The Tor Browser: js/src/jsscript.h@b8a032363ba2 (annotated)

js/src/jsscript.h@b8a032363ba2 (annotated)

js/src/jsscript.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* JS script descriptor. */
 #ifndef jsscript_h
 #define jsscript_h
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/PodOperations.h"
 #include "jsatom.h"
 #ifdef JS_THREADSAFE
 #include "jslock.h"
 #endif
 #include "jsobj.h"
 #include "jsopcode.h"
 #include "jstypes.h"
 #include "gc/Barrier.h"
 #include "gc/Rooting.h"
 #include "jit/IonCode.h"
 #include "vm/Shape.h"
 namespace JS {
 struct ScriptSourceInfo;
 }
 namespace js {
 namespace jit {
     struct BaselineScript;
     struct IonScriptCounts;
 }
 # define ION_DISABLED_SCRIPT ((js::jit::IonScript *)0x1)
 # define ION_COMPILING_SCRIPT ((js::jit::IonScript *)0x2)
 # define BASELINE_DISABLED_SCRIPT ((js::jit::BaselineScript *)0x1)
 class BreakpointSite;
 class BindingIter;
 class LazyScript;
 class RegExpObject;
 struct SourceCompressionTask;
 class Shape;
 class WatchpointMap;
 class NestedScopeObject;
 namespace frontend {
     class BytecodeEmitter;
 }
 }
 /*
  * Type of try note associated with each catch or finally block, and also with
  * for-in and other kinds of loops. Non-for-in loops do not need these notes
  * for exception unwinding, but storing their boundaries here is helpful for
  * heuristics that need to know whether a given op is inside a loop.
  */
 typedef enum JSTryNoteKind {
     JSTRY_CATCH,
     JSTRY_FINALLY,
     JSTRY_ITER,
     JSTRY_LOOP
 } JSTryNoteKind;
 /*
  * Exception handling record.
  */
 struct JSTryNote {
     uint8_t         kind;       /* one of JSTryNoteKind */
     uint32_t        stackDepth; /* stack depth upon exception handler entry */
     uint32_t        start;      /* start of the try statement or loop
                                    relative to script->main */
     uint32_t        length;     /* length of the try statement or loop */
 };
 namespace js {
 // A block scope has a range in bytecode: it is entered at some offset, and left
 // at some later offset.  Scopes can be nested.  Given an offset, the
 // BlockScopeNote containing that offset whose with the highest start value
 // indicates the block scope.  The block scope list is sorted by increasing
 // start value.
 //
 // It is possible to leave a scope nonlocally, for example via a "break"
 // statement, so there may be short bytecode ranges in a block scope in which we
 // are popping the block chain in preparation for a goto.  These exits are also
 // nested with respect to outer scopes.  The scopes in these exits are indicated
 // by the "index" field, just like any other block.  If a nonlocal exit pops the
 // last block scope, the index will be NoBlockScopeIndex.
 //
 struct BlockScopeNote {
     static const uint32_t NoBlockScopeIndex = UINT32_MAX;
     uint32_t        index;      // Index of NestedScopeObject in the object
                                 // array, or NoBlockScopeIndex if there is no
                                 // block scope in this range.
     uint32_t        start;      // Bytecode offset at which this scope starts,
                                 // from script->main().
     uint32_t        length;     // Bytecode length of scope.
     uint32_t        parent;     // Index of parent block scope in notes, or UINT32_MAX.
 };
 struct ConstArray {
     js::HeapValue   *vector;    /* array of indexed constant values */
     uint32_t        length;
 };
 struct ObjectArray {
     js::HeapPtrObject *vector;  // Array of indexed objects.
     uint32_t        length;     // Count of indexed objects.
 };
 struct TryNoteArray {
     JSTryNote       *vector;    // Array of indexed try notes.
     uint32_t        length;     // Count of indexed try notes.
 };
 struct BlockScopeArray {
     BlockScopeNote *vector;     // Array of indexed BlockScopeNote records.
     uint32_t        length;     // Count of indexed try notes.
 };
 class Binding
 {
     // One JSScript stores one Binding per formal/variable so we use a
     // packed-word representation.
     uintptr_t bits_;
     static const uintptr_t KIND_MASK = 0x3;
     static const uintptr_t ALIASED_BIT = 0x4;
     static const uintptr_t NAME_MASK = ~(KIND_MASK | ALIASED_BIT);
   public:
     // A "binding" is a formal, 'var', or 'const' declaration. A function's
     // lexical scope is composed of these three kinds of bindings.
     enum Kind { ARGUMENT, VARIABLE, CONSTANT };
     explicit Binding() : bits_(0) {}
     Binding(PropertyName *name, Kind kind, bool aliased) {
         JS_STATIC_ASSERT(CONSTANT <= KIND_MASK);
         JS_ASSERT((uintptr_t(name) & ~NAME_MASK) == 0);
         JS_ASSERT((uintptr_t(kind) & ~KIND_MASK) == 0);
         bits_ = uintptr_t(name) | uintptr_t(kind) | (aliased ? ALIASED_BIT : 0);
     }
     PropertyName *name() const {
         return (PropertyName *)(bits_ & NAME_MASK);
     }
     Kind kind() const {
         return Kind(bits_ & KIND_MASK);
     }
     bool aliased() const {
         return bool(bits_ & ALIASED_BIT);
     }
 };
 JS_STATIC_ASSERT(sizeof(Binding) == sizeof(uintptr_t));
 class Bindings;
 typedef InternalHandle<Bindings *> InternalBindingsHandle;
 /*
  * Formal parameters and local variables are stored in a shape tree
  * path encapsulated within this class.  This class represents bindings for
  * both function and top-level scripts (the latter is needed to track names in
  * strict mode eval code, to give such code its own lexical environment).
  */
 class Bindings
 {
     friend class BindingIter;
     friend class AliasedFormalIter;
     HeapPtr<Shape> callObjShape_;
     uintptr_t bindingArrayAndFlag_;
     uint16_t numArgs_;
     uint16_t numBlockScoped_;
     uint32_t numVars_;
     /*
      * During parsing, bindings are allocated out of a temporary LifoAlloc.
      * After parsing, a JSScript object is created and the bindings are
      * permanently transferred to it. On error paths, the JSScript object may
      * end up with bindings that still point to the (new released) LifoAlloc
      * memory. To avoid tracing these bindings during GC, we keep track of
      * whether the bindings are temporary or permanent in the low bit of
      * bindingArrayAndFlag_.
      */
     static const uintptr_t TEMPORARY_STORAGE_BIT = 0x1;
     bool bindingArrayUsingTemporaryStorage() const {
         return bindingArrayAndFlag_ & TEMPORARY_STORAGE_BIT;
     }
   public:
     Binding *bindingArray() const {
         return reinterpret_cast<Binding *>(bindingArrayAndFlag_ & ~TEMPORARY_STORAGE_BIT);
     }
     inline Bindings();
     /*
      * Initialize a Bindings with a pointer into temporary storage.
      * bindingArray must have length numArgs+numVars. Before the temporary
      * storage is release, switchToScriptStorage must be called, providing a
      * pointer into the Binding array stored in script->data.
      */
     static bool initWithTemporaryStorage(ExclusiveContext *cx, InternalBindingsHandle self,
                                          unsigned numArgs, uint32_t numVars,
                                          Binding *bindingArray, unsigned numBlockScoped);
     // CompileScript parses and compiles one statement at a time, but the result
     // is one Script object.  There will be no vars or bindings, because those
     // go on the global, but there may be block-scoped locals, and the number of
     // block-scoped locals may increase as we parse more expressions.  This
     // helper updates the number of block scoped variables in a script as it is
     // being parsed.
     void updateNumBlockScoped(unsigned numBlockScoped) {
         JS_ASSERT(!callObjShape_);
         JS_ASSERT(numVars_ == 0);
         JS_ASSERT(numBlockScoped < LOCALNO_LIMIT);
         JS_ASSERT(numBlockScoped >= numBlockScoped_);
         numBlockScoped_ = numBlockScoped;
     }
     uint8_t *switchToScriptStorage(Binding *newStorage);
     /*
      * Clone srcScript's bindings (as part of js::CloneScript). dstScriptData
      * is the pointer to what will eventually be dstScript->data.
