/[jscoverage]/trunk/js/jsfun.cpp
ViewVC logotype

Contents of /trunk/js/jsfun.cpp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 507 - (show annotations)
Sun Jan 10 07:23:34 2010 UTC (9 years, 5 months ago) by siliconforks
File size: 98403 byte(s)
Update SpiderMonkey from Firefox 3.6rc1.

1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=99:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
40
41 /*
42 * JS function support.
43 */
44 #include <string.h>
45 #include "jstypes.h"
46 #include "jsstdint.h"
47 #include "jsbit.h"
48 #include "jsutil.h" /* Added by JSIFY */
49 #include "jsapi.h"
50 #include "jsarray.h"
51 #include "jsatom.h"
52 #include "jsbool.h"
53 #include "jsbuiltins.h"
54 #include "jscntxt.h"
55 #include "jsversion.h"
56 #include "jsdbgapi.h"
57 #include "jsemit.h"
58 #include "jsfun.h"
59 #include "jsgc.h"
60 #include "jsinterp.h"
61 #include "jslock.h"
62 #include "jsnum.h"
63 #include "jsobj.h"
64 #include "jsopcode.h"
65 #include "jsparse.h"
66 #include "jsscan.h"
67 #include "jsscope.h"
68 #include "jsscript.h"
69 #include "jsstr.h"
70 #include "jsexn.h"
71 #include "jsstaticcheck.h"
72 #include "jstracer.h"
73
74 #if JS_HAS_GENERATORS
75 # include "jsiter.h"
76 #endif
77
78 #if JS_HAS_XDR
79 # include "jsxdrapi.h"
80 #endif
81
82 #include "jsatominlines.h"
83
84 static inline void
85 SetOverriddenArgsLength(JSObject *obj)
86 {
87 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
88
89 jsval v = obj->fslots[JSSLOT_ARGS_LENGTH];
90 v = INT_TO_JSVAL(JSVAL_TO_INT(v) | 1);
91 JS_ASSERT(JSVAL_IS_INT(v));
92 obj->fslots[JSSLOT_ARGS_LENGTH] = v;
93 }
94
95 static inline void
96 InitArgsLengthSlot(JSObject *obj, uint32 argc)
97 {
98 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
99 JS_ASSERT(argc <= JS_ARGS_LENGTH_MAX);
100 JS_ASSERT(obj->fslots[JSSLOT_ARGS_LENGTH] == JSVAL_VOID);
101 obj->fslots[JSSLOT_ARGS_LENGTH] = INT_TO_JSVAL(argc << 1);
102 JS_ASSERT(!js_IsOverriddenArgsLength(obj));
103 }
104
105 static inline uint32
106 GetArgsLength(JSObject *obj)
107 {
108 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
109
110 uint32 argc = uint32(JSVAL_TO_INT(obj->fslots[JSSLOT_ARGS_LENGTH])) >> 1;
111 JS_ASSERT(argc <= JS_ARGS_LENGTH_MAX);
112 return argc;
113 }
114
115 static inline void
116 SetArgsPrivateNative(JSObject *argsobj, js_ArgsPrivateNative *apn)
117 {
118 JS_ASSERT(STOBJ_GET_CLASS(argsobj) == &js_ArgumentsClass);
119 uintptr_t p = (uintptr_t) apn;
120 argsobj->setPrivate((void*) (p | 2));
121 }
122
123 JSBool
124 js_GetArgsValue(JSContext *cx, JSStackFrame *fp, jsval *vp)
125 {
126 JSObject *argsobj;
127
128 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
129 JS_ASSERT(fp->callobj);
130 jsid id = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
131 return fp->callobj->getProperty(cx, id, vp);
132 }
133 argsobj = js_GetArgsObject(cx, fp);
134 if (!argsobj)
135 return JS_FALSE;
136 *vp = OBJECT_TO_JSVAL(argsobj);
137 return JS_TRUE;
138 }
139
140 JSBool
141 js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp)
142 {
143 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
144 JS_ASSERT(fp->callobj);
145
146 jsid argumentsid = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
147 jsval v;
148 if (!fp->callobj->getProperty(cx, argumentsid, &v))
149 return false;
150
151 JSObject *obj;
152 if (JSVAL_IS_PRIMITIVE(v)) {
153 obj = js_ValueToNonNullObject(cx, v);
154 if (!obj)
155 return false;
156 } else {
157 obj = JSVAL_TO_OBJECT(v);
158 }
159 return obj->getProperty(cx, id, vp);
160 }
161
162 *vp = JSVAL_VOID;
163 if (JSID_IS_INT(id)) {
164 uint32 arg = uint32(JSID_TO_INT(id));
165 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
166 if (arg < fp->argc) {
167 if (argsobj) {
168 jsval v = OBJ_GET_SLOT(cx, argsobj, JSSLOT_ARGS_COPY_START+arg);
169 if (v == JSVAL_HOLE)
170 return argsobj->getProperty(cx, id, vp);
171 }
172 *vp = fp->argv[arg];
173 } else {
174 /*
175 * Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share
176 * storage between the formal parameter and arguments[k] for all
177 * fp->argc <= k && k < fp->fun->nargs. For example, in
178 *
179 * function f(x) { x = 42; return arguments[0]; }
180 * f();
181 *
182 * the call to f should return undefined, not 42. If fp->argsobj
183 * is null at this point, as it would be in the example, return
184 * undefined in *vp.
185 */
186 if (argsobj)
187 return argsobj->getProperty(cx, id, vp);
188 }
189 } else if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
190 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
191 if (argsobj && js_IsOverriddenArgsLength(argsobj))
192 return argsobj->getProperty(cx, id, vp);
193 *vp = INT_TO_JSVAL(jsint(fp->argc));
194 }
195 return true;
196 }
197
198 static JSObject *
199 NewArguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee)
200 {
201 JSObject *argsobj = js_NewObject(cx, &js_ArgumentsClass, NULL, parent, 0);
202 if (!argsobj || !js_EnsureReservedSlots(cx, argsobj, argc))
203 return NULL;
204
205 argsobj->fslots[JSSLOT_ARGS_CALLEE] = OBJECT_TO_JSVAL(callee);
206 InitArgsLengthSlot(argsobj, argc);
207 return argsobj;
208 }
209
210 static void
211 PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
212 {
213 uint32 argc = GetArgsLength(argsobj);
214 JS_LOCK_OBJ(cx, argsobj);
215 for (uint32 i = 0; i != argc; ++i) {
216 jsval v = STOBJ_GET_SLOT(argsobj, JSSLOT_ARGS_COPY_START + i);
217 if (v != JSVAL_HOLE)
218 STOBJ_SET_SLOT(argsobj, JSSLOT_ARGS_COPY_START + i, args[i]);
219 }
220 JS_UNLOCK_OBJ(cx, argsobj);
221 }
222
223 #ifdef OJI
224 JS_BEGIN_EXTERN_C
225 JS_EXPORT_API(JSObject *)
226 #else
227 JSObject *
228 #endif
229 js_GetArgsObject(JSContext *cx, JSStackFrame *fp)
230 {
231 /*
232 * We must be in a function activation; the function must be lightweight
233 * or else fp must have a variable object.
234 */
235 JS_ASSERT(fp->fun && (!(fp->fun->flags & JSFUN_HEAVYWEIGHT) || fp->varobj));
236
237 /* Skip eval and debugger frames. */
238 while (fp->flags & JSFRAME_SPECIAL)
239 fp = fp->down;
240
241 /* Create an arguments object for fp only if it lacks one. */
242 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
243 if (argsobj)
244 return argsobj;
245
246 /*
247 * Give arguments an intrinsic scope chain link to fp's global object.
248 * Since the arguments object lacks a prototype because js_ArgumentsClass
249 * is not initialized, js_NewObject won't assign a default parent to it.
250 *
251 * Therefore if arguments is used as the head of an eval scope chain (via
252 * a direct or indirect call to eval(program, arguments)), any reference
253 * to a standard class object in the program will fail to resolve due to
254 * js_GetClassPrototype not being able to find a global object containing
255 * the standard prototype by starting from arguments and following parent.
256 */
257 JSObject *parent, *global = fp->scopeChain;
258 while ((parent = OBJ_GET_PARENT(cx, global)) != NULL)
259 global = parent;
260
261 JS_ASSERT(fp->argv);
262 argsobj = NewArguments(cx, global, fp->argc, JSVAL_TO_OBJECT(fp->argv[-2]));
263 if (!argsobj)
264 return argsobj;
265
266 /* Link the new object to fp so it can get actual argument values. */
267 argsobj->setPrivate(fp);
268 fp->argsobj = OBJECT_TO_JSVAL(argsobj);
269 return argsobj;
270 }
271
272 #ifdef OJI
273 JS_EXPORT_API(void)
274 #else
275 void
276 #endif
277 js_PutArgsObject(JSContext *cx, JSStackFrame *fp)
278 {
279 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
280 JS_ASSERT(argsobj->getPrivate() == fp);
281 PutArguments(cx, argsobj, fp->argv);
282 argsobj->setPrivate(NULL);
283 fp->argsobj = JSVAL_NULL;
284 }
285 #ifdef OJI
286 JS_END_EXTERN_C
287 #endif
288
289 /*
290 * Traced versions of js_GetArgsObject and js_PutArgsObject.
291 */
292
293 #ifdef JS_TRACER
294 JSObject * JS_FASTCALL
295 js_Arguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee,
296 double *argv, js_ArgsPrivateNative *apn)
297 {
298 JSObject *argsobj = NewArguments(cx, parent, argc, callee);
299 if (!argsobj)
300 return NULL;
301 apn->argv = argv;
302 SetArgsPrivateNative(argsobj, apn);
303 return argsobj;
304 }
305 #endif
306
307 JS_DEFINE_CALLINFO_6(extern, OBJECT, js_Arguments, CONTEXT, OBJECT, UINT32, OBJECT,
308 DOUBLEPTR, APNPTR, 0, 0)
309
310 /* FIXME change the return type to void. */
311 JSBool JS_FASTCALL
312 js_PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
313 {
314 JS_ASSERT(js_GetArgsPrivateNative(argsobj));
315 PutArguments(cx, argsobj, args);
316 argsobj->setPrivate(NULL);
317 return true;
318 }
319
320 JS_DEFINE_CALLINFO_3(extern, BOOL, js_PutArguments, CONTEXT, OBJECT, JSVALPTR, 0, 0)
321
322 static JSBool
323 args_delProperty(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
324 {
325 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
326
327 if (JSVAL_IS_INT(idval)) {
328 uintN arg = uintN(JSVAL_TO_INT(idval));
329 if (arg < GetArgsLength(obj))
330 OBJ_SET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg, JSVAL_HOLE);
331 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
332 SetOverriddenArgsLength(obj);
333 } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
334 obj->fslots[JSSLOT_ARGS_CALLEE] = JSVAL_HOLE;
335 }
336 return true;
337 }
338
339 static JS_REQUIRES_STACK JSObject *
340 WrapEscapingClosure(JSContext *cx, JSStackFrame *fp, JSObject *funobj, JSFunction *fun)
341 {
342 JS_ASSERT(GET_FUNCTION_PRIVATE(cx, funobj) == fun);
343 JS_ASSERT(fun->optimizedClosure());
344 JS_ASSERT(!fun->u.i.wrapper);
345
346 /*
347 * We do not attempt to reify Call and Block objects on demand for outer
348 * scopes. This could be done (see the "v8" patch in bug 494235) but it is
349 * fragile in the face of ongoing compile-time optimization. Instead, the
350 * _DBG* opcodes used by wrappers created here must cope with unresolved
351 * upvars and throw them as reference errors. Caveat debuggers!
352 */
353 JSObject *scopeChain = js_GetScopeChain(cx, fp);
354 if (!scopeChain)
355 return NULL;
356
357 JSObject *wfunobj = js_NewObjectWithGivenProto(cx, &js_FunctionClass,
358 funobj, scopeChain);
359 if (!wfunobj)
360 return NULL;
361 JSAutoTempValueRooter tvr(cx, wfunobj);
362
363 JSFunction *wfun = (JSFunction *) wfunobj;
364 wfunobj->setPrivate(wfun);
365 wfun->nargs = 0;
366 wfun->flags = fun->flags | JSFUN_HEAVYWEIGHT;
367 wfun->u.i.nvars = 0;
368 wfun->u.i.nupvars = 0;
369 wfun->u.i.skipmin = fun->u.i.skipmin;
370 wfun->u.i.wrapper = true;
371 wfun->u.i.script = NULL;
372 wfun->u.i.names.taggedAtom = NULL;
373 wfun->atom = fun->atom;
374
375 if (fun->hasLocalNames()) {
376 void *mark = JS_ARENA_MARK(&cx->tempPool);
377 jsuword *names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
378 if (!names)
379 return NULL;
380
381 JSBool ok = true;
382 for (uintN i = 0, n = fun->countLocalNames(); i != n; i++) {
383 jsuword name = names[i];
384 JSAtom *atom = JS_LOCAL_NAME_TO_ATOM(name);
385 JSLocalKind localKind = (i < fun->nargs)
386 ? JSLOCAL_ARG
387 : (i < fun->countArgsAndVars())
388 ? (JS_LOCAL_NAME_IS_CONST(name)
389 ? JSLOCAL_CONST
390 : JSLOCAL_VAR)
391 : JSLOCAL_UPVAR;
392
393 ok = js_AddLocal(cx, wfun, atom, localKind);
394 if (!ok)
395 break;
396 }
397
398 JS_ARENA_RELEASE(&cx->tempPool, mark);
399 if (!ok)
400 return NULL;
401 JS_ASSERT(wfun->nargs == fun->nargs);
402 JS_ASSERT(wfun->u.i.nvars == fun->u.i.nvars);
403 JS_ASSERT(wfun->u.i.nupvars == fun->u.i.nupvars);
404 js_FreezeLocalNames(cx, wfun);
405 }
406
407 JSScript *script = fun->u.i.script;
408 jssrcnote *snbase = script->notes();
409 jssrcnote *sn = snbase;
410 while (!SN_IS_TERMINATOR(sn))
411 sn = SN_NEXT(sn);
412 uintN nsrcnotes = (sn - snbase) + 1;
413
414 /* NB: GC must not occur before wscript is homed in wfun->u.i.script. */
415 JSScript *wscript = js_NewScript(cx, script->length, nsrcnotes,
416 script->atomMap.length,
417 (script->objectsOffset != 0)
418 ? script->objects()->length
419 : 0,
420 fun->u.i.nupvars,
421 (script->regexpsOffset != 0)
422 ? script->regexps()->length
423 : 0,
424 (script->trynotesOffset != 0)
425 ? script->trynotes()->length
426 : 0);
427 if (!wscript)
428 return NULL;
429
430 memcpy(wscript->code, script->code, script->length);
431 wscript->main = wscript->code + (script->main - script->code);
432
433 memcpy(wscript->notes(), snbase, nsrcnotes * sizeof(jssrcnote));
434 memcpy(wscript->atomMap.vector, script->atomMap.vector,
435 wscript->atomMap.length * sizeof(JSAtom *));
436 if (script->objectsOffset != 0) {
437 memcpy(wscript->objects()->vector, script->objects()->vector,
438 wscript->objects()->length * sizeof(JSObject *));
439 }
440 if (script->regexpsOffset != 0) {
441 memcpy(wscript->regexps()->vector, script->regexps()->vector,
442 wscript->regexps()->length * sizeof(JSObject *));
443 }
444 if (script->trynotesOffset != 0) {
445 memcpy(wscript->trynotes()->vector, script->trynotes()->vector,
446 wscript->trynotes()->length * sizeof(JSTryNote));
447 }
448
449 if (wfun->u.i.nupvars != 0) {
450 JS_ASSERT(wfun->u.i.nupvars == wscript->upvars()->length);
451 memcpy(wscript->upvars()->vector, script->upvars()->vector,
452 wfun->u.i.nupvars * sizeof(uint32));
453 }
454
455 jsbytecode *pc = wscript->code;
456 while (*pc != JSOP_STOP) {
457 /* XYZZYbe should copy JSOP_TRAP? */
458 JSOp op = js_GetOpcode(cx, wscript, pc);
459 const JSCodeSpec *cs = &js_CodeSpec[op];
460 ptrdiff_t oplen = cs->length;
461 if (oplen < 0)
462 oplen = js_GetVariableBytecodeLength(pc);
463
464 /*
465 * Rewrite JSOP_{GET,CALL}DSLOT as JSOP_{GET,CALL}UPVAR_DBG for the
466 * case where fun is an escaping flat closure. This works because the
467 * UPVAR and DSLOT ops by design have the same format: an upvar index
468 * immediate operand.
