| blob | 3a89b75bedd3b3cb2c630c6dddf371939ccdbe65 |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set sw=4 ts=8 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JS bytecode descriptors, disassemblers, and decompilers.
43 */
45 #ifdef HAVE_MEMORY_H
46 #include <memory.h>
47 #endif
48 #include <stdarg.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <string.h>
79 /* Verify JSOP_XXX_LENGTH constant definitions. */
80 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
81 JS_STATIC_ASSERT(op##_LENGTH == length);
83 #undef OPDEF
89 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
90 {length,nuses,ndefs,prec,format},
92 #undef OPDEF
93 };
97 /*
98 * Each element of the array is either a source literal associated with JS
99 * bytecode or null.
100 */
102 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
103 token,
105 #undef OPDEF
106 };
108 #if defined(DEBUG) || defined(JS_JIT_SPEW)
109 /*
110 * Array of JS bytecode names used by DEBUG-only js_Disassemble and by
111 * JIT debug spew.
112 */
114 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
115 name,
117 #undef OPDEF
118 };
119 #endif
121 /************************************************************************/
123 static ptrdiff_t
125 {
126 uint32 type;
132 }
134 uintN
137 {
138 JSOp op;
146 /*
147 * We need to detect index base prefix. It presents when resetbase
148 * follows the bytecode.
149 */
158 }
159 }
161 }
163 uintN
165 {
166 JSOp op;
178 do_table:
179 /* Structure: default-jump case-low case-high case1-jump ... */
193 do_lookup:
194 /* Structure: default-jump case-count (case1-value case1-jump) ... */
198 }
199 }
201 uintN
203 {
216 /* stack: fun, this, [argc arguments] */
221 }
222 }
224 #ifdef DEBUG
228 {
230 uintN len;
243 }
245 }
249 {
269 }
277 }
278 }
280 }
285 {
286 JSOp op;
289 uint32 type;
291 uintN index;
293 jsval v;
295 jsint i;
305 }
318 }
337 else
340 }
353 {
371 }
374 }
378 {
380 jsatomid npairs;
400 npairs--;
401 }
404 }
424 }
447 print_int:
457 }
458 }
461 }
465 /************************************************************************/
467 /*
468 * Sprintf, but with unlimited and automatically allocated buffering.
469 */
478 #define INIT_SPRINTER(cx, sp, ap, off) \
479 ((sp)->context = cx, (sp)->pool = ap, (sp)->base = NULL, (sp)->size = 0, \
480 (sp)->offset = off)
482 #define OFF2STR(sp,off) ((sp)->base + (off))
483 #define STR2OFF(sp,str) ((str) - (sp)->base)
484 #define RETRACT(sp,str) ((sp)->offset = STR2OFF(sp, str))
486 static JSBool
488 {
500 }
504 }
508 }
510 static ptrdiff_t
512 {
516 /* Allocate space for s, including the '\0' at the end. */
520 /* Advance offset and copy s into sp's buffer. */
527 }
529 static ptrdiff_t
531 {
533 }
535 static ptrdiff_t
537 {
556 }
559 static ptrdiff_t
561 {
572 }
576 }
589 };
591 #define DONT_ESCAPE 0x10000
595 {
603 /* Sample off first for later return value pointer computation. */
610 /* Loop control variables: z points at end of string sentinel. */
613 /* Move t forward from s past un-quote-worthy characters. */
620 }
623 /* Allocate space for s, including the '\0' at the end. */
627 /* Advance sp->offset and copy s into sp's buffer. */
637 /* Use js_EscapeMap, \u, or \x only if necessary. */
639 ok = dontEscape
644 }
647 }
649 /* Sprint the closing quote and return the quoted string. */
653 /*
654 * If we haven't Sprint'd anything yet, Sprint an empty string so that
655 * the OFF2STR below gives a valid result.
656 */
660 }
662 JSString *
664 {
666 Sprinter sprinter;
676 }
678 /************************************************************************/
691 };
693 /*
694 * Hack another flag, a la JS_DONT_PRETTY_PRINT, into uintN indent parameters
695 * to functions such as js_DecompileFunction and js_NewPrinter. This time, as
696 * opposed to JS_DONT_PRETTY_PRINT back in the dark ages, we can assume that a
697 * uintN is at least 32 bits.
698 */
699 #define JS_IN_GROUP_CONTEXT 0x10000
701 JSPrinter *
704 {
725 }
726 }
728 }
730 void
732 {
735 }
737 JSString *
739 {
752 }
754 /*
755 * NB: Indexed by SRC_DECL_* defines from jsemit.h.
756 */
761 {
766 }
768 }
770 int
772 {
782 /* If pretty-printing, expand magic tab into a run of jp->indent spaces. */
784 format++;
787 }
789 /* Suppress newlines (must be once per format, at the end) if not pretty. */
797 }
799 /* Allocate temp space, convert format, and put. */
804 }
808 }
817 }
819 JSBool
821 {
823 }
825 /************************************************************************/
837 /*
838 * Find the depth of the operand stack when the interpreter reaches the given
839 * pc in script. pcstack must have space for least script->depth elements. On
840 * return it will contain pointers to opcodes that populated the interpreter's
841 * current operand stack.
842 *
843 * This function cannot raise an exception or error. However, due to a risk of
844 * potential bugs when modeling the stack, the function returns -1 if it
845 * detects an inconsistency in the model. Such an inconsistency triggers an
846 * assert in a debug build.
847 */
848 static intN
852 #define FAILED_EXPRESSION_DECOMPILER ((char *) 1)
854 /*
855 * Decompile a part of expression up to the given pc. The function returns
856 * NULL on out-of-memory, or the FAILED_EXPRESSION_DECOMPILER sentinel when
857 * the decompiler fails due to a bug and/or unimplemented feature, or the
858 * decompiled string on success.
