summaryrefslogtreecommitdiffstats
path: root/js/src/jsscript.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/jsscript.cpp')
-rw-r--r--js/src/jsscript.cpp4307
1 files changed, 4307 insertions, 0 deletions
diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp
new file mode 100644
index 000000000..2e02aa63d
--- /dev/null
+++ b/js/src/jsscript.cpp
@@ -0,0 +1,4307 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ * vim: set ts=8 sts=4 et sw=4 tw=99:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * JS script operations.
+ */
+
+#include "jsscriptinlines.h"
+
+#include "mozilla/DebugOnly.h"
+#include "mozilla/MathAlgorithms.h"
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/PodOperations.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/Unused.h"
+#include "mozilla/Vector.h"
+
+#include <algorithm>
+#include <string.h>
+
+#include "jsapi.h"
+#include "jsatom.h"
+#include "jscntxt.h"
+#include "jsfun.h"
+#include "jsgc.h"
+#include "jsobj.h"
+#include "jsopcode.h"
+#include "jsprf.h"
+#include "jstypes.h"
+#include "jsutil.h"
+#include "jswrapper.h"
+
+#include "frontend/BytecodeCompiler.h"
+#include "frontend/BytecodeEmitter.h"
+#include "frontend/SharedContext.h"
+#include "gc/Marking.h"
+#include "jit/BaselineJIT.h"
+#include "jit/Ion.h"
+#include "jit/IonCode.h"
+#include "js/MemoryMetrics.h"
+#include "js/Utility.h"
+#include "vm/ArgumentsObject.h"
+#include "vm/Compression.h"
+#include "vm/Debugger.h"
+#include "vm/Opcodes.h"
+#include "vm/SelfHosting.h"
+#include "vm/Shape.h"
+#include "vm/SharedImmutableStringsCache.h"
+#include "vm/Xdr.h"
+
+#include "jsfuninlines.h"
+#include "jsobjinlines.h"
+
+#include "vm/EnvironmentObject-inl.h"
+#include "vm/NativeObject-inl.h"
+#include "vm/SharedImmutableStringsCache-inl.h"
+#include "vm/Stack-inl.h"
+
+using namespace js;
+using namespace js::gc;
+using namespace js::frontend;
+
+using mozilla::AsVariant;
+using mozilla::PodCopy;
+using mozilla::PodZero;
+using mozilla::RotateLeft;
+
+template<XDRMode mode>
+bool
+js::XDRScriptConst(XDRState<mode>* xdr, MutableHandleValue vp)
+{
+ JSContext* cx = xdr->cx();
+
+ /*
+ * A script constant can be an arbitrary primitive value as they are used
+ * to implement JSOP_LOOKUPSWITCH. But they cannot be objects, see
+ * bug 407186.
+ */
+ enum ConstTag {
+ SCRIPT_INT = 0,
+ SCRIPT_DOUBLE = 1,
+ SCRIPT_ATOM = 2,
+ SCRIPT_TRUE = 3,
+ SCRIPT_FALSE = 4,
+ SCRIPT_NULL = 5,
+ SCRIPT_OBJECT = 6,
+ SCRIPT_VOID = 7,
+ SCRIPT_HOLE = 8
+ };
+
+ uint32_t tag;
+ if (mode == XDR_ENCODE) {
+ if (vp.isInt32()) {
+ tag = SCRIPT_INT;
+ } else if (vp.isDouble()) {
+ tag = SCRIPT_DOUBLE;
+ } else if (vp.isString()) {
+ tag = SCRIPT_ATOM;
+ } else if (vp.isTrue()) {
+ tag = SCRIPT_TRUE;
+ } else if (vp.isFalse()) {
+ tag = SCRIPT_FALSE;
+ } else if (vp.isNull()) {
+ tag = SCRIPT_NULL;
+ } else if (vp.isObject()) {
+ tag = SCRIPT_OBJECT;
+ } else if (vp.isMagic(JS_ELEMENTS_HOLE)) {
+ tag = SCRIPT_HOLE;
+ } else {
+ MOZ_ASSERT(vp.isUndefined());
+ tag = SCRIPT_VOID;
+ }
+ }
+
+ if (!xdr->codeUint32(&tag))
+ return false;
+
+ switch (tag) {
+ case SCRIPT_INT: {
+ uint32_t i;
+ if (mode == XDR_ENCODE)
+ i = uint32_t(vp.toInt32());
+ if (!xdr->codeUint32(&i))
+ return false;
+ if (mode == XDR_DECODE)
+ vp.set(Int32Value(int32_t(i)));
+ break;
+ }
+ case SCRIPT_DOUBLE: {
+ double d;
+ if (mode == XDR_ENCODE)
+ d = vp.toDouble();
+ if (!xdr->codeDouble(&d))
+ return false;
+ if (mode == XDR_DECODE)
+ vp.set(DoubleValue(d));
+ break;
+ }
+ case SCRIPT_ATOM: {
+ RootedAtom atom(cx);
+ if (mode == XDR_ENCODE)
+ atom = &vp.toString()->asAtom();
+ if (!XDRAtom(xdr, &atom))
+ return false;
+ if (mode == XDR_DECODE)
+ vp.set(StringValue(atom));
+ break;
+ }
+ case SCRIPT_TRUE:
+ if (mode == XDR_DECODE)
+ vp.set(BooleanValue(true));
+ break;
+ case SCRIPT_FALSE:
+ if (mode == XDR_DECODE)
+ vp.set(BooleanValue(false));
+ break;
+ case SCRIPT_NULL:
+ if (mode == XDR_DECODE)
+ vp.set(NullValue());
+ break;
+ case SCRIPT_OBJECT: {
+ RootedObject obj(cx);
+ if (mode == XDR_ENCODE)
+ obj = &vp.toObject();
+
+ if (!XDRObjectLiteral(xdr, &obj))
+ return false;
+
+ if (mode == XDR_DECODE)
+ vp.setObject(*obj);
+ break;
+ }
+ case SCRIPT_VOID:
+ if (mode == XDR_DECODE)
+ vp.set(UndefinedValue());
+ break;
+ case SCRIPT_HOLE:
+ if (mode == XDR_DECODE)
+ vp.setMagic(JS_ELEMENTS_HOLE);
+ break;
+ }
+ return true;
+}
+
+template bool
+js::XDRScriptConst(XDRState<XDR_ENCODE>*, MutableHandleValue);
+
+template bool
+js::XDRScriptConst(XDRState<XDR_DECODE>*, MutableHandleValue);
+
+// Code LazyScript's closed over bindings.
+template<XDRMode mode>
+static bool
+XDRLazyClosedOverBindings(XDRState<mode>* xdr, MutableHandle<LazyScript*> lazy)
+{
+ JSContext* cx = xdr->cx();
+ RootedAtom atom(cx);
+ for (size_t i = 0; i < lazy->numClosedOverBindings(); i++) {
+ uint8_t endOfScopeSentinel;
+ if (mode == XDR_ENCODE) {
+ atom = lazy->closedOverBindings()[i];
+ endOfScopeSentinel = !atom;
+ }
+
+ if (!xdr->codeUint8(&endOfScopeSentinel))
+ return false;
+
+ if (endOfScopeSentinel)
+ atom = nullptr;
+ else if (!XDRAtom(xdr, &atom))
+ return false;
+
+ if (mode == XDR_DECODE)
+ lazy->closedOverBindings()[i] = atom;
+ }
+
+ return true;
+}
+
+// Code the missing part needed to re-create a LazyScript from a JSScript.
+template<XDRMode mode>
+static bool
+XDRRelazificationInfo(XDRState<mode>* xdr, HandleFunction fun, HandleScript script,
+ HandleScope enclosingScope, MutableHandle<LazyScript*> lazy)
+{
+ MOZ_ASSERT_IF(mode == XDR_ENCODE, script->isRelazifiable() && script->maybeLazyScript());
+ MOZ_ASSERT_IF(mode == XDR_ENCODE, !lazy->numInnerFunctions());
+
+ JSContext* cx = xdr->cx();
+
+ uint64_t packedFields;
+ {
+ uint32_t begin = script->sourceStart();
+ uint32_t end = script->sourceEnd();
+ uint32_t lineno = script->lineno();
+ uint32_t column = script->column();
+
+ if (mode == XDR_ENCODE) {
+ packedFields = lazy->packedFields();
+ MOZ_ASSERT(begin == lazy->begin());
+ MOZ_ASSERT(end == lazy->end());
+ MOZ_ASSERT(lineno == lazy->lineno());
+ MOZ_ASSERT(column == lazy->column());
+ // We can assert we have no inner functions because we don't
+ // relazify scripts with inner functions. See
+ // JSFunction::createScriptForLazilyInterpretedFunction.
+ MOZ_ASSERT(lazy->numInnerFunctions() == 0);
+ }
+
+ if (!xdr->codeUint64(&packedFields))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ lazy.set(LazyScript::Create(cx, fun, script, enclosingScope, script,
+ packedFields, begin, end, lineno, column));
+
+ // As opposed to XDRLazyScript, we need to restore the runtime bits
+ // of the script, as we are trying to match the fact this function
+ // has already been parsed and that it would need to be re-lazified.
+ lazy->initRuntimeFields(packedFields);
+ }
+ }
+
+ // Code binding names.
+ if (!XDRLazyClosedOverBindings(xdr, lazy))
+ return false;
+
+ // No need to do anything with inner functions, since we asserted we don't
+ // have any.
+
+ return true;
+}
+
+static inline uint32_t
+FindScopeIndex(JSScript* script, Scope& scope)
+{
+ ScopeArray* scopes = script->scopes();
+ GCPtrScope* vector = scopes->vector;
+ unsigned length = scopes->length;
+ for (uint32_t i = 0; i < length; ++i) {
+ if (vector[i] == &scope)
+ return i;
+ }
+
+ MOZ_CRASH("Scope not found");
+}
+
+enum XDRClassKind {
+ CK_RegexpObject,
+ CK_JSFunction,
+ CK_JSObject
+};
+
+template<XDRMode mode>
+bool
+js::XDRScript(XDRState<mode>* xdr, HandleScope scriptEnclosingScope, HandleScript enclosingScript,
+ HandleFunction fun, MutableHandleScript scriptp)
+{
+ /* NB: Keep this in sync with CopyScript. */
+
+ enum ScriptBits {
+ NoScriptRval,
+ Strict,
+ ContainsDynamicNameAccess,
+ FunHasExtensibleScope,
+ FunHasAnyAliasedFormal,
+ ArgumentsHasVarBinding,
+ NeedsArgsObj,
+ HasMappedArgsObj,
+ FunctionHasThisBinding,
+ FunctionHasExtraBodyVarScope,
+ IsGeneratorExp,
+ IsLegacyGenerator,
+ IsStarGenerator,
+ IsAsync,
+ OwnSource,
+ ExplicitUseStrict,
+ SelfHosted,
+ HasSingleton,
+ TreatAsRunOnce,
+ HasLazyScript,
+ HasNonSyntacticScope,
+ HasInnerFunctions,
+ NeedsHomeObject,
+ IsDerivedClassConstructor,
+ IsDefaultClassConstructor,
+ };
+
+ uint32_t length, lineno, column, nfixed, nslots;
+ uint32_t natoms, nsrcnotes, i;
+ uint32_t nconsts, nobjects, nscopes, nregexps, ntrynotes, nscopenotes, nyieldoffsets;
+ uint32_t prologueLength, version;
+ uint32_t funLength = 0;
+ uint32_t nTypeSets = 0;
+ uint32_t scriptBits = 0;
+ uint32_t bodyScopeIndex = 0;
+
+ JSContext* cx = xdr->cx();
+ RootedScript script(cx);
+ natoms = nsrcnotes = 0;
+ nconsts = nobjects = nscopes = nregexps = ntrynotes = nscopenotes = nyieldoffsets = 0;
+
+ if (mode == XDR_ENCODE) {
+ script = scriptp.get();
+ MOZ_ASSERT_IF(enclosingScript, enclosingScript->compartment() == script->compartment());
+ MOZ_ASSERT(script->functionNonDelazifying() == fun);
+
+ if (!fun && script->treatAsRunOnce()) {
+ // This is a toplevel or eval script that's runOnce. We want to
+ // make sure that we're not XDR-saving an object we emitted for
+ // JSOP_OBJECT that then got modified. So throw if we're not
+ // cloning in JSOP_OBJECT or if we ever didn't clone in it in the
+ // past.
+ JSCompartment* comp = cx->compartment();
+ if (!comp->creationOptions().cloneSingletons() ||
+ !comp->behaviors().getSingletonsAsTemplates())
+ {
+ return xdr->fail(JS::TranscodeResult_Failure_RunOnceNotSupported);
+ }
+ }
+ }
+
+ if (mode == XDR_ENCODE)
+ length = script->length();
+ if (!xdr->codeUint32(&length))
+ return false;
+
+ if (mode == XDR_ENCODE) {
+ prologueLength = script->mainOffset();
+ MOZ_ASSERT(script->getVersion() != JSVERSION_UNKNOWN);
+ version = script->getVersion();
+ lineno = script->lineno();
+ column = script->column();
+ nfixed = script->nfixed();
+ nslots = script->nslots();
+
+ bodyScopeIndex = script->bodyScopeIndex();
+ natoms = script->natoms();
+
+ nsrcnotes = script->numNotes();
+
+ if (script->hasConsts())
+ nconsts = script->consts()->length;
+ if (script->hasObjects())
+ nobjects = script->objects()->length;
+ nscopes = script->scopes()->length;
+ if (script->hasTrynotes())
+ ntrynotes = script->trynotes()->length;
+ if (script->hasScopeNotes())
+ nscopenotes = script->scopeNotes()->length;
+ if (script->hasYieldOffsets())
+ nyieldoffsets = script->yieldOffsets().length();
+
+ nTypeSets = script->nTypeSets();
+ funLength = script->funLength();
+
+ if (script->noScriptRval())
+ scriptBits |= (1 << NoScriptRval);
+ if (script->strict())
+ scriptBits |= (1 << Strict);
+ if (script->explicitUseStrict())
+ scriptBits |= (1 << ExplicitUseStrict);
+ if (script->selfHosted())
+ scriptBits |= (1 << SelfHosted);
+ if (script->bindingsAccessedDynamically())
+ scriptBits |= (1 << ContainsDynamicNameAccess);
+ if (script->funHasExtensibleScope())
+ scriptBits |= (1 << FunHasExtensibleScope);
+ if (script->funHasAnyAliasedFormal())
+ scriptBits |= (1 << FunHasAnyAliasedFormal);
+ if (script->argumentsHasVarBinding())
+ scriptBits |= (1 << ArgumentsHasVarBinding);
+ if (script->analyzedArgsUsage() && script->needsArgsObj())
+ scriptBits |= (1 << NeedsArgsObj);
+ if (script->hasMappedArgsObj())
+ scriptBits |= (1 << HasMappedArgsObj);
+ if (script->functionHasThisBinding())
+ scriptBits |= (1 << FunctionHasThisBinding);
+ if (script->functionHasExtraBodyVarScope())
+ scriptBits |= (1 << FunctionHasExtraBodyVarScope);
+ if (!enclosingScript || enclosingScript->scriptSource() != script->scriptSource())
+ scriptBits |= (1 << OwnSource);
+ if (script->isGeneratorExp())
+ scriptBits |= (1 << IsGeneratorExp);
+ if (script->isLegacyGenerator())
+ scriptBits |= (1 << IsLegacyGenerator);
+ if (script->isStarGenerator())
+ scriptBits |= (1 << IsStarGenerator);
+ if (script->asyncKind() == AsyncFunction)
+ scriptBits |= (1 << IsAsync);
+ if (script->hasSingletons())
+ scriptBits |= (1 << HasSingleton);
+ if (script->treatAsRunOnce())
+ scriptBits |= (1 << TreatAsRunOnce);
+ if (script->isRelazifiable())
+ scriptBits |= (1 << HasLazyScript);
+ if (script->hasNonSyntacticScope())
+ scriptBits |= (1 << HasNonSyntacticScope);
+ if (script->hasInnerFunctions())
+ scriptBits |= (1 << HasInnerFunctions);
+ if (script->needsHomeObject())
+ scriptBits |= (1 << NeedsHomeObject);
+ if (script->isDerivedClassConstructor())
+ scriptBits |= (1 << IsDerivedClassConstructor);
+ if (script->isDefaultClassConstructor())
+ scriptBits |= (1 << IsDefaultClassConstructor);
+ }
+
+ if (!xdr->codeUint32(&prologueLength))
+ return false;
+ if (!xdr->codeUint32(&version))
+ return false;
+
+ // To fuse allocations, we need lengths of all embedded arrays early.
+ if (!xdr->codeUint32(&natoms))
+ return false;
+ if (!xdr->codeUint32(&nsrcnotes))
+ return false;
+ if (!xdr->codeUint32(&nconsts))
+ return false;
+ if (!xdr->codeUint32(&nobjects))
+ return false;
+ if (!xdr->codeUint32(&nscopes))
+ return false;
+ if (!xdr->codeUint32(&ntrynotes))
+ return false;
+ if (!xdr->codeUint32(&nscopenotes))
+ return false;
+ if (!xdr->codeUint32(&nyieldoffsets))
+ return false;
+ if (!xdr->codeUint32(&nTypeSets))
+ return false;
+ if (!xdr->codeUint32(&funLength))
+ return false;
+ if (!xdr->codeUint32(&scriptBits))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ JSVersion version_ = JSVersion(version);
+ MOZ_ASSERT((version_ & VersionFlags::MASK) == unsigned(version_));
+
+ CompileOptions options(cx);
+ options.setVersion(version_)
+ .setNoScriptRval(!!(scriptBits & (1 << NoScriptRval)))
+ .setSelfHostingMode(!!(scriptBits & (1 << SelfHosted)));
+ RootedScriptSource sourceObject(cx);
+ if (scriptBits & (1 << OwnSource)) {
+ ScriptSource* ss = cx->new_<ScriptSource>();
+ if (!ss)
+ return false;
+ ScriptSourceHolder ssHolder(ss);
+
+ /*
+ * We use this CompileOptions only to initialize the
+ * ScriptSourceObject. Most CompileOptions fields aren't used by
+ * ScriptSourceObject, and those that are (element; elementAttributeName)
+ * aren't preserved by XDR. So this can be simple.
+ */
+ CompileOptions options(cx);
+ ss->initFromOptions(cx, options);
+ sourceObject = ScriptSourceObject::create(cx, ss);
+ if (!sourceObject ||
+ !ScriptSourceObject::initFromOptions(cx, sourceObject, options))
+ return false;
+ } else {
+ MOZ_ASSERT(enclosingScript);
+ // When decoding, all the scripts and the script source object
+ // are in the same compartment, so the script's source object
+ // should never be a cross-compartment wrapper.
+ MOZ_ASSERT(enclosingScript->sourceObject()->is<ScriptSourceObject>());
+ sourceObject = &enclosingScript->sourceObject()->as<ScriptSourceObject>();
+ }
+
+ script = JSScript::Create(cx, options, sourceObject, 0, 0);
+ if (!script)
+ return false;
+
+ // Set the script in its function now so that inner scripts to be
+ // decoded may iterate the static scope chain.