469 */
470 switch (op) {
471 case JSOP_GETUPVAR: *pc = JSOP_GETUPVAR_DBG; break;
472 case JSOP_CALLUPVAR: *pc = JSOP_CALLUPVAR_DBG; break;
473 case JSOP_GETDSLOT: *pc = JSOP_GETUPVAR_DBG; break;
474 case JSOP_CALLDSLOT: *pc = JSOP_CALLUPVAR_DBG; break;
475 case JSOP_DEFFUN_FC: *pc = JSOP_DEFFUN_DBGFC; break;
476 case JSOP_DEFLOCALFUN_FC: *pc = JSOP_DEFLOCALFUN_DBGFC; break;
477 case JSOP_LAMBDA_FC: *pc = JSOP_LAMBDA_DBGFC; break;
478 default:;
479 }
480 pc += oplen;
481 }
482
483 /*
484 * Fill in the rest of wscript. This means if you add members to JSScript
485 * you must update this code. FIXME: factor into JSScript::clone method.
486 */
487 wscript->flags = script->flags;
488 wscript->version = script->version;
489 wscript->nfixed = script->nfixed;
490 wscript->filename = script->filename;
491 wscript->lineno = script->lineno;
492 wscript->nslots = script->nslots;
493 wscript->staticLevel = script->staticLevel;
494 wscript->principals = script->principals;
495 if (wscript->principals)
496 JSPRINCIPALS_HOLD(cx, wscript->principals);
497 #ifdef CHECK_SCRIPT_OWNER
498 wscript->owner = script->owner;
499 #endif
500
501 /* Deoptimize wfun from FUN_{FLAT,NULL}_CLOSURE to FUN_INTERPRETED. */
502 FUN_SET_KIND(wfun, JSFUN_INTERPRETED);
503 wfun->u.i.script = wscript;
504 return wfunobj;
505 }
506
507 static JSBool
508 ArgGetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
509 {
510 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
511 return true;
512
513 if (JSVAL_IS_INT(idval)) {
514 /*
515 * arg can exceed the number of arguments if a script changed the
516 * prototype to point to another Arguments object with a bigger argc.
517 */
518 uintN arg = uintN(JSVAL_TO_INT(idval));
519 if (arg < GetArgsLength(obj)) {
520 #ifdef JS_TRACER
521 js_ArgsPrivateNative *argp = js_GetArgsPrivateNative(obj);
522 if (argp) {
523 if (js_NativeToValue(cx, *vp, argp->typemap()[arg], &argp->argv[arg]))
524 return true;
525 js_LeaveTrace(cx);
526 return false;
527 }
528 #endif
529
530 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
531 if (fp) {
532 *vp = fp->argv[arg];
533 } else {
534 jsval v = OBJ_GET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg);
535 if (v != JSVAL_HOLE)
536 *vp = v;
537 }
538 }
539 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
540 if (!js_IsOverriddenArgsLength(obj))
541 *vp = INT_TO_JSVAL(GetArgsLength(obj));
542 } else {
543 JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
544 jsval v = obj->fslots[JSSLOT_ARGS_CALLEE];
545 if (v != JSVAL_HOLE) {
546 /*
547 * If this function or one in it needs upvars that reach above it
548 * in the scope chain, it must not be a null closure (it could be a
549 * flat closure, or an unoptimized closure -- the latter itself not
550 * necessarily heavyweight). Rather than wrap here, we simply throw
551 * to reduce code size and tell debugger users the truth instead of
552 * passing off a fibbing wrapper.
553 */
554 if (GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
555 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
556 JSMSG_OPTIMIZED_CLOSURE_LEAK);
557 return false;
558 }
559 *vp = v;
560 }
561 }
562 return true;
563 }
564
565 static JSBool
566 ArgSetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
567 {
568 #ifdef JS_TRACER
569 // To be able to set a property here on trace, we would have to make
570 // sure any updates also get written back to the trace native stack.
571 // For simplicity, we just leave trace, since this is presumably not
572 // a common operation.
573 if (JS_ON_TRACE(cx)) {
574 js_DeepBail(cx);
575 return false;
576 }
577 #endif
578
579 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
580 return true;
581
582 if (JSVAL_IS_INT(idval)) {
583 uintN arg = uintN(JSVAL_TO_INT(idval));
584 if (arg < GetArgsLength(obj)) {
585 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
586 if (fp) {
587 fp->argv[arg] = *vp;
588 return true;
589 }
590 }
591 } else {
592 JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.lengthAtom) ||
593 idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
594 }
595
596 /*
597 * For simplicity we use delete/set to replace the property with one
598 * backed by the default Object getter and setter. Note the we rely on
599 * args_delete to clear the corresponding reserved slot so the GC can
600 * collect its value.
601 */
602 jsid id;
603 if (!JS_ValueToId(cx, idval, &id))
604 return false;
605
606 JSAutoTempValueRooter tvr(cx);
607 return js_DeleteProperty(cx, obj, id, tvr.addr()) &&
608 js_SetProperty(cx, obj, id, vp);
609 }
610
611 static JSBool
612 args_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
613 JSObject **objp)
614 {
615 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
616
617 *objp = NULL;
618 jsid id = 0;
619 if (JSVAL_IS_INT(idval)) {
620 uint32 arg = uint32(JSVAL_TO_INT(idval));
621 if (arg < GetArgsLength(obj) &&
622 OBJ_GET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg) != JSVAL_HOLE) {
623 id = INT_JSVAL_TO_JSID(idval);
624 }
625 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
626 if (!js_IsOverriddenArgsLength(obj))
627 id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
628
629 } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
630 if (obj->fslots[JSSLOT_ARGS_CALLEE] != JSVAL_HOLE)
631 id = ATOM_TO_JSID(cx->runtime->atomState.calleeAtom);
632 }
633
634 if (id != 0) {
635 /*
636 * XXX ECMA specs DontEnum even for indexed properties, contrary to
637 * other array-like objects.
638 */
639 if (!js_DefineProperty(cx, obj, id, JSVAL_VOID, ArgGetter, ArgSetter, JSPROP_SHARED))
640 return JS_FALSE;
641 *objp = obj;
642 }
643 return true;
644 }
645
646 static JSBool
647 args_enumerate(JSContext *cx, JSObject *obj)
648 {
649 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
650
651 /*
652 * Trigger reflection in args_resolve using a series of js_LookupProperty
653 * calls.
654 */
655 int argc = int(GetArgsLength(obj));
656 for (int i = -2; i != argc; i++) {
657 jsid id = (i == -2)
658 ? ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)
659 : (i == -1)
660 ? ATOM_TO_JSID(cx->runtime->atomState.calleeAtom)
661 : INT_JSVAL_TO_JSID(INT_TO_JSVAL(i));
662
663 JSObject *pobj;
664 JSProperty *prop;
665 if (!js_LookupProperty(cx, obj, id, &pobj, &prop))
666 return false;
667
668 /* prop is null when the property was deleted. */
669 if (prop)
670 pobj->dropProperty(cx, prop);
671 }
672 return true;
673 }
674
675 #if JS_HAS_GENERATORS
676 /*
677 * If a generator-iterator's arguments or call object escapes, it needs to
678 * mark its generator object.
679 */
680 static void
681 args_or_call_trace(JSTracer *trc, JSObject *obj)
682 {
683 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass ||
684 STOBJ_GET_CLASS(obj) == &js_CallClass);
685 if (STOBJ_GET_CLASS(obj) == &js_ArgumentsClass && js_GetArgsPrivateNative(obj))
686 return;
687
688 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
689 if (fp && (fp->flags & JSFRAME_GENERATOR)) {
690 JS_CALL_OBJECT_TRACER(trc, FRAME_TO_GENERATOR(fp)->obj,
691 "FRAME_TO_GENERATOR(fp)->obj");
692 }
693 }
694 #else
695 # define args_or_call_trace NULL
696 #endif
697
698 static uint32
699 args_reserveSlots(JSContext *cx, JSObject *obj)
700 {
701 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
702 return GetArgsLength(obj);
703 }
704
705 /*
706 * The Arguments class is not initialized via JS_InitClass, and must not be,
707 * because its name is "Object". Per ECMA, that causes instances of it to
708 * delegate to the object named by Object.prototype. It also ensures that
709 * arguments.toString() returns "[object Object]".
710 *
711 * The JSClass functions below collaborate to lazily reflect and synchronize
712 * actual argument values, argument count, and callee function object stored
713 * in a JSStackFrame with their corresponding property values in the frame's
714 * arguments object.
715 */
716 JSClass js_ArgumentsClass = {
717 js_Object_str,
718 JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE |
719 JSCLASS_HAS_RESERVED_SLOTS(ARGS_CLASS_FIXED_RESERVED_SLOTS) |
720 JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
721 JS_PropertyStub, args_delProperty,
722 JS_PropertyStub, JS_PropertyStub,
723 args_enumerate, (JSResolveOp) args_resolve,
724 JS_ConvertStub, NULL,
725 NULL, NULL,
726 NULL, NULL,
727 NULL, NULL,
728 JS_CLASS_TRACE(args_or_call_trace), args_reserveSlots
729 };
730
731 const uint32 JSSLOT_CALLEE = JSSLOT_PRIVATE + 1;
732 const uint32 JSSLOT_CALL_ARGUMENTS = JSSLOT_PRIVATE + 2;
733 const uint32 CALL_CLASS_FIXED_RESERVED_SLOTS = 2;
734
735 /*
736 * A Declarative Environment object stores its active JSStackFrame pointer in
737 * its private slot, just as Call and Arguments objects do.
738 */
739 JSClass js_DeclEnvClass = {
740 js_Object_str,
741 JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
742 JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
743 JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, NULL,
744 JSCLASS_NO_OPTIONAL_MEMBERS
745 };
746
747 static JSBool
748 CheckForEscapingClosure(JSContext *cx, JSObject *obj, jsval *vp)
749 {
750 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass ||
751 STOBJ_GET_CLASS(obj) == &js_DeclEnvClass);
752
753 jsval v = *vp;
754
755 if (VALUE_IS_FUNCTION(cx, v)) {
756 JSObject *funobj = JSVAL_TO_OBJECT(v);
757 JSFunction *fun = GET_FUNCTION_PRIVATE(cx, funobj);
758
759 /*
760 * Any escaping null or flat closure that reaches above itself or
761 * contains nested functions that reach above it must be wrapped.
762 * We can wrap only when this Call or Declarative Environment obj
763 * still has an active stack frame associated with it.
764 */
765 if (fun->needsWrapper()) {
766 js_LeaveTrace(cx);
767
768 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
769 if (fp) {
770 JSObject *wrapper = WrapEscapingClosure(cx, fp, funobj, fun);
771 if (!wrapper)
772 return false;
773 *vp = OBJECT_TO_JSVAL(wrapper);
774 return true;
775 }
776
777 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
778 JSMSG_OPTIMIZED_CLOSURE_LEAK);
779 return false;
780 }
781 }
782 return true;
783 }
784
785 static JSBool
786 CalleeGetter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
787 {
788 return CheckForEscapingClosure(cx, obj, vp);
789 }
790
791 JSObject *
792 js_GetCallObject(JSContext *cx, JSStackFrame *fp)
793 {
794 JSObject *callobj;
795
796 /* Create a call object for fp only if it lacks one. */
797 JS_ASSERT(fp->fun);
798 callobj = fp->callobj;
799 if (callobj)
800 return callobj;
801
802 #ifdef DEBUG
803 /* A call object should be a frame's outermost scope chain element. */
804 JSClass *classp = OBJ_GET_CLASS(cx, fp->scopeChain);
805 if (classp == &js_WithClass || classp == &js_BlockClass || classp == &js_CallClass)
806 JS_ASSERT(fp->scopeChain->getPrivate() != fp);
807 #endif
808
809 /*
810 * Create the call object, using the frame's enclosing scope as its
811 * parent, and link the call to its stack frame. For a named function
812 * expression Call's parent points to an environment object holding
813 * function's name.
