The Tor Browser: js/src/jsscript.cpp@6474c204b198 (annotated)

js/src/jsscript.cpp@6474c204b198 (annotated)

js/src/jsscript.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * JS script operations.
  */
 #include "jsscriptinlines.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/MathAlgorithms.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/PodOperations.h"
 #include <string.h>
 #include "jsapi.h"
 #include "jsatom.h"
 #include "jscntxt.h"
 #include "jsfun.h"
 #include "jsgc.h"
 #include "jsobj.h"
 #include "jsopcode.h"
 #include "jsprf.h"
 #include "jstypes.h"
 #include "jsutil.h"
 #include "jswrapper.h"
 #include "frontend/BytecodeCompiler.h"
 #include "frontend/BytecodeEmitter.h"
 #include "frontend/SharedContext.h"
 #include "gc/Marking.h"
 #include "jit/BaselineJIT.h"
 #include "jit/IonCode.h"
 #include "js/MemoryMetrics.h"
 #include "js/OldDebugAPI.h"
 #include "js/Utility.h"
 #include "vm/ArgumentsObject.h"
 #include "vm/Compression.h"
 #include "vm/Debugger.h"
 #include "vm/Opcodes.h"
 #include "vm/SelfHosting.h"
 #include "vm/Shape.h"
 #include "vm/Xdr.h"
 #include "jsfuninlines.h"
 #include "jsinferinlines.h"
 #include "jsobjinlines.h"
 #include "vm/ScopeObject-inl.h"
 #include "vm/Stack-inl.h"
 using namespace js;
 using namespace js::gc;
 using namespace js::frontend;
 using mozilla::PodCopy;
 using mozilla::PodZero;
 using mozilla::RotateLeft;
 typedef Rooted<GlobalObject *> RootedGlobalObject;
 /* static */ uint32_t
 Bindings::argumentsVarIndex(ExclusiveContext *cx, InternalBindingsHandle bindings)
 {
     HandlePropertyName arguments = cx->names().arguments;
     BindingIter bi(bindings);
     while (bi->name() != arguments)
         bi++;
     return bi.frameIndex();
 }
 bool
 Bindings::initWithTemporaryStorage(ExclusiveContext *cx, InternalBindingsHandle self,
                                    unsigned numArgs, uint32_t numVars,
                                    Binding *bindingArray, uint32_t numBlockScoped)
 {
     JS_ASSERT(!self->callObjShape_);
     JS_ASSERT(self->bindingArrayAndFlag_ == TEMPORARY_STORAGE_BIT);
     JS_ASSERT(!(uintptr_t(bindingArray) & TEMPORARY_STORAGE_BIT));
     JS_ASSERT(numArgs <= ARGC_LIMIT);
     JS_ASSERT(numVars <= LOCALNO_LIMIT);
     JS_ASSERT(numBlockScoped <= LOCALNO_LIMIT);
     JS_ASSERT(numVars <= LOCALNO_LIMIT - numBlockScoped);
     JS_ASSERT(UINT32_MAX - numArgs >= numVars + numBlockScoped);
     self->bindingArrayAndFlag_ = uintptr_t(bindingArray) | TEMPORARY_STORAGE_BIT;
     self->numArgs_ = numArgs;
     self->numVars_ = numVars;
     self->numBlockScoped_ = numBlockScoped;
     // Get the initial shape to use when creating CallObjects for this script.
     // After creation, a CallObject's shape may change completely (via direct eval() or
     // other operations that mutate the lexical scope). However, since the
     // lexical bindings added to the initial shape are permanent and the
     // allocKind/nfixed of a CallObject cannot change, one may assume that the
     // slot location (whether in the fixed or dynamic slots) of a variable is
     // the same as in the initial shape. (This is assumed by the interpreter and
     // JITs when interpreting/compiling aliasedvar ops.)
     // Since unaliased variables are, by definition, only accessed by local
     // operations and never through the scope chain, only give shapes to
     // aliased variables. While the debugger may observe any scope object at
     // any time, such accesses are mediated by DebugScopeProxy (see
     // DebugScopeProxy::handleUnaliasedAccess).
     uint32_t nslots = CallObject::RESERVED_SLOTS;
     for (BindingIter bi(self); bi; bi++) {
         if (bi->aliased())
             nslots++;
     }
     // Put as many of nslots inline into the object header as possible.
     uint32_t nfixed = gc::GetGCKindSlots(gc::GetGCObjectKind(nslots));
     // Start with the empty shape and then append one shape per aliased binding.
     RootedShape shape(cx,
         EmptyShape::getInitialShape(cx, &CallObject::class_, nullptr, nullptr, nullptr,
                                     nfixed, BaseShape::VAROBJ | BaseShape::DELEGATE));
     if (!shape)
         return false;
 #ifdef DEBUG
     HashSet<PropertyName *> added(cx);
     if (!added.init())
         return false;
 #endif
     uint32_t slot = CallObject::RESERVED_SLOTS;
     for (BindingIter bi(self); bi; bi++) {
         if (!bi->aliased())
             continue;
 #ifdef DEBUG
         // The caller ensures no duplicate aliased names.
         JS_ASSERT(!added.has(bi->name()));
         if (!added.put(bi->name()))
             return false;
 #endif
         StackBaseShape stackBase(cx, &CallObject::class_, nullptr, nullptr,
                                  BaseShape::VAROBJ | BaseShape::DELEGATE);
         UnownedBaseShape *base = BaseShape::getUnowned(cx, stackBase);
         if (!base)
             return false;
         unsigned attrs = JSPROP_PERMANENT |
                          JSPROP_ENUMERATE |
                          (bi->kind() == Binding::CONSTANT ? JSPROP_READONLY : 0);
         StackShape child(base, NameToId(bi->name()), slot, attrs, 0);
         shape = cx->compartment()->propertyTree.getChild(cx, shape, child);
         if (!shape)
             return false;
         JS_ASSERT(slot < nslots);
         slot++;
     }
     JS_ASSERT(slot == nslots);
     JS_ASSERT(!shape->inDictionary());
     self->callObjShape_.init(shape);
     return true;
 }
 uint8_t *
 Bindings::switchToScriptStorage(Binding *newBindingArray)
 {
     JS_ASSERT(bindingArrayUsingTemporaryStorage());
     JS_ASSERT(!(uintptr_t(newBindingArray) & TEMPORARY_STORAGE_BIT));
     if (count() > 0)
         PodCopy(newBindingArray, bindingArray(), count());
     bindingArrayAndFlag_ = uintptr_t(newBindingArray);
     return reinterpret_cast<uint8_t *>(newBindingArray + count());
 }
 bool
 Bindings::clone(JSContext *cx, InternalBindingsHandle self,
                 uint8_t *dstScriptData, HandleScript srcScript)
 {
     /* The clone has the same bindingArray_ offset as 'src'. */
     Bindings &src = srcScript->bindings;
     ptrdiff_t off = (uint8_t *)src.bindingArray() - srcScript->data;
     JS_ASSERT(off >= 0);
     JS_ASSERT(size_t(off) <= srcScript->dataSize());
     Binding *dstPackedBindings = (Binding *)(dstScriptData + off);
     /*
      * Since atoms are shareable throughout the runtime, we can simply copy
      * the source's bindingArray directly.
      */
     if (!initWithTemporaryStorage(cx, self, src.numArgs(), src.numVars(), src.bindingArray(),
                                   src.numBlockScoped()))
         return false;
     self->switchToScriptStorage(dstPackedBindings);
     return true;
 }
 /* static */ Bindings
 GCMethods<Bindings>::initial()
 {
     return Bindings();
 }
 template<XDRMode mode>
 static bool
 XDRScriptBindings(XDRState<mode> *xdr, LifoAllocScope &las, unsigned numArgs, uint32_t numVars,
                   HandleScript script, unsigned numBlockScoped)
 {
     JSContext *cx = xdr->cx();
     if (mode == XDR_ENCODE) {
         for (BindingIter bi(script); bi; bi++) {
             RootedAtom atom(cx, bi->name());
             if (!XDRAtom(xdr, &atom))
                 return false;
         }
         for (BindingIter bi(script); bi; bi++) {
             uint8_t u8 = (uint8_t(bi->kind()) << 1) | uint8_t(bi->aliased());
             if (!xdr->codeUint8(&u8))
                 return false;
         }
     } else {
         uint32_t nameCount = numArgs + numVars;
         AutoValueVector atoms(cx);
         if (!atoms.resize(nameCount))
             return false;
         for (uint32_t i = 0; i < nameCount; i++) {
             RootedAtom atom(cx);
             if (!XDRAtom(xdr, &atom))
                 return false;
             atoms[i] = StringValue(atom);
         }
         Binding *bindingArray = las.alloc().newArrayUninitialized<Binding>(nameCount);
         if (!bindingArray)
             return false;
         for (uint32_t i = 0; i < nameCount; i++) {
             uint8_t u8;
             if (!xdr->codeUint8(&u8))
                 return false;
             PropertyName *name = atoms[i].toString()->asAtom().asPropertyName();
             Binding::Kind kind = Binding::Kind(u8 >> 1);
             bool aliased = bool(u8 & 1);
             bindingArray[i] = Binding(name, kind, aliased);
         }
         InternalBindingsHandle bindings(script, &script->bindings);
         if (!Bindings::initWithTemporaryStorage(cx, bindings, numArgs, numVars, bindingArray,
                                                 numBlockScoped))
             return false;
     }
     return true;
 }
 bool
 Bindings::bindingIsAliased(uint32_t bindingIndex)
 {
     JS_ASSERT(bindingIndex < count());
     return bindingArray()[bindingIndex].aliased();
 }
 void
 Bindings::trace(JSTracer *trc)
 {
     if (callObjShape_)
         MarkShape(trc, &callObjShape_, "callObjShape");
     /*
      * As the comment in Bindings explains, bindingsArray may point into freed
      * storage when bindingArrayUsingTemporaryStorage so we don't mark it.
      * Note: during compilation, atoms are already kept alive by gcKeepAtoms.
      */
     if (bindingArrayUsingTemporaryStorage())
         return;
     for (Binding *b = bindingArray(), *end = b + count(); b != end; b++) {
         PropertyName *name = b->name();
         MarkStringUnbarriered(trc, &name, "bindingArray");
     }
 }
 bool
 js::FillBindingVector(HandleScript fromScript, BindingVector *vec)
 {
     for (BindingIter bi(fromScript); bi; bi++) {
         if (!vec->append(*bi))
             return false;
     }
     return true;
 }
 template<XDRMode mode>
 bool
 js::XDRScriptConst(XDRState<mode> *xdr, MutableHandleValue vp)
 {
     JSContext *cx = xdr->cx();
     /*
      * A script constant can be an arbitrary primitive value as they are used
      * to implement JSOP_LOOKUPSWITCH. But they cannot be objects, see
      * bug 407186.
      */
     enum ConstTag {
         SCRIPT_INT     = 0,
         SCRIPT_DOUBLE  = 1,
         SCRIPT_ATOM    = 2,
         SCRIPT_TRUE    = 3,
         SCRIPT_FALSE   = 4,
         SCRIPT_NULL    = 5,
         SCRIPT_OBJECT  = 6,
         SCRIPT_VOID    = 7,
         SCRIPT_HOLE    = 8
     };
     uint32_t tag;
     if (mode == XDR_ENCODE) {
         if (vp.isInt32()) {
             tag = SCRIPT_INT;
         } else if (vp.isDouble()) {
             tag = SCRIPT_DOUBLE;
         } else if (vp.isString()) {
             tag = SCRIPT_ATOM;
         } else if (vp.isTrue()) {
             tag = SCRIPT_TRUE;
         } else if (vp.isFalse()) {
             tag = SCRIPT_FALSE;
         } else if (vp.isNull()) {
             tag = SCRIPT_NULL;
         } else if (vp.isObject()) {
             tag = SCRIPT_OBJECT;
         } else if (vp.isMagic(JS_ELEMENTS_HOLE)) {
             tag = SCRIPT_HOLE;
         } else {
             JS_ASSERT(vp.isUndefined());
             tag = SCRIPT_VOID;
         }
     }
     if (!xdr->codeUint32(&tag))
         return false;
     switch (tag) {
       case SCRIPT_INT: {
         uint32_t i;
         if (mode == XDR_ENCODE)
             i = uint32_t(vp.toInt32());
         if (!xdr->codeUint32(&i))
             return false;
         if (mode == XDR_DECODE)
             vp.set(Int32Value(int32_t(i)));
         break;
       }
       case SCRIPT_DOUBLE: {
         double d;
         if (mode == XDR_ENCODE)
             d = vp.toDouble();
         if (!xdr->codeDouble(&d))
             return false;
         if (mode == XDR_DECODE)
             vp.set(DoubleValue(d));
         break;
       }
       case SCRIPT_ATOM: {
         RootedAtom atom(cx);
         if (mode == XDR_ENCODE)
             atom = &vp.toString()->asAtom();
         if (!XDRAtom(xdr, &atom))
             return false;
         if (mode == XDR_DECODE)
             vp.set(StringValue(atom));
         break;
       }
       case SCRIPT_TRUE:
         if (mode == XDR_DECODE)
             vp.set(BooleanValue(true));
         break;
       case SCRIPT_FALSE:
         if (mode == XDR_DECODE)
             vp.set(BooleanValue(false));
         break;
       case SCRIPT_NULL:
         if (mode == XDR_DECODE)
             vp.set(NullValue());
         break;
       case SCRIPT_OBJECT: {
         RootedObject obj(cx);
         if (mode == XDR_ENCODE)
             obj = &vp.toObject();
         if (!XDRObjectLiteral(xdr, &obj))
             return false;
         if (mode == XDR_DECODE)
             vp.setObject(*obj);
         break;
       }
       case SCRIPT_VOID:
         if (mode == XDR_DECODE)
             vp.set(UndefinedValue());
         break;
       case SCRIPT_HOLE:
         if (mode == XDR_DECODE)
             vp.setMagic(JS_ELEMENTS_HOLE);
         break;
     }
     return true;
 }
 template bool
 js::XDRScriptConst(XDRState<XDR_ENCODE> *, MutableHandleValue);
 template bool
 js::XDRScriptConst(XDRState<XDR_DECODE> *, MutableHandleValue);
 // Code LazyScript's free variables.
 template<XDRMode mode>
 static bool
 XDRLazyFreeVariables(XDRState<mode> *xdr, MutableHandle<LazyScript *> lazy)
 {
     JSContext *cx = xdr->cx();
     RootedAtom atom(cx);
     HeapPtrAtom *freeVariables = lazy->freeVariables();
     size_t numFreeVariables = lazy->numFreeVariables();
     for (size_t i = 0; i < numFreeVariables; i++) {
         if (mode == XDR_ENCODE)
             atom = freeVariables[i];
         if (!XDRAtom(xdr, &atom))
             return false;
         if (mode == XDR_DECODE)
             freeVariables[i] = atom;
     }
     return true;
 }
 // Code the missing part needed to re-create a LazyScript from a JSScript.
 template<XDRMode mode>
 static bool
 XDRRelazificationInfo(XDRState<mode> *xdr, HandleFunction fun, HandleScript script,
                       MutableHandle<LazyScript *> lazy)
 {
     MOZ_ASSERT_IF(mode == XDR_ENCODE, script->isRelazifiable() && script->maybeLazyScript());
     MOZ_ASSERT_IF(mode == XDR_ENCODE, !lazy->numInnerFunctions());
     JSContext *cx = xdr->cx();
     uint64_t packedFields;
     {
         uint32_t begin = script->sourceStart();
         uint32_t end = script->sourceEnd();
         uint32_t lineno = script->lineno();
         uint32_t column = script->column();
         if (mode == XDR_ENCODE) {
             packedFields = lazy->packedFields();
             MOZ_ASSERT(begin == lazy->begin());
             MOZ_ASSERT(end == lazy->end());
             MOZ_ASSERT(lineno == lazy->lineno());
             MOZ_ASSERT(column == lazy->column());
         }
         if (!xdr->codeUint64(&packedFields))
             return false;
         if (mode == XDR_DECODE) {
             lazy.set(LazyScript::Create(cx, fun, packedFields, begin, end, lineno, column));
             // As opposed to XDRLazyScript, we need to restore the runtime bits
             // of the script, as we are trying to match the fact this function
             // has already been parsed and that it would need to be re-lazified.
             lazy->initRuntimeFields(packedFields);
         }
     }
     // Code free variables.