      */
     static bool clone(JSContext *cx, InternalBindingsHandle self, uint8_t *dstScriptData,
                       HandleScript srcScript);
     unsigned numArgs() const { return numArgs_; }
     uint32_t numVars() const { return numVars_; }
     unsigned numBlockScoped() const { return numBlockScoped_; }
     uint32_t numLocals() const { return numVars() + numBlockScoped(); }
     // Return the size of the bindingArray.
     uint32_t count() const { return numArgs() + numVars(); }
     /* Return the initial shape of call objects created for this scope. */
     Shape *callObjShape() const { return callObjShape_; }
     /* Convenience method to get the var index of 'arguments'. */
     static uint32_t argumentsVarIndex(ExclusiveContext *cx, InternalBindingsHandle);
     /* Return whether the binding at bindingIndex is aliased. */
     bool bindingIsAliased(uint32_t bindingIndex);
     /* Return whether this scope has any aliased bindings. */
     bool hasAnyAliasedBindings() const {
         if (!callObjShape_)
             return false;
         return !callObjShape_->isEmptyShape();
     }
     void trace(JSTracer *trc);
 };
 template <>
 struct GCMethods<Bindings> {
     static Bindings initial();
     static ThingRootKind kind() { return THING_ROOT_BINDINGS; }
     static bool poisoned(const Bindings &bindings) {
         return IsPoisonedPtr(static_cast<Shape *>(bindings.callObjShape()));
     }
 };
 class ScriptCounts
 {
     friend class ::JSScript;
     friend struct ScriptAndCounts;
     /*
      * This points to a single block that holds an array of PCCounts followed
      * by an array of doubles.  Each element in the PCCounts array has a
      * pointer into the array of doubles.
      */
     PCCounts *pcCountsVector;
     /* Information about any Ion compilations for the script. */
     jit::IonScriptCounts *ionCounts;
  public:
     ScriptCounts() : pcCountsVector(nullptr), ionCounts(nullptr) { }
     inline void destroy(FreeOp *fop);
     void set(js::ScriptCounts counts) {
         pcCountsVector = counts.pcCountsVector;
         ionCounts = counts.ionCounts;
     }
 };
 typedef HashMap<JSScript *,
                 ScriptCounts,
                 DefaultHasher<JSScript *>,
                 SystemAllocPolicy> ScriptCountsMap;
 class DebugScript
 {
     friend class ::JSScript;
     /*
      * When non-zero, compile script in single-step mode. The top bit is set and
      * cleared by setStepMode, as used by JSD. The lower bits are a count,
      * adjusted by changeStepModeCount, used by the Debugger object. Only
      * when the bit is clear and the count is zero may we compile the script
      * without single-step support.
      */
     uint32_t        stepMode;
     /* Number of breakpoint sites at opcodes in the script. */
     uint32_t        numSites;
     /*
      * Array with all breakpoints installed at opcodes in the script, indexed
      * by the offset of the opcode into the script.
      */
     BreakpointSite  *breakpoints[1];
 };
 typedef HashMap<JSScript *,
                 DebugScript *,
                 DefaultHasher<JSScript *>,
                 SystemAllocPolicy> DebugScriptMap;
 class ScriptSource;
 class SourceDataCache
 {
     typedef HashMap<ScriptSource *,
                     const jschar *,
                     DefaultHasher<ScriptSource *>,
                     SystemAllocPolicy> Map;
   public:
     // Hold an entry in the source data cache and prevent it from being purged on GC.
     class AutoHoldEntry
     {
         SourceDataCache *cache_;
         ScriptSource *source_;
         const jschar *charsToFree_;
       public:
         explicit AutoHoldEntry();
         ~AutoHoldEntry();
       private:
         void holdEntry(SourceDataCache *cache, ScriptSource *source);
         void deferDelete(const jschar *chars);
         ScriptSource *source() const { return source_; }
         friend class SourceDataCache;
     };
   private:
     Map *map_;
     AutoHoldEntry *holder_;
   public:
     SourceDataCache() : map_(nullptr), holder_(nullptr) {}
     const jschar *lookup(ScriptSource *ss, AutoHoldEntry &asp);
     bool put(ScriptSource *ss, const jschar *chars, AutoHoldEntry &asp);
     void purge();
     size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf);
   private:
     void holdEntry(AutoHoldEntry &holder, ScriptSource *ss);
     void releaseEntry(AutoHoldEntry &holder);
 };
 class ScriptSource
 {
     friend class SourceCompressionTask;
     // A note on concurrency:
     //
     // The source may be compressed by a worker thread during parsing. (See
     // SourceCompressionTask.) When compression is running in the background,
     // ready() returns false. The compression thread touches the |data| union
     // and |compressedLength_|. Therefore, it is not safe to read these members
     // unless ready() is true. With that said, users of the public ScriptSource
     // API should be fine.
     union {
         // Before setSourceCopy or setSource are successfully called, this union
         // has a nullptr pointer. When the script source is ready,
         // compressedLength_ != 0 implies compressed holds the compressed data;
         // otherwise, source holds the uncompressed source. There is a special
         // pointer |emptySource| for source code for length 0.
         //
         // The only function allowed to malloc, realloc, or free the pointers in
         // this union is adjustDataSize(). Don't do it elsewhere.
         jschar *source;
         unsigned char *compressed;
     } data;
     uint32_t refs;
     uint32_t length_;
     uint32_t compressedLength_;
     char *filename_;
     jschar *displayURL_;
     jschar *sourceMapURL_;
     JSPrincipals *originPrincipals_;
     // bytecode offset in caller script that generated this code.
     // This is present for eval-ed code, as well as "new Function(...)"-introduced
     // scripts.
     uint32_t introductionOffset_;
     // If this ScriptSource was generated by a code-introduction mechanism such as |eval|
     // or |new Function|, the debugger needs access to the "raw" filename of the top-level
     // script that contains the eval-ing code.  To keep track of this, we must preserve
     // the original outermost filename (of the original introducer script), so that instead
     // of a filename of "foo.js line 30 > eval line 10 > Function", we can obtain the
     // original raw filename of "foo.js".
     char *introducerFilename_;
     // A string indicating how this source code was introduced into the system.
     // This accessor returns one of the following values:
     //      "eval" for code passed to |eval|.
     //      "Function" for code passed to the |Function| constructor.
     //      "Worker" for code loaded by calling the Web worker constructor&mdash;the worker's main script.
     //      "importScripts" for code by calling |importScripts| in a web worker.
     //      "handler" for code assigned to DOM elements' event handler IDL attributes.
     //      "scriptElement" for code belonging to <script> elements.
     //      undefined if the implementation doesn't know how the code was introduced.
     // This is a constant, statically allocated C string, so does not need
     // memory management.
     const char *introductionType_;
     // True if we can call JSRuntime::sourceHook to load the source on
     // demand. If sourceRetrievable_ and hasSourceData() are false, it is not
     // possible to get source at all.
