1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- 2 * vim: set ts=8 sw=2 et tw=0 ft=c: 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef vm_Opcodes_h 9 #define vm_Opcodes_h 10 11 #include "mozilla/Attributes.h" 12 13 #include <stddef.h> 14 15 // clang-format off 16 /* 17 * [SMDOC] Bytecode Definitions 18 * 19 * SpiderMonkey bytecode instructions. 20 * 21 * To use this header, define a macro of the form: 22 * 23 * #define MACRO(op, op_snake, token, length, nuses, ndefs, format) ... 24 * 25 * Then `FOR_EACH_OPCODE(MACRO)` invokes `MACRO` for every opcode. 26 * 27 * Field Description 28 * ----- ----------- 29 * op UpperCamelCase form of opcode id 30 * op_snake snake_case form of opcode id 31 * token Pretty-printer string, or null if ugly 32 * length Number of bytes including any immediate operands 33 * nuses Number of stack slots consumed by bytecode, -1 if variadic 34 * ndefs Number of stack slots produced by bytecode 35 * format JOF_ flags describing instruction operand layout, etc. 36 * 37 * For more about `format`, see the comments on the `JOF_` constants defined in 38 * BytecodeUtil.h. 39 * 40 * 41 * [SMDOC] Bytecode Invariants 42 * 43 * Creating scripts that do not follow the rules can lead to undefined 44 * behavior. Bytecode has many consumers, not just the interpreter: JITs, 45 * analyses, the debugger. That's why the rules below apply even to code that 46 * can't be reached in ordinary execution (such as code after an infinite loop 47 * or inside an `if (false)` block). 48 * 49 * The `code()` of a script must be a packed (not aligned) sequence of valid 50 * instructions from start to end. Each instruction has a single byte opcode 51 * followed by a number of operand bytes based on the opcode. 52 * 53 * ## Jump instructions 54 * 55 * Operands named `offset`, `forwardOffset`, or `defaultOffset` are jump 56 * offsets, the distance in bytes from the start of the current instruction to 57 * the start of another instruction in the same script. Operands named 58 * `forwardOffset` or `defaultOffset` must be positive. 59 * 60 * Forward jumps must jump to a `JSOp::JumpTarget` instruction. Backward jumps, 61 * indicated by negative offsets, must jump to a `JSOp::LoopHead` instruction. 62 * Jump offsets can't be zero. 63 * 64 * Needless to say, scripts must not contain overlapping instruction sequences 65 * (in the sense of <https://en.wikipedia.org/wiki/Overlapping_gene>). 66 * 67 * A script's `trynotes` and `scopeNotes` impose further constraints. Each try 68 * note and each scope note marks a region of the bytecode where some invariant 69 * holds, or some cleanup behavior is needed--that there's a for-in iterator in 70 * a particular stack slot, for instance, which must be closed on error. All 71 * paths into the span must establish that invariant. In practice, this means 72 * other code never jumps into the span: the only way in is to execute the 73 * bytecode instruction that sets up the invariant (in our example, 74 * `JSOp::Iter`). 75 * 76 * If a script's `trynotes` (see "Try Notes" in JSScript.h) contain a 77 * `JSTRY_CATCH` or `JSTRY_FINALLY` span, there must be a `JSOp::Try` 78 * instruction immediately before the span and a `JSOp::JumpTarget immediately 79 * after it. Instructions must not jump to this `JSOp::JumpTarget`. (The VM puts 80 * us there on exception.) Furthermore, the instruction sequence immediately 81 * following a `JSTRY_CATCH` span must read `JumpTarget; Exception` or, in 82 * non-function scripts, `JumpTarget; Undefined; SetRval; Exception`. (These 83 * instructions run with an exception pending; other instructions aren't 84 * designed to handle that.) 85 * 86 * Unreachable instructions are allowed, but they have to follow all the rules. 87 * 88 * Control must not reach the end of a script. (Currently, the last instruction 89 * is always JSOp::RetRval.) 90 * 91 * ## Other operands 92 * 93 * Operands named `nameIndex` or `atomIndex` (which appear on instructions that 94 * have `JOF_ATOM` in the `format` field) must be valid indexes into 95 * `script->atoms()`. 96 * 97 * Operands named `argc` (`JOF_ARGC`) are argument counts for call 98 * instructions. `argc` must be small enough that the instruction's nuses is <= 99 * the current stack depth (see "Stack depth" below). 100 * 101 * Operands named `argno` (`JOF_QARG`) refer to an argument of the current 102 * function. `argno` must be in the range `0..script->function()->nargs()`. 103 * Instructions with these operands must appear only in function scripts. 104 * 105 * Operands named `localno` (`JOF_LOCAL`) refer to a local variable stored in 106 * the stack frame. `localno` must be in the range `0..script->nfixed()`. 107 * 108 * Operands named `resumeIndex` (`JOF_RESUMEINDEX`) refer to a resume point in 109 * the current script. `resumeIndex` must be a valid index into 110 * `script->resumeOffsets()`. 111 * 112 * Operands named `hops` and `slot` (`JOF_ENVCOORD`) refer a slot in an 113 * `EnvironmentObject`. At run time, they must point to a fixed slot in an 114 * object on the current environment chain. See `EnvironmentCoordinates`. 115 * 116 * Operands with the following names must be valid indexes into 117 * `script->gcthings()`, and the pointer in the vector must point to the right 118 * type of thing: 119 * 120 * - `objectIndex` (`JOF_OBJECT`): `PlainObject*` or `ArrayObject*` 121 * - `baseobjIndex` (`JOF_OBJECT`): `PlainObject*` 122 * - `funcIndex` (`JOF_OBJECT`): `JSFunction*` 123 * - `regexpIndex` (`JOF_REGEXP`): `RegExpObject*` 124 * - `scopeIndex` (`JOF_SCOPE`): `Scope*` 125 * - `lexicalScopeIndex` (`JOF_SCOPE`): `LexicalScope*` 126 * - `withScopeIndex` (`JOF_SCOPE`): `WithScope*` 127 * - `bigIntIndex` (`JOF_BIGINT`): `BigInt*` 128 * 129 * Operands named `icIndex` (`JOF_ICINDEX`) must be exactly the number of 130 * preceding instructions in the script that have the JOF_IC flag. 131 * (Rationale: Each JOF_IC instruction has a unique entry in 132 * `script->jitScript()->icEntries()`. At run time, in the bytecode 133 * interpreter, we have to find that entry. We could store the IC index as an 134 * operand to each JOF_IC instruction, but it's more memory-efficient to use a 135 * counter and reset the counter to `icIndex` after each jump.) 136 * 137 * ## Stack depth 138 * 139 * Each instruction has a compile-time stack depth, the number of values on the 140 * interpreter stack just before executing the instruction. It isn't explicitly 141 * present in the bytecode itself, but (for reachable instructions, anyway) 142 * it's a function of the bytecode. 143 * 144 * - The first instruction has stack depth 0. 145 * 146 * - Each successor of an instruction X has a stack depth equal to 147 * 148 * X's stack depth - `js::StackUses(X)` + `js::StackDefs(X)` 149 * 150 * except for `JSOp::Case` (below). 151 * 152 * X's "successors" are: the next instruction in the script, if 153 * `js::FlowsIntoNext(op)` is true for X's opcode; one or more 154 * `JSOp::JumpTarget`s elsewhere, if X is a forward jump or 155 * `JSOp::TableSwitch`; and/or a `JSOp::LoopHead` if it's a backward jump. 156 * 157 * - `JSOp::Case` is a special case because its stack behavior is eccentric. 158 * The formula above is correct for the next instruction. The jump target 159 * has a stack depth that is 1 less. 160 * 161 * - See `JSOp::Gosub` for another special case. 162 * 163 * - The `JSOp::JumpTarget` instruction immediately following a `JSTRY_CATCH` 164 * or `JSTRY_FINALLY` span has the same stack depth as the `JSOp::Try` 165 * instruction that precedes the span. 166 * 167 * Every instruction covered by the `JSTRY_CATCH` or `JSTRY_FINALLY` span 168 * must have a stack depth >= that value, so that error recovery is 169 * guaranteed to find enough values on the stack to resume there. 170 * 171 * - `script->nslots() - script->nfixed()` must be >= the maximum stack 172 * depth of any instruction in `script`. (The stack frame must be big 173 * enough to run the code.) 174 * 175 * `BytecodeParser::parse()` computes stack depths for every reachable 176 * instruction in a script. 177 * 178 * ## Scopes and environments 179 * 180 * As with stack depth, each instruction has a static scope, which is a 181 * compile-time characterization of the eventual run-time environment chain 182 * when that instruction executes. Just as every instruction has a stack budget 183 * (nuses/ndefs), every instruction either pushes a scope, pops a scope, or 184 * neither. The same successor relation applies as above. 185 * 186 * Every scope used in a script is stored in the `JSScript::gcthings()` vector. 187 * They can be accessed using `getScope(index)` if you know what `index` to 188 * pass. 189 * 190 * The scope of every instruction (that's reachable via the successor relation) 191 * is given in two independent ways: by the bytecode itself and by the scope 192 * notes. The two sources must agree. 193 * 194 * ## Further rules 195 * 196 * All reachable instructions must be reachable without taking any backward 197 * edges. 198 * 199 * Instructions with the `JOF_CHECKSLOPPY` flag must not be used in strict mode 200 * code. `JOF_CHECKSTRICT` instructions must not be used in nonstrict code. 201 * 202 * Many instructions have their own additional rules. These are documented on 203 * the various opcodes below (look for the word "must"). 204 */ 205 // clang-format on 206 207 // clang-format off 208 /* 209 * SpiderMonkey bytecode categorization (as used in generated documentation): 210 * 211 * [Index] 212 * [Constants] 213 * [Expressions] 214 * Unary operators 215 * Binary operators 216 * Conversions 217 * Other expressions 218 * [Objects] 219 * Creating objects 220 * Defining properties 221 * Accessing properties 222 * Super 223 * Enumeration 224 * Iteration 225 * SetPrototype 226 * Array literals 227 * RegExp literals 228 * [Functions] 229 * Creating functions 230 * Creating constructors 231 * Calls 232 * Generators and async functions 233 * [Control flow] 234 * Jump targets 235 * Jumps 236 * Return 237 * Exceptions 238 * [Variables and scopes] 239 * Initialization 240 * Looking up bindings 241 * Getting binding values 242 * Setting binding values 243 * Entering and leaving environments 244 * Creating and deleting bindings 245 * Function environment setup 246 * [Stack operations] 247 * [Other] 248 */ 249 // clang-format on 250 251 // clang-format off 252 #define FOR_EACH_OPCODE(MACRO) \ 253 /* 254 * Push `undefined`. 255 * 256 * Category: Constants 257 * Operands: 258 * Stack: => undefined 259 */ \ 260 MACRO(Undefined, undefined, "", 1, 0, 1, JOF_BYTE) \ 261 /* 262 * Push `null`. 263 * 264 * Category: Constants 265 * Operands: 266 * Stack: => null 267 */ \ 268 MACRO(Null, null, js_null_str, 1, 0, 1, JOF_BYTE) \ 269 /* 270 * Push a boolean constant. 271 * 272 * Category: Constants 273 * Operands: 274 * Stack: => true/false 275 */ \ 276 MACRO(False, false_, js_false_str, 1, 0, 1, JOF_BYTE) \ 277 MACRO(True, true_, js_true_str, 1, 0, 1, JOF_BYTE) \ 278 /* 279 * Push the `int32_t` immediate operand as an `Int32Value`. 280 * 281 * `JSOp::Zero`, `JSOp::One`, `JSOp::Int8`, `JSOp::Uint16`, and `JSOp::Uint24` 282 * are all compact encodings for `JSOp::Int32`. 283 * 284 * Category: Constants 285 * Operands: int32_t val 286 * Stack: => val 287 */ \ 288 MACRO(Int32, int32, NULL, 5, 0, 1, JOF_INT32) \ 289 /* 290 * Push the number `0`. 291 * 292 * Category: Constants 293 * Operands: 294 * Stack: => 0 295 */ \ 296 MACRO(Zero, zero, "0", 1, 0, 1, JOF_BYTE) \ 297 /* 298 * Push the number `1`. 299 * 300 * Category: Constants 301 * Operands: 302 * Stack: => 1 303 */ \ 304 MACRO(One, one, "1", 1, 0, 1, JOF_BYTE) \ 305 /* 306 * Push the `int8_t` immediate operand as an `Int32Value`. 307 * 308 * Category: Constants 309 * Operands: int8_t val 310 * Stack: => val 311 */ \ 312 MACRO(Int8, int8, NULL, 2, 0, 1, JOF_INT8) \ 313 /* 314 * Push the `uint16_t` immediate operand as an `Int32Value`. 315 * 316 * Category: Constants 317 * Operands: uint16_t val 318 * Stack: => val 319 */ \ 320 MACRO(Uint16, uint16, NULL, 3, 0, 1, JOF_UINT16) \ 321 /* 322 * Push the `uint24_t` immediate operand as an `Int32Value`. 323 * 324 * Category: Constants 325 * Operands: uint24_t val 326 * Stack: => val 327 */ \ 328 MACRO(Uint24, uint24, NULL, 4, 0, 1, JOF_UINT24) \ 329 /* 330 * Push the 64-bit floating-point immediate operand as a `DoubleValue`. 331 * 332 * If the operand is a NaN, it must be the canonical NaN (see 333 * `JS::detail::CanonicalizeNaN`). 334 * 335 * Category: Constants 336 * Operands: double val 337 * Stack: => val 338 */ \ 339 MACRO(Double, double_, NULL, 9, 0, 1, JOF_DOUBLE) \ 340 /* 341 * Push the BigInt constant `script->getBigInt(bigIntIndex)`. 342 * 343 * Category: Constants 344 * Operands: uint32_t bigIntIndex 345 * Stack: => bigint 346 */ \ 347 MACRO(BigInt, big_int, NULL, 5, 0, 1, JOF_BIGINT) \ 348 /* 349 * Push the string constant `script->getAtom(atomIndex)`. 350 * 351 * Category: Constants 352 * Operands: uint32_t atomIndex 353 * Stack: => string 354 */ \ 355 MACRO(String, string, NULL, 5, 0, 1, JOF_ATOM) \ 356 /* 357 * Push a well-known symbol. 358 * 359 * `symbol` must be in range for `JS::SymbolCode`. 360 * 361 * Category: Constants 362 * Operands: uint8_t symbol (the JS::SymbolCode of the symbol to use) 363 * Stack: => symbol 364 */ \ 365 MACRO(Symbol, symbol, NULL, 2, 0, 1, JOF_UINT8) \ 366 /* 367 * Pop the top value on the stack, discard it, and push `undefined`. 368 * 369 * Implements: [The `void` operator][1], step 3. 370 * 371 * [1]: https://tc39.es/ecma262/#sec-void-operator 372 * 373 * Category: Expressions 374 * Type: Unary operators 375 * Operands: 376 * Stack: val => undefined 377 */ \ 378 MACRO(Void, void_, NULL, 1, 1, 1, JOF_BYTE) \ 379 /* 380 * [The `typeof` operator][1]. 381 * 382 * Infallible. The result is always a string that depends on the [type][2] 383 * of `val`. 384 * 385 * `JSOp::Typeof` and `JSOp::TypeofExpr` are the same except 386 * that--amazingly--`JSOp::Typeof` affects the behavior of an immediately 387 * *preceding* `JSOp::GetName` or `JSOp::GetGName` instruction! This is how 388 * we implement [`typeof`][1] step 2, making `typeof nonExistingVariable` 389 * return `"undefined"` instead of throwing a ReferenceError. 390 * 391 * In a global scope: 392 * 393 * - `typeof x` compiles to `GetGName "x"; Typeof`. 394 * - `typeof (0, x)` compiles to `GetGName "x"; TypeofExpr`. 395 * 396 * Emitting the same bytecode for these two expressions would be a bug. 397 * Per spec, the latter throws a ReferenceError if `x` doesn't exist. 398 * 399 * [1]: https://tc39.es/ecma262/#sec-typeof-operator 400 * [2]: https://tc39.es/ecma262/#sec-ecmascript-language-types 401 * 402 * Category: Expressions 403 * Type: Unary operators 404 * Operands: 405 * Stack: val => (typeof val) 406 */ \ 407 MACRO(Typeof, typeof_, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 408 MACRO(TypeofExpr, typeof_expr, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 409 /* 410 * [The unary `+` operator][1]. 411 * 412 * `+val` doesn't do any actual math. It just calls [ToNumber][2](val). 413 * 414 * The conversion can call `.toString()`/`.valueOf()` methods and can 415 * throw. The result on success is always a Number. (Per spec, unary `-` 416 * supports BigInts, but unary `+` does not.) 417 * 418 * [1]: https://tc39.es/ecma262/#sec-unary-plus-operator 419 * [2]: https://tc39.es/ecma262/#sec-tonumber 420 * 421 * Category: Expressions 422 * Type: Unary operators 423 * Operands: 424 * Stack: val => (+val) 425 */ \ 426 MACRO(Pos, pos, "+ ", 1, 1, 1, JOF_BYTE|JOF_IC) \ 427 /* 428 * [The unary `-` operator][1]. 429 * 430 * Convert `val` to a numeric value, then push `-val`. The conversion can 431 * call `.toString()`/`.valueOf()` methods and can throw. The result on 432 * success is always numeric. 433 * 434 * [1]: https://tc39.es/ecma262/#sec-unary-minus-operator 435 * 436 * Category: Expressions 437 * Type: Unary operators 438 * Operands: 439 * Stack: val => (-val) 440 */ \ 441 MACRO(Neg, neg, "- ", 1, 1, 1, JOF_BYTE|JOF_IC) \ 442 /* 443 * [The bitwise NOT operator][1] (`~`). 444 * 445 * `val` is converted to an integer, then bitwise negated. The conversion 446 * can call `.toString()`/`.valueOf()` methods and can throw. The result on 447 * success is always an Int32 or BigInt value. 448 * 449 * [1]: https://tc39.es/ecma262/#sec-bitwise-not-operator 450 * 451 * Category: Expressions 452 * Type: Unary operators 453 * Operands: 454 * Stack: val => (~val) 455 */ \ 456 MACRO(BitNot, bit_not, "~", 1, 1, 1, JOF_BYTE|JOF_IC) \ 457 /* 458 * [The logical NOT operator][1] (`!`). 459 * 460 * `val` is first converted with [ToBoolean][2], then logically 461 * negated. The result is always a boolean value. This does not call 462 * user-defined methods and can't throw. 463 * 464 * [1]: https://tc39.es/ecma262/#sec-logical-not-operator 465 * [2]: https://tc39.es/ecma262/#sec-toboolean 466 * 467 * Category: Expressions 468 * Type: Unary operators 469 * Operands: 470 * Stack: val => (!val) 471 */ \ 472 MACRO(Not, not_, "!", 1, 1, 1, JOF_BYTE|JOF_IC) \ 473 /* 474 * [Binary bitwise operations][1] (`|`, `^`, `&`). 475 * 476 * The arguments are converted to integers first. The conversion can call 477 * `.toString()`/`.valueOf()` methods and can throw. The result on success 478 * is always an Int32 or BigInt Value. 