summaryrefslogtreecommitdiffstats
path: root/js/src/vm/Stack.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--js/src/vm/Stack.h999
1 files changed, 999 insertions, 0 deletions
diff --git a/js/src/vm/Stack.h b/js/src/vm/Stack.h
new file mode 100644
index 0000000000..d537cb80af
--- /dev/null
+++ b/js/src/vm/Stack.h
@@ -0,0 +1,999 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=8 sts=2 et sw=2 tw=80:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef vm_Stack_h
+#define vm_Stack_h
+
+#include "mozilla/HashFunctions.h"
+#include "mozilla/MemoryReporting.h"
+
+#include <algorithm>
+#include <type_traits>
+
+#include "js/ErrorReport.h"
+#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_*
+#include "js/RootingAPI.h"
+#include "js/TypeDecls.h"
+#include "js/ValueArray.h"
+#include "vm/ArgumentsObject.h"
+#include "vm/JSFunction.h"
+#include "vm/JSScript.h"
+#include "wasm/WasmDebugFrame.h" // js::wasm::DebugFrame
+
+namespace js {
+
+class InterpreterRegs;
+class CallObject;
+class FrameIter;
+class ClassBodyScope;
+class EnvironmentObject;
+class BlockLexicalEnvironmentObject;
+class ExtensibleLexicalEnvironmentObject;
+class GeckoProfilerRuntime;
+class InterpreterFrame;
+class EnvironmentIter;
+class EnvironmentCoordinate;
+
+namespace jit {
+class CommonFrameLayout;
+}
+namespace wasm {
+class Instance;
+} // namespace wasm
+
+// [SMDOC] VM stack layout
+//
+// A JSRuntime's stack consists of a linked list of activations. Every
+// activation contains a number of scripted frames that are either running in
+// the interpreter (InterpreterActivation) or JIT code (JitActivation). The
+// frames inside a single activation are contiguous: whenever C++ calls back
+// into JS, a new activation is pushed.
+//
+// Every activation is tied to a single JSContext and JS::Compartment. This
+// means we can reconstruct a given context's stack by skipping activations
+// belonging to other contexts. This happens whenever an embedding enters the JS
+// engine on cx1 and then, from a native called by the JS engine, reenters the
+// VM on cx2.
+
+// Interpreter frames (InterpreterFrame)
+//
+// Each interpreter script activation (global or function code) is given a
+// fixed-size header (js::InterpreterFrame). The frame contains bookkeeping
+// information about the activation and links to the previous frame.
+//
+// The values after an InterpreterFrame in memory are its locals followed by its
+// expression stack. InterpreterFrame::argv_ points to the frame's arguments.
+// Missing formal arguments are padded with |undefined|, so the number of
+// arguments is always >= the number of formals.
+//
+// The top of an activation's current frame's expression stack is pointed to by
+// the activation's "current regs", which contains the stack pointer 'sp'. In
+// the interpreter, sp is adjusted as individual values are pushed and popped
+// from the stack and the InterpreterRegs struct (pointed to by the
+// InterpreterActivation) is a local var of js::Interpret.
+
+enum MaybeCheckAliasing { CHECK_ALIASING = true, DONT_CHECK_ALIASING = false };
+
+} // namespace js
+
+/*****************************************************************************/
+
+namespace js {
+
+namespace jit {
+class BaselineFrame;
+class RematerializedFrame;
+} // namespace jit
+
+/**
+ * Pointer to a live JS or WASM stack frame.
