/[jscoverage]/trunk/js/jsfun.cpp
ViewVC logotype

Annotation of /trunk/js/jsfun.cpp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 507 - (hide annotations)
Sun Jan 10 07:23:34 2010 UTC (9 years, 8 months ago) by siliconforks
File size: 98403 byte(s)
Update SpiderMonkey from Firefox 3.6rc1.

1 siliconforks 507 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 siliconforks 332 * vim: set ts=8 sw=4 et tw=99:
3     *
4     * ***** BEGIN LICENSE BLOCK *****
5     * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6     *
7     * The contents of this file are subject to the Mozilla Public License Version
8     * 1.1 (the "License"); you may not use this file except in compliance with
9     * the License. You may obtain a copy of the License at
10     * http://www.mozilla.org/MPL/
11     *
12     * Software distributed under the License is distributed on an "AS IS" basis,
13     * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14     * for the specific language governing rights and limitations under the
15     * License.
16     *
17     * The Original Code is Mozilla Communicator client code, released
18     * March 31, 1998.
19     *
20     * The Initial Developer of the Original Code is
21     * Netscape Communications Corporation.
22     * Portions created by the Initial Developer are Copyright (C) 1998
23     * the Initial Developer. All Rights Reserved.
24     *
25     * Contributor(s):
26     *
27     * Alternatively, the contents of this file may be used under the terms of
28     * either of the GNU General Public License Version 2 or later (the "GPL"),
29     * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30     * in which case the provisions of the GPL or the LGPL are applicable instead
31     * of those above. If you wish to allow use of your version of this file only
32     * under the terms of either the GPL or the LGPL, and not to allow others to
33     * use your version of this file under the terms of the MPL, indicate your
34     * decision by deleting the provisions above and replace them with the notice
35     * and other provisions required by the GPL or the LGPL. If you do not delete
36     * the provisions above, a recipient may use your version of this file under
37     * the terms of any one of the MPL, the GPL or the LGPL.
38     *
39     * ***** END LICENSE BLOCK ***** */
40    
41     /*
42     * JS function support.
43     */
44     #include <string.h>
45     #include "jstypes.h"
46 siliconforks 507 #include "jsstdint.h"
47 siliconforks 332 #include "jsbit.h"
48     #include "jsutil.h" /* Added by JSIFY */
49     #include "jsapi.h"
50     #include "jsarray.h"
51     #include "jsatom.h"
52 siliconforks 507 #include "jsbool.h"
53 siliconforks 399 #include "jsbuiltins.h"
54 siliconforks 332 #include "jscntxt.h"
55     #include "jsversion.h"
56     #include "jsdbgapi.h"
57 siliconforks 399 #include "jsemit.h"
58 siliconforks 332 #include "jsfun.h"
59     #include "jsgc.h"
60     #include "jsinterp.h"
61     #include "jslock.h"
62     #include "jsnum.h"
63     #include "jsobj.h"
64     #include "jsopcode.h"
65     #include "jsparse.h"
66     #include "jsscan.h"
67     #include "jsscope.h"
68     #include "jsscript.h"
69     #include "jsstr.h"
70     #include "jsexn.h"
71     #include "jsstaticcheck.h"
72 siliconforks 507 #include "jstracer.h"
73 siliconforks 332
74     #if JS_HAS_GENERATORS
75     # include "jsiter.h"
76     #endif
77    
78     #if JS_HAS_XDR
79     # include "jsxdrapi.h"
80     #endif
81    
82 siliconforks 507 #include "jsatominlines.h"
83 siliconforks 332
84 siliconforks 507 static inline void
85     SetOverriddenArgsLength(JSObject *obj)
86     {
87     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
88 siliconforks 332
89 siliconforks 507 jsval v = obj->fslots[JSSLOT_ARGS_LENGTH];
90     v = INT_TO_JSVAL(JSVAL_TO_INT(v) | 1);
91     JS_ASSERT(JSVAL_IS_INT(v));
92     obj->fslots[JSSLOT_ARGS_LENGTH] = v;
93     }
94 siliconforks 332
95 siliconforks 507 static inline void
96     InitArgsLengthSlot(JSObject *obj, uint32 argc)
97     {
98     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
99     JS_ASSERT(argc <= JS_ARGS_LENGTH_MAX);
100     JS_ASSERT(obj->fslots[JSSLOT_ARGS_LENGTH] == JSVAL_VOID);
101     obj->fslots[JSSLOT_ARGS_LENGTH] = INT_TO_JSVAL(argc << 1);
102     JS_ASSERT(!js_IsOverriddenArgsLength(obj));
103     }
104 siliconforks 332
105 siliconforks 507 static inline uint32
106     GetArgsLength(JSObject *obj)
107     {
108     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
109    
110     uint32 argc = uint32(JSVAL_TO_INT(obj->fslots[JSSLOT_ARGS_LENGTH])) >> 1;
111     JS_ASSERT(argc <= JS_ARGS_LENGTH_MAX);
112     return argc;
113     }
114    
115     static inline void
116     SetArgsPrivateNative(JSObject *argsobj, js_ArgsPrivateNative *apn)
117     {
118     JS_ASSERT(STOBJ_GET_CLASS(argsobj) == &js_ArgumentsClass);
119     uintptr_t p = (uintptr_t) apn;
120     argsobj->setPrivate((void*) (p | 2));
121     }
122    
123 siliconforks 332 JSBool
124     js_GetArgsValue(JSContext *cx, JSStackFrame *fp, jsval *vp)
125     {
126     JSObject *argsobj;
127    
128 siliconforks 507 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
129 siliconforks 332 JS_ASSERT(fp->callobj);
130 siliconforks 507 jsid id = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
131     return fp->callobj->getProperty(cx, id, vp);
132 siliconforks 332 }
133     argsobj = js_GetArgsObject(cx, fp);
134     if (!argsobj)
135     return JS_FALSE;
136     *vp = OBJECT_TO_JSVAL(argsobj);
137     return JS_TRUE;
138     }
139    
140     JSBool
141     js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp)
142     {
143 siliconforks 507 if (fp->flags & JSFRAME_OVERRIDE_ARGS) {
144     JS_ASSERT(fp->callobj);
145 siliconforks 332
146 siliconforks 507 jsid argumentsid = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
147     jsval v;
148     if (!fp->callobj->getProperty(cx, argumentsid, &v))
149     return false;
150    
151     JSObject *obj;
152     if (JSVAL_IS_PRIMITIVE(v)) {
153     obj = js_ValueToNonNullObject(cx, v);
154 siliconforks 332 if (!obj)
155 siliconforks 507 return false;
156 siliconforks 332 } else {
157 siliconforks 507 obj = JSVAL_TO_OBJECT(v);
158 siliconforks 332 }
159 siliconforks 507 return obj->getProperty(cx, id, vp);
160 siliconforks 332 }
161    
162     *vp = JSVAL_VOID;
163     if (JSID_IS_INT(id)) {
164 siliconforks 507 uint32 arg = uint32(JSID_TO_INT(id));
165     JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
166     if (arg < fp->argc) {
167     if (argsobj) {
168     jsval v = OBJ_GET_SLOT(cx, argsobj, JSSLOT_ARGS_COPY_START+arg);
169     if (v == JSVAL_HOLE)
170     return argsobj->getProperty(cx, id, vp);
171     }
172     *vp = fp->argv[arg];
173 siliconforks 332 } else {
174     /*
175     * Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share
176     * storage between the formal parameter and arguments[k] for all
177     * fp->argc <= k && k < fp->fun->nargs. For example, in
178     *
179     * function f(x) { x = 42; return arguments[0]; }
180     * f();
181     *
182     * the call to f should return undefined, not 42. If fp->argsobj
183     * is null at this point, as it would be in the example, return
184     * undefined in *vp.
185     */
186 siliconforks 507 if (argsobj)
187     return argsobj->getProperty(cx, id, vp);
188 siliconforks 332 }
189 siliconforks 507 } else if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
190     JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
191     if (argsobj && js_IsOverriddenArgsLength(argsobj))
192     return argsobj->getProperty(cx, id, vp);
193     *vp = INT_TO_JSVAL(jsint(fp->argc));
194 siliconforks 332 }
195 siliconforks 507 return true;
196 siliconforks 332 }
197    
198 siliconforks 507 static JSObject *
199     NewArguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee)
200     {
201     JSObject *argsobj = js_NewObject(cx, &js_ArgumentsClass, NULL, parent, 0);
202     if (!argsobj || !js_EnsureReservedSlots(cx, argsobj, argc))
203     return NULL;
204    
205     argsobj->fslots[JSSLOT_ARGS_CALLEE] = OBJECT_TO_JSVAL(callee);
206     InitArgsLengthSlot(argsobj, argc);
207     return argsobj;
208     }
209    
210     static void
211     PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
212     {
213     uint32 argc = GetArgsLength(argsobj);
214     JS_LOCK_OBJ(cx, argsobj);
215     for (uint32 i = 0; i != argc; ++i) {
216     jsval v = STOBJ_GET_SLOT(argsobj, JSSLOT_ARGS_COPY_START + i);
217     if (v != JSVAL_HOLE)
218     STOBJ_SET_SLOT(argsobj, JSSLOT_ARGS_COPY_START + i, args[i]);
219     }
220     JS_UNLOCK_OBJ(cx, argsobj);
221     }
222    
223     #ifdef OJI
224     JS_BEGIN_EXTERN_C
225     JS_EXPORT_API(JSObject *)
226     #else
227 siliconforks 332 JSObject *
228 siliconforks 507 #endif
229 siliconforks 332 js_GetArgsObject(JSContext *cx, JSStackFrame *fp)
230     {
231     /*
232     * We must be in a function activation; the function must be lightweight
233     * or else fp must have a variable object.
234     */
235     JS_ASSERT(fp->fun && (!(fp->fun->flags & JSFUN_HEAVYWEIGHT) || fp->varobj));
236    
237     /* Skip eval and debugger frames. */
238     while (fp->flags & JSFRAME_SPECIAL)
239     fp = fp->down;
240    
241     /* Create an arguments object for fp only if it lacks one. */
242 siliconforks 507 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
243 siliconforks 332 if (argsobj)
244     return argsobj;
245    
246     /*
247     * Give arguments an intrinsic scope chain link to fp's global object.
248     * Since the arguments object lacks a prototype because js_ArgumentsClass
249     * is not initialized, js_NewObject won't assign a default parent to it.
250     *
251     * Therefore if arguments is used as the head of an eval scope chain (via
252     * a direct or indirect call to eval(program, arguments)), any reference
253     * to a standard class object in the program will fail to resolve due to
254     * js_GetClassPrototype not being able to find a global object containing
255     * the standard prototype by starting from arguments and following parent.
256     */
257 siliconforks 507 JSObject *parent, *global = fp->scopeChain;
258 siliconforks 332 while ((parent = OBJ_GET_PARENT(cx, global)) != NULL)
259     global = parent;
260 siliconforks 507
261     JS_ASSERT(fp->argv);
262     argsobj = NewArguments(cx, global, fp->argc, JSVAL_TO_OBJECT(fp->argv[-2]));
263     if (!argsobj)
264     return argsobj;
265    
266     /* Link the new object to fp so it can get actual argument values. */
267     argsobj->setPrivate(fp);
268     fp->argsobj = OBJECT_TO_JSVAL(argsobj);
269 siliconforks 332 return argsobj;
270     }
271    
272 siliconforks 507 #ifdef OJI
273     JS_EXPORT_API(void)
274     #else
275     void
276     #endif
277 siliconforks 332 js_PutArgsObject(JSContext *cx, JSStackFrame *fp)
278     {
279 siliconforks 507 JSObject *argsobj = JSVAL_TO_OBJECT(fp->argsobj);
280     JS_ASSERT(argsobj->getPrivate() == fp);
281     PutArguments(cx, argsobj, fp->argv);
282     argsobj->setPrivate(NULL);
283     fp->argsobj = JSVAL_NULL;
284     }
285     #ifdef OJI
286     JS_END_EXTERN_C
287     #endif
288 siliconforks 332
289 siliconforks 507 /*
290     * Traced versions of js_GetArgsObject and js_PutArgsObject.