479 * 480 * [1]: https://tc39.es/ecma262/#sec-binary-bitwise-operators 481 * 482 * Category: Expressions 483 * Type: Binary operators 484 * Operands: 485 * Stack: lval, rval => (lval OP rval) 486 */ \ 487 MACRO(BitOr, bit_or, "|", 1, 2, 1, JOF_BYTE|JOF_IC) \ 488 MACRO(BitXor, bit_xor, "^", 1, 2, 1, JOF_BYTE|JOF_IC) \ 489 MACRO(BitAnd, bit_and, "&", 1, 2, 1, JOF_BYTE|JOF_IC) \ 490 /* 491 * Loose equality operators (`==` and `!=`). 492 * 493 * Pop two values, compare them, and push the boolean result. The 494 * comparison may perform conversions that call `.toString()`/`.valueOf()` 495 * methods and can throw. 496 * 497 * Implements: [Abstract Equality Comparison][1]. 498 * 499 * [1]: https://tc39.es/ecma262/#sec-abstract-equality-comparison 500 * 501 * Category: Expressions 502 * Type: Binary operators 503 * Operands: 504 * Stack: lval, rval => (lval OP rval) 505 */ \ 506 MACRO(Eq, eq, "==", 1, 2, 1, JOF_BYTE|JOF_IC) \ 507 MACRO(Ne, ne, "!=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 508 /* 509 * Strict equality operators (`===` and `!==`). 510 * 511 * Pop two values, check whether they're equal, and push the boolean 512 * result. This does not call user-defined methods and can't throw 513 * (except possibly due to OOM while flattening a string). 514 * 515 * Implements: [Strict Equality Comparison][1]. 516 * 517 * [1]: https://tc39.es/ecma262/#sec-strict-equality-comparison 518 * 519 * Category: Expressions 520 * Type: Binary operators 521 * Operands: 522 * Stack: lval, rval => (lval OP rval) 523 */ \ 524 MACRO(StrictEq, strict_eq, "===", 1, 2, 1, JOF_BYTE|JOF_IC) \ 525 MACRO(StrictNe, strict_ne, "!==", 1, 2, 1, JOF_BYTE|JOF_IC) \ 526 /* 527 * Relative operators (`<`, `>`, `<=`, `>=`). 528 * 529 * Pop two values, compare them, and push the boolean result. The 530 * comparison may perform conversions that call `.toString()`/`.valueOf()` 531 * methods and can throw. 532 * 533 * Implements: [Relational Operators: Evaluation][1]. 534 * 535 * [1]: https://tc39.es/ecma262/#sec-relational-operators-runtime-semantics-evaluation 536 * 537 * Category: Expressions 538 * Type: Binary operators 539 * Operands: 540 * Stack: lval, rval => (lval OP rval) 541 */ \ 542 MACRO(Lt, lt, "<", 1, 2, 1, JOF_BYTE|JOF_IC) \ 543 MACRO(Gt, gt, ">", 1, 2, 1, JOF_BYTE|JOF_IC) \ 544 MACRO(Le, le, "<=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 545 MACRO(Ge, ge, ">=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 546 /* 547 * [The `instanceof` operator][1]. 548 * 549 * This throws a `TypeError` if `target` is not an object. It calls 550 * `target[Symbol.hasInstance](value)` if the method exists. On success, 551 * the result is always a boolean value. 552 * 553 * [1]: https://tc39.es/ecma262/#sec-instanceofoperator 554 * 555 * Category: Expressions 556 * Type: Binary operators 557 * Operands: 558 * Stack: value, target => (value instanceof target) 559 */ \ 560 MACRO(Instanceof, instanceof, js_instanceof_str, 1, 2, 1, JOF_BYTE|JOF_IC) \ 561 /* 562 * [The `in` operator][1]. 563 * 564 * Push `true` if `obj` has a property with the key `id`. Otherwise push `false`. 565 * 566 * This throws a `TypeError` if `obj` is not an object. This can fire 567 * proxy hooks and can throw. On success, the result is always a boolean 568 * value. 569 * 570 * [1]: https://tc39.es/ecma262/#sec-relational-operators-runtime-semantics-evaluation 571 * 572 * Category: Expressions 573 * Type: Binary operators 574 * Operands: 575 * Stack: id, obj => (id in obj) 576 */ \ 577 MACRO(In, in_, js_in_str, 1, 2, 1, JOF_BYTE|JOF_IC) \ 578 /* 579 * [Bitwise shift operators][1] (`<<`, `>>`, `>>>`). 580 * 581 * Pop two values, convert them to integers, perform a bitwise shift, and 582 * push the result. 583 * 584 * Conversion can call `.toString()`/`.valueOf()` methods and can throw. 585 * The result on success is always an Int32 or BigInt Value. 586 * 587 * [1]: https://tc39.es/ecma262/#sec-bitwise-shift-operators 588 * 589 * Category: Expressions 590 * Type: Binary operators 591 * Operands: 592 * Stack: lval, rval => (lval OP rval) 593 */ \ 594 MACRO(Lsh, lsh, "<<", 1, 2, 1, JOF_BYTE|JOF_IC) \ 595 MACRO(Rsh, rsh, ">>", 1, 2, 1, JOF_BYTE|JOF_IC) \ 596 MACRO(Ursh, ursh, ">>>", 1, 2, 1, JOF_BYTE|JOF_IC) \ 597 /* 598 * [The binary `+` operator][1]. 599 * 600 * Pop two values, convert them to primitive values, add them, and push the 601 * result. If both values are numeric, add them; if either is a 602 * string, do string concatenation instead. 603 * 604 * The conversion can call `.toString()`/`.valueOf()` methods and can throw. 605 * 606 * [1]: https://tc39.es/ecma262/#sec-addition-operator-plus-runtime-semantics-evaluation 607 * 608 * Category: Expressions 609 * Type: Binary operators 610 * Operands: 611 * Stack: lval, rval => (lval + rval) 612 */ \ 613 MACRO(Add, add, "+", 1, 2, 1, JOF_BYTE|JOF_IC) \ 614 /* 615 * [The binary `-` operator][1]. 616 * 617 * Pop two values, convert them to numeric values, subtract the top value 618 * from the other one, and push the result. 619 * 620 * The conversion can call `.toString()`/`.valueOf()` methods and can 621 * throw. On success, the result is always numeric. 622 * 623 * [1]: https://tc39.es/ecma262/#sec-subtraction-operator-minus-runtime-semantics-evaluation 624 * 625 * Category: Expressions 626 * Type: Binary operators 627 * Operands: 628 * Stack: lval, rval => (lval - rval) 629 */ \ 630 MACRO(Sub, sub, "-", 1, 2, 1, JOF_BYTE|JOF_IC) \ 631 /* 632 * Add or subtract 1. 633 * 634 * `val` must already be a numeric value, such as the result of 635 * `JSOp::ToNumeric`. 636 * 637 * Implements: [The `++` and `--` operators][1], step 3 of each algorithm. 638 * 639 * [1]: https://tc39.es/ecma262/#sec-postfix-increment-operator 640 * 641 * Category: Expressions 642 * Type: Binary operators 643 * Operands: 644 * Stack: val => (val +/- 1) 645 */ \ 646 MACRO(Inc, inc, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 647 MACRO(Dec, dec, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 648 /* 649 * [The multiplicative operators][1] (`*`, `/`, `%`). 650 * 651 * Pop two values, convert them to numeric values, do math, and push the 652 * result. 653 * 654 * The conversion can call `.toString()`/`.valueOf()` methods and can 655 * throw. On success, the result is always numeric. 656 * 657 * [1]: https://tc39.es/ecma262/#sec-multiplicative-operators-runtime-semantics-evaluation 658 * 659 * Category: Expressions 660 * Type: Binary operators 661 * Operands: 662 * Stack: lval, rval => (lval OP rval) 663 */ \ 664 MACRO(Mul, mul, "*", 1, 2, 1, JOF_BYTE|JOF_IC) \ 665 MACRO(Div, div, "/", 1, 2, 1, JOF_BYTE|JOF_IC) \ 666 MACRO(Mod, mod, "%", 1, 2, 1, JOF_BYTE|JOF_IC) \ 667 /* 668 * [The exponentiation operator][1] (`**`). 669 * 670 * Pop two values, convert them to numeric values, do exponentiation, and 671 * push the result. The top value is the exponent. 672 * 673 * The conversion can call `.toString()`/`.valueOf()` methods and can 674 * throw. This throws a RangeError if both values are BigInts and the 675 * exponent is negative. 676 * 677 * [1]: https://tc39.es/ecma262/#sec-exp-operator 678 * 679 * Category: Expressions 680 * Type: Binary operators 681 * Operands: 682 * Stack: lval, rval => (lval ** rval) 683 */ \ 684 MACRO(Pow, pow, "**", 1, 2, 1, JOF_BYTE|JOF_IC) \ 685 /* 686 * Convert a value to a property key. 687 * 688 * Implements: [ToPropertyKey][1], except that if the result would be the 689 * string representation of some integer in the range 0..2^31, we push the 690 * corresponding Int32 value instead. This is because the spec insists that 691 * array indices are strings, whereas for us they are integers. 692 * 693 * This is used for code like `++obj[index]`, which must do both a 694 * `JSOp::GetElem` and a `JSOp::SetElem` with the same property key. Both 695 * instructions would convert `index` to a property key for us, but the 696 * spec says to convert it only once. 697 * 698 * The conversion can call `.toString()`/`.valueOf()` methods and can 699 * throw. 700 * 701 * [1]: https://tc39.es/ecma262/#sec-topropertykey 702 * 703 * Category: Expressions 704 * Type: Conversions 705 * Operands: 706 * Stack: propertyNameValue => propertyKey 707 */ \ 708 MACRO(ToId, to_id, NULL, 1, 1, 1, JOF_BYTE) \ 709 /* 710 * Convert a value to a numeric value (a Number or BigInt). 711 * 712 * Implements: [ToNumeric][1](val). 713 * 714 * Note: This is used to implement [`++` and `--`][2]. Surprisingly, it's 715 * not possible to get the right behavior using `JSOp::Add` and `JSOp::Sub` 716 * alone. For one thing, `JSOp::Add` sometimes does string concatenation, 717 * while `++` always does numeric addition. More fundamentally, the result 718 * of evaluating `x--` is ToNumeric(old value of `x`), a value that the 719 * sequence `GetLocal "x"; One; Sub; SetLocal "x"` does not give us. 720 * 721 * [1]: https://tc39.es/ecma262/#sec-tonumeric 722 * [2]: https://tc39.es/ecma262/#sec-postfix-increment-operator 723 * 724 * Category: Expressions 725 * Type: Conversions 726 * Operands: 727 * Stack: val => ToNumeric(val) 728 */ \ 729 MACRO(ToNumeric, to_numeric, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 730 /* 731 * Convert a value to a string. 732 * 733 * Implements: [ToString][1](val). 734 * 735 * Note: This is used in code for template literals, like `${x}${y}`. Each 736 * substituted value must be converted using ToString. `JSOp::Add` by itself 737 * would do a slightly wrong kind of conversion (hint="number" rather than 738 * hint="string"). 739 * 740 * [1]: https://tc39.es/ecma262/#sec-tostring 741 * 742 * Category: Expressions 743 * Type: Conversions 744 * Stack: val => ToString(val) 745 */ \ 746 MACRO(ToString, to_string, NULL, 1, 1, 1, JOF_BYTE) \ 747 /* 748 * Push the global `this` value. Not to be confused with the `globalThis` 749 * property on the global. 750 * 751 * This must be used only in scopes where `this` refers to the global 752 * `this`. 753 * 754 * Category: Expressions 755 * Type: Other expressions 756 * Operands: 757 * Stack: => this 758 */ \ 759 MACRO(GlobalThis, global_this, NULL, 1, 0, 1, JOF_BYTE) \ 760 /* 761 * Push the value of `new.target`. 762 * 763 * The result is a constructor or `undefined`. 764 * 765 * This must be used only in scripts where `new.target` is allowed: 766 * non-arrow function scripts and other scripts that have a non-arrow 767 * function script on the scope chain. 768 * 769 * Implements: [GetNewTarget][1]. 770 * 771 * [1]: https://tc39.es/ecma262/#sec-getnewtarget 772 * 773 * Category: Expressions 774 * Type: Other expressions 775 * Operands: 776 * Stack: => new.target 777 */ \ 778 MACRO(NewTarget, new_target, NULL, 1, 0, 1, JOF_BYTE) \ 779 /* 780 * Dynamic import of the module specified by the string value on the top of 781 * the stack. 782 * 783 * Implements: [Import Calls][1]. 784 * 785 * [1]: https://tc39.es/ecma262/#sec-import-calls 786 * 787 * Category: Expressions 788 * Type: Other expressions 789 * Operands: 790 * Stack: moduleId => promise 791 */ \ 792 MACRO(DynamicImport, dynamic_import, NULL, 1, 1, 1, JOF_BYTE) \ 793 /* 794 * Push the `import.meta` object. 795 * 796 * This must be used only in module code. 797 * 798 * Category: Expressions 799 * Type: Other expressions 800 * Operands: 801 * Stack: => import.meta 802 */ \ 803 MACRO(ImportMeta, import_meta, NULL, 1, 0, 1, JOF_BYTE) \ 804 /* 805 * Create and push a new object with no properties. 806 * 807 * Category: Objects 808 * Type: Creating objects 809 * Operands: 810 * Stack: => obj 811 */ \ 812 MACRO(NewInit, new_init, NULL, 1, 0, 1, JOF_BYTE|JOF_IC) \ 813 /* 814 * Create and push a new object of a predetermined shape. 815 * 816 * The new object has the shape of the template object 817 * `script->getObject(baseobjIndex)`. Subsequent `InitProp` instructions 818 * must fill in all slots of the new object before it is used in any other 819 * way. 820 * 821 * For `JSOp::NewObject`, the new object has a group based on the allocation 822 * site (or a new group if the template's group is a singleton). For 823 * `JSOp::NewObjectWithGroup`, the new object has the same group as the 824 * template object. 825 * 826 * Category: Objects 827 * Type: Creating objects 828 * Operands: uint32_t baseobjIndex 829 * Stack: => obj 830 */ \ 831 MACRO(NewObject, new_object, NULL, 5, 0, 1, JOF_OBJECT|JOF_IC) \ 832 MACRO(NewObjectWithGroup, new_object_with_group, NULL, 5, 0, 1, JOF_OBJECT|JOF_IC) \ 833 /* 834 * Push a preconstructed object. 835 * 836 * Going one step further than `JSOp::NewObject`, this instruction doesn't 837 * just reuse the shape--it actually pushes the preconstructed object 838 * `script->getObject(objectIndex)` right onto the stack. The object must 839 * be a singleton `PlainObject` or `ArrayObject`. 840 * 841 * The spec requires that an *ObjectLiteral* or *ArrayLiteral* creates a 842 * new object every time it's evaluated, so this instruction must not be 843 * used anywhere it might be executed more than once. 844 * 845 * There's a shell-only option, `newGlobal({cloneSingletons: true})`, that 846 * makes this instruction do a deep copy of the object. A few tests use it. 847 * 848 * Category: Objects 849 * Type: Creating objects 850 * Operands: uint32_t objectIndex 851 * Stack: => obj 852 */ \ 853 MACRO(Object, object, NULL, 5, 0, 1, JOF_OBJECT) \ 854 /* 855 * Create and push a new ordinary object with the provided [[Prototype]]. 856 * 857 * This is used to create the `.prototype` object for derived classes. 858 * 859 * Category: Objects 860 * Type: Creating objects 861 * Operands: 862 * Stack: proto => obj 863 */ \ 864 MACRO(ObjWithProto, obj_with_proto, NULL, 1, 1, 1, JOF_BYTE) \ 865 /* 866 * Define a data property on an object. 867 * 868 * `obj` must be an object. 869 * 870 * Implements: [CreateDataPropertyOrThrow][1] as used in 871 * [PropertyDefinitionEvaluation][2] of regular and shorthand 872 * *PropertyDefinition*s. 873 * 874 * [1]: https://tc39.es/ecma262/#sec-createdatapropertyorthrow 875 * [2]: https://tc39.es/ecma262/#sec-object-initializer-runtime-semantics-propertydefinitionevaluation 876 * 877 * Category: Objects 878 * Type: Defining properties 879 * Operands: uint32_t nameIndex 880 * Stack: obj, val => obj 881 */ \ 882 MACRO(InitProp, init_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 883 /* 884 * Like `JSOp::InitProp`, but define a non-enumerable property. 885 * 886 * This is used to define class methods. 887 * 888 * Implements: [PropertyDefinitionEvaluation][1] for methods, steps 3 and 889 * 4, when *enumerable* is false. 890 * 891 * [1]: https://tc39.es/ecma262/#sec-method-definitions-runtime-semantics-propertydefinitionevaluation 892 * 893 * Category: Objects 894 * Type: Defining properties 895 * Operands: uint32_t nameIndex 896 * Stack: obj, val => obj 897 */ \ 898 MACRO(InitHiddenProp, init_hidden_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 899 /* 900 * Like `JSOp::InitProp`, but define a non-enumerable, non-writable, 901 * non-configurable property. 902 * 903 * This is used to define the `.prototype` property on classes. 904 * 905 * Implements: [MakeConstructor][1], step 8, when *writablePrototype* is 906 * false. 907 * 908 * [1]: https://tc39.es/ecma262/#sec-makeconstructor 909 * 910 * Category: Objects 911 * Type: Defining properties 912 * Operands: uint32_t nameIndex 913 * Stack: obj, val => obj 914 */ \ 915 MACRO(InitLockedProp, init_locked_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 916 /* 917 * Define a data property on `obj` with property key `id` and value `val`. 918 * 919 * `obj` must be an object. 920 * 921 * Implements: [CreateDataPropertyOrThrow][1]. This instruction is used for 922 * object literals like `{0: val}` and `{[id]: val}`, and methods like 923 * `*[Symbol.iterator]() {}`. 924 * 925 * `JSOp::InitHiddenElem` is the same but defines a non-enumerable property, 926 * for class methods. 927 * 928 * [1]: https://tc39.es/ecma262/#sec-createdatapropertyorthrow 929 * 930 * Category: Objects 931 * Type: Defining properties 932 * Operands: 933 * Stack: obj, id, val => obj 934 */ \ 935 MACRO(InitElem, init_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 936 MACRO(InitHiddenElem, init_hidden_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 937 /* 938 * Define an accessor property on `obj` with the given `getter`. 939 * `nameIndex` gives the property name. 940 * 941 * `obj` must be an object and `getter` must be a function. 942 * 943 * `JSOp::InitHiddenPropGetter` is the same but defines a non-enumerable 944 * property, for getters in classes. 945 * 946 * Category: Objects 947 * Type: Defining properties 948 * Operands: uint32_t nameIndex 949 * Stack: obj, getter => obj 950 */ \ 951 MACRO(InitPropGetter, init_prop_getter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 952 MACRO(InitHiddenPropGetter, init_hidden_prop_getter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 953 /* 954 * Define an accessor property on `obj` with property key `id` and the given `getter`. 955 * 956 * This is used to implement getters like `get [id]() {}` or `get 0() {}`. 957 * 958 * `obj` must be an object and `getter` must be a function. 959 * 960 * `JSOp::InitHiddenElemGetter` is the same but defines a non-enumerable 961 * property, for getters in classes. 