     if (!XDRLazyFreeVariables(xdr, lazy))
         return false;
     return true;
 }
 static inline uint32_t
 FindScopeObjectIndex(JSScript *script, NestedScopeObject &scope)
 {
     ObjectArray *objects = script->objects();
     HeapPtrObject *vector = objects->vector;
     unsigned length = objects->length;
     for (unsigned i = 0; i < length; ++i) {
         if (vector[i] == &scope)
             return i;
     }
     MOZ_ASSUME_UNREACHABLE("Scope not found");
 }
 static bool
 SaveSharedScriptData(ExclusiveContext *, Handle<JSScript *>, SharedScriptData *, uint32_t);
 enum XDRClassKind {
     CK_BlockObject = 0,
     CK_WithObject  = 1,
     CK_JSFunction  = 2,
     CK_JSObject    = 3
 };
 template<XDRMode mode>
 bool
 js::XDRScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enclosingScript,
               HandleFunction fun, MutableHandleScript scriptp)
 {
     /* NB: Keep this in sync with CloneScript. */
     enum ScriptBits {
         NoScriptRval,
         SavedCallerFun,
         Strict,
         ContainsDynamicNameAccess,
         FunHasExtensibleScope,
         FunNeedsDeclEnvObject,
         FunHasAnyAliasedFormal,
         ArgumentsHasVarBinding,
         NeedsArgsObj,
         IsGeneratorExp,
         IsLegacyGenerator,
         IsStarGenerator,
         OwnSource,
         ExplicitUseStrict,
         SelfHosted,
         IsCompileAndGo,
         HasSingleton,
         TreatAsRunOnce,
         HasLazyScript
     };
     uint32_t length, lineno, column, nslots, staticLevel;
     uint32_t natoms, nsrcnotes, i;
     uint32_t nconsts, nobjects, nregexps, ntrynotes, nblockscopes;
     uint32_t prologLength, version;
     uint32_t funLength = 0;
     uint32_t nTypeSets = 0;
     uint32_t scriptBits = 0;
     JSContext *cx = xdr->cx();
     RootedScript script(cx);
     natoms = nsrcnotes = 0;
     nconsts = nobjects = nregexps = ntrynotes = nblockscopes = 0;
     /* XDR arguments and vars. */
     uint16_t nargs = 0;
     uint16_t nblocklocals = 0;
     uint32_t nvars = 0;
     if (mode == XDR_ENCODE) {
         script = scriptp.get();
         JS_ASSERT_IF(enclosingScript, enclosingScript->compartment() == script->compartment());
         nargs = script->bindings.numArgs();
         nblocklocals = script->bindings.numBlockScoped();
         nvars = script->bindings.numVars();
     }
     if (!xdr->codeUint16(&nargs))
         return false;
     if (!xdr->codeUint16(&nblocklocals))
         return false;
     if (!xdr->codeUint32(&nvars))
         return false;
     if (mode == XDR_ENCODE)
         length = script->length();
     if (!xdr->codeUint32(&length))
         return false;
     if (mode == XDR_ENCODE) {
         prologLength = script->mainOffset();
         JS_ASSERT(script->getVersion() != JSVERSION_UNKNOWN);
         version = script->getVersion();
         lineno = script->lineno();
         column = script->column();
         nslots = script->nslots();
         staticLevel = script->staticLevel();
         natoms = script->natoms();
         nsrcnotes = script->numNotes();
         if (script->hasConsts())
             nconsts = script->consts()->length;
         if (script->hasObjects())
             nobjects = script->objects()->length;
         if (script->hasRegexps())
             nregexps = script->regexps()->length;
         if (script->hasTrynotes())
             ntrynotes = script->trynotes()->length;
         if (script->hasBlockScopes())
             nblockscopes = script->blockScopes()->length;
         nTypeSets = script->nTypeSets();
         funLength = script->funLength();
         if (script->noScriptRval())
             scriptBits |= (1 << NoScriptRval);
         if (script->savedCallerFun())
             scriptBits |= (1 << SavedCallerFun);
         if (script->strict())
             scriptBits |= (1 << Strict);
         if (script->explicitUseStrict())
             scriptBits |= (1 << ExplicitUseStrict);
         if (script->selfHosted())
             scriptBits |= (1 << SelfHosted);
         if (script->bindingsAccessedDynamically())
             scriptBits |= (1 << ContainsDynamicNameAccess);
         if (script->funHasExtensibleScope())
             scriptBits |= (1 << FunHasExtensibleScope);
         if (script->funNeedsDeclEnvObject())
             scriptBits |= (1 << FunNeedsDeclEnvObject);
         if (script->funHasAnyAliasedFormal())
             scriptBits |= (1 << FunHasAnyAliasedFormal);
         if (script->argumentsHasVarBinding())
             scriptBits |= (1 << ArgumentsHasVarBinding);
         if (script->analyzedArgsUsage() && script->needsArgsObj())
             scriptBits |= (1 << NeedsArgsObj);
         if (!enclosingScript || enclosingScript->scriptSource() != script->scriptSource())
             scriptBits |= (1 << OwnSource);
         if (script->isGeneratorExp())
             scriptBits |= (1 << IsGeneratorExp);
         if (script->isLegacyGenerator())
             scriptBits |= (1 << IsLegacyGenerator);
         if (script->isStarGenerator())
             scriptBits |= (1 << IsStarGenerator);
         if (script->compileAndGo())
             scriptBits |= (1 << IsCompileAndGo);
         if (script->hasSingletons())
             scriptBits |= (1 << HasSingleton);
         if (script->treatAsRunOnce())
             scriptBits |= (1 << TreatAsRunOnce);
         if (script->isRelazifiable())
             scriptBits |= (1 << HasLazyScript);
     }
     if (!xdr->codeUint32(&prologLength))
         return false;
     if (!xdr->codeUint32(&version))
         return false;
     // To fuse allocations, we need lengths of all embedded arrays early.
     if (!xdr->codeUint32(&natoms))
         return false;
     if (!xdr->codeUint32(&nsrcnotes))
         return false;
     if (!xdr->codeUint32(&nconsts))
         return false;
     if (!xdr->codeUint32(&nobjects))
         return false;
     if (!xdr->codeUint32(&nregexps))
         return false;
     if (!xdr->codeUint32(&ntrynotes))
         return false;
     if (!xdr->codeUint32(&nblockscopes))
         return false;
     if (!xdr->codeUint32(&nTypeSets))
         return false;
     if (!xdr->codeUint32(&funLength))
         return false;
     if (!xdr->codeUint32(&scriptBits))
         return false;
     if (mode == XDR_DECODE) {
         JSVersion version_ = JSVersion(version);
         JS_ASSERT((version_ & VersionFlags::MASK) == unsigned(version_));
         // staticLevel is set below.
         CompileOptions options(cx);
         options.setVersion(version_)
                .setNoScriptRval(!!(scriptBits & (1 << NoScriptRval)))
                .setSelfHostingMode(!!(scriptBits & (1 << SelfHosted)));
         RootedScriptSource sourceObject(cx);
         if (scriptBits & (1 << OwnSource)) {
             ScriptSource *ss = cx->new_<ScriptSource>();
             if (!ss)
                 return false;
             ScriptSourceHolder ssHolder(ss);
             /*
              * We use this CompileOptions only to initialize the
              * ScriptSourceObject. Most CompileOptions fields aren't used by
              * ScriptSourceObject, and those that are (element; elementAttributeName)
              * aren't preserved by XDR. So this can be simple.
              */
             CompileOptions options(cx);
             options.setOriginPrincipals(xdr->originPrincipals());
             ss->initFromOptions(cx, options);
             sourceObject = ScriptSourceObject::create(cx, ss, options);
             if (!sourceObject)
                 return false;
         } else {
             JS_ASSERT(enclosingScript);
             // When decoding, all the scripts and the script source object
             // are in the same compartment, so the script's source object
             // should never be a cross-compartment wrapper.
             JS_ASSERT(enclosingScript->sourceObject()->is<ScriptSourceObject>());
             sourceObject = &enclosingScript->sourceObject()->as<ScriptSourceObject>();
         }
         script = JSScript::Create(cx, enclosingScope, !!(scriptBits & (1 << SavedCallerFun)),
                                   options, /* staticLevel = */ 0, sourceObject, 0, 0);
         if (!script)
             return false;
     }
     /* JSScript::partiallyInit assumes script->bindings is fully initialized. */
     LifoAllocScope las(&cx->tempLifoAlloc());
     if (!XDRScriptBindings(xdr, las, nargs, nvars, script, nblocklocals))
         return false;
     if (mode == XDR_DECODE) {
         if (!JSScript::partiallyInit(cx, script, nconsts, nobjects, nregexps, ntrynotes,
                                      nblockscopes, nTypeSets))
         {
             return false;
         }
         JS_ASSERT(!script->mainOffset());
         script->mainOffset_ = prologLength;
         script->setLength(length);
         script->funLength_ = funLength;
         scriptp.set(script);
         if (scriptBits & (1 << Strict))
             script->strict_ = true;
         if (scriptBits & (1 << ExplicitUseStrict))
             script->explicitUseStrict_ = true;
         if (scriptBits & (1 << ContainsDynamicNameAccess))
             script->bindingsAccessedDynamically_ = true;
         if (scriptBits & (1 << FunHasExtensibleScope))
             script->funHasExtensibleScope_ = true;
         if (scriptBits & (1 << FunNeedsDeclEnvObject))
             script->funNeedsDeclEnvObject_ = true;
         if (scriptBits & (1 << FunHasAnyAliasedFormal))
             script->funHasAnyAliasedFormal_ = true;
         if (scriptBits & (1 << ArgumentsHasVarBinding))
             script->setArgumentsHasVarBinding();
         if (scriptBits & (1 << NeedsArgsObj))
             script->setNeedsArgsObj(true);
         if (scriptBits & (1 << IsGeneratorExp))
             script->isGeneratorExp_ = true;
         if (scriptBits & (1 << IsCompileAndGo))
             script->compileAndGo_ = true;
         if (scriptBits & (1 << HasSingleton))
             script->hasSingletons_ = true;
         if (scriptBits & (1 << TreatAsRunOnce))
             script->treatAsRunOnce_ = true;
         if (scriptBits & (1 << IsLegacyGenerator)) {
             JS_ASSERT(!(scriptBits & (1 << IsStarGenerator)));
             script->setGeneratorKind(LegacyGenerator);
         } else if (scriptBits & (1 << IsStarGenerator))
             script->setGeneratorKind(StarGenerator);
     }
     JS_STATIC_ASSERT(sizeof(jsbytecode) == 1);
     JS_STATIC_ASSERT(sizeof(jssrcnote) == 1);
     if (scriptBits & (1 << OwnSource)) {
         if (!script->scriptSource()->performXDR<mode>(xdr))
             return false;
     }
     if (!xdr->codeUint32(&script->sourceStart_))
         return false;
     if (!xdr->codeUint32(&script->sourceEnd_))
         return false;
     if (!xdr->codeUint32(&lineno) ||
         !xdr->codeUint32(&column) ||
         !xdr->codeUint32(&nslots) ||
         !xdr->codeUint32(&staticLevel))
     {
         return false;
     }
     if (mode == XDR_DECODE) {
         script->lineno_ = lineno;
         script->column_ = column;
         script->nslots_ = nslots;
         script->staticLevel_ = staticLevel;
     }
     jsbytecode *code = script->code();
     SharedScriptData *ssd;
     if (mode == XDR_DECODE) {
         ssd = SharedScriptData::new_(cx, length, nsrcnotes, natoms);
         if (!ssd)
             return false;
         code = ssd->data;
         if (natoms != 0) {
             script->natoms_ = natoms;
             script->atoms = ssd->atoms();
         }
     }
     if (!xdr->codeBytes(code, length) || !xdr->codeBytes(code + length, nsrcnotes)) {
         if (mode == XDR_DECODE)
             js_free(ssd);
         return false;
     }
     for (i = 0; i != natoms; ++i) {
         if (mode == XDR_DECODE) {
             RootedAtom tmp(cx);
             if (!XDRAtom(xdr, &tmp))
                 return false;
             script->atoms[i].init(tmp);
         } else {
             RootedAtom tmp(cx, script->atoms[i]);
             if (!XDRAtom(xdr, &tmp))
                 return false;
         }
     }
     if (mode == XDR_DECODE) {
         if (!SaveSharedScriptData(cx, script, ssd, nsrcnotes))
             return false;
     }
     if (nconsts) {
         HeapValue *vector = script->consts()->vector;
         RootedValue val(cx);
         for (i = 0; i != nconsts; ++i) {
             if (mode == XDR_ENCODE)
                 val = vector[i];
             if (!XDRScriptConst(xdr, &val))
                 return false;
             if (mode == XDR_DECODE)
                 vector[i].init(val);
         }
     }
     /*
      * Here looping from 0-to-length to xdr objects is essential to ensure that
      * all references to enclosing blocks (via FindScopeObjectIndex below) happen
      * after the enclosing block has been XDR'd.
      */
     for (i = 0; i != nobjects; ++i) {
         HeapPtr<JSObject> *objp = &script->objects()->vector[i];
         XDRClassKind classk;
         if (mode == XDR_ENCODE) {
             JSObject *obj = *objp;
             if (obj->is<BlockObject>())
                 classk = CK_BlockObject;
             else if (obj->is<StaticWithObject>())
                 classk = CK_WithObject;
             else if (obj->is<JSFunction>())
                 classk = CK_JSFunction;
             else if (obj->is<JSObject>() || obj->is<ArrayObject>())
                 classk = CK_JSObject;
             else
                 MOZ_ASSUME_UNREACHABLE("Cannot encode this class of object.");
         }
         if (!xdr->codeEnum32(&classk))
             return false;
         switch (classk) {
           case CK_BlockObject:
           case CK_WithObject: {
             /* Code the nested block's enclosing scope. */
             uint32_t enclosingStaticScopeIndex = 0;
             if (mode == XDR_ENCODE) {
                 NestedScopeObject &scope = (*objp)->as<NestedScopeObject>();
                 if (NestedScopeObject *enclosing = scope.enclosingNestedScope())
                     enclosingStaticScopeIndex = FindScopeObjectIndex(script, *enclosing);
                 else
                     enclosingStaticScopeIndex = UINT32_MAX;
             }
             if (!xdr->codeUint32(&enclosingStaticScopeIndex))
                 return false;
             Rooted<JSObject*> enclosingStaticScope(cx);
             if (mode == XDR_DECODE) {
                 if (enclosingStaticScopeIndex != UINT32_MAX) {
                     JS_ASSERT(enclosingStaticScopeIndex < i);
                     enclosingStaticScope = script->objects()->vector[enclosingStaticScopeIndex];
                 } else {
                     enclosingStaticScope = fun;
                 }
             }
             if (classk == CK_BlockObject) {
                 Rooted<StaticBlockObject*> tmp(cx, static_cast<StaticBlockObject *>(objp->get()));
                 if (!XDRStaticBlockObject(xdr, enclosingStaticScope, tmp.address()))
                     return false;
                 *objp = tmp;
             } else {
                 Rooted<StaticWithObject*> tmp(cx, static_cast<StaticWithObject *>(objp->get()));
                 if (!XDRStaticWithObject(xdr, enclosingStaticScope, tmp.address()))
                     return false;
                 *objp = tmp;
             }
             break;
           }
           case CK_JSFunction: {
             /* Code the nested function's enclosing scope. */
             uint32_t funEnclosingScopeIndex = 0;
             RootedObject funEnclosingScope(cx);
             if (mode == XDR_ENCODE) {
                 RootedFunction function(cx, &(*objp)->as<JSFunction>());
                 if (function->isInterpretedLazy())
                     funEnclosingScope = function->lazyScript()->enclosingScope();
                 else
                     funEnclosingScope = function->nonLazyScript()->enclosingStaticScope();
                 StaticScopeIter<NoGC> ssi(funEnclosingScope);
                 if (ssi.done() || ssi.type() == StaticScopeIter<NoGC>::FUNCTION) {
                     JS_ASSERT(ssi.done() == !fun);
                     funEnclosingScopeIndex = UINT32_MAX;
                 } else if (ssi.type() == StaticScopeIter<NoGC>::BLOCK) {
                     funEnclosingScopeIndex = FindScopeObjectIndex(script, ssi.block());
                     JS_ASSERT(funEnclosingScopeIndex < i);
                 } else {
                     funEnclosingScopeIndex = FindScopeObjectIndex(script, ssi.staticWith());
                     JS_ASSERT(funEnclosingScopeIndex < i);
                 }
             }
             if (!xdr->codeUint32(&funEnclosingScopeIndex))
                 return false;
             if (mode == XDR_DECODE) {
                 if (funEnclosingScopeIndex == UINT32_MAX) {
                     funEnclosingScope = fun;
                 } else {
                     JS_ASSERT(funEnclosingScopeIndex < i);
                     funEnclosingScope = script->objects()->vector[funEnclosingScopeIndex];
                 }
             }
             // Code nested function and script.
