/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- * vim: set ts=8 sts=4 et sw=4 tw=99: * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* JS script descriptor. */ #ifndef jsscript_h #define jsscript_h #include "mozilla/Atomics.h" #include "mozilla/Maybe.h" #include "mozilla/MemoryReporting.h" #include "mozilla/PodOperations.h" #include "mozilla/Variant.h" #include "jsatom.h" #include "jsopcode.h" #include "jstypes.h" #include "frontend/NameAnalysisTypes.h" #include "gc/Barrier.h" #include "gc/Rooting.h" #include "jit/IonCode.h" #include "js/UbiNode.h" #include "js/UniquePtr.h" #include "vm/NativeObject.h" #include "vm/Scope.h" #include "vm/Shape.h" #include "vm/SharedImmutableStringsCache.h" namespace JS { struct ScriptSourceInfo; } // namespace JS namespace js { namespace jit { struct BaselineScript; struct IonScriptCounts; } // namespace jit # define ION_DISABLED_SCRIPT ((js::jit::IonScript*)0x1) # define ION_COMPILING_SCRIPT ((js::jit::IonScript*)0x2) # define ION_PENDING_SCRIPT ((js::jit::IonScript*)0x3) # define BASELINE_DISABLED_SCRIPT ((js::jit::BaselineScript*)0x1) class BreakpointSite; class Debugger; class LazyScript; class ModuleObject; class RegExpObject; struct SourceCompressionTask; class Shape; namespace frontend { struct BytecodeEmitter; class FunctionBox; class ModuleSharedContext; } // namespace frontend namespace detail { // Do not call this directly! It is exposed for the friend declarations in // this file. bool CopyScript(JSContext* cx, HandleScript src, HandleScript dst, MutableHandle<GCVector<Scope*>> scopes); } // namespace detail } // namespace js /* * Type of try note associated with each catch or finally block, and also with * for-in and other kinds of loops. Non-for-in loops do not need these notes * for exception unwinding, but storing their boundaries here is helpful for * heuristics that need to know whether a given op is inside a loop. */ enum JSTryNoteKind { JSTRY_CATCH, JSTRY_FINALLY, JSTRY_FOR_IN, JSTRY_FOR_OF, JSTRY_LOOP, JSTRY_FOR_OF_ITERCLOSE, JSTRY_DESTRUCTURING_ITERCLOSE }; /* * Exception handling record. */ struct JSTryNote { uint8_t kind; /* one of JSTryNoteKind */ uint32_t stackDepth; /* stack depth upon exception handler entry */ uint32_t start; /* start of the try statement or loop relative to script->main */ uint32_t length; /* length of the try statement or loop */ }; namespace js { // A block scope has a range in bytecode: it is entered at some offset, and left // at some later offset. Scopes can be nested. Given an offset, the // ScopeNote containing that offset whose with the highest start value // indicates the block scope. The block scope list is sorted by increasing // start value. // // It is possible to leave a scope nonlocally, for example via a "break" // statement, so there may be short bytecode ranges in a block scope in which we // are popping the block chain in preparation for a goto. These exits are also // nested with respect to outer scopes. The scopes in these exits are indicated // by the "index" field, just like any other block. If a nonlocal exit pops the // last block scope, the index will be NoScopeIndex. // struct ScopeNote { // Sentinel index for no Scope. static const uint32_t NoScopeIndex = UINT32_MAX; // Sentinel index for no ScopeNote. static const uint32_t NoScopeNoteIndex = UINT32_MAX; uint32_t index; // Index of Scope in the scopes array, or // NoScopeIndex if there is no block scope in // this range. uint32_t start; // Bytecode offset at which this scope starts, // from script->main(). uint32_t length; // Bytecode length of scope. uint32_t parent; // Index of parent block scope in notes, or NoScopeNote. }; struct ConstArray { js::GCPtrValue* vector; // array of indexed constant values uint32_t length; }; struct ObjectArray { js::GCPtrObject* vector; // Array of indexed objects. uint32_t length; // Count of indexed objects. }; struct ScopeArray { js::GCPtrScope* vector; // Array of indexed scopes. uint32_t length; // Count of indexed scopes. }; struct TryNoteArray { JSTryNote* vector; // Array of indexed try notes. uint32_t length; // Count of indexed try notes. }; struct ScopeNoteArray { ScopeNote* vector; // Array of indexed ScopeNote records. uint32_t length; // Count of indexed try notes. }; class YieldAndAwaitOffsetArray { friend bool detail::CopyScript(JSContext* cx, HandleScript src, HandleScript dst, MutableHandle<GCVector<Scope*>> scopes); uint32_t* vector_; // Array of bytecode offsets. uint32_t length_; // Count of bytecode offsets. public: void init(uint32_t* vector, uint32_t length) { vector_ = vector; length_ = length; } uint32_t& operator[](uint32_t index) { MOZ_ASSERT(index < length_); return vector_[index]; } uint32_t length() const { return length_; } }; class ScriptCounts { public: typedef mozilla::Vector<PCCounts, 0, SystemAllocPolicy> PCCountsVector; inline ScriptCounts(); inline explicit ScriptCounts(PCCountsVector&& jumpTargets); inline ScriptCounts(ScriptCounts&& src); inline ~ScriptCounts(); inline ScriptCounts& operator=(ScriptCounts&& src); // Return the counter used to count the number of visits. Returns null if // the element is not found. PCCounts* maybeGetPCCounts(size_t offset); const PCCounts* maybeGetPCCounts(size_t offset) const; // PCCounts are stored at jump-target offsets. This function looks for the // previous PCCount which is in the same basic block as the current offset. PCCounts* getImmediatePrecedingPCCounts(size_t offset); // Return the counter used to count the number of throws. Returns null if // the element is not found. const PCCounts* maybeGetThrowCounts(size_t offset) const; // Throw counts are stored at the location of each throwing // instruction. This function looks for the previous throw count. // // Note: if the offset of the returned count is higher than the offset of // the immediate preceding PCCount, then this throw happened in the same // basic block. const PCCounts* getImmediatePrecedingThrowCounts(size_t offset) const; // Return the counter used to count the number of throws. Allocate it if // none exists yet. Returns null if the allocation failed. PCCounts* getThrowCounts(size_t offset); private: friend class ::JSScript; friend struct ScriptAndCounts; // This sorted array is used to map an offset to the number of times a // branch got visited. PCCountsVector pcCounts_; // This sorted vector is used to map an offset to the number of times an // instruction throw. PCCountsVector throwCounts_; // Information about any Ion compilations for the script. jit::IonScriptCounts* ionCounts_; }; // Note: The key of this hash map is a weak reference to a JSScript. We do not // use the WeakMap implementation provided in jsweakmap.h because it would be // collected at the beginning of the sweeping of the compartment, thus before // the calls to the JSScript::finalize function which are used to aggregate code // coverage results on the compartment. typedef HashMap<JSScript*, ScriptCounts*, DefaultHasher<JSScript*>, SystemAllocPolicy> ScriptCountsMap; class DebugScript { friend class ::JSScript; friend struct ::JSCompartment; /* * When non-zero, compile script in single-step mode. The top bit is set and * cleared by setStepMode, as used by JSD. The lower bits are a count, * adjusted by changeStepModeCount, used by the Debugger object. Only * when the bit is clear and the count is zero may we compile the script * without single-step support. */ uint32_t stepMode; /* * Number of breakpoint sites at opcodes in the script. This is the number * of populated entries in DebugScript::breakpoints, below. */ uint32_t numSites; /* * Breakpoints set in our script. For speed and simplicity, this array is * parallel to script->code(): the BreakpointSite for the opcode at * script->code()[offset] is debugScript->breakpoints[offset]. Naturally, * this array's true length is script->length(). */ BreakpointSite* breakpoints[1]; }; typedef HashMap<JSScript*, DebugScript*, DefaultHasher<JSScript*>, SystemAllocPolicy> DebugScriptMap; class ScriptSource; struct ScriptSourceChunk { ScriptSource* ss; uint32_t chunk; ScriptSourceChunk() : ss(nullptr), chunk(0) {} ScriptSourceChunk(ScriptSource* ss, uint32_t chunk) : ss(ss), chunk(chunk) { MOZ_ASSERT(valid());; } bool valid() const { return ss != nullptr; } bool operator==(const ScriptSourceChunk& other) const { return ss == other.ss && chunk == other.chunk; } }; struct ScriptSourceChunkHasher { using Lookup = ScriptSourceChunk; static HashNumber hash(const ScriptSourceChunk& ssc) { return mozilla::AddToHash(DefaultHasher<ScriptSource*>::hash(ssc.ss), ssc.chunk); } static bool match(const ScriptSourceChunk& c1, const ScriptSourceChunk& c2) { return c1 == c2; } }; class UncompressedSourceCache { typedef HashMap<ScriptSourceChunk, UniqueTwoByteChars, ScriptSourceChunkHasher, SystemAllocPolicy> Map; public: // Hold an entry in the source data cache and prevent it from being purged on GC. class AutoHoldEntry { UncompressedSourceCache* cache_; ScriptSourceChunk sourceChunk_; UniqueTwoByteChars charsToFree_; public: explicit AutoHoldEntry(); ~AutoHoldEntry(); void holdChars(UniqueTwoByteChars chars); private: void holdEntry(UncompressedSourceCache* cache, const ScriptSourceChunk& sourceChunk); void deferDelete(UniqueTwoByteChars chars); const ScriptSourceChunk& sourceChunk() const { return sourceChunk_; } friend class UncompressedSourceCache; }; private: UniquePtr<Map> map_; AutoHoldEntry* holder_; public: UncompressedSourceCache() : holder_(nullptr) {} const char16_t* lookup(const ScriptSourceChunk& ssc, AutoHoldEntry& asp); bool put(const ScriptSourceChunk& ssc, UniqueTwoByteChars chars, AutoHoldEntry& asp); void purge(); size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf); private: void holdEntry(AutoHoldEntry& holder, const ScriptSourceChunk& ssc); void releaseEntry(AutoHoldEntry& holder); }; class ScriptSource { friend struct SourceCompressionTask; uint32_t refs; // Note: while ScriptSources may be compressed off thread, they are only // modified by the main thread, and all members are always safe to access // on the main thread. // Indicate which field in the |data| union is active. struct Missing { }; struct Uncompressed { SharedImmutableTwoByteString string; explicit Uncompressed(SharedImmutableTwoByteString&& str) : string(mozilla::Move(str)) { } }; struct Compressed { SharedImmutableString raw; size_t uncompressedLength; Compressed(SharedImmutableString&& raw, size_t uncompressedLength) : raw(mozilla::Move(raw)) , uncompressedLength(uncompressedLength) { } }; using SourceType = mozilla::Variant<Missing, Uncompressed, Compressed>; SourceType data; // The filename of this script. UniqueChars filename_; UniqueTwoByteChars displayURL_; UniqueTwoByteChars sourceMapURL_; bool mutedErrors_; // bytecode offset in caller script that generated this code. // This is present for eval-ed code, as well as "new Function(...)"-introduced // scripts. uint32_t introductionOffset_; // If this source is for Function constructor, the position of ")" after // parameter list in the source. This is used to get function body. // 0 for other cases. uint32_t parameterListEnd_; // If this ScriptSource was generated by a code-introduction mechanism such // as |eval| or |new Function|, the debugger needs access to the "raw" // filename of the top-level script that contains the eval-ing code. To // keep track of this, we must preserve the original outermost filename (of // the original introducer script), so that instead of a filename of // "foo.js line 30 > eval line 10 > Function", we can obtain the original // raw filename of "foo.js". // // In the case described above, this field will be non-null and will be the // original raw filename from above. Otherwise this field will be null. UniqueChars introducerFilename_; // A string indicating how this source code was introduced into the system. // This accessor returns one of the following values: // "eval" for code passed to |eval|. // "Function" for code passed to the |Function| constructor. // "Worker" for code loaded by calling the Web worker constructor—the worker's main script. // "importScripts" for code by calling |importScripts| in a web worker. // "handler" for code assigned to DOM elements' event handler IDL attributes. // "scriptElement" for code belonging to <script> elements. // undefined if the implementation doesn't know how the code was introduced. // This is a constant, statically allocated C string, so does not need // memory management. const char* introductionType_; // True if we can call JSRuntime::sourceHook to load the source on // demand. If sourceRetrievable_ and hasSourceData() are false, it is not // possible to get source at all. bool sourceRetrievable_:1; bool hasIntroductionOffset_:1; const char16_t* chunkChars(JSContext* cx, UncompressedSourceCache::AutoHoldEntry& holder, size_t chunk); public: explicit ScriptSource() : refs(0), data(SourceType(Missing())), filename_(nullptr), displayURL_(nullptr), sourceMapURL_(nullptr), mutedErrors_(false), introductionOffset_(0), parameterListEnd_(0), introducerFilename_(nullptr), introductionType_(nullptr), sourceRetrievable_(false), hasIntroductionOffset_(false) { } ~ScriptSource() { MOZ_ASSERT(refs == 0); } void incref() { refs++; } void decref() { MOZ_ASSERT(refs != 0); if (--refs == 0) js_delete(this); } bool initFromOptions(ExclusiveContext* cx, const ReadOnlyCompileOptions& options, mozilla::Maybe<uint32_t> parameterListEnd = mozilla::Nothing()); bool setSourceCopy(ExclusiveContext* cx, JS::SourceBufferHolder& srcBuf, SourceCompressionTask* tok); void setSourceRetrievable() { sourceRetrievable_ = true; } bool sourceRetrievable() const { return sourceRetrievable_; } bool hasSourceData() const { return !data.is<Missing>(); } bool hasCompressedSource() const { return data.is<Compressed>(); } size_t length() const { struct LengthMatcher { size_t match(const Uncompressed& u) { return u.string.length(); } size_t match(const Compressed& c) { return c.uncompressedLength; } size_t match(const Missing& m) { MOZ_CRASH("ScriptSource::length on a missing source"); return 0; } }; MOZ_ASSERT(hasSourceData()); return data.match(LengthMatcher()); } // Return a string containing the chars starting at |begin| and ending at // |begin + len|. const char16_t* chars(JSContext* cx, UncompressedSourceCache::AutoHoldEntry& asp, size_t begin, size_t len); JSFlatString* substring(JSContext* cx, size_t start, size_t stop); JSFlatString* substringDontDeflate(JSContext* cx, size_t start, size_t stop); bool isFunctionBody() { return parameterListEnd_ != 0; } JSFlatString* functionBodyString(JSContext* cx); void addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::ScriptSourceInfo* info) const; MOZ_MUST_USE bool setSource(ExclusiveContext* cx, mozilla::UniquePtr<char16_t[], JS::FreePolicy>&& source, size_t length); void setSource(SharedImmutableTwoByteString&& string); MOZ_MUST_USE bool setCompressedSource( ExclusiveContext* cx, mozilla::UniquePtr<char[], JS::FreePolicy>&& raw, size_t rawLength, size_t sourceLength); void setCompressedSource(SharedImmutableString&& raw, size_t sourceLength); // XDR handling template <XDRMode mode> bool performXDR(XDRState<mode>* xdr); bool setFilename(ExclusiveContext* cx, const char* filename); const char* introducerFilename() const { return introducerFilename_ ? introducerFilename_.get() : filename_.get(); } bool hasIntroductionType() const { return introductionType_; } const char* introductionType() const { MOZ_ASSERT(hasIntroductionType()); return introductionType_; } const char* filename() const { return filename_.get(); } // Display URLs bool setDisplayURL(ExclusiveContext* cx, const char16_t* displayURL); bool hasDisplayURL() const { return displayURL_ != nullptr; } const char16_t * displayURL() { MOZ_ASSERT(hasDisplayURL()); return displayURL_.get(); } // Source maps bool setSourceMapURL(ExclusiveContext* cx, const char16_t* sourceMapURL); bool hasSourceMapURL() const { return sourceMapURL_ != nullptr; } const char16_t * sourceMapURL() { MOZ_ASSERT(hasSourceMapURL()); return sourceMapURL_.get(); } bool mutedErrors() const { return mutedErrors_; } bool hasIntroductionOffset() const { return hasIntroductionOffset_; } uint32_t introductionOffset() const { MOZ_ASSERT(hasIntroductionOffset()); return introductionOffset_; } void setIntroductionOffset(uint32_t offset) { MOZ_ASSERT(!hasIntroductionOffset()); MOZ_ASSERT(offset <= (uint32_t)INT32_MAX); introductionOffset_ = offset; hasIntroductionOffset_ = true; } }; class ScriptSourceHolder { ScriptSource* ss; public: ScriptSourceHolder() : ss(nullptr) {} explicit