/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef vm_Stack_h
#define vm_Stack_h
#include "mozilla/HashFunctions.h"
#include "mozilla/MemoryReporting.h"
#include <algorithm>
#include <type_traits>
#include "js/ErrorReport.h"
#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_*
#include "js/RootingAPI.h"
#include "js/TypeDecls.h"
#include "js/ValueArray.h"
#include "vm/ArgumentsObject.h"
#include "vm/JSFunction.h"
#include "vm/JSScript.h"
#include "wasm/WasmDebugFrame.h" // js::wasm::DebugFrame
namespace js {
class InterpreterRegs;
class CallObject;
class FrameIter;
class ClassBodyScope;
class EnvironmentObject;
class BlockLexicalEnvironmentObject;
class ExtensibleLexicalEnvironmentObject;
class GeckoProfilerRuntime;
class InterpreterFrame;
class EnvironmentIter;
class EnvironmentCoordinate;
namespace jit {
class CommonFrameLayout;
}
namespace wasm {
class Instance;
}
// namespace wasm
// [SMDOC] VM stack layout
//
// A JSRuntime's stack consists of a linked list of activations. Every
// activation contains a number of scripted frames that are either running in
// the interpreter (InterpreterActivation) or JIT code (JitActivation). The
// frames inside a single activation are contiguous: whenever C++ calls back
// into JS, a new activation is pushed.
//
// Every activation is tied to a single JSContext and JS::Compartment. This
// means we can reconstruct a given context's stack by skipping activations
// belonging to other contexts. This happens whenever an embedding enters the JS
// engine on cx1 and then, from a native called by the JS engine, reenters the
// VM on cx2.
// Interpreter frames (InterpreterFrame)
//
// Each interpreter script activation (global or function code) is given a
// fixed-size header (js::InterpreterFrame). The frame contains bookkeeping
// information about the activation and links to the previous frame.
//
// The values after an InterpreterFrame in memory are its locals followed by its
// expression stack. InterpreterFrame::argv_ points to the frame's arguments.
// Missing formal arguments are padded with |undefined|, so the number of
// arguments is always >= the number of formals.
//
// The top of an activation's current frame's expression stack is pointed to by
// the activation's "current regs", which contains the stack pointer 'sp'. In
// the interpreter, sp is adjusted as individual values are pushed and popped
// from the stack and the InterpreterRegs struct (pointed to by the
// InterpreterActivation) is a local var of js::Interpret.
enum MaybeCheckAliasing { CHECK_ALIASING =
true, DONT_CHECK_ALIASING =
false };
}
// namespace js
/*****************************************************************************/
namespace js {
namespace jit {
class BaselineFrame;
class RematerializedFrame;
}
// namespace jit
/**
* Pointer to a live JS or WASM stack frame.
*/
class AbstractFramePtr {
friend class FrameIter;
uintptr_t ptr_;
enum {
Tag_InterpreterFrame = 0x0,
Tag_BaselineFrame = 0x1,
Tag_RematerializedFrame = 0x2,
Tag_WasmDebugFrame = 0x3,
TagMask = 0x3
};
public:
AbstractFramePtr() : ptr_(0) {}
MOZ_IMPLICIT AbstractFramePtr(InterpreterFrame* fp)
: ptr_(fp ? uintptr_t(fp) | Tag_InterpreterFrame : 0) {
MOZ_ASSERT_IF(fp, asInterpreterFrame() == fp);
}
MOZ_IMPLICIT AbstractFramePtr(jit::BaselineFrame* fp)
: ptr_(fp ? uintptr_t(fp) | Tag_BaselineFrame : 0) {
MOZ_ASSERT_IF(fp, asBaselineFrame() == fp);
}
MOZ_IMPLICIT AbstractFramePtr(jit::RematerializedFrame* fp)
: ptr_(fp ? uintptr_t(fp) | Tag_RematerializedFrame : 0) {
MOZ_ASSERT_IF(fp, asRematerializedFrame() == fp);
}
MOZ_IMPLICIT AbstractFramePtr(wasm::DebugFrame* fp)
: ptr_(fp ? uintptr_t(fp) | Tag_WasmDebugFrame : 0) {
static_assert(wasm::DebugFrame::Alignment >= TagMask,
"aligned");
MOZ_ASSERT_IF(fp, asWasmDebugFrame() == fp);
}
bool isInterpreterFrame()
const {
return (ptr_ & TagMask) == Tag_InterpreterFrame;
}
InterpreterFrame* asInterpreterFrame()
const {
MOZ_ASSERT(isInterpreterFrame());
InterpreterFrame* res = (InterpreterFrame*)(ptr_ & ~TagMask);
MOZ_ASSERT(res);
return res;
}
bool isBaselineFrame()
const {
return (ptr_ & TagMask) == Tag_BaselineFrame; }
jit::BaselineFrame* asBaselineFrame()
const {
MOZ_ASSERT(isBaselineFrame());
