From 2aa4a82499d4becd2284cdb482213d541b8804dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 16:29:10 +0200
Subject: Adding upstream version 86.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 js/src/vm/JSScript.h | 2506 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 2506 insertions(+)
 create mode 100644 js/src/vm/JSScript.h

(limited to 'js/src/vm/JSScript.h')

diff --git a/js/src/vm/JSScript.h b/js/src/vm/JSScript.h
new file mode 100644
index 0000000000..cce3ca68fb
--- /dev/null
+++ b/js/src/vm/JSScript.h
@@ -0,0 +1,2506 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=8 sts=2 et sw=2 tw=80:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* JS script descriptor. */
+
+#ifndef vm_JSScript_h
+#define vm_JSScript_h
+
+#include "mozilla/Atomics.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/MaybeOneOf.h"
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Span.h"
+#include "mozilla/Tuple.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Utf8.h"
+#include "mozilla/Variant.h"
+
+#include <type_traits>  // std::is_same
+#include <utility>      // std::move
+
+#include "jstypes.h"
+
+#include "frontend/ScriptIndex.h"  // ScriptIndex
+#include "frontend/SourceNotes.h"  // SrcNote
+#include "gc/Barrier.h"
+#include "gc/Rooting.h"
+#include "js/CompileOptions.h"
+#include "js/UbiNode.h"
+#include "js/UniquePtr.h"
+#include "js/Utility.h"
+#include "util/StructuredSpewer.h"
+#include "util/TrailingArray.h"
+#include "vm/BigIntType.h"
+#include "vm/BytecodeIterator.h"
+#include "vm/BytecodeLocation.h"
+#include "vm/BytecodeUtil.h"
+#include "vm/GeneratorAndAsyncKind.h"  // GeneratorKind, FunctionAsyncKind
+#include "vm/JSAtom.h"
+#include "vm/NativeObject.h"
+#include "vm/ScopeKind.h"  // ScopeKind
+#include "vm/Shape.h"
+#include "vm/SharedImmutableStringsCache.h"
+#include "vm/SharedStencil.h"  // js::GCThingIndex, js::SourceExtent, js::SharedImmutableScriptData, MemberInitializers
+#include "vm/Time.h"
+
+namespace JS {
+struct ScriptSourceInfo;
+template <typename UnitT>
+class SourceText;
+}  // namespace JS
+
+namespace js {
+
+class VarScope;
+class LexicalScope;
+
+namespace coverage {
+class LCovSource;
+}  // namespace coverage
+
+namespace jit {
+class AutoKeepJitScripts;
+class BaselineScript;
+class IonScript;
+struct IonScriptCounts;
+class JitScript;
+}  // namespace jit
+
+class ModuleObject;
+class RegExpObject;
+class ScriptSourceHolder;
+class SourceCompressionTask;
+class Shape;
+class DebugScript;
+
+namespace frontend {
+struct CompilationStencil;
+struct BaseCompilationStencil;
+struct CompilationGCOutput;
+}  // namespace frontend
+
+class ScriptCounts {
+ public:
+  typedef mozilla::Vector<PCCounts, 0, SystemAllocPolicy> PCCountsVector;
+
+  inline ScriptCounts();
+  inline explicit ScriptCounts(PCCountsVector&& jumpTargets);
+  inline ScriptCounts(ScriptCounts&& src);
+  inline ~ScriptCounts();
+
+  inline ScriptCounts& operator=(ScriptCounts&& src);
+
+  // Return the counter used to count the number of visits. Returns null if
+  // the element is not found.
+  PCCounts* maybeGetPCCounts(size_t offset);
+  const PCCounts* maybeGetPCCounts(size_t offset) const;
+
+  // PCCounts are stored at jump-target offsets. This function looks for the
+  // previous PCCount which is in the same basic block as the current offset.
+  PCCounts* getImmediatePrecedingPCCounts(size_t offset);
+
+  // Return the counter used to count the number of throws. Returns null if
+  // the element is not found.
+  const PCCounts* maybeGetThrowCounts(size_t offset) const;
+
+  // Throw counts are stored at the location of each throwing
+  // instruction. This function looks for the previous throw count.
+  //
+  // Note: if the offset of the returned count is higher than the offset of
+  // the immediate preceding PCCount, then this throw happened in the same
+  // basic block.
+  const PCCounts* getImmediatePrecedingThrowCounts(size_t offset) const;
+
+  // Return the counter used to count the number of throws. Allocate it if
+  // none exists yet. Returns null if the allocation failed.
+  PCCounts* getThrowCounts(size_t offset);
+
+  size_t sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf);
+
+ private:
+  friend class ::JSScript;
+  friend struct ScriptAndCounts;
+
+  // This sorted array is used to map an offset to the number of times a
+  // branch got visited.
+  PCCountsVector pcCounts_;
+
+  // This sorted vector is used to map an offset to the number of times an
+  // instruction throw.
+  PCCountsVector throwCounts_;
+
+  // Information about any Ion compilations for the script.
+  jit::IonScriptCounts* ionCounts_;
+};
+
+// The key of these side-table hash maps are intentionally not traced GC
+// references to JSScript. Instead, we use bare pointers and manually fix up
+// when objects could have moved (see Zone::fixupScriptMapsAfterMovingGC) and
+// remove when the realm is destroyed (see Zone::clearScriptCounts and
+// Zone::clearScriptNames). They essentially behave as weak references, except
+// that the references are not cleared early by the GC. They must be non-strong
+// references because the tables are kept at the Zone level and otherwise the
+// table keys would keep scripts alive, thus keeping Realms alive, beyond their
+// expected lifetimes. However, We do not use actual weak references (e.g. as
+// used by WeakMap tables provided in gc/WeakMap.h) because they would be
+// collected before the calls to the JSScript::finalize function which are used
+// to aggregate code coverage results on the realm.
+//
+// Note carefully, however, that there is an exceptional case for which we *do*
+// want the JSScripts to be strong references (and thus traced): when the
+// --dump-bytecode command line option or the PCCount JSFriend API is used,
+// then the scripts for all counts must remain alive. See
+// Zone::traceScriptTableRoots() for more details.
+//
+// TODO: Clean this up by either aggregating coverage results in some other
+// way, or by tweaking sweep ordering.
+using UniqueScriptCounts = js::UniquePtr<ScriptCounts>;
+using ScriptCountsMap = HashMap<BaseScript*, UniqueScriptCounts,
+                                DefaultHasher<BaseScript*>, SystemAllocPolicy>;
+
+// The 'const char*' for the function name is a pointer within the LCovSource's
+// LifoAlloc and will be discarded at the same time.
+using ScriptLCovEntry = mozilla::Tuple<coverage::LCovSource*, const char*>;
+using ScriptLCovMap = HashMap<BaseScript*, ScriptLCovEntry,
+                              DefaultHasher<BaseScript*>, SystemAllocPolicy>;
+
+#ifdef MOZ_VTUNE
+using ScriptVTuneIdMap = HashMap<BaseScript*, uint32_t,
+                                 DefaultHasher<BaseScript*>, SystemAllocPolicy>;
+#endif
+#ifdef JS_CACHEIR_SPEW
+using ScriptFinalWarmUpCountEntry = mozilla::Tuple<uint32_t, char*>;
+using ScriptFinalWarmUpCountMap =
+    HashMap<BaseScript*, ScriptFinalWarmUpCountEntry,
+            DefaultHasher<BaseScript*>, SystemAllocPolicy>;
+#endif
+
+using UniqueDebugScript = js::UniquePtr<DebugScript, JS::FreePolicy>;
+using DebugScriptMap = HashMap<BaseScript*, UniqueDebugScript,
+                               DefaultHasher<BaseScript*>, SystemAllocPolicy>;
+
+class ScriptSource;
+
+struct ScriptSourceChunk {
+  ScriptSource* ss = nullptr;
+  uint32_t chunk = 0;
+
+  ScriptSourceChunk() = default;
+
+  ScriptSourceChunk(ScriptSource* ss, uint32_t chunk) : ss(ss), chunk(chunk) {
+    MOZ_ASSERT(valid());
+  }
+
+  bool valid() const { return ss != nullptr; }
+
+  bool operator==(const ScriptSourceChunk& other) const {
+    return ss == other.ss && chunk == other.chunk;
+  }
+};
+
+struct ScriptSourceChunkHasher {
+  using Lookup = ScriptSourceChunk;
+
+  static HashNumber hash(const ScriptSourceChunk& ssc) {
+    return mozilla::AddToHash(DefaultHasher<ScriptSource*>::hash(ssc.ss),
+                              ssc.chunk);
+  }
+  static bool match(const ScriptSourceChunk& c1, const ScriptSourceChunk& c2) {
+    return c1 == c2;
+  }
+};
+
+template <typename Unit>
+using EntryUnits = mozilla::UniquePtr<Unit[], JS::FreePolicy>;
+
+// The uncompressed source cache contains *either* UTF-8 source data *or*
+// UTF-16 source data.  ScriptSourceChunk implies a ScriptSource that
+// contains either UTF-8 data or UTF-16 data, so the nature of the key to
+// Map below indicates how each SourceData ought to be interpreted.
+using SourceData = mozilla::UniquePtr<void, JS::FreePolicy>;
+
+template <typename Unit>
+inline SourceData ToSourceData(EntryUnits<Unit> chars) {
+  static_assert(std::is_same_v<SourceData::DeleterType,
+                               typename EntryUnits<Unit>::DeleterType>,
+                "EntryUnits and SourceData must share the same deleter "
+                "type, that need not know the type of the data being freed, "
+                "for the upcast below to be safe");
+  return SourceData(chars.release());
+}
+
+class UncompressedSourceCache {
+  using Map = HashMap<ScriptSourceChunk, SourceData, ScriptSourceChunkHasher,
+                      SystemAllocPolicy>;
+
+ public:
+  // Hold an entry in the source data cache and prevent it from being purged on
+  // GC.
+  class AutoHoldEntry {
+    UncompressedSourceCache* cache_ = nullptr;
+    ScriptSourceChunk sourceChunk_ = {};
+    SourceData data_ = nullptr;
+
+   public:
+    explicit AutoHoldEntry() = default;
+
+    ~AutoHoldEntry() {
+      if (cache_) {
+        MOZ_ASSERT(sourceChunk_.valid());
+        cache_->releaseEntry(*this);
+      }
+    }
+
+    template <typename Unit>
+    void holdUnits(EntryUnits<Unit> units) {
+      MOZ_ASSERT(!cache_);
+      MOZ_ASSERT(!sourceChunk_.valid());
+      MOZ_ASSERT(!data_);
+
+      data_ = ToSourceData(std::move(units));
+    }
+
+   private:
+    void holdEntry(UncompressedSourceCache* cache,
+                   const ScriptSourceChunk& sourceChunk) {
+      // Initialise the holder for a specific cache and script source.
+      // This will hold on to the cached source chars in the event that
+      // the cache is purged.
+      MOZ_ASSERT(!cache_);
+      MOZ_ASSERT(!sourceChunk_.valid());
+      MOZ_ASSERT(!data_);
+
+      cache_ = cache;
+      sourceChunk_ = sourceChunk;
+    }
+
+    void deferDelete(SourceData data) {
+      // Take ownership of source chars now the cache is being purged. Remove
+      // our reference to the ScriptSource which might soon be destroyed.
+      MOZ_ASSERT(cache_);
+      MOZ_ASSERT(sourceChunk_.valid());
+      MOZ_ASSERT(!data_);
+
+      cache_ = nullptr;
+      sourceChunk_ = ScriptSourceChunk();
+
+      data_ = std::move(data);
+    }
+
+    const ScriptSourceChunk& sourceChunk() const { return sourceChunk_; }
+    friend class UncompressedSourceCache;
+  };
+
+ private:
+  UniquePtr<Map> map_ = nullptr;
+  AutoHoldEntry* holder_ = nullptr;
+
+ public:
+  UncompressedSourceCache() = default;
+
+  template <typename Unit>
+  const Unit* lookup(const ScriptSourceChunk& ssc, AutoHoldEntry& asp);
+
+  bool put(const ScriptSourceChunk& ssc, SourceData data, AutoHoldEntry& asp);
+
+  void purge();
+
+  size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf);
+
+ private:
+  void holdEntry(AutoHoldEntry& holder, const ScriptSourceChunk& ssc);
+  void releaseEntry(AutoHoldEntry& holder);
+};
+
+template <typename Unit>
+struct SourceTypeTraits;
+
+template <>
+struct SourceTypeTraits<mozilla::Utf8Unit> {
+  using CharT = char;
+  using SharedImmutableString = js::SharedImmutableString;
+
+  static const mozilla::Utf8Unit* units(const SharedImmutableString& string) {
+    // Casting |char| data to |Utf8Unit| is safe because |Utf8Unit|
+    // contains a |char|.  See the long comment in |Utf8Unit|'s definition.