ScriptSourceHolder(ScriptSource* ss) : ss(ss) { ss->incref(); } ~ScriptSourceHolder() { if (ss) ss->decref(); } void reset(ScriptSource* newss) { if (ss) ss->decref(); ss = newss; ss->incref(); } ScriptSource* get() const { return ss; } }; class ScriptSourceObject : public NativeObject { static const ClassOps classOps_; public: static const Class class_; static void trace(JSTracer* trc, JSObject* obj); static void finalize(FreeOp* fop, JSObject* obj); static ScriptSourceObject* create(ExclusiveContext* cx, ScriptSource* source); // Initialize those properties of this ScriptSourceObject whose values // are provided by |options|, re-wrapping as necessary. static bool initFromOptions(JSContext* cx, HandleScriptSource source, const ReadOnlyCompileOptions& options); ScriptSource* source() const { return static_cast<ScriptSource*>(getReservedSlot(SOURCE_SLOT).toPrivate()); } JSObject* element() const { return getReservedSlot(ELEMENT_SLOT).toObjectOrNull(); } const Value& elementAttributeName() const { MOZ_ASSERT(!getReservedSlot(ELEMENT_PROPERTY_SLOT).isMagic()); return getReservedSlot(ELEMENT_PROPERTY_SLOT); } JSScript* introductionScript() const { if (getReservedSlot(INTRODUCTION_SCRIPT_SLOT).isUndefined()) return nullptr; void* untyped = getReservedSlot(INTRODUCTION_SCRIPT_SLOT).toPrivate(); MOZ_ASSERT(untyped); return static_cast<JSScript*>(untyped); } private: static const uint32_t SOURCE_SLOT = 0; static const uint32_t ELEMENT_SLOT = 1; static const uint32_t ELEMENT_PROPERTY_SLOT = 2; static const uint32_t INTRODUCTION_SCRIPT_SLOT = 3; static const uint32_t RESERVED_SLOTS = 4; }; enum GeneratorKind { NotGenerator, LegacyGenerator, StarGenerator }; enum FunctionAsyncKind { SyncFunction, AsyncFunction }; static inline unsigned GeneratorKindAsBits(GeneratorKind generatorKind) { return static_cast<unsigned>(generatorKind); } static inline GeneratorKind GeneratorKindFromBits(unsigned val) { MOZ_ASSERT(val <= StarGenerator); return static_cast<GeneratorKind>(val); } static inline unsigned AsyncKindAsBits(FunctionAsyncKind asyncKind) { return static_cast<unsigned>(asyncKind); } static inline FunctionAsyncKind AsyncKindFromBits(unsigned val) { MOZ_ASSERT(val <= AsyncFunction); return static_cast<FunctionAsyncKind>(val); } /* * NB: after a successful XDR_DECODE, XDRScript callers must do any required * subsequent set-up of owning function or script object and then call * CallNewScriptHook. */ template<XDRMode mode> bool XDRScript(XDRState<mode>* xdr, HandleScope enclosingScope, HandleScript enclosingScript, HandleFunction fun, MutableHandleScript scriptp); template<XDRMode mode> bool XDRLazyScript(XDRState<mode>* xdr, HandleScope enclosingScope, HandleScript enclosingScript, HandleFunction fun, MutableHandle<LazyScript*> lazy); /* * Code any constant value. */ template<XDRMode mode> bool XDRScriptConst(XDRState<mode>* xdr, MutableHandleValue vp); /* * Common data that can be shared between many scripts in a single runtime. */ class SharedScriptData { // This class is reference counted as follows: each pointer from a JSScript // counts as one reference plus there may be one reference from the shared // script data table. mozilla::Atomic<uint32_t> refCount_; uint32_t dataLength_; uint32_t natoms_; uint32_t codeLength_; uintptr_t data_[1]; public: static SharedScriptData* new_(ExclusiveContext* cx, uint32_t codeLength, uint32_t srcnotesLength, uint32_t natoms); uint32_t refCount() const { return refCount_; } void incRefCount() { refCount_++; } void decRefCount() { MOZ_ASSERT(refCount_ != 0); refCount_--; if (refCount_ == 0) js_free(this); } uint32_t dataLength() const { return dataLength_; } uint8_t* data() { return reinterpret_cast<uint8_t*>(data_); } uint32_t natoms() const { return natoms_; } GCPtrAtom* atoms() { if (!natoms_) return nullptr; return reinterpret_cast<GCPtrAtom*>(data()); } uint32_t codeLength() const { return codeLength_; } jsbytecode* code() { return reinterpret_cast<jsbytecode*>(data() + natoms_ * sizeof(GCPtrAtom)); } void traceChildren(JSTracer* trc); private: SharedScriptData() = delete; SharedScriptData(const SharedScriptData&) = delete; SharedScriptData& operator=(const SharedScriptData&) = delete; }; struct ScriptBytecodeHasher { struct Lookup { const uint8_t* data; uint32_t length; explicit Lookup(SharedScriptData* ssd) : data(ssd->data()), length(ssd->dataLength()) {} }; static HashNumber hash(const Lookup& l) { return mozilla::HashBytes(l.data, l.length); } static bool match(SharedScriptData* entry, const Lookup& lookup) { if (entry->dataLength() != lookup.length) return false; return mozilla::PodEqual<uint8_t>(entry->data(), lookup.data, lookup.length); } }; typedef HashSet<SharedScriptData*, ScriptBytecodeHasher, SystemAllocPolicy> ScriptDataTable; extern void SweepScriptData(JSRuntime* rt, AutoLockForExclusiveAccess& lock); extern void FreeScriptData(JSRuntime* rt, AutoLockForExclusiveAccess& lock); } /* namespace js */ class JSScript : public js::gc::TenuredCell { template <js::XDRMode mode> friend bool js::XDRScript(js::XDRState<mode>* xdr, js::HandleScope enclosingScope, js::HandleScript enclosingScript, js::HandleFunction fun, js::MutableHandleScript scriptp); friend bool js::detail::CopyScript(JSContext* cx, js::HandleScript src, js::HandleScript dst, js::MutableHandle<JS::GCVector<js::Scope*>> scopes); private: js::SharedScriptData* scriptData_; public: uint8_t* data; /* pointer to variable-length data array (see comment above Create() for details) */ JSCompartment* compartment_; private: /* Persistent type information retained across GCs. */ js::TypeScript* types_; // This script's ScriptSourceObject, or a CCW thereof. // // (When we clone a JSScript into a new compartment, we don't clone its // source object. Instead, the clone refers to a wrapper.) js::GCPtrObject sourceObject_; /* * Information attached by Ion. Nexto a valid IonScript this could be * ION_DISABLED_SCRIPT, ION_COMPILING_SCRIPT or ION_PENDING_SCRIPT. * The later is a ion compilation that is ready, but hasn't been linked * yet. */ js::jit::IonScript* ion; /* Information attached by Baseline. */ js::jit::BaselineScript* baseline; /* Information used to re-lazify a lazily-parsed interpreted function. */ js::LazyScript* lazyScript; /* * Pointer to either baseline->method()->raw() or ion->method()->raw(), or * nullptr if there's no Baseline or Ion script. */ uint8_t* baselineOrIonRaw; uint8_t* baselineOrIonSkipArgCheck; // 32-bit fields. uint32_t dataSize_; /* size of the used part of the data array */ uint32_t lineno_; /* base line number of script */ uint32_t column_; /* base column of script, optionally set */ uint32_t mainOffset_;/* offset of main entry point from code, after predef'ing prologue */ uint32_t nfixed_; /* fixed frame slots */ uint32_t nslots_; /* slots plus maximum stack depth */ uint32_t bodyScopeIndex_; /* index into the scopes array of the body scope */ // Range of characters in scriptSource which contains this script's // source, that is, the range used by the Parser to produce this script. // // Most scripted functions have sourceStart_ == toStringStart_ and // sourceEnd_ == toStringEnd_. However, for functions with extra // qualifiers (e.g. generators, async) and for class constructors (which // need to return the entire class source), their values differ. // // Each field points the following locations. // // function * f(a, b) { return a + b; } // ^ ^ ^ // | | | // | sourceStart_ sourceEnd_ // | | // toStringStart_ toStringEnd_ // // And, in the case of class constructors, an additional toStringEnd // offset is used. // // class C { constructor() { this.field = 42; } } // ^ ^ ^ ^ // | | | `---------` // | sourceStart_ sourceEnd_ | // | | // toStringStart_ toStringEnd_ uint32_t sourceStart_; uint32_t sourceEnd_; uint32_t toStringStart_; uint32_t toStringEnd_; // Number of times the script has been called or has had backedges taken. // When running in ion, also increased for any inlined scripts. Reset if // the script's JIT code is forcibly discarded. mozilla::Atomic<uint32_t, mozilla::Relaxed> warmUpCount; // 16-bit fields. uint16_t warmUpResetCount; /* Number of times the |warmUpCount| was * forcibly discarded. The counter is reset when * a script is successfully jit-compiled. */ uint16_t version; /* JS version under which script was compiled */ uint16_t funLength_; /* ES6 