962 * 963 * Category: Objects 964 * Type: Defining properties 965 * Operands: 966 * Stack: obj, id, getter => obj 967 */ \ 968 MACRO(InitElemGetter, init_elem_getter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 969 MACRO(InitHiddenElemGetter, init_hidden_elem_getter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 970 /* 971 * Define an accessor property on `obj` with the given `setter`. 972 * 973 * This is used to implement ordinary setters like `set foo(v) {}`. 974 * 975 * `obj` must be an object and `setter` must be a function. 976 * 977 * `JSOp::InitHiddenPropSetter` is the same but defines a non-enumerable 978 * property, for setters in classes. 979 * 980 * Category: Objects 981 * Type: Defining properties 982 * Operands: uint32_t nameIndex 983 * Stack: obj, setter => obj 984 */ \ 985 MACRO(InitPropSetter, init_prop_setter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 986 MACRO(InitHiddenPropSetter, init_hidden_prop_setter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 987 /* 988 * Define an accesssor property on `obj` with property key `id` and the 989 * given `setter`. 990 * 991 * This is used to implement setters with computed property keys or numeric 992 * keys. 993 * 994 * `JSOp::InitHiddenElemSetter` is the same but defines a non-enumerable 995 * property, for setters in classes. 996 * 997 * Category: Objects 998 * Type: Defining properties 999 * Operands: 1000 * Stack: obj, id, setter => obj 1001 */ \ 1002 MACRO(InitElemSetter, init_elem_setter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 1003 MACRO(InitHiddenElemSetter, init_hidden_elem_setter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 1004 /* 1005 * Get the value of the property `obj.name`. This can call getters and 1006 * proxy traps. 1007 * 1008 * `JSOp::CallProp` is exactly like `JSOp::GetProp` but hints to the VM that we're 1009 * getting a method in order to call it. 1010 * 1011 * Implements: [GetV][1], [GetValue][2] step 5. 1012 * 1013 * [1]: https://tc39.es/ecma262/#sec-getv 1014 * [2]: https://tc39.es/ecma262/#sec-getvalue 1015 * 1016 * Category: Objects 1017 * Type: Accessing properties 1018 * Operands: uint32_t nameIndex 1019 * Stack: obj => obj[name] 1020 */ \ 1021 MACRO(GetProp, get_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_TYPESET|JOF_IC) \ 1022 MACRO(CallProp, call_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_TYPESET|JOF_IC) \ 1023 /* 1024 * Get the value of the property `obj[key]`. 1025 * 1026 * `JSOp::CallElem` is exactly like `JSOp::GetElem` but hints to the VM that 1027 * we're getting a method in order to call it. 1028 * 1029 * Implements: [GetV][1], [GetValue][2] step 5. 1030 * 1031 * [1]: https://tc39.es/ecma262/#sec-getv 1032 * [2]: https://tc39.es/ecma262/#sec-getvalue 1033 * 1034 * Category: Objects 1035 * Type: Accessing properties 1036 * Operands: 1037 * Stack: obj, key => obj[key] 1038 */ \ 1039 MACRO(GetElem, get_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_TYPESET|JOF_IC) \ 1040 MACRO(CallElem, call_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_TYPESET|JOF_IC) \ 1041 /* 1042 * Push the value of `obj.length`. 1043 * 1044 * `nameIndex` must be the index of the atom `"length"`. This then behaves 1045 * exactly like `JSOp::GetProp`. 1046 * 1047 * Category: Objects 1048 * Type: Accessing properties 1049 * Operands: uint32_t nameIndex 1050 * Stack: obj => obj.length 1051 */ \ 1052 MACRO(Length, length, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_TYPESET|JOF_IC) \ 1053 /* 1054 * Non-strict assignment to a property, `obj.name = val`. 1055 * 1056 * This throws a TypeError if `obj` is null or undefined. If it's a 1057 * primitive value, the property is set on ToObject(`obj`), typically with 1058 * no effect. 1059 * 1060 * Implements: [PutValue][1] step 6 for non-strict code. 1061 * 1062 * [1]: https://tc39.es/ecma262/#sec-putvalue 1063 * 1064 * Category: Objects 1065 * Type: Accessing properties 1066 * Operands: uint32_t nameIndex 1067 * Stack: obj, val => val 1068 */ \ 1069 MACRO(SetProp, set_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 1070 /* 1071 * Like `JSOp::SetProp`, but for strict mode code. Throw a TypeError if 1072 * `obj[key]` exists but is non-writable, if it's an accessor property with 1073 * no setter, or if `obj` is a primitive value. 1074 * 1075 * Category: Objects 1076 * Type: Accessing properties 1077 * Operands: uint32_t nameIndex 1078 * Stack: obj, val => val 1079 */ \ 1080 MACRO(StrictSetProp, strict_set_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 1081 /* 1082 * Non-strict assignment to a property, `obj[key] = val`. 1083 * 1084 * Implements: [PutValue][1] step 6 for non-strict code. 1085 * 1086 * [1]: https://tc39.es/ecma262/#sec-putvalue 1087 * 1088 * Category: Objects 1089 * Type: Accessing properties 1090 * Operands: 1091 * Stack: obj, key, val => val 1092 */ \ 1093 MACRO(SetElem, set_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 1094 /* 1095 * Like `JSOp::SetElem`, but for strict mode code. Throw a TypeError if 1096 * `obj[key]` exists but is non-writable, if it's an accessor property with 1097 * no setter, or if `obj` is a primitive value. 1098 * 1099 * Category: Objects 1100 * Type: Accessing properties 1101 * Operands: 1102 * Stack: obj, key, val => val 1103 */ \ 1104 MACRO(StrictSetElem, strict_set_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 1105 /* 1106 * Delete a property from `obj`. Push true on success, false if the 1107 * property existed but could not be deleted. This implements `delete 1108 * obj.name` in non-strict code. 1109 * 1110 * Throws if `obj` is null or undefined. Can call proxy traps. 1111 * 1112 * Implements: [`delete obj.propname`][1] step 5 in non-strict code. 1113 * 1114 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 1115 * 1116 * Category: Objects 1117 * Type: Accessing properties 1118 * Operands: uint32_t nameIndex 1119 * Stack: obj => succeeded 1120 */ \ 1121 MACRO(DelProp, del_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_CHECKSLOPPY) \ 1122 /* 1123 * Like `JSOp::DelProp`, but for strict mode code. Push `true` on success, 1124 * else throw a TypeError. 1125 * 1126 * Category: Objects 1127 * Type: Accessing properties 1128 * Operands: uint32_t nameIndex 1129 * Stack: obj => succeeded 1130 */ \ 1131 MACRO(StrictDelProp, strict_del_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_CHECKSTRICT) \ 1132 /* 1133 * Delete the property `obj[key]` and push `true` on success, `false` 1134 * if the property existed but could not be deleted. 1135 * 1136 * This throws if `obj` is null or undefined. Can call proxy traps. 1137 * 1138 * Implements: [`delete obj[key]`][1] step 5 in non-strict code. 1139 * 1140 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 1141 * 1142 * Category: Objects 1143 * Type: Accessing properties 1144 * Operands: 1145 * Stack: obj, key => succeeded 1146 */ \ 1147 MACRO(DelElem, del_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_CHECKSLOPPY) \ 1148 /* 1149 * Like `JSOp::DelElem, but for strict mode code. Push `true` on success, 1150 * else throw a TypeError. 1151 * 1152 * Category: Objects 1153 * Type: Accessing properties 1154 * Operands: 1155 * Stack: obj, key => succeeded 1156 */ \ 1157 MACRO(StrictDelElem, strict_del_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_CHECKSTRICT) \ 1158 /* 1159 * Push true if `obj` has an own property `id`. 1160 * 1161 * Note that `obj` is the top value, like `JSOp::In`. 1162 * 1163 * This opcode is not used for normal JS. Self-hosted code uses it by 1164 * calling the intrinsic `hasOwn(id, obj)`. For example, 1165 * `Object.prototype.hasOwnProperty` is implemented this way (see 1166 * js/src/builtin/Object.js). 1167 * 1168 * Category: Objects 1169 * Type: Accessing properties 1170 * Operands: 1171 * Stack: id, obj => (obj.hasOwnProperty(id)) 1172 */ \ 1173 MACRO(HasOwn, has_own, NULL, 1, 2, 1, JOF_BYTE|JOF_IC) \ 1174 /* 1175 * Push the SuperBase of the method `callee`. The SuperBase is 1176 * `callee.[[HomeObject]].[[GetPrototypeOf]]()`, the object where `super` 1177 * property lookups should begin. 1178 * 1179 * `callee` must be a function that has a HomeObject that's an object, 1180 * typically produced by `JSOp::Callee` or `JSOp::EnvCallee`. 1181 * 1182 * Implements: [GetSuperBase][1], except that instead of the environment, 1183 * the argument supplies the callee. 1184 * 1185 * [1]: https://tc39.es/ecma262/#sec-getsuperbase 1186 * 1187 * Category: Objects 1188 * Type: Super 1189 * Operands: 1190 * Stack: callee => superBase 1191 */ \ 1192 MACRO(SuperBase, super_base, NULL, 1, 1, 1, JOF_BYTE) \ 1193 /* 1194 * Get the value of `receiver.name`, starting the property search at `obj`. 1195 * In spec terms, `obj.[[Get]](name, receiver)`. 1196 * 1197 * Implements: [GetValue][1] for references created by [`super.name`][2]. 1198 * The `receiver` is `this` and `obj` is the SuperBase of the enclosing 1199 * method. 1200 * 1201 * [1]: https://tc39.es/ecma262/#sec-getvalue 1202 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1203 * 1204 * Category: Objects 1205 * Type: Super 1206 * Operands: uint32_t nameIndex 1207 * Stack: receiver, obj => super.name 1208 */ \ 1209 MACRO(GetPropSuper, get_prop_super, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_TYPESET|JOF_IC) \ 1210 /* 1211 * Get the value of `receiver[key]`, starting the property search at `obj`. 1212 * In spec terms, `obj.[[Get]](key, receiver)`. 1213 * 1214 * Implements: [GetValue][1] for references created by [`super[key]`][2] 1215 * (where the `receiver` is `this` and `obj` is the SuperBase of the enclosing 1216 * method); [`Reflect.get(obj, key, receiver)`][3]. 1217 * 1218 * [1]: https://tc39.es/ecma262/#sec-getvalue 1219 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1220 * [3]: https://tc39.es/ecma262/#sec-reflect.get 1221 * 1222 * Category: Objects 1223 * Type: Super 1224 * Operands: 1225 * Stack: receiver, key, obj => super[key] 1226 */ \ 1227 MACRO(GetElemSuper, get_elem_super, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_TYPESET|JOF_IC) \ 1228 /* 1229 * Assign `val` to `receiver.name`, starting the search for an existing 1230 * property at `obj`. In spec terms, `obj.[[Set]](name, val, receiver)`. 1231 * 1232 * Implements: [PutValue][1] for references created by [`super.name`][2] in 1233 * non-strict code. The `receiver` is `this` and `obj` is the SuperBase of 1234 * the enclosing method. 1235 * 1236 * [1]: https://tc39.es/ecma262/#sec-putvalue 1237 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1238 * 1239 * Category: Objects 1240 * Type: Super 1241 * Operands: uint32_t nameIndex 1242 * Stack: receiver, obj, val => val 1243 */ \ 1244 MACRO(SetPropSuper, set_prop_super, NULL, 5, 3, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSLOPPY) \ 1245 /* 1246 * Like `JSOp::SetPropSuper`, but for strict mode code. 1247 * 1248 * Category: Objects 1249 * Type: Super 1250 * Operands: uint32_t nameIndex 1251 * Stack: receiver, obj, val => val 1252 */ \ 1253 MACRO(StrictSetPropSuper, strict_set_prop_super, NULL, 5, 3, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSTRICT) \ 1254 /* 1255 * Assign `val` to `receiver[key]`, strating the search for an existing 1256 * property at `obj`. In spec terms, `obj.[[Set]](key, val, receiver)`. 1257 * 1258 * Implements: [PutValue][1] for references created by [`super[key]`][2] in 1259 * non-strict code. The `receiver` is `this` and `obj` is the SuperBase of 1260 * the enclosing method. 1261 * 1262 * [1]: https://tc39.es/ecma262/#sec-putvalue 1263 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1264 * 1265 * Category: Objects 1266 * Type: Super 1267 * Operands: 1268 * Stack: receiver, key, obj, val => val 1269 */ \ 1270 MACRO(SetElemSuper, set_elem_super, NULL, 1, 4, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSLOPPY) \ 1271 /* 1272 * Like `JSOp::SetElemSuper`, but for strict mode code. 1273 * 1274 * Category: Objects 1275 * Type: Super 1276 * Operands: 1277 * Stack: receiver, key, obj, val => val 1278 */ \ 1279 MACRO(StrictSetElemSuper, strict_set_elem_super, NULL, 1, 4, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSTRICT) \ 1280 /* 1281 * Set up a for-in loop by pushing a `PropertyIteratorObject` over the 1282 * enumerable properties of `val`. 1283 * 1284 * Implements: [ForIn/OfHeadEvaluation][1] step 6, 1285 * [EnumerateObjectProperties][1]. (The spec refers to an "Iterator object" 1286 * with a `next` method, but notes that it "is never directly accessible" 1287 * to scripts. The object we use for this has no public methods.) 1288 * 1289 * If `val` is null or undefined, this pushes an empty iterator. 1290 * 1291 * The `iter` object pushed by this instruction must not be used or removed 1292 * from the stack except by `JSOp::MoreIter` and `JSOp::EndIter`, or by error 1293 * handling. 1294 * 1295 * The script's `JSScript::trynotes()` must mark the body of the `for-in` 1296 * loop, i.e. exactly those instructions that begin executing with `iter` 1297 * on the stack, starting with the next instruction (always 1298 * `JSOp::LoopHead`). Code must not jump into or out of this region: control 1299 * can enter only by executing `JSOp::Iter` and can exit only by executing a 1300 * `JSOp::EndIter` or by exception unwinding. (A `JSOp::EndIter` is always 1301 * emitted at the end of the loop, and extra copies are emitted on "exit 1302 * slides", where a `break`, `continue`, or `return` statement exits the 1303 * loop.) 1304 * 1305 * Typically a single try note entry marks the contiguous chunk of bytecode 1306 * from the instruction after `JSOp::Iter` to `JSOp::EndIter` (inclusive); 1307 * but if that range contains any instructions on exit slides, after a 1308 * `JSOp::EndIter`, then those must be correctly noted as *outside* the 1309 * loop. 1310 * 1311 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-forin-div-ofheadevaluation-tdznames-expr-iterationkind 1312 * [2]: https://tc39.es/ecma262/#sec-enumerate-object-properties 1313 * 1314 * Category: Objects 1315 * Type: Enumeration 1316 * Operands: 1317 * Stack: val => iter 1318 */ \ 1319 MACRO(Iter, iter, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 1320 /* 1321 * Get the next property name for a for-in loop. 1322 * 1323 * `iter` must be a `PropertyIteratorObject` produced by `JSOp::Iter`. This 1324 * pushes the property name for the next loop iteration, or 1325 * `MagicValue(JS_NO_ITER_VALUE)` if there are no more enumerable 1326 * properties to iterate over. The magic value must be used only by 1327 * `JSOp::IsNoIter` and `JSOp::EndIter`. 1328 * 1329 * Category: Objects 1330 * Type: Enumeration 1331 * Operands: 1332 * Stack: iter => iter, name 1333 */ \ 1334 MACRO(MoreIter, more_iter, NULL, 1, 1, 2, JOF_BYTE) \ 1335 /* 1336 * Test whether the value on top of the stack is 1337 * `MagicValue(JS_NO_ITER_VALUE)` and push the boolean result. 1338 * 1339 * Category: Objects 1340 * Type: Enumeration 1341 * Operands: 1342 * Stack: val => val, done 1343 */ \ 1344 MACRO(IsNoIter, is_no_iter, NULL, 1, 1, 2, JOF_BYTE) \ 1345 /* 1346 * No-op instruction to hint to IonBuilder that the value on top of the 1347 * stack is the string key in a for-in loop. 1348 * 1349 * Category: Objects 1350 * Type: Enumeration 1351 * Operands: 1352 * Stack: val => val 1353 */ \ 1354 MACRO(IterNext, iter_next, NULL, 1, 1, 1, JOF_BYTE) \ 1355 /* 1356 * Exit a for-in loop, closing the iterator. 1357 * 1358 * `iter` must be a `PropertyIteratorObject` pushed by `JSOp::Iter`. 1359 * 1360 * Category: Objects 1361 * Type: Enumeration 1362 * Operands: 1363 * Stack: iter, iterval => 1364 */ \ 1365 MACRO(EndIter, end_iter, NULL, 1, 2, 0, JOF_BYTE) \ 1366 /* 1367 * Check that the top value on the stack is an object, and throw a 1368 * TypeError if not. `kind` is used only to generate an appropriate error 1369 * message. 1370 * 1371 * Implements: [GetIterator][1] step 5, [IteratorNext][2] step 3. Both 1372 * operations call a JS method which scripts can define however they want, 1373 * so they check afterwards that the method returned an object. 1374 * 1375 * [1]: https://tc39.es/ecma262/#sec-getiterator 1376 * [2]: https://tc39.es/ecma262/#sec-iteratornext 1377 * 1378 * Category: Objects 1379 * Type: Iteration 1380 * Operands: CheckIsObjectKind kind 1381 * Stack: result => result 1382 */ \ 1383 MACRO(CheckIsObj, check_is_obj, NULL, 2, 1, 1, JOF_UINT8) \ 1384 /* 1385 * Throw a TypeError if `val` is `null` or `undefined`. 1386 * 1387 * Implements: [RequireObjectCoercible][1]. But most instructions that 1388 * require an object will perform this check for us, so of the dozens of 1389 * calls to RequireObjectCoercible in the spec, we need this instruction 1390 * only for [destructuring assignment][2] and [initialization][3]. 1391 * 1392 * [1]: https://tc39.es/ecma262/#sec-requireobjectcoercible 1393 * [2]: https://tc39.es/ecma262/#sec-runtime-semantics-destructuringassignmentevaluation 1394 * [3]: https://tc39.es/ecma262/#sec-destructuring-binding-patterns-runtime-semantics-bindinginitialization 1395 * 1396 * Category: Objects 1397 * Type: Iteration 1398 * Operands: 1399 * Stack: val => val 1400 */ \ 1401 MACRO(CheckObjCoercible, check_obj_coercible, NULL, 1, 1, 1, JOF_BYTE) \ 1402 /* 1403 * Create and push an async iterator wrapping the sync iterator `iter`. 1404 * `next` should be `iter`'s `.next` method. 