+ */
+class AbstractFramePtr {
+ friend class FrameIter;
+
+ uintptr_t ptr_;
+
+ enum {
+ Tag_InterpreterFrame = 0x1,
+ Tag_BaselineFrame = 0x2,
+ Tag_RematerializedFrame = 0x3,
+ Tag_WasmDebugFrame = 0x4,
+ TagMask = 0x7
+ };
+
+ public:
+ AbstractFramePtr() : ptr_(0) {}
+
+ MOZ_IMPLICIT AbstractFramePtr(InterpreterFrame* fp)
+ : ptr_(fp ? uintptr_t(fp) | Tag_InterpreterFrame : 0) {
+ MOZ_ASSERT_IF(fp, asInterpreterFrame() == fp);
+ }
+
+ MOZ_IMPLICIT AbstractFramePtr(jit::BaselineFrame* fp)
+ : ptr_(fp ? uintptr_t(fp) | Tag_BaselineFrame : 0) {
+ MOZ_ASSERT_IF(fp, asBaselineFrame() == fp);
+ }
+
+ MOZ_IMPLICIT AbstractFramePtr(jit::RematerializedFrame* fp)
+ : ptr_(fp ? uintptr_t(fp) | Tag_RematerializedFrame : 0) {
+ MOZ_ASSERT_IF(fp, asRematerializedFrame() == fp);
+ }
+
+ MOZ_IMPLICIT AbstractFramePtr(wasm::DebugFrame* fp)
+ : ptr_(fp ? uintptr_t(fp) | Tag_WasmDebugFrame : 0) {
+ static_assert(wasm::DebugFrame::Alignment >= TagMask, "aligned");
+ MOZ_ASSERT_IF(fp, asWasmDebugFrame() == fp);
+ }
+
+ bool isInterpreterFrame() const {
+ return (ptr_ & TagMask) == Tag_InterpreterFrame;
+ }
+ InterpreterFrame* asInterpreterFrame() const {
+ MOZ_ASSERT(isInterpreterFrame());
+ InterpreterFrame* res = (InterpreterFrame*)(ptr_ & ~TagMask);
+ MOZ_ASSERT(res);
+ return res;
+ }
+ bool isBaselineFrame() const { return (ptr_ & TagMask) == Tag_BaselineFrame; }
+ jit::BaselineFrame* asBaselineFrame() const {
+ MOZ_ASSERT(isBaselineFrame());
+ jit::BaselineFrame* res = (jit::BaselineFrame*)(ptr_ & ~TagMask);
+ MOZ_ASSERT(res);
+ return res;
+ }
+ bool isRematerializedFrame() const {
+ return (ptr_ & TagMask) == Tag_RematerializedFrame;
+ }
+ jit::RematerializedFrame* asRematerializedFrame() const {
+ MOZ_ASSERT(isRematerializedFrame());
+ jit::RematerializedFrame* res =
+ (jit::RematerializedFrame*)(ptr_ & ~TagMask);
+ MOZ_ASSERT(res);
+ return res;
+ }
+ bool isWasmDebugFrame() const {
+ return (ptr_ & TagMask) == Tag_WasmDebugFrame;
+ }
+ wasm::DebugFrame* asWasmDebugFrame() const {
+ MOZ_ASSERT(isWasmDebugFrame());
+ wasm::DebugFrame* res = (wasm::DebugFrame*)(ptr_ & ~TagMask);
+ MOZ_ASSERT(res);
+ return res;
+ }
+
+ void* raw() const { return reinterpret_cast<void*>(ptr_); }
+
+ bool operator==(const AbstractFramePtr& other) const {
+ return ptr_ == other.ptr_;
+ }
+ bool operator!=(const AbstractFramePtr& other) const {
+ return ptr_ != other.ptr_;
+ }
+
+ explicit operator bool() const { return !!ptr_; }
+
+ inline JSObject* environmentChain() const;
+ inline CallObject& callObj() const;
+ inline bool initFunctionEnvironmentObjects(JSContext* cx);
+ inline bool pushVarEnvironment(JSContext* cx, Handle<Scope*> scope);
+ template <typename SpecificEnvironment>
+ inline void pushOnEnvironmentChain(SpecificEnvironment& env);
+ template <typename SpecificEnvironment>
+ inline void popOffEnvironmentChain();
+
+ inline JS::Realm* realm() const;
+
+ inline bool hasInitialEnvironment() const;
+ inline bool isGlobalFrame() const;
+ inline bool isModuleFrame() const;
+ inline bool isEvalFrame() const;
+ inline bool isDebuggerEvalFrame() const;
+
+ inline bool hasScript() const;
+ inline JSScript* script() const;
+ inline wasm::Instance* wasmInstance() const;
+ inline GlobalObject* global() const;
+ inline bool hasGlobal(const GlobalObject* global) const;
+ inline JSFunction* callee() const;
+ inline Value calleev() const;
+ inline Value& thisArgument() const;
+
+ inline bool isConstructing() const;
+
+ inline bool debuggerNeedsCheckPrimitiveReturn() const;
+
+ inline bool isFunctionFrame() const;
+ inline bool isGeneratorFrame() const;
+
+ inline bool saveGeneratorSlots(JSContext* cx, unsigned nslots,
+ ArrayObject* dest) const;
+
+ inline bool hasCachedSavedFrame() const;
+
+ inline unsigned numActualArgs() const;
+ inline unsigned numFormalArgs() const;
+
+ inline Value* argv() const;
+
+ inline bool hasArgs() const;
+ inline bool hasArgsObj() const;
+ inline ArgumentsObject& argsObj() const;
+ inline void initArgsObj(ArgumentsObject& argsobj) const;
+
+ inline Value& unaliasedLocal(uint32_t i);
+ inline Value& unaliasedFormal(
+ unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
+ inline Value& unaliasedActual(
+ unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
+ template <class Op>
+ inline void unaliasedForEachActual(JSContext* cx, Op op);
+
+ inline bool prevUpToDate() const;
+ inline void setPrevUpToDate() const;
+ inline void unsetPrevUpToDate() const;
+