             RootedObject tmp(cx, *objp);
             if (!XDRInterpretedFunction(xdr, funEnclosingScope, script, &tmp))
                 return false;
             *objp = tmp;
             break;
           }
           case CK_JSObject: {
             /* Code object literal. */
             RootedObject tmp(cx, *objp);
             if (!XDRObjectLiteral(xdr, &tmp))
                 return false;
             *objp = tmp;
             break;
           }
           default: {
             MOZ_ASSERT(false, "Unknown class kind.");
             return false;
           }
         }
     }
     for (i = 0; i != nregexps; ++i) {
         if (!XDRScriptRegExpObject(xdr, &script->regexps()->vector[i]))
             return false;
     }
     if (ntrynotes != 0) {
         JSTryNote *tnfirst = script->trynotes()->vector;
         JS_ASSERT(script->trynotes()->length == ntrynotes);
         JSTryNote *tn = tnfirst + ntrynotes;
         do {
             --tn;
             if (!xdr->codeUint8(&tn->kind) ||
                 !xdr->codeUint32(&tn->stackDepth) ||
                 !xdr->codeUint32(&tn->start) ||
                 !xdr->codeUint32(&tn->length)) {
                 return false;
             }
         } while (tn != tnfirst);
     }
     for (i = 0; i < nblockscopes; ++i) {
         BlockScopeNote *note = &script->blockScopes()->vector[i];
         if (!xdr->codeUint32(&note->index) ||
             !xdr->codeUint32(&note->start) ||
             !xdr->codeUint32(&note->length) ||
             !xdr->codeUint32(&note->parent))
         {
             return false;
         }
     }
     if (scriptBits & (1 << HasLazyScript)) {
         Rooted<LazyScript *> lazy(cx);
         if (mode == XDR_ENCODE)
             lazy = script->maybeLazyScript();
         if (!XDRRelazificationInfo(xdr, fun, script, &lazy))
             return false;
         if (mode == XDR_DECODE)
             script->setLazyScript(lazy);
     }
     if (mode == XDR_DECODE) {
         scriptp.set(script);
         /* see BytecodeEmitter::tellDebuggerAboutCompiledScript */
         CallNewScriptHook(cx, script, fun);
         if (!fun) {
             RootedGlobalObject global(cx, script->compileAndGo() ? &script->global() : nullptr);
             Debugger::onNewScript(cx, script, global);
         }
     }
     return true;
 }
 template bool
 js::XDRScript(XDRState<XDR_ENCODE> *, HandleObject, HandleScript, HandleFunction,
               MutableHandleScript);
 template bool
 js::XDRScript(XDRState<XDR_DECODE> *, HandleObject, HandleScript, HandleFunction,
               MutableHandleScript);
 template<XDRMode mode>
 bool
 js::XDRLazyScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enclosingScript,
                   HandleFunction fun, MutableHandle<LazyScript *> lazy)
 {
     JSContext *cx = xdr->cx();
     {
         uint32_t begin;
         uint32_t end;
         uint32_t lineno;
         uint32_t column;
         uint64_t packedFields;
         if (mode == XDR_ENCODE) {
             MOZ_ASSERT(!lazy->maybeScript());
             MOZ_ASSERT(fun == lazy->functionNonDelazifying());
             begin = lazy->begin();
             end = lazy->end();
             lineno = lazy->lineno();
             column = lazy->column();
             packedFields = lazy->packedFields();
         }
         if (!xdr->codeUint32(&begin) || !xdr->codeUint32(&end) ||
             !xdr->codeUint32(&lineno) || !xdr->codeUint32(&column) ||
             !xdr->codeUint64(&packedFields))
         {
             return false;
         }
         if (mode == XDR_DECODE)
             lazy.set(LazyScript::Create(cx, fun, packedFields, begin, end, lineno, column));
     }
     // Code free variables.
     if (!XDRLazyFreeVariables(xdr, lazy))
         return false;
     // Code inner functions.
     {
         RootedObject func(cx);
         HeapPtrFunction *innerFunctions = lazy->innerFunctions();
         size_t numInnerFunctions = lazy->numInnerFunctions();
         for (size_t i = 0; i < numInnerFunctions; i++) {
             if (mode == XDR_ENCODE)
                 func = innerFunctions[i];
             if (!XDRInterpretedFunction(xdr, fun, enclosingScript, &func))
                 return false;
             if (mode == XDR_DECODE)
                 innerFunctions[i] = &func->as<JSFunction>();
         }
     }
     if (mode == XDR_DECODE) {
         JS_ASSERT(!lazy->sourceObject());
         ScriptSourceObject *sourceObject = &enclosingScript->scriptSourceUnwrap();
         // Set the enclosing scope of the lazy function, this would later be
         // used to define the environment when the function would be used.
         lazy->setParent(enclosingScope, sourceObject);
     }
     return true;
 }
 template bool
 js::XDRLazyScript(XDRState<XDR_ENCODE> *, HandleObject, HandleScript,
                   HandleFunction, MutableHandle<LazyScript *>);
 template bool
 js::XDRLazyScript(XDRState<XDR_DECODE> *, HandleObject, HandleScript,
                   HandleFunction, MutableHandle<LazyScript *>);
 void
 JSScript::setSourceObject(JSObject *object)
 {
     JS_ASSERT(compartment() == object->compartment());
     sourceObject_ = object;
 }
 js::ScriptSourceObject &
 JSScript::scriptSourceUnwrap() const {
     return UncheckedUnwrap(sourceObject())->as<ScriptSourceObject>();
 }
 js::ScriptSource *
 JSScript::scriptSource() const {
     return scriptSourceUnwrap().source();
 }
 bool
 JSScript::initScriptCounts(JSContext *cx)
 {
     JS_ASSERT(!hasScriptCounts());
     size_t n = 0;
     for (jsbytecode *pc = code(); pc < codeEnd(); pc += GetBytecodeLength(pc))
         n += PCCounts::numCounts(JSOp(*pc));
     size_t bytes = (length() * sizeof(PCCounts)) + (n * sizeof(double));
     char *base = (char *) cx->calloc_(bytes);
     if (!base)
         return false;
     /* Create compartment's scriptCountsMap if necessary. */
     ScriptCountsMap *map = compartment()->scriptCountsMap;
     if (!map) {
         map = cx->new_<ScriptCountsMap>();
         if (!map || !map->init()) {
             js_free(base);
             js_delete(map);
             return false;
         }
         compartment()->scriptCountsMap = map;
     }
     char *cursor = base;
     ScriptCounts scriptCounts;
     scriptCounts.pcCountsVector = (PCCounts *) cursor;
     cursor += length() * sizeof(PCCounts);
     for (jsbytecode *pc = code(); pc < codeEnd(); pc += GetBytecodeLength(pc)) {
         JS_ASSERT(uintptr_t(cursor) % sizeof(double) == 0);
         scriptCounts.pcCountsVector[pcToOffset(pc)].counts = (double *) cursor;
         size_t capacity = PCCounts::numCounts(JSOp(*pc));
 #ifdef DEBUG
         scriptCounts.pcCountsVector[pcToOffset(pc)].capacity = capacity;
 #endif
         cursor += capacity * sizeof(double);
     }
     if (!map->putNew(this, scriptCounts)) {
         js_free(base);
         return false;
     }
     hasScriptCounts_ = true; // safe to set this;  we can't fail after this point
     JS_ASSERT(size_t(cursor - base) == bytes);
     /* Enable interrupts in any interpreter frames running on this script. */
     for (ActivationIterator iter(cx->runtime()); !iter.done(); ++iter) {
         if (iter->isInterpreter())
             iter->asInterpreter()->enableInterruptsIfRunning(this);
     }
     return true;
 }
 static inline ScriptCountsMap::Ptr GetScriptCountsMapEntry(JSScript *script)
 {
     JS_ASSERT(script->hasScriptCounts());
     ScriptCountsMap *map = script->compartment()->scriptCountsMap;
     ScriptCountsMap::Ptr p = map->lookup(script);
     JS_ASSERT(p);
     return p;
 }
 js::PCCounts
 JSScript::getPCCounts(jsbytecode *pc) {
     JS_ASSERT(containsPC(pc));
     ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
     return p->value().pcCountsVector[pcToOffset(pc)];
 }
 void
 JSScript::addIonCounts(jit::IonScriptCounts *ionCounts)
 {
     ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
     if (p->value().ionCounts)
         ionCounts->setPrevious(p->value().ionCounts);
     p->value().ionCounts = ionCounts;
 }
 jit::IonScriptCounts *
 JSScript::getIonCounts()
 {
     ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
     return p->value().ionCounts;
 }
 ScriptCounts
 JSScript::releaseScriptCounts()
 {
     ScriptCountsMap::Ptr p = GetScriptCountsMapEntry(this);
     ScriptCounts counts = p->value();
     compartment()->scriptCountsMap->remove(p);
     hasScriptCounts_ = false;
     return counts;
 }
 void
 JSScript::destroyScriptCounts(FreeOp *fop)
 {
     if (hasScriptCounts()) {
         ScriptCounts scriptCounts = releaseScriptCounts();
         scriptCounts.destroy(fop);
     }
 }
 void
 ScriptSourceObject::setSource(ScriptSource *source)
 {
     if (source)
         source->incref();
     if (this->source())
         this->source()->decref();
     setReservedSlot(SOURCE_SLOT, PrivateValue(source));
 }
 JSObject *
 ScriptSourceObject::element() const
 {
     return getReservedSlot(ELEMENT_SLOT).toObjectOrNull();
 }
 void
 ScriptSourceObject::initElement(HandleObject element)
 {
     JS_ASSERT(getReservedSlot(ELEMENT_SLOT).isNull());
     setReservedSlot(ELEMENT_SLOT, ObjectOrNullValue(element));
 }
 const Value &
 ScriptSourceObject::elementAttributeName() const
 {
     const Value &prop = getReservedSlot(ELEMENT_PROPERTY_SLOT);
     JS_ASSERT(prop.isUndefined() || prop.isString());
     return prop;
 }
 void
 ScriptSourceObject::initIntroductionScript(JSScript *script)
 {
     JS_ASSERT(!getReservedSlot(INTRODUCTION_SCRIPT_SLOT).toPrivate());
     // There is no equivalent of cross-compartment wrappers for scripts. If
     // the introduction script would be in a different compartment from the
     // compiled code, we would be creating a cross-compartment script
     // reference, which would be bogus. In that case, just don't bother to
     // retain the introduction script.
     if (script && script->compartment() == compartment())
         setReservedSlot(INTRODUCTION_SCRIPT_SLOT, PrivateValue(script));
 }
 void
 ScriptSourceObject::trace(JSTracer *trc, JSObject *obj)
 {
     ScriptSourceObject *sso = static_cast<ScriptSourceObject *>(obj);
     if (JSScript *script = sso->introductionScript()) {
         MarkScriptUnbarriered(trc, &script, "ScriptSourceObject introductionScript");
         sso->setReservedSlot(INTRODUCTION_SCRIPT_SLOT, PrivateValue(script));
     }
 }
 void
 ScriptSourceObject::finalize(FreeOp *fop, JSObject *obj)
 {
     // ScriptSource::setSource automatically takes care of the refcount
     obj->as<ScriptSourceObject>().setSource(nullptr);
 }
 const Class ScriptSourceObject::class_ = {
     "ScriptSource",
     JSCLASS_HAS_RESERVED_SLOTS(RESERVED_SLOTS) |
     JSCLASS_IMPLEMENTS_BARRIERS | JSCLASS_IS_ANONYMOUS,
     JS_PropertyStub,        /* addProperty */
     JS_DeletePropertyStub,  /* delProperty */
     JS_PropertyStub,        /* getProperty */
     JS_StrictPropertyStub,  /* setProperty */
     JS_EnumerateStub,
     JS_ResolveStub,
     JS_ConvertStub,
     finalize,
     nullptr,                /* call        */
     nullptr,                /* hasInstance */
     nullptr,                /* construct   */
     trace
 };
 ScriptSourceObject *
 ScriptSourceObject::create(ExclusiveContext *cx, ScriptSource *source,
                            const ReadOnlyCompileOptions &options)
 {
     RootedObject object(cx, NewObjectWithGivenProto(cx, &class_, nullptr, cx->global()));
     if (!object)
         return nullptr;
     RootedScriptSource sourceObject(cx, &object->as<ScriptSourceObject>());
     source->incref();
     sourceObject->initSlot(SOURCE_SLOT, PrivateValue(source));
     sourceObject->initSlot(ELEMENT_SLOT, ObjectOrNullValue(options.element()));
     if (options.elementAttributeName())
         sourceObject->initSlot(ELEMENT_PROPERTY_SLOT, StringValue(options.elementAttributeName()));
     else
         sourceObject->initSlot(ELEMENT_PROPERTY_SLOT, UndefinedValue());
     sourceObject->initSlot(INTRODUCTION_SCRIPT_SLOT, PrivateValue(nullptr));
     sourceObject->initIntroductionScript(options.introductionScript());
     return sourceObject;
 }
 static const unsigned char emptySource[] = "";
 /* Adjust the amount of memory this script source uses for source data,
    reallocating if needed. */
 bool
 ScriptSource::adjustDataSize(size_t nbytes)
 {
     // Allocating 0 bytes has undefined behavior, so special-case it.
     if (nbytes == 0) {
         if (data.compressed != emptySource)
             js_free(data.compressed);
         data.compressed = const_cast<unsigned char *>(emptySource);
         return true;
     }
     // |data.compressed| can be nullptr.
     void *buf = js_realloc(data.compressed, nbytes);
     if (!buf && data.compressed != emptySource)
         js_free(data.compressed);
     data.compressed = static_cast<unsigned char *>(buf);
     return !!data.compressed;
 }
 /* static */ bool
 JSScript::loadSource(JSContext *cx, ScriptSource *ss, bool *worked)
 {
     JS_ASSERT(!ss->hasSourceData());
     *worked = false;
     if (!cx->runtime()->sourceHook || !ss->sourceRetrievable())
         return true;
     jschar *src = nullptr;
     size_t length;
     if (!cx->runtime()->sourceHook->load(cx, ss->filename(), &src, &length))
         return false;
     if (!src)
         return true;
     ss->setSource(src, length);
     *worked = true;
     return true;
 }
 JSFlatString *
 JSScript::sourceData(JSContext *cx)
 {
     JS_ASSERT(scriptSource()->hasSourceData());
     return scriptSource()->substring(cx, sourceStart(), sourceEnd());
 }
 SourceDataCache::AutoHoldEntry::AutoHoldEntry()
   : cache_(nullptr), source_(nullptr), charsToFree_(nullptr)
 {
 }
 void
 SourceDataCache::AutoHoldEntry::holdEntry(SourceDataCache *cache, ScriptSource *source)
 {
     // Initialise the holder for a specific cache and script source. This will
     // hold on to the cached source chars in the event that the cache is purged.
     JS_ASSERT(!cache_ && !source_ && !charsToFree_);
     cache_ = cache;
     source_ = source;
 }
 void
 SourceDataCache::AutoHoldEntry::deferDelete(const jschar *chars)
 {
     // Take ownership of source chars now the cache is being purged. Remove our
     // reference to the ScriptSource which might soon be destroyed.