+    return reinterpret_cast<const mozilla::Utf8Unit*>(string.chars());
+  }
+
+  static char* toString(const mozilla::Utf8Unit* units) {
+    auto asUnsigned =
+        const_cast<unsigned char*>(mozilla::Utf8AsUnsignedChars(units));
+    return reinterpret_cast<char*>(asUnsigned);
+  }
+
+  static UniqueChars toCacheable(EntryUnits<mozilla::Utf8Unit> str) {
+    // The cache only stores strings of |char| or |char16_t|, and right now
+    // it seems best not to gunk up the cache with |Utf8Unit| too.  So
+    // cache |Utf8Unit| strings by interpreting them as |char| strings.
+    char* chars = toString(str.release());
+    return UniqueChars(chars);
+  }
+};
+
+template <>
+struct SourceTypeTraits<char16_t> {
+  using CharT = char16_t;
+  using SharedImmutableString = js::SharedImmutableTwoByteString;
+
+  static const char16_t* units(const SharedImmutableString& string) {
+    return string.chars();
+  }
+
+  static char16_t* toString(const char16_t* units) {
+    return const_cast<char16_t*>(units);
+  }
+
+  static UniqueTwoByteChars toCacheable(EntryUnits<char16_t> str) {
+    return UniqueTwoByteChars(std::move(str));
+  }
+};
+
+// Synchronously compress the source of |script|, for testing purposes.
+extern MOZ_MUST_USE bool SynchronouslyCompressSource(
+    JSContext* cx, JS::Handle<BaseScript*> script);
+
+// Retrievable source can be retrieved using the source hook (and therefore
+// need not be XDR'd, can be discarded if desired because it can always be
+// reconstituted later, etc.).
+enum class SourceRetrievable { Yes, No };
+
+// [SMDOC] ScriptSource
+//
+// This class abstracts over the source we used to compile from. The current
+// representation may transition to different modes in order to save memory.
+// Abstractly the source may be one of UTF-8 or UTF-16. The data itself may be
+// unavailable, retrieveable-using-source-hook, compressed, or uncompressed. If
+// source is retrieved or decompressed for use, we may update the ScriptSource
+// to hold the result.
+class ScriptSource {
+  // NOTE: While ScriptSources may be compressed off thread, they are only
+  // modified by the main thread, and all members are always safe to access
+  // on the main thread.
+
+  friend class SourceCompressionTask;
+  friend bool SynchronouslyCompressSource(JSContext* cx,
+                                          JS::Handle<BaseScript*> script);
+
+ private:
+  // Common base class of the templated variants of PinnedUnits<T>.
+  class PinnedUnitsBase {
+   protected:
+    PinnedUnitsBase** stack_ = nullptr;
+    PinnedUnitsBase* prev_ = nullptr;
+
+    ScriptSource* source_;
+
+    explicit PinnedUnitsBase(ScriptSource* source) : source_(source) {}
+  };
+
+ public:
+  // Any users that wish to manipulate the char buffer of the ScriptSource
+  // needs to do so via PinnedUnits for GC safety. A GC may compress
+  // ScriptSources. If the source were initially uncompressed, then any raw
+  // pointers to the char buffer would now point to the freed, uncompressed
+  // chars. This is analogous to Rooted.
+  template <typename Unit>
+  class PinnedUnits : public PinnedUnitsBase {
+    const Unit* units_;
+
+   public:
+    PinnedUnits(JSContext* cx, ScriptSource* source,
+                UncompressedSourceCache::AutoHoldEntry& holder, size_t begin,
+                size_t len);
+
+    ~PinnedUnits();
+
+    const Unit* get() const { return units_; }
+
+    const typename SourceTypeTraits<Unit>::CharT* asChars() const {
+      return SourceTypeTraits<Unit>::toString(get());
+    }
+  };
+
+ private:
+  // Missing source text that isn't retrievable using the source hook.  (All
+  // ScriptSources initially begin in this state.  Users that are compiling
+  // source text will overwrite |data| to store a different state.)
+  struct Missing {};
+
+  // Source that can be retrieved using the registered source hook.  |Unit|
+  // records the source type so that source-text coordinates in functions and
+  // scripts that depend on this |ScriptSource| are correct.
+  template <typename Unit>
+  struct Retrievable {
+    // The source hook and script URL required to retrieve source are stored
+    // elsewhere, so nothing is needed here.  It'd be better hygiene to store
+    // something source-hook-like in each |ScriptSource| that needs it, but that
+    // requires reimagining a source-hook API that currently depends on source
+    // hooks being uniquely-owned pointers...
+  };
+
+  // Uncompressed source text. Templates distinguish if we are interconvertable
+  // to |Retrievable| or not.
+  template <typename Unit>
+  class UncompressedData {
+    typename SourceTypeTraits<Unit>::SharedImmutableString string_;
+
+   public:
+    explicit UncompressedData(
+        typename SourceTypeTraits<Unit>::SharedImmutableString str)
+        : string_(std::move(str)) {}
+
+    const Unit* units() const { return SourceTypeTraits<Unit>::units(string_); }
+
+    size_t length() const { return string_.length(); }
+  };
+
+  template <typename Unit, SourceRetrievable CanRetrieve>
+  class Uncompressed : public UncompressedData<Unit> {
+    using Base = UncompressedData<Unit>;
+
+   public:
+    using Base::Base;
+  };
+
+  // Compressed source text. Templates distinguish if we are interconvertable
+  // to |Retrievable| or not.
+  template <typename Unit>
+  struct CompressedData {
+    // Single-byte compressed text, regardless whether the original text
+    // was single-byte or two-byte.
+    SharedImmutableString raw;
+    size_t uncompressedLength;
+
+    CompressedData(SharedImmutableString raw, size_t uncompressedLength)
+        : raw(std::move(raw)), uncompressedLength(uncompressedLength) {}
+  };
+
+  template <typename Unit, SourceRetrievable CanRetrieve>
+  struct Compressed : public CompressedData<Unit> {
+    using Base = CompressedData<Unit>;
+
+   public:
+    using Base::Base;
+  };
+
+  // The set of currently allowed encoding modes.
+  using SourceType =
+      mozilla::Variant<Compressed<mozilla::Utf8Unit, SourceRetrievable::Yes>,
+                       Uncompressed<mozilla::Utf8Unit, SourceRetrievable::Yes>,
+                       Compressed<mozilla::Utf8Unit, SourceRetrievable::No>,
+                       Uncompressed<mozilla::Utf8Unit, SourceRetrievable::No>,
+                       Compressed<char16_t, SourceRetrievable::Yes>,
+                       Uncompressed<char16_t, SourceRetrievable::Yes>,
+                       Compressed<char16_t, SourceRetrievable::No>,
+                       Uncompressed<char16_t, SourceRetrievable::No>,
+                       Retrievable<mozilla::Utf8Unit>, Retrievable<char16_t>,
+                       Missing>;
+
+  //
+  // Start of fields.
+  //
+
+  mozilla::Atomic<uint32_t, mozilla::ReleaseAcquire> refs = {};
+
+  // An id for this source that is unique across the process. This can be used
+  // to refer to this source from places that don't want to hold a strong
+  // reference on the source itself.
+  //
+  // This is a 32 bit ID and could overflow, in which case the ID will not be
+  // unique anymore.
+  uint32_t id_ = 0;
+
+  // Source data (as a mozilla::Variant).
+  SourceType data = SourceType(Missing());
+
+  // If the GC calls triggerConvertToCompressedSource with PinnedUnits present,
+  // the first PinnedUnits (that is, bottom of the stack) will install the
+  // compressed chars upon destruction.
+  //
+  // Retrievability isn't part of the type here because uncompressed->compressed
+  // transitions must preserve existing retrievability.
+  PinnedUnitsBase* pinnedUnitsStack_ = nullptr;
+  mozilla::MaybeOneOf<CompressedData<mozilla::Utf8Unit>,
+                      CompressedData<char16_t>>
+      pendingCompressed_;
+
+  // The filename of this script.
+  mozilla::Maybe<SharedImmutableString> filename_;
+
+  // If this ScriptSource was generated by a code-introduction mechanism such
+  // as |eval| or |new Function|, the debugger needs access to the "raw"
+  // filename of the top-level script that contains the eval-ing code.  To
+  // keep track of this, we must preserve the original outermost filename (of
+  // the original introducer script), so that instead of a filename of
+  // "foo.js line 30 > eval line 10 > Function", we can obtain the original
+  // raw filename of "foo.js".
+  //
+  // In the case described above, this field will be set to to the original raw
+  // filename from above, otherwise it will be mozilla::Nothing.
+  mozilla::Maybe<SharedImmutableString> introducerFilename_;
+
+  mozilla::Maybe<SharedImmutableTwoByteString> displayURL_;
+  mozilla::Maybe<SharedImmutableTwoByteString> sourceMapURL_;
+
+  // The bytecode cache encoder is used to encode only the content of function
+  // which are delazified.  If this value is not nullptr, then each delazified
+  // function should be recorded before their first execution.
+  // This value is logically owned by the canonical ScriptSourceObject, and
+  // will be released in the canonical SSO's finalizer.
+  UniquePtr<XDRIncrementalEncoderBase> xdrEncoder_ = nullptr;
+
+  // A string indicating how this source code was introduced into the system.
+  // This is a constant, statically allocated C string, so does not need memory
+  // management.
+  const char* introductionType_ = nullptr;
+
+  // Bytecode offset in caller script that generated this code.  This is
+  // present for eval-ed code, as well as "new Function(...)"-introduced
+  // scripts.
+  mozilla::Maybe<uint32_t> introductionOffset_;
+
+  // If this source is for Function constructor, the position of ")" after
+  // parameter list in the source.  This is used to get function body.
+  // 0 for other cases.
+  uint32_t parameterListEnd_ = 0;
+
+  // Line number within the file where this source starts.
+  uint32_t startLine_ = 0;
+
+  // See: CompileOptions::mutedErrors.
+  bool mutedErrors_ = false;
+
+  // Set to true if parser saw  asmjs directives.
+  bool containsAsmJS_ = false;
+
+  //
+  // End of fields.
+  //
+
+  // How many ids have been handed out to sources.
+  static mozilla::Atomic<uint32_t, mozilla::SequentiallyConsistent> idCount_;
+
+  template <typename Unit>
+  const Unit* chunkUnits(JSContext* cx,
+                         UncompressedSourceCache::AutoHoldEntry& holder,
+                         size_t chunk);
+
+  // Return a string containing the chars starting at |begin| and ending at
+  // |begin + len|.
+  //
+  // Warning: this is *not* GC-safe! Any chars to be handed out must use
+  // PinnedUnits. See comment below.
+  template <typename Unit>
+  const Unit* units(JSContext* cx, UncompressedSourceCache::AutoHoldEntry& asp,
+                    size_t begin, size_t len);
+
+ public:
+  // When creating a JSString* from TwoByte source characters, we don't try to
+  // to deflate to Latin1 for longer strings, because this can be slow.
+  static const size_t SourceDeflateLimit = 100;
+
+  explicit ScriptSource() : id_(++idCount_) {}
+
+  void finalizeGCData();
+  ~ScriptSource();
+
+  void incref() { refs++; }
+  void decref() {
+    MOZ_ASSERT(refs != 0);
+    if (--refs == 0) {
+      js_delete(this);
+    }
+  }
+  MOZ_MUST_USE bool initFromOptions(JSContext* cx,
+                                    const JS::ReadOnlyCompileOptions& options);
+
+  /**
+   * The minimum script length (in code units) necessary for a script to be
+   * eligible to be compressed.
+   */
+  static constexpr size_t MinimumCompressibleLength = 256;
+
+  mozilla::Maybe<SharedImmutableString> getOrCreateStringZ(JSContext* cx,
+                                                           UniqueChars&& str);
+  mozilla::Maybe<SharedImmutableTwoByteString> getOrCreateStringZ(
+      JSContext* cx, UniqueTwoByteChars&& str);
+
+ private:
+  class LoadSourceMatcher;
+
+ public:
+  // Attempt to load usable source for |ss| -- source text on which substring
+  // operations and the like can be performed.  On success return true and set
+  // |*loaded| to indicate whether usable source could be loaded; otherwise
+  // return false.
+  static bool loadSource(JSContext* cx, ScriptSource* ss, bool* loaded);
+
+  // Assign source data from |srcBuf| to this recently-created |ScriptSource|.
