULT, 0);
if (defaultOffset < 0)
return JS_FALSE;
} else {
pc = CG_CODE(cg, top + JUMP_OFFSET_LEN);
if (switchOp == JSOP_TABLESWITCH) {
/* Fill in switch bounds, which we know fit in 16-bit offsets. */
SET_JUMP_OFFSET(pc, low);
pc += JUMP_OFFSET_LEN;
SET_JUMP_OFFSET(pc, high);
pc += JUMP_OFFSET_LEN;
/*
* Use malloc to avoid arena bloat for programs with many switches.
* We free table if non-null at label out, so all control flow must
* exit this function through goto out or goto bad.
*/
if (tableLength != 0) {
tableSize = (size_t)tableLength * sizeof *table;
table = (JSParseNode **) cx->malloc(tableSize);
if (!table)
return JS_FALSE;
memset(table, 0, tableSize);
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
if (pn3->pn_type == TOK_DEFAULT)
continue;
i = JSVAL_TO_INT(pn3->pn_val);
i -= low;
JS_ASSERT((uint32)i < tableLength);
table[i] = pn3;
}
}
} else {
JS_ASSERT(switchOp == JSOP_LOOKUPSWITCH);
/* Fill in the number of cases. */
SET_INDEX(pc, caseCount);
pc += INDEX_LEN;
}
/*
* After this point, all control flow involving JSOP_TABLESWITCH
* must set ok and goto out to exit this function. To keep things
* simple, all switchOp cases exit that way.
*/
MUST_FLOW_THROUGH("out");
if (cg->spanDeps) {
/*
* We have already generated at least one big jump so we must
* explicitly add span dependencies for the switch jumps. When
* called below, js_SetJumpOffset can only do it when patching
* the first big jump or when cg->spanDeps is null.
*/
if (!AddSwitchSpanDeps(cx, cg, CG_CODE(cg, top)))
goto bad;
}
if (constPropagated) {
/*
* Skip switchOp, as we are not setting jump offsets in the two
* for loops below. We'll restore CG_NEXT(cg) from savepc after,
* unless there was an error.
*/
savepc = CG_NEXT(cg);
CG_NEXT(cg) = pc + 1;
if (switchOp == JSOP_TABLESWITCH) {
for (i = 0; i < (jsint)tableLength; i++) {
pn3 = table[i];
if (pn3 &&
(pn4 = pn3->pn_left) != NULL &&
pn4->pn_type == TOK_NAME) {
/* Note a propagated constant with the const's name. */
JS_ASSERT(!pn4->maybeExpr());
ale = cg->atomList.add(cg->compiler, pn4->pn_atom);
if (!ale)
goto bad;
CG_NEXT(cg) = pc;
if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t)
ALE_INDEX(ale)) < 0) {
goto bad;
}
}
pc += JUMP_OFFSET_LEN;
}
} else {
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
pn4 = pn3->pn_left;
if (pn4 && pn4->pn_type == TOK_NAME) {
/* Note a propagated constant with the const's name. */
JS_ASSERT(!pn4->maybeExpr());
ale = cg->atomList.add(cg->compiler, pn4->pn_atom);
if (!ale)
goto bad;
CG_NEXT(cg) = pc;
if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t)
ALE_INDEX(ale)) < 0) {
goto bad;
}
}
pc += INDEX_LEN + JUMP_OFFSET_LEN;
}
}
CG_NEXT(cg) = savepc;
}
}
/* Emit code for each case's statements, copying pn_offset up to pn3. */
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
if (switchOp == JSOP_CONDSWITCH && pn3->pn_type != TOK_DEFAULT)
CHECK_AND_SET_JUMP_OFFSET_AT_CUSTOM(cx, cg, pn3->pn_offset, goto bad);
pn4 = pn3->pn_right;
ok = js_EmitTree(cx, cg, pn4);
if (!ok)
goto out;
pn3->pn_offset = pn4->pn_offset;
if (pn3->pn_type == TOK_DEFAULT)
off = pn3->pn_offset - top;
}
if (!hasDefault) {
/* If no default case, offset for default is to end of switch. */
off = CG_OFFSET(cg) - top;
}