     JS_ASSERT(cache_ && source_ && !charsToFree_);
     cache_ = nullptr;
     source_ = nullptr;
     charsToFree_ = chars;
 }
 SourceDataCache::AutoHoldEntry::~AutoHoldEntry()
 {
     // The holder is going out of scope. If it has taken ownership of cached
     // chars then delete them, otherwise unregister ourself with the cache.
     if (charsToFree_) {
         JS_ASSERT(!cache_ && !source_);
         js_free(const_cast<jschar *>(charsToFree_));
     } else if (cache_) {
         JS_ASSERT(source_);
         cache_->releaseEntry(*this);
     }
 }
 void
 SourceDataCache::holdEntry(AutoHoldEntry &holder, ScriptSource *ss)
 {
     JS_ASSERT(!holder_);
     holder.holdEntry(this, ss);
     holder_ = &holder;
 }
 void
 SourceDataCache::releaseEntry(AutoHoldEntry &holder)
 {
     JS_ASSERT(holder_ == &holder);
     holder_ = nullptr;
 }
 const jschar *
 SourceDataCache::lookup(ScriptSource *ss, AutoHoldEntry &holder)
 {
     JS_ASSERT(!holder_);
     if (!map_)
         return nullptr;
     if (Map::Ptr p = map_->lookup(ss)) {
         holdEntry(holder, ss);
         return p->value();
     }
     return nullptr;
 }
 bool
 SourceDataCache::put(ScriptSource *ss, const jschar *str, AutoHoldEntry &holder)
 {
     JS_ASSERT(!holder_);
     if (!map_) {
         map_ = js_new<Map>();
         if (!map_)
             return false;
         if (!map_->init()) {
             js_delete(map_);
             map_ = nullptr;
             return false;
         }
     }
     if (!map_->put(ss, str))
         return false;
     holdEntry(holder, ss);
     return true;
 }
 void
 SourceDataCache::purge()
 {
     if (!map_)
         return;
     for (Map::Range r = map_->all(); !r.empty(); r.popFront()) {
         const jschar *chars = r.front().value();
         if (holder_ && r.front().key() == holder_->source()) {
             holder_->deferDelete(chars);
             holder_ = nullptr;
         } else {
             js_free(const_cast<jschar*>(chars));
         }
     }
     js_delete(map_);
     map_ = nullptr;
 }
 size_t
 SourceDataCache::sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf)
 {
     size_t n = 0;
     if (map_ && !map_->empty()) {
         n += map_->sizeOfIncludingThis(mallocSizeOf);
         for (Map::Range r = map_->all(); !r.empty(); r.popFront()) {
             const jschar *v = r.front().value();
             n += mallocSizeOf(v);
         }
     }
     return n;
 }
 const jschar *
 ScriptSource::chars(JSContext *cx, SourceDataCache::AutoHoldEntry &holder)
 {
     if (const jschar *chars = getOffThreadCompressionChars(cx))
         return chars;
     JS_ASSERT(ready());
 #ifdef USE_ZLIB
     if (compressed()) {
         if (const jschar *decompressed = cx->runtime()->sourceDataCache.lookup(this, holder))
             return decompressed;
         const size_t nbytes = sizeof(jschar) * (length_ + 1);
         jschar *decompressed = static_cast<jschar *>(js_malloc(nbytes));
         if (!decompressed)
             return nullptr;
         if (!DecompressString(data.compressed, compressedLength_,
                               reinterpret_cast<unsigned char *>(decompressed), nbytes)) {
             JS_ReportOutOfMemory(cx);
             js_free(decompressed);
             return nullptr;
         }
         decompressed[length_] = 0;
         if (!cx->runtime()->sourceDataCache.put(this, decompressed, holder)) {
             JS_ReportOutOfMemory(cx);
             js_free(decompressed);
             return nullptr;
         }
         return decompressed;
     }
 #endif
     return data.source;
 }
 JSFlatString *
 ScriptSource::substring(JSContext *cx, uint32_t start, uint32_t stop)
 {
     JS_ASSERT(start <= stop);
     SourceDataCache::AutoHoldEntry holder;
     const jschar *chars = this->chars(cx, holder);
     if (!chars)
         return nullptr;
     return js_NewStringCopyN<CanGC>(cx, chars + start, stop - start);
 }
 bool
 ScriptSource::setSourceCopy(ExclusiveContext *cx, SourceBufferHolder &srcBuf,
                             bool argumentsNotIncluded, SourceCompressionTask *task)
 {
     JS_ASSERT(!hasSourceData());
     length_ = srcBuf.length();
     argumentsNotIncluded_ = argumentsNotIncluded;
     // There are several cases where source compression is not a good idea:
     //  - If the script is tiny, then compression will save little or no space.
     //  - If the script is enormous, then decompression can take seconds. With
     //    lazy parsing, decompression is not uncommon, so this can significantly
     //    increase latency.
     //  - If there is only one core, then compression will contend with JS
     //    execution (which hurts benchmarketing).
     //  - If the source contains a giant string, then parsing will finish much
     //    faster than compression which increases latency (this case is handled
     //    in Parser::stringLiteral).
     //
     // Lastly, since the parsing thread will eventually perform a blocking wait
     // on the compresion task's worker thread, require that there are at least 2
     // worker threads:
     //  - If we are on a worker thread, there must be another worker thread to
     //    execute our compression task.
     //  - If we are on the main thread, there must be at least two worker
     //    threads since at most one worker thread can be blocking on the main
     //    thread (see WorkerThreadState::canStartParseTask) which would cause a
     //    deadlock if there wasn't a second worker thread that could make
     //    progress on our compression task.
 #ifdef JS_THREADSAFE
     bool canCompressOffThread =
         WorkerThreadState().cpuCount > 1 &&
         WorkerThreadState().threadCount >= 2;
 #else
     bool canCompressOffThread = false;
 #endif
     const size_t TINY_SCRIPT = 256;
     const size_t HUGE_SCRIPT = 5 * 1024 * 1024;
     if (TINY_SCRIPT <= srcBuf.length() && srcBuf.length() < HUGE_SCRIPT && canCompressOffThread) {
         task->ss = this;
         task->chars = srcBuf.get();
         ready_ = false;
         if (!StartOffThreadCompression(cx, task))
             return false;
     } else if (srcBuf.ownsChars()) {
         data.source = srcBuf.take();
     } else {
         if (!adjustDataSize(sizeof(jschar) * srcBuf.length()))
             return false;
         PodCopy(data.source, srcBuf.get(), length_);
     }
     return true;
 }
 void
 ScriptSource::setSource(const jschar *src, size_t length)
 {
     JS_ASSERT(!hasSourceData());
     length_ = length;
     JS_ASSERT(!argumentsNotIncluded_);
     data.source = const_cast<jschar *>(src);
 }
 bool
 SourceCompressionTask::work()
 {
     // A given compression token can be compressed on any thread, and the ss
     // not being ready indicates to other threads that its fields might change
     // with no lock held.
     JS_ASSERT(!ss->ready());
     size_t compressedLength = 0;
     size_t nbytes = sizeof(jschar) * ss->length_;
     // Memory allocation functions on JSRuntime and JSContext are not
     // threadsafe. We have to use the js_* variants.
 #ifdef USE_ZLIB
     // Try to keep the maximum memory usage down by only allocating half the
     // size of the string, first.
     size_t firstSize = nbytes / 2;
     if (!ss->adjustDataSize(firstSize))
         return false;
     Compressor comp(reinterpret_cast<const unsigned char *>(chars), nbytes);
     if (!comp.init())
         return false;
     comp.setOutput(ss->data.compressed, firstSize);
     bool cont = !abort_;
     while (cont) {
         switch (comp.compressMore()) {
           case Compressor::CONTINUE:
             break;
           case Compressor::MOREOUTPUT: {
             if (comp.outWritten() == nbytes) {
                 cont = false;
                 break;
             }
             // The compressed output is greater than half the size of the
             // original string. Reallocate to the full size.
             if (!ss->adjustDataSize(nbytes))
                 return false;
             comp.setOutput(ss->data.compressed, nbytes);
             break;
           }
           case Compressor::DONE:
             cont = false;
             break;
           case Compressor::OOM:
             return false;
         }
         cont = cont && !abort_;
     }
     compressedLength = comp.outWritten();
     if (abort_ || compressedLength == nbytes)
         compressedLength = 0;
 #endif
     if (compressedLength == 0) {
         if (!ss->adjustDataSize(nbytes))
             return false;
         PodCopy(ss->data.source, chars, ss->length());
     } else {
         // Shrink the buffer to the size of the compressed data. Shouldn't fail.
         JS_ALWAYS_TRUE(ss->adjustDataSize(compressedLength));
     }
     ss->compressedLength_ = compressedLength;
     return true;
 }
 void
 ScriptSource::destroy()
 {
     JS_ASSERT(ready());
     adjustDataSize(0);
     if (introducerFilename_ != filename_)
         js_free(introducerFilename_);
     js_free(filename_);
     js_free(displayURL_);
     js_free(sourceMapURL_);
     if (originPrincipals_)
         JS_DropPrincipals(TlsPerThreadData.get()->runtimeFromMainThread(), originPrincipals_);
     ready_ = false;
     js_free(this);
 }
 void
 ScriptSource::addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf,
                                      JS::ScriptSourceInfo *info) const
 {
     if (ready() && data.compressed != emptySource) {
         if (compressed())
             info->compressed += mallocSizeOf(data.compressed);
         else
             info->uncompressed += mallocSizeOf(data.source);
     }
     info->misc += mallocSizeOf(this) + mallocSizeOf(filename_);
     info->numScripts++;
 }
 template<XDRMode mode>
 bool
 ScriptSource::performXDR(XDRState<mode> *xdr)
 {
     uint8_t hasSource = hasSourceData();
     if (!xdr->codeUint8(&hasSource))
         return false;
     uint8_t retrievable = sourceRetrievable_;
     if (!xdr->codeUint8(&retrievable))
         return false;
     sourceRetrievable_ = retrievable;
     if (hasSource && !sourceRetrievable_) {
         // Only set members when we know decoding cannot fail. This prevents the
         // script source from being partially initialized.
         uint32_t length = length_;
         if (!xdr->codeUint32(&length))
             return false;
         uint32_t compressedLength = compressedLength_;
         if (!xdr->codeUint32(&compressedLength))
             return false;
         uint8_t argumentsNotIncluded = argumentsNotIncluded_;
         if (!xdr->codeUint8(&argumentsNotIncluded))
             return false;
         size_t byteLen = compressedLength ? compressedLength : (length * sizeof(jschar));
         if (mode == XDR_DECODE) {
             if (!adjustDataSize(byteLen))
                 return false;
         }
         if (!xdr->codeBytes(data.compressed, byteLen)) {
             if (mode == XDR_DECODE) {
                 js_free(data.compressed);
                 data.compressed = nullptr;
             }
             return false;
         }
         length_ = length;
         compressedLength_ = compressedLength;
         argumentsNotIncluded_ = argumentsNotIncluded;
     }
     uint8_t haveSourceMap = hasSourceMapURL();
     if (!xdr->codeUint8(&haveSourceMap))
         return false;
     if (haveSourceMap) {
         uint32_t sourceMapURLLen = (mode == XDR_DECODE) ? 0 : js_strlen(sourceMapURL_);
         if (!xdr->codeUint32(&sourceMapURLLen))
             return false;
         if (mode == XDR_DECODE) {
             size_t byteLen = (sourceMapURLLen + 1) * sizeof(jschar);
             sourceMapURL_ = static_cast<jschar *>(xdr->cx()->malloc_(byteLen));
             if (!sourceMapURL_)
                 return false;
         }
         if (!xdr->codeChars(sourceMapURL_, sourceMapURLLen)) {
             if (mode == XDR_DECODE) {
                 js_free(sourceMapURL_);
                 sourceMapURL_ = nullptr;
             }
             return false;
         }
         sourceMapURL_[sourceMapURLLen] = '\0';
     }
     uint8_t haveDisplayURL = hasDisplayURL();
     if (!xdr->codeUint8(&haveDisplayURL))
         return false;
     if (haveDisplayURL) {
         uint32_t displayURLLen = (mode == XDR_DECODE) ? 0 : js_strlen(displayURL_);
         if (!xdr->codeUint32(&displayURLLen))
             return false;
         if (mode == XDR_DECODE) {
             size_t byteLen = (displayURLLen + 1) * sizeof(jschar);
             displayURL_ = static_cast<jschar *>(xdr->cx()->malloc_(byteLen));
             if (!displayURL_)
                 return false;
         }
         if (!xdr->codeChars(displayURL_, displayURLLen)) {
             if (mode == XDR_DECODE) {
                 js_free(displayURL_);
                 displayURL_ = nullptr;
             }
             return false;
         }
         displayURL_[displayURLLen] = '\0';
     }
     uint8_t haveFilename = !!filename_;
     if (!xdr->codeUint8(&haveFilename))
         return false;
     if (haveFilename) {
         const char *fn = filename();
         if (!xdr->codeCString(&fn))
             return false;
         if (mode == XDR_DECODE && !setFilename(xdr->cx(), fn))
             return false;
     }
     if (mode == XDR_DECODE)
         ready_ = true;
     return true;
 }
 // Format and return a cx->malloc_'ed URL for a generated script like:
 //   {filename} line {lineno} > {introducer}
 // For example:
 //   foo.js line 7 > eval
 // indicating code compiled by the call to 'eval' on line 7 of foo.js.
 static char *
 FormatIntroducedFilename(ExclusiveContext *cx, const char *filename, unsigned lineno,
                          const char *introducer)
 {
     // Compute the length of the string in advance, so we can allocate a
     // buffer of the right size on the first shot.
     //
     // (JS_smprintf would be perfect, as that allocates the result
     // dynamically as it formats the string, but it won't allocate from cx,
     // and wants us to use a special free function.)
     char linenoBuf[15];
     size_t filenameLen = strlen(filename);
     size_t linenoLen = JS_snprintf(linenoBuf, 15, "%u", lineno);
     size_t introducerLen = strlen(introducer);
     size_t len = filenameLen                    +
 /* == strlen(" line ") */    +
                  linenoLen                      +
 /* == strlen(" > ") */       +
                  introducerLen                  +
 /* \0 */;
     char *formatted = cx->pod_malloc<char>(len);
     if (!formatted)
         return nullptr;
     mozilla::DebugOnly<size_t> checkLen = JS_snprintf(formatted, len, "%s line %s > %s",
                                                       filename, linenoBuf, introducer);
     JS_ASSERT(checkLen == len - 1);
     return formatted;
 }
 bool
 ScriptSource::initFromOptions(ExclusiveContext *cx, const ReadOnlyCompileOptions &options)
 {
     JS_ASSERT(!filename_);
     JS_ASSERT(!introducerFilename_);
     originPrincipals_ = options.originPrincipals(cx);
     if (originPrincipals_)
         JS_HoldPrincipals(originPrincipals_);
     introductionType_ = options.introductionType;
     setIntroductionOffset(options.introductionOffset);
     if (options.hasIntroductionInfo) {
         JS_ASSERT(options.introductionType != nullptr);
         const char *filename = options.filename() ? options.filename() : "<unknown>";
         char *formatted = FormatIntroducedFilename(cx, filename, options.introductionLineno,
                                                    options.introductionType);
         if (!formatted)
             return false;
         filename_ = formatted;
     } else if (options.filename()) {
         if (!setFilename(cx, options.filename()))
             return false;
     }
     if (options.introducerFilename()) {
         introducerFilename_ = js_strdup(cx, options.introducerFilename());
         if (!introducerFilename_)
             return false;
     } else {
         introducerFilename_ = filename_;
     }
     return true;
 }
 bool
 ScriptSource::setFilename(ExclusiveContext *cx, const char *filename)
 {
     JS_ASSERT(!filename_);
     filename_ = js_strdup(cx, filename);
     if (!filename_)
         return false;
     return true;
 }
 bool
 ScriptSource::setDisplayURL(ExclusiveContext *cx, const jschar *displayURL)
 {
     JS_ASSERT(displayURL);
     if (hasDisplayURL()) {
         if (cx->isJSContext() &&
             !JS_ReportErrorFlagsAndNumber(cx->asJSContext(), JSREPORT_WARNING,
                                           js_GetErrorMessage, nullptr,
                                           JSMSG_ALREADY_HAS_PRAGMA, filename_,
                                           "//# sourceURL"))
         {
             return false;
         }
     }
     size_t len = js_strlen(displayURL) + 1;
     if (len == 1)
         return true;
     displayURL_ = js_strdup(cx, displayURL);
     if (!displayURL_)
         return false;
     return true;
 }
 const jschar *
 ScriptSource::displayURL()
 {
     JS_ASSERT(hasDisplayURL());
     return displayURL_;
 }
 bool
 ScriptSource::setSourceMapURL(ExclusiveContext *cx, const jschar *sourceMapURL)
 {
     JS_ASSERT(sourceMapURL);
     if (hasSourceMapURL()) {
         if (cx->isJSContext() &&
             !JS_ReportErrorFlagsAndNumber(cx->asJSContext(), JSREPORT_WARNING,
                                           js_GetErrorMessage, nullptr,
                                           JSMSG_ALREADY_HAS_PRAGMA, filename_,
                                           "//# sourceMappingURL"))
         {
             return false;
         }
     }
     size_t len = js_strlen(sourceMapURL) + 1;
     if (len == 1)
         return true;
     sourceMapURL_ = js_strdup(cx, sourceMapURL);
     if (!sourceMapURL_)
         return false;
     return true;
 }
 const jschar *
 ScriptSource::sourceMapURL()
 {
     JS_ASSERT(hasSourceMapURL());
     return sourceMapURL_;
 }
 /*
  * Shared script data management.