+ if (fun)
+ fun->initScript(script);
+ }
+
+ if (mode == XDR_DECODE) {
+ if (!JSScript::partiallyInit(cx, script, nscopes, nconsts, nobjects, ntrynotes,
+ nscopenotes, nyieldoffsets, nTypeSets))
+ {
+ return false;
+ }
+
+ MOZ_ASSERT(!script->mainOffset());
+ script->mainOffset_ = prologueLength;
+ script->funLength_ = funLength;
+
+ scriptp.set(script);
+
+ if (scriptBits & (1 << Strict))
+ script->strict_ = true;
+ if (scriptBits & (1 << ExplicitUseStrict))
+ script->explicitUseStrict_ = true;
+ if (scriptBits & (1 << ContainsDynamicNameAccess))
+ script->bindingsAccessedDynamically_ = true;
+ if (scriptBits & (1 << FunHasExtensibleScope))
+ script->funHasExtensibleScope_ = true;
+ if (scriptBits & (1 << FunHasAnyAliasedFormal))
+ script->funHasAnyAliasedFormal_ = true;
+ if (scriptBits & (1 << ArgumentsHasVarBinding))
+ script->setArgumentsHasVarBinding();
+ if (scriptBits & (1 << NeedsArgsObj))
+ script->setNeedsArgsObj(true);
+ if (scriptBits & (1 << HasMappedArgsObj))
+ script->hasMappedArgsObj_ = true;
+ if (scriptBits & (1 << FunctionHasThisBinding))
+ script->functionHasThisBinding_ = true;
+ if (scriptBits & (1 << FunctionHasExtraBodyVarScope))
+ script->functionHasExtraBodyVarScope_ = true;
+ if (scriptBits & (1 << IsGeneratorExp))
+ script->isGeneratorExp_ = true;
+ if (scriptBits & (1 << HasSingleton))
+ script->hasSingletons_ = true;
+ if (scriptBits & (1 << TreatAsRunOnce))
+ script->treatAsRunOnce_ = true;
+ if (scriptBits & (1 << HasNonSyntacticScope))
+ script->hasNonSyntacticScope_ = true;
+ if (scriptBits & (1 << HasInnerFunctions))
+ script->hasInnerFunctions_ = true;
+ if (scriptBits & (1 << NeedsHomeObject))
+ script->needsHomeObject_ = true;
+ if (scriptBits & (1 << IsDerivedClassConstructor))
+ script->isDerivedClassConstructor_ = true;
+ if (scriptBits & (1 << IsDefaultClassConstructor))
+ script->isDefaultClassConstructor_ = true;
+
+ if (scriptBits & (1 << IsLegacyGenerator)) {
+ MOZ_ASSERT(!(scriptBits & (1 << IsStarGenerator)));
+ script->setGeneratorKind(LegacyGenerator);
+ } else if (scriptBits & (1 << IsStarGenerator))
+ script->setGeneratorKind(StarGenerator);
+
+ if (scriptBits & (1 << IsAsync))
+ script->setAsyncKind(AsyncFunction);
+ }
+
+ JS_STATIC_ASSERT(sizeof(jsbytecode) == 1);
+ JS_STATIC_ASSERT(sizeof(jssrcnote) == 1);
+
+ if (scriptBits & (1 << OwnSource)) {
+ if (!script->scriptSource()->performXDR<mode>(xdr))
+ return false;
+ }
+ if (!xdr->codeUint32(&script->sourceStart_))
+ return false;
+ if (!xdr->codeUint32(&script->sourceEnd_))
+ return false;
+
+ if (!xdr->codeUint32(&lineno) ||
+ !xdr->codeUint32(&column) ||
+ !xdr->codeUint32(&nfixed) ||
+ !xdr->codeUint32(&nslots))
+ {
+ return false;
+ }
+
+ if (!xdr->codeUint32(&bodyScopeIndex))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ script->lineno_ = lineno;
+ script->column_ = column;
+ script->nfixed_ = nfixed;
+ script->nslots_ = nslots;
+ script->bodyScopeIndex_ = bodyScopeIndex;
+ }
+
+ auto scriptDataGuard = mozilla::MakeScopeExit([&] {
+ if (mode == XDR_DECODE)
+ script->freeScriptData();
+ });
+
+ if (mode == XDR_DECODE) {
+ if (!script->createScriptData(cx, length, nsrcnotes, natoms))
+ return false;
+ }
+
+ jsbytecode* code = script->code();
+ if (!xdr->codeBytes(code, length) || !xdr->codeBytes(code + length, nsrcnotes)) {
+ return false;
+ }
+
+ for (i = 0; i != natoms; ++i) {
+ if (mode == XDR_DECODE) {
+ RootedAtom tmp(cx);
+ if (!XDRAtom(xdr, &tmp))
+ return false;
+ script->atoms()[i].init(tmp);
+ } else {
+ RootedAtom tmp(cx, script->atoms()[i]);
+ if (!XDRAtom(xdr, &tmp))
+ return false;
+ }
+ }
+
+ scriptDataGuard.release();
+ if (mode == XDR_DECODE) {
+ if (!script->shareScriptData(cx))
+ return false;
+ }
+
+ if (nconsts) {
+ GCPtrValue* vector = script->consts()->vector;
+ RootedValue val(cx);
+ for (i = 0; i != nconsts; ++i) {
+ if (mode == XDR_ENCODE)
+ val = vector[i];
+ if (!XDRScriptConst(xdr, &val))
+ return false;
+ if (mode == XDR_DECODE)
+ vector[i].init(val);
+ }
+ }
+
+ {
+ MOZ_ASSERT(nscopes != 0);
+ GCPtrScope* vector = script->scopes()->vector;
+ RootedScope scope(cx);
+ RootedScope enclosing(cx);
+ ScopeKind scopeKind;
+ uint32_t enclosingScopeIndex = 0;
+ for (i = 0; i != nscopes; ++i) {
+ if (mode == XDR_ENCODE) {
+ scope = vector[i];
+ scopeKind = scope->kind();
+ } else {
+ scope = nullptr;
+ }
+
+ if (!xdr->codeEnum32(&scopeKind))
+ return false;
+
+ if (mode == XDR_ENCODE) {
+ if (i == 0) {
+ enclosingScopeIndex = UINT32_MAX;
+ } else {
+ MOZ_ASSERT(scope->enclosing());
+ enclosingScopeIndex = FindScopeIndex(script, *scope->enclosing());
+ }
+ }
+
+ if (!xdr->codeUint32(&enclosingScopeIndex))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ if (i == 0) {
+ MOZ_ASSERT(enclosingScopeIndex == UINT32_MAX);
+ enclosing = scriptEnclosingScope;
+ } else {
+ MOZ_ASSERT(enclosingScopeIndex < i);
+ enclosing = vector[enclosingScopeIndex];
+ }
+ }
+
+ switch (scopeKind) {
+ case ScopeKind::Function:
+ MOZ_ASSERT(i == script->bodyScopeIndex());
+ if (!FunctionScope::XDR(xdr, fun, enclosing, &scope))
+ return false;
+ break;
+ case ScopeKind::FunctionBodyVar:
+ case ScopeKind::ParameterExpressionVar:
+ if (!VarScope::XDR(xdr, scopeKind, enclosing, &scope))
+ return false;
+ break;
+ case ScopeKind::Lexical:
+ case ScopeKind::SimpleCatch:
+ case ScopeKind::Catch:
+ case ScopeKind::NamedLambda:
+ case ScopeKind::StrictNamedLambda:
+ if (!LexicalScope::XDR(xdr, scopeKind, enclosing, &scope))
+ return false;
+ break;
+ case ScopeKind::With:
+ if (mode == XDR_DECODE) {
+ scope = WithScope::create(cx, enclosing);
+ if (!scope)
+ return false;
+ }
+ break;
+ case ScopeKind::Eval:
+ case ScopeKind::StrictEval:
+ if (!EvalScope::XDR(xdr, scopeKind, enclosing, &scope))
+ return false;
+ break;
+ case ScopeKind::Global:
+ case ScopeKind::NonSyntactic:
+ if (!GlobalScope::XDR(xdr, scopeKind, &scope))
+ return false;
+ break;
+ case ScopeKind::Module:
+ MOZ_CRASH("NYI");
+ break;
+ }
+
+ if (mode == XDR_DECODE)
+ vector[i].init(scope);
+ }
+ }
+
+ /*
+ * Here looping from 0-to-length to xdr objects is essential to ensure that
+ * all references to enclosing blocks (via FindScopeIndex below) happen
+ * after the enclosing block has been XDR'd.
+ */
+ for (i = 0; i != nobjects; ++i) {
+ GCPtrObject* objp = &script->objects()->vector[i];
+ XDRClassKind classk;
+
+ if (mode == XDR_ENCODE) {
+ JSObject* obj = *objp;
+ if (obj->is<RegExpObject>())
+ classk = CK_RegexpObject;
+ else if (obj->is<JSFunction>())
+ classk = CK_JSFunction;
+ else if (obj->is<PlainObject>() || obj->is<ArrayObject>())
+ classk = CK_JSObject;
+ else
+ MOZ_CRASH("Cannot encode this class of object.");
+ }
+
+ if (!xdr->codeEnum32(&classk))
+ return false;
+
+ switch (classk) {
+ case CK_RegexpObject: {
+ Rooted<RegExpObject*> regexp(cx);
+ if (mode == XDR_ENCODE)
+ regexp = &(*objp)->as<RegExpObject>();
+ if (!XDRScriptRegExpObject(xdr, &regexp))
+ return false;
+ if (mode == XDR_DECODE)
+ *objp = regexp;
+ break;
+ }
+
+ case CK_JSFunction: {
+ /* Code the nested function's enclosing scope. */
+ uint32_t funEnclosingScopeIndex = 0;
+ RootedScope funEnclosingScope(cx);
+ if (mode == XDR_ENCODE) {
+ RootedFunction function(cx, &(*objp)->as<JSFunction>());
+
+ if (function->isInterpretedLazy()) {
+ funEnclosingScope = function->lazyScript()->enclosingScope();
+ } else if (function->isInterpreted()) {
+ funEnclosingScope = function->nonLazyScript()->enclosingScope();
+ } else {
+ MOZ_ASSERT(function->isAsmJSNative());
+ return xdr->fail(JS::TranscodeResult_Failure_AsmJSNotSupported);
+ }
+
+ funEnclosingScopeIndex = FindScopeIndex(script, *funEnclosingScope);
+ }
+
+ if (!xdr->codeUint32(&funEnclosingScopeIndex))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ MOZ_ASSERT(funEnclosingScopeIndex < script->scopes()->length);
+ funEnclosingScope = script->scopes()->vector[funEnclosingScopeIndex];
+ }
+
+ // Code nested function and script.
+ RootedFunction tmp(cx);
+ if (mode == XDR_ENCODE)
+ tmp = &(*objp)->as<JSFunction>();
+ if (!XDRInterpretedFunction(xdr, funEnclosingScope, script, &tmp))
+ return false;
+ *objp = tmp;
+ break;
+ }
+
+ case CK_JSObject: {
+ /* Code object literal. */
+ RootedObject tmp(cx, *objp);
+ if (!XDRObjectLiteral(xdr, &tmp))
+ return false;
+ *objp = tmp;
+ break;
+ }
+
+ default: {
+ MOZ_ASSERT(false, "Unknown class kind.");
+ return xdr->fail(JS::TranscodeResult_Failure_UnknownClassKind);
+ }
+ }
+ }
+
+ if (ntrynotes != 0) {
+ JSTryNote* tnfirst = script->trynotes()->vector;
+ MOZ_ASSERT(script->trynotes()->length == ntrynotes);
+ JSTryNote* tn = tnfirst + ntrynotes;
+ do {
+ --tn;
+ if (!xdr->codeUint8(&tn->kind) ||
+ !xdr->codeUint32(&tn->stackDepth) ||
+ !xdr->codeUint32(&tn->start) ||
+ !xdr->codeUint32(&tn->length)) {
+ return false;
+ }
+ } while (tn != tnfirst);
+ }
+
+ for (i = 0; i < nscopenotes; ++i) {
+ ScopeNote* note = &script->scopeNotes()->vector[i];
+ if (!xdr->codeUint32(&note->index) ||
+ !xdr->codeUint32(&note->start) ||
+ !xdr->codeUint32(&note->length) ||
+ !xdr->codeUint32(&note->parent))
+ {
+ return false;
+ }
+ }
+
+ for (i = 0; i < nyieldoffsets; ++i) {
+ uint32_t* offset = &script->yieldOffsets()[i];
+ if (!xdr->codeUint32(offset))
+ return false;
+ }
+
+ if (scriptBits & (1 << HasLazyScript)) {
+ Rooted<LazyScript*> lazy(cx);
+ if (mode == XDR_ENCODE)
+ lazy = script->maybeLazyScript();
+
+ if (!XDRRelazificationInfo(xdr, fun, script, scriptEnclosingScope, &lazy))
+ return false;
+
+ if (mode == XDR_DECODE)
+ script->setLazyScript(lazy);
+ }
+
+ if (mode == XDR_DECODE) {
+ scriptp.set(script);
+
+ /* see BytecodeEmitter::tellDebuggerAboutCompiledScript */
+ if (!fun)
+ Debugger::onNewScript(cx, script);
+ }
+
+ return true;
+}
+
+template bool
+js::XDRScript(XDRState<XDR_ENCODE>*, HandleScope, HandleScript, HandleFunction,
+ MutableHandleScript);
+
+template bool
+js::XDRScript(XDRState<XDR_DECODE>*, HandleScope, HandleScript, HandleFunction,
+ MutableHandleScript);
+
+template<XDRMode mode>
+bool
+js::XDRLazyScript(XDRState<mode>* xdr, HandleScope enclosingScope, HandleScript enclosingScript,
+ HandleFunction fun, MutableHandle<LazyScript*> lazy)
+{
+ JSContext* cx = xdr->cx();
+
+ {
+ uint32_t begin;
+ uint32_t end;
+ uint32_t lineno;
+ uint32_t column;
+ uint64_t packedFields;
+
+ if (mode == XDR_ENCODE) {
+ // Note: it's possible the LazyScript has a non-null script_ pointer
+ // to a JSScript. We don't encode it: we can just delazify the
+ // lazy script.
+
+ MOZ_ASSERT(fun == lazy->functionNonDelazifying());
+
+ begin = lazy->begin();
+ end = lazy->end();
+ lineno = lazy->lineno();
+ column = lazy->column();
+ packedFields = lazy->packedFields();
+ }
+
+ if (!xdr->codeUint32(&begin) || !xdr->codeUint32(&end) ||
+ !xdr->codeUint32(&lineno) || !xdr->codeUint32(&column) ||
+ !xdr->codeUint64(&packedFields))
+ {
+ return false;
+ }
+
+ if (mode == XDR_DECODE) {
+ lazy.set(LazyScript::Create(cx, fun, nullptr, enclosingScope, enclosingScript,
+ packedFields, begin, end, lineno, column));
+ if (!lazy)
+ return false;
+ fun->initLazyScript(lazy);
+ }
+ }
+
+ // Code closed-over bindings.
+ if (!XDRLazyClosedOverBindings(xdr, lazy))
+ return false;
+
+ // Code inner functions.
+ {
+ RootedFunction func(cx);
+ GCPtrFunction* innerFunctions = lazy->innerFunctions();
+ size_t numInnerFunctions = lazy->numInnerFunctions();
+ for (size_t i = 0; i < numInnerFunctions; i++) {
+ if (mode == XDR_ENCODE)
+ func = innerFunctions[i];
+
+ if (!XDRInterpretedFunction(xdr, nullptr, nullptr, &func))
+ return false;
+
+ if (mode == XDR_DECODE)
+ innerFunctions[i] = func;
+ }
+ }
+
+ return true;
+}
+
+template bool
+js::XDRLazyScript(XDRState<XDR_ENCODE>*, HandleScope, HandleScript,
+ HandleFunction, MutableHandle<LazyScript*>);
+
+template bool
+js::XDRLazyScript(XDRState<XDR_DECODE>*, HandleScope, HandleScript,
+ HandleFunction, MutableHandle<LazyScript*>);
+
+void
+JSScript::setSourceObject(JSObject* object)
+{
+ MOZ_ASSERT(compartment() == object->compartment());
+ sourceObject_ = object;
+}
+
+js::ScriptSourceObject&
+JSScript::scriptSourceUnwrap() const {
+ return UncheckedUnwrap(sourceObject())->as<ScriptSourceObject>();
+}
+
+js::ScriptSource*
+JSScript::scriptSource() const {
+ return scriptSourceUnwrap().source();
+}
+
+js::ScriptSource*
+JSScript::maybeForwardedScriptSource() const {
+ return UncheckedUnwrap(MaybeForwarded(sourceObject()))->as<ScriptSourceObject>().source();
+}
+
+bool
+JSScript::initScriptCounts(JSContext* cx)
+{
+ MOZ_ASSERT(!hasScriptCounts());
+
+ // Record all pc which are the first instruction of a basic block.
+ mozilla::Vector<jsbytecode*, 16, SystemAllocPolicy> jumpTargets;
+ jsbytecode* mainPc = main();
+ jsbytecode* end = codeEnd();
+ for (jsbytecode* pc = code(); pc != end; pc = GetNextPc(pc)) {
+ if (BytecodeIsJumpTarget(JSOp(*pc)) || pc == mainPc) {
+ if (!jumpTargets.append(pc)) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ }
+ }
+
+ // Initialize all PCCounts counters to 0.
+ ScriptCounts::PCCountsVector base;
+ if (!base.reserve(jumpTargets.length())) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ for (size_t i = 0; i < jumpTargets.length(); i++)
+ base.infallibleEmplaceBack(pcToOffset(jumpTargets[i]));
+
+ // Create compartment's scriptCountsMap if necessary.
+ ScriptCountsMap* map = compartment()->scriptCountsMap;
+ if (!map) {
+ map = cx->new_<ScriptCountsMap>();
+ if (!map) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ if (!map->init()) {
+ js_delete(map);
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ compartment()->scriptCountsMap = map;
+ }
+
+ // Allocate the ScriptCounts.
+ ScriptCounts* sc = cx->new_<ScriptCounts>(Move(base));
+ if (!sc) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ auto guardScriptCounts = mozilla::MakeScopeExit([&] () {
+ js_delete(sc);
+ });
+
+ // Register the current ScriptCounts in the compartment's map.
+ if (!map->putNew(this, sc)) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ // safe to set this; we can't fail after this point.
+ hasScriptCounts_ = true;
+ guardScriptCounts.release();
+
+ // Enable interrupts in any interpreter frames running on this script. This
+ // is used to let the interpreter increment the PCCounts, if present.
