/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- * vim: set ts=8 sw=4 et tw=99: * * ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is Mozilla Communicator client code, released * March 31, 1998. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1998 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either of the GNU General Public License Version 2 or later (the "GPL"), * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* * JS function support. */ #include #include "jstypes.h" #include "jsstdint.h" #include "jsbit.h" #include "jsutil.h" /* Added by JSIFY */ #include "jsapi.h" #include "jsarray.h" #include "jsatom.h" #include "jsbuiltins.h" #include "jscntxt.h" #include "jsversion.h" #include "jsdbgapi.h" #include "jsemit.h" #include "jsfun.h" #include "jsgc.h" #include "jsinterp.h" #include "jslock.h" #include "jsnum.h" #include "jsobj.h" #include "jsopcode.h" #include "jsparse.h" #include "jsscan.h" #include "jsscope.h" #include "jsscript.h" #include "jsstr.h" #include "jsexn.h" #include "jsstaticcheck.h" #if JS_HAS_GENERATORS # include "jsiter.h" #endif #if JS_HAS_XDR # include "jsxdrapi.h" #endif /* Generic function/call/arguments tinyids -- also reflected bit numbers. */ enum { CALL_ARGUMENTS = -1, /* predefined arguments local variable */ ARGS_LENGTH = -2, /* number of actual args, arity if inactive */ ARGS_CALLEE = -3, /* reference from arguments to active funobj */ FUN_ARITY = -4, /* number of formal parameters; desired argc */ FUN_NAME = -5, /* function name, "" if anonymous */ FUN_CALLER = -6 /* Function.prototype.caller, backward compat */ }; #if JSFRAME_OVERRIDE_BITS < 8 # error "not enough override bits in JSStackFrame.flags!" #endif #define TEST_OVERRIDE_BIT(fp, tinyid) \ ((fp)->flags & JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1))) #define SET_OVERRIDE_BIT(fp, tinyid) \ ((fp)->flags |= JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1))) JSBool js_GetArgsValue(JSContext *cx, JSStackFrame *fp, jsval *vp) { JSObject *argsobj; if (TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) { JS_ASSERT(fp->callobj); return OBJ_GET_PROPERTY(cx, fp->callobj, ATOM_TO_JSID(cx->runtime->atomState .argumentsAtom), vp); } argsobj = js_GetArgsObject(cx, fp); if (!argsobj) return JS_FALSE; *vp = OBJECT_TO_JSVAL(argsobj); return JS_TRUE; } static JSBool MarkArgDeleted(JSContext *cx, JSStackFrame *fp, uintN slot) { JSObject *argsobj; jsval bmapval, bmapint; size_t nbits, nbytes; jsbitmap *bitmap; argsobj = fp->argsobj; (void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval); nbits = fp->argc; JS_ASSERT(slot < nbits); if (JSVAL_IS_VOID(bmapval)) { if (nbits <= JSVAL_INT_BITS) { bmapint = 0; bitmap = (jsbitmap *) &bmapint; } else { nbytes = JS_HOWMANY(nbits, JS_BITS_PER_WORD) * sizeof(jsbitmap); bitmap = (jsbitmap *) JS_malloc(cx, nbytes); if (!bitmap) return JS_FALSE; memset(bitmap, 0, nbytes); bmapval = PRIVATE_TO_JSVAL(bitmap); JS_SetReservedSlot(cx, argsobj, 0, bmapval); } } else { if (nbits <= JSVAL_INT_BITS) { bmapint = JSVAL_TO_INT(bmapval); bitmap = (jsbitmap *) &bmapint; } else { bitmap = (jsbitmap *) JSVAL_TO_PRIVATE(bmapval); } } JS_SET_BIT(bitmap, slot); if (bitmap == (jsbitmap *) &bmapint) { bmapval = INT_TO_JSVAL(bmapint); JS_SetReservedSlot(cx, argsobj, 0, bmapval); } return JS_TRUE; } /* NB: Infallible predicate, false does not mean error/exception. */ static JSBool ArgWasDeleted(JSContext *cx, JSStackFrame *fp, uintN slot) { JSObject *argsobj; jsval bmapval, bmapint; jsbitmap *bitmap; argsobj = fp->argsobj; (void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval); if (JSVAL_IS_VOID(bmapval)) return JS_FALSE; if (fp->argc <= JSVAL_INT_BITS) { bmapint = JSVAL_TO_INT(bmapval); bitmap = (jsbitmap *) &bmapint; } else { bitmap = (jsbitmap *) JSVAL_TO_PRIVATE(bmapval); } return JS_TEST_BIT(bitmap, slot) != 0; } JSBool js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp) { jsval val; JSObject *obj; uintN slot; if (TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) { JS_ASSERT(fp->callobj); if (!OBJ_GET_PROPERTY(cx, fp->callobj, ATOM_TO_JSID(cx->runtime->atomState .argumentsAtom), &val)) { return JS_FALSE; } if (JSVAL_IS_PRIMITIVE(val)) { obj = js_ValueToNonNullObject(cx, val); if (!obj) return JS_FALSE; } else { obj = JSVAL_TO_OBJECT(val); } return OBJ_GET_PROPERTY(cx, obj, id, vp); } *vp = JSVAL_VOID; if (JSID_IS_INT(id)) { slot = (uintN) JSID_TO_INT(id); if (slot < fp->argc) { if (fp->argsobj && ArgWasDeleted(cx, fp, slot)) return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp); *vp = fp->argv[slot]; } else { /* * Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share * storage between the formal parameter and arguments[k] for all * fp->argc <= k && k < fp->fun->nargs. For example, in * * function f(x) { x = 42; return arguments[0]; } * f(); * * the call to f should return undefined, not 42. If fp->argsobj * is null at this point, as it would be in the example, return * undefined in *vp. */ if (fp->argsobj) return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp); } } else { if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) { if (fp->argsobj && TEST_OVERRIDE_BIT(fp, ARGS_LENGTH)) return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp); *vp = INT_TO_JSVAL((jsint) fp->argc); } } return JS_TRUE; } JSObject * js_GetArgsObject(JSContext *cx, JSStackFrame *fp) { JSObject *argsobj, *global, *parent; /* * We must be in a function activation; the function must be lightweight * or else fp must have a variable object. */ JS_ASSERT(fp->fun && (!(fp->fun->flags & JSFUN_HEAVYWEIGHT) || fp->varobj)); /* Skip eval and debugger frames. */ while (fp->flags & JSFRAME_SPECIAL) fp = fp->down; /* Create an arguments object for fp only if it lacks one. */ argsobj = fp->argsobj; if (argsobj) return argsobj; /* Link the new object to fp so it can get actual argument values. */ argsobj = js_NewObject(cx, &js_ArgumentsClass, NULL, NULL, 0); if (!argsobj || !JS_SetPrivate(cx, argsobj, fp)) { cx->weakRoots.newborn[GCX_OBJECT] = NULL; return NULL; } /* * Give arguments an intrinsic scope chain link to fp's global object. * Since the arguments object lacks a prototype because js_ArgumentsClass * is not initialized, js_NewObject won't assign a default parent to it. * * Therefore if arguments is used as the head of an eval scope chain (via * a direct or indirect call to eval(program, arguments)), any reference * to a standard class object in the program will fail to resolve due to * js_GetClassPrototype not being able to find a global object containing * the standard prototype by starting from arguments and following parent. */ global = fp->scopeChain; while ((parent = OBJ_GET_PARENT(cx, global)) != NULL) global = parent; STOBJ_SET_PARENT(argsobj, global); fp->argsobj = argsobj; return argsobj; } static JSBool args_enumerate(JSContext *cx, JSObject *obj); JS_FRIEND_API(JSBool) js_PutArgsObject(JSContext *cx, JSStackFrame *fp) { JSObject *argsobj; jsval bmapval, rval; JSBool ok; JSRuntime *rt; /* * Reuse args_enumerate here to reflect fp's actual arguments as indexed * elements of argsobj. Do this first, before clearing and freeing the * deleted argument slot bitmap, because args_enumerate depends on that. */ argsobj = fp->argsobj; ok = args_enumerate(cx, argsobj); /* * Now clear the deleted argument number bitmap slot and free the bitmap, * if one was actually created due to 'delete arguments[0]' or similar. */ (void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval); if (!JSVAL_IS_VOID(bmapval)) { JS_SetReservedSlot(cx, argsobj, 0, JSVAL_VOID); if (fp->argc > JSVAL_INT_BITS) JS_free(cx, JSVAL_TO_PRIVATE(bmapval)); } /* * Now get the prototype properties so we snapshot fp->fun and fp->argc * before fp goes away. */ rt = cx->runtime; ok &= js_GetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.calleeAtom), &rval); ok &= js_SetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.calleeAtom), &rval); ok &= js_GetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.lengthAtom), &rval); ok &= js_SetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.lengthAtom), &rval); /* * Clear the private pointer to fp, which is about to go away (js_Invoke). * Do this last because the args_enumerate and js_GetProperty calls above * need to follow the private slot to find fp. */ ok &= JS_SetPrivate(cx, argsobj, NULL); fp->argsobj = NULL; return ok; } static JSBool args_delProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp) { jsint slot; JSStackFrame *fp; if (!JSVAL_IS_INT(id)) return JS_TRUE; fp = (JSStackFrame *) JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL); if (!fp) return JS_TRUE; JS_ASSERT(fp->argsobj); slot = JSVAL_TO_INT(id); switch (slot) { case ARGS_CALLEE: case ARGS_LENGTH: SET_OVERRIDE_BIT(fp, slot); break; default: if ((uintN)slot < fp->argc && !MarkArgDeleted(cx, fp, slot)) return JS_FALSE; break; } return JS_TRUE; } static JS_REQUIRES_STACK JSObject * WrapEscapingClosure(JSContext *cx, JSStackFrame *fp, JSObject *funobj, JSFunction *fun) { JS_ASSERT(GET_FUNCTION_PRIVATE(cx, funobj) == fun); JS_ASSERT(fun->optimizedClosure()); JS_ASSERT(!fun->u.i.wrapper); /* * We do not attempt to reify Call and Block objects on demand for outer * scopes. This could be done (see the "v8" patch in bug 494235) but it is * fragile in the face of ongoing compile-time optimization. Instead, the * _DBG* opcodes used by wrappers created here must cope with unresolved * upvars and throw them as reference errors. Caveat debuggers! */ JSObject *scopeChain = js_GetScopeChain(cx, fp); if (!scopeChain) return