291     */
292 siliconforks 332
293 siliconforks 507 #ifdef JS_TRACER
294     JSObject * JS_FASTCALL
295     js_Arguments(JSContext *cx, JSObject *parent, uint32 argc, JSObject *callee,
296     double *argv, js_ArgsPrivateNative *apn)
297     {
298     JSObject *argsobj = NewArguments(cx, parent, argc, callee);
299     if (!argsobj)
300     return NULL;
301     apn->argv = argv;
302     SetArgsPrivateNative(argsobj, apn);
303     return argsobj;
304     }
305     #endif
306 siliconforks 332
307 siliconforks 507 JS_DEFINE_CALLINFO_6(extern, OBJECT, js_Arguments, CONTEXT, OBJECT, UINT32, OBJECT,
308     DOUBLEPTR, APNPTR, 0, 0)
309 siliconforks 332
310 siliconforks 507 /* FIXME change the return type to void. */
311     JSBool JS_FASTCALL
312     js_PutArguments(JSContext *cx, JSObject *argsobj, jsval *args)
313     {
314     JS_ASSERT(js_GetArgsPrivateNative(argsobj));
315     PutArguments(cx, argsobj, args);
316     argsobj->setPrivate(NULL);
317     return true;
318 siliconforks 332 }
319    
320 siliconforks 507 JS_DEFINE_CALLINFO_3(extern, BOOL, js_PutArguments, CONTEXT, OBJECT, JSVALPTR, 0, 0)
321    
322 siliconforks 332 static JSBool
323 siliconforks 507 args_delProperty(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
324 siliconforks 332 {
325 siliconforks 507 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
326 siliconforks 332
327 siliconforks 507 if (JSVAL_IS_INT(idval)) {
328     uintN arg = uintN(JSVAL_TO_INT(idval));
329     if (arg < GetArgsLength(obj))
330     OBJ_SET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg, JSVAL_HOLE);
331     } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
332     SetOverriddenArgsLength(obj);
333     } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
334     obj->fslots[JSSLOT_ARGS_CALLEE] = JSVAL_HOLE;
335 siliconforks 332 }
336 siliconforks 507 return true;
337 siliconforks 332 }
338    
339 siliconforks 460 static JS_REQUIRES_STACK JSObject *
340     WrapEscapingClosure(JSContext *cx, JSStackFrame *fp, JSObject *funobj, JSFunction *fun)
341     {
342     JS_ASSERT(GET_FUNCTION_PRIVATE(cx, funobj) == fun);
343     JS_ASSERT(fun->optimizedClosure());
344     JS_ASSERT(!fun->u.i.wrapper);
345    
346     /*
347     * We do not attempt to reify Call and Block objects on demand for outer
348     * scopes. This could be done (see the "v8" patch in bug 494235) but it is
349     * fragile in the face of ongoing compile-time optimization. Instead, the
350     * _DBG* opcodes used by wrappers created here must cope with unresolved
351     * upvars and throw them as reference errors. Caveat debuggers!
352     */
353     JSObject *scopeChain = js_GetScopeChain(cx, fp);
354     if (!scopeChain)
355     return NULL;
356    
357     JSObject *wfunobj = js_NewObjectWithGivenProto(cx, &js_FunctionClass,
358 siliconforks 507 funobj, scopeChain);
359 siliconforks 460 if (!wfunobj)
360     return NULL;
361     JSAutoTempValueRooter tvr(cx, wfunobj);
362    
363     JSFunction *wfun = (JSFunction *) wfunobj;
364 siliconforks 507 wfunobj->setPrivate(wfun);
365 siliconforks 460 wfun->nargs = 0;
366     wfun->flags = fun->flags | JSFUN_HEAVYWEIGHT;
367     wfun->u.i.nvars = 0;
368     wfun->u.i.nupvars = 0;
369     wfun->u.i.skipmin = fun->u.i.skipmin;
370     wfun->u.i.wrapper = true;
371     wfun->u.i.script = NULL;
372     wfun->u.i.names.taggedAtom = NULL;
373     wfun->atom = fun->atom;
374    
375     if (fun->hasLocalNames()) {
376     void *mark = JS_ARENA_MARK(&cx->tempPool);
377     jsuword *names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
378     if (!names)
379     return NULL;
380    
381     JSBool ok = true;
382     for (uintN i = 0, n = fun->countLocalNames(); i != n; i++) {
383     jsuword name = names[i];
384     JSAtom *atom = JS_LOCAL_NAME_TO_ATOM(name);
385     JSLocalKind localKind = (i < fun->nargs)
386     ? JSLOCAL_ARG
387     : (i < fun->countArgsAndVars())
388     ? (JS_LOCAL_NAME_IS_CONST(name)
389     ? JSLOCAL_CONST
390     : JSLOCAL_VAR)
391     : JSLOCAL_UPVAR;
392    
393     ok = js_AddLocal(cx, wfun, atom, localKind);
394     if (!ok)
395     break;
396     }
397    
398     JS_ARENA_RELEASE(&cx->tempPool, mark);
399     if (!ok)
400     return NULL;
401     JS_ASSERT(wfun->nargs == fun->nargs);
402     JS_ASSERT(wfun->u.i.nvars == fun->u.i.nvars);
403     JS_ASSERT(wfun->u.i.nupvars == fun->u.i.nupvars);
404     js_FreezeLocalNames(cx, wfun);
405     }
406    
407     JSScript *script = fun->u.i.script;
408 siliconforks 507 jssrcnote *snbase = script->notes();
409 siliconforks 460 jssrcnote *sn = snbase;
410     while (!SN_IS_TERMINATOR(sn))
411     sn = SN_NEXT(sn);
412     uintN nsrcnotes = (sn - snbase) + 1;
413    
414     /* NB: GC must not occur before wscript is homed in wfun->u.i.script. */
415     JSScript *wscript = js_NewScript(cx, script->length, nsrcnotes,
416     script->atomMap.length,
417     (script->objectsOffset != 0)
418 siliconforks 507 ? script->objects()->length
419 siliconforks 460 : 0,
420     fun->u.i.nupvars,
421     (script->regexpsOffset != 0)
422 siliconforks 507 ? script->regexps()->length
423 siliconforks 460 : 0,
424     (script->trynotesOffset != 0)
425 siliconforks 507 ? script->trynotes()->length
426 siliconforks 460 : 0);
427     if (!wscript)
428     return NULL;
429    
430     memcpy(wscript->code, script->code, script->length);
431     wscript->main = wscript->code + (script->main - script->code);
432    
433 siliconforks 507 memcpy(wscript->notes(), snbase, nsrcnotes * sizeof(jssrcnote));
434 siliconforks 460 memcpy(wscript->atomMap.vector, script->atomMap.vector,
435     wscript->atomMap.length * sizeof(JSAtom *));
436     if (script->objectsOffset != 0) {
437 siliconforks 507 memcpy(wscript->objects()->vector, script->objects()->vector,
438     wscript->objects()->length * sizeof(JSObject *));
439 siliconforks 460 }
440     if (script->regexpsOffset != 0) {
441 siliconforks 507 memcpy(wscript->regexps()->vector, script->regexps()->vector,
442     wscript->regexps()->length * sizeof(JSObject *));
443 siliconforks 460 }
444     if (script->trynotesOffset != 0) {
445 siliconforks 507 memcpy(wscript->trynotes()->vector, script->trynotes()->vector,
446     wscript->trynotes()->length * sizeof(JSTryNote));
447 siliconforks 460 }
448    
449     if (wfun->u.i.nupvars != 0) {
450 siliconforks 507 JS_ASSERT(wfun->u.i.nupvars == wscript->upvars()->length);
451     memcpy(wscript->upvars()->vector, script->upvars()->vector,
452 siliconforks 460 wfun->u.i.nupvars * sizeof(uint32));
453     }
454    
455     jsbytecode *pc = wscript->code;
456     while (*pc != JSOP_STOP) {
457     /* XYZZYbe should copy JSOP_TRAP? */
458     JSOp op = js_GetOpcode(cx, wscript, pc);
459     const JSCodeSpec *cs = &js_CodeSpec[op];
460     ptrdiff_t oplen = cs->length;
461     if (oplen < 0)
462     oplen = js_GetVariableBytecodeLength(pc);
463    
464     /*
465     * Rewrite JSOP_{GET,CALL}DSLOT as JSOP_{GET,CALL}UPVAR_DBG for the
466     * case where fun is an escaping flat closure. This works because the
467     * UPVAR and DSLOT ops by design have the same format: an upvar index
468     * immediate operand.
469     */
470     switch (op) {
471     case JSOP_GETUPVAR: *pc = JSOP_GETUPVAR_DBG; break;
472     case JSOP_CALLUPVAR: *pc = JSOP_CALLUPVAR_DBG; break;
473     case JSOP_GETDSLOT: *pc = JSOP_GETUPVAR_DBG; break;
474     case JSOP_CALLDSLOT: *pc = JSOP_CALLUPVAR_DBG; break;
475     case JSOP_DEFFUN_FC: *pc = JSOP_DEFFUN_DBGFC; break;
476     case JSOP_DEFLOCALFUN_FC: *pc = JSOP_DEFLOCALFUN_DBGFC; break;
477     case JSOP_LAMBDA_FC: *pc = JSOP_LAMBDA_DBGFC; break;
478     default:;
479     }
480     pc += oplen;
481     }
482    
483     /*
484     * Fill in the rest of wscript. This means if you add members to JSScript
485     * you must update this code. FIXME: factor into JSScript::clone method.
486     */
487     wscript->flags = script->flags;
488     wscript->version = script->version;
489     wscript->nfixed = script->nfixed;
490     wscript->filename = script->filename;
491     wscript->lineno = script->lineno;
492     wscript->nslots = script->nslots;
493     wscript->staticLevel = script->staticLevel;
494     wscript->principals = script->principals;
495     if (wscript->principals)
496     JSPRINCIPALS_HOLD(cx, wscript->principals);
497     #ifdef CHECK_SCRIPT_OWNER
498     wscript->owner = script->owner;
499     #endif
500    
501     /* Deoptimize wfun from FUN_{FLAT,NULL}_CLOSURE to FUN_INTERPRETED. */
502     FUN_SET_KIND(wfun, JSFUN_INTERPRETED);
503     wfun->u.i.script = wscript;
504     return wfunobj;
505     }
506    
507 siliconforks 332 static JSBool
508 siliconforks 507 ArgGetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
509 siliconforks 332 {
510 siliconforks 507 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
511     return true;
512 siliconforks 332
513 siliconforks 507 if (JSVAL_IS_INT(idval)) {
514     /*
515     * arg can exceed the number of arguments if a script changed the
516     * prototype to point to another Arguments object with a bigger argc.
517     */
518     uintN arg = uintN(JSVAL_TO_INT(idval));
519     if (arg < GetArgsLength(obj)) {
520     #ifdef JS_TRACER
521     js_ArgsPrivateNative *argp = js_GetArgsPrivateNative(obj);
522     if (argp) {
523     if (js_NativeToValue(cx, *vp, argp->typemap()[arg], &argp->argv[arg]))
524     return true;
525     js_LeaveTrace(cx);
526     return false;
527     }
528     #endif
529 siliconforks 332
530 siliconforks 507 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
531     if (fp) {
532     *vp = fp->argv[arg];
533     } else {
534     jsval v = OBJ_GET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg);
535     if (v != JSVAL_HOLE)
536     *vp = v;
537     }
538     }
539     } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
540     if (!js_IsOverriddenArgsLength(obj))
541     *vp = INT_TO_JSVAL(GetArgsLength(obj));
542     } else {
543     JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
544     jsval v = obj->fslots[JSSLOT_ARGS_CALLEE];
545     if (v != JSVAL_HOLE) {
546 siliconforks 460 /*
547     * If this function or one in it needs upvars that reach above it
548     * in the scope chain, it must not be a null closure (it could be a
549     * flat closure, or an unoptimized closure -- the latter itself not
550     * necessarily heavyweight). Rather than wrap here, we simply throw
551     * to reduce code size and tell debugger users the truth instead of
552     * passing off a fibbing wrapper.
553     */
554 siliconforks 507 if (GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
555 siliconforks 460 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
556     JSMSG_OPTIMIZED_CLOSURE_LEAK);
557 siliconforks 507 return false;
558 siliconforks 460 }
559 siliconforks 507 *vp = v;
560 siliconforks 460 }
561 siliconforks 332 }
562 siliconforks 507 return true;
563 siliconforks 332 }
564    
565     static JSBool
566 siliconforks 507 ArgSetter(JSContext *cx, JSObject *obj, jsval idval, jsval *vp)
567 siliconforks 332 {
568 siliconforks 507 #ifdef JS_TRACER
569     // To be able to set a property here on trace, we would have to make
570     // sure any updates also get written back to the trace native stack.
571     // For simplicity, we just leave trace, since this is presumably not
572     // a common operation.
573     if (JS_ON_TRACE(cx)) {
574     js_DeepBail(cx);
575     return false;
576     }
577     #endif
578 siliconforks 332
579 siliconforks 507 if (!JS_InstanceOf(cx, obj, &js_ArgumentsClass, NULL))
580     return true;
581 siliconforks 332
582 siliconforks 507 if (JSVAL_IS_INT(idval)) {
583     uintN arg = uintN(JSVAL_TO_INT(idval));
584     if (arg < GetArgsLength(obj)) {
585     JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
586     if (fp) {
587     fp->argv[arg] = *vp;
588     return true;
589     }
590 siliconforks 332 }
591 siliconforks 507 } else {
592     JS_ASSERT(idval == ATOM_KEY(cx->runtime->atomState.lengthAtom) ||
593     idval == ATOM_KEY(cx->runtime->atomState.calleeAtom));
594 siliconforks 332 }
595 siliconforks 507
596     /*
597     * For simplicity we use delete/set to replace the property with one
598     * backed by the default Object getter and setter. Note the we rely on
599     * args_delete to clear the corresponding reserved slot so the GC can
600     * collect its value.