+ for (ActivationIterator iter(cx->runtime()); !iter.done(); ++iter) {
+ if (iter->isInterpreter())
+ iter->asInterpreter()->enableInterruptsIfRunning(this);
+ }
+
+ return true;
+}
+
+static inline ScriptCountsMap::Ptr GetScriptCountsMapEntry(JSScript* script)
+{
+ MOZ_ASSERT(script->hasScriptCounts());
+ ScriptCountsMap* map = script->compartment()->scriptCountsMap;
+ ScriptCountsMap::Ptr p = map->lookup(script);
+ MOZ_ASSERT(p);
+ return p;
+}
+
+ScriptCounts&
+JSScript::getScriptCounts()
+{
+ ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
+ return *p->value();
+}
+
+js::PCCounts*
+ScriptCounts::maybeGetPCCounts(size_t offset) {
+ PCCounts searched = PCCounts(offset);
+ PCCounts* elem = std::lower_bound(pcCounts_.begin(), pcCounts_.end(), searched);
+ if (elem == pcCounts_.end() || elem->pcOffset() != offset)
+ return nullptr;
+ return elem;
+}
+
+const js::PCCounts*
+ScriptCounts::maybeGetPCCounts(size_t offset) const {
+ PCCounts searched = PCCounts(offset);
+ const PCCounts* elem = std::lower_bound(pcCounts_.begin(), pcCounts_.end(), searched);
+ if (elem == pcCounts_.end() || elem->pcOffset() != offset)
+ return nullptr;
+ return elem;
+}
+
+js::PCCounts*
+ScriptCounts::getImmediatePrecedingPCCounts(size_t offset)
+{
+ PCCounts searched = PCCounts(offset);
+ PCCounts* elem = std::lower_bound(pcCounts_.begin(), pcCounts_.end(), searched);
+ if (elem == pcCounts_.end())
+ return &pcCounts_.back();
+ if (elem->pcOffset() == offset)
+ return elem;
+ if (elem != pcCounts_.begin())
+ return elem - 1;
+ return nullptr;
+}
+
+const js::PCCounts*
+ScriptCounts::maybeGetThrowCounts(size_t offset) const {
+ PCCounts searched = PCCounts(offset);
+ const PCCounts* elem = std::lower_bound(throwCounts_.begin(), throwCounts_.end(), searched);
+ if (elem == throwCounts_.end() || elem->pcOffset() != offset)
+ return nullptr;
+ return elem;
+}
+
+const js::PCCounts*
+ScriptCounts::getImmediatePrecedingThrowCounts(size_t offset) const
+{
+ PCCounts searched = PCCounts(offset);
+ const PCCounts* elem = std::lower_bound(throwCounts_.begin(), throwCounts_.end(), searched);
+ if (elem == throwCounts_.end()) {
+ if (throwCounts_.begin() == throwCounts_.end())
+ return nullptr;
+ return &throwCounts_.back();
+ }
+ if (elem->pcOffset() == offset)
+ return elem;
+ if (elem != throwCounts_.begin())
+ return elem - 1;
+ return nullptr;
+}
+
+js::PCCounts*
+ScriptCounts::getThrowCounts(size_t offset) {
+ PCCounts searched = PCCounts(offset);
+ PCCounts* elem = std::lower_bound(throwCounts_.begin(), throwCounts_.end(), searched);
+ if (elem == throwCounts_.end() || elem->pcOffset() != offset)
+ elem = throwCounts_.insert(elem, searched);
+ return elem;
+}
+
+void
+JSScript::setIonScript(JSRuntime* maybeRuntime, js::jit::IonScript* ionScript)
+{
+ MOZ_ASSERT_IF(ionScript != ION_DISABLED_SCRIPT, !baselineScript()->hasPendingIonBuilder());
+ if (hasIonScript())
+ js::jit::IonScript::writeBarrierPre(zone(), ion);
+ ion = ionScript;
+ MOZ_ASSERT_IF(hasIonScript(), hasBaselineScript());
+ updateBaselineOrIonRaw(maybeRuntime);
+}
+
+js::PCCounts*
+JSScript::maybeGetPCCounts(jsbytecode* pc) {
+ MOZ_ASSERT(containsPC(pc));
+ return getScriptCounts().maybeGetPCCounts(pcToOffset(pc));
+}
+
+const js::PCCounts*
+JSScript::maybeGetThrowCounts(jsbytecode* pc) {
+ MOZ_ASSERT(containsPC(pc));
+ return getScriptCounts().maybeGetThrowCounts(pcToOffset(pc));
+}
+
+js::PCCounts*
+JSScript::getThrowCounts(jsbytecode* pc) {
+ MOZ_ASSERT(containsPC(pc));
+ return getScriptCounts().getThrowCounts(pcToOffset(pc));
+}
+
+uint64_t
+JSScript::getHitCount(jsbytecode* pc)
+{
+ MOZ_ASSERT(containsPC(pc));
+ if (pc < main())
+ pc = main();
+
+ ScriptCounts& sc = getScriptCounts();
+ size_t targetOffset = pcToOffset(pc);
+ const js::PCCounts* baseCount = sc.getImmediatePrecedingPCCounts(targetOffset);
+ if (!baseCount)
+ return 0;
+ if (baseCount->pcOffset() == targetOffset)
+ return baseCount->numExec();
+ MOZ_ASSERT(baseCount->pcOffset() < targetOffset);
+ uint64_t count = baseCount->numExec();
+ do {
+ const js::PCCounts* throwCount = sc.getImmediatePrecedingThrowCounts(targetOffset);
+ if (!throwCount)
+ return count;
+ if (throwCount->pcOffset() <= baseCount->pcOffset())
+ return count;
+ count -= throwCount->numExec();
+ targetOffset = throwCount->pcOffset() - 1;
+ } while (true);
+}
+
+void
+JSScript::incHitCount(jsbytecode* pc)
+{
+ MOZ_ASSERT(containsPC(pc));
+ if (pc < main())
+ pc = main();
+
+ ScriptCounts& sc = getScriptCounts();
+ js::PCCounts* baseCount = sc.getImmediatePrecedingPCCounts(pcToOffset(pc));
+ if (!baseCount)
+ return;
+ baseCount->numExec()++;
+}
+
+void
+JSScript::addIonCounts(jit::IonScriptCounts* ionCounts)
+{
+ ScriptCounts& sc = getScriptCounts();
+ if (sc.ionCounts_)
+ ionCounts->setPrevious(sc.ionCounts_);
+ sc.ionCounts_ = ionCounts;
+}
+
+jit::IonScriptCounts*
+JSScript::getIonCounts()
+{
+ return getScriptCounts().ionCounts_;
+}
+
+void
+JSScript::takeOverScriptCountsMapEntry(ScriptCounts* entryValue)
+{
+#ifdef DEBUG
+ ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
+ MOZ_ASSERT(entryValue == p->value());
+#endif
+ hasScriptCounts_ = false;
+}
+
+void
+JSScript::releaseScriptCounts(ScriptCounts* counts)
+{
+ ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
+ *counts = Move(*p->value());
+ js_delete(p->value());
+ compartment()->scriptCountsMap->remove(p);
+ hasScriptCounts_ = false;
+}
+
+void
+JSScript::destroyScriptCounts(FreeOp* fop)
+{
+ if (hasScriptCounts()) {
+ ScriptCounts scriptCounts;
+ releaseScriptCounts(&scriptCounts);
+ }
+}
+
+void
+ScriptSourceObject::trace(JSTracer* trc, JSObject* obj)
+{
+ ScriptSourceObject* sso = static_cast<ScriptSourceObject*>(obj);
+
+ // Don't trip over the poison 'not yet initialized' values.
+ if (!sso->getReservedSlot(INTRODUCTION_SCRIPT_SLOT).isMagic(JS_GENERIC_MAGIC)) {
+ JSScript* script = sso->introductionScript();
+ if (script) {
+ TraceManuallyBarrieredEdge(trc, &script, "ScriptSourceObject introductionScript");
+ sso->setReservedSlot(INTRODUCTION_SCRIPT_SLOT, PrivateValue(script));
+ }
+ }
+}
+
+void
+ScriptSourceObject::finalize(FreeOp* fop, JSObject* obj)
+{
+ MOZ_ASSERT(fop->onMainThread());
+ ScriptSourceObject* sso = &obj->as<ScriptSourceObject>();
+
+ // If code coverage is enabled, record the filename associated with this
+ // source object.
+ if (fop->runtime()->lcovOutput.isEnabled())
+ sso->compartment()->lcovOutput.collectSourceFile(sso->compartment(), sso);
+
+ sso->source()->decref();
+ sso->setReservedSlot(SOURCE_SLOT, PrivateValue(nullptr));
+}
+
+static const ClassOps ScriptSourceObjectClassOps = {
+ nullptr, /* addProperty */
+ nullptr, /* delProperty */
+ nullptr, /* getProperty */
+ nullptr, /* setProperty */
+ nullptr, /* enumerate */
+ nullptr, /* resolve */
+ nullptr, /* mayResolve */
+ ScriptSourceObject::finalize,
+ nullptr, /* call */
+ nullptr, /* hasInstance */
+ nullptr, /* construct */
+ ScriptSourceObject::trace
+};
+
+const Class ScriptSourceObject::class_ = {
+ "ScriptSource",
+ JSCLASS_HAS_RESERVED_SLOTS(RESERVED_SLOTS) |
+ JSCLASS_IS_ANONYMOUS |
+ JSCLASS_FOREGROUND_FINALIZE,
+ &ScriptSourceObjectClassOps
+};
+
+ScriptSourceObject*
+ScriptSourceObject::create(ExclusiveContext* cx, ScriptSource* source)
+{
+ RootedObject object(cx, NewObjectWithGivenProto(cx, &class_, nullptr));
+ if (!object)
+ return nullptr;
+ RootedScriptSource sourceObject(cx, &object->as<ScriptSourceObject>());
+
+ source->incref(); // The matching decref is in ScriptSourceObject::finalize.
+ sourceObject->initReservedSlot(SOURCE_SLOT, PrivateValue(source));
+
+ // The remaining slots should eventually be populated by a call to
+ // initFromOptions. Poison them until that point.
+ sourceObject->initReservedSlot(ELEMENT_SLOT, MagicValue(JS_GENERIC_MAGIC));
+ sourceObject->initReservedSlot(ELEMENT_PROPERTY_SLOT, MagicValue(JS_GENERIC_MAGIC));
+ sourceObject->initReservedSlot(INTRODUCTION_SCRIPT_SLOT, MagicValue(JS_GENERIC_MAGIC));
+
+ return sourceObject;
+}
+
+/* static */ bool
+ScriptSourceObject::initFromOptions(JSContext* cx, HandleScriptSource source,
+ const ReadOnlyCompileOptions& options)
+{
+ releaseAssertSameCompartment(cx, source);
+ MOZ_ASSERT(source->getReservedSlot(ELEMENT_SLOT).isMagic(JS_GENERIC_MAGIC));
+ MOZ_ASSERT(source->getReservedSlot(ELEMENT_PROPERTY_SLOT).isMagic(JS_GENERIC_MAGIC));
+ MOZ_ASSERT(source->getReservedSlot(INTRODUCTION_SCRIPT_SLOT).isMagic(JS_GENERIC_MAGIC));
+
+ RootedValue element(cx, ObjectOrNullValue(options.element()));
+ if (!cx->compartment()->wrap(cx, &element))
+ return false;
+ source->setReservedSlot(ELEMENT_SLOT, element);
+
+ RootedValue elementAttributeName(cx);
+ if (options.elementAttributeName())
+ elementAttributeName = StringValue(options.elementAttributeName());
+ else
+ elementAttributeName = UndefinedValue();
+ if (!cx->compartment()->wrap(cx, &elementAttributeName))
+ return false;
+ source->setReservedSlot(ELEMENT_PROPERTY_SLOT, elementAttributeName);
+
+ // There is no equivalent of cross-compartment wrappers for scripts. If the
+ // introduction script and ScriptSourceObject are in different compartments,
+ // we would be creating a cross-compartment script reference, which is
+ // forbidden. In that case, simply don't bother to retain the introduction
+ // script.
+ if (options.introductionScript() &&
+ options.introductionScript()->compartment() == cx->compartment())
+ {
+ source->setReservedSlot(INTRODUCTION_SCRIPT_SLOT, PrivateValue(options.introductionScript()));
+ } else {
+ source->setReservedSlot(INTRODUCTION_SCRIPT_SLOT, UndefinedValue());
+ }
+
+ return true;
+}
+
+/* static */ bool
+JSScript::loadSource(JSContext* cx, ScriptSource* ss, bool* worked)
+{
+ MOZ_ASSERT(!ss->hasSourceData());
+ *worked = false;
+ if (!cx->runtime()->sourceHook || !ss->sourceRetrievable())
+ return true;
+ char16_t* src = nullptr;
+ size_t length;
+ if (!cx->runtime()->sourceHook->load(cx, ss->filename(), &src, &length))
+ return false;
+ if (!src)
+ return true;
+ if (!ss->setSource(cx, mozilla::UniquePtr<char16_t[], JS::FreePolicy>(src), length))
+ return false;
+
+ *worked = true;
+ return true;
+}
+
+JSFlatString*
+JSScript::sourceData(JSContext* cx)
+{
+ MOZ_ASSERT(scriptSource()->hasSourceData());
+ return scriptSource()->substring(cx, sourceStart(), sourceEnd());
+}
+
+UncompressedSourceCache::AutoHoldEntry::AutoHoldEntry()
+ : cache_(nullptr), sourceChunk_()
+{
+}
+
+void
+UncompressedSourceCache::AutoHoldEntry::holdEntry(UncompressedSourceCache* cache,
+ const ScriptSourceChunk& sourceChunk)
+{
+ // Initialise the holder for a specific cache and script source. This will
+ // hold on to the cached source chars in the event that the cache is purged.
+ MOZ_ASSERT(!cache_ && !sourceChunk_.valid() && !charsToFree_);
+ cache_ = cache;
+ sourceChunk_ = sourceChunk;
+}
+
+void
+UncompressedSourceCache::AutoHoldEntry::holdChars(UniqueTwoByteChars chars)
+{
+ MOZ_ASSERT(!cache_ && !sourceChunk_.valid() && !charsToFree_);
+ charsToFree_ = Move(chars);
+}
+
+void
+UncompressedSourceCache::AutoHoldEntry::deferDelete(UniqueTwoByteChars chars)
+{
+ // Take ownership of source chars now the cache is being purged. Remove our
+ // reference to the ScriptSource which might soon be destroyed.
+ MOZ_ASSERT(cache_ && sourceChunk_.valid() && !charsToFree_);
+ cache_ = nullptr;
+ sourceChunk_ = ScriptSourceChunk();
+ charsToFree_ = Move(chars);
+}
+
+UncompressedSourceCache::AutoHoldEntry::~AutoHoldEntry()
+{
+ if (cache_) {
+ MOZ_ASSERT(sourceChunk_.valid());
+ cache_->releaseEntry(*this);
+ }
+}
+
+void
+UncompressedSourceCache::holdEntry(AutoHoldEntry& holder, const ScriptSourceChunk& ssc)
+{
+ MOZ_ASSERT(!holder_);
+ holder.holdEntry(this, ssc);
+ holder_ = &holder;
+}
+
+void
+UncompressedSourceCache::releaseEntry(AutoHoldEntry& holder)
+{
+ MOZ_ASSERT(holder_ == &holder);
+ holder_ = nullptr;
+}
+
+const char16_t*
+UncompressedSourceCache::lookup(const ScriptSourceChunk& ssc, AutoHoldEntry& holder)
+{
+ MOZ_ASSERT(!holder_);
+ if (!map_)
+ return nullptr;
+ if (Map::Ptr p = map_->lookup(ssc)) {
+ holdEntry(holder, ssc);
+ return p->value().get();
+ }
+ return nullptr;
+}
+
+bool
+UncompressedSourceCache::put(const ScriptSourceChunk& ssc, UniqueTwoByteChars str,
+ AutoHoldEntry& holder)
+{
+ MOZ_ASSERT(!holder_);
+
+ if (!map_) {
+ UniquePtr<Map> map = MakeUnique<Map>();
+ if (!map || !map->init())
+ return false;
+
+ map_ = Move(map);
+ }
+
+ if (!map_->put(ssc, Move(str)))
+ return false;
+
+ holdEntry(holder, ssc);
+ return true;
+}
+
+void
+UncompressedSourceCache::purge()
+{
+ if (!map_)
+ return;
+
+ for (Map::Range r = map_->all(); !r.empty(); r.popFront()) {
+ if (holder_ && r.front().key() == holder_->sourceChunk()) {
+ holder_->deferDelete(Move(r.front().value()));
+ holder_ = nullptr;
+ }
+ }
+
+ map_.reset();
+}
+
+size_t
+UncompressedSourceCache::sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf)
+{
+ size_t n = 0;
+ if (map_ && !map_->empty()) {
+ n += map_->sizeOfIncludingThis(mallocSizeOf);
+ for (Map::Range r = map_->all(); !r.empty(); r.popFront())
+ n += mallocSizeOf(r.front().value().get());
+ }
+ return n;
+}
+
+const char16_t*
+ScriptSource::chunkChars(JSContext* cx, UncompressedSourceCache::AutoHoldEntry& holder,
+ size_t chunk)
+{
+ const Compressed& c = data.as<Compressed>();
+
+ ScriptSourceChunk ssc(this, chunk);
+ if (const char16_t* decompressed = cx->caches.uncompressedSourceCache.lookup(ssc, holder))
+ return decompressed;
+
+ size_t totalLengthInBytes = length() * sizeof(char16_t);
+ size_t chunkBytes = Compressor::chunkSize(totalLengthInBytes, chunk);
+
+ MOZ_ASSERT((chunkBytes % sizeof(char16_t)) == 0);
+ const size_t lengthWithNull = (chunkBytes / sizeof(char16_t)) + 1;
+ UniqueTwoByteChars decompressed(js_pod_malloc<char16_t>(lengthWithNull));
+ if (!decompressed) {
+ JS_ReportOutOfMemory(cx);
+ return nullptr;
+ }
+
+ if (!DecompressStringChunk((const unsigned char*) c.raw.chars(),
+ chunk,
+ reinterpret_cast<unsigned char*>(decompressed.get()),
+ chunkBytes))
+ {
+ JS_ReportOutOfMemory(cx);
+ return nullptr;
+ }
+
+ decompressed[lengthWithNull - 1] = '\0';
+
+ const char16_t* ret = decompressed.get();
+ if (!cx->caches.uncompressedSourceCache.put(ssc, Move(decompressed), holder)) {
+ JS_ReportOutOfMemory(cx);
+ return nullptr;
+ }
+ return ret;
+}
+
+const char16_t*
+ScriptSource::chars(JSContext* cx, UncompressedSourceCache::AutoHoldEntry& holder,
+ size_t begin, size_t len)
+{
+ MOZ_ASSERT(begin + len <= length());
+
+ if (data.is<Uncompressed>()) {
+ const char16_t* chars = data.as<Uncompressed>().string.chars();
+ if (!chars)
+ return nullptr;
+ return chars + begin;
+ }
+
+ if (data.is<Missing>())
+ MOZ_CRASH("ScriptSource::chars() on ScriptSource with SourceType = Missing");
+
+ MOZ_ASSERT(data.is<Compressed>());
+
+ // Determine which chunk(s) we are interested in, and the offsets within
+ // these chunks.
+ size_t firstChunk, lastChunk;
+ size_t firstChunkOffset, lastChunkOffset;
+ MOZ_ASSERT(len > 0);
+ Compressor::toChunkOffset(begin * sizeof(char16_t), &firstChunk, &firstChunkOffset);
+ Compressor::toChunkOffset((begin + len - 1) * sizeof(char16_t), &lastChunk, &lastChunkOffset);
+
+ MOZ_ASSERT(firstChunkOffset % sizeof(char16_t) == 0);
+ size_t firstChar = firstChunkOffset / sizeof(char16_t);
+
+ if (firstChunk == lastChunk) {
+ const char16_t* chars = chunkChars(cx, holder, firstChunk);
+ if (!chars)
+ return nullptr;
+ return chars + firstChar;
+ }
+
+ // We need multiple chunks. Allocate a (null-terminated) buffer to hold
+ // |len| chars and copy uncompressed chars from the chunks into it. We use
+ // chunkChars() so we benefit from chunk caching by UncompressedSourceCache.
+
+ MOZ_ASSERT(firstChunk < lastChunk);
+
+ size_t lengthWithNull = len + 1;
+ UniqueTwoByteChars decompressed(js_pod_malloc<char16_t>(lengthWithNull));
+ if (!decompressed) {
+ JS_ReportOutOfMemory(cx);
+ return nullptr;
+ }
+
+ size_t totalLengthInBytes = length() * sizeof(char16_t);
+ char16_t* cursor = decompressed.get();
+
+ for (size_t i = firstChunk; i <= lastChunk; i++) {
+ UncompressedSourceCache::AutoHoldEntry chunkHolder;
+ const char16_t* chars = chunkChars(cx, chunkHolder, i);
+ if (!chars)
+ return nullptr;
+
+ size_t numChars = Compressor::chunkSize(totalLengthInBytes, i) / sizeof(char16_t);
+ if (i == firstChunk) {
+ MOZ_ASSERT(firstChar < numChars);
+ chars += firstChar;
+ numChars -= firstChar;
+ } else if (i == lastChunk) {
+ size_t numCharsNew = lastChunkOffset / sizeof(char16_t) + 1;
+ MOZ_ASSERT(numCharsNew <= numChars);
+ numChars = numCharsNew;
+ }
+ mozilla::PodCopy(cursor, chars, numChars);
+ cursor += numChars;
+ }
+
+ *cursor++ = '\0';
+ MOZ_ASSERT(size_t(cursor - decompressed.get()) == lengthWithNull);
+
+ // Transfer ownership to |holder|.