NULL; JSObject *wfunobj = js_NewObjectWithGivenProto(cx, &js_FunctionClass, funobj, scopeChain, 0); if (!wfunobj) return NULL; JSAutoTempValueRooter tvr(cx, wfunobj); JSFunction *wfun = (JSFunction *) wfunobj; wfunobj->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(wfun); wfun->nargs = 0; wfun->flags = fun->flags | JSFUN_HEAVYWEIGHT; wfun->u.i.nvars = 0; wfun->u.i.nupvars = 0; wfun->u.i.skipmin = fun->u.i.skipmin; wfun->u.i.wrapper = true; wfun->u.i.script = NULL; wfun->u.i.names.taggedAtom = NULL; wfun->atom = fun->atom; if (fun->hasLocalNames()) { void *mark = JS_ARENA_MARK(&cx->tempPool); jsuword *names = js_GetLocalNameArray(cx, fun, &cx->tempPool); if (!names) return NULL; JSBool ok = true; for (uintN i = 0, n = fun->countLocalNames(); i != n; i++) { jsuword name = names[i]; JSAtom *atom = JS_LOCAL_NAME_TO_ATOM(name); JSLocalKind localKind = (i < fun->nargs) ? JSLOCAL_ARG : (i < fun->countArgsAndVars()) ? (JS_LOCAL_NAME_IS_CONST(name) ? JSLOCAL_CONST : JSLOCAL_VAR) : JSLOCAL_UPVAR; ok = js_AddLocal(cx, wfun, atom, localKind); if (!ok) break; } JS_ARENA_RELEASE(&cx->tempPool, mark); if (!ok) return NULL; JS_ASSERT(wfun->nargs == fun->nargs); JS_ASSERT(wfun->u.i.nvars == fun->u.i.nvars); JS_ASSERT(wfun->u.i.nupvars == fun->u.i.nupvars); js_FreezeLocalNames(cx, wfun); } JSScript *script = fun->u.i.script; jssrcnote *snbase = SCRIPT_NOTES(script); jssrcnote *sn = snbase; while (!SN_IS_TERMINATOR(sn)) sn = SN_NEXT(sn); uintN nsrcnotes = (sn - snbase) + 1; /* NB: GC must not occur before wscript is homed in wfun->u.i.script. */ JSScript *wscript = js_NewScript(cx, script->length, nsrcnotes, script->atomMap.length, (script->objectsOffset != 0) ? JS_SCRIPT_OBJECTS(script)->length : 0, fun->u.i.nupvars, (script->regexpsOffset != 0) ? JS_SCRIPT_REGEXPS(script)->length : 0, (script->trynotesOffset != 0) ? JS_SCRIPT_TRYNOTES(script)->length : 0); if (!wscript) return NULL; memcpy(wscript->code, script->code, script->length); wscript->main = wscript->code + (script->main - script->code); memcpy(SCRIPT_NOTES(wscript), snbase, nsrcnotes); memcpy(wscript->atomMap.vector, script->atomMap.vector, wscript->atomMap.length * sizeof(JSAtom *)); if (script->objectsOffset != 0) { memcpy(JS_SCRIPT_OBJECTS(wscript)->vector, JS_SCRIPT_OBJECTS(script)->vector, JS_SCRIPT_OBJECTS(wscript)->length * sizeof(JSObject *)); } if (script->regexpsOffset != 0) { memcpy(JS_SCRIPT_REGEXPS(wscript)->vector, JS_SCRIPT_REGEXPS(script)->vector, JS_SCRIPT_REGEXPS(wscript)->length * sizeof(JSObject *)); } if (script->trynotesOffset != 0) { memcpy(JS_SCRIPT_TRYNOTES(wscript)->vector, JS_SCRIPT_TRYNOTES(script)->vector, JS_SCRIPT_TRYNOTES(wscript)->length * sizeof(JSTryNote)); } if (wfun->u.i.nupvars != 0) { JS_ASSERT(wfun->u.i.nupvars == JS_SCRIPT_UPVARS(wscript)->length); memcpy(JS_SCRIPT_UPVARS(wscript)->vector, JS_SCRIPT_UPVARS(script)->vector, wfun->u.i.nupvars * sizeof(uint32)); } jsbytecode *pc = wscript->code; while (*pc != JSOP_STOP) { /* XYZZYbe should copy JSOP_TRAP? */ JSOp op = js_GetOpcode(cx, wscript, pc); const JSCodeSpec *cs = &js_CodeSpec[op]; ptrdiff_t oplen = cs->length; if (oplen < 0) oplen = js_GetVariableBytecodeLength(pc); /* * Rewrite JSOP_{GET,CALL}DSLOT as JSOP_{GET,CALL}UPVAR_DBG for the * case where fun is an escaping flat closure. This works because the * UPVAR and DSLOT ops by design have the same format: an upvar index * immediate operand. */ switch (op) { case JSOP_GETUPVAR: *pc = JSOP_GETUPVAR_DBG; break; case JSOP_CALLUPVAR: *pc = JSOP_CALLUPVAR_DBG; break; case JSOP_GETDSLOT: *pc = JSOP_GETUPVAR_DBG; break; case JSOP_CALLDSLOT: *pc = JSOP_CALLUPVAR_DBG; break; case JSOP_DEFFUN_FC: *pc = JSOP_DEFFUN_DBGFC; break; case JSOP_DEFLOCALFUN_FC: *pc = JSOP_DEFLOCALFUN_DBGFC; break; case JSOP_LAMBDA_FC: *pc = JSOP_LAMBDA_DBGFC; break; default:; } pc += oplen; } /* * Fill in the rest of wscript. This means if you add members to JSScript * you must update this code. FIXME: factor into JSScript::clone method. */ wscript->flags = script->flags; wscript->version = script->version; wscript->nfixed = script->nfixed; wscript->filename = script->filename; wscript->lineno = script->lineno; wscript->nslots = script->nslots; wscript->staticLevel = script->staticLevel; wscript->principals = script->principals; if (wscript->principals) JSPRINCIPALS_HOLD(cx, wscript->principals); #ifdef CHECK_SCRIPT_OWNER wscript->owner = script->owner; #endif /* Deoptimize wfun from FUN_{FLAT,NULL}_CLOSURE to FUN_INTERPRETED. */ FUN_SET_KIND(wfun, JSFUN_INTERPRETED); wfun->u.i.script = wscript; return wfunobj; } static JSBool args_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp) { jsint slot; JSStackFrame *fp; if (!JSVAL_IS_INT(id)) return JS_TRUE; fp = (JSStackFrame *) JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL); if (!fp) return JS_TRUE; JS_ASSERT(fp->argsobj); slot = JSVAL_TO_INT(id); switch (slot) { case ARGS_CALLEE: if (!TEST_OVERRIDE_BIT(fp, slot)) { /* * If this function or one in it needs upvars that reach above it * in the scope chain, it must not be a null closure (it could be a * flat closure, or an unoptimized closure -- the latter itself not * necessarily heavyweight). Rather than wrap here, we simply throw * to reduce code size and tell debugger users the truth instead of * passing off a fibbing wrapper. */ if (fp->fun->needsWrapper()) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_OPTIMIZED_CLOSURE_LEAK); return JS_FALSE; } *vp = OBJECT_TO_JSVAL(fp->callee); } break; case ARGS_LENGTH: if (!TEST_OVERRIDE_BIT(fp, slot)) *vp = INT_TO_JSVAL((jsint)fp->argc); break; default: if ((uintN)slot < fp->argc && !ArgWasDeleted(cx, fp, slot)) *vp = fp->argv[slot]; break; } return JS_TRUE; } static JSBool args_setProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp) { JSStackFrame *fp; jsint slot; if (!JSVAL_IS_INT(id)) return JS_TRUE; fp = (JSStackFrame *) JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL); if (!fp) return JS_TRUE; JS_ASSERT(fp->argsobj); slot = JSVAL_TO_INT(id); switch (slot) { case ARGS_CALLEE: case ARGS_LENGTH: SET_OVERRIDE_BIT(fp, slot); break; default: if (FUN_INTERPRETED(fp->fun) && (uintN)slot < fp->argc && !ArgWasDeleted(cx, fp, slot)) { fp->argv[slot] = *vp; } break; } return JS_TRUE; } static JSBool args_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags, JSObject **objp) { JSStackFrame *fp; uintN slot; JSString *str; JSAtom *atom; intN tinyid; jsval value; *objp = NULL; fp = (JSStackFrame *) JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL); if (!fp) return JS_TRUE; JS_ASSERT(fp->argsobj); if (JSVAL_IS_INT(id)) { slot = JSVAL_TO_INT(id); if (slot < fp->argc && !ArgWasDeleted(cx, fp, slot)) { /* XXX ECMA specs DontEnum, contrary to other array-like objects */ if (!js_DefineProperty(cx, obj, INT_JSVAL_TO_JSID(id), fp->argv[slot], args_getProperty, args_setProperty, 0, NULL)) { return JS_FALSE; } *objp = obj; } } else if (JSVAL_IS_STRING(id)) { str = JSVAL_TO_STRING(id); atom = cx->runtime->atomState.lengthAtom; if (str == ATOM_TO_STRING(atom)) { tinyid = ARGS_LENGTH; value = INT_TO_JSVAL(fp->argc); } else { atom = cx->runtime->atomState.calleeAtom; if (str == ATOM_TO_STRING(atom)) { tinyid = ARGS_CALLEE; value = OBJECT_TO_JSVAL(fp->callee); } else { atom = NULL; /* Quell GCC overwarnings. */ tinyid = 0; value = JSVAL_NULL; } } if (atom && !TEST_OVERRIDE_BIT(fp, tinyid)) { if (!js_DefineNativeProperty(cx, obj, ATOM_TO_JSID(atom), value, args_getProperty, args_setProperty, 0, SPROP_HAS_SHORTID, tinyid, NULL)) { return JS_FALSE; } *objp = obj; } } return JS_TRUE; } static JSBool args_enumerate(JSContext *cx, JSObject *obj) { JSStackFrame *fp; JSObject *pobj; JSProperty *prop; uintN slot, argc; fp = (JSStackFrame *) JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL); if (!fp) return JS_TRUE; JS_ASSERT(fp->argsobj); /* * Trigger reflection with value snapshot in args_resolve using a series * of js_LookupProperty calls. We handle length, callee, and the indexed * argument properties. We know that args_resolve covers all these cases * and creates direct properties of obj, but that it may fail to resolve * length or callee if overridden. */ if (!js_LookupProperty(cx, obj, ATOM_TO_JSID(cx->runtime->atomState.lengthAtom), &pobj, &prop)) { return JS_FALSE; } if (prop) OBJ_DROP_PROPERTY(cx, pobj, prop); if (!js_LookupProperty(cx, obj, ATOM_TO_JSID(cx->runtime->atomState.calleeAtom), &pobj, &prop)) { return JS_FALSE; } if (prop) OBJ_DROP_PROPERTY(cx, pobj, prop); argc = fp->argc; for (slot = 0; slot < argc; slot++) { if (!js_LookupProperty(cx, obj, INT_TO_JSID((jsint)slot), &pobj, &prop)) return JS_FALSE; if (prop) OBJ_DROP_PROPERTY(cx, pobj, prop); } return JS_TRUE; } #if JS_HAS_GENERATORS /* * If a generator-iterator's arguments or call object escapes, it needs to * mark its generator object. */ static void args_or_call_trace(JSTracer *trc, JSObject *obj) { JSStackFrame *fp; fp = (JSStackFrame *) JS_GetPrivate(trc->context, obj); if (fp && (fp->flags & JSFRAME_GENERATOR)) { JS_CALL_OBJECT_TRACER(trc, FRAME_TO_GENERATOR(fp)->obj, "FRAME_TO_GENERATOR(fp)->obj"); } } #else # define args_or_call_trace NULL #endif /* * The Arguments class is not initialized via JS_InitClass, and must not be, * because its name is "Object". Per ECMA, that causes instances of it to * delegate to the object named by Object.prototype. It also ensures that * arguments.toString() returns "[object Object]". * * The JSClass functions below collaborate to lazily reflect and synchronize * actual argument values, argument count, and callee function