/* We better have set "off" by now. */
JS_ASSERT(off != -1);
/* Set the default offset (to end of switch if no default). */
if (switchOp == JSOP_CONDSWITCH) {
pc = NULL;
JS_ASSERT(defaultOffset != -1);
ok = js_SetJumpOffset(cx, cg, CG_CODE(cg, defaultOffset),
off - (defaultOffset - top));
if (!ok)
goto out;
} else {
pc = CG_CODE(cg, top);
ok = js_SetJumpOffset(cx, cg, pc, off);
if (!ok)
goto out;
pc += JUMP_OFFSET_LEN;
}
/* Set the SRC_SWITCH note's offset operand to tell end of switch. */
off = CG_OFFSET(cg) - top;
ok = js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 0, off);
if (!ok)
goto out;
if (switchOp == JSOP_TABLESWITCH) {
/* Skip over the already-initialized switch bounds. */
pc += 2 * JUMP_OFFSET_LEN;
/* Fill in the jump table, if there is one. */
for (i = 0; i < (jsint)tableLength; i++) {
pn3 = table[i];
off = pn3 ? pn3->pn_offset - top : 0;
ok = js_SetJumpOffset(cx, cg, pc, off);
if (!ok)
goto out;
pc += JUMP_OFFSET_LEN;
}
} else if (switchOp == JSOP_LOOKUPSWITCH) {
/* Skip over the already-initialized number of cases. */
pc += INDEX_LEN;
for (pn3 = pn2->pn_head; pn3; pn3 = pn3->pn_next) {
if (pn3->pn_type == TOK_DEFAULT)
continue;
if (!js_AtomizePrimitiveValue(cx, pn3->pn_val, &atom))
goto bad;
ale = cg->atomList.add(cg->compiler, atom);
if (!ale)
goto bad;
SET_INDEX(pc, ALE_INDEX(ale));
pc += INDEX_LEN;
off = pn3->pn_offset - top;
ok = js_SetJumpOffset(cx, cg, pc, off);
if (!ok)
goto out;
pc += JUMP_OFFSET_LEN;
}
}
out:
if (table)
cx->free(table);
if (ok) {
ok = js_PopStatementCG(cx, cg);
#if JS_HAS_BLOCK_SCOPE
if (ok && pn->pn_right->pn_type == TOK_LEXICALSCOPE)
EMIT_UINT16_IMM_OP(JSOP_LEAVEBLOCK, count);
#endif
}
return ok;
bad:
ok = JS_FALSE;
goto out;
}
JSBool
js_EmitFunctionScript(JSContext *cx, JSCodeGenerator *cg, JSParseNode *body)
{
if (cg->flags & TCF_FUN_IS_GENERATOR) {
/* JSOP_GENERATOR must be the first instruction. */
CG_SWITCH_TO_PROLOG(cg);
JS_ASSERT(CG_NEXT(cg) == CG_BASE(cg));
if (js_Emit1(cx, cg, JSOP_GENERATOR) < 0)
return false;
CG_SWITCH_TO_MAIN(cg);
} else {
/*
* Emit a trace hint opcode only if not in a generator, since generators
* are not yet traced and both want to be the first instruction.
*/
if (js_Emit1(cx, cg, JSOP_TRACE) < 0)
return false;
}
if (cg->flags & TCF_FUN_UNBRAND_THIS) {
if (js_Emit1(cx, cg, JSOP_UNBRANDTHIS) < 0)
return false;
}
return js_EmitTree(cx, cg, body) &&
js_Emit1(cx, cg, JSOP_STOP) >= 0 &&
js_NewScriptFromCG(cx, cg);
}
/* A macro for inlining at the top of js_EmitTree (whence it came). */
#define UPDATE_LINE_NUMBER_NOTES(cx, cg, line) \
JS_BEGIN_MACRO \
uintN line_ = (line); \
uintN delta_ = line_ - CG_CURRENT_LINE(cg); \
if (delta_ != 0) { \
/* \
* Encode any change in the current source line number by using \
* either several SRC_NEWLINE notes or just one SRC_SETLINE note, \
* whichever consumes less space. \
* \
* NB: We handle backward line number deltas (possible with for \
* loops where the update part is emitted after the body, but its \
* line number is <= any line number in the body) here by letting \
* unsigned delta_ wrap to a very large number, which triggers a \
* SRC_SETLINE. \
*/ \
CG_CURRENT_LINE(cg) = line_; \
if (delta_ >= (uintN)(2 + ((line_ > SN_3BYTE_OFFSET_MASK)<<1))) { \