     bool sourceRetrievable_:1;
     bool argumentsNotIncluded_:1;
     bool ready_:1;
     bool hasIntroductionOffset_:1;
   public:
     explicit ScriptSource()
       : refs(0),
         length_(0),
         compressedLength_(0),
         filename_(nullptr),
         displayURL_(nullptr),
         sourceMapURL_(nullptr),
         originPrincipals_(nullptr),
         introductionOffset_(0),
         introducerFilename_(nullptr),
         introductionType_(nullptr),
         sourceRetrievable_(false),
         argumentsNotIncluded_(false),
         ready_(true),
         hasIntroductionOffset_(false)
     {
         data.source = nullptr;
     }
     void incref() { refs++; }
     void decref() {
         JS_ASSERT(refs != 0);
         if (--refs == 0)
             destroy();
     }
     bool initFromOptions(ExclusiveContext *cx, const ReadOnlyCompileOptions &options);
     bool setSourceCopy(ExclusiveContext *cx,
                        JS::SourceBufferHolder &srcBuf,
                        bool argumentsNotIncluded,
                        SourceCompressionTask *tok);
     void setSource(const jschar *src, size_t length);
     bool ready() const { return ready_; }
     void setSourceRetrievable() { sourceRetrievable_ = true; }
     bool sourceRetrievable() const { return sourceRetrievable_; }
     bool hasSourceData() const { return !ready() || !!data.source; }
     uint32_t length() const {
         JS_ASSERT(hasSourceData());
         return length_;
     }
     bool argumentsNotIncluded() const {
         JS_ASSERT(hasSourceData());
         return argumentsNotIncluded_;
     }
     const jschar *chars(JSContext *cx, SourceDataCache::AutoHoldEntry &asp);
     JSFlatString *substring(JSContext *cx, uint32_t start, uint32_t stop);
     void addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf,
                                 JS::ScriptSourceInfo *info) const;
     // XDR handling
     template <XDRMode mode>
     bool performXDR(XDRState<mode> *xdr);
     bool setFilename(ExclusiveContext *cx, const char *filename);
     const char *introducerFilename() const {
         return introducerFilename_;
     }
     bool hasIntroductionType() const {
         return introductionType_;
     }
     const char *introductionType() const {
         JS_ASSERT(hasIntroductionType());
         return introductionType_;
     }
     const char *filename() const {
         return filename_;
     }
     // Display URLs
     bool setDisplayURL(ExclusiveContext *cx, const jschar *displayURL);
     const jschar *displayURL();
     bool hasDisplayURL() const { return displayURL_ != nullptr; }
     // Source maps
     bool setSourceMapURL(ExclusiveContext *cx, const jschar *sourceMapURL);
     const jschar *sourceMapURL();
     bool hasSourceMapURL() const { return sourceMapURL_ != nullptr; }
     JSPrincipals *originPrincipals() const { return originPrincipals_; }
     bool hasIntroductionOffset() const { return hasIntroductionOffset_; }
     uint32_t introductionOffset() const {
         JS_ASSERT(hasIntroductionOffset());
         return introductionOffset_;
     }
     void setIntroductionOffset(uint32_t offset) {
         JS_ASSERT(!hasIntroductionOffset());
         JS_ASSERT(offset <= (uint32_t)INT32_MAX);
         introductionOffset_ = offset;
         hasIntroductionOffset_ = true;
     }
   private:
     void destroy();
     bool compressed() const { return compressedLength_ != 0; }
     size_t computedSizeOfData() const {
         return compressed() ? compressedLength_ : sizeof(jschar) * length_;
     }
     bool adjustDataSize(size_t nbytes);
     const jschar *getOffThreadCompressionChars(ExclusiveContext *cx);
 };
 class ScriptSourceHolder
 {
     ScriptSource *ss;
   public:
     explicit ScriptSourceHolder(ScriptSource *ss)
       : ss(ss)
     {
         ss->incref();
     }
     ~ScriptSourceHolder()
     {
         ss->decref();
     }
 };
 class ScriptSourceObject : public JSObject
 {
   public:
     static const Class class_;
     static void trace(JSTracer *trc, JSObject *obj);
     static void finalize(FreeOp *fop, JSObject *obj);
     static ScriptSourceObject *create(ExclusiveContext *cx, ScriptSource *source,
                                       const ReadOnlyCompileOptions &options);
     ScriptSource *source() {
         return static_cast<ScriptSource *>(getReservedSlot(SOURCE_SLOT).toPrivate());
     }
     void setSource(ScriptSource *source);
     JSObject *element() const;
     void initElement(HandleObject element);
     const Value &elementAttributeName() const;
     JSScript *introductionScript() const {
         void *untyped = getReservedSlot(INTRODUCTION_SCRIPT_SLOT).toPrivate();
         return static_cast<JSScript *>(untyped);
     }
     void initIntroductionScript(JSScript *script);
   private:
     static const uint32_t SOURCE_SLOT = 0;
     static const uint32_t ELEMENT_SLOT = 1;
     static const uint32_t ELEMENT_PROPERTY_SLOT = 2;
     static const uint32_t INTRODUCTION_SCRIPT_SLOT = 3;
     static const uint32_t RESERVED_SLOTS = 4;
 };
 enum GeneratorKind { NotGenerator, LegacyGenerator, StarGenerator };
 static inline unsigned
 GeneratorKindAsBits(GeneratorKind generatorKind) {
     return static_cast<unsigned>(generatorKind);
 }
 static inline GeneratorKind
 GeneratorKindFromBits(unsigned val) {
     JS_ASSERT(val <= StarGenerator);
     return static_cast<GeneratorKind>(val);
 }
 /*
  * NB: after a successful XDR_DECODE, XDRScript callers must do any required
  * subsequent set-up of owning function or script object and then call
  * js_CallNewScriptHook.
  */
 template<XDRMode mode>
 bool
 XDRScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enclosingScript,
           HandleFunction fun, MutableHandleScript scriptp);
 JSScript *
 CloneScript(JSContext *cx, HandleObject enclosingScope, HandleFunction fun, HandleScript script,
             NewObjectKind newKind = GenericObject);
 template<XDRMode mode>
 bool
 XDRLazyScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enclosingScript,
               HandleFunction fun, MutableHandle<LazyScript *> lazy);
 /*
  * Code any constant value.
  */
 template<XDRMode mode>
 bool
 XDRScriptConst(XDRState<mode> *xdr, MutableHandleValue vp);
 } /* namespace js */
 class JSScript : public js::gc::BarrieredCell<JSScript>
 {
     static const uint32_t stepFlagMask = 0x80000000U;
     static const uint32_t stepCountMask = 0x7fffffffU;
     template <js::XDRMode mode>
     friend
     bool
     js::XDRScript(js::XDRState<mode> *xdr, js::HandleObject enclosingScope, js::HandleScript enclosingScript,
                   js::HandleFunction fun, js::MutableHandleScript scriptp);
     friend JSScript *
     js::CloneScript(JSContext *cx, js::HandleObject enclosingScope, js::HandleFunction fun, js::HandleScript src,
                     js::NewObjectKind newKind);
   public:
     //
     // We order fields according to their size in order to avoid wasting space
     // for alignment.
     //
     // Larger-than-word-sized fields.
   public:
     js::Bindings    bindings;   /* names of top-level variables in this script
                                    (and arguments if this is a function script) */
     bool hasAnyAliasedBindings() const {
         return bindings.hasAnyAliasedBindings();
     }
     js::Binding *bindingArray() const {
         return bindings.bindingArray();
     }
     unsigned numArgs() const {
         return bindings.numArgs();
     }
     js::Shape *callObjShape() const {
         return bindings.callObjShape();
     }
     // Word-sized fields.
   private:
     jsbytecode      *code_;     /* bytecodes and their immediate operands */
   public:
     uint8_t         *data;      /* pointer to variable-length data array (see
                                    comment above Create() for details) */
     js::HeapPtrAtom *atoms;     /* maps immediate index to literal struct */
     JSCompartment   *compartment_;
     /* Persistent type information retained across GCs. */
     js::types::TypeScript *types;
   private:
     // This script's ScriptSourceObject, or a CCW thereof.
     //
     // (When we clone a JSScript into a new compartment, we don't clone its
     // source object. Instead, the clone refers to a wrapper.)
     js::HeapPtrObject sourceObject_;
     js::HeapPtrFunction function_;
     // For callsite clones, which cannot have enclosing scopes, the original
     // function; otherwise the enclosing scope
     js::HeapPtrObject   enclosingScopeOrOriginalFunction_;
     /* Information attached by Baseline/Ion for sequential mode execution. */
     js::jit::IonScript *ion;
     js::jit::BaselineScript *baseline;
     /* Information attached by Ion for parallel mode execution */
     js::jit::IonScript *parallelIon;
     /* Information used to re-lazify a lazily-parsed interpreted function. */
     js::LazyScript *lazyScript;
     /*
      * Pointer to either baseline->method()->raw() or ion->method()->raw(), or
      * nullptr if there's no Baseline or Ion script.
      */
     uint8_t *baselineOrIonRaw;
     uint8_t *baselineOrIonSkipArgCheck;
     // 32-bit fields.
     uint32_t        length_;    /* length of code vector */
     uint32_t        dataSize_;  /* size of the used part of the data array */
     uint32_t        lineno_;    /* base line number of script */
     uint32_t        column_;    /* base column of script, optionally set */
     uint32_t        mainOffset_;/* offset of main entry point from code, after
                                    predef'ing prolog */
     uint32_t        natoms_;    /* length of atoms array */
     uint32_t        nslots_;    /* vars plus maximum stack depth */
     /* Range of characters in scriptSource which contains this script's source. */
     uint32_t        sourceStart_;
     uint32_t        sourceEnd_;
     uint32_t        useCount;   /* Number of times the script has been called
                                  * or has had backedges taken. When running in
                                  * ion, also increased for any inlined scripts.