1405 * 1406 * Implements: [CreateAsyncToSyncIterator][1]. The spec says this operation 1407 * takes one argument, but that argument is a Record with two relevant 1408 * fields, `[[Iterator]]` and `[[NextMethod]]`. 1409 * 1410 * Used for `for await` loops. 1411 * 1412 * [1]: https://tc39.es/ecma262/#sec-createasyncfromsynciterator 1413 * 1414 * Category: Objects 1415 * Type: Iteration 1416 * Operands: 1417 * Stack: iter, next => asynciter 1418 */ \ 1419 MACRO(ToAsyncIter, to_async_iter, NULL, 1, 2, 1, JOF_BYTE) \ 1420 /* 1421 * Set the prototype of `obj`. 1422 * 1423 * `obj` must be an object. 1424 * 1425 * Implements: [B.3.1 __proto__ Property Names in Object Initializers][1], step 7.a. 1426 * 1427 * [1]: https://tc39.es/ecma262/#sec-__proto__-property-names-in-object-initializers 1428 * 1429 * Category: Objects 1430 * Type: SetPrototype 1431 * Operands: 1432 * Stack: obj, protoVal => obj 1433 */ \ 1434 MACRO(MutateProto, mutate_proto, NULL, 1, 2, 1, JOF_BYTE) \ 1435 /* 1436 * Create and push a new Array object with the given `length`, 1437 * preallocating enough memory to hold that many elements. 1438 * 1439 * Category: Objects 1440 * Type: Array literals 1441 * Operands: uint32_t length 1442 * Stack: => array 1443 */ \ 1444 MACRO(NewArray, new_array, NULL, 5, 0, 1, JOF_UINT32|JOF_IC) \ 1445 /* 1446 * Initialize an array element `array[index]` with value `val`. 1447 * 1448 * `val` may be `MagicValue(JS_ELEMENTS_HOLE)`. If it is, this does nothing. 1449 * 1450 * This never calls setters or proxy traps. 1451 * 1452 * `array` must be an Array object created by `JSOp::NewArray` with length > 1453 * `index`, and never used except by `JSOp::InitElemArray`. 1454 * 1455 * Implements: [ArrayAccumulation][1], the third algorithm, step 4, in the 1456 * common case where *nextIndex* is known. 1457 * 1458 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-arrayaccumulation 1459 * 1460 * Category: Objects 1461 * Type: Array literals 1462 * Operands: uint32_t index 1463 * Stack: array, val => array 1464 */ \ 1465 MACRO(InitElemArray, init_elem_array, NULL, 5, 2, 1, JOF_UINT32|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 1466 /* 1467 * Initialize an array element `array[index++]` with value `val`. 1468 * 1469 * `val` may be `MagicValue(JS_ELEMENTS_HOLE)`. If it is, no element is 1470 * defined, but the array length and the stack value `index` are still 1471 * incremented. 1472 * 1473 * This never calls setters or proxy traps. 1474 * 1475 * `array` must be an Array object created by `JSOp::NewArray` and never used 1476 * except by `JSOp::InitElemArray` and `JSOp::InitElemInc`. 1477 * 1478 * `index` must be an integer, `0 <= index <= INT32_MAX`. If `index` is 1479 * `INT32_MAX`, this throws a RangeError. 1480 * 1481 * This instruction is used when an array literal contains a 1482 * *SpreadElement*. In `[a, ...b, c]`, `InitElemArray 0` is used to put 1483 * `a` into the array, but `InitElemInc` is used for the elements of `b` 1484 * and for `c`. 1485 * 1486 * Implements: Several steps in [ArrayAccumulation][1] that call 1487 * CreateDataProperty, set the array length, and/or increment *nextIndex*. 1488 * 1489 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-arrayaccumulation 1490 * 1491 * Category: Objects 1492 * Type: Array literals 1493 * Operands: 1494 * Stack: array, index, val => array, (index + 1) 1495 */ \ 1496 MACRO(InitElemInc, init_elem_inc, NULL, 1, 3, 2, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 1497 /* 1498 * Push `MagicValue(JS_ELEMENTS_HOLE)`, representing an *Elision* in an 1499 * array literal (like the missing property 0 in the array `[, 1]`). 1500 * 1501 * This magic value must be used only by `JSOp::InitElemArray` or 1502 * `JSOp::InitElemInc`. 1503 * 1504 * Category: Objects 1505 * Type: Array literals 1506 * Operands: 1507 * Stack: => hole 1508 */ \ 1509 MACRO(Hole, hole, NULL, 1, 0, 1, JOF_BYTE) \ 1510 /* 1511 * Create and push a new array that shares the elements of a template 1512 * object. 1513 * 1514 * `script->getObject(objectIndex)` must be a copy-on-write array whose 1515 * elements are all primitive values. 1516 * 1517 * This is an optimization. This single instruction implements an entire 1518 * array literal, saving run time, code, and memory compared to 1519 * `JSOp::NewArray` and a series of `JSOp::InitElem` instructions. 1520 * 1521 * Category: Objects 1522 * Type: Array literals 1523 * Operands: uint32_t objectIndex 1524 * Stack: => array 1525 */ \ 1526 MACRO(NewArrayCopyOnWrite, new_array_copy_on_write, NULL, 5, 0, 1, JOF_OBJECT) \ 1527 /* 1528 * Clone and push a new RegExp object. 1529 * 1530 * Implements: [Evaluation for *RegularExpressionLiteral*][1]. 1531 * 1532 * [1]: https://tc39.es/ecma262/#sec-regular-expression-literals-runtime-semantics-evaluation 1533 * 1534 * Category: Objects 1535 * Type: RegExp literals 1536 * Operands: uint32_t regexpIndex 1537 * Stack: => regexp 1538 */ \ 1539 MACRO(RegExp, reg_exp, NULL, 5, 0, 1, JOF_REGEXP) \ 1540 /* 1541 * Push a function object. 1542 * 1543 * This clones the function unless it's a singleton; see 1544 * `CanReuseFunctionForClone`. The new function inherits the current 1545 * environment chain. 1546 * 1547 * Used to create most JS functions. Notable exceptions are arrow functions 1548 * and derived or default class constructors. 1549 * 1550 * The function indicated by `funcIndex` must be a non-arrow function. 1551 * 1552 * Implements: [InstantiateFunctionObject][1], [Evaluation for 1553 * *FunctionExpression*][2], and so on. 1554 * 1555 * [1]: https://tc39.es/ecma262/#sec-function-definitions-runtime-semantics-instantiatefunctionobject 1556 * [2]: https://tc39.es/ecma262/#sec-function-definitions-runtime-semantics-evaluation 1557 * 1558 * Category: Functions 1559 * Type: Creating functions 1560 * Operands: uint32_t funcIndex 1561 * Stack: => fn 1562 */ \ 1563 MACRO(Lambda, lambda, NULL, 5, 0, 1, JOF_OBJECT) \ 1564 /* 1565 * Push a new arrow function. 1566 * 1567 * `newTarget` matters only if the arrow function uses the expression 1568 * `new.target`. It should be the current value of `new.target`, so that 1569 * the arrow function inherits `new.target` from the enclosing scope. (If 1570 * `new.target` is illegal here, the value doesn't matter; use `null`.) 1571 * 1572 * The function indicated by `funcIndex` must be an arrow function. 1573 * 1574 * Category: Functions 1575 * Type: Creating functions 1576 * Operands: uint32_t funcIndex 1577 * Stack: newTarget => arrowFn 1578 */ \ 1579 MACRO(LambdaArrow, lambda_arrow, NULL, 5, 1, 1, JOF_OBJECT) \ 1580 /* 1581 * Set the name of a function. 1582 * 1583 * `fun` must be a function object. `name` must be a string, Int32 value, 1584 * or symbol (like the result of `JSOp::ToId`). 1585 * 1586 * Implements: [SetFunctionName][1], used e.g. to name methods with 1587 * computed property names. 1588 * 1589 * [1]: https://tc39.es/ecma262/#sec-setfunctionname 1590 * 1591 * Category: Functions 1592 * Type: Creating functions 1593 * Operands: FunctionPrefixKind prefixKind 1594 * Stack: fun, name => fun 1595 */ \ 1596 MACRO(SetFunName, set_fun_name, NULL, 2, 2, 1, JOF_UINT8) \ 1597 /* 1598 * Initialize the home object for functions with super bindings. 1599 * 1600 * `fun` must be a method, getter, or setter, so that it has a 1601 * [[HomeObject]] slot. `homeObject` must be a plain object or (for static 1602 * methods) a constructor. 1603 * 1604 * Category: Functions 1605 * Type: Creating functions 1606 * Operands: 1607 * Stack: fun, homeObject => fun 1608 */ \ 1609 MACRO(InitHomeObject, init_home_object, NULL, 1, 2, 1, JOF_BYTE) \ 1610 /* 1611 * Throw a TypeError if `baseClass` isn't either `null` or a constructor. 1612 * 1613 * Implements: [ClassDefinitionEvaluation][1] step 6.f. 1614 * 1615 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1616 * 1617 * Category: Functions 1618 * Type: Creating constructors 1619 * Operands: 1620 * Stack: baseClass => baseClass 1621 */ \ 1622 MACRO(CheckClassHeritage, check_class_heritage, NULL, 1, 1, 1, JOF_BYTE) \ 1623 /* 1624 * Like `JSOp::Lambda`, but using `proto` as the new function's 1625 * `[[Prototype]]` (or `%FunctionPrototype%` if `proto` is `null`). 1626 * 1627 * `proto` must be either a constructor or `null`. We use 1628 * `JSOp::CheckClassHeritage` to check. 1629 * 1630 * This is used to create the constructor for a derived class. 1631 * 1632 * Implements: [ClassDefinitionEvaluation][1] steps 6.e.ii, 6.g.iii, and 1633 * 12 for derived classes. 1634 * 1635 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1636 * 1637 * Category: Functions 1638 * Type: Creating constructors 1639 * Operands: uint32_t funcIndex 1640 * Stack: proto => obj 1641 */ \ 1642 MACRO(FunWithProto, fun_with_proto, NULL, 5, 1, 1, JOF_OBJECT) \ 1643 /* 1644 * Create and push a default constructor for a base class. 1645 * 1646 * A default constructor behaves like `constructor() {}`. 1647 * 1648 * Implements: [ClassDefinitionEvaluation for *ClassTail*][1], steps 1649 * 10.b. and 12-17. 1650 * 1651 * The `sourceStart`/`sourceEnd` offsets are the start/end offsets of the 1652 * class definition in the source buffer, used for `toString()`. They must 1653 * be valid offsets into the source buffer, measured in code units, such 1654 * that `scriptSource->substring(cx, start, end)` is valid. 1655 * 1656 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1657 * 1658 * Category: Functions 1659 * Type: Creating constructors 1660 * Operands: uint32_t nameIndex, uint32_t sourceStart, uint32_t sourceEnd 1661 * Stack: => constructor 1662 */ \ 1663 MACRO(ClassConstructor, class_constructor, NULL, 13, 0, 1, JOF_CLASS_CTOR) \ 1664 /* 1665 * Create and push a default constructor for a derived class. 1666 * 1667 * A default derived-class constructor behaves like 1668 * `constructor(...args) { super(...args); }`. 1669 * 1670 * Implements: [ClassDefinitionEvaluation for *ClassTail*][1], steps 1671 * 10.a. and 12-17. 1672 * 1673 * `sourceStart` and `sourceEnd` follow the same rules as for 1674 * `JSOp::ClassConstructor`. 1675 * 1676 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1677 * 1678 * Category: Functions 1679 * Type: Creating constructors 1680 * Operands: uint32_t nameIndex, uint32_t sourceStart, uint32_t sourceEnd 1681 * Stack: proto => constructor 1682 */ \ 1683 MACRO(DerivedConstructor, derived_constructor, NULL, 13, 1, 1, JOF_CLASS_CTOR) \ 1684 /* 1685 * Pushes the current global's FunctionPrototype. 1686 * 1687 * `kind` must be in range for `JSProtoKey` (and must not be 1688 * `JSProto_LIMIT`). 1689 * 1690 * Category: Functions 1691 * Type: Creating constructors 1692 * Operands: 1693 * Stack: => %FunctionPrototype% 1694 */ \ 1695 MACRO(FunctionProto, function_proto, NULL, 1, 0, 1, JOF_BYTE) \ 1696 /* 1697 * Invoke `callee` with `this` and `args`, and push the return value. Throw 1698 * a TypeError if `callee` isn't a function. 1699 * 1700 * `JSOp::CallIter` is used for implicit calls to @@iterator methods, to 1701 * ensure error messages are formatted with `JSMSG_NOT_ITERABLE` ("x is not 1702 * iterable") rather than `JSMSG_NOT_FUNCTION` ("x[Symbol.iterator] is not 1703 * a function"). The `argc` operand must be 0 for this variation. 1704 * 1705 * `JSOp::FunApply` hints to the VM that this is likely a call to the 1706 * builtin method `Function.prototype.apply`, an easy optimization target. 1707 * 1708 * `JSOp::FunCall` similarly hints to the VM that the callee is likely 1709 * `Function.prototype.call`. 1710 * 1711 * `JSOp::CallIgnoresRv` hints to the VM that the return value is ignored. 1712 * This allows alternate faster implementations to be used that avoid 1713 * unnecesary allocations. 1714 * 1715 * Implements: [EvaluateCall][1] steps 4, 5, and 7. 1716 * 1717 * [1]: https://tc39.es/ecma262/#sec-evaluatecall 1718 * 1719 * Category: Functions 1720 * Type: Calls 1721 * Operands: uint16_t argc 1722 * Stack: callee, this, args[0], ..., args[argc-1] => rval 1723 */ \ 1724 MACRO(Call, call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_IC) \ 1725 MACRO(CallIter, call_iter, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_IC) \ 1726 MACRO(FunApply, fun_apply, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_IC) \ 1727 MACRO(FunCall, fun_call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_IC) \ 1728 MACRO(CallIgnoresRv, call_ignores_rv, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_IC) \ 1729 /* 1730 * Like `JSOp::Call`, but the arguments are provided in an array rather than 1731 * a span of stack slots. Used to implement spread-call syntax: 1732 * `f(...args)`. 1733 * 1734 * `args` must be an Array object containing the actual arguments. The 1735 * array must be packed (dense and free of holes; see IsPackedArray). 1736 * This can be ensured by creating the array with `JSOp::NewArray` and 1737 * populating it using `JSOp::InitElemArray`. 1738 * 1739 * Category: Functions 1740 * Type: Calls 1741 * Operands: 1742 * Stack: callee, this, args => rval 1743 */ \ 1744 MACRO(SpreadCall, spread_call, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_TYPESET|JOF_IC) \ 1745 /* 1746 * Push true if `arr` is an array object that can be passed directly as the 1747 * `args` argument to `JSOp::SpreadCall`. 1748 * 1749 * This instruction and the branch around the iterator loop are emitted 1750 * only when `arr` is itself a rest parameter, as in `(...arr) => 1751 * f(...arr)`, a strong hint that it's a packed Array whose prototype is 1752 * `Array.prototype`. 1753 * 1754 * See `js::OptimizeSpreadCall`. 1755 * 1756 * Category: Functions 1757 * Type: Calls 1758 * Operands: 1759 * Stack: arr => arr, optimized 1760 */ \ 1761 MACRO(OptimizeSpreadCall, optimize_spread_call, NULL, 1, 1, 2, JOF_BYTE) \ 1762 /* 1763 * Perform a direct eval in the current environment if `callee` is the 1764 * builtin `eval` function, otherwise follow same behaviour as `JSOp::Call`. 1765 * 1766 * All direct evals use one of the JSOp::*Eval instructions here and these 1767 * opcodes are only used when the syntactic conditions for a direct eval 1768 * are met. If the builtin `eval` function is called though other means, it 1769 * becomes an indirect eval. 1770 * 1771 * Direct eval causes all bindings in *enclosing* non-global scopes to be 1772 * marked "aliased". The optimization that puts bindings in stack slots has 1773 * to prove that the bindings won't need to be captured by closures or 1774 * accessed using `JSOp::{Get,Bind,Set,Del}Name` instructions. Direct eval 1775 * makes that analysis impossible. 1776 * 1777 * The instruction immediately following any `JSOp::*Eval` instruction must 1778 * be `JSOp::Lineno`. 1779 * 1780 * Implements: [Function Call Evaluation][1], steps 5-7 and 9, when the 1781 * syntactic critera for direct eval in step 6 are all met. 1782 * 1783 * [1]: https://tc39.es/ecma262/#sec-function-calls-runtime-semantics-evaluation 1784 * 1785 * Category: Functions 1786 * Type: Calls 1787 * Operands: uint16_t argc 1788 * Stack: callee, this, args[0], ..., args[argc-1] => rval 1789 */ \ 1790 MACRO(Eval, eval, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_CHECKSLOPPY|JOF_IC) \ 1791 /* 1792 * Spread-call variant of `JSOp::Eval`. 1793 * 1794 * See `JSOp::SpreadCall` for restrictions on `args`. 1795 * 1796 * Category: Functions 1797 * Type: Calls 1798 * Operands: 1799 * Stack: callee, this, args => rval 1800 */ \ 1801 MACRO(SpreadEval, spread_eval, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_TYPESET|JOF_CHECKSLOPPY|JOF_IC) \ 1802 /* 1803 * Like `JSOp::Eval`, but for strict mode code. 1804 * 1805 * Category: Functions 1806 * Type: Calls 1807 * Operands: uint16_t argc 1808 * Stack: evalFn, this, args[0], ..., args[argc-1] => rval 1809 */ \ 1810 MACRO(StrictEval, strict_eval, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_TYPESET|JOF_CHECKSTRICT|JOF_IC) \ 1811 /* 1812 * Spread-call variant of `JSOp::StrictEval`. 1813 * 1814 * See `JSOp::SpreadCall` for restrictions on `args`. 1815 * 1816 * Category: Functions 1817 * Type: Calls 1818 * Operands: 1819 * Stack: callee, this, args => rval 1820 */ \ 1821 MACRO(StrictSpreadEval, strict_spread_eval, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_TYPESET|JOF_CHECKSTRICT|JOF_IC) \ 1822 /* 1823 * Push the implicit `this` value for an unqualified function call, like 1824 * `foo()`. `nameIndex` gives the name of the function we're calling. 1825 * 1826 * The result is always `undefined` except when the name refers to a `with` 1827 * binding. For example, in `with (date) { getFullYear(); }`, the 1828 * implicit `this` passed to `getFullYear` is `date`, not `undefined`. 1829 * 1830 * This walks the run-time environment chain looking for the environment 1831 * record that contains the function. If the function call is not inside a 1832 * `with` statement, use `JSOp::GImplicitThis` instead. If the function call 1833 * definitely refers to a local binding, use `JSOp::Undefined`. 1834 * 1835 * Implements: [EvaluateCall][1] step 1.b. But not entirely correctly. 1836 * See [bug 1166408][2]. 1837 * 1838 * [1]: https://tc39.es/ecma262/#sec-evaluatecall 1839 * [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1166408 1840 * 1841 * Category: Functions 1842 * Type: Calls 1843 * Operands: uint32_t nameIndex 1844 * Stack: => this 1845 */ \ 1846 MACRO(ImplicitThis, implicit_this, "", 5, 0, 1, JOF_ATOM) \ 1847 /* 1848 * Like `JSOp::ImplicitThis`, but the name must not be bound in any local 1849 * environments. 