+ const char16_t* ret = decompressed.get();
+ holder.holdChars(Move(decompressed));
+ return ret;
+}
+
+JSFlatString*
+ScriptSource::substring(JSContext* cx, size_t start, size_t stop)
+{
+ MOZ_ASSERT(start <= stop);
+ size_t len = stop - start;
+ UncompressedSourceCache::AutoHoldEntry holder;
+ const char16_t* chars = this->chars(cx, holder, start, len);
+ if (!chars)
+ return nullptr;
+ return NewStringCopyN<CanGC>(cx, chars, len);
+}
+
+JSFlatString*
+ScriptSource::substringDontDeflate(JSContext* cx, size_t start, size_t stop)
+{
+ MOZ_ASSERT(start <= stop);
+ size_t len = stop - start;
+ UncompressedSourceCache::AutoHoldEntry holder;
+ const char16_t* chars = this->chars(cx, holder, start, len);
+ if (!chars)
+ return nullptr;
+ return NewStringCopyNDontDeflate<CanGC>(cx, chars, len);
+}
+
+MOZ_MUST_USE bool
+ScriptSource::setSource(ExclusiveContext* cx,
+ mozilla::UniquePtr<char16_t[], JS::FreePolicy>&& source,
+ size_t length)
+{
+ auto& cache = cx->zone()->runtimeFromAnyThread()->sharedImmutableStrings();
+ auto deduped = cache.getOrCreate(mozilla::Move(source), length);
+ if (!deduped) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ setSource(mozilla::Move(*deduped));
+ return true;
+}
+
+void
+ScriptSource::setSource(SharedImmutableTwoByteString&& string)
+{
+ MOZ_ASSERT(data.is<Missing>());
+ data = SourceType(Uncompressed(mozilla::Move(string)));
+}
+
+MOZ_MUST_USE bool
+ScriptSource::setCompressedSource(ExclusiveContext* cx,
+ mozilla::UniquePtr<char[], JS::FreePolicy>&& raw,
+ size_t rawLength,
+ size_t sourceLength)
+{
+ MOZ_ASSERT(raw);
+ auto& cache = cx->zone()->runtimeFromAnyThread()->sharedImmutableStrings();
+ auto deduped = cache.getOrCreate(mozilla::Move(raw), rawLength);
+ if (!deduped) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ setCompressedSource(mozilla::Move(*deduped), sourceLength);
+ return true;
+}
+
+void
+ScriptSource::setCompressedSource(SharedImmutableString&& raw, size_t uncompressedLength)
+{
+ MOZ_ASSERT(data.is<Missing>() || data.is<Uncompressed>());
+ MOZ_ASSERT_IF(data.is<Uncompressed>(),
+ data.as<Uncompressed>().string.length() == uncompressedLength);
+
+ data = SourceType(Compressed(mozilla::Move(raw), uncompressedLength));
+}
+
+bool
+ScriptSource::setSourceCopy(ExclusiveContext* cx, SourceBufferHolder& srcBuf,
+ bool argumentsNotIncluded, SourceCompressionTask* task)
+{
+ MOZ_ASSERT(!hasSourceData());
+ argumentsNotIncluded_ = argumentsNotIncluded;
+
+ auto& cache = cx->zone()->runtimeFromAnyThread()->sharedImmutableStrings();
+ auto deduped = cache.getOrCreate(srcBuf.get(), srcBuf.length(), [&]() {
+ return srcBuf.ownsChars()
+ ? mozilla::UniquePtr<char16_t[], JS::FreePolicy>(srcBuf.take())
+ : DuplicateString(srcBuf.get(), srcBuf.length());
+ });
+ if (!deduped) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ setSource(mozilla::Move(*deduped));
+
+ // There are several cases where source compression is not a good idea:
+ // - If the script is tiny, then compression will save little or no space.
+ // - If there is only one core, then compression will contend with JS
+ // execution (which hurts benchmarketing).
+ // - If the source contains a giant string, then parsing will finish much
+ // faster than compression which increases latency (this case is handled
+ // in Parser::stringLiteral).
+ //
+ // Lastly, since the parsing thread will eventually perform a blocking wait
+ // on the compression task's thread, require that there are at least 2
+ // helper threads:
+ // - If we are on a helper thread, there must be another helper thread to
+ // execute our compression task.
+ // - If we are on the main thread, there must be at least two helper
+ // threads since at most one helper thread can be blocking on the main
+ // thread (see HelperThreadState::canStartParseTask) which would cause a
+ // deadlock if there wasn't a second helper thread that could make
+ // progress on our compression task.
+ bool canCompressOffThread =
+ HelperThreadState().cpuCount > 1 &&
+ HelperThreadState().threadCount >= 2 &&
+ CanUseExtraThreads();
+ const size_t TINY_SCRIPT = 256;
+ if (TINY_SCRIPT <= srcBuf.length() && canCompressOffThread) {
+ task->ss = this;
+ if (!StartOffThreadCompression(cx, task))
+ return false;
+ }
+
+ return true;
+}
+
+static MOZ_MUST_USE bool
+reallocUniquePtr(UniquePtr<char[], JS::FreePolicy>& unique, size_t size)
+{
+ auto newPtr = static_cast<char*>(js_realloc(unique.get(), size));
+ if (!newPtr)
+ return false;
+
+ // Since the realloc succeeded, unique is now holding a freed pointer.
+ mozilla::Unused << unique.release();
+ unique.reset(newPtr);
+ return true;
+}
+
+SourceCompressionTask::ResultType
+SourceCompressionTask::work()
+{
+ MOZ_ASSERT(ss->data.is<ScriptSource::Uncompressed>());
+
+ // Try to keep the maximum memory usage down by only allocating half the
+ // size of the string, first.
+ size_t inputBytes = ss->length() * sizeof(char16_t);
+ size_t firstSize = inputBytes / 2;
+ mozilla::UniquePtr<char[], JS::FreePolicy> compressed(js_pod_malloc<char>(firstSize));
+ if (!compressed)
+ return OOM;
+
+ const char16_t* chars = ss->data.as<ScriptSource::Uncompressed>().string.chars();
+ Compressor comp(reinterpret_cast<const unsigned char*>(chars),
+ inputBytes);
+ if (!comp.init())
+ return OOM;
+
+ comp.setOutput(reinterpret_cast<unsigned char*>(compressed.get()), firstSize);
+ bool cont = true;
+ bool reallocated = false;
+ while (cont) {
+ if (abort_)
+ return Aborted;
+
+ switch (comp.compressMore()) {
+ case Compressor::CONTINUE:
+ break;
+ case Compressor::MOREOUTPUT: {
+ if (reallocated) {
+ // The compressed string is longer than the original string.
+ return Aborted;
+ }
+
+ // The compressed output is greater than half the size of the
+ // original string. Reallocate to the full size.
+ if (!reallocUniquePtr(compressed, inputBytes))
+ return OOM;
+
+ comp.setOutput(reinterpret_cast<unsigned char*>(compressed.get()), inputBytes);
+ reallocated = true;
+ break;
+ }
+ case Compressor::DONE:
+ cont = false;
+ break;
+ case Compressor::OOM:
+ return OOM;
+ }
+ }
+
+ size_t totalBytes = comp.totalBytesNeeded();
+
+ // Shrink the buffer to the size of the compressed data.
+ if (!reallocUniquePtr(compressed, totalBytes))
+ return OOM;
+
+ comp.finish(compressed.get(), totalBytes);
+
+ auto& strings = cx->sharedImmutableStrings();
+ resultString = strings.getOrCreate(mozilla::Move(compressed), totalBytes);
+ if (!resultString)
+ return OOM;
+
+ return Success;
+}
+
+void
+ScriptSource::addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf,
+ JS::ScriptSourceInfo* info) const
+{
+ info->misc += mallocSizeOf(this) +
+ mallocSizeOf(filename_.get()) +
+ mallocSizeOf(introducerFilename_.get());
+ info->numScripts++;
+}
+
+template<XDRMode mode>
+bool
+ScriptSource::performXDR(XDRState<mode>* xdr)
+{
+ struct CompressedLengthMatcher
+ {
+ size_t match(Uncompressed&) {
+ return 0;
+ }
+
+ size_t match(Compressed& c) {
+ return c.raw.length();
+ }
+
+ size_t match(Missing&) {
+ MOZ_CRASH("Missing source data in ScriptSource::performXDR");
+ return 0;
+ }
+ };
+
+ struct RawDataMatcher
+ {
+ void* match(Uncompressed& u) {
+ return (void*) u.string.chars();
+ }
+
+ void* match(Compressed& c) {
+ return (void*) c.raw.chars();
+ }
+
+ void* match(Missing&) {
+ MOZ_CRASH("Missing source data in ScriptSource::performXDR");
+ return nullptr;
+ }
+ };
+
+ uint8_t hasSource = hasSourceData();
+ if (!xdr->codeUint8(&hasSource))
+ return false;
+
+ uint8_t retrievable = sourceRetrievable_;
+ if (!xdr->codeUint8(&retrievable))
+ return false;
+ sourceRetrievable_ = retrievable;
+
+ if (hasSource && !sourceRetrievable_) {
+ uint32_t len = 0;
+ if (mode == XDR_ENCODE)
+ len = length();
+ if (!xdr->codeUint32(&len))
+ return false;
+
+ uint32_t compressedLength;
+ if (mode == XDR_ENCODE) {
+ CompressedLengthMatcher m;
+ compressedLength = data.match(m);
+ }
+ if (!xdr->codeUint32(&compressedLength))
+ return false;
+
+ {
+ uint8_t argumentsNotIncluded;
+ if (mode == XDR_ENCODE)
+ argumentsNotIncluded = argumentsNotIncluded_;
+ if (!xdr->codeUint8(&argumentsNotIncluded))
+ return false;
+ if (mode == XDR_DECODE)
+ argumentsNotIncluded_ = argumentsNotIncluded;
+ }
+
+ size_t byteLen = compressedLength ? compressedLength : (len * sizeof(char16_t));
+ if (mode == XDR_DECODE) {
+ uint8_t* p = xdr->cx()->template pod_malloc<uint8_t>(Max<size_t>(byteLen, 1));
+ if (!p || !xdr->codeBytes(p, byteLen)) {
+ js_free(p);
+ return false;
+ }
+
+ if (compressedLength) {
+ mozilla::UniquePtr<char[], JS::FreePolicy> compressedSource(
+ reinterpret_cast<char*>(p));
+ if (!setCompressedSource(xdr->cx(), mozilla::Move(compressedSource), byteLen, len))
+ return false;
+ } else {
+ mozilla::UniquePtr<char16_t[], JS::FreePolicy> source(
+ reinterpret_cast<char16_t*>(p));
+ if (!setSource(xdr->cx(), mozilla::Move(source), len))
+ return false;
+ }
+ } else {
+ RawDataMatcher rdm;
+ void* p = data.match(rdm);
+ if (!xdr->codeBytes(p, byteLen))
+ return false;
+ }
+ }
+
+ uint8_t haveSourceMap = hasSourceMapURL();
+ if (!xdr->codeUint8(&haveSourceMap))
+ return false;
+
+ if (haveSourceMap) {
+ uint32_t sourceMapURLLen = (mode == XDR_DECODE) ? 0 : js_strlen(sourceMapURL_.get());
+ if (!xdr->codeUint32(&sourceMapURLLen))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ sourceMapURL_ = xdr->cx()->template make_pod_array<char16_t>(sourceMapURLLen + 1);
+ if (!sourceMapURL_)
+ return false;
+ }
+ if (!xdr->codeChars(sourceMapURL_.get(), sourceMapURLLen)) {
+ if (mode == XDR_DECODE)
+ sourceMapURL_ = nullptr;
+ return false;
+ }
+ sourceMapURL_[sourceMapURLLen] = '\0';
+ }
+
+ uint8_t haveDisplayURL = hasDisplayURL();
+ if (!xdr->codeUint8(&haveDisplayURL))
+ return false;
+
+ if (haveDisplayURL) {
+ uint32_t displayURLLen = (mode == XDR_DECODE) ? 0 : js_strlen(displayURL_.get());
+ if (!xdr->codeUint32(&displayURLLen))
+ return false;
+
+ if (mode == XDR_DECODE) {
+ displayURL_ = xdr->cx()->template make_pod_array<char16_t>(displayURLLen + 1);
+ if (!displayURL_)
+ return false;
+ }
+ if (!xdr->codeChars(displayURL_.get(), displayURLLen)) {
+ if (mode == XDR_DECODE)
+ displayURL_ = nullptr;
+ return false;
+ }
+ displayURL_[displayURLLen] = '\0';
+ }
+
+ uint8_t haveFilename = !!filename_;
+ if (!xdr->codeUint8(&haveFilename))
+ return false;
+
+ if (haveFilename) {
+ const char* fn = filename();
+ if (!xdr->codeCString(&fn))
+ return false;
+ if (mode == XDR_DECODE && !setFilename(xdr->cx(), fn))
+ return false;
+ }
+
+ return true;
+}
+
+// Format and return a cx->zone()->pod_malloc'ed URL for a generated script like:
+// {filename} line {lineno} > {introducer}
+// For example:
+// foo.js line 7 > eval
+// indicating code compiled by the call to 'eval' on line 7 of foo.js.
+static char*
+FormatIntroducedFilename(ExclusiveContext* cx, const char* filename, unsigned lineno,
+ const char* introducer)
+{
+ // Compute the length of the string in advance, so we can allocate a
+ // buffer of the right size on the first shot.
+ //
+ // (JS_smprintf would be perfect, as that allocates the result
+ // dynamically as it formats the string, but it won't allocate from cx,
+ // and wants us to use a special free function.)
+ char linenoBuf[15];
+ size_t filenameLen = strlen(filename);
+ size_t linenoLen = SprintfLiteral(linenoBuf, "%u", lineno);
+ size_t introducerLen = strlen(introducer);
+ size_t len = filenameLen +
+ 6 /* == strlen(" line ") */ +
+ linenoLen +
+ 3 /* == strlen(" > ") */ +
+ introducerLen +
+ 1 /* \0 */;
+ char* formatted = cx->zone()->pod_malloc<char>(len);
+ if (!formatted) {
+ ReportOutOfMemory(cx);
+ return nullptr;
+ }
+ mozilla::DebugOnly<size_t> checkLen = snprintf(formatted, len, "%s line %s > %s",
+ filename, linenoBuf, introducer);
+ MOZ_ASSERT(checkLen == len - 1);
+
+ return formatted;
+}
+
+bool
+ScriptSource::initFromOptions(ExclusiveContext* cx, const ReadOnlyCompileOptions& options)
+{
+ MOZ_ASSERT(!filename_);
+ MOZ_ASSERT(!introducerFilename_);
+
+ mutedErrors_ = options.mutedErrors();
+
+ introductionType_ = options.introductionType;
+ setIntroductionOffset(options.introductionOffset);
+
+ if (options.hasIntroductionInfo) {
+ MOZ_ASSERT(options.introductionType != nullptr);
+ const char* filename = options.filename() ? options.filename() : "<unknown>";
+ char* formatted = FormatIntroducedFilename(cx, filename, options.introductionLineno,
+ options.introductionType);
+ if (!formatted)
+ return false;
+ filename_.reset(formatted);
+ } else if (options.filename()) {
+ if (!setFilename(cx, options.filename()))
+ return false;
+ }
+
+ if (options.introducerFilename()) {
+ introducerFilename_ = DuplicateString(cx, options.introducerFilename());
+ if (!introducerFilename_)
+ return false;
+ }
+
+ return true;
+}
+
+bool
+ScriptSource::setFilename(ExclusiveContext* cx, const char* filename)
+{
+ MOZ_ASSERT(!filename_);
+ filename_ = DuplicateString(cx, filename);
+ return filename_ != nullptr;
+}
+
+bool
+ScriptSource::setDisplayURL(ExclusiveContext* cx, const char16_t* displayURL)
+{
+ MOZ_ASSERT(displayURL);
+ if (hasDisplayURL()) {
+ // FIXME: filename_.get() should be UTF-8 (bug 987069).
+ if (cx->isJSContext() &&
+ !JS_ReportErrorFlagsAndNumberLatin1(cx->asJSContext(), JSREPORT_WARNING,
+ GetErrorMessage, nullptr,
+ JSMSG_ALREADY_HAS_PRAGMA, filename_.get(),
+ "//# sourceURL"))
+ {
+ return false;
+ }
+ }
+ size_t len = js_strlen(displayURL) + 1;
+ if (len == 1)
+ return true;
+
+ displayURL_ = DuplicateString(cx, displayURL);
+ return displayURL_ != nullptr;
+}
+
+bool
+ScriptSource::setSourceMapURL(ExclusiveContext* cx, const char16_t* sourceMapURL)
+{
+ MOZ_ASSERT(sourceMapURL);
+
+ size_t len = js_strlen(sourceMapURL) + 1;
+ if (len == 1)
+ return true;
+
+ sourceMapURL_ = DuplicateString(cx, sourceMapURL);
+ return sourceMapURL_ != nullptr;
+}
+
+/*
+ * Shared script data management.
+ */
+
+SharedScriptData*
+js::SharedScriptData::new_(ExclusiveContext* cx, uint32_t codeLength,
+ uint32_t srcnotesLength, uint32_t natoms)
+{
+ uint32_t dataLength = natoms * sizeof(GCPtrAtom) + codeLength + srcnotesLength;
+ uint32_t allocLength = offsetof(SharedScriptData, data_) + dataLength;
+ auto entry = reinterpret_cast<SharedScriptData*>(cx->zone()->pod_malloc<uint8_t>(allocLength));
+ if (!entry) {
+ ReportOutOfMemory(cx);
+ return nullptr;
+ }
+
+ entry->refCount_ = 0;
+ entry->dataLength_ = dataLength;
+ entry->natoms_ = natoms;
+ entry->codeLength_ = codeLength;
+
+ /*
+ * Call constructors to initialize the storage that will be accessed as a
+ * GCPtrAtom array via atoms().
+ */
+ GCPtrAtom* atoms = entry->atoms();
+ MOZ_ASSERT(reinterpret_cast<uintptr_t>(atoms) % sizeof(GCPtrAtom*) == 0);
+ for (unsigned i = 0; i < natoms; ++i)
+ new (&atoms[i]) GCPtrAtom();
+
+ return entry;
+}
+
+bool
+JSScript::createScriptData(ExclusiveContext* cx, uint32_t codeLength, uint32_t srcnotesLength,
+ uint32_t natoms)
+{
+ MOZ_ASSERT(!scriptData());
+ SharedScriptData* ssd = SharedScriptData::new_(cx, codeLength, srcnotesLength, natoms);
+ if (!ssd)
+ return false;
+
+ setScriptData(ssd);
+ return true;
+}
+
+void
+JSScript::freeScriptData()
+{
+ MOZ_ASSERT(scriptData_->refCount() == 1);
+ scriptData_->decRefCount();
+ scriptData_ = nullptr;
+}
+
+void
+JSScript::setScriptData(js::SharedScriptData* data)
+{
+ MOZ_ASSERT(!scriptData_);
+ scriptData_ = data;
+ scriptData_->incRefCount();
+}
+
+/*
+ * Takes ownership of its *ssd parameter and either adds it into the runtime's
+ * ScriptDataTable or frees it if a matching entry already exists.
+ *
+ * Sets the |code| and |atoms| fields on the given JSScript.