859 */
864 /*
865 * Get a stacked offset from ss->sprinter.base, or if the stacked value |off|
866 * is negative, fetch the generating pc from printer->pcstack[-2 - off] and
867 * decompile the code that generated the missing value. This is used when
868 * reporting errors, where the model stack will lack |pcdepth| non-negative
869 * offsets (see DecompileExpression and DecompileCode).
870 *
871 * If the stacked offset is -1, return 0 to index the NUL padding at the start
872 * of ss->sprinter.base. If this happens, it means there is a decompiler bug
873 * to fix, but it won't violate memory safety.
874 */
875 static ptrdiff_t
877 {
901 }
905 }
906 }
908 }
912 {
915 /*
916 * Must call GetOff before using ss->sprinter.base, since it may be null
917 * until bootstrapped by GetOff.
918 */
921 }
923 /*
924 * Gap between stacked strings to allow for insertion of parens and commas
925 * when auto-parenthesizing expressions and decompiling array initialisers
926 * (see the JSOP_NEWARRAY case in Decompile).
927 */
928 #define PAREN_SLOP (2 + 1)
930 /*
931 * These pseudo-ops help js_DecompileValueGenerator decompile JSOP_SETNAME,
932 * JSOP_SETPROP, and JSOP_SETELEM, respectively. They are never stored in
933 * bytecode, so they don't preempt valid opcodes.
934 */
935 #define JSOP_GETPROP2 256
936 #define JSOP_GETELEM2 257
938 static void
940 {
943 }
945 static JSBool
947 {
948 uintN top;
953 /* ss->top points to the next free slot; be paranoid about overflow. */
959 }
961 /* The opcodes stack must contain real bytecodes that index js_CodeSpec. */
969 }
971 static ptrdiff_t
973 {
974 uintN top;
978 /* ss->top points to the next free slot; be paranoid about underflow. */
992 }
994 }
998 {
1003 }
1005 static ptrdiff_t
1007 {
1009 }
1013 {
1015 }
1018 jsval key;
1024 static JSBool
1026 {
1036 }
1038 static ptrdiff_t
1040 {
1041 jsdouble d;
1051 /* Don't use Infinity and NaN, they're mutable. */
1064 }
1070 }
1072 }
1077 static JSBool
1081 {
1086 uintN i;
1087 jsval key;
1093 /* JSOP_CONDSWITCH doesn't pop, unlike JSOP_{LOOKUP,TABLE}SWITCH. */
1108 }
1120 /*
1121 * key encodes the JSOP_CASE bytecode's offset from switchtop.
1122 * The next case expression follows immediately, unless we are
1123 * at the last case.
1124 */
1131 }
1134 /* Balance the stack as if this JSOP_CASE matched. */
1137 /*
1138 * key comes from an atom, not the decompiler, so we need to
1139 * quote it if it's a string literal. But if table[i].label
1140 * is non-null, key was constant-propagated and label is the
1141 * name of the const we should show as the case label. We set
1142 * key to undefined so this identifier is escaped, if required
1143 * by non-ASCII characters, but not quoted, by QuoteString.
1144 */
1150 JSOp junk;
1158 }
1166 }
1170 }
1179 }
1183 }
1188 /* Re-balance as if last JSOP_CASE or JSOP_DEFAULT mismatched. */
1191 }
1192 }
1198 }
1201 /* By the end of a JSOP_CONDSWITCH, the discriminant has been popped. */
1205 }
1207 #define LOCAL_ASSERT_CUSTOM(expr, BAD_EXIT) \
1208 JS_BEGIN_MACRO \
1209 JS_ASSERT(expr); \
1210 if (!(expr)) { BAD_EXIT; } \
1211 JS_END_MACRO
1213 #define LOCAL_ASSERT_RV(expr, rv) \
1214 LOCAL_ASSERT_CUSTOM(expr, return (rv))
1218 {
1224 #if !JS_HAS_DESTRUCTURING
1226 #endif
1228 }
1232 {
1249 /*
1250 * We must be called from js_DecompileValueGenerator (via Decompile) when
1251 * dereferencing a local that's undefined or null. Search script->objects
1252 * for the block containing this local by its stack index, i.
1253 */
1265 }
1266 }
1272 }
1282 #undef LOCAL_ASSERT
1283 }
1285 static JSBool
1287 {
1288 uintN slot;
1292 /* The slot refers to a variable with name stored in jp->localNames. */
1295 }
1297 /* We have a local which index is relative to the stack base. */
1302 }
1304 #if JS_HAS_DESTRUCTURING
1306 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1307 #define LOAD_OP_DATA(pc) (oplen = (cs = &js_CodeSpec[op=(JSOp)*pc])->length)
1315 {
1318 JSOp op;
1320 uintN oplen;
1321 jsint i;
1355 /* FALL THROUGH */
1370 }
1383 }
1387 /*
1388 * We may need to auto-parenthesize the left-most value decompiled
1389 * here, so add back PAREN_SLOP temporarily. Then decompile until the
1390 * opcode that would reduce the stack depth to (ss->top-1), which we
1391 * pass to Decompile encoded as -(ss->top-1) - 1 or just -ss->top for
1392 * the nb parameter.
1393 */
1407 /* lval is from JSOP_BINDNAME, so just print xval. */
1410 /* xval is from JSOP_SETCALL or JSOP_BINDXMLNAME, print lval. */
1418 }
1420 }
1428 }
1430 /*
1431 * Starting with a SRC_DESTRUCT-annotated JSOP_DUP, decompile a destructuring
1432 * left-hand side object or array initialiser, including nested destructuring
1433 * initialisers. On successful return, the decompilation will be pushed on ss
1434 * and the return value will point to the POP or GROUP bytecode following the
1435 * destructuring expression.