1850 * 1851 * The result is always `undefined` except when the name refers to a 1852 * binding in a non-syntactic `with` environment. 1853 * 1854 * Note: The frontend has to emit `JSOp::GImplicitThis` (and not 1855 * `JSOp::Undefined`) for global unqualified function calls, even when 1856 * `CompileOptions::nonSyntacticScope == false`, because later 1857 * `js::CloneGlobalScript` can be called with `ScopeKind::NonSyntactic` to 1858 * clone the script into a non-syntactic environment, with the bytecode 1859 * reused, unchanged. 1860 * 1861 * Category: Functions 1862 * Type: Calls 1863 * Operands: uint32_t nameIndex 1864 * Stack: => this 1865 */ \ 1866 MACRO(GImplicitThis, g_implicit_this, "", 5, 0, 1, JOF_ATOM) \ 1867 /* 1868 * Push the call site object for a tagged template call. 1869 * 1870 * `script->getObject(objectIndex)` is the call site object; 1871 * `script->getObject(objectIndex + 1)` is the raw object. 1872 * 1873 * The first time this instruction runs for a given template, it assembles 1874 * the final value, defining the `.raw` property on the call site object 1875 * and freezing both objects. 1876 * 1877 * Implements: [GetTemplateObject][1], steps 4 and 12-16. 1878 * 1879 * [1]: https://tc39.es/ecma262/#sec-gettemplateobject 1880 * 1881 * Category: Functions 1882 * Type: Calls 1883 * Operands: uint32_t objectIndex 1884 * Stack: => callSiteObj 1885 */ \ 1886 MACRO(CallSiteObj, call_site_obj, NULL, 5, 0, 1, JOF_OBJECT) \ 1887 /* 1888 * Push `MagicValue(JS_IS_CONSTRUCTING)`. 1889 * 1890 * This magic value is a required argument to the `JSOp::New` and 1891 * `JSOp::SuperCall` instructions and must not be used any other way. 1892 * 1893 * Category: Functions 1894 * Type: Calls 1895 * Operands: 1896 * Stack: => JS_IS_CONSTRUCTING 1897 */ \ 1898 MACRO(IsConstructing, is_constructing, NULL, 1, 0, 1, JOF_BYTE) \ 1899 /* 1900 * Invoke `callee` as a constructor with `args` and `newTarget`, and push 1901 * the return value. Throw a TypeError if `callee` isn't a constructor. 1902 * 1903 * `isConstructing` must be the value pushed by `JSOp::IsConstructing`. 1904 * 1905 * `JSOp::SuperCall` behaves exactly like `JSOp::New`, but is used for 1906 * *SuperCall* expressions, to allow JITs to distinguish them from `new` 1907 * expressions. 1908 * 1909 * Implements: [EvaluateConstruct][1] steps 7 and 8. 1910 * 1911 * [1]: https://tc39.es/ecma262/#sec-evaluatenew 1912 * 1913 * Category: Functions 1914 * Type: Calls 1915 * Operands: uint16_t argc 1916 * Stack: callee, isConstructing, args[0], ..., args[argc-1], newTarget => rval 1917 */ \ 1918 MACRO(New, new_, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CONSTRUCT|JOF_TYPESET|JOF_IC) \ 1919 MACRO(SuperCall, super_call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CONSTRUCT|JOF_TYPESET|JOF_IC) \ 1920 /* 1921 * Spread-call variant of `JSOp::New`. 1922 * 1923 * Invokes `callee` as a constructor with `args` and `newTarget`, and 1924 * pushes the return value onto the stack. 1925 * 1926 * `isConstructing` must be the value pushed by `JSOp::IsConstructing`. 1927 * See `JSOp::SpreadCall` for restrictions on `args`. 1928 * 1929 * `JSOp::SpreadSuperCall` behaves exactly like `JSOp::SpreadNew`, but is 1930 * used for *SuperCall* expressions. 1931 * 1932 * Category: Functions 1933 * Type: Calls 1934 * Operands: 1935 * Stack: callee, isConstructing, args, newTarget => rval 1936 */ \ 1937 MACRO(SpreadNew, spread_new, NULL, 1, 4, 1, JOF_BYTE|JOF_INVOKE|JOF_CONSTRUCT|JOF_SPREAD|JOF_TYPESET|JOF_IC) \ 1938 MACRO(SpreadSuperCall, spread_super_call, NULL, 1, 4, 1, JOF_BYTE|JOF_INVOKE|JOF_CONSTRUCT|JOF_SPREAD|JOF_TYPESET|JOF_IC) \ 1939 /* 1940 * Push the prototype of `callee` in preparation for calling `super()`. 1941 * 1942 * `callee` must be a derived class constructor. 1943 * 1944 * Implements: [GetSuperConstructor][1], steps 4-7. 1945 * 1946 * [1]: https://tc39.es/ecma262/#sec-getsuperconstructor 1947 * 1948 * Category: Functions 1949 * Type: Calls 1950 * Operands: 1951 * Stack: callee => superFun 1952 */ \ 1953 MACRO(SuperFun, super_fun, NULL, 1, 1, 1, JOF_BYTE) \ 1954 /* 1955 * Throw a ReferenceError if `thisval` is not 1956 * `MagicValue(JS_UNINITIALIZED_LEXICAL)`. Used in derived class 1957 * constructors to prohibit calling `super` more than once. 1958 * 1959 * Implements: [BindThisValue][1], step 3. 1960 * 1961 * [1]: https://tc39.es/ecma262/#sec-bindthisvalue 1962 * 1963 * Category: Functions 1964 * Type: Calls 1965 * Operands: 1966 * Stack: thisval => thisval 1967 */ \ 1968 MACRO(CheckThisReinit, check_this_reinit, NULL, 1, 1, 1, JOF_BYTE) \ 1969 /* 1970 * Create and push a generator object for the current frame. 1971 * 1972 * This instruction must appear only in scripts for generators, async 1973 * functions, and async generators. There must not already be a generator 1974 * object for the current frame (that is, this instruction must execute at 1975 * most once per generator or async call). 1976 * 1977 * Category: Functions 1978 * Type: Generators and async functions 1979 * Operands: 1980 * Stack: => gen 1981 */ \ 1982 MACRO(Generator, generator, NULL, 1, 0, 1, JOF_BYTE) \ 1983 /* 1984 * Suspend the current generator and return to the caller. 1985 * 1986 * When a generator is called, its script starts running, like any other JS 1987 * function, because [FunctionDeclarationInstantation][1] and other 1988 * [generator object setup][2] are implemented mostly in bytecode. However, 1989 * the *FunctionBody* of the generator is not supposed to start running 1990 * until the first `.next()` call, so after setup the script suspends 1991 * itself: the "initial yield". 1992 * 1993 * Later, when resuming execution, `rval`, `gen` and `resumeKind` will 1994 * receive the values passed in by `JSOp::Resume`. `resumeKind` is the 1995 * `GeneratorResumeKind` stored as an Int32 value. 1996 * 1997 * This instruction must appear only in scripts for generators and async 1998 * generators. `gen` must be the generator object for the current frame. It 1999 * must not have been previously suspended. The resume point indicated by 2000 * `resumeIndex` must be the next instruction in the script, which must be 2001 * `AfterYield`. 2002 * 2003 * Implements: [GeneratorStart][3], steps 4-7. 2004 * 2005 * [1]: https://tc39.es/ecma262/#sec-functiondeclarationinstantiation 2006 * [2]: https://tc39.es/ecma262/#sec-generator-function-definitions-runtime-semantics-evaluatebody 2007 * [3]: https://tc39.es/ecma262/#sec-generatorstart 2008 * 2009 * Category: Functions 2010 * Type: Generators and async functions 2011 * Operands: uint24_t resumeIndex 2012 * Stack: gen => rval, gen, resumeKind 2013 */ \ 2014 MACRO(InitialYield, initial_yield, NULL, 4, 1, 3, JOF_RESUMEINDEX) \ 2015 /* 2016 * Bytecode emitted after `yield` expressions. This is useful for the 2017 * Debugger and `AbstractGeneratorObject::isAfterYieldOrAwait`. It's 2018 * treated as jump target op so that the Baseline Interpreter can 2019 * efficiently restore the frame's interpreterICEntry when resuming a 2020 * generator. 2021 * 2022 * The preceding instruction in the script must be `Yield`, `InitialYield`, 2023 * or `Await`. 2024 * 2025 * Category: Functions 2026 * Type: Generators and async functions 2027 * Operands: uint32_t icIndex 2028 * Stack: => 2029 */ \ 2030 MACRO(AfterYield, after_yield, NULL, 5, 0, 0, JOF_ICINDEX) \ 2031 /* 2032 * Suspend and close the current generator, async function, or async 2033 * generator. 2034 * 2035 * `gen` must be the generator object for the current frame. 2036 * 2037 * If the current function is a non-async generator, then the value in the 2038 * frame's return value slot is returned to the caller. It should be an 2039 * object of the form `{value: returnValue, done: true}`. 2040 * 2041 * If the current function is an async function or async generator, the 2042 * frame's return value slot must contain the current frame's result 2043 * promise, which must already be resolved or rejected. 2044 * 2045 * Category: Functions 2046 * Type: Generators and async functions 2047 * Operands: 2048 * Stack: gen => 2049 */ \ 2050 MACRO(FinalYieldRval, final_yield_rval, NULL, 1, 1, 0, JOF_BYTE) \ 2051 /* 2052 * Suspend execution of the current generator or async generator, returning 2053 * `rval1`. 2054 * 2055 * For non-async generators, `rval1` should be an object of the form 2056 * `{value: valueToYield, done: true}`. For async generators, `rval1` 2057 * should be the value to yield, and the caller is responsible for creating 2058 * the iterator result object (under `js::AsyncGeneratorYield`). 2059 * 2060 * This instruction must appear only in scripts for generators and async 2061 * generators. `gen` must be the generator object for the current stack 2062 * frame. The resume point indicated by `resumeIndex` must be the next 2063 * instruction in the script, which must be `AfterYield`. 2064 * 2065 * When resuming execution, `rval2`, `gen` and `resumeKind` receive the 2066 * values passed in by `JSOp::Resume`. 2067 * 2068 * Implements: [GeneratorYield][1] and [AsyncGeneratorYield][2]. 2069 * 2070 * [1]: https://tc39.es/ecma262/#sec-generatoryield 2071 * [2]: https://tc39.es/ecma262/#sec-asyncgeneratoryield 2072 * 2073 * Category: Functions 2074 * Type: Generators and async functions 2075 * Operands: uint24_t resumeIndex 2076 * Stack: rval1, gen => rval2, gen, resumeKind 2077 */ \ 2078 MACRO(Yield, yield, NULL, 4, 2, 3, JOF_RESUMEINDEX) \ 2079 /* 2080 * Pushes a boolean indicating whether the top of the stack is 2081 * `MagicValue(JS_GENERATOR_CLOSING)`. 2082 * 2083 * Category: Functions 2084 * Type: Generators and async functions 2085 * Operands: 2086 * Stack: val => val, res 2087 */ \ 2088 MACRO(IsGenClosing, is_gen_closing, NULL, 1, 1, 2, JOF_BYTE) \ 2089 /* 2090 * Arrange for this async function to resume asynchronously when `value` 2091 * becomes resolved. 2092 * 2093 * This is the last thing an async function does before suspending for an 2094 * `await` expression. It coerces the awaited `value` to a promise and 2095 * effectively calls `.then()` on it, passing handler functions that will 2096 * resume this async function call later. See `js::AsyncFunctionAwait`. 2097 * 2098 * This instruction must appear only in non-generator async function 2099 * scripts. `gen` must be the internal generator object for the current 2100 * frame. After this instruction, the script should suspend itself with 2101 * `Await` (rather than exiting any other way). 2102 * 2103 * The result `promise` is the async function's result promise, 2104 * `gen->as<AsyncFunctionGeneratorObject>().promise()`. 2105 * 2106 * Implements: [Await][1], steps 2-9. 2107 * 2108 * [1]: https://tc39.github.io/ecma262/#await 2109 * 2110 * Category: Functions 2111 * Type: Generators and async functions 2112 * Operands: 2113 * Stack: value, gen => promise 2114 */ \ 2115 MACRO(AsyncAwait, async_await, NULL, 1, 2, 1, JOF_BYTE) \ 2116 /* 2117 * Resolve or reject the current async function's result promise with 2118 * 'valueOrReason'. 2119 * 2120 * This instruction must appear only in non-generator async function 2121 * scripts. `gen` must be the internal generator object for the current 2122 * frame. This instruction must run at most once per async function call, 2123 * as resolving/rejecting an already resolved/rejected promise is not 2124 * permitted. 2125 * 2126 * The result `promise` is the async function's result promise, 2127 * `gen->as<AsyncFunctionGeneratorObject>().promise()`. 2128 * 2129 * Implements: [AsyncFunctionStart][1], step 4.d.i. and 4.e.i. 2130 * 2131 * [1]: https://tc39.es/ecma262/#sec-async-functions-abstract-operations-async-function-start 2132 * 2133 * Category: Functions 2134 * Type: Generators and async functions 2135 * Operands: AsyncFunctionResolveKind fulfillOrReject 2136 * Stack: valueOrReason, gen => promise 2137 */ \ 2138 MACRO(AsyncResolve, async_resolve, NULL, 2, 2, 1, JOF_UINT8) \ 2139 /* 2140 * Suspend the current frame for an `await` expression. 2141 * 2142 * This instruction must appear only in scripts for async functions and 2143 * async generators. `gen` must be the internal generator object for the 2144 * current frame. 2145 * 2146 * This returns `promise` to the caller. Later, when this async call is 2147 * resumed, `resolved`, `gen` and `resumeKind` receive the values passed in 2148 * by `JSOp::Resume`, and execution continues at the next instruction, 2149 * which must be `AfterYield`. 2150 * 2151 * This instruction is used in two subtly different ways. 2152 * 2153 * 1. In async functions: 2154 * 2155 * ... # valueToAwait 2156 * GetAliasedVar ".generator" # valueToAwait gen 2157 * AsyncAwait # resultPromise 2158 * GetAliasedVar ".generator" # resultPromise gen 2159 * Await # resolved gen resumeKind 2160 * AfterYield 2161 * 2162 * `AsyncAwait` arranges for this frame to be resumed later and pushes 2163 * its result promise. `Await` then suspends the frame and removes it 2164 * from the stack, returning the result promise to the caller. (If this 2165 * async call hasn't awaited before, the caller may be user code. 2166 * Otherwise, the caller is self-hosted code using `resumeGenerator`.) 2167 * 2168 * 2. In async generators: 2169 * 2170 * ... # valueToAwait 2171 * GetAliasedVar ".generator" # valueToAwait gen 2172 * Await # resolved gen resumeKind 2173 * AfterYield 2174 * 2175 * `AsyncAwait` is not used, so (1) the value returned to the caller by 2176 * `Await` is `valueToAwait`, not `resultPromise`; and (2) the caller 2177 * is responsible for doing the async-generator equivalent of 2178 * `AsyncAwait` (namely, `js::AsyncGeneratorAwait`, called from 2179 * `js::AsyncGeneratorResume` after `js::CallSelfHostedFunction` 2180 * returns). 2181 * 2182 * Implements: [Await][1], steps 10-12. 2183 * 2184 * [1]: https://tc39.es/ecma262/#await 2185 * 2186 * Category: Functions 2187 * Type: Generators and async functions 2188 * Operands: uint24_t resumeIndex 2189 * Stack: promise, gen => resolved, gen, resumeKind 2190 */ \ 2191 MACRO(Await, await, NULL, 4, 2, 3, JOF_RESUMEINDEX) \ 2192 /* 2193 * Decide whether awaiting 'value' can be skipped. 2194 * 2195 * This is part of an optimization for `await` expressions. Programs very 2196 * often await values that aren't promises, or promises that are already 2197 * resolved. We can then sometimes skip suspending the current frame and 2198 * returning to the microtask loop. If the circumstances permit the 2199 * optimization, `TrySkipAwait` replaces `value` with the result of the 2200 * `await` expression (unwrapping the resolved promise, if any) and pushes 2201 * `true`. Otherwise, it leaves `value` unchanged and pushes 'false'. 2202 * 2203 * Category: Functions 2204 * Type: Generators and async functions 2205 * Operands: 2206 * Stack: value => value_or_resolved, can_skip 2207 */ \ 2208 MACRO(TrySkipAwait, try_skip_await, NULL, 1, 1, 2, JOF_BYTE) \ 2209 /* 2210 * Pushes one of the GeneratorResumeKind values as Int32Value. 2211 * 2212 * Category: Functions 2213 * Type: Generators and async functions 2214 * Operands: GeneratorResumeKind resumeKind (encoded as uint8_t) 2215 * Stack: => resumeKind 2216 */ \ 2217 MACRO(ResumeKind, resume_kind, NULL, 2, 0, 1, JOF_UINT8) \ 2218 /* 2219 * Handle Throw and Return resumption. 2220 * 2221 * `gen` must be the generator object for the current frame. `resumeKind` 2222 * must be a `GeneratorResumeKind` stored as an `Int32` value. If it is 2223 * `Next`, continue to the next instruction. If `resumeKind` is `Throw` or 2224 * `Return`, these completions are handled by throwing an exception. See 2225 * `GeneratorThrowOrReturn`. 2226 * 2227 * Category: Functions 2228 * Type: Generators and async functions 2229 * Operands: 2230 * Stack: rval, gen, resumeKind => rval 2231 */ \ 2232 MACRO(CheckResumeKind, check_resume_kind, NULL, 1, 3, 1, JOF_BYTE) \ 2233 /* 2234 * Resume execution of a generator, async function, or async generator. 2235 * 2236 * This behaves something like a call instruction. It pushes a stack frame 2237 * (the one saved when `gen` was suspended, rather than a fresh one) and 2238 * runs instructions in it. Once `gen` returns or yields, its return value 2239 * is pushed to this frame's stack and execution continues in this script. 2240 * 2241 * This instruction is emitted only for the `resumeGenerator` self-hosting 2242 * intrinsic. It is used in the implementation of 2243 * `%GeneratorPrototype%.next`, `.throw`, and `.return`. 2244 * 2245 * `gen` must be a suspended generator object. `resumeKind` must be in 2246 * range for `GeneratorResumeKind`. 2247 * 2248 * Category: Functions 2249 * Type: Generators and async functions 2250 * Operands: 2251 * Stack: gen, val, resumeKind => rval 2252 */ \ 2253 MACRO(Resume, resume, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE) \ 2254 /* 2255 * No-op instruction marking the target of a jump instruction. 2256 * 2257 * This instruction and a few others (see `js::BytecodeIsJumpTarget`) are 2258 * jump target instructions. The Baseline Interpreter uses these 2259 * instructions to sync the frame's `interpreterICEntry` after a jump. Ion 2260 * uses them to find block boundaries when translating bytecode to MIR. 2261 * 2262 * Category: Control flow 2263 * Type: Jump targets 2264 * Operands: uint32_t icIndex 2265 * Stack: => 2266 */ \ 2267 MACRO(JumpTarget, jump_target, NULL, 5, 0, 0, JOF_ICINDEX) \ 2268 /* 2269 * Marks the target of the backwards jump for some loop. 2270 * 2271 * This is a jump target instruction (see `JSOp::JumpTarget`). Additionally, 2272 * it checks for interrupts and handles JIT tiering. 