+ */
+bool
+JSScript::shareScriptData(ExclusiveContext* cx)
+{
+ SharedScriptData* ssd = scriptData();
+ MOZ_ASSERT(ssd);
+ MOZ_ASSERT(ssd->refCount() == 1);
+
+ AutoLockForExclusiveAccess lock(cx);
+
+ ScriptBytecodeHasher::Lookup l(ssd);
+
+ ScriptDataTable::AddPtr p = cx->scriptDataTable(lock).lookupForAdd(l);
+ if (p) {
+ MOZ_ASSERT(ssd != *p);
+ freeScriptData();
+ setScriptData(*p);
+ } else {
+ if (!cx->scriptDataTable(lock).add(p, ssd)) {
+ freeScriptData();
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ // Being in the table counts as a reference on the script data.
+ scriptData()->incRefCount();
+ }
+
+ MOZ_ASSERT(scriptData()->refCount() >= 2);
+ return true;
+}
+
+void
+js::SweepScriptData(JSRuntime* rt, AutoLockForExclusiveAccess& lock)
+{
+ // Entries are removed from the table when their reference count is one,
+ // i.e. when the only reference to them is from the table entry.
+
+ ScriptDataTable& table = rt->scriptDataTable(lock);
+
+ for (ScriptDataTable::Enum e(table); !e.empty(); e.popFront()) {
+ SharedScriptData* scriptData = e.front();
+ if (scriptData->refCount() == 1) {
+ scriptData->decRefCount();
+ e.removeFront();
+ }
+ }
+}
+
+void
+js::FreeScriptData(JSRuntime* rt, AutoLockForExclusiveAccess& lock)
+{
+ ScriptDataTable& table = rt->scriptDataTable(lock);
+ if (!table.initialized())
+ return;
+
+ // The table should be empty unless the embedding leaked GC things.
+ MOZ_ASSERT_IF(rt->gc.shutdownCollectedEverything(), table.empty());
+
+ for (ScriptDataTable::Enum e(table); !e.empty(); e.popFront()) {
+#ifdef DEBUG
+ SharedScriptData* scriptData = e.front();
+ fprintf(stderr, "ERROR: GC found live SharedScriptData %p with ref count %d at shutdown\n",
+ scriptData, scriptData->refCount());
+#endif
+ js_free(e.front());
+ }
+
+ table.clear();
+}
+
+/*
+ * JSScript::data and SharedScriptData::data have complex,
+ * manually-controlled, memory layouts.
+ *
+ * JSScript::data begins with some optional array headers. They are optional
+ * because they often aren't needed, i.e. the corresponding arrays often have
+ * zero elements. Each header has a bit in JSScript::hasArrayBits that
+ * indicates if it's present within |data|; from this the offset of each
+ * present array header can be computed. Each header has an accessor function
+ * in JSScript that encapsulates this offset computation.
+ *
+ * Array type Array elements Accessor
+ * ---------- -------------- --------
+ * ConstArray Consts consts()
+ * ObjectArray Objects objects()
+ * ObjectArray Regexps regexps()
+ * TryNoteArray Try notes trynotes()
+ * ScopeNoteArray Scope notes scopeNotes()
+ *
+ * Then are the elements of several arrays.
+ * - Most of these arrays have headers listed above (if present). For each of
+ * these, the array pointer and the array length is stored in the header.
+ * - The remaining arrays have pointers and lengths that are stored directly in
+ * JSScript. This is because, unlike the others, they are nearly always
+ * non-zero length and so the optional-header space optimization isn't
+ * worthwhile.
+ *
+ * Array elements Pointed to by Length
+ * -------------- ------------- ------
+ * Consts consts()->vector consts()->length
+ * Objects objects()->vector objects()->length
+ * Regexps regexps()->vector regexps()->length
+ * Try notes trynotes()->vector trynotes()->length
+ * Scope notes scopeNotes()->vector scopeNotes()->length
+ *
+ * IMPORTANT: This layout has two key properties.
+ * - It ensures that everything has sufficient alignment; in particular, the
+ * consts() elements need Value alignment.
+ * - It ensures there are no gaps between elements, which saves space and makes
+ * manual layout easy. In particular, in the second part, arrays with larger
+ * elements precede arrays with smaller elements.
+ *
+ * SharedScriptData::data contains data that can be shared within a
+ * runtime. These items' layout is manually controlled to make it easier to
+ * manage both during (temporary) allocation and during matching against
+ * existing entries in the runtime. As the jsbytecode has to come first to
+ * enable lookup by bytecode identity, SharedScriptData::data, the atoms part
+ * has to manually be aligned sufficiently by adding padding after the notes
+ * part.
+ *
+ * Array elements Pointed to by Length
+ * -------------- ------------- ------
+ * jsbytecode code length
+ * jsscrnote notes() numNotes()
+ * Atoms atoms natoms
+ *
+ * The following static assertions check JSScript::data's alignment properties.
+ */
+
+template<class T>
+constexpr bool
+KeepsValueAlignment() {
+ return alignof(JS::Value) % alignof(T) == 0 &&
+ sizeof(T) % sizeof(JS::Value) == 0;
+}
+
+template<class T>
+constexpr bool
+HasValueAlignment() {
+ return alignof(JS::Value) == alignof(T) &&
+ sizeof(T) == sizeof(JS::Value);
+}
+
+template<class T1, class T2>
+constexpr bool
+NoPaddingBetweenEntries() {
+ return alignof(T1) % alignof(T2) == 0;
+}
+
+/*
+ * These assertions ensure that there is no padding between the array headers,
+ * and also that the consts() elements (which follow immediately afterward) are
+ * Value-aligned. (There is an assumption that |data| itself is Value-aligned;
+ * we check this below).
+ */
+JS_STATIC_ASSERT(KeepsValueAlignment<ConstArray>());
+JS_STATIC_ASSERT(KeepsValueAlignment<ObjectArray>()); /* there are two of these */
+JS_STATIC_ASSERT(KeepsValueAlignment<TryNoteArray>());
+JS_STATIC_ASSERT(KeepsValueAlignment<ScopeNoteArray>());
+
+/* These assertions ensure there is no padding required between array elements. */
+JS_STATIC_ASSERT(HasValueAlignment<GCPtrValue>());
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<GCPtrValue, GCPtrObject>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<GCPtrObject, GCPtrObject>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<GCPtrObject, JSTryNote>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<JSTryNote, uint32_t>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<uint32_t, uint32_t>()));
+
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<GCPtrValue, ScopeNote>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<ScopeNote, ScopeNote>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<JSTryNote, ScopeNote>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<GCPtrObject, ScopeNote>()));
+JS_STATIC_ASSERT((NoPaddingBetweenEntries<ScopeNote, uint32_t>()));
+
+static inline size_t
+ScriptDataSize(uint32_t nscopes, uint32_t nconsts, uint32_t nobjects,
+ uint32_t ntrynotes, uint32_t nscopenotes, uint32_t nyieldoffsets)
+{
+ size_t size = 0;
+
+ MOZ_ASSERT(nscopes != 0);
+ size += sizeof(ScopeArray) + nscopes * sizeof(Scope*);
+ if (nconsts != 0)
+ size += sizeof(ConstArray) + nconsts * sizeof(Value);
+ if (nobjects != 0)
+ size += sizeof(ObjectArray) + nobjects * sizeof(NativeObject*);
+ if (ntrynotes != 0)
+ size += sizeof(TryNoteArray) + ntrynotes * sizeof(JSTryNote);
+ if (nscopenotes != 0)
+ size += sizeof(ScopeNoteArray) + nscopenotes * sizeof(ScopeNote);
+ if (nyieldoffsets != 0)
+ size += sizeof(YieldOffsetArray) + nyieldoffsets * sizeof(uint32_t);
+
+ return size;
+}
+
+void
+JSScript::initCompartment(ExclusiveContext* cx)
+{
+ compartment_ = cx->compartment_;
+}
+
+/* static */ JSScript*
+JSScript::Create(ExclusiveContext* cx, const ReadOnlyCompileOptions& options,
+ HandleObject sourceObject, uint32_t bufStart, uint32_t bufEnd)
+{
+ MOZ_ASSERT(bufStart <= bufEnd);
+
+ RootedScript script(cx, Allocate<JSScript>(cx));
+ if (!script)
+ return nullptr;
+
+ PodZero(script.get());
+
+ script->initCompartment(cx);
+
+ script->selfHosted_ = options.selfHostingMode;
+ script->noScriptRval_ = options.noScriptRval;
+ script->treatAsRunOnce_ = options.isRunOnce;
+
+ script->version = options.version;
+ MOZ_ASSERT(script->getVersion() == options.version); // assert that no overflow occurred
+
+ script->setSourceObject(sourceObject);
+ script->sourceStart_ = bufStart;
+ script->sourceEnd_ = bufEnd;
+
+ return script;
+}
+
+static inline uint8_t*
+AllocScriptData(JS::Zone* zone, size_t size)
+{
+ if (!size)
+ return nullptr;
+
+ uint8_t* data = zone->pod_calloc<uint8_t>(JS_ROUNDUP(size, sizeof(Value)));
+ if (!data)
+ return nullptr;
+ MOZ_ASSERT(size_t(data) % sizeof(Value) == 0);
+ return data;
+}
+
+/* static */ bool
+JSScript::partiallyInit(ExclusiveContext* cx, HandleScript script, uint32_t nscopes,
+ uint32_t nconsts, uint32_t nobjects, uint32_t ntrynotes,
+ uint32_t nscopenotes, uint32_t nyieldoffsets, uint32_t nTypeSets)
+{
+ size_t size = ScriptDataSize(nscopes, nconsts, nobjects, ntrynotes,
+ nscopenotes, nyieldoffsets);
+ script->data = AllocScriptData(script->zone(), size);
+ if (size && !script->data) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+ script->dataSize_ = size;
+
+ MOZ_ASSERT(nTypeSets <= UINT16_MAX);
+ script->nTypeSets_ = uint16_t(nTypeSets);
+
+ uint8_t* cursor = script->data;
+
+ // There must always be at least 1 scope, the body scope.
+ MOZ_ASSERT(nscopes != 0);
+ cursor += sizeof(ScopeArray);
+
+ if (nconsts != 0) {
+ script->setHasArray(CONSTS);
+ cursor += sizeof(ConstArray);
+ }
+ if (nobjects != 0) {
+ script->setHasArray(OBJECTS);
+ cursor += sizeof(ObjectArray);
+ }
+
+ if (ntrynotes != 0) {
+ script->setHasArray(TRYNOTES);
+ cursor += sizeof(TryNoteArray);
+ }
+ if (nscopenotes != 0) {
+ script->setHasArray(SCOPENOTES);
+ cursor += sizeof(ScopeNoteArray);
+ }
+
+ YieldOffsetArray* yieldOffsets = nullptr;
+ if (nyieldoffsets != 0) {
+ yieldOffsets = reinterpret_cast<YieldOffsetArray*>(cursor);
+ cursor += sizeof(YieldOffsetArray);
+ }
+
+ if (nconsts != 0) {
+ MOZ_ASSERT(reinterpret_cast<uintptr_t>(cursor) % sizeof(JS::Value) == 0);
+ script->consts()->length = nconsts;
+ script->consts()->vector = (GCPtrValue*)cursor;
+ cursor += nconsts * sizeof(script->consts()->vector[0]);
+ }
+
+ script->scopes()->length = nscopes;
+ script->scopes()->vector = (GCPtrScope*)cursor;
+ cursor += nscopes * sizeof(script->scopes()->vector[0]);
+
+ if (nobjects != 0) {
+ script->objects()->length = nobjects;
+ script->objects()->vector = (GCPtrObject*)cursor;
+ cursor += nobjects * sizeof(script->objects()->vector[0]);
+ }
+
+ if (ntrynotes != 0) {
+ script->trynotes()->length = ntrynotes;
+ script->trynotes()->vector = reinterpret_cast<JSTryNote*>(cursor);
+ size_t vectorSize = ntrynotes * sizeof(script->trynotes()->vector[0]);
+#ifdef DEBUG
+ memset(cursor, 0, vectorSize);
+#endif
+ cursor += vectorSize;
+ }
+
+ if (nscopenotes != 0) {
+ script->scopeNotes()->length = nscopenotes;
+ script->scopeNotes()->vector = reinterpret_cast<ScopeNote*>(cursor);
+ size_t vectorSize = nscopenotes * sizeof(script->scopeNotes()->vector[0]);
+#ifdef DEBUG
+ memset(cursor, 0, vectorSize);
+#endif
+ cursor += vectorSize;
+ }
+
+ if (nyieldoffsets != 0) {
+ yieldOffsets->init(reinterpret_cast<uint32_t*>(cursor), nyieldoffsets);
+ size_t vectorSize = nyieldoffsets * sizeof(script->yieldOffsets()[0]);
+#ifdef DEBUG
+ memset(cursor, 0, vectorSize);
+#endif
+ cursor += vectorSize;
+ }
+
+ MOZ_ASSERT(cursor == script->data + size);
+ return true;
+}
+
+/* static */ bool
+JSScript::initFunctionPrototype(ExclusiveContext* cx, Handle<JSScript*> script,
+ HandleFunction functionProto)
+{
+ uint32_t numScopes = 1;
+ uint32_t numConsts = 0;
+ uint32_t numObjects = 0;
+ uint32_t numTryNotes = 0;
+ uint32_t numScopeNotes = 0;
+ uint32_t numYieldOffsets = 0;
+ uint32_t numTypeSets = 0;
+ if (!partiallyInit(cx, script, numScopes, numConsts, numObjects, numTryNotes,
+ numScopeNotes, numYieldOffsets, numTypeSets))
+ {
+ return false;
+ }
+
+ RootedScope enclosing(cx, &cx->global()->emptyGlobalScope());
+ Scope* functionProtoScope = FunctionScope::create(cx, nullptr, false, false, functionProto,
+ enclosing);
+ if (!functionProtoScope)
+ return false;
+ script->scopes()->vector[0].init(functionProtoScope);
+
+ uint32_t codeLength = 1;
+ uint32_t srcNotesLength = 1;
+ uint32_t numAtoms = 0;
+ if (!script->createScriptData(cx, codeLength, srcNotesLength, numAtoms))
+ return false;
+
+ jsbytecode* code = script->code();
+ code[0] = JSOP_RETRVAL;
+ code[1] = SRC_NULL;
+ return script->shareScriptData(cx);
+}
+
+static void
+InitAtomMap(frontend::AtomIndexMap& indices, GCPtrAtom* atoms)
+{
+ for (AtomIndexMap::Range r = indices.all(); !r.empty(); r.popFront()) {
+ JSAtom* atom = r.front().key();
+ uint32_t index = r.front().value();
+ MOZ_ASSERT(index < indices.count());
+ atoms[index].init(atom);
+ }
+}
+
+/* static */ void
+JSScript::initFromFunctionBox(ExclusiveContext* cx, HandleScript script,
+ frontend::FunctionBox* funbox)
+{
+ JSFunction* fun = funbox->function();
+ if (fun->isInterpretedLazy())
+ fun->setUnlazifiedScript(script);
+ else
+ fun->setScript(script);
+
+ script->funHasExtensibleScope_ = funbox->hasExtensibleScope();
+ script->needsHomeObject_ = funbox->needsHomeObject();
+ script->isDerivedClassConstructor_ = funbox->isDerivedClassConstructor();
+
+ if (funbox->argumentsHasLocalBinding()) {
+ script->setArgumentsHasVarBinding();
+ if (funbox->definitelyNeedsArgsObj())
+ script->setNeedsArgsObj(true);
+ } else {
+ MOZ_ASSERT(!funbox->definitelyNeedsArgsObj());
+ }
+ script->hasMappedArgsObj_ = funbox->hasMappedArgsObj();
+
+ script->functionHasThisBinding_ = funbox->hasThisBinding();
+ script->functionHasExtraBodyVarScope_ = funbox->hasExtraBodyVarScope();
+
+ script->funLength_ = funbox->length;
+
+ script->isGeneratorExp_ = funbox->isGenexpLambda;
+ script->setGeneratorKind(funbox->generatorKind());
+ script->setAsyncKind(funbox->asyncKind());
+
+ PositionalFormalParameterIter fi(script);
+ while (fi && !fi.closedOver())
+ fi++;
+ script->funHasAnyAliasedFormal_ = !!fi;
+
+ script->setHasInnerFunctions(funbox->hasInnerFunctions());
+}
+
+/* static */ void
+JSScript::initFromModuleContext(ExclusiveContext* cx, HandleScript script,
+ frontend::ModuleSharedContext* modulesc)
+{
+ script->funHasExtensibleScope_ = false;
+ script->needsHomeObject_ = false;
+ script->isDerivedClassConstructor_ = false;
+ script->funLength_ = 0;
+
+ script->isGeneratorExp_ = false;
+ script->setGeneratorKind(NotGenerator);
+
+ // Since modules are only run once, mark the script so that initializers
+ // created within it may be given more precise types.
+ script->setTreatAsRunOnce();
+ MOZ_ASSERT(!script->hasRunOnce());
+}
+
+/* static */ bool
+JSScript::fullyInitFromEmitter(ExclusiveContext* cx, HandleScript script, BytecodeEmitter* bce)
+{
+ /* The counts of indexed things must be checked during code generation. */
+ MOZ_ASSERT(bce->atomIndices->count() <= INDEX_LIMIT);
+ MOZ_ASSERT(bce->objectList.length <= INDEX_LIMIT);
+
+ uint32_t mainLength = bce->offset();
+ uint32_t prologueLength = bce->prologueOffset();
+ uint32_t nsrcnotes;
+ if (!bce->finishTakingSrcNotes(&nsrcnotes))
+ return false;
+ uint32_t natoms = bce->atomIndices->count();
+ if (!partiallyInit(cx, script,
+ bce->scopeList.length(), bce->constList.length(), bce->objectList.length,
+ bce->tryNoteList.length(), bce->scopeNoteList.length(),
+ bce->yieldOffsetList.length(), bce->typesetCount))
+ {
+ return false;
+ }
+
+ MOZ_ASSERT(script->mainOffset() == 0);
+ script->mainOffset_ = prologueLength;
+
+ script->lineno_ = bce->firstLine;
+
+ if (!script->createScriptData(cx, prologueLength + mainLength, nsrcnotes, natoms))
+ return false;
+
+ jsbytecode* code = script->code();
+ PodCopy<jsbytecode>(code, bce->prologue.code.begin(), prologueLength);
+ PodCopy<jsbytecode>(code + prologueLength, bce->main.code.begin(), mainLength);
+ bce->copySrcNotes((jssrcnote*)(code + script->length()), nsrcnotes);
+ InitAtomMap(*bce->atomIndices, script->atoms());
+
+ if (!script->shareScriptData(cx))
+ return false;
+
+ if (bce->constList.length() != 0)
+ bce->constList.finish(script->consts());
+ if (bce->objectList.length != 0)
+ bce->objectList.finish(script->objects());
+ if (bce->scopeList.length() != 0)
+ bce->scopeList.finish(script->scopes());
+ if (bce->tryNoteList.length() != 0)
+ bce->tryNoteList.finish(script->trynotes());
+ if (bce->scopeNoteList.length() != 0)
+ bce->scopeNoteList.finish(script->scopeNotes(), prologueLength);
+ script->strict_ = bce->sc->strict();
+ script->explicitUseStrict_ = bce->sc->hasExplicitUseStrict();
+ script->bindingsAccessedDynamically_ = bce->sc->bindingsAccessedDynamically();
+ script->hasSingletons_ = bce->hasSingletons;
+
+ uint64_t nslots = bce->maxFixedSlots + static_cast<uint64_t>(bce->maxStackDepth);
+ if (nslots > UINT32_MAX) {
+ bce->reportError(nullptr, JSMSG_NEED_DIET, js_script_str);
+ return false;
+ }
+
+ script->nfixed_ = bce->maxFixedSlots;
+ script->nslots_ = nslots;
+ script->bodyScopeIndex_ = bce->bodyScopeIndex;
+ script->hasNonSyntacticScope_ = bce->outermostScope()->hasOnChain(ScopeKind::NonSyntactic);
+
+ if (bce->sc->isFunctionBox())
+ initFromFunctionBox(cx, script, bce->sc->asFunctionBox());
+ else if (bce->sc->isModuleContext())
+ initFromModuleContext(cx, script, bce->sc->asModuleContext());
+
+ // Copy yield offsets last, as the generator kind is set in
+ // initFromFunctionBox.