+  template <typename Unit>
+  MOZ_MUST_USE bool assignSource(JSContext* cx,
+                                 const JS::ReadOnlyCompileOptions& options,
+                                 JS::SourceText<Unit>& srcBuf);
+
+  bool hasSourceText() const {
+    return hasUncompressedSource() || hasCompressedSource();
+  }
+
+ private:
+  template <typename Unit>
+  struct UncompressedDataMatcher {
+    template <SourceRetrievable CanRetrieve>
+    const UncompressedData<Unit>* operator()(
+        const Uncompressed<Unit, CanRetrieve>& u) {
+      return &u;
+    }
+
+    template <typename T>
+    const UncompressedData<Unit>* operator()(const T&) {
+      MOZ_CRASH(
+          "attempting to access uncompressed data in a ScriptSource not "
+          "containing it");
+      return nullptr;
+    }
+  };
+
+ public:
+  template <typename Unit>
+  const UncompressedData<Unit>* uncompressedData() {
+    return data.match(UncompressedDataMatcher<Unit>());
+  }
+
+ private:
+  template <typename Unit>
+  struct CompressedDataMatcher {
+    template <SourceRetrievable CanRetrieve>
+    const CompressedData<Unit>* operator()(
+        const Compressed<Unit, CanRetrieve>& c) {
+      return &c;
+    }
+
+    template <typename T>
+    const CompressedData<Unit>* operator()(const T&) {
+      MOZ_CRASH(
+          "attempting to access compressed data in a ScriptSource not "
+          "containing it");
+      return nullptr;
+    }
+  };
+
+ public:
+  template <typename Unit>
+  const CompressedData<Unit>* compressedData() {
+    return data.match(CompressedDataMatcher<Unit>());
+  }
+
+ private:
+  struct HasUncompressedSource {
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    bool operator()(const Uncompressed<Unit, CanRetrieve>&) {
+      return true;
+    }
+
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    bool operator()(const Compressed<Unit, CanRetrieve>&) {
+      return false;
+    }
+
+    template <typename Unit>
+    bool operator()(const Retrievable<Unit>&) {
+      return false;
+    }
+
+    bool operator()(const Missing&) { return false; }
+  };
+
+ public:
+  bool hasUncompressedSource() const {
+    return data.match(HasUncompressedSource());
+  }
+
+ private:
+  template <typename Unit>
+  struct IsUncompressed {
+    template <SourceRetrievable CanRetrieve>
+    bool operator()(const Uncompressed<Unit, CanRetrieve>&) {
+      return true;
+    }
+
+    template <typename T>
+    bool operator()(const T&) {
+      return false;
+    }
+  };
+
+ public:
+  template <typename Unit>
+  bool isUncompressed() const {
+    return data.match(IsUncompressed<Unit>());
+  }
+
+ private:
+  struct HasCompressedSource {
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    bool operator()(const Compressed<Unit, CanRetrieve>&) {
+      return true;
+    }
+
+    template <typename T>
+    bool operator()(const T&) {
+      return false;
+    }
+  };
+
+ public:
+  bool hasCompressedSource() const { return data.match(HasCompressedSource()); }
+
+ private:
+  template <typename Unit>
+  struct IsCompressed {
+    template <SourceRetrievable CanRetrieve>
+    bool operator()(const Compressed<Unit, CanRetrieve>&) {
+      return true;
+    }
+
+    template <typename T>
+    bool operator()(const T&) {
+      return false;
+    }
+  };
+
+ public:
+  template <typename Unit>
+  bool isCompressed() const {
+    return data.match(IsCompressed<Unit>());
+  }
+
+ private:
+  template <typename Unit>
+  struct SourceTypeMatcher {
+    template <template <typename C, SourceRetrievable R> class Data,
+              SourceRetrievable CanRetrieve>
+    bool operator()(const Data<Unit, CanRetrieve>&) {
+      return true;
+    }
+
+    template <template <typename C, SourceRetrievable R> class Data,
+              typename NotUnit, SourceRetrievable CanRetrieve>
+    bool operator()(const Data<NotUnit, CanRetrieve>&) {
+      return false;
+    }
+
+    bool operator()(const Retrievable<Unit>&) {
+      MOZ_CRASH("source type only applies where actual text is available");
+      return false;
+    }
+
+    template <typename NotUnit>
+    bool operator()(const Retrievable<NotUnit>&) {
+      return false;
+    }
+
+    bool operator()(const Missing&) {
+      MOZ_CRASH("doesn't make sense to ask source type when missing");
+      return false;
+    }
+  };
+
+ public:
+  template <typename Unit>
+  bool hasSourceType() const {
+    return data.match(SourceTypeMatcher<Unit>());
+  }
+
+ private:
+  struct UncompressedLengthMatcher {
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    size_t operator()(const Uncompressed<Unit, CanRetrieve>& u) {
+      return u.length();
+    }
+
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    size_t operator()(const Compressed<Unit, CanRetrieve>& u) {
+      return u.uncompressedLength;
+    }
+
+    template <typename Unit>
+    size_t operator()(const Retrievable<Unit>&) {
+      MOZ_CRASH("ScriptSource::length on a missing-but-retrievable source");
+      return 0;
+    }
+
+    size_t operator()(const Missing& m) {
+      MOZ_CRASH("ScriptSource::length on a missing source");
+      return 0;
+    }
+  };
+
+ public:
+  size_t length() const {
+    MOZ_ASSERT(hasSourceText());
+    return data.match(UncompressedLengthMatcher());
+  }
+
+  JSLinearString* substring(JSContext* cx, size_t start, size_t stop);
+  JSLinearString* substringDontDeflate(JSContext* cx, size_t start,
+                                       size_t stop);
+
+  MOZ_MUST_USE bool appendSubstring(JSContext* cx, js::StringBuffer& buf,
+                                    size_t start, size_t stop);
+
+  void setParameterListEnd(uint32_t parameterListEnd) {
+    parameterListEnd_ = parameterListEnd;
+  }
+
+  bool isFunctionBody() { return parameterListEnd_ != 0; }
+  JSLinearString* functionBodyString(JSContext* cx);
+
+  void addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf,
+                              JS::ScriptSourceInfo* info) const;
+
+ private:
+  // Overwrites |data| with the uncompressed data from |source|.
+  //
+  // This function asserts nothing about |data|.  Users should use assertions to
+  // double-check their own understandings of the |data| state transition being
+  // performed.
+  template <typename Unit>
+  MOZ_MUST_USE bool setUncompressedSourceHelper(JSContext* cx,
+                                                EntryUnits<Unit>&& source,
+                                                size_t length,
+                                                SourceRetrievable retrievable);
+
+ public:
+  // Initialize a fresh |ScriptSource| with unretrievable, uncompressed source.
+  template <typename Unit>
+  MOZ_MUST_USE bool initializeUnretrievableUncompressedSource(
+      JSContext* cx, EntryUnits<Unit>&& source, size_t length);
+
+  // Set the retrieved source for a |ScriptSource| whose source was recorded as
+  // missing but retrievable.
+  template <typename Unit>
+  MOZ_MUST_USE bool setRetrievedSource(JSContext* cx, EntryUnits<Unit>&& source,
+                                       size_t length);
+
+  MOZ_MUST_USE bool tryCompressOffThread(JSContext* cx);
+
+  // *Trigger* the conversion of this ScriptSource from containing uncompressed
+  // |Unit|-encoded source to containing compressed source.  Conversion may not
+  // be complete when this function returns: it'll be delayed if there's ongoing
+  // use of the uncompressed source via |PinnedUnits|, in which case conversion
+  // won't occur until the outermost |PinnedUnits| is destroyed.
+  //
+  // Compressed source is in bytes, no matter that |Unit| might be |char16_t|.
+  // |sourceLength| is the length in code units (not bytes) of the uncompressed
+  // source.
+  template <typename Unit>
+  void triggerConvertToCompressedSource(SharedImmutableString compressed,
+                                        size_t sourceLength);
+
+  // Initialize a fresh ScriptSource as containing unretrievable compressed
+  // source of the indicated original encoding.
+  template <typename Unit>
+  MOZ_MUST_USE bool initializeWithUnretrievableCompressedSource(
+      JSContext* cx, UniqueChars&& raw, size_t rawLength, size_t sourceLength);
+
+ private:
+  void performTaskWork(SourceCompressionTask* task);
+
+  struct TriggerConvertToCompressedSourceFromTask {
+    ScriptSource* const source_;
+    SharedImmutableString& compressed_;
+
+    TriggerConvertToCompressedSourceFromTask(ScriptSource* source,
+                                             SharedImmutableString& compressed)
+        : source_(source), compressed_(compressed) {}
+
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    void operator()(const Uncompressed<Unit, CanRetrieve>&) {
+      source_->triggerConvertToCompressedSource<Unit>(std::move(compressed_),
+                                                      source_->length());
+    }
+
+    template <typename Unit, SourceRetrievable CanRetrieve>
+    void operator()(const Compressed<Unit, CanRetrieve>&) {
+      MOZ_CRASH(
+          "can't set compressed source when source is already compressed -- "
+          "ScriptSource::tryCompressOffThread shouldn't have queued up this "
+          "task?");
+    }
+
+    template <typename Unit>
+    void operator()(const Retrievable<Unit>&) {
+      MOZ_CRASH("shouldn't compressing unloaded-but-retrievable source");
+    }
+
+    void operator()(const Missing&) {
+      MOZ_CRASH(
+          "doesn't make sense to set compressed source for missing source -- "
+          "ScriptSource::tryCompressOffThread shouldn't have queued up this "
+          "task?");
+    }
+  };
+
+  template <typename Unit>
+  void convertToCompressedSource(SharedImmutableString compressed,
+                                 size_t uncompressedLength);
+
+  template <typename Unit>
+  void performDelayedConvertToCompressedSource();
+
+  void triggerConvertToCompressedSourceFromTask(
+      SharedImmutableString compressed);
+
+ private:
+  // It'd be better to make this function take <XDRMode, Unit>, as both
+  // specializations of this function contain nested Unit-parametrized
+  // helper classes that do everything the function needs to do.  But then
+  // we'd need template function partial specialization to hold XDRMode
+  // constant while varying Unit, so that idea's no dice.
+  template <XDRMode mode>
+  MOZ_MUST_USE XDRResult xdrUnretrievableUncompressedSource(
+      XDRState<mode>* xdr, uint8_t sourceCharSize, uint32_t uncompressedLength);
+
+ public:
+  const char* filename() const {
+    return filename_ ? filename_.ref().chars() : nullptr;
+  }
+  MOZ_MUST_USE bool setFilename(JSContext* cx, const char* filename);
+  MOZ_MUST_USE bool setFilename(JSContext* cx, UniqueChars&& filename);
+
+  const char* introducerFilename() const {
+    return introducerFilename_ ? introducerFilename_.ref().chars() : filename();
+  }
+  MOZ_MUST_USE bool setIntroducerFilename(JSContext* cx, const char* filename);
+  MOZ_MUST_USE bool setIntroducerFilename(JSContext* cx,
+                                          UniqueChars&& filename);
+
+  bool hasIntroductionType() const { return introductionType_; }
+  const char* introductionType() const {
+    MOZ_ASSERT(hasIntroductionType());
+    return introductionType_;
+  }
+
+  uint32_t id() const { return id_; }
+
+  // Display URLs
+  MOZ_MUST_USE bool setDisplayURL(JSContext* cx, const char16_t* url);
+  MOZ_MUST_USE bool setDisplayURL(JSContext* cx, UniqueTwoByteChars&& url);
+  bool hasDisplayURL() const { return displayURL_.isSome(); }
+  const char16_t* displayURL() { return displayURL_.ref().chars(); }
+
+  // Source maps
+  MOZ_MUST_USE bool setSourceMapURL(JSContext* cx, const char16_t* url);
+  MOZ_MUST_USE bool setSourceMapURL(JSContext* cx, UniqueTwoByteChars&& url);
+  bool hasSourceMapURL() const { return sourceMapURL_.isSome(); }
+  const char16_t* sourceMapURL() { return sourceMapURL_.ref().chars(); }
+
+  bool mutedErrors() const { return mutedErrors_; }
+
+  uint32_t startLine() const { return startLine_; }
+
+  bool hasIntroductionOffset() const { return introductionOffset_.isSome(); }
+  uint32_t introductionOffset() const { return introductionOffset_.value(); }
+  void setIntroductionOffset(uint32_t offset) {
+    MOZ_ASSERT(!hasIntroductionOffset());
+    MOZ_ASSERT(offset <= (uint32_t)INT32_MAX);
+    introductionOffset_.emplace(offset);
+  }
+
+  bool containsAsmJS() const { return containsAsmJS_; }
+  void setContainsAsmJS() { containsAsmJS_ = true; }
+
+  // Return wether an XDR encoder is present or not.