jit::BaselineFrame* res = (jit::BaselineFrame*)(ptr_ & ~TagMask);
MOZ_ASSERT(res);
return res;
}
bool isRematerializedFrame()
const {
return (ptr_ & TagMask) == Tag_RematerializedFrame;
}
jit::RematerializedFrame* asRematerializedFrame()
const {
MOZ_ASSERT(isRematerializedFrame());
jit::RematerializedFrame* res =
(jit::RematerializedFrame*)(ptr_ & ~TagMask);
MOZ_ASSERT(res);
return res;
}
bool isWasmDebugFrame()
const {
return (ptr_ & TagMask) == Tag_WasmDebugFrame;
}
wasm::DebugFrame* asWasmDebugFrame()
const {
MOZ_ASSERT(isWasmDebugFrame());
wasm::DebugFrame* res = (wasm::DebugFrame*)(ptr_ & ~TagMask);
MOZ_ASSERT(res);
return res;
}
void* raw()
const {
return reinterpret_cast<
void*>(ptr_); }
bool operator==(
const AbstractFramePtr& other)
const {
return ptr_ == other.ptr_;
}
bool operator!=(
const AbstractFramePtr& other)
const {
return ptr_ != other.ptr_;
}
explicit operator bool()
const {
return !!ptr_; }
inline JSObject* environmentChain()
const;
inline CallObject& callObj()
const;
inline bool initFunctionEnvironmentObjects(JSContext* cx);
inline bool pushVarEnvironment(JSContext* cx, Handle<Scope*> scope);
template <
typename SpecificEnvironment>
inline void pushOnEnvironmentChain(SpecificEnvironment& env);
template <
typename SpecificEnvironment>
inline void popOffEnvironmentChain();
inline JS::Realm* realm()
const;
inline bool hasInitialEnvironment()
const;
inline bool isGlobalFrame()
const;
inline bool isModuleFrame()
const;
inline bool isEvalFrame()
const;
inline bool isDebuggerEvalFrame()
const;
inline bool hasScript()
const;
inline JSScript* script()
const;
inline wasm::Instance* wasmInstance()
const;
inline GlobalObject* global()
const;
inline bool hasGlobal(
const GlobalObject* global)
const;
inline JSFunction* callee()
const;
inline Value calleev()
const;
inline Value& thisArgument()
const;
inline bool isConstructing()
const;
inline bool debuggerNeedsCheckPrimitiveReturn()
const;
inline bool isFunctionFrame()
const;
inline bool isGeneratorFrame()
const;
inline bool saveGeneratorSlots(JSContext* cx,
unsigned nslots,
ArrayObject* dest)
const;
inline bool hasCachedSavedFrame()
const;
inline unsigned numActualArgs()
const;
inline unsigned numFormalArgs()
const;
inline Value* argv()
const;
inline bool hasArgs()
const;
inline bool hasArgsObj()
const;
inline ArgumentsObject& argsObj()
const;
inline void initArgsObj(ArgumentsObject& argsobj)
const;
inline Value& unaliasedLocal(uint32_t i);
inline Value& unaliasedFormal(
unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
inline Value& unaliasedActual(
unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
template <
class Op>
inline void unaliasedForEachActual(JSContext* cx, Op op);
inline bool prevUpToDate()
const;
inline void setPrevUpToDate()
const;
inline void unsetPrevUpToDate()
const;
inline bool isDebuggee()
const;
inline void setIsDebuggee();
inline void unsetIsDebuggee();
inline HandleValue returnValue()
const;
inline void setReturnValue(
const Value& rval)
const;
friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&, InterpreterFrame*);
friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
jit::BaselineFrame*);
friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
jit::RematerializedFrame*);
friend void GDBTestInitAbstractFramePtr(AbstractFramePtr& frame,
wasm::DebugFrame* ptr);
};
class NullFramePtr :
public AbstractFramePtr {
public:
NullFramePtr() =
default;
};
enum MaybeConstruct { NO_CONSTRUCT =
false, CONSTRUCT =
true };
/*****************************************************************************/
class InterpreterFrame {
enum Flags : uint32_t {
CONSTRUCTING = 0x1,
/* frame is for a constructor invocation */
RESUMED_GENERATOR = 0x2,
/* frame is for a resumed generator invocation */
/* Function prologue state */
HAS_INITIAL_ENV =
0x4,
/* callobj created for function or var env for eval */
HAS_ARGS_OBJ = 0x8,
/* ArgumentsObject created for needsArgsObj script */
/* Lazy frame initialization */
HAS_RVAL = 0x10,
/* frame has rval_ set */
/* Debugger state */
PREV_UP_TO_DATE = 0x20,
/* see DebugScopes::updateLiveScopes */
/*
* See comment above 'isDebuggee' in Realm.h for explanation of
* invariants of debuggee compartments, scripts, and frames.
*/
DEBUGGEE = 0x40,
/* Execution is being observed by Debugger */
/* Used in tracking calls and profiling (see vm/GeckoProfiler.cpp) */
HAS_PUSHED_PROF_FRAME = 0x80,
/* Gecko Profiler was notified of entry */
/*
* If set, we entered one of the JITs and ScriptFrameIter should skip
* this frame.
*/
RUNNING_IN_JIT = 0x100,
/*
* If set, this frame has been on the stack when
* |js::SavedStacks::saveCurrentStack| was called, and so there is a
* |js::SavedFrame| object cached for this frame.
*/
HAS_CACHED_SAVED_FRAME = 0x200,
};
mutable uint32_t flags_;
/* bits described by Flags */
uint32_t nactual_;
/* number of actual arguments, for function frames */
JSScript* script_;
/* the script we're executing */
JSObject* envChain_;
/* current environment chain */
Value rval_;
/* if HAS_RVAL, return value of the frame */
ArgumentsObject* argsObj_;
/* if HAS_ARGS_OBJ, the call's arguments object */
/*
* Previous frame and its pc and sp. Always nullptr for
* InterpreterActivation's entry frame, always non-nullptr for inline
* frames.
*/
InterpreterFrame* prev_;
jsbytecode* prevpc_;
Value* prevsp_;
/*
* For an eval-in-frame DEBUGGER_EVAL frame, the frame in whose scope
* we're evaluating code. Iteration treats this as our previous frame.
*/
AbstractFramePtr evalInFramePrev_;
Value* argv_;
/* If hasArgs(), points to frame's arguments. */
LifoAlloc::Mark mark_;
/* Used to release memory for this frame. */
static void staticAsserts() {
static_assert(offsetof(InterpreterFrame, rval_) %
sizeof(Value) == 0);
static_assert(
sizeof(InterpreterFrame) %
sizeof(Value) == 0);
}
/*
* The utilities are private since they are not able to assert that only
* unaliased vars/formals are accessed. Normal code should prefer the
* InterpreterFrame::unaliased* members (or InterpreterRegs::stackDepth for
* the usual "depth is at least" assertions).
*/
Value* slots()
const {
return (Value*)(
this + 1); }
Value* base()
const {
return slots() + script()->nfixed(); }
friend class FrameIter;
friend class InterpreterRegs;
friend class InterpreterStack;
friend class jit::BaselineFrame;
/*
* Frame initialization, called by InterpreterStack operations after acquiring
* the raw memory for the frame:
*/
/* Used for Invoke and Interpret. */
void initCallFrame(InterpreterFrame* prev, jsbytecode* prevpc, Value* prevsp,
JSFunction& callee, JSScript* script, Value* argv,
uint32_t nactual, MaybeConstruct constructing);
/* Used for eval, module or global frames. */
void initExecuteFrame(JSContext* cx, HandleScript script,
AbstractFramePtr prev, HandleObject envChain);
public:
/*
* Frame prologue/epilogue
*
* Every stack frame must have 'prologue' called before executing the
* first op and 'epilogue' called after executing the last op and before
* popping the frame (whether the exit is exceptional or not).
*
* For inline JS calls/returns, it is easy to call the prologue/epilogue
* exactly once. When calling JS from C++, Invoke/Execute push the stack
* frame but do *not* call the prologue/epilogue. That means Interpret
* must call the prologue/epilogue for the entry frame. This scheme
* simplifies jit compilation.
*
* An important corner case is what happens when an error occurs (OOM,
* over-recursed) after pushing the stack frame but before 'prologue' is
* called or completes fully. To simplify usage, 'epilogue' does not assume
* 'prologue' has completed and handles all the intermediate state details.
*/
bool prologue(JSContext* cx);
void epilogue(JSContext* cx, jsbytecode* pc);
bool checkReturn(JSContext* cx, HandleValue thisv, MutableHandleValue result);
bool initFunctionEnvironmentObjects(JSContext* cx);
/*
* Initialize locals of newly-pushed frame to undefined.
*/
void initLocals();
/*
* Stack frame type
*
* A stack frame may have one of four types, which determines which
* members of the frame may be accessed and other invariants:
*
* global frame: execution of global code
* function frame: execution of function code
* module frame: execution of a module
* eval frame: execution of eval code
*/
bool isGlobalFrame()
const {
return script_->isGlobalCode(); }
bool isModuleFrame()
const {
return script_->isModule(); }
bool isEvalFrame()
const {
return script_->isForEval(); }
bool isFunctionFrame()
const {
return script_->isFunction(); }
/*
* Previous frame
*
* A frame's 'prev' frame is either null or the previous frame pointed to
* by cx->regs->fp when this frame was pushed. Often, given two prev-linked
* frames, the next-frame is a function or eval that was called by the
* prev-frame, but not always: the prev-frame may have called a native that
* reentered the VM through JS_CallFunctionValue on the same context
* (without calling JS_SaveFrameChain) which pushed the next-frame. Thus,
* 'prev' has little semantic meaning and basically just tells the VM what
* to set cx->regs->fp to when this frame is popped.
*/
InterpreterFrame* prev()
const {
return prev_; }
AbstractFramePtr evalInFramePrev()
const {
MOZ_ASSERT(isEvalFrame());
return evalInFramePrev_;
}
/*
* (Unaliased) locals and arguments
*
* Only non-eval function frames have arguments. The arguments pushed by
* the caller are the 'actual' arguments. The declared arguments of the
* callee are the 'formal' arguments. When the caller passes less actual
* arguments, missing formal arguments are padded with |undefined|.
*
* When a local/formal variable is aliased (accessed by nested closures,
* environment operations, or 'arguments'), the canonical location for
* that value is the slot of an environment object. Aliased locals don't
* have stack slots assigned to them. These functions assert that
* accesses to stack values are unaliased.
*/
inline Value& unaliasedLocal(uint32_t i);
bool hasArgs()
const {
return isFunctionFrame(); }
inline Value& unaliasedFormal(
unsigned i,
MaybeCheckAliasing = CHECK_ALIASING);
inline Value& unaliasedActual(
unsigned i,
MaybeCheckAliasing = CHECK_ALIASING);
template <
class Op>
inline void unaliasedForEachActual(Op op);
unsigned numFormalArgs()
const {
MOZ_ASSERT(hasArgs());
return callee().nargs();
}
unsigned numActualArgs()
const {
MOZ_ASSERT(hasArgs());
return nactual_;
}
/* Watch out, this exposes a pointer to the unaliased formal arg array. */
Value* argv()
const {
MOZ_ASSERT(hasArgs());
return argv_;
}
/*
* Arguments object
*
* If a non-eval function has script->needsArgsObj, an arguments object is
* created in the prologue and stored in the local variable for the
* 'arguments' binding (script->argumentsLocal). Since this local is
* mutable, the arguments object can be overwritten and we can "lose" the
* arguments object. Thus, InterpreterFrame keeps an explicit argsObj_ field
* so that the original arguments object is always available.
*/
ArgumentsObject& argsObj()
const;
void initArgsObj(ArgumentsObject& argsobj);
ArrayObject* createRestParameter(JSContext* cx);
/*
* Environment chain
*
* In theory, the environment chain would contain an object for every
* lexical scope. However, only objects that are required for dynamic
* lookup are actually created.
*
* Given that an InterpreterFrame corresponds roughly to a ES Execution
* Context (ES 10.3), GetVariablesObject corresponds to the
* VariableEnvironment component of a Exection Context. Intuitively, the
* variables object is where new bindings (variables and functions) are
* stored. One might expect that this is either the Call object or
* envChain.globalObj for function or global code, respectively, however
* the JSAPI allows calls of Execute to specify a variables object on the
* environment chain other than the call/global object. This allows
* embeddings to run multiple scripts under the same global, each time
* using a new variables object to collect and discard the script's global
* variables.
*/
inline HandleObject environmentChain()
const;
inline EnvironmentObject& aliasedEnvironment(EnvironmentCoordinate ec)
const;
inline EnvironmentObject& aliasedEnvironmentMaybeDebug(
EnvironmentCoordinate ec)
const;
inline GlobalObject& global()
const;
inline CallObject& callObj()
const;
inline ExtensibleLexicalEnvironmentObject& extensibleLexicalEnvironment()
const;
template <
typename SpecificEnvironment>
inline void pushOnEnvironmentChain(SpecificEnvironment& env);
template <
typename SpecificEnvironment>
inline void popOffEnvironmentChain();
inline void replaceInnermostEnvironment(BlockLexicalEnvironmentObject& env);
// Push a VarEnvironmentObject for function frames of functions that have
// parameter expressions with closed over var bindings.
bool pushVarEnvironment(JSContext* cx, Handle<Scope*> scope);
/*
* For lexical envs with aliased locals, these interfaces push and pop
* entries on the environment chain. The "freshen" operation replaces the
* current lexical env with a fresh copy of it, to implement semantics
* providing distinct bindings per iteration of a for(;;) loop whose head
* has a lexical declaration. The "recreate" operation replaces the
* current lexical env with a copy of it containing uninitialized
* bindings, to implement semantics providing distinct bindings per
* iteration of a for-in/of loop.
*/
bool pushLexicalEnvironment(JSContext* cx, Handle<LexicalScope*> scope);
bool freshenLexicalEnvironment(JSContext* cx, jsbytecode* pc);
bool recreateLexicalEnvironment(JSContext* cx, jsbytecode* pc);
bool pushClassBodyEnvironment(JSContext* cx, Handle<ClassBodyScope*> scope);
/*
* Script
*
* All frames have an associated JSScript which holds the bytecode being
* executed for the frame.
*/
JSScript* script()
const {
return script_; }
/* Return the previous frame's pc. */
jsbytecode* prevpc() {
MOZ_ASSERT(prev_);
return prevpc_;
}
/* Return the previous frame's sp. */
Value* prevsp() {
MOZ_ASSERT(prev_);
return prevsp_;
}
/*
* Return the 'this' argument passed to a non-eval function frame. This is
* not necessarily the frame's this-binding, for instance non-strict
* functions will box primitive 'this' values and thisArgument() will
* return the original, unboxed Value.
*/
Value& thisArgument()
const {
MOZ_ASSERT(isFunctionFrame());
return argv()[-1];
}
/*
* Callee
*
* Only function frames have a true callee. An eval frame in a function has
* the same callee as its containing function frame. An async module has to
* create a wrapper callee to allow passing the script to generators for
* pausing and resuming.
*/
JSFunction& callee()
const {
MOZ_ASSERT(isFunctionFrame());
return calleev().toObject().as<JSFunction>();
}
const Value& calleev()
const {
MOZ_ASSERT(isFunctionFrame());
return argv()[-2];
}
/*
* New Target
*
* Only non-arrow function frames have a meaningful newTarget.
*/
Value newTarget()
const {
MOZ_ASSERT(isFunctionFrame());
MOZ_ASSERT(!callee().isArrow());
if (isConstructing()) {
unsigned pushedArgs = std::max(numFormalArgs(), numActualArgs());
return argv()[pushedArgs];
}
return UndefinedValue();
}
/* Profiler flags */
bool hasPushedGeckoProfilerFrame() {
return !!(flags_ & HAS_PUSHED_PROF_FRAME);
}
void setPushedGeckoProfilerFrame() { flags_ |= HAS_PUSHED_PROF_FRAME; }
void unsetPushedGeckoProfilerFrame() { flags_ &= ~HAS_PUSHED_PROF_FRAME; }
/* Return value */
bool hasReturnValue()
const {
return flags_ & HAS_RVAL; }
MutableHandleValue returnValue() {
if (!hasReturnValue()) {
rval_.setUndefined();
}
return MutableHandleValue::fromMarkedLocation(&rval_);
}
void markReturnValue() { flags_ |= HAS_RVAL; }
void setReturnValue(
const Value& v) {
rval_ = v;
markReturnValue();
}
// Copy values from this frame into a private Array, owned by the
// GeneratorObject, for suspending.
[[nodiscard]]
inline bool saveGeneratorSlots(JSContext* cx,
unsigned nslots,
ArrayObject* dest)
const;
// Copy values from the Array into this stack frame, for resuming.
inline void restoreGeneratorSlots(ArrayObject* src);
void resumeGeneratorFrame(JSObject* envChain) {
MOZ_ASSERT(script()->isGenerator() || script()->isAsync());
MOZ_ASSERT_IF(!script()->isModule(), isFunctionFrame());
flags_ |= HAS_INITIAL_ENV;
envChain_ = envChain;
}
/*
* Other flags
*/
bool isConstructing()
const {
return !!(flags_ & CONSTRUCTING); }
void setResumedGenerator() { flags_ |= RESUMED_GENERATOR; }
bool isResumedGenerator()
const {
return !!(flags_ & RESUMED_GENERATOR); }
/*
* These two queries should not be used in general: the presence/absence of
* the call/args object is determined by the static(ish) properties of the
* JSFunction/JSScript. These queries should only be performed when probing
* a stack frame that may be in the middle of the prologue (during which
* time the call/args object are created).
*/
inline bool hasInitialEnvironment()
const;
bool hasInitialEnvironmentUnchecked()
const {
return flags_ & HAS_INITIAL_ENV;
}
bool hasArgsObj()
const {
MOZ_ASSERT(script()->needsArgsObj());
return flags_ & HAS_ARGS_OBJ;
}
/*
* Debugger eval frames.
*
* - If evalInFramePrev_ is non-null, frame was created for an "eval in
* frame" call, which can push a successor to any live frame; so its
* logical "prev" frame is not necessarily the previous frame in memory.
* Iteration should treat evalInFramePrev_ as this frame's previous frame.
*
* - Don't bother to JIT it, because it's probably short-lived.
*
* - It is required to have a environment chain object outside the
* js::EnvironmentObject hierarchy: either a global object, or a
* DebugEnvironmentProxy.
*/
bool isDebuggerEvalFrame()
const {
return isEvalFrame() && !!evalInFramePrev_;
}
bool prevUpToDate()
const {
return !!(flags_ & PREV_UP_TO_DATE); }
void setPrevUpToDate() { flags_ |= PREV_UP_TO_DATE; }
void unsetPrevUpToDate() { flags_ &= ~PREV_UP_TO_DATE; }
bool isDebuggee()
const {
return !!(flags_ & DEBUGGEE); }
void setIsDebuggee() { flags_ |= DEBUGGEE; }
inline void unsetIsDebuggee();
bool hasCachedSavedFrame()
const {
return flags_ & HAS_CACHED_SAVED_FRAME; }
void setHasCachedSavedFrame() { flags_ |= HAS_CACHED_SAVED_FRAME; }
void clearHasCachedSavedFrame() { flags_ &= ~HAS_CACHED_SAVED_FRAME; }
public:
void trace(JSTracer* trc, Value* sp, jsbytecode* pc);
void traceValues(JSTracer* trc,
unsigned start,
unsigned end);
// Entered Baseline/Ion from the interpreter.
bool runningInJit()
const {
return !!(flags_ & RUNNING_IN_JIT); }
void setRunningInJit() { flags_ |= RUNNING_IN_JIT; }
void clearRunningInJit() { flags_ &= ~RUNNING_IN_JIT; }
};
/*****************************************************************************/
class InterpreterRegs {
public:
Value* sp;
jsbytecode* pc;
private:
InterpreterFrame* fp_;
public:
InterpreterFrame* fp()
const {
return fp_; }
unsigned stackDepth()
const {
MOZ_ASSERT(sp >= fp_->base());
return sp - fp_->base();
}
Value* spForStackDepth(
unsigned depth)
const {
MOZ_ASSERT(fp_->script()->nfixed() + depth <= fp_->script()->nslots());
return fp_->base() + depth;
}
void popInlineFrame() {
pc = fp_->prevpc();
unsigned spForNewTarget =
fp_->isResumedGenerator() ? 0 : fp_->isConstructing();
// This code is called when resuming from async and generator code.
// In the case of modules, we don't have arguments, so we can't use
// numActualArgs, which asserts 'hasArgs'.
unsigned nActualArgs = fp_->isModuleFrame() ? 0 : fp_->numActualArgs();
sp = fp_->prevsp() - nActualArgs - 1 - spForNewTarget;
fp_ = fp_->prev();
MOZ_ASSERT(fp_);
}
void prepareToRun(InterpreterFrame& fp, JSScript* script) {
pc = script->code();
sp = fp.slots() + script->nfixed();
fp_ = &fp;
}
void setToEndOfScript();
MutableHandleValue stackHandleAt(
int i) {
return MutableHandleValue::fromMarkedLocation(&sp[i]);
}
HandleValue stackHandleAt(
int i)
const {
return HandleValue::fromMarkedLocation(&sp[i]);
}
friend void GDBTestInitInterpreterRegs(InterpreterRegs&,
js::InterpreterFrame*, JS::Value*,
uint8_t*);
};
/*****************************************************************************/
class InterpreterStack {
friend class InterpreterActivation;
static const size_t DEFAULT_CHUNK_SIZE = 4 * 1024;
LifoAlloc allocator_;
// Number of interpreter frames on the stack, for over-recursion checks.
static const size_t MAX_FRAMES = 50 * 1000;
static const size_t MAX_FRAMES_TRUSTED = MAX_FRAMES + 1000;
size_t frameCount_;
inline uint8_t* allocateFrame(JSContext* cx, size_t size);
inline InterpreterFrame* getCallFrame(JSContext* cx,
const CallArgs& args,
HandleScript script,
MaybeConstruct constructing,
Value** pargv);
void releaseFrame(InterpreterFrame* fp) {
frameCount_--;
allocator_.release(fp->mark_);
}
public:
InterpreterStack()
: allocator_(DEFAULT_CHUNK_SIZE, js::MallocArena), frameCount_(0) {}
~InterpreterStack() { MOZ_ASSERT(frameCount_ == 0); }
// For execution of eval, module or global code.
InterpreterFrame* pushExecuteFrame(JSContext* cx, HandleScript script,
HandleObject envChain,
AbstractFramePtr evalInFrame);
// Called to invoke a function.
InterpreterFrame* pushInvokeFrame(JSContext* cx,
const CallArgs& args,
MaybeConstruct constructing);
// The interpreter can push light-weight, "inline" frames without entering a
// new InterpreterActivation or recursively calling Interpret.
bool pushInlineFrame(JSContext* cx, InterpreterRegs& regs,
const CallArgs& args, HandleScript script,
MaybeConstruct constructing);
void popInlineFrame(InterpreterRegs& regs);
bool resumeGeneratorCallFrame(JSContext* cx, InterpreterRegs& regs,
HandleFunction callee, HandleObject envChain);
inline void purge(JSRuntime* rt);
size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf)
const {
return allocator_.sizeOfExcludingThis(mallocSizeOf);
}
};
void TraceInterpreterActivations(JSContext* cx, JSTracer* trc);
/*****************************************************************************/
/** Base class for all function call args. */
class AnyInvokeArgs :
public JS::CallArgs {};
/** Base class for all function construction args. */
class AnyConstructArgs :
public JS::CallArgs {
// Only js::Construct (or internal methods that call the qualified CallArgs
// versions) should do these things!
void setCallee(
const Value& v) =
delete;
void setThis(
const Value& v) =
delete;
MutableHandleValue newTarget()
const =
delete;
MutableHandleValue rval()
const =
delete;
};
namespace detail {
/** Function call/construct args of statically-unknown count. */
template <MaybeConstruct Construct>
class GenericArgsBase
:
public std::conditional_t<Construct, AnyConstructArgs, AnyInvokeArgs> {
protected:
RootedValueVector v_;
explicit GenericArgsBase(JSContext* cx) : v_(cx) {}
public:
bool init(JSContext* cx, uint64_t argc) {
if (argc > ARGS_LENGTH_MAX) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
JSMSG_TOO_MANY_ARGUMENTS);
return false;
}
// callee, this, arguments[, new.target iff constructing]
size_t len = 2 + argc + uint32_t(Construct);
MOZ_ASSERT(len > argc);
// no overflow
if (!v_.resize(len)) {
return false;
}
*
static_cast<JS::CallArgs*>(
this) = CallArgsFromVp(argc, v_.begin());
this->constructing_ = Construct;
if (Construct) {
this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
}
return true;
}
};
/** Function call/construct args of statically-known count. */
template <MaybeConstruct Construct, size_t N>
class FixedArgsBase
:
public std::conditional_t<Construct, AnyConstructArgs, AnyInvokeArgs> {
// Add +1 here to avoid noisy warning on gcc when N=0 (0 <= unsigned).
static_assert(N + 1 <= ARGS_LENGTH_MAX + 1,
"o/~ too many args o/~");
protected:
JS::RootedValueArray<2 + N + uint32_t(Construct)> v_;
explicit FixedArgsBase(JSContext* cx) : v_(cx) {
*
static_cast<JS::CallArgs*>(
this) = CallArgsFromVp(N, v_.begin());
this->constructing_ = Construct;
if (Construct) {
this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
}
}
};
}
// namespace detail
/** Function call args of statically-unknown count. */
class InvokeArgs :
public detail::GenericArgsBase<NO_CONSTRUCT> {
using Base = detail::GenericArgsBase<NO_CONSTRUCT>;
public:
explicit InvokeArgs(JSContext* cx) : Base(cx) {}
};
/** Function call args of statically-unknown count. */
class InvokeArgsMaybeIgnoresReturnValue
:
public detail::GenericArgsBase<NO_CONSTRUCT> {
using Base = detail::GenericArgsBase<NO_CONSTRUCT>;
public:
explicit InvokeArgsMaybeIgnoresReturnValue(JSContext* cx) : Base(cx) {}
bool init(JSContext* cx,
unsigned argc,
bool ignoresReturnValue) {
if (!Base::init(cx, argc)) {
return false;
}
this->ignoresReturnValue_ = ignoresReturnValue;
return true;
}
};
/** Function call args of statically-known count. */
template <size_t N>
class FixedInvokeArgs :
public detail::FixedArgsBase<NO_CONSTRUCT, N> {
using Base = detail::FixedArgsBase<NO_CONSTRUCT, N>;
public:
explicit FixedInvokeArgs(JSContext* cx) : Base(cx) {}
};
/** Function construct args of statically-unknown count. */
class ConstructArgs :
public detail::GenericArgsBase<CONSTRUCT> {
using Base = detail::GenericArgsBase<CONSTRUCT>;
public:
explicit ConstructArgs(JSContext* cx) : Base(cx) {}
};
/** Function call args of statically-known count. */
template <size_t N>
class FixedConstructArgs :
public detail::FixedArgsBase<CONSTRUCT, N> {
using Base = detail::FixedArgsBase<CONSTRUCT, N>;
public:
explicit FixedConstructArgs(JSContext* cx) : Base(cx) {}
};
template <
class Args,
class Arraylike>
inline bool FillArgumentsFromArraylike(JSContext* cx, Args& args,
const Arraylike& arraylike) {
uint32_t len = arraylike.length();
if (!args.init(cx, len)) {
return false;
}
for (uint32_t i = 0; i < len; i++) {
args[i].set(arraylike[i]);
}
return true;
}
#ifdef ENABLE_PORTABLE_BASELINE_INTERP
struct PortableBaselineStack {
static const size_t DEFAULT_SIZE = 512 * 1024;
void* base;
void* top;
bool valid() {
return base != nullptr; }
PortableBaselineStack() {
base = js_calloc(DEFAULT_SIZE);
top =
reinterpret_cast<
void*>(
reinterpret_cast<uintptr_t>(base) +
DEFAULT_SIZE);
}
~PortableBaselineStack() { js_free(base); }
};
#endif // ENABLE_PORTABLE_BASELINE_INTERP
}
// namespace js
namespace mozilla {
template <>
struct DefaultHasher<js::AbstractFramePtr> {
using Lookup = js::AbstractFramePtr;
static js::HashNumber hash(
const Lookup& key) {
return mozilla::HashGeneric(key.raw());
}
static bool match(
const js::AbstractFramePtr& k,
const Lookup& l) {
return k == l;
}
};
}
// namespace mozilla
#endif // vm_Stack_h