if (js_NewSrcNote2(cx, cg, SRC_SETLINE, (ptrdiff_t)line_) < 0)\
return JS_FALSE; \
} else { \
do { \
if (js_NewSrcNote(cx, cg, SRC_NEWLINE) < 0) \
return JS_FALSE; \
} while (--delta_ != 0); \
} \
} \
JS_END_MACRO
/* A function, so that we avoid macro-bloating all the other callsites. */
static JSBool
UpdateLineNumberNotes(JSContext *cx, JSCodeGenerator *cg, uintN line)
{
UPDATE_LINE_NUMBER_NOTES(cx, cg, line);
return JS_TRUE;
}
static JSBool
MaybeEmitVarDecl(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn, jsatomid *result)
{
jsatomid atomIndex;
JSAtomListElement *ale;
if (pn->pn_cookie != FREE_UPVAR_COOKIE) {
atomIndex = (jsatomid) UPVAR_FRAME_SLOT(pn->pn_cookie);
} else {
ale = cg->atomList.add(cg->compiler, pn->pn_atom);
if (!ale)
return JS_FALSE;
atomIndex = ALE_INDEX(ale);
}
if (JOF_OPTYPE(pn->pn_op) == JOF_ATOM &&
(!(cg->flags & TCF_IN_FUNCTION) || (cg->flags & TCF_FUN_HEAVYWEIGHT))) {
CG_SWITCH_TO_PROLOG(cg);
if (!UpdateLineNumberNotes(cx, cg, pn->pn_pos.begin.lineno))
return JS_FALSE;
EMIT_INDEX_OP(prologOp, atomIndex);
CG_SWITCH_TO_MAIN(cg);
}
if (result)
*result = atomIndex;
return JS_TRUE;
}
#if JS_HAS_DESTRUCTURING
typedef JSBool
(*DestructuringDeclEmitter)(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn);
static JSBool
EmitDestructuringDecl(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn)
{
JS_ASSERT(pn->pn_type == TOK_NAME);
if (!BindNameToSlot(cx, cg, pn))
return JS_FALSE;
JS_ASSERT(PN_OP(pn) != JSOP_ARGUMENTS && PN_OP(pn) != JSOP_CALLEE);
return MaybeEmitVarDecl(cx, cg, prologOp, pn, NULL);
}
static JSBool
EmitDestructuringDecls(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn)
{
JSParseNode *pn2, *pn3;
DestructuringDeclEmitter emitter;
if (pn->pn_type == TOK_RB) {
for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) {
if (pn2->pn_type == TOK_COMMA)
continue;
emitter = (pn2->pn_type == TOK_NAME)
? EmitDestructuringDecl
: EmitDestructuringDecls;
if (!emitter(cx, cg, prologOp, pn2))
return JS_FALSE;
}
} else {
JS_ASSERT(pn->pn_type == TOK_RC);
for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) {
pn3 = pn2->pn_right;
emitter = (pn3->pn_type == TOK_NAME)
? EmitDestructuringDecl
: EmitDestructuringDecls;
if (!emitter(cx, cg, prologOp, pn3))
return JS_FALSE;
}
}
return JS_TRUE;
}
static JSBool
EmitDestructuringOpsHelper(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn);
static JSBool
EmitDestructuringLHS(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn)
{
jsuint slot;
/*
* Now emit the lvalue opcode sequence. If the lvalue is a nested
* destructuring initialiser-form, call ourselves to handle it, then
* pop the matched value. Otherwise emit an lvalue bytecode sequence
* ending with a JSOP_ENUMELEM or equivalent op.
*/
if (pn->pn_type == TOK_RB || pn->pn_type == TOK_RC) {
if (!EmitDestructuringOpsHelper(cx, cg, pn))
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_POP) < 0)
return JS_FALSE;
} else {
if (pn->pn_type == TOK_NAME) {
if (!BindNameToSlot(cx, cg, pn))
return JS_FALSE;
if (pn->isConst() && !pn->isInitialized())
return js_Emit1(cx, cg, JSOP_POP) >= 0;
}
switch (pn->pn_op) {
case JSOP_SETNAME:
/*
* NB: pn is a PN_NAME node, not a PN_BINARY. Nevertheless,
* we want to emit JSOP_ENUMELEM, which has format JOF_ELEM.