+ if (bce->yieldOffsetList.length() != 0)
+ bce->yieldOffsetList.finish(script->yieldOffsets(), prologueLength);
+
+#ifdef DEBUG
+ script->assertValidJumpTargets();
+#endif
+
+ return true;
+}
+
+#ifdef DEBUG
+void
+JSScript::assertValidJumpTargets() const
+{
+ jsbytecode* end = codeEnd();
+ jsbytecode* mainEntry = main();
+ for (jsbytecode* pc = code(); pc != end; pc = GetNextPc(pc)) {
+ // Check jump instructions' target.
+ if (IsJumpOpcode(JSOp(*pc))) {
+ jsbytecode* target = pc + GET_JUMP_OFFSET(pc);
+ MOZ_ASSERT(mainEntry <= target && target < end);
+ MOZ_ASSERT(BytecodeIsJumpTarget(JSOp(*target)));
+
+ // Check fallthrough of conditional jump instructions.
+ if (BytecodeFallsThrough(JSOp(*pc))) {
+ jsbytecode* fallthrough = GetNextPc(pc);
+ MOZ_ASSERT(mainEntry <= fallthrough && fallthrough < end);
+ MOZ_ASSERT(BytecodeIsJumpTarget(JSOp(*fallthrough)));
+ }
+ }
+
+ // Check table switch case labels.
+ if (JSOp(*pc) == JSOP_TABLESWITCH) {
+ jsbytecode* pc2 = pc;
+ int32_t len = GET_JUMP_OFFSET(pc2);
+
+ // Default target.
+ MOZ_ASSERT(mainEntry <= pc + len && pc + len < end);
+ MOZ_ASSERT(BytecodeIsJumpTarget(JSOp(*(pc + len))));
+
+ pc2 += JUMP_OFFSET_LEN;
+ int32_t low = GET_JUMP_OFFSET(pc2);
+ pc2 += JUMP_OFFSET_LEN;
+ int32_t high = GET_JUMP_OFFSET(pc2);
+
+ for (int i = 0; i < high - low + 1; i++) {
+ pc2 += JUMP_OFFSET_LEN;
+ int32_t off = (int32_t) GET_JUMP_OFFSET(pc2);
+ // Case (i + low)
+ MOZ_ASSERT_IF(off, mainEntry <= pc + off && pc + off < end);
+ MOZ_ASSERT_IF(off, BytecodeIsJumpTarget(JSOp(*(pc + off))));
+ }
+ }
+ }
+
+ // Check catch/finally blocks as jump targets.
+ if (hasTrynotes()) {
+ JSTryNote* tn = trynotes()->vector;
+ JSTryNote* tnlimit = tn + trynotes()->length;
+ for (; tn < tnlimit; tn++) {
+ jsbytecode* tryStart = mainEntry + tn->start;
+ jsbytecode* tryPc = tryStart - 1;
+ if (JSOp(*tryPc) != JSOP_TRY)
+ continue;
+
+ jsbytecode* tryTarget = tryStart + tn->length;
+ MOZ_ASSERT(mainEntry <= tryTarget && tryTarget < end);
+ MOZ_ASSERT(BytecodeIsJumpTarget(JSOp(*tryTarget)));
+ }
+ }
+}
+#endif
+
+size_t
+JSScript::computedSizeOfData() const
+{
+ return dataSize();
+}
+
+size_t
+JSScript::sizeOfData(mozilla::MallocSizeOf mallocSizeOf) const
+{
+ return mallocSizeOf(data);
+}
+
+size_t
+JSScript::sizeOfTypeScript(mozilla::MallocSizeOf mallocSizeOf) const
+{
+ return types_->sizeOfIncludingThis(mallocSizeOf);
+}
+
+/*
+ * Nb: srcnotes are variable-length. This function computes the number of
+ * srcnote *slots*, which may be greater than the number of srcnotes.
+ */
+uint32_t
+JSScript::numNotes()
+{
+ jssrcnote* sn;
+ jssrcnote* notes_ = notes();
+ for (sn = notes_; !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn))
+ continue;
+ return sn - notes_ + 1; /* +1 for the terminator */
+}
+
+js::GlobalObject&
+JSScript::uninlinedGlobal() const
+{
+ return global();
+}
+
+void
+JSScript::finalize(FreeOp* fop)
+{
+ // NOTE: this JSScript may be partially initialized at this point. E.g. we
+ // may have created it and partially initialized it with
+ // JSScript::Create(), but not yet finished initializing it with
+ // fullyInitFromEmitter() or fullyInitTrivial().
+
+ // Collect code coverage information for this script and all its inner
+ // scripts, and store the aggregated information on the compartment.
+ if (fop->runtime()->lcovOutput.isEnabled())
+ compartment()->lcovOutput.collectCodeCoverageInfo(compartment(), sourceObject(), this);
+
+ fop->runtime()->spsProfiler.onScriptFinalized(this);
+
+ if (types_)
+ types_->destroy();
+
+ jit::DestroyJitScripts(fop, this);
+
+ destroyScriptCounts(fop);
+ destroyDebugScript(fop);
+
+ if (data) {
+ JS_POISON(data, 0xdb, computedSizeOfData());
+ fop->free_(data);
+ }
+
+ if (scriptData_)
+ scriptData_->decRefCount();
+
+ fop->runtime()->contextFromMainThread()->caches.lazyScriptCache.remove(this);
+
+ // In most cases, our LazyScript's script pointer will reference this
+ // script, and thus be nulled out by normal weakref processing. However, if
+ // we unlazified the LazyScript during incremental sweeping, it will have a
+ // completely different JSScript.
+ MOZ_ASSERT_IF(lazyScript && !IsAboutToBeFinalizedUnbarriered(&lazyScript),
+ !lazyScript->hasScript() || lazyScript->maybeScriptUnbarriered() != this);
+}
+
+static const uint32_t GSN_CACHE_THRESHOLD = 100;
+
+void
+GSNCache::purge()
+{
+ code = nullptr;
+ if (map.initialized())
+ map.finish();
+}
+
+jssrcnote*
+js::GetSrcNote(GSNCache& cache, JSScript* script, jsbytecode* pc)
+{
+ size_t target = pc - script->code();
+ if (target >= script->length())
+ return nullptr;
+
+ if (cache.code == script->code()) {
+ MOZ_ASSERT(cache.map.initialized());
+ GSNCache::Map::Ptr p = cache.map.lookup(pc);
+ return p ? p->value() : nullptr;
+ }
+
+ size_t offset = 0;
+ jssrcnote* result;
+ for (jssrcnote* sn = script->notes(); ; sn = SN_NEXT(sn)) {
+ if (SN_IS_TERMINATOR(sn)) {
+ result = nullptr;
+ break;
+ }
+ offset += SN_DELTA(sn);
+ if (offset == target && SN_IS_GETTABLE(sn)) {
+ result = sn;
+ break;
+ }
+ }
+
+ if (cache.code != script->code() && script->length() >= GSN_CACHE_THRESHOLD) {
+ unsigned nsrcnotes = 0;
+ for (jssrcnote* sn = script->notes(); !SN_IS_TERMINATOR(sn);
+ sn = SN_NEXT(sn))
+ {
+ if (SN_IS_GETTABLE(sn))
+ ++nsrcnotes;
+ }
+ if (cache.code) {
+ MOZ_ASSERT(cache.map.initialized());
+ cache.map.finish();
+ cache.code = nullptr;
+ }
+ if (cache.map.init(nsrcnotes)) {
+ pc = script->code();
+ for (jssrcnote* sn = script->notes(); !SN_IS_TERMINATOR(sn);
+ sn = SN_NEXT(sn))
+ {
+ pc += SN_DELTA(sn);
+ if (SN_IS_GETTABLE(sn))
+ cache.map.putNewInfallible(pc, sn);
+ }
+ cache.code = script->code();
+ }
+ }
+
+ return result;
+}
+
+jssrcnote*
+js::GetSrcNote(JSContext* cx, JSScript* script, jsbytecode* pc)
+{
+ return GetSrcNote(cx->caches.gsnCache, script, pc);
+}
+
+unsigned
+js::PCToLineNumber(unsigned startLine, jssrcnote* notes, jsbytecode* code, jsbytecode* pc,
+ unsigned* columnp)
+{
+ unsigned lineno = startLine;
+ unsigned column = 0;
+
+ /*
+ * Walk through source notes accumulating their deltas, keeping track of
+ * line-number notes, until we pass the note for pc's offset within
+ * script->code.
+ */
+ ptrdiff_t offset = 0;
+ ptrdiff_t target = pc - code;
+ for (jssrcnote* sn = notes; !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
+ offset += SN_DELTA(sn);
+ if (offset > target)
+ break;
+
+ SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
+ if (type == SRC_SETLINE) {
+ lineno = unsigned(GetSrcNoteOffset(sn, 0));
+ column = 0;
+ } else if (type == SRC_NEWLINE) {
+ lineno++;
+ column = 0;
+ } else if (type == SRC_COLSPAN) {
+ ptrdiff_t colspan = SN_OFFSET_TO_COLSPAN(GetSrcNoteOffset(sn, 0));
+ MOZ_ASSERT(ptrdiff_t(column) + colspan >= 0);
+ column += colspan;
+ }
+ }
+
+ if (columnp)
+ *columnp = column;
+
+ return lineno;
+}
+
+unsigned
+js::PCToLineNumber(JSScript* script, jsbytecode* pc, unsigned* columnp)
+{
+ /* Cope with InterpreterFrame.pc value prior to entering Interpret. */
+ if (!pc)
+ return 0;
+
+ return PCToLineNumber(script->lineno(), script->notes(), script->code(), pc, columnp);
+}
+
+jsbytecode*
+js::LineNumberToPC(JSScript* script, unsigned target)
+{
+ ptrdiff_t offset = 0;
+ ptrdiff_t best = -1;
+ unsigned lineno = script->lineno();
+ unsigned bestdiff = SN_MAX_OFFSET;
+ for (jssrcnote* sn = script->notes(); !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
+ /*
+ * Exact-match only if offset is not in the prologue; otherwise use
+ * nearest greater-or-equal line number match.
+ */
+ if (lineno == target && offset >= ptrdiff_t(script->mainOffset()))
+ goto out;
+ if (lineno >= target) {
+ unsigned diff = lineno - target;
+ if (diff < bestdiff) {
+ bestdiff = diff;
+ best = offset;
+ }
+ }
+ offset += SN_DELTA(sn);
+ SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
+ if (type == SRC_SETLINE) {
+ lineno = unsigned(GetSrcNoteOffset(sn, 0));
+ } else if (type == SRC_NEWLINE) {
+ lineno++;
+ }
+ }
+ if (best >= 0)
+ offset = best;
+out:
+ return script->offsetToPC(offset);
+}
+
+JS_FRIEND_API(unsigned)
+js::GetScriptLineExtent(JSScript* script)
+{
+ unsigned lineno = script->lineno();
+ unsigned maxLineNo = lineno;
+ for (jssrcnote* sn = script->notes(); !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
+ SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
+ if (type == SRC_SETLINE)
+ lineno = unsigned(GetSrcNoteOffset(sn, 0));
+ else if (type == SRC_NEWLINE)
+ lineno++;
+
+ if (maxLineNo < lineno)
+ maxLineNo = lineno;
+ }
+
+ return 1 + maxLineNo - script->lineno();
+}
+
+void
+js::DescribeScriptedCallerForCompilation(JSContext* cx, MutableHandleScript maybeScript,
+ const char** file, unsigned* linenop,
+ uint32_t* pcOffset, bool* mutedErrors,
+ LineOption opt)
+{
+ if (opt == CALLED_FROM_JSOP_EVAL) {
+ jsbytecode* pc = nullptr;
+ maybeScript.set(cx->currentScript(&pc));
+ static_assert(JSOP_SPREADEVAL_LENGTH == JSOP_STRICTSPREADEVAL_LENGTH,
+ "next op after a spread must be at consistent offset");
+ static_assert(JSOP_EVAL_LENGTH == JSOP_STRICTEVAL_LENGTH,
+ "next op after a direct eval must be at consistent offset");
+ MOZ_ASSERT(JSOp(*pc) == JSOP_EVAL || JSOp(*pc) == JSOP_STRICTEVAL ||
+ JSOp(*pc) == JSOP_SPREADEVAL || JSOp(*pc) == JSOP_STRICTSPREADEVAL);
+
+ bool isSpread = JSOp(*pc) == JSOP_SPREADEVAL || JSOp(*pc) == JSOP_STRICTSPREADEVAL;
+ jsbytecode* nextpc = pc + (isSpread ? JSOP_SPREADEVAL_LENGTH : JSOP_EVAL_LENGTH);
+ MOZ_ASSERT(*nextpc == JSOP_LINENO);
+
+ *file = maybeScript->filename();
+ *linenop = GET_UINT32(nextpc);
+ *pcOffset = pc - maybeScript->code();
+ *mutedErrors = maybeScript->mutedErrors();
+ return;
+ }
+
+ NonBuiltinFrameIter iter(cx, cx->compartment()->principals());
+
+ if (iter.done()) {
+ maybeScript.set(nullptr);
+ *file = nullptr;
+ *linenop = 0;
+ *pcOffset = 0;
+ *mutedErrors = false;
+ return;
+ }
+
+ *file = iter.filename();
+ *linenop = iter.computeLine();
+ *mutedErrors = iter.mutedErrors();
+
+ // These values are only used for introducer fields which are debugging
+ // information and can be safely left null for wasm frames.
+ if (iter.hasScript()) {
+ maybeScript.set(iter.script());
+ *pcOffset = iter.pc() - maybeScript->code();
+ } else {
+ maybeScript.set(nullptr);
+ *pcOffset = 0;
+ }
+}
+
+template <class T>
+static inline T*
+Rebase(JSScript* dst, JSScript* src, T* srcp)
+{
+ size_t off = reinterpret_cast<uint8_t*>(srcp) - src->data;
+ return reinterpret_cast<T*>(dst->data + off);
+}
+
+static JSObject*
+CloneInnerInterpretedFunction(JSContext* cx, HandleScope enclosingScope, HandleFunction srcFun)
+{
+ /* NB: Keep this in sync with XDRInterpretedFunction. */
+ RootedObject cloneProto(cx);
+ if (srcFun->isStarGenerator()) {
+ cloneProto = GlobalObject::getOrCreateStarGeneratorFunctionPrototype(cx, cx->global());
+ if (!cloneProto)
+ return nullptr;
+ }
+
+ gc::AllocKind allocKind = srcFun->getAllocKind();
+ uint16_t flags = srcFun->flags();
+ if (srcFun->isSelfHostedBuiltin()) {
+ // Functions in the self-hosting compartment are only extended in
+ // debug mode. For top-level functions, FUNCTION_EXTENDED gets used by
+ // the cloning algorithm. Do the same for inner functions here.
+ allocKind = gc::AllocKind::FUNCTION_EXTENDED;
+ flags |= JSFunction::Flags::EXTENDED;
+ }
+ RootedAtom atom(cx, srcFun->displayAtom());
+ RootedFunction clone(cx, NewFunctionWithProto(cx, nullptr, srcFun->nargs(),
+ JSFunction::Flags(flags), nullptr, atom,
+ cloneProto, allocKind, TenuredObject));
+ if (!clone)
+ return nullptr;
+
+ JSScript::AutoDelazify srcScript(cx, srcFun);
+ if (!srcScript)
+ return nullptr;
+ JSScript* cloneScript = CloneScriptIntoFunction(cx, enclosingScope, clone, srcScript);
+ if (!cloneScript)
+ return nullptr;
+
+ if (!JSFunction::setTypeForScriptedFunction(cx, clone))
+ return nullptr;
+
+ return clone;
+}
+
+bool
+js::detail::CopyScript(JSContext* cx, HandleScript src, HandleScript dst,
+ MutableHandle<GCVector<Scope*>> scopes)
+{
+ if (src->treatAsRunOnce() && !src->functionNonDelazifying()) {
+ JS_ReportErrorASCII(cx, "No cloning toplevel run-once scripts");
+ return false;
+ }
+
+ /* NB: Keep this in sync with XDRScript. */
+
+ /* Some embeddings are not careful to use ExposeObjectToActiveJS as needed. */
+ MOZ_ASSERT(!src->sourceObject()->asTenured().isMarked(gc::GRAY));
+
+ uint32_t nconsts = src->hasConsts() ? src->consts()->length : 0;
+ uint32_t nobjects = src->hasObjects() ? src->objects()->length : 0;
+ uint32_t nscopes = src->scopes()->length;
+ uint32_t ntrynotes = src->hasTrynotes() ? src->trynotes()->length : 0;
+ uint32_t nscopenotes = src->hasScopeNotes() ? src->scopeNotes()->length : 0;
+ uint32_t nyieldoffsets = src->hasYieldOffsets() ? src->yieldOffsets().length() : 0;
+
+ /* Script data */
+
+ size_t size = src->dataSize();
+ ScopedJSFreePtr<uint8_t> data(AllocScriptData(cx->zone(), size));
+ if (size && !data) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
+
+ /* Scopes */
+
+ // The passed in scopes vector contains body scopes that needed to be
+ // cloned especially, depending on whether the script is a function or
+ // global scope. Starting at scopes.length() means we only deal with
+ // intra-body scopes.