+  bool hasEncoder() const { return bool(xdrEncoder_); }
+
+  // Create a new XDR encoder, and encode the top-level JSScript. The result
+  // of the encoding would be available in the |buffer| provided as argument,
+  // as soon as |xdrFinalize| is called and all xdr function calls returned
+  // successfully.
+  bool xdrEncodeTopLevel(JSContext* cx, HandleScript script);
+
+  // Create a new XDR encoder, and encode the stencil for the initial
+  // compilation. The created XDR encoder isn't stored into `xdrEncoder_`
+  // field. Caller is responsible for calling `setIncrementalEncoder` after
+  // instantiating stencil (so, corresponding canonical ScriptSourceObject
+  // gets created).
+  bool xdrEncodeInitialStencil(
+      JSContext* cx, frontend::CompilationStencil& stencil,
+      UniquePtr<XDRIncrementalEncoderBase>& xdrEncoder);
+
+  // Create a new XDR encoder, and encode the stencils.
+  // The created XDR encoder isn't stored into `xdrEncoder_` field.
+  // Caller is responsible for calling `setIncrementalEncoder` after
+  // instantiating stencil (so, corresponding canonical ScriptSourceObject
+  // gets created).
+  bool xdrEncodeStencils(JSContext* cx,
+                         frontend::CompilationStencilSet& stencilSet,
+                         UniquePtr<XDRIncrementalEncoderBase>& xdrEncoder);
+
+  void setIncrementalEncoder(XDRIncrementalEncoderBase* xdrEncoder);
+
+  // Encode a delazified JSFunction.  In case of errors, the XDR encoder is
+  // freed and the |buffer| provided as argument to |xdrEncodeTopLevel| is
+  // considered undefined.
+  //
+  // The |sourceObject| argument is the object holding the current
+  // ScriptSource.
+  bool xdrEncodeFunction(JSContext* cx, HandleFunction fun,
+                         HandleScriptSourceObject sourceObject);
+
+  // Encode a delazified function's stencil.  In case of errors, the XDR
+  // encoder is freed.
+  bool xdrEncodeFunctionStencil(JSContext* cx,
+                                frontend::BaseCompilationStencil& stencil);
+
+ private:
+  // Encode a delazified function's stencil.  In case of errors, the passed
+  // XDR encoder is freed.
+  bool xdrEncodeFunctionStencilWith(
+      JSContext* cx, frontend::BaseCompilationStencil& stencil,
+      UniquePtr<XDRIncrementalEncoderBase>& xdrEncoder);
+
+ public:
+  // Linearize the encoded content in the |buffer| provided as argument to
+  // |xdrEncodeTopLevel|, and free the XDR encoder.  In case of errors, the
+  // |buffer| is considered undefined.
+  bool xdrFinalizeEncoder(JSContext* cx, JS::TranscodeBuffer& buffer);
+
+ private:
+  template <typename Unit,
+            template <typename U, SourceRetrievable CanRetrieve> class Data,
+            XDRMode mode>
+  static void codeRetrievable(ScriptSource* ss);
+
+  template <typename Unit, XDRMode mode>
+  static MOZ_MUST_USE XDRResult codeUncompressedData(XDRState<mode>* const xdr,
+                                                     ScriptSource* const ss);
+
+  template <typename Unit, XDRMode mode>
+  static MOZ_MUST_USE XDRResult codeCompressedData(XDRState<mode>* const xdr,
+                                                   ScriptSource* const ss);
+
+  template <typename Unit, XDRMode mode>
+  static void codeRetrievableData(ScriptSource* ss);
+
+  template <XDRMode mode>
+  static MOZ_MUST_USE XDRResult xdrData(XDRState<mode>* const xdr,
+                                        ScriptSource* const ss);
+
+ public:
+  template <XDRMode mode>
+  static MOZ_MUST_USE XDRResult
+  XDR(XDRState<mode>* xdr, const JS::ReadOnlyCompileOptions* maybeOptions,
+      MutableHandle<ScriptSourceHolder> holder);
+
+  void trace(JSTracer* trc);
+};
+
+class ScriptSourceHolder {
+  ScriptSource* ss;
+
+ public:
+  ScriptSourceHolder() : ss(nullptr) {}
+  explicit ScriptSourceHolder(ScriptSource* ss) : ss(ss) { ss->incref(); }
+  ~ScriptSourceHolder() {
+    if (ss) {
+      ss->decref();
+    }
+  }
+  void reset(ScriptSource* newss) {
+    // incref before decref just in case ss == newss.
+    if (newss) {
+      newss->incref();
+    }
+    if (ss) {
+      ss->decref();
+    }
+    ss = newss;
+  }
+  ScriptSource* get() const { return ss; }
+
+  void trace(JSTracer* trc) {
+    if (ss) {
+      ss->trace(trc);
+    }
+  }
+};
+
+// [SMDOC] ScriptSourceObject
+//
+// ScriptSourceObject stores the ScriptSource and GC pointers related to it.
+//
+// ScriptSourceObjects can be cloned when we clone the JSScript (in order to
+// execute the script in a different compartment). In this case we create a new
+// SSO that stores (a wrapper for) the original SSO in its "canonical slot".
+// The canonical SSO is always used for the private, introductionScript,
+// element, elementAttributeName slots. This means their accessors may return an
+// object in a different compartment, hence the "unwrapped" prefix.
+//
+// Note that we don't clone the SSO when cloning the script for a different
+// realm in the same compartment, so sso->realm() does not necessarily match the
+// script's realm.
+//
+// We need ScriptSourceObject (instead of storing these GC pointers in the
+// ScriptSource itself) to properly account for cross-zone pointers: the
+// canonical SSO will be stored in the wrapper map if necessary so GC will do
+// the right thing.
+class ScriptSourceObject : public NativeObject {
+  static const JSClassOps classOps_;
+
+  static ScriptSourceObject* createInternal(JSContext* cx, ScriptSource* source,
+                                            HandleObject canonical);
+
+  bool isCanonical() const {
+    return &getReservedSlot(CANONICAL_SLOT).toObject() == this;
+  }
+  ScriptSourceObject* unwrappedCanonical() const;
+
+ public:
+  static const JSClass class_;
+
+  static void trace(JSTracer* trc, JSObject* obj);
+  static void finalize(JSFreeOp* fop, JSObject* obj);
+
+  static ScriptSourceObject* create(JSContext* cx, ScriptSource* source);
+  static ScriptSourceObject* clone(JSContext* cx, HandleScriptSourceObject sso);
+
+  // Initialize those properties of this ScriptSourceObject whose values
+  // are provided by |options|, re-wrapping as necessary.
+  static bool initFromOptions(JSContext* cx, HandleScriptSourceObject source,
+                              const JS::ReadOnlyCompileOptions& options);
+
+  static bool initElementProperties(JSContext* cx,
+                                    HandleScriptSourceObject source,
+                                    HandleString elementAttrName);
+
+  bool hasSource() const { return !getReservedSlot(SOURCE_SLOT).isUndefined(); }
+  ScriptSource* source() const {
+    return static_cast<ScriptSource*>(getReservedSlot(SOURCE_SLOT).toPrivate());
+  }
+
+  JSObject* unwrappedElement(JSContext* cx) const;
+
+  const Value& unwrappedElementAttributeName() const {
+    const Value& v =
+        unwrappedCanonical()->getReservedSlot(ELEMENT_PROPERTY_SLOT);
+    MOZ_ASSERT(!v.isMagic());
+    return v;
+  }
+  BaseScript* unwrappedIntroductionScript() const {
+    Value value =
+        unwrappedCanonical()->getReservedSlot(INTRODUCTION_SCRIPT_SLOT);
+    if (value.isUndefined()) {
+      return nullptr;
+    }
+    return value.toGCThing()->as<BaseScript>();
+  }
+
+  void setPrivate(JSRuntime* rt, const Value& value);
+
+  Value canonicalPrivate() const {
+    Value value = getReservedSlot(PRIVATE_SLOT);
+    MOZ_ASSERT_IF(!isCanonical(), value.isUndefined());
+    return value;
+  }
+
+ private:
+  enum {
+    SOURCE_SLOT = 0,
+    CANONICAL_SLOT,
+    ELEMENT_PROPERTY_SLOT,
+    INTRODUCTION_SCRIPT_SLOT,
+    PRIVATE_SLOT,
+    RESERVED_SLOTS
+  };
+};
+
+// ScriptWarmUpData represents a pointer-sized field in BaseScript that stores
+// one of the following using low-bit tags:
+//
+// * The enclosing BaseScript. This is only used while this script is lazy and
+//   its containing script is also lazy. This outer script must be compiled
+//   before the current script can in order to correctly build the scope chain.
+//
+// * The enclosing Scope. This is only used while this script is lazy and its
+//   containing script is compiled. This is the outer scope chain that will be
+//   used to compile this scipt.
+//
+// * The script's warm-up count. This is only used until the script has a
+//   JitScript. The Baseline Interpreter and JITs use the warm-up count stored
+//   in JitScript.
+//
+// * A pointer to the JitScript, when the script is warm enough for the Baseline
+//   Interpreter.
+//
+class ScriptWarmUpData {
+  uintptr_t data_ = ResetState();
+
+ private:
+  static constexpr uintptr_t NumTagBits = 2;
+  static constexpr uint32_t MaxWarmUpCount = UINT32_MAX >> NumTagBits;
+
+ public:
+  // Public only for the JITs.
+  static constexpr uintptr_t TagMask = (1 << NumTagBits) - 1;
+  static constexpr uintptr_t JitScriptTag = 0;
+  static constexpr uintptr_t EnclosingScriptTag = 1;
+  static constexpr uintptr_t EnclosingScopeTag = 2;
+  static constexpr uintptr_t WarmUpCountTag = 3;
+
+ private:
+  // A gc-safe value to clear to.
+  constexpr uintptr_t ResetState() { return 0 | WarmUpCountTag; }
+
+  template <uintptr_t Tag>
+  inline void setTaggedPtr(void* ptr) {
+    static_assert(Tag <= TagMask, "Tag must fit in TagMask");
+    MOZ_ASSERT((uintptr_t(ptr) & TagMask) == 0);
+    data_ = uintptr_t(ptr) | Tag;
+  }
+
+  template <typename T, uintptr_t Tag>
+  inline T getTaggedPtr() const {
+    static_assert(Tag <= TagMask, "Tag must fit in TagMask");
+    MOZ_ASSERT((data_ & TagMask) == Tag);
+    return reinterpret_cast<T>(data_ & ~TagMask);
+  }
+
+  void setWarmUpCount(uint32_t count) {
+    if (count > MaxWarmUpCount) {
+      count = MaxWarmUpCount;
+    }
+    data_ = (uintptr_t(count) << NumTagBits) | WarmUpCountTag;
+  }
+
+ public:
+  void trace(JSTracer* trc);
+
+  bool isEnclosingScript() const {
+    return (data_ & TagMask) == EnclosingScriptTag;
+  }
+  bool isEnclosingScope() const {
+    return (data_ & TagMask) == EnclosingScopeTag;
+  }
+  bool isWarmUpCount() const { return (data_ & TagMask) == WarmUpCountTag; }
+  bool isJitScript() const { return (data_ & TagMask) == JitScriptTag; }
+
+  // NOTE: To change type safely, 'clear' the old tagged value and then 'init'
+  //       the new one. This will notify the GC appropriately.
+
+  BaseScript* toEnclosingScript() const {
+    return getTaggedPtr<BaseScript*, EnclosingScriptTag>();
+  }
+  inline void initEnclosingScript(BaseScript* enclosingScript);
+  inline void clearEnclosingScript();
+
+  Scope* toEnclosingScope() const {
+    return getTaggedPtr<Scope*, EnclosingScopeTag>();
+  }
+  inline void initEnclosingScope(Scope* enclosingScope);
+  inline void clearEnclosingScope();
+
+  uint32_t toWarmUpCount() const {
+    MOZ_ASSERT(isWarmUpCount());
+    return data_ >> NumTagBits;
+  }
+  void resetWarmUpCount(uint32_t count) {
+    MOZ_ASSERT(isWarmUpCount());
+    setWarmUpCount(count);
+  }
+  void incWarmUpCount(uint32_t amount) {
+    MOZ_ASSERT(isWarmUpCount());
+    data_ += uintptr_t(amount) << NumTagBits;
+  }
+
+  jit::JitScript* toJitScript() const {
+    return getTaggedPtr<jit::JitScript*, JitScriptTag>();
+  }
+  void initJitScript(jit::JitScript* jitScript) {
+    MOZ_ASSERT(isWarmUpCount());
+    setTaggedPtr<JitScriptTag>(jitScript);
+  }
+  void clearJitScript() {
+    MOZ_ASSERT(isJitScript());
+    data_ = ResetState();
+  }
+} JS_HAZ_GC_POINTER;
+
+static_assert(sizeof(ScriptWarmUpData) == sizeof(uintptr_t),
+              "JIT code depends on ScriptWarmUpData being pointer-sized");
+
+// [SMDOC] - JSScript data layout (unshared)
+//
+// PrivateScriptData stores variable-length data associated with a script.