601     */
602     jsid id;
603     if (!JS_ValueToId(cx, idval, &id))
604     return false;
605    
606     JSAutoTempValueRooter tvr(cx);
607     return js_DeleteProperty(cx, obj, id, tvr.addr()) &&
608     js_SetProperty(cx, obj, id, vp);
609 siliconforks 332 }
610    
611     static JSBool
612 siliconforks 507 args_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
613 siliconforks 332 JSObject **objp)
614     {
615 siliconforks 507 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
616 siliconforks 332
617     *objp = NULL;
618 siliconforks 507 jsid id = 0;
619     if (JSVAL_IS_INT(idval)) {
620     uint32 arg = uint32(JSVAL_TO_INT(idval));
621     if (arg < GetArgsLength(obj) &&
622     OBJ_GET_SLOT(cx, obj, JSSLOT_ARGS_COPY_START + arg) != JSVAL_HOLE) {
623     id = INT_JSVAL_TO_JSID(idval);
624 siliconforks 332 }
625 siliconforks 507 } else if (idval == ATOM_KEY(cx->runtime->atomState.lengthAtom)) {
626     if (!js_IsOverriddenArgsLength(obj))
627     id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
628 siliconforks 332
629 siliconforks 507 } else if (idval == ATOM_KEY(cx->runtime->atomState.calleeAtom)) {
630     if (obj->fslots[JSSLOT_ARGS_CALLEE] != JSVAL_HOLE)
631     id = ATOM_TO_JSID(cx->runtime->atomState.calleeAtom);
632     }
633 siliconforks 332
634 siliconforks 507 if (id != 0) {
635     /*
636     * XXX ECMA specs DontEnum even for indexed properties, contrary to
637     * other array-like objects.
638     */
639     if (!js_DefineProperty(cx, obj, id, JSVAL_VOID, ArgGetter, ArgSetter, JSPROP_SHARED))
640     return JS_FALSE;
641     *objp = obj;
642 siliconforks 332 }
643 siliconforks 507 return true;
644 siliconforks 332 }
645    
646     static JSBool
647     args_enumerate(JSContext *cx, JSObject *obj)
648     {
649 siliconforks 507 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
650 siliconforks 332
651     /*
652 siliconforks 507 * Trigger reflection in args_resolve using a series of js_LookupProperty
653     * calls.
654 siliconforks 332 */
655 siliconforks 507 int argc = int(GetArgsLength(obj));
656     for (int i = -2; i != argc; i++) {
657     jsid id = (i == -2)
658     ? ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)
659     : (i == -1)
660     ? ATOM_TO_JSID(cx->runtime->atomState.calleeAtom)
661     : INT_JSVAL_TO_JSID(INT_TO_JSVAL(i));
662 siliconforks 332
663 siliconforks 507 JSObject *pobj;
664     JSProperty *prop;
665     if (!js_LookupProperty(cx, obj, id, &pobj, &prop))
666     return false;
667 siliconforks 332
668 siliconforks 507 /* prop is null when the property was deleted. */
669 siliconforks 332 if (prop)
670 siliconforks 507 pobj->dropProperty(cx, prop);
671 siliconforks 332 }
672 siliconforks 507 return true;
673 siliconforks 332 }
674    
675     #if JS_HAS_GENERATORS
676     /*
677     * If a generator-iterator's arguments or call object escapes, it needs to
678     * mark its generator object.
679     */
680     static void
681     args_or_call_trace(JSTracer *trc, JSObject *obj)
682     {
683 siliconforks 507 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass ||
684     STOBJ_GET_CLASS(obj) == &js_CallClass);
685     if (STOBJ_GET_CLASS(obj) == &js_ArgumentsClass && js_GetArgsPrivateNative(obj))
686     return;
687 siliconforks 332
688 siliconforks 507 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
689 siliconforks 332 if (fp && (fp->flags & JSFRAME_GENERATOR)) {
690     JS_CALL_OBJECT_TRACER(trc, FRAME_TO_GENERATOR(fp)->obj,
691     "FRAME_TO_GENERATOR(fp)->obj");
692     }
693     }
694     #else
695     # define args_or_call_trace NULL
696     #endif
697    
698 siliconforks 507 static uint32
699     args_reserveSlots(JSContext *cx, JSObject *obj)
700     {
701     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_ArgumentsClass);
702     return GetArgsLength(obj);
703     }
704    
705 siliconforks 332 /*
706     * The Arguments class is not initialized via JS_InitClass, and must not be,
707     * because its name is "Object". Per ECMA, that causes instances of it to
708     * delegate to the object named by Object.prototype. It also ensures that
709     * arguments.toString() returns "[object Object]".
710     *
711     * The JSClass functions below collaborate to lazily reflect and synchronize
712     * actual argument values, argument count, and callee function object stored
713     * in a JSStackFrame with their corresponding property values in the frame's
714     * arguments object.
715     */
716     JSClass js_ArgumentsClass = {
717     js_Object_str,
718 siliconforks 507 JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE |
719     JSCLASS_HAS_RESERVED_SLOTS(ARGS_CLASS_FIXED_RESERVED_SLOTS) |
720 siliconforks 332 JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
721     JS_PropertyStub, args_delProperty,
722 siliconforks 507 JS_PropertyStub, JS_PropertyStub,
723 siliconforks 332 args_enumerate, (JSResolveOp) args_resolve,
724 siliconforks 507 JS_ConvertStub, NULL,
725 siliconforks 332 NULL, NULL,
726     NULL, NULL,
727     NULL, NULL,
728 siliconforks 507 JS_CLASS_TRACE(args_or_call_trace), args_reserveSlots
729 siliconforks 332 };
730    
731 siliconforks 507 const uint32 JSSLOT_CALLEE = JSSLOT_PRIVATE + 1;
732     const uint32 JSSLOT_CALL_ARGUMENTS = JSSLOT_PRIVATE + 2;
733     const uint32 CALL_CLASS_FIXED_RESERVED_SLOTS = 2;
734 siliconforks 332
735 siliconforks 460 /*
736     * A Declarative Environment object stores its active JSStackFrame pointer in
737     * its private slot, just as Call and Arguments objects do.
738     */
739     JSClass js_DeclEnvClass = {
740     js_Object_str,
741     JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
742     JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
743 siliconforks 507 JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, NULL,
744 siliconforks 460 JSCLASS_NO_OPTIONAL_MEMBERS
745     };
746    
747 siliconforks 507 static JSBool
748 siliconforks 460 CheckForEscapingClosure(JSContext *cx, JSObject *obj, jsval *vp)
749     {
750     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass ||
751     STOBJ_GET_CLASS(obj) == &js_DeclEnvClass);
752    
753     jsval v = *vp;
754    
755     if (VALUE_IS_FUNCTION(cx, v)) {
756     JSObject *funobj = JSVAL_TO_OBJECT(v);
757     JSFunction *fun = GET_FUNCTION_PRIVATE(cx, funobj);
758    
759     /*
760     * Any escaping null or flat closure that reaches above itself or
761     * contains nested functions that reach above it must be wrapped.
762     * We can wrap only when this Call or Declarative Environment obj
763     * still has an active stack frame associated with it.
764     */
765     if (fun->needsWrapper()) {
766 siliconforks 507 js_LeaveTrace(cx);
767    
768     JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
769 siliconforks 460 if (fp) {
770     JSObject *wrapper = WrapEscapingClosure(cx, fp, funobj, fun);
771     if (!wrapper)
772     return false;
773     *vp = OBJECT_TO_JSVAL(wrapper);
774     return true;
775     }
776    
777     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
778     JSMSG_OPTIMIZED_CLOSURE_LEAK);
779     return false;
780     }
781     }
782     return true;
783     }
784    
785 siliconforks 507 static JSBool
786 siliconforks 460 CalleeGetter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
787     {
788     return CheckForEscapingClosure(cx, obj, vp);
789     }
790    
791 siliconforks 332 JSObject *
792 siliconforks 460 js_GetCallObject(JSContext *cx, JSStackFrame *fp)
793 siliconforks 332 {
794 siliconforks 460 JSObject *callobj;
795 siliconforks 332
796     /* Create a call object for fp only if it lacks one. */
797     JS_ASSERT(fp->fun);
798     callobj = fp->callobj;
799     if (callobj)
800     return callobj;
801    
802 siliconforks 460 #ifdef DEBUG
803     /* A call object should be a frame's outermost scope chain element. */
804     JSClass *classp = OBJ_GET_CLASS(cx, fp->scopeChain);
805     if (classp == &js_WithClass || classp == &js_BlockClass || classp == &js_CallClass)
806 siliconforks 507 JS_ASSERT(fp->scopeChain->getPrivate() != fp);
807 siliconforks 460 #endif
808    
809     /*
810     * Create the call object, using the frame's enclosing scope as its
811     * parent, and link the call to its stack frame. For a named function
812     * expression Call's parent points to an environment object holding
813     * function's name.
814     */
815     JSAtom *lambdaName = (fp->fun->flags & JSFUN_LAMBDA) ? fp->fun->atom : NULL;
816     if (lambdaName) {
817     JSObject *env = js_NewObjectWithGivenProto(cx, &js_DeclEnvClass, NULL,
818 siliconforks 507 fp->scopeChain);
819 siliconforks 460 if (!env)
820     return NULL;
821 siliconforks 507 env->setPrivate(fp);
822 siliconforks 460
823     /* Root env before js_DefineNativeProperty (-> JSClass.addProperty). */
824     fp->scopeChain = env;
825 siliconforks 507 JS_ASSERT(fp->argv);
826 siliconforks 460 if (!js_DefineNativeProperty(cx, fp->scopeChain, ATOM_TO_JSID(lambdaName),
827 siliconforks 507 fp->argv[-2],
828 siliconforks 460 CalleeGetter, NULL,
829     JSPROP_PERMANENT | JSPROP_READONLY,
830     0, 0, NULL)) {
831     return NULL;
832     }
833 siliconforks 332 }
834    
835 siliconforks 507 callobj = js_NewObjectWithGivenProto(cx, &js_CallClass, NULL, fp->scopeChain);
836     if (!callobj ||
837     !js_EnsureReservedSlots(cx, callobj, fp->fun->countArgsAndVars())) {
838 siliconforks 332 return NULL;
839 siliconforks 507 }
840 siliconforks 332
841 siliconforks 507 callobj->setPrivate(fp);
842     JS_ASSERT(fp->argv);
843     JS_ASSERT(fp->fun == GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(fp->argv[-2])));
844     STOBJ_SET_SLOT(callobj, JSSLOT_CALLEE, fp->argv[-2]);
845 siliconforks 332 fp->callobj = callobj;
846    
847 siliconforks 460 /*
848     * Push callobj on the top of the scope chain, and make it the
849     * variables object.
850     */
851 siliconforks 332 fp->scopeChain = callobj;
852     fp->varobj = callobj;
853     return callobj;
854     }
855    
856 siliconforks 507 JSFunction *
857     js_GetCallObjectFunction(JSObject *obj)
858 siliconforks 332 {
859     jsval v;
860    
861     JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass);
862 siliconforks 460 v = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE);
863 siliconforks 332 if (JSVAL_IS_VOID(v)) {
864     /* Newborn or prototype object. */
865     return NULL;
866     }
867     JS_ASSERT(!JSVAL_IS_PRIMITIVE(v));
868 siliconforks 460 return GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v));
869 siliconforks 332 }
870    
871 siliconforks 507 #ifdef OJI
872     JS_BEGIN_EXTERN_C
873     JS_EXPORT_API(void)
874     #else
875     void
876     #endif
877 siliconforks 332 js_PutCallObject(JSContext *cx, JSStackFrame *fp)
878     {
879 siliconforks 507 JSObject *callobj = fp->callobj;
880     JS_ASSERT(callobj);
881 siliconforks 332
882 siliconforks 507 /* Get the arguments object to snapshot fp's actual argument values. */
883     if (fp->argsobj) {
884     if (!(fp->flags & JSFRAME_OVERRIDE_ARGS))
885     STOBJ_SET_SLOT(callobj, JSSLOT_CALL_ARGUMENTS, fp->argsobj);
886     js_PutArgsObject(cx, fp);
887     }
888    
889     JSFunction *fun = fp->fun;
890     JS_ASSERT(fun == js_GetCallObjectFunction(callobj));
891     uintN n = fun->countArgsAndVars();
892    
893 siliconforks 332 /*
894     * Since for a call object all fixed slots happen to be taken, we can copy
895     * arguments and variables straight into JSObject.dslots.