+ inline bool isDebuggee() const;
+ inline void setIsDebuggee();
+ inline void unsetIsDebuggee();
+
+ inline HandleValue returnValue() const;
+ inline void setReturnValue(const Value& rval) const;
+
+ friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&, InterpreterFrame*);
+ friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
+ jit::BaselineFrame*);
+ friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
+ jit::RematerializedFrame*);
+ friend void GDBTestInitAbstractFramePtr(AbstractFramePtr& frame,
+ wasm::DebugFrame* ptr);
+};
+
+class NullFramePtr : public AbstractFramePtr {
+ public:
+ NullFramePtr() : AbstractFramePtr() {}
+};
+
+enum MaybeConstruct { NO_CONSTRUCT = false, CONSTRUCT = true };
+
+/*****************************************************************************/
+
+class InterpreterFrame {
+ enum Flags : uint32_t {
+ CONSTRUCTING = 0x1, /* frame is for a constructor invocation */
+
+ RESUMED_GENERATOR = 0x2, /* frame is for a resumed generator invocation */
+
+ /* Function prologue state */
+ HAS_INITIAL_ENV =
+ 0x4, /* callobj created for function or var env for eval */
+ HAS_ARGS_OBJ = 0x8, /* ArgumentsObject created for needsArgsObj script */
+
+ /* Lazy frame initialization */
+ HAS_RVAL = 0x10, /* frame has rval_ set */
+
+ /* Debugger state */
+ PREV_UP_TO_DATE = 0x20, /* see DebugScopes::updateLiveScopes */
+
+ /*
+ * See comment above 'isDebuggee' in Realm.h for explanation of
+ * invariants of debuggee compartments, scripts, and frames.
+ */
+ DEBUGGEE = 0x40, /* Execution is being observed by Debugger */
+
+ /* Used in tracking calls and profiling (see vm/GeckoProfiler.cpp) */
+ HAS_PUSHED_PROF_FRAME = 0x80, /* Gecko Profiler was notified of entry */
+
+ /*
+ * If set, we entered one of the JITs and ScriptFrameIter should skip
+ * this frame.
+ */
+ RUNNING_IN_JIT = 0x100,
+
+ /*
+ * If set, this frame has been on the stack when
+ * |js::SavedStacks::saveCurrentStack| was called, and so there is a
+ * |js::SavedFrame| object cached for this frame.
+ */
+ HAS_CACHED_SAVED_FRAME = 0x200,
+ };
+
+ mutable uint32_t flags_; /* bits described by Flags */
+ uint32_t nactual_; /* number of actual arguments, for function frames */
+ JSScript* script_; /* the script we're executing */
+ JSObject* envChain_; /* current environment chain */
+ Value rval_; /* if HAS_RVAL, return value of the frame */
+ ArgumentsObject* argsObj_; /* if HAS_ARGS_OBJ, the call's arguments object */
+
+ /*
+ * Previous frame and its pc and sp. Always nullptr for
+ * InterpreterActivation's entry frame, always non-nullptr for inline
+ * frames.
+ */
+ InterpreterFrame* prev_;
+ jsbytecode* prevpc_;
+ Value* prevsp_;
+
+ /*
+ * For an eval-in-frame DEBUGGER_EVAL frame, the frame in whose scope
+ * we're evaluating code. Iteration treats this as our previous frame.
+ */
+ AbstractFramePtr evalInFramePrev_;
+
+ Value* argv_; /* If hasArgs(), points to frame's arguments. */
+ LifoAlloc::Mark mark_; /* Used to release memory for this frame. */
+
+ static void staticAsserts() {
+ static_assert(offsetof(InterpreterFrame, rval_) % sizeof(Value) == 0);
+ static_assert(sizeof(InterpreterFrame) % sizeof(Value) == 0);
+ }
+
+ /*
+ * The utilities are private since they are not able to assert that only
+ * unaliased vars/formals are accessed. Normal code should prefer the
+ * InterpreterFrame::unaliased* members (or InterpreterRegs::stackDepth for
+ * the usual "depth is at least" assertions).
+ */
+ Value* slots() const { return (Value*)(this + 1); }
+ Value* base() const { return slots() + script()->nfixed(); }
+
+ friend class FrameIter;
+ friend class InterpreterRegs;
+ friend class InterpreterStack;
+ friend class jit::BaselineFrame;
+
+ /*
+ * Frame initialization, called by InterpreterStack operations after acquiring
+ * the raw memory for the frame:
+ */
+
+ /* Used for Invoke and Interpret. */
+ void initCallFrame(InterpreterFrame* prev, jsbytecode* prevpc, Value* prevsp,
+ JSFunction& callee, JSScript* script, Value* argv,
+ uint32_t nactual, MaybeConstruct constructing);
+
+ /* Used for eval, module or global frames. */
+ void initExecuteFrame(JSContext* cx, HandleScript script,
+ AbstractFramePtr prev, HandleObject envChain);
+
+ public:
+ /*
+ * Frame prologue/epilogue
+ *
+ * Every stack frame must have 'prologue' called before executing the
+ * first op and 'epilogue' called after executing the last op and before
+ * popping the frame (whether the exit is exceptional or not).