  */
 SharedScriptData *
 js::SharedScriptData::new_(ExclusiveContext *cx, uint32_t codeLength,
                            uint32_t srcnotesLength, uint32_t natoms)
 {
     /*
      * Ensure the atoms are aligned, as some architectures don't allow unaligned
      * access.
      */
     const uint32_t pointerSize = sizeof(JSAtom *);
     const uint32_t pointerMask = pointerSize - 1;
     const uint32_t dataOffset = offsetof(SharedScriptData, data);
     uint32_t baseLength = codeLength + srcnotesLength;
     uint32_t padding = (pointerSize - ((baseLength + dataOffset) & pointerMask)) & pointerMask;
     uint32_t length = baseLength + padding + pointerSize * natoms;
     SharedScriptData *entry = (SharedScriptData *)cx->malloc_(length + dataOffset);
     if (!entry)
         return nullptr;
     entry->length = length;
     entry->natoms = natoms;
     entry->marked = false;
     memset(entry->data + baseLength, 0, padding);
     /*
      * Call constructors to initialize the storage that will be accessed as a
      * HeapPtrAtom array via atoms().
      */
     HeapPtrAtom *atoms = entry->atoms();
     JS_ASSERT(reinterpret_cast<uintptr_t>(atoms) % sizeof(JSAtom *) == 0);
     for (unsigned i = 0; i < natoms; ++i)
         new (&atoms[i]) HeapPtrAtom();
     return entry;
 }
 /*
  * Takes ownership of its *ssd parameter and either adds it into the runtime's
  * ScriptDataTable or frees it if a matching entry already exists.
  *
  * Sets the |code| and |atoms| fields on the given JSScript.
  */
 static bool
 SaveSharedScriptData(ExclusiveContext *cx, Handle<JSScript *> script, SharedScriptData *ssd,
                      uint32_t nsrcnotes)
 {
     ASSERT(script != nullptr);
     ASSERT(ssd != nullptr);
     AutoLockForExclusiveAccess lock(cx);
     ScriptBytecodeHasher::Lookup l(ssd);
     ScriptDataTable::AddPtr p = cx->scriptDataTable().lookupForAdd(l);
     if (p) {
         js_free(ssd);
         ssd = *p;
     } else {
         if (!cx->scriptDataTable().add(p, ssd)) {
             script->setCode(nullptr);
             script->atoms = nullptr;
             js_free(ssd);
             js_ReportOutOfMemory(cx);
             return false;
         }
     }
 #ifdef JSGC_INCREMENTAL
     /*
      * During the IGC we need to ensure that bytecode is marked whenever it is
      * accessed even if the bytecode was already in the table: at this point
      * old scripts or exceptions pointing to the bytecode may no longer be
      * reachable. This is effectively a read barrier.
      */
     if (cx->isJSContext()) {
         JSRuntime *rt = cx->asJSContext()->runtime();
         if (JS::IsIncrementalGCInProgress(rt) && rt->gcIsFull)
             ssd->marked = true;
     }
 #endif
     script->setCode(ssd->data);
     script->atoms = ssd->atoms();
     return true;
 }
 static inline void
 MarkScriptData(JSRuntime *rt, const jsbytecode *bytecode)
 {
     /*
      * As an invariant, a ScriptBytecodeEntry should not be 'marked' outside of
      * a GC. Since SweepScriptBytecodes is only called during a full gc,
      * to preserve this invariant, only mark during a full gc.
      */
     if (rt->gcIsFull)
         SharedScriptData::fromBytecode(bytecode)->marked = true;
 }
 void
 js::UnmarkScriptData(JSRuntime *rt)
 {
     JS_ASSERT(rt->gcIsFull);
     ScriptDataTable &table = rt->scriptDataTable();
     for (ScriptDataTable::Enum e(table); !e.empty(); e.popFront()) {
         SharedScriptData *entry = e.front();
         entry->marked = false;
     }
 }
 void
 js::SweepScriptData(JSRuntime *rt)
 {
     JS_ASSERT(rt->gcIsFull);
     ScriptDataTable &table = rt->scriptDataTable();
     if (rt->keepAtoms())
         return;
     for (ScriptDataTable::Enum e(table); !e.empty(); e.popFront()) {
         SharedScriptData *entry = e.front();
         if (!entry->marked) {
             js_free(entry);
             e.removeFront();
         }
     }
 }
 void
 js::FreeScriptData(JSRuntime *rt)
 {
     ScriptDataTable &table = rt->scriptDataTable();
     if (!table.initialized())
         return;
     for (ScriptDataTable::Enum e(table); !e.empty(); e.popFront())
         js_free(e.front());
     table.clear();
 }
 /*
  * JSScript::data and SharedScriptData::data have complex,
  * manually-controlled, memory layouts.
  *
  * JSScript::data begins with some optional array headers. They are optional
  * because they often aren't needed, i.e. the corresponding arrays often have
  * zero elements. Each header has a bit in JSScript::hasArrayBits that
  * indicates if it's present within |data|; from this the offset of each
  * present array header can be computed. Each header has an accessor function
  * in JSScript that encapsulates this offset computation.
  *
  * Array type       Array elements  Accessor
  * ----------       --------------  --------
  * ConstArray       Consts          consts()
  * ObjectArray      Objects         objects()
  * ObjectArray      Regexps         regexps()
  * TryNoteArray     Try notes       trynotes()
  * BlockScopeArray  Scope notes     blockScopes()
  *
  * Then are the elements of several arrays.
  * - Most of these arrays have headers listed above (if present). For each of
  *   these, the array pointer and the array length is stored in the header.
  * - The remaining arrays have pointers and lengths that are stored directly in
  *   JSScript. This is because, unlike the others, they are nearly always
  *   non-zero length and so the optional-header space optimization isn't
  *   worthwhile.
  *
  * Array elements   Pointed to by         Length
  * --------------   -------------         ------
  * Consts           consts()->vector      consts()->length
  * Objects          objects()->vector     objects()->length
  * Regexps          regexps()->vector     regexps()->length
  * Try notes        trynotes()->vector    trynotes()->length
  * Scope notes      blockScopes()->vector blockScopes()->length
  *
  * IMPORTANT: This layout has two key properties.
  * - It ensures that everything has sufficient alignment; in particular, the
  *   consts() elements need jsval alignment.
  * - It ensures there are no gaps between elements, which saves space and makes
  *   manual layout easy. In particular, in the second part, arrays with larger
  *   elements precede arrays with smaller elements.
  *
  * SharedScriptData::data contains data that can be shared within a
  * runtime. These items' layout is manually controlled to make it easier to
  * manage both during (temporary) allocation and during matching against
  * existing entries in the runtime. As the jsbytecode has to come first to
  * enable lookup by bytecode identity, SharedScriptData::data, the atoms part
  * has to manually be aligned sufficiently by adding padding after the notes
  * part.
  *
  * Array elements   Pointed to by         Length
  * --------------   -------------         ------
  * jsbytecode       code                  length
  * jsscrnote        notes()               numNotes()
  * Atoms            atoms                 natoms
  *
  * The following static assertions check JSScript::data's alignment properties.
  */
 #define KEEPS_JSVAL_ALIGNMENT(T) \
     (JS_ALIGNMENT_OF(jsval) % JS_ALIGNMENT_OF(T) == 0 && \
      sizeof(T) % sizeof(jsval) == 0)
 #define HAS_JSVAL_ALIGNMENT(T) \
     (JS_ALIGNMENT_OF(jsval) == JS_ALIGNMENT_OF(T) && \
      sizeof(T) == sizeof(jsval))
 #define NO_PADDING_BETWEEN_ENTRIES(T1, T2) \
     (JS_ALIGNMENT_OF(T1) % JS_ALIGNMENT_OF(T2) == 0)
 /*
  * These assertions ensure that there is no padding between the array headers,
  * and also that the consts() elements (which follow immediately afterward) are
  * jsval-aligned.  (There is an assumption that |data| itself is jsval-aligned;
  * we check this below).
  */
 JS_STATIC_ASSERT(KEEPS_JSVAL_ALIGNMENT(ConstArray));
 JS_STATIC_ASSERT(KEEPS_JSVAL_ALIGNMENT(ObjectArray));       /* there are two of these */
 JS_STATIC_ASSERT(KEEPS_JSVAL_ALIGNMENT(TryNoteArray));
 JS_STATIC_ASSERT(KEEPS_JSVAL_ALIGNMENT(BlockScopeArray));
 /* These assertions ensure there is no padding required between array elements. */
 JS_STATIC_ASSERT(HAS_JSVAL_ALIGNMENT(HeapValue));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(HeapValue, HeapPtrObject));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(HeapPtrObject, HeapPtrObject));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(HeapPtrObject, JSTryNote));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(JSTryNote, uint32_t));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(uint32_t, uint32_t));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(HeapValue, BlockScopeNote));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(BlockScopeNote, BlockScopeNote));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(JSTryNote, BlockScopeNote));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(HeapPtrObject, BlockScopeNote));
 JS_STATIC_ASSERT(NO_PADDING_BETWEEN_ENTRIES(BlockScopeNote, uint32_t));
 static inline size_t
 ScriptDataSize(uint32_t nbindings, uint32_t nconsts, uint32_t nobjects, uint32_t nregexps,
                uint32_t ntrynotes, uint32_t nblockscopes)
 {
     size_t size = 0;
     if (nconsts != 0)
         size += sizeof(ConstArray) + nconsts * sizeof(Value);
     if (nobjects != 0)
         size += sizeof(ObjectArray) + nobjects * sizeof(JSObject *);
     if (nregexps != 0)
         size += sizeof(ObjectArray) + nregexps * sizeof(JSObject *);
     if (ntrynotes != 0)
         size += sizeof(TryNoteArray) + ntrynotes * sizeof(JSTryNote);
     if (nblockscopes != 0)
         size += sizeof(BlockScopeArray) + nblockscopes * sizeof(BlockScopeNote);
     if (nbindings != 0) {
 	// Make sure bindings are sufficiently aligned.
         size = JS_ROUNDUP(size, JS_ALIGNMENT_OF(Binding)) + nbindings * sizeof(Binding);
     }
     return size;
 }
 void
 JSScript::initCompartment(ExclusiveContext *cx)
 {
     compartment_ = cx->compartment_;
 }
 JSScript *
 JSScript::Create(ExclusiveContext *cx, HandleObject enclosingScope, bool savedCallerFun,
                  const ReadOnlyCompileOptions &options, unsigned staticLevel,
                  HandleObject sourceObject, uint32_t bufStart, uint32_t bufEnd)
 {
     JS_ASSERT(bufStart <= bufEnd);
     RootedScript script(cx, js_NewGCScript(cx));
     if (!script)
         return nullptr;
     PodZero(script.get());
     new (&script->bindings) Bindings;
     script->enclosingScopeOrOriginalFunction_ = enclosingScope;
     script->savedCallerFun_ = savedCallerFun;
     script->initCompartment(cx);
     script->compileAndGo_ = options.compileAndGo;
     script->selfHosted_ = options.selfHostingMode;
     script->noScriptRval_ = options.noScriptRval;
     script->version = options.version;
     JS_ASSERT(script->getVersion() == options.version);     // assert that no overflow occurred
     // This is an unsigned-to-uint16_t conversion, test for too-high values.
     // In practice, recursion in Parser and/or BytecodeEmitter will blow the
     // stack if we nest functions more than a few hundred deep, so this will
     // never trigger.  Oh well.
     if (staticLevel > UINT16_MAX) {
         if (cx->isJSContext()) {
             JS_ReportErrorNumber(cx->asJSContext(),
                                  js_GetErrorMessage, nullptr, JSMSG_TOO_DEEP, js_function_str);
         }
         return nullptr;
     }
     script->staticLevel_ = uint16_t(staticLevel);
     script->setSourceObject(sourceObject);
     script->sourceStart_ = bufStart;
     script->sourceEnd_ = bufEnd;
     return script;
 }
 static inline uint8_t *
 AllocScriptData(ExclusiveContext *cx, size_t size)
 {
     uint8_t *data = static_cast<uint8_t *>(cx->calloc_(JS_ROUNDUP(size, sizeof(Value))));
     if (!data)
         return nullptr;
     // All script data is optional, so size might be 0. In that case, we don't care about alignment.
     JS_ASSERT(size == 0 || size_t(data) % sizeof(Value) == 0);
     return data;
 }
 /* static */ bool
 JSScript::partiallyInit(ExclusiveContext *cx, HandleScript script, uint32_t nconsts,
                         uint32_t nobjects, uint32_t nregexps, uint32_t ntrynotes,
                         uint32_t nblockscopes, uint32_t nTypeSets)
 {
     size_t size = ScriptDataSize(script->bindings.count(), nconsts, nobjects, nregexps, ntrynotes,
                                  nblockscopes);
     if (size > 0) {
         script->data = AllocScriptData(cx, size);
         if (!script->data)
             return false;
     } else {
         script->data = nullptr;
     }
     script->dataSize_ = size;
     JS_ASSERT(nTypeSets <= UINT16_MAX);
     script->nTypeSets_ = uint16_t(nTypeSets);
     uint8_t *cursor = script->data;
     if (nconsts != 0) {
         script->setHasArray(CONSTS);
         cursor += sizeof(ConstArray);
     }
     if (nobjects != 0) {
         script->setHasArray(OBJECTS);
         cursor += sizeof(ObjectArray);
     }
     if (nregexps != 0) {
         script->setHasArray(REGEXPS);
         cursor += sizeof(ObjectArray);
     }
     if (ntrynotes != 0) {
         script->setHasArray(TRYNOTES);
         cursor += sizeof(TryNoteArray);
     }
     if (nblockscopes != 0) {
         script->setHasArray(BLOCK_SCOPES);
         cursor += sizeof(BlockScopeArray);
     }
     if (nconsts != 0) {
         JS_ASSERT(reinterpret_cast<uintptr_t>(cursor) % sizeof(jsval) == 0);
         script->consts()->length = nconsts;
         script->consts()->vector = (HeapValue *)cursor;
         cursor += nconsts * sizeof(script->consts()->vector[0]);
     }
     if (nobjects != 0) {
         script->objects()->length = nobjects;
         script->objects()->vector = (HeapPtr<JSObject> *)cursor;
         cursor += nobjects * sizeof(script->objects()->vector[0]);
     }
     if (nregexps != 0) {
         script->regexps()->length = nregexps;
         script->regexps()->vector = (HeapPtr<JSObject> *)cursor;
         cursor += nregexps * sizeof(script->regexps()->vector[0]);
     }
     if (ntrynotes != 0) {
         script->trynotes()->length = ntrynotes;
         script->trynotes()->vector = reinterpret_cast<JSTryNote *>(cursor);
         size_t vectorSize = ntrynotes * sizeof(script->trynotes()->vector[0]);
 #ifdef DEBUG
         memset(cursor, 0, vectorSize);
 #endif
         cursor += vectorSize;
     }
     if (nblockscopes != 0) {
         script->blockScopes()->length = nblockscopes;
         script->blockScopes()->vector = reinterpret_cast<BlockScopeNote *>(cursor);
         size_t vectorSize = nblockscopes * sizeof(script->blockScopes()->vector[0]);
 #ifdef DEBUG
         memset(cursor, 0, vectorSize);
 #endif
         cursor += vectorSize;
     }
     if (script->bindings.count() != 0) {
 	// Make sure bindings are sufficiently aligned.