896     */
897     JS_STATIC_ASSERT(JS_INITIAL_NSLOTS - JSSLOT_PRIVATE ==
898     1 + CALL_CLASS_FIXED_RESERVED_SLOTS);
899     if (n != 0) {
900 siliconforks 507 JS_ASSERT(STOBJ_NSLOTS(callobj) >= JS_INITIAL_NSLOTS + n);
901     n += JS_INITIAL_NSLOTS;
902 siliconforks 332 JS_LOCK_OBJ(cx, callobj);
903 siliconforks 507 memcpy(callobj->dslots, fp->argv, fun->nargs * sizeof(jsval));
904     memcpy(callobj->dslots + fun->nargs, fp->slots,
905     fun->u.i.nvars * sizeof(jsval));
906     JS_UNLOCK_OBJ(cx, callobj);
907 siliconforks 332 }
908    
909 siliconforks 507 /* Clear private pointers to fp, which is about to go away (js_Invoke). */
910 siliconforks 460 if ((fun->flags & JSFUN_LAMBDA) && fun->atom) {
911     JSObject *env = STOBJ_GET_PARENT(callobj);
912    
913     JS_ASSERT(STOBJ_GET_CLASS(env) == &js_DeclEnvClass);
914 siliconforks 507 JS_ASSERT(env->getPrivate() == fp);
915     env->setPrivate(NULL);
916 siliconforks 460 }
917    
918 siliconforks 507 callobj->setPrivate(NULL);
919 siliconforks 332 fp->callobj = NULL;
920     }
921 siliconforks 507 #ifdef OJI
922     JS_END_EXTERN_C
923     #endif
924 siliconforks 332
925     static JSBool
926     call_enumerate(JSContext *cx, JSObject *obj)
927     {
928     JSFunction *fun;
929     uintN n, i;
930     void *mark;
931     jsuword *names;
932     JSBool ok;
933     JSAtom *name;
934     JSObject *pobj;
935     JSProperty *prop;
936    
937 siliconforks 507 fun = js_GetCallObjectFunction(obj);
938 siliconforks 460 n = fun ? fun->countArgsAndVars() : 0;
939 siliconforks 332 if (n == 0)
940     return JS_TRUE;
941    
942     mark = JS_ARENA_MARK(&cx->tempPool);
943    
944     MUST_FLOW_THROUGH("out");
945     names = js_GetLocalNameArray(cx, fun, &cx->tempPool);
946     if (!names) {
947     ok = JS_FALSE;
948     goto out;
949     }
950    
951     for (i = 0; i != n; ++i) {
952     name = JS_LOCAL_NAME_TO_ATOM(names[i]);
953     if (!name)
954     continue;
955    
956     /*
957     * Trigger reflection by looking up the name of the argument or
958     * variable.
959     */
960     ok = js_LookupProperty(cx, obj, ATOM_TO_JSID(name), &pobj, &prop);
961     if (!ok)
962     goto out;
963    
964     /*
965 siliconforks 460 * The call object will always have a property corresponding to the
966     * argument or variable name because call_resolve creates the property
967     * using JSPROP_PERMANENT.
968 siliconforks 332 */
969 siliconforks 460 JS_ASSERT(prop);
970     JS_ASSERT(pobj == obj);
971 siliconforks 507 pobj->dropProperty(cx, prop);
972 siliconforks 332 }
973     ok = JS_TRUE;
974    
975     out:
976     JS_ARENA_RELEASE(&cx->tempPool, mark);
977     return ok;
978     }
979    
980     typedef enum JSCallPropertyKind {
981     JSCPK_ARGUMENTS,
982     JSCPK_ARG,
983     JSCPK_VAR
984     } JSCallPropertyKind;
985    
986     static JSBool
987     CallPropertyOp(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
988     JSCallPropertyKind kind, JSBool setter)
989     {
990     JSFunction *fun;
991     JSStackFrame *fp;
992     uintN i;
993     jsval *array;
994    
995     if (STOBJ_GET_CLASS(obj) != &js_CallClass)
996     return JS_TRUE;
997    
998 siliconforks 507 fun = js_GetCallObjectFunction(obj);
999     fp = (JSStackFrame *) obj->getPrivate();
1000 siliconforks 332
1001     if (kind == JSCPK_ARGUMENTS) {
1002     if (setter) {
1003     if (fp)
1004 siliconforks 507 fp->flags |= JSFRAME_OVERRIDE_ARGS;
1005 siliconforks 332 STOBJ_SET_SLOT(obj, JSSLOT_CALL_ARGUMENTS, *vp);
1006     } else {
1007 siliconforks 507 if (fp && !(fp->flags & JSFRAME_OVERRIDE_ARGS)) {
1008 siliconforks 332 JSObject *argsobj;
1009    
1010     argsobj = js_GetArgsObject(cx, fp);
1011     if (!argsobj)
1012     return JS_FALSE;
1013     *vp = OBJECT_TO_JSVAL(argsobj);
1014     } else {
1015     *vp = STOBJ_GET_SLOT(obj, JSSLOT_CALL_ARGUMENTS);
1016     }
1017     }
1018     return JS_TRUE;
1019     }
1020    
1021     JS_ASSERT((int16) JSVAL_TO_INT(id) == JSVAL_TO_INT(id));
1022     i = (uint16) JSVAL_TO_INT(id);
1023     JS_ASSERT_IF(kind == JSCPK_ARG, i < fun->nargs);
1024     JS_ASSERT_IF(kind == JSCPK_VAR, i < fun->u.i.nvars);
1025    
1026     if (!fp) {
1027     i += CALL_CLASS_FIXED_RESERVED_SLOTS;
1028     if (kind == JSCPK_VAR)
1029     i += fun->nargs;
1030     else
1031     JS_ASSERT(kind == JSCPK_ARG);
1032     return setter
1033     ? JS_SetReservedSlot(cx, obj, i, *vp)
1034     : JS_GetReservedSlot(cx, obj, i, vp);
1035     }
1036    
1037     if (kind == JSCPK_ARG) {
1038     array = fp->argv;
1039     } else {
1040     JS_ASSERT(kind == JSCPK_VAR);
1041     array = fp->slots;
1042     }
1043 siliconforks 460 if (setter) {
1044     GC_POKE(cx, array[i]);
1045 siliconforks 332 array[i] = *vp;
1046 siliconforks 460 } else {
1047 siliconforks 332 *vp = array[i];
1048 siliconforks 460 }
1049 siliconforks 332 return JS_TRUE;
1050     }
1051    
1052     static JSBool
1053     GetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1054     {
1055     return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_FALSE);
1056     }
1057    
1058     static JSBool
1059     SetCallArguments(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1060     {
1061     return CallPropertyOp(cx, obj, id, vp, JSCPK_ARGUMENTS, JS_TRUE);
1062     }
1063    
1064     JSBool
1065     js_GetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1066     {
1067     return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_FALSE);
1068     }
1069    
1070 siliconforks 507 JSBool
1071 siliconforks 332 SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1072     {
1073     return CallPropertyOp(cx, obj, id, vp, JSCPK_ARG, JS_TRUE);
1074     }
1075    
1076     JSBool
1077     js_GetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1078     {
1079     return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE);
1080     }
1081    
1082 siliconforks 460 JSBool
1083     js_GetCallVarChecked(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1084     {
1085     if (!CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_FALSE))
1086     return JS_FALSE;
1087    
1088     return CheckForEscapingClosure(cx, obj, vp);
1089     }
1090    
1091 siliconforks 507 JSBool
1092 siliconforks 332 SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
1093     {
1094     return CallPropertyOp(cx, obj, id, vp, JSCPK_VAR, JS_TRUE);
1095     }
1096    
1097 siliconforks 507 JSBool JS_FASTCALL
1098     js_SetCallArg(JSContext *cx, JSObject *obj, jsid id, jsval v)
1099     {
1100     return CallPropertyOp(cx, obj, id, &v, JSCPK_ARG, JS_TRUE);
1101     }
1102    
1103     JSBool JS_FASTCALL
1104     js_SetCallVar(JSContext *cx, JSObject *obj, jsid id, jsval v)
1105     {
1106     return CallPropertyOp(cx, obj, id, &v, JSCPK_VAR, JS_TRUE);
1107     }
1108    
1109     JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallArg, CONTEXT, OBJECT, JSID, JSVAL, 0, 0)
1110     JS_DEFINE_CALLINFO_4(extern, BOOL, js_SetCallVar, CONTEXT, OBJECT, JSID, JSVAL, 0, 0)
1111    
1112 siliconforks 332 static JSBool
1113     call_resolve(JSContext *cx, JSObject *obj, jsval idval, uintN flags,
1114     JSObject **objp)
1115     {
1116 siliconforks 460 jsval callee;
1117 siliconforks 332 JSFunction *fun;
1118     jsid id;
1119     JSLocalKind localKind;
1120     JSPropertyOp getter, setter;
1121     uintN slot, attrs;
1122    
1123 siliconforks 460 JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_CallClass);
1124     JS_ASSERT(!STOBJ_GET_PROTO(obj));
1125    
1126 siliconforks 332 if (!JSVAL_IS_STRING(idval))
1127     return JS_TRUE;
1128    
1129 siliconforks 460 callee = STOBJ_GET_SLOT(obj, JSSLOT_CALLEE);
1130     if (JSVAL_IS_VOID(callee))
1131 siliconforks 332 return JS_TRUE;
1132 siliconforks 460 fun = GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(callee));
1133 siliconforks 332
1134     if (!js_ValueToStringId(cx, idval, &id))
1135     return JS_FALSE;
1136    
1137 siliconforks 460 /*
1138     * Check whether the id refers to a formal parameter, local variable or
1139     * the arguments special name.
1140     *
1141     * We define all such names using JSDNP_DONT_PURGE to avoid an expensive
1142     * shape invalidation in js_DefineNativeProperty. If such an id happens to
1143     * shadow a global or upvar of the same name, any inner functions can
1144     * never access the outer binding. Thus it cannot invalidate any property
1145     * cache entries or derived trace guards for the outer binding. See also
1146     * comments in js_PurgeScopeChainHelper from jsobj.cpp.
1147     */
1148 siliconforks 332 localKind = js_LookupLocal(cx, fun, JSID_TO_ATOM(id), &slot);
1149 siliconforks 460 if (localKind != JSLOCAL_NONE && localKind != JSLOCAL_UPVAR) {
1150 siliconforks 332 JS_ASSERT((uint16) slot == slot);
1151 siliconforks 460
1152     /*
1153     * We follow 10.2.3 of ECMA 262 v3 and make argument and variable
1154     * properties of the Call objects enumerable.
1155     */
1156     attrs = JSPROP_ENUMERATE | JSPROP_PERMANENT | JSPROP_SHARED;
1157 siliconforks 332 if (localKind == JSLOCAL_ARG) {
1158     JS_ASSERT(slot < fun->nargs);
1159     getter = js_GetCallArg;
1160     setter = SetCallArg;
1161     } else {
1162     JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
1163     JS_ASSERT(slot < fun->u.i.nvars);
1164     getter = js_GetCallVar;
1165     setter = SetCallVar;
1166     if (localKind == JSLOCAL_CONST)
1167     attrs |= JSPROP_READONLY;
1168 siliconforks 460
1169     /*
1170     * Use js_GetCallVarChecked if the local's value is a null closure.
1171     * This way we penalize performance only slightly on first use of a
1172     * null closure, not on every use.
1173     */
1174     jsval v;
1175     if (!CallPropertyOp(cx, obj, INT_TO_JSID((int16)slot), &v, JSCPK_VAR, JS_FALSE))
1176     return JS_FALSE;
1177     if (VALUE_IS_FUNCTION(cx, v) &&
1178     GET_FUNCTION_PRIVATE(cx, JSVAL_TO_OBJECT(v))->needsWrapper()) {
1179     getter = js_GetCallVarChecked;
1180     }
1181 siliconforks 332 }
1182     if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID, getter, setter,
1183     attrs, SPROP_HAS_SHORTID, (int16) slot,
1184 siliconforks 460 NULL, JSDNP_DONT_PURGE)) {
1185 siliconforks 332 return JS_FALSE;
1186     }
1187     *objp = obj;
1188     return JS_TRUE;
1189     }
1190    
1191     /*
1192     * Resolve arguments so that we never store a particular Call object's
1193     * arguments object reference in a Call prototype's |arguments| slot.