2273 * 2274 * The `depthHint` operand is a loop depth hint for Ion. It starts at 1 and 2275 * deeply nested loops all have the same value. 2276 * 2277 * For the convenience of the JITs, scripts must not start with this 2278 * instruction. See bug 1602390. 2279 * 2280 * Category: Control flow 2281 * Type: Jump targets 2282 * Operands: uint32_t icIndex, uint8_t depthHint 2283 * Stack: => 2284 */ \ 2285 MACRO(LoopHead, loop_head, NULL, 6, 0, 0, JOF_LOOPHEAD) \ 2286 /* 2287 * Jump to a 32-bit offset from the current bytecode. 2288 * 2289 * See "Jump instructions" above for details. 2290 * 2291 * Category: Control flow 2292 * Type: Jumps 2293 * Operands: int32_t offset 2294 * Stack: => 2295 */ \ 2296 MACRO(Goto, goto_, NULL, 5, 0, 0, JOF_JUMP) \ 2297 /* 2298 * If ToBoolean(`cond`) is false, jumps to a 32-bit offset from the current 2299 * instruction. 2300 * 2301 * Category: Control flow 2302 * Type: Jumps 2303 * Operands: int32_t forwardOffset 2304 * Stack: cond => 2305 */ \ 2306 MACRO(IfEq, if_eq, NULL, 5, 1, 0, JOF_JUMP|JOF_IC) \ 2307 /* 2308 * If ToBoolean(`cond`) is true, jump to a 32-bit offset from the current 2309 * instruction. 2310 * 2311 * `offset` may be positive or negative. This is the instruction used at the 2312 * end of a do-while loop to jump back to the top. 2313 * 2314 * Category: Control flow 2315 * Type: Jumps 2316 * Operands: int32_t offset 2317 * Stack: cond => 2318 */ \ 2319 MACRO(IfNe, if_ne, NULL, 5, 1, 0, JOF_JUMP|JOF_IC) \ 2320 /* 2321 * Short-circuit for logical AND. 2322 * 2323 * If ToBoolean(`cond`) is false, jump to a 32-bit offset from the current 2324 * instruction. The value remains on the stack. 2325 * 2326 * Category: Control flow 2327 * Type: Jumps 2328 * Operands: int32_t forwardOffset 2329 * Stack: cond => cond 2330 */ \ 2331 MACRO(And, and_, NULL, 5, 1, 1, JOF_JUMP|JOF_IC) \ 2332 /* 2333 * Short-circuit for logical OR. 2334 * 2335 * If ToBoolean(`cond`) is true, jump to a 32-bit offset from the current 2336 * instruction. The value remains on the stack. 2337 * 2338 * Category: Control flow 2339 * Type: Jumps 2340 * Operands: int32_t forwardOffset 2341 * Stack: cond => cond 2342 */ \ 2343 MACRO(Or, or_, NULL, 5, 1, 1, JOF_JUMP|JOF_IC) \ 2344 /* 2345 * Short-circuiting for nullish coalescing. 2346 * 2347 * If `val` is not null or undefined, jump to a 32-bit offset from the 2348 * current instruction. 2349 * 2350 * Category: Control flow 2351 * Type: Jumps 2352 * Operands: int32_t forwardOffset 2353 * Stack: val => val 2354 */ \ 2355 MACRO(Coalesce, coalesce, NULL, 5, 1, 1, JOF_JUMP) \ 2356 /* 2357 * Like `JSOp::IfNe` ("jump if true"), but if the branch is taken, 2358 * pop and discard an additional stack value. 2359 * 2360 * This is used to implement `switch` statements when the 2361 * `JSOp::TableSwitch` optimization is not possible. The switch statement 2362 * 2363 * switch (expr) { 2364 * case A: stmt1; 2365 * case B: stmt2; 2366 * } 2367 * 2368 * compiles to this bytecode: 2369 * 2370 * # dispatch code - evaluate expr, check it against each `case`, 2371 * # jump to the right place in the body or to the end. 2372 * <expr> 2373 * Dup; <A>; StrictEq; Case L1; JumpTarget 2374 * Dup; <B>; StrictEq; Case L2; JumpTarget 2375 * Default LE 2376 * 2377 * # body code 2378 * L1: JumpTarget; <stmt1> 2379 * L2: JumpTarget; <stmt2> 2380 * LE: JumpTarget 2381 * 2382 * This opcode is weird: it's the only one whose ndefs varies depending on 2383 * which way a conditional branch goes. We could implement switch 2384 * statements using `JSOp::IfNe` and `JSOp::Pop`, but that would also be 2385 * awkward--putting the `JSOp::Pop` inside the `switch` body would 2386 * complicate fallthrough. 2387 * 2388 * Category: Control flow 2389 * Type: Jumps 2390 * Operands: int32_t forwardOffset 2391 * Stack: val, cond => val (if !cond) 2392 */ \ 2393 MACRO(Case, case_, NULL, 5, 2, 1, JOF_JUMP) \ 2394 /* 2395 * Like `JSOp::Goto`, but pop and discard an additional stack value. 2396 * 2397 * This appears after all cases for a non-optimized `switch` statement. If 2398 * there's a `default:` label, it jumps to that point in the body; 2399 * otherwise it jumps to the next statement. 2400 * 2401 * Category: Control flow 2402 * Type: Jumps 2403 * Operands: int32_t forwardOffset 2404 * Stack: lval => 2405 */ \ 2406 MACRO(Default, default_, NULL, 5, 1, 0, JOF_JUMP) \ 2407 /* 2408 * Optimized switch-statement dispatch, used when all `case` labels are 2409 * small integer constants. 2410 * 2411 * If `low <= i <= high`, jump to the instruction at the offset given by 2412 * `script->resumeOffsets()[firstResumeIndex + i - low]`, in bytes from the 2413 * start of the current script's bytecode. Otherwise, jump to the 2414 * instruction at `defaultOffset` from the current instruction. All of 2415 * these offsets must be in range for the current script and must point to 2416 * `JSOp::JumpTarget` instructions. 2417 * 2418 * The following inequalities must hold: `low <= high` and 2419 * `firstResumeIndex + high - low < resumeOffsets().size()`. 2420 * 2421 * Category: Control flow 2422 * Type: Jumps 2423 * Operands: int32_t defaultOffset, int32_t low, int32_t high, 2424 * uint24_t firstResumeIndex 2425 * Stack: i => 2426 */ \ 2427 MACRO(TableSwitch, table_switch, NULL, 16, 1, 0, JOF_TABLESWITCH) \ 2428 /* 2429 * Return `rval`. 2430 * 2431 * This must not be used in derived class constructors. Instead use 2432 * `JSOp::SetRval`, `JSOp::CheckReturn`, and `JSOp::RetRval`. 2433 * 2434 * Category: Control flow 2435 * Type: Return 2436 * Operands: 2437 * Stack: rval => 2438 */ \ 2439 MACRO(Return, return_, NULL, 1, 1, 0, JOF_BYTE) \ 2440 /* 2441 * Push the current stack frame's `returnValue`. If no `JSOp::SetRval` 2442 * instruction has been executed in this stack frame, this is `undefined`. 2443 * 2444 * Every stack frame has a `returnValue` slot, used by top-level scripts, 2445 * generators, async functions, and derived class constructors. Plain 2446 * functions usually use `JSOp::Return` instead. 2447 * 2448 * Category: Control flow 2449 * Type: Return 2450 * Operands: 2451 * Stack: => rval 2452 */ \ 2453 MACRO(GetRval, get_rval, NULL, 1, 0, 1, JOF_BYTE) \ 2454 /* 2455 * Store `rval` in the current stack frame's `returnValue` slot. 2456 * 2457 * This instruction must not be used in a toplevel script compiled with the 2458 * `noScriptRval` option. 2459 * 2460 * Category: Control flow 2461 * Type: Return 2462 * Operands: 2463 * Stack: rval => 2464 */ \ 2465 MACRO(SetRval, set_rval, NULL, 1, 1, 0, JOF_BYTE) \ 2466 /* 2467 * Stop execution and return the current stack frame's `returnValue`. If no 2468 * `JSOp::SetRval` instruction has been executed in this stack frame, this 2469 * is `undefined`. 2470 * 2471 * Also emitted at end of every script so consumers don't need to worry 2472 * about running off the end. 2473 * 2474 * If the current script is a derived class constructor, `returnValue` must 2475 * be an object. The script can use `JSOp::CheckReturn` to ensure this. 2476 * 2477 * Category: Control flow 2478 * Type: Return 2479 * Operands: 2480 * Stack: => 2481 */ \ 2482 MACRO(RetRval, ret_rval, NULL, 1, 0, 0, JOF_BYTE) \ 2483 /* 2484 * Check the return value in a derived class constructor. 2485 * 2486 * - If the current stack frame's `returnValue` is an object, do nothing. 2487 * 2488 * - Otherwise, if the `returnValue` is undefined and `thisval` is an 2489 * object, store `thisval` in the `returnValue` slot. 2490 * 2491 * - Otherwise, throw a TypeError. 2492 * 2493 * This is exactly what has to happen when a derived class constructor 2494 * returns. `thisval` should be the current value of `this`, or 2495 * `MagicValue(JS_UNINITIALIZED_LEXICAL)` if `this` is uninitialized. 2496 * 2497 * Implements: [The [[Construct]] internal method of JS functions][1], 2498 * steps 13 and 15. 2499 * 2500 * [1]: https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget 2501 * 2502 * Category: Control flow 2503 * Type: Return 2504 * Operands: 2505 * Stack: thisval => 2506 */ \ 2507 MACRO(CheckReturn, check_return, NULL, 1, 1, 0, JOF_BYTE) \ 2508 /* 2509 * Throw `exc`. (ノಠ益ಠ)ノ彡┴──┴ 2510 * 2511 * This sets the pending exception to `exc` and jumps to error-handling 2512 * code. If we're in a `try` block, error handling adjusts the stack and 2513 * environment chain and resumes execution at the top of the `catch` or 2514 * `finally` block. Otherwise it starts unwinding the stack. 2515 * 2516 * Implements: [*ThrowStatement* Evaluation][1], step 3. 2517 * 2518 * This is also used in for-of loops. If the body of the loop throws an 2519 * exception, we catch it, close the iterator, then use `JSOp::Throw` to 2520 * rethrow. 2521 * 2522 * [1]: https://tc39.es/ecma262/#sec-throw-statement-runtime-semantics-evaluation 2523 * 2524 * Category: Control flow 2525 * Type: Exceptions 2526 * Operands: 2527 * Stack: exc => 2528 */ \ 2529 MACRO(Throw, throw_, NULL, 1, 1, 0, JOF_BYTE) \ 2530 /* 2531 * Create and throw an Error object. 2532 * 2533 * Sometimes we know at emit time that an operation always throws. For 2534 * example, `delete super.prop;` is allowed in methods, but always throws a 2535 * ReferenceError. 2536 * 2537 * `msgNumber` must be one of the error codes listed in js/src/js.msg; it 2538 * determines the `.message` and [[Prototype]] of the new Error object. The 2539 * number of arguments in the error message must be 0. 2540 * 2541 * Category: Control flow 2542 * Type: Exceptions 2543 * Operands: ThrowMsgKind msgNumber 2544 * Stack: => 2545 */ \ 2546 MACRO(ThrowMsg, throw_msg, NULL, 2, 0, 0, JOF_UINT8) \ 2547 /* 2548 * Throws a runtime TypeError for invalid assignment to a `const` binding. 2549 * 2550 * Category: Control flow 2551 * Type: Exceptions 2552 * Operands: uint32_t nameIndex 2553 * Stack: 2554 */ \ 2555 MACRO(ThrowSetConst, throw_set_const, NULL, 5, 0, 0, JOF_ATOM|JOF_NAME) \ 2556 /* 2557 * No-op instruction that marks the top of the bytecode for a 2558 * *TryStatement*. 2559 * 2560 * The `jumpAtEndOffset` operand must be the offset (relative to the 2561 * current op) of the `JSOp::Goto` at the end of the try-block body. This 2562 * is used by bytecode analysis and JIT compilation. 2563 * 2564 * Location information for catch/finally blocks is stored in a side table, 2565 * `script->trynotes()`. 2566 * 2567 * Category: Control flow 2568 * Type: Exceptions 2569 * Operands: int32_t jumpAtEndOffset 2570 * Stack: => 2571 */ \ 2572 MACRO(Try, try_, NULL, 5, 0, 0, JOF_CODE_OFFSET) \ 2573 /* 2574 * No-op instruction used by the exception unwinder to determine the 2575 * correct environment to unwind to when performing IteratorClose due to 2576 * destructuring. 2577 * 2578 * This instruction must appear immediately before each 2579 * `JSTRY_DESTRUCTURING` span in a script's try notes. 2580 * 2581 * Category: Control flow 2582 * Type: Exceptions 2583 * Operands: 2584 * Stack: => 2585 */ \ 2586 MACRO(TryDestructuring, try_destructuring, NULL, 1, 0, 0, JOF_BYTE) \ 2587 /* 2588 * Push and clear the pending exception. ┬──┬◡ノ(° -°ノ) 2589 * 2590 * This must be used only in the fixed sequence of instructions following a 2591 * `JSTRY_CATCH` span (see "Bytecode Invariants" above), as that's the only 2592 * way instructions would run with an exception pending. 2593 * 2594 * Used to implement catch-blocks, including the implicit ones generated as 2595 * part of for-of iteration. 2596 * 2597 * Category: Control flow 2598 * Type: Exceptions 2599 * Operands: 2600 * Stack: => exception 2601 */ \ 2602 MACRO(Exception, exception, NULL, 1, 0, 1, JOF_BYTE) \ 2603 /* 2604 * Push `resumeIndex`. 2605 * 2606 * This value must be used only by `JSOp::Gosub`, `JSOp::Finally`, and `JSOp::Retsub`. 2607 * 2608 * Category: Control flow 2609 * Type: Exceptions 2610 * Operands: uint24_t resumeIndex 2611 * Stack: => resumeIndex 2612 */ \ 2613 MACRO(ResumeIndex, resume_index, NULL, 4, 0, 1, JOF_RESUMEINDEX) \ 2614 /* 2615 * Jump to the start of a `finally` block. 2616 * 2617 * `JSOp::Gosub` is unusual: if the finally block finishes normally, it will 2618 * reach the `JSOp::Retsub` instruction at the end, and control then 2619 * "returns" to the `JSOp::Gosub` and picks up at the next instruction, like 2620 * a function call but within a single script and stack frame. (It's named 2621 * after the thing in BASIC.) 2622 * 2623 * We need this because a `try` block can terminate in several different 2624 * ways: control can flow off the end, return, throw an exception, `break` 2625 * with or without a label, or `continue`. Exceptions are handled 2626 * separately; but all those success paths are written as bytecode, and 2627 * each one needs to run the `finally` block before continuing with 2628 * whatever they were doing. They use `JSOp::Gosub` for this. It is thus 2629 * normal for multiple `Gosub` instructions in a script to target the same 2630 * `finally` block. 2631 * 2632 * Rules: `forwardOffset` must be positive and must target a 2633 * `JSOp::JumpTarget` instruction followed by `JSOp::Finally`. The 2634 * instruction immediately following `JSOp::Gosub` in the script must be a 2635 * `JSOp::JumpTarget` instruction, and `resumeIndex` must be the index into 2636 * `script->resumeOffsets()` that points to that instruction. 2637 * 2638 * Note: This op doesn't actually push or pop any values. Its use count of 2639 * 2 is a lie to make the stack depth math work for this very odd control 2640 * flow instruction. 2641 * 2642 * `JSOp::Gosub` is considered to have two "successors": the target of 2643 * `offset`, which is the actual next instruction to run; and the 2644 * instruction immediately following `JSOp::Gosub`, even though it won't run 2645 * until later. We define the successor graph this way in order to support 2646 * knowing the stack depth at that instruction without first reading the 2647 * whole `finally` block. 2648 * 2649 * The stack depth at that instruction is, as it happens, the current stack 2650 * depth minus 2. So this instruction gets nuses == 2. 2651 * 2652 * Unfortunately there is a price to be paid in horribleness. When 2653 * `JSOp::Gosub` runs, it leaves two values on the stack that the stack 2654 * depth math doesn't know about. It jumps to the finally block, where 2655 * `JSOp::Finally` again does nothing to the stack, but with a bogus def 2656 * count of 2, restoring balance to the accounting. If `JSOp::Retsub` is 2657 * reached, it pops the two values (for real this time) and control 2658 * resumes at the instruction that follows JSOp::Gosub in memory. 2659 * 2660 * Category: Control flow 2661 * Type: Exceptions 2662 * Operands: int32_t forwardOffset 2663 * Stack: false, resumeIndex => 2664 */ \ 2665 MACRO(Gosub, gosub, NULL, 5, 2, 0, JOF_JUMP) \ 2666 /* 2667 * No-op instruction that marks the start of a `finally` block. This has a 2668 * def count of 2, but the values are already on the stack (they're 2669 * actually left on the stack by `JSOp::Gosub`). 2670 * 2671 * These two values must not be used except by `JSOp::Retsub`. 2672 * 2673 * Category: Control flow 2674 * Type: Exceptions 2675 * Operands: 2676 * Stack: => false, resumeIndex 2677 */ \ 2678 MACRO(Finally, finally, NULL, 1, 0, 2, JOF_BYTE) \ 2679 /* 2680 * Jump back to the next instruction, or rethrow an exception, at the end 2681 * of a `finally` block. See `JSOp::Gosub` for the explanation. 2682 * 2683 * If `throwing` is true, throw `v`. Otherwise, `v` must be a resume index; 2684 * jump to the corresponding offset within the script. 2685 * 2686 * The two values popped must be the ones notionally pushed by 2687 * `JSOp::Finally`. 2688 * 2689 * Category: Control flow 2690 * Type: Exceptions 2691 * Operands: 2692 * Stack: throwing, v => 2693 */ \ 2694 MACRO(Retsub, retsub, NULL, 1, 2, 0, JOF_BYTE) \ 2695 /* 2696 * Push `MagicValue(JS_UNINITIALIZED_LEXICAL)`, a magic value used to mark 2697 * a binding as uninitialized. 2698 * 2699 * This magic value must be used only by `JSOp::InitLexical`. 2700 * 2701 * Category: Variables and scopes 2702 * Type: Initialization 2703 * Operands: 2704 * Stack: => uninitialized 2705 */ \ 2706 MACRO(Uninitialized, uninitialized, NULL, 1, 0, 1, JOF_BYTE) \ 2707 /* 2708 * Initialize an optimized local lexical binding; or mark it as 2709 * uninitialized. 2710 * 2711 * This stores the value `v` in the fixed slot `localno` in the current 2712 * stack frame. If `v` is the magic value produced by `JSOp::Uninitialized`, 2713 * this marks the binding as uninitialized. Otherwise this initializes the 2714 * binding with value `v`. 2715 * 2716 * Implements: [CreateMutableBinding][1] step 3, substep "record that it is 2717 * uninitialized", and [InitializeBinding][2], for optimized locals. (Note: 2718 * this is how `const` bindings are initialized.) 2719 * 2720 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-createmutablebinding-n-d 2721 * [2]: https://tc39.es/ecma262/#sec-declarative-environment-records-initializebinding-n-v 2722 * 2723 * Category: Variables and scopes 2724 * Type: Initialization 2725 * Operands: uint24_t localno 2726 * Stack: v => v 2727 */ \ 2728 MACRO(InitLexical, init_lexical, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 2729 /* 2730 * Initialize a global lexical binding. 