function length */ uint16_t nTypeSets_; /* number of type sets used in this script for dynamic type monitoring */ // Bit fields. public: // The kinds of the optional arrays. enum ArrayKind { CONSTS, OBJECTS, TRYNOTES, SCOPENOTES, ARRAY_KIND_BITS }; private: // The bits in this field indicate the presence/non-presence of several // optional arrays in |data|. See the comments above Create() for details. uint8_t hasArrayBits:ARRAY_KIND_BITS; // The GeneratorKind of the script. uint8_t generatorKindBits_:2; // 1-bit fields. // No need for result value of last expression statement. bool noScriptRval_:1; // Code is in strict mode. bool strict_:1; // Code has "use strict"; explicitly. bool explicitUseStrict_:1; // True if the script has a non-syntactic scope on its dynamic scope chain. // That is, there are objects about which we know nothing between the // outermost syntactic scope and the global. bool hasNonSyntacticScope_:1; // see Parser::selfHostingMode. bool selfHosted_:1; // See FunctionContextFlags. bool bindingsAccessedDynamically_:1; bool funHasExtensibleScope_:1; // True if any formalIsAliased(i). bool funHasAnyAliasedFormal_:1; // Have warned about uses of undefined properties in this script. bool warnedAboutUndefinedProp_:1; // Script has singleton objects. bool hasSingletons_:1; // Script is a lambda to treat as running once or a global or eval script // that will only run once. Which one it is can be disambiguated by // checking whether function() is null. bool treatAsRunOnce_:1; // If treatAsRunOnce, whether script has executed. bool hasRunOnce_:1; // Script has been reused for a clone. bool hasBeenCloned_:1; // Script came from eval(), and is still active. bool isActiveEval_:1; // Script came from eval(), and is in eval cache. bool isCachedEval_:1; // 'this', 'arguments' and f.apply() are used. This is likely to be a wrapper. bool isLikelyConstructorWrapper_:1; // IonMonkey compilation hints. bool failedBoundsCheck_:1; /* script has had hoisted bounds checks fail */ bool failedShapeGuard_:1; /* script has had hoisted shape guard fail */ bool hadFrequentBailouts_:1; bool hadOverflowBailout_:1; bool uninlineable_:1; /* explicitly marked as uninlineable */ // Idempotent cache has triggered invalidation. bool invalidatedIdempotentCache_:1; // Lexical check did fail and bail out. bool failedLexicalCheck_:1; // If the generator was created implicitly via a generator expression, // isGeneratorExp will be true. bool isGeneratorExp_:1; // Script has an entry in JSCompartment::scriptCountsMap. bool hasScriptCounts_:1; // Script has an entry in JSCompartment::debugScriptMap. bool hasDebugScript_:1; // Freeze constraints for stack type sets have been generated. bool hasFreezeConstraints_:1; /* See comments below. */ bool argsHasVarBinding_:1; bool needsArgsAnalysis_:1; bool needsArgsObj_:1; bool functionHasThisBinding_:1; bool functionHasExtraBodyVarScope_:1; // Whether the arguments object for this script, if it needs one, should be // mapped (alias formal parameters). bool hasMappedArgsObj_:1; // Generation for this script's TypeScript. If out of sync with the // TypeZone's generation, the TypeScript needs to be swept. // // This should be a uint32 but is instead a bool so that MSVC packs it // correctly. bool typesGeneration_:1; // Do not relazify this script. This is used by the relazify() testing // function for scripts that are on the stack and also by the AutoDelazify // RAII class. Usually we don't relazify functions in compartments with // scripts on the stack, but the relazify() testing function overrides that, // and sometimes we're working with a cross-compartment function and need to // keep it from relazifying. bool doNotRelazify_:1; // Script contains inner functions. Used to check if we can relazify the // script. bool hasInnerFunctions_:1; bool needsHomeObject_:1; bool isDerivedClassConstructor_:1; bool isDefaultClassConstructor_:1; bool isAsync_:1; bool hasRest_:1; bool isExprBody_:1; // Add padding so JSScript is gc::Cell aligned. Make padding protected // instead of private to suppress -Wunused-private-field compiler warnings. protected: #if JS_BITS_PER_WORD == 32 // Currently no padding is needed. #endif // // End of fields. Start methods. // public: static JSScript* Create(js::ExclusiveContext* cx, const JS::ReadOnlyCompileOptions& options, js::HandleObject sourceObject, uint32_t sourceStart, uint32_t sourceEnd, uint32_t toStringStart, uint32_t toStringEnd); void initCompartment(js::ExclusiveContext* cx); // Three ways ways to initialize a JSScript. Callers of partiallyInit() // are responsible for notifying the debugger after successfully creating // any kind (function or other) of new JSScript. However, callers of // fullyInitFromEmitter() do not need to do this. static bool partiallyInit(js::ExclusiveContext* cx, JS::Handle<JSScript*> script, uint32_t nscopes, uint32_t nconsts, uint32_t nobjects, uint32_t ntrynotes, uint32_t nscopenotes, uint32_t nyieldoffsets, uint32_t nTypeSets); private: static void initFromFunctionBox(js::ExclusiveContext* cx, js::HandleScript script, js::frontend::FunctionBox* funbox); static void initFromModuleContext(js::ExclusiveContext* cx, js::HandleScript script, js::frontend::ModuleSharedContext* modulesc); public: static bool fullyInitFromEmitter(js::ExclusiveContext* cx, js::HandleScript script, js::frontend::BytecodeEmitter* bce); // Initialize the Function.prototype script. static bool initFunctionPrototype(js::ExclusiveContext* cx, js::HandleScript script, JS::HandleFunction functionProto); #ifdef DEBUG private: // Assert that jump targets are within the code array of the script. void assertValidJumpTargets() const; #endif public: inline JSPrincipals* principals(); JSCompartment* compartment() const { return compartment_; } JSCompartment* maybeCompartment() const { return compartment(); } void setVersion(JSVersion v) { version = v; } js::SharedScriptData* scriptData() { return scriptData_; } // Script bytecode is immutable after creation. jsbytecode* code() const { if (!scriptData_) return nullptr; return scriptData_->code(); } size_t length() const { MOZ_ASSERT(scriptData_); return scriptData_->codeLength(); } jsbytecode* codeEnd() const { return code() + length(); } jsbytecode* lastPC() const { jsbytecode* pc = codeEnd() - js::JSOP_RETRVAL_LENGTH; MOZ_ASSERT(*pc == JSOP_RETRVAL); return pc; } bool containsPC(const jsbytecode* pc) const { return pc >= code() && pc < codeEnd(); } size_t pcToOffset(const jsbytecode* pc) const { MOZ_ASSERT(containsPC(pc)); return size_t(pc - code()); } jsbytecode* offsetToPC(size_t offset) const { MOZ_ASSERT(offset < length()); return code() + offset; } size_t mainOffset() const { return mainOffset_; } size_t lineno() const { return lineno_; } size_t column() const { return column_; } void setColumn(size_t column) { column_ = column; } // The fixed part of a stack frame is comprised of vars (in function and // module code) and block-scoped locals (in all kinds of code). size_t nfixed() const { return nfixed_; } // Number of fixed slots reserved for slots that are always live. Only // nonzero for function or module code. size_t numAlwaysLiveFixedSlots() const { if (bodyScope()->is<js::FunctionScope>()) return bodyScope()->as<js::FunctionScope>().nextFrameSlot(); if (bodyScope()->is<js::ModuleScope>()) return bodyScope()->as<js::ModuleScope>().nextFrameSlot(); return 0; } // Calculate the number of fixed slots that are live at a particular bytecode. size_t calculateLiveFixed(jsbytecode* pc); size_t nslots() const { return nslots_; } unsigned numArgs() const { if (bodyScope()->is<js::FunctionScope>()) return bodyScope()->as<js::FunctionScope>().numPositionalFormalParameters(); return 0; } inline js::Shape* initialEnvironmentShape() const; bool functionHasParameterExprs() const { // Only functions have parameters. js::Scope* scope = bodyScope(); if (!scope->is<js::FunctionScope>()) return false; return scope->as<js::FunctionScope>().hasParameterExprs(); } size_t nTypeSets() const { return nTypeSets_; } size_t funLength() const { return funLength_; } size_t sourceStart() const { return sourceStart_; } size_t sourceEnd() const { return sourceEnd_; } uint32_t toStringStart() const { return toStringStart_; } uint32_t toStringEnd() const { return toStringEnd_; } bool noScriptRval() const { return noScriptRval_; } bool strict() const { return strict_; } bool explicitUseStrict() const { return explicitUseStrict_; } bool hasNonSyntacticScope() const { return hasNonSyntacticScope_; } bool selfHosted() const { return selfHosted_; } bool bindingsAccessedDynamically() const { return bindingsAccessedDynamically_; } bool funHasExtensibleScope() const { return funHasExtensibleScope_; } bool funHasAnyAliasedFormal() const { return funHasAnyAliasedFormal_; } bool hasSingletons() const { return hasSingletons_; } bool treatAsRunOnce() const { return treatAsRunOnce_; } bool hasRunOnce() const { return hasRunOnce_; } bool hasBeenCloned() const { return hasBeenCloned_; } void setTreatAsRunOnce() { treatAsRunOnce_ = true; } void setHasRunOnce() { hasRunOnce_ = true; } void setHasBeenCloned() { hasBeenCloned_ = true; } bool isActiveEval() const { return isActiveEval_; } bool isCachedEval() const { return isCachedEval_; } void cacheForEval() { MOZ_ASSERT(isActiveEval() && !isCachedEval()); isActiveEval_ = false; isCachedEval_ = true; // IsEvalCacheCandidate will make sure that there's nothing in this // script that would prevent reexecution even if isRunOnce is // true. So just pretend like we never ran this script. hasRunOnce_ = false; } void uncacheForEval() { MOZ_ASSERT(isCachedEval() && !isActiveEval()); isCachedEval_ = false; isActiveEval_ = true; } void setActiveEval() { isActiveEval_ = true; } bool isLikelyConstructorWrapper() const { return isLikelyConstructorWrapper_; } void setLikelyConstructorWrapper() { isLikelyConstructorWrapper_ = true; } bool isGeneratorExp() const { return isGeneratorExp_; } bool failedBoundsCheck() const { return failedBoundsCheck_; } bool failedShapeGuard() const { return failedShapeGuard_; } bool hadFrequentBailouts() const { return hadFrequentBailouts_; } bool hadOverflowBailout() const { return hadOverflowBailout_; } bool uninlineable() const { return uninlineable_; } bool invalidatedIdempotentCache() const { return invalidatedIdempotentCache_; } bool failedLexicalCheck() const { return failedLexicalCheck_; } bool isDefaultClassConstructor() const { return isDefaultClassConstructor_; } void setFailedBoundsCheck() { failedBoundsCheck_ = true; } void setFailedShapeGuard() { failedShapeGuard_ = true; } void setHadFrequentBailouts() { hadFrequentBailouts_ = true; } void setHadOverflowBailout() { hadOverflowBailout_ = true; } void setUninlineable() { uninlineable_ = true; } void setInvalidatedIdempotentCache() { invalidatedIdempotentCache_ = true; } void setFailedLexicalCheck() { failedLexicalCheck_ = true; } void setIsDefaultClassConstructor() { isDefaultClassConstructor_ = true; } bool hasScriptCounts() const { return hasScriptCounts_; } bool hasFreezeConstraints() const { return hasFreezeConstraints_; } void setHasFreezeConstraints() { hasFreezeConstraints_ = true; } bool warnedAboutUndefinedProp() const { return warnedAboutUndefinedProp_; } void setWarnedAboutUndefinedProp() { warnedAboutUndefinedProp_ = true; } /* See ContextFlags::funArgumentsHasLocalBinding comment. */ bool argumentsHasVarBinding() const { return argsHasVarBinding_; } void setArgumentsHasVarBinding(); bool argumentsAliasesFormals() const { return argumentsHasVarBinding() && hasMappedArgsObj(); } js::GeneratorKind generatorKind() const { return js::GeneratorKindFromBits(generatorKindBits_); } bool isLegacyGenerator() const { return generatorKind() == js::LegacyGenerator; } bool isStarGenerator() const { return generatorKind() == js::StarGenerator; } void setGeneratorKind(js::GeneratorKind kind) { // A script only gets its generator kind set as part of initialization, // so it can only transition from not being a generator. MOZ_ASSERT(!isStarGenerator() && !isLegacyGenerator()); generatorKindBits_ = GeneratorKindAsBits(kind); } js::FunctionAsyncKind asyncKind() const { return isAsync_ ? js::AsyncFunction : js::SyncFunction; } bool isAsync() const { return isAsync_; } void setAsyncKind(js::FunctionAsyncKind kind) { isAsync_ = kind == js::AsyncFunction; } bool hasRest() const { return hasRest_; } void setHasRest() { hasRest_ = true; } bool isExprBody() const { return isExprBody_; } void setIsExprBody() { isExprBody_ = true; } void setNeedsHomeObject() { needsHomeObject_ = true; } bool needsHomeObject() const { return needsHomeObject_; } bool isDerivedClassConstructor() const { return isDerivedClassConstructor_; } /* * As an optimization, even when argsHasLocalBinding, the function prologue * may not need to create an arguments object. This is determined by * needsArgsObj which is set by AnalyzeArgumentsUsage. When !needsArgsObj, * the prologue may simply write MagicValue(JS_OPTIMIZED_ARGUMENTS) to * 'arguments's slot and any uses of 'arguments' will be guaranteed to * handle this magic value. To avoid spurious arguments object creation, we * maintain the invariant that needsArgsObj is only called after the script * has been analyzed. */ bool analyzedArgsUsage() const { return !needsArgsAnalysis_; } inline bool ensureHasAnalyzedArgsUsage(JSContext* cx); bool needsArgsObj() const { MOZ_ASSERT(analyzedArgsUsage()); return needsArgsObj_; } void setNeedsArgsObj(bool needsArgsObj); static bool argumentsOptimizationFailed(JSContext* cx, js::HandleScript script); bool hasMappedArgsObj() const { return hasMappedArgsObj_; } bool functionHasThisBinding() const { return functionHasThisBinding_; } /* * Arguments access (via JSOP_*ARG* opcodes) must access the canonical * location for the argument. If an arguments object exists AND it's mapped * ('arguments' aliases formals), then all access must go through the * arguments object. Otherwise, the local slot is the canonical location for * the arguments. Note: if a formal is aliased through the scope chain, then * script->formalIsAliased and JSOP_*ARG* opcodes won't be emitted at all. */ bool argsObjAliasesFormals() const { return needsArgsObj() && hasMappedArgsObj(); } uint32_t typesGeneration() const { return (uint32_t) typesGeneration_; } void setTypesGeneration(uint32_t generation) { MOZ_ASSERT(generation <= 1); typesGeneration_ = (bool) generation; } void setDoNotRelazify(bool b) { doNotRelazify_ = b; } void setHasInnerFunctions(bool b) { hasInnerFunctions_ = b; } bool hasInnerFunctions() const { return hasInnerFunctions_; } bool hasAnyIonScript() const { return hasIonScript(); } bool hasIonScript() const { bool res = ion && ion != ION_DISABLED_SCRIPT && ion != ION_COMPILING_SCRIPT && ion != ION_PENDING_SCRIPT; MOZ_ASSERT_IF(res, baseline); return res; } bool canIonCompile() const { return ion != ION_DISABLED_SCRIPT; } bool isIonCompilingOffThread() const { return ion == ION_COMPILING_SCRIPT; } js::jit::IonScript* ionScript() const { MOZ_ASSERT(hasIonScript()); return ion; } js::jit::IonScript* maybeIonScript() const { return ion; } js::jit::IonScript* const* addressOfIonScript() const { return &ion; } void setIonScript(JSRuntime* maybeRuntime, js::jit::IonScript* ionScript); bool hasBaselineScript() const { bool res = baseline && baseline != BASELINE_DISABLED_SCRIPT; MOZ_ASSERT_IF(!res, !ion || ion == ION_DISABLED_SCRIPT); return res; } bool canBaselineCompile() const { return baseline != BASELINE_DISABLED_SCRIPT; } js::jit::BaselineScript* baselineScript() const { MOZ_ASSERT(hasBaselineScript()); return baseline; } inline void setBaselineScript(JSRuntime* maybeRuntime, js::jit::BaselineScript* baselineScript); void updateBaselineOrIonRaw(JSRuntime* maybeRuntime); static size_t offsetOfBaselineScript() { return offsetof(JSScript, baseline); } static size_t offsetOfIonScript() { return offsetof(JSScript, ion); } static size_t offsetOfBaselineOrIonRaw() { return offsetof(JSScript, baselineOrIonRaw); } uint8_t* baselineOrIonRawPointer() const { return baselineOrIonRaw; } static size_t offsetOfBaselineOrIonSkipArgCheck() { return offsetof(JSScript, baselineOrIonSkipArgCheck); } bool isRelazifiable() const { return (selfHosted() || lazyScript) && !hasInnerFunctions_ && !types_ && !isStarGenerator() && !isLegacyGenerator() && !isAsync() && !hasBaselineScript() && !hasAnyIonScript() && !isDefaultClassConstructor() && !doNotRelazify_; } void setLazyScript(js::LazyScript* lazy) { lazyScript = lazy; } js::LazyScript* maybeLazyScript() { return lazyScript; } /* * Original compiled function for the script, if it has a