1194     */
1195     if (id == ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom)) {
1196     if (!js_DefineNativeProperty(cx, obj, id, JSVAL_VOID,
1197     GetCallArguments, SetCallArguments,
1198     JSPROP_PERMANENT | JSPROP_SHARED,
1199 siliconforks 460 0, 0, NULL, JSDNP_DONT_PURGE)) {
1200 siliconforks 332 return JS_FALSE;
1201     }
1202     *objp = obj;
1203     return JS_TRUE;
1204     }
1205 siliconforks 460
1206     /* Control flow reaches here only if id was not resolved. */
1207 siliconforks 332 return JS_TRUE;
1208     }
1209    
1210     static JSBool
1211     call_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
1212     {
1213     if (type == JSTYPE_FUNCTION) {
1214 siliconforks 507 JSStackFrame *fp = (JSStackFrame *) obj->getPrivate();
1215 siliconforks 332 if (fp) {
1216     JS_ASSERT(fp->fun);
1217 siliconforks 507 JS_ASSERT(fp->argv);
1218     *vp = fp->argv[-2];
1219 siliconforks 332 }
1220     }
1221     return JS_TRUE;
1222     }
1223    
1224     static uint32
1225     call_reserveSlots(JSContext *cx, JSObject *obj)
1226     {
1227     JSFunction *fun;
1228    
1229 siliconforks 507 fun = js_GetCallObjectFunction(obj);
1230 siliconforks 460 return fun->countArgsAndVars();
1231 siliconforks 332 }
1232    
1233     JS_FRIEND_DATA(JSClass) js_CallClass = {
1234 siliconforks 460 "Call",
1235 siliconforks 332 JSCLASS_HAS_PRIVATE |
1236     JSCLASS_HAS_RESERVED_SLOTS(CALL_CLASS_FIXED_RESERVED_SLOTS) |
1237 siliconforks 460 JSCLASS_NEW_RESOLVE | JSCLASS_IS_ANONYMOUS | JSCLASS_MARK_IS_TRACE,
1238 siliconforks 332 JS_PropertyStub, JS_PropertyStub,
1239     JS_PropertyStub, JS_PropertyStub,
1240     call_enumerate, (JSResolveOp)call_resolve,
1241 siliconforks 507 call_convert, NULL,
1242 siliconforks 332 NULL, NULL,
1243     NULL, NULL,
1244     NULL, NULL,
1245     JS_CLASS_TRACE(args_or_call_trace), call_reserveSlots
1246     };
1247    
1248 siliconforks 507 /* Generic function tinyids. */
1249     enum {
1250     FUN_ARGUMENTS = -1, /* predefined arguments local variable */
1251     FUN_LENGTH = -2, /* number of actual args, arity if inactive */
1252     FUN_ARITY = -3, /* number of formal parameters; desired argc */
1253     FUN_NAME = -4, /* function name, "" if anonymous */
1254     FUN_CALLER = -5 /* Function.prototype.caller, backward compat */
1255     };
1256    
1257 siliconforks 332 static JSBool
1258     fun_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
1259     {
1260     jsint slot;
1261     JSFunction *fun;
1262     JSStackFrame *fp;
1263     JSSecurityCallbacks *callbacks;
1264    
1265     if (!JSVAL_IS_INT(id))
1266     return JS_TRUE;
1267     slot = JSVAL_TO_INT(id);
1268    
1269     /*
1270     * Loop because getter and setter can be delegated from another class,
1271 siliconforks 507 * but loop only for FUN_LENGTH because we must pretend that f.length
1272 siliconforks 332 * is in each function instance f, per ECMA-262, instead of only in the
1273     * Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED
1274     * to make it appear so).
1275     *
1276     * This code couples tightly to the attributes for the function_props[]
1277     * initializers above, and to js_SetProperty and js_HasOwnProperty.
1278     *
1279     * It's important to allow delegating objects, even though they inherit
1280     * this getter (fun_getProperty), to override arguments, arity, caller,
1281 siliconforks 507 * and name. If we didn't return early for slot != FUN_LENGTH, we would
1282 siliconforks 332 * clobber *vp with the native property value, instead of letting script
1283     * override that value in delegating objects.
1284     *
1285     * Note how that clobbering is what simulates JSPROP_READONLY for all of
1286     * the non-standard properties when the directly addressed object (obj)
1287     * is a function object (i.e., when this loop does not iterate).
1288     */
1289     while (!(fun = (JSFunction *)
1290     JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL))) {
1291 siliconforks 507 if (slot != FUN_LENGTH)
1292 siliconforks 332 return JS_TRUE;
1293     obj = OBJ_GET_PROTO(cx, obj);
1294     if (!obj)
1295     return JS_TRUE;
1296     }
1297    
1298     /* Find fun's top-most activation record. */
1299 siliconforks 460 for (fp = js_GetTopStackFrame(cx);
1300     fp && (fp->fun != fun || (fp->flags & JSFRAME_SPECIAL));
1301 siliconforks 332 fp = fp->down) {
1302     continue;
1303     }
1304    
1305     switch (slot) {
1306 siliconforks 507 case FUN_ARGUMENTS:
1307 siliconforks 332 /* Warn if strict about f.arguments or equivalent unqualified uses. */
1308     if (!JS_ReportErrorFlagsAndNumber(cx,
1309     JSREPORT_WARNING | JSREPORT_STRICT,
1310     js_GetErrorMessage, NULL,
1311     JSMSG_DEPRECATED_USAGE,
1312     js_arguments_str)) {
1313     return JS_FALSE;
1314     }
1315     if (fp) {
1316     if (!js_GetArgsValue(cx, fp, vp))
1317     return JS_FALSE;
1318     } else {
1319     *vp = JSVAL_NULL;
1320     }
1321     break;
1322    
1323 siliconforks 507 case FUN_LENGTH:
1324 siliconforks 332 case FUN_ARITY:
1325     *vp = INT_TO_JSVAL((jsint)fun->nargs);
1326     break;
1327    
1328     case FUN_NAME:
1329     *vp = fun->atom
1330     ? ATOM_KEY(fun->atom)
1331     : STRING_TO_JSVAL(cx->runtime->emptyString);
1332     break;
1333    
1334     case FUN_CALLER:
1335 siliconforks 460 if (fp && fp->down && fp->down->fun) {
1336     JSFunction *caller = fp->down->fun;
1337     /*
1338     * See equivalent condition in args_getProperty for ARGS_CALLEE,
1339     * but here we do not want to throw, since this escape can happen
1340     * via foo.caller alone, without any debugger or indirect eval. And
1341     * it seems foo.caller is still used on the Web.
1342     */
1343     if (caller->needsWrapper()) {
1344     JSObject *wrapper = WrapEscapingClosure(cx, fp->down, FUN_OBJECT(caller), caller);
1345     if (!wrapper)
1346     return JS_FALSE;
1347     *vp = OBJECT_TO_JSVAL(wrapper);
1348     return JS_TRUE;
1349     }
1350    
1351 siliconforks 507 JS_ASSERT(fp->down->argv);
1352     *vp = fp->down->argv[-2];
1353 siliconforks 460 } else {
1354 siliconforks 332 *vp = JSVAL_NULL;
1355 siliconforks 460 }
1356 siliconforks 332 if (!JSVAL_IS_PRIMITIVE(*vp)) {
1357     callbacks = JS_GetSecurityCallbacks(cx);
1358     if (callbacks && callbacks->checkObjectAccess) {
1359     id = ATOM_KEY(cx->runtime->atomState.callerAtom);
1360     if (!callbacks->checkObjectAccess(cx, obj, id, JSACC_READ, vp))
1361     return JS_FALSE;
1362     }
1363     }
1364     break;
1365    
1366     default:
1367     /* XXX fun[0] and fun.arguments[0] are equivalent. */
1368     if (fp && fp->fun && (uintN)slot < fp->fun->nargs)
1369     *vp = fp->argv[slot];
1370     break;
1371     }
1372    
1373     return JS_TRUE;
1374     }
1375    
1376     /*
1377     * ECMA-262 specifies that length is a property of function object instances,
1378     * but we can avoid that space cost by delegating to a prototype property that
1379     * is JSPROP_PERMANENT and JSPROP_SHARED. Each fun_getProperty call computes
1380     * a fresh length value based on the arity of the individual function object's
1381     * private data.
1382     *
1383     * The extensions below other than length, i.e., the ones not in ECMA-262,
1384     * are neither JSPROP_READONLY nor JSPROP_SHARED, because for compatibility
1385     * with ECMA we must allow a delegating object to override them. Therefore to
1386     * avoid entraining garbage in Function.prototype slots, they must be resolved
1387     * in non-prototype function objects, wherefore the lazy_function_props table
1388     * and fun_resolve's use of it.
1389     */
1390     #define LENGTH_PROP_ATTRS (JSPROP_READONLY|JSPROP_PERMANENT|JSPROP_SHARED)
1391    
1392     static JSPropertySpec function_props[] = {
1393 siliconforks 507 {js_length_str, FUN_LENGTH, LENGTH_PROP_ATTRS, fun_getProperty, JS_PropertyStub},
1394 siliconforks 332 {0,0,0,0,0}
1395     };
1396    
1397     typedef struct LazyFunctionProp {
1398     uint16 atomOffset;
1399     int8 tinyid;
1400     uint8 attrs;
1401     } LazyFunctionProp;
1402    
1403     /* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */
1404     static LazyFunctionProp lazy_function_props[] = {
1405 siliconforks 507 {ATOM_OFFSET(arguments), FUN_ARGUMENTS, JSPROP_PERMANENT},
1406 siliconforks 332 {ATOM_OFFSET(arity), FUN_ARITY, JSPROP_PERMANENT},
1407     {ATOM_OFFSET(caller), FUN_CALLER, JSPROP_PERMANENT},
1408     {ATOM_OFFSET(name), FUN_NAME, JSPROP_PERMANENT},
1409     };
1410    
1411     static JSBool
1412     fun_enumerate(JSContext *cx, JSObject *obj)
1413     {
1414     jsid prototypeId;
1415     JSObject *pobj;
1416     JSProperty *prop;
1417    
1418     prototypeId = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1419 siliconforks 507 if (!obj->lookupProperty(cx, prototypeId, &pobj, &prop))
1420 siliconforks 332 return JS_FALSE;
1421     if (prop)
1422 siliconforks 507 pobj->dropProperty(cx, prop);
1423 siliconforks 332 return JS_TRUE;
1424     }
1425    
1426     static JSBool
1427     fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
1428     JSObject **objp)
1429     {
1430     JSFunction *fun;
1431     JSAtom *atom;
1432     uintN i;
1433    
1434     if (!JSVAL_IS_STRING(id))
1435     return JS_TRUE;
1436    
1437     fun = GET_FUNCTION_PRIVATE(cx, obj);
1438    
1439     /*
1440     * No need to reflect fun.prototype in 'fun.prototype = ... '.
1441     */
1442     if (flags & JSRESOLVE_ASSIGNING)
1443     return JS_TRUE;
1444    
1445     /*
1446     * Ok, check whether id is 'prototype' and bootstrap the function object's
1447     * prototype property.
1448     */
1449     atom = cx->runtime->atomState.classPrototypeAtom;
1450     if (id == ATOM_KEY(atom)) {
1451     JSObject *proto;
1452    
1453     /*
1454     * Beware of the wacky case of a user function named Object -- trying
1455     * to find a prototype for that will recur back here _ad perniciem_.
1456     */
1457     if (fun->atom == CLASS_ATOM(cx, Object))
1458     return JS_TRUE;
1459    
1460     /*
1461     * Make the prototype object to have the same parent as the function
1462     * object itself.
1463     */
1464 siliconforks 507 proto = js_NewObject(cx, &js_ObjectClass, NULL, OBJ_GET_PARENT(cx, obj));
1465 siliconforks 332 if (!proto)
1466     return JS_FALSE;
1467    
1468     /*
1469     * ECMA (15.3.5.2) says that constructor.prototype is DontDelete for
1470     * user-defined functions, but DontEnum | ReadOnly | DontDelete for
1471     * native "system" constructors such as Object or Function. So lazily
1472     * set the former here in fun_resolve, but eagerly define the latter
1473     * in JS_InitClass, with the right attributes.