+ {
+ MOZ_ASSERT(nscopes != 0);
+ MOZ_ASSERT(src->bodyScopeIndex() + 1 == scopes.length());
+ GCPtrScope* vector = src->scopes()->vector;
+ RootedScope original(cx);
+ RootedScope clone(cx);
+ for (uint32_t i = scopes.length(); i < nscopes; i++) {
+ original = vector[i];
+ clone = Scope::clone(cx, original, scopes[FindScopeIndex(src, *original->enclosing())]);
+ if (!clone || !scopes.append(clone))
+ return false;
+ }
+ }
+
+ /* Objects */
+
+ AutoObjectVector objects(cx);
+ if (nobjects != 0) {
+ GCPtrObject* vector = src->objects()->vector;
+ RootedObject obj(cx);
+ RootedObject clone(cx);
+ for (unsigned i = 0; i < nobjects; i++) {
+ obj = vector[i];
+ clone = nullptr;
+ if (obj->is<RegExpObject>()) {
+ clone = CloneScriptRegExpObject(cx, obj->as<RegExpObject>());
+ } else if (obj->is<JSFunction>()) {
+ RootedFunction innerFun(cx, &obj->as<JSFunction>());
+ if (innerFun->isNative()) {
+ if (cx->compartment() != innerFun->compartment()) {
+ MOZ_ASSERT(innerFun->isAsmJSNative());
+ JS_ReportErrorASCII(cx, "AsmJS modules do not yet support cloning.");
+ return false;
+ }
+ clone = innerFun;
+ } else {
+ if (innerFun->isInterpretedLazy()) {
+ AutoCompartment ac(cx, innerFun);
+ if (!innerFun->getOrCreateScript(cx))
+ return false;
+ }
+
+ Scope* enclosing = innerFun->nonLazyScript()->enclosingScope();
+ RootedScope enclosingClone(cx, scopes[FindScopeIndex(src, *enclosing)]);
+ clone = CloneInnerInterpretedFunction(cx, enclosingClone, innerFun);
+ }
+ } else {
+ clone = DeepCloneObjectLiteral(cx, obj, TenuredObject);
+ }
+
+ if (!clone || !objects.append(clone))
+ return false;
+ }
+ }
+
+ /* This assignment must occur before all the Rebase calls. */
+ dst->data = data.forget();
+ dst->dataSize_ = size;
+ MOZ_ASSERT(bool(dst->data) == bool(src->data));
+ if (dst->data)
+ memcpy(dst->data, src->data, size);
+
+ /* Script filenames, bytecodes and atoms are runtime-wide. */
+ dst->setScriptData(src->scriptData());
+
+ dst->lineno_ = src->lineno();
+ dst->mainOffset_ = src->mainOffset();
+ dst->nfixed_ = src->nfixed();
+ dst->nslots_ = src->nslots();
+ dst->bodyScopeIndex_ = src->bodyScopeIndex_;
+ dst->funLength_ = src->funLength();
+ dst->nTypeSets_ = src->nTypeSets();
+ if (src->argumentsHasVarBinding()) {
+ dst->setArgumentsHasVarBinding();
+ if (src->analyzedArgsUsage())
+ dst->setNeedsArgsObj(src->needsArgsObj());
+ }
+ dst->hasMappedArgsObj_ = src->hasMappedArgsObj();
+ dst->functionHasThisBinding_ = src->functionHasThisBinding();
+ dst->functionHasExtraBodyVarScope_ = src->functionHasExtraBodyVarScope();
+ dst->cloneHasArray(src);
+ dst->strict_ = src->strict();
+ dst->explicitUseStrict_ = src->explicitUseStrict();
+ dst->hasNonSyntacticScope_ = scopes[0]->hasOnChain(ScopeKind::NonSyntactic);
+ dst->bindingsAccessedDynamically_ = src->bindingsAccessedDynamically();
+ dst->funHasExtensibleScope_ = src->funHasExtensibleScope();
+ dst->funHasAnyAliasedFormal_ = src->funHasAnyAliasedFormal();
+ dst->hasSingletons_ = src->hasSingletons();
+ dst->treatAsRunOnce_ = src->treatAsRunOnce();
+ dst->hasInnerFunctions_ = src->hasInnerFunctions();
+ dst->isGeneratorExp_ = src->isGeneratorExp();
+ dst->setGeneratorKind(src->generatorKind());
+ dst->isDerivedClassConstructor_ = src->isDerivedClassConstructor();
+ dst->needsHomeObject_ = src->needsHomeObject();
+ dst->isDefaultClassConstructor_ = src->isDefaultClassConstructor();
+ dst->isAsync_ = src->asyncKind() == AsyncFunction;
+
+ if (nconsts != 0) {
+ GCPtrValue* vector = Rebase<GCPtrValue>(dst, src, src->consts()->vector);
+ dst->consts()->vector = vector;
+ for (unsigned i = 0; i < nconsts; ++i)
+ MOZ_ASSERT_IF(vector[i].isMarkable(), vector[i].toString()->isAtom());
+ }
+ if (nobjects != 0) {
+ GCPtrObject* vector = Rebase<GCPtrObject>(dst, src, src->objects()->vector);
+ dst->objects()->vector = vector;
+ for (unsigned i = 0; i < nobjects; ++i)
+ vector[i].init(&objects[i]->as<NativeObject>());
+ }
+ {
+ GCPtrScope* vector = Rebase<GCPtrScope>(dst, src, src->scopes()->vector);
+ dst->scopes()->vector = vector;
+ for (uint32_t i = 0; i < nscopes; ++i)
+ vector[i].init(scopes[i]);
+ }
+ if (ntrynotes != 0)
+ dst->trynotes()->vector = Rebase<JSTryNote>(dst, src, src->trynotes()->vector);
+ if (nscopenotes != 0)
+ dst->scopeNotes()->vector = Rebase<ScopeNote>(dst, src, src->scopeNotes()->vector);
+ if (nyieldoffsets != 0)
+ dst->yieldOffsets().vector_ = Rebase<uint32_t>(dst, src, src->yieldOffsets().vector_);
+
+ /*
+ * Function delazification assumes that their script does not have a
+ * non-syntactic global scope. We ensure that as follows:
+ *
+ * 1) Initial parsing only creates lazy functions if
+ * !hasNonSyntacticScope.
+ * 2) Cloning a lazy function into a non-global scope will always require
+ * that its script be cloned. See comments in
+ * CloneFunctionObjectUseSameScript.
+ * 3) Cloning a script never sets a lazyScript on the clone, so the function
+ * cannot be relazified.
+ *
+ * If you decide that lazy functions should be supported with a
+ * non-syntactic global scope, make sure delazification can deal.
+ */
+ MOZ_ASSERT_IF(dst->hasNonSyntacticScope(), !dst->maybeLazyScript());
+ MOZ_ASSERT_IF(dst->hasNonSyntacticScope(), !dst->isRelazifiable());
+ return true;
+}
+
+static JSScript*
+CreateEmptyScriptForClone(JSContext* cx, HandleScript src)
+{
+ /*
+ * Wrap the script source object as needed. Self-hosted scripts may be
+ * in another runtime, so lazily create a new script source object to
+ * use for them.
+ */
+ RootedObject sourceObject(cx);
+ if (cx->runtime()->isSelfHostingCompartment(src->compartment())) {
+ if (!cx->compartment()->selfHostingScriptSource) {
+ CompileOptions options(cx);
+ FillSelfHostingCompileOptions(options);
+
+ ScriptSourceObject* obj = frontend::CreateScriptSourceObject(cx, options);
+ if (!obj)
+ return nullptr;
+ cx->compartment()->selfHostingScriptSource.set(obj);
+ }
+ sourceObject = cx->compartment()->selfHostingScriptSource;
+ } else {
+ sourceObject = src->sourceObject();
+ if (!cx->compartment()->wrap(cx, &sourceObject))
+ return nullptr;
+ }
+
+ CompileOptions options(cx);
+ options.setMutedErrors(src->mutedErrors())
+ .setSelfHostingMode(src->selfHosted())
+ .setNoScriptRval(src->noScriptRval())
+ .setVersion(src->getVersion());
+
+ return JSScript::Create(cx, options, sourceObject, src->sourceStart(), src->sourceEnd());
+}
+
+JSScript*
+js::CloneGlobalScript(JSContext* cx, ScopeKind scopeKind, HandleScript src)
+{
+ MOZ_ASSERT(scopeKind == ScopeKind::Global || scopeKind == ScopeKind::NonSyntactic);
+
+ RootedScript dst(cx, CreateEmptyScriptForClone(cx, src));
+ if (!dst)
+ return nullptr;
+
+ MOZ_ASSERT(src->bodyScopeIndex() == 0);
+ Rooted<GCVector<Scope*>> scopes(cx, GCVector<Scope*>(cx));
+ Rooted<GlobalScope*> original(cx, &src->bodyScope()->as<GlobalScope>());
+ GlobalScope* clone = GlobalScope::clone(cx, original, scopeKind);
+ if (!clone || !scopes.append(clone))
+ return nullptr;
+
+ if (!detail::CopyScript(cx, src, dst, &scopes))
+ return nullptr;
+
+ return dst;
+}
+
+JSScript*
+js::CloneScriptIntoFunction(JSContext* cx, HandleScope enclosingScope, HandleFunction fun,
+ HandleScript src)
+{
+ MOZ_ASSERT(fun->isInterpreted());
+ MOZ_ASSERT(!fun->hasScript() || fun->hasUncompiledScript());
+
+ RootedScript dst(cx, CreateEmptyScriptForClone(cx, src));
+ if (!dst)
+ return nullptr;
+
+ // Clone the non-intra-body scopes.
+ Rooted<GCVector<Scope*>> scopes(cx, GCVector<Scope*>(cx));
+ RootedScope original(cx);
+ RootedScope enclosingClone(cx);
+ for (uint32_t i = 0; i <= src->bodyScopeIndex(); i++) {
+ original = src->getScope(i);
+
+ if (i == 0) {
+ enclosingClone = enclosingScope;
+ } else {
+ MOZ_ASSERT(src->getScope(i - 1) == original->enclosing());
+ enclosingClone = scopes[i - 1];
+ }
+
+ Scope* clone;
+ if (original->is<FunctionScope>())
+ clone = FunctionScope::clone(cx, original.as<FunctionScope>(), fun, enclosingClone);
+ else
+ clone = Scope::clone(cx, original, enclosingClone);
+
+ if (!clone || !scopes.append(clone))
+ return nullptr;
+ }
+
+ // Save flags in case we need to undo the early mutations.
+ const int preservedFlags = fun->flags();
+ if (!detail::CopyScript(cx, src, dst, &scopes)) {
+ fun->setFlags(preservedFlags);
+ return nullptr;
+ }
+
+ // Finally set the script after all the fallible operations.
+ if (fun->isInterpretedLazy())
+ fun->setUnlazifiedScript(dst);
+ else
+ fun->initScript(dst);
+
+ return dst;
+}
+
+DebugScript*
+JSScript::debugScript()
+{
+ MOZ_ASSERT(hasDebugScript_);
+ DebugScriptMap* map = compartment()->debugScriptMap;
+ MOZ_ASSERT(map);
+ DebugScriptMap::Ptr p = map->lookup(this);
+ MOZ_ASSERT(p);
+ return p->value();
+}
+
+DebugScript*
+JSScript::releaseDebugScript()
+{
+ MOZ_ASSERT(hasDebugScript_);
+ DebugScriptMap* map = compartment()->debugScriptMap;
+ MOZ_ASSERT(map);
+ DebugScriptMap::Ptr p = map->lookup(this);
+ MOZ_ASSERT(p);
+ DebugScript* debug = p->value();
+ map->remove(p);
+ hasDebugScript_ = false;
+ return debug;
+}
+
+void
+JSScript::destroyDebugScript(FreeOp* fop)
+{
+ if (hasDebugScript_) {
+#ifdef DEBUG
+ for (jsbytecode* pc = code(); pc < codeEnd(); pc++) {
+ if (BreakpointSite* site = getBreakpointSite(pc)) {
+ /* Breakpoints are swept before finalization. */
+ MOZ_ASSERT(site->firstBreakpoint() == nullptr);
+ MOZ_ASSERT(getBreakpointSite(pc) == nullptr);
+ }
+ }
+#endif
+ fop->free_(releaseDebugScript());
+ }
+}
+
+bool
+JSScript::ensureHasDebugScript(JSContext* cx)
+{
+ if (hasDebugScript_)
+ return true;
+
+ size_t nbytes = offsetof(DebugScript, breakpoints) + length() * sizeof(BreakpointSite*);
+ DebugScript* debug = (DebugScript*) zone()->pod_calloc<uint8_t>(nbytes);
+ if (!debug)
+ return false;
+
+ /* Create compartment's debugScriptMap if necessary. */
+ DebugScriptMap* map = compartment()->debugScriptMap;
+ if (!map) {
+ map = cx->new_<DebugScriptMap>();
+ if (!map || !map->init()) {
+ js_free(debug);
+ js_delete(map);
+ return false;
+ }
+ compartment()->debugScriptMap = map;
+ }
+
+ if (!map->putNew(this, debug)) {
+ js_free(debug);
+ return false;
+ }
+ hasDebugScript_ = true; // safe to set this; we can't fail after this point
+
+ /*
+ * Ensure that any Interpret() instances running on this script have
+ * interrupts enabled. The interrupts must stay enabled until the
+ * debug state is destroyed.
+ */
+ for (ActivationIterator iter(cx->runtime()); !iter.done(); ++iter) {
+ if (iter->isInterpreter())
+ iter->asInterpreter()->enableInterruptsIfRunning(this);
+ }
+
+ return true;
+}
+
+void
+JSScript::setNewStepMode(FreeOp* fop, uint32_t newValue)
+{
+ DebugScript* debug = debugScript();
+ uint32_t prior = debug->stepMode;
+ debug->stepMode = newValue;
+
+ if (!prior != !newValue) {
+ if (hasBaselineScript())
+ baseline->toggleDebugTraps(this, nullptr);
+
+ if (!stepModeEnabled() && !debug->numSites)
+ fop->free_(releaseDebugScript());
+ }
+}
+
+bool
+JSScript::incrementStepModeCount(JSContext* cx)
+{
+ assertSameCompartment(cx, this);
+ MOZ_ASSERT(cx->compartment()->isDebuggee());
+
+ if (!ensureHasDebugScript(cx))
+ return false;
+
+ DebugScript* debug = debugScript();
+ uint32_t count = debug->stepMode;
+ setNewStepMode(cx->runtime()->defaultFreeOp(), count + 1);
+ return true;
+}
+
+void
+JSScript::decrementStepModeCount(FreeOp* fop)
+{
+ DebugScript* debug = debugScript();
+ uint32_t count = debug->stepMode;
+ MOZ_ASSERT(count > 0);
+ setNewStepMode(fop, count - 1);
+}
+
+BreakpointSite*
+JSScript::getOrCreateBreakpointSite(JSContext* cx, jsbytecode* pc)
+{
+ if (!ensureHasDebugScript(cx))
+ return nullptr;
+
+ DebugScript* debug = debugScript();
+ BreakpointSite*& site = debug->breakpoints[pcToOffset(pc)];
+
+ if (!site) {
+ site = cx->runtime()->new_<BreakpointSite>(this, pc);
+ if (!site) {
+ ReportOutOfMemory(cx);
+ return nullptr;
+ }
+ debug->numSites++;
+ }
+
+ return site;
+}
+
+void
+JSScript::destroyBreakpointSite(FreeOp* fop, jsbytecode* pc)
+{
+ DebugScript* debug = debugScript();
+ BreakpointSite*& site = debug->breakpoints[pcToOffset(pc)];
+ MOZ_ASSERT(site);
+
+ fop->delete_(site);
+ site = nullptr;
+
+ if (--debug->numSites == 0 && !stepModeEnabled())
+ fop->free_(releaseDebugScript());
+}
+
+void
+JSScript::clearBreakpointsIn(FreeOp* fop, js::Debugger* dbg, JSObject* handler)
+{
+ if (!hasAnyBreakpointsOrStepMode())
+ return;
+
+ for (jsbytecode* pc = code(); pc < codeEnd(); pc++) {
+ BreakpointSite* site = getBreakpointSite(pc);
+ if (site) {
+ Breakpoint* nextbp;
+ for (Breakpoint* bp = site->firstBreakpoint(); bp; bp = nextbp) {
+ nextbp = bp->nextInSite();
+ if ((!dbg || bp->debugger == dbg) && (!handler || bp->getHandler() == handler))
+ bp->destroy(fop);
+ }
+ }
+ }
+}
+
+bool
+JSScript::hasBreakpointsAt(jsbytecode* pc)
+{
+ BreakpointSite* site = getBreakpointSite(pc);
+ if (!site)
+ return false;
+
+ return site->enabledCount > 0;
+}
+
+void
+SharedScriptData::traceChildren(JSTracer* trc)
+{
+ MOZ_ASSERT(refCount() != 0);
+ for (uint32_t i = 0; i < natoms(); ++i)
+ TraceNullableEdge(trc, &atoms()[i], "atom");
+}
+
+void
+JSScript::traceChildren(JSTracer* trc)
+{
+ // NOTE: this JSScript may be partially initialized at this point. E.g. we
+ // may have created it and partially initialized it with
+ // JSScript::Create(), but not yet finished initializing it with
+ // fullyInitFromEmitter() or fullyInitTrivial().
+
+ MOZ_ASSERT_IF(trc->isMarkingTracer() &&
+ static_cast<GCMarker*>(trc)->shouldCheckCompartments(),
+ zone()->isCollecting());
+
+ if (scriptData())
+ scriptData()->traceChildren(trc);
+
+ if (ScopeArray* scopearray = scopes())
+ TraceRange(trc, scopearray->length, scopearray->vector, "scopes");
+
+ if (hasConsts()) {
+ ConstArray* constarray = consts();
+ TraceRange(trc, constarray->length, constarray->vector, "consts");
+ }
+
+ if (hasObjects()) {
+ ObjectArray* objarray = objects();
+ TraceRange(trc, objarray->length, objarray->vector, "objects");
+ }
+
+ MOZ_ASSERT_IF(sourceObject(), MaybeForwarded(sourceObject())->compartment() == compartment());
+ TraceNullableEdge(trc, &sourceObject_, "sourceObject");
+
+ if (maybeLazyScript())
+ TraceManuallyBarrieredEdge(trc, &lazyScript, "lazyScript");
+
+ if (trc->isMarkingTracer())
+ compartment()->mark();
+
+ jit::TraceJitScripts(trc, this);
+}
+
+void
+LazyScript::finalize(FreeOp* fop)
+{
+ fop->free_(table_);
+}
+
+size_t
+JSScript::calculateLiveFixed(jsbytecode* pc)
+{
+ size_t nlivefixed = numAlwaysLiveFixedSlots();
+
+ if (nfixed() != nlivefixed) {
+ Scope* scope = lookupScope(pc);
+ if (scope)
+ scope = MaybeForwarded(scope);
+
+ // Find the nearest LexicalScope in the same script.
+ while (scope && scope->is<WithScope>()) {
+ scope = scope->enclosing();
+ if (scope)
+ scope = MaybeForwarded(scope);
+ }
+
+ if (scope) {
+ if (scope->is<LexicalScope>())
+ nlivefixed = scope->as<LexicalScope>().nextFrameSlot();
+ else if (scope->is<VarScope>())
+ nlivefixed = scope->as<VarScope>().nextFrameSlot();
+ }
+ }
+
+ MOZ_ASSERT(nlivefixed <= nfixed());
+ MOZ_ASSERT(nlivefixed >= numAlwaysLiveFixedSlots());
+
+ return nlivefixed;
+}
+
+Scope*
+JSScript::lookupScope(jsbytecode* pc)
+{
+ MOZ_ASSERT(containsPC(pc));
+
+ if (!hasScopeNotes())
+ return nullptr;
+
+ size_t offset = pc - code();
+
+ ScopeNoteArray* notes = scopeNotes();
+ Scope* scope = nullptr;
+
+ // Find the innermost block chain using a binary search.
+ size_t bottom = 0;
+ size_t top = notes->length;
+
+ while (bottom < top) {
+ size_t mid = bottom + (top - bottom) / 2;
+ const ScopeNote* note = &notes->vector[mid];
+ if (note->start <= offset) {
+ // Block scopes are ordered in the list by their starting offset, and since
+ // blocks form a tree ones earlier in the list may cover the pc even if
+ // later blocks end before the pc. This only happens when the earlier block
+ // is a parent of the later block, so we need to check parents of |mid| in
+ // the searched range for coverage.
+ size_t check = mid;
+ while (check >= bottom) {
+ const ScopeNote* checkNote = &notes->vector[check];
+ MOZ_ASSERT(checkNote->start <= offset);
+ if (offset < checkNote->start + checkNote->length) {
+ // We found a matching block chain but there may be inner ones
+ // at a higher block chain index than mid. Continue the binary search.
+ if (checkNote->index == ScopeNote::NoScopeIndex)
+ scope = nullptr;
+ else
+ scope = getScope(checkNote->index);
+ break;
+ }
+ if (checkNote->parent == UINT32_MAX)
+ break;
+ check = checkNote->parent;
+ }
+ bottom = mid + 1;
+ } else {
+ top = mid;
+ }
+ }
+
+ return scope;
+}
+
+Scope*
+JSScript::innermostScope(jsbytecode* pc)
+{
+ if (Scope* scope = lookupScope(pc))
+ return scope;
+ return bodyScope();
+}
+
+void
+JSScript::setArgumentsHasVarBinding()
+{
+ argsHasVarBinding_ = true;
+ needsArgsAnalysis_ = true;
+}
+
+void
+JSScript::setNeedsArgsObj(bool needsArgsObj)
+{
+ MOZ_ASSERT_IF(needsArgsObj, argumentsHasVarBinding());
+ needsArgsAnalysis_ = false;
+ needsArgsObj_ = needsArgsObj;
+}
+
+void
+js::SetFrameArgumentsObject(JSContext* cx, AbstractFramePtr frame,
+ HandleScript script, JSObject* argsobj)
+{
+ /*
+ * Replace any optimized arguments in the frame with an explicit arguments
+ * object. Note that 'arguments' may have already been overwritten.