814 */
815 JSAtom *lambdaName = (fp->fun->flags & JSFUN_LAMBDA) ? fp->fun->atom : NULL;
816 if (lambdaName) {
817 JSObject *env = js_NewObjectWithGivenProto(cx, &js_DeclEnvClass, NULL,
818 fp->scopeChain);
819 if (!env)
820 return NULL;
821 env->setPrivate(fp);
822
823 /* Root env before js_DefineNativeProperty (-> JSClass.addProperty). */
824 fp->scopeChain = env;
825 JS_ASSERT(fp->argv);
826 if (!js_DefineNativeProperty(cx, fp->scopeChain, ATOM_TO_JSID(lambdaName),
827 fp->argv[-2],
828 CalleeGetter, NULL,
829 JSPROP_PERMANENT | JSPROP_READONLY,
830 0, 0, NULL)) {
831 return NULL;
832 }
833 }
834
835 callobj = js_NewObjectWithGivenProto(cx, &js_CallClass, NULL, fp->scopeChain);
836 if (!callobj ||
837 !js_EnsureReservedSlots(cx, callobj, fp->fun->countArgsAndVars())) {
838 return NULL;
839 }
840
841 callobj->setPrivate(fp);
842 JS_ASSERT(fp->argv);
843 JS_ASSERT(fp->fun == GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(fp->argv[-2])));
844 STOBJ_SET_SLOT(callobj, JSSLOT_CALLEE, fp->argv[-2]);
845 fp->callobj = callobj;
846
847 /*
848 * Push callobj on the top of the scope chain, and make it the
849 * variables object.
850 */
851 fp->scopeChain = callobj;
852 fp->varobj = callobj;
853 return callobj;
854 }
855
856 JSFunction *
857 js_GetCallObjectFunction(JSObject *obj)
858 {
859 jsval v;
860
861 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass);
862 v = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE);
863 if (JSVAL_IS_VOID(v)) {
864 /* Newborn or prototype object. */
865 return NULL;
866 }
867 JS_ASSERT(!JSVAL_IS_PRIMITIVE(v));
868 return GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v));
869 }
870
871 #ifdef OJI
872 JS_BEGIN_EXTERN_C
873 JS_EXPORT_API(void)
874 #else
875 void
876 #endif
877 js_PutCallObject(JSContext *cx, JSStackFrame *fp)
878 {
879 JSObject *callobj = fp->callobj;
880 JS_ASSERT(callobj);
881
882 /* Get the arguments object to snapshot fp's actual argument values. */
883 if (fp->argsobj) {
884 if (!(fp->flags & JSFRAME_OVERRIDE_ARGS))
885 STOBJ_SET_SLOT(callobj, JSSLOT_CALL_ARGUMENTS, fp->argsobj);
886 js_PutArgsObject(cx, fp);
887 }
888
889 JSFunction *fun = fp->fun;
890 JS_ASSERT(fun == js_GetCallObjectFunction(callobj));
891 uintN n = fun->countArgsAndVars();
892
893 /*
894 * Since for a call object all fixed slots happen to be taken, we can copy
895 * arguments and variables straight into JSObject.dslots.
896 */
897 JS_STATIC_ASSERT(JS_INITIAL_NSLOTS - JSSLOT_PRIVATE ==
898 1 + CALL_CLASS_FIXED_RESERVED_SLOTS);
899 if (n != 0) {
900 JS_ASSERT(STOBJ_NSLOTS(callobj) >= JS_INITIAL_NSLOTS + n);
901 n += JS_INITIAL_NSLOTS;
902 JS_LOCK_OBJ(cx, callobj);
903 memcpy(callobj->dslots, fp->argv, fun->nargs * sizeof(jsval));
904 memcpy(callobj->dslots + fun->nargs, fp->slots,
905 fun->u.i.nvars * sizeof(jsval));
906 JS_UNLOCK_OBJ(cx, callobj);
907 }
908
909 /* Clear private pointers to fp, which is about to go away (js_Invoke). */
910 if ((fun->flags & JSFUN_LAMBDA) && fun->atom) {
911 JSObject *env = STOBJ_GET_PARENT(callobj);
912
913 JS_ASSERT(STOBJ_GET_CLASS(env) == &js_DeclEnvClass);
914 JS_ASSERT(env->getPrivate() == fp);
915 env->setPrivate(NULL);
916 }
917
918 callobj->setPrivate(NULL);
919 fp->callobj = NULL;
920 }
921 #ifdef OJI
922 JS_END_EXTERN_C
923 #endif
924
925 static JSBool
926 call_enumerate(JSContext *cx, JSObject *obj)
927 {
928 JSFunction *fun;
929 uintN n, i;
930 void *mark;
931 jsuword *names;
932 JSBool ok;
933 JSAtom *name;
934 JSObject *pobj;
935 JSProperty *prop;
936
937 fun = js_GetCallObjectFunction(obj);
938 n = fun ? fun->countArgsAndVars() : 0;
939 if (n == 0)
940 return JS_TRUE;
941
942 mark = JS_ARENA_MARK(&cx->tempPool);
943
944 MUST_FLOW_THROUGH("out");
945 names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
946 if (!names) {
947 ok = JS_FALSE;
948 goto out;
949 }
950
951 for (i = 0; i != n; ++i) {
952 name = JS_LOCAL_NAME_TO_ATOM(names[i]);
953 if (!name)
954 continue;
955
956 /*
957 * Trigger reflection by looking up the name of the argument or
958 * variable.
959 */
960 ok = js_LookupProperty(cx, obj, ATOM_TO_JSID(name), &pobj, &prop);
961 if (!ok)
962 goto out;
963
964 /*
965 * The call object will always have a property corresponding to the
966 * argument or variable name because call_resolve creates the property
967 * using JSPROP_PERMANENT.
968 */
969 JS_ASSERT(prop);
970 JS_ASSERT(pobj == obj);
971 pobj->dropProperty(cx, prop);
972 }
973 ok = JS_TRUE;
974
975 out:
976 JS_ARENA_RELEASE(&cx->tempPool, mark);
977 return ok;
978 }
979
980 typedef enum JSCallPropertyKind {
981 JSCPK_ARGUMENTS,
982 JSCPK_ARG,
983 JSCPK_VAR
984 } JSCallPropertyKind;
985
986 static JSBool
987 CallPropertyOp(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
988 JSCallPropertyKind kind, JSBool setter)
989 {
990 JSFunction *fun;
991 JSStackFrame *fp;
992 uintN i;
993 jsval *array;
994
995 if (STOBJ_GET_CLASS(obj) != &js_CallClass)
996 return JS_TRUE;
997
998 fun = js_GetCallObjectFunction(obj);
999 fp = (JSStackFrame *) obj->getPrivate();
1000
1001 if (kind == JSCPK_ARGUMENTS) {
1002 if (setter) {
1003 if (fp)
1004 fp->flags |= JSFRAME_OVERRIDE_ARGS;
1005 STOBJ_SET_SLOT(obj, JSSLOT_CALL_ARGUMENTS, *vp);
1006 } else {
1007 if (fp && !(fp->flags & JSFRAME_OVERRIDE_ARGS)) {
1008 JSObject *argsobj;
1009
1010 argsobj = js_GetArgsObject(cx, fp);
1011 if (!argsobj)
1012 return JS_FALSE;
1013 *vp = OBJECT_TO_JSVAL(argsobj);
1014 } else {
1015 *vp = STOBJ_GET_SLOT(obj, JSSLOT_CALL_ARGUMENTS);
1016 }
1017 }
1018 return JS_TRUE;
1019 }
1020
1021 JS_ASSERT((int16) JSVAL_TO_INT(id) == JSVAL_TO_INT(id));
1022 i = (uint16) JSVAL_TO_INT(id);
1023 JS_ASSERT_IF(kind == JSCPK_ARG, i < fun->nargs);
1024 JS_ASSERT_IF(kind == JSCPK_VAR, i < fun->u.i.nvars);
1025
1026 if (!fp) {
1027 i += CALL_CLASS_FIXED_RESERVED_SLOTS;
1028 if (kind == JSCPK_VAR)
1029 i += fun->nargs;
1030 else
1031 JS_ASSERT(kind == JSCPK_ARG);
1032 return setter
1033 ? JS_SetReservedSlot(cx, obj, i, *vp)
1034 : JS_GetReservedSlot(cx, obj, i, vp);
1035 }
1036
1037 if (kind == JSCPK_ARG) {
1038 array = fp->argv;
1039 } else {
1040 JS_ASSERT(kind == JSCPK_VAR);
1041 array = fp->slots;
1042 }
1043 if (setter) {
1044 GC_POKE(cx, array[i]);
1045 array[i] = *vp;
1046 } else {
1047 *vp = array[i];
1048 }
1049 return JS_TRUE;
1050 }
1051
1052 static JSBool
1053 GetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1054 {
1055 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_FALSE);
1056 }
1057
1058 static JSBool
1059 SetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1060 {
1061 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_TRUE);
1062 }
1063
1064 JSBool
1065 js_GetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1066 {
1067 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_FALSE);
1068 }
1069
1070 JSBool
1071 SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1072 {
1073 return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_TRUE);
1074 }
1075
1076 JSBool
1077 js_GetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1078 {
1079 return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE);
1080 }
1081
1082 JSBool
1083 js_GetCallVarChecked(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1084 {
1085 if (!CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE))
1086 return JS_FALSE;
1087
1088 return CheckForEscapingClosure(cx, obj, vp);
1089 }
1090
1091 JSBool
1092 SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1093 {
1094 return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_TRUE);
1095 }
1096
1097 JSBool JS_FASTCALL
1098 js_SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval v)
1099 {
1100 return CallPropertyOp(cx, obj, id, &v, JSCPK_ARG, JS_TRUE);
1101 }
1102
1103 JSBool JS_FASTCALL
1104 js_SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval v)
1105 {
1106 return CallPropertyOp(cx, obj, id, &v, JSCPK_VAR, JS_TRUE);
1107 }
1108
1109 JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallArg, CONTEXT, OBJECT, JSID, JSVAL, 0, 0)
1110 JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallVar, CONTEXT, OBJECT, JSID, JSVAL, 0, 0)
1111
1112 static JSBool
1113 call_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
1114 JSObject **objp)
1115 {
1116 jsval callee;
1117 JSFunction *fun;
1118 jsid id;
1119 JSLocalKind localKind;
1120 JSPropertyOp getter, setter;
1121 uintN slot, attrs;
1122
1123 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass);
1124 JS_ASSERT(!STOBJ_GET_PROTO(obj));
1125
1126 if (!JSVAL_IS_STRING(idval))
1127 return JS_TRUE;
1128
1129 callee = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE);
1130 if (JSVAL_IS_VOID(callee))
1131 return JS_TRUE;
1132 fun = GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(callee));
1133
1134 if (!js_ValueToStringId(cx, idval, &id))
1135 return JS_FALSE;
1136
1137 /*
1138 * Check whether the id refers to a formal parameter, local variable or
1139 * the arguments special name.
1140 *
1141 * We define all such names using JSDNP_DONT_PURGE to avoid an expensive
1142 * shape invalidation in js_DefineNativeProperty. If such an id happens to
1143 * shadow a global or upvar of the same name, any inner functions can
1144 * never access the outer binding. Thus it cannot invalidate any property
1145 * cache entries or derived trace guards for the outer binding. See also
1146 * comments in js_PurgeScopeChainHelper from jsobj.cpp.
1147 */
1148 localKind = js_LookupLocal(cx, fun, JSID_TO_ATOM(id), &slot);
1149 if (localKind != JSLOCAL_NONE && localKind != JSLOCAL_UPVAR) {
1150 JS_ASSERT((uint16) slot == slot);
1151
1152 /*
1153 * We follow 10.2.3 of ECMA 262 v3 and make argument and variable
1154 * properties of the Call objects enumerable.
1155 */
1156 attrs = JSPROP_ENUMERATE | JSPROP_PERMANENT | JSPROP_SHARED;
1157 if (localKind == JSLOCAL_ARG) {
1158 JS_ASSERT(slot < fun->nargs);
1159 getter = js_GetCallArg;
1160 setter = SetCallArg;
1161 } else {
1162 JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
1163 JS_ASSERT(slot < fun->u.i.nvars);
1164 getter = js_GetCallVar;
1165 setter = SetCallVar;
1166 if (localKind == JSLOCAL_CONST)
1167 attrs |= JSPROP_READONLY;
1168
1169 /*
1170 * Use js_GetCallVarChecked if the local's value is a null closure.
1171 * This way we penalize performance only slightly on first use of a
1172 * null closure, not on every use.
1173 */
1174 jsval v;
1175 if (!CallPropertyOp(cx, obj, INT_TO_JSID((int16)slot), &v, JSCPK_VAR, JS_FALSE))
1176 return JS_FALSE;
1177 if (VALUE_IS_FUNCTION(cx, v) &&
1178 GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
1179 getter = js_GetCallVarChecked;
1180 }
1181 }
1182 if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID, getter, setter,
1183 attrs, SPROP_HAS_SHORTID, (int16) slot,
1184 NULL, JSDNP_DONT_PURGE)) {
1185 return JS_FALSE;
1186 }
1187 *objp = obj;
1188 return JS_TRUE;
1189 }
1190
1191 /*
1192 * Resolve arguments so that we never store a particular Call object's
1193 * arguments object reference in a Call prototype's |arguments| slot.