object stored * in a JSStackFrame with their corresponding property values in the frame's * arguments object. */ JSClass js_ArgumentsClass = { js_Object_str, JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(1) | JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object), JS_PropertyStub, args_delProperty, args_getProperty, args_setProperty, args_enumerate, (JSResolveOp) args_resolve, JS_ConvertStub, JS_FinalizeStub, NULL, NULL, NULL, NULL, NULL, NULL, JS_CLASS_TRACE(args_or_call_trace), NULL }; #define JSSLOT_CALLEE (JSSLOT_PRIVATE + 1) #define JSSLOT_CALL_ARGUMENTS (JSSLOT_PRIVATE + 2) #define CALL_CLASS_FIXED_RESERVED_SLOTS 2 /* * A Declarative Environment object stores its active JSStackFrame pointer in * its private slot, just as Call and Arguments objects do. */ JSClass js_DeclEnvClass = { js_Object_str, JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object), JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, JS_FinalizeStub, JSCLASS_NO_OPTIONAL_MEMBERS }; static JS_REQUIRES_STACK JSBool CheckForEscapingClosure(JSContext *cx, JSObject *obj, jsval *vp) { JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass || STOBJ_GET_CLASS(obj) == &js_DeclEnvClass); jsval v = *vp; if (VALUE_IS_FUNCTION(cx, v)) { JSObject *funobj = JSVAL_TO_OBJECT(v); JSFunction *fun = GET_FUNCTION_PRIVATE(cx, funobj); /* * Any escaping null or flat closure that reaches above itself or * contains nested functions that reach above it must be wrapped. * We can wrap only when this Call or Declarative Environment obj * still has an active stack frame associated with it. */ if (fun->needsWrapper()) { JSStackFrame *fp = (JSStackFrame *) JS_GetPrivate(cx, obj); if (fp) { JSObject *wrapper = WrapEscapingClosure(cx, fp, funobj, fun); if (!wrapper) return false; *vp = OBJECT_TO_JSVAL(wrapper); return true; } JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_OPTIMIZED_CLOSURE_LEAK); return false; } } return true; } static JS_REQUIRES_STACK JSBool CalleeGetter(JSContext *cx, JSObject *obj, jsval id, jsval *vp) { return CheckForEscapingClosure(cx, obj, vp); } JSObject * js_GetCallObject(JSContext *cx, JSStackFrame *fp) { JSObject *callobj; /* Create a call object for fp only if it lacks one. */ JS_ASSERT(fp->fun); callobj = fp->callobj; if (callobj) return callobj; #ifdef DEBUG /* A call object should be a frame's outermost scope chain element. */ JSClass *classp = OBJ_GET_CLASS(cx, fp->scopeChain); if (classp == &js_WithClass || classp == &js_BlockClass || classp == &js_CallClass) JS_ASSERT(OBJ_GET_PRIVATE(cx, fp->scopeChain) != fp); #endif /* * Create the call object, using the frame's enclosing scope as its * parent, and link the call to its stack frame. For a named function * expression Call's parent points to an environment object holding * function's name. */ JSAtom *lambdaName = (fp->fun->flags & JSFUN_LAMBDA) ? fp->fun->atom : NULL; if (lambdaName) { JSObject *env = js_NewObjectWithGivenProto(cx, &js_DeclEnvClass, NULL, fp->scopeChain, 0); if (!env) return NULL; env->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(fp); /* Root env before js_DefineNativeProperty (-> JSClass.addProperty). */ fp->scopeChain = env; if (!js_DefineNativeProperty(cx, fp->scopeChain, ATOM_TO_JSID(lambdaName), OBJECT_TO_JSVAL(fp->callee), CalleeGetter, NULL, JSPROP_PERMANENT | JSPROP_READONLY, 0, 0, NULL)) { return NULL; } } callobj = js_NewObjectWithGivenProto(cx, &js_CallClass, NULL, fp->scopeChain, 0); if (!callobj) return NULL; JS_SetPrivate(cx, callobj, fp); JS_ASSERT(fp->fun == GET_FUNCTION_PRIVATE(cx, fp->callee)); STOBJ_SET_SLOT(callobj, JSSLOT_CALLEE, OBJECT_TO_JSVAL(fp->callee)); fp->callobj = callobj; /* * Push callobj on the top of the scope chain, and make it the * variables object. */ fp->scopeChain = callobj; fp->varobj = callobj; return callobj; } static JSFunction * GetCallObjectFunction(JSObject *obj) { jsval v; JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass); v = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE); if (JSVAL_IS_VOID(v)) { /* Newborn or prototype object. */ return NULL; } JS_ASSERT(!JSVAL_IS_PRIMITIVE(v)); return GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v)); } JS_FRIEND_API(JSBool) js_PutCallObject(JSContext *cx, JSStackFrame *fp) { JSObject *callobj; JSBool ok; JSFunction *fun; uintN n; JSScope *scope; /* * Since for a call object all fixed slots happen to be taken, we can copy * arguments and variables straight into JSObject.dslots. */ JS_STATIC_ASSERT(JS_INITIAL_NSLOTS - JSSLOT_PRIVATE == 1 + CALL_CLASS_FIXED_RESERVED_SLOTS); callobj = fp->callobj; if (!callobj) return JS_TRUE; /* * Get the arguments object to snapshot fp's actual argument values. */ ok = JS_TRUE; if (fp->argsobj) { if (!TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) { STOBJ_SET_SLOT(callobj, JSSLOT_CALL_ARGUMENTS, OBJECT_TO_JSVAL(fp->argsobj)); } ok &= js_PutArgsObject(cx, fp); } fun = fp->fun; JS_ASSERT(fun == GetCallObjectFunction(callobj)); n = fun->countArgsAndVars(); if (n != 0) { JS_LOCK_OBJ(cx, callobj); n += JS_INITIAL_NSLOTS; if (n > STOBJ_NSLOTS(callobj)) ok &= js_ReallocSlots(cx, callobj, n, JS_TRUE); scope = OBJ_SCOPE(callobj); if (ok) { memcpy(callobj->dslots, fp->argv, fun->nargs * sizeof(jsval)); memcpy(callobj->dslots + fun->nargs, fp->slots, fun->u.i.nvars * sizeof(jsval)); if (scope->object == callobj && n > scope->freeslot) scope->freeslot = n; } JS_UNLOCK_SCOPE(cx, scope); } /* * Clear private pointers to fp, which is about to go away (js_Invoke). * Do this last because js_GetProperty calls above need to follow the * call object's private slot to find fp. */ if ((fun->flags & JSFUN_LAMBDA) && fun->atom) { JSObject *env = STOBJ_GET_PARENT(callobj); JS_ASSERT(STOBJ_GET_CLASS(env) == &js_DeclEnvClass); JS_ASSERT(STOBJ_GET_PRIVATE(env) == fp); JS_SetPrivate(cx, env, NULL); } JS_SetPrivate(cx, callobj, NULL); fp->callobj = NULL; return ok; } static JSBool call_enumerate(JSContext *cx, JSObject *obj) { JSFunction *fun; uintN n, i; void *mark; jsuword *names; JSBool ok; JSAtom *name; JSObject *pobj; JSProperty *prop; fun = GetCallObjectFunction(obj); n = fun ? fun->countArgsAndVars() : 0; if (n == 0) return JS_TRUE; mark = JS_ARENA_MARK(&cx->tempPool); MUST_FLOW_THROUGH("out"); names = js_GetLocalNameArray(cx, fun, &cx->tempPool); if (!names) { ok = JS_FALSE; goto out; } for (i = 0; i != n; ++i) { name = JS_LOCAL_NAME_TO_ATOM(names[i]); if (!name) continue; /* * Trigger reflection by looking up the name of the argument or * variable. */ ok = js_LookupProperty(cx, obj, ATOM_TO_JSID(name), &pobj, &prop); if (!ok) goto out; /* * The call object will always have a property corresponding to the * argument or variable name because call_resolve creates the property * using JSPROP_PERMANENT. */ JS_ASSERT(prop); JS_ASSERT(pobj == obj); OBJ_DROP_PROPERTY(cx, pobj, prop); } ok = JS_TRUE; out: JS_ARENA_RELEASE(&cx->tempPool, mark); return ok; } typedef enum JSCallPropertyKind { JSCPK_ARGUMENTS, JSCPK_ARG, JSCPK_VAR } JSCallPropertyKind; static JSBool CallPropertyOp(JSContext *cx, JSObject *obj, jsid id, jsval *vp, JSCallPropertyKind kind, JSBool setter) { JSFunction *fun; JSStackFrame *fp; uintN i; jsval *array; if (STOBJ_GET_CLASS(obj) != &js_CallClass) return JS_TRUE; fun = GetCallObjectFunction(obj); fp = (JSStackFrame *) JS_GetPrivate(cx, obj); if (kind == JSCPK_ARGUMENTS) { if (setter) { if (fp) SET_OVERRIDE_BIT(fp, CALL_ARGUMENTS); STOBJ_SET_SLOT(obj, JSSLOT_CALL_ARGUMENTS, *vp); } else { if (fp && !TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) { JSObject *argsobj; argsobj = js_GetArgsObject(cx, fp); if (!argsobj) return JS_FALSE; *vp = OBJECT_TO_JSVAL(argsobj); } else { *vp = STOBJ_GET_SLOT(obj, JSSLOT_CALL_ARGUMENTS); } } return JS_TRUE; } JS_ASSERT((int16) JSVAL_TO_INT(id) == JSVAL_TO_INT(id)); i = (uint16) JSVAL_TO_INT(id); JS_ASSERT_IF(kind == JSCPK_ARG, i < fun->nargs); JS_ASSERT_IF(kind == JSCPK_VAR, i < fun->u.i.nvars); if (!fp) { i += CALL_CLASS_FIXED_RESERVED_SLOTS; if (kind == JSCPK_VAR) i += fun->nargs; else JS_ASSERT(kind == JSCPK_ARG); return setter ? JS_SetReservedSlot(cx, obj, i, *vp) : JS_GetReservedSlot(cx, obj, i, vp); } if (kind == JSCPK_ARG) { array = fp->argv; } else { JS_ASSERT(kind == JSCPK_VAR); array = fp->slots; } if (setter) { GC_POKE(cx, array[i]); array[i] = *vp; } else { *vp = array[i]; } return JS_TRUE; } static JSBool GetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_FALSE); } static JSBool SetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_TRUE); } JSBool js_GetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_FALSE); } static JSBool SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_TRUE); } JSBool js_GetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE); } JSBool js_GetCallVarChecked(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { if (!CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE)) return JS_FALSE; return CheckForEscapingClosure(cx, obj, vp); } static JSBool SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_TRUE); } static JSBool call_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags, JSObject **objp) { jsval callee; JSFunction *fun; jsid id; JSLocalKind localKind; JSPropertyOp getter, setter; uintN slot, attrs; JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass); JS_ASSERT(!STOBJ_GET_PROTO(obj)); if (!JSVAL_IS_STRING(idval)) return JS_TRUE; callee = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE); if (JSVAL_IS_VOID(callee)) return JS_TRUE; fun = GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(callee)); if (!js_ValueToStringId(cx, idval, &id)) return JS_FALSE; /* * Check whether the id refers to a formal parameter, local variable or * the arguments special name. * * We define all such names using JSDNP_DONT_PURGE to avoid an expensive * shape invalidation in js_DefineNativeProperty. If such an id happens to * shadow a global or upvar of the same name, any inner functions can * never access the outer binding. Thus it cannot invalidate any property * cache entries or derived trace guards for the outer binding. See also * comments in js_PurgeScopeChainHelper from jsobj.cpp. */ localKind = js_LookupLocal(cx, fun, JSID_TO_ATOM(id), &slot); if (localKind != JSLOCAL_NONE && localKind != JSLOCAL_UPVAR) { JS_ASSERT((uint16) slot == slot); /* * We follow 10.2.3 of ECMA 262 v3 and make argument and variable * properties of the Call objects enumerable. */ attrs = JSPROP_ENUMERATE | JSPROP_PERMANENT | JSPROP_SHARED; if (localKind == JSLOCAL_ARG) { JS_ASSERT(slot < fun->nargs); getter = js_GetCallArg; setter = SetCallArg; } else { JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST); JS_ASSERT(slot < fun->u.i.nvars); getter = js_GetCallVar; setter = SetCallVar; if (localKind == JSLOCAL_CONST) attrs |= JSPROP_READONLY; /* * Use js_GetCallVarChecked if the local's value is a null closure. * This way we penalize performance only slightly on first use of a * null closure, not on every use. */ jsval v; if (!CallPropertyOp(cx, obj, INT_TO_JSID((int16)slot), &v, JSCPK_VAR, JS_FALSE)) return JS_FALSE; if (VALUE_IS_FUNCTION(cx, v) && GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) { getter = js_GetCallVarChecked; } } if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID, getter, setter, attrs, SPROP_HAS_SHORTID, (int16) slot, NULL, JSDNP_DONT_PURGE)) { return JS_FALSE; } *objp = obj; return JS_TRUE; } /* * Resolve arguments so that we never store a particular Call object's * arguments object reference in a Call prototype's |arguments| slot. */ if (id == ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom)) { if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID, GetCallArguments, SetCallArguments, JSPROP_PERMANENT | JSPROP_SHARED, 0, 0, NULL, JSDNP_DONT_PURGE)) { return JS_FALSE; } *objp = obj; return JS_TRUE; } /* Control flow reaches here only if id was not resolved. */ return JS_TRUE; } static JSBool call_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp) { JSStackFrame *fp; if (type == JSTYPE_FUNCTION) { fp = (JSStackFrame *) JS_GetPrivate(cx, obj); if (fp) { JS_ASSERT(fp->fun); *vp = OBJECT_TO_JSVAL(fp->callee); } } return JS_TRUE; } static uint32 call_reserveSlots(JSContext *cx, JSObject *obj) { JSFunction *fun; fun = GetCallObjectFunction(obj); return fun->countArgsAndVars(); } JS_FRIEND_DATA(JSClass) js_CallClass = { "Call", JSCLASS_HAS_PRIVATE | JSCLASS_HAS_RESERVED_SLOTS(CALL_CLASS_FIXED_RESERVED_SLOTS) | JSCLASS_NEW_RESOLVE | JSCLASS_IS_ANONYMOUS | JSCLASS_MARK_IS_TRACE, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, call_enumerate, (JSResolveOp)call_resolve, call_convert, JS_FinalizeStub, NULL, NULL, NULL, NULL, NULL, NULL, JS_CLASS_TRACE(args_or_call_trace), call_reserveSlots }; static JSBool fun_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp) { jsint slot; JSFunction *fun; JSStackFrame *fp; JSSecurityCallbacks *callbacks; if (!JSVAL_IS_INT(id)) return JS_TRUE; slot = JSVAL_TO_INT(id); /* * Loop because getter and setter can be delegated from another class, * but loop only for ARGS_LENGTH because we must pretend that f.length * is in each function instance f, per ECMA-262, instead of only in the * Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED * to make it appear so). * * This code couples tightly to the attributes for the function_props[] * initializers above, and to js_SetProperty and js_HasOwnProperty. * * It's important to allow delegating objects, even though they inherit * this getter (fun_getProperty), to override arguments, arity, caller, * and name. If we didn't return early for slot != ARGS_LENGTH, we would * clobber *vp with the native property value, instead of letting script * override that value in delegating objects. * * Note how that clobbering is what simulates JSPROP_READONLY for all of * the non-standard properties when the directly addressed object (obj) * is a function object (i.e., when this loop does not iterate). */ while (!(fun = (JSFunction *) JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL))) { if (slot != ARGS_LENGTH) return JS_TRUE; obj = OBJ_GET_PROTO(cx, obj); if (!obj) return JS_TRUE; } /* Find fun's top-most activation record. */ for (fp = js_GetTopStackFrame(cx); fp && (fp->fun != fun || (fp->flags & JSFRAME_SPECIAL)); fp = fp->down) { continue; } switch (slot) { case CALL_ARGUMENTS: /* Warn if strict about f.arguments or equivalent unqualified uses. */ if (!JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING | JSREPORT_STRICT, js_GetErrorMessage, NULL, JSMSG_DEPRECATED_USAGE, js_arguments_str)) { return JS_FALSE; } if (fp) { if (!js_GetArgsValue(cx, fp, vp)) return JS_FALSE; } else { *vp = JSVAL_NULL; } break; case ARGS_LENGTH: case FUN_ARITY: *vp = INT_TO_JSVAL((jsint)fun->nargs); break; case FUN_NAME: *vp = fun->atom ? ATOM_KEY(fun->atom) : STRING_TO_JSVAL(cx->runtime->emptyString); break; case FUN_CALLER: if (fp && fp->down && fp->down->fun) { JSFunction *caller = fp->down->fun; /* * See equivalent condition in args_getProperty for ARGS_CALLEE, * but here we do not want to throw, since this escape can happen * via foo.caller alone, without any debugger or indirect eval. And * it seems foo.caller is still used on the Web. */ if (caller->needsWrapper()) { JSObject *wrapper = WrapEscapingClosure(cx, fp->down, FUN_OBJECT(caller), caller); if (!wrapper) return JS_FALSE; *vp = OBJECT_TO_JSVAL(wrapper); return JS_TRUE; } *vp = OBJECT_TO_JSVAL(fp->down->callee); } else { *vp = JSVAL_NULL; } if (!JSVAL_IS_PRIMITIVE(*vp)) { callbacks = JS_GetSecurityCallbacks(cx); if (callbacks && callbacks->checkObjectAccess) { id = ATOM_KEY(cx->runtime->atomState.callerAtom); if (!callbacks->checkObjectAccess(cx, obj, id, JSACC_READ, vp)) return JS_FALSE; } } break; default: /* XXX fun[0] and fun.arguments[0] are equivalent. */ if (fp && fp->fun && (uintN)slot < fp->fun->nargs) *vp = fp->argv[slot]; break; } return JS_TRUE; } /* * ECMA-262 specifies that length is a property of function object instances, * but we can avoid that space cost by delegating to a prototype property that * is JSPROP_PERMANENT and JSPROP_SHARED. Each fun_getProperty call computes * a fresh length value based on the arity of the individual function object's * private data. * * The extensions below other than length, i.e., the ones not in ECMA-262, * are neither JSPROP_READONLY nor JSPROP_SHARED, because for compatibility * with ECMA we must allow a delegating object to override them. Therefore to * avoid entraining garbage in Function.prototype slots, they must be resolved * in non-prototype function objects, wherefore the lazy_function_props table * and fun_resolve's use of it. */ #define LENGTH_PROP_ATTRS (JSPROP_READONLY|JSPROP_PERMANENT|JSPROP_SHARED) static JSPropertySpec function_props[] = { {js_length_str, ARGS_LENGTH, LENGTH_PROP_ATTRS, fun_getProperty, JS_PropertyStub}, {0,0,0,0,0} }; typedef struct LazyFunctionProp { uint16 atomOffset; int8 tinyid; uint8 attrs; } LazyFunctionProp; /* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */ static LazyFunctionProp lazy_function_props[] = { {ATOM_OFFSET(arguments), CALL_ARGUMENTS, JSPROP_PERMANENT}, {ATOM_OFFSET(arity), FUN_ARITY, JSPROP_PERMANENT}, {ATOM_OFFSET(caller), FUN_CALLER, JSPROP_PERMANENT}, {ATOM_OFFSET(name), FUN_NAME, JSPROP_PERMANENT}, }; static JSBool fun_enumerate(JSContext *cx, JSObject *obj) { jsid prototypeId; JSObject *pobj; JSProperty *prop; prototypeId = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom); if (!OBJ_LOOKUP_PROPERTY(cx, obj, prototypeId, &pobj, &prop)) return JS_FALSE; if (prop) OBJ_DROP_PROPERTY(cx, pobj, prop); return JS_TRUE; } static JSBool fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags, JSObject **objp) { JSFunction *fun; JSAtom *atom; uintN i; if (!JSVAL_IS_STRING(id)) return JS_TRUE; fun = GET_FUNCTION_PRIVATE(cx, obj); /* * No need to reflect fun.prototype in 'fun.prototype = ... '. */ if (flags & JSRESOLVE_ASSIGNING) return JS_TRUE; /* * Ok, check whether id is 'prototype' and bootstrap the function object's * prototype property. */ atom = cx->runtime->atomState.classPrototypeAtom; if (id == ATOM_KEY(atom)) { JSObject *proto; /* * Beware of the wacky case of a user function named Object -- trying * to find a prototype for that will recur back here _ad perniciem_. */ if (fun->atom == CLASS_ATOM(cx, Object)) return JS_TRUE; /* * Make the prototype object to have the same parent as the function * object itself. */ proto = js_NewObject(cx, &js_ObjectClass, NULL, OBJ_GET_PARENT(cx, obj), 0); if (!proto) return JS_FALSE; /* * ECMA (15.3.5.2) says that constructor.prototype is DontDelete for * user-defined functions, but DontEnum | ReadOnly | DontDelete for * native "system" constructors such as Object or Function. So lazily * set the former here in fun_resolve, but eagerly define the latter * in JS_InitClass, with the right attributes. */ if (!js_SetClassPrototype(cx, obj, proto, JSPROP_ENUMERATE | JSPROP_PERMANENT)) { cx->weakRoots.newborn[GCX_OBJECT] = NULL; return JS_FALSE; } *objp = obj; return JS_TRUE; } for (i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) { LazyFunctionProp *lfp = &lazy_function_props[i]; atom = OFFSET_TO_ATOM(cx->runtime, lfp->atomOffset); if (id == ATOM_KEY(atom)) { if (!js_DefineNativeProperty(cx, obj, ATOM_TO_JSID(atom), JSVAL_VOID, fun_getProperty, JS_PropertyStub, lfp->attrs, SPROP_HAS_SHORTID, lfp->tinyid, NULL)) { return JS_FALSE; } *objp = obj; return JS_TRUE; } } return JS_TRUE; } static JSBool fun_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp) { switch (type) { case JSTYPE_FUNCTION: *vp = OBJECT_TO_JSVAL(obj); return JS_TRUE; default: return js_TryValueOf(cx, obj, type, vp); } } #if JS_HAS_XDR /* XXX store parent and proto, if defined */ JSBool js_XDRFunctionObject(JSXDRState *xdr, JSObject **objp) { JSContext *cx; JSFunction *fun; uint32 firstword; /* flag telling whether fun->atom is non-null, plus for fun->u.i.skipmin, fun->u.i.wrapper, and 14 bits reserved for future use */ uintN nargs, nvars, nupvars, n; uint32 localsword; /* word for argument and variable counts */ uint32 flagsword; /* word for fun->u.i.nupvars and fun->flags */ JSTempValueRooter tvr; JSBool ok; cx = xdr->cx; if (xdr->mode == JSXDR_ENCODE) { fun = GET_FUNCTION_PRIVATE(cx, *objp); if (!FUN_INTERPRETED(fun)) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_SCRIPTED_FUNCTION, JS_GetFunctionName(fun)); return JS_FALSE; } if (fun->u.i.wrapper) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_XDR_CLOSURE_WRAPPER, JS_GetFunctionName(fun)); return JS_FALSE; } JS_ASSERT((fun->u.i.wrapper & ~1U) == 0); firstword = (fun->u.i.skipmin << 2) | (fun->u.i.wrapper << 1) | !!fun->atom; nargs = fun->nargs; nvars = fun->u.i.nvars; nupvars = fun->u.i.nupvars; localsword = (nargs << 16) | nvars; flagsword = (nupvars << 16) | fun->flags; } else { fun = js_NewFunction(cx, NULL, NULL, 0, JSFUN_INTERPRETED, NULL, NULL); if (!fun) return JS_FALSE; STOBJ_CLEAR_PARENT(FUN_OBJECT(fun)); STOBJ_CLEAR_PROTO(FUN_OBJECT(fun)); #ifdef __GNUC__ nvars = nargs = nupvars = 0; /* quell GCC uninitialized warning */ #endif } /* From here on, control flow must flow through label out. */ MUST_FLOW_THROUGH("out"); JS_PUSH_TEMP_ROOT_OBJECT(cx, FUN_OBJECT(fun), &tvr); ok = JS_TRUE; if (!JS_XDRUint32(xdr, &firstword)) goto bad; if ((firstword & 1U) && !js_XDRStringAtom(xdr, &fun->atom)) goto bad; if (!JS_XDRUint32(xdr, &localsword) || !JS_XDRUint32(xdr, &flagsword)) { goto bad; } if (xdr->mode == JSXDR_DECODE) { nargs = localsword >> 16; nvars = uint16(localsword); JS_ASSERT((flagsword & JSFUN_KINDMASK) >= JSFUN_INTERPRETED); nupvars = flagsword >> 16; fun->flags = uint16(flagsword); fun->u.i.skipmin = uint16(firstword >> 2); fun->u.i.wrapper = (firstword >> 1) & 1; } /* do arguments and local vars */ n = nargs + nvars + nupvars; if (n != 0) { void *mark; uintN i; uintN bitmapLength; uint32 *bitmap; jsuword *names; JSAtom *name; JSLocalKind localKind; mark = JS_ARENA_MARK(&xdr->cx->tempPool); /* * From this point the control must flow via the label release_mark. * * To xdr the names we prefix the names with a bitmap descriptor and * then xdr the names as strings. For argument names (indexes below * nargs) the corresponding bit in the bitmap is unset when the name * is null. Such null names are not encoded or decoded. For variable * names (indexes starting from nargs) bitmap's bit is set when the * name is declared as const, not as ordinary var. * */ MUST_FLOW_THROUGH("release_mark"); bitmapLength = JS_HOWMANY(n, JS_BITS_PER_UINT32); JS_ARENA_ALLOCATE_CAST(bitmap, uint32 *, &xdr->cx->tempPool, bitmapLength * sizeof *bitmap); if (!bitmap) { js_ReportOutOfScriptQuota(xdr->cx); ok = JS_FALSE; goto release_mark; } if (xdr->mode == JSXDR_ENCODE) { names = js_GetLocalNameArray(xdr->cx, fun, &xdr->cx->tempPool); if (!names) { ok = JS_FALSE; goto release_mark; } memset(bitmap, 0, bitmapLength * sizeof *bitmap); for (i = 0; i != n; ++i) { if (i < fun->nargs ? JS_LOCAL_NAME_TO_ATOM(names[i]) != NULL : JS_LOCAL_NAME_IS_CONST(names[i])) { bitmap[i >> JS_BITS_PER_UINT32_LOG2] |= JS_BIT(i & (JS_BITS_PER_UINT32 - 1)); } } } #ifdef __GNUC__ else { names = NULL; /* quell GCC uninitialized warning */ } #endif for (i = 0; i != bitmapLength; ++i) { ok = JS_XDRUint32(xdr, &bitmap[i]); if (!ok) goto release_mark; } for (i = 0; i != n; ++i) { if (i < nargs && !(bitmap[i >> JS_BITS_PER_UINT32_LOG2] & JS_BIT(i & (JS_BITS_PER_UINT32 - 1)))) { if (xdr->mode == JSXDR_DECODE) { ok = js_AddLocal(xdr->cx, fun, NULL, JSLOCAL_ARG); if (!ok) goto release_mark; } else { JS_ASSERT(!JS_LOCAL_NAME_TO_ATOM(names[i])); } continue; } if (xdr->mode == JSXDR_ENCODE) name = JS_LOCAL_NAME_TO_ATOM(names[i]); ok = js_XDRStringAtom(xdr, &name); if (!ok) goto release_mark; if (xdr->mode == JSXDR_DECODE) { localKind = (i < nargs) ? JSLOCAL_ARG : (i < nargs + nvars) ? (bitmap[i >> JS_BITS_PER_UINT32_LOG2] & JS_BIT(i & (JS_BITS_PER_UINT32 - 1)) ? JSLOCAL_CONST : JSLOCAL_VAR) : JSLOCAL_UPVAR; ok = js_AddLocal(xdr->cx, fun, name, localKind); if (!ok) goto release_mark; } } ok = JS_TRUE; release_mark: JS_ARENA_RELEASE(&xdr->cx->tempPool, mark); if (!ok) goto out; if (xdr->mode == JSXDR_DECODE) js_FreezeLocalNames(cx, fun); } if (!js_XDRScript(xdr, &fun->u.i.script, NULL)) goto bad; if (xdr->mode == JSXDR_DECODE) { *objp = FUN_OBJECT(fun); #ifdef CHECK_SCRIPT_OWNER fun->u.i.script->owner = NULL; #endif js_CallNewScriptHook(cx, fun->u.i.script, fun); } out: JS_POP_TEMP_ROOT(cx, &tvr); return ok; bad: ok = JS_FALSE; goto out; } #else /* !JS_HAS_XDR */ #define js_XDRFunctionObject NULL #endif /* !JS_HAS_XDR */ /* * [[HasInstance]] internal method for Function objects: fetch the .prototype * property of its 'this' parameter, and walks the prototype chain of v (only * if v is an object) returning true if .prototype is found. */ static JSBool fun_hasInstance(JSContext *cx, JSObject *obj, jsval v, JSBool *bp) { jsval pval; if (!OBJ_GET_PROPERTY(cx, obj, ATOM_TO_JSID(cx->runtime->atomState .classPrototypeAtom), &pval)) { return JS_FALSE; } if (JSVAL_IS_PRIMITIVE(pval)) { /* * Throw a runtime error if instanceof is called on a function that * has a non-object as its .prototype value. */ js_ReportValueError(cx, JSMSG_BAD_PROTOTYPE, -1, OBJECT_TO_JSVAL(obj), NULL); return JS_FALSE; } return js_IsDelegate(cx, JSVAL_TO_OBJECT(pval), v, bp); } static void TraceLocalNames(JSTracer *trc, JSFunction *fun); static void DestroyLocalNames(JSContext *cx, JSFunction *fun); static void fun_trace(JSTracer *trc, JSObject *obj) { JSFunction *fun; /* A newborn function object may have a not yet initialized private slot. */ fun = (JSFunction *) JS_GetPrivate(trc->context, obj); if (!fun) return; if (FUN_OBJECT(fun) != obj) { /* obj is cloned function object, trace the original. */ JS_CALL_TRACER(trc, FUN_OBJECT(fun), JSTRACE_OBJECT, "private"); return; } if (fun->atom) JS_CALL_STRING_TRACER(trc, ATOM_TO_STRING(fun->atom), "atom"); if (FUN_INTERPRETED(fun)) { if (fun->u.i.script) js_TraceScript(trc, fun->u.i.script); TraceLocalNames(trc, fun); } } static void fun_finalize(JSContext *cx, JSObject *obj) { JSFunction *fun; /* Ignore newborn and cloned function objects. */ fun = (JSFunction *) JS_GetPrivate(cx, obj); if (!fun || FUN_OBJECT(fun) != obj) return; /* * Null-check of u.i.script is required since the parser sets interpreted * very early. */ if (FUN_INTERPRETED(fun)) { if (fun->u.i.script) js_DestroyScript(cx, fun->u.i.script); DestroyLocalNames(cx, fun); } } static uint32 fun_reserveSlots(JSContext *cx, JSObject *obj) { JSFunction *fun; uint32 nslots; /* * We use JS_GetPrivate and not GET_FUNCTION_PRIVATE because during * js_InitFunctionClass invocation the function is called before the * private slot of the function object is set. */ fun = (JSFunction *) JS_GetPrivate(cx, obj); nslots = 0; if (fun && FUN_INTERPRETED(fun) && fun->u.i.script) { if (fun->u.i.nupvars != 0) nslots = JS_SCRIPT_UPVARS(fun->u.i.script)->length; if (fun->u.i.script->regexpsOffset != 0) nslots += JS_SCRIPT_REGEXPS(fun->u.i.script)->length; } return nslots; } /* * Reserve two slots in all function objects for XPConnect. Note that this * does not bloat every instance, only those on which reserved slots are set, * and those on which ad-hoc properties are defined. */ JS_FRIEND_DATA(JSClass) js_FunctionClass = { js_Function_str, JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(2) | JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Function), JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, fun_enumerate, (JSResolveOp)fun_resolve, fun_convert, fun_finalize, NULL, NULL, NULL, NULL, js_XDRFunctionObject, fun_hasInstance, JS_CLASS_TRACE(fun_trace), fun_reserveSlots }; static JSBool fun_toStringHelper(JSContext *cx, uint32 indent, uintN argc, jsval *vp) { jsval fval; JSObject *obj; JSFunction *fun; JSString *str; fval = JS_THIS(cx, vp); if (JSVAL_IS_NULL(fval)) return JS_FALSE; if (!VALUE_IS_FUNCTION(cx, fval)) { /* * If we don't have a function to start off with, try converting the * object to a function. If that doesn't work, complain. */ if (!JSVAL_IS_PRIMITIVE(fval)) { obj = JSVAL_TO_OBJECT(fval); if (!OBJ_GET_CLASS(cx, obj)->convert(cx, obj, JSTYPE_FUNCTION, &fval)) { return JS_FALSE; } vp[1] = fval; } if (!VALUE_IS_FUNCTION(cx, fval)) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_INCOMPATIBLE_PROTO, js_Function_str, js_toString_str, JS_GetTypeName(cx, JS_TypeOfValue(cx, fval))); return JS_FALSE; } } obj = JSVAL_TO_OBJECT(fval); if (argc != 0) { indent = js_ValueToECMAUint32(cx, &vp[2]); if (JSVAL_IS_NULL(vp[2])) return JS_FALSE; } JS_ASSERT(JS_ObjectIsFunction(cx, obj)); fun = GET_FUNCTION_PRIVATE(cx, obj); if (!fun) return JS_TRUE; str = JS_DecompileFunction(cx, fun, (uintN)indent); if (!str) return JS_FALSE; *vp = STRING_TO_JSVAL(str); return JS_TRUE; } static JSBool fun_toString(JSContext *cx, uintN argc, jsval *vp) { return fun_toStringHelper(cx, 0, argc, vp); } #if JS_HAS_TOSOURCE static JSBool fun_toSource(JSContext *cx, uintN argc, jsval *vp) { return fun_toStringHelper(cx, JS_DONT_PRETTY_PRINT, argc, vp); } #endif JS_REQUIRES_STACK JSBool js_fun_call(JSContext *cx, uintN argc, jsval *vp) { JSObject *obj; jsval fval, *argv, *invokevp; JSString *str; void *mark; JSBool ok; obj = JS_THIS_OBJECT(cx, vp); if (!obj || !OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &vp[1])) return JS_FALSE; fval = vp[1]; if (!VALUE_IS_FUNCTION(cx, fval)) { str = JS_ValueToString(cx, fval); if (str) { const char *bytes = js_GetStringBytes(cx, str); if (bytes) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_INCOMPATIBLE_PROTO, js_Function_str, js_call_str, bytes); } } return JS_FALSE; } argv = vp + 2; if (argc == 0) { /* Call fun with its global object as the 'this' param if no args. */ obj = NULL; } else { /* Otherwise convert the first arg to 'this' and skip over it. */ if (!JSVAL_IS_PRIMITIVE(argv[0])) obj = JSVAL_TO_OBJECT(argv[0]); else if (!js_ValueToObject(cx, argv[0], &obj)) return JS_FALSE; argc--; argv++; } /* Allocate stack space for fval, obj, and the args. */ invokevp = js_AllocStack(cx, 2 + argc, &mark); if (!invokevp) return JS_FALSE; /* Push fval, obj, and the args. */ invokevp[0] = fval; invokevp[1] = OBJECT_TO_JSVAL(obj); memcpy(invokevp + 2, argv, argc * sizeof *argv); ok = js_Invoke(cx, argc, invokevp, 0); *vp = *invokevp; js_FreeStack(cx, mark); return ok; } JS_REQUIRES_STACK JSBool js_fun_apply(JSContext *cx, uintN argc, jsval *vp) { JSObject *obj, *aobj; jsval fval, *invokevp, *sp; JSString *str; jsuint length; JSBool arraylike, ok; void *mark; uintN i; if (argc == 0) { /* Will get globalObject as 'this' and no other arguments. */ return js_fun_call(cx, argc, vp); } obj = JS_THIS_OBJECT(cx, vp); if (!obj || !OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &vp[1])) return JS_FALSE; fval = vp[1]; if (!VALUE_IS_FUNCTION(cx, fval)) { str = JS_ValueToString(cx, fval); if (str) { const char *bytes = js_GetStringBytes(cx, str); if (bytes) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_INCOMPATIBLE_PROTO, js_Function_str, js_apply_str, bytes); } } return JS_FALSE; } /* Quell GCC overwarnings. */ aobj = NULL; length = 0; if (argc >= 2) { /* If the 2nd arg is null or void, call the function with 0 args. */ if (JSVAL_IS_NULL(vp[3]) || JSVAL_IS_VOID(vp[3])) { argc = 0; } else { /* The second arg must be an array (or arguments object). */ arraylike = JS_FALSE; if (!JSVAL_IS_PRIMITIVE(vp[3])) { aobj = JSVAL_TO_OBJECT(vp[3]); if (!js_IsArrayLike(cx, aobj, &arraylike, &length)) return JS_FALSE; } if (!arraylike) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_APPLY_ARGS, js_apply_str); return JS_FALSE; } } } /* Convert the first arg to 'this' and skip over it. */ if (!JSVAL_IS_PRIMITIVE(vp[2])) obj = JSVAL_TO_OBJECT(vp[2]); else if (!js_ValueToObject(cx, vp[2], &obj)) return JS_FALSE; /* Allocate stack space for fval, obj, and the args. */ argc = (uintN)JS_MIN(length, ARRAY_INIT_LIMIT - 1); invokevp = js_AllocStack(cx, 2 + argc, &mark); if (!invokevp) return JS_FALSE; /* Push fval, obj, and aobj's elements as args. */ sp = invokevp; *sp++ = fval; *sp++ = OBJECT_TO_JSVAL(obj); for (i = 0; i < argc; i++) { ok = JS_GetElement(cx, aobj, (jsint)i, sp); if (!ok) goto out; sp++; } ok = js_Invoke(cx, argc, invokevp, 0); *vp = *invokevp; out: js_FreeStack(cx, mark); return ok; } #ifdef NARCISSUS static JS_REQUIRES_STACK JSBool fun_applyConstructor(JSContext *cx, uintN argc, jsval *vp) { JSObject *aobj; uintN length, i; void *mark; jsval *invokevp, *sp; JSBool ok; if (JSVAL_IS_PRIMITIVE(vp[2]) || (aobj = JSVAL_TO_OBJECT(vp[2]), OBJ_GET_CLASS(cx, aobj) != &js_ArrayClass && OBJ_GET_CLASS(cx, aobj) != &js_ArgumentsClass)) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_APPLY_ARGS, "__applyConstruct__"); return JS_FALSE; } if (!js_GetLengthProperty(cx, aobj, &length)) return JS_FALSE; if (length >= ARRAY_INIT_LIMIT) length = ARRAY_INIT_LIMIT - 1; invokevp = js_AllocStack(cx, 2 + length, &mark); if (!invokevp) return JS_FALSE; sp = invokevp; *sp++ = vp[1]; *sp++ = JSVAL_NULL; /* this is filled automagically */ for (i = 0; i < length; i++) { ok = JS_GetElement(cx, aobj, (jsint)i, sp); if (!ok) goto out; sp++; } ok = js_InvokeConstructor(cx, length, JS_TRUE, invokevp); *vp = *invokevp; out: js_FreeStack(cx, mark); return ok; } #endif static JSFunctionSpec function_methods[] = { #if JS_HAS_TOSOURCE JS_FN(js_toSource_str, fun_toSource, 0,0), #endif JS_FN(js_toString_str, fun_toString, 0,0), JS_FN(js_apply_str, js_fun_apply, 2,0), JS_FN(js_call_str, js_fun_call, 1,0), #ifdef NARCISSUS JS_FN("__applyConstructor__", fun_applyConstructor, 1,0), #endif JS_FS_END }; static JSBool Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { JSFunction *fun; JSObject *parent; JSStackFrame *fp, *caller; uintN i, n, lineno; JSAtom *atom; const char *filename; JSBool ok; JSString *str, *arg; JSTokenStream ts; JSPrincipals *principals; jschar *collected_args, *cp; void *mark; size_t arg_length, args_length, old_args_length; JSTokenType tt; if (!JS_IsConstructing(cx)) { obj = js_NewObject(cx, &js_FunctionClass, NULL, NULL, 0); if (!obj) return JS_FALSE; *rval = OBJECT_TO_JSVAL(obj); } else { /* * The constructor is called before the private slot is initialized so * we must use JS_GetPrivate, not GET_FUNCTION_PRIVATE here. */ if (JS_GetPrivate(cx, obj)) return JS_TRUE; } /* * NB: (new Function) is not lexically closed by its caller, it's just an * anonymous function in the top-level scope that its constructor inhabits. * Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42, * and so would a call to f from another top-level's script or function. * * In older versions, before call objects, a new Function was adopted by * its running context's globalObject, which might be different from the * top-level reachable from scopeChain (in HTML frames, e.g.). */ parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(argv[-2])); fun = js_NewFunction(cx, obj, NULL, 0, JSFUN_LAMBDA | JSFUN_INTERPRETED, parent, cx->runtime->atomState.anonymousAtom); if (!fun) return JS_FALSE; /* * Function is static and not called directly by other functions in this * file, therefore it is callable only as a native function by js_Invoke. * Find the scripted caller, possibly skipping other native frames such as * are built for Function.prototype.call or .apply activations that invoke * Function indirectly from a script. */ fp = js_GetTopStackFrame(cx); JS_ASSERT(!fp->script && fp->fun && fp->fun->u.n.native == Function); caller = js_GetScriptedCaller(cx, fp); if (caller) { principals = JS_EvalFramePrincipals(cx, fp, caller); filename = js_ComputeFilename(cx, caller, principals, &lineno); } else { filename = NULL; lineno = 0; principals = NULL; } /* Belt-and-braces: check that the caller has access to parent. */ if (!js_CheckPrincipalsAccess(cx, parent, principals, CLASS_ATOM(cx, Function))) { return JS_FALSE; } n = argc ? argc - 1 : 0; if (n > 0) { enum { OK, BAD, BAD_FORMAL } state; /* * Collect the function-argument arguments into one string, separated * by commas, then make a tokenstream from that string, and scan it to * get the arguments. We need to throw the full scanner at the * problem, because the argument string can legitimately contain * comments and linefeeds. XXX It might be better to concatenate * everything up into a function definition and pass it to the * compiler, but doing it this way is less of a delta from the old * code. See ECMA 15.3.2.1. */ state = BAD_FORMAL; args_length = 0; for (i = 0; i < n; i++) { /* Collect the lengths for all the function-argument arguments. */ arg = js_ValueToString(cx, argv[i]); if (!arg) return JS_FALSE; argv[i] = STRING_TO_JSVAL(arg); /* * Check for overflow. The < test works because the maximum * JSString length fits in 2 fewer bits than size_t has. */ old_args_length = args_length; args_length = old_args_length + JSSTRING_LENGTH(arg); if (args_length < old_args_length) { js_ReportAllocationOverflow(cx); return JS_FALSE; } } /* Add 1 for each joining comma and check for overflow (two ways). */ old_args_length = args_length; args_length = old_args_length + n - 1; if (args_length < old_args_length || args_length >= ~(size_t)0 / sizeof(jschar)) { js_ReportAllocationOverflow(cx); return JS_FALSE; } /* * Allocate a string to hold the concatenated arguments, including room * for a terminating 0. Mark cx->tempPool for later release, to free * collected_args and its tokenstream in one swoop. */ mark = JS_ARENA_MARK(&cx->tempPool); JS_ARENA_ALLOCATE_CAST(cp, jschar *, &cx->tempPool, (args_length+1) * sizeof(jschar)); if (!cp) { js_ReportOutOfScriptQuota(cx); return JS_FALSE; } collected_args = cp; /* * Concatenate the arguments into the new string, separated by commas. */ for (i = 0; i < n; i++) { arg = JSVAL_TO_STRING(argv[i]); arg_length = JSSTRING_LENGTH(arg); (void) js_strncpy(cp, JSSTRING_CHARS(arg), arg_length); cp += arg_length; /* Add separating comma or terminating 0. */ *cp++ = (i + 1 < n) ? ',' : 0; } /* Initialize a tokenstream that reads from the given string. */ if (!js_InitTokenStream(cx, &ts, collected_args, args_length, NULL, filename, lineno)) { JS_ARENA_RELEASE(&cx->tempPool, mark); return JS_FALSE; } /* The argument string may be empty or contain no tokens. */ tt = js_GetToken(cx, &ts); if (tt != TOK_EOF) { for (;;) { /* * Check that it's a name. This also implicitly guards against * TOK_ERROR, which was already reported. */ if (tt != TOK_NAME) goto after_args; /* * Get the atom corresponding to the name from the token * stream; we're assured at this point that it's a valid * identifier. */ atom = CURRENT_TOKEN(&ts).t_atom; /* Check for a duplicate parameter name. */ if (js_LookupLocal(cx, fun, atom, NULL) != JSLOCAL_NONE) { const char *name; name = js_AtomToPrintableString(cx, atom); ok = name && js_ReportCompileErrorNumber(cx, &ts, NULL, JSREPORT_WARNING | JSREPORT_STRICT, JSMSG_DUPLICATE_FORMAL, name); if (!ok) goto after_args; } if (!js_AddLocal(cx, fun, atom, JSLOCAL_ARG)) goto after_args; /* * Get the next token. Stop on end of stream. Otherwise * insist on a comma, get another name, and iterate. */ tt = js_GetToken(cx, &ts); if (tt == TOK_EOF) break; if (tt != TOK_COMMA) goto after_args; tt = js_GetToken(cx, &ts); } } state = OK; after_args: if (state == BAD_FORMAL && !