function. * nullptr for global and eval scripts. * The delazifying variant ensures that the function isn't lazy. The * non-delazifying variant must only be used after earlier code has * called ensureNonLazyCanonicalFunction and while the function can't * have been relazified. */ inline JSFunction* functionDelazifying() const; JSFunction* functionNonDelazifying() const { if (bodyScope()->is<js::FunctionScope>()) return bodyScope()->as<js::FunctionScope>().canonicalFunction(); return nullptr; } /* * De-lazifies the canonical function. Must be called before entering code * that expects the function to be non-lazy. */ inline void ensureNonLazyCanonicalFunction(); js::ModuleObject* module() const { if (bodyScope()->is<js::ModuleScope>()) return bodyScope()->as<js::ModuleScope>().module(); return nullptr; } bool isGlobalOrEvalCode() const { return bodyScope()->is<js::GlobalScope>() || bodyScope()->is<js::EvalScope>(); } bool isGlobalCode() const { return bodyScope()->is<js::GlobalScope>(); } // Returns true if the script may read formal arguments on the stack // directly, via lazy arguments or a rest parameter. bool mayReadFrameArgsDirectly(); static JSFlatString* sourceData(JSContext* cx, JS::HandleScript script); static JSFlatString* sourceDataForToString(JSContext* cx, JS::HandleScript script); static bool loadSource(JSContext* cx, js::ScriptSource* ss, bool* worked); void setSourceObject(JSObject* object); JSObject* sourceObject() const { return sourceObject_; } js::ScriptSourceObject& scriptSourceUnwrap() const; js::ScriptSource* scriptSource() const; js::ScriptSource* maybeForwardedScriptSource() const; bool mutedErrors() const { return scriptSource()->mutedErrors(); } const char* filename() const { return scriptSource()->filename(); } const char* maybeForwardedFilename() const { return maybeForwardedScriptSource()->filename(); } void setDefaultClassConstructorSpan(JSObject* sourceObject, uint32_t start, uint32_t end); public: /* Return whether this script was compiled for 'eval' */ bool isForEval() const { MOZ_ASSERT_IF(isCachedEval() || isActiveEval(), bodyScope()->is<js::EvalScope>()); return isCachedEval() || isActiveEval(); } /* Return whether this is a 'direct eval' script in a function scope. */ bool isDirectEvalInFunction() const { if (!isForEval()) return false; return bodyScope()->hasOnChain(js::ScopeKind::Function); } /* * Return whether this script is a top-level script. * * If we evaluate some code which contains a syntax error, then we might * produce a JSScript which has no associated bytecode. Testing with * |code()| filters out this kind of scripts. * * If this script has a function associated to it, then it is not the * top-level of a file. */ bool isTopLevel() { return code() && !functionNonDelazifying(); } /* Ensure the script has a TypeScript. */ inline bool ensureHasTypes(JSContext* cx); inline js::TypeScript* types(); void maybeSweepTypes(js::AutoClearTypeInferenceStateOnOOM* oom); inline js::GlobalObject& global() const; js::GlobalObject& uninlinedGlobal() const; uint32_t bodyScopeIndex() const { return bodyScopeIndex_; } js::Scope* bodyScope() const { return getScope(bodyScopeIndex_); } js::Scope* outermostScope() const { // The body scope may not be the outermost scope in the script when // the decl env scope is present. size_t index = 0; return getScope(index); } bool functionHasExtraBodyVarScope() const { MOZ_ASSERT_IF(functionHasExtraBodyVarScope_, functionHasParameterExprs()); return functionHasExtraBodyVarScope_; } js::VarScope* functionExtraBodyVarScope() const { MOZ_ASSERT(functionHasExtraBodyVarScope()); for (uint32_t i = 0; i < scopes()->length; i++) { js::Scope* scope = getScope(i); if (scope->kind() == js::ScopeKind::FunctionBodyVar) return &scope->as<js::VarScope>(); } MOZ_CRASH("Function extra body var scope not found"); } inline js::LexicalScope* maybeNamedLambdaScope() const; js::Scope* enclosingScope() const { return outermostScope()->enclosing(); } private: bool makeTypes(JSContext* cx); bool createScriptData(js::ExclusiveContext* cx, uint32_t codeLength, uint32_t srcnotesLength, uint32_t natoms); bool shareScriptData(js::ExclusiveContext* cx); void freeScriptData(); void setScriptData(js::SharedScriptData* data); public: uint32_t getWarmUpCount() const { return warmUpCount; } uint32_t incWarmUpCounter(uint32_t amount = 1) { return warmUpCount += amount; } uint32_t* addressOfWarmUpCounter() { return reinterpret_cast<uint32_t*>(&warmUpCount); } static size_t offsetOfWarmUpCounter() { return offsetof(JSScript, warmUpCount); } void resetWarmUpCounter() { incWarmUpResetCounter(); warmUpCount = 0; } uint16_t getWarmUpResetCount() const { return warmUpResetCount; } uint16_t incWarmUpResetCounter(uint16_t amount = 1) { return warmUpResetCount += amount; } void resetWarmUpResetCounter() { warmUpResetCount = 0; } public: bool initScriptCounts(JSContext* cx); js::ScriptCounts& getScriptCounts(); js::PCCounts* maybeGetPCCounts(jsbytecode* pc); const js::PCCounts* maybeGetThrowCounts(jsbytecode* pc); js::PCCounts* getThrowCounts(jsbytecode* pc); uint64_t getHitCount(jsbytecode* pc); void incHitCount(jsbytecode* pc); // Used when we bailout out of Ion. void addIonCounts(js::jit::IonScriptCounts* ionCounts); js::jit::IonScriptCounts* getIonCounts(); void releaseScriptCounts(js::ScriptCounts* counts); void destroyScriptCounts(js::FreeOp* fop); // The entry should be removed after using this function. void takeOverScriptCountsMapEntry(js::ScriptCounts* entryValue); jsbytecode* main() const { return code() + mainOffset(); } /* * computedSizeOfData() is the in-use size of all the data sections. * sizeOfData() is the size of the block allocated to hold all the data * sections (which can be larger than the in-use size). */ size_t computedSizeOfData() const; size_t sizeOfData(mozilla::MallocSizeOf mallocSizeOf) const; size_t sizeOfTypeScript(mozilla::MallocSizeOf mallocSizeOf) const; uint32_t numNotes(); /* Number of srcnote slots in the srcnotes section */ /* Script notes are allocated right after the code. */ jssrcnote* notes() { return (jssrcnote*)(code() + length()); } bool hasArray(ArrayKind kind) const { return hasArrayBits & (1 << kind); } void setHasArray(ArrayKind kind) { hasArrayBits |= (1 << kind); } void cloneHasArray(JSScript* script) { hasArrayBits = script->hasArrayBits; } bool hasConsts() const { return hasArray(CONSTS); } bool hasObjects() const { return hasArray(OBJECTS); } bool hasTrynotes() const { return hasArray(TRYNOTES); } bool hasScopeNotes() const { return hasArray(SCOPENOTES); } bool hasYieldAndAwaitOffsets() const { return isStarGenerator() || isLegacyGenerator() || isAsync(); } #define OFF(fooOff, hasFoo, t) (fooOff() + (hasFoo() ? sizeof(t) : 0)) size_t scopesOffset() const { return 0; } size_t constsOffset() const { return scopesOffset() + sizeof(js::ScopeArray); } size_t objectsOffset() const { return OFF(constsOffset, hasConsts, js::ConstArray); } size_t trynotesOffset() const { return OFF(objectsOffset, hasObjects, js::ObjectArray); } size_t scopeNotesOffset() const { return OFF(trynotesOffset, hasTrynotes, js::TryNoteArray); } size_t yieldAndAwaitOffsetsOffset() const { return OFF(scopeNotesOffset, hasScopeNotes, js::ScopeNoteArray); } #undef OFF size_t dataSize() const { return dataSize_; } js::ConstArray* consts() { MOZ_ASSERT(hasConsts()); return reinterpret_cast<js::ConstArray*>(data + constsOffset()); } js::ObjectArray* objects() { MOZ_ASSERT(hasObjects()); return reinterpret_cast<js::ObjectArray*>(data + objectsOffset()); } js::ScopeArray* scopes() const { return reinterpret_cast<js::ScopeArray*>(data + scopesOffset()); } js::TryNoteArray* trynotes() const { MOZ_ASSERT(hasTrynotes()); return reinterpret_cast<js::TryNoteArray*>(data + trynotesOffset()); } js::ScopeNoteArray* scopeNotes() { MOZ_ASSERT(hasScopeNotes()); return reinterpret_cast<js::ScopeNoteArray*>(data + scopeNotesOffset()); } js::YieldAndAwaitOffsetArray& yieldAndAwaitOffsets() { MOZ_ASSERT(hasYieldAndAwaitOffsets()); return *reinterpret_cast<js::YieldAndAwaitOffsetArray*>(data + yieldAndAwaitOffsetsOffset()); } bool hasLoops(); size_t natoms() const { MOZ_ASSERT(scriptData_); return scriptData_->natoms(); } js::GCPtrAtom* atoms() const { MOZ_ASSERT(scriptData_); return scriptData_->atoms(); } js::GCPtrAtom& getAtom(size_t index) const { MOZ_ASSERT(index < natoms()); return atoms()[index]; } js::GCPtrAtom& getAtom(jsbytecode* pc) const { MOZ_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t))); return getAtom(GET_UINT32_INDEX(pc)); } js::PropertyName* getName(size_t index) { return getAtom(index)->asPropertyName(); } js::PropertyName* getName(jsbytecode* pc) const { MOZ_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t))); return getAtom(GET_UINT32_INDEX(pc))->asPropertyName(); } JSObject* getObject(size_t index) { js::ObjectArray* arr = objects(); MOZ_ASSERT(index < arr->length); MOZ_ASSERT(arr->vector[index]->isTenured()); return arr->vector[index]; } JSObject* getObject(jsbytecode* pc) { MOZ_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t))); return getObject(GET_UINT32_INDEX(pc)); } js::Scope* getScope(size_t index) const { js::ScopeArray* array = scopes(); MOZ_ASSERT(index < array->length); return array->vector[index]; } js::Scope* getScope(jsbytecode* pc) const { // This method is used to get a scope directly using a JSOp with an // index. To search through ScopeNotes to look for a Scope using pc, // use lookupScope. MOZ_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t))); MOZ_ASSERT(js::JOF_OPTYPE(JSOp(*pc)) == JOF_SCOPE, "Did you mean to use lookupScope(pc)?"); return getScope(GET_UINT32_INDEX(pc)); } JSVersion getVersion() const { return JSVersion(version); } inline JSFunction* getFunction(size_t index); JSFunction* function() const { if (functionNonDelazifying()) return functionNonDelazifying(); return nullptr; } inline js::RegExpObject* getRegExp(size_t index); inline js::RegExpObject* getRegExp(jsbytecode* pc); const js::Value& getConst(size_t index) { js::ConstArray* arr = consts(); MOZ_ASSERT(index < arr->length); return arr->vector[index]; } // The following 3 functions find the static scope just before the // execution of the instruction pointed to by pc. js::Scope* lookupScope(jsbytecode* pc); js::Scope* innermostScope(jsbytecode* pc); js::Scope* innermostScope() { return innermostScope(main()); } /* * The isEmpty method tells whether this script has code that computes any * result (not return value, result AKA normal completion value) other than * JSVAL_VOID, or any other effects. */ bool isEmpty() const { if (length() > 3) return false; jsbytecode* pc = code(); if (noScriptRval() && JSOp(*pc) == JSOP_FALSE) ++pc; return JSOp(*pc) == JSOP_RETRVAL; } bool formalIsAliased(unsigned argSlot); bool formalLivesInArgumentsObject(unsigned argSlot); private: /* Change this->stepMode to |newValue|. */ void setNewStepMode(js::FreeOp* fop, uint32_t newValue); bool ensureHasDebugScript(JSContext* cx); js::DebugScript* debugScript(); js::DebugScript* releaseDebugScript(); void destroyDebugScript(js::FreeOp* fop); public: bool hasBreakpointsAt(jsbytecode* pc); bool hasAnyBreakpointsOrStepMode() { return hasDebugScript_; } // See comment above 'debugMode' in jscompartment.h for explanation of // invariants of debuggee compartments, scripts, and frames. inline bool isDebuggee() const; js::BreakpointSite* getBreakpointSite(jsbytecode* pc) { return hasDebugScript_ ? debugScript()->breakpoints[pcToOffset(pc)] : nullptr; } js::BreakpointSite* getOrCreateBreakpointSite(JSContext* cx, jsbytecode* pc); void destroyBreakpointSite(js::FreeOp* fop, jsbytecode* pc); void clearBreakpointsIn(js::FreeOp* fop, js::Debugger* dbg, JSObject* handler); /* * Increment or decrement the single-step count. If the count is non-zero * then the script is in single-step mode. * * Only incrementing is fallible, as it could allocate a DebugScript. */ bool incrementStepModeCount(JSContext* cx); void decrementStepModeCount(js::FreeOp* fop); bool stepModeEnabled() { return hasDebugScript_ && !!debugScript()->stepMode; } #ifdef DEBUG uint32_t stepModeCount() { return hasDebugScript_ ? debugScript()->stepMode : 0; } #endif void finalize(js::FreeOp* fop); static const JS::TraceKind TraceKind = JS::TraceKind::Script; void traceChildren(JSTracer* trc); // A helper class to prevent relazification of the given function's script // while it's holding on to it. This class automatically roots the script. class AutoDelazify; friend class AutoDelazify; class AutoDelazify { JS::RootedScript script_; JSContext* cx_; bool oldDoNotRelazify_; public: explicit AutoDelazify(JSContext* cx, JS::HandleFunction fun = nullptr) : script_(cx) , cx_(cx) { holdScript(fun); } ~AutoDelazify() { dropScript(); } void operator=(JS::HandleFunction fun) { dropScript(); holdScript(fun); } operator JS::HandleScript() const { return script_; } explicit operator bool() const { return script_; } private: void holdScript(JS::HandleFunction fun); void dropScript(); }; }; /* If this fails, add/remove padding within JSScript. */ static_assert(sizeof(JSScript) % js::gc::CellSize == 0, "Size of JSScript must be an integral multiple of js::gc::CellSize"); namespace js { // Information about a script which may be (or has been) lazily compiled to // bytecode from its source. class LazyScript : public gc::TenuredCell { private: // If non-nullptr, the script has been compiled and this is a forwarding // pointer to the result. This is a weak pointer: after relazification, we // can collect the script if there are no other pointers to it. WeakRef<JSScript*> script_; // Original function with which the lazy script is associated. GCPtrFunction function_; // Scope in which the script is nested. GCPtrScope enclosingScope_; // ScriptSourceObject. We leave this set to nullptr until we generate // bytecode for our immediate parent. This is never a CCW; we don't clone // LazyScripts into other compartments. GCPtrObject sourceObject_; // Heap allocated table with any free variables or inner functions. void* table_; // Add padding so LazyScript is gc::Cell aligned. Make padding protected // instead of private to suppress -Wunused-private-field compiler warnings. protected: #if JS_BITS_PER_WORD == 32 uint32_t padding; #endif private: static const uint32_t NumClosedOverBindingsBits = 20; static const uint32_t NumInnerFunctionsBits = 20; struct PackedView { // Assorted bits that should really be in ScriptSourceObject. uint32_t version : 8; uint32_t shouldDeclareArguments : 1; uint32_t hasThisBinding : 1; uint32_t isAsync : 1; uint32_t isExprBody : 1; uint32_t numClosedOverBindings : NumClosedOverBindingsBits; // -- 32bit boundary -- uint32_t numInnerFunctions : NumInnerFunctionsBits; uint32_t generatorKindBits : 2; // N.B. These are booleans but need to be uint32_t to pack correctly on MSVC. // If you add another boolean here, make sure to initialze it in // LazyScript::CreateRaw(). uint32_t strict : 1; uint32_t bindingsAccessedDynamically : 1; uint32_t hasDebuggerStatement : 1; uint32_t hasDirectEval : 1; uint32_t isLikelyConstructorWrapper : 1; uint32_t hasBeenCloned : 1; uint32_t treatAsRunOnce : 1; uint32_t isDerivedClassConstructor : 1; uint32_t needsHomeObject : 1; uint32_t hasRest : 1; }; union { PackedView p_; uint64_t packedFields_; }; // Source location for the script. // See the comment in JSScript for the details. uint32_t begin_; uint32_t end_; uint32_t toStringStart_; uint32_t toStringEnd_; // Line and column of |begin_| position, that is the position where we // start parsing. uint32_t lineno_; uint32_t column_; LazyScript(JSFunction* fun, void* table, uint64_t packedFields, uint32_t begin, uint32_t end, uint32_t toStringStart, uint32_t lineno, uint32_t column); // Create a LazyScript without initializing the closedOverBindings and the // innerFunctions. To be GC-safe, the caller must initialize both vectors // with valid atoms and functions. static LazyScript* CreateRaw(ExclusiveContext* cx, HandleFunction fun, uint64_t packedData, uint32_t begin, uint32_t end, uint32_t toStringStart, uint32_t lineno, uint32_t column); public: static const uint32_t NumClosedOverBindingsLimit = 1 << NumClosedOverBindingsBits; static const uint32_t NumInnerFunctionsLimit = 1 << NumInnerFunctionsBits; // Create a LazyScript and initialize closedOverBindings and innerFunctions // with the provided vectors. static LazyScript* Create(ExclusiveContext* cx, HandleFunction fun, const frontend::AtomVector& closedOverBindings, Handle<GCVector<JSFunction*, 8>> innerFunctions, JSVersion version, uint32_t begin, uint32_t end, uint32_t toStringStart, uint32_t lineno, uint32_t