1194 */
1195 if (id == ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom)) {
1196 if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID,
1197 GetCallArguments, SetCallArguments,
1198 JSPROP_PERMANENT | JSPROP_SHARED,
1199 0, 0, NULL, JSDNP_DONT_PURGE)) {
1200 return JS_FALSE;
1201 }
1202 *objp = obj;
1203 return JS_TRUE;
1204 }
1205
1206 /* Control flow reaches here only if id was not resolved. */
1207 return JS_TRUE;
1208 }
1209
1210 static JSBool
1211 call_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
1212 {
1213 if (type == JSTYPE_FUNCTION) {
1214 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
1215 if (fp) {
1216 JS_ASSERT(fp->fun);
1217 JS_ASSERT(fp->argv);
1218 *vp = fp->argv[-2];
1219 }
1220 }
1221 return JS_TRUE;
1222 }
1223
1224 static uint32
1225 call_reserveSlots(JSContext *cx, JSObject *obj)
1226 {
1227 JSFunction *fun;
1228
1229 fun = js_GetCallObjectFunction(obj);
1230 return fun->countArgsAndVars();
1231 }
1232
1233 JS_FRIEND_DATA(JSClass) js_CallClass = {
1234 "Call",
1235 JSCLASS_HAS_PRIVATE |
1236 JSCLASS_HAS_RESERVED_SLOTS(CALL_CLASS_FIXED_RESERVED_SLOTS) |
1237 JSCLASS_NEW_RESOLVE | JSCLASS_IS_ANONYMOUS | JSCLASS_MARK_IS_TRACE,
1238 JS_PropertyStub, JS_PropertyStub,
1239 JS_PropertyStub, JS_PropertyStub,
1240 call_enumerate, (JSResolveOp)call_resolve,
1241 call_convert, NULL,
1242 NULL, NULL,
1243 NULL, NULL,
1244 NULL, NULL,
1245 JS_CLASS_TRACE(args_or_call_trace), call_reserveSlots
1246 };
1247
1248 /* Generic function tinyids. */
1249 enum {
1250 FUN_ARGUMENTS = -1, /* predefined arguments local variable */
1251 FUN_LENGTH = -2, /* number of actual args, arity if inactive */
1252 FUN_ARITY = -3, /* number of formal parameters; desired argc */
1253 FUN_NAME = -4, /* function name, "" if anonymous */
1254 FUN_CALLER = -5 /* Function.prototype.caller, backward compat */
1255 };
1256
1257 static JSBool
1258 fun_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
1259 {
1260 jsint slot;
1261 JSFunction *fun;
1262 JSStackFrame *fp;
1263 JSSecurityCallbacks *callbacks;
1264
1265 if (!JSVAL_IS_INT(id))
1266 return JS_TRUE;
1267 slot = JSVAL_TO_INT(id);
1268
1269 /*
1270 * Loop because getter and setter can be delegated from another class,
1271 * but loop only for FUN_LENGTH because we must pretend that f.length
1272 * is in each function instance f, per ECMA-262, instead of only in the
1273 * Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED
1274 * to make it appear so).
1275 *
1276 * This code couples tightly to the attributes for the function_props[]
1277 * initializers above, and to js_SetProperty and js_HasOwnProperty.
1278 *
1279 * It's important to allow delegating objects, even though they inherit
1280 * this getter (fun_getProperty), to override arguments, arity, caller,
1281 * and name. If we didn't return early for slot != FUN_LENGTH, we would
1282 * clobber *vp with the native property value, instead of letting script
1283 * override that value in delegating objects.
1284 *
1285 * Note how that clobbering is what simulates JSPROP_READONLY for all of
1286 * the non-standard properties when the directly addressed object (obj)
1287 * is a function object (i.e., when this loop does not iterate).
1288 */
1289 while (!(fun = (JSFunction *)
1290 JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL))) {
1291 if (slot != FUN_LENGTH)
1292 return JS_TRUE;
1293 obj = OBJ_GET_PROTO(cx, obj);
1294 if (!obj)
1295 return JS_TRUE;
1296 }
1297
1298 /* Find fun's top-most activation record. */
1299 for (fp = js_GetTopStackFrame(cx);
1300 fp && (fp->fun != fun || (fp->flags & JSFRAME_SPECIAL));
1301 fp = fp->down) {
1302 continue;
1303 }
1304
1305 switch (slot) {
1306 case FUN_ARGUMENTS:
1307 /* Warn if strict about f.arguments or equivalent unqualified uses. */
1308 if (!JS_ReportErrorFlagsAndNumber(cx,
1309 JSREPORT_WARNING | JSREPORT_STRICT,
1310 js_GetErrorMessage, NULL,
1311 JSMSG_DEPRECATED_USAGE,
1312 js_arguments_str)) {
1313 return JS_FALSE;
1314 }
1315 if (fp) {
1316 if (!js_GetArgsValue(cx, fp, vp))
1317 return JS_FALSE;
1318 } else {
1319 *vp = JSVAL_NULL;
1320 }
1321 break;
1322
1323 case FUN_LENGTH:
1324 case FUN_ARITY:
1325 *vp = INT_TO_JSVAL((jsint)fun->nargs);
1326 break;
1327
1328 case FUN_NAME:
1329 *vp = fun->atom
1330 ? ATOM_KEY(fun->atom)
1331 : STRING_TO_JSVAL(cx->runtime->emptyString);
1332 break;
1333
1334 case FUN_CALLER:
1335 if (fp && fp->down && fp->down->fun) {
1336 JSFunction *caller = fp->down->fun;
1337 /*
1338 * See equivalent condition in args_getProperty for ARGS_CALLEE,
1339 * but here we do not want to throw, since this escape can happen
1340 * via foo.caller alone, without any debugger or indirect eval. And
1341 * it seems foo.caller is still used on the Web.
1342 */
1343 if (caller->needsWrapper()) {
1344 JSObject *wrapper = WrapEscapingClosure(cx, fp->down, FUN_OBJECT(caller), caller);
1345 if (!wrapper)
1346 return JS_FALSE;
1347 *vp = OBJECT_TO_JSVAL(wrapper);
1348 return JS_TRUE;
1349 }
1350
1351 JS_ASSERT(fp->down->argv);
1352 *vp = fp->down->argv[-2];
1353 } else {
1354 *vp = JSVAL_NULL;
1355 }
1356 if (!JSVAL_IS_PRIMITIVE(*vp)) {
1357 callbacks = JS_GetSecurityCallbacks(cx);
1358 if (callbacks && callbacks->checkObjectAccess) {
1359 id = ATOM_KEY(cx->runtime->atomState.callerAtom);
1360 if (!callbacks->checkObjectAccess(cx, obj, id, JSACC_READ, vp))
1361 return JS_FALSE;
1362 }
1363 }
1364 break;
1365
1366 default:
1367 /* XXX fun[0] and fun.arguments[0] are equivalent. */
1368 if (fp && fp->fun && (uintN)slot < fp->fun->nargs)
1369 *vp = fp->argv[slot];
1370 break;
1371 }
1372
1373 return JS_TRUE;
1374 }
1375
1376 /*
1377 * ECMA-262 specifies that length is a property of function object instances,
1378 * but we can avoid that space cost by delegating to a prototype property that
1379 * is JSPROP_PERMANENT and JSPROP_SHARED. Each fun_getProperty call computes
1380 * a fresh length value based on the arity of the individual function object's
1381 * private data.
1382 *
1383 * The extensions below other than length, i.e., the ones not in ECMA-262,
1384 * are neither JSPROP_READONLY nor JSPROP_SHARED, because for compatibility
1385 * with ECMA we must allow a delegating object to override them. Therefore to
1386 * avoid entraining garbage in Function.prototype slots, they must be resolved
1387 * in non-prototype function objects, wherefore the lazy_function_props table
1388 * and fun_resolve's use of it.
1389 */
1390 #define LENGTH_PROP_ATTRS (JSPROP_READONLY|JSPROP_PERMANENT|JSPROP_SHARED)
1391
1392 static JSPropertySpec function_props[] = {
1393 {js_length_str, FUN_LENGTH, LENGTH_PROP_ATTRS, fun_getProperty, JS_PropertyStub},
1394 {0,0,0,0,0}
1395 };
1396
1397 typedef struct LazyFunctionProp {
1398 uint16 atomOffset;
1399 int8 tinyid;
1400 uint8 attrs;
1401 } LazyFunctionProp;
1402
1403 /* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */
1404 static LazyFunctionProp lazy_function_props[] = {
1405 {ATOM_OFFSET(arguments), FUN_ARGUMENTS, JSPROP_PERMANENT},
1406 {ATOM_OFFSET(arity), FUN_ARITY, JSPROP_PERMANENT},
1407 {ATOM_OFFSET(caller), FUN_CALLER, JSPROP_PERMANENT},
1408 {ATOM_OFFSET(name), FUN_NAME, JSPROP_PERMANENT},
1409 };
1410
1411 static JSBool
1412 fun_enumerate(JSContext *cx, JSObject *obj)
1413 {
1414 jsid prototypeId;
1415 JSObject *pobj;
1416 JSProperty *prop;
1417
1418 prototypeId = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1419 if (!obj->lookupProperty(cx, prototypeId, &pobj, &prop))
1420 return JS_FALSE;
1421 if (prop)
1422 pobj->dropProperty(cx, prop);
1423 return JS_TRUE;
1424 }
1425
1426 static JSBool
1427 fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
1428 JSObject **objp)
1429 {
1430 JSFunction *fun;
1431 JSAtom *atom;
1432 uintN i;
1433
1434 if (!JSVAL_IS_STRING(id))
1435 return JS_TRUE;
1436
1437 fun = GET_FUNCTION_PRIVATE(cx, obj);
1438
1439 /*
1440 * No need to reflect fun.prototype in 'fun.prototype = ... '.
1441 */
1442 if (flags & JSRESOLVE_ASSIGNING)
1443 return JS_TRUE;
1444
1445 /*
1446 * Ok, check whether id is 'prototype' and bootstrap the function object's
1447 * prototype property.
1448 */
1449 atom = cx->runtime->atomState.classPrototypeAtom;
1450 if (id == ATOM_KEY(atom)) {
1451 JSObject *proto;
1452
1453 /*
1454 * Beware of the wacky case of a user function named Object -- trying
1455 * to find a prototype for that will recur back here _ad perniciem_.
1456 */
1457 if (fun->atom == CLASS_ATOM(cx, Object))
1458 return JS_TRUE;
1459
1460 /*
1461 * Make the prototype object to have the same parent as the function
1462 * object itself.
1463 */
1464 proto = js_NewObject(cx, &js_ObjectClass, NULL, OBJ_GET_PARENT(cx, obj));
1465 if (!proto)
1466 return JS_FALSE;
1467
1468 /*
1469 * ECMA (15.3.5.2) says that constructor.prototype is DontDelete for
1470 * user-defined functions, but DontEnum | ReadOnly | DontDelete for
1471 * native "system" constructors such as Object or Function. So lazily
1472 * set the former here in fun_resolve, but eagerly define the latter
1473 * in JS_InitClass, with the right attributes.
1474 */
1475 if (!js_SetClassPrototype(cx, obj, proto, JSPROP_PERMANENT))
1476 return JS_FALSE;
1477
1478 *objp = obj;
1479 return JS_TRUE;
1480 }
1481
1482 for (i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) {
1483 LazyFunctionProp *lfp = &lazy_function_props[i];
1484
1485 atom = OFFSET_TO_ATOM(cx->runtime, lfp->atomOffset);
1486 if (id == ATOM_KEY(atom)) {
1487 if (!js_DefineNativeProperty(cx, obj,
1488 ATOM_TO_JSID(atom), JSVAL_VOID,
1489 fun_getProperty, JS_PropertyStub,
1490 lfp->attrs, SPROP_HAS_SHORTID,
1491 lfp->tinyid, NULL)) {
1492 return JS_FALSE;
1493 }
1494 *objp = obj;
1495 return JS_TRUE;
1496 }
1497 }
1498
1499 return JS_TRUE;
1500 }
1501
1502 static JSBool
1503 fun_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
1504 {
1505 switch (type) {
1506 case JSTYPE_FUNCTION:
1507 *vp = OBJECT_TO_JSVAL(obj);
1508 return JS_TRUE;
1509 default:
1510 return js_TryValueOf(cx, obj, type, vp);
1511 }
1512 }
1513
1514 #if JS_HAS_XDR
1515
1516 /* XXX store parent and proto, if defined */
1517 JSBool
1518 js_XDRFunctionObject(JSXDRState *xdr, JSObject **objp)
1519 {
1520 JSContext *cx;
1521 JSFunction *fun;
1522 uint32 firstword; /* flag telling whether fun->atom is non-null,
1523 plus for fun->u.i.skipmin, fun->u.i.wrapper,
1524 and 14 bits reserved for future use */
1525 uintN nargs, nvars, nupvars, n;
1526 uint32 localsword; /* word for argument and variable counts */
1527 uint32 flagsword; /* word for fun->u.i.nupvars and fun->flags */
1528 JSTempValueRooter tvr;
1529 JSBool ok;
1530
1531 cx = xdr->cx;
1532 if (xdr->mode == JSXDR_ENCODE) {
1533 fun = GET_FUNCTION_PRIVATE(cx, *objp);
1534 if (!FUN_INTERPRETED(fun)) {
1535 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1536 JSMSG_NOT_SCRIPTED_FUNCTION,
1537 JS_GetFunctionName(fun));
1538 return JS_FALSE;
1539 }
1540 if (fun->u.i.wrapper) {
1541 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1542 JSMSG_XDR_CLOSURE_WRAPPER,
1543 JS_GetFunctionName(fun));
1544 return JS_FALSE;
1545 }
1546 JS_ASSERT((fun->u.i.wrapper & ~1U) == 0);
1547 firstword = (fun->u.i.skipmin << 2) | (fun->u.i.wrapper << 1) | !!fun->atom;
1548 nargs = fun->nargs;
1549 nvars = fun->u.i.nvars;
1550 nupvars = fun->u.i.nupvars;
1551 localsword = (nargs << 16) | nvars;
1552 flagsword = (nupvars << 16) | fun->flags;
1553 } else {
1554 fun = js_NewFunction(cx, NULL, NULL, 0, JSFUN_INTERPRETED, NULL, NULL);
1555 if (!fun)
1556 return JS_FALSE;
1557 STOBJ_CLEAR_PARENT(FUN_OBJECT(fun));
1558 STOBJ_CLEAR_PROTO(FUN_OBJECT(fun));
1559 #ifdef __GNUC__
1560 nvars = nargs = nupvars = 0; /* quell GCC uninitialized warning */
1561 #endif
1562 }
1563
1564 /* From here on, control flow must flow through label out. */
1565 MUST_FLOW_THROUGH("out");
1566 JS_PUSH_TEMP_ROOT_OBJECT(cx, FUN_OBJECT(fun), &tvr);
1567 ok = JS_TRUE;
1568
1569 if (!JS_XDRUint32(xdr, &firstword))
1570 goto bad;
1571 if ((firstword & 1U) && !js_XDRStringAtom(xdr, &fun->atom))
1572 goto bad;
1573 if (!JS_XDRUint32(xdr, &localsword) ||
1574 !JS_XDRUint32(xdr, &flagsword)) {
1575 goto bad;
1576 }
1577
1578 if (xdr->mode == JSXDR_DECODE) {
1579 nargs = localsword >> 16;
1580 nvars = uint16(localsword);
1581 JS_ASSERT((flagsword & JSFUN_KINDMASK) >= JSFUN_INTERPRETED);
1582 nupvars = flagsword >> 16;
1583 fun->flags = uint16(flagsword);
1584 fun->u.i.skipmin = uint16(firstword >> 2);
1585 fun->u.i.wrapper = (firstword >> 1) & 1;
1586 }
1587
1588 /* do arguments and local vars */
1589 n = nargs + nvars + nupvars;
1590 if (n != 0) {
1591 void *mark;
1592 uintN i;
1593 uintN bitmapLength;
1594 uint32 *bitmap;
1595 jsuword *names;
1596 JSAtom *name;
1597 JSLocalKind localKind;
1598
1599 mark = JS_ARENA_MARK(&xdr->cx->tempPool);
1600
1601 /*
1602 * From this point the control must flow via the label release_mark.