1474     */
1475 siliconforks 507 if (!js_SetClassPrototype(cx, obj, proto, JSPROP_PERMANENT))
1476 siliconforks 332 return JS_FALSE;
1477 siliconforks 507
1478 siliconforks 332 *objp = obj;
1479     return JS_TRUE;
1480     }
1481    
1482     for (i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) {
1483     LazyFunctionProp *lfp = &lazy_function_props[i];
1484    
1485     atom = OFFSET_TO_ATOM(cx->runtime, lfp->atomOffset);
1486     if (id == ATOM_KEY(atom)) {
1487     if (!js_DefineNativeProperty(cx, obj,
1488     ATOM_TO_JSID(atom), JSVAL_VOID,
1489     fun_getProperty, JS_PropertyStub,
1490     lfp->attrs, SPROP_HAS_SHORTID,
1491     lfp->tinyid, NULL)) {
1492     return JS_FALSE;
1493     }
1494     *objp = obj;
1495     return JS_TRUE;
1496     }
1497     }
1498    
1499     return JS_TRUE;
1500     }
1501    
1502     static JSBool
1503     fun_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
1504     {
1505     switch (type) {
1506     case JSTYPE_FUNCTION:
1507     *vp = OBJECT_TO_JSVAL(obj);
1508     return JS_TRUE;
1509     default:
1510     return js_TryValueOf(cx, obj, type, vp);
1511     }
1512     }
1513    
1514     #if JS_HAS_XDR
1515    
1516     /* XXX store parent and proto, if defined */
1517 siliconforks 460 JSBool
1518     js_XDRFunctionObject(JSXDRState *xdr, JSObject **objp)
1519 siliconforks 332 {
1520     JSContext *cx;
1521     JSFunction *fun;
1522 siliconforks 460 uint32 firstword; /* flag telling whether fun->atom is non-null,
1523     plus for fun->u.i.skipmin, fun->u.i.wrapper,
1524     and 14 bits reserved for future use */
1525     uintN nargs, nvars, nupvars, n;
1526     uint32 localsword; /* word for argument and variable counts */
1527     uint32 flagsword; /* word for fun->u.i.nupvars and fun->flags */
1528 siliconforks 332 JSTempValueRooter tvr;
1529     JSBool ok;
1530    
1531     cx = xdr->cx;
1532     if (xdr->mode == JSXDR_ENCODE) {
1533     fun = GET_FUNCTION_PRIVATE(cx, *objp);
1534     if (!FUN_INTERPRETED(fun)) {
1535     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1536     JSMSG_NOT_SCRIPTED_FUNCTION,
1537     JS_GetFunctionName(fun));
1538     return JS_FALSE;
1539     }
1540 siliconforks 460 if (fun->u.i.wrapper) {
1541     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1542     JSMSG_XDR_CLOSURE_WRAPPER,
1543     JS_GetFunctionName(fun));
1544     return JS_FALSE;
1545     }
1546     JS_ASSERT((fun->u.i.wrapper & ~1U) == 0);
1547     firstword = (fun->u.i.skipmin << 2) | (fun->u.i.wrapper << 1) | !!fun->atom;
1548 siliconforks 332 nargs = fun->nargs;
1549     nvars = fun->u.i.nvars;
1550 siliconforks 460 nupvars = fun->u.i.nupvars;
1551 siliconforks 332 localsword = (nargs << 16) | nvars;
1552 siliconforks 460 flagsword = (nupvars << 16) | fun->flags;
1553 siliconforks 332 } else {
1554     fun = js_NewFunction(cx, NULL, NULL, 0, JSFUN_INTERPRETED, NULL, NULL);
1555     if (!fun)
1556     return JS_FALSE;
1557     STOBJ_CLEAR_PARENT(FUN_OBJECT(fun));
1558     STOBJ_CLEAR_PROTO(FUN_OBJECT(fun));
1559     #ifdef __GNUC__
1560 siliconforks 460 nvars = nargs = nupvars = 0; /* quell GCC uninitialized warning */
1561 siliconforks 332 #endif
1562     }
1563    
1564     /* From here on, control flow must flow through label out. */
1565 siliconforks 460 MUST_FLOW_THROUGH("out");
1566 siliconforks 332 JS_PUSH_TEMP_ROOT_OBJECT(cx, FUN_OBJECT(fun), &tvr);
1567     ok = JS_TRUE;
1568    
1569 siliconforks 460 if (!JS_XDRUint32(xdr, &firstword))
1570 siliconforks 332 goto bad;
1571 siliconforks 460 if ((firstword & 1U) && !js_XDRStringAtom(xdr, &fun->atom))
1572 siliconforks 332 goto bad;
1573     if (!JS_XDRUint32(xdr, &localsword) ||
1574     !JS_XDRUint32(xdr, &flagsword)) {
1575     goto bad;
1576     }
1577    
1578     if (xdr->mode == JSXDR_DECODE) {
1579     nargs = localsword >> 16;
1580 siliconforks 460 nvars = uint16(localsword);
1581     JS_ASSERT((flagsword & JSFUN_KINDMASK) >= JSFUN_INTERPRETED);
1582     nupvars = flagsword >> 16;
1583     fun->flags = uint16(flagsword);
1584     fun->u.i.skipmin = uint16(firstword >> 2);
1585     fun->u.i.wrapper = (firstword >> 1) & 1;
1586 siliconforks 332 }
1587    
1588     /* do arguments and local vars */
1589 siliconforks 460 n = nargs + nvars + nupvars;
1590 siliconforks 332 if (n != 0) {
1591     void *mark;
1592     uintN i;
1593     uintN bitmapLength;
1594     uint32 *bitmap;
1595     jsuword *names;
1596     JSAtom *name;
1597     JSLocalKind localKind;
1598    
1599     mark = JS_ARENA_MARK(&xdr->cx->tempPool);
1600    
1601     /*
1602     * From this point the control must flow via the label release_mark.
1603     *
1604     * To xdr the names we prefix the names with a bitmap descriptor and
1605     * then xdr the names as strings. For argument names (indexes below
1606     * nargs) the corresponding bit in the bitmap is unset when the name
1607     * is null. Such null names are not encoded or decoded. For variable
1608     * names (indexes starting from nargs) bitmap's bit is set when the
1609     * name is declared as const, not as ordinary var.
1610     * */
1611 siliconforks 460 MUST_FLOW_THROUGH("release_mark");
1612 siliconforks 332 bitmapLength = JS_HOWMANY(n, JS_BITS_PER_UINT32);
1613     JS_ARENA_ALLOCATE_CAST(bitmap, uint32 *, &xdr->cx->tempPool,
1614     bitmapLength * sizeof *bitmap);
1615     if (!bitmap) {
1616     js_ReportOutOfScriptQuota(xdr->cx);
1617     ok = JS_FALSE;
1618     goto release_mark;
1619     }
1620     if (xdr->mode == JSXDR_ENCODE) {
1621     names = js_GetLocalNameArray(xdr->cx, fun, &xdr->cx->tempPool);
1622     if (!names) {
1623     ok = JS_FALSE;
1624     goto release_mark;
1625     }
1626     memset(bitmap, 0, bitmapLength * sizeof *bitmap);
1627     for (i = 0; i != n; ++i) {
1628     if (i < fun->nargs
1629     ? JS_LOCAL_NAME_TO_ATOM(names[i]) != NULL
1630     : JS_LOCAL_NAME_IS_CONST(names[i])) {
1631     bitmap[i >> JS_BITS_PER_UINT32_LOG2] |=
1632     JS_BIT(i & (JS_BITS_PER_UINT32 - 1));
1633     }
1634     }
1635     }
1636     #ifdef __GNUC__
1637     else {
1638     names = NULL; /* quell GCC uninitialized warning */
1639     }
1640     #endif
1641     for (i = 0; i != bitmapLength; ++i) {
1642     ok = JS_XDRUint32(xdr, &bitmap[i]);
1643     if (!ok)
1644     goto release_mark;
1645     }
1646     for (i = 0; i != n; ++i) {
1647     if (i < nargs &&
1648     !(bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1649     JS_BIT(i & (JS_BITS_PER_UINT32 - 1)))) {
1650     if (xdr->mode == JSXDR_DECODE) {
1651     ok = js_AddLocal(xdr->cx, fun, NULL, JSLOCAL_ARG);
1652     if (!ok)
1653     goto release_mark;
1654     } else {
1655     JS_ASSERT(!JS_LOCAL_NAME_TO_ATOM(names[i]));
1656     }
1657     continue;
1658     }
1659     if (xdr->mode == JSXDR_ENCODE)
1660     name = JS_LOCAL_NAME_TO_ATOM(names[i]);
1661     ok = js_XDRStringAtom(xdr, &name);
1662     if (!ok)
1663     goto release_mark;
1664     if (xdr->mode == JSXDR_DECODE) {
1665     localKind = (i < nargs)
1666     ? JSLOCAL_ARG
1667 siliconforks 460 : (i < nargs + nvars)
1668     ? (bitmap[i >> JS_BITS_PER_UINT32_LOG2] &
1669     JS_BIT(i & (JS_BITS_PER_UINT32 - 1))
1670     ? JSLOCAL_CONST
1671     : JSLOCAL_VAR)
1672     : JSLOCAL_UPVAR;
1673 siliconforks 332 ok = js_AddLocal(xdr->cx, fun, name, localKind);
1674     if (!ok)
1675     goto release_mark;
1676     }
1677     }
1678     ok = JS_TRUE;
1679    
1680     release_mark:
1681     JS_ARENA_RELEASE(&xdr->cx->tempPool, mark);
1682     if (!ok)
1683     goto out;
1684    
1685     if (xdr->mode == JSXDR_DECODE)
1686     js_FreezeLocalNames(cx, fun);
1687     }
1688    
1689     if (!js_XDRScript(xdr, &fun->u.i.script, NULL))
1690     goto bad;
1691    
1692     if (xdr->mode == JSXDR_DECODE) {
1693     *objp = FUN_OBJECT(fun);
1694     #ifdef CHECK_SCRIPT_OWNER
1695     fun->u.i.script->owner = NULL;
1696     #endif
1697     js_CallNewScriptHook(cx, fun->u.i.script, fun);
1698     }
1699    
1700     out:
1701     JS_POP_TEMP_ROOT(cx, &tvr);
1702     return ok;
1703    
1704     bad:
1705     ok = JS_FALSE;
1706     goto out;
1707     }
1708    
1709     #else /* !JS_HAS_XDR */
1710    
1711 siliconforks 460 #define js_XDRFunctionObject NULL
1712 siliconforks 332
1713     #endif /* !JS_HAS_XDR */
1714    
1715     /*
1716     * [[HasInstance]] internal method for Function objects: fetch the .prototype
1717     * property of its 'this' parameter, and walks the prototype chain of v (only
1718     * if v is an object) returning true if .prototype is found.
1719     */
1720     static JSBool
1721     fun_hasInstance(JSContext *cx, JSObject *obj, jsval v, JSBool *bp)
1722     {
1723     jsval pval;
1724 siliconforks 507 jsid id = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1725     if (!obj->getProperty(cx, id, &pval))
1726 siliconforks 332 return JS_FALSE;
1727    
1728     if (JSVAL_IS_PRIMITIVE(pval)) {
1729     /*
1730     * Throw a runtime error if instanceof is called on a function that
1731     * has a non-object as its .prototype value.
1732     */
1733     js_ReportValueError(cx, JSMSG_BAD_PROTOTYPE,
1734     -1, OBJECT_TO_JSVAL(obj), NULL);
1735     return JS_FALSE;
1736     }
1737    
1738     return js_IsDelegate(cx, JSVAL_TO_OBJECT(pval), v, bp);
1739     }
1740    
1741     static void
1742     TraceLocalNames(JSTracer *trc, JSFunction *fun);
1743    
1744     static void
1745     DestroyLocalNames(JSContext *cx, JSFunction *fun);
1746    
1747     static void
1748     fun_trace(JSTracer *trc, JSObject *obj)
1749     {
1750     /* A newborn function object may have a not yet initialized private slot. */
1751 siliconforks 507 JSFunction *fun = (JSFunction *) obj->getPrivate();
1752 siliconforks 332 if (!fun)
1753     return;
1754    
1755     if (FUN_OBJECT(fun) != obj) {
1756     /* obj is cloned function object, trace the original. */
1757     JS_CALL_TRACER(trc, FUN_OBJECT(fun), JSTRACE_OBJECT, "private");
1758     return;
1759     }
1760     if (fun->atom)
1761     JS_CALL_STRING_TRACER(trc, ATOM_TO_STRING(fun->atom), "atom");
1762     if (FUN_INTERPRETED(fun)) {
1763     if (fun->u.i.script)
1764     js_TraceScript(trc, fun->u.i.script);
1765     TraceLocalNames(trc, fun);
1766     }
1767     }
1768    
1769     static void
1770     fun_finalize(JSContext *cx, JSObject *obj)
1771     {
1772     /* Ignore newborn and cloned function objects. */
1773 siliconforks 507 JSFunction *fun = (JSFunction *) obj->getPrivate();
1774 siliconforks 332 if (!fun || FUN_OBJECT(fun) != obj)
1775     return;
1776    
1777     /*
1778     * Null-check of u.i.script is required since the parser sets interpreted
1779     * very early.
1780     */
1781     if (FUN_INTERPRETED(fun)) {
1782     if (fun->u.i.script)
1783     js_DestroyScript(cx, fun->u.i.script);
1784     DestroyLocalNames(cx, fun);
1785     }
1786     }
1787    
1788 siliconforks 507 uint32
1789     JSFunction::countInterpretedReservedSlots() const
1790     {
1791     JS_ASSERT(FUN_INTERPRETED(this));
1792    
1793     uint32 nslots = (u.i.nupvars == 0)
1794     ? 0
1795     : u.i.script->upvars()->length;
1796     if (u.i.script->regexpsOffset != 0)
1797     nslots += u.i.script->regexps()->length;
1798     return nslots;
1799     }
1800    
1801 siliconforks 332 static uint32
1802     fun_reserveSlots(JSContext *cx, JSObject *obj)
1803     {
1804     /*
1805 siliconforks 507 * We use getPrivate and not GET_FUNCTION_PRIVATE because during
1806 siliconforks 332 * js_InitFunctionClass invocation the function is called before the
1807     * private slot of the function object is set.
1808     */
1809 siliconforks 507 JSFunction *fun = (JSFunction *) obj->getPrivate();
1810     return (fun && FUN_INTERPRETED(fun))
1811     ? fun->countInterpretedReservedSlots()
1812     : 0;
1813 siliconforks 332 }
1814    
1815     /*
1816     * Reserve two slots in all function objects for XPConnect. Note that this
1817     * does not bloat every instance, only those on which reserved slots are set,
1818     * and those on which ad-hoc properties are defined.
1819     */
1820     JS_FRIEND_DATA(JSClass) js_FunctionClass = {
1821     js_Function_str,
1822     JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(2) |
1823     JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Function),
1824     JS_PropertyStub, JS_PropertyStub,
1825     JS_PropertyStub, JS_PropertyStub,
1826     fun_enumerate, (JSResolveOp)fun_resolve,
1827     fun_convert, fun_finalize,
1828     NULL, NULL,
1829     NULL, NULL,
1830 siliconforks 460 js_XDRFunctionObject, fun_hasInstance,
1831 siliconforks 332 JS_CLASS_TRACE(fun_trace), fun_reserveSlots
1832     };
1833    
1834     static JSBool
1835     fun_toStringHelper(JSContext *cx, uint32 indent, uintN argc, jsval *vp)
1836     {
1837     jsval fval;
1838     JSObject *obj;
1839     JSFunction *fun;
1840     JSString *str;
1841    
1842     fval = JS_THIS(cx, vp);
1843     if (JSVAL_IS_NULL(fval))
1844     return JS_FALSE;
1845    
1846     if (!VALUE_IS_FUNCTION(cx, fval)) {
1847     /*
1848     * If we don't have a function to start off with, try converting the
1849     * object to a function. If that doesn't work, complain.