* So here and for JSOP_ENUMCONSTELEM, we use EmitElemOp.
*/
if (!EmitElemOp(cx, pn, JSOP_ENUMELEM, cg))
return JS_FALSE;
break;
case JSOP_SETCONST:
if (!EmitElemOp(cx, pn, JSOP_ENUMCONSTELEM, cg))
return JS_FALSE;
break;
case JSOP_SETLOCAL:
slot = (jsuint) pn->pn_cookie;
EMIT_UINT16_IMM_OP(JSOP_SETLOCALPOP, slot);
break;
case JSOP_SETARG:
case JSOP_SETGVAR:
slot = (jsuint) pn->pn_cookie;
EMIT_UINT16_IMM_OP(PN_OP(pn), slot);
if (js_Emit1(cx, cg, JSOP_POP) < 0)
return JS_FALSE;
break;
default:
{
ptrdiff_t top;
top = CG_OFFSET(cg);
if (!js_EmitTree(cx, cg, pn))
return JS_FALSE;
if (js_NewSrcNote2(cx, cg, SRC_PCBASE, CG_OFFSET(cg) - top) < 0)
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_ENUMELEM) < 0)
return JS_FALSE;
break;
}
case JSOP_ENUMELEM:
JS_ASSERT(0);
}
}
return JS_TRUE;
}
/*
* Recursive helper for EmitDestructuringOps.
*
* Given a value to destructure on the stack, walk over an object or array
* initialiser at pn, emitting bytecodes to match property values and store
* them in the lvalues identified by the matched property names.
*/
static JSBool
EmitDestructuringOpsHelper(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn)
{
jsuint index;
JSParseNode *pn2, *pn3;
JSBool doElemOp;
#ifdef DEBUG
intN stackDepth = cg->stackDepth;
JS_ASSERT(stackDepth != 0);
JS_ASSERT(pn->pn_arity == PN_LIST);
JS_ASSERT(pn->pn_type == TOK_RB || pn->pn_type == TOK_RC);
#endif
if (pn->pn_count == 0) {
/* Emit a DUP;POP sequence for the decompiler. */
return js_Emit1(cx, cg, JSOP_DUP) >= 0 &&
js_Emit1(cx, cg, JSOP_POP) >= 0;
}
index = 0;
for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) {
/*
* Duplicate the value being destructured to use as a reference base.
* If dup is not the first one, annotate it for the decompiler.
*/
if (pn2 != pn->pn_head && js_NewSrcNote(cx, cg, SRC_CONTINUE) < 0)
return JS_FALSE;
if (js_Emit1(cx, cg, JSOP_DUP) < 0)
return JS_FALSE;
/*
* Now push the property name currently being matched, which is either
* the array initialiser's current index, or the current property name
* "label" on the left of a colon in the object initialiser. Set pn3
* to the lvalue node, which is in the value-initializing position.
*/
doElemOp = JS_TRUE;
if (pn->pn_type == TOK_RB) {
if (!EmitNumberOp(cx, index, cg))
return JS_FALSE;
pn3 = pn2;
} else {
JS_ASSERT(pn->pn_type == TOK_RC);
JS_ASSERT(pn2->pn_type == TOK_COLON);
pn3 = pn2->pn_left;
if (pn3->pn_type == TOK_NUMBER) {
/*
* If we are emitting an object destructuring initialiser,
* annotate the index op with SRC_INITPROP so we know we are
* not decompiling an array initialiser.
*/
if (js_NewSrcNote(cx, cg, SRC_INITPROP) < 0)
return JS_FALSE;
if (!EmitNumberOp(cx, pn3->pn_dval, cg))
return JS_FALSE;
} else {
JS_ASSERT(pn3->pn_type == TOK_STRING ||
pn3->pn_type == TOK_NAME);
if (!EmitAtomOp(cx, pn3, JSOP_GETPROP, cg))
return JS_FALSE;
doElemOp = JS_FALSE;
}
pn3 = pn2->pn_right;
}
if (doElemOp) {
/*
* Ok, get the value of the matching property name. This leaves
* that value on top of the value being destructured, so the stack
* is one deeper than when we started.