+ */
+
+ Rooted<BindingIter> bi(cx, BindingIter(script));
+ while (bi && bi.name() != cx->names().arguments)
+ bi++;
+ if (!bi)
+ return;
+
+ if (bi.location().kind() == BindingLocation::Kind::Environment) {
+ /*
+ * Scan the script to find the slot in the call object that 'arguments'
+ * is assigned to.
+ */
+ jsbytecode* pc = script->code();
+ while (*pc != JSOP_ARGUMENTS)
+ pc += GetBytecodeLength(pc);
+ pc += JSOP_ARGUMENTS_LENGTH;
+ MOZ_ASSERT(*pc == JSOP_SETALIASEDVAR);
+
+ // Note that here and below, it is insufficient to only check for
+ // JS_OPTIMIZED_ARGUMENTS, as Ion could have optimized out the
+ // arguments slot.
+ EnvironmentObject& env = frame.callObj().as<EnvironmentObject>();
+ if (IsOptimizedPlaceholderMagicValue(env.aliasedBinding(bi)))
+ env.setAliasedBinding(cx, bi, ObjectValue(*argsobj));
+ } else {
+ MOZ_ASSERT(bi.location().kind() == BindingLocation::Kind::Frame);
+ uint32_t frameSlot = bi.location().slot();
+ if (IsOptimizedPlaceholderMagicValue(frame.unaliasedLocal(frameSlot)))
+ frame.unaliasedLocal(frameSlot) = ObjectValue(*argsobj);
+ }
+}
+
+/* static */ bool
+JSScript::argumentsOptimizationFailed(JSContext* cx, HandleScript script)
+{
+ MOZ_ASSERT(script->functionNonDelazifying());
+ MOZ_ASSERT(script->analyzedArgsUsage());
+ MOZ_ASSERT(script->argumentsHasVarBinding());
+
+ /*
+ * It is possible that the arguments optimization has already failed,
+ * everything has been fixed up, but there was an outstanding magic value
+ * on the stack that has just now flowed into an apply. In this case, there
+ * is nothing to do; GuardFunApplySpeculation will patch in the real
+ * argsobj.
+ */
+ if (script->needsArgsObj())
+ return true;
+
+ MOZ_ASSERT(!script->isGenerator());
+
+ script->needsArgsObj_ = true;
+
+ /*
+ * Since we can't invalidate baseline scripts, set a flag that's checked from
+ * JIT code to indicate the arguments optimization failed and JSOP_ARGUMENTS
+ * should create an arguments object next time.
+ */
+ if (script->hasBaselineScript())
+ script->baselineScript()->setNeedsArgsObj();
+
+ /*
+ * By design, the arguments optimization is only made when there are no
+ * outstanding cases of MagicValue(JS_OPTIMIZED_ARGUMENTS) at any points
+ * where the optimization could fail, other than an active invocation of
+ * 'f.apply(x, arguments)'. Thus, there are no outstanding values of
+ * MagicValue(JS_OPTIMIZED_ARGUMENTS) on the stack. However, there are
+ * three things that need fixup:
+ * - there may be any number of activations of this script that don't have
+ * an argsObj that now need one.
+ * - jit code compiled (and possible active on the stack) with the static
+ * assumption of !script->needsArgsObj();
+ * - type inference data for the script assuming script->needsArgsObj
+ */
+ for (AllScriptFramesIter i(cx); !i.done(); ++i) {
+ /*
+ * We cannot reliably create an arguments object for Ion activations of
+ * this script. To maintain the invariant that "script->needsArgsObj
+ * implies fp->hasArgsObj", the Ion bail mechanism will create an
+ * arguments object right after restoring the BaselineFrame and before
+ * entering Baseline code (in jit::FinishBailoutToBaseline).
+ */
+ if (i.isIon())
+ continue;
+ AbstractFramePtr frame = i.abstractFramePtr();
+ if (frame.isFunctionFrame() && frame.script() == script) {
+ /* We crash on OOM since cleaning up here would be complicated. */
+ AutoEnterOOMUnsafeRegion oomUnsafe;
+ ArgumentsObject* argsobj = ArgumentsObject::createExpected(cx, frame);
+ if (!argsobj)
+ oomUnsafe.crash("JSScript::argumentsOptimizationFailed");
+ SetFrameArgumentsObject(cx, frame, script, argsobj);
+ }
+ }
+
+ return true;
+}
+
+bool
+JSScript::formalIsAliased(unsigned argSlot)
+{
+ if (functionHasParameterExprs())
+ return false;
+
+ for (PositionalFormalParameterIter fi(this); fi; fi++) {
+ if (fi.argumentSlot() == argSlot)
+ return fi.closedOver();
+ }
+ MOZ_CRASH("Argument slot not found");
+}
+
+bool
+JSScript::formalLivesInArgumentsObject(unsigned argSlot)
+{
+ return argsObjAliasesFormals() && !formalIsAliased(argSlot);
+}
+
+LazyScript::LazyScript(JSFunction* fun, void* table, uint64_t packedFields,
+ uint32_t begin, uint32_t end, uint32_t lineno, uint32_t column)
+ : script_(nullptr),
+ function_(fun),
+ enclosingScope_(nullptr),
+ sourceObject_(nullptr),
+ table_(table),
+ packedFields_(packedFields),
+ begin_(begin),
+ end_(end),
+ lineno_(lineno),
+ column_(column)
+{
+ MOZ_ASSERT(begin <= end);
+}
+
+void
+LazyScript::initScript(JSScript* script)
+{
+ MOZ_ASSERT(script);
+ MOZ_ASSERT(!script_.unbarrieredGet());
+ script_.set(script);
+}
+
+void
+LazyScript::resetScript()
+{
+ MOZ_ASSERT(script_.unbarrieredGet());
+ script_.set(nullptr);
+}
+
+void
+LazyScript::setEnclosingScopeAndSource(Scope* enclosingScope, ScriptSourceObject* sourceObject)
+{
+ MOZ_ASSERT(function_->compartment() == sourceObject->compartment());
+ // This method may be called to update the enclosing scope. See comment
+ // above the callsite in BytecodeEmitter::emitFunction.
+ MOZ_ASSERT_IF(sourceObject_, sourceObject_ == sourceObject && enclosingScope_);
+ MOZ_ASSERT_IF(!sourceObject_, !enclosingScope_);
+
+ enclosingScope_ = enclosingScope;
+ sourceObject_ = sourceObject;
+}
+
+ScriptSourceObject*
+LazyScript::sourceObject() const
+{
+ return sourceObject_ ? &sourceObject_->as<ScriptSourceObject>() : nullptr;
+}
+
+ScriptSource*
+LazyScript::maybeForwardedScriptSource() const
+{
+ return UncheckedUnwrap(MaybeForwarded(sourceObject()))->as<ScriptSourceObject>().source();
+}
+
+/* static */ LazyScript*
+LazyScript::CreateRaw(ExclusiveContext* cx, HandleFunction fun,
+ uint64_t packedFields, uint32_t begin, uint32_t end,
+ uint32_t lineno, uint32_t column)
+{
+ union {
+ PackedView p;
+ uint64_t packed;
+ };
+
+ packed = packedFields;
+
+ // Reset runtime flags to obtain a fresh LazyScript.
+ p.hasBeenCloned = false;
+ p.treatAsRunOnce = false;
+
+ size_t bytes = (p.numClosedOverBindings * sizeof(JSAtom*))
+ + (p.numInnerFunctions * sizeof(GCPtrFunction));
+
+ ScopedJSFreePtr<uint8_t> table(bytes ? fun->zone()->pod_malloc<uint8_t>(bytes) : nullptr);
+ if (bytes && !table) {
+ ReportOutOfMemory(cx);
+ return nullptr;
+ }
+
+ LazyScript* res = Allocate<LazyScript>(cx);
+ if (!res)
+ return nullptr;
+
+ cx->compartment()->scheduleDelazificationForDebugger();
+
+ return new (res) LazyScript(fun, table.forget(), packed, begin, end, lineno, column);
+}
+
+/* static */ LazyScript*
+LazyScript::Create(ExclusiveContext* cx, HandleFunction fun,
+ const frontend::AtomVector& closedOverBindings,
+ Handle<GCVector<JSFunction*, 8>> innerFunctions,
+ JSVersion version,
+ uint32_t begin, uint32_t end, uint32_t lineno, uint32_t column)
+{
+ union {
+ PackedView p;
+ uint64_t packedFields;
+ };
+
+ p.version = version;
+ p.shouldDeclareArguments = false;
+ p.hasThisBinding = false;
+ p.isAsync = false;
+ p.numClosedOverBindings = closedOverBindings.length();
+ p.numInnerFunctions = innerFunctions.length();
+ p.generatorKindBits = GeneratorKindAsBits(NotGenerator);
+ p.strict = false;
+ p.bindingsAccessedDynamically = false;
+ p.hasDebuggerStatement = false;
+ p.hasDirectEval = false;
+ p.isLikelyConstructorWrapper = false;
+ p.isDerivedClassConstructor = false;
+ p.needsHomeObject = false;
+
+ LazyScript* res = LazyScript::CreateRaw(cx, fun, packedFields, begin, end, lineno, column);
+ if (!res)
+ return nullptr;
+
+ JSAtom** resClosedOverBindings = res->closedOverBindings();
+ for (size_t i = 0; i < res->numClosedOverBindings(); i++)
+ resClosedOverBindings[i] = closedOverBindings[i];
+
+ GCPtrFunction* resInnerFunctions = res->innerFunctions();
+ for (size_t i = 0; i < res->numInnerFunctions(); i++)
+ resInnerFunctions[i].init(innerFunctions[i]);
+
+ MOZ_ASSERT_IF(res, res->version() == version);
+ return res;
+}
+
+/* static */ LazyScript*
+LazyScript::Create(ExclusiveContext* cx, HandleFunction fun,
+ HandleScript script, HandleScope enclosingScope,
+ HandleScript enclosingScript,
+ uint64_t packedFields, uint32_t begin, uint32_t end,
+ uint32_t lineno, uint32_t column)
+{
+ // Dummy atom which is not a valid property name.
+ RootedAtom dummyAtom(cx, cx->names().comma);
+
+ // Dummy function which is not a valid function as this is the one which is
+ // holding this lazy script.
+ HandleFunction dummyFun = fun;
+
+ LazyScript* res = LazyScript::CreateRaw(cx, fun, packedFields, begin, end, lineno, column);
+ if (!res)
+ return nullptr;
+
+ // Fill with dummies, to be GC-safe after the initialization of the free
+ // variables and inner functions.
+ size_t i, num;
+ JSAtom** closedOverBindings = res->closedOverBindings();
+ for (i = 0, num = res->numClosedOverBindings(); i < num; i++)
+ closedOverBindings[i] = dummyAtom;
+
+ GCPtrFunction* functions = res->innerFunctions();
+ for (i = 0, num = res->numInnerFunctions(); i < num; i++)
+ functions[i].init(dummyFun);
+
+ // Set the enclosing scope and source object of the lazy function. These
+ // values should only be non-null if we have a non-lazy enclosing script.
+ // AddLazyFunctionsForCompartment relies on the source object being null
+ // if we're nested inside another lazy function.
+ MOZ_ASSERT(!!enclosingScript == !!enclosingScope);
+ MOZ_ASSERT(!res->sourceObject());
+ MOZ_ASSERT(!res->enclosingScope());
+ if (enclosingScript)
+ res->setEnclosingScopeAndSource(enclosingScope, &enclosingScript->scriptSourceUnwrap());
+
+ MOZ_ASSERT(!res->hasScript());
+ if (script)
+ res->initScript(script);
+
+ return res;
+}
+
+void
+LazyScript::initRuntimeFields(uint64_t packedFields)
+{
+ union {
+ PackedView p;
+ uint64_t packed;
+ };
+
+ packed = packedFields;
+ p_.hasBeenCloned = p.hasBeenCloned;
+ p_.treatAsRunOnce = p.treatAsRunOnce;
+}
+
+bool
+LazyScript::hasUncompiledEnclosingScript() const
+{
+ // It can happen that we created lazy scripts while compiling an enclosing
+ // script, but we errored out while compiling that script. When we iterate
+ // over lazy script in a compartment, we might see lazy scripts that never
+ // escaped to script and should be ignored.
+ //
+ // If the enclosing scope is a function with a null script or has a script
+ // without code, it was not successfully compiled.
+
+ if (!enclosingScope() || !enclosingScope()->is<FunctionScope>())
+ return false;
+
+ JSFunction* fun = enclosingScope()->as<FunctionScope>().canonicalFunction();
+ return !fun->hasScript() || fun->hasUncompiledScript() || !fun->nonLazyScript()->code();
+}
+
+void
+JSScript::updateBaselineOrIonRaw(JSRuntime* maybeRuntime)
+{
+ if (hasBaselineScript() && baseline->hasPendingIonBuilder()) {
+ MOZ_ASSERT(maybeRuntime);
+ MOZ_ASSERT(!isIonCompilingOffThread());
+ baselineOrIonRaw = maybeRuntime->jitRuntime()->lazyLinkStub()->raw();
+ baselineOrIonSkipArgCheck = maybeRuntime->jitRuntime()->lazyLinkStub()->raw();
+ } else if (hasIonScript()) {
+ baselineOrIonRaw = ion->method()->raw();
+ baselineOrIonSkipArgCheck = ion->method()->raw() + ion->getSkipArgCheckEntryOffset();
+ } else if (hasBaselineScript()) {
+ baselineOrIonRaw = baseline->method()->raw();
+ baselineOrIonSkipArgCheck = baseline->method()->raw();
+ } else {
+ baselineOrIonRaw = nullptr;
+ baselineOrIonSkipArgCheck = nullptr;
+ }
+}
+
+bool
+JSScript::hasLoops()
+{
+ if (!hasTrynotes())
+ return false;
+ JSTryNote* tn = trynotes()->vector;
+ JSTryNote* tnlimit = tn + trynotes()->length;
+ for (; tn < tnlimit; tn++) {
+ if (tn->kind == JSTRY_FOR_IN || tn->kind == JSTRY_LOOP)
+ return true;
+ }
+ return false;
+}
+
+bool
+JSScript::mayReadFrameArgsDirectly()
+{
+ return argumentsHasVarBinding() || (function() && function()->hasRest());
+}
+
+static inline void
+LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end,
+ HashNumber hashes[3])
+{
+ HashNumber hash = lineno;
+ hash = RotateLeft(hash, 4) ^ column;
+ hash = RotateLeft(hash, 4) ^ begin;
+ hash = RotateLeft(hash, 4) ^ end;
+
+ hashes[0] = hash;
+ hashes[1] = RotateLeft(hashes[0], 4) ^ begin;
+ hashes[2] = RotateLeft(hashes[1], 4) ^ end;
+}
+
+void
+LazyScriptHashPolicy::hash(const Lookup& lookup, HashNumber hashes[3])
+{
+ LazyScript* lazy = lookup.lazy;
+ LazyScriptHash(lazy->lineno(), lazy->column(), lazy->begin(), lazy->end(), hashes);
+}
+
+void
+LazyScriptHashPolicy::hash(JSScript* script, HashNumber hashes[3])
+{
+ LazyScriptHash(script->lineno(), script->column(), script->sourceStart(), script->sourceEnd(), hashes);
+}
+
+bool
+LazyScriptHashPolicy::match(JSScript* script, const Lookup& lookup)
+{
+ JSContext* cx = lookup.cx;
+ LazyScript* lazy = lookup.lazy;
+
+ // To be a match, the script and lazy script need to have the same line
+ // and column and to be at the same position within their respective
+ // source blobs, and to have the same source contents and version.
+ //
+ // While the surrounding code in the source may differ, this is
+ // sufficient to ensure that compiling the lazy script will yield an
+ // identical result to compiling the original script.
+ //
+ // Note that the filenames and origin principals of the lazy script and
+ // original script can differ. If there is a match, these will be fixed
+ // up in the resulting clone by the caller.
+
+ if (script->lineno() != lazy->lineno() ||
+ script->column() != lazy->column() ||
+ script->getVersion() != lazy->version() ||
+ script->sourceStart() != lazy->begin() ||
+ script->sourceEnd() != lazy->end())
+ {
+ return false;
+ }
+
+ UncompressedSourceCache::AutoHoldEntry holder;
+
+ size_t scriptBegin = script->sourceStart();
+ size_t length = script->sourceEnd() - scriptBegin;
+ const char16_t* scriptChars = script->scriptSource()->chars(cx, holder, scriptBegin, length);
+ if (!scriptChars)
+ return false;
+
+ MOZ_ASSERT(scriptBegin == lazy->begin());
+ const char16_t* lazyChars = lazy->scriptSource()->chars(cx, holder, scriptBegin, length);
+ if (!lazyChars)
+ return false;
+
+ return !memcmp(scriptChars, lazyChars, length);
+}
+
+void
+JSScript::AutoDelazify::holdScript(JS::HandleFunction fun)
+{
+ if (fun) {
+ if (fun->compartment()->isSelfHosting) {
+ // The self-hosting compartment is shared across runtimes, so we
+ // can't use JSAutoCompartment: it could cause races. Functions in
+ // the self-hosting compartment will never be lazy, so we can safely
+ // assume we don't have to delazify.
+ script_ = fun->nonLazyScript();
+ } else {
+ JSAutoCompartment ac(cx_, fun);
+ script_ = fun->getOrCreateScript(cx_);
+ if (script_) {
+ oldDoNotRelazify_ = script_->doNotRelazify_;
+ script_->setDoNotRelazify(true);
+ }
+ }
+ }
+}
+
+void
+JSScript::AutoDelazify::dropScript()
+{
+ // Don't touch script_ if it's in the self-hosting compartment, see the
+ // comment in holdScript.
+ if (script_ && !script_->compartment()->isSelfHosting)
+ script_->setDoNotRelazify(oldDoNotRelazify_);
+ script_ = nullptr;
+}
+
+JS::ubi::Node::Size
+JS::ubi::Concrete<JSScript>::size(mozilla::MallocSizeOf mallocSizeOf) const
+{
+ Size size = Arena::thingSize(get().asTenured().getAllocKind());
+
+ size += get().sizeOfData(mallocSizeOf);
+ size += get().sizeOfTypeScript(mallocSizeOf);
+
+ size_t baselineSize = 0;
+ size_t baselineStubsSize = 0;
+ jit::AddSizeOfBaselineData(&get(), mallocSizeOf, &baselineSize, &baselineStubsSize);
+ size += baselineSize;
+ size += baselineStubsSize;
+
+ size += jit::SizeOfIonData(&get(), mallocSizeOf);
+
+ MOZ_ASSERT(size > 0);
+ return size;
+}
+
+const char*
+JS::ubi::Concrete<JSScript>::scriptFilename() const
+{
+ return get().filename();
+}
+
+JS::ubi::Node::Size
+JS::ubi::Concrete<js::LazyScript>::size(mozilla::MallocSizeOf mallocSizeOf) const
+{
+ Size size = js::gc::Arena::thingSize(get().asTenured().getAllocKind());
+ size += get().sizeOfExcludingThis(mallocSizeOf);
+ return size;
+}
+
+const char*
+JS::ubi::Concrete<js::LazyScript>::scriptFilename() const
+{
+ auto sourceObject = get().sourceObject();
+ if (!sourceObject)
+ return nullptr;
+
+ auto source = sourceObject->source();
+ if (!source)
+ return nullptr;
+
+ return source->filename();
+}