1850     */
1851     if (!JSVAL_IS_PRIMITIVE(fval)) {
1852     obj = JSVAL_TO_OBJECT(fval);
1853     if (!OBJ_GET_CLASS(cx, obj)->convert(cx, obj, JSTYPE_FUNCTION,
1854     &fval)) {
1855     return JS_FALSE;
1856     }
1857     vp[1] = fval;
1858     }
1859     if (!VALUE_IS_FUNCTION(cx, fval)) {
1860     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1861     JSMSG_INCOMPATIBLE_PROTO,
1862     js_Function_str, js_toString_str,
1863     JS_GetTypeName(cx, JS_TypeOfValue(cx, fval)));
1864     return JS_FALSE;
1865     }
1866     }
1867    
1868     obj = JSVAL_TO_OBJECT(fval);
1869     if (argc != 0) {
1870     indent = js_ValueToECMAUint32(cx, &vp[2]);
1871     if (JSVAL_IS_NULL(vp[2]))
1872     return JS_FALSE;
1873     }
1874    
1875     JS_ASSERT(JS_ObjectIsFunction(cx, obj));
1876     fun = GET_FUNCTION_PRIVATE(cx, obj);
1877     if (!fun)
1878     return JS_TRUE;
1879     str = JS_DecompileFunction(cx, fun, (uintN)indent);
1880     if (!str)
1881     return JS_FALSE;
1882     *vp = STRING_TO_JSVAL(str);
1883     return JS_TRUE;
1884     }
1885    
1886     static JSBool
1887     fun_toString(JSContext *cx, uintN argc, jsval *vp)
1888     {
1889     return fun_toStringHelper(cx, 0, argc, vp);
1890     }
1891    
1892     #if JS_HAS_TOSOURCE
1893     static JSBool
1894     fun_toSource(JSContext *cx, uintN argc, jsval *vp)
1895     {
1896     return fun_toStringHelper(cx, JS_DONT_PRETTY_PRINT, argc, vp);
1897     }
1898     #endif
1899    
1900 siliconforks 507 JSBool
1901 siliconforks 399 js_fun_call(JSContext *cx, uintN argc, jsval *vp)
1902 siliconforks 332 {
1903     JSObject *obj;
1904     jsval fval, *argv, *invokevp;
1905     JSString *str;
1906     void *mark;
1907     JSBool ok;
1908    
1909 siliconforks 507 js_LeaveTrace(cx);
1910    
1911 siliconforks 332 obj = JS_THIS_OBJECT(cx, vp);
1912 siliconforks 507 if (!obj || !obj->defaultValue(cx, JSTYPE_FUNCTION, &vp[1]))
1913 siliconforks 332 return JS_FALSE;
1914     fval = vp[1];
1915    
1916     if (!VALUE_IS_FUNCTION(cx, fval)) {
1917     str = JS_ValueToString(cx, fval);
1918     if (str) {
1919     const char *bytes = js_GetStringBytes(cx, str);
1920    
1921     if (bytes) {
1922     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1923     JSMSG_INCOMPATIBLE_PROTO,
1924 siliconforks 399 js_Function_str, js_call_str,
1925 siliconforks 332 bytes);
1926     }
1927     }
1928     return JS_FALSE;
1929     }
1930    
1931     argv = vp + 2;
1932     if (argc == 0) {
1933     /* Call fun with its global object as the 'this' param if no args. */
1934     obj = NULL;
1935     } else {
1936     /* Otherwise convert the first arg to 'this' and skip over it. */
1937     if (!JSVAL_IS_PRIMITIVE(argv[0]))
1938     obj = JSVAL_TO_OBJECT(argv[0]);
1939     else if (!js_ValueToObject(cx, argv[0], &obj))
1940     return JS_FALSE;
1941     argc--;
1942     argv++;
1943     }
1944    
1945     /* Allocate stack space for fval, obj, and the args. */
1946     invokevp = js_AllocStack(cx, 2 + argc, &mark);
1947     if (!invokevp)
1948     return JS_FALSE;
1949    
1950     /* Push fval, obj, and the args. */
1951     invokevp[0] = fval;
1952     invokevp[1] = OBJECT_TO_JSVAL(obj);
1953     memcpy(invokevp + 2, argv, argc * sizeof *argv);
1954    
1955     ok = js_Invoke(cx, argc, invokevp, 0);
1956     *vp = *invokevp;
1957     js_FreeStack(cx, mark);
1958     return ok;
1959     }
1960    
1961 siliconforks 507 JSBool
1962 siliconforks 332 js_fun_apply(JSContext *cx, uintN argc, jsval *vp)
1963     {
1964     JSObject *obj, *aobj;
1965     jsval fval, *invokevp, *sp;
1966     JSString *str;
1967     jsuint length;
1968     JSBool arraylike, ok;
1969     void *mark;
1970     uintN i;
1971    
1972     if (argc == 0) {
1973     /* Will get globalObject as 'this' and no other arguments. */
1974 siliconforks 399 return js_fun_call(cx, argc, vp);
1975 siliconforks 332 }
1976    
1977 siliconforks 507 js_LeaveTrace(cx);
1978    
1979 siliconforks 332 obj = JS_THIS_OBJECT(cx, vp);
1980 siliconforks 507 if (!obj || !obj->defaultValue(cx, JSTYPE_FUNCTION, &vp[1]))
1981 siliconforks 332 return JS_FALSE;
1982     fval = vp[1];
1983    
1984     if (!VALUE_IS_FUNCTION(cx, fval)) {
1985     str = JS_ValueToString(cx, fval);
1986     if (str) {
1987     const char *bytes = js_GetStringBytes(cx, str);
1988    
1989     if (bytes) {
1990     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1991     JSMSG_INCOMPATIBLE_PROTO,
1992 siliconforks 399 js_Function_str, js_apply_str,
1993 siliconforks 332 bytes);
1994     }
1995     }
1996     return JS_FALSE;
1997     }
1998    
1999     /* Quell GCC overwarnings. */
2000     aobj = NULL;
2001     length = 0;
2002    
2003     if (argc >= 2) {
2004     /* If the 2nd arg is null or void, call the function with 0 args. */
2005     if (JSVAL_IS_NULL(vp[3]) || JSVAL_IS_VOID(vp[3])) {
2006     argc = 0;
2007     } else {
2008     /* The second arg must be an array (or arguments object). */
2009     arraylike = JS_FALSE;
2010     if (!JSVAL_IS_PRIMITIVE(vp[3])) {
2011     aobj = JSVAL_TO_OBJECT(vp[3]);
2012     if (!js_IsArrayLike(cx, aobj, &arraylike, &length))
2013     return JS_FALSE;
2014     }
2015     if (!arraylike) {
2016     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2017 siliconforks 399 JSMSG_BAD_APPLY_ARGS, js_apply_str);
2018 siliconforks 332 return JS_FALSE;
2019     }
2020     }
2021     }
2022    
2023     /* Convert the first arg to 'this' and skip over it. */
2024     if (!JSVAL_IS_PRIMITIVE(vp[2]))
2025     obj = JSVAL_TO_OBJECT(vp[2]);
2026     else if (!js_ValueToObject(cx, vp[2], &obj))
2027     return JS_FALSE;
2028    
2029     /* Allocate stack space for fval, obj, and the args. */
2030 siliconforks 507 argc = (uintN)JS_MIN(length, JS_ARGS_LENGTH_MAX);
2031 siliconforks 332 invokevp = js_AllocStack(cx, 2 + argc, &mark);
2032     if (!invokevp)
2033     return JS_FALSE;
2034    
2035     /* Push fval, obj, and aobj's elements as args. */
2036     sp = invokevp;
2037     *sp++ = fval;
2038     *sp++ = OBJECT_TO_JSVAL(obj);
2039     for (i = 0; i < argc; i++) {
2040     ok = JS_GetElement(cx, aobj, (jsint)i, sp);
2041     if (!ok)
2042     goto out;
2043     sp++;
2044     }
2045    
2046     ok = js_Invoke(cx, argc, invokevp, 0);
2047     *vp = *invokevp;
2048     out:
2049     js_FreeStack(cx, mark);
2050     return ok;
2051     }
2052    
2053     #ifdef NARCISSUS
2054 siliconforks 460 static JS_REQUIRES_STACK JSBool
2055 siliconforks 332 fun_applyConstructor(JSContext *cx, uintN argc, jsval *vp)
2056     {
2057     JSObject *aobj;
2058     uintN length, i;
2059     void *mark;
2060     jsval *invokevp, *sp;
2061     JSBool ok;
2062    
2063     if (JSVAL_IS_PRIMITIVE(vp[2]) ||
2064     (aobj = JSVAL_TO_OBJECT(vp[2]),
2065     OBJ_GET_CLASS(cx, aobj) != &js_ArrayClass &&
2066     OBJ_GET_CLASS(cx, aobj) != &js_ArgumentsClass)) {
2067     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2068     JSMSG_BAD_APPLY_ARGS, "__applyConstruct__");
2069     return JS_FALSE;
2070     }
2071    
2072     if (!js_GetLengthProperty(cx, aobj, &length))
2073     return JS_FALSE;
2074    
2075 siliconforks 507 if (length > JS_ARGS_LENGTH_MAX)
2076     length = JS_ARGS_LENGTH_MAX;
2077 siliconforks 332 invokevp = js_AllocStack(cx, 2 + length, &mark);
2078     if (!invokevp)
2079     return JS_FALSE;
2080    
2081     sp = invokevp;
2082     *sp++ = vp[1];
2083     *sp++ = JSVAL_NULL; /* this is filled automagically */
2084     for (i = 0; i < length; i++) {
2085     ok = JS_GetElement(cx, aobj, (jsint)i, sp);
2086     if (!ok)
2087     goto out;
2088     sp++;
2089     }
2090    
2091     ok = js_InvokeConstructor(cx, length, JS_TRUE, invokevp);
2092     *vp = *invokevp;
2093     out:
2094     js_FreeStack(cx, mark);
2095     return ok;
2096     }
2097     #endif
2098    
2099     static JSFunctionSpec function_methods[] = {
2100     #if JS_HAS_TOSOURCE
2101     JS_FN(js_toSource_str, fun_toSource, 0,0),
2102     #endif
2103     JS_FN(js_toString_str, fun_toString, 0,0),
2104 siliconforks 399 JS_FN(js_apply_str, js_fun_apply, 2,0),
2105     JS_FN(js_call_str, js_fun_call, 1,0),
2106 siliconforks 332 #ifdef NARCISSUS
2107 siliconforks 399 JS_FN("__applyConstructor__", fun_applyConstructor, 1,0),
2108 siliconforks 332 #endif
2109     JS_FS_END
2110     };
2111    
2112     static JSBool
2113     Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
2114     {
2115     JSFunction *fun;
2116     JSObject *parent;
2117 siliconforks 460 JSStackFrame *fp, *caller;
2118 siliconforks 332 uintN i, n, lineno;
2119     JSAtom *atom;
2120     const char *filename;
2121     JSBool ok;
2122     JSString *str, *arg;
2123 siliconforks 507 JSTokenStream ts(cx);
2124 siliconforks 332 JSPrincipals *principals;
2125     jschar *collected_args, *cp;
2126     void *mark;
2127     size_t arg_length, args_length, old_args_length;
2128     JSTokenType tt;
2129    
2130 siliconforks 460 if (!JS_IsConstructing(cx)) {
2131 siliconforks 507 obj = js_NewObject(cx, &js_FunctionClass, NULL, NULL);
2132 siliconforks 332 if (!obj)
2133     return JS_FALSE;
2134     *rval = OBJECT_TO_JSVAL(obj);
2135     } else {
2136     /*
2137     * The constructor is called before the private slot is initialized so
2138 siliconforks 507 * we must use getPrivate, not GET_FUNCTION_PRIVATE here.
2139 siliconforks 332 */
2140 siliconforks 507 if (obj->getPrivate())
2141 siliconforks 332 return JS_TRUE;
2142     }
2143    
2144     /*
2145     * NB: (new Function) is not lexically closed by its caller, it's just an
2146     * anonymous function in the top-level scope that its constructor inhabits.
2147     * Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42,
2148     * and so would a call to f from another top-level's script or function.
2149     *
2150     * In older versions, before call objects, a new Function was adopted by
2151     * its running context's globalObject, which might be different from the
2152     * top-level reachable from scopeChain (in HTML frames, e.g.).
2153     */
2154     parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(argv[-2]));
2155    
2156     fun = js_NewFunction(cx, obj, NULL, 0, JSFUN_LAMBDA | JSFUN_INTERPRETED,
2157     parent, cx->runtime->atomState.anonymousAtom);
2158    
2159     if (!fun)
2160     return JS_FALSE;
2161    
2162     /*
2163     * Function is static and not called directly by other functions in this
2164     * file, therefore it is callable only as a native function by js_Invoke.