*/
if (js_Emit1(cx, cg, JSOP_GETELEM) < 0)
return JS_FALSE;
JS_ASSERT(cg->stackDepth == stackDepth + 1);
}
/* Nullary comma node makes a hole in the array destructurer. */
if (pn3->pn_type == TOK_COMMA && pn3->pn_arity == PN_NULLARY) {
JS_ASSERT(pn->pn_type == TOK_RB);
JS_ASSERT(pn2 == pn3);
if (js_Emit1(cx, cg, JSOP_POP) < 0)
return JS_FALSE;
} else {
if (!EmitDestructuringLHS(cx, cg, pn3))
return JS_FALSE;
}
JS_ASSERT(cg->stackDepth == stackDepth);
++index;
}
return JS_TRUE;
}
static ptrdiff_t
OpToDeclType(JSOp op)
{
switch (op) {
case JSOP_NOP:
return SRC_DECL_LET;
case JSOP_DEFCONST:
return SRC_DECL_CONST;
case JSOP_DEFVAR:
return SRC_DECL_VAR;
default:
return SRC_DECL_NONE;
}
}
static JSBool
EmitDestructuringOps(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn)
{
/*
* If we're called from a variable declaration, help the decompiler by
* annotating the first JSOP_DUP that EmitDestructuringOpsHelper emits.
* If the destructuring initialiser is empty, our helper will emit a
* JSOP_DUP followed by a JSOP_POP for the decompiler.
*/
if (js_NewSrcNote2(cx, cg, SRC_DESTRUCT, OpToDeclType(prologOp)) < 0)
return JS_FALSE;
/*
* Call our recursive helper to emit the destructuring assignments and
* related stack manipulations.
*/
return EmitDestructuringOpsHelper(cx, cg, pn);
}
static JSBool
EmitGroupAssignment(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *lhs, JSParseNode *rhs)
{
jsuint depth, limit, i, nslots;
JSParseNode *pn;
depth = limit = (uintN) cg->stackDepth;
for (pn = rhs->pn_head; pn; pn = pn->pn_next) {
if (limit == JS_BIT(16)) {
js_ReportCompileErrorNumber(cx, CG_TS(cg), rhs, JSREPORT_ERROR,
JSMSG_ARRAY_INIT_TOO_BIG);
return JS_FALSE;
}
/* MaybeEmitGroupAssignment won't call us if rhs is holey. */
JS_ASSERT(!(pn->pn_type == TOK_COMMA && pn->pn_arity == PN_NULLARY));
if (!js_EmitTree(cx, cg, pn))
return JS_FALSE;
++limit;
}
if (js_NewSrcNote2(cx, cg, SRC_GROUPASSIGN, OpToDeclType(prologOp)) < 0)
return JS_FALSE;
i = depth;
for (pn = lhs->pn_head; pn; pn = pn->pn_next, ++i) {
/* MaybeEmitGroupAssignment requires lhs->pn_count <= rhs->pn_count. */
JS_ASSERT(i < limit);
jsint slot = AdjustBlockSlot(cx, cg, i);
if (slot < 0)
return JS_FALSE;
EMIT_UINT16_IMM_OP(JSOP_GETLOCAL, slot);
if (pn->pn_type == TOK_COMMA && pn->pn_arity == PN_NULLARY) {
if (js_Emit1(cx, cg, JSOP_POP) < 0)
return JS_FALSE;
} else {
if (!EmitDestructuringLHS(cx, cg, pn))
return JS_FALSE;
}
}
nslots = limit - depth;
EMIT_UINT16_IMM_OP(JSOP_POPN, nslots);
cg->stackDepth = (uintN) depth;
return JS_TRUE;
}
/*
* Helper called with pop out param initialized to a JSOP_POP* opcode. If we
* can emit a group assignment sequence, which results in 0 stack depth delta,
* we set *pop to JSOP_NOP so callers can veto emitting pn followed by a pop.