1603 *
1604 * To xdr the names we prefix the names with a bitmap descriptor and
1605 * then xdr the names as strings. For argument names (indexes below
1606 * nargs) the corresponding bit in the bitmap is unset when the name
1607 * is null. Such null names are not encoded or decoded. For variable
1608 * names (indexes starting from nargs) bitmap's bit is set when the
1609 * name is declared as const, not as ordinary var.
1610 * */
1611 MUST_FLOW_THROUGH("release_mark");
1612 bitmapLength = JS_HOWMANY(n, JS_BITS_PER_UINT32);
1613 JS_ARENA_ALLOCATE_CAST(bitmap, uint32 *, &xdr->cx->tempPool,
1614 bitmapLength * sizeof *bitmap);
1615 if (!bitmap) {
1616 js_ReportOutOfScriptQuota(xdr->cx);
1617 ok = JS_FALSE;
1618 goto release_mark;
1619 }
1620 if (xdr->mode == JSXDR_ENCODE) {
1621 names = js_GetLocalNameArray(xdr->cx, fun, &xdr->cx->tempPool);
1622 if (!names) {
1623 ok = JS_FALSE;
1624 goto release_mark;
1625 }
1626 memset(bitmap, 0, bitmapLength * sizeof *bitmap);
1627 for (i = 0; i != n; ++i) {
1628 if (i < fun->nargs
1629 ? JS_LOCAL_NAME_TO_ATOM(names[i]) != NULL
1630 : JS_LOCAL_NAME_IS_CONST(names[i])) {
1631 bitmap[i >> JS_BITS_PER_UINT32_LOG2] |=
1632 JS_BIT(i & (JS_BITS_PER_UINT32 - 1));
1633 }
1634 }
1635 }
1636 #ifdef __GNUC__
1637 else {
1638 names = NULL; /* quell GCC uninitialized warning */
1639 }
1640 #endif
1641 for (i = 0; i != bitmapLength; ++i) {
1642 ok = JS_XDRUint32(xdr, &bitmap[i]);
1643 if (!ok)
1644 goto release_mark;
1645 }
1646 for (i = 0; i != n; ++i) {
1647 if (i < nargs &&
1648 !(bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1649 JS_BIT(i & (JS_BITS_PER_UINT32 - 1)))) {
1650 if (xdr->mode == JSXDR_DECODE) {
1651 ok = js_AddLocal(xdr->cx, fun, NULL, JSLOCAL_ARG);
1652 if (!ok)
1653 goto release_mark;
1654 } else {
1655 JS_ASSERT(!JS_LOCAL_NAME_TO_ATOM(names[i]));
1656 }
1657 continue;
1658 }
1659 if (xdr->mode == JSXDR_ENCODE)
1660 name = JS_LOCAL_NAME_TO_ATOM(names[i]);
1661 ok = js_XDRStringAtom(xdr, &name);
1662 if (!ok)
1663 goto release_mark;
1664 if (xdr->mode == JSXDR_DECODE) {
1665 localKind = (i < nargs)
1666 ? JSLOCAL_ARG
1667 : (i < nargs + nvars)
1668 ? (bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1669 JS_BIT(i & (JS_BITS_PER_UINT32 - 1))
1670 ? JSLOCAL_CONST
1671 : JSLOCAL_VAR)
1672 : JSLOCAL_UPVAR;
1673 ok = js_AddLocal(xdr->cx, fun, name, localKind);
1674 if (!ok)
1675 goto release_mark;
1676 }
1677 }
1678 ok = JS_TRUE;
1679
1680 release_mark:
1681 JS_ARENA_RELEASE(&xdr->cx->tempPool, mark);
1682 if (!ok)
1683 goto out;
1684
1685 if (xdr->mode == JSXDR_DECODE)
1686 js_FreezeLocalNames(cx, fun);
1687 }
1688
1689 if (!js_XDRScript(xdr, &fun->u.i.script, NULL))
1690 goto bad;
1691
1692 if (xdr->mode == JSXDR_DECODE) {
1693 *objp = FUN_OBJECT(fun);
1694 #ifdef CHECK_SCRIPT_OWNER
1695 fun->u.i.script->owner = NULL;
1696 #endif
1697 js_CallNewScriptHook(cx, fun->u.i.script, fun);
1698 }
1699
1700 out:
1701 JS_POP_TEMP_ROOT(cx, &tvr);
1702 return ok;
1703
1704 bad:
1705 ok = JS_FALSE;
1706 goto out;
1707 }
1708
1709 #else /* !JS_HAS_XDR */
1710
1711 #define js_XDRFunctionObject NULL
1712
1713 #endif /* !JS_HAS_XDR */
1714
1715 /*
1716 * [[HasInstance]] internal method for Function objects: fetch the .prototype
1717 * property of its 'this' parameter, and walks the prototype chain of v (only
1718 * if v is an object) returning true if .prototype is found.
1719 */
1720 static JSBool
1721 fun_hasInstance(JSContext *cx, JSObject *obj, jsval v, JSBool *bp)
1722 {
1723 jsval pval;
1724 jsid id = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1725 if (!obj->getProperty(cx, id, &pval))
1726 return JS_FALSE;
1727
1728 if (JSVAL_IS_PRIMITIVE(pval)) {
1729 /*
1730 * Throw a runtime error if instanceof is called on a function that
1731 * has a non-object as its .prototype value.
1732 */
1733 js_ReportValueError(cx, JSMSG_BAD_PROTOTYPE,
1734 -1, OBJECT_TO_JSVAL(obj), NULL);
1735 return JS_FALSE;
1736 }
1737
1738 return js_IsDelegate(cx, JSVAL_TO_OBJECT(pval), v, bp);
1739 }
1740
1741 static void
1742 TraceLocalNames(JSTracer *trc, JSFunction *fun);
1743
1744 static void
1745 DestroyLocalNames(JSContext *cx, JSFunction *fun);
1746
1747 static void
1748 fun_trace(JSTracer *trc, JSObject *obj)
1749 {
1750 /* A newborn function object may have a not yet initialized private slot. */
1751 JSFunction *fun = (JSFunction *) obj->getPrivate();
1752 if (!fun)
1753 return;
1754
1755 if (FUN_OBJECT(fun) != obj) {
1756 /* obj is cloned function object, trace the original. */
1757 JS_CALL_TRACER(trc, FUN_OBJECT(fun), JSTRACE_OBJECT, "private");
1758 return;
1759 }
1760 if (fun->atom)
1761 JS_CALL_STRING_TRACER(trc, ATOM_TO_STRING(fun->atom), "atom");
1762 if (FUN_INTERPRETED(fun)) {
1763 if (fun->u.i.script)
1764 js_TraceScript(trc, fun->u.i.script);
1765 TraceLocalNames(trc, fun);
1766 }
1767 }
1768
1769 static void
1770 fun_finalize(JSContext *cx, JSObject *obj)
1771 {
1772 /* Ignore newborn and cloned function objects. */
1773 JSFunction *fun = (JSFunction *) obj->getPrivate();
1774 if (!fun || FUN_OBJECT(fun) != obj)
1775 return;
1776
1777 /*
1778 * Null-check of u.i.script is required since the parser sets interpreted
1779 * very early.
1780 */
1781 if (FUN_INTERPRETED(fun)) {
1782 if (fun->u.i.script)
1783 js_DestroyScript(cx, fun->u.i.script);
1784 DestroyLocalNames(cx, fun);
1785 }
1786 }
1787
1788 uint32
1789 JSFunction::countInterpretedReservedSlots() const
1790 {
1791 JS_ASSERT(FUN_INTERPRETED(this));
1792
1793 uint32 nslots = (u.i.nupvars == 0)
1794 ? 0
1795 : u.i.script->upvars()->length;
1796 if (u.i.script->regexpsOffset != 0)
1797 nslots += u.i.script->regexps()->length;
1798 return nslots;
1799 }
1800
1801 static uint32
1802 fun_reserveSlots(JSContext *cx, JSObject *obj)
1803 {
1804 /*
1805 * We use getPrivate and not GET_FUNCTION_PRIVATE because during
1806 * js_InitFunctionClass invocation the function is called before the
1807 * private slot of the function object is set.
1808 */
1809 JSFunction *fun = (JSFunction *) obj->getPrivate();
1810 return (fun && FUN_INTERPRETED(fun))
1811 ? fun->countInterpretedReservedSlots()
1812 : 0;
1813 }
1814
1815 /*
1816 * Reserve two slots in all function objects for XPConnect. Note that this
1817 * does not bloat every instance, only those on which reserved slots are set,
1818 * and those on which ad-hoc properties are defined.
1819 */
1820 JS_FRIEND_DATA(JSClass) js_FunctionClass = {
1821 js_Function_str,
1822 JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(2) |
1823 JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Function),
1824 JS_PropertyStub, JS_PropertyStub,
1825 JS_PropertyStub, JS_PropertyStub,
1826 fun_enumerate, (JSResolveOp)fun_resolve,
1827 fun_convert, fun_finalize,
1828 NULL, NULL,
1829 NULL, NULL,
1830 js_XDRFunctionObject, fun_hasInstance,
1831 JS_CLASS_TRACE(fun_trace), fun_reserveSlots
1832 };
1833
1834 static JSBool
1835 fun_toStringHelper(JSContext *cx, uint32 indent, uintN argc, jsval *vp)
1836 {
1837 jsval fval;
1838 JSObject *obj;
1839 JSFunction *fun;
1840 JSString *str;
1841
1842 fval = JS_THIS(cx, vp);
1843 if (JSVAL_IS_NULL(fval))
1844 return JS_FALSE;
1845
1846 if (!VALUE_IS_FUNCTION(cx, fval)) {
1847 /*
1848 * If we don't have a function to start off with, try converting the
1849 * object to a function. If that doesn't work, complain.
1850 */
1851 if (!JSVAL_IS_PRIMITIVE(fval)) {
1852 obj = JSVAL_TO_OBJECT(fval);
1853 if (!OBJ_GET_CLASS(cx, obj)->convert(cx, obj, JSTYPE_FUNCTION,
1854 &fval)) {
1855 return JS_FALSE;
1856 }
1857 vp[1] = fval;
1858 }
1859 if (!VALUE_IS_FUNCTION(cx, fval)) {
1860 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1861 JSMSG_INCOMPATIBLE_PROTO,
1862 js_Function_str, js_toString_str,
1863 JS_GetTypeName(cx, JS_TypeOfValue(cx, fval)));
1864 return JS_FALSE;
1865 }
1866 }
1867
1868 obj = JSVAL_TO_OBJECT(fval);
1869 if (argc != 0) {
1870 indent = js_ValueToECMAUint32(cx, &vp[2]);
1871 if (JSVAL_IS_NULL(vp[2]))
1872 return JS_FALSE;
1873 }
1874
1875 JS_ASSERT(JS_ObjectIsFunction(cx, obj));
1876 fun = GET_FUNCTION_PRIVATE(cx, obj);
1877 if (!fun)
1878 return JS_TRUE;
1879 str = JS_DecompileFunction(cx, fun, (uintN)indent);
1880 if (!str)
1881 return JS_FALSE;
1882 *vp = STRING_TO_JSVAL(str);
1883 return JS_TRUE;
1884 }
1885
1886 static JSBool
1887 fun_toString(JSContext *cx, uintN argc, jsval *vp)
1888 {
1889 return fun_toStringHelper(cx, 0, argc, vp);
1890 }
1891
1892 #if JS_HAS_TOSOURCE
1893 static JSBool
1894 fun_toSource(JSContext *cx, uintN argc, jsval *vp)
1895 {
1896 return fun_toStringHelper(cx, JS_DONT_PRETTY_PRINT, argc, vp);
1897 }
1898 #endif
1899
1900 JSBool
1901 js_fun_call(JSContext *cx, uintN argc, jsval *vp)
1902 {
1903 JSObject *obj;
1904 jsval fval, *argv, *invokevp;
1905 JSString *str;
1906 void *mark;
1907 JSBool ok;
1908
1909 js_LeaveTrace(cx);
1910
1911 obj = JS_THIS_OBJECT(cx, vp);
1912 if (!obj || !obj->defaultValue(cx, JSTYPE_FUNCTION, &vp[1]))
1913 return JS_FALSE;
1914 fval = vp[1];
1915
1916 if (!VALUE_IS_FUNCTION(cx, fval)) {
1917 str = JS_ValueToString(cx, fval);
1918 if (str) {
1919 const char *bytes = js_GetStringBytes(cx, str);
1920
1921 if (bytes) {
1922 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1923 JSMSG_INCOMPATIBLE_PROTO,
1924 js_Function_str, js_call_str,
1925 bytes);
1926 }
1927 }
1928 return JS_FALSE;
1929 }
1930
1931 argv = vp + 2;
1932 if (argc == 0) {
1933 /* Call fun with its global object as the 'this' param if no args. */
1934 obj = NULL;
1935 } else {
1936 /* Otherwise convert the first arg to 'this' and skip over it. */
1937 if (!JSVAL_IS_PRIMITIVE(argv[0]))
1938 obj = JSVAL_TO_OBJECT(argv[0]);
1939 else if (!js_ValueToObject(cx, argv[0], &obj))
1940 return JS_FALSE;
1941 argc--;
1942 argv++;
1943 }
1944
1945 /* Allocate stack space for fval, obj, and the args. */
1946 invokevp = js_AllocStack(cx, 2 + argc, &mark);
1947 if (!invokevp)
1948 return JS_FALSE;
1949
1950 /* Push fval, obj, and the args. */
1951 invokevp[0] = fval;
1952 invokevp[1] = OBJECT_TO_JSVAL(obj);
1953 memcpy(invokevp + 2, argv, argc * sizeof *argv);
1954
1955 ok = js_Invoke(cx, argc, invokevp, 0);
1956 *vp = *invokevp;
1957 js_FreeStack(cx, mark);
1958 return ok;
1959 }
1960
1961 JSBool
1962 js_fun_apply(JSContext *cx, uintN argc, jsval *vp)
1963 {
1964 JSObject *obj, *aobj;
1965 jsval fval, *invokevp, *sp;
1966 JSString *str;
1967 jsuint length;
1968 JSBool arraylike, ok;
1969 void *mark;
1970 uintN i;
1971
1972 if (argc == 0) {
1973 /* Will get globalObject as 'this' and no other arguments. */