+ *
+ * For inline JS calls/returns, it is easy to call the prologue/epilogue
+ * exactly once. When calling JS from C++, Invoke/Execute push the stack
+ * frame but do *not* call the prologue/epilogue. That means Interpret
+ * must call the prologue/epilogue for the entry frame. This scheme
+ * simplifies jit compilation.
+ *
+ * An important corner case is what happens when an error occurs (OOM,
+ * over-recursed) after pushing the stack frame but before 'prologue' is
+ * called or completes fully. To simplify usage, 'epilogue' does not assume
+ * 'prologue' has completed and handles all the intermediate state details.
+ */
+
+ bool prologue(JSContext* cx);
+ void epilogue(JSContext* cx, jsbytecode* pc);
+
+ bool checkReturn(JSContext* cx, HandleValue thisv, MutableHandleValue result);
+
+ bool initFunctionEnvironmentObjects(JSContext* cx);
+
+ /*
+ * Initialize locals of newly-pushed frame to undefined.
+ */
+ void initLocals();
+
+ /*
+ * Stack frame type
+ *
+ * A stack frame may have one of four types, which determines which
+ * members of the frame may be accessed and other invariants:
+ *
+ * global frame: execution of global code
+ * function frame: execution of function code
+ * module frame: execution of a module
+ * eval frame: execution of eval code
+ */
+
+ bool isGlobalFrame() const { return script_->isGlobalCode(); }
+
+ bool isModuleFrame() const { return script_->isModule(); }
+
+ bool isEvalFrame() const { return script_->isForEval(); }
+
+ bool isFunctionFrame() const { return script_->isFunction(); }
+
+ /*
+ * Previous frame
+ *
+ * A frame's 'prev' frame is either null or the previous frame pointed to
+ * by cx->regs->fp when this frame was pushed. Often, given two prev-linked
+ * frames, the next-frame is a function or eval that was called by the
+ * prev-frame, but not always: the prev-frame may have called a native that
+ * reentered the VM through JS_CallFunctionValue on the same context
+ * (without calling JS_SaveFrameChain) which pushed the next-frame. Thus,
+ * 'prev' has little semantic meaning and basically just tells the VM what
+ * to set cx->regs->fp to when this frame is popped.
+ */
+
+ InterpreterFrame* prev() const { return prev_; }
+
+ AbstractFramePtr evalInFramePrev() const {
+ MOZ_ASSERT(isEvalFrame());
+ return evalInFramePrev_;
+ }
+
+ /*
+ * (Unaliased) locals and arguments
+ *
+ * Only non-eval function frames have arguments. The arguments pushed by
+ * the caller are the 'actual' arguments. The declared arguments of the
+ * callee are the 'formal' arguments. When the caller passes less actual
+ * arguments, missing formal arguments are padded with |undefined|.
+ *
+ * When a local/formal variable is aliased (accessed by nested closures,
+ * environment operations, or 'arguments'), the canonical location for
+ * that value is the slot of an environment object. Aliased locals don't
+ * have stack slots assigned to them. These functions assert that
+ * accesses to stack values are unaliased.
+ */
+
+ inline Value& unaliasedLocal(uint32_t i);
+
+ bool hasArgs() const { return isFunctionFrame(); }
+ inline Value& unaliasedFormal(unsigned i,
+ MaybeCheckAliasing = CHECK_ALIASING);
+ inline Value& unaliasedActual(unsigned i,
+ MaybeCheckAliasing = CHECK_ALIASING);
+ template <class Op>
+ inline void unaliasedForEachActual(Op op);
+
+ unsigned numFormalArgs() const {
+ MOZ_ASSERT(hasArgs());
+ return callee().nargs();
+ }
+ unsigned numActualArgs() const {
+ MOZ_ASSERT(hasArgs());
+ return nactual_;
+ }
+
+ /* Watch out, this exposes a pointer to the unaliased formal arg array. */
+ Value* argv() const {
+ MOZ_ASSERT(hasArgs());
+ return argv_;
+ }
+
+ /*
+ * Arguments object
+ *
+ * If a non-eval function has script->needsArgsObj, an arguments object is
+ * created in the prologue and stored in the local variable for the
+ * 'arguments' binding (script->argumentsLocal). Since this local is
+ * mutable, the arguments object can be overwritten and we can "lose" the
+ * arguments object. Thus, InterpreterFrame keeps an explicit argsObj_ field
+ * so that the original arguments object is always available.