(ts.flags & TSF_ERROR)) { /* * Report "malformed formal parameter" iff no illegal char or * similar scanner error was already reported. */ JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_FORMAL); } js_CloseTokenStream(cx, &ts); JS_ARENA_RELEASE(&cx->tempPool, mark); if (state != OK) return JS_FALSE; } if (argc) { str = js_ValueToString(cx, argv[argc-1]); if (!str) return JS_FALSE; argv[argc-1] = STRING_TO_JSVAL(str); } else { str = cx->runtime->emptyString; } return JSCompiler::compileFunctionBody(cx, fun, principals, JSSTRING_CHARS(str), JSSTRING_LENGTH(str), filename, lineno); } JSObject * js_InitFunctionClass(JSContext *cx, JSObject *obj) { JSObject *proto; JSFunction *fun; proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1, function_props, function_methods, NULL, NULL); if (!proto) return NULL; fun = js_NewFunction(cx, proto, NULL, 0, JSFUN_INTERPRETED, obj, NULL); if (!fun) goto bad; fun->u.i.script = js_NewScript(cx, 1, 1, 0, 0, 0, 0, 0); if (!fun->u.i.script) goto bad; fun->u.i.script->code[0] = JSOP_STOP; *SCRIPT_NOTES(fun->u.i.script) = SRC_NULL; #ifdef CHECK_SCRIPT_OWNER fun->u.i.script->owner = NULL; #endif return proto; bad: cx->weakRoots.newborn[GCX_OBJECT] = NULL; return NULL; } JSFunction * js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs, uintN flags, JSObject *parent, JSAtom *atom) { JSFunction *fun; if (funobj) { JS_ASSERT(HAS_FUNCTION_CLASS(funobj)); OBJ_SET_PARENT(cx, funobj, parent); } else { funobj = js_NewObject(cx, &js_FunctionClass, NULL, parent, 0); if (!funobj) return NULL; } JS_ASSERT(JSVAL_IS_VOID(funobj->fslots[JSSLOT_PRIVATE])); fun = (JSFunction *) funobj; /* Initialize all function members. */ fun->nargs = nargs; fun->flags = flags & (JSFUN_FLAGS_MASK | JSFUN_KINDMASK | JSFUN_TRACEABLE); if ((flags & JSFUN_KINDMASK) >= JSFUN_INTERPRETED) { JS_ASSERT(!native); JS_ASSERT(nargs == 0); fun->u.i.nvars = 0; fun->u.i.nupvars = 0; fun->u.i.skipmin = 0; fun->u.i.wrapper = false; fun->u.i.script = NULL; #ifdef DEBUG fun->u.i.names.taggedAtom = 0; #endif } else { fun->u.n.extra = 0; fun->u.n.spare = 0; fun->u.n.clasp = NULL; if (flags & JSFUN_TRACEABLE) { #ifdef JS_TRACER JSTraceableNative *trcinfo = JS_FUNC_TO_DATA_PTR(JSTraceableNative *, native); fun->u.n.native = (JSNative) trcinfo->native; fun->u.n.trcinfo = trcinfo; #else fun->u.n.trcinfo = NULL; #endif } else { fun->u.n.native = native; fun->u.n.trcinfo = NULL; } JS_ASSERT(fun->u.n.native); } fun->atom = atom; /* Set private to self to indicate non-cloned fully initialized function. */ FUN_OBJECT(fun)->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(fun); return fun; } JSObject * js_CloneFunctionObject(JSContext *cx, JSFunction *fun, JSObject *parent) { /* * The cloned function object does not need the extra JSFunction members * beyond JSObject as it points to fun via the private slot. */ JSObject *clone = js_NewObject(cx, &js_FunctionClass, NULL, parent, sizeof(JSObject)); if (!clone) return NULL; clone->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(fun); return clone; } /* * Create a new flat closure, but don't initialize the imported upvar * values. The tracer calls this function and then initializes the upvar * slots on trace. */ JSObject * JS_FASTCALL js_AllocFlatClosure(JSContext *cx, JSFunction *fun, JSObject *scopeChain) { JS_ASSERT(FUN_FLAT_CLOSURE(fun)); JS_ASSERT((fun->u.i.script->upvarsOffset ? JS_SCRIPT_UPVARS(fun->u.i.script)->length : 0) == fun->u.i.nupvars); JSObject *closure = js_CloneFunctionObject(cx, fun, scopeChain); if (!closure || fun->u.i.nupvars == 0) return closure; uint32 nslots = JSSLOT_FREE(&js_FunctionClass); JS_ASSERT(nslots == JS_INITIAL_NSLOTS); nslots += fun_reserveSlots(cx, closure); if (!js_ReallocSlots(cx, closure, nslots, JS_TRUE)) return NULL; return closure; } JS_DEFINE_CALLINFO_3(extern, OBJECT, js_AllocFlatClosure, CONTEXT, FUNCTION, OBJECT, 0, 0) JSObject * js_NewFlatClosure(JSContext *cx, JSFunction *fun) { JSObject *closure = js_AllocFlatClosure(cx, fun, cx->fp->scopeChain); if (!closure || fun->u.i.nupvars == 0) return closure; JSUpvarArray *uva = JS_SCRIPT_UPVARS(fun->u.i.script); JS_ASSERT(uva->length <= size_t(closure->dslots[-1])); uintN level = fun->u.i.script->staticLevel; for (uint32 i = 0, n = uva->length; i < n; i++) closure->dslots[i] = js_GetUpvar(cx, level, uva->vector[i]); return closure; } JSObject * js_NewDebuggableFlatClosure(JSContext *cx, JSFunction *fun) { JS_ASSERT(cx->fp->fun->flags & JSFUN_HEAVYWEIGHT); JS_ASSERT(!cx->fp->fun->optimizedClosure()); return WrapEscapingClosure(cx, cx->fp, FUN_OBJECT(fun), fun); } JSFunction * js_DefineFunction(JSContext *cx, JSObject *obj, JSAtom *atom, JSNative native, uintN nargs, uintN attrs) { JSPropertyOp gsop; JSFunction *fun; if (attrs & JSFUN_STUB_GSOPS) { /* * JSFUN_STUB_GSOPS is a request flag only, not stored in fun->flags or * the defined property's attributes. This allows us to encode another, * internal flag using the same bit, JSFUN_EXPR_CLOSURE -- see jsfun.h * for more on this. */ attrs &= ~JSFUN_STUB_GSOPS; gsop = JS_PropertyStub; } else { gsop = NULL; } fun = js_NewFunction(cx, NULL, native, nargs, attrs, obj, atom); if (!fun) return NULL; if (!OBJ_DEFINE_PROPERTY(cx, obj, ATOM_TO_JSID(atom), OBJECT_TO_JSVAL(FUN_OBJECT(fun)), gsop, gsop, attrs & ~JSFUN_FLAGS_MASK, NULL)) { return NULL; } return fun; } #if (JSV2F_CONSTRUCT & JSV2F_SEARCH_STACK) # error "JSINVOKE_CONSTRUCT and JSV2F_SEARCH_STACK are not disjoint!" #endif JSFunction * js_ValueToFunction(JSContext *cx, jsval *vp, uintN flags) { jsval v; JSObject *obj; v = *vp; obj = NULL; if (JSVAL_IS_OBJECT(v)) { obj = JSVAL_TO_OBJECT(v); if (obj && OBJ_GET_CLASS(cx, obj) != &js_FunctionClass) { if (!OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &v)) return NULL; obj = VALUE_IS_FUNCTION(cx, v) ? JSVAL_TO_OBJECT(v) : NULL; } } if (!obj) { js_ReportIsNotFunction(cx, vp, flags); return NULL; } return GET_FUNCTION_PRIVATE(cx, obj); } JSObject * js_ValueToFunctionObject(JSContext *cx, jsval *vp, uintN flags) { JSFunction *fun; JSStackFrame *caller; JSPrincipals *principals; if (VALUE_IS_FUNCTION(cx, *vp)) return JSVAL_TO_OBJECT(*vp); fun = js_ValueToFunction(cx, vp, flags); if (!fun) return NULL; *vp = OBJECT_TO_JSVAL(FUN_OBJECT(fun)); caller = js_GetScriptedCaller(cx, NULL); if (caller) { principals = JS_StackFramePrincipals(cx, caller); } else { /* No scripted caller, don't allow access. */ principals = NULL; } if (!js_CheckPrincipalsAccess(cx, FUN_OBJECT(fun), principals, fun->atom ? fun->atom : cx->runtime->atomState.anonymousAtom)) { return NULL; } return FUN_OBJECT(fun); } JSObject * js_ValueToCallableObject(JSContext *cx, jsval *vp, uintN flags) { JSObject *callable = JSVAL_IS_OBJECT(*vp) ? JSVAL_TO_OBJECT(*vp) : NULL; if (callable && js_IsCallable(callable, cx)) { *vp = OBJECT_TO_JSVAL(callable); return callable; } return js_ValueToFunctionObject(cx, vp, flags); } void js_ReportIsNotFunction(JSContext *cx, jsval *vp, uintN flags) { JSStackFrame *fp; uintN error; const char *name, *source; JSTempValueRooter tvr; for (fp = js_GetTopStackFrame(cx); fp && !fp->regs; fp = fp->down) continue; name = source = NULL; JS_PUSH_TEMP_ROOT_STRING(cx, NULL, &tvr); if (flags & JSV2F_ITERATOR) { error = JSMSG_BAD_ITERATOR; name = js_iterator_str; tvr.u.string = js_ValueToSource(cx, *vp); if (!tvr.u.string) goto out; tvr.u.string = js_QuoteString(cx, tvr.u.string, 0); if (!tvr.u.string) goto out; source = js_GetStringBytes(cx, tvr.u.string); if (!source) goto out; } else if (flags & JSV2F_CONSTRUCT) { error = JSMSG_NOT_CONSTRUCTOR; } else { error = JSMSG_NOT_FUNCTION; } js_ReportValueError3(cx, error, (fp && fp->regs && StackBase(fp) <= vp && vp < fp->regs->sp) ? vp - fp->regs->sp : (flags & JSV2F_SEARCH_STACK) ? JSDVG_SEARCH_STACK : JSDVG_IGNORE_STACK, *vp, NULL, name, source); out: JS_POP_TEMP_ROOT(cx, &tvr); } /* * When a function has between 2 and MAX_ARRAY_LOCALS arguments and variables, * their name are stored as the JSLocalNames.array. */ #define MAX_ARRAY_LOCALS 8 JS_STATIC_ASSERT(2 <= MAX_ARRAY_LOCALS); JS_STATIC_ASSERT(MAX_ARRAY_LOCALS < JS_BITMASK(16)); /* * We use the lowest bit of the string atom to distinguish const from var * name when there is only single name or when names are stored as an array. */ JS_STATIC_ASSERT((JSVAL_STRING & 1) == 0); /* * When we use a hash table to store the local names, we use a singly linked * list to record the indexes of duplicated parameter names to preserve the * duplicates for the decompiler. */ typedef struct JSNameIndexPair JSNameIndexPair; struct JSNameIndexPair { JSAtom *name; uint16 index; JSNameIndexPair *link; }; struct JSLocalNameMap { JSDHashTable names; JSNameIndexPair *lastdup; }; typedef struct JSLocalNameHashEntry { JSDHashEntryHdr hdr; JSAtom *name; uint16 index; uint8 localKind; } JSLocalNameHashEntry; static void FreeLocalNameHash(JSContext *cx, JSLocalNameMap *map) { JSNameIndexPair *dup, *next; for (dup = map->lastdup; dup; dup = next) { next = dup->link; JS_free(cx, dup); } JS_DHashTableFinish(&map->names); JS_free(cx, map); } static JSBool HashLocalName(JSContext *cx, JSLocalNameMap *map, JSAtom *name, JSLocalKind localKind, uintN index) { JSLocalNameHashEntry *entry; JSNameIndexPair *dup; JS_ASSERT(index <= JS_BITMASK(16)); #if JS_HAS_DESTRUCTURING if (!name) { /* A destructuring pattern does not need a hash entry. */ JS_ASSERT(localKind == JSLOCAL_ARG); return JS_TRUE; } #endif JS_ASSERT(ATOM_IS_STRING(name)); entry = (JSLocalNameHashEntry *) JS_DHashTableOperate(&map->names, name, JS_DHASH_ADD); if (!entry) { JS_ReportOutOfMemory(cx); return JS_FALSE; } if (entry->name) { JS_ASSERT(entry->name == name); JS_ASSERT(entry->localKind == JSLOCAL_ARG); dup = (JSNameIndexPair *) JS_malloc(cx, sizeof *dup); if (!dup) return JS_FALSE; dup->name = entry->name; dup->index = entry->index; dup->link = map->lastdup; map->lastdup = dup; } entry->name = name; entry->index = (uint16) index; entry->localKind = (uint8) localKind; return JS_TRUE; } JSBool js_AddLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, JSLocalKind kind) { jsuword taggedAtom; uint16 *indexp; uintN n, i; jsuword *array; JSLocalNameMap *map; JS_ASSERT(FUN_INTERPRETED(fun)); JS_ASSERT(!fun->u.i.script); JS_ASSERT(((jsuword) atom & 1) == 0); taggedAtom = (jsuword) atom; if (kind == JSLOCAL_ARG) { indexp = &fun->nargs; } else if (kind == JSLOCAL_UPVAR) { indexp = &fun->u.i.nupvars; } else { indexp = &fun->u.i.nvars; if (kind == JSLOCAL_CONST) taggedAtom |= 1; else JS_ASSERT(kind == JSLOCAL_VAR); } n = fun->countLocalNames(); if (n == 0) { JS_ASSERT(fun->u.i.names.taggedAtom == 0); fun->u.i.names.taggedAtom = taggedAtom; } else if (n < MAX_ARRAY_LOCALS) { if (n > 1) { array = fun->u.i.names.array; } else { array = (jsuword *) JS_malloc(cx, MAX_ARRAY_LOCALS * sizeof *array); if (!array) return JS_FALSE; array[0] = fun->u.i.names.taggedAtom; fun->u.i.names.array = array; } if (kind == JSLOCAL_ARG) { /* * A destructuring argument pattern adds variables, not arguments, * so for the following arguments nvars != 0. */ #if JS_HAS_DESTRUCTURING if (fun->u.i.nvars != 0) { memmove(array + fun->nargs + 1, array + fun->nargs, fun->u.i.nvars * sizeof *array); } #else JS_ASSERT(fun->u.i.nvars == 0); #endif array[fun->nargs] = taggedAtom; } else { array[n] = taggedAtom; } } else if (n == MAX_ARRAY_LOCALS) { array = fun->u.i.names.array; map = (JSLocalNameMap *) JS_malloc(cx, sizeof *map); if (!map) return JS_FALSE; if (!JS_DHashTableInit(&map->names, JS_DHashGetStubOps(), NULL, sizeof(JSLocalNameHashEntry), JS_DHASH_DEFAULT_CAPACITY(MAX_ARRAY_LOCALS * 2))) { JS_ReportOutOfMemory(cx); JS_free(cx, map); return JS_FALSE; } map->lastdup = NULL; for (i = 0; i != MAX_ARRAY_LOCALS; ++i) { taggedAtom = array[i]; uintN j = i; JSLocalKind k = JSLOCAL_ARG; if (j >= fun->nargs) { j -= fun->nargs; if (j < fun->u.i.nvars) { k = (taggedAtom & 1) ? JSLOCAL_CONST : JSLOCAL_VAR; } else { j -= fun->u.i.nvars; k = JSLOCAL_UPVAR; } } if (!HashLocalName(cx, map, (JSAtom *) (taggedAtom & ~1), k, j)) { FreeLocalNameHash(cx, map); return JS_FALSE; } } if (!HashLocalName(cx, map, atom, kind, *indexp)) { FreeLocalNameHash(cx, map); return JS_FALSE; } /* * At this point the entry is added and we cannot fail. It is time * to replace fun->u.i.names with the built map. */ fun->u.i.names.map = map; JS_free(cx, array); } else { if (*indexp == JS_BITMASK(16)) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, (kind == JSLOCAL_ARG) ? JSMSG_TOO_MANY_FUN_ARGS : JSMSG_TOO_MANY_LOCALS); return JS_FALSE; } if (!HashLocalName(cx, fun->u.i.names.map, atom, kind, *indexp)) return JS_FALSE; } /* Update the argument or variable counter. */ ++*indexp; return JS_TRUE; } JSLocalKind js_LookupLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, uintN *indexp) { uintN n, i, upvar_base; jsuword *array; JSLocalNameHashEntry *entry; JS_ASSERT(FUN_INTERPRETED(fun)); n = fun->countLocalNames(); if (n == 0) return JSLOCAL_NONE; if (n <= MAX_ARRAY_LOCALS) { array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array; /* Search from the tail to pick up the last duplicated name. */ i = n; upvar_base = fun->countArgsAndVars(); do { --i; if (atom == JS_LOCAL_NAME_TO_ATOM(array[i])) { if (i < fun->nargs) { if (indexp) *indexp = i; return JSLOCAL_ARG; } if (i >= upvar_base) { if (indexp) *indexp = i - upvar_base; return JSLOCAL_UPVAR; } if (indexp) *indexp = i - fun->nargs; return JS_LOCAL_NAME_IS_CONST(array[i]) ? JSLOCAL_CONST : JSLOCAL_VAR; } } while (i != 0); } else { entry = (JSLocalNameHashEntry *) JS_DHashTableOperate(&fun->u.i.names.map->names, atom, JS_DHASH_LOOKUP); if (JS_DHASH_ENTRY_IS_BUSY(&entry->hdr)) { JS_ASSERT(entry->localKind != JSLOCAL_NONE); if (indexp) *indexp = entry->index; return (JSLocalKind) entry->localKind; } } return JSLOCAL_NONE; } typedef struct JSLocalNameEnumeratorArgs { JSFunction *fun; jsuword *names; #ifdef DEBUG uintN nCopiedArgs; uintN nCopiedVars; #endif } JSLocalNameEnumeratorArgs; static JSDHashOperator get_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 number, void *arg) { JSLocalNameHashEntry *entry; JSLocalNameEnumeratorArgs *args; uint i; jsuword constFlag; entry = (JSLocalNameHashEntry *) hdr; args = (JSLocalNameEnumeratorArgs *) arg; JS_ASSERT(entry->name); if (entry->localKind == JSLOCAL_ARG) { JS_ASSERT(entry->index < args->fun->nargs); JS_ASSERT(args->nCopiedArgs++ < args->fun->nargs); i = entry->index; constFlag = 0; } else { JS_ASSERT(entry->localKind == JSLOCAL_VAR || entry->localKind == JSLOCAL_CONST || entry->localKind == JSLOCAL_UPVAR); JS_ASSERT(entry->index < args->fun->u.i.nvars + args->fun->u.i.nupvars); JS_ASSERT(args->nCopiedVars++ < args->fun->u.i.nvars + args->fun->u.i.nupvars); i = args->fun->nargs; if (entry->localKind == JSLOCAL_UPVAR) i += args->fun->u.i.nvars; i += entry->index; constFlag = (entry->localKind == JSLOCAL_CONST); } args->names[i] = (jsuword) entry->name | constFlag; return JS_DHASH_NEXT; } jsuword * js_GetLocalNameArray(JSContext *cx, JSFunction *fun, JSArenaPool *pool) { uintN n; jsuword *names; JSLocalNameMap *map; JSLocalNameEnumeratorArgs args; JSNameIndexPair *dup; JS_ASSERT(fun->hasLocalNames()); n = fun->countLocalNames(); if (n <= MAX_ARRAY_LOCALS) return (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array; /* * No need to check for overflow of the allocation size as we are making a * copy of already allocated data. As such it must fit size_t. */ JS_ARENA_ALLOCATE_CAST(names, jsuword *, pool, (size_t) n * sizeof *names); if (!names) { js_ReportOutOfScriptQuota(cx); return NULL; } #if JS_HAS_DESTRUCTURING /* Some parameter names can be NULL due to destructuring patterns. */ memset(names, 0, fun->nargs * sizeof *names); #endif map = fun->u.i.names.map; args.fun = fun; args.names = names; #ifdef DEBUG args.nCopiedArgs = 0; args.nCopiedVars = 0; #endif JS_DHashTableEnumerate(&map->names, get_local_names_enumerator, &args); for (dup = map->lastdup; dup; dup = dup->link) { JS_ASSERT(dup->index < fun->nargs); JS_ASSERT(args.nCopiedArgs++ < fun->nargs); names[dup->index] = (jsuword) dup->name; } #if !JS_HAS_DESTRUCTURING JS_ASSERT(args.nCopiedArgs == fun->nargs); #endif JS_ASSERT(args.nCopiedVars == fun->u.i.nvars + fun->u.i.nupvars); return names; } static JSDHashOperator trace_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 number, void *arg) { JSLocalNameHashEntry *entry; JSTracer *trc; entry = (JSLocalNameHashEntry *) hdr; JS_ASSERT(entry->name); trc = (JSTracer *) arg; JS_SET_TRACING_INDEX(trc, entry->localKind == JSLOCAL_ARG ? "arg" : "var", entry->index); JS_CallTracer(trc, ATOM_TO_STRING(entry->name), JSTRACE_STRING); return JS_DHASH_NEXT; } static void TraceLocalNames(JSTracer *trc, JSFunction *fun) { uintN n, i; JSAtom *atom; jsuword *array; JS_ASSERT(FUN_INTERPRETED(fun)); n = fun->countLocalNames(); if (n == 0) return; if (n <= MAX_ARRAY_LOCALS) { array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array; i = n; do { --i; atom = (JSAtom *) (array[i] & ~1); if (atom) { JS_SET_TRACING_INDEX(trc, i < fun->nargs ? "arg" : "var", i < fun->nargs ? i : i - fun->nargs); JS_CallTracer(trc, ATOM_TO_STRING(atom), JSTRACE_STRING); } } while (i != 0); } else { JS_DHashTableEnumerate(&fun->u.i.names.map->names, trace_local_names_enumerator, trc); /* * No need to trace the list of duplicates in map->lastdup as the * names there are traced when enumerating the hash table. */ } } void DestroyLocalNames(JSContext *cx, JSFunction *fun) { uintN n; n = fun->countLocalNames(); if (n <= 1) return; if (n <= MAX_ARRAY_LOCALS) JS_free(cx, fun->u.i.names.array); else FreeLocalNameHash(cx, fun->u.i.names.map); } void js_FreezeLocalNames(JSContext *cx, JSFunction *fun) { uintN n; jsuword *array; JS_ASSERT(FUN_INTERPRETED(fun)); JS_ASSERT(!fun->u.i.script); n = fun->nargs + fun->u.i.nvars + fun->u.i.nupvars; if (2 <= n && n < MAX_ARRAY_LOCALS) { /* Shrink over-allocated array ignoring realloc failures. */ array = (jsuword *) JS_realloc(cx, fun->u.i.names.array, n * sizeof *array); if (array) fun->u.i.names.array = array; } #ifdef DEBUG if (n > MAX_ARRAY_LOCALS) JS_DHashMarkTableImmutable(&fun->u.i.names.map->names); #endif }