1436 *
1437 * At any point, if pc is equal to endpc and would otherwise advance, we stop
1438 * immediately and return endpc.
1439 */
1442 {
1448 uintN oplen;
1450 jsdouble d;
1455 JSBool hole;
1460 /*
1461 * Set head so we can rewrite '[' to '{' as needed. Back up PAREN_SLOP
1462 * chars so the destructuring decompilation accumulates contiguously in
1463 * ss->sprinter starting with "[".
1464 */
1477 #if JS_HAS_DESTRUCTURING_SHORTHAND
1479 #endif
1489 /* Handle the optimized number-pushing opcodes. */
1503 do_getelem:
1511 /* Distinguish object from array by opcode or source note. */
1517 /* Sanity check for the gnarly control flow above. */
1520 /* Fill in any holes (holes at the end don't matter). */
1524 }
1525 }
1535 do_destructure_atom:
1538 #if JS_HAS_DESTRUCTURING_SHORTHAND
1540 #endif
1544 }
1551 }
1557 /*
1558 * Decompile the left-hand side expression whose bytecode starts at pc
1559 * and continues for a bounded number of bytecodes or stack operations
1560 * (and which in any event stops before endpc).
1561 */
1566 #if JS_HAS_DESTRUCTURING_SHORTHAND
1575 /* Early check to rule out odd "name: lval" length. */
1580 /*
1581 * Even "name: lval" string length: check for "x: x" and the
1582 * like, and apply the shorthand if we can.
1583 */
1591 }
1592 }
1593 }
1594 #endif
1599 /*
1600 * Check for SRC_DESTRUCT on this JSOP_DUP, which would mean another
1601 * destructuring initialiser abuts this one, and we should stop. This
1602 * happens with source of the form '[a] = [b] = c'.
1603 */
1612 }
1614 out:
1619 }
1624 {
1625 JSOp op;
1629 JSBool hole;
1654 }
1668 }
1669 }
1677 }
1679 #undef LOCAL_ASSERT
1680 #undef LOAD_OP_DATA
1684 static JSBool
1686 {
1692 /* Allocate the parallel (to avoid padding) offset and opcode stacks. */
1699 }
1707 }
1709 /*
1710 * If nb is non-negative, decompile nb bytecodes starting at pc. Otherwise
1711 * the decompiler starts at pc and continues until it reaches an opcode for
1712 * which decompiling would result in the stack depth equaling -(nb + 1).
1713 *
1714 * The nextop parameter is either JSOP_NOP or the "next" opcode in order of
1715 * abstract interpretation (not necessarily physically next in a bytecode
1716 * vector). So nextop is JSOP_POP for the last operand in a comma expression,
1717 * or JSOP_AND for the right operand of &&.
1718 */
1721 {
1736 JSBool ok;
1737 #if JS_HAS_XML_SUPPORT
1739 #else
1740 #define inXML JS_FALSE
1741 #endif
1742 jsval val;
1758 /* Argument and variables decompilation uses the following to share code. */
1761 /*
1762 * Local macros
1763 */
1764 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1765 #define DECOMPILE_CODE(pc,nb) if (!Decompile(ss, pc, nb, JSOP_NOP)) return NULL
1766 #define NEXT_OP(pc) (((pc) + (len) == endpc) ? nextop : pc[len])
1767 #define TOP_STR() GetStr(ss, ss->top - 1)
1768 #define POP_STR() PopStr(ss, op)
1769 #define POP_STR_PREC(prec) PopStrPrec(ss, prec)
1771 /*
1772 * Pop a condition expression for if/for/while. JSOP_IFEQ's precedence forces
1773 * extra parens around assignment, which avoids a strict-mode warning.
1774 */
1775 #define POP_COND_STR() \
1776 PopStr(ss, (js_CodeSpec[ss->opcodes[ss->top - 1]].format & JOF_SET) \
1777 ? JSOP_IFEQ \
1778 : JSOP_NOP)
1780 /*
1781 * Callers know that ATOM_IS_STRING(atom), and we leave it to the optimizer to
1782 * common ATOM_TO_STRING(atom) here and near the call sites.
1783 */
1784 #define ATOM_IS_IDENTIFIER(atom) js_IsIdentifier(ATOM_TO_STRING(atom))
1785 #define ATOM_IS_KEYWORD(atom) \
1786 (js_CheckKeyword(JSSTRING_CHARS(ATOM_TO_STRING(atom)), \
1787 JSSTRING_LENGTH(ATOM_TO_STRING(atom))) != TOK_EOF)
1789 /*
1790 * Given an atom already fetched from jp->script's atom map, quote/escape its
1791 * string appropriately into rval, and select fmt from the quoted and unquoted
1792 * alternatives.
1793 */
1794 #define GET_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1795 JS_BEGIN_MACRO \
1796 jschar quote_; \
1797 if (!ATOM_IS_IDENTIFIER(atom)) { \
1799 fmt = qfmt; \
1800 } else { \
1801 quote_ = 0; \
1802 fmt = ufmt; \
1803 } \
1804 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), quote_); \
1805 if (!rval) \
1806 return NULL; \
1807 JS_END_MACRO
1809 #define LOAD_ATOM(PCOFF) \
1810 GET_ATOM_FROM_BYTECODE(jp->script, pc, PCOFF, atom)
1812 #define LOAD_OBJECT(PCOFF) \
1813 GET_OBJECT_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1815 #define LOAD_FUNCTION(PCOFF) \
1816 GET_FUNCTION_FROM_BYTECODE(jp->script, pc, PCOFF, fun)
1818 #define LOAD_REGEXP(PCOFF) \
1819 GET_REGEXP_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1821 #define GET_SOURCE_NOTE_ATOM(sn, atom) \
1822 JS_BEGIN_MACRO \
1823 jsatomid atomIndex_ = (jsatomid) js_GetSrcNoteOffset((sn), 0); \
1824 \
1825 LOCAL_ASSERT(atomIndex_ < jp->script->atomMap.length); \
1826 (atom) = jp->script->atomMap.vector[atomIndex_]; \
1827 JS_END_MACRO
1829 /*
1830 * Get atom from jp->script's atom map, quote/escape its string appropriately
1831 * into rval, and select fmt from the quoted and unquoted alternatives.