+ */
+
+ ArgumentsObject& argsObj() const;
+ void initArgsObj(ArgumentsObject& argsobj);
+
+ ArrayObject* createRestParameter(JSContext* cx);
+
+ /*
+ * Environment chain
+ *
+ * In theory, the environment chain would contain an object for every
+ * lexical scope. However, only objects that are required for dynamic
+ * lookup are actually created.
+ *
+ * Given that an InterpreterFrame corresponds roughly to a ES Execution
+ * Context (ES 10.3), GetVariablesObject corresponds to the
+ * VariableEnvironment component of a Exection Context. Intuitively, the
+ * variables object is where new bindings (variables and functions) are
+ * stored. One might expect that this is either the Call object or
+ * envChain.globalObj for function or global code, respectively, however
+ * the JSAPI allows calls of Execute to specify a variables object on the
+ * environment chain other than the call/global object. This allows
+ * embeddings to run multiple scripts under the same global, each time
+ * using a new variables object to collect and discard the script's global
+ * variables.
+ */
+
+ inline HandleObject environmentChain() const;
+
+ inline EnvironmentObject& aliasedEnvironment(EnvironmentCoordinate ec) const;
+ inline EnvironmentObject& aliasedEnvironmentMaybeDebug(
+ EnvironmentCoordinate ec) const;
+ inline GlobalObject& global() const;
+ inline CallObject& callObj() const;
+ inline ExtensibleLexicalEnvironmentObject& extensibleLexicalEnvironment()
+ const;
+
+ template <typename SpecificEnvironment>
+ inline void pushOnEnvironmentChain(SpecificEnvironment& env);
+ template <typename SpecificEnvironment>
+ inline void popOffEnvironmentChain();
+ inline void replaceInnermostEnvironment(BlockLexicalEnvironmentObject& env);
+
+ // Push a VarEnvironmentObject for function frames of functions that have
+ // parameter expressions with closed over var bindings.
+ bool pushVarEnvironment(JSContext* cx, Handle<Scope*> scope);
+
+ /*
+ * For lexical envs with aliased locals, these interfaces push and pop
+ * entries on the environment chain. The "freshen" operation replaces the
+ * current lexical env with a fresh copy of it, to implement semantics
+ * providing distinct bindings per iteration of a for(;;) loop whose head
+ * has a lexical declaration. The "recreate" operation replaces the
+ * current lexical env with a copy of it containing uninitialized
+ * bindings, to implement semantics providing distinct bindings per
+ * iteration of a for-in/of loop.
+ */
+
+ bool pushLexicalEnvironment(JSContext* cx, Handle<LexicalScope*> scope);
+ bool freshenLexicalEnvironment(JSContext* cx);
+ bool recreateLexicalEnvironment(JSContext* cx);
+
+ bool pushClassBodyEnvironment(JSContext* cx, Handle<ClassBodyScope*> scope);
+
+ /*
+ * Script
+ *
+ * All frames have an associated JSScript which holds the bytecode being
+ * executed for the frame.
+ */
+
+ JSScript* script() const { return script_; }
+
+ /* Return the previous frame's pc. */
+ jsbytecode* prevpc() {
+ MOZ_ASSERT(prev_);
+ return prevpc_;
+ }
+
+ /* Return the previous frame's sp. */
+ Value* prevsp() {
+ MOZ_ASSERT(prev_);
+ return prevsp_;
+ }
+
+ /*
+ * Return the 'this' argument passed to a non-eval function frame. This is
+ * not necessarily the frame's this-binding, for instance non-strict
+ * functions will box primitive 'this' values and thisArgument() will
+ * return the original, unboxed Value.
+ */
+ Value& thisArgument() const {
+ MOZ_ASSERT(isFunctionFrame());
+ return argv()[-1];
+ }
+
+ /*
+ * Callee
+ *
+ * Only function frames have a true callee. An eval frame in a function has
+ * the same callee as its containing function frame. An async module has to
+ * create a wrapper callee to allow passing the script to generators for
+ * pausing and resuming.
+ */
+
+ JSFunction& callee() const {
+ MOZ_ASSERT(isFunctionFrame());
+ return calleev().toObject().as<JSFunction>();
+ }
+
+ const Value& calleev() const {
+ MOZ_ASSERT(isFunctionFrame());
+ return argv()[-2];
+ }
+
+ /*
+ * New Target
+ *
+ * Only non-arrow function frames have a meaningful newTarget.