1974 return js_fun_call(cx, argc, vp);
1975 }
1976
1977 js_LeaveTrace(cx);
1978
1979 obj = JS_THIS_OBJECT(cx, vp);
1980 if (!obj || !obj->defaultValue(cx, JSTYPE_FUNCTION, &vp[1]))
1981 return JS_FALSE;
1982 fval = vp[1];
1983
1984 if (!VALUE_IS_FUNCTION(cx, fval)) {
1985 str = JS_ValueToString(cx, fval);
1986 if (str) {
1987 const char *bytes = js_GetStringBytes(cx, str);
1988
1989 if (bytes) {
1990 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1991 JSMSG_INCOMPATIBLE_PROTO,
1992 js_Function_str, js_apply_str,
1993 bytes);
1994 }
1995 }
1996 return JS_FALSE;
1997 }
1998
1999 /* Quell GCC overwarnings. */
2000 aobj = NULL;
2001 length = 0;
2002
2003 if (argc >= 2) {
2004 /* If the 2nd arg is null or void, call the function with 0 args. */
2005 if (JSVAL_IS_NULL(vp[3]) || JSVAL_IS_VOID(vp[3])) {
2006 argc = 0;
2007 } else {
2008 /* The second arg must be an array (or arguments object). */
2009 arraylike = JS_FALSE;
2010 if (!JSVAL_IS_PRIMITIVE(vp[3])) {
2011 aobj = JSVAL_TO_OBJECT(vp[3]);
2012 if (!js_IsArrayLike(cx, aobj, &arraylike, &length))
2013 return JS_FALSE;
2014 }
2015 if (!arraylike) {
2016 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2017 JSMSG_BAD_APPLY_ARGS, js_apply_str);
2018 return JS_FALSE;
2019 }
2020 }
2021 }
2022
2023 /* Convert the first arg to 'this' and skip over it. */
2024 if (!JSVAL_IS_PRIMITIVE(vp[2]))
2025 obj = JSVAL_TO_OBJECT(vp[2]);
2026 else if (!js_ValueToObject(cx, vp[2], &obj))
2027 return JS_FALSE;
2028
2029 /* Allocate stack space for fval, obj, and the args. */
2030 argc = (uintN)JS_MIN(length, JS_ARGS_LENGTH_MAX);
2031 invokevp = js_AllocStack(cx, 2 + argc, &mark);
2032 if (!invokevp)
2033 return JS_FALSE;
2034
2035 /* Push fval, obj, and aobj's elements as args. */
2036 sp = invokevp;
2037 *sp++ = fval;
2038 *sp++ = OBJECT_TO_JSVAL(obj);
2039 for (i = 0; i < argc; i++) {
2040 ok = JS_GetElement(cx, aobj, (jsint)i, sp);
2041 if (!ok)
2042 goto out;
2043 sp++;
2044 }
2045
2046 ok = js_Invoke(cx, argc, invokevp, 0);
2047 *vp = *invokevp;
2048 out:
2049 js_FreeStack(cx, mark);
2050 return ok;
2051 }
2052
2053 #ifdef NARCISSUS
2054 static JS_REQUIRES_STACK JSBool
2055 fun_applyConstructor(JSContext *cx, uintN argc, jsval *vp)
2056 {
2057 JSObject *aobj;
2058 uintN length, i;
2059 void *mark;
2060 jsval *invokevp, *sp;
2061 JSBool ok;
2062
2063 if (JSVAL_IS_PRIMITIVE(vp[2]) ||
2064 (aobj = JSVAL_TO_OBJECT(vp[2]),
2065 OBJ_GET_CLASS(cx, aobj) != &js_ArrayClass &&
2066 OBJ_GET_CLASS(cx, aobj) != &js_ArgumentsClass)) {
2067 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2068 JSMSG_BAD_APPLY_ARGS, "__applyConstruct__");
2069 return JS_FALSE;
2070 }
2071
2072 if (!js_GetLengthProperty(cx, aobj, &length))
2073 return JS_FALSE;
2074
2075 if (length > JS_ARGS_LENGTH_MAX)
2076 length = JS_ARGS_LENGTH_MAX;
2077 invokevp = js_AllocStack(cx, 2 + length, &mark);
2078 if (!invokevp)
2079 return JS_FALSE;
2080
2081 sp = invokevp;
2082 *sp++ = vp[1];
2083 *sp++ = JSVAL_NULL; /* this is filled automagically */
2084 for (i = 0; i < length; i++) {
2085 ok = JS_GetElement(cx, aobj, (jsint)i, sp);
2086 if (!ok)
2087 goto out;
2088 sp++;
2089 }
2090
2091 ok = js_InvokeConstructor(cx, length, JS_TRUE, invokevp);
2092 *vp = *invokevp;
2093 out:
2094 js_FreeStack(cx, mark);
2095 return ok;
2096 }
2097 #endif
2098
2099 static JSFunctionSpec function_methods[] = {
2100 #if JS_HAS_TOSOURCE
2101 JS_FN(js_toSource_str, fun_toSource, 0,0),
2102 #endif
2103 JS_FN(js_toString_str, fun_toString, 0,0),
2104 JS_FN(js_apply_str, js_fun_apply, 2,0),
2105 JS_FN(js_call_str, js_fun_call, 1,0),
2106 #ifdef NARCISSUS
2107 JS_FN("__applyConstructor__", fun_applyConstructor, 1,0),
2108 #endif
2109 JS_FS_END
2110 };
2111
2112 static JSBool
2113 Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
2114 {
2115 JSFunction *fun;
2116 JSObject *parent;
2117 JSStackFrame *fp, *caller;
2118 uintN i, n, lineno;
2119 JSAtom *atom;
2120 const char *filename;
2121 JSBool ok;
2122 JSString *str, *arg;
2123 JSTokenStream ts(cx);
2124 JSPrincipals *principals;
2125 jschar *collected_args, *cp;
2126 void *mark;
2127 size_t arg_length, args_length, old_args_length;
2128 JSTokenType tt;
2129
2130 if (!JS_IsConstructing(cx)) {
2131 obj = js_NewObject(cx, &js_FunctionClass, NULL, NULL);
2132 if (!obj)
2133 return JS_FALSE;
2134 *rval = OBJECT_TO_JSVAL(obj);
2135 } else {
2136 /*
2137 * The constructor is called before the private slot is initialized so
2138 * we must use getPrivate, not GET_FUNCTION_PRIVATE here.
2139 */
2140 if (obj->getPrivate())
2141 return JS_TRUE;
2142 }
2143
2144 /*
2145 * NB: (new Function) is not lexically closed by its caller, it's just an
2146 * anonymous function in the top-level scope that its constructor inhabits.
2147 * Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42,
2148 * and so would a call to f from another top-level's script or function.
2149 *
2150 * In older versions, before call objects, a new Function was adopted by
2151 * its running context's globalObject, which might be different from the
2152 * top-level reachable from scopeChain (in HTML frames, e.g.).
2153 */
2154 parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(argv[-2]));
2155
2156 fun = js_NewFunction(cx, obj, NULL, 0, JSFUN_LAMBDA | JSFUN_INTERPRETED,
2157 parent, cx->runtime->atomState.anonymousAtom);
2158
2159 if (!fun)
2160 return JS_FALSE;
2161
2162 /*
2163 * Function is static and not called directly by other functions in this
2164 * file, therefore it is callable only as a native function by js_Invoke.
2165 * Find the scripted caller, possibly skipping other native frames such as
2166 * are built for Function.prototype.call or .apply activations that invoke
2167 * Function indirectly from a script.
2168 */
2169 fp = js_GetTopStackFrame(cx);
2170 JS_ASSERT(!fp->script && fp->fun && fp->fun->u.n.native == Function);
2171 caller = js_GetScriptedCaller(cx, fp);
2172 if (caller) {
2173 principals = JS_EvalFramePrincipals(cx, fp, caller);
2174 filename = js_ComputeFilename(cx, caller, principals, &lineno);
2175 } else {
2176 filename = NULL;
2177 lineno = 0;
2178 principals = NULL;
2179 }
2180
2181 /* Belt-and-braces: check that the caller has access to parent. */
2182 if (!js_CheckPrincipalsAccess(cx, parent, principals,
2183 CLASS_ATOM(cx, Function))) {
2184 return JS_FALSE;
2185 }
2186
2187 n = argc ? argc - 1 : 0;
2188 if (n > 0) {
2189 enum { OK, BAD, BAD_FORMAL } state;
2190
2191 /*
2192 * Collect the function-argument arguments into one string, separated
2193 * by commas, then make a tokenstream from that string, and scan it to
2194 * get the arguments. We need to throw the full scanner at the
2195 * problem, because the argument string can legitimately contain
2196 * comments and linefeeds. XXX It might be better to concatenate
2197 * everything up into a function definition and pass it to the
2198 * compiler, but doing it this way is less of a delta from the old
2199 * code. See ECMA 15.3.2.1.
2200 */
2201 state = BAD_FORMAL;
2202 args_length = 0;
2203 for (i = 0; i < n; i++) {
2204 /* Collect the lengths for all the function-argument arguments. */
2205 arg = js_ValueToString(cx, argv[i]);
2206 if (!arg)
2207 return JS_FALSE;
2208 argv[i] = STRING_TO_JSVAL(arg);
2209
2210 /*
2211 * Check for overflow. The < test works because the maximum
2212 * JSString length fits in 2 fewer bits than size_t has.
2213 */
2214 old_args_length = args_length;
2215 args_length = old_args_length + arg->length();
2216 if (args_length < old_args_length) {
2217 js_ReportAllocationOverflow(cx);
2218 return JS_FALSE;
2219 }
2220 }
2221
2222 /* Add 1 for each joining comma and check for overflow (two ways). */
2223 old_args_length = args_length;
2224 args_length = old_args_length + n - 1;
2225 if (args_length < old_args_length ||
2226 args_length >= ~(size_t)0 / sizeof(jschar)) {
2227 js_ReportAllocationOverflow(cx);
2228 return JS_FALSE;
2229 }
2230
2231 /*
2232 * Allocate a string to hold the concatenated arguments, including room
2233 * for a terminating 0. Mark cx->tempPool for later release, to free
2234 * collected_args and its tokenstream in one swoop.
2235 */
2236 mark = JS_ARENA_MARK(&cx->tempPool);
2237 JS_ARENA_ALLOCATE_CAST(cp, jschar *, &cx->tempPool,
2238 (args_length+1) * sizeof(jschar));
2239 if (!cp) {
2240 js_ReportOutOfScriptQuota(cx);
2241 return JS_FALSE;
2242 }
2243 collected_args = cp;
2244
2245 /*
2246 * Concatenate the arguments into the new string, separated by commas.
2247 */
2248 for (i = 0; i < n; i++) {
2249 arg = JSVAL_TO_STRING(argv[i]);
2250 arg_length = arg->length();
2251 (void) js_strncpy(cp, arg->chars(), arg_length);
2252 cp += arg_length;
2253
2254 /* Add separating comma or terminating 0. */
2255 *cp++ = (i + 1 < n) ? ',' : 0;
2256 }
2257
2258 /* Initialize a tokenstream that reads from the given string. */
2259 if (!ts.init(cx, collected_args, args_length, NULL, filename, lineno)) {
2260 JS_ARENA_RELEASE(&cx->tempPool, mark);
2261 return JS_FALSE;
2262 }
2263
2264 /* The argument string may be empty or contain no tokens. */
2265 tt = js_GetToken(cx, &ts);
2266 if (tt != TOK_EOF) {
2267 for (;;) {
2268 /*
2269 * Check that it's a name. This also implicitly guards against
2270 * TOK_ERROR, which was already reported.
2271 */
2272 if (tt != TOK_NAME)
2273 goto after_args;
2274
2275 /*
2276 * Get the atom corresponding to the name from the token
2277 * stream; we're assured at this point that it's a valid
2278 * identifier.
2279 */
2280 atom = CURRENT_TOKEN(&ts).t_atom;
2281
2282 /* Check for a duplicate parameter name. */
2283 if (js_LookupLocal(cx, fun, atom, NULL) != JSLOCAL_NONE) {
2284 const char *name;
2285
2286 name = js_AtomToPrintableString(cx, atom);
2287 ok = name &&
2288 js_ReportCompileErrorNumber(cx, &ts, NULL,
2289 JSREPORT_WARNING |
2290 JSREPORT_STRICT,
2291 JSMSG_DUPLICATE_FORMAL,
2292 name);
2293 if (!ok)
2294 goto after_args;
2295 }
2296 if (!js_AddLocal(cx, fun, atom, JSLOCAL_ARG))
2297 goto after_args;
2298
2299 /*
2300 * Get the next token. Stop on end of stream. Otherwise
2301 * insist on a comma, get another name, and iterate.
2302 */
2303 tt = js_GetToken(cx, &ts);
2304 if (tt == TOK_EOF)
2305 break;
2306 if (tt != TOK_COMMA)
2307 goto after_args;
2308 tt = js_GetToken(cx, &ts);
2309 }
2310 }
2311
2312 state = OK;
2313 after_args:
2314 if (state == BAD_FORMAL && !(ts.flags & TSF_ERROR)) {
2315 /*
2316 * Report "malformed formal parameter" iff no illegal char or
2317 * similar scanner error was already reported.