*/
static JSBool
MaybeEmitGroupAssignment(JSContext *cx, JSCodeGenerator *cg, JSOp prologOp,
JSParseNode *pn, JSOp *pop)
{
JSParseNode *lhs, *rhs;
JS_ASSERT(pn->pn_type == TOK_ASSIGN);
JS_ASSERT(*pop == JSOP_POP || *pop == JSOP_POPV);
lhs = pn->pn_left;
rhs = pn->pn_right;
if (lhs->pn_type == TOK_RB && rhs->pn_type == TOK_RB &&
!(rhs->pn_xflags & PNX_HOLEY) &&
lhs->pn_count <= rhs->pn_count) {
if (!EmitGroupAssignment(cx, cg, prologOp, lhs, rhs))
return JS_FALSE;
*pop = JSOP_NOP;
}
return JS_TRUE;
}
#endif /* JS_HAS_DESTRUCTURING */
static JSBool
EmitVariables(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn,
JSBool inLetHead, ptrdiff_t *headNoteIndex)
{
bool let, forInVar, first;
#if JS_HAS_BLOCK_SCOPE
bool forInLet, popScope;
JSStmtInfo *stmt, *scopeStmt;
#endif
ptrdiff_t off, noteIndex, tmp;
JSParseNode *pn2, *pn3, *next;
JSOp op;
jsatomid atomIndex;
uintN oldflags;
/* Default in case of JS_HAS_BLOCK_SCOPE early return, below. */
*headNoteIndex = -1;
/*
* Let blocks and expressions have a parenthesized head in which the new
* scope is not yet open. Initializer evaluation uses the parent node's
* lexical scope. If popScope is true below, then we hide the top lexical
* block from any calls to BindNameToSlot hiding in pn2->pn_expr so that
* it won't find any names in the new let block.
*
* The same goes for let declarations in the head of any kind of for loop.
* Unlike a let declaration 'let x = i' within a block, where x is hoisted
* to the start of the block, a 'for (let x = i...) ...' loop evaluates i
* in the containing scope, and puts x in the loop body's scope.
*/
let = (pn->pn_op == JSOP_NOP);
forInVar = (pn->pn_xflags & PNX_FORINVAR) != 0;
#if JS_HAS_BLOCK_SCOPE
forInLet = let && forInVar;
popScope = (inLetHead || (let && (cg->flags & TCF_IN_FOR_INIT)));
if (popScope) {
stmt = cg->topStmt;
scopeStmt = cg->topScopeStmt;
}
# ifdef __GNUC__
else stmt = scopeStmt = NULL; /* quell GCC overwarning */
# endif
JS_ASSERT(!popScope || let);
#endif
off = noteIndex = -1;
for (pn2 = pn->pn_head; ; pn2 = next) {
first = pn2 == pn->pn_head;
next = pn2->pn_next;
if (pn2->pn_type != TOK_NAME) {
#if JS_HAS_DESTRUCTURING
if (pn2->pn_type == TOK_RB || pn2->pn_type == TOK_RC) {
/*
* Emit variable binding ops, but not destructuring ops.
* The parser (see Variables, jsparse.c) has ensured that
* our caller will be the TOK_FOR/TOK_IN case in js_EmitTree,
* and that case will emit the destructuring code only after
* emitting an enumerating opcode and a branch that tests
* whether the enumeration ended.
*/
JS_ASSERT(forInVar);
JS_ASSERT(pn->pn_count == 1);
if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn2))
return JS_FALSE;
break;
}
#endif
/*
* A destructuring initialiser assignment preceded by var will
* never occur to the left of 'in' in a for-in loop. As with 'for
* (var x = i in o)...', this will cause the entire 'var [a, b] =
* i' to be hoisted out of the loop.
*/
JS_ASSERT(pn2->pn_type == TOK_ASSIGN);
JS_ASSERT(!forInVar);
/*
* To allow the front end to rewrite var f = x; as f = x; when a
* function f(){} precedes the var, detect simple name assignment
* here and initialize the name.
*/
#if !JS_HAS_DESTRUCTURING
JS_ASSERT(pn2->pn_left->pn_type == TOK_NAME);
#else
if (pn2->pn_left->pn_type == TOK_NAME)
#endif
{
pn3 = pn2->pn_right;
pn2 = pn2->pn_left;
goto do_name;
}
#if JS_HAS_DESTRUCTURING
if (pn->pn_count == 1) {
/*
* If this is the only destructuring assignment in the list,
* try to optimize to a group assignment. If we're in a let
* head, pass JSOP_POP rather than the pseudo-prolog JSOP_NOP
* in pn->pn_op, to suppress a second (and misplaced) 'let'.