+ */
+ Value newTarget() const {
+ MOZ_ASSERT(isFunctionFrame());
+ MOZ_ASSERT(!callee().isArrow());
+
+ if (isConstructing()) {
+ unsigned pushedArgs = std::max(numFormalArgs(), numActualArgs());
+ return argv()[pushedArgs];
+ }
+ return UndefinedValue();
+ }
+
+ /* Profiler flags */
+
+ bool hasPushedGeckoProfilerFrame() {
+ return !!(flags_ & HAS_PUSHED_PROF_FRAME);
+ }
+
+ void setPushedGeckoProfilerFrame() { flags_ |= HAS_PUSHED_PROF_FRAME; }
+
+ void unsetPushedGeckoProfilerFrame() { flags_ &= ~HAS_PUSHED_PROF_FRAME; }
+
+ /* Return value */
+
+ bool hasReturnValue() const { return flags_ & HAS_RVAL; }
+
+ MutableHandleValue returnValue() {
+ if (!hasReturnValue()) {
+ rval_.setUndefined();
+ }
+ return MutableHandleValue::fromMarkedLocation(&rval_);
+ }
+
+ void markReturnValue() { flags_ |= HAS_RVAL; }
+
+ void setReturnValue(const Value& v) {
+ rval_ = v;
+ markReturnValue();
+ }
+
+ // Copy values from this frame into a private Array, owned by the
+ // GeneratorObject, for suspending.
+ [[nodiscard]] inline bool saveGeneratorSlots(JSContext* cx, unsigned nslots,
+ ArrayObject* dest) const;
+
+ // Copy values from the Array into this stack frame, for resuming.
+ inline void restoreGeneratorSlots(ArrayObject* src);
+
+ void resumeGeneratorFrame(JSObject* envChain) {
+ MOZ_ASSERT(script()->isGenerator() || script()->isAsync());
+ MOZ_ASSERT_IF(!script()->isModule(), isFunctionFrame());
+ flags_ |= HAS_INITIAL_ENV;
+ envChain_ = envChain;
+ }
+
+ /*
+ * Other flags
+ */
+
+ bool isConstructing() const { return !!(flags_ & CONSTRUCTING); }
+
+ void setResumedGenerator() { flags_ |= RESUMED_GENERATOR; }
+ bool isResumedGenerator() const { return !!(flags_ & RESUMED_GENERATOR); }
+
+ /*
+ * These two queries should not be used in general: the presence/absence of
+ * the call/args object is determined by the static(ish) properties of the
+ * JSFunction/JSScript. These queries should only be performed when probing
+ * a stack frame that may be in the middle of the prologue (during which
+ * time the call/args object are created).
+ */
+
+ inline bool hasInitialEnvironment() const;
+
+ bool hasInitialEnvironmentUnchecked() const {
+ return flags_ & HAS_INITIAL_ENV;
+ }
+
+ bool hasArgsObj() const {
+ MOZ_ASSERT(script()->needsArgsObj());
+ return flags_ & HAS_ARGS_OBJ;
+ }
+
+ /*
+ * Debugger eval frames.
+ *
+ * - If evalInFramePrev_ is non-null, frame was created for an "eval in
+ * frame" call, which can push a successor to any live frame; so its
+ * logical "prev" frame is not necessarily the previous frame in memory.
+ * Iteration should treat evalInFramePrev_ as this frame's previous frame.
+ *
+ * - Don't bother to JIT it, because it's probably short-lived.
+ *
+ * - It is required to have a environment chain object outside the
+ * js::EnvironmentObject hierarchy: either a global object, or a
+ * DebugEnvironmentProxy.
+ */
+ bool isDebuggerEvalFrame() const {
+ return isEvalFrame() && !!evalInFramePrev_;
+ }
+
+ bool prevUpToDate() const { return !!(flags_ & PREV_UP_TO_DATE); }
+
+ void setPrevUpToDate() { flags_ |= PREV_UP_TO_DATE; }
+
+ void unsetPrevUpToDate() { flags_ &= ~PREV_UP_TO_DATE; }
+
+ bool isDebuggee() const { return !!(flags_ & DEBUGGEE); }
+
+ void setIsDebuggee() { flags_ |= DEBUGGEE; }
+
+ inline void unsetIsDebuggee();
+
+ bool hasCachedSavedFrame() const { return flags_ & HAS_CACHED_SAVED_FRAME; }
+ void setHasCachedSavedFrame() { flags_ |= HAS_CACHED_SAVED_FRAME; }
+ void clearHasCachedSavedFrame() { flags_ &= ~HAS_CACHED_SAVED_FRAME; }
+
+ public:
+ void trace(JSTracer* trc, Value* sp, jsbytecode* pc);
+ void traceValues(JSTracer* trc, unsigned start, unsigned end);
+
+ // Entered Baseline/Ion from the interpreter.