2731 * 2732 * The binding must already have been created by `DefLet` or `DefConst` and 2733 * must be uninitialized. 2734 * 2735 * Like `JSOp::InitLexical` but for global lexicals. Unlike `InitLexical` 2736 * this can't be used to mark a binding as uninitialized. 2737 * 2738 * Category: Variables and scopes 2739 * Type: Initialization 2740 * Operands: uint32_t nameIndex 2741 * Stack: val => val 2742 */ \ 2743 MACRO(InitGLexical, init_g_lexical, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME|JOF_PROPINIT|JOF_GNAME|JOF_IC) \ 2744 /* 2745 * Initialize an aliased lexical binding; or mark it as uninitialized. 2746 * 2747 * Like `JSOp::InitLexical` but for aliased bindings. 2748 * 2749 * Note: There is no even-less-optimized `InitName` instruction because JS 2750 * doesn't need it. We always know statically which binding we're 2751 * initializing. 2752 * 2753 * `hops` is usually 0, but in `function f(a=eval("var b;")) { }`, the 2754 * argument `a` is initialized from inside a nested scope, so `hops == 1`. 2755 * 2756 * Category: Variables and scopes 2757 * Type: Initialization 2758 * Operands: uint8_t hops, uint24_t slot 2759 * Stack: v => v 2760 */ \ 2761 MACRO(InitAliasedLexical, init_aliased_lexical, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME|JOF_PROPINIT) \ 2762 /* 2763 * Throw a ReferenceError if the value on top of the stack is uninitialized. 2764 * 2765 * Typically used after `JSOp::GetLocal` with the same `localno`. 2766 * 2767 * Implements: [GetBindingValue][1] step 3 and [SetMutableBinding][2] step 2768 * 4 for declarative Environment Records. 2769 * 2770 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-getbindingvalue-n-s 2771 * [2]: https://tc39.es/ecma262/#sec-declarative-environment-records-setmutablebinding-n-v-s 2772 * 2773 * Category: Variables and scopes 2774 * Type: Initialization 2775 * Operands: uint24_t localno 2776 * Stack: v => v 2777 */ \ 2778 MACRO(CheckLexical, check_lexical, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 2779 /* 2780 * Like `JSOp::CheckLexical` but for aliased bindings. 2781 * 2782 * Typically used after `JSOp::GetAliasedVar` with the same hops/slot. 2783 * 2784 * Note: There are no `CheckName` or `CheckGName` instructions because 2785 * they're unnecessary. `JSOp::{Get,Set}{Name,GName}` all check for 2786 * uninitialized lexicals and throw if needed. 2787 * 2788 * Category: Variables and scopes 2789 * Type: Initialization 2790 * Operands: uint8_t hops, uint24_t slot 2791 * Stack: v => v 2792 */ \ 2793 MACRO(CheckAliasedLexical, check_aliased_lexical, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME) \ 2794 /* 2795 * Throw a ReferenceError if the value on top of the stack is 2796 * `MagicValue(JS_UNINITIALIZED_LEXICAL)`. Used in derived class 2797 * constructors to check `this` (which needs to be initialized before use, 2798 * by calling `super()`). 2799 * 2800 * Implements: [GetThisBinding][1] step 3. 2801 * 2802 * [1]: https://tc39.es/ecma262/#sec-function-environment-records-getthisbinding 2803 * 2804 * Category: Variables and scopes 2805 * Type: Initialization 2806 * Operands: 2807 * Stack: this => this 2808 */ \ 2809 MACRO(CheckThis, check_this, NULL, 1, 1, 1, JOF_BYTE) \ 2810 /* 2811 * Push the global environment onto the stack, unless the script has a 2812 * non-syntactic global scope. In that case, this acts like JSOp::BindName. 2813 * 2814 * `nameIndex` is only used when acting like JSOp::BindName. 2815 * 2816 * Category: Variables and scopes 2817 * Type: Looking up bindings 2818 * Operands: uint32_t nameIndex 2819 * Stack: => global 2820 */ \ 2821 MACRO(BindGName, bind_g_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_GNAME|JOF_IC) \ 2822 /* 2823 * Look up a name on the environment chain and push the environment which 2824 * contains a binding for that name. If no such binding exists, push the 2825 * global lexical environment. 2826 * 2827 * Category: Variables and scopes 2828 * Type: Looking up bindings 2829 * Operands: uint32_t nameIndex 2830 * Stack: => env 2831 */ \ 2832 MACRO(BindName, bind_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_IC) \ 2833 /* 2834 * Find a binding on the environment chain and push its value. 2835 * 2836 * If the binding is an uninitialized lexical, throw a ReferenceError. If 2837 * no such binding exists, throw a ReferenceError unless the next 2838 * instruction is `JSOp::Typeof`, in which case push `undefined`. 2839 * 2840 * Implements: [ResolveBinding][1] followed by [GetValue][2] 2841 * (adjusted hackily for `typeof`). 2842 * 2843 * This is the fallback `Get` instruction that handles all unoptimized 2844 * cases. Optimized instructions follow. 2845 * 2846 * [1]: https://tc39.es/ecma262/#sec-resolvebinding 2847 * [2]: https://tc39.es/ecma262/#sec-getvalue 2848 * 2849 * Category: Variables and scopes 2850 * Type: Getting binding values 2851 * Operands: uint32_t nameIndex 2852 * Stack: => val 2853 */ \ 2854 MACRO(GetName, get_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_TYPESET|JOF_IC) \ 2855 /* 2856 * Find a global binding and push its value. 2857 * 2858 * This searches the global lexical environment and, failing that, the 2859 * global object. (Unlike most declarative environments, the global lexical 2860 * environment can gain more bindings after compilation, possibly shadowing 2861 * global object properties.) 2862 * 2863 * This is an optimized version of `JSOp::GetName` that skips all local 2864 * scopes, for use when the name doesn't refer to any local binding. 2865 * `NonSyntacticVariablesObject`s break this optimization, so if the 2866 * current script has a non-syntactic global scope, this acts like 2867 * `JSOp::GetName`. 2868 * 2869 * Like `JSOp::GetName`, this throws a ReferenceError if no such binding is 2870 * found (unless the next instruction is `JSOp::Typeof`) or if the binding 2871 * is an uninitialized lexical. 2872 * 2873 * Category: Variables and scopes 2874 * Type: Getting binding values 2875 * Operands: uint32_t nameIndex 2876 * Stack: => val 2877 */ \ 2878 MACRO(GetGName, get_g_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_TYPESET|JOF_GNAME|JOF_IC) \ 2879 /* 2880 * Push the value of an argument that is stored in the stack frame 2881 * or in an `ArgumentsObject`. 2882 * 2883 * Category: Variables and scopes 2884 * Type: Getting binding values 2885 * Operands: uint16_t argno 2886 * Stack: => arguments[argno] 2887 */ \ 2888 MACRO(GetArg, get_arg, NULL, 3, 0, 1, JOF_QARG|JOF_NAME) \ 2889 /* 2890 * Push the value of an optimized local variable. 2891 * 2892 * If the variable is an uninitialized lexical, push 2893 * `MagicValue(JS_UNINIITALIZED_LEXICAL)`. 2894 * 2895 * Category: Variables and scopes 2896 * Type: Getting binding values 2897 * Operands: uint24_t localno 2898 * Stack: => val 2899 */ \ 2900 MACRO(GetLocal, get_local, NULL, 4, 0, 1, JOF_LOCAL|JOF_NAME) \ 2901 /* 2902 * Push the value of an aliased binding. 2903 * 2904 * Local bindings that aren't closed over or dynamically accessed are 2905 * stored in stack slots. Global and `with` bindings are object properties. 2906 * All other bindings are called "aliased" and stored in 2907 * `EnvironmentObject`s. 2908 * 2909 * Where possible, `Aliased` instructions are used to access aliased 2910 * bindings. (There's no difference in meaning between `AliasedVar` and 2911 * `AliasedLexical`.) Each of these instructions has operands `hops` and 2912 * `slot` that encode an [`EnvironmentCoordinate`][1], directions to the 2913 * binding from the current environment object. 2914 * 2915 * `Aliased` instructions can't be used when there's a dynamic scope (due 2916 * to non-strict `eval` or `with`) that might shadow the aliased binding. 2917 * 2918 * [1]: https://searchfox.org/mozilla-central/search?q=symbol:T_js%3A%3AEnvironmentCoordinate 2919 * 2920 * Category: Variables and scopes 2921 * Type: Getting binding values 2922 * Operands: uint8_t hops, uint24_t slot 2923 * Stack: => aliasedVar 2924 */ \ 2925 MACRO(GetAliasedVar, get_aliased_var, NULL, 5, 0, 1, JOF_ENVCOORD|JOF_NAME|JOF_TYPESET|JOF_IC) \ 2926 /* 2927 * Get the value of a module import by name and pushes it onto the stack. 2928 * 2929 * Category: Variables and scopes 2930 * Type: Getting binding values 2931 * Operands: uint32_t nameIndex 2932 * Stack: => val 2933 */ \ 2934 MACRO(GetImport, get_import, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_TYPESET|JOF_IC) \ 2935 /* 2936 * Get the value of a binding from the environment `env`. If the name is 2937 * not bound in `env`, throw a ReferenceError. 2938 * 2939 * `env` must be an environment currently on the environment chain, pushed 2940 * by `JSOp::BindName` or `JSOp::BindVar`. 2941 * 2942 * Note: `JSOp::BindName` and `JSOp::GetBoundName` are the two halves of the 2943 * `JSOp::GetName` operation: finding and reading a variable. This 2944 * decomposed version is needed to implement the compound assignment and 2945 * increment/decrement operators, which get and then set a variable. The 2946 * spec says the variable lookup is done only once. If we did the lookup 2947 * twice, there would be observable bugs, thanks to dynamic scoping. We 2948 * could set the wrong variable or call proxy traps incorrectly. 2949 * 2950 * Implements: [GetValue][1] steps 4 and 6. 2951 * 2952 * [1]: https://tc39.es/ecma262/#sec-getvalue 2953 * 2954 * Category: Variables and scopes 2955 * Type: Getting binding values 2956 * Operands: uint32_t nameIndex 2957 * Stack: env => v 2958 */ \ 2959 MACRO(GetBoundName, get_bound_name, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME|JOF_TYPESET|JOF_IC) \ 2960 /* 2961 * Push the value of an intrinsic onto the stack. 2962 * 2963 * Non-standard. Intrinsics are slots in the intrinsics holder object (see 2964 * `GlobalObject::getIntrinsicsHolder`), which is used in lieu of global 2965 * bindings in self-hosting code. 2966 * 2967 * Category: Variables and scopes 2968 * Type: Getting binding values 2969 * Operands: uint32_t nameIndex 2970 * Stack: => intrinsic[name] 2971 */ \ 2972 MACRO(GetIntrinsic, get_intrinsic, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_TYPESET|JOF_IC) \ 2973 /* 2974 * Pushes the currently executing function onto the stack. 2975 * 2976 * The current script must be a function script. 2977 * 2978 * Used to implement `super`. This is also used sometimes as a minor 2979 * optimization when a named function expression refers to itself by name: 2980 * 2981 * f = function fac(n) { ... fac(n - 1) ... }; 2982 * 2983 * This lets us optimize away a lexical environment that contains only the 2984 * binding for `fac`, unless it's otherwise observable (via `with`, `eval`, 2985 * or a nested closure). 2986 * 2987 * Category: Variables and scopes 2988 * Type: Getting binding values 2989 * Operands: 2990 * Stack: => callee 2991 */ \ 2992 MACRO(Callee, callee, NULL, 1, 0, 1, JOF_BYTE) \ 2993 /* 2994 * Load the callee stored in a CallObject on the environment chain. The 2995 * `numHops` operand is the number of environment objects to skip on the 2996 * environment chain. The environment chain element indicated by `numHops` 2997 * must be a CallObject. 2998 * 2999 * Category: Variables and scopes 3000 * Type: Getting binding values 3001 * Operands: uint8_t numHops 3002 * Stack: => callee 3003 */ \ 3004 MACRO(EnvCallee, env_callee, NULL, 2, 0, 1, JOF_UINT8) \ 3005 /* 3006 * Assign `val` to the binding in `env` with the name given by `nameIndex`. 3007 * Throw a ReferenceError if the binding is an uninitialized lexical. 3008 * This can call setters and/or proxy traps. 3009 * 3010 * `env` must be an environment currently on the environment chain, 3011 * pushed by `JSOp::BindName` or `JSOp::BindVar`. 3012 * 3013 * This is the fallback `Set` instruction that handles all unoptimized 3014 * cases. Optimized instructions follow. 3015 * 3016 * Implements: [PutValue][1] steps 5 and 7 for unoptimized bindings. 3017 * 3018 * Note: `JSOp::BindName` and `JSOp::SetName` are the two halves of simple 3019 * assignment: finding and setting a variable. They are two separate 3020 * instructions because, per spec, the "finding" part happens before 3021 * evaluating the right-hand side of the assignment, and the "setting" part 3022 * after. Optimized cases don't need a `Bind` instruction because the 3023 * "finding" is done statically. 3024 * 3025 * [1]: https://tc39.es/ecma262/#sec-putvalue 3026 * 3027 * Category: Variables and scopes 3028 * Type: Setting binding values 3029 * Operands: uint32_t nameIndex 3030 * Stack: env, val => val 3031 */ \ 3032 MACRO(SetName, set_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 3033 /* 3034 * Like `JSOp::SetName`, but throw a TypeError if there is no binding for 3035 * the specified name in `env`, or if the binding is immutable (a `const` 3036 * or read-only property). 3037 * 3038 * Implements: [PutValue][1] steps 5 and 7 for strict mode code. 3039 * 3040 * [1]: https://tc39.es/ecma262/#sec-putvalue 3041 * 3042 * Category: Variables and scopes 3043 * Type: Setting binding values 3044 * Operands: uint32_t nameIndex 3045 * Stack: env, val => val 3046 */ \ 3047 MACRO(StrictSetName, strict_set_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 3048 /* 3049 * Like `JSOp::SetName`, but for assigning to globals. `env` must be an 3050 * environment pushed by `JSOp::BindGName`. 3051 * 3052 * Category: Variables and scopes 3053 * Type: Setting binding values 3054 * Operands: uint32_t nameIndex 3055 * Stack: env, val => val 3056 */ \ 3057 MACRO(SetGName, set_g_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_GNAME|JOF_CHECKSLOPPY|JOF_IC) \ 3058 /* 3059 * Like `JSOp::StrictSetGName`, but for assigning to globals. `env` must be 3060 * an environment pushed by `JSOp::BindGName`. 3061 * 3062 * Category: Variables and scopes 3063 * Type: Setting binding values 3064 * Operands: uint32_t nameIndex 3065 * Stack: env, val => val 3066 */ \ 3067 MACRO(StrictSetGName, strict_set_g_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_GNAME|JOF_CHECKSTRICT|JOF_IC) \ 3068 /* 3069 * Assign `val` to an argument binding that's stored in the stack frame or 3070 * in an `ArgumentsObject`. 3071 * 3072 * Category: Variables and scopes 3073 * Type: Setting binding values 3074 * Operands: uint16_t argno 3075 * Stack: val => val 3076 */ \ 3077 MACRO(SetArg, set_arg, NULL, 3, 1, 1, JOF_QARG|JOF_NAME) \ 3078 /* 3079 * Assign to an optimized local binding. 3080 * 3081 * Category: Variables and scopes 3082 * Type: Setting binding values 3083 * Operands: uint24_t localno 3084 * Stack: v => v 3085 */ \ 3086 MACRO(SetLocal, set_local, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 3087 /* 3088 * Assign to an aliased binding. 3089 * 3090 * Implements: [SetMutableBinding for declarative Environment Records][1], 3091 * in certain cases where it's known that the binding exists, is mutable, 3092 * and has been initialized. 3093 * 3094 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-setmutablebinding-n-v-s 3095 * 3096 * Category: Variables and scopes 3097 * Type: Setting binding values 3098 * Operands: uint8_t hops, uint24_t slot 3099 * Stack: val => val 3100 */ \ 3101 MACRO(SetAliasedVar, set_aliased_var, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME|JOF_PROPSET) \ 3102 /* 3103 * Assign to an intrinsic. 3104 * 3105 * Nonstandard. Intrinsics are used in lieu of global bindings in self- 3106 * hosted code. The value is actually stored in the intrinsics holder 3107 * object, `GlobalObject::getIntrinsicsHolder`. (Self-hosted code doesn't 3108 * have many global `var`s, but it has many `function`s.) 3109 * 3110 * Category: Variables and scopes 3111 * Type: Setting binding values 3112 * Operands: uint32_t nameIndex 3113 * Stack: val => val 3114 */ \ 3115 MACRO(SetIntrinsic, set_intrinsic, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME) \ 3116 /* 3117 * Push a lexical environment onto the environment chain. 3118 * 3119 * The `LexicalScope` indicated by `lexicalScopeIndex` determines the shape 3120 * of the new `LexicalEnvironmentObject`. All bindings in the new 3121 * environment are marked as uninitialized. 3122 * 3123 * Implements: [Evaluation of *Block*][1], steps 1-4. 3124 * 3125 * #### Fine print for environment chain instructions 3126 * 3127 * The following rules for `JSOp::{Push,Pop}LexicalEnv` also apply to 3128 * `JSOp::PushVarEnv` and `JSOp::{Enter,Leave}With`. 3129 * 3130 * Each `JSOp::PopLexicalEnv` instruction matches a particular 3131 * `JSOp::PushLexicalEnv` instruction in the same script and must have the 3132 * same scope and stack depth as the instruction immediately after that 3133 * `PushLexicalEnv`. 3134 * 3135 * `JSOp::PushLexicalEnv` enters a scope that extends to some set of 3136 * instructions in the script. Code must not jump into or out of this 3137 * region: control can enter only by executing `PushLexicalEnv` and can 3138 * exit only by executing a `PopLexicalEnv` or by exception unwinding. (A 3139 * `JSOp::PopLexicalEnv` is always emitted at the end of the block, and 3140 * extra copies are emitted on "exit slides", where a `break`, `continue`, 3141 * or `return` statement exits the scope.) 