+// Abstractly a PrivateScriptData consists of the following:
+//
+//   * A non-empty array of GCCellPtr in gcthings()
+//
+// Accessing this array just requires calling the appropriate public
+// Span-computing function.
+//
+// This class doesn't use the GC barrier wrapper classes. BaseScript::swapData
+// performs a manual pre-write barrier when detaching PrivateScriptData from a
+// script.
+class alignas(uintptr_t) PrivateScriptData final : public TrailingArray {
+ private:
+  uint32_t ngcthings = 0;
+
+  // Note: This is only defined for scripts with an enclosing scope. This
+  // excludes lazy scripts with lazy parents.
+  js::MemberInitializers memberInitializers_ =
+      js::MemberInitializers::Invalid();
+
+  // End of fields.
+
+ private:
+  // Layout helpers
+  Offset gcThingsOffset() { return offsetOfGCThings(); }
+  Offset endOffset() const {
+    uintptr_t size = ngcthings * sizeof(JS::GCCellPtr);
+    return offsetOfGCThings() + size;
+  }
+
+  // Initialize header and PackedSpans
+  explicit PrivateScriptData(uint32_t ngcthings);
+
+ public:
+  static constexpr size_t offsetOfGCThings() {
+    return sizeof(PrivateScriptData);
+  }
+
+  // Accessors for typed array spans.
+  mozilla::Span<JS::GCCellPtr> gcthings() {
+    Offset offset = offsetOfGCThings();
+    return mozilla::Span{offsetToPointer<JS::GCCellPtr>(offset), ngcthings};
+  }
+
+  void setMemberInitializers(MemberInitializers memberInitializers) {
+    MOZ_ASSERT(memberInitializers_.valid == false,
+               "Only init MemberInitializers once");
+    memberInitializers_ = memberInitializers;
+  }
+  const MemberInitializers& getMemberInitializers() {
+    return memberInitializers_;
+  }
+
+  // Allocate a new PrivateScriptData. Headers and GCCellPtrs are initialized.
+  static PrivateScriptData* new_(JSContext* cx, uint32_t ngcthings);
+
+  template <XDRMode mode>
+  static MOZ_MUST_USE XDRResult XDR(js::XDRState<mode>* xdr,
+                                    js::HandleScript script,
+                                    js::HandleScriptSourceObject sourceObject,
+                                    js::HandleScope scriptEnclosingScope,
+                                    js::HandleObject funOrMod);
+
+  // Clone src script data into dst script.
+  static bool Clone(JSContext* cx, js::HandleScript src, js::HandleScript dst,
+                    js::MutableHandle<JS::GCVector<js::Scope*>> scopes);
+
+  static bool InitFromStencil(JSContext* cx, js::HandleScript script,
+                              js::frontend::CompilationInput& input,
+                              js::frontend::BaseCompilationStencil& stencil,
+                              js::frontend::CompilationGCOutput& gcOutput,
+                              const js::frontend::ScriptIndex scriptIndex);
+
+  void trace(JSTracer* trc);
+
+  size_t allocationSize() const;
+
+  // PrivateScriptData has trailing data so isn't copyable or movable.
+  PrivateScriptData(const PrivateScriptData&) = delete;
+  PrivateScriptData& operator=(const PrivateScriptData&) = delete;
+};
+
+// [SMDOC] Script Representation (js::BaseScript)
+//
+// A "script" corresponds to a JavaScript function or a top-level (global, eval,
+// module) body that will be executed using SpiderMonkey bytecode. Note that
+// special forms such as asm.js do not use bytecode or the BaseScript type.
+//
+// BaseScript may be generated directly from the parser/emitter, or by cloning
+// or deserializing another script. Cloning is typically used when a script is
+// needed in multiple realms and we would like to avoid re-compiling.
+//
+// A single script may be shared by multiple JSFunctions in a realm when those
+// function objects are used as closure. In this case, a single JSFunction is
+// considered canonical (and often does not escape to script directly).
+//
+// A BaseScript may be in "lazy" form where the parser performs a syntax-only
+// parse and saves minimal information. These lazy scripts must be recompiled
+// from the source (generating bytecode) before they can execute in a process
+// called "delazification". On GC memory pressure, a fully-compiled script may
+// be converted back into lazy form by "relazification".
+//
+// A fully-initialized BaseScript can be identified with `hasBytecode()` and
+// will have bytecode and set of GC-things such as scopes, inner-functions, and
+// object/string literals. This is referred to as a "non-lazy" script.
+//
+// A lazy script has either an enclosing script or scope. Each script needs to
+// know its enclosing scope in order to be fully compiled. If the parent is
+// still lazy we track that script and will need to compile it first to know our
+// own enclosing scope. This is because scope objects are not created until full
+// compilation and bytecode generation.
+//
+//
+// # Script Warm-Up #
+//
+// A script evolves its representation over time. As it becomes "hotter" we
+// attach a stack of additional data-structures generated by the JITs to
+// speed-up execution. This evolution may also be run in reverse, in order to
+// reduce memory usage.
+//
+//              +-------------------------------------+
+//              | ScriptSource                        |
+//              |   Provides:   Source                |
+//              |   Engine:     Parser                |
+//              +-------------------------------------+
+//                                v
+//              +-----------------------------------------------+
+//              | BaseScript                                    |
+//              |   Provides:   SourceExtent/Bindings           |
+//              |   Engine:     CompileLazyFunctionToStencil    |
+//              |               /InstantiateStencilsForDelazify |
+//              +-----------------------------------------------+
+//                                v
+//              +-------------------------------------+
+//              | ImmutableScriptData                 |
+//              |   Provides:   Bytecode              |
+//              |   Engine:     Interpreter           |
+//              +-------------------------------------+
+//                                v
+//              +-------------------------------------+
+//              | JitScript                           |
+//              |   Provides:   Inline Caches (ICs)   |
+//              |   Engine:     BaselineInterpreter   |
+//              +-------------------------------------+
+//                                v
+//              +-------------------------------------+
+//              | BaselineScript                      |
+//              |   Provides:   Native Code           |
+//              |   Engine:     Baseline              |
+//              +-------------------------------------+
+//                                v
+//              +-------------------------------------+
+//              | IonScript                           |
+//              |   Provides:   Optimized Native Code |
+//              |   Engine:     IonMonkey             |
+//              +-------------------------------------+
+//
+// NOTE: Scripts may be directly created with bytecode and skip the lazy script
+//       form. This is always the case for top-level scripts.
+class BaseScript : public gc::TenuredCellWithNonGCPointer<uint8_t> {
+ public:
+  // The definition of flags is shared with the frontend for consistency.
+  using ImmutableFlags = ImmutableScriptFlagsEnum;
+  using MutableFlags = MutableScriptFlagsEnum;
+
+ public:
+  // Pointer to baseline->method()->raw(), ion->method()->raw(), a wasm jit
+  // entry, the JIT's EnterInterpreter stub, or the lazy link stub. Must be
+  // non-null (except on no-jit builds). This is stored in the cell header.
+  uint8_t* jitCodeRaw() const { return headerPtr(); }
+
+ protected:
+  // Multi-purpose value that changes type as the script warms up from lazy form
+  // to interpreted-bytecode to JITs. See: ScriptWarmUpData type for more info.
+  ScriptWarmUpData warmUpData_ = {};
+
+  // Object that determines what Realm this script is compiled for. For function
+  // scripts this is the canonical function, otherwise it is the GlobalObject of
+  // the realm.
+  const GCPtrObject functionOrGlobal_ = {};
+
+  // The ScriptSourceObject for this script. This is always same-compartment
+  // with this script, but may be a clone if the original source object is in a
+  // different compartment.
+  const GCPtr<ScriptSourceObject*> sourceObject_ = {};
+
+  // Position of the function in the source buffer. Both in terms of line/column
+  // and code-unit offset.
+  const SourceExtent extent_ = {};
+
+  // Immutable flags are a combination of parser options and bytecode
+  // characteristics. These flags are preserved when serializing or copying this
+  // script.
+  const ImmutableScriptFlags immutableFlags_ = {};
+
+  // Mutable flags store transient information used by subsystems such as the
+  // debugger and the JITs. These flags are *not* preserved when serializing or
+  // cloning since they are based on runtime state.
+  MutableScriptFlags mutableFlags_ = {};
+
+  // Variable-length data owned by this script. This stores one of:
+  //    - GC pointers that bytecode references.
+  //    - Inner-functions and bindings generated by syntax parse.
+  //    - Nullptr, if no bytecode or inner functions.
+  // This is updated as script is delazified and relazified.
+  PrivateScriptData* data_ = nullptr;
+
+  // Shareable script data. This includes runtime-wide atom pointers, bytecode,
+  // and various script note structures. If the script is currently lazy, this
+  // will be nullptr.
+  RefPtr<js::SharedImmutableScriptData> sharedData_ = {};
+
+  // End of fields.
+
+  BaseScript(uint8_t* stubEntry, JSObject* functionOrGlobal,
+             ScriptSourceObject* sourceObject, const SourceExtent& extent,
+             uint32_t immutableFlags)
+      : TenuredCellWithNonGCPointer(stubEntry),
+        functionOrGlobal_(functionOrGlobal),
+        sourceObject_(sourceObject),
+        extent_(extent),
+        immutableFlags_(immutableFlags) {
+    MOZ_ASSERT(functionOrGlobal->compartment() == sourceObject->compartment());
+    MOZ_ASSERT(extent_.toStringStart <= extent_.sourceStart);
+    MOZ_ASSERT(extent_.sourceStart <= extent_.sourceEnd);
+    MOZ_ASSERT(extent_.sourceEnd <= extent_.toStringEnd);
+  }
+
+  void setJitCodeRaw(uint8_t* code) { setHeaderPtr(code); }
+
+ public:
+  static BaseScript* New(JSContext* cx, js::HandleObject functionOrGlobal,
+                         js::HandleScriptSourceObject sourceObject,
+                         const js::SourceExtent& extent,
+                         uint32_t immutableFlags);
+
+  // Create a lazy BaseScript without initializing any gc-things.
+  static BaseScript* CreateRawLazy(JSContext* cx, uint32_t ngcthings,
+                                   HandleFunction fun,
+                                   HandleScriptSourceObject sourceObject,
+                                   const SourceExtent& extent,
+                                   uint32_t immutableFlags);
+
+  bool isUsingInterpreterTrampoline(JSRuntime* rt) const;
+
+  // Canonical function for the script, if it has a function. For top-level
+  // scripts this is nullptr.
+  JSFunction* function() const {
+    if (functionOrGlobal_->is<JSFunction>()) {
+      return &functionOrGlobal_->as<JSFunction>();
+    }
+    return nullptr;
+  }
+
+  JS::Realm* realm() const { return functionOrGlobal_->nonCCWRealm(); }
+  JS::Compartment* compartment() const {
+    return functionOrGlobal_->compartment();
+  }
+  JS::Compartment* maybeCompartment() const { return compartment(); }
+  inline JSPrincipals* principals() const;
+
+  ScriptSourceObject* sourceObject() const { return sourceObject_; }
+  ScriptSource* scriptSource() const { return sourceObject()->source(); }
+  ScriptSource* maybeForwardedScriptSource() const;
+
+  bool mutedErrors() const { return scriptSource()->mutedErrors(); }
+
+  const char* filename() const { return scriptSource()->filename(); }
+  const char* maybeForwardedFilename() const {
+    return maybeForwardedScriptSource()->filename();
+  }
+
+  uint32_t sourceStart() const { return extent_.sourceStart; }
+  uint32_t sourceEnd() const { return extent_.sourceEnd; }
+  uint32_t sourceLength() const {
+    return extent_.sourceEnd - extent_.sourceStart;
+  }
+  uint32_t toStringStart() const { return extent_.toStringStart; }
+  uint32_t toStringEnd() const { return extent_.toStringEnd; }
+  SourceExtent extent() const { return extent_; }
+
+  MOZ_MUST_USE bool appendSourceDataForToString(JSContext* cx,
+                                                js::StringBuffer& buf);
+
+  uint32_t lineno() const { return extent_.lineno; }
+  uint32_t column() const { return extent_.column; }
+
+ public:
+  ImmutableScriptFlags immutableFlags() const { return immutableFlags_; }
+
+  // ImmutableFlags accessors.