+ bool runningInJit() const { return !!(flags_ & RUNNING_IN_JIT); }
+ void setRunningInJit() { flags_ |= RUNNING_IN_JIT; }
+ void clearRunningInJit() { flags_ &= ~RUNNING_IN_JIT; }
+};
+
+/*****************************************************************************/
+
+class InterpreterRegs {
+ public:
+ Value* sp;
+ jsbytecode* pc;
+
+ private:
+ InterpreterFrame* fp_;
+
+ public:
+ InterpreterFrame* fp() const { return fp_; }
+
+ unsigned stackDepth() const {
+ MOZ_ASSERT(sp >= fp_->base());
+ return sp - fp_->base();
+ }
+
+ Value* spForStackDepth(unsigned depth) const {
+ MOZ_ASSERT(fp_->script()->nfixed() + depth <= fp_->script()->nslots());
+ return fp_->base() + depth;
+ }
+
+ void popInlineFrame() {
+ pc = fp_->prevpc();
+ unsigned spForNewTarget =
+ fp_->isResumedGenerator() ? 0 : fp_->isConstructing();
+ // This code is called when resuming from async and generator code.
+ // In the case of modules, we don't have arguments, so we can't use
+ // numActualArgs, which asserts 'hasArgs'.
+ unsigned nActualArgs = fp_->isModuleFrame() ? 0 : fp_->numActualArgs();
+ sp = fp_->prevsp() - nActualArgs - 1 - spForNewTarget;
+ fp_ = fp_->prev();
+ MOZ_ASSERT(fp_);
+ }
+ void prepareToRun(InterpreterFrame& fp, JSScript* script) {
+ pc = script->code();
+ sp = fp.slots() + script->nfixed();
+ fp_ = &fp;
+ }
+
+ void setToEndOfScript();
+
+ MutableHandleValue stackHandleAt(int i) {
+ return MutableHandleValue::fromMarkedLocation(&sp[i]);
+ }
+
+ HandleValue stackHandleAt(int i) const {
+ return HandleValue::fromMarkedLocation(&sp[i]);
+ }
+
+ friend void GDBTestInitInterpreterRegs(InterpreterRegs&,
+ js::InterpreterFrame*, JS::Value*,
+ uint8_t*);
+};
+
+/*****************************************************************************/
+
+class InterpreterStack {
+ friend class InterpreterActivation;
+
+ static const size_t DEFAULT_CHUNK_SIZE = 4 * 1024;
+ LifoAlloc allocator_;
+
+ // Number of interpreter frames on the stack, for over-recursion checks.
+ static const size_t MAX_FRAMES = 50 * 1000;
+ static const size_t MAX_FRAMES_TRUSTED = MAX_FRAMES + 1000;
+ size_t frameCount_;
+
+ inline uint8_t* allocateFrame(JSContext* cx, size_t size);
+
+ inline InterpreterFrame* getCallFrame(JSContext* cx, const CallArgs& args,
+ HandleScript script,
+ MaybeConstruct constructing,
+ Value** pargv);
+
+ void releaseFrame(InterpreterFrame* fp) {
+ frameCount_--;
+ allocator_.release(fp->mark_);
+ }
+
+ public:
+ InterpreterStack() : allocator_(DEFAULT_CHUNK_SIZE), frameCount_(0) {}
+
+ ~InterpreterStack() { MOZ_ASSERT(frameCount_ == 0); }
+
+ // For execution of eval, module or global code.
+ InterpreterFrame* pushExecuteFrame(JSContext* cx, HandleScript script,
+ HandleObject envChain,
+ AbstractFramePtr evalInFrame);
+
+ // Called to invoke a function.
+ InterpreterFrame* pushInvokeFrame(JSContext* cx, const CallArgs& args,
+ MaybeConstruct constructing);
+
+ // The interpreter can push light-weight, "inline" frames without entering a
+ // new InterpreterActivation or recursively calling Interpret.
+ bool pushInlineFrame(JSContext* cx, InterpreterRegs& regs,
+ const CallArgs& args, HandleScript script,
+ MaybeConstruct constructing);
+
+ void popInlineFrame(InterpreterRegs& regs);
+
+ bool resumeGeneratorCallFrame(JSContext* cx, InterpreterRegs& regs,
+ HandleFunction callee, HandleObject envChain);
+
+ inline void purge(JSRuntime* rt);
+
+ size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const {
+ return allocator_.sizeOfExcludingThis(mallocSizeOf);
+ }
+};
+
+void TraceInterpreterActivations(JSContext* cx, JSTracer* trc);
+
+/*****************************************************************************/
+
+/** Base class for all function call args. */
+class AnyInvokeArgs : public JS::CallArgs {};
+
+/** Base class for all function construction args. */
+class AnyConstructArgs : public JS::CallArgs {
+ // Only js::Construct (or internal methods that call the qualified CallArgs
+ // versions) should do these things!