 	cursor = reinterpret_cast<uint8_t*>
 	    (JS_ROUNDUP(reinterpret_cast<uintptr_t>(cursor), JS_ALIGNMENT_OF(Binding)));
     }
     cursor = script->bindings.switchToScriptStorage(reinterpret_cast<Binding *>(cursor));
     JS_ASSERT(cursor == script->data + size);
     return true;
 }
 /* static */ bool
 JSScript::fullyInitTrivial(ExclusiveContext *cx, Handle<JSScript*> script)
 {
     if (!partiallyInit(cx, script, 0, 0, 0, 0, 0, 0))
         return false;
     SharedScriptData *ssd = SharedScriptData::new_(cx, 1, 1, 0);
     if (!ssd)
         return false;
     ssd->data[0] = JSOP_RETRVAL;
     ssd->data[1] = SRC_NULL;
     script->setLength(1);
     return SaveSharedScriptData(cx, script, ssd, 1);
 }
 /* static */ bool
 JSScript::fullyInitFromEmitter(ExclusiveContext *cx, HandleScript script, BytecodeEmitter *bce)
 {
     /* The counts of indexed things must be checked during code generation. */
     JS_ASSERT(bce->atomIndices->count() <= INDEX_LIMIT);
     JS_ASSERT(bce->objectList.length <= INDEX_LIMIT);
     JS_ASSERT(bce->regexpList.length <= INDEX_LIMIT);
     uint32_t mainLength = bce->offset();
     uint32_t prologLength = bce->prologOffset();
     uint32_t nsrcnotes;
     if (!FinishTakingSrcNotes(cx, bce, &nsrcnotes))
         return false;
     uint32_t natoms = bce->atomIndices->count();
     if (!partiallyInit(cx, script,
                        bce->constList.length(), bce->objectList.length, bce->regexpList.length,
                        bce->tryNoteList.length(), bce->blockScopeList.length(), bce->typesetCount))
     {
         return false;
     }
     JS_ASSERT(script->mainOffset() == 0);
     script->mainOffset_ = prologLength;
     script->lineno_ = bce->firstLine;
     script->setLength(prologLength + mainLength);
     script->natoms_ = natoms;
     SharedScriptData *ssd = SharedScriptData::new_(cx, script->length(), nsrcnotes, natoms);
     if (!ssd)
         return false;
     jsbytecode *code = ssd->data;
     PodCopy<jsbytecode>(code, bce->prolog.code.begin(), prologLength);
     PodCopy<jsbytecode>(code + prologLength, bce->code().begin(), mainLength);
     CopySrcNotes(bce, (jssrcnote *)(code + script->length()), nsrcnotes);
     InitAtomMap(bce->atomIndices.getMap(), ssd->atoms());
     if (!SaveSharedScriptData(cx, script, ssd, nsrcnotes))
         return false;
     FunctionBox *funbox = bce->sc->isFunctionBox() ? bce->sc->asFunctionBox() : nullptr;
     if (bce->constList.length() != 0)
         bce->constList.finish(script->consts());
     if (bce->objectList.length != 0)
         bce->objectList.finish(script->objects());
     if (bce->regexpList.length != 0)
         bce->regexpList.finish(script->regexps());
     if (bce->tryNoteList.length() != 0)
         bce->tryNoteList.finish(script->trynotes());
     if (bce->blockScopeList.length() != 0)
         bce->blockScopeList.finish(script->blockScopes());
     script->strict_ = bce->sc->strict;
     script->explicitUseStrict_ = bce->sc->hasExplicitUseStrict();
     script->bindingsAccessedDynamically_ = bce->sc->bindingsAccessedDynamically();
     script->funHasExtensibleScope_ = funbox ? funbox->hasExtensibleScope() : false;
     script->funNeedsDeclEnvObject_ = funbox ? funbox->needsDeclEnvObject() : false;
     script->hasSingletons_ = bce->hasSingletons;
     if (funbox) {
         if (funbox->argumentsHasLocalBinding()) {
             // This must precede the script->bindings.transfer() call below
             script->setArgumentsHasVarBinding();
             if (funbox->definitelyNeedsArgsObj())
                 script->setNeedsArgsObj(true);
         } else {
             JS_ASSERT(!funbox->definitelyNeedsArgsObj());
         }
         script->funLength_ = funbox->length;
     }
     RootedFunction fun(cx, nullptr);
     if (funbox) {
         JS_ASSERT(!bce->script->noScriptRval());
         script->isGeneratorExp_ = funbox->inGenexpLambda;
         script->setGeneratorKind(funbox->generatorKind());
         script->setFunction(funbox->function());
     }
     // The call to nfixed() depends on the above setFunction() call.
     if (UINT32_MAX - script->nfixed() < bce->maxStackDepth) {
         bce->reportError(nullptr, JSMSG_NEED_DIET, "script");
         return false;
     }
     script->nslots_ = script->nfixed() + bce->maxStackDepth;
     for (unsigned i = 0, n = script->bindings.numArgs(); i < n; ++i) {
         if (script->formalIsAliased(i)) {
             script->funHasAnyAliasedFormal_ = true;
             break;
         }
     }
     return true;
 }
 size_t
 JSScript::computedSizeOfData() const
 {
     return dataSize();
 }
 size_t
 JSScript::sizeOfData(mozilla::MallocSizeOf mallocSizeOf) const
 {
     return mallocSizeOf(data);
 }
 size_t
 JSScript::sizeOfTypeScript(mozilla::MallocSizeOf mallocSizeOf) const
 {
     return types->sizeOfIncludingThis(mallocSizeOf);
 }
 /*
  * Nb: srcnotes are variable-length.  This function computes the number of
  * srcnote *slots*, which may be greater than the number of srcnotes.
  */
 uint32_t
 JSScript::numNotes()
 {
     jssrcnote *sn;
     jssrcnote *notes_ = notes();
     for (sn = notes_; !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn))
         continue;
     return sn - notes_ + 1;    /* +1 for the terminator */
 }
 js::GlobalObject&
 JSScript::uninlinedGlobal() const
 {
     return global();
 }
 void
 js::CallNewScriptHook(JSContext *cx, HandleScript script, HandleFunction fun)
 {
     if (script->selfHosted())
         return;
     JS_ASSERT(!script->isActiveEval());
     if (JSNewScriptHook hook = cx->runtime()->debugHooks.newScriptHook) {
         AutoKeepAtoms keepAtoms(cx->perThreadData);
         hook(cx, script->filename(), script->lineno(), script, fun,
              cx->runtime()->debugHooks.newScriptHookData);
     }
 }
 void
 js::CallDestroyScriptHook(FreeOp *fop, JSScript *script)
 {
     if (script->selfHosted())
         return;
     // The hook will only call into JS if a GC is not running.
     if (JSDestroyScriptHook hook = fop->runtime()->debugHooks.destroyScriptHook)
         hook(fop, script, fop->runtime()->debugHooks.destroyScriptHookData);
     script->clearTraps(fop);
 }
 void
 JSScript::finalize(FreeOp *fop)
 {
     // NOTE: this JSScript may be partially initialized at this point.  E.g. we
     // may have created it and partially initialized it with
     // JSScript::Create(), but not yet finished initializing it with
     // fullyInitFromEmitter() or fullyInitTrivial().
     CallDestroyScriptHook(fop, this);
     fop->runtime()->spsProfiler.onScriptFinalized(this);
     if (types)
         types->destroy();
 #ifdef JS_ION
     jit::DestroyIonScripts(fop, this);
 #endif
     destroyScriptCounts(fop);
     destroyDebugScript(fop);
     if (data) {
         JS_POISON(data, 0xdb, computedSizeOfData());
         fop->free_(data);
     }
     fop->runtime()->lazyScriptCache.remove(this);
 }
 static const uint32_t GSN_CACHE_THRESHOLD = 100;
 void
 GSNCache::purge()
 {
     code = nullptr;
     if (map.initialized())
         map.finish();
 }
 jssrcnote *
 js::GetSrcNote(GSNCache &cache, JSScript *script, jsbytecode *pc)
 {
     size_t target = pc - script->code();
     if (target >= script->length())
         return nullptr;
     if (cache.code == script->code()) {
         JS_ASSERT(cache.map.initialized());
         GSNCache::Map::Ptr p = cache.map.lookup(pc);
         return p ? p->value() : nullptr;
     }
     size_t offset = 0;
     jssrcnote *result;
     for (jssrcnote *sn = script->notes(); ; sn = SN_NEXT(sn)) {
         if (SN_IS_TERMINATOR(sn)) {
             result = nullptr;
             break;
         }
         offset += SN_DELTA(sn);
         if (offset == target && SN_IS_GETTABLE(sn)) {
             result = sn;
             break;
         }
     }
     if (cache.code != script->code() && script->length() >= GSN_CACHE_THRESHOLD) {
         unsigned nsrcnotes = 0;
         for (jssrcnote *sn = script->notes(); !SN_IS_TERMINATOR(sn);
              sn = SN_NEXT(sn)) {
             if (SN_IS_GETTABLE(sn))
                 ++nsrcnotes;
         }
         if (cache.code) {
             JS_ASSERT(cache.map.initialized());
             cache.map.finish();
             cache.code = nullptr;
         }
         if (cache.map.init(nsrcnotes)) {
             pc = script->code();
             for (jssrcnote *sn = script->notes(); !SN_IS_TERMINATOR(sn);
                  sn = SN_NEXT(sn)) {
                 pc += SN_DELTA(sn);
                 if (SN_IS_GETTABLE(sn))
                     JS_ALWAYS_TRUE(cache.map.put(pc, sn));
             }
             cache.code = script->code();
         }
     }
     return result;
 }
 jssrcnote *
 js_GetSrcNote(JSContext *cx, JSScript *script, jsbytecode *pc)
 {
     return GetSrcNote(cx->runtime()->gsnCache, script, pc);
 }
 unsigned
 js::PCToLineNumber(unsigned startLine, jssrcnote *notes, jsbytecode *code, jsbytecode *pc,
                    unsigned *columnp)
 {
     unsigned lineno = startLine;
     unsigned column = 0;
     /*
      * Walk through source notes accumulating their deltas, keeping track of
      * line-number notes, until we pass the note for pc's offset within
      * script->code.
      */
     ptrdiff_t offset = 0;
     ptrdiff_t target = pc - code;
     for (jssrcnote *sn = notes; !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
         offset += SN_DELTA(sn);
         SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
         if (type == SRC_SETLINE) {
             if (offset <= target)
                 lineno = (unsigned) js_GetSrcNoteOffset(sn, 0);
             column = 0;
         } else if (type == SRC_NEWLINE) {
             if (offset <= target)
                 lineno++;
             column = 0;
         }
         if (offset > target)
             break;
         if (type == SRC_COLSPAN) {
             ptrdiff_t colspan = js_GetSrcNoteOffset(sn, 0);
             if (colspan >= SN_COLSPAN_DOMAIN / 2)
                 colspan -= SN_COLSPAN_DOMAIN;
             JS_ASSERT(ptrdiff_t(column) + colspan >= 0);
             column += colspan;
         }
     }
     if (columnp)
         *columnp = column;
     return lineno;
 }
 unsigned
 js::PCToLineNumber(JSScript *script, jsbytecode *pc, unsigned *columnp)
 {
     /* Cope with InterpreterFrame.pc value prior to entering Interpret. */
     if (!pc)
         return 0;
     return PCToLineNumber(script->lineno(), script->notes(), script->code(), pc, columnp);
 }
 jsbytecode *
 js_LineNumberToPC(JSScript *script, unsigned target)
 {
     ptrdiff_t offset = 0;
     ptrdiff_t best = -1;
     unsigned lineno = script->lineno();
     unsigned bestdiff = SN_MAX_OFFSET;
     for (jssrcnote *sn = script->notes(); !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
         /*
          * Exact-match only if offset is not in the prolog; otherwise use
          * nearest greater-or-equal line number match.
          */
         if (lineno == target && offset >= ptrdiff_t(script->mainOffset()))
             goto out;
         if (lineno >= target) {
             unsigned diff = lineno - target;
             if (diff < bestdiff) {
                 bestdiff = diff;
                 best = offset;
             }
         }
         offset += SN_DELTA(sn);
         SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
         if (type == SRC_SETLINE) {
             lineno = (unsigned) js_GetSrcNoteOffset(sn, 0);
         } else if (type == SRC_NEWLINE) {
             lineno++;
         }
     }
     if (best >= 0)
         offset = best;
 out:
     return script->offsetToPC(offset);
 }
 JS_FRIEND_API(unsigned)
 js_GetScriptLineExtent(JSScript *script)
 {
     unsigned lineno = script->lineno();
     unsigned maxLineNo = lineno;
     for (jssrcnote *sn = script->notes(); !SN_IS_TERMINATOR(sn); sn = SN_NEXT(sn)) {
         SrcNoteType type = (SrcNoteType) SN_TYPE(sn);
         if (type == SRC_SETLINE)
             lineno = (unsigned) js_GetSrcNoteOffset(sn, 0);
         else if (type == SRC_NEWLINE)
             lineno++;
         if (maxLineNo < lineno)
             maxLineNo = lineno;
     }
     return 1 + maxLineNo - script->lineno();
 }
 void
 js::DescribeScriptedCallerForCompilation(JSContext *cx, MutableHandleScript maybeScript,
                                          const char **file, unsigned *linenop,
                                          uint32_t *pcOffset, JSPrincipals **origin,
                                          LineOption opt)
 {
     if (opt == CALLED_FROM_JSOP_EVAL) {
         jsbytecode *pc = nullptr;
         maybeScript.set(cx->currentScript(&pc));
         JS_ASSERT(JSOp(*pc) == JSOP_EVAL || JSOp(*pc) == JSOP_SPREADEVAL);
         JS_ASSERT(*(pc + (JSOp(*pc) == JSOP_EVAL ? JSOP_EVAL_LENGTH
                                                  : JSOP_SPREADEVAL_LENGTH)) == JSOP_LINENO);
         *file = maybeScript->filename();
         *linenop = GET_UINT16(pc + (JSOp(*pc) == JSOP_EVAL ? JSOP_EVAL_LENGTH
                                                            : JSOP_SPREADEVAL_LENGTH));
         *pcOffset = pc - maybeScript->code();
         *origin = maybeScript->originPrincipals();
         return;
     }
     NonBuiltinFrameIter iter(cx);
     if (iter.done()) {
         maybeScript.set(nullptr);
         *file = nullptr;
         *linenop = 0;
         *pcOffset = 0;
         *origin = cx->compartment()->principals;
         return;
     }
     *file = iter.scriptFilename();
     *linenop = iter.computeLine();
     *origin = iter.originPrincipals();
     // These values are only used for introducer fields which are debugging
     // information and can be safely left null for asm.js frames.
     if (iter.hasScript()) {
         maybeScript.set(iter.script());
         *pcOffset = iter.pc() - maybeScript->code();
     } else {
         maybeScript.set(nullptr);
         *pcOffset = 0;
     }
 }
 template <class T>
 static inline T *
 Rebase(JSScript *dst, JSScript *src, T *srcp)
 {
     size_t off = reinterpret_cast<uint8_t *>(srcp) - src->data;
     return reinterpret_cast<T *>(dst->data + off);
 }
 JSScript *
 js::CloneScript(JSContext *cx, HandleObject enclosingScope, HandleFunction fun, HandleScript src,
                 NewObjectKind newKind /* = GenericObject */)
 {
     /* NB: Keep this in sync with XDRScript. */
     /* Some embeddings are not careful to use ExposeObjectToActiveJS as needed. */
     JS_ASSERT(!src->sourceObject()->isMarked(gc::GRAY));
     uint32_t nconsts   = src->hasConsts()   ? src->consts()->length   : 0;
     uint32_t nobjects  = src->hasObjects()  ? src->objects()->length  : 0;
     uint32_t nregexps  = src->hasRegexps()  ? src->regexps()->length  : 0;
     uint32_t ntrynotes = src->hasTrynotes() ? src->trynotes()->length : 0;
     uint32_t nblockscopes = src->hasBlockScopes() ? src->blockScopes()->length : 0;
     /* Script data */
     size_t size = src->dataSize();
     uint8_t *data = AllocScriptData(cx, size);
     if (!data)
         return nullptr;
     /* Bindings */
     Rooted<Bindings> bindings(cx);
     InternalHandle<Bindings*> bindingsHandle =
         InternalHandle<Bindings*>::fromMarkedLocation(bindings.address());
     if (!Bindings::clone(cx, bindingsHandle, data, src))
         return nullptr;
     /* Objects */
     AutoObjectVector objects(cx);
     if (nobjects != 0) {
         HeapPtrObject *vector = src->objects()->vector;
         for (unsigned i = 0; i < nobjects; i++) {
             RootedObject obj(cx, vector[i]);
             RootedObject clone(cx);
             if (obj->is<NestedScopeObject>()) {
                 Rooted<NestedScopeObject*> innerBlock(cx, &obj->as<NestedScopeObject>());
                 RootedObject enclosingScope(cx);
                 if (NestedScopeObject *enclosingBlock = innerBlock->enclosingNestedScope())
                     enclosingScope = objects[FindScopeObjectIndex(src, *enclosingBlock)];
                 else
                     enclosingScope = fun;
                 clone = CloneNestedScopeObject(cx, enclosingScope, innerBlock);
             } else if (obj->is<JSFunction>()) {
                 RootedFunction innerFun(cx, &obj->as<JSFunction>());
                 if (innerFun->isNative()) {
                     assertSameCompartment(cx, innerFun);
                     clone = innerFun;
                 } else {
                     if (innerFun->isInterpretedLazy()) {
                         AutoCompartment ac(cx, innerFun);
                         if (!innerFun->getOrCreateScript(cx))
                             return nullptr;
                     }
                     RootedObject staticScope(cx, innerFun->nonLazyScript()->enclosingStaticScope());
                     StaticScopeIter<CanGC> ssi(cx, staticScope);
                     RootedObject enclosingScope(cx);
                     if (ssi.done() || ssi.type() == StaticScopeIter<CanGC>::FUNCTION)
                         enclosingScope = fun;
                     else if (ssi.type() == StaticScopeIter<CanGC>::BLOCK)
                         enclosingScope = objects[FindScopeObjectIndex(src, ssi.block())];
                     else
                         enclosingScope = objects[FindScopeObjectIndex(src, ssi.staticWith())];
                     clone = CloneFunctionAndScript(cx, enclosingScope, innerFun);
                 }
             } else {
                 /*
                  * Clone object literals emitted for the JSOP_NEWOBJECT opcode. We only emit that
                  * instead of the less-optimized JSOP_NEWINIT for self-hosted code or code compiled
                  * with JSOPTION_COMPILE_N_GO set. As we don't clone the latter type of code, this
                  * case should only ever be hit when cloning objects from self-hosted code.