                                  * Reset if the script's JIT code is forcibly
                                  * discarded. */
 #ifdef DEBUG
     // Unique identifier within the compartment for this script, used for
     // printing analysis information.
     uint32_t        id_;
     uint32_t        idpad;
 #endif
     // 16-bit fields.
     uint16_t        version;    /* JS version under which script was compiled */
     uint16_t        funLength_; /* ES6 function length */
     uint16_t        nTypeSets_; /* number of type sets used in this script for
                                    dynamic type monitoring */
     uint16_t        staticLevel_;/* static level for display maintenance */
     // Bit fields.
   public:
     // The kinds of the optional arrays.
     enum ArrayKind {
         CONSTS,
         OBJECTS,
         REGEXPS,
         TRYNOTES,
         BLOCK_SCOPES,
         ARRAY_KIND_BITS
     };
   private:
     // The bits in this field indicate the presence/non-presence of several
     // optional arrays in |data|.  See the comments above Create() for details.
     uint8_t         hasArrayBits:ARRAY_KIND_BITS;
     // The GeneratorKind of the script.
     uint8_t         generatorKindBits_:2;
     // 1-bit fields.
     // No need for result value of last expression statement.
     bool noScriptRval_:1;
     // Can call getCallerFunction().
     bool savedCallerFun_:1;
     // Code is in strict mode.
     bool strict_:1;
     // Code has "use strict"; explicitly.
     bool explicitUseStrict_:1;
     // See Parser::compileAndGo.
     bool compileAndGo_:1;
     // see Parser::selfHostingMode.
     bool selfHosted_:1;
     // See FunctionContextFlags.
     bool bindingsAccessedDynamically_:1;
     bool funHasExtensibleScope_:1;
     bool funNeedsDeclEnvObject_:1;
     // True if any formalIsAliased(i).
     bool funHasAnyAliasedFormal_:1;
     // Have warned about uses of undefined properties in this script.
     bool warnedAboutUndefinedProp_:1;
     // Script has singleton objects.
     bool hasSingletons_:1;
     // Script is a lambda to treat as running once.
     bool treatAsRunOnce_:1;
     // If treatAsRunOnce, whether script has executed.
     bool hasRunOnce_:1;
     // Script has been reused for a clone.
     bool hasBeenCloned_:1;
     // Script has been inlined at least once, and can't be relazified.
     bool hasBeenInlined_:1;
     // Script came from eval(), and is still active.
     bool isActiveEval_:1;
     // Script came from eval(), and is in eval cache.
     bool isCachedEval_:1;
     // Set for functions defined at the top level within an 'eval' script.
     bool directlyInsideEval_:1;
     // Both 'arguments' and f.apply() are used. This is likely to be a wrapper.
     bool usesArgumentsAndApply_:1;
     /* script is attempted to be cloned anew at each callsite. This is
        temporarily needed for ParallelArray selfhosted code until type
        information can be made context sensitive. See discussion in
        bug 826148. */
     bool shouldCloneAtCallsite_:1;
     bool isCallsiteClone_:1; /* is a callsite clone; has a link to the original function */
     bool shouldInline_:1;    /* hint to inline when possible */
     // IonMonkey compilation hints.
     bool failedBoundsCheck_:1; /* script has had hoisted bounds checks fail */
     bool failedShapeGuard_:1; /* script has had hoisted shape guard fail */
     bool hadFrequentBailouts_:1;
     bool uninlineable_:1;    /* explicitly marked as uninlineable */
     // Idempotent cache has triggered invalidation.
     bool invalidatedIdempotentCache_:1;
     // If the generator was created implicitly via a generator expression,
     // isGeneratorExp will be true.
     bool isGeneratorExp_:1;
     // Script has an entry in JSCompartment::scriptCountsMap.
     bool hasScriptCounts_:1;
     // Script has an entry in JSCompartment::debugScriptMap.
     bool hasDebugScript_:1;
     // Freeze constraints for stack type sets have been generated.
     bool hasFreezeConstraints_:1;
     /* See comments below. */
     bool argsHasVarBinding_:1;
     bool needsArgsAnalysis_:1;
     bool needsArgsObj_:1;
     //
     // End of fields.  Start methods.
     //
   public:
     static JSScript *Create(js::ExclusiveContext *cx,
                             js::HandleObject enclosingScope, bool savedCallerFun,
                             const JS::ReadOnlyCompileOptions &options, unsigned staticLevel,
                             js::HandleObject sourceObject, uint32_t sourceStart,
                             uint32_t sourceEnd);
     void initCompartment(js::ExclusiveContext *cx);
     // Three ways ways to initialize a JSScript. Callers of partiallyInit()
     // and fullyInitTrivial() are responsible for notifying the debugger after
     // successfully creating any kind (function or other) of new JSScript.
     // However, callers of fullyInitFromEmitter() do not need to do this.
     static bool partiallyInit(js::ExclusiveContext *cx, JS::Handle<JSScript*> script,
                               uint32_t nconsts, uint32_t nobjects, uint32_t nregexps,
                               uint32_t ntrynotes, uint32_t nblockscopes,
                               uint32_t nTypeSets);
     static bool fullyInitFromEmitter(js::ExclusiveContext *cx, JS::Handle<JSScript*> script,
                                      js::frontend::BytecodeEmitter *bce);
     // Initialize a no-op script.
     static bool fullyInitTrivial(js::ExclusiveContext *cx, JS::Handle<JSScript*> script);
     inline JSPrincipals *principals();
     JSCompartment *compartment() const { return compartment_; }
     void setVersion(JSVersion v) { version = v; }
     // Script bytecode is immutable after creation.
     jsbytecode *code() const {
         return code_;
     }
     size_t length() const {
         return length_;
     }
     void setCode(jsbytecode *code) { code_ = code; }
     void setLength(size_t length) { length_ = length; }
     jsbytecode *codeEnd() const { return code() + length(); }
     bool containsPC(const jsbytecode *pc) const {
         return pc >= code() && pc < codeEnd();
     }
     size_t pcToOffset(const jsbytecode *pc) const {
         JS_ASSERT(containsPC(pc));
         return size_t(pc - code());
     }
     jsbytecode *offsetToPC(size_t offset) const {
         JS_ASSERT(offset < length());
         return code() + offset;
     }
     size_t mainOffset() const {
         return mainOffset_;
     }
     size_t lineno() const {
         return lineno_;
     }
     size_t column() const {
         return column_;
     }
     void setColumn(size_t column) { column_ = column; }
     // The fixed part of a stack frame is comprised of vars (in function code)
     // and block-scoped locals (in all kinds of code).
     size_t nfixed() const {
         return function_ ? bindings.numLocals() : bindings.numBlockScoped();
     }
     // Number of fixed slots reserved for vars.  Only nonzero for function code.