+ void setCallee(const Value& v) = delete;
+ void setThis(const Value& v) = delete;
+ MutableHandleValue newTarget() const = delete;
+ MutableHandleValue rval() const = delete;
+};
+
+namespace detail {
+
+/** Function call/construct args of statically-unknown count. */
+template <MaybeConstruct Construct>
+class GenericArgsBase
+ : public std::conditional_t<Construct, AnyConstructArgs, AnyInvokeArgs> {
+ protected:
+ RootedValueVector v_;
+
+ explicit GenericArgsBase(JSContext* cx) : v_(cx) {}
+
+ public:
+ bool init(JSContext* cx, uint64_t argc) {
+ if (argc > ARGS_LENGTH_MAX) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_TOO_MANY_ARGUMENTS);
+ return false;
+ }
+
+ // callee, this, arguments[, new.target iff constructing]
+ size_t len = 2 + argc + uint32_t(Construct);
+ MOZ_ASSERT(len > argc); // no overflow
+ if (!v_.resize(len)) {
+ return false;
+ }
+
+ *static_cast<JS::CallArgs*>(this) = CallArgsFromVp(argc, v_.begin());
+ this->constructing_ = Construct;
+ if (Construct) {
+ this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
+ }
+ return true;
+ }
+};
+
+/** Function call/construct args of statically-known count. */
+template <MaybeConstruct Construct, size_t N>
+class FixedArgsBase
+ : public std::conditional_t<Construct, AnyConstructArgs, AnyInvokeArgs> {
+ // Add +1 here to avoid noisy warning on gcc when N=0 (0 <= unsigned).
+ static_assert(N + 1 <= ARGS_LENGTH_MAX + 1, "o/~ too many args o/~");
+
+ protected:
+ JS::RootedValueArray<2 + N + uint32_t(Construct)> v_;
+
+ explicit FixedArgsBase(JSContext* cx) : v_(cx) {
+ *static_cast<JS::CallArgs*>(this) = CallArgsFromVp(N, v_.begin());
+ this->constructing_ = Construct;
+ if (Construct) {
+ this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
+ }
+ }
+};
+
+} // namespace detail
+
+/** Function call args of statically-unknown count. */
+class InvokeArgs : public detail::GenericArgsBase<NO_CONSTRUCT> {
+ using Base = detail::GenericArgsBase<NO_CONSTRUCT>;
+
+ public:
+ explicit InvokeArgs(JSContext* cx) : Base(cx) {}
+};
+
+/** Function call args of statically-unknown count. */
+class InvokeArgsMaybeIgnoresReturnValue
+ : public detail::GenericArgsBase<NO_CONSTRUCT> {
+ using Base = detail::GenericArgsBase<NO_CONSTRUCT>;
+
+ public:
+ explicit InvokeArgsMaybeIgnoresReturnValue(JSContext* cx) : Base(cx) {}
+
+ bool init(JSContext* cx, unsigned argc, bool ignoresReturnValue) {
+ if (!Base::init(cx, argc)) {
+ return false;
+ }
+ this->ignoresReturnValue_ = ignoresReturnValue;
+ return true;
+ }
+};
+
+/** Function call args of statically-known count. */
+template <size_t N>
+class FixedInvokeArgs : public detail::FixedArgsBase<NO_CONSTRUCT, N> {
+ using Base = detail::FixedArgsBase<NO_CONSTRUCT, N>;
+
+ public:
+ explicit FixedInvokeArgs(JSContext* cx) : Base(cx) {}
+};
+
+/** Function construct args of statically-unknown count. */
+class ConstructArgs : public detail::GenericArgsBase<CONSTRUCT> {
+ using Base = detail::GenericArgsBase<CONSTRUCT>;
+
+ public:
+ explicit ConstructArgs(JSContext* cx) : Base(cx) {}
+};
+
+/** Function call args of statically-known count. */
+template <size_t N>
+class FixedConstructArgs : public detail::FixedArgsBase<CONSTRUCT, N> {
+ using Base = detail::FixedArgsBase<CONSTRUCT, N>;
+
+ public:
+ explicit FixedConstructArgs(JSContext* cx) : Base(cx) {}
+};
+
+template <class Args, class Arraylike>
+inline bool FillArgumentsFromArraylike(JSContext* cx, Args& args,
+ const Arraylike& arraylike) {
+ uint32_t len = arraylike.length();
+ if (!args.init(cx, len)) {
+ return false;
+ }
+
+ for (uint32_t i = 0; i < len; i++) {
+ args[i].set(arraylike[i]);
+ }
+
+ return true;
+}
+
+} // namespace js
+
+namespace mozilla {
+
+template <>
+struct DefaultHasher<js::AbstractFramePtr> {
+ using Lookup = js::AbstractFramePtr;
+
+ static js::HashNumber hash(const Lookup& key) {
+ return mozilla::HashGeneric(key.raw());
+ }
+
+ static bool match(const js::AbstractFramePtr& k, const Lookup& l) {
+ return k == l;
+ }
+};
+
+} // namespace mozilla
+
+#endif // vm_Stack_h