                  */
                 clone = CloneObjectLiteral(cx, cx->global(), obj);
             }
             if (!clone || !objects.append(clone))
                 return nullptr;
         }
     }
     /* RegExps */
     AutoObjectVector regexps(cx);
     for (unsigned i = 0; i < nregexps; i++) {
         HeapPtrObject *vector = src->regexps()->vector;
         for (unsigned i = 0; i < nregexps; i++) {
             JSObject *clone = CloneScriptRegExpObject(cx, vector[i]->as<RegExpObject>());
             if (!clone || !regexps.append(clone))
                 return nullptr;
         }
     }
     /*
      * Wrap the script source object as needed. Self-hosted scripts may be
      * in another runtime, so lazily create a new script source object to
      * use for them.
      */
     RootedObject sourceObject(cx);
     if (cx->runtime()->isSelfHostingCompartment(src->compartment())) {
         if (!cx->compartment()->selfHostingScriptSource) {
             CompileOptions options(cx);
             FillSelfHostingCompileOptions(options);
             ScriptSourceObject *obj = frontend::CreateScriptSourceObject(cx, options);
             if (!obj)
                 return nullptr;
             cx->compartment()->selfHostingScriptSource = obj;
         }
         sourceObject = cx->compartment()->selfHostingScriptSource;
     } else {
         sourceObject = src->sourceObject();
         if (!cx->compartment()->wrap(cx, &sourceObject))
             return nullptr;
     }
     /* Now that all fallible allocation is complete, create the GC thing. */
     CompileOptions options(cx);
     options.setOriginPrincipals(src->originPrincipals())
            .setCompileAndGo(src->compileAndGo())
            .setSelfHostingMode(src->selfHosted())
            .setNoScriptRval(src->noScriptRval())
            .setVersion(src->getVersion());
     RootedScript dst(cx, JSScript::Create(cx, enclosingScope, src->savedCallerFun(),
                                           options, src->staticLevel(),
                                           sourceObject, src->sourceStart(), src->sourceEnd()));
     if (!dst) {
         js_free(data);
         return nullptr;
     }
     dst->bindings = bindings;
     /* This assignment must occur before all the Rebase calls. */
     dst->data = data;
     dst->dataSize_ = size;
     memcpy(data, src->data, size);
     /* Script filenames, bytecodes and atoms are runtime-wide. */
     dst->setCode(src->code());
     dst->atoms = src->atoms;
     dst->setLength(src->length());
     dst->lineno_ = src->lineno();
     dst->mainOffset_ = src->mainOffset();
     dst->natoms_ = src->natoms();
     dst->funLength_ = src->funLength();
     dst->nTypeSets_ = src->nTypeSets();
     dst->nslots_ = src->nslots();
     if (src->argumentsHasVarBinding()) {
         dst->setArgumentsHasVarBinding();
         if (src->analyzedArgsUsage())
             dst->setNeedsArgsObj(src->needsArgsObj());
     }
     dst->cloneHasArray(src);
     dst->strict_ = src->strict();
     dst->explicitUseStrict_ = src->explicitUseStrict();
     dst->bindingsAccessedDynamically_ = src->bindingsAccessedDynamically();
     dst->funHasExtensibleScope_ = src->funHasExtensibleScope();
     dst->funNeedsDeclEnvObject_ = src->funNeedsDeclEnvObject();
     dst->funHasAnyAliasedFormal_ = src->funHasAnyAliasedFormal();
     dst->hasSingletons_ = src->hasSingletons();
     dst->treatAsRunOnce_ = src->treatAsRunOnce();
     dst->isGeneratorExp_ = src->isGeneratorExp();
     dst->setGeneratorKind(src->generatorKind());
     /* Copy over hints. */
     dst->shouldInline_ = src->shouldInline();
     dst->shouldCloneAtCallsite_ = src->shouldCloneAtCallsite();
     dst->isCallsiteClone_ = src->isCallsiteClone();
     if (nconsts != 0) {
         HeapValue *vector = Rebase<HeapValue>(dst, src, src->consts()->vector);
         dst->consts()->vector = vector;
         for (unsigned i = 0; i < nconsts; ++i)
             JS_ASSERT_IF(vector[i].isMarkable(), vector[i].toString()->isAtom());
     }
     if (nobjects != 0) {
         HeapPtrObject *vector = Rebase<HeapPtr<JSObject> >(dst, src, src->objects()->vector);
         dst->objects()->vector = vector;
         for (unsigned i = 0; i < nobjects; ++i)
             vector[i].init(objects[i]);
     }
     if (nregexps != 0) {
         HeapPtrObject *vector = Rebase<HeapPtr<JSObject> >(dst, src, src->regexps()->vector);
         dst->regexps()->vector = vector;
         for (unsigned i = 0; i < nregexps; ++i)
             vector[i].init(regexps[i]);
     }
     if (ntrynotes != 0)
         dst->trynotes()->vector = Rebase<JSTryNote>(dst, src, src->trynotes()->vector);
     if (nblockscopes != 0)
         dst->blockScopes()->vector = Rebase<BlockScopeNote>(dst, src, src->blockScopes()->vector);
     return dst;
 }
 bool
 js::CloneFunctionScript(JSContext *cx, HandleFunction original, HandleFunction clone,
                         NewObjectKind newKind /* = GenericObject */)
 {
     JS_ASSERT(clone->isInterpreted());
     RootedScript script(cx, clone->nonLazyScript());
     JS_ASSERT(script);
     JS_ASSERT(script->compartment() == original->compartment());
     JS_ASSERT_IF(script->compartment() != cx->compartment(),
                  !script->enclosingStaticScope());
     RootedObject scope(cx, script->enclosingStaticScope());
     clone->mutableScript().init(nullptr);
     JSScript *cscript = CloneScript(cx, scope, clone, script, newKind);
     if (!cscript)
         return false;
     clone->setScript(cscript);
     cscript->setFunction(clone);
     script = clone->nonLazyScript();
     CallNewScriptHook(cx, script, clone);
     RootedGlobalObject global(cx, script->compileAndGo() ? &script->global() : nullptr);
     Debugger::onNewScript(cx, script, global);
     return true;
 }
 DebugScript *
 JSScript::debugScript()
 {
     JS_ASSERT(hasDebugScript_);
     DebugScriptMap *map = compartment()->debugScriptMap;
     JS_ASSERT(map);
     DebugScriptMap::Ptr p = map->lookup(this);
     JS_ASSERT(p);
     return p->value();
 }
 DebugScript *
 JSScript::releaseDebugScript()
 {
     JS_ASSERT(hasDebugScript_);
     DebugScriptMap *map = compartment()->debugScriptMap;
     JS_ASSERT(map);
     DebugScriptMap::Ptr p = map->lookup(this);
     JS_ASSERT(p);
     DebugScript *debug = p->value();
     map->remove(p);
     hasDebugScript_ = false;
     return debug;
 }
 void
 JSScript::destroyDebugScript(FreeOp *fop)
 {
     if (hasDebugScript_) {
         for (jsbytecode *pc = code(); pc < codeEnd(); pc++) {
             if (BreakpointSite *site = getBreakpointSite(pc)) {
                 /* Breakpoints are swept before finalization. */
                 JS_ASSERT(site->firstBreakpoint() == nullptr);
                 site->clearTrap(fop, nullptr, nullptr);
                 JS_ASSERT(getBreakpointSite(pc) == nullptr);
             }
         }
         fop->free_(releaseDebugScript());
     }
 }
 bool
 JSScript::ensureHasDebugScript(JSContext *cx)
 {
     if (hasDebugScript_)
         return true;
     size_t nbytes = offsetof(DebugScript, breakpoints) + length() * sizeof(BreakpointSite*);
     DebugScript *debug = (DebugScript *) cx->calloc_(nbytes);
     if (!debug)
         return false;
     /* Create compartment's debugScriptMap if necessary. */
     DebugScriptMap *map = compartment()->debugScriptMap;
     if (!map) {
         map = cx->new_<DebugScriptMap>();
         if (!map || !map->init()) {
             js_free(debug);
             js_delete(map);
             return false;
         }
         compartment()->debugScriptMap = map;
     }
     if (!map->putNew(this, debug)) {
         js_free(debug);
         return false;
     }
     hasDebugScript_ = true; // safe to set this;  we can't fail after this point
     /*
      * Ensure that any Interpret() instances running on this script have
      * interrupts enabled. The interrupts must stay enabled until the
      * debug state is destroyed.
      */
     for (ActivationIterator iter(cx->runtime()); !iter.done(); ++iter) {
         if (iter->isInterpreter())
             iter->asInterpreter()->enableInterruptsIfRunning(this);
     }
     return true;
 }
 void
 JSScript::setNewStepMode(FreeOp *fop, uint32_t newValue)
 {
     DebugScript *debug = debugScript();
     uint32_t prior = debug->stepMode;
     debug->stepMode = newValue;
     if (!prior != !newValue) {
 #ifdef JS_ION
         if (hasBaselineScript())
             baseline->toggleDebugTraps(this, nullptr);
 #endif
         if (!stepModeEnabled() && !debug->numSites)
             fop->free_(releaseDebugScript());
     }
 }
 bool
 JSScript::setStepModeFlag(JSContext *cx, bool step)
 {
     if (!ensureHasDebugScript(cx))
         return false;
     setNewStepMode(cx->runtime()->defaultFreeOp(),
                    (debugScript()->stepMode & stepCountMask) |
                    (step ? stepFlagMask : 0));
     return true;
 }
 bool
 JSScript::incrementStepModeCount(JSContext *cx)
 {
     assertSameCompartment(cx, this);
     MOZ_ASSERT(cx->compartment()->debugMode());
     if (!ensureHasDebugScript(cx))
         return false;
     DebugScript *debug = debugScript();
     uint32_t count = debug->stepMode & stepCountMask;
     MOZ_ASSERT(((count + 1) & stepCountMask) == count + 1);
     setNewStepMode(cx->runtime()->defaultFreeOp(),
                    (debug->stepMode & stepFlagMask) |
                    ((count + 1) & stepCountMask));
     return true;
 }
 void
 JSScript::decrementStepModeCount(FreeOp *fop)
 {
     DebugScript *debug = debugScript();
     uint32_t count = debug->stepMode & stepCountMask;
     setNewStepMode(fop,
                    (debug->stepMode & stepFlagMask) |
                    ((count - 1) & stepCountMask));
 }
 BreakpointSite *
 JSScript::getOrCreateBreakpointSite(JSContext *cx, jsbytecode *pc)
 {
     if (!ensureHasDebugScript(cx))
         return nullptr;
     DebugScript *debug = debugScript();
     BreakpointSite *&site = debug->breakpoints[pcToOffset(pc)];
     if (!site) {
         site = cx->runtime()->new_<BreakpointSite>(this, pc);
         if (!site) {
             js_ReportOutOfMemory(cx);
             return nullptr;
         }
         debug->numSites++;
     }
     return site;
 }
 void
 JSScript::destroyBreakpointSite(FreeOp *fop, jsbytecode *pc)
 {
     DebugScript *debug = debugScript();
     BreakpointSite *&site = debug->breakpoints[pcToOffset(pc)];
     JS_ASSERT(site);
     fop->delete_(site);
     site = nullptr;
     if (--debug->numSites == 0 && !stepModeEnabled())
         fop->free_(releaseDebugScript());
 }
 void
 JSScript::clearBreakpointsIn(FreeOp *fop, js::Debugger *dbg, JSObject *handler)
 {
     if (!hasAnyBreakpointsOrStepMode())
         return;
     for (jsbytecode *pc = code(); pc < codeEnd(); pc++) {
         BreakpointSite *site = getBreakpointSite(pc);
         if (site) {
             Breakpoint *nextbp;
             for (Breakpoint *bp = site->firstBreakpoint(); bp; bp = nextbp) {
                 nextbp = bp->nextInSite();
                 if ((!dbg || bp->debugger == dbg) && (!handler || bp->getHandler() == handler))
                     bp->destroy(fop);
             }
         }
     }
 }
 bool
 JSScript::hasBreakpointsAt(jsbytecode *pc)
 {
     BreakpointSite *site = getBreakpointSite(pc);
     if (!site)
         return false;
     return site->enabledCount > 0 || site->trapHandler;
 }
 void
 JSScript::clearTraps(FreeOp *fop)
 {
     if (!hasAnyBreakpointsOrStepMode())
         return;
     for (jsbytecode *pc = code(); pc < codeEnd(); pc++) {
         BreakpointSite *site = getBreakpointSite(pc);
         if (site)
             site->clearTrap(fop);
     }
 }
 void
 JSScript::markChildren(JSTracer *trc)
 {
     // NOTE: this JSScript may be partially initialized at this point.  E.g. we
     // may have created it and partially initialized it with
     // JSScript::Create(), but not yet finished initializing it with
     // fullyInitFromEmitter() or fullyInitTrivial().
     JS_ASSERT_IF(trc->runtime()->gcStrictCompartmentChecking, zone()->isCollecting());
     for (uint32_t i = 0; i < natoms(); ++i) {
         if (atoms[i])
             MarkString(trc, &atoms[i], "atom");
     }
     if (hasObjects()) {
         ObjectArray *objarray = objects();
         MarkObjectRange(trc, objarray->length, objarray->vector, "objects");
     }
     if (hasRegexps()) {
         ObjectArray *objarray = regexps();
         MarkObjectRange(trc, objarray->length, objarray->vector, "objects");
     }
     if (hasConsts()) {
         ConstArray *constarray = consts();
         MarkValueRange(trc, constarray->length, constarray->vector, "consts");
     }
     if (sourceObject()) {
         JS_ASSERT(sourceObject()->compartment() == compartment());
         MarkObject(trc, &sourceObject_, "sourceObject");
     }
     if (functionNonDelazifying())
         MarkObject(trc, &function_, "function");
     if (enclosingScopeOrOriginalFunction_)
         MarkObject(trc, &enclosingScopeOrOriginalFunction_, "enclosing");
     if (maybeLazyScript())
         MarkLazyScriptUnbarriered(trc, &lazyScript, "lazyScript");
     if (IS_GC_MARKING_TRACER(trc)) {
         compartment()->mark();
         if (code())
             MarkScriptData(trc->runtime(), code());
     }
     bindings.trace(trc);
     if (hasAnyBreakpointsOrStepMode()) {
         for (unsigned i = 0; i < length(); i++) {
             BreakpointSite *site = debugScript()->breakpoints[i];
             if (site && site->trapHandler)
                 MarkValue(trc, &site->trapClosure, "trap closure");
         }
     }
 #ifdef JS_ION
     jit::TraceIonScripts(trc, this);
 #endif
 }
 void
 LazyScript::markChildren(JSTracer *trc)
 {
     if (function_)
         MarkObject(trc, &function_, "function");
     if (sourceObject_)
         MarkObject(trc, &sourceObject_, "sourceObject");
     if (enclosingScope_)
         MarkObject(trc, &enclosingScope_, "enclosingScope");
     if (script_)
         MarkScript(trc, &script_, "realScript");
     HeapPtrAtom *freeVariables = this->freeVariables();
     for (size_t i = 0; i < numFreeVariables(); i++)
         MarkString(trc, &freeVariables[i], "lazyScriptFreeVariable");
     HeapPtrFunction *innerFunctions = this->innerFunctions();
     for (size_t i = 0; i < numInnerFunctions(); i++)
         MarkObject(trc, &innerFunctions[i], "lazyScriptInnerFunction");
 }
 void
 LazyScript::finalize(FreeOp *fop)
 {
     if (table_)
         fop->free_(table_);
 }
 NestedScopeObject *
 JSScript::getStaticScope(jsbytecode *pc)
 {
     JS_ASSERT(containsPC(pc));
     if (!hasBlockScopes())
         return nullptr;
     ptrdiff_t offset = pc - main();
     if (offset < 0)
         return nullptr;
     BlockScopeArray *scopes = blockScopes();
     NestedScopeObject *blockChain = nullptr;
     // Find the innermost block chain using a binary search.
     size_t bottom = 0;
     size_t top = scopes->length;
     while (bottom < top) {
         size_t mid = bottom + (top - bottom) / 2;
         const BlockScopeNote *note = &scopes->vector[mid];
         if (note->start <= offset) {
             // Block scopes are ordered in the list by their starting offset, and since
             // blocks form a tree ones earlier in the list may cover the pc even if
             // later blocks end before the pc. This only happens when the earlier block
             // is a parent of the later block, so we need to check parents of |mid| in
             // the searched range for coverage.
             size_t check = mid;
             while (check >= bottom) {
                 const BlockScopeNote *checkNote = &scopes->vector[check];
                 JS_ASSERT(checkNote->start <= offset);
                 if (offset < checkNote->start + checkNote->length) {
                     // We found a matching block chain but there may be inner ones
                     // at a higher block chain index than mid. Continue the binary search.
                     if (checkNote->index == BlockScopeNote::NoBlockScopeIndex)
                         blockChain = nullptr;
                     else
                         blockChain = &getObject(checkNote->index)->as<NestedScopeObject>();
                     break;
                 }
                 if (checkNote->parent == UINT32_MAX)
                     break;
                 check = checkNote->parent;
             }
             bottom = mid + 1;
         } else {
             top = mid;
         }
     }
     return blockChain;
 }
 void
 JSScript::setArgumentsHasVarBinding()
 {
     argsHasVarBinding_ = true;
 #ifdef JS_ION
     needsArgsAnalysis_ = true;
 #else
     // The arguments analysis is performed by IonBuilder.
     needsArgsObj_ = true;
 #endif
 }
 void
 JSScript::setNeedsArgsObj(bool needsArgsObj)
 {
     JS_ASSERT_IF(needsArgsObj, argumentsHasVarBinding());
     needsArgsAnalysis_ = false;
     needsArgsObj_ = needsArgsObj;
 }
 void
 js::SetFrameArgumentsObject(JSContext *cx, AbstractFramePtr frame,
                             HandleScript script, JSObject *argsobj)
 {
     /*
      * Replace any optimized arguments in the frame with an explicit arguments
      * object. Note that 'arguments' may have already been overwritten.
      */
     InternalBindingsHandle bindings(script, &script->bindings);
     const uint32_t var = Bindings::argumentsVarIndex(cx, bindings);
     if (script->varIsAliased(var)) {
         /*
          * Scan the script to find the slot in the call object that 'arguments'
          * is assigned to.
          */
         jsbytecode *pc = script->code();
         while (*pc != JSOP_ARGUMENTS)
             pc += GetBytecodeLength(pc);
         pc += JSOP_ARGUMENTS_LENGTH;
         JS_ASSERT(*pc == JSOP_SETALIASEDVAR);
         // Note that here and below, it is insufficient to only check for
         // JS_OPTIMIZED_ARGUMENTS, as Ion could have optimized out the
         // arguments slot.
         if (IsOptimizedPlaceholderMagicValue(frame.callObj().as<ScopeObject>().aliasedVar(pc)))
             frame.callObj().as<ScopeObject>().setAliasedVar(cx, pc, cx->names().arguments, ObjectValue(*argsobj));
     } else {
         if (IsOptimizedPlaceholderMagicValue(frame.unaliasedLocal(var)))
             frame.unaliasedLocal(var) = ObjectValue(*argsobj);
     }
 }
 /* static */ bool
 JSScript::argumentsOptimizationFailed(JSContext *cx, HandleScript script)
 {
     JS_ASSERT(script->functionNonDelazifying());
     JS_ASSERT(script->analyzedArgsUsage());
     JS_ASSERT(script->argumentsHasVarBinding());
     /*
      * It is possible that the arguments optimization has already failed,
      * everything has been fixed up, but there was an outstanding magic value
      * on the stack that has just now flowed into an apply. In this case, there
      * is nothing to do; GuardFunApplySpeculation will patch in the real
      * argsobj.
      */
     if (script->needsArgsObj())
         return true;
     JS_ASSERT(!script->isGenerator());
     script->needsArgsObj_ = true;
 #ifdef JS_ION
     /*
      * Since we can't invalidate baseline scripts, set a flag that's checked from
      * JIT code to indicate the arguments optimization failed and JSOP_ARGUMENTS
      * should create an arguments object next time.
      */
     if (script->hasBaselineScript())
         script->baselineScript()->setNeedsArgsObj();
 #endif
     /*
      * By design, the arguments optimization is only made when there are no
      * outstanding cases of MagicValue(JS_OPTIMIZED_ARGUMENTS) at any points
      * where the optimization could fail, other than an active invocation of
      * 'f.apply(x, arguments)'. Thus, there are no outstanding values of
      * MagicValue(JS_OPTIMIZED_ARGUMENTS) on the stack. However, there are
      * three things that need fixup:
      *  - there may be any number of activations of this script that don't have
      *    an argsObj that now need one.
      *  - jit code compiled (and possible active on the stack) with the static
      *    assumption of !script->needsArgsObj();
      *  - type inference data for the script assuming script->needsArgsObj
      */
     for (AllFramesIter i(cx); !i.done(); ++i) {
         /*
          * We cannot reliably create an arguments object for Ion activations of
          * this script.  To maintain the invariant that "script->needsArgsObj
          * implies fp->hasArgsObj", the Ion bail mechanism will create an
          * arguments object right after restoring the BaselineFrame and before
          * entering Baseline code (in jit::FinishBailoutToBaseline).
          */
         if (i.isIon())
             continue;
         AbstractFramePtr frame = i.abstractFramePtr();
         if (frame.isFunctionFrame() && frame.script() == script) {
             ArgumentsObject *argsobj = ArgumentsObject::createExpected(cx, frame);
             if (!argsobj) {
                 /*
                  * We can't leave stack frames with script->needsArgsObj but no
                  * arguments object. It is, however, safe to leave frames with
                  * an arguments object but !script->needsArgsObj.
                  */
                 script->needsArgsObj_ = false;
                 return false;
             }
             SetFrameArgumentsObject(cx, frame, script, argsobj);
         }
     }
     return true;
 }
 bool
 JSScript::varIsAliased(uint32_t varSlot)
 {
     return bindings.bindingIsAliased(bindings.numArgs() + varSlot);
 }
 bool
 JSScript::formalIsAliased(unsigned argSlot)
 {
     return bindings.bindingIsAliased(argSlot);
 }
 bool
 JSScript::formalLivesInArgumentsObject(unsigned argSlot)
 {
     return argsObjAliasesFormals() && !formalIsAliased(argSlot);
 }
 LazyScript::LazyScript(JSFunction *fun, void *table, uint64_t packedFields, uint32_t begin, uint32_t end, uint32_t lineno, uint32_t column)
   : script_(nullptr),
     function_(fun),
     enclosingScope_(nullptr),
     sourceObject_(nullptr),
     table_(table),
     packedFields_(packedFields),
     begin_(begin),
     end_(end),
     lineno_(lineno),
     column_(column)
 {
     JS_ASSERT(begin <= end);
 }
 void
 LazyScript::initScript(JSScript *script)
 {
     JS_ASSERT(script && !script_);
     script_ = script;
 }
 void
 LazyScript::resetScript()
 {
     JS_ASSERT(script_);
     script_ = nullptr;
 }
 void
 LazyScript::setParent(JSObject *enclosingScope, ScriptSourceObject *sourceObject)
 {
     JS_ASSERT(!sourceObject_ && !enclosingScope_);
     JS_ASSERT_IF(enclosingScope, function_->compartment() == enclosingScope->compartment());
     JS_ASSERT(function_->compartment() == sourceObject->compartment());
     enclosingScope_ = enclosingScope;
     sourceObject_ = sourceObject;
 }
 ScriptSourceObject *
 LazyScript::sourceObject() const
 {
     return sourceObject_ ? &sourceObject_->as<ScriptSourceObject>() : nullptr;
 }
 /* static */ LazyScript *
 LazyScript::CreateRaw(ExclusiveContext *cx, HandleFunction fun,
                       uint64_t packedFields, uint32_t begin, uint32_t end,
                       uint32_t lineno, uint32_t column)
 {
     union {
         PackedView p;
         uint64_t packed;
     };
     packed = packedFields;
     // Reset runtime flags to obtain a fresh LazyScript.
     p.hasBeenCloned = false;
     p.treatAsRunOnce = false;
     size_t bytes = (p.numFreeVariables * sizeof(HeapPtrAtom))
                  + (p.numInnerFunctions * sizeof(HeapPtrFunction));
     ScopedJSFreePtr<void> table(bytes ? cx->malloc_(bytes) : nullptr);
     if (bytes && !table)
         return nullptr;
     LazyScript *res = js_NewGCLazyScript(cx);
     if (!res)
         return nullptr;
     cx->compartment()->scheduleDelazificationForDebugMode();
     return new (res) LazyScript(fun, table.forget(), packed, begin, end, lineno, column);
 }
 /* static */ LazyScript *
 LazyScript::CreateRaw(ExclusiveContext *cx, HandleFunction fun,
                       uint32_t numFreeVariables, uint32_t numInnerFunctions, JSVersion version,
                       uint32_t begin, uint32_t end, uint32_t lineno, uint32_t column)
 {
     union {
         PackedView p;
         uint64_t packedFields;
     };
     p.version = version;
     p.numFreeVariables = numFreeVariables;
     p.numInnerFunctions = numInnerFunctions;
     p.generatorKindBits = GeneratorKindAsBits(NotGenerator);
     p.strict = false;
     p.bindingsAccessedDynamically = false;
     p.hasDebuggerStatement = false;
     p.directlyInsideEval = false;
     p.usesArgumentsAndApply = false;
     LazyScript *res = LazyScript::CreateRaw(cx, fun, packedFields, begin, end, lineno, column);
     JS_ASSERT_IF(res, res->version() == version);
     return res;
 }
 /* static */ LazyScript *
 LazyScript::Create(ExclusiveContext *cx, HandleFunction fun,
                    uint64_t packedFields, uint32_t begin, uint32_t end,
                    uint32_t lineno, uint32_t column)
 {
     // Dummy atom which is not a valid property name.
     RootedAtom dummyAtom(cx, cx->names().comma);
     // Dummy function which is not a valid function as this is the one which is
     // holding this lazy script.
     HandleFunction dummyFun = fun;
     LazyScript *res = LazyScript::CreateRaw(cx, fun, packedFields, begin, end, lineno, column);
     if (!res)
         return nullptr;
     // Fill with dummies, to be GC-safe after the initialization of the free
     // variables and inner functions.
     size_t i, num;
     HeapPtrAtom *variables = res->freeVariables();
     for (i = 0, num = res->numFreeVariables(); i < num; i++)
         variables[i].init(dummyAtom);
     HeapPtrFunction *functions = res->innerFunctions();
     for (i = 0, num = res->numInnerFunctions(); i < num; i++)
         functions[i].init(dummyFun);
     return res;
 }
 void
 LazyScript::initRuntimeFields(uint64_t packedFields)
 {
     union {
         PackedView p;
         uint64_t packed;
     };
     packed = packedFields;
     p_.hasBeenCloned = p.hasBeenCloned;
     p_.treatAsRunOnce = p.treatAsRunOnce;
 }
 bool
 LazyScript::hasUncompiledEnclosingScript() const
 {
     // It can happen that we created lazy scripts while compiling an enclosing
     // script, but we errored out while compiling that script. When we iterate
     // over lazy script in a compartment, we might see lazy scripts that never
     // escaped to script and should be ignored.
     //
     // If the enclosing scope is a function with a null script or has a script
     // without code, it was not successfully compiled.
     if (!enclosingScope() || !enclosingScope()->is<JSFunction>())
         return false;
     JSFunction &fun = enclosingScope()->as<JSFunction>();
     return fun.isInterpreted() && (!fun.mutableScript() || !fun.nonLazyScript()->code());
 }
 uint32_t
 LazyScript::staticLevel(JSContext *cx) const
 {
     for (StaticScopeIter<NoGC> ssi(enclosingScope()); !ssi.done(); ssi++) {
         if (ssi.type() == StaticScopeIter<NoGC>::FUNCTION)
             return ssi.funScript()->staticLevel() + 1;
     }
     return 1;
 }
 void
 JSScript::updateBaselineOrIonRaw()
 {
 #ifdef JS_ION
     if (hasIonScript()) {
         baselineOrIonRaw = ion->method()->raw();
         baselineOrIonSkipArgCheck = ion->method()->raw() + ion->getSkipArgCheckEntryOffset();
     } else if (hasBaselineScript()) {
         baselineOrIonRaw = baseline->method()->raw();
         baselineOrIonSkipArgCheck = baseline->method()->raw();
     } else {
         baselineOrIonRaw = nullptr;
         baselineOrIonSkipArgCheck = nullptr;
     }
 #endif
 }
 bool
 JSScript::hasLoops()
 {
     if (!hasTrynotes())
         return false;
     JSTryNote *tn = trynotes()->vector;
     JSTryNote *tnlimit = tn + trynotes()->length;
     for (; tn < tnlimit; tn++) {
         if (tn->kind == JSTRY_ITER || tn->kind == JSTRY_LOOP)
             return true;
     }
     return false;
 }
 static inline void
 LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end,
                HashNumber hashes[3])
 {
     HashNumber hash = lineno;
     hash = RotateLeft(hash, 4) ^ column;
     hash = RotateLeft(hash, 4) ^ begin;
     hash = RotateLeft(hash, 4) ^ end;
     hashes[0] = hash;
     hashes[1] = RotateLeft(hashes[0], 4) ^ begin;
     hashes[2] = RotateLeft(hashes[1], 4) ^ end;
 }
 void
 LazyScriptHashPolicy::hash(const Lookup &lookup, HashNumber hashes[3])
 {
     LazyScript *lazy = lookup.lazy;
     LazyScriptHash(lazy->lineno(), lazy->column(), lazy->begin(), lazy->end(), hashes);
 }
 void
 LazyScriptHashPolicy::hash(JSScript *script, HashNumber hashes[3])
 {
     LazyScriptHash(script->lineno(), script->column(), script->sourceStart(), script->sourceEnd(), hashes);
 }
 bool
 LazyScriptHashPolicy::match(JSScript *script, const Lookup &lookup)
 {
     JSContext *cx = lookup.cx;
     LazyScript *lazy = lookup.lazy;
     // To be a match, the script and lazy script need to have the same line
     // and column and to be at the same position within their respective
     // source blobs, and to have the same source contents and version.
     //
     // While the surrounding code in the source may differ, this is
     // sufficient to ensure that compiling the lazy script will yield an
     // identical result to compiling the original script.
     //
     // Note that the filenames and origin principals of the lazy script and
     // original script can differ. If there is a match, these will be fixed
     // up in the resulting clone by the caller.
     if (script->lineno() != lazy->lineno() ||
         script->column() != lazy->column() ||
         script->getVersion() != lazy->version() ||
         script->sourceStart() != lazy->begin() ||
         script->sourceEnd() != lazy->end())
     {
         return false;
     }
     SourceDataCache::AutoHoldEntry holder;
     const jschar *scriptChars = script->scriptSource()->chars(cx, holder);
     if (!scriptChars)
         return false;
     const jschar *lazyChars = lazy->source()->chars(cx, holder);
     if (!lazyChars)
         return false;
     size_t begin = script->sourceStart();
     size_t length = script->sourceEnd() - begin;
     return !memcmp(scriptChars + begin, lazyChars + begin, length);
 }

The Tor Browser / annotate

js/src/jsscript.cpp@6474c204b198 (annotated)

js/src/jsscript.cpp