     size_t nfixedvars() const {
         return function_ ? bindings.numVars() : 0;
     }
     size_t nslots() const {
         return nslots_;
     }
     size_t staticLevel() const {
         return staticLevel_;
     }
     size_t nTypeSets() const {
         return nTypeSets_;
     }
     size_t funLength() const {
         return funLength_;
     }
     size_t sourceStart() const {
         return sourceStart_;
     }
     size_t sourceEnd() const {
         return sourceEnd_;
     }
     bool noScriptRval() const {
         return noScriptRval_;
     }
     bool savedCallerFun() const { return savedCallerFun_; }
     bool strict() const {
         return strict_;
     }
     bool explicitUseStrict() const { return explicitUseStrict_; }
     bool compileAndGo() const {
         return compileAndGo_;
     }
     bool selfHosted() const { return selfHosted_; }
     bool bindingsAccessedDynamically() const { return bindingsAccessedDynamically_; }
     bool funHasExtensibleScope() const {
         return funHasExtensibleScope_;
     }
     bool funNeedsDeclEnvObject() const {
         return funNeedsDeclEnvObject_;
     }
     bool funHasAnyAliasedFormal() const {
         return funHasAnyAliasedFormal_;
     }
     bool hasSingletons() const { return hasSingletons_; }
     bool treatAsRunOnce() const {
         return treatAsRunOnce_;
     }
     bool hasRunOnce() const { return hasRunOnce_; }
     bool hasBeenCloned() const { return hasBeenCloned_; }
     bool hasBeenInlined() const { return hasBeenInlined_; }
     void setTreatAsRunOnce() { treatAsRunOnce_ = true; }
     void setHasRunOnce() { hasRunOnce_ = true; }
     void setHasBeenCloned() { hasBeenCloned_ = true; }
     void setHasBeenInlined() { hasBeenInlined_ = true; }
     bool isActiveEval() const { return isActiveEval_; }
     bool isCachedEval() const { return isCachedEval_; }
     bool directlyInsideEval() const { return directlyInsideEval_; }
     void cacheForEval() {
         JS_ASSERT(isActiveEval() && !isCachedEval());
         isActiveEval_ = false;
         isCachedEval_ = true;
     }
     void uncacheForEval() {
         JS_ASSERT(isCachedEval() && !isActiveEval());
         isCachedEval_ = false;
         isActiveEval_ = true;
     }
     void setActiveEval() { isActiveEval_ = true; }
     void setDirectlyInsideEval() { directlyInsideEval_ = true; }
     bool usesArgumentsAndApply() const {
         return usesArgumentsAndApply_;
     }
     void setUsesArgumentsAndApply() { usesArgumentsAndApply_ = true; }
     bool shouldCloneAtCallsite() const {
         return shouldCloneAtCallsite_;
     }
     bool shouldInline() const {
         return shouldInline_;
     }
     void setShouldCloneAtCallsite() { shouldCloneAtCallsite_ = true; }
     void setShouldInline() { shouldInline_ = true; }
     bool isCallsiteClone() const {
         return isCallsiteClone_;
     }
     bool isGeneratorExp() const { return isGeneratorExp_; }
     bool failedBoundsCheck() const {
         return failedBoundsCheck_;
     }
     bool failedShapeGuard() const {
         return failedShapeGuard_;
     }
     bool hadFrequentBailouts() const {
         return hadFrequentBailouts_;
     }
     bool uninlineable() const {
         return uninlineable_;
     }
     bool invalidatedIdempotentCache() const {
         return invalidatedIdempotentCache_;
     }
     void setFailedBoundsCheck() { failedBoundsCheck_ = true; }
     void setFailedShapeGuard() { failedShapeGuard_ = true; }
     void setHadFrequentBailouts() { hadFrequentBailouts_ = true; }
     void setUninlineable() { uninlineable_ = true; }
     void setInvalidatedIdempotentCache() { invalidatedIdempotentCache_ = true; }
     bool hasScriptCounts() const { return hasScriptCounts_; }
     bool hasFreezeConstraints() const { return hasFreezeConstraints_; }
     void setHasFreezeConstraints() { hasFreezeConstraints_ = true; }
     void clearHasFreezeConstraints() { hasFreezeConstraints_ = false; }
     bool warnedAboutUndefinedProp() const { return warnedAboutUndefinedProp_; }
     void setWarnedAboutUndefinedProp() { warnedAboutUndefinedProp_ = true; }
     /* See ContextFlags::funArgumentsHasLocalBinding comment. */
     bool argumentsHasVarBinding() const {
         return argsHasVarBinding_;
     }
     jsbytecode *argumentsBytecode() const { JS_ASSERT(code()[0] == JSOP_ARGUMENTS); return code(); }
     void setArgumentsHasVarBinding();
     bool argumentsAliasesFormals() const {
         return argumentsHasVarBinding() && !strict();
     }
     js::GeneratorKind generatorKind() const {
         return js::GeneratorKindFromBits(generatorKindBits_);
     }
     bool isGenerator() const { return generatorKind() != js::NotGenerator; }
     bool isLegacyGenerator() const { return generatorKind() == js::LegacyGenerator; }
     bool isStarGenerator() const { return generatorKind() == js::StarGenerator; }
     void setGeneratorKind(js::GeneratorKind kind) {
         // A script only gets its generator kind set as part of initialization,
         // so it can only transition from not being a generator.
         JS_ASSERT(!isGenerator());
         generatorKindBits_ = GeneratorKindAsBits(kind);
     }
     /*
      * As an optimization, even when argsHasLocalBinding, the function prologue
      * may not need to create an arguments object. This is determined by
      * needsArgsObj which is set by AnalyzeArgumentsUsage before running
      * the script the first time. When !needsArgsObj, the prologue may simply
      * write MagicValue(JS_OPTIMIZED_ARGUMENTS) to 'arguments's slot and any
      * uses of 'arguments' will be guaranteed to handle this magic value.
      * So avoid spurious arguments object creation, we maintain the invariant
      * that needsArgsObj is only called after the script has been analyzed.
      */
     bool analyzedArgsUsage() const { return !needsArgsAnalysis_; }
     inline bool ensureHasAnalyzedArgsUsage(JSContext *cx);
     bool needsArgsObj() const {
         JS_ASSERT(analyzedArgsUsage());
         return needsArgsObj_;
     }
     void setNeedsArgsObj(bool needsArgsObj);
     static bool argumentsOptimizationFailed(JSContext *cx, js::HandleScript script);
     /*
      * Arguments access (via JSOP_*ARG* opcodes) must access the canonical
      * location for the argument. If an arguments object exists AND this is a
      * non-strict function (where 'arguments' aliases formals), then all access
      * must go through the arguments object. Otherwise, the local slot is the
      * canonical location for the arguments. Note: if a formal is aliased
      * through the scope chain, then script->formalIsAliased and JSOP_*ARG*
      * opcodes won't be emitted at all.
      */
     bool argsObjAliasesFormals() const {
         return needsArgsObj() && !strict();
     }
     bool hasAnyIonScript() const {
         return hasIonScript() || hasParallelIonScript();
     }
     bool hasIonScript() const {
         bool res = ion && ion != ION_DISABLED_SCRIPT && ion != ION_COMPILING_SCRIPT;
         MOZ_ASSERT_IF(res, baseline);
         return res;
     }
     bool canIonCompile() const {
         return ion != ION_DISABLED_SCRIPT;
     }
     bool isIonCompilingOffThread() const {
         return ion == ION_COMPILING_SCRIPT;
     }
     js::jit::IonScript *ionScript() const {
         JS_ASSERT(hasIonScript());
         return ion;
     }
     js::jit::IonScript *maybeIonScript() const {
         return ion;
     }
     js::jit::IonScript *const *addressOfIonScript() const {
         return &ion;
     }
     void setIonScript(js::jit::IonScript *ionScript) {
         if (hasIonScript())
             js::jit::IonScript::writeBarrierPre(tenuredZone(), ion);
         ion = ionScript;
         MOZ_ASSERT_IF(hasIonScript(), hasBaselineScript());
         updateBaselineOrIonRaw();
     }
     bool hasBaselineScript() const {
         bool res = baseline && baseline != BASELINE_DISABLED_SCRIPT;
         MOZ_ASSERT_IF(!res, !ion || ion == ION_DISABLED_SCRIPT);
         return res;
     }
     bool canBaselineCompile() const {
         return baseline != BASELINE_DISABLED_SCRIPT;
     }
     js::jit::BaselineScript *baselineScript() const {
         JS_ASSERT(hasBaselineScript());
         return baseline;
     }
     inline void setBaselineScript(JSContext *maybecx, js::jit::BaselineScript *baselineScript);
     void updateBaselineOrIonRaw();
     bool hasParallelIonScript() const {
         return parallelIon && parallelIon != ION_DISABLED_SCRIPT && parallelIon != ION_COMPILING_SCRIPT;
     }
     bool canParallelIonCompile() const {
         return parallelIon != ION_DISABLED_SCRIPT;
     }
     bool isParallelIonCompilingOffThread() const {
         return parallelIon == ION_COMPILING_SCRIPT;
     }
     js::jit::IonScript *parallelIonScript() const {
         JS_ASSERT(hasParallelIonScript());
         return parallelIon;
     }
     js::jit::IonScript *maybeParallelIonScript() const {
         return parallelIon;
     }
     void setParallelIonScript(js::jit::IonScript *ionScript) {
         if (hasParallelIonScript())
             js::jit::IonScript::writeBarrierPre(tenuredZone(), parallelIon);
         parallelIon = ionScript;
     }
     static size_t offsetOfBaselineScript() {
         return offsetof(JSScript, baseline);
     }
     static size_t offsetOfIonScript() {
         return offsetof(JSScript, ion);
     }
     static size_t offsetOfParallelIonScript() {
         return offsetof(JSScript, parallelIon);
     }
     static size_t offsetOfBaselineOrIonRaw() {
         return offsetof(JSScript, baselineOrIonRaw);
     }
     static size_t offsetOfBaselineOrIonSkipArgCheck() {
         return offsetof(JSScript, baselineOrIonSkipArgCheck);
     }
     bool isRelazifiable() const {
         return (selfHosted() || lazyScript) &&
                !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() && !hasBeenInlined();
     }
     void setLazyScript(js::LazyScript *lazy) {
         lazyScript = lazy;
     }
     js::LazyScript *maybeLazyScript() {
         return lazyScript;
     }
     /*
      * Original compiled function for the script, if it has a function.
      * nullptr for global and eval scripts.
      * The delazifying variant ensures that the function isn't lazy. The
      * non-delazifying variant must only be used after earlier code has
      * called ensureNonLazyCanonicalFunction and while the function can't
      * have been relazified.
      */
     inline JSFunction *functionDelazifying() const;
     JSFunction *functionNonDelazifying() const {
         return function_;
     }
     inline void setFunction(JSFunction *fun);
     /*
      * De-lazifies the canonical function. Must be called before entering code
      * that expects the function to be non-lazy.
      */
     inline void ensureNonLazyCanonicalFunction(JSContext *cx);
     /*
      * Donor provided itself to callsite clone; null if this is non-clone.
      */
     JSFunction *donorFunction() const;
     void setIsCallsiteClone(JSObject *fun);
     JSFlatString *sourceData(JSContext *cx);
     static bool loadSource(JSContext *cx, js::ScriptSource *ss, bool *worked);
     void setSourceObject(JSObject *object);
     JSObject *sourceObject() const {
         return sourceObject_;
     }
     js::ScriptSourceObject &scriptSourceUnwrap() const;
     js::ScriptSource *scriptSource() const;
     JSPrincipals *originPrincipals() const { return scriptSource()->originPrincipals(); }
     const char *filename() const { return scriptSource()->filename(); }
   public:
     /* Return whether this script was compiled for 'eval' */
     bool isForEval() { return isCachedEval() || isActiveEval(); }
 #ifdef DEBUG
     unsigned id();
 #else
     unsigned id() { return 0; }
 #endif
     /* Ensure the script has a TypeScript. */
     inline bool ensureHasTypes(JSContext *cx);
     inline js::GlobalObject &global() const;
     js::GlobalObject &uninlinedGlobal() const;
     /* See StaticScopeIter comment. */
     JSObject *enclosingStaticScope() const {
         if (isCallsiteClone())
             return nullptr;
         return enclosingScopeOrOriginalFunction_;
     }
   private:
     bool makeTypes(JSContext *cx);
   public:
     uint32_t getUseCount() const {
         return useCount;
     }
     uint32_t incUseCount(uint32_t amount = 1) { return useCount += amount; }
     uint32_t *addressOfUseCount() { return &useCount; }
     static size_t offsetOfUseCount() { return offsetof(JSScript, useCount); }
     void resetUseCount() { useCount = 0; }
   public:
     bool initScriptCounts(JSContext *cx);
     js::PCCounts getPCCounts(jsbytecode *pc);
     void addIonCounts(js::jit::IonScriptCounts *ionCounts);
     js::jit::IonScriptCounts *getIonCounts();
     js::ScriptCounts releaseScriptCounts();
     void destroyScriptCounts(js::FreeOp *fop);
     jsbytecode *main() {
         return code() + mainOffset();
     }
     /*
      * computedSizeOfData() is the in-use size of all the data sections.
      * sizeOfData() is the size of the block allocated to hold all the data
      * sections (which can be larger than the in-use size).
      */
     size_t computedSizeOfData() const;
     size_t sizeOfData(mozilla::MallocSizeOf mallocSizeOf) const;
     size_t sizeOfTypeScript(mozilla::MallocSizeOf mallocSizeOf) const;
     uint32_t numNotes();  /* Number of srcnote slots in the srcnotes section */
     /* Script notes are allocated right after the code. */
     jssrcnote *notes() { return (jssrcnote *)(code() + length()); }
     bool hasArray(ArrayKind kind) {
         return hasArrayBits & (1 << kind);
     }
     void setHasArray(ArrayKind kind) { hasArrayBits |= (1 << kind); }
     void cloneHasArray(JSScript *script) { hasArrayBits = script->hasArrayBits; }
     bool hasConsts()        { return hasArray(CONSTS);      }
     bool hasObjects()       { return hasArray(OBJECTS);     }
     bool hasRegexps()       { return hasArray(REGEXPS);     }
     bool hasTrynotes()      { return hasArray(TRYNOTES);    }
     bool hasBlockScopes()   { return hasArray(BLOCK_SCOPES); }
     #define OFF(fooOff, hasFoo, t)   (fooOff() + (hasFoo() ? sizeof(t) : 0))
     size_t constsOffset()     { return 0; }
     size_t objectsOffset()    { return OFF(constsOffset,     hasConsts,     js::ConstArray);      }
     size_t regexpsOffset()    { return OFF(objectsOffset,    hasObjects,    js::ObjectArray);     }
     size_t trynotesOffset()   { return OFF(regexpsOffset,    hasRegexps,    js::ObjectArray);     }
     size_t blockScopesOffset(){ return OFF(trynotesOffset,   hasTrynotes,   js::TryNoteArray);    }
     size_t dataSize() const { return dataSize_; }
     js::ConstArray *consts() {
         JS_ASSERT(hasConsts());
         return reinterpret_cast<js::ConstArray *>(data + constsOffset());
     }
     js::ObjectArray *objects() {
         JS_ASSERT(hasObjects());
         return reinterpret_cast<js::ObjectArray *>(data + objectsOffset());
     }
     js::ObjectArray *regexps() {
         JS_ASSERT(hasRegexps());
         return reinterpret_cast<js::ObjectArray *>(data + regexpsOffset());
     }
     js::TryNoteArray *trynotes() {
         JS_ASSERT(hasTrynotes());
         return reinterpret_cast<js::TryNoteArray *>(data + trynotesOffset());
     }
     js::BlockScopeArray *blockScopes() {
         JS_ASSERT(hasBlockScopes());
         return reinterpret_cast<js::BlockScopeArray *>(data + blockScopesOffset());
     }
     bool hasLoops();
     size_t natoms() const { return natoms_; }
     js::HeapPtrAtom &getAtom(size_t index) const {
         JS_ASSERT(index < natoms());
         return atoms[index];
     }
     js::HeapPtrAtom &getAtom(jsbytecode *pc) const {
         JS_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t)));
         return getAtom(GET_UINT32_INDEX(pc));
     }
     js::PropertyName *getName(size_t index) {
         return getAtom(index)->asPropertyName();
     }
     js::PropertyName *getName(jsbytecode *pc) const {
         JS_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t)));
         return getAtom(GET_UINT32_INDEX(pc))->asPropertyName();
     }
     JSObject *getObject(size_t index) {
         js::ObjectArray *arr = objects();
         JS_ASSERT(index < arr->length);
         return arr->vector[index];
     }
     size_t innerObjectsStart() {
         // The first object contains the caller if savedCallerFun is used.
         return savedCallerFun() ? 1 : 0;
     }
     JSObject *getObject(jsbytecode *pc) {
         JS_ASSERT(containsPC(pc) && containsPC(pc + sizeof(uint32_t)));
         return getObject(GET_UINT32_INDEX(pc));
     }
     JSVersion getVersion() const {
         return JSVersion(version);
     }
     inline JSFunction *getFunction(size_t index);
     inline JSFunction *getCallerFunction();
     inline JSFunction *functionOrCallerFunction();
     inline js::RegExpObject *getRegExp(size_t index);
     inline js::RegExpObject *getRegExp(jsbytecode *pc);
     const js::Value &getConst(size_t index) {
         js::ConstArray *arr = consts();
         JS_ASSERT(index < arr->length);
         return arr->vector[index];
     }
     js::NestedScopeObject *getStaticScope(jsbytecode *pc);
     /*
      * The isEmpty method tells whether this script has code that computes any
      * result (not return value, result AKA normal completion value) other than
      * JSVAL_VOID, or any other effects.
      */
     bool isEmpty() const {
         if (length() > 3)
             return false;
         jsbytecode *pc = code();
         if (noScriptRval() && JSOp(*pc) == JSOP_FALSE)
             ++pc;
         return JSOp(*pc) == JSOP_RETRVAL;
     }
     bool varIsAliased(uint32_t varSlot);
     bool formalIsAliased(unsigned argSlot);
     bool formalLivesInArgumentsObject(unsigned argSlot);
   private:
     /* Change this->stepMode to |newValue|. */
     void setNewStepMode(js::FreeOp *fop, uint32_t newValue);
     bool ensureHasDebugScript(JSContext *cx);
     js::DebugScript *debugScript();
     js::DebugScript *releaseDebugScript();
     void destroyDebugScript(js::FreeOp *fop);
   public:
     bool hasBreakpointsAt(jsbytecode *pc);
     bool hasAnyBreakpointsOrStepMode() { return hasDebugScript_; }
     js::BreakpointSite *getBreakpointSite(jsbytecode *pc)
     {
         return hasDebugScript_ ? debugScript()->breakpoints[pcToOffset(pc)] : nullptr;
     }
     js::BreakpointSite *getOrCreateBreakpointSite(JSContext *cx, jsbytecode *pc);
     void destroyBreakpointSite(js::FreeOp *fop, jsbytecode *pc);
     void clearBreakpointsIn(js::FreeOp *fop, js::Debugger *dbg, JSObject *handler);
     void clearTraps(js::FreeOp *fop);
     void markTrapClosures(JSTracer *trc);
     /*
      * Set or clear the single-step flag. If the flag is set or the count
      * (adjusted by changeStepModeCount) is non-zero, then the script is in
      * single-step mode. (JSD uses an on/off-style interface; Debugger uses a
      * count-style interface.)
      */
     bool setStepModeFlag(JSContext *cx, bool step);
     /*
      * Increment or decrement the single-step count. If the count is non-zero or
      * the flag (set by setStepModeFlag) is set, then the script is in
      * single-step mode. (JSD uses an on/off-style interface; Debugger uses a
      * count-style interface.)
      *
      * Only incrementing is fallible, as it could allocate a DebugScript.
      */
     bool incrementStepModeCount(JSContext *cx);
     void decrementStepModeCount(js::FreeOp *fop);
     bool stepModeEnabled() { return hasDebugScript_ && !!debugScript()->stepMode; }
 #ifdef DEBUG
     uint32_t stepModeCount() { return hasDebugScript_ ? (debugScript()->stepMode & stepCountMask) : 0; }
 #endif
     void finalize(js::FreeOp *fop);
     static inline js::ThingRootKind rootKind() { return js::THING_ROOT_SCRIPT; }
     void markChildren(JSTracer *trc);
 };
 /* If this fails, add/remove padding within JSScript. */
 static_assert(sizeof(JSScript) % js::gc::CellSize == 0,
               "Size of JSScript must be an integral multiple of js::gc::CellSize");
 namespace js {
 /*
  * Iterator over a script's bindings (formals and variables).
  * The order of iteration is:
  *  - first, formal arguments, from index 0 to numArgs
  *  - next, variables, from index 0 to numLocals
  */
 class BindingIter
 {
     const InternalBindingsHandle bindings_;
     uint32_t i_;
     friend class Bindings;
   public:
     explicit BindingIter(const InternalBindingsHandle &bindings) : bindings_(bindings), i_(0) {}
     explicit BindingIter(const HandleScript &script) : bindings_(script, &script->bindings), i_(0) {}
     bool done() const { return i_ == bindings_->count(); }
     operator bool() const { return !done(); }
     void operator++(int) { JS_ASSERT(!done()); i_++; }
     BindingIter &operator++() { (*this)++; return *this; }
     uint32_t frameIndex() const {
         JS_ASSERT(!done());
         return i_ < bindings_->numArgs() ? i_ : i_ - bindings_->numArgs();
     }
     const Binding &operator*() const { JS_ASSERT(!done()); return bindings_->bindingArray()[i_]; }
     const Binding *operator->() const { JS_ASSERT(!done()); return &bindings_->bindingArray()[i_]; }
 };
 /*
  * This helper function fills the given BindingVector with the sequential
  * values of BindingIter.
  */
 typedef Vector<Binding, 32> BindingVector;
 extern bool
 FillBindingVector(HandleScript fromScript, BindingVector *vec);
 /*
  * Iterator over the aliased formal bindings in ascending index order. This can
  * be veiwed as a filtering of BindingIter with predicate
  *   bi->aliased() && bi->kind() == Binding::ARGUMENT
  */
 class AliasedFormalIter
 {
     const Binding *begin_, *p_, *end_;
     unsigned slot_;
     void settle() {
         while (p_ != end_ && !p_->aliased())
             p_++;
     }
   public:
     explicit inline AliasedFormalIter(JSScript *script);
     bool done() const { return p_ == end_; }
     operator bool() const { return !done(); }
     void operator++(int) { JS_ASSERT(!done()); p_++; slot_++; settle(); }
     const Binding &operator*() const { JS_ASSERT(!done()); return *p_; }
     const Binding *operator->() const { JS_ASSERT(!done()); return p_; }
     unsigned frameIndex() const { JS_ASSERT(!done()); return p_ - begin_; }
     unsigned scopeSlot() const { JS_ASSERT(!done()); return slot_; }
 };
 // Information about a script which may be (or has been) lazily compiled to
 // bytecode from its source.
 class LazyScript : public gc::BarrieredCell<LazyScript>
 {
     // If non-nullptr, the script has been compiled and this is a forwarding
     // pointer to the result.
     HeapPtrScript script_;
     // Original function with which the lazy script is associated.
     HeapPtrFunction function_;
     // Function or block chain in which the script is nested, or nullptr.
     HeapPtrObject enclosingScope_;
     // ScriptSourceObject, or nullptr if the script in which this is nested
     // has not been compiled yet. This is never a CCW; we don't clone
     // LazyScripts into other compartments.
     HeapPtrObject sourceObject_;
     // Heap allocated table with any free variables or inner functions.
     void *table_;
 #if JS_BITS_PER_WORD == 32
     uint32_t padding;
 #endif
     struct PackedView {
         // Assorted bits that should really be in ScriptSourceObject.
         uint32_t version : 8;
         uint32_t numFreeVariables : 24;
         uint32_t numInnerFunctions : 23;
         uint32_t generatorKindBits : 2;
         // N.B. These are booleans but need to be uint32_t to pack correctly on MSVC.
         uint32_t strict : 1;
         uint32_t bindingsAccessedDynamically : 1;
         uint32_t hasDebuggerStatement : 1;
         uint32_t directlyInsideEval : 1;
         uint32_t usesArgumentsAndApply : 1;
         uint32_t hasBeenCloned : 1;
         uint32_t treatAsRunOnce : 1;
     };
     union {
         PackedView p_;
         uint64_t packedFields_;
     };
     // Source location for the script.
     uint32_t begin_;
     uint32_t end_;
     uint32_t lineno_;
     uint32_t column_;
     LazyScript(JSFunction *fun, void *table, uint64_t packedFields,
                uint32_t begin, uint32_t end, uint32_t lineno, uint32_t column);
     // Create a LazyScript without initializing the freeVariables and the
     // innerFunctions. To be GC-safe, the caller must initialize both vectors
     // with valid atoms and functions.
     static LazyScript *CreateRaw(ExclusiveContext *cx, HandleFunction fun,
                                  uint64_t packedData, uint32_t begin, uint32_t end,
                                  uint32_t lineno, uint32_t column);
   public:
     // Create a LazyScript without initializing the freeVariables and the
     // innerFunctions. To be GC-safe, the caller must initialize both vectors
     // with valid atoms and functions.
     static LazyScript *CreateRaw(ExclusiveContext *cx, HandleFunction fun,
                                  uint32_t numFreeVariables, uint32_t numInnerFunctions,
                                  JSVersion version, uint32_t begin, uint32_t end,
                                  uint32_t lineno, uint32_t column);
     // Create a LazyScript and initialize the freeVariables and the
     // innerFunctions with dummy values to be replaced in a later initialization
     // phase.
     static LazyScript *Create(ExclusiveContext *cx, HandleFunction fun,
                               uint64_t packedData, uint32_t begin, uint32_t end,
                               uint32_t lineno, uint32_t column);
     void initRuntimeFields(uint64_t packedFields);
     inline JSFunction *functionDelazifying(JSContext *cx) const;
     JSFunction *functionNonDelazifying() const {
         return function_;
     }
     void initScript(JSScript *script);
     void resetScript();
     JSScript *maybeScript() {
         return script_;
     }
     JSObject *enclosingScope() const {
         return enclosingScope_;
     }
     ScriptSourceObject *sourceObject() const;
     ScriptSource *scriptSource() const {
         return sourceObject()->source();
     }
     JSPrincipals *originPrincipals() const {
         return scriptSource()->originPrincipals();
     }
     JSVersion version() const {
         JS_STATIC_ASSERT(JSVERSION_UNKNOWN == -1);
         return (p_.version == JS_BIT(8) - 1) ? JSVERSION_UNKNOWN : JSVersion(p_.version);
     }
     void setParent(JSObject *enclosingScope, ScriptSourceObject *sourceObject);
     uint32_t numFreeVariables() const {
         return p_.numFreeVariables;
     }
     HeapPtrAtom *freeVariables() {
         return (HeapPtrAtom *)table_;
     }
     uint32_t numInnerFunctions() const {
         return p_.numInnerFunctions;
     }
     HeapPtrFunction *innerFunctions() {
         return (HeapPtrFunction *)&freeVariables()[numFreeVariables()];
     }
     GeneratorKind generatorKind() const { return GeneratorKindFromBits(p_.generatorKindBits); }
     bool isGenerator() const { return generatorKind() != NotGenerator; }
     bool isLegacyGenerator() const { return generatorKind() == LegacyGenerator; }
     bool isStarGenerator() const { return generatorKind() == StarGenerator; }
     void setGeneratorKind(GeneratorKind kind) {
         // A script only gets its generator kind set as part of initialization,
         // so it can only transition from NotGenerator.
         JS_ASSERT(!isGenerator());
         // Legacy generators cannot currently be lazy.
         JS_ASSERT(kind != LegacyGenerator);
         p_.generatorKindBits = GeneratorKindAsBits(kind);
     }
     bool strict() const {
         return p_.strict;
     }
     void setStrict() {
         p_.strict = true;
     }
     bool bindingsAccessedDynamically() const {
         return p_.bindingsAccessedDynamically;
     }
     void setBindingsAccessedDynamically() {
         p_.bindingsAccessedDynamically = true;
     }
     bool hasDebuggerStatement() const {
         return p_.hasDebuggerStatement;
     }
     void setHasDebuggerStatement() {
         p_.hasDebuggerStatement = true;
     }
     bool directlyInsideEval() const {
         return p_.directlyInsideEval;
     }
     void setDirectlyInsideEval() {
         p_.directlyInsideEval = true;
     }
     bool usesArgumentsAndApply() const {
         return p_.usesArgumentsAndApply;
     }
     void setUsesArgumentsAndApply() {
         p_.usesArgumentsAndApply = true;
     }
     bool hasBeenCloned() const {
         return p_.hasBeenCloned;
     }
     void setHasBeenCloned() {
         p_.hasBeenCloned = true;
     }
     bool treatAsRunOnce() const {
         return p_.treatAsRunOnce;
     }
     void setTreatAsRunOnce() {
         p_.treatAsRunOnce = true;
     }
     ScriptSource *source() const {
         return sourceObject()->source();
     }
     uint32_t begin() const {
         return begin_;
     }
     uint32_t end() const {
         return end_;
     }
     uint32_t lineno() const {
         return lineno_;
     }
     uint32_t column() const {
         return column_;
     }
     bool hasUncompiledEnclosingScript() const;
     uint32_t staticLevel(JSContext *cx) const;
     void markChildren(JSTracer *trc);
     void finalize(js::FreeOp *fop);
     static inline js::ThingRootKind rootKind() { return js::THING_ROOT_LAZY_SCRIPT; }
     size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf)
     {
         return mallocSizeOf(table_);
     }
     uint64_t packedFields() const {
         return packedFields_;
     }
 };
 /* If this fails, add/remove padding within LazyScript. */
 JS_STATIC_ASSERT(sizeof(LazyScript) % js::gc::CellSize == 0);
 /*
  * New-script-hook calling is factored from JSScript::fullyInitFromEmitter() so
  * that it and callers of XDRScript() can share this code.  In the case of
  * callers of XDRScript(), the hook should be invoked only after successful
  * decode of any owning function (the fun parameter) or script object (null
  * fun).
  */
 extern void
 CallNewScriptHook(JSContext *cx, JS::HandleScript script, JS::HandleFunction fun);
 extern void
 CallDestroyScriptHook(FreeOp *fop, JSScript *script);
 struct SharedScriptData
 {
     uint32_t length;
     uint32_t natoms;
     bool marked;
     jsbytecode data[1];
     static SharedScriptData *new_(ExclusiveContext *cx, uint32_t codeLength,
                                   uint32_t srcnotesLength, uint32_t natoms);
     HeapPtrAtom *atoms() {
         if (!natoms)
             return nullptr;
         return reinterpret_cast<HeapPtrAtom *>(data + length - sizeof(JSAtom *) * natoms);
     }
     static SharedScriptData *fromBytecode(const jsbytecode *bytecode) {
         return (SharedScriptData *)(bytecode - offsetof(SharedScriptData, data));
     }
   private:
     SharedScriptData() MOZ_DELETE;
     SharedScriptData(const SharedScriptData&) MOZ_DELETE;
 };
 struct ScriptBytecodeHasher
 {
     struct Lookup
     {
         jsbytecode          *code;
         uint32_t            length;
         Lookup(SharedScriptData *ssd) : code(ssd->data), length(ssd->length) {}
     };
     static HashNumber hash(const Lookup &l) { return mozilla::HashBytes(l.code, l.length); }
     static bool match(SharedScriptData *entry, const Lookup &lookup) {
         if (entry->length != lookup.length)
             return false;
         return mozilla::PodEqual<jsbytecode>(entry->data, lookup.code, lookup.length);
     }
 };
 typedef HashSet<SharedScriptData*,
                 ScriptBytecodeHasher,
                 SystemAllocPolicy> ScriptDataTable;
 extern void
 UnmarkScriptData(JSRuntime *rt);
 extern void
 SweepScriptData(JSRuntime *rt);
 extern void
 FreeScriptData(JSRuntime *rt);
 struct ScriptAndCounts
 {
     /* This structure is stored and marked from the JSRuntime. */
     JSScript *script;
     ScriptCounts scriptCounts;
     PCCounts &getPCCounts(jsbytecode *pc) const {
         return scriptCounts.pcCountsVector[script->pcToOffset(pc)];
     }
     jit::IonScriptCounts *getIonCounts() const {
         return scriptCounts.ionCounts;
     }
 };
 struct GSNCache;
 jssrcnote *
 GetSrcNote(GSNCache &cache, JSScript *script, jsbytecode *pc);
 } /* namespace js */
 extern jssrcnote *
 js_GetSrcNote(JSContext *cx, JSScript *script, jsbytecode *pc);
 extern jsbytecode *
 js_LineNumberToPC(JSScript *script, unsigned lineno);
 extern JS_FRIEND_API(unsigned)
 js_GetScriptLineExtent(JSScript *script);
 namespace js {
 extern unsigned
 PCToLineNumber(JSScript *script, jsbytecode *pc, unsigned *columnp = nullptr);
 extern unsigned
 PCToLineNumber(unsigned startLine, jssrcnote *notes, jsbytecode *code, jsbytecode *pc,
                unsigned *columnp = nullptr);
 /*
  * This function returns the file and line number of the script currently
  * executing on cx. If there is no current script executing on cx (e.g., a
  * native called directly through JSAPI (e.g., by setTimeout)), nullptr and 0
  * are returned as the file and line. Additionally, this function avoids the
  * full linear scan to compute line number when the caller guarantees that the
  * script compilation occurs at a JSOP_EVAL/JSOP_SPREADEVAL.
  */
 enum LineOption {
     CALLED_FROM_JSOP_EVAL,
     NOT_CALLED_FROM_JSOP_EVAL
 };
 extern void
 DescribeScriptedCallerForCompilation(JSContext *cx, MutableHandleScript maybeScript,
                                      const char **file, unsigned *linenop,
                                      uint32_t *pcOffset, JSPrincipals **origin,
                                      LineOption opt = NOT_CALLED_FROM_JSOP_EVAL);
 bool
 CloneFunctionScript(JSContext *cx, HandleFunction original, HandleFunction clone,
                     NewObjectKind newKind = GenericObject);
 /*
  * JSAPI clients are allowed to leave CompileOptions.originPrincipals nullptr in
  * which case the JS engine sets options.originPrincipals = origin.principals.
  * This normalization step must occur before the originPrincipals get stored in
  * the JSScript/ScriptSource.
  */
 static inline JSPrincipals *
 NormalizeOriginPrincipals(JSPrincipals *principals, JSPrincipals *originPrincipals)
 {
     return originPrincipals ? originPrincipals : principals;
 }
 } /* namespace js */
 #endif /* jsscript_h */

The Tor Browser / annotate

js/src/jsscript.h@b8a032363ba2 (annotated)

js/src/jsscript.h