column); // Create a LazyScript and initialize the closedOverBindings and the // innerFunctions with dummy values to be replaced in a later initialization // phase. // // The "script" argument to this function can be null. If it's non-null, // then this LazyScript should be associated with the given JSScript. // // The enclosingScript and enclosingScope arguments may be null if the // enclosing function is also lazy. static LazyScript* Create(ExclusiveContext* cx, HandleFunction fun, HandleScript script, HandleScope enclosingScope, HandleScript enclosingScript, uint64_t packedData, uint32_t begin, uint32_t end, uint32_t toStringStart, uint32_t lineno, uint32_t column); void initRuntimeFields(uint64_t packedFields); static inline JSFunction* functionDelazifying(JSContext* cx, Handle<LazyScript*>); JSFunction* functionNonDelazifying() const { return function_; } void initScript(JSScript* script); void resetScript(); JSScript* maybeScript() { return script_; } const JSScript* maybeScriptUnbarriered() const { return script_.unbarrieredGet(); } bool hasScript() const { return bool(script_); } Scope* enclosingScope() const { return enclosingScope_; } ScriptSourceObject* sourceObject() const; ScriptSource* scriptSource() const { return sourceObject()->source(); } ScriptSource* maybeForwardedScriptSource() const; bool mutedErrors() const { return scriptSource()->mutedErrors(); } JSVersion version() const { JS_STATIC_ASSERT(JSVERSION_UNKNOWN == -1); return (p_.version == JS_BIT(8) - 1) ? JSVERSION_UNKNOWN : JSVersion(p_.version); } void setEnclosingScopeAndSource(Scope* enclosingScope, ScriptSourceObject* sourceObject); uint32_t numClosedOverBindings() const { return p_.numClosedOverBindings; } JSAtom** closedOverBindings() { return (JSAtom**)table_; } uint32_t numInnerFunctions() const { return p_.numInnerFunctions; } GCPtrFunction* innerFunctions() { return (GCPtrFunction*)&closedOverBindings()[numClosedOverBindings()]; } GeneratorKind generatorKind() const { return GeneratorKindFromBits(p_.generatorKindBits); } bool isLegacyGenerator() const { return generatorKind() == LegacyGenerator; } bool isStarGenerator() const { return generatorKind() == StarGenerator; } void setGeneratorKind(GeneratorKind kind) { // A script only gets its generator kind set as part of initialization, // so it can only transition from NotGenerator. MOZ_ASSERT(!isStarGenerator() && !isLegacyGenerator()); // Legacy generators cannot currently be lazy. MOZ_ASSERT(kind != LegacyGenerator); p_.generatorKindBits = GeneratorKindAsBits(kind); } FunctionAsyncKind asyncKind() const { return p_.isAsync ? AsyncFunction : SyncFunction; } bool isAsync() const { return p_.isAsync; } void setAsyncKind(FunctionAsyncKind kind) { p_.isAsync = kind == AsyncFunction; } bool hasRest() const { return p_.hasRest; } void setHasRest() { p_.hasRest = true; } bool isExprBody() const { return p_.isExprBody; } void setIsExprBody() { p_.isExprBody = true; } bool strict() const { return p_.strict; } void setStrict() { p_.strict = true; } bool bindingsAccessedDynamically() const { return p_.bindingsAccessedDynamically; } void setBindingsAccessedDynamically() { p_.bindingsAccessedDynamically = true; } bool hasDebuggerStatement() const { return p_.hasDebuggerStatement; } void setHasDebuggerStatement() { p_.hasDebuggerStatement = true; } bool hasDirectEval() const { return p_.hasDirectEval; } void setHasDirectEval() { p_.hasDirectEval = true; } bool isLikelyConstructorWrapper() const { return p_.isLikelyConstructorWrapper; } void setLikelyConstructorWrapper() { p_.isLikelyConstructorWrapper = true; } bool hasBeenCloned() const { return p_.hasBeenCloned; } void setHasBeenCloned() { p_.hasBeenCloned = true; } bool treatAsRunOnce() const { return p_.treatAsRunOnce; } void setTreatAsRunOnce() { p_.treatAsRunOnce = true; } bool isDerivedClassConstructor() const { return p_.isDerivedClassConstructor; } void setIsDerivedClassConstructor() { p_.isDerivedClassConstructor = true; } bool needsHomeObject() const { return p_.needsHomeObject; } void setNeedsHomeObject() { p_.needsHomeObject = true; } bool shouldDeclareArguments() const { return p_.shouldDeclareArguments; } void setShouldDeclareArguments() { p_.shouldDeclareArguments = true; } bool hasThisBinding() const { return p_.hasThisBinding; } void setHasThisBinding() { p_.hasThisBinding = true; } const char* filename() const { return scriptSource()->filename(); } uint32_t begin() const { return begin_; } uint32_t end() const { return end_; } uint32_t toStringStart() const { return toStringStart_; } uint32_t toStringEnd() const { return toStringEnd_; } uint32_t lineno() const { return lineno_; } uint32_t column() const { return column_; } void setToStringEnd(uint32_t toStringEnd) { MOZ_ASSERT(toStringStart_ <= toStringEnd); MOZ_ASSERT(toStringEnd_ >= end_); toStringEnd_ = toStringEnd; } bool hasUncompiledEnclosingScript() const; friend class GCMarker; void traceChildren(JSTracer* trc); void finalize(js::FreeOp* fop); static const JS::TraceKind TraceKind = JS::TraceKind::LazyScript; size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) { return mallocSizeOf(table_); } uint64_t packedFields() const { return packedFields_; } }; /* If this fails, add/remove padding within LazyScript. */ static_assert(sizeof(LazyScript) % js::gc::CellSize == 0, "Size of LazyScript must be an integral multiple of js::gc::CellSize"); struct ScriptAndCounts { /* This structure is stored and marked from the JSRuntime. */ JSScript* script; ScriptCounts scriptCounts; inline explicit ScriptAndCounts(JSScript* script); inline ScriptAndCounts(ScriptAndCounts&& sac); const PCCounts* maybeGetPCCounts(jsbytecode* pc) const { return scriptCounts.maybeGetPCCounts(script->pcToOffset(pc)); } const PCCounts* maybeGetThrowCounts(jsbytecode* pc) const { return scriptCounts.maybeGetThrowCounts(script->pcToOffset(pc)); } jit::IonScriptCounts* getIonCounts() const { return scriptCounts.ionCounts_; } void trace(JSTracer* trc) { TraceRoot(trc, &script, "ScriptAndCounts::script"); } }; struct GSNCache; jssrcnote* GetSrcNote(GSNCache& cache, JSScript* script, jsbytecode* pc); extern jssrcnote* GetSrcNote(JSContext* cx, JSScript* script, jsbytecode* pc); extern jsbytecode* LineNumberToPC(JSScript* script, unsigned lineno); extern JS_FRIEND_API(unsigned) GetScriptLineExtent(JSScript* script); } /* namespace js */ namespace js { extern unsigned PCToLineNumber(JSScript* script, jsbytecode* pc, unsigned* columnp = nullptr); extern unsigned PCToLineNumber(unsigned startLine, jssrcnote* notes, jsbytecode* code, jsbytecode* pc, unsigned* columnp = nullptr); /* * This function returns the file and line number of the script currently * executing on cx. If there is no current script executing on cx (e.g., a * native called directly through JSAPI (e.g., by setTimeout)), nullptr and 0 * are returned as the file and line. Additionally, this function avoids the * full linear scan to compute line number when the caller guarantees that the * script compilation occurs at a JSOP_EVAL/JSOP_SPREADEVAL. */ enum LineOption { CALLED_FROM_JSOP_EVAL, NOT_CALLED_FROM_JSOP_EVAL }; extern void DescribeScriptedCallerForCompilation(JSContext* cx, MutableHandleScript maybeScript, const char** file, unsigned* linenop, uint32_t* pcOffset, bool* mutedErrors, LineOption opt = NOT_CALLED_FROM_JSOP_EVAL); JSScript* CloneScriptIntoFunction(JSContext* cx, HandleScope enclosingScope, HandleFunction fun, HandleScript src); JSScript* CloneGlobalScript(JSContext* cx, ScopeKind scopeKind, HandleScript src); } /* namespace js */ // JS::ubi::Nodes can point to js::LazyScripts; they're js::gc::Cell instances // with no associated compartment. namespace JS { namespace ubi { template<> class Concrete<js::LazyScript> : TracerConcrete<js::LazyScript> { protected: explicit Concrete(js::LazyScript *ptr) : TracerConcrete<js::LazyScript>(ptr) { } public: static void construct(void *storage, js::LazyScript *ptr) { new (storage) Concrete(ptr); } CoarseType coarseType() const final { return CoarseType::Script; } Size size(mozilla::MallocSizeOf mallocSizeOf) const override; const char* scriptFilename() const final; const char16_t* typeName() const override { return concreteTypeName; } static const char16_t concreteTypeName[]; }; } // namespace ubi } // namespace JS #endif /* jsscript_h */