2318 */
2319 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2320 JSMSG_BAD_FORMAL);
2321 }
2322 ts.close(cx);
2323 JS_ARENA_RELEASE(&cx->tempPool, mark);
2324 if (state != OK)
2325 return JS_FALSE;
2326 }
2327
2328 if (argc) {
2329 str = js_ValueToString(cx, argv[argc-1]);
2330 if (!str)
2331 return JS_FALSE;
2332 argv[argc-1] = STRING_TO_JSVAL(str);
2333 } else {
2334 str = cx->runtime->emptyString;
2335 }
2336
2337 return JSCompiler::compileFunctionBody(cx, fun, principals,
2338 str->chars(), str->length(),
2339 filename, lineno);
2340 }
2341
2342 JSObject *
2343 js_InitFunctionClass(JSContext *cx, JSObject *obj)
2344 {
2345 JSObject *proto;
2346 JSFunction *fun;
2347
2348 proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1,
2349 function_props, function_methods, NULL, NULL);
2350 if (!proto)
2351 return NULL;
2352 fun = js_NewFunction(cx, proto, NULL, 0, JSFUN_INTERPRETED, obj, NULL);
2353 if (!fun)
2354 return NULL;
2355 fun->u.i.script = js_NewScript(cx, 1, 1, 0, 0, 0, 0, 0);
2356 if (!fun->u.i.script)
2357 return NULL;
2358 fun->u.i.script->code[0] = JSOP_STOP;
2359 *fun->u.i.script->notes() = SRC_NULL;
2360 #ifdef CHECK_SCRIPT_OWNER
2361 fun->u.i.script->owner = NULL;
2362 #endif
2363 return proto;
2364 }
2365
2366 JSFunction *
2367 js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
2368 uintN flags, JSObject *parent, JSAtom *atom)
2369 {
2370 JSFunction *fun;
2371
2372 if (funobj) {
2373 JS_ASSERT(HAS_FUNCTION_CLASS(funobj));
2374 OBJ_SET_PARENT(cx, funobj, parent);
2375 } else {
2376 funobj = js_NewObject(cx, &js_FunctionClass, NULL, parent);
2377 if (!funobj)
2378 return NULL;
2379 }
2380 JS_ASSERT(!funobj->getPrivate());
2381 fun = (JSFunction *) funobj;
2382
2383 /* Initialize all function members. */
2384 fun->nargs = nargs;
2385 fun->flags = flags & (JSFUN_FLAGS_MASK | JSFUN_KINDMASK | JSFUN_TRCINFO);
2386 if ((flags & JSFUN_KINDMASK) >= JSFUN_INTERPRETED) {
2387 JS_ASSERT(!native);
2388 JS_ASSERT(nargs == 0);
2389 fun->u.i.nvars = 0;
2390 fun->u.i.nupvars = 0;
2391 fun->u.i.skipmin = 0;
2392 fun->u.i.wrapper = false;
2393 fun->u.i.script = NULL;
2394 #ifdef DEBUG
2395 fun->u.i.names.taggedAtom = 0;
2396 #endif
2397 } else {
2398 fun->u.n.extra = 0;
2399 fun->u.n.spare = 0;
2400 fun->u.n.clasp = NULL;
2401 if (flags & JSFUN_TRCINFO) {
2402 #ifdef JS_TRACER
2403 JSNativeTraceInfo *trcinfo =
2404 JS_FUNC_TO_DATA_PTR(JSNativeTraceInfo *, native);
2405 fun->u.n.native = (JSNative) trcinfo->native;
2406 fun->u.n.trcinfo = trcinfo;
2407 #else
2408 fun->u.n.trcinfo = NULL;
2409 #endif
2410 } else {
2411 fun->u.n.native = native;
2412 fun->u.n.trcinfo = NULL;
2413 }
2414 JS_ASSERT(fun->u.n.native);
2415 }
2416 fun->atom = atom;
2417
2418 /* Set private to self to indicate non-cloned fully initialized function. */
2419 FUN_OBJECT(fun)->setPrivate(fun);
2420 return fun;
2421 }
2422
2423 JSObject *
2424 js_CloneFunctionObject(JSContext *cx, JSFunction *fun, JSObject *parent)
2425 {
2426 /*
2427 * The cloned function object does not need the extra JSFunction members
2428 * beyond JSObject as it points to fun via the private slot.
2429 */
2430 JSObject *clone = js_NewObject(cx, &js_FunctionClass, NULL, parent, sizeof(JSObject));
2431 if (!clone)
2432 return NULL;
2433 clone->setPrivate(fun);
2434 return clone;
2435 }
2436
2437 /*
2438 * Create a new flat closure, but don't initialize the imported upvar
2439 * values. The tracer calls this function and then initializes the upvar
2440 * slots on trace.
2441 */
2442 JSObject * JS_FASTCALL
2443 js_AllocFlatClosure(JSContext *cx, JSFunction *fun, JSObject *scopeChain)
2444 {
2445 JS_ASSERT(FUN_FLAT_CLOSURE(fun));
2446 JS_ASSERT((fun->u.i.script->upvarsOffset
2447 ? fun->u.i.script->upvars()->length
2448 : 0) == fun->u.i.nupvars);
2449
2450 JSObject *closure = js_CloneFunctionObject(cx, fun, scopeChain);
2451 if (!closure)
2452 return closure;
2453
2454 uint32 nslots = fun->countInterpretedReservedSlots();
2455 if (!nslots)
2456 return closure;
2457 if (!js_EnsureReservedSlots(cx, closure, nslots))
2458 return NULL;
2459
2460 return closure;
2461 }
2462
2463 JS_DEFINE_CALLINFO_3(extern, OBJECT, js_AllocFlatClosure,
2464 CONTEXT, FUNCTION, OBJECT, 0, 0)
2465
2466 JSObject *
2467 js_NewFlatClosure(JSContext *cx, JSFunction *fun)
2468 {
2469 JSObject *closure = js_AllocFlatClosure(cx, fun, cx->fp->scopeChain);
2470 if (!closure || fun->u.i.nupvars == 0)
2471 return closure;
2472
2473 JSUpvarArray *uva = fun->u.i.script->upvars();
2474 JS_ASSERT(uva->length <= size_t(closure->dslots[-1]));
2475
2476 uintN level = fun->u.i.script->staticLevel;
2477 for (uint32 i = 0, n = uva->length; i < n; i++)
2478 closure->dslots[i] = js_GetUpvar(cx, level, uva->vector[i]);
2479
2480 return closure;
2481 }
2482
2483 JSObject *
2484 js_NewDebuggableFlatClosure(JSContext *cx, JSFunction *fun)
2485 {
2486 JS_ASSERT(cx->fp->fun->flags & JSFUN_HEAVYWEIGHT);
2487 JS_ASSERT(!cx->fp->fun->optimizedClosure());
2488
2489 return WrapEscapingClosure(cx, cx->fp, FUN_OBJECT(fun), fun);
2490 }
2491
2492 JSFunction *
2493 js_DefineFunction(JSContext *cx, JSObject *obj, JSAtom *atom, JSNative native,
2494 uintN nargs, uintN attrs)
2495 {
2496 JSPropertyOp gsop;
2497 JSFunction *fun;
2498
2499 if (attrs & JSFUN_STUB_GSOPS) {
2500 /*
2501 * JSFUN_STUB_GSOPS is a request flag only, not stored in fun->flags or
2502 * the defined property's attributes. This allows us to encode another,
2503 * internal flag using the same bit, JSFUN_EXPR_CLOSURE -- see jsfun.h
2504 * for more on this.
2505 */
2506 attrs &= ~JSFUN_STUB_GSOPS;
2507 gsop = JS_PropertyStub;
2508 } else {
2509 gsop = NULL;
2510 }
2511 fun = js_NewFunction(cx, NULL, native, nargs, attrs, obj, atom);
2512 if (!fun)
2513 return NULL;
2514 if (!obj->defineProperty(cx, ATOM_TO_JSID(atom), OBJECT_TO_JSVAL(FUN_OBJECT(fun)),
2515 gsop, gsop, attrs & ~JSFUN_FLAGS_MASK)) {
2516 return NULL;
2517 }
2518 return fun;
2519 }
2520
2521 #if (JSV2F_CONSTRUCT & JSV2F_SEARCH_STACK)
2522 # error "JSINVOKE_CONSTRUCT and JSV2F_SEARCH_STACK are not disjoint!"
2523 #endif
2524
2525 JSFunction *
2526 js_ValueToFunction(JSContext *cx, jsval *vp, uintN flags)
2527 {
2528 jsval v;
2529 JSObject *obj;
2530
2531 v = *vp;
2532 obj = NULL;
2533 if (JSVAL_IS_OBJECT(v)) {
2534 obj = JSVAL_TO_OBJECT(v);
2535 if (obj && OBJ_GET_CLASS(cx, obj) != &js_FunctionClass) {
2536 if (!obj->defaultValue(cx, JSTYPE_FUNCTION, &v))
2537 return NULL;
2538 obj = VALUE_IS_FUNCTION(cx, v) ? JSVAL_TO_OBJECT(v) : NULL;
2539 }
2540 }
2541 if (!obj) {
2542 js_ReportIsNotFunction(cx, vp, flags);
2543 return NULL;
2544 }
2545 return GET_FUNCTION_PRIVATE(cx, obj);
2546 }
2547
2548 JSObject *
2549 js_ValueToFunctionObject(JSContext *cx, jsval *vp, uintN flags)
2550 {
2551 JSFunction *fun;
2552 JSStackFrame *caller;
2553 JSPrincipals *principals;
2554
2555 if (VALUE_IS_FUNCTION(cx, *vp))
2556 return JSVAL_TO_OBJECT(*vp);
2557
2558 fun = js_ValueToFunction(cx, vp, flags);
2559 if (!fun)
2560 return NULL;
2561 *vp = OBJECT_TO_JSVAL(FUN_OBJECT(fun));
2562
2563 caller = js_GetScriptedCaller(cx, NULL);
2564 if (caller) {
2565 principals = JS_StackFramePrincipals(cx, caller);
2566 } else {
2567 /* No scripted caller, don't allow access. */
2568 principals = NULL;
2569 }
2570
2571 if (!js_CheckPrincipalsAccess(cx, FUN_OBJECT(fun), principals,
2572 fun->atom
2573 ? fun->atom
2574 : cx->runtime->atomState.anonymousAtom)) {
2575 return NULL;
2576 }
2577 return FUN_OBJECT(fun);
2578 }
2579
2580 JSObject *
2581 js_ValueToCallableObject(JSContext *cx, jsval *vp, uintN flags)
2582 {
2583 JSObject *callable = JSVAL_IS_OBJECT(*vp) ? JSVAL_TO_OBJECT(*vp) : NULL;
2584
2585 if (callable && js_IsCallable(callable, cx)) {
2586 *vp = OBJECT_TO_JSVAL(callable);
2587 return callable;
2588 }
2589 return js_ValueToFunctionObject(cx, vp, flags);
2590 }
2591
2592 void
2593 js_ReportIsNotFunction(JSContext *cx, jsval *vp, uintN flags)
2594 {
2595 JSStackFrame *fp;
2596 uintN error;
2597 const char *name, *source;
2598 JSTempValueRooter tvr;
2599
2600 for (fp = js_GetTopStackFrame(cx); fp && !fp->regs; fp = fp->down)
2601 continue;
2602 name = source = NULL;
2603 JS_PUSH_TEMP_ROOT_STRING(cx, NULL, &tvr);
2604 if (flags & JSV2F_ITERATOR) {
2605 error = JSMSG_BAD_ITERATOR;
2606 name = js_iterator_str;
2607 JSString *src = js_ValueToSource(cx, *vp);
2608 if (!src)
2609 goto out;
2610 tvr.u.value = STRING_TO_JSVAL(src);
2611 JSString *qsrc = js_QuoteString(cx, src, 0);
2612 if (!qsrc)
2613 goto out;
2614 tvr.u.value = STRING_TO_JSVAL(qsrc);
2615 source = js_GetStringBytes(cx, qsrc);
2616 if (!source)
2617 goto out;
2618 } else if (flags & JSV2F_CONSTRUCT) {
2619 error = JSMSG_NOT_CONSTRUCTOR;
2620 } else {
2621 error = JSMSG_NOT_FUNCTION;
2622 }
2623
2624 js_ReportValueError3(cx, error,
2625 (fp && fp->regs &&
2626 StackBase(fp) <= vp && vp < fp->regs->sp)
2627 ? vp - fp->regs->sp
2628 : (flags & JSV2F_SEARCH_STACK)
2629 ? JSDVG_SEARCH_STACK
2630 : JSDVG_IGNORE_STACK,
2631 *vp, NULL,
2632 name, source);
2633
2634 out:
2635 JS_POP_TEMP_ROOT(cx, &tvr);
2636 }
2637
2638 /*
2639 * When a function has between 2 and MAX_ARRAY_LOCALS arguments and variables,
2640 * their name are stored as the JSLocalNames.array.
2641 */
2642 #define MAX_ARRAY_LOCALS 8
2643
2644 JS_STATIC_ASSERT(2 <= MAX_ARRAY_LOCALS);
2645 JS_STATIC_ASSERT(MAX_ARRAY_LOCALS < JS_BITMASK(16));
2646
2647 /*
2648 * We use the lowest bit of the string atom to distinguish const from var
2649 * name when there is only single name or when names are stored as an array.
2650 */
2651 JS_STATIC_ASSERT((JSVAL_STRING & 1) == 0);
2652
2653 /*
2654 * When we use a hash table to store the local names, we use a singly linked
2655 * list to record the indexes of duplicated parameter names to preserve the
2656 * duplicates for the decompiler.