+  MOZ_MUST_USE bool hasFlag(ImmutableFlags flag) const {
+    return immutableFlags_.hasFlag(flag);
+  }
+
+  // MutableFlags accessors.
+  MOZ_MUST_USE bool hasFlag(MutableFlags flag) const {
+    return mutableFlags_.hasFlag(flag);
+  }
+  void setFlag(MutableFlags flag, bool b = true) {
+    mutableFlags_.setFlag(flag, b);
+  }
+  void clearFlag(MutableFlags flag) { mutableFlags_.clearFlag(flag); }
+  // Specific flag accessors
+
+#define FLAG_GETTER(enumName, enumEntry, lowerName) \
+ public:                                            \
+  bool lowerName() const { return hasFlag(enumName::enumEntry); }
+
+#define FLAG_GETTER_SETTER(enumName, enumEntry, lowerName, name)  \
+ public:                                                          \
+  bool lowerName() const { return hasFlag(enumName::enumEntry); } \
+  void set##name() { setFlag(enumName::enumEntry); }              \
+  void set##name(bool b) { setFlag(enumName::enumEntry, b); }     \
+  void clear##name() { clearFlag(enumName::enumEntry); }
+
+#define IMMUTABLE_FLAG_GETTER(lowerName, name) \
+  FLAG_GETTER(ImmutableFlags, name, lowerName)
+#define MUTABLE_FLAG_GETTER_SETTER(lowerName, name) \
+  FLAG_GETTER_SETTER(MutableFlags, name, lowerName, name)
+
+  IMMUTABLE_FLAG_GETTER(isForEval, IsForEval)
+  IMMUTABLE_FLAG_GETTER(isModule, IsModule)
+  IMMUTABLE_FLAG_GETTER(isFunction, IsFunction)
+  IMMUTABLE_FLAG_GETTER(selfHosted, SelfHosted)
+  IMMUTABLE_FLAG_GETTER(forceStrict, ForceStrict)
+  IMMUTABLE_FLAG_GETTER(hasNonSyntacticScope, HasNonSyntacticScope)
+  IMMUTABLE_FLAG_GETTER(noScriptRval, NoScriptRval)
+  IMMUTABLE_FLAG_GETTER(treatAsRunOnce, TreatAsRunOnce)
+  IMMUTABLE_FLAG_GETTER(strict, Strict)
+  IMMUTABLE_FLAG_GETTER(hasModuleGoal, HasModuleGoal)
+  IMMUTABLE_FLAG_GETTER(hasInnerFunctions, HasInnerFunctions)
+  IMMUTABLE_FLAG_GETTER(hasDirectEval, HasDirectEval)
+  IMMUTABLE_FLAG_GETTER(bindingsAccessedDynamically,
+                        BindingsAccessedDynamically)
+  IMMUTABLE_FLAG_GETTER(hasCallSiteObj, HasCallSiteObj)
+  IMMUTABLE_FLAG_GETTER(isAsync, IsAsync)
+  IMMUTABLE_FLAG_GETTER(isGenerator, IsGenerator)
+  IMMUTABLE_FLAG_GETTER(funHasExtensibleScope, FunHasExtensibleScope)
+  IMMUTABLE_FLAG_GETTER(functionHasThisBinding, FunctionHasThisBinding)
+  IMMUTABLE_FLAG_GETTER(needsHomeObject, NeedsHomeObject)
+  IMMUTABLE_FLAG_GETTER(isDerivedClassConstructor, IsDerivedClassConstructor)
+  IMMUTABLE_FLAG_GETTER(isFieldInitializer, IsFieldInitializer)
+  IMMUTABLE_FLAG_GETTER(hasRest, HasRest)
+  IMMUTABLE_FLAG_GETTER(needsFunctionEnvironmentObjects,
+                        NeedsFunctionEnvironmentObjects)
+  // FunctionHasExtraBodyVarScope: custom logic below.
+  IMMUTABLE_FLAG_GETTER(shouldDeclareArguments, ShouldDeclareArguments)
+  IMMUTABLE_FLAG_GETTER(argumentsHasVarBinding, ArgumentsHasVarBinding)
+  IMMUTABLE_FLAG_GETTER(alwaysNeedsArgsObj, AlwaysNeedsArgsObj)
+  IMMUTABLE_FLAG_GETTER(hasMappedArgsObj, HasMappedArgsObj)
+
+  MUTABLE_FLAG_GETTER_SETTER(hasRunOnce, HasRunOnce)
+  MUTABLE_FLAG_GETTER_SETTER(hasScriptCounts, HasScriptCounts)
+  MUTABLE_FLAG_GETTER_SETTER(hasDebugScript, HasDebugScript)
+  MUTABLE_FLAG_GETTER_SETTER(needsArgsAnalysis, NeedsArgsAnalysis)
+  // NeedsArgsObj: custom logic below.
+  MUTABLE_FLAG_GETTER_SETTER(allowRelazify, AllowRelazify)
+  MUTABLE_FLAG_GETTER_SETTER(spewEnabled, SpewEnabled)
+  MUTABLE_FLAG_GETTER_SETTER(needsFinalWarmUpCount, NeedsFinalWarmUpCount)
+  MUTABLE_FLAG_GETTER_SETTER(failedBoundsCheck, FailedBoundsCheck)
+  MUTABLE_FLAG_GETTER_SETTER(failedShapeGuard, FailedShapeGuard)
+  MUTABLE_FLAG_GETTER_SETTER(hadLICMInvalidation, HadLICMInvalidation)
+  MUTABLE_FLAG_GETTER_SETTER(hadEagerTruncationBailout,
+                             HadEagerTruncationBailout)
+  MUTABLE_FLAG_GETTER_SETTER(hadUnboxFoldingBailout, HadUnboxFoldingBailout)
+  MUTABLE_FLAG_GETTER_SETTER(uninlineable, Uninlineable)
+  MUTABLE_FLAG_GETTER_SETTER(failedLexicalCheck, FailedLexicalCheck)
+  MUTABLE_FLAG_GETTER_SETTER(hadSpeculativePhiBailout, HadSpeculativePhiBailout)
+  MUTABLE_FLAG_GETTER_SETTER(isInlinableLargeFunction, IsInlinableLargeFunction)
+
+#undef IMMUTABLE_FLAG_GETTER
+#undef MUTABLE_FLAG_GETTER_SETTER
+#undef FLAG_GETTER
+#undef FLAG_GETTER_SETTER
+
+  GeneratorKind generatorKind() const {
+    return isGenerator() ? GeneratorKind::Generator
+                         : GeneratorKind::NotGenerator;
+  }
+
+  FunctionAsyncKind asyncKind() const {
+    return isAsync() ? FunctionAsyncKind::AsyncFunction
+                     : FunctionAsyncKind::SyncFunction;
+  }
+
+  bool hasEnclosingScript() const { return warmUpData_.isEnclosingScript(); }
+  BaseScript* enclosingScript() const {
+    return warmUpData_.toEnclosingScript();
+  }
+  void setEnclosingScript(BaseScript* enclosingScript);
+
+  // Returns true is the script has an enclosing scope but no bytecode. It is
+  // ready for delazification.
+  // NOTE: The enclosing script must have been successfully compiled at some
+  // point for the enclosing scope to exist. That script may have since been
+  // GC'd, but we kept the scope live so we can still compile ourselves.
+  bool isReadyForDelazification() const {
+    return warmUpData_.isEnclosingScope();
+  }
+
+  Scope* enclosingScope() const;
+  void setEnclosingScope(Scope* enclosingScope);
+  Scope* releaseEnclosingScope();
+
+  bool hasJitScript() const { return warmUpData_.isJitScript(); }
+  jit::JitScript* jitScript() const {
+    MOZ_ASSERT(hasJitScript());
+    return warmUpData_.toJitScript();
+  }
+  jit::JitScript* maybeJitScript() const {
+    return hasJitScript() ? jitScript() : nullptr;
+  }
+
+  inline bool hasBaselineScript() const;
+  inline bool hasIonScript() const;
+
+  bool hasPrivateScriptData() const { return data_ != nullptr; }
+
+  // Update data_ pointer while also informing GC MemoryUse tracking.
+  void swapData(UniquePtr<PrivateScriptData>& other);
+
+  mozilla::Span<const JS::GCCellPtr> gcthings() const {
+    return data_ ? data_->gcthings() : mozilla::Span<JS::GCCellPtr>();
+  }
+
+  // NOTE: This is only used to initialize a fresh script.
+  mozilla::Span<JS::GCCellPtr> gcthingsForInit() {
+    MOZ_ASSERT(!hasBytecode());
+    return data_ ? data_->gcthings() : mozilla::Span<JS::GCCellPtr>();
+  }
+
+  void setMemberInitializers(MemberInitializers memberInitializers) {
+    MOZ_ASSERT(data_);
+    data_->setMemberInitializers(memberInitializers);
+  }
+  const MemberInitializers& getMemberInitializers() const {
+    MOZ_ASSERT(data_);
+    return data_->getMemberInitializers();
+  }
+
+  SharedImmutableScriptData* sharedData() const { return sharedData_; }
+  inline void initSharedData(SharedImmutableScriptData* data);
+  void freeSharedData() { sharedData_ = nullptr; }
+
+  // NOTE: Script only has bytecode if JSScript::fullyInitFromStencil completes
+  // successfully.
+  bool hasBytecode() const {
+    if (sharedData_) {
+      MOZ_ASSERT(data_);
+      MOZ_ASSERT(warmUpData_.isWarmUpCount() || warmUpData_.isJitScript());
+      return true;
+    }
+    return false;
+  }
+
+ public:
+  static const JS::TraceKind TraceKind = JS::TraceKind::Script;
+
+  void traceChildren(JSTracer* trc);
+  void finalize(JSFreeOp* fop);
+
+  size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) {
+    return mallocSizeOf(data_);
+  }
+
+  inline JSScript* asJSScript();
+
+  template <XDRMode mode>
+  static XDRResult XDRLazyScriptData(XDRState<mode>* xdr,
+                                     HandleScriptSourceObject sourceObject,
+                                     Handle<BaseScript*> lazy,
+                                     bool hasFieldInitializer);
+
+  // JIT accessors
+  static constexpr size_t offsetOfJitCodeRaw() { return offsetOfHeaderPtr(); }
+  static constexpr size_t offsetOfPrivateData() {
+    return offsetof(BaseScript, data_);
+  }
+  static constexpr size_t offsetOfSharedData() {
+    return offsetof(BaseScript, sharedData_);
+  }
+  static size_t offsetOfImmutableFlags() {
+    static_assert(sizeof(ImmutableScriptFlags) == sizeof(uint32_t));
+    return offsetof(BaseScript, immutableFlags_);
+  }
+  static constexpr size_t offsetOfMutableFlags() {
+    static_assert(sizeof(MutableScriptFlags) == sizeof(uint32_t));
+    return offsetof(BaseScript, mutableFlags_);
+  }
+  static constexpr size_t offsetOfWarmUpData() {
+    return offsetof(BaseScript, warmUpData_);
+  }
+
+ protected:
+  bool isRelazifiableImpl() const {
+    // A script may not be relazifiable if parts of it can be entrained in
+    // interesting ways:
+    //  - Scripts with inner-functions or direct-eval (which can add
+    //    inner-functions) should not be relazified as their Scopes may be part
+    //    of another scope-chain.
+    //  - Generators and async functions may be re-entered in complex ways so
+    //    don't discard bytecode. The JIT resume code assumes this.
+    //  - Functions with template literals must always return the same object
+    //    instance so must not discard it by relazifying.
+    return !hasInnerFunctions() && !hasDirectEval() && !isGenerator() &&
+           !isAsync() && !hasCallSiteObj();
+  }
+
+ public:
+  bool isRelazifiableAfterDelazify() const { return isRelazifiableImpl(); }
+};
+
+/*
+ * NB: after a successful XDR_DECODE, XDRScript callers must do any required
+ * subsequent set-up of owning function or script object and then call
+ * CallNewScriptHook.
+ */
+template <XDRMode mode>
+XDRResult XDRScript(XDRState<mode>* xdr, HandleScope enclosingScope,
+                    HandleScriptSourceObject sourceObject,
+                    HandleObject funOrMod, MutableHandleScript scriptp);
+
+template <XDRMode mode>
+XDRResult XDRLazyScript(XDRState<mode>* xdr, HandleScope enclosingScope,
+                        HandleScriptSourceObject sourceObject,
+                        HandleFunction fun, MutableHandle<BaseScript*> lazy);
+
+template <XDRMode mode>
+XDRResult XDRSourceExtent(XDRState<mode>* xdr, SourceExtent* extent);
+
+template <XDRMode mode>
+XDRResult XDRImmutableScriptData(XDRState<mode>* xdr,
+                                 UniquePtr<ImmutableScriptData>& isd);
+
+/*
+ * Code any constant value.