1832 */
1833 #define GET_ATOM_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1834 JS_BEGIN_MACRO \
1835 LOAD_ATOM(0); \
1836 GET_QUOTE_AND_FMT(qfmt, ufmt, rval); \
1837 JS_END_MACRO
1839 /*
1840 * Per spec, new x(y).z means (new x(y))).z. For example new (x(y).z) must
1841 * decompile with the constructor parenthesized, but new x.z should not. The
1842 * normal rules give x(y).z and x.z identical precedence: both are produced by
1843 * JSOP_GETPROP.
1844 *
1845 * Therefore, we need to know in case JSOP_NEW whether the constructor
1846 * expression contains any unparenthesized function calls. So when building a
1847 * MemberExpression or CallExpression, we set ss->opcodes[n] to JSOP_CALL if
1848 * this is true. x(y).z gets JSOP_CALL, not JSOP_GETPROP.
1849 */
1850 #define PROPAGATE_CALLNESS() \
1851 JS_BEGIN_MACRO \
1852 if (ss->opcodes[ss->top - 1] == JSOP_CALL) \
1853 saveop = JSOP_CALL; \
1854 JS_END_MACRO
1867 #if JS_HAS_XML_SUPPORT
1869 #endif
1872 /*
1873 * Move saveop to lastop so prefixed bytecodes can take special action
1874 * while sharing maximal code. Set op and saveop to the new bytecode,
1875 * use op in POP_STR to trigger automatic parenthesization, but push
1876 * saveop at the bottom of the loop if this op pushes. Thus op may be
1877 * set to nop or otherwise mutated to suppress auto-parens.
1878 */
1883 /*
1884 * The decompiler uses js_GetIndexFromBytecode to get atoms and
1885 * objects and ignores these suffix/prefix bytecodes, thus
1886 * simplifying code that must process JSOP_GETTER/JSOP_SETTER
1887 * prefixes.
1888 */
1894 }
1901 /*
1902 * Save source literal associated with JS now before the following
1903 * rewrite changes op. See bug 380197.
1904 */
1911 /*
1912 * Rewrite non-get ops to their "get" format if the error is in
1913 * the bytecode at pc, so we don't decompile more than the error
1914 * expression.
1915 */
1923 /*
1924 * JOF_NAME does not imply JOF_ATOM, so we must check for
1925 * the QARG and QVAR format types, and translate those to
1926 * JSOP_GETARG or JSOP_GETLOCAL appropriately, instead of
1927 * to JSOP_NAME.
1928 */
1931 ? JSOP_GETARG
1933 ? JSOP_GETLOCAL
1940 /*
1941 * We must replace the faulting pc's bytecode with a
1942 * corresponding JSOP_GET* code. For JSOP_SET{PROP,ELEM},
1943 * we must use the "2nd" form of JSOP_GET{PROP,ELEM}, to
1944 * throw away the assignment op's right-hand operand and
1945 * decompile it as if it were a GET of its left-hand
1946 * operand.
1947 */
1950 ? JSOP_GETPROP2
1954 ? JSOP_GETELEM2
1957 /*
1958 * Unknown mode (including mode 0) means that op is
1959 * uncategorized for our purposes, so we must write
1960 * per-op special case code here.
1961 */
1967 #if JS_HAS_LVALUE_RETURN
1971 #endif
1973 /*
1974 * NB: JSOP_GETTHISPROP can't fail due to |this|
1975 * being null or undefined at runtime (beware that
1976 * this may change for ES4). Therefore any error
1977 * resulting from this op must be due to the value
1978 * of the property accessed via |this|, so do not
1979 * rewrite op to JSOP_THIS.
1980 *
1981 * The next two cases should not change op if
1982 * js_DecompileValueGenerator was called from the
1983 * the property getter. They should rewrite only
1984 * if the base object in the arg/var/local is null
1985 * or undefined. FIXME: bug 431569.
1986 */
1996 }
1997 }
1998 }
1999 }
2011 }
2012 }
2017 }
2024 /*
2025 * Avoid over-parenthesizing y in x op= y based on its
2026 * expansion: x = x op y (replace y by z = w to see the
2027 * problem).
2028 */
2032 /* Print only the right operand of the assignment-op. */
2041 /* In XML, just concatenate the two operands. */
2046 }
2061 }
2065 /*
2066 * Check for a do-while loop, a for-loop with an empty
2067 * initializer part, a labeled statement, a function
2068 * definition, or try/finally.
2069 */
2091 do_forloop:
2094 /* Skip the JSOP_NOP or JSOP_POP bytecode. */
2097 /* Get the cond, next, and loop-closing tail offsets. */
2102 /*
2103 * If this loop has a condition, then pc points at a goto
2104 * targeting the condition.
2105 */
2110 }
2113 /* Print the keyword and the possibly empty init-part. */
2117 /* Decompile the loop condition. */
2120 }
2122 /* Need a semicolon whether or not there was a cond. */
2126 /*
2127 * Decompile the loop updater. It may end in a JSOP_POP
2128 * that we skip; or in a JSOP_POPN that we do not skip,
2129 * followed by a JSOP_NOP (skipped as if it's a POP).
2130 * We cope with the difference between these two cases
2131 * by checking for stack imbalance and popping if there
2132 * is an rval.