2657 */
2658 typedef struct JSNameIndexPair JSNameIndexPair;
2659
2660 struct JSNameIndexPair {
2661 JSAtom *name;
2662 uint16 index;
2663 JSNameIndexPair *link;
2664 };
2665
2666 struct JSLocalNameMap {
2667 JSDHashTable names;
2668 JSNameIndexPair *lastdup;
2669 };
2670
2671 typedef struct JSLocalNameHashEntry {
2672 JSDHashEntryHdr hdr;
2673 JSAtom *name;
2674 uint16 index;
2675 uint8 localKind;
2676 } JSLocalNameHashEntry;
2677
2678 static void
2679 FreeLocalNameHash(JSContext *cx, JSLocalNameMap *map)
2680 {
2681 JSNameIndexPair *dup, *next;
2682
2683 for (dup = map->lastdup; dup; dup = next) {
2684 next = dup->link;
2685 cx->free(dup);
2686 }
2687 JS_DHashTableFinish(&map->names);
2688 cx->free(map);
2689 }
2690
2691 static JSBool
2692 HashLocalName(JSContext *cx, JSLocalNameMap *map, JSAtom *name,
2693 JSLocalKind localKind, uintN index)
2694 {
2695 JSLocalNameHashEntry *entry;
2696 JSNameIndexPair *dup;
2697
2698 JS_ASSERT(index <= JS_BITMASK(16));
2699 #if JS_HAS_DESTRUCTURING
2700 if (!name) {
2701 /* A destructuring pattern does not need a hash entry. */
2702 JS_ASSERT(localKind == JSLOCAL_ARG);
2703 return JS_TRUE;
2704 }
2705 #endif
2706 JS_ASSERT(ATOM_IS_STRING(name));
2707 entry = (JSLocalNameHashEntry *)
2708 JS_DHashTableOperate(&map->names, name, JS_DHASH_ADD);
2709 if (!entry) {
2710 JS_ReportOutOfMemory(cx);
2711 return JS_FALSE;
2712 }
2713 if (entry->name) {
2714 JS_ASSERT(entry->name == name);
2715 JS_ASSERT(entry->localKind == JSLOCAL_ARG && localKind == JSLOCAL_ARG);
2716 dup = (JSNameIndexPair *) cx->malloc(sizeof *dup);
2717 if (!dup)
2718 return JS_FALSE;
2719 dup->name = entry->name;
2720 dup->index = entry->index;
2721 dup->link = map->lastdup;
2722 map->lastdup = dup;
2723 }
2724 entry->name = name;
2725 entry->index = (uint16) index;
2726 entry->localKind = (uint8) localKind;
2727 return JS_TRUE;
2728 }
2729
2730 JSBool
2731 js_AddLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, JSLocalKind kind)
2732 {
2733 jsuword taggedAtom;
2734 uint16 *indexp;
2735 uintN n, i;
2736 jsuword *array;
2737 JSLocalNameMap *map;
2738
2739 JS_ASSERT(FUN_INTERPRETED(fun));
2740 JS_ASSERT(!fun->u.i.script);
2741 JS_ASSERT(((jsuword) atom & 1) == 0);
2742 taggedAtom = (jsuword) atom;
2743 if (kind == JSLOCAL_ARG) {
2744 indexp = &fun->nargs;
2745 } else if (kind == JSLOCAL_UPVAR) {
2746 indexp = &fun->u.i.nupvars;
2747 } else {
2748 indexp = &fun->u.i.nvars;
2749 if (kind == JSLOCAL_CONST)
2750 taggedAtom |= 1;
2751 else
2752 JS_ASSERT(kind == JSLOCAL_VAR);
2753 }
2754 n = fun->countLocalNames();
2755 if (n == 0) {
2756 JS_ASSERT(fun->u.i.names.taggedAtom == 0);
2757 fun->u.i.names.taggedAtom = taggedAtom;
2758 } else if (n < MAX_ARRAY_LOCALS) {
2759 if (n > 1) {
2760 array = fun->u.i.names.array;
2761 } else {
2762 array = (jsuword *) cx->malloc(MAX_ARRAY_LOCALS * sizeof *array);
2763 if (!array)
2764 return JS_FALSE;
2765 array[0] = fun->u.i.names.taggedAtom;
2766 fun->u.i.names.array = array;
2767 }
2768 if (kind == JSLOCAL_ARG) {
2769 /*
2770 * A destructuring argument pattern adds variables, not arguments,
2771 * so for the following arguments nvars != 0.
2772 */
2773 #if JS_HAS_DESTRUCTURING
2774 if (fun->u.i.nvars != 0) {
2775 memmove(array + fun->nargs + 1, array + fun->nargs,
2776 fun->u.i.nvars * sizeof *array);
2777 }
2778 #else
2779 JS_ASSERT(fun->u.i.nvars == 0);
2780 #endif
2781 array[fun->nargs] = taggedAtom;
2782 } else {
2783 array[n] = taggedAtom;
2784 }
2785 } else if (n == MAX_ARRAY_LOCALS) {
2786 array = fun->u.i.names.array;
2787 map = (JSLocalNameMap *) cx->malloc(sizeof *map);
2788 if (!map)
2789 return JS_FALSE;
2790 if (!JS_DHashTableInit(&map->names, JS_DHashGetStubOps(),
2791 NULL, sizeof(JSLocalNameHashEntry),
2792 JS_DHASH_DEFAULT_CAPACITY(MAX_ARRAY_LOCALS
2793 * 2))) {
2794 JS_ReportOutOfMemory(cx);
2795 cx->free(map);
2796 return JS_FALSE;
2797 }
2798
2799 map->lastdup = NULL;
2800 for (i = 0; i != MAX_ARRAY_LOCALS; ++i) {
2801 taggedAtom = array[i];
2802 uintN j = i;
2803 JSLocalKind k = JSLOCAL_ARG;
2804 if (j >= fun->nargs) {
2805 j -= fun->nargs;
2806 if (j < fun->u.i.nvars) {
2807 k = (taggedAtom & 1) ? JSLOCAL_CONST : JSLOCAL_VAR;
2808 } else {
2809 j -= fun->u.i.nvars;
2810 k = JSLOCAL_UPVAR;
2811 }
2812 }
2813 if (!HashLocalName(cx, map, (JSAtom *) (taggedAtom & ~1), k, j)) {
2814 FreeLocalNameHash(cx, map);
2815 return JS_FALSE;
2816 }
2817 }
2818 if (!HashLocalName(cx, map, atom, kind, *indexp)) {
2819 FreeLocalNameHash(cx, map);
2820 return JS_FALSE;
2821 }
2822
2823 /*
2824 * At this point the entry is added and we cannot fail. It is time
2825 * to replace fun->u.i.names with the built map.
2826 */
2827 fun->u.i.names.map = map;
2828 cx->free(array);
2829 } else {
2830 if (*indexp == JS_BITMASK(16)) {
2831 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2832 (kind == JSLOCAL_ARG)
2833 ? JSMSG_TOO_MANY_FUN_ARGS
2834 : JSMSG_TOO_MANY_LOCALS);
2835 return JS_FALSE;
2836 }
2837 if (!HashLocalName(cx, fun->u.i.names.map, atom, kind, *indexp))
2838 return JS_FALSE;
2839 }
2840
2841 /* Update the argument or variable counter. */
2842 ++*indexp;
2843 return JS_TRUE;
2844 }
2845
2846 JSLocalKind
2847 js_LookupLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, uintN *indexp)
2848 {
2849 uintN n, i, upvar_base;
2850 jsuword *array;
2851 JSLocalNameHashEntry *entry;
2852
2853 JS_ASSERT(FUN_INTERPRETED(fun));
2854 n = fun->countLocalNames();
2855 if (n == 0)
2856 return JSLOCAL_NONE;
2857 if (n <= MAX_ARRAY_LOCALS) {
2858 array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2859
2860 /* Search from the tail to pick up the last duplicated name. */
2861 i = n;
2862 upvar_base = fun->countArgsAndVars();
2863 do {
2864 --i;
2865 if (atom == JS_LOCAL_NAME_TO_ATOM(array[i])) {
2866 if (i < fun->nargs) {
2867 if (indexp)
2868 *indexp = i;
2869 return JSLOCAL_ARG;
2870 }
2871 if (i >= upvar_base) {
2872 if (indexp)
2873 *indexp = i - upvar_base;
2874 return JSLOCAL_UPVAR;
2875 }
2876 if (indexp)
2877 *indexp = i - fun->nargs;
2878 return JS_LOCAL_NAME_IS_CONST(array[i])
2879 ? JSLOCAL_CONST
2880 : JSLOCAL_VAR;
2881 }
2882 } while (i != 0);
2883 } else {
2884 entry = (JSLocalNameHashEntry *)
2885 JS_DHashTableOperate(&fun->u.i.names.map->names, atom,
2886 JS_DHASH_LOOKUP);
2887 if (JS_DHASH_ENTRY_IS_BUSY(&entry->hdr)) {
2888 JS_ASSERT(entry->localKind != JSLOCAL_NONE);
2889 if (indexp)
2890 *indexp = entry->index;
2891 return (JSLocalKind) entry->localKind;
2892 }
2893 }
2894 return JSLOCAL_NONE;
2895 }
2896
2897 typedef struct JSLocalNameEnumeratorArgs {
2898 JSFunction *fun;
2899 jsuword *names;
2900 #ifdef DEBUG
2901 uintN nCopiedArgs;
2902 uintN nCopiedVars;
2903 #endif
2904 } JSLocalNameEnumeratorArgs;
2905
2906 static JSDHashOperator
2907 get_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2908 uint32 number, void *arg)
2909 {
2910 JSLocalNameHashEntry *entry;
2911 JSLocalNameEnumeratorArgs *args;
2912 uint i;
2913 jsuword constFlag;
2914
2915 entry = (JSLocalNameHashEntry *) hdr;
2916 args = (JSLocalNameEnumeratorArgs *) arg;
2917 JS_ASSERT(entry->name);
2918 if (entry->localKind == JSLOCAL_ARG) {
2919 JS_ASSERT(entry->index < args->fun->nargs);
2920 JS_ASSERT(args->nCopiedArgs++ < args->fun->nargs);
2921 i = entry->index;
2922 constFlag = 0;
2923 } else {
2924 JS_ASSERT(entry->localKind == JSLOCAL_VAR ||
2925 entry->localKind == JSLOCAL_CONST ||
2926 entry->localKind == JSLOCAL_UPVAR);
2927 JS_ASSERT(entry->index < args->fun->u.i.nvars + args->fun->u.i.nupvars);
2928 JS_ASSERT(args->nCopiedVars++ < args->fun->u.i.nvars + args->fun->u.i.nupvars);
2929 i = args->fun->nargs;
2930 if (entry->localKind == JSLOCAL_UPVAR)
2931 i += args->fun->u.i.nvars;
2932 i += entry->index;
2933 constFlag = (entry->localKind == JSLOCAL_CONST);
2934 }
2935 args->names[i] = (jsuword) entry->name | constFlag;
2936 return JS_DHASH_NEXT;
2937 }
2938
2939 JS_FRIEND_API(jsuword *)
2940 js_GetLocalNameArray(JSContext *cx, JSFunction *fun, JSArenaPool *pool)
2941 {
2942 uintN n;
2943 jsuword *names;
2944 JSLocalNameMap *map;
2945 JSLocalNameEnumeratorArgs args;
2946 JSNameIndexPair *dup;
2947
2948 JS_ASSERT(fun->hasLocalNames());
2949 n = fun->countLocalNames();
2950
2951 if (n <= MAX_ARRAY_LOCALS)
2952 return (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2953
2954 /*
2955 * No need to check for overflow of the allocation size as we are making a
2956 * copy of already allocated data. As such it must fit size_t.
2957 */
2958 JS_ARENA_ALLOCATE_CAST(names, jsuword *, pool, (size_t) n * sizeof *names);
2959 if (!names) {
2960 js_ReportOutOfScriptQuota(cx);
2961 return NULL;
2962 }
2963
2964 #if JS_HAS_DESTRUCTURING
2965 /* Some parameter names can be NULL due to destructuring patterns. */
2966 memset(names, 0, fun->nargs * sizeof *names);
2967 #endif
2968 map = fun->u.i.names.map;
2969 args.fun = fun;
2970 args.names = names;
2971 #ifdef DEBUG
2972 args.nCopiedArgs = 0;
2973 args.nCopiedVars = 0;
2974 #endif
2975 JS_DHashTableEnumerate(&map->names, get_local_names_enumerator, &args);
2976 for (dup = map->lastdup; dup; dup = dup->link) {
2977 JS_ASSERT(dup->index < fun->nargs);
2978 JS_ASSERT(args.nCopiedArgs++ < fun->nargs);
2979 names[dup->index] = (jsuword) dup->name;
2980 }
2981 #if !JS_HAS_DESTRUCTURING
2982 JS_ASSERT(args.nCopiedArgs == fun->nargs);
2983 #endif
2984 JS_ASSERT(args.nCopiedVars == fun->u.i.nvars + fun->u.i.nupvars);
2985
2986 return names;
2987 }
2988
2989 static JSDHashOperator
2990 trace_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2991 uint32 number, void *arg)
2992 {
2993 JSLocalNameHashEntry *entry;
2994 JSTracer *trc;
2995
2996 entry = (JSLocalNameHashEntry *) hdr;
2997 JS_ASSERT(entry->name);
2998 trc = (JSTracer *) arg;
2999 JS_SET_TRACING_INDEX(trc,
3000 entry->localKind == JSLOCAL_ARG ? "arg" : "var",
3001 entry->index);
3002 JS_CallTracer(trc, ATOM_TO_STRING(entry->name), JSTRACE_STRING);
3003 return JS_DHASH_NEXT;
3004 }
3005
3006 static void
3007 TraceLocalNames(JSTracer *trc, JSFunction *fun)
3008 {
3009 uintN n, i;
3010 JSAtom *atom;
3011 jsuword *array;
3012
3013 JS_ASSERT(FUN_INTERPRETED(fun));
3014 n = fun->countLocalNames();
3015 if (n == 0)
3016 return;
3017 if (n <= MAX_ARRAY_LOCALS) {
3018 array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
3019 i = n;
3020 do {
3021 --i;
3022 atom = (JSAtom *) (array[i] & ~1);
3023 if (atom) {
3024 JS_SET_TRACING_INDEX(trc,
3025 i < fun->nargs ? "arg" : "var",
3026 i < fun->nargs ? i : i - fun->nargs);
3027 JS_CallTracer(trc, ATOM_TO_STRING(atom), JSTRACE_STRING);
3028 }
3029 } while (i != 0);
3030 } else {
3031 JS_DHashTableEnumerate(&fun->u.i.names.map->names,
3032 trace_local_names_enumerator, trc);
3033
3034 /*
3035 * No need to trace the list of duplicates in map->lastdup as the
3036 * names there are traced when enumerating the hash table.
3037 */
3038 }
3039 }
3040
3041 void
3042 DestroyLocalNames(JSContext *cx, JSFunction *fun)
3043 {
3044 uintN n;
3045
3046 n = fun->countLocalNames();
3047 if (n <= 1)
3048 return;
3049 if (n <= MAX_ARRAY_LOCALS)
3050 cx->free(fun->u.i.names.array);
3051 else
3052 FreeLocalNameHash(cx, fun->u.i.names.map);
3053 }
3054
3055 void
3056 js_FreezeLocalNames(JSContext *cx, JSFunction *fun)
3057 {
3058 uintN n;
3059 jsuword *array;
3060
3061 JS_ASSERT(FUN_INTERPRETED(fun));
3062 JS_ASSERT(!fun->u.i.script);
3063 n = fun->nargs + fun->u.i.nvars + fun->u.i.nupvars;
3064 if (2 <= n && n < MAX_ARRAY_LOCALS) {
3065 /* Shrink over-allocated array ignoring realloc failures. */
3066 array = (jsuword *) cx->realloc(fun->u.i.names.array,
3067 n * sizeof *array);
3068 if (array)
3069 fun->u.i.names.array = array;
3070 }
3071 #ifdef DEBUG
3072 if (n > MAX_ARRAY_LOCALS)
3073 JS_DHashMarkTableImmutable(&fun->u.i.names.map->names);
3074 #endif
3075 }

  ViewVC Help
Powered by ViewVC 1.1.24