+ */
+template <XDRMode mode>
+XDRResult XDRScriptConst(XDRState<mode>* xdr, MutableHandleValue vp);
+
+extern void SweepScriptData(JSRuntime* rt);
+
+} /* namespace js */
+
+class JSScript : public js::BaseScript {
+ private:
+  template <js::XDRMode mode>
+  friend js::XDRResult js::XDRScript(js::XDRState<mode>* xdr,
+                                     js::HandleScope enclosingScope,
+                                     js::HandleScriptSourceObject sourceObject,
+                                     js::HandleObject funOrMod,
+                                     js::MutableHandleScript scriptp);
+
+  template <js::XDRMode mode>
+  friend js::XDRResult js::PrivateScriptData::XDR(
+      js::XDRState<mode>* xdr, js::HandleScript script,
+      js::HandleScriptSourceObject sourceObject,
+      js::HandleScope scriptEnclosingScope, js::HandleObject funOrMod);
+
+  friend bool js::PrivateScriptData::Clone(
+      JSContext* cx, js::HandleScript src, js::HandleScript dst,
+      js::MutableHandle<JS::GCVector<js::Scope*>> scopes);
+
+  friend bool js::PrivateScriptData::InitFromStencil(
+      JSContext* cx, js::HandleScript script,
+      js::frontend::CompilationInput& input,
+      js::frontend::BaseCompilationStencil& stencil,
+      js::frontend::CompilationGCOutput& gcOutput,
+      const js::frontend::ScriptIndex scriptIndex);
+
+ private:
+  using js::BaseScript::BaseScript;
+
+ public:
+  static JSScript* Create(JSContext* cx, js::HandleObject functionOrGlobal,
+                          js::HandleScriptSourceObject sourceObject,
+                          const js::SourceExtent& extent,
+                          js::ImmutableScriptFlags flags);
+
+  // NOTE: This should only be used while delazifying.
+  static JSScript* CastFromLazy(js::BaseScript* lazy) {
+    return static_cast<JSScript*>(lazy);
+  }
+
+  // NOTE: If you use createPrivateScriptData directly instead of via
+  // fullyInitFromStencil, you are responsible for notifying the debugger
+  // after successfully creating the script.
+  static bool createPrivateScriptData(JSContext* cx,
+                                      JS::Handle<JSScript*> script,
+                                      uint32_t ngcthings);
+
+ public:
+  static bool fullyInitFromStencil(
+      JSContext* cx, js::frontend::CompilationInput& input,
+      js::frontend::BaseCompilationStencil& stencil,
+      js::frontend::CompilationGCOutput& gcOutput, js::HandleScript script,
+      const js::frontend::ScriptIndex scriptIndex);
+
+  // Allocate a JSScript and initialize it with bytecode. This consumes
+  // allocations within the stencil.
+  static JSScript* fromStencil(JSContext* cx,
+                               js::frontend::CompilationInput& input,
+                               js::frontend::CompilationStencil& stencil,
+                               js::frontend::CompilationGCOutput& gcOutput,
+                               const js::frontend::ScriptIndex scriptIndex);
+
+#ifdef DEBUG
+ private:
+  // Assert that jump targets are within the code array of the script.
+  void assertValidJumpTargets() const;
+#endif
+
+ public:
+  js::ImmutableScriptData* immutableScriptData() const {
+    return sharedData_->isd_.get();
+  }
+
+  // Script bytecode is immutable after creation.
+  jsbytecode* code() const {
+    if (!sharedData_) {
+      return nullptr;
+    }
+    return immutableScriptData()->code();
+  }
+
+  bool hasForceInterpreterOp() const {
+    // JSOp::ForceInterpreter, if present, must be the first op.
+    MOZ_ASSERT(length() >= 1);
+    return JSOp(*code()) == JSOp::ForceInterpreter;
+  }
+
+  js::AllBytecodesIterable allLocations() {
+    return js::AllBytecodesIterable(this);
+  }
+
+  js::BytecodeLocation location() { return js::BytecodeLocation(this, code()); }
+
+  size_t length() const {
+    MOZ_ASSERT(sharedData_);
+    return immutableScriptData()->codeLength();
+  }
+
+  jsbytecode* codeEnd() const { return code() + length(); }
+
+  jsbytecode* lastPC() const {
+    jsbytecode* pc = codeEnd() - js::JSOpLength_RetRval;
+    MOZ_ASSERT(JSOp(*pc) == JSOp::RetRval);
+    return pc;
+  }
+
+  // Note: ArgBytes is optional, but if specified then containsPC will also
+  //       check that the opcode arguments are in bounds.
+  template <size_t ArgBytes = 0>
+  bool containsPC(const jsbytecode* pc) const {
+    MOZ_ASSERT_IF(ArgBytes,
+                  js::GetBytecodeLength(pc) == sizeof(jsbytecode) + ArgBytes);
+    const jsbytecode* lastByte = pc + ArgBytes;
+    return pc >= code() && lastByte < codeEnd();
+  }
+  template <typename ArgType>
+  bool containsPC(const jsbytecode* pc) const {
+    return containsPC<sizeof(ArgType)>(pc);
+  }
+
+  bool contains(const js::BytecodeLocation& loc) const {
+    return containsPC(loc.toRawBytecode());
+  }
+
+  size_t pcToOffset(const jsbytecode* pc) const {
+    MOZ_ASSERT(containsPC(pc));
+    return size_t(pc - code());
+  }
+
+  jsbytecode* offsetToPC(size_t offset) const {
+    MOZ_ASSERT(offset < length());
+    return code() + offset;
+  }
+
+  size_t mainOffset() const { return immutableScriptData()->mainOffset; }
+
+  // The fixed part of a stack frame is comprised of vars (in function and
+  // module code) and block-scoped locals (in all kinds of code).
+  size_t nfixed() const { return immutableScriptData()->nfixed; }
+
+  // Number of fixed slots reserved for slots that are always live. Only
+  // nonzero for function or module code.
+  size_t numAlwaysLiveFixedSlots() const;
+
+  // Calculate the number of fixed slots that are live at a particular bytecode.
+  size_t calculateLiveFixed(jsbytecode* pc);
+
+  size_t nslots() const { return immutableScriptData()->nslots; }
+
+  unsigned numArgs() const;
+
+  inline js::Shape* initialEnvironmentShape() const;
+
+  bool functionHasParameterExprs() const;
+
+  bool functionAllowsParameterRedeclaration() const {
+    // Parameter redeclaration is only allowed for non-strict functions with
+    // simple parameter lists, which are neither arrow nor method functions. We
+    // don't have a flag at hand to test the function kind, but we can still
+    // test if the function is non-strict and has a simple parameter list by
+    // checking |hasMappedArgsObj()|. (Mapped arguments objects are only
+    // created for non-strict functions with simple parameter lists.)
+    return hasMappedArgsObj();
+  }
+
+  size_t numICEntries() const { return immutableScriptData()->numICEntries; }
+
+  size_t funLength() const { return immutableScriptData()->funLength; }
+
+  void cacheForEval() {
+    MOZ_ASSERT(isForEval());
+    // IsEvalCacheCandidate will make sure that there's nothing in this
+    // script that would prevent reexecution even if isRunOnce is
+    // true.  So just pretend like we never ran this script.
+    clearFlag(MutableFlags::HasRunOnce);
+  }
+
+  bool argumentsAliasesFormals() const {
+    return argumentsHasVarBinding() && hasMappedArgsObj();
+  }
+
+  /*
+   * As an optimization, even when argumentsHasVarBinding, the function
+   * prologue may not need to create an arguments object. This is determined by
+   * needsArgsObj which is set by AnalyzeArgumentsUsage. When !needsArgsObj,
+   * the prologue may simply write MagicValue(JS_OPTIMIZED_ARGUMENTS) to
+   * 'arguments's slot and any uses of 'arguments' will be guaranteed to handle
+   * this magic value. To avoid spurious arguments object creation, we maintain
+   * the invariant that needsArgsObj is only called after the script has been
+   * analyzed.
+   */
+  inline bool ensureHasAnalyzedArgsUsage(JSContext* cx);
+  bool needsArgsObj() const {
+    MOZ_ASSERT(!needsArgsAnalysis());
+    return hasFlag(MutableFlags::NeedsArgsObj);
+  }
+  void setNeedsArgsObj(bool needsArgsObj);
+  static void argumentsOptimizationFailed(JSContext* cx,
+                                          js::HandleScript script);
+
+  // Update the the arguments analysis flags based on the frontend
+  // derived information.
+  void resetArgsUsageAnalysis();
+
+  /*
+   * Arguments access (via JSOp::*Arg* opcodes) must access the canonical
+   * location for the argument. If an arguments object exists AND it's mapped
+   * ('arguments' aliases formals), then all access must go through the
+   * arguments object. Otherwise, the local slot is the canonical location for
+   * the arguments. Note: if a formal is aliased through the scope chain, then
+   * script->formalIsAliased and JSOp::*Arg* opcodes won't be emitted at all.
+   */
+  bool argsObjAliasesFormals() const {
+    return needsArgsObj() && hasMappedArgsObj();
+  }
+
+  void updateJitCodeRaw(JSRuntime* rt);
+
+  bool isRelazifiable() const { return isRelazifiableImpl(); }
+
+  js::ModuleObject* module() const;
+
+  bool isGlobalCode() const;
+
+  // Returns true if the script may read formal arguments on the stack
+  // directly, via lazy arguments or a rest parameter.
+  bool mayReadFrameArgsDirectly();
+
+  static JSLinearString* sourceData(JSContext* cx, JS::HandleScript script);
+
+#ifdef MOZ_VTUNE
+  // Unique Method ID passed to the VTune profiler. Allows attribution of
+  // different jitcode to the same source script.
+  uint32_t vtuneMethodID();
+#endif
+
+ public:
+  /* Return whether this is a 'direct eval' script in a function scope. */
+  bool isDirectEvalInFunction() const;
+
+  /*
+   * Return whether this script is a top-level script.
+   *
+   * If we evaluate some code which contains a syntax error, then we might
+   * produce a JSScript which has no associated bytecode. Testing with
+   * |code()| filters out this kind of scripts.
+   *
+   * If this script has a function associated to it, then it is not the
+   * top-level of a file.
+   */
+  bool isTopLevel() { return code() && !isFunction(); }
+
+  /* Ensure the script has a JitScript. */
+  inline bool ensureHasJitScript(JSContext* cx, js::jit::AutoKeepJitScripts&);
+
+  void maybeReleaseJitScript(JSFreeOp* fop);
+  void releaseJitScript(JSFreeOp* fop);
+  void releaseJitScriptOnFinalize(JSFreeOp* fop);
+
+  inline js::jit::BaselineScript* baselineScript() const;
+  inline js::jit::IonScript* ionScript() const;
+
+  inline bool isIonCompilingOffThread() const;
+  inline bool canIonCompile() const;
+  inline void disableIon();
+
+  inline bool canBaselineCompile() const;
+  inline void disableBaselineCompile();
+
+  inline js::GlobalObject& global() const;
+  inline bool hasGlobal(const js::GlobalObject* global) const;
+  js::GlobalObject& uninlinedGlobal() const;
+
+  js::GCThingIndex bodyScopeIndex() const {
+    return immutableScriptData()->bodyScopeIndex;
+  }
+
+  js::Scope* bodyScope() const { return getScope(bodyScopeIndex()); }
+
+  js::Scope* outermostScope() const {
+    // The body scope may not be the outermost scope in the script when
+    // the decl env scope is present.
+    return getScope(js::GCThingIndex::outermostScopeIndex());
+  }
+
+  bool functionHasExtraBodyVarScope() const {
+    bool res = hasFlag(ImmutableFlags::FunctionHasExtraBodyVarScope);
+    MOZ_ASSERT_IF(res, functionHasParameterExprs());
+    return res;
+  }
+
+  js::VarScope* functionExtraBodyVarScope() const;
+
+  bool needsBodyEnvironment() const;
+
+  inline js::LexicalScope* maybeNamedLambdaScope() const;
+
+  // Drop script data and reset warmUpData to reference enclosing scope.