2133 */
2142 }
2144 /* Do the loop body. */
2152 /* Set len so pc skips over the entire loop. */
2185 fun);
2186 do_function:
2211 }
2215 #if JS_HAS_DESTRUCTURING
2224 }
2225 #endif
2226 /* FALL THROUGH */
2243 /*
2244 * We push push the pair of exception/restsub cookies to
2245 * simulate the effects [gosub] or control transfer during
2246 * exception capturing on the stack.
2247 */
2264 /*
2265 * JSOP_GOSUB and GOSUBX have no effect on the decompiler's
2266 * string stack because the next op in bytecode order finds
2267 * the stack balanced by a JSOP_RETSUB executed elsewhere.
2268 */
2273 {
2276 /*
2277 * The compiler models operand stack depth and fixes the stack
2278 * pointer on entry to a catch clause based on its depth model.
2279 * The decompiler must match the code generator's model, which
2280 * is why JSOP_FINALLY pushes a cookie that JSOP_RETSUB pops.
2281 */
2290 #if JS_HAS_DESTRUCTURING
2303 }
2304 }
2308 /*
2309 * If this is an empty group assignment, we have no stack
2310 * budget into which we can push our result string. Adjust
2311 * ss->sprinter.offset so that our consumer can find the
2312 * empty group assignment decompilation.
2313 */
2317 /*
2318 * Kill newtop before the end_groupassignment: label by
2319 * retracting/popping early. Control will either jump
2320 * to do_forloop: or do_letheadbody: or else break from
2321 * our case JSOP_POPN: after the switch (*pc2) below.
2322 */
2326 }
2328 end_groupassignment:
2331 /*
2332 * Thread directly to the next opcode if we can, to handle
2333 * the special cases of a group assignment in the first or
2334 * last part of a for(;;) loop head, or in a let block or
2335 * expression head.
2336 *
2337 * NB: todo at this point indexes space in ss->sprinter
2338 * that is liable to be overwritten. The code below knows
2339 * exactly how long rval lives, or else copies it down via
2340 * SprintCString.
2341 */
2352 }
2356 /*
2357 * This must be an empty destructuring
2358 * in the head of a let whose body block
2359 * is also empty.
2360 */
2367 }
2374 }
2376 /*
2377 * An unnannotated NOP following a POPN must be the
2378 * third part of for(;;) loop head. If the POPN's
2379 * immediate operand is 0, then we may have no slot
2380 * on the sprint-stack in which to push our result
2381 * string. In this case the result can be recovered
2382 * at ss->sprinter.base + ss->sprinter.offset.
2383 */
2388 }
2389 }
2391 /*
2392 * If control flow reaches this point with todo still -2,
2393 * just print rval as an expression statement.
2394 */
2398 }
2399 #endif
2403 }
2405 }
2408 /* The catch decompiler handles this op itself. */
2413 /*
2414 * By default, do not automatically parenthesize when popping
2415 * a stacked expression decompilation. We auto-parenthesize
2416 * only when JSOP_POP is annotated with SRC_PCDELTA, meaning
2417 * comma operator.
2418 */
2420 /* FALL THROUGH */
2426 /* Force parens around 'in' expression at 'for' front. */
2434 /* Comma operator: use JSOP_POP for correct precedence. */
2437 /* Pop and save to avoid blowing stack depth budget. */
2442 /*
2443 * The offset tells distance to the end of the right-hand
2444 * operand of the comma operator.
2445 */
2453 }
2455 /* Pop Decompile result and print comma expression. */
2462 /* Hide this pop, it's from a goto in a with or for/in. */
2467 /* This pop is at the end of the let block/expr head. */
2469 #if JS_HAS_DESTRUCTURING
2470 do_letheadbody:
2471 #endif
2487 /* Set saveop to reflect what we will push. */
2492 }
2500 }
2504 /* Turn off parens around a yield statement. */
2510 /*
2511 * Don't emit decompiler-pushed strings that are not
2512 * handled by other opcodes. They are pushed onto the
2513 * stack to help model the interpreter stack and should
2514 * not appear in the decompiler's output.
2515 */
2523 rval);
2527 }
2530 }
2554 {
2566 }
2569 #define LOCAL_ASSERT_OUT(expr) LOCAL_ASSERT_CUSTOM(expr, ok = JS_FALSE; \
2570 goto enterblock_out)
2577 }
2586 }
2587 }
2591 #if JS_HAS_BLOCK_SCOPE
2603 #endif
2617 }
2622 /*
2623 * This is a dup to save the exception for later.
2624 * It is emitted only when the catch head contains
2625 * an exception guard.
2626 */
2634 }
2635 }
2636 }
2638 #if JS_HAS_DESTRUCTURING
2644 }
2650 #endif
2659 }
2660 #if JS_HAS_DESTRUCTURING
2661 }
2662 #endif
2664 /*
2665 * Pop the exception_cookie (or its dup in the case of a
2666 * guarded catch head) off the stack now.
2667 */
2683 }
2691 }
2695 #undef LOCAL_ASSERT_OUT
2696 enterblock_out:
2701 }
2706 {
2719 /*
2720 * This JSOP_LEAVEBLOCK must be for a catch block. If sn's
2721 * offset does not equal the model stack depth, there must
2722 * be a copy of the exception value on the stack due to a
2723 * catch guard (see above, the JSOP_ENTERBLOCK + SRC_CATCH
2724 * case code).
2725 */
2732 }
2733 }
2743 }
2757 #ifdef DEBUG
2758 /*
2759 * We must be in an eval called from jp->fun, where
2760 * jp->script is the eval-compiled script.
2761 *
2762 * However, it's possible that a js_Invoke already
2763 * pushed a frame trying to call js_Construct on an
2764 * object that's not a constructor, causing us to be
2765 * called with an intervening frame on the stack.
2766 */
2776 }
2777 #endif
2781 }
2791 }
2795 #if JS_HAS_DESTRUCTURING
2803 }
2804 #endif
2816 }
2827 }
2837 }
2849 /* Turn on parens around comma-expression here. */
2853 rval,
2859 }
2860 /* FALL THROUGH */
2866 else
2871 #if JS_HAS_GENERATORS
2873 #if JS_HAS_GENERATOR_EXPRS
2875 #endif
2876 {
2877 /* Turn off most parens. */
2889 }
2890 #if JS_HAS_GENERATOR_EXPRS
2892 /* FALL THROUGH */
2893 #endif
2896 {
2900 /* Turn off most parens. */
2903 /* Pop the expression being pushed or yielded. */
2906 /*
2907 * Skip the for loop head stacked by JSOP_FORLOCAL until we hit
2908 * a block local slot (note empty destructuring patterns result
2909 * in unit-count blocks).
2910 */
2916 }
2919 /*
2920 * Here, forpos must index the space before the left-most |for|
2921 * in the single string of accumulated |for| heads and optional
2922 * final |if (condition)|.
2923 */
2927 /*
2928 * Now move pos downward over the block's local slots. Even an
2929 * empty destructuring pattern has one (dummy) local.
2930 */
2935 }
2939 #if JS_HAS_GENERATOR_EXPRS
2941 /*
2942 * Generator expression: decompile just rval followed by
2943 * the string starting at forpos. Leave the result string
2944 * in ss->offsets[0] so it can be recovered by our caller
2945 * (the JSOP_ANONFUNOBJ with SRC_GENEXP case). Bump the
2946 * top of stack to balance yield, which is an expression
2947 * (so has neutral stack balance).
2948 */
2958 }
2961 /*
2962 * Array comprehension: retract the sprinter to the beginning
2963 * of the array initialiser and decompile "[<rval> for ...]".
2964 */
2980 }
2981 #endif
2998 JSITER_FOREACH;
3020 /*
3021 * The loop back-edge carries +1 stack balance, for the
3022 * flag processed by JSOP_IFNE. We do not decompile the
3023 * JSOP_IFNE, and instead push the left-hand side of 'in'
3024 * after the loop edge in this stack slot (the JSOP_FOR*
3025 * opcodes' decompilers do this pushing).
3026 */
3043 }
3045 /*
3046 * Do not AddParentSlop here, as we will push the
3047 * top-most offset again, which will add paren slop
3048 * for us. We must push to balance the stack budget
3049 * when nesting for heads in a comprehension.
3050 */
3057 }
3062 /*
3063 * As above, rval or an extension of it must remain
3064 * stacked during loop body decompilation.
3065 */
3074 }
3123 }
3129 {
3132 if_again:
3149 rval);
3151 }
3166 /*
3167 * If the second offset for sn is non-zero, it tells
3168 * the distance from the goto around the else, to the
3169 * ifeq for the if inside the else that forms an "if
3170 * else if" chain. Thus cond spans the condition of
3171 * the second if, so we simply decompile it and start
3172 * over at label if_again.
3173 */
3180 }
3185 }
3190 }
3204 }
3219 }
3221 }
3232 do_logical_connective:
3233 /* Top of stack is the first clause in a disjunction (||). */
3243 }
3255 }
3260 }
3280 }
3282 do_forvarslot:
3306 }
3317 }
3326 /*
3327 * The stack has the object under the (top) index expression.
3328 * The "rval" property id is underneath those two on the stack.
3329 * The for loop body net and gross lengths can now be adjusted
3330 * to account for the length of the indexing expression that
3331 * came after JSOP_FORELEM and before JSOP_ENUMELEM.
3332 */
3346 ? dot_format
3349 }
3352 #if JS_HAS_GETTER_SETTER
3357 #endif
3365 }
3366 /* FALL THROUGH */
3369 #if JS_HAS_DESTRUCTURING
3385 // Skip POP so the SRC_FOR_IN code can pop for itself.
3391 }
3393 }
3394 #endif
3411 do_setname:
3419 do_setlval:
3423 lval,
3425 ? js_getter_str
3427 ? js_setter_str
3429 rval);
3434 }
3442 }
3449 #if JS_HAS_LVALUE_RETURN
3451 #endif
3452 /* Turn off most parens (all if there's only one argument). */
3465 }
3467 /* Skip the JSOP_PUSHOBJ-created empty string. */
3471 /*
3472 * Special case: new (x(y)(z)) must be parenthesized like so.
3473 * Same for new (x(y).z) -- contrast with new x(y).z.
3474 * See PROPAGATE_CALLNESS.
3475 */
3483 ? JSOP_NAME
3500 }
3510 }
3511 }
3518 }
3522 #if JS_HAS_LVALUE_RETURN
3527 }
3528 #endif
3537 do_delete_lval:
3562 #if JS_HAS_XML_SUPPORT
3570 #endif
3578 rval);
3592 do_incatom:
3597 do_inclval:
3606 /*
3607 * Force precedence below the numeric literal opcodes, so that
3608 * 42..foo or 10000..toString(16), e.g., decompile with parens
3609 * around the left-hand side of dot.
3610 */
3627 ? predot_format
3634 }
3648 do_atominc:
3653 do_lvalinc:
3662 /*
3663 * Force precedence below the numeric literal opcodes, so that
3664 * 42..foo or 10000..toString(16), e.g., decompile with parens
3665 * around the left-hand side of dot.
3666 */
3682 ? postdot_format
3689 }
3700 /* FALL THROUGH */
3707 do_getprop:
3709 do_getprop_lval:
3722 /* Get the name of the argument or variable. */
3725 do_getarg_prop:
3733 /* Get the name of the property. */
3755 /*
3756 * Force precedence below the numeric literal opcodes, so that
3757 * 42..foo or 10000..toString(16), e.g., decompile with parens
3758 * around the left-hand side of dot.