*/
JS_ASSERT(noteIndex < 0 && !pn2->pn_next);
op = JSOP_POP;
if (!MaybeEmitGroupAssignment(cx, cg,
inLetHead ? JSOP_POP : PN_OP(pn),
pn2, &op)) {
return JS_FALSE;
}
if (op == JSOP_NOP) {
pn->pn_xflags = (pn->pn_xflags & ~PNX_POPVAR) | PNX_GROUPINIT;
break;
}
}
pn3 = pn2->pn_left;
if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn3))
return JS_FALSE;
if (!js_EmitTree(cx, cg, pn2->pn_right))
return JS_FALSE;
/*
* Veto pn->pn_op if inLetHead to avoid emitting a SRC_DESTRUCT
* that's redundant with respect to the SRC_DECL/SRC_DECL_LET that
* we will emit at the bottom of this function.
*/
if (!EmitDestructuringOps(cx, cg,
inLetHead ? JSOP_POP : PN_OP(pn),
pn3)) {
return JS_FALSE;
}
goto emit_note_pop;
#endif
}
/*
* Load initializer early to share code above that jumps to do_name.
* NB: if this var redeclares an existing binding, then pn2 is linked
* on its definition's use-chain and pn_expr has been overlayed with
* pn_lexdef.
*/
pn3 = pn2->maybeExpr();
do_name:
if (!BindNameToSlot(cx, cg, pn2))
return JS_FALSE;
op = PN_OP(pn2);
if (op == JSOP_ARGUMENTS) {
/* JSOP_ARGUMENTS => no initializer */
JS_ASSERT(!pn3 && !let);
pn3 = NULL;
#ifdef __GNUC__
atomIndex = 0; /* quell GCC overwarning */
#endif
} else {
JS_ASSERT(op != JSOP_CALLEE);
JS_ASSERT(pn2->pn_cookie != FREE_UPVAR_COOKIE || !let);
if (!MaybeEmitVarDecl(cx, cg, PN_OP(pn), pn2, &atomIndex))
return JS_FALSE;
if (pn3) {
JS_ASSERT(!forInVar);
if (op == JSOP_SETNAME) {
JS_ASSERT(!let);
EMIT_INDEX_OP(JSOP_BINDNAME, atomIndex);
}
if (pn->pn_op == JSOP_DEFCONST &&
!js_DefineCompileTimeConstant(cx, cg, pn2->pn_atom, pn3)) {
return JS_FALSE;
}
#if JS_HAS_BLOCK_SCOPE
/* Evaluate expr in the outer lexical scope if requested. */
if (popScope) {
cg->topStmt = stmt->down;
cg->topScopeStmt = scopeStmt->downScope;
}
#endif
oldflags = cg->flags;
cg->flags &= ~TCF_IN_FOR_INIT;
if (!js_EmitTree(cx, cg, pn3))
return JS_FALSE;
cg->flags |= oldflags & TCF_IN_FOR_INIT;
#if JS_HAS_BLOCK_SCOPE
if (popScope) {
cg->topStmt = stmt;
cg->topScopeStmt = scopeStmt;
}
#endif
}
}
/*
* The parser rewrites 'for (var x = i in o)' to hoist 'var x = i' --
* likewise 'for (let x = i in o)' becomes 'i; for (let x in o)' using
* a TOK_SEQ node to make the two statements appear as one. Therefore
* if this declaration is part of a for-in loop head, we do not need to
* emit op or any source note. Our caller, the TOK_FOR/TOK_IN case in
* js_EmitTree, will annotate appropriately.
*/
JS_ASSERT_IF(pn2->pn_defn, pn3 == pn2->pn_expr);
if (forInVar) {
JS_ASSERT(pn->pn_count == 1);
JS_ASSERT(!pn3);
break;
}
if (first &&
!inLetHead &&
js_NewSrcNote2(cx, cg, SRC_DECL,
(pn->pn_op == JSOP_DEFCONST)
? SRC_DECL_CONST
: (pn->pn_op == JSOP_DEFVAR)
? SRC_DECL_VAR
: SRC_DECL_LET) < 0) {
return JS_FALSE;
}
if (op == JSOP_ARGUMENTS) {
if (js_Emit1(cx, cg, op) < 0)
return JS_FALSE;
} else if (pn2->pn_cookie != FREE_UPVAR_COOKIE) {
EMIT_UINT16_IMM_OP(op, atomIndex);
} else {
EMIT_INDEX_OP(op, atomIndex);
}
#if JS_HAS_DESTRUCTURING
emit_note_pop: