1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set sw=4 ts=8 et tw=99:
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
17 * The Original Code is Mozilla Communicator client code, released
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
39 * ***** END LICENSE BLOCK ***** */
42 * JS bytecode descriptors, disassemblers, and decompilers.
60 #include "jsversion.h"
72 #include "jsstaticcheck.h"
76 #include "jsinterpinlines.h"
77 #include "jsobjinlines.h"
78 #include "jsscriptinlines.h"
79 #include "jscntxtinlines.h"
81 #include "jsautooplen.h"
84 using namespace js::gc;
87 * Index limit must stay within 32 bits.
89 JS_STATIC_ASSERT(sizeof(uint32) * JS_BITS_PER_BYTE >= INDEX_LIMIT_LOG2 + 1);
91 /* Verify JSOP_XXX_LENGTH constant definitions. */
92 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
93 JS_STATIC_ASSERT(op##_LENGTH == length);
94 #include "jsopcode.tbl"
97 static const char js_incop_strs[][3] = {"++", "--"};
98 static const char js_for_each_str[] = "for each";
100 const JSCodeSpec js_CodeSpec[] = {
101 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
102 {length,nuses,ndefs,prec,format},
103 #include "jsopcode.tbl"
107 uintN js_NumCodeSpecs = JS_ARRAY_LENGTH(js_CodeSpec);
110 * Each element of the array is either a source literal associated with JS
113 static const char *CodeToken[] = {
114 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
116 #include "jsopcode.tbl"
120 #if defined(DEBUG) || defined(JS_JIT_SPEW) || defined(JS_METHODJIT_SPEW)
122 * Array of JS bytecode names used by DEBUG-only js_Disassemble and by
125 const char *js_CodeName[] = {
126 #define OPDEF(op,val,name,token,length,nuses,ndefs,prec,format) \
128 #include "jsopcode.tbl"
133 /************************************************************************/
136 GetJumpOffset(jsbytecode *pc, jsbytecode *pc2)
140 type = JOF_OPTYPE(*pc);
141 if (JOF_TYPE_IS_EXTENDED_JUMP(type))
142 return GET_JUMPX_OFFSET(pc2);
143 return GET_JUMP_OFFSET(pc2);
147 js_GetIndexFromBytecode(JSContext *cx, JSScript *script, jsbytecode *pc,
153 op = js_GetOpcode(cx, script, pc);
154 JS_ASSERT(js_CodeSpec[op].length >= 1 + pcoff + UINT16_LEN);
157 * We need to detect index base prefix. It presents when resetbase
158 * follows the bytecode.
160 span = js_CodeSpec[op].length;
162 if (pc - script->code + span < script->length) {
163 if (pc[span] == JSOP_RESETBASE) {
164 base = GET_INDEXBASE(pc - JSOP_INDEXBASE_LENGTH);
165 } else if (pc[span] == JSOP_RESETBASE0) {
166 JS_ASSERT(JSOP_INDEXBASE1 <= pc[-1] || pc[-1] <= JSOP_INDEXBASE3);
167 base = (pc[-1] - JSOP_INDEXBASE1 + 1) << 16;
170 return base + GET_UINT16(pc + pcoff);
174 js_GetVariableBytecodeLength(jsbytecode *pc)
177 uintN jmplen, ncases;
181 JS_ASSERT(js_CodeSpec[op].length == -1);
183 case JSOP_TABLESWITCHX:
184 jmplen = JUMPX_OFFSET_LEN;
186 case JSOP_TABLESWITCH:
187 jmplen = JUMP_OFFSET_LEN;
189 /* Structure: default-jump case-low case-high case1-jump ... */
191 low = GET_JUMP_OFFSET(pc);
192 pc += JUMP_OFFSET_LEN;
193 high = GET_JUMP_OFFSET(pc);
194 ncases = (uintN)(high - low + 1);
195 return 1 + jmplen + INDEX_LEN + INDEX_LEN + ncases * jmplen;
197 case JSOP_LOOKUPSWITCHX:
198 jmplen = JUMPX_OFFSET_LEN;
201 JS_ASSERT(op == JSOP_LOOKUPSWITCH);
202 jmplen = JUMP_OFFSET_LEN;
204 /* Structure: default-jump case-count (case1-value case1-jump) ... */
206 ncases = GET_UINT16(pc);
207 return 1 + jmplen + INDEX_LEN + ncases * (INDEX_LEN + jmplen);
212 js_GetVariableStackUses(JSOp op, jsbytecode *pc)
214 JS_ASSERT(*pc == op || *pc == JSOP_TRAP);
215 JS_ASSERT(js_CodeSpec[op].nuses == -1);
218 return GET_UINT16(pc);
219 case JSOP_LEAVEBLOCK:
220 return GET_UINT16(pc);
221 case JSOP_LEAVEBLOCKEXPR:
222 return GET_UINT16(pc) + 1;
224 /* stack: fun, this, [argc arguments] */
225 JS_ASSERT(op == JSOP_NEW || op == JSOP_CALL || op == JSOP_EVAL ||
226 op == JSOP_FUNCALL || op == JSOP_FUNAPPLY);
227 return 2 + GET_ARGC(pc);
232 js_GetEnterBlockStackDefs(JSContext *cx, JSScript *script, jsbytecode *pc)
236 JS_ASSERT(*pc == JSOP_ENTERBLOCK || *pc == JSOP_TRAP);
237 GET_OBJECT_FROM_BYTECODE(script, pc, 0, obj);
238 return OBJ_BLOCK_COUNT(cx, obj);
241 class AutoScriptUntrapper {
248 AutoScriptUntrapper(JSContext *cx, JSScript *script, jsbytecode **pc)
249 : cx(cx), script(script), origPC(*pc)
251 jsbytecode *newCode = js_UntrapScriptCode(cx, script);
252 if (newCode == script->code) {
256 script->main += newCode - script->code;
257 *pc = newPC = origPC + (newCode - script->code);
258 script->code = newCode;
261 ~AutoScriptUntrapper()
263 ptrdiff_t delta = newPC - origPC;
265 jsbytecode *oldCode = script->code - delta;
266 cx->free(script->code);
267 script->code = oldCode;
268 script->main -= delta;
275 /* If pc != NULL, includes a prefix indicating whether the PC is at the current line. */
276 JS_FRIEND_API(JSBool)
277 js_DisassembleAtPC(JSContext *cx, JSScript *script, JSBool lines, FILE *fp, jsbytecode *pc)
279 jsbytecode *next, *end;
283 end = next + script->length;
285 if (next == script->main)
286 fputs("main:\n", fp);
293 len = js_Disassemble1(cx, script, next,
303 JS_FRIEND_API(JSBool)
304 js_Disassemble(JSContext *cx, JSScript *script, JSBool lines, FILE *fp)
306 return js_DisassembleAtPC(cx, script, lines, fp, NULL);
309 JS_FRIEND_API(JSBool)
310 js_DumpPC(JSContext *cx)
312 return js_DisassembleAtPC(cx, cx->fp()->script(), true, stdout, cx->regs->pc);
316 js_DumpScript(JSContext *cx, JSScript *script)
318 return js_Disassemble(cx, script, true, stdout);
322 ToDisassemblySource(JSContext *cx, jsval v, JSAutoByteString *bytes)
324 if (!JSVAL_IS_PRIMITIVE(v)) {
325 JSObject *obj = JSVAL_TO_OBJECT(v);
326 Class *clasp = obj->getClass();
328 if (clasp == &js_BlockClass) {
329 char *source = JS_sprintf_append(NULL, "depth %d {", OBJ_BLOCK_DEPTH(cx, obj));
333 Shape::Range r = obj->lastProperty()->all();
335 const Shape &shape = r.front();
336 JSAutoByteString bytes;
337 if (!js_AtomToPrintableString(cx, JSID_TO_ATOM(shape.id), &bytes))
341 source = JS_sprintf_append(source, "%s: %d%s",
342 bytes.ptr(), shape.shortid,
343 !r.empty() ? ", " : "");
348 source = JS_sprintf_append(source, "}");
351 bytes->initBytes(source);
355 if (clasp == &js_FunctionClass) {
356 JSFunction *fun = GET_FUNCTION_PRIVATE(cx, obj);
357 JSString *str = JS_DecompileFunction(cx, fun, JS_DONT_PRETTY_PRINT);
360 return bytes->encode(cx, str);
363 if (clasp == &js_RegExpClass) {
364 AutoValueRooter tvr(cx);
365 if (!js_regexp_toString(cx, obj, tvr.addr()))
367 return bytes->encode(cx, JSVAL_TO_STRING(Jsvalify(tvr.value())));
371 return !!js_ValueToPrintable(cx, Valueify(v), bytes, true);
375 js_Disassemble1(JSContext *cx, JSScript *script, jsbytecode *pc,
376 uintN loc, JSBool lines, FILE *fp)
379 const JSCodeSpec *cs;
380 ptrdiff_t len, off, jmplen;
388 AutoScriptUntrapper untrapper(cx, script, &pc);
391 if (op >= JSOP_LIMIT) {
392 char numBuf1[12], numBuf2[12];
393 JS_snprintf(numBuf1, sizeof numBuf1, "%d", op);
394 JS_snprintf(numBuf2, sizeof numBuf2, "%d", JSOP_LIMIT);
395 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
396 JSMSG_BYTECODE_TOO_BIG, numBuf1, numBuf2);
399 cs = &js_CodeSpec[op];
400 len = (ptrdiff_t) cs->length;
401 fprintf(fp, "%05u:", loc);
403 fprintf(fp, "%4u", JS_PCToLineNumber(cx, script, pc));
404 fprintf(fp, " %s", js_CodeName[op]);
405 type = JOF_TYPE(cs->format);
412 off = GetJumpOffset(pc, pc);
413 fprintf(fp, " %u (%d)", loc + (intN) off, (intN) off);
419 index = js_GetIndexFromBytecode(cx, script, pc, 0);
420 if (type == JOF_ATOM) {
421 if (op == JSOP_DOUBLE) {
422 v = Jsvalify(script->getConst(index));
424 JS_GET_SCRIPT_ATOM(script, pc, index, atom);
425 v = ATOM_TO_JSVAL(atom);
428 if (type == JOF_OBJECT)
429 obj = script->getObject(index);
431 obj = script->getRegExp(index);
432 v = OBJECT_TO_JSVAL(obj);
435 JSAutoByteString bytes;
436 if (!ToDisassemblySource(cx, v, &bytes))
438 fprintf(fp, " %s", bytes.ptr());
443 atom = script->getGlobalAtom(GET_SLOTNO(pc));
444 v = ATOM_TO_JSVAL(atom);
446 JSAutoByteString bytes;
447 if (!ToDisassemblySource(cx, v, &bytes))
449 fprintf(fp, " %s", bytes.ptr());
454 i = (jsint)GET_UINT16(pc);
455 fprintf(fp, " %d", i);
460 i = (jsint)GET_UINT16(pc);
463 case JOF_TABLESWITCH:
464 case JOF_TABLESWITCHX:
469 jmplen = (type == JOF_TABLESWITCH) ? JUMP_OFFSET_LEN
472 off = GetJumpOffset(pc, pc2);
474 low = GET_JUMP_OFFSET(pc2);
475 pc2 += JUMP_OFFSET_LEN;
476 high = GET_JUMP_OFFSET(pc2);
477 pc2 += JUMP_OFFSET_LEN;
478 fprintf(fp, " defaultOffset %d low %d high %d", (intN) off, low, high);
479 for (i = low; i <= high; i++) {
480 off = GetJumpOffset(pc, pc2);
481 fprintf(fp, "\n\t%d: %d", i, (intN) off);
488 case JOF_LOOKUPSWITCH:
489 case JOF_LOOKUPSWITCHX:
494 jmplen = (type == JOF_LOOKUPSWITCH) ? JUMP_OFFSET_LEN
497 off = GetJumpOffset(pc, pc2);
499 npairs = GET_UINT16(pc2);
501 fprintf(fp, " offset %d npairs %u", (intN) off, (uintN) npairs);
503 uint16 constIndex = GET_INDEX(pc2);
505 off = GetJumpOffset(pc, pc2);
508 JSAutoByteString bytes;
509 if (!ToDisassemblySource(cx, Jsvalify(script->getConst(constIndex)), &bytes))
511 fprintf(fp, "\n\t%s: %d", bytes.ptr(), (intN) off);
519 fprintf(fp, " %u", GET_ARGNO(pc));
523 fprintf(fp, " %u", GET_SLOTNO(pc));
527 case JOF_SLOTOBJECT: {
528 fprintf(fp, " %u", GET_SLOTNO(pc));
529 index = js_GetIndexFromBytecode(cx, script, pc, SLOTNO_LEN);
530 if (type == JOF_SLOTATOM) {
531 JS_GET_SCRIPT_ATOM(script, pc, index, atom);
532 v = ATOM_TO_JSVAL(atom);
534 obj = script->getObject(index);
535 v = OBJECT_TO_JSVAL(obj);
538 JSAutoByteString bytes;
539 if (!ToDisassemblySource(cx, v, &bytes))
541 fprintf(fp, " %s", bytes.ptr());
546 JS_ASSERT(op == JSOP_UINT24 || op == JSOP_NEWARRAY);
547 i = (jsint)GET_UINT24(pc);
559 JS_ASSERT(op == JSOP_INT32);
562 fprintf(fp, " %d", i);
567 JS_snprintf(numBuf, sizeof numBuf, "%lx", (unsigned long) cs->format);
568 JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
569 JSMSG_UNKNOWN_FORMAT, numBuf);
579 /************************************************************************/
582 * Sprintf, but with unlimited and automatically allocated buffering.
584 typedef struct Sprinter {
585 JSContext *context; /* context executing the decompiler */
586 JSArenaPool *pool; /* string allocation pool */
587 char *base; /* base address of buffer in pool */
588 size_t size; /* size of buffer allocated at base */
589 ptrdiff_t offset; /* offset of next free char in buffer */
592 #define INIT_SPRINTER(cx, sp, ap, off) \
593 ((sp)->context = cx, (sp)->pool = ap, (sp)->base = NULL, (sp)->size = 0, \
596 #define OFF2STR(sp,off) ((sp)->base + (off))
597 #define STR2OFF(sp,str) ((str) - (sp)->base)
598 #define RETRACT(sp,str) ((sp)->offset = STR2OFF(sp, str))
601 SprintEnsureBuffer(Sprinter *sp, size_t len)
606 nb = (sp->offset + len + 1) - sp->size;
611 JS_ARENA_ALLOCATE_CAST(base, char *, sp->pool, nb);
613 JS_ARENA_GROW_CAST(base, char *, sp->pool, sp->size, nb);
616 js_ReportOutOfScriptQuota(sp->context);
625 SprintPut(Sprinter *sp, const char *s, size_t len)
627 ptrdiff_t offset = sp->size; /* save old size */
628 char *bp = sp->base; /* save old base */
630 /* Allocate space for s, including the '\0' at the end. */
631 if (!SprintEnsureBuffer(sp, len))
634 if (sp->base != bp && /* buffer was realloc'ed */
635 s >= bp && s < bp + offset) { /* s was within the buffer */
636 s = sp->base + (s - bp); /* this is where it lives now */
639 /* Advance offset and copy s into sp's buffer. */
642 bp = sp->base + offset;
649 SprintCString(Sprinter *sp, const char *s)
651 return SprintPut(sp, s, strlen(s));
655 SprintString(Sprinter *sp, JSString *str)
657 size_t length = str->length();
658 const jschar *chars = str->getChars(sp->context);
662 size_t size = js_GetDeflatedStringLength(sp->context, chars, length);
663 if (size == (size_t)-1 || !SprintEnsureBuffer(sp, size))
666 ptrdiff_t offset = sp->offset;
668 js_DeflateStringToBuffer(sp->context, chars, length, sp->base + offset,
670 sp->base[sp->offset] = 0;
676 Sprint(Sprinter *sp, const char *format, ...)
682 va_start(ap, format);
683 bp = JS_vsmprintf(format, ap); /* XXX vsaprintf */
686 JS_ReportOutOfMemory(sp->context);
689 offset = SprintCString(sp, bp);
694 const char js_EscapeMap[] = {
707 #define DONT_ESCAPE 0x10000
710 QuoteString(Sprinter *sp, JSString *str, uint32 quote)
712 /* Sample off first for later return value pointer computation. */
713 JSBool dontEscape = (quote & DONT_ESCAPE) != 0;
714 jschar qc = (jschar) quote;
715 ptrdiff_t off = sp->offset;
716 if (qc && Sprint(sp, "%c", (char)qc) < 0)
719 const jschar *s = str->getChars(sp->context);
722 const jschar *z = s + str->length();
724 /* Loop control variables: z points at end of string sentinel. */
725 for (const jschar *t = s; t < z; s = ++t) {
726 /* Move t forward from s past un-quote-worthy characters. */
728 while (JS_ISPRINT(c) && c != qc && c != '\\' && c != '\t' &&
734 ptrdiff_t len = t - s;
736 /* Allocate space for s, including the '\0' at the end. */
737 if (!SprintEnsureBuffer(sp, len))
740 /* Advance sp->offset and copy s into sp's buffer. */
741 char *bp = sp->base + sp->offset;
750 /* Use js_EscapeMap, \u, or \x only if necessary. */
753 if (!(c >> 8) && (e = strchr(js_EscapeMap, (int)c)) != NULL) {
755 ? Sprint(sp, "%c", (char)c) >= 0
756 : Sprint(sp, "\\%c", e[1]) >= 0;
759 * Use \x only if the high byte is 0 and we're in a quoted string,
760 * because ECMA-262 allows only \u, not \x, in Unicode identifiers
763 ok = Sprint(sp, (qc && !(c >> 8)) ? "\\x%02X" : "\\u%04X", c) >= 0;
769 /* Sprint the closing quote and return the quoted string. */
770 if (qc && Sprint(sp, "%c", (char)qc) < 0)
774 * If we haven't Sprint'd anything yet, Sprint an empty string so that
775 * the OFF2STR below gives a valid result.
777 if (off == sp->offset && Sprint(sp, "") < 0)
779 return OFF2STR(sp, off);
783 js_QuoteString(JSContext *cx, JSString *str, jschar quote)
790 mark = JS_ARENA_MARK(&cx->tempPool);
791 INIT_SPRINTER(cx, &sprinter, &cx->tempPool, 0);
792 bytes = QuoteString(&sprinter, str, quote);
793 escstr = bytes ? JS_NewStringCopyZ(cx, bytes) : NULL;
794 JS_ARENA_RELEASE(&cx->tempPool, mark);
798 /************************************************************************/
801 Sprinter sprinter; /* base class state */
802 JSArenaPool pool; /* string allocation pool */
803 uintN indent; /* indentation in spaces */
804 bool pretty; /* pretty-print: indent, use newlines */
805 bool grouped; /* in parenthesized expression context */
806 bool strict; /* in code marked strict */
807 JSScript *script; /* script being printed */
808 jsbytecode *dvgfence; /* DecompileExpression fencepost */
809 jsbytecode **pcstack; /* DecompileExpression modeled stack */
810 JSFunction *fun; /* interpreted function */
811 jsuword *localNames; /* argument and variable names */
815 js_NewPrinter(JSContext *cx, const char *name, JSFunction *fun,
816 uintN indent, JSBool pretty, JSBool grouped, JSBool strict)
820 jp = (JSPrinter *) cx->malloc(sizeof(JSPrinter));
823 INIT_SPRINTER(cx, &jp->sprinter, &jp->pool, 0);
824 JS_InitArenaPool(&jp->pool, name, 256, 1, &cx->scriptStackQuota);
826 jp->pretty = !!pretty;
827 jp->grouped = !!grouped;
828 jp->strict = !!strict;
833 jp->localNames = NULL;
834 if (fun && fun->isInterpreted() && fun->script()->bindings.hasLocalNames()) {
835 jp->localNames = fun->script()->bindings.getLocalNameArray(cx, &jp->pool);
836 if (!jp->localNames) {
837 js_DestroyPrinter(jp);
845 js_DestroyPrinter(JSPrinter *jp)
847 JS_FinishArenaPool(&jp->pool);
848 jp->sprinter.context->free(jp);
852 js_GetPrinterOutput(JSPrinter *jp)
857 cx = jp->sprinter.context;
858 if (!jp->sprinter.base)
859 return cx->runtime->emptyString;
860 str = JS_NewStringCopyZ(cx, jp->sprinter.base);
863 JS_FreeArenaPool(&jp->pool);
864 INIT_SPRINTER(cx, &jp->sprinter, &jp->pool, 0);
869 * NB: Indexed by SRC_DECL_* defines from jsemit.h.
871 static const char * const var_prefix[] = {"var ", "const ", "let "};
874 VarPrefix(jssrcnote *sn)
876 if (sn && (SN_TYPE(sn) == SRC_DECL || SN_TYPE(sn) == SRC_GROUPASSIGN)) {
877 ptrdiff_t type = js_GetSrcNoteOffset(sn, 0);
878 if ((uintN)type <= SRC_DECL_LET)
879 return var_prefix[type];
885 js_printf(JSPrinter *jp, const char *format, ...)
894 va_start(ap, format);
896 /* If pretty-printing, expand magic tab into a run of jp->indent spaces. */
897 if (*format == '\t') {
899 if (jp->pretty && Sprint(&jp->sprinter, "%*s", jp->indent, "") < 0) {
905 /* Suppress newlines (must be once per format, at the end) if not pretty. */
907 if (!jp->pretty && format[cc = strlen(format) - 1] == '\n') {
908 fp = JS_strdup(jp->sprinter.context, format);
917 /* Allocate temp space, convert format, and put. */
918 bp = JS_vsmprintf(format, ap); /* XXX vsaprintf */
920 jp->sprinter.context->free(fp);
924 JS_ReportOutOfMemory(jp->sprinter.context);
930 if (SprintPut(&jp->sprinter, bp, (size_t)cc) < 0)
939 js_puts(JSPrinter *jp, const char *s)
941 return SprintCString(&jp->sprinter, s) >= 0;
944 /************************************************************************/
946 typedef struct SprintStack {
947 Sprinter sprinter; /* sprinter for postfix to infix buffering */
948 ptrdiff_t *offsets; /* stack of postfix string offsets */
949 jsbytecode *opcodes; /* parallel stack of JS opcodes */
950 uintN top; /* top of stack index */
951 uintN inArrayInit; /* array initialiser/comprehension level */
952 JSBool inGenExp; /* in generator expression */
953 JSPrinter *printer; /* permanent output goes here */
957 * Find the depth of the operand stack when the interpreter reaches the given
958 * pc in script. pcstack must have space for least script->depth elements. On
959 * return it will contain pointers to opcodes that populated the interpreter's
960 * current operand stack.
962 * This function cannot raise an exception or error. However, due to a risk of
963 * potential bugs when modeling the stack, the function returns -1 if it
964 * detects an inconsistency in the model. Such an inconsistency triggers an
965 * assert in a debug build.
968 ReconstructPCStack(JSContext *cx, JSScript *script, jsbytecode *pc,
969 jsbytecode **pcstack);
971 #define FAILED_EXPRESSION_DECOMPILER ((char *) 1)
974 * Decompile a part of expression up to the given pc. The function returns
975 * NULL on out-of-memory, or the FAILED_EXPRESSION_DECOMPILER sentinel when
976 * the decompiler fails due to a bug and/or unimplemented feature, or the
977 * decompiled string on success.
980 DecompileExpression(JSContext *cx, JSScript *script, JSFunction *fun,
984 * Get a stacked offset from ss->sprinter.base, or if the stacked value |off|
985 * is negative, fetch the generating pc from printer->pcstack[-2 - off] and
986 * decompile the code that generated the missing value. This is used when
987 * reporting errors, where the model stack will lack |pcdepth| non-negative
988 * offsets (see DecompileExpression and DecompileCode).
990 * If the stacked offset is -1, return 0 to index the NUL padding at the start
991 * of ss->sprinter.base. If this happens, it means there is a decompiler bug
992 * to fix, but it won't violate memory safety.
995 GetOff(SprintStack *ss, uintN i)
1001 off = ss->offsets[i];
1005 JS_ASSERT(off <= -2);
1006 JS_ASSERT(ss->printer->pcstack);
1007 if (off <= -2 && ss->printer->pcstack) {
1008 pc = ss->printer->pcstack[-2 - off];
1009 bytes = DecompileExpression(ss->sprinter.context, ss->printer->script,
1010 ss->printer->fun, pc);
1013 if (bytes != FAILED_EXPRESSION_DECOMPILER) {
1014 off = SprintCString(&ss->sprinter, bytes);
1017 ss->offsets[i] = off;
1018 ss->sprinter.context->free(bytes);
1021 if (!ss->sprinter.base && SprintPut(&ss->sprinter, "", 0) >= 0) {
1022 memset(ss->sprinter.base, 0, ss->sprinter.offset);
1023 ss->offsets[i] = -1;
1030 GetStr(SprintStack *ss, uintN i)
1035 * Must call GetOff before using ss->sprinter.base, since it may be null
1036 * until bootstrapped by GetOff.
1038 off = GetOff(ss, i);
1039 return OFF2STR(&ss->sprinter, off);
1043 * Gap between stacked strings to allow for insertion of parens and commas
1044 * when auto-parenthesizing expressions and decompiling array initialisers.
1046 #define PAREN_SLOP (2 + 1)
1048 /* Fake opcodes (see jsopcode.h) must not overflow unsigned 8-bit space. */
1049 JS_STATIC_ASSERT(JSOP_FAKE_LIMIT <= 255);
1052 AddParenSlop(SprintStack *ss)
1054 memset(OFF2STR(&ss->sprinter, ss->sprinter.offset), 0, PAREN_SLOP);
1055 ss->sprinter.offset += PAREN_SLOP;
1059 PushOff(SprintStack *ss, ptrdiff_t off, JSOp op)
1063 if (!SprintEnsureBuffer(&ss->sprinter, PAREN_SLOP))
1066 /* ss->top points to the next free slot; be paranoid about overflow. */
1068 JS_ASSERT(top < StackDepth(ss->printer->script));
1069 if (top >= StackDepth(ss->printer->script)) {
1070 JS_ReportOutOfMemory(ss->sprinter.context);
1074 /* The opcodes stack must contain real bytecodes that index js_CodeSpec. */
1075 ss->offsets[top] = off;
1076 ss->opcodes[top] = jsbytecode((op == JSOP_GETPROP2) ? JSOP_GETPROP
1077 : (op == JSOP_GETELEM2) ? JSOP_GETELEM
1085 PopOffPrec(SprintStack *ss, uint8 prec)
1088 const JSCodeSpec *topcs;
1091 /* ss->top points to the next free slot; be paranoid about underflow. */
1093 JS_ASSERT(top != 0);
1098 off = GetOff(ss, top);
1099 topcs = &js_CodeSpec[ss->opcodes[top]];
1100 if (topcs->prec != 0 && topcs->prec < prec) {
1101 ss->sprinter.offset = ss->offsets[top] = off - 2;
1102 off = Sprint(&ss->sprinter, "(%s)", OFF2STR(&ss->sprinter, off));
1104 ss->sprinter.offset = off;
1110 PopStrPrec(SprintStack *ss, uint8 prec)
1114 off = PopOffPrec(ss, prec);
1115 return OFF2STR(&ss->sprinter, off);
1119 PopOff(SprintStack *ss, JSOp op)
1121 return PopOffPrec(ss, js_CodeSpec[op].prec);
1125 PopStr(SprintStack *ss, JSOp op)
1127 return PopStrPrec(ss, js_CodeSpec[op].prec);
1131 IsInitializerOp(unsigned char op)
1133 return op == JSOP_NEWINIT || op == JSOP_NEWARRAY || op == JSOP_NEWOBJECT;
1136 typedef struct TableEntry {
1140 jsint order; /* source order for stable tableswitch sort */
1144 CompareOffsets(void *arg, const void *v1, const void *v2, int *result)
1146 ptrdiff_t offset_diff;
1147 const TableEntry *te1 = (const TableEntry *) v1,
1148 *te2 = (const TableEntry *) v2;
1150 offset_diff = te1->offset - te2->offset;
1151 *result = (offset_diff == 0 ? te1->order - te2->order
1152 : offset_diff < 0 ? -1
1158 SprintDoubleValue(Sprinter *sp, jsval v, JSOp *opp)
1164 JS_ASSERT(JSVAL_IS_DOUBLE(v));
1165 d = JSVAL_TO_DOUBLE(v);
1166 if (JSDOUBLE_IS_NEGZERO(d)) {
1167 todo = SprintCString(sp, "-0");
1169 } else if (!JSDOUBLE_IS_FINITE(d)) {
1170 /* Don't use Infinity and NaN, they're mutable. */
1171 todo = SprintCString(sp,
1180 s = NumberToCString(sp->context, &cbuf, d);
1182 JS_ReportOutOfMemory(sp->context);
1185 JS_ASSERT(strcmp(s, js_Infinity_str) &&
1187 strcmp(s + 1, js_Infinity_str)) &&
1188 strcmp(s, js_NaN_str));
1189 todo = Sprint(sp, s);
1195 Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop);
1198 DecompileSwitch(SprintStack *ss, TableEntry *table, uintN tableLength,
1199 jsbytecode *pc, ptrdiff_t switchLength,
1200 ptrdiff_t defaultOffset, JSBool isCondSwitch)
1204 ptrdiff_t off, off2, diff, caseExprOff, todo;
1210 cx = ss->sprinter.context;
1213 /* JSOP_CONDSWITCH doesn't pop, unlike JSOP_{LOOKUP,TABLE}SWITCH. */
1214 off = isCondSwitch ? GetOff(ss, ss->top-1) : PopOff(ss, JSOP_NOP);
1215 lval = OFF2STR(&ss->sprinter, off);
1217 js_printf(jp, "\tswitch (%s) {\n", lval);
1220 diff = table[0].offset - defaultOffset;
1223 js_printf(jp, "\t%s:\n", js_default_str);
1225 if (!Decompile(ss, pc + defaultOffset, diff, JSOP_NOP))
1230 caseExprOff = isCondSwitch ? JSOP_CONDSWITCH_LENGTH : 0;
1232 for (i = 0; i < tableLength; i++) {
1233 off = table[i].offset;
1234 off2 = (i + 1 < tableLength) ? table[i + 1].offset : switchLength;
1238 ptrdiff_t nextCaseExprOff;
1241 * key encodes the JSOP_CASE bytecode's offset from switchtop.
1242 * The next case expression follows immediately, unless we are
1245 nextCaseExprOff = (ptrdiff_t)JSVAL_TO_INT(key);
1246 nextCaseExprOff += js_CodeSpec[pc[nextCaseExprOff]].length;
1248 if (!Decompile(ss, pc + caseExprOff,
1249 nextCaseExprOff - caseExprOff, JSOP_NOP)) {
1252 caseExprOff = nextCaseExprOff;
1254 /* Balance the stack as if this JSOP_CASE matched. */
1258 * key comes from an atom, not the decompiler, so we need to
1259 * quote it if it's a string literal. But if table[i].label
1260 * is non-null, key was constant-propagated and label is the
1261 * name of the const we should show as the case label. We set
1262 * key to undefined so this identifier is escaped, if required
1263 * by non-ASCII characters, but not quoted, by QuoteString.
1266 if (table[i].label) {
1267 str = ATOM_TO_STRING(table[i].label);
1269 } else if (JSVAL_IS_DOUBLE(key)) {
1272 todo = SprintDoubleValue(&ss->sprinter, key, &junk);
1275 str = js_ValueToString(cx, Valueify(key));
1280 rval = OFF2STR(&ss->sprinter, todo);
1282 rval = QuoteString(&ss->sprinter, str, (jschar)
1283 (JSVAL_IS_STRING(key) ? '"' : 0));
1287 RETRACT(&ss->sprinter, rval);
1289 js_printf(jp, "\tcase %s:\n", rval);
1293 if (off <= defaultOffset && defaultOffset < off2) {
1294 diff = defaultOffset - off;
1296 if (!Decompile(ss, pc + off, diff, JSOP_NOP))
1298 off = defaultOffset;
1301 js_printf(jp, "\t%s:\n", js_default_str);
1304 if (!Decompile(ss, pc + off, off2 - off, JSOP_NOP))
1308 /* Re-balance as if last JSOP_CASE or JSOP_DEFAULT mismatched. */
1314 if (defaultOffset == switchLength) {
1316 js_printf(jp, "\t%s:;\n", js_default_str);
1319 js_printf(jp, "\t}\n");
1321 /* By the end of a JSOP_CONDSWITCH, the discriminant has been popped. */
1327 #define LOCAL_ASSERT_CUSTOM(expr, BAD_EXIT) \
1330 if (!(expr)) { BAD_EXIT; } \
1333 #define LOCAL_ASSERT_RV(expr, rv) \
1334 LOCAL_ASSERT_CUSTOM(expr, return (rv))
1337 GetArgOrVarAtom(JSPrinter *jp, uintN slot)
1341 LOCAL_ASSERT_RV(jp->fun, NULL);
1342 LOCAL_ASSERT_RV(slot < jp->fun->script()->bindings.countLocalNames(), NULL);
1343 name = JS_LOCAL_NAME_TO_ATOM(jp->localNames[slot]);
1344 #if !JS_HAS_DESTRUCTURING
1345 LOCAL_ASSERT_RV(name, NULL);
1351 GetLocal(SprintStack *ss, jsint i)
1353 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, "")
1355 ptrdiff_t off = ss->offsets[i];
1357 return OFF2STR(&ss->sprinter, off);
1360 * We must be called from js_DecompileValueGenerator (via Decompile) when
1361 * dereferencing a local that's undefined or null. Search script->objects
1362 * for the block containing this local by its stack index, i.
1364 * In case of destructuring's use of JSOP_GETLOCAL, however, there may be
1365 * no such local. This could mean no blocks (no script objects at all, or
1366 * none of the script's object literals are blocks), or the stack slot i is
1367 * not in a block. In either case, return GetStr(ss, i).
1369 JSScript *script = ss->printer->script;
1370 if (!JSScript::isValidOffset(script->objectsOffset))
1371 return GetStr(ss, i);
1373 for (jsatomid j = 0, n = script->objects()->length; j != n; j++) {
1374 JSObject *obj = script->getObject(j);
1375 if (obj->isBlock()) {
1376 jsint depth = OBJ_BLOCK_DEPTH(cx, obj);
1377 jsint count = OBJ_BLOCK_COUNT(cx, obj);
1379 if (jsuint(i - depth) < jsuint(count)) {
1380 jsint slot = i - depth;
1382 for (Shape::Range r(obj->lastProperty()); !r.empty(); r.popFront()) {
1383 const Shape &shape = r.front();
1385 if (shape.shortid == slot) {
1386 LOCAL_ASSERT(JSID_IS_ATOM(shape.id));
1388 JSAtom *atom = JSID_TO_ATOM(shape.id);
1389 const char *rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
1393 RETRACT(&ss->sprinter, rval);
1403 return GetStr(ss, i);
1409 IsVarSlot(JSPrinter *jp, jsbytecode *pc, jsint *indexp)
1413 slot = GET_SLOTNO(pc);
1414 if (slot < jp->script->nfixed) {
1415 /* The slot refers to a variable with name stored in jp->localNames. */
1416 *indexp = jp->fun->nargs + slot;
1420 /* We have a local which index is relative to the stack base. */
1421 slot -= jp->script->nfixed;
1422 JS_ASSERT(slot < StackDepth(jp->script));
1427 #define LOAD_ATOM(PCOFF) \
1428 GET_ATOM_FROM_BYTECODE(jp->script, pc, PCOFF, atom)
1430 #if JS_HAS_DESTRUCTURING
1432 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1433 #define LOAD_OP_DATA(pc) (oplen = (cs = &js_CodeSpec[op=(JSOp)*pc])->length)
1436 DecompileDestructuring(SprintStack *ss, jsbytecode *pc, jsbytecode *endpc);
1439 DecompileDestructuringLHS(SprintStack *ss, jsbytecode *pc, jsbytecode *endpc,
1445 const JSCodeSpec *cs;
1448 const char *lval, *xval;
1453 cx = ss->sprinter.context;
1460 todo = SprintPut(&ss->sprinter, ", ", 2);
1464 pc = DecompileDestructuring(ss, pc, endpc);
1470 lval = PopStr(ss, JSOP_NOP);
1471 todo = SprintCString(&ss->sprinter, lval);
1472 if (op == JSOP_POPN)
1474 LOCAL_ASSERT(*pc == JSOP_POP);
1479 LOCAL_ASSERT(pc[oplen] == JSOP_POP || pc[oplen] == JSOP_POPN);
1482 case JSOP_SETLOCALPOP:
1485 if (op == JSOP_SETARG) {
1486 atom = GetArgOrVarAtom(jp, GET_SLOTNO(pc));
1488 } else if (IsVarSlot(jp, pc, &i)) {
1489 atom = GetArgOrVarAtom(jp, i);
1492 lval = GetLocal(ss, i);
1495 JSAutoByteString bytes;
1497 lval = js_AtomToPrintableString(cx, atom, &bytes);
1499 todo = SprintCString(&ss->sprinter, lval);
1501 if (op != JSOP_SETLOCALPOP) {
1506 if (op == JSOP_POPN)
1508 LOCAL_ASSERT(op == JSOP_POP);
1514 * We may need to auto-parenthesize the left-most value decompiled
1515 * here, so add back PAREN_SLOP temporarily. Then decompile until the
1516 * opcode that would reduce the stack depth to (ss->top-1), which we
1517 * pass to Decompile encoded as -(ss->top-1) - 1 or just -ss->top for
1520 todo = ss->sprinter.offset;
1521 ss->sprinter.offset = todo + PAREN_SLOP;
1522 pc = Decompile(ss, pc, -((intN)ss->top), JSOP_NOP);
1528 LOCAL_ASSERT(op == JSOP_ENUMELEM || op == JSOP_ENUMCONSTELEM);
1529 xval = PopStr(ss, JSOP_NOP);
1530 lval = PopStr(ss, JSOP_GETPROP);
1531 ss->sprinter.offset = todo;
1532 if (*lval == '\0') {
1533 /* lval is from JSOP_BINDNAME, so just print xval. */
1534 todo = SprintCString(&ss->sprinter, xval);
1535 } else if (*xval == '\0') {
1536 /* xval is from JSOP_SETCALL or JSOP_BINDXMLNAME, print lval. */
1537 todo = SprintCString(&ss->sprinter, lval);
1539 todo = Sprint(&ss->sprinter,
1540 (JOF_OPMODE(ss->opcodes[ss->top+1]) == JOF_XMLNAME)
1551 LOCAL_ASSERT(pc < endpc);
1557 * Starting with a SRC_DESTRUCT-annotated JSOP_DUP, decompile a destructuring
1558 * left-hand side object or array initialiser, including nested destructuring
1559 * initialisers. On successful return, the decompilation will be pushed on ss
1560 * and the return value will point to the POP or GROUP bytecode following the
1561 * destructuring expression.
1563 * At any point, if pc is equal to endpc and would otherwise advance, we stop
1564 * immediately and return endpc.
1567 DecompileDestructuring(SprintStack *ss, jsbytecode *pc, jsbytecode *endpc)
1573 const JSCodeSpec *cs;
1582 LOCAL_ASSERT(*pc == JSOP_DUP);
1583 pc += JSOP_DUP_LENGTH;
1586 * Set head so we can rewrite '[' to '{' as needed. Back up PAREN_SLOP
1587 * chars so the destructuring decompilation accumulates contiguously in
1588 * ss->sprinter starting with "[".
1590 head = SprintPut(&ss->sprinter, "[", 1);
1591 if (head < 0 || !PushOff(ss, head, JSOP_NOP))
1593 ss->sprinter.offset -= PAREN_SLOP;
1594 LOCAL_ASSERT(head == ss->sprinter.offset - 1);
1595 LOCAL_ASSERT(*OFF2STR(&ss->sprinter, head) == '[');
1597 cx = ss->sprinter.context;
1601 while (pc < endpc) {
1602 #if JS_HAS_DESTRUCTURING_SHORTHAND
1603 ptrdiff_t nameoff = -1;
1614 /* Handle the optimized number-pushing opcodes. */
1615 case JSOP_ZERO: d = i = 0; goto do_getelem;
1616 case JSOP_ONE: d = i = 1; goto do_getelem;
1617 case JSOP_UINT16: d = i = GET_UINT16(pc); goto do_getelem;
1618 case JSOP_UINT24: d = i = GET_UINT24(pc); goto do_getelem;
1619 case JSOP_INT8: d = i = GET_INT8(pc); goto do_getelem;
1620 case JSOP_INT32: d = i = GET_INT32(pc); goto do_getelem;
1623 GET_DOUBLE_FROM_BYTECODE(jp->script, pc, 0, d);
1624 LOCAL_ASSERT(JSDOUBLE_IS_FINITE(d) && !JSDOUBLE_IS_NEGZERO(d));
1628 sn = js_GetSrcNote(jp->script, pc);
1633 LOCAL_ASSERT(op == JSOP_GETELEM);
1635 /* Distinguish object from array by opcode or source note. */
1636 if (sn && SN_TYPE(sn) == SRC_INITPROP) {
1637 *OFF2STR(&ss->sprinter, head) = '{';
1638 if (Sprint(&ss->sprinter, "%g: ", d) < 0)
1641 /* Sanity check for the gnarly control flow above. */
1642 LOCAL_ASSERT(i == d);
1644 /* Fill in any holes (holes at the end don't matter). */
1645 while (++lasti < i) {
1646 if (SprintPut(&ss->sprinter, ", ", 2) < 0)
1653 atom = cx->runtime->atomState.lengthAtom;
1654 goto do_destructure_atom;
1659 do_destructure_atom:
1661 *OFF2STR(&ss->sprinter, head) = '{';
1662 #if JS_HAS_DESTRUCTURING_SHORTHAND
1663 nameoff = ss->sprinter.offset;
1665 if (!QuoteString(&ss->sprinter, atom,
1666 js_IsIdentifier(atom) ? 0 : (jschar)'\'')) {
1669 if (SprintPut(&ss->sprinter, ": ", 2) < 0)
1683 * Decompile the left-hand side expression whose bytecode starts at pc
1684 * and continues for a bounded number of bytecodes or stack operations
1685 * (and which in any event stops before endpc).
1687 pc = DecompileDestructuringLHS(ss, pc, endpc, &hole);
1691 #if JS_HAS_DESTRUCTURING_SHORTHAND
1693 ptrdiff_t offset, initlen;
1695 offset = ss->sprinter.offset;
1696 LOCAL_ASSERT(*OFF2STR(&ss->sprinter, offset) == '\0');
1697 initlen = offset - nameoff;
1698 LOCAL_ASSERT(initlen >= 4);
1700 /* Early check to rule out odd "name: lval" length. */
1701 if (((size_t)initlen & 1) == 0) {
1706 * Even "name: lval" string length: check for "x: x" and the
1707 * like, and apply the shorthand if we can.
1709 namelen = (size_t)(initlen - 2) >> 1;
1710 name = OFF2STR(&ss->sprinter, nameoff);
1711 if (!strncmp(name + namelen, ": ", 2) &&
1712 !strncmp(name, name + namelen + 2, namelen)) {
1713 offset -= namelen + 2;
1714 *OFF2STR(&ss->sprinter, offset) = '\0';
1715 ss->sprinter.offset = offset;
1721 if (pc == endpc || *pc != JSOP_DUP)
1725 * We should stop if JSOP_DUP is either without notes or its note is
1726 * not SRC_CONTINUE. The former happens when JSOP_DUP duplicates the
1727 * last destructuring reference implementing an op= assignment like in
1728 * '([t] = z).y += x'. In the latter case the note is SRC_DESTRUCT and
1729 * means another destructuring initialiser abuts this one like in
1732 sn = js_GetSrcNote(jp->script, pc);
1735 if (SN_TYPE(sn) != SRC_CONTINUE) {
1736 LOCAL_ASSERT(SN_TYPE(sn) == SRC_DESTRUCT);
1740 if (!hole && SprintPut(&ss->sprinter, ", ", 2) < 0)
1743 pc += JSOP_DUP_LENGTH;
1747 lval = OFF2STR(&ss->sprinter, head);
1748 if (SprintPut(&ss->sprinter, (*lval == '[') ? "]" : "}", 1) < 0)
1754 DecompileGroupAssignment(SprintStack *ss, jsbytecode *pc, jsbytecode *endpc,
1755 jssrcnote *sn, ptrdiff_t *todop)
1758 const JSCodeSpec *cs;
1759 uintN oplen, start, end, i;
1765 LOCAL_ASSERT(op == JSOP_PUSH || op == JSOP_GETLOCAL);
1767 todo = Sprint(&ss->sprinter, "%s[", VarPrefix(sn));
1768 if (todo < 0 || !PushOff(ss, todo, JSOP_NOP))
1770 ss->sprinter.offset -= PAREN_SLOP;
1776 pc = DecompileDestructuringLHS(ss, pc, endpc, &hole);
1782 if (op != JSOP_PUSH && op != JSOP_GETLOCAL)
1784 if (!hole && SprintPut(&ss->sprinter, ", ", 2) < 0)
1788 LOCAL_ASSERT(op == JSOP_POPN);
1789 if (SprintPut(&ss->sprinter, "] = [", 5) < 0)
1793 start = end - GET_UINT16(pc);
1794 for (i = start; i < end; i++) {
1795 rval = GetStr(ss, i);
1796 if (Sprint(&ss->sprinter,
1797 (i == start) ? "%s" : ", %s",
1798 (i == end - 1 && *rval == '\0') ? ", " : rval) < 0) {
1803 if (SprintPut(&ss->sprinter, "]", 1) < 0)
1805 ss->sprinter.offset = ss->offsets[i];
1814 #endif /* JS_HAS_DESTRUCTURING */
1817 InitSprintStack(JSContext *cx, SprintStack *ss, JSPrinter *jp, uintN depth)
1819 size_t offsetsz, opcodesz;
1822 INIT_SPRINTER(cx, &ss->sprinter, &cx->tempPool, PAREN_SLOP);
1824 /* Allocate the parallel (to avoid padding) offset and opcode stacks. */
1825 offsetsz = depth * sizeof(ptrdiff_t);
1826 opcodesz = depth * sizeof(jsbytecode);
1827 JS_ARENA_ALLOCATE(space, &cx->tempPool, offsetsz + opcodesz);
1829 js_ReportOutOfScriptQuota(cx);
1832 ss->offsets = (ptrdiff_t *) space;
1833 ss->opcodes = (jsbytecode *) ((char *)space + offsetsz);
1835 ss->top = ss->inArrayInit = 0;
1836 ss->inGenExp = JS_FALSE;
1842 * If nb is non-negative, decompile nb bytecodes starting at pc. Otherwise
1843 * the decompiler starts at pc and continues until it reaches an opcode for
1844 * which decompiling would result in the stack depth equaling -(nb + 1).
1846 * The nextop parameter is either JSOP_NOP or the "next" opcode in order of
1847 * abstract interpretation (not necessarily physically next in a bytecode
1848 * vector). So nextop is JSOP_POP for the last operand in a comma expression,
1849 * or JSOP_AND for the right operand of &&.
1852 Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop)
1855 JSPrinter *jp, *jp2;
1856 jsbytecode *startpc, *endpc, *pc2, *done;
1857 ptrdiff_t tail, todo, len, oplen, cond, next;
1858 JSOp op, lastop, saveop;
1859 const JSCodeSpec *cs;
1860 jssrcnote *sn, *sn2;
1861 const char *lval, *rval, *xval, *fmt, *token;
1870 #if JS_HAS_XML_SUPPORT
1871 JSBool foreach, inXML, quoteAttr;
1873 #define inXML JS_FALSE
1877 static const char exception_cookie[] = "/*EXCEPTION*/";
1878 static const char retsub_pc_cookie[] = "/*RETSUB_PC*/";
1879 static const char forelem_cookie[] = "/*FORELEM*/";
1880 static const char with_cookie[] = "/*WITH*/";
1881 static const char dot_format[] = "%s.%s";
1882 static const char index_format[] = "%s[%s]";
1883 static const char predot_format[] = "%s%s.%s";
1884 static const char postdot_format[] = "%s.%s%s";
1885 static const char preindex_format[] = "%s%s[%s]";
1886 static const char postindex_format[] = "%s[%s]%s";
1887 static const char ss_format[] = "%s%s";
1888 static const char sss_format[] = "%s%s%s";
1890 /* Argument and variables decompilation uses the following to share code. */
1891 JS_STATIC_ASSERT(ARGNO_LEN == SLOTNO_LEN);
1896 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, NULL)
1897 #define DECOMPILE_CODE(pc,nb) if (!Decompile(ss, pc, nb, JSOP_NOP)) return NULL
1898 #define NEXT_OP(pc) (((pc) + (len) == endpc) ? nextop : pc[len])
1899 #define TOP_STR() GetStr(ss, ss->top - 1)
1900 #define POP_STR() PopStr(ss, op)
1901 #define POP_STR_PREC(prec) PopStrPrec(ss, prec)
1904 * Pop a condition expression for if/while. JSOP_IFEQ's precedence forces
1905 * extra parens around assignment, which avoids a strict-mode warning.
1907 #define POP_COND_STR() \
1908 PopStr(ss, (js_CodeSpec[ss->opcodes[ss->top - 1]].format & JOF_SET) \
1912 #define ATOM_IS_IDENTIFIER(atom) js_IsIdentifier(atom)
1915 * Given an atom already fetched from jp->script's atom map, quote/escape its
1916 * string appropriately into rval, and select fmt from the quoted and unquoted
1919 #define GET_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1922 if (!ATOM_IS_IDENTIFIER(atom)) { \
1929 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), quote_); \
1934 #define LOAD_OBJECT(PCOFF) \
1935 GET_OBJECT_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1937 #define LOAD_FUNCTION(PCOFF) \
1938 GET_FUNCTION_FROM_BYTECODE(jp->script, pc, PCOFF, fun)
1940 #define LOAD_REGEXP(PCOFF) \
1941 GET_REGEXP_FROM_BYTECODE(jp->script, pc, PCOFF, obj)
1943 #define GET_SOURCE_NOTE_ATOM(sn, atom) \
1945 jsatomid atomIndex_ = (jsatomid) js_GetSrcNoteOffset((sn), 0); \
1947 LOCAL_ASSERT(atomIndex_ < jp->script->atomMap.length); \
1948 (atom) = jp->script->atomMap.vector[atomIndex_]; \
1952 * Get atom from jp->script's atom map, quote/escape its string appropriately
1953 * into rval, and select fmt from the quoted and unquoted alternatives.
1955 #define GET_ATOM_QUOTE_AND_FMT(qfmt, ufmt, rval) \
1958 GET_QUOTE_AND_FMT(qfmt, ufmt, rval); \
1962 * Per spec, new x(y).z means (new x(y))).z. For example new (x(y).z) must
1963 * decompile with the constructor parenthesized, but new x.z should not. The
1964 * normal rules give x(y).z and x.z identical precedence: both are produced by
1967 * Therefore, we need to know in case JSOP_NEW whether the constructor
1968 * expression contains any unparenthesized function calls. So when building a
1969 * MemberExpression or CallExpression, we set ss->opcodes[n] to JSOP_CALL if
1970 * this is true. x(y).z gets JSOP_CALL, not JSOP_GETPROP.
1972 #define PROPAGATE_CALLNESS() \
1974 if (ss->opcodes[ss->top - 1] == JSOP_CALL || \
1975 ss->opcodes[ss->top - 1] == JSOP_EVAL || \
1976 ss->opcodes[ss->top - 1] == JSOP_FUNCALL || \
1977 ss->opcodes[ss->top - 1] == JSOP_FUNAPPLY) { \
1978 saveop = JSOP_CALL; \
1982 cx = ss->sprinter.context;
1983 JS_CHECK_RECURSION(cx, return NULL);
1987 endpc = (nb < 0) ? jp->script->code + jp->script->length : pc + nb;
1989 todo = -2; /* NB: different from Sprint() error return. */
1993 #if JS_HAS_XML_SUPPORT
1994 foreach = inXML = quoteAttr = JS_FALSE;
1997 while (nb < 0 || pc < endpc) {
1999 * Move saveop to lastop so prefixed bytecodes can take special action
2000 * while sharing maximal code. Set op and saveop to the new bytecode,
2001 * use op in POP_STR to trigger automatic parenthesization, but push
2002 * saveop at the bottom of the loop if this op pushes. Thus op may be
2003 * set to nop or otherwise mutated to suppress auto-parens.
2007 cs = &js_CodeSpec[op];
2008 if (cs->format & JOF_INDEXBASE) {
2010 * The decompiler uses js_GetIndexFromBytecode to get atoms and
2011 * objects and ignores these suffix/prefix bytecodes, thus
2012 * simplifying code that must process JSOP_GETTER/JSOP_SETTER
2019 cs = &js_CodeSpec[op];
2022 len = oplen = cs->length;
2023 nuses = js_GetStackUses(cs, op, pc);
2026 * Here it is possible that nuses > ss->top when the op has a hidden
2027 * source note. But when nb < 0 we assume that the caller knows that
2028 * Decompile would never meet such opcodes.
2031 LOCAL_ASSERT(ss->top >= nuses);
2032 uintN ndefs = js_GetStackDefs(cx, cs, op, jp->script, pc);
2033 if ((uintN) -(nb + 1) == ss->top - nuses + ndefs)
2038 * Save source literal associated with JS now before the following
2039 * rewrite changes op. See bug 380197.
2041 token = CodeToken[op];
2043 if (pc + oplen == jp->dvgfence) {
2045 uint32 format, mode, type;
2048 * Rewrite non-get ops to their "get" format if the error is in
2049 * the bytecode at pc, so we don't decompile more than the error
2052 fp = js_GetScriptedCaller(cx, NULL);
2053 format = cs->format;
2054 if (((fp && pc == fp->pc(cx)) ||
2055 (pc == startpc && nuses != 0)) &&
2056 format & (JOF_SET|JOF_DEL|JOF_INCDEC|JOF_FOR|JOF_VARPROP)) {
2057 mode = JOF_MODE(format);
2058 if (mode == JOF_NAME) {
2060 * JOF_NAME does not imply JOF_ATOM, so we must check for
2061 * the QARG and QVAR format types, and translate those to
2062 * JSOP_GETARG or JSOP_GETLOCAL appropriately, instead of
2065 type = JOF_TYPE(format);
2066 op = (type == JOF_QARG)
2068 : (type == JOF_LOCAL)
2072 JS_ASSERT(js_CodeSpec[op].nuses >= 0);
2073 i = nuses - js_CodeSpec[op].nuses;
2075 PopOff(ss, JSOP_NOP);
2078 * We must replace the faulting pc's bytecode with a
2079 * corresponding JSOP_GET* code. For JSOP_SET{PROP,ELEM},
2080 * we must use the "2nd" form of JSOP_GET{PROP,ELEM}, to
2081 * throw away the assignment op's right-hand operand and
2082 * decompile it as if it were a GET of its left-hand
2085 if (mode == JOF_PROP) {
2086 op = (JSOp) ((format & JOF_SET)
2089 } else if (mode == JOF_ELEM) {
2090 op = (JSOp) ((format & JOF_SET)
2095 * Unknown mode (including mode 0) means that op is
2096 * uncategorized for our purposes, so we must write
2097 * per-op special case code here.
2101 case JSOP_ENUMCONSTELEM:
2104 case JSOP_GETTHISPROP:
2106 * NB: JSOP_GETTHISPROP can't fail due to |this|
2107 * being null or undefined at runtime (beware that
2108 * this may change for ES4). Therefore any error
2109 * resulting from this op must be due to the value
2110 * of the property accessed via |this|, so do not
2111 * rewrite op to JSOP_THIS.
2113 * The next two cases should not change op if
2114 * js_DecompileValueGenerator was called from the
2115 * the property getter. They should rewrite only
2116 * if the base object in the arg/var/local is null
2117 * or undefined. FIXME: bug 431569.
2120 case JSOP_GETARGPROP:
2123 case JSOP_GETLOCALPROP:
2126 case JSOP_SETXMLNAME:
2127 op = JSOp(JSOP_GETELEM2);
2137 if (op >= JSOP_LIMIT) {
2138 if (op == JSOP_GETPROP2)
2139 saveop = JSOP_GETPROP;
2140 else if (op == JSOP_GETELEM2)
2141 saveop = JSOP_GETELEM;
2143 LOCAL_ASSERT(js_CodeSpec[saveop].length == oplen ||
2144 JOF_TYPE(format) == JOF_SLOTATOM);
2146 jp->dvgfence = NULL;
2152 sn = js_GetSrcNote(jp->script, pc);
2153 if (sn && SN_TYPE(sn) == SRC_ASSIGNOP) {
2155 * Avoid over-parenthesizing y in x op= y based on its
2156 * expansion: x = x op y (replace y by z = w to see the
2159 op = (JSOp) pc[oplen];
2162 /* Print only the right operand of the assignment-op. */
2163 todo = SprintCString(&ss->sprinter, rval);
2165 } else if (!inXML) {
2166 rval = POP_STR_PREC(cs->prec + !!(cs->format & JOF_LEFTASSOC));
2167 lval = POP_STR_PREC(cs->prec + !(cs->format & JOF_LEFTASSOC));
2168 todo = Sprint(&ss->sprinter, "%s %s %s",
2171 /* In XML, just concatenate the two operands. */
2172 LOCAL_ASSERT(op == JSOP_ADD);
2175 todo = Sprint(&ss->sprinter, ss_format, lval, rval);
2181 todo = Sprint(&ss->sprinter, ss_format, token, rval);
2185 todo = SprintCString(&ss->sprinter, token);
2196 * Check for a do-while loop, a for-loop with an empty
2197 * initializer part, a labeled statement, a function
2198 * definition, or try/finally.
2200 sn = js_GetSrcNote(jp->script, pc);
2202 switch (sn ? SN_TYPE(sn) : SRC_NULL) {
2205 tail = js_GetSrcNoteOffset(sn, 0) - 1;
2206 LOCAL_ASSERT(pc[tail] == JSOP_IFNE ||
2207 pc[tail] == JSOP_IFNEX);
2208 js_printf(jp, "\tdo {\n");
2210 DECOMPILE_CODE(pc, tail);
2212 js_printf(jp, "\t} while (%s);\n", POP_COND_STR());
2214 len = js_CodeSpec[*pc].length;
2222 JS_ASSERT(SN_TYPE(sn) == SRC_FOR);
2224 /* Skip the JSOP_NOP or JSOP_POP bytecode. */
2225 pc += JSOP_NOP_LENGTH;
2227 /* Get the cond, next, and loop-closing tail offsets. */
2228 cond = js_GetSrcNoteOffset(sn, 0);
2229 next = js_GetSrcNoteOffset(sn, 1);
2230 tail = js_GetSrcNoteOffset(sn, 2);
2233 * If this loop has a condition, then pc points at a goto
2234 * targeting the condition.
2238 LOCAL_ASSERT(*pc == JSOP_GOTO || *pc == JSOP_GOTOX);
2239 pc2 += (*pc == JSOP_GOTO) ? JSOP_GOTO_LENGTH : JSOP_GOTOX_LENGTH;
2241 LOCAL_ASSERT(tail + GetJumpOffset(pc+tail, pc+tail) == pc2 - pc);
2243 /* Print the keyword and the possibly empty init-part. */
2244 js_printf(jp, "\tfor (%s;", rval);
2247 /* Decompile the loop condition. */
2248 DECOMPILE_CODE(pc + cond, tail - cond);
2249 js_printf(jp, " %s", POP_STR());
2252 /* Need a semicolon whether or not there was a cond. */
2257 * Decompile the loop updater. It may end in a JSOP_POP
2258 * that we skip; or in a JSOP_POPN that we do not skip,
2259 * followed by a JSOP_NOP (skipped as if it's a POP).
2260 * We cope with the difference between these two cases
2261 * by checking for stack imbalance and popping if there
2264 uintN saveTop = ss->top;
2266 DECOMPILE_CODE(pc + next, cond - next - JSOP_POP_LENGTH);
2267 LOCAL_ASSERT(ss->top - saveTop <= 1U);
2268 rval = (ss->top == saveTop)
2269 ? ss->sprinter.base + ss->sprinter.offset
2271 js_printf(jp, " %s", rval);
2274 /* Do the loop body. */
2275 js_printf(jp, ") {\n");
2278 DECOMPILE_CODE(pc2, next);
2280 js_printf(jp, "\t}\n");
2282 /* Set len so pc skips over the entire loop. */
2283 len = tail + js_CodeSpec[pc[tail]].length;
2287 GET_SOURCE_NOTE_ATOM(sn, atom);
2289 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
2292 RETRACT(&ss->sprinter, rval);
2293 js_printf(jp, "\t%s:\n", rval);
2297 case SRC_LABELBRACE:
2298 GET_SOURCE_NOTE_ATOM(sn, atom);
2299 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
2302 RETRACT(&ss->sprinter, rval);
2303 js_printf(jp, "\t%s: {\n", rval);
2309 js_printf(jp, "\t}\n");
2313 fun = jp->script->getFunction(js_GetSrcNoteOffset(sn, 0));
2316 jp2 = js_NewPrinter(cx, "nested_function", fun,
2317 jp->indent, jp->pretty, jp->grouped,
2321 ok = js_DecompileFunction(jp2);
2322 if (ok && jp2->sprinter.base)
2323 js_puts(jp, jp2->sprinter.base);
2324 js_DestroyPrinter(jp2);
2327 js_puts(jp, "\n\n");
2331 js_printf(jp, "\t{\n");
2333 len = js_GetSrcNoteOffset(sn, 0);
2334 DECOMPILE_CODE(pc + oplen, len - oplen);
2336 js_printf(jp, "\t}\n");
2344 #if JS_HAS_DESTRUCTURING
2345 sn = js_GetSrcNote(jp->script, pc);
2346 if (sn && SN_TYPE(sn) == SRC_GROUPASSIGN) {
2347 pc = DecompileGroupAssignment(ss, pc, endpc, sn, &todo);
2350 LOCAL_ASSERT(*pc == JSOP_POPN);
2351 len = oplen = JSOP_POPN_LENGTH;
2352 goto end_groupassignment;
2358 case JSOP_BINDGNAME:
2359 todo = Sprint(&ss->sprinter, "");
2363 js_printf(jp, "\ttry {\n");
2370 js_printf(jp, "\t} finally {\n");
2374 * We push push the pair of exception/restsub cookies to
2375 * simulate the effects [gosub] or control transfer during
2376 * exception capturing on the stack.
2378 todo = Sprint(&ss->sprinter, exception_cookie);
2379 if (todo < 0 || !PushOff(ss, todo, op))
2381 todo = Sprint(&ss->sprinter, retsub_pc_cookie);
2386 LOCAL_ASSERT(strcmp(rval, retsub_pc_cookie) == 0);
2388 LOCAL_ASSERT(strcmp(lval, exception_cookie) == 0);
2395 * JSOP_GOSUB and GOSUBX have no effect on the decompiler's
2396 * string stack because the next op in bytecode order finds
2397 * the stack balanced by a JSOP_RETSUB executed elsewhere.
2404 uintN newtop, oldtop;
2407 * The compiler models operand stack depth and fixes the stack
2408 * pointer on entry to a catch clause based on its depth model.
2409 * The decompiler must match the code generator's model, which
2410 * is why JSOP_FINALLY pushes a cookie that JSOP_RETSUB pops.
2413 newtop = oldtop - GET_UINT16(pc);
2414 LOCAL_ASSERT(newtop <= oldtop);
2417 sn = js_GetSrcNote(jp->script, pc);
2418 if (sn && SN_TYPE(sn) == SRC_HIDDEN)
2420 #if JS_HAS_DESTRUCTURING
2421 if (sn && SN_TYPE(sn) == SRC_GROUPASSIGN) {
2422 todo = Sprint(&ss->sprinter, "%s[] = [",
2426 for (uintN i = newtop; i < oldtop; i++) {
2427 rval = OFF2STR(&ss->sprinter, ss->offsets[i]);
2428 if (Sprint(&ss->sprinter, ss_format,
2429 (i == newtop) ? "" : ", ",
2430 (i == oldtop - 1 && *rval == '\0')
2431 ? ", " : rval) < 0) {
2435 if (SprintPut(&ss->sprinter, "]", 1) < 0)
2439 * If this is an empty group assignment, we have no stack
2440 * budget into which we can push our result string. Adjust
2441 * ss->sprinter.offset so that our consumer can find the
2442 * empty group assignment decompilation.
2444 if (newtop == oldtop) {
2445 ss->sprinter.offset = todo;
2448 * Kill newtop before the end_groupassignment: label by
2449 * retracting/popping early. Control will either jump
2450 * to do_forloop: or do_letheadbody: or else break from
2451 * our case JSOP_POPN: after the switch (*pc2) below.
2453 LOCAL_ASSERT(newtop < oldtop);
2454 ss->sprinter.offset = GetOff(ss, newtop);
2458 end_groupassignment:
2459 LOCAL_ASSERT(*pc == JSOP_POPN);
2462 * Thread directly to the next opcode if we can, to handle
2463 * the special cases of a group assignment in the first or
2464 * last part of a for(;;) loop head, or in a let block or
2467 * NB: todo at this point indexes space in ss->sprinter
2468 * that is liable to be overwritten. The code below knows
2469 * exactly how long rval lives, or else copies it down via
2472 rval = OFF2STR(&ss->sprinter, todo);
2475 if (*pc2 == JSOP_NOP) {
2476 sn = js_GetSrcNote(jp->script, pc2);
2478 if (SN_TYPE(sn) == SRC_FOR) {
2484 if (SN_TYPE(sn) == SRC_DECL) {
2485 if (ss->top == StackDepth(jp->script)) {
2487 * This must be an empty destructuring
2488 * in the head of a let whose body block
2491 pc = pc2 + JSOP_NOP_LENGTH;
2492 len = js_GetSrcNoteOffset(sn, 0);
2493 LOCAL_ASSERT(pc[len] == JSOP_LEAVEBLOCK);
2494 js_printf(jp, "\tlet (%s) {\n", rval);
2495 js_printf(jp, "\t}\n");
2498 todo = SprintCString(&ss->sprinter, rval);
2499 if (todo < 0 || !PushOff(ss, todo, JSOP_NOP))
2502 pc = pc2 + JSOP_NOP_LENGTH;
2503 goto do_letheadbody;
2507 * An unnannotated NOP following a POPN must be the
2508 * third part of for(;;) loop head. If the POPN's
2509 * immediate operand is 0, then we may have no slot
2510 * on the sprint-stack in which to push our result
2511 * string. In this case the result can be recovered
2512 * at ss->sprinter.base + ss->sprinter.offset.
2514 if (GET_UINT16(pc) == 0)
2516 todo = SprintCString(&ss->sprinter, rval);
2522 * If control flow reaches this point with todo still -2,
2523 * just print rval as an expression statement.
2526 js_printf(jp, "\t%s;\n", rval);
2530 if (newtop < oldtop) {
2531 ss->sprinter.offset = GetOff(ss, newtop);
2537 case JSOP_EXCEPTION:
2538 /* The catch decompiler handles this op itself. */
2539 LOCAL_ASSERT(JS_FALSE);
2544 * By default, do not automatically parenthesize when popping
2545 * a stacked expression decompilation. We auto-parenthesize
2546 * only when JSOP_POP is annotated with SRC_PCDELTA, meaning
2553 sn = js_GetSrcNote(jp->script, pc);
2554 switch (sn ? SN_TYPE(sn) : SRC_NULL) {
2556 /* Force parens around 'in' expression at 'for' front. */
2557 if (ss->opcodes[ss->top-1] == JSOP_IN)
2564 /* Comma operator: use JSOP_POP for correct precedence. */
2567 /* Pop and save to avoid blowing stack depth budget. */
2568 lval = JS_strdup(cx, POP_STR());
2573 * The offset tells distance to the end of the right-hand
2574 * operand of the comma operator.
2577 pc += js_GetSrcNoteOffset(sn, 0);
2580 if (!Decompile(ss, done, pc - done, JSOP_POP)) {
2581 cx->free((char *)lval);
2585 /* Pop Decompile result and print comma expression. */
2587 todo = Sprint(&ss->sprinter, "%s, %s", lval, rval);
2588 cx->free((char *)lval);
2592 /* Hide this pop, it's from a goto in a with or for/in. */
2597 /* This pop is at the end of the let block/expr head. */
2598 pc += JSOP_POP_LENGTH;
2599 #if JS_HAS_DESTRUCTURING
2602 len = js_GetSrcNoteOffset(sn, 0);
2603 if (pc[len] == JSOP_LEAVEBLOCK) {
2604 js_printf(jp, "\tlet (%s) {\n", POP_STR());
2606 DECOMPILE_CODE(pc, len);
2608 js_printf(jp, "\t}\n");
2611 LOCAL_ASSERT(pc[len] == JSOP_LEAVEBLOCKEXPR);
2613 lval = JS_strdup(cx, PopStr(ss, JSOP_NOP));
2617 /* Set saveop to reflect what we will push. */
2618 saveop = JSOP_LEAVEBLOCKEXPR;
2619 if (!Decompile(ss, pc, len, saveop)) {
2620 cx->free((char *)lval);
2623 rval = PopStr(ss, JSOP_SETNAME);
2624 todo = Sprint(&ss->sprinter,
2629 cx->free((char *)lval);
2634 /* Turn off parens around a yield statement. */
2635 if (ss->opcodes[ss->top-1] == JSOP_YIELD)
2641 * Don't emit decompiler-pushed strings that are not
2642 * handled by other opcodes. They are pushed onto the
2643 * stack to help model the interpreter stack and should
2644 * not appear in the decompiler's output.
2646 if (*rval != '\0' && (rval[0] != '/' || rval[1] != '*')) {
2649 (strncmp(rval, js_function_str, 8) == 0 &&
2655 LOCAL_ASSERT(*rval == '\0' ||
2656 strcmp(rval, exception_cookie) == 0);
2664 case JSOP_ENTERWITH:
2665 LOCAL_ASSERT(!js_GetSrcNote(jp->script, pc));
2667 js_printf(jp, "\twith (%s) {\n", rval);
2669 todo = Sprint(&ss->sprinter, with_cookie);
2672 case JSOP_LEAVEWITH:
2673 sn = js_GetSrcNote(jp->script, pc);
2675 if (sn && SN_TYPE(sn) == SRC_HIDDEN)
2678 LOCAL_ASSERT(strcmp(rval, with_cookie) == 0);
2680 js_printf(jp, "\t}\n");
2683 case JSOP_ENTERBLOCK:
2685 JSAtom **atomv, *smallv[5];
2688 argc = OBJ_BLOCK_COUNT(cx, obj);
2689 if ((size_t)argc <= JS_ARRAY_LENGTH(smallv)) {
2692 atomv = (JSAtom **) cx->malloc(argc * sizeof(JSAtom *));
2697 MUST_FLOW_THROUGH("enterblock_out");
2698 #define LOCAL_ASSERT_OUT(expr) LOCAL_ASSERT_CUSTOM(expr, ok = JS_FALSE; \
2699 goto enterblock_out)
2700 for (Shape::Range r = obj->lastProperty()->all(); !r.empty(); r.popFront()) {
2701 const Shape &shape = r.front();
2703 if (!shape.hasShortID())
2705 LOCAL_ASSERT_OUT(shape.shortid < argc);
2706 atomv[shape.shortid] = JSID_TO_ATOM(shape.id);
2709 for (i = 0; i < argc; i++) {
2711 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
2713 !PushOff(ss, STR2OFF(&ss->sprinter, rval), op)) {
2715 goto enterblock_out;
2719 sn = js_GetSrcNote(jp->script, pc);
2720 switch (sn ? SN_TYPE(sn) : SRC_NULL) {
2721 #if JS_HAS_BLOCK_SCOPE
2723 js_printf(jp, "\t{\n");
2725 len = js_GetSrcNoteOffset(sn, 0);
2726 ok = Decompile(ss, pc + oplen, len - oplen, JSOP_NOP)
2729 goto enterblock_out;
2731 js_printf(jp, "\t}\n");
2737 js_printf(jp, "\t} catch (");
2741 LOCAL_ASSERT_OUT(*pc == JSOP_EXCEPTION);
2742 pc += JSOP_EXCEPTION_LENGTH;
2743 todo = Sprint(&ss->sprinter, exception_cookie);
2744 if (todo < 0 || !PushOff(ss, todo, JSOP_EXCEPTION)) {
2746 goto enterblock_out;
2749 if (*pc == JSOP_DUP) {
2750 sn2 = js_GetSrcNote(jp->script, pc);
2751 if (!sn2 || SN_TYPE(sn2) != SRC_DESTRUCT) {
2753 * This is a dup to save the exception for later.
2754 * It is emitted only when the catch head contains
2755 * an exception guard.
2757 LOCAL_ASSERT_OUT(js_GetSrcNoteOffset(sn, 0) != 0);
2758 pc += JSOP_DUP_LENGTH;
2759 todo = Sprint(&ss->sprinter, exception_cookie);
2761 !PushOff(ss, todo, JSOP_EXCEPTION)) {
2763 goto enterblock_out;
2768 #if JS_HAS_DESTRUCTURING
2769 if (*pc == JSOP_DUP) {
2770 pc = DecompileDestructuring(ss, pc, endpc);
2773 goto enterblock_out;
2775 LOCAL_ASSERT_OUT(*pc == JSOP_POP);
2776 pc += JSOP_POP_LENGTH;
2777 lval = PopStr(ss, JSOP_NOP);
2781 LOCAL_ASSERT_OUT(*pc == JSOP_SETLOCALPOP);
2782 i = GET_SLOTNO(pc) - jp->script->nfixed;
2783 pc += JSOP_SETLOCALPOP_LENGTH;
2784 atom = atomv[i - OBJ_BLOCK_DEPTH(cx, obj)];
2785 str = ATOM_TO_STRING(atom);
2786 if (!QuoteString(&jp->sprinter, str, 0)) {
2788 goto enterblock_out;
2790 #if JS_HAS_DESTRUCTURING
2795 * Pop the exception_cookie (or its dup in the case of a
2796 * guarded catch head) off the stack now.
2798 rval = PopStr(ss, JSOP_NOP);
2799 LOCAL_ASSERT_OUT(strcmp(rval, exception_cookie) == 0);
2801 len = js_GetSrcNoteOffset(sn, 0);
2804 LOCAL_ASSERT_OUT(len > 0);
2805 js_printf(jp, " if ");
2806 ok = Decompile(ss, pc, len, JSOP_NOP) != NULL;
2808 goto enterblock_out;
2809 js_printf(jp, "%s", POP_STR());
2811 LOCAL_ASSERT_OUT(*pc == JSOP_IFEQ || *pc == JSOP_IFEQX);
2812 pc += js_CodeSpec[*pc].length;
2815 js_printf(jp, ") {\n");
2825 #undef LOCAL_ASSERT_OUT
2827 if (atomv != smallv)
2834 case JSOP_LEAVEBLOCK:
2835 case JSOP_LEAVEBLOCKEXPR:
2839 sn = js_GetSrcNote(jp->script, pc);
2841 if (op == JSOP_LEAVEBLOCKEXPR) {
2842 LOCAL_ASSERT(SN_TYPE(sn) == SRC_PCBASE);
2845 LOCAL_ASSERT(op == JSOP_LEAVEBLOCK);
2846 if (SN_TYPE(sn) == SRC_HIDDEN)
2850 * This JSOP_LEAVEBLOCK must be for a catch block. If sn's
2851 * offset does not equal the model stack depth, there must
2852 * be a copy of the exception value on the stack due to a
2853 * catch guard (see above, the JSOP_ENTERBLOCK + SRC_CATCH
2856 LOCAL_ASSERT(SN_TYPE(sn) == SRC_CATCH);
2857 if ((uintN)js_GetSrcNoteOffset(sn, 0) != ss->top) {
2858 LOCAL_ASSERT((uintN)js_GetSrcNoteOffset(sn, 0)
2861 LOCAL_ASSERT(strcmp(rval, exception_cookie) == 0);
2865 depth = GET_UINT16(pc);
2866 LOCAL_ASSERT(top >= depth);
2869 ss->sprinter.offset = GetOff(ss, top);
2870 if (op == JSOP_LEAVEBLOCKEXPR)
2871 todo = SprintCString(&ss->sprinter, rval);
2875 case JSOP_GETUPVAR_DBG:
2876 case JSOP_CALLUPVAR_DBG:
2877 case JSOP_GETFCSLOT:
2878 case JSOP_CALLFCSLOT:
2881 JS_ASSERT(jp->script->savedCallerFun);
2882 jp->fun = jp->script->getFunction(0);
2885 if (!jp->localNames) {
2886 JS_ASSERT(fun == jp->fun);
2888 jp->fun->script()->bindings.getLocalNameArray(cx, &jp->pool);
2891 uintN index = GET_UINT16(pc);
2892 if (index < jp->fun->script()->bindings.countUpvars()) {
2893 index += jp->fun->script()->bindings.countArgsAndVars();
2898 * We must be in an eval called from jp->fun, where
2899 * jp->script is the eval-compiled script.
2901 * However, it's possible that a js_Invoke already
2902 * pushed a frame trying to call Construct on an
2903 * object that's not a constructor, causing us to be
2904 * called with an intervening frame on the stack.
2906 JSStackFrame *fp = js_GetTopStackFrame(cx);
2908 while (!fp->isEvalFrame())
2910 JS_ASSERT(fp->script() == jp->script);
2911 JS_ASSERT(fp->prev()->fun() == jp->fun);
2912 JS_ASSERT(jp->fun->isInterpreted());
2913 JS_ASSERT(jp->script != jp->fun->script());
2914 JS_ASSERT(JSScript::isValidOffset(jp->script->upvarsOffset));
2917 uva = jp->script->upvars();
2918 index = uva->vector[index].slot();
2920 atom = GetArgOrVarAtom(jp, index);
2924 case JSOP_CALLLOCAL:
2926 if (IsVarSlot(jp, pc, &i)) {
2927 atom = GetArgOrVarAtom(jp, i);
2931 LOCAL_ASSERT((uintN)i < ss->top);
2932 sn = js_GetSrcNote(jp->script, pc);
2934 #if JS_HAS_DESTRUCTURING
2935 if (sn && SN_TYPE(sn) == SRC_GROUPASSIGN) {
2937 * Distinguish a js_DecompileValueGenerator call that
2938 * targets op alone, from decompilation of a full group
2939 * assignment sequence, triggered by SRC_GROUPASSIGN
2940 * annotating the first JSOP_GETLOCAL in the sequence.
2942 if (endpc - pc > JSOP_GETLOCAL_LENGTH || pc > startpc) {
2943 pc = DecompileGroupAssignment(ss, pc, endpc, sn, &todo);
2946 LOCAL_ASSERT(*pc == JSOP_POPN);
2947 len = oplen = JSOP_POPN_LENGTH;
2948 goto end_groupassignment;
2951 /* Null sn to prevent bogus VarPrefix'ing below. */
2956 rval = GetLocal(ss, i);
2957 todo = Sprint(&ss->sprinter, ss_format, VarPrefix(sn), rval);
2961 case JSOP_SETLOCALPOP:
2962 if (IsVarSlot(jp, pc, &i)) {
2963 atom = GetArgOrVarAtom(jp, i);
2967 lval = GetLocal(ss, i);
2973 if (IsVarSlot(jp, pc, &i)) {
2974 atom = GetArgOrVarAtom(jp, i);
2978 lval = GetLocal(ss, i);
2983 if (IsVarSlot(jp, pc, &i)) {
2984 atom = GetArgOrVarAtom(jp, i);
2988 lval = GetLocal(ss, i);
2996 LOCAL_ASSERT(jp->fun);
2998 if (fun->flags & JSFUN_EXPR_CLOSURE) {
2999 /* Turn on parens around comma-expression here. */
3002 js_printf(jp, (*rval == '{') ? "(%s)%s" : ss_format,
3004 ((fun->flags & JSFUN_LAMBDA) || !fun->atom)
3015 js_printf(jp, "\t%s %s;\n", js_return_str, rval);
3017 js_printf(jp, "\t%s;\n", js_return_str);
3021 #if JS_HAS_GENERATORS
3023 #if JS_HAS_GENERATOR_EXPRS
3024 if (!ss->inGenExp || !(sn = js_GetSrcNote(jp->script, pc)))
3027 /* Turn off most parens. */
3030 todo = (*rval != '\0')
3031 ? Sprint(&ss->sprinter,
3032 (strncmp(rval, js_yield_str, 5) == 0 &&
3033 (rval[5] == ' ' || rval[5] == '\0'))
3037 : SprintCString(&ss->sprinter, js_yield_str);
3041 #if JS_HAS_GENERATOR_EXPRS
3042 LOCAL_ASSERT(SN_TYPE(sn) == SRC_HIDDEN);
3046 case JSOP_ARRAYPUSH:
3051 /* Turn off most parens. */
3054 /* Pop the expression being pushed or yielded. */
3058 * Skip the for loop head stacked by JSOP_FORLOCAL until we hit
3059 * a block local slot (note empty destructuring patterns result
3060 * in unit-count blocks).
3064 op = (JSOp) ss->opcodes[--pos];
3065 if (op == JSOP_ENTERBLOCK)
3068 JS_ASSERT(op == JSOP_ENTERBLOCK);
3071 * Here, forpos must index the space before the left-most |for|
3072 * in the single string of accumulated |for| heads and optional
3073 * final |if (condition)|.
3076 LOCAL_ASSERT(forpos < ss->top);
3079 * Now move pos downward over the block's local slots. Even an
3080 * empty destructuring pattern has one (dummy) local.
3082 while (ss->opcodes[pos] == JSOP_ENTERBLOCK) {
3088 #if JS_HAS_GENERATOR_EXPRS
3089 if (saveop == JSOP_YIELD) {
3091 * Generator expression: decompile just rval followed by
3092 * the string starting at forpos. Leave the result string
3093 * in ss->offsets[0] so it can be recovered by our caller
3094 * (the JSOP_ANONFUNOBJ with SRC_GENEXP case). Bump the
3095 * top of stack to balance yield, which is an expression
3096 * (so has neutral stack balance).
3098 LOCAL_ASSERT(pos == 0);
3099 xval = OFF2STR(&ss->sprinter, ss->offsets[forpos]);
3100 ss->sprinter.offset = PAREN_SLOP;
3101 todo = Sprint(&ss->sprinter, ss_format, rval, xval);
3104 ss->offsets[0] = todo;
3108 #endif /* JS_HAS_GENERATOR_EXPRS */
3111 * Array comprehension: retract the sprinter to the beginning
3112 * of the array initialiser and decompile "[<rval> for ...]".
3114 JS_ASSERT(jp->script->nfixed + pos == GET_UINT16(pc));
3115 LOCAL_ASSERT(ss->opcodes[pos] == JSOP_NEWINIT);
3117 start = ss->offsets[pos];
3118 LOCAL_ASSERT(ss->sprinter.base[start] == '[' ||
3119 ss->sprinter.base[start] == '#');
3120 LOCAL_ASSERT(forpos < ss->top);
3121 xval = OFF2STR(&ss->sprinter, ss->offsets[forpos]);
3122 lval = OFF2STR(&ss->sprinter, start);
3123 RETRACT(&ss->sprinter, lval);
3125 todo = Sprint(&ss->sprinter, sss_format, lval, rval, xval);
3128 ss->offsets[pos] = todo;
3132 #endif /* JS_HAS_GENERATORS */
3139 sn = js_GetSrcNote(jp->script, pc);
3141 if (sn && SN_TYPE(sn) == SRC_HIDDEN)
3144 js_printf(jp, "\t%s %s;\n", js_throw_str, rval);
3148 foreach = (pc[1] & (JSITER_FOREACH | JSITER_KEYVALUE)) ==
3154 JS_NOT_REACHED("JSOP_MOREITER");
3158 sn = js_GetSrcNote(jp->script, pc);
3160 if (sn && SN_TYPE(sn) == SRC_HIDDEN)
3162 (void) PopOff(ss, op);
3167 sn = js_GetSrcNote(jp->script, pc);
3168 switch (sn ? SN_TYPE(sn) : SRC_NULL) {
3171 * The loop back-edge carries +1 stack balance, for the
3172 * flag processed by JSOP_IFNE. We do not decompile the
3173 * JSOP_IFNE, and instead push the left-hand side of 'in'
3174 * after the loop edge in this stack slot (the JSOP_FOR*
3175 * opcodes' decompilers do this pushing).
3177 cond = GetJumpOffset(pc, pc);
3178 next = js_GetSrcNoteOffset(sn, 0);
3179 tail = js_GetSrcNoteOffset(sn, 1);
3180 JS_ASSERT(pc[cond] == JSOP_MOREITER);
3181 DECOMPILE_CODE(pc + oplen, next - oplen);
3183 LOCAL_ASSERT(ss->top >= 1);
3185 if (ss->inArrayInit || ss->inGenExp) {
3187 if (ss->top >= 1 && ss->opcodes[ss->top - 1] == JSOP_FORLOCAL) {
3188 ss->sprinter.offset = ss->offsets[ss->top] - PAREN_SLOP;
3189 if (Sprint(&ss->sprinter, " %s (%s in %s)",
3190 foreach ? js_for_each_str : js_for_str,
3196 * Do not AddParentSlop here, as we will push the
3197 * top-most offset again, which will add paren slop
3198 * for us. We must push to balance the stack budget
3199 * when nesting for heads in a comprehension.
3201 todo = ss->offsets[ss->top - 1];
3203 todo = Sprint(&ss->sprinter, " %s (%s in %s)",
3204 foreach ? js_for_each_str : js_for_str,
3207 if (todo < 0 || !PushOff(ss, todo, JSOP_FORLOCAL))
3209 DECOMPILE_CODE(pc + next, cond - next);
3212 * As above, rval or an extension of it must remain
3213 * stacked during loop body decompilation.
3215 rval = GetStr(ss, ss->top - 1);
3216 js_printf(jp, "\t%s (%s in %s) {\n",
3217 foreach ? js_for_each_str : js_for_str,
3220 DECOMPILE_CODE(pc + next, cond - next);
3222 js_printf(jp, "\t}\n");
3226 LOCAL_ASSERT(*pc == JSOP_IFNE || *pc == JSOP_IFNEX);
3227 len = js_CodeSpec[*pc].length;
3231 cond = GetJumpOffset(pc, pc);
3232 tail = js_GetSrcNoteOffset(sn, 0);
3233 DECOMPILE_CODE(pc + cond, tail - cond);
3234 js_printf(jp, "\twhile (%s) {\n", POP_COND_STR());
3236 DECOMPILE_CODE(pc + oplen, cond - oplen);
3238 js_printf(jp, "\t}\n");
3240 LOCAL_ASSERT(*pc == JSOP_IFNE || *pc == JSOP_IFNEX);
3241 len = js_CodeSpec[*pc].length;
3245 case SRC_CONT2LABEL:
3246 GET_SOURCE_NOTE_ATOM(sn, atom);
3247 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3250 RETRACT(&ss->sprinter, rval);
3251 js_printf(jp, "\tcontinue %s;\n", rval);
3255 js_printf(jp, "\tcontinue;\n");
3258 case SRC_BREAK2LABEL:
3259 GET_SOURCE_NOTE_ATOM(sn, atom);
3260 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3263 RETRACT(&ss->sprinter, rval);
3264 js_printf(jp, "\tbreak %s;\n", rval);
3271 js_printf(jp, "\tbreak;\n");
3280 JSBool elseif = JS_FALSE;
3283 len = GetJumpOffset(pc, pc);
3284 sn = js_GetSrcNote(jp->script, pc);
3286 switch (sn ? SN_TYPE(sn) : SRC_NULL) {
3289 rval = POP_COND_STR();
3290 if (ss->inArrayInit || ss->inGenExp) {
3291 LOCAL_ASSERT(SN_TYPE(sn) == SRC_IF);
3292 ss->sprinter.offset -= PAREN_SLOP;
3293 if (Sprint(&ss->sprinter, " if (%s)", rval) < 0)
3298 elseif ? " if (%s) {\n" : "\tif (%s) {\n",
3303 if (SN_TYPE(sn) == SRC_IF) {
3304 DECOMPILE_CODE(pc + oplen, len - oplen);
3306 LOCAL_ASSERT(!ss->inArrayInit && !ss->inGenExp);
3307 tail = js_GetSrcNoteOffset(sn, 0);
3308 DECOMPILE_CODE(pc + oplen, tail - oplen);
3311 LOCAL_ASSERT(*pc == JSOP_GOTO || *pc == JSOP_GOTOX);
3312 oplen = js_CodeSpec[*pc].length;
3313 len = GetJumpOffset(pc, pc);
3314 js_printf(jp, "\t} else");
3317 * If the second offset for sn is non-zero, it tells
3318 * the distance from the goto around the else, to the
3319 * ifeq for the if inside the else that forms an "if
3320 * else if" chain. Thus cond spans the condition of
3321 * the second if, so we simply decompile it and start
3322 * over at label if_again.
3324 cond = js_GetSrcNoteOffset(sn, 1);
3327 DECOMPILE_CODE(pc + oplen, cond - oplen);
3329 oplen = js_CodeSpec[*pc].length;
3334 js_printf(jp, " {\n");
3336 DECOMPILE_CODE(pc + oplen, len - oplen);
3339 if (!ss->inArrayInit && !ss->inGenExp) {
3341 js_printf(jp, "\t}\n");
3347 xval = JS_strdup(cx, POP_STR());
3350 len = js_GetSrcNoteOffset(sn, 0);
3351 DECOMPILE_CODE(pc + oplen, len - oplen);
3352 lval = JS_strdup(cx, POP_STR());
3354 cx->free((void *)xval);
3358 LOCAL_ASSERT(*pc == JSOP_GOTO || *pc == JSOP_GOTOX);
3359 oplen = js_CodeSpec[*pc].length;
3360 len = GetJumpOffset(pc, pc);
3361 DECOMPILE_CODE(pc + oplen, len - oplen);
3363 todo = Sprint(&ss->sprinter, "%s ? %s : %s",
3365 cx->free((void *)xval);
3366 cx->free((void *)lval);
3384 do_logical_connective:
3385 /* Top of stack is the first clause in a disjunction (||). */
3386 lval = JS_strdup(cx, POP_STR());
3389 done = pc + GetJumpOffset(pc, pc);
3392 if (!Decompile(ss, pc, len, op)) {
3393 cx->free((char *)lval);
3398 jp->indent + 4 + strlen(lval) + 4 + strlen(rval) > 75) {
3399 rval = JS_strdup(cx, rval);
3403 todo = Sprint(&ss->sprinter, "%s %s\n", lval, xval);
3404 tail = Sprint(&ss->sprinter, "%*s%s",
3405 jp->indent + 4, "", rval);
3406 cx->free((char *)rval);
3411 todo = Sprint(&ss->sprinter, "%s %s %s", lval, xval, rval);
3413 cx->free((char *)lval);
3419 goto do_logical_connective;
3427 sn = js_GetSrcNote(jp->script, pc);
3428 if (!IsVarSlot(jp, pc, &i)) {
3429 JS_ASSERT(op == JSOP_FORLOCAL);
3430 todo = Sprint(&ss->sprinter, ss_format, VarPrefix(sn), GetStr(ss, i));
3435 atom = GetArgOrVarAtom(jp, i);
3437 todo = SprintCString(&ss->sprinter, VarPrefix(sn));
3438 if (todo < 0 || !QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0))
3446 sn = js_GetSrcNote(jp->script, pc);
3447 todo = SprintCString(&ss->sprinter, VarPrefix(sn));
3448 if (todo < 0 || !QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0))
3455 if (!ATOM_IS_IDENTIFIER(atom)) {
3456 xval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
3464 todo = Sprint(&ss->sprinter, index_format, lval, xval);
3466 todo = Sprint(&ss->sprinter, ss_format, lval, *lval ? "." : "");
3469 if (!QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0))
3475 todo = SprintCString(&ss->sprinter, forelem_cookie);
3479 case JSOP_ENUMCONSTELEM:
3481 * The stack has the object under the (top) index expression.
3482 * The "rval" property id is underneath those two on the stack.
3483 * The for loop body net and gross lengths can now be adjusted
3484 * to account for the length of the indexing expression that
3485 * came after JSOP_FORELEM and before JSOP_ENUMELEM.
3488 op = JSOP_NOP; /* turn off parens around xval */
3490 op = JSOP_GETELEM; /* lval must have high precedence */
3494 LOCAL_ASSERT(strcmp(rval, forelem_cookie) == 0);
3495 if (*xval == '\0') {
3496 todo = SprintCString(&ss->sprinter, lval);
3498 todo = Sprint(&ss->sprinter,
3499 (JOF_OPMODE(lastop) == JOF_XMLNAME)
3512 rval = GetStr(ss, ss->top-2);
3513 todo = SprintCString(&ss->sprinter, rval);
3514 if (todo < 0 || !PushOff(ss, todo,
3515 (JSOp) ss->opcodes[ss->top-2])) {
3521 #if JS_HAS_DESTRUCTURING
3522 sn = js_GetSrcNote(jp->script, pc);
3524 LOCAL_ASSERT(SN_TYPE(sn) == SRC_DESTRUCT);
3525 pc = DecompileDestructuring(ss, pc, endpc);
3530 op = saveop = JSOP_ENUMELEM;
3533 if (strcmp(rval, forelem_cookie) == 0) {
3534 todo = Sprint(&ss->sprinter, ss_format,
3535 VarPrefix(sn), lval);
3537 // Skip POP so the SRC_FOR_IN code can pop for itself.
3538 if (*pc == JSOP_POP)
3539 len = JSOP_POP_LENGTH;
3541 todo = Sprint(&ss->sprinter, "%s%s = %s",
3542 VarPrefix(sn), lval, rval);
3548 rval = GetStr(ss, ss->top-1);
3549 saveop = (JSOp) ss->opcodes[ss->top-1];
3550 todo = SprintCString(&ss->sprinter, rval);
3554 atom = GetArgOrVarAtom(jp, GET_ARGNO(pc));
3564 lval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3568 if (op == JSOP_SETNAME || op == JSOP_SETGNAME)
3569 (void) PopOff(ss, op);
3572 sn = js_GetSrcNote(jp->script, pc - 1);
3573 if (sn && SN_TYPE(sn) == SRC_ASSIGNOP) {
3574 todo = Sprint(&ss->sprinter, "%s %s= %s",
3576 (lastop == JSOP_GETTER)
3578 : (lastop == JSOP_SETTER)
3580 : CodeToken[lastop],
3583 sn = js_GetSrcNote(jp->script, pc);
3584 todo = Sprint(&ss->sprinter, "%s%s = %s",
3585 VarPrefix(sn), lval, rval);
3587 if (op == JSOP_SETLOCALPOP) {
3588 if (!PushOff(ss, todo, saveop))
3591 LOCAL_ASSERT(*rval != '\0');
3592 js_printf(jp, "\t%s;\n", rval);
3602 argc = GET_ARGC(pc);
3604 cx->malloc((size_t)(argc + 1) * sizeof *argv);
3610 for (i = argc; i > 0; i--)
3611 argv[i] = JS_strdup(cx, POP_STR());
3613 /* Skip the JSOP_PUSHOBJ-created empty string. */
3614 LOCAL_ASSERT(ss->top >= 2);
3615 (void) PopOff(ss, op);
3618 * Special case: new (x(y)(z)) must be parenthesized like so.
3619 * Same for new (x(y).z) -- contrast with new x(y).z.
3620 * See PROPAGATE_CALLNESS.
3622 op = (JSOp) ss->opcodes[ss->top - 1];
3624 (saveop == JSOP_NEW &&
3627 op == JSOP_FUNCALL ||
3628 op == JSOP_FUNAPPLY ||
3629 (js_CodeSpec[op].format & JOF_CALLOP)))
3634 argv[0] = JS_strdup(cx, lval);
3638 lval = "(", rval = ")";
3639 if (op == JSOP_NEW) {
3642 todo = Sprint(&ss->sprinter, "%s %s%s",
3643 js_new_str, argv[0], lval);
3645 todo = Sprint(&ss->sprinter, ss_format,
3651 for (i = 1; i <= argc; i++) {
3653 Sprint(&ss->sprinter, ss_format,
3654 argv[i], (i < argc) ? ", " : "") < 0) {
3659 if (Sprint(&ss->sprinter, rval) < 0)
3662 for (i = 0; i <= argc; i++)
3670 todo = Sprint(&ss->sprinter, "");
3675 lval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3678 RETRACT(&ss->sprinter, lval);
3680 todo = Sprint(&ss->sprinter, "%s %s", js_delete_str, lval);
3684 GET_ATOM_QUOTE_AND_FMT("%s %s[%s]", "%s %s.%s", rval);
3687 todo = Sprint(&ss->sprinter, fmt, js_delete_str, lval, rval);
3691 op = JSOP_NOP; /* turn off parens */
3696 goto do_delete_lval;
3697 todo = Sprint(&ss->sprinter,
3698 (JOF_OPMODE(lastop) == JOF_XMLNAME)
3701 js_delete_str, lval, xval);
3704 #if JS_HAS_XML_SUPPORT
3709 todo = Sprint(&ss->sprinter, "%s %s..%s",
3710 js_delete_str, lval, xval);
3714 case JSOP_TYPEOFEXPR:
3718 todo = Sprint(&ss->sprinter, "%s %s",
3719 (op == JSOP_VOID) ? js_void_str : js_typeof_str,
3725 atom = GetArgOrVarAtom(jp, GET_ARGNO(pc));
3735 lval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3738 RETRACT(&ss->sprinter, lval);
3740 todo = Sprint(&ss->sprinter, ss_format,
3741 js_incop_strs[!(cs->format & JOF_INC)], lval);
3746 GET_ATOM_QUOTE_AND_FMT(preindex_format, predot_format, rval);
3749 * Force precedence below the numeric literal opcodes, so that
3750 * 42..foo or 10000..toString(16), e.g., decompile with parens
3751 * around the left-hand side of dot.
3755 todo = Sprint(&ss->sprinter, fmt,
3756 js_incop_strs[!(cs->format & JOF_INC)],
3762 op = JSOP_NOP; /* turn off parens */
3766 if (*xval != '\0') {
3767 todo = Sprint(&ss->sprinter,
3768 (JOF_OPMODE(lastop) == JOF_XMLNAME)
3771 js_incop_strs[!(cs->format & JOF_INC)],
3774 todo = Sprint(&ss->sprinter, ss_format,
3775 js_incop_strs[!(cs->format & JOF_INC)], lval);
3781 atom = GetArgOrVarAtom(jp, GET_ARGNO(pc));
3791 lval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3794 RETRACT(&ss->sprinter, lval);
3796 todo = Sprint(&ss->sprinter, ss_format,
3797 lval, js_incop_strs[!(cs->format & JOF_INC)]);
3802 GET_ATOM_QUOTE_AND_FMT(postindex_format, postdot_format, rval);
3805 * Force precedence below the numeric literal opcodes, so that
3806 * 42..foo or 10000..toString(16), e.g., decompile with parens
3807 * around the left-hand side of dot.
3811 todo = Sprint(&ss->sprinter, fmt, lval, rval,
3812 js_incop_strs[!(cs->format & JOF_INC)]);
3817 op = JSOP_NOP; /* turn off parens */
3821 if (*xval != '\0') {
3822 todo = Sprint(&ss->sprinter,
3823 (JOF_OPMODE(lastop) == JOF_XMLNAME)
3827 js_incop_strs[!(cs->format & JOF_INC)]);
3829 todo = Sprint(&ss->sprinter, ss_format,
3830 lval, js_incop_strs[!(cs->format & JOF_INC)]);
3836 rval = js_length_str;
3837 goto do_getprop_lval;
3841 (void) PopOff(ss, lastop);
3850 GET_QUOTE_AND_FMT(index_format, dot_format, rval);
3852 PROPAGATE_CALLNESS();
3854 todo = Sprint(&ss->sprinter, fmt, lval, rval);
3857 case JSOP_GETTHISPROP:
3859 GET_QUOTE_AND_FMT(index_format, dot_format, rval);
3860 todo = Sprint(&ss->sprinter, fmt, js_this_str, rval);
3863 case JSOP_GETARGPROP:
3864 /* Get the name of the argument or variable. */
3868 atom = GetArgOrVarAtom(ss->printer, i);
3870 lval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
3871 if (!lval || !PushOff(ss, STR2OFF(&ss->sprinter, lval), op))
3874 /* Get the name of the property. */
3875 LOAD_ATOM(ARGNO_LEN);
3878 case JSOP_GETLOCALPROP:
3879 if (IsVarSlot(jp, pc, &i))
3880 goto do_getarg_prop;
3881 LOCAL_ASSERT((uintN)i < ss->top);
3882 lval = GetLocal(ss, i);
3885 todo = SprintCString(&ss->sprinter, lval);
3886 if (todo < 0 || !PushOff(ss, todo, op))
3892 case JSOP_SETMETHOD:
3894 GET_QUOTE_AND_FMT("%s[%s] %s= %s", "%s.%s %s= %s", xval);
3898 * Force precedence below the numeric literal opcodes, so that
3899 * 42..foo or 10000..toString(16), e.g., decompile with parens
3900 * around the left-hand side of dot.
3904 sn = js_GetSrcNote(jp->script, pc - 1);
3905 todo = Sprint(&ss->sprinter, fmt, lval, xval,
3906 (sn && SN_TYPE(sn) == SRC_ASSIGNOP)
3907 ? (lastop == JSOP_GETTER)
3909 : (lastop == JSOP_SETTER)
3918 (void) PopOff(ss, lastop);
3923 op = JSOP_NOP; /* turn off parens */
3926 PROPAGATE_CALLNESS();
3928 if (*xval == '\0') {
3929 todo = Sprint(&ss->sprinter, "%s", lval);
3931 todo = Sprint(&ss->sprinter,
3932 (JOF_OPMODE(lastop) == JOF_XMLNAME)
3941 op = JSOP_NOP; /* turn off parens */
3943 cs = &js_CodeSpec[ss->opcodes[ss->top]];
3944 op = JSOP_GETELEM; /* lval must have high precedence */
3949 sn = js_GetSrcNote(jp->script, pc - 1);
3950 todo = Sprint(&ss->sprinter,
3951 (JOF_MODE(cs->format) == JOF_XMLNAME)
3955 (sn && SN_TYPE(sn) == SRC_ASSIGNOP)
3956 ? (lastop == JSOP_GETTER)
3958 : (lastop == JSOP_SETTER)
3966 i = (jsint) GET_ARGNO(pc);
3967 todo = Sprint(&ss->sprinter, "%s[%d]",
3968 js_arguments_str, (int) i);
3972 todo = Sprint(&ss->sprinter, dot_format,
3973 js_arguments_str, js_length_str);
3979 atom = GetArgOrVarAtom(jp, i);
3980 #if JS_HAS_DESTRUCTURING
3982 todo = Sprint(&ss->sprinter, "%s[%d]", js_arguments_str, i);
3990 case JSOP_CALLGLOBAL:
3991 case JSOP_GETGLOBAL:
3992 atom = jp->script->getGlobalAtom(GET_SLOTNO(pc));
3998 case JSOP_CALLGNAME:
4002 #if JS_HAS_XML_SUPPORT
4005 sn = js_GetSrcNote(jp->script, pc);
4006 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
4007 inXML ? DONT_ESCAPE : 0);
4010 RETRACT(&ss->sprinter, rval);
4011 todo = Sprint(&ss->sprinter, sss_format,
4012 VarPrefix(sn), lval, rval);
4016 i = (jsint) GET_UINT16(pc);
4020 i = (jsint) GET_UINT24(pc);
4030 todo = Sprint(&ss->sprinter, "%d", i);
4036 GET_DOUBLE_FROM_BYTECODE(jp->script, pc, 0, d);
4037 val = DOUBLE_TO_JSVAL(d);
4038 todo = SprintDoubleValue(&ss->sprinter, val, &saveop);
4044 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
4045 inXML ? DONT_ESCAPE : '"');
4048 todo = STR2OFF(&ss->sprinter, rval);
4052 case JSOP_LAMBDA_FC:
4053 case JSOP_LAMBDA_DBGFC:
4054 #if JS_HAS_GENERATOR_EXPRS
4055 sn = js_GetSrcNote(jp->script, pc);
4056 if (sn && SN_TYPE(sn) == SRC_GENEXP) {
4058 jsuword *innerLocalNames, *outerLocalNames;
4059 JSScript *inner, *outer;
4061 JSFunction *outerfun;
4066 * All allocation when decompiling is LIFO, using malloc
4067 * or, more commonly, arena-allocating from cx->tempPool.
4068 * Therefore after InitSprintStack succeeds, we must
4069 * release to mark before returning.
4071 mark = JS_ARENA_MARK(&cx->tempPool);
4072 if (fun->script()->bindings.hasLocalNames()) {
4074 fun->script()->bindings.getLocalNameArray(cx, &cx->tempPool);
4075 if (!innerLocalNames)
4078 innerLocalNames = NULL;
4080 inner = fun->script();
4081 if (!InitSprintStack(cx, &ss2, jp, StackDepth(inner))) {
4082 JS_ARENA_RELEASE(&cx->tempPool, mark);
4085 ss2.inGenExp = JS_TRUE;
4088 * Recursively decompile this generator function as an
4089 * un-parenthesized generator expression. The ss->inGenExp
4090 * special case of JSOP_YIELD shares array comprehension
4091 * decompilation code that leaves the result as the single
4092 * string pushed on ss2.
4096 outerLocalNames = jp->localNames;
4097 LOCAL_ASSERT(JS_UPTRDIFF(pc, outer->code) <= outer->length);
4100 jp->localNames = innerLocalNames;
4103 * Decompile only the main bytecode, to avoid tripping over
4104 * new prolog ops that have stack effects.
4106 ok = Decompile(&ss2, inner->main,
4107 inner->length - (inner->main - inner->code),
4112 jp->localNames = outerLocalNames;
4114 JS_ARENA_RELEASE(&cx->tempPool, mark);
4119 * Advance over this op and its global |this| push, and
4120 * arrange to advance over the call to this lambda.
4123 if (*pc == JSOP_BLOCKCHAIN) {
4124 pc += JSOP_BLOCKCHAIN_LENGTH;
4126 LOCAL_ASSERT(*pc == JSOP_NULLBLOCKCHAIN);
4127 pc += JSOP_NULLBLOCKCHAIN_LENGTH;
4129 LOCAL_ASSERT(*pc == JSOP_PUSH);
4130 pc += JSOP_PUSH_LENGTH;
4131 LOCAL_ASSERT(*pc == JSOP_CALL);
4132 LOCAL_ASSERT(GET_ARGC(pc) == 0);
4133 len = JSOP_CALL_LENGTH;
4136 * Arrange to parenthesize this genexp unless:
4138 * 1. It is the complete expression consumed by a control
4139 * flow bytecode such as JSOP_TABLESWITCH whose syntax
4140 * always parenthesizes the controlling expression.
4141 * 2. It is the sole argument to a function call.
4143 * But if this genexp runs up against endpc, parenthesize
4144 * regardless. (This can happen if we are called from
4145 * DecompileExpression or recursively from case
4146 * JSOP_{NOP,AND,OR}.)
4148 * There's no special case for |if (genexp)| because the
4149 * compiler optimizes that to |if (true)|.
4153 if (op == JSOP_TRACE || op == JSOP_NOP)
4154 pc2 += JSOP_NOP_LENGTH;
4155 LOCAL_ASSERT(pc2 < endpc ||
4156 endpc < outer->code + outer->length);
4157 LOCAL_ASSERT(ss2.top == 1);
4158 ss2.opcodes[0] = JSOP_POP;
4163 op = ((js_CodeSpec[op].format & JOF_PARENHEAD) ||
4164 ((js_CodeSpec[op].format & JOF_INVOKE) && GET_ARGC(pc2) == 1))
4169 * Stack this result as if it's a name and not an
4170 * anonymous function, so it doesn't get decompiled as
4171 * a generator function in a getter or setter context.
4172 * The precedence level is the same for JSOP_NAME and
4175 LOCAL_ASSERT(js_CodeSpec[JSOP_NAME].prec ==
4176 js_CodeSpec[saveop].prec);
4181 * Alas, we have to malloc a copy of the result left on
4182 * the top of ss2 because both ss and ss2 arena-allocate
4183 * from cx's tempPool.
4185 rval = JS_strdup(cx, PopStr(&ss2, op));
4186 JS_ARENA_RELEASE(&cx->tempPool, mark);
4189 todo = SprintCString(&ss->sprinter, rval);
4190 cx->free((void *)rval);
4193 #endif /* JS_HAS_GENERATOR_EXPRS */
4199 * Always parenthesize expression closures. We can't force
4200 * saveop to a low-precedence op to arrange for auto-magic
4201 * parenthesization without confusing getter/setter code
4202 * that checks for JSOP_LAMBDA.
4204 bool grouped = !(fun->flags & JSFUN_EXPR_CLOSURE);
4205 bool strict = jp->script->strictModeCode;
4206 str = js_DecompileToString(cx, "lambda", fun, 0,
4207 false, grouped, strict,
4208 js_DecompileFunction);
4213 todo = SprintString(&ss->sprinter, str);
4217 JS_ASSERT(jp->fun && jp->fun->atom);
4218 todo = SprintString(&ss->sprinter, ATOM_TO_STRING(jp->fun->atom));
4223 str = js_ValueToSource(cx, ObjectValue(*obj));
4229 GET_REGEXP_FROM_BYTECODE(jp->script, pc, 0, obj);
4230 if (!js_regexp_toString(cx, obj, Valueify(&val)))
4232 str = JSVAL_TO_STRING(val);
4235 case JSOP_TABLESWITCH:
4236 case JSOP_TABLESWITCHX:
4238 ptrdiff_t jmplen, off, off2;
4239 jsint j, n, low, high;
4240 TableEntry *table, *tmp;
4242 sn = js_GetSrcNote(jp->script, pc);
4243 LOCAL_ASSERT(sn && SN_TYPE(sn) == SRC_SWITCH);
4244 len = js_GetSrcNoteOffset(sn, 0);
4245 jmplen = (op == JSOP_TABLESWITCH) ? JUMP_OFFSET_LEN
4248 off = GetJumpOffset(pc, pc2);
4250 low = GET_JUMP_OFFSET(pc2);
4251 pc2 += JUMP_OFFSET_LEN;
4252 high = GET_JUMP_OFFSET(pc2);
4253 pc2 += JUMP_OFFSET_LEN;
4261 table = (TableEntry *)
4262 cx->malloc((size_t)n * sizeof *table);
4265 for (i = j = 0; i < n; i++) {
4266 table[j].label = NULL;
4267 off2 = GetJumpOffset(pc, pc2);
4269 sn = js_GetSrcNote(jp->script, pc2);
4271 LOCAL_ASSERT(SN_TYPE(sn) == SRC_LABEL);
4272 GET_SOURCE_NOTE_ATOM(sn, table[j].label);
4274 table[j].key = INT_TO_JSVAL(low + i);
4275 table[j].offset = off2;
4281 tmp = (TableEntry *)
4282 cx->malloc((size_t)j * sizeof *table);
4284 VOUCH_DOES_NOT_REQUIRE_STACK();
4285 ok = js_MergeSort(table, (size_t)j, sizeof(TableEntry),
4286 CompareOffsets, NULL, tmp,
4287 JS_SORTING_GENERIC);
4295 ok = DecompileSwitch(ss, table, (uintN)j, pc, len, off,
4305 case JSOP_LOOKUPSWITCH:
4306 case JSOP_LOOKUPSWITCHX:
4308 ptrdiff_t jmplen, off, off2;
4312 sn = js_GetSrcNote(jp->script, pc);
4313 LOCAL_ASSERT(sn && SN_TYPE(sn) == SRC_SWITCH);
4314 len = js_GetSrcNoteOffset(sn, 0);
4315 jmplen = (op == JSOP_LOOKUPSWITCH) ? JUMP_OFFSET_LEN
4318 off = GetJumpOffset(pc, pc2);
4320 npairs = GET_UINT16(pc2);
4323 table = (TableEntry *)
4324 cx->malloc((size_t)npairs * sizeof *table);
4327 for (k = 0; k < npairs; k++) {
4328 sn = js_GetSrcNote(jp->script, pc2);
4330 LOCAL_ASSERT(SN_TYPE(sn) == SRC_LABEL);
4331 GET_SOURCE_NOTE_ATOM(sn, table[k].label);
4333 table[k].label = NULL;
4335 uint16 constIndex = GET_INDEX(pc2);
4337 off2 = GetJumpOffset(pc, pc2);
4339 table[k].key = Jsvalify(jp->script->getConst(constIndex));
4340 table[k].offset = off2;
4343 ok = DecompileSwitch(ss, table, (uintN)npairs, pc, len, off,
4352 case JSOP_CONDSWITCH:
4354 ptrdiff_t off, off2, caseOff;
4358 sn = js_GetSrcNote(jp->script, pc);
4359 LOCAL_ASSERT(sn && SN_TYPE(sn) == SRC_SWITCH);
4360 len = js_GetSrcNoteOffset(sn, 0);
4361 off = js_GetSrcNoteOffset(sn, 1);
4364 * Count the cases using offsets from switch to first case,
4365 * and case to case, stored in srcnote immediates.
4369 for (ncases = 0; off2 != 0; ncases++) {
4371 LOCAL_ASSERT(*pc2 == JSOP_CASE || *pc2 == JSOP_DEFAULT ||
4372 *pc2 == JSOP_CASEX || *pc2 == JSOP_DEFAULTX);
4373 if (*pc2 == JSOP_DEFAULT || *pc2 == JSOP_DEFAULTX) {
4374 /* End of cases, but count default as a case. */
4377 sn = js_GetSrcNote(jp->script, pc2);
4378 LOCAL_ASSERT(sn && SN_TYPE(sn) == SRC_PCDELTA);
4379 off2 = js_GetSrcNoteOffset(sn, 0);
4384 * Allocate table and rescan the cases using their srcnotes,
4385 * stashing each case's delta from switch top in table[i].key,
4386 * and the distance to its statements in table[i].offset.
4388 table = (TableEntry *)
4389 cx->malloc((size_t)ncases * sizeof *table);
4394 for (i = 0; i < ncases; i++) {
4396 LOCAL_ASSERT(*pc2 == JSOP_CASE || *pc2 == JSOP_DEFAULT ||
4397 *pc2 == JSOP_CASEX || *pc2 == JSOP_DEFAULTX);
4399 table[i].key = INT_TO_JSVAL((jsint) caseOff);
4400 table[i].offset = caseOff + GetJumpOffset(pc2, pc2);
4401 if (*pc2 == JSOP_CASE || *pc2 == JSOP_CASEX) {
4402 sn = js_GetSrcNote(jp->script, pc2);
4403 LOCAL_ASSERT(sn && SN_TYPE(sn) == SRC_PCDELTA);
4404 off2 = js_GetSrcNoteOffset(sn, 0);
4409 * Find offset of default code by fetching the default offset
4410 * from the end of table. JSOP_CONDSWITCH always has a default
4413 off = JSVAL_TO_INT(table[ncases-1].key);
4415 off += GetJumpOffset(pc2, pc2);
4417 ok = DecompileSwitch(ss, table, (uintN)ncases, pc, len, off,
4432 js_printf(jp, "\tcase %s:\n", lval);
4438 case JSOP_DEFFUN_FC:
4439 case JSOP_DEFFUN_DBGFC:
4446 saveop = op = JS_GetTrapOpcode(cx, jp->script, pc);
4448 cs = &js_CodeSpec[op];
4450 DECOMPILE_CODE(pc, len);
4456 todo = SprintPut(&ss->sprinter, "", 0);
4462 LOCAL_ASSERT(i == JSProto_Array || i == JSProto_Object);
4464 todo = ss->sprinter.offset;
4465 #if JS_HAS_SHARP_VARS
4467 if (op == JSOP_SHARPINIT)
4468 op = (JSOp)pc[len += JSOP_SHARPINIT_LENGTH];
4469 if (op == JSOP_DEFSHARP) {
4471 cs = &js_CodeSpec[op];
4473 if (Sprint(&ss->sprinter, "#%u=",
4474 (unsigned) (jsint) GET_UINT16(pc + UINT16_LEN))
4479 #endif /* JS_HAS_SHARP_VARS */
4480 if (i == JSProto_Array) {
4482 if (SprintCString(&ss->sprinter, "[") < 0)
4485 if (SprintCString(&ss->sprinter, "{") < 0)
4493 todo = ss->sprinter.offset;
4495 if (SprintCString(&ss->sprinter, "[") < 0)
4500 case JSOP_NEWOBJECT:
4502 todo = ss->sprinter.offset;
4503 if (SprintCString(&ss->sprinter, "{") < 0)
4512 op = JSOP_NOP; /* turn off parens */
4514 sn = js_GetSrcNote(jp->script, pc);
4516 /* Skip any #n= prefix to find the opening bracket. */
4517 for (xval = rval; *xval != '[' && *xval != '{'; xval++)
4519 inArray = (*xval == '[');
4522 todo = Sprint(&ss->sprinter, "%s%s%c",
4524 (sn && SN_TYPE(sn) == SRC_CONTINUE) ? ", " : "",
4525 inArray ? ']' : '}');
4531 const char *maybeComma;
4534 isFirst = IsInitializerOp(ss->opcodes[ss->top - 3]);
4536 /* Turn off most parens. */
4540 /* Turn off all parens for xval and lval, which we control. */
4544 sn = js_GetSrcNote(jp->script, pc);
4546 if (sn && SN_TYPE(sn) == SRC_INITPROP) {
4550 maybeComma = isFirst ? "" : ", ";
4551 todo = Sprint(&ss->sprinter, sss_format,
4558 case JSOP_INITMETHOD:
4560 xval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
4561 jschar(ATOM_IS_IDENTIFIER(atom) ? 0 : '\''));
4564 isFirst = IsInitializerOp(ss->opcodes[ss->top - 2]);
4570 maybeComma = isFirst ? "" : ", ";
4571 if (lastop == JSOP_GETTER || lastop == JSOP_SETTER) {
4572 const char *end = rval + strlen(rval);
4576 LOCAL_ASSERT(strncmp(rval, js_function_str, 8) == 0);
4577 LOCAL_ASSERT(rval[8] == ' ');
4579 LOCAL_ASSERT(*end ? *end == ')' : end[-1] == '}');
4580 todo = Sprint(&ss->sprinter, "%s%s%s %s%s%.*s",
4583 (lastop == JSOP_GETTER)
4584 ? js_get_str : js_set_str,
4586 (rval[0] != '(') ? " " : "",
4589 todo = Sprint(&ss->sprinter, "%s%s%s: %s",
4590 lval, maybeComma, xval, rval);
4595 #if JS_HAS_SHARP_VARS
4597 i = (jsint) GET_UINT16(pc + UINT16_LEN);
4599 todo = Sprint(&ss->sprinter, "#%u=%s", (unsigned) i, rval);
4603 i = (jsint) GET_UINT16(pc + UINT16_LEN);
4604 todo = Sprint(&ss->sprinter, "#%u#", (unsigned) i);
4606 #endif /* JS_HAS_SHARP_VARS */
4609 js_printf(jp, "\tdebugger;\n");
4613 #if JS_HAS_XML_SUPPORT
4615 case JSOP_STARTXMLEXPR:
4616 inXML = op == JSOP_STARTXML;
4622 js_printf(jp, "\t%s %s %s = %s;\n",
4623 js_default_str, js_xml_str, js_namespace_str, rval);
4628 if (pc[JSOP_ANYNAME_LENGTH] == JSOP_TOATTRNAME) {
4629 len += JSOP_TOATTRNAME_LENGTH;
4630 todo = SprintPut(&ss->sprinter, "@*", 2);
4632 todo = SprintPut(&ss->sprinter, "*", 1);
4636 case JSOP_QNAMEPART:
4638 if (pc[JSOP_QNAMEPART_LENGTH] == JSOP_TOATTRNAME) {
4639 saveop = JSOP_TOATTRNAME;
4640 len += JSOP_TOATTRNAME_LENGTH;
4646 case JSOP_QNAMECONST:
4648 rval = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0);
4651 RETRACT(&ss->sprinter, rval);
4653 todo = Sprint(&ss->sprinter, "%s::%s", lval, rval);
4659 todo = Sprint(&ss->sprinter, "%s::[%s]", lval, rval);
4662 case JSOP_TOATTRNAME:
4663 op = JSOP_NOP; /* turn off parens */
4665 todo = Sprint(&ss->sprinter, "@[%s]", rval);
4668 case JSOP_TOATTRVAL:
4672 case JSOP_ADDATTRNAME:
4675 todo = Sprint(&ss->sprinter, "%s %s", lval, rval);
4676 /* This gets reset by all XML tag expressions. */
4677 quoteAttr = JS_TRUE;
4680 case JSOP_ADDATTRVAL:
4684 todo = Sprint(&ss->sprinter, "%s=\"%s\"", lval, rval);
4686 todo = Sprint(&ss->sprinter, "%s=%s", lval, rval);
4689 case JSOP_BINDXMLNAME:
4690 /* Leave the name stacked and push a dummy string. */
4691 todo = Sprint(&ss->sprinter, "");
4694 case JSOP_SETXMLNAME:
4695 /* Pop the r.h.s., the dummy string, and the name. */
4697 (void) PopOff(ss, op);
4701 case JSOP_XMLELTEXPR:
4702 case JSOP_XMLTAGEXPR:
4703 todo = Sprint(&ss->sprinter, "{%s}", POP_STR());
4705 /* If we're an attribute value, we shouldn't quote this. */
4706 quoteAttr = JS_FALSE;
4709 case JSOP_TOXMLLIST:
4710 op = JSOP_NOP; /* turn off parens */
4711 todo = Sprint(&ss->sprinter, "<>%s</>", POP_STR());
4716 case JSOP_CALLXMLNAME:
4719 /* These ops indicate the end of XML expressions. */
4724 case JSOP_ENDFILTER:
4726 PROPAGATE_CALLNESS();
4728 todo = Sprint(&ss->sprinter, "%s.(%s)", lval, rval);
4731 case JSOP_DESCENDANTS:
4733 PROPAGATE_CALLNESS();
4735 todo = Sprint(&ss->sprinter, "%s..%s", lval, rval);
4740 todo = SprintPut(&ss->sprinter, "<![CDATA[", 9);
4741 if (!QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
4744 SprintPut(&ss->sprinter, "]]>", 3);
4747 case JSOP_XMLCOMMENT:
4749 todo = SprintPut(&ss->sprinter, "<!--", 4);
4750 if (!QuoteString(&ss->sprinter, ATOM_TO_STRING(atom),
4753 SprintPut(&ss->sprinter, "-->", 3);
4758 rval = JS_strdup(cx, POP_STR());
4761 todo = SprintPut(&ss->sprinter, "<?", 2);
4762 ok = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0) &&
4764 (SprintPut(&ss->sprinter, " ", 1) >= 0 &&
4765 SprintCString(&ss->sprinter, rval)));
4766 cx->free((char *)rval);
4769 SprintPut(&ss->sprinter, "?>", 2);
4773 todo = SprintPut(&ss->sprinter, js_function_str, 8);
4775 #endif /* JS_HAS_XML_SUPPORT */
4784 /* -2 means "don't push", -1 means reported error. */
4788 if (!PushOff(ss, todo, saveop))
4792 if (cs->format & JOF_CALLOP) {
4793 todo = Sprint(&ss->sprinter, "");
4794 if (todo < 0 || !PushOff(ss, todo, saveop))
4802 * Undefine local macros.
4805 #undef DECOMPILE_CODE
4811 #undef ATOM_IS_IDENTIFIER
4812 #undef GET_QUOTE_AND_FMT
4813 #undef GET_ATOM_QUOTE_AND_FMT
4819 DecompileCode(JSPrinter *jp, JSScript *script, jsbytecode *pc, uintN len,
4827 JSScript *oldscript;
4830 depth = StackDepth(script);
4831 JS_ASSERT(pcdepth <= depth);
4832 cx = jp->sprinter.context;
4834 AutoScriptUntrapper untrapper(cx, script, &pc);
4836 /* Initialize a sprinter for use with the offset stack. */
4837 mark = JS_ARENA_MARK(&cx->tempPool);
4838 ok = InitSprintStack(cx, &ss, jp, depth);
4843 * If we are called from js_DecompileValueGenerator with a portion of
4844 * script's bytecode that starts with a non-zero model stack depth given
4845 * by pcdepth, attempt to initialize the missing string offsets in ss to
4846 * |spindex| negative indexes from fp->sp for the activation fp in which
4849 * See js_DecompileValueGenerator for how its |spindex| parameter is used,
4850 * and see also GetOff, which makes use of the ss.offsets[i] < -1 that are
4851 * potentially stored below.
4855 for (i = 0; i < pcdepth; i++) {
4856 ss.offsets[i] = -2 - (ptrdiff_t)i;
4857 ss.opcodes[i] = *jp->pcstack[i];
4861 /* Call recursive subroutine to do the hard work. */
4862 oldscript = jp->script;
4863 jp->script = script;
4864 ok = Decompile(&ss, pc, len, JSOP_NOP) != NULL;
4865 jp->script = oldscript;
4867 /* If the given code didn't empty the stack, do it now. */
4870 last = OFF2STR(&ss.sprinter, PopOff(&ss, JSOP_POP));
4871 } while (ss.top > pcdepth);
4872 js_printf(jp, "%s", last);
4876 /* Free all temporary stuff allocated under this call. */
4877 JS_ARENA_RELEASE(&cx->tempPool, mark);
4882 * Decompile a function body, expression closure expression, or complete
4883 * script. Start at |pc|; go to the end of |script|. Include a directive
4884 * prologue, if appropriate.
4887 DecompileBody(JSPrinter *jp, JSScript *script, jsbytecode *pc)
4889 /* Print a strict mode code directive, if needed. */
4890 if (script->strictModeCode && !jp->strict) {
4891 if (jp->fun && (jp->fun->flags & JSFUN_EXPR_CLOSURE)) {
4893 * We have no syntax for strict function expressions;
4894 * at least give a hint.
4896 js_printf(jp, "\t/* use strict */ \n");
4898 js_printf(jp, "\t\"use strict\";\n");
4903 jsbytecode *end = script->code + script->length;
4904 return DecompileCode(jp, script, pc, end - pc, 0);
4908 js_DecompileScript(JSPrinter *jp, JSScript *script)
4910 return DecompileBody(jp, script, script->code);
4914 js_DecompileToString(JSContext *cx, const char *name, JSFunction *fun,
4915 uintN indent, JSBool pretty, JSBool grouped, JSBool strict,
4916 JSDecompilerPtr decompiler)
4921 jp = js_NewPrinter(cx, name, fun, indent, pretty, grouped, strict);
4925 str = js_GetPrinterOutput(jp);
4928 js_DestroyPrinter(jp);
4932 static const char native_code_str[] = "\t[native code]\n";
4935 js_DecompileFunctionBody(JSPrinter *jp)
4940 JS_ASSERT(!jp->script);
4941 if (!FUN_INTERPRETED(jp->fun)) {
4942 js_printf(jp, native_code_str);
4946 script = jp->fun->u.i.script;
4947 return DecompileBody(jp, script, script->code);
4951 js_DecompileFunction(JSPrinter *jp)
4956 jsbytecode *pc, *endpc;
4961 JS_ASSERT(!jp->script);
4964 * If pretty, conform to ECMA-262 Edition 3, 15.3.4.2, by decompiling a
4965 * FunctionDeclaration. Otherwise, check the JSFUN_LAMBDA flag and force
4966 * an expression by parenthesizing.
4969 js_printf(jp, "\t");
4971 if (!jp->grouped && (fun->flags & JSFUN_LAMBDA))
4975 js_printf(jp, "%s ", js_function_str);
4976 if (fun->atom && !QuoteString(&jp->sprinter, ATOM_TO_STRING(fun->atom), 0))
4980 if (!FUN_INTERPRETED(fun)) {
4981 js_printf(jp, ") {\n");
4983 js_printf(jp, native_code_str);
4985 js_printf(jp, "\t}");
4987 JSScript *script = fun->u.i.script;
4988 #if JS_HAS_DESTRUCTURING
4993 /* Print the parameters. */
4995 AutoScriptUntrapper untrapper(jp->sprinter.context, script, &pc);
4996 endpc = pc + script->length;
4999 #if JS_HAS_DESTRUCTURING
5001 jp->script = script;
5002 mark = JS_ARENA_MARK(&jp->sprinter.context->tempPool);
5005 for (i = 0; i < fun->nargs; i++) {
5009 param = GetArgOrVarAtom(jp, i);
5011 #if JS_HAS_DESTRUCTURING
5012 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, JS_FALSE)
5018 LOCAL_ASSERT(*pc == JSOP_GETARG);
5019 pc += JSOP_GETARG_LENGTH;
5020 LOCAL_ASSERT(*pc == JSOP_DUP);
5022 ok = InitSprintStack(jp->sprinter.context, &ss, jp, StackDepth(script));
5026 pc = DecompileDestructuring(&ss, pc, endpc);
5031 LOCAL_ASSERT(*pc == JSOP_POP);
5032 pc += JSOP_POP_LENGTH;
5033 lval = PopStr(&ss, JSOP_NOP);
5034 todo = SprintCString(&jp->sprinter, lval);
5045 if (!QuoteString(&jp->sprinter, ATOM_TO_STRING(param), 0)) {
5051 #if JS_HAS_DESTRUCTURING
5053 JS_ARENA_RELEASE(&jp->sprinter.context->tempPool, mark);
5057 js_printf(jp, ") ");
5058 if (!(fun->flags & JSFUN_EXPR_CLOSURE)) {
5059 js_printf(jp, "{\n");
5063 ok = DecompileBody(jp, script, pc);
5067 if (!(fun->flags & JSFUN_EXPR_CLOSURE)) {
5069 js_printf(jp, "\t}");
5073 if (!jp->pretty && !jp->grouped && (fun->flags & JSFUN_LAMBDA))
5080 js_DecompileValueGenerator(JSContext *cx, intN spindex, jsval v_in,
5087 Value v = Valueify(v_in);
5089 JS_ASSERT(spindex < 0 ||
5090 spindex == JSDVG_IGNORE_STACK ||
5091 spindex == JSDVG_SEARCH_STACK);
5095 if (!cx->regs || !cx->regs->fp || !cx->regs->fp->isScriptFrame())
5099 script = fp->script();
5100 pc = fp->hasImacropc() ? fp->imacropc() : cx->regs->pc;
5101 JS_ASSERT(script->code <= pc && pc < script->code + script->length);
5103 if (pc < script->main)
5106 if (spindex != JSDVG_IGNORE_STACK) {
5107 jsbytecode **pcstack;
5110 * Prepare computing pcstack containing pointers to opcodes that
5111 * populated interpreter's stack with its current content.
5113 pcstack = (jsbytecode **)
5114 cx->malloc(StackDepth(script) * sizeof *pcstack);
5117 intN pcdepth = ReconstructPCStack(cx, script, pc, pcstack);
5119 goto release_pcstack;
5121 if (spindex != JSDVG_SEARCH_STACK) {
5122 JS_ASSERT(spindex < 0);
5125 goto release_pcstack;
5126 pc = pcstack[pcdepth];
5129 * We search from fp->sp to base to find the most recently
5130 * calculated value matching v under assumption that it is
5131 * it that caused exception, see bug 328664.
5133 Value *stackBase = fp->base();
5134 Value *sp = cx->regs->sp;
5136 if (sp == stackBase) {
5138 goto release_pcstack;
5140 } while (*--sp != v);
5143 * The value may have come from beyond stackBase + pcdepth, meaning
5144 * that it came from a temporary slot pushed by the interpreter or
5145 * arguments pushed for an Invoke call. Only update pc if beneath
5146 * stackBase + pcdepth. If above, the value may or may not be
5147 * produced by the current pc. Since it takes a fairly contrived
5148 * combination of calls to produce a situation where this is not
5149 * what we want, we just use the current pc.
5151 if (sp < stackBase + pcdepth)
5152 pc = pcstack[sp - stackBase];
5162 jsbytecode* basepc = cx->regs->pc;
5163 jsbytecode* savedImacropc = fp->maybeImacropc();
5164 if (savedImacropc) {
5165 JS_ASSERT(cx->hasfp());
5166 cx->regs->pc = savedImacropc;
5167 fp->clearImacropc();
5171 * FIXME: bug 489843. Stack reconstruction may have returned a pc
5172 * value *inside* an imacro; this would confuse the decompiler.
5175 if (savedImacropc && size_t(pc - script->code) >= script->length)
5176 name = FAILED_EXPRESSION_DECOMPILER;
5178 name = DecompileExpression(cx, script, fp->maybeFun(), pc);
5180 if (savedImacropc) {
5181 JS_ASSERT(cx->hasfp());
5182 cx->regs->pc = basepc;
5183 fp->setImacropc(savedImacropc);
5186 if (name != FAILED_EXPRESSION_DECOMPILER)
5192 fallback = js_ValueToSource(cx, v);
5196 size_t length = fallback->length();
5197 const jschar *chars = fallback->getChars(cx);
5200 return js_DeflateString(cx, chars, length);
5204 DecompileExpression(JSContext *cx, JSScript *script, JSFunction *fun,
5208 const JSCodeSpec *cs;
5209 jsbytecode *begin, *end;
5212 jsbytecode **pcstack;
5217 JS_ASSERT(script->code <= pc && pc < script->code + script->length);
5220 AutoScriptUntrapper untrapper(cx, script, &pc);
5223 /* None of these stack-writing ops generates novel values. */
5224 JS_ASSERT(op != JSOP_CASE && op != JSOP_CASEX &&
5225 op != JSOP_DUP && op != JSOP_DUP2);
5227 /* JSOP_PUSH is used to generate undefined for group assignment holes. */
5228 if (op == JSOP_PUSH) {
5229 name = JS_strdup(cx, js_undefined_str);
5234 * |this| could convert to a very long object initialiser, so cite it by
5235 * its keyword name instead.
5237 if (op == JSOP_THIS) {
5238 name = JS_strdup(cx, js_this_str);
5243 * JSOP_BINDNAME is special: it generates a value, the base object of a
5244 * reference. But if it is the generating op for a diagnostic produced by
5245 * js_DecompileValueGenerator, the name being bound is irrelevant. Just
5246 * fall back to the base object.
5248 if (op == JSOP_BINDNAME) {
5249 name = FAILED_EXPRESSION_DECOMPILER;
5253 /* NAME ops are self-contained, others require left or right context. */
5254 cs = &js_CodeSpec[op];
5256 end = pc + cs->length;
5257 switch (JOF_MODE(cs->format)) {
5262 sn = js_GetSrcNote(script, pc);
5264 name = FAILED_EXPRESSION_DECOMPILER;
5267 switch (SN_TYPE(sn)) {
5269 begin -= js_GetSrcNoteOffset(sn, 0);
5272 end = begin + js_GetSrcNoteOffset(sn, 0);
5273 begin += cs->length;
5276 name = FAILED_EXPRESSION_DECOMPILER;
5284 name = FAILED_EXPRESSION_DECOMPILER;
5288 pcstack = (jsbytecode **)
5289 cx->malloc(StackDepth(script) * sizeof *pcstack);
5295 MUST_FLOW_THROUGH("out");
5296 pcdepth = ReconstructPCStack(cx, script, begin, pcstack);
5298 name = FAILED_EXPRESSION_DECOMPILER;
5303 jp = js_NewPrinter(cx, "js_DecompileValueGenerator", fun, 0,
5304 false, false, false);
5307 jp->pcstack = pcstack;
5308 if (DecompileCode(jp, script, begin, (uintN) len, (uintN) pcdepth)) {
5309 name = (jp->sprinter.base) ? jp->sprinter.base : (char *) "";
5310 name = JS_strdup(cx, name);
5312 js_DestroyPrinter(jp);
5321 js_ReconstructStackDepth(JSContext *cx, JSScript *script, jsbytecode *pc)
5323 return ReconstructPCStack(cx, script, pc, NULL);
5326 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, -1);
5329 SimulateOp(JSContext *cx, JSScript *script, JSOp op, const JSCodeSpec *cs,
5330 jsbytecode *pc, jsbytecode **pcstack, uintN &pcdepth)
5332 uintN nuses = js_GetStackUses(cs, op, pc);
5333 uintN ndefs = js_GetStackDefs(cx, cs, op, script, pc);
5334 LOCAL_ASSERT(pcdepth >= nuses);
5336 LOCAL_ASSERT(pcdepth + ndefs <= StackDepth(script));
5339 * Fill the slots that the opcode defines withs its pc unless it just
5340 * reshuffles the stack. In the latter case we want to preserve the
5341 * opcode that generated the original value.
5346 for (uintN i = 0; i != ndefs; ++i)
5347 pcstack[pcdepth + i] = pc;
5353 /* Keep the switch value. */
5354 JS_ASSERT(ndefs == 1);
5358 JS_ASSERT(ndefs == 2);
5360 pcstack[pcdepth + 1] = pcstack[pcdepth];
5364 JS_ASSERT(ndefs == 4);
5366 pcstack[pcdepth + 2] = pcstack[pcdepth];
5367 pcstack[pcdepth + 3] = pcstack[pcdepth + 1];
5372 JS_ASSERT(ndefs == 2);
5374 jsbytecode *tmp = pcstack[pcdepth + 1];
5375 pcstack[pcdepth + 1] = pcstack[pcdepth];
5376 pcstack[pcdepth] = tmp;
5387 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_CUSTOM(expr, goto failure);
5390 SimulateImacroCFG(JSContext *cx, JSScript *script,
5391 uintN pcdepth, jsbytecode *pc, jsbytecode *target,
5392 jsbytecode **pcstack)
5395 jsbytecode** tmp_pcstack = NULL;
5397 nbytes = StackDepth(script) * sizeof *pcstack;
5398 tmp_pcstack = (jsbytecode **) cx->malloc(nbytes);
5401 memcpy(tmp_pcstack, pcstack, nbytes);
5405 for (; pc < target; pc += oplen) {
5406 JSOp op = js_GetOpcode(cx, script, pc);
5407 const JSCodeSpec *cs = &js_CodeSpec[op];
5410 oplen = js_GetVariableBytecodeLength(pc);
5412 if (SimulateOp(cx, script, op, cs, pc, tmp_pcstack, pcdepth) < 0)
5415 uint32 type = cs->format & JOF_TYPEMASK;
5416 if (type == JOF_JUMP || type == JOF_JUMPX) {
5417 ptrdiff_t jmpoff = (type == JOF_JUMP) ? GET_JUMP_OFFSET(pc)
5418 : GET_JUMPX_OFFSET(pc);
5419 LOCAL_ASSERT(jmpoff >= 0);
5420 intN tmp_pcdepth = SimulateImacroCFG(cx, script, pcdepth, pc + jmpoff,
5421 target, tmp_pcstack);
5422 if (tmp_pcdepth >= 0) {
5423 pcdepth = uintN(tmp_pcdepth);
5427 if (op == JSOP_GOTO || op == JSOP_GOTOX)
5435 LOCAL_ASSERT(pc == target);
5439 memcpy(pcstack, tmp_pcstack, nbytes);
5440 cx->free(tmp_pcstack);
5446 cx->free(tmp_pcstack);
5451 #define LOCAL_ASSERT(expr) LOCAL_ASSERT_RV(expr, -1);
5454 ReconstructImacroPCStack(JSContext *cx, JSScript *script,
5455 jsbytecode *imacstart, jsbytecode *target,
5456 jsbytecode **pcstack)
5459 * Begin with a recursive call back to ReconstructPCStack to pick up
5460 * the state-of-the-world at the *start* of the imacro.
5462 JSStackFrame *fp = js_GetScriptedCaller(cx, NULL);
5463 JS_ASSERT(fp->hasImacropc());
5464 intN pcdepth = ReconstructPCStack(cx, script, fp->imacropc(), pcstack);
5467 return SimulateImacroCFG(cx, script, pcdepth, imacstart, target, pcstack);
5470 extern jsbytecode* js_GetImacroStart(jsbytecode* pc);
5474 ReconstructPCStack(JSContext *cx, JSScript *script, jsbytecode *target,
5475 jsbytecode **pcstack)
5478 * Walk forward from script->main and compute the stack depth and stack of
5479 * operand-generating opcode PCs in pcstack.
5481 * FIXME: Code to compute oplen copied from js_Disassemble1 and reduced.
5482 * FIXME: Optimize to use last empty-stack sequence point.
5485 jsbytecode *imacstart = js_GetImacroStart(target);
5488 return ReconstructImacroPCStack(cx, script, imacstart, target, pcstack);
5491 LOCAL_ASSERT(script->code <= target && target < script->code + script->length);
5492 jsbytecode *pc = script->code;
5495 for (; pc < target; pc += oplen) {
5496 JSOp op = js_GetOpcode(cx, script, pc);
5497 const JSCodeSpec *cs = &js_CodeSpec[op];
5500 oplen = js_GetVariableBytecodeLength(pc);
5503 * A (C ? T : E) expression requires skipping either T (if target is in
5504 * E) or both T and E (if target is after the whole expression) before
5505 * adjusting pcdepth based on the JSOP_IFEQ or JSOP_IFEQX at pc that
5506 * tests condition C. We know that the stack depth can't change from
5507 * what it was with C on top of stack.
5509 jssrcnote *sn = js_GetSrcNote(script, pc);
5510 if (sn && SN_TYPE(sn) == SRC_COND) {
5511 ptrdiff_t jmpoff = js_GetSrcNoteOffset(sn, 0);
5512 if (pc + jmpoff < target) {
5514 op = js_GetOpcode(cx, script, pc);
5515 JS_ASSERT(op == JSOP_GOTO || op == JSOP_GOTOX);
5516 cs = &js_CodeSpec[op];
5518 JS_ASSERT(oplen > 0);
5519 ptrdiff_t jmplen = GetJumpOffset(pc, pc);
5520 if (pc + jmplen < target) {
5521 oplen = (uintN) jmplen;
5526 * Ok, target lies in E. Manually pop C off the model stack,
5527 * since we have moved beyond the IFEQ now.
5529 LOCAL_ASSERT(pcdepth != 0);
5534 /* Ignore early-exit code, which is annotated SRC_HIDDEN. */
5535 if (sn && SN_TYPE(sn) == SRC_HIDDEN)
5538 if (SimulateOp(cx, script, op, cs, pc, pcstack, pcdepth) < 0)
5542 LOCAL_ASSERT(pc == target);
5548 #undef LOCAL_ASSERT_RV
projects / platform / upstream / js.git / blob