3759 */
3766 ? js_getter_str
3768 ? js_setter_str
3771 rval);
3777 /* FALL THROUGH */
3791 ? dot_format
3794 }
3815 ? js_getter_str
3817 ? js_setter_str
3820 rval);
3838 #if JS_HAS_DESTRUCTURING
3842 }
3843 #else
3845 #endif
3853 do_name:
3855 #if JS_HAS_XML_SUPPORT
3856 do_qname:
3857 #endif
3882 do_sprint_int:
3903 #if JS_HAS_GENERATOR_EXPRS
3908 SprintStack ss2;
3913 /*
3914 * All allocation when decompiling is LIFO, using malloc
3915 * or, more commonly, arena-alloocating from cx->tempPool.
3916 * After InitSprintStack succeeds, we must release to mark
3917 * before returning.
3918 */
3924 /*
3925 * Recursively decompile this generator function as an
3926 * un-parenthesized generator expression. The ss->inGenExp
3927 * special case of JSOP_YIELD shares array comprehension
3928 * decompilation code that leaves the result as the single
3929 * string pushed on ss2.
3930 */
3937 }
3940 /*
3941 * Advance over this op and its global |this| push, and
3942 * arrange to advance over the call to this lambda.
3943 */
3951 /*
3952 * Arrange to parenthesize this genexp unless:
3953 *
3954 * 1. It is the complete expression consumed by a control
3955 * flow bytecode such as JSOP_TABLESWITCH whose syntax
3956 * always parenthesizes the controlling expression.
3957 * 2. It is the condition of a loop other than a for (;;).
3958 * 3. It is the sole argument to a function call.
3959 * 4. It is the condition of an if statement and not of a
3960 * ?: expression.
3961 *
3962 * But (first, before anything else) always parenthesize
3963 * if this genexp runs up against endpc and the next op is
3964 * not a loop condition (JSOP_IFNE*) opcode. In such cases,
3965 * this Decompile activation has been recursively called by
3966 * a comma operator, &&, or || bytecode.
3967 */
3985 ? JSOP_POP
3988 /*
3989 * Stack this result as if it's a name and not an
3990 * anonymous function, so it doesn't get decompiled as
3991 * a generator function in a getter or setter context.
3992 * The precedence level is the same for JSOP_NAME and
3993 * JSOP_ANONFUNOBJ.
3994 */
3998 }
4000 /*
4001 * Alas, we have to malloc a copy of the result left on
4002 * the top of ss2 because both ss and ss2 arena-allocate
4003 * from cx's tempPool.
4004 */
4012 }
4014 /* FALL THROUGH */
4018 {
4021 /*
4022 * Always parenthesize expression closures. We can't force
4023 * saveop to a low-precedence op to arrange for auto-magic
4024 * parenthesization without confusing getter/setter code
4025 * that checks for JSOP_ANONFUNOBJ and JSOP_NAMEDFUNOBJ.
4026 */
4032 }
4033 sprint_string:
4044 do_regexp:
4052 {
4088 }
4092 j++;
4093 }
4095 }
4104 }
4105 }
4109 JS_FALSE);
4110 }
4116 }
4120 {
4147 }
4154 }
4157 JS_FALSE);
4163 }
4166 {
4168 jsint ncases;
4176 /*
4177 * Count the cases using offsets from switch to first case,
4178 * and case to case, stored in srcnote immediates.
4179 */
4187 /* End of cases, but count default as a case. */
4193 }
4194 }
4196 /*
4197 * Allocate table and rescan the cases using their srcnotes,
4198 * stashing each case's delta from switch top in table[i].key,
4199 * and the distance to its statements in table[i].offset.
4200 */
4218 }
4219 }
4221 /*
4222 * Find offset of default code by fetching the default offset
4223 * from the end of table. JSOP_CONDSWITCH always has a default
4224 * case at the end.
4225 */
4231 JS_TRUE);
4237 }
4241 {
4248 }
4271 {
4275 /*
4276 * All operands are stacked and ready for in-place formatting.
4277 * We know that PAREN_SLOP is 3 here, and take advantage of it
4278 * to avoid strdup'ing.
4279 */
4296 /* Move to the next string that had been stacked. */
4304 }
4308 }
4315 }
4317 }
4320 {
4325 #if JS_HAS_SHARP_VARS
4334 }
4343 }
4345 }
4348 {
4349 JSBool inArray;
4355 /* Skip any #n= prefix to find the opening bracket. */
4362 rval,
4366 }
4368 {
4369 JSBool isFirst;
4375 /* Turn off most parens. */
4379 /* Turn off all parens for xval and lval, which we control. */
4388 }
4391 lval,
4392 maybeComma,
4393 rval);
4406 /* fall through */
4408 do_initprop:
4410 #ifdef OLD_GETTER_SETTER
4412 lval,
4413 maybeComma,
4414 xval,
4420 rval);
4421 #else
4430 lval,
4431 maybeComma,
4432 xval,
4436 rval);
4447 lval,
4448 maybeComma,
4451 xval,
4454 }
4458 }
4459 #endif
4461 }
4463 #if JS_HAS_SHARP_VARS
4476 #if JS_HAS_DEBUGGER_KEYWORD
4483 #if JS_HAS_XML_SUPPORT
4503 }
4513 }
4546 /* This gets reset by all XML tag expressions. */
4555 else
4560 /* Leave the name stacked and push a dummy string. */
4565 /* Pop the r.h.s., the dummy string, and the name. */
4575 /* If we're an attribute value, we shouldn't quote this. */
4589 /* These ops indicate the end of XML expressions. */
4617 DONT_ESCAPE))
4626 DONT_ESCAPE))
4655 }
4656 }
4659 /* -2 means "don't push", -1 means reported error. */
4665 }
4671 }
4674 }
4676 /*
4677 * Undefine local macros.
4678 */
4679 #undef inXML
4680 #undef DECOMPILE_CODE
4681 #undef NEXT_OP
4682 #undef TOP_STR
4683 #undef POP_STR
4684 #undef POP_STR_PREC
4685 #undef LOCAL_ASSERT
4686 #undef ATOM_IS_IDENTIFIER
4687 #undef GET_QUOTE_AND_FMT
4688 #undef GET_ATOM_QUOTE_AND_FMT
4691 }
4693 static JSBool
4695 uintN pcdepth)
4696 {
4698 SprintStack ss;
4701 JSBool ok;
4709 /* Initialize a sprinter for use with the offset stack. */
4716 /*
4717 * If we are called from js_DecompileValueGenerator with a portion of
4718 * script's bytecode that starts with a non-zero model stack depth given
4719 * by pcdepth, attempt to initialize the missing string offsets in ss to
4720 * |spindex| negative indexes from fp->sp for the activation fp in which
4721 * the error arose.
4722 *
4723 * See js_DecompileValueGenerator for how its |spindex| parameter is used,
4724 * and see also GetOff, which makes use of the ss.offsets[i] < -1 that are
4725 * potentially stored below.
4726 */
4732 }
4733 }
4735 /* Call recursive subroutine to do the hard work. */
4745 }
4752 }
4755 /* If the given code didn't empty the stack, do it now. */
4761 }
4763 out:
4764 /* Free all temporary stuff allocated under this call. */
4767 }
4769 JSBool
4771 {
4773 }
4777 JSBool
4779 {
4787 }
4791 }
4793 JSBool
4795 {
4797 uintN i;
4801 JSBool ok;
4807 /*
4808 * If pretty, conform to ECMA-262 Edition 3, 15.3.4.2, by decompiling a
4809 * FunctionDeclaration. Otherwise, check the JSFUN_LAMBDA flag and force
4810 * an expression by parenthesizing.
4811 */
4817 }
4835 #ifdef JS_HAS_DESTRUCTURING
4836 SprintStack ss;
4838 #endif
4840 /* Print the parameters. */
4845 #ifdef JS_HAS_DESTRUCTURING
4846 /* Skip JSOP_GENERATOR in case of destructuring parameters. */
4853 #endif
4861 #if JS_HAS_DESTRUCTURING
4862 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, JS_FALSE)
4876 }
4881 }
4889 }
4891 }
4893 #undef LOCAL_ASSERT
4894 #endif
4899 }
4900 }
4902 #ifdef JS_HAS_DESTRUCTURING
4905 #endif
4913 }
4923 }
4924 }
4930 }
4935 {
4940 intN pcdepth;
4959 }
4964 /*
4965 * Prepare computing pcstack containing pointers to opcodes that
4966 * populated interpreter's stack with its current content.
4967 */
4983 /*
4984 * We search from fp->sp to base to find the most recently
4985 * calculated value matching v under assumption that it is
4986 * it that caused exception, see bug 328664.
4987 */
4994 }
4998 /*
4999 * The value comes from a temporary slot that the interpreter
5000 * uses for GC roots or when JSOP_APPLY extended the stack to
5001 * fit the argument array elements. Assume that it is the
5002 * current PC that caused the exception.
5003 */
5007 }
5008 }
5010 release_pcstack:
5014 }
5016 {
5022 }
5027 }
5028 }
5032 do_fallback:
5037 }
5040 }
5045 {
5047 JSOp op;
5053 intN pcdepth;
5069 }
5073 /* None of these stack-writing ops generates novel values. */
5077 /*
5078 * |this| could convert to a very long object initialiser, so cite it by
5079 * its keyword name instead.
5080 */
5084 }
5086 /*
5087 * JSOP_BINDNAME is special: it generates a value, the base object of a
5088 * reference. But if it is the generating op for a diagnostic produced by
5089 * js_DecompileValueGenerator, the name being bound is irrelevant. Just
5090 * fall back to the base object.
5091 */
5095 }
5097 /* NAME ops are self-contained, others require left or right context. */
5110 }
5122 }
5125 }
5130 }
5137 }
5144 }
5154 }
5156 }
5158 out:
5163 }
5167 }
5169 uintN
5171 {
5173 }
5175 static intN
5178 {
5181 JSOp op;
5185 intN i;
5187 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, -1);
5189 /*
5190 * Walk forward from script->main and compute the stack depth and stack of
5191 * operand-generating opcode PCs in pcstack.
5192 *
5193 * FIXME: Code to compute oplen copied from js_Disassemble1 and reduced.
5194 * FIXME: Optimize to use last empty-stack sequence point.
5195 */
5207 /*
5208 * A (C ? T : E) expression requires skipping either T (if target is in
5209 * E) or both T and E (if target is after the whole expression) before
5210 * adjusting pcdepth based on the JSOP_IFEQ or JSOP_IFEQX at pc that
5211 * tests condition C. We know that the stack depth can't change from
5212 * what it was with C on top of stack.
5213 */
5230 }
5232 /*
5233 * Ok, target lies in E. Manually pop C off the model stack,
5234 * since we have moved beyond the IFEQ now.
5235 */
5238 }
5239 }
5256 }
5262 /*
5263 * Fill the slots that the opcode defines withs its pc unless it just
5264 * reshuffle the stack. In the latter case we want to preserve the
5265 * opcode that generated the original value.
5266 */
5272 }
5277 /* Keep the switch value. */
5292 }
5294 }
5296 }
5300 #undef LOCAL_ASSERT
5301 }
5303 #undef LOCAL_ASSERT_RV