+  void relazify(JSRuntime* rt);
+
+ private:
+  bool createJitScript(JSContext* cx);
+
+  bool shareScriptData(JSContext* cx);
+
+ public:
+  inline uint32_t getWarmUpCount() const;
+  inline void incWarmUpCounter(uint32_t amount = 1);
+  inline void resetWarmUpCounterForGC();
+
+  void resetWarmUpCounterToDelayIonCompilation();
+
+  unsigned getWarmUpResetCount() const {
+    constexpr uint32_t MASK = uint32_t(MutableFlags::WarmupResets_MASK);
+    return mutableFlags_ & MASK;
+  }
+  void incWarmUpResetCounter() {
+    constexpr uint32_t MASK = uint32_t(MutableFlags::WarmupResets_MASK);
+    uint32_t newCount = getWarmUpResetCount() + 1;
+    if (newCount <= MASK) {
+      mutableFlags_ &= ~MASK;
+      mutableFlags_ |= newCount;
+    }
+  }
+  void resetWarmUpResetCounter() {
+    constexpr uint32_t MASK = uint32_t(MutableFlags::WarmupResets_MASK);
+    mutableFlags_ &= ~MASK;
+  }
+
+ public:
+  bool initScriptCounts(JSContext* cx);
+  js::ScriptCounts& getScriptCounts();
+  js::PCCounts* maybeGetPCCounts(jsbytecode* pc);
+  const js::PCCounts* maybeGetThrowCounts(jsbytecode* pc);
+  js::PCCounts* getThrowCounts(jsbytecode* pc);
+  uint64_t getHitCount(jsbytecode* pc);
+  void incHitCount(jsbytecode* pc);  // Used when we bailout out of Ion.
+  void addIonCounts(js::jit::IonScriptCounts* ionCounts);
+  js::jit::IonScriptCounts* getIonCounts();
+  void releaseScriptCounts(js::ScriptCounts* counts);
+  void destroyScriptCounts();
+  void resetScriptCounts();
+
+  jsbytecode* main() const { return code() + mainOffset(); }
+
+  js::BytecodeLocation mainLocation() const {
+    return js::BytecodeLocation(this, main());
+  }
+
+  js::BytecodeLocation endLocation() const {
+    return js::BytecodeLocation(this, codeEnd());
+  }
+
+  js::BytecodeLocation offsetToLocation(uint32_t offset) const {
+    return js::BytecodeLocation(this, offsetToPC(offset));
+  }
+
+  void addSizeOfJitScript(mozilla::MallocSizeOf mallocSizeOf,
+                          size_t* sizeOfJitScript,
+                          size_t* sizeOfBaselineFallbackStubs) const;
+
+  mozilla::Span<const js::TryNote> trynotes() const {
+    return immutableScriptData()->tryNotes();
+  }
+
+  mozilla::Span<const js::ScopeNote> scopeNotes() const {
+    return immutableScriptData()->scopeNotes();
+  }
+
+  mozilla::Span<const uint32_t> resumeOffsets() const {
+    return immutableScriptData()->resumeOffsets();
+  }
+
+  uint32_t tableSwitchCaseOffset(jsbytecode* pc, uint32_t caseIndex) const {
+    MOZ_ASSERT(containsPC(pc));
+    MOZ_ASSERT(JSOp(*pc) == JSOp::TableSwitch);
+    uint32_t firstResumeIndex = GET_RESUMEINDEX(pc + 3 * JUMP_OFFSET_LEN);
+    return resumeOffsets()[firstResumeIndex + caseIndex];
+  }
+  jsbytecode* tableSwitchCasePC(jsbytecode* pc, uint32_t caseIndex) const {
+    return offsetToPC(tableSwitchCaseOffset(pc, caseIndex));
+  }
+
+  bool hasLoops();
+
+  uint32_t numNotes() const {
+    MOZ_ASSERT(sharedData_);
+    return immutableScriptData()->noteLength();
+  }
+  js::SrcNote* notes() const {
+    MOZ_ASSERT(sharedData_);
+    return immutableScriptData()->notes();
+  }
+
+  JSAtom* getAtom(js::GCThingIndex index) const {
+    return &gcthings()[index].as<JSString>().asAtom();
+  }
+
+  JSAtom* getAtom(jsbytecode* pc) const {
+    MOZ_ASSERT(containsPC<js::GCThingIndex>(pc));
+    MOZ_ASSERT(js::JOF_OPTYPE((JSOp)*pc) == JOF_ATOM);
+    return getAtom(GET_GCTHING_INDEX(pc));
+  }
+
+  js::PropertyName* getName(js::GCThingIndex index) {
+    return getAtom(index)->asPropertyName();
+  }
+
+  js::PropertyName* getName(jsbytecode* pc) const {
+    return getAtom(pc)->asPropertyName();
+  }
+
+  JSObject* getObject(js::GCThingIndex index) const {
+    MOZ_ASSERT(gcthings()[index].asCell()->isTenured());
+    return &gcthings()[index].as<JSObject>();
+  }
+
+  JSObject* getObject(jsbytecode* pc) const {
+    MOZ_ASSERT(containsPC<js::GCThingIndex>(pc));
+    return getObject(GET_GCTHING_INDEX(pc));
+  }
+
+  js::Scope* getScope(js::GCThingIndex index) const {
+    return &gcthings()[index].as<js::Scope>();
+  }
+
+  js::Scope* getScope(jsbytecode* pc) const {
+    // This method is used to get a scope directly using a JSOp with an
+    // index. To search through ScopeNotes to look for a Scope using pc,
+    // use lookupScope.
+    MOZ_ASSERT(containsPC<js::GCThingIndex>(pc));
+    MOZ_ASSERT(js::JOF_OPTYPE(JSOp(*pc)) == JOF_SCOPE,
+               "Did you mean to use lookupScope(pc)?");
+    return getScope(GET_GCTHING_INDEX(pc));
+  }
+
+  inline JSFunction* getFunction(js::GCThingIndex index) const;
+  inline JSFunction* getFunction(jsbytecode* pc) const;
+
+  inline js::RegExpObject* getRegExp(js::GCThingIndex index) const;
+  inline js::RegExpObject* getRegExp(jsbytecode* pc) const;
+
+  js::BigInt* getBigInt(js::GCThingIndex index) const {
+    MOZ_ASSERT(gcthings()[index].asCell()->isTenured());
+    return &gcthings()[index].as<js::BigInt>();
+  }
+
+  js::BigInt* getBigInt(jsbytecode* pc) const {
+    MOZ_ASSERT(containsPC<js::GCThingIndex>(pc));
+    MOZ_ASSERT(js::JOF_OPTYPE(JSOp(*pc)) == JOF_BIGINT);
+    return getBigInt(GET_GCTHING_INDEX(pc));
+  }
+
+  // The following 3 functions find the static scope just before the
+  // execution of the instruction pointed to by pc.
+
+  js::Scope* lookupScope(jsbytecode* pc) const;
+
+  js::Scope* innermostScope(jsbytecode* pc) const;
+  js::Scope* innermostScope() const { return innermostScope(main()); }
+
+  /*
+   * The isEmpty method tells whether this script has code that computes any
+   * result (not return value, result AKA normal completion value) other than
+   * JSVAL_VOID, or any other effects.
+   */
+  bool isEmpty() const {
+    if (length() > 3) {
+      return false;
+    }
+
+    jsbytecode* pc = code();
+    if (noScriptRval() && JSOp(*pc) == JSOp::False) {
+      ++pc;
+    }
+    return JSOp(*pc) == JSOp::RetRval;
+  }
+
+  bool formalIsAliased(unsigned argSlot);
+  bool formalLivesInArgumentsObject(unsigned argSlot);
+
+  // See comment above 'debugMode' in Realm.h for explanation of
+  // invariants of debuggee compartments, scripts, and frames.
+  inline bool isDebuggee() const;
+
+  // A helper class to prevent relazification of the given function's script
+  // while it's holding on to it.  This class automatically roots the script.
+  class AutoDelazify;
+  friend class AutoDelazify;
+
+  class AutoDelazify {
+    JS::RootedScript script_;
+    JSContext* cx_;
+    bool oldAllowRelazify_ = false;
+
+   public:
+    explicit AutoDelazify(JSContext* cx, JS::HandleFunction fun = nullptr)
+        : script_(cx), cx_(cx) {
+      holdScript(fun);
+    }
+
+    ~AutoDelazify() { dropScript(); }
+
+    void operator=(JS::HandleFunction fun) {
+      dropScript();
+      holdScript(fun);
+    }
+
+    operator JS::HandleScript() const { return script_; }
+    explicit operator bool() const { return script_; }
+
+   private:
+    void holdScript(JS::HandleFunction fun);
+    void dropScript();
+  };
+};
+
+namespace js {
+
+struct ScriptAndCounts {
+  /* This structure is stored and marked from the JSRuntime. */
+  JSScript* script;
+  ScriptCounts scriptCounts;
+
+  inline explicit ScriptAndCounts(JSScript* script);
+  inline ScriptAndCounts(ScriptAndCounts&& sac);
+
+  const PCCounts* maybeGetPCCounts(jsbytecode* pc) const {
+    return scriptCounts.maybeGetPCCounts(script->pcToOffset(pc));
+  }
+  const PCCounts* maybeGetThrowCounts(jsbytecode* pc) const {
+    return scriptCounts.maybeGetThrowCounts(script->pcToOffset(pc));
+  }
+
+  jit::IonScriptCounts* getIonCounts() const { return scriptCounts.ionCounts_; }
+
+  void trace(JSTracer* trc) {
+    TraceRoot(trc, &script, "ScriptAndCounts::script");
+  }
+};
+
+extern JS::UniqueChars FormatIntroducedFilename(JSContext* cx,
+                                                const char* filename,
+                                                unsigned lineno,
+                                                const char* introducer);
+
+struct GSNCache;
+
+const js::SrcNote* GetSrcNote(GSNCache& cache, JSScript* script,
+                              jsbytecode* pc);
+
+extern const js::SrcNote* GetSrcNote(JSContext* cx, JSScript* script,
+                                     jsbytecode* pc);
+
+extern jsbytecode* LineNumberToPC(JSScript* script, unsigned lineno);
+
+extern JS_FRIEND_API unsigned GetScriptLineExtent(JSScript* script);
+
+#ifdef JS_CACHEIR_SPEW
+void maybeUpdateWarmUpCount(JSScript* script);
+void maybeSpewScriptFinalWarmUpCount(JSScript* script);
+#endif
+
+} /* namespace js */
+
+namespace js {
+
+extern unsigned PCToLineNumber(JSScript* script, jsbytecode* pc,
+                               unsigned* columnp = nullptr);
+
+extern unsigned PCToLineNumber(unsigned startLine, unsigned startCol,
+                               SrcNote* notes, jsbytecode* code, jsbytecode* pc,
+                               unsigned* columnp = nullptr);
+
+/*
+ * This function returns the file and line number of the script currently
+ * executing on cx. If there is no current script executing on cx (e.g., a
+ * native called directly through JSAPI (e.g., by setTimeout)), nullptr and 0
+ * are returned as the file and line.
+ */
+extern void DescribeScriptedCallerForCompilation(
+    JSContext* cx, MutableHandleScript maybeScript, const char** file,
+    unsigned* linenop, uint32_t* pcOffset, bool* mutedErrors);
+
+/*
+ * Like DescribeScriptedCallerForCompilation, but this function avoids looking
+ * up the script/pc and the full linear scan to compute line number.
+ */
+extern void DescribeScriptedCallerForDirectEval(
+    JSContext* cx, HandleScript script, jsbytecode* pc, const char** file,
+    unsigned* linenop, uint32_t* pcOffset, bool* mutedErrors);
+
+JSScript* CloneScriptIntoFunction(JSContext* cx, HandleScope enclosingScope,
+                                  HandleFunction fun, HandleScript src,
+                                  Handle<ScriptSourceObject*> sourceObject,
+                                  SourceExtent* maybeClassExtent = nullptr);
+
+JSScript* CloneGlobalScript(JSContext* cx, ScopeKind scopeKind,
+                            HandleScript src);
+
+bool CheckCompileOptionsMatch(const JS::ReadOnlyCompileOptions& options,
+                              js::ImmutableScriptFlags flags,
+                              bool isMultiDecode);
+
+void FillImmutableFlagsFromCompileOptionsForTopLevel(
+    const JS::ReadOnlyCompileOptions& options, js::ImmutableScriptFlags& flags);
+
+void FillImmutableFlagsFromCompileOptionsForFunction(
+    const JS::ReadOnlyCompileOptions& options, js::ImmutableScriptFlags& flags);
+
+} /* namespace js */
+
+namespace JS {
+namespace ubi {
+
+template <>
+class Concrete<JSScript> : public Concrete<js::BaseScript> {};
+
+}  // namespace ubi
+}  // namespace JS
+
+#endif /* vm_JSScript_h */
-- 
cgit v1.2.3