2165     * Find the scripted caller, possibly skipping other native frames such as
2166     * are built for Function.prototype.call or .apply activations that invoke
2167     * Function indirectly from a script.
2168     */
2169 siliconforks 460 fp = js_GetTopStackFrame(cx);
2170 siliconforks 332 JS_ASSERT(!fp->script && fp->fun && fp->fun->u.n.native == Function);
2171 siliconforks 460 caller = js_GetScriptedCaller(cx, fp);
2172 siliconforks 332 if (caller) {
2173     principals = JS_EvalFramePrincipals(cx, fp, caller);
2174     filename = js_ComputeFilename(cx, caller, principals, &lineno);
2175     } else {
2176     filename = NULL;
2177     lineno = 0;
2178     principals = NULL;
2179     }
2180    
2181     /* Belt-and-braces: check that the caller has access to parent. */
2182     if (!js_CheckPrincipalsAccess(cx, parent, principals,
2183     CLASS_ATOM(cx, Function))) {
2184     return JS_FALSE;
2185     }
2186    
2187     n = argc ? argc - 1 : 0;
2188     if (n > 0) {
2189     enum { OK, BAD, BAD_FORMAL } state;
2190    
2191     /*
2192     * Collect the function-argument arguments into one string, separated
2193     * by commas, then make a tokenstream from that string, and scan it to
2194     * get the arguments. We need to throw the full scanner at the
2195     * problem, because the argument string can legitimately contain
2196     * comments and linefeeds. XXX It might be better to concatenate
2197     * everything up into a function definition and pass it to the
2198     * compiler, but doing it this way is less of a delta from the old
2199     * code. See ECMA 15.3.2.1.
2200     */
2201     state = BAD_FORMAL;
2202     args_length = 0;
2203     for (i = 0; i < n; i++) {
2204     /* Collect the lengths for all the function-argument arguments. */
2205     arg = js_ValueToString(cx, argv[i]);
2206     if (!arg)
2207     return JS_FALSE;
2208     argv[i] = STRING_TO_JSVAL(arg);
2209    
2210     /*
2211     * Check for overflow. The < test works because the maximum
2212     * JSString length fits in 2 fewer bits than size_t has.
2213     */
2214     old_args_length = args_length;
2215 siliconforks 507 args_length = old_args_length + arg->length();
2216 siliconforks 332 if (args_length < old_args_length) {
2217     js_ReportAllocationOverflow(cx);
2218     return JS_FALSE;
2219     }
2220     }
2221    
2222     /* Add 1 for each joining comma and check for overflow (two ways). */
2223     old_args_length = args_length;
2224     args_length = old_args_length + n - 1;
2225     if (args_length < old_args_length ||
2226     args_length >= ~(size_t)0 / sizeof(jschar)) {
2227     js_ReportAllocationOverflow(cx);
2228     return JS_FALSE;
2229     }
2230    
2231     /*
2232     * Allocate a string to hold the concatenated arguments, including room
2233     * for a terminating 0. Mark cx->tempPool for later release, to free
2234     * collected_args and its tokenstream in one swoop.
2235     */
2236     mark = JS_ARENA_MARK(&cx->tempPool);
2237     JS_ARENA_ALLOCATE_CAST(cp, jschar *, &cx->tempPool,
2238     (args_length+1) * sizeof(jschar));
2239     if (!cp) {
2240     js_ReportOutOfScriptQuota(cx);
2241     return JS_FALSE;
2242     }
2243     collected_args = cp;
2244    
2245     /*
2246     * Concatenate the arguments into the new string, separated by commas.
2247     */
2248     for (i = 0; i < n; i++) {
2249     arg = JSVAL_TO_STRING(argv[i]);
2250 siliconforks 507 arg_length = arg->length();
2251     (void) js_strncpy(cp, arg->chars(), arg_length);
2252 siliconforks 332 cp += arg_length;
2253    
2254     /* Add separating comma or terminating 0. */
2255     *cp++ = (i + 1 < n) ? ',' : 0;
2256     }
2257    
2258     /* Initialize a tokenstream that reads from the given string. */
2259 siliconforks 507 if (!ts.init(cx, collected_args, args_length, NULL, filename, lineno)) {
2260 siliconforks 332 JS_ARENA_RELEASE(&cx->tempPool, mark);
2261     return JS_FALSE;
2262     }
2263    
2264     /* The argument string may be empty or contain no tokens. */
2265     tt = js_GetToken(cx, &ts);
2266     if (tt != TOK_EOF) {
2267     for (;;) {
2268     /*
2269     * Check that it's a name. This also implicitly guards against
2270     * TOK_ERROR, which was already reported.
2271     */
2272     if (tt != TOK_NAME)
2273     goto after_args;
2274    
2275     /*
2276     * Get the atom corresponding to the name from the token
2277     * stream; we're assured at this point that it's a valid
2278     * identifier.
2279     */
2280     atom = CURRENT_TOKEN(&ts).t_atom;
2281    
2282     /* Check for a duplicate parameter name. */
2283     if (js_LookupLocal(cx, fun, atom, NULL) != JSLOCAL_NONE) {
2284     const char *name;
2285    
2286     name = js_AtomToPrintableString(cx, atom);
2287     ok = name &&
2288     js_ReportCompileErrorNumber(cx, &ts, NULL,
2289     JSREPORT_WARNING |
2290     JSREPORT_STRICT,
2291     JSMSG_DUPLICATE_FORMAL,
2292     name);
2293     if (!ok)
2294     goto after_args;
2295     }
2296     if (!js_AddLocal(cx, fun, atom, JSLOCAL_ARG))
2297     goto after_args;
2298    
2299     /*
2300     * Get the next token. Stop on end of stream. Otherwise
2301     * insist on a comma, get another name, and iterate.
2302     */
2303     tt = js_GetToken(cx, &ts);
2304     if (tt == TOK_EOF)
2305     break;
2306     if (tt != TOK_COMMA)
2307     goto after_args;
2308     tt = js_GetToken(cx, &ts);
2309     }
2310     }
2311    
2312     state = OK;
2313     after_args:
2314     if (state == BAD_FORMAL && !(ts.flags & TSF_ERROR)) {
2315     /*
2316     * Report "malformed formal parameter" iff no illegal char or
2317     * similar scanner error was already reported.
2318     */
2319     JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2320     JSMSG_BAD_FORMAL);
2321     }
2322 siliconforks 507 ts.close(cx);
2323 siliconforks 332 JS_ARENA_RELEASE(&cx->tempPool, mark);
2324     if (state != OK)
2325     return JS_FALSE;
2326     }
2327    
2328     if (argc) {
2329     str = js_ValueToString(cx, argv[argc-1]);
2330     if (!str)
2331     return JS_FALSE;
2332     argv[argc-1] = STRING_TO_JSVAL(str);
2333     } else {
2334     str = cx->runtime->emptyString;
2335     }
2336    
2337 siliconforks 460 return JSCompiler::compileFunctionBody(cx, fun, principals,
2338 siliconforks 507 str->chars(), str->length(),
2339 siliconforks 460 filename, lineno);
2340 siliconforks 332 }
2341    
2342     JSObject *
2343     js_InitFunctionClass(JSContext *cx, JSObject *obj)
2344     {
2345     JSObject *proto;
2346     JSFunction *fun;
2347    
2348     proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1,
2349     function_props, function_methods, NULL, NULL);
2350     if (!proto)
2351     return NULL;
2352     fun = js_NewFunction(cx, proto, NULL, 0, JSFUN_INTERPRETED, obj, NULL);
2353     if (!fun)
2354 siliconforks 507 return NULL;
2355 siliconforks 399 fun->u.i.script = js_NewScript(cx, 1, 1, 0, 0, 0, 0, 0);
2356 siliconforks 332 if (!fun->u.i.script)
2357 siliconforks 507 return NULL;
2358 siliconforks 332 fun->u.i.script->code[0] = JSOP_STOP;
2359 siliconforks 507 *fun->u.i.script->notes() = SRC_NULL;
2360 siliconforks 332 #ifdef CHECK_SCRIPT_OWNER
2361     fun->u.i.script->owner = NULL;
2362     #endif
2363     return proto;
2364     }
2365    
2366     JSFunction *
2367     js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
2368     uintN flags, JSObject *parent, JSAtom *atom)
2369     {
2370     JSFunction *fun;
2371    
2372     if (funobj) {
2373     JS_ASSERT(HAS_FUNCTION_CLASS(funobj));
2374     OBJ_SET_PARENT(cx, funobj, parent);
2375     } else {
2376 siliconforks 507 funobj = js_NewObject(cx, &js_FunctionClass, NULL, parent);
2377 siliconforks 332 if (!funobj)
2378     return NULL;
2379     }
2380 siliconforks 507 JS_ASSERT(!funobj->getPrivate());
2381 siliconforks 332 fun = (JSFunction *) funobj;
2382    
2383     /* Initialize all function members. */
2384     fun->nargs = nargs;
2385 siliconforks 507 fun->flags = flags & (JSFUN_FLAGS_MASK | JSFUN_KINDMASK | JSFUN_TRCINFO);
2386 siliconforks 460 if ((flags & JSFUN_KINDMASK) >= JSFUN_INTERPRETED) {
2387 siliconforks 332 JS_ASSERT(!native);
2388     JS_ASSERT(nargs == 0);
2389     fun->u.i.nvars = 0;
2390     fun->u.i.nupvars = 0;
2391 siliconforks 460 fun->u.i.skipmin = 0;
2392     fun->u.i.wrapper = false;
2393 siliconforks 332 fun->u.i.script = NULL;
2394     #ifdef DEBUG
2395     fun->u.i.names.taggedAtom = 0;
2396     #endif
2397     } else {
2398     fun->u.n.extra = 0;
2399     fun->u.n.spare = 0;
2400 siliconforks 460 fun->u.n.clasp = NULL;
2401 siliconforks 507 if (flags & JSFUN_TRCINFO) {
2402 siliconforks 399 #ifdef JS_TRACER
2403 siliconforks 507 JSNativeTraceInfo *trcinfo =
2404     JS_FUNC_TO_DATA_PTR(JSNativeTraceInfo *, native);
2405 siliconforks 399 fun->u.n.native = (JSNative) trcinfo->native;
2406 siliconforks 460 fun->u.n.trcinfo = trcinfo;
2407 siliconforks 399 #else
2408 siliconforks 460 fun->u.n.trcinfo = NULL;
2409 siliconforks 399 #endif
2410     } else {
2411     fun->u.n.native = native;
2412 siliconforks 460 fun->u.n.trcinfo = NULL;
2413 siliconforks 399 }
2414 siliconforks 460 JS_ASSERT(fun->u.n.native);
2415 siliconforks 332 }
2416     fun->atom = atom;
2417    
2418     /* Set private to self to indicate non-cloned fully initialized function. */
2419 siliconforks 507 FUN_OBJECT(fun)->setPrivate(fun);
2420 siliconforks 332 return fun;
2421     }
2422    
2423     JSObject *
2424     js_CloneFunctionObject(JSContext *cx, JSFunction *fun, JSObject *parent)
2425     {
2426     /*
2427 siliconforks 460 * The cloned function object does not need the extra JSFunction members
2428     * beyond JSObject as it points to fun via the private slot.
2429 siliconforks 332 */
2430 siliconforks 507 JSObject *clone = js_NewObject(cx, &js_FunctionClass, NULL, parent, sizeof(JSObject));
2431 siliconforks 332 if (!clone)
2432     return NULL;
2433 siliconforks 507 clone->setPrivate(fun);
2434 siliconforks 332 return clone;
2435     }
2436    
2437 siliconforks 507 /*
2438     * Create a new flat closure, but don't initialize the imported upvar
2439     * values. The tracer calls this function and then initializes the upvar
2440     * slots on trace.
2441     */
2442     JSObject * JS_FASTCALL
2443     js_AllocFlatClosure(JSContext *cx, JSFunction *fun, JSObject *scopeChain)
2444 siliconforks 460 {
2445     JS_ASSERT(FUN_FLAT_CLOSURE(fun));
2446 siliconforks 507 JS_ASSERT((fun->u.i.script->upvarsOffset
2447     ? fun->u.i.script->upvars()->length
2448     : 0) == fun->u.i.nupvars);
2449 siliconforks 460
2450 siliconforks 507 JSObject *closure = js_CloneFunctionObject(cx, fun, scopeChain);
2451     if (!closure)
2452 siliconforks 460 return closure;
2453    
2454 siliconforks 507 uint32 nslots = fun->countInterpretedReservedSlots();
2455     if (!nslots)
2456     return closure;
2457     if (!js_EnsureReservedSlots(cx, closure, nslots))
2458 siliconforks 460 return NULL;
2459    
2460 siliconforks 507 return closure;
2461     }
2462    
2463     JS_DEFINE_CALLINFO_3(extern, OBJECT, js_AllocFlatClosure,
2464     CONTEXT, FUNCTION, OBJECT, 0, 0)
2465    
2466     JSObject *
2467     js_NewFlatClosure(JSContext *cx, JSFunction *fun)
2468     {
2469     JSObject *closure = js_AllocFlatClosure(cx, fun, cx->fp->scopeChain);
2470     if (!closure || fun->u.i.nupvars == 0)
2471