3142 * 3143 * The script's `JSScript::scopeNotes()` must identify exactly which 3144 * instructions begin executing in this scope. Typically this means a 3145 * single entry marking the contiguous chunk of bytecode from the 3146 * instruction after `JSOp::PushLexicalEnv` to `JSOp::PopLexicalEnv` 3147 * (inclusive); but if that range contains any instructions on exit slides, 3148 * after a `JSOp::PopLexicalEnv`, then those must be correctly noted as 3149 * *outside* the scope. 3150 * 3151 * [1]: https://tc39.es/ecma262/#sec-block-runtime-semantics-evaluation 3152 * 3153 * Category: Variables and scopes 3154 * Type: Entering and leaving environments 3155 * Operands: uint32_t lexicalScopeIndex 3156 * Stack: => 3157 */ \ 3158 MACRO(PushLexicalEnv, push_lexical_env, NULL, 5, 0, 0, JOF_SCOPE) \ 3159 /* 3160 * Pop a lexical environment from the environment chain. 3161 * 3162 * See `JSOp::PushLexicalEnv` for the fine print. 3163 * 3164 * Category: Variables and scopes 3165 * Type: Entering and leaving environments 3166 * Operands: 3167 * Stack: => 3168 */ \ 3169 MACRO(PopLexicalEnv, pop_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3170 /* 3171 * No-op instruction that indicates leaving an optimized lexical scope. 3172 * 3173 * If all bindings in a lexical scope are optimized into stack slots, then 3174 * the runtime environment objects for that scope are optimized away. No 3175 * `JSOp::{Push,Pop}LexicalEnv` instructions are emitted. However, the 3176 * debugger still needs to be notified when control exits a scope; that's 3177 * what this instruction does. 3178 * 3179 * The last instruction in a lexical scope, as indicated by scope notes, 3180 * must be either this instruction (if the scope is optimized) or 3181 * `JSOp::PopLexicalEnv` (if not). 3182 * 3183 * Category: Variables and scopes 3184 * Type: Entering and leaving environments 3185 * Operands: 3186 * Stack: => 3187 */ \ 3188 MACRO(DebugLeaveLexicalEnv, debug_leave_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3189 /* 3190 * Recreate the current block on the environment chain with a fresh block 3191 * with uninitialized bindings. This implements the behavior of inducing a 3192 * fresh lexical environment for every iteration of a for-in/of loop whose 3193 * loop-head has a (captured) lexical declaration. 3194 * 3195 * The current environment must be a LexicalEnvironmentObject. 3196 * 3197 * Category: Variables and scopes 3198 * Type: Entering and leaving environments 3199 * Operands: 3200 * Stack: => 3201 */ \ 3202 MACRO(RecreateLexicalEnv, recreate_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3203 /* 3204 * Replace the current block on the environment chain with a fresh block 3205 * that copies all the bindings in the block. This implements the behavior 3206 * of inducing a fresh lexical environment for every iteration of a 3207 * `for(let ...; ...; ...)` loop, if any declarations induced by such a 3208 * loop are captured within the loop. 3209 * 3210 * The current environment must be a LexicalEnvironmentObject. 3211 * 3212 * Category: Variables and scopes 3213 * Type: Entering and leaving environments 3214 * Operands: 3215 * Stack: => 3216 */ \ 3217 MACRO(FreshenLexicalEnv, freshen_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3218 /* 3219 * Push a var environment onto the environment chain. 3220 * 3221 * Like `JSOp::PushLexicalEnv`, but pushes a `VarEnvironmentObject` rather 3222 * than a `LexicalEnvironmentObject`. The difference is that non-strict 3223 * direct `eval` can add bindings to a var environment; see `VarScope` in 3224 * Scope.h. 3225 * 3226 * See `JSOp::PushLexicalEnv` for the fine print. 3227 * 3228 * There is no corresponding `JSOp::PopVarEnv` operation, because a 3229 * `VarEnvironmentObject` is never popped from the environment chain. 3230 * 3231 * Implements: Places in the spec where the VariableEnvironment is set: 3232 * 3233 * - The bit in [PerformEval][1] where, in strict direct eval, the new 3234 * eval scope is taken as *varEnv* and becomes "*runningContext*'s 3235 * VariableEnvironment". 3236 * 3237 * - The weird scoping rules for functions with default parameter 3238 * expressions, as specified in [FunctionDeclarationInstantiation][2] 3239 * step 28 ("NOTE: A separate Environment Record is needed..."). 3240 * 3241 * Note: The spec also pushes a new VariableEnvironment on entry to every 3242 * function, but the VM takes care of that as part of pushing the stack 3243 * frame, before the function script starts to run, so `JSOp::PushVarEnv` is 3244 * not needed. 3245 * 3246 * [1]: https://tc39.es/ecma262/#sec-performeval 3247 * [2]: https://tc39.es/ecma262/#sec-functiondeclarationinstantiation 3248 * 3249 * Category: Variables and scopes 3250 * Type: Entering and leaving environments 3251 * Operands: uint32_t scopeIndex 3252 * Stack: => 3253 */ \ 3254 MACRO(PushVarEnv, push_var_env, NULL, 5, 0, 0, JOF_SCOPE) \ 3255 /* 3256 * Push a `WithEnvironmentObject` wrapping ToObject(`val`) to the 3257 * environment chain. 3258 * 3259 * Implements: [Evaluation of `with` statements][1], steps 2-6. 3260 * 3261 * Operations that may need to consult a WithEnvironment can't be correctly 3262 * implemented using optimized instructions like `JSOp::GetLocal`. A script 3263 * must use the deoptimized `JSOp::GetName`, `BindName`, `SetName`, and 3264 * `DelName` instead. Since those instructions don't work correctly with 3265 * optimized locals and arguments, all bindings in scopes enclosing a 3266 * `with` statement are marked as "aliased" and deoptimized too. 3267 * 3268 * See `JSOp::PushLexicalEnv` for the fine print. 3269 * 3270 * [1]: https://tc39.es/ecma262/#sec-with-statement-runtime-semantics-evaluation 3271 * 3272 * Category: Variables and scopes 3273 * Type: Entering and leaving environments 3274 * Operands: uint32_t staticWithIndex 3275 * Stack: val => 3276 */ \ 3277 MACRO(EnterWith, enter_with, NULL, 5, 1, 0, JOF_SCOPE) \ 3278 /* 3279 * Pop a `WithEnvironmentObject` from the environment chain. 3280 * 3281 * See `JSOp::PushLexicalEnv` for the fine print. 3282 * 3283 * Implements: [Evaluation of `with` statements][1], step 8. 3284 * 3285 * [1]: https://tc39.es/ecma262/#sec-with-statement-runtime-semantics-evaluation 3286 * 3287 * Category: Variables and scopes 3288 * Type: Entering and leaving environments 3289 * Operands: 3290 * Stack: => 3291 */ \ 3292 MACRO(LeaveWith, leave_with, NULL, 1, 0, 0, JOF_BYTE) \ 3293 /* 3294 * Push the current VariableEnvironment (the environment on the environment 3295 * chain designated to receive new variables). 3296 * 3297 * Implements: [Annex B.3.3.1, changes to FunctionDeclarationInstantiation 3298 * for block-level functions][1], step 1.a.ii.3.a, and similar steps in 3299 * other Annex B.3.3 algorithms, when setting the function's second binding 3300 * can't be optimized. 3301 * 3302 * [1]: https://tc39.es/ecma262/#sec-web-compat-functiondeclarationinstantiation 3303 * 3304 * Category: Variables and scopes 3305 * Type: Creating and deleting bindings 3306 * Operands: 3307 * Stack: => env 3308 */ \ 3309 MACRO(BindVar, bind_var, NULL, 1, 0, 1, JOF_BYTE) \ 3310 /* 3311 * Create a new binding on the current VariableEnvironment (the environment 3312 * on the environment chain designated to receive new variables). 3313 * 3314 * `JSOp::Def{Var,Let,Const,Fun}` instructions must appear in the script 3315 * before anything else that might add bindings to the environment, and 3316 * only once per binding. There must be a correct entry for the new binding 3317 * in `script->bodyScope()`. (All this ensures that at run time, there is 3318 * no existing conflicting binding. This is checked by the 3319 * `JSOp::CheckGlobalOrEvalDecl` bytecode instruction that must appear 3320 * before `JSOp::Def{Var,Let,Const,Fun}`.) 3321 * 3322 * Throw a SyntaxError if the current VariableEnvironment is the global 3323 * environment and a binding with the same name exists on the global 3324 * lexical environment. 3325 * 3326 * This is used for global scripts and also in some cases for function 3327 * scripts where use of dynamic scoping inhibits optimization. 3328 * 3329 * Category: Variables and scopes 3330 * Type: Creating and deleting bindings 3331 * Operands: uint32_t nameIndex 3332 * Stack: => 3333 */ \ 3334 MACRO(DefVar, def_var, NULL, 5, 0, 0, JOF_ATOM) \ 3335 /* 3336 * Create a new binding for the given function on the current scope. 3337 * 3338 * `fun` must be a function object with an explicit name. The new 3339 * variable's name is `fun->explicitName()`, and its value is `fun`. In 3340 * global scope, this creates a new property on the global object. 3341 * 3342 * Implements: The body of the loop in [GlobalDeclarationInstantiation][1] 3343 * step 17 ("For each Parse Node *f* in *functionsToInitialize*...") and 3344 * the corresponding loop in [EvalDeclarationInstantiation][2]. 3345 * 3346 * [1]: https://tc39.es/ecma262/#sec-globaldeclarationinstantiation 3347 * [2]: https://tc39.es/ecma262/#sec-evaldeclarationinstantiation 3348 * 3349 * Category: Variables and scopes 3350 * Type: Creating and deleting bindings 3351 * Operands: 3352 * Stack: fun => 3353 */ \ 3354 MACRO(DefFun, def_fun, NULL, 1, 1, 0, JOF_BYTE) \ 3355 /* 3356 * Create a new uninitialized mutable binding in the global lexical 3357 * environment. Throw a SyntaxError if a binding with the same name already 3358 * exists on that environment, or if a var binding with the same name 3359 * exists on the global. 3360 * 3361 * Category: Variables and scopes 3362 * Type: Creating and deleting bindings 3363 * Operands: uint32_t nameIndex 3364 * Stack: => 3365 */ \ 3366 MACRO(DefLet, def_let, NULL, 5, 0, 0, JOF_ATOM) \ 3367 /* 3368 * Like `DefLet`, but create an uninitialized constant binding. 3369 * 3370 * Category: Variables and scopes 3371 * Type: Creating and deleting bindings 3372 * Operands: uint32_t nameIndex 3373 * Stack: => 3374 */ \ 3375 MACRO(DefConst, def_const, NULL, 5, 0, 0, JOF_ATOM) \ 3376 /* 3377 * Check for conflicting bindings before `JSOp::Def{Var,Let,Const,Fun}` in 3378 * global or sloppy eval scripts. 3379 * 3380 * Implements: [GlobalDeclarationInstantiation][1] steps 5, 6, 10 and 12, 3381 * and [EvalDeclarationInstantiation][2] steps 5 and 8. 3382 * 3383 * [1]: https://tc39.es/ecma262/#sec-globaldeclarationinstantiation 3384 * [2]: https://tc39.es/ecma262/#sec-evaldeclarationinstantiation 3385 * 3386 * Category: Variables and scopes 3387 * Type: Creating and deleting bindings 3388 * Operands: 3389 * Stack: => 3390 */ \ 3391 MACRO(CheckGlobalOrEvalDecl, check_global_or_eval_decl, NULL, 1, 0, 0, JOF_BYTE) \ 3392 /* 3393 * Look up a variable on the environment chain and delete it. Push `true` 3394 * on success (if a binding was deleted, or if no such binding existed in 3395 * the first place), `false` otherwise (most kinds of bindings can't be 3396 * deleted). 3397 * 3398 * Implements: [`delete` *Identifier*][1], which [is a SyntaxError][2] in 3399 * strict mode code. 3400 * 3401 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 3402 * [2]: https://tc39.es/ecma262/#sec-delete-operator-static-semantics-early-errors 3403 * 3404 * Category: Variables and scopes 3405 * Type: Creating and deleting bindings 3406 * Operands: uint32_t nameIndex 3407 * Stack: => succeeded 3408 */ \ 3409 MACRO(DelName, del_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_CHECKSLOPPY) \ 3410 /* 3411 * Create and push the `arguments` object for the current function activation. 3412 * 3413 * When it exists, `arguments` is stored in an ordinary local variable. 3414 * `JSOp::Arguments` is used in function preludes, to populate that variable 3415 * before the function body runs, *not* each time `arguments` appears in a 3416 * function. 3417 * 3418 * If a function clearly doesn't use `arguments`, we optimize it away when 3419 * emitting bytecode. The function's script won't use `JSOp::Arguments` at 3420 * all. 3421 * 3422 * The current script must be a function script. This instruction must 3423 * execute at most once per function activation. 3424 * 3425 * #### Optimized arguments 3426 * 3427 * If `script->needsArgsObj()` is false, no ArgumentsObject is created. 3428 * Instead, `MagicValue(JS_OPTIMIZED_ARGUMENTS)` is pushed. 3429 * 3430 * This optimization imposes no restrictions on bytecode. Rather, 3431 * `js::jit::AnalyzeArgumentsUsage` examines the bytecode and enables the 3432 * optimization only if all uses of `arguments` are optimizable. Each 3433 * execution engine must know what the analysis considers optimizable and 3434 * cope with the magic value when it is used in those ways. 3435 * 3436 * Example 1: `arguments[0]` is supported; therefore the interpreter's 3437 * implementation of `JSOp::GetElem` checks for optimized arguments (see 3438 * `GetElemOptimizedArguments`). 3439 * 3440 * Example 2: `f.apply(this, arguments)` is supported; therefore our 3441 * implementation of `Function.prototype.apply` checks for optimized 3442 * arguments (`see js::fun_apply`), and all `JSOp::FunApply` implementations 3443 * must check for cases where `f.apply` turns out to be any other function 3444 * (see `GuardFunApplyArgumentsOptimization`). 3445 * 3446 * It's not documented anywhere exactly which opcodes support 3447 * `JS_OPTIMIZED_ARGUMENTS`; see the source of `AnalyzeArgumentsUsage`. 3448 * 3449 * Category: Variables and scopes 3450 * Type: Function environment setup 3451 * Operands: 3452 * Stack: => arguments 3453 */ \ 3454 MACRO(Arguments, arguments, NULL, 1, 0, 1, JOF_BYTE) \ 3455 /* 3456 * Create and push the rest parameter array for current function call. 3457 * 3458 * This must appear only in a script for a function that has a rest 3459 * parameter. 3460 * 3461 * Category: Variables and scopes 3462 * Type: Function environment setup 3463 * Operands: 3464 * Stack: => rest 3465 */ \ 3466 MACRO(Rest, rest, NULL, 1, 0, 1, JOF_BYTE|JOF_TYPESET|JOF_IC) \ 3467 /* 3468 * Determines the `this` value for current function frame and pushes it 3469 * onto the stack. 3470 * 3471 * In functions, `this` is stored in a local variable. This instruction is 3472 * used in the function prologue to get the value to initialize that 3473 * variable. (This doesn't apply to arrow functions, becauses they don't 3474 * have a `this` binding; also, `this` is optimized away if it's unused.) 3475 * 3476 * Functions that have a `this` binding have a local variable named 3477 * `".this"`, which is initialized using this instruction in the function 3478 * prologue. 3479 * 3480 * In non-strict functions, `this` is always an object. Undefined/null 3481 * `this` is converted into the global `this` value. Other primitive values 3482 * are boxed. See `js::BoxNonStrictThis`. 3483 * 3484 * Category: Variables and scopes 3485 * Type: Function environment setup 3486 * Operands: 3487 * Stack: => this 3488 */ \ 3489 MACRO(FunctionThis, function_this, NULL, 1, 0, 1, JOF_BYTE) \ 3490 /* 3491 * Pop the top value from the stack and discard it. 3492 * 3493 * Category: Stack operations 3494 * Operands: 3495 * Stack: v => 3496 */ \ 3497 MACRO(Pop, pop, NULL, 1, 1, 0, JOF_BYTE) \ 3498 /* 3499 * Pop the top `n` values from the stack. `n` must be <= the current stack 3500 * depth. 3501 * 3502 * Category: Stack operations 3503 * Operands: uint16_t n 3504 * Stack: v[n-1], ..., v[1], v[0] => 3505 */ \ 3506 MACRO(PopN, pop_n, NULL, 3, -1, 0, JOF_UINT16) \ 3507 /* 3508 * Push a copy of the top value on the stack. 3509 * 3510 * Category: Stack operations 3511 * Operands: 3512 * Stack: v => v, v 3513 */ \ 3514 MACRO(Dup, dup, NULL, 1, 1, 2, JOF_BYTE) \ 3515 /* 3516 * Duplicate the top two values on the stack. 3517 * 3518 * Category: Stack operations 3519 * Operands: 3520 * Stack: v1, v2 => v1, v2, v1, v2 3521 */ \ 3522 MACRO(Dup2, dup2, NULL, 1, 2, 4, JOF_BYTE) \ 3523 /* 3524 * Push a copy of the nth value from the top of the stack. 3525 * 3526 * `n` must be less than the current stack depth. 3527 * 3528 * Category: Stack operations 3529 * Operands: uint24_t n 3530 * Stack: v[n], v[n-1], ..., v[1], v[0] => 3531 * v[n], v[n-1], ..., v[1], v[0], v[n] 3532 */ \ 3533 MACRO(DupAt, dup_at, NULL, 4, 0, 1, JOF_UINT24) \ 3534 /* 3535 * Swap the top two values on the stack. 3536 * 3537 * Category: Stack operations 3538 * Operands: 3539 * Stack: v1, v2 => v2, v1 3540 */ \ 3541 MACRO(Swap, swap, NULL, 1, 2, 2, JOF_BYTE) \ 3542 /* 3543 * Pick the nth element from the stack and move it to the top of the stack. 3544 * 3545 * Category: Stack operations 3546 * Operands: uint8_t n 3547 * Stack: v[n], v[n-1], ..., v[1], v[0] => v[n-1], ..., v[1], v[0], v[n] 3548 */ \ 3549 MACRO(Pick, pick, NULL, 2, 0, 0, JOF_UINT8) \ 3550 /* 3551 * Move the top of the stack value under the `n`th element of the stack. 3552 * `n` must not be 0. 3553 * 3554 * Category: Stack operations 3555 * Operands: uint8_t n 3556 * Stack: v[n], v[n-1], ..., v[1], v[0] => v[0], v[n], v[n-1], ..., v[1] 3557 */ \ 3558 MACRO(Unpick, unpick, NULL, 2, 0, 0, JOF_UINT8) \ 3559 /* 3560 * Do nothing. This is used when we need distinct bytecode locations for 3561 * various mechanisms. 3562 * 3563 * Category: Other 3564 * Operands: 3565 * Stack: => 3566 */ \ 3567 MACRO(Nop, nop, NULL, 1, 0, 0, JOF_BYTE) \ 3568 /* 3569 * No-op instruction emitted immediately after `JSOp::*Eval` so that direct 3570 * eval does not have to do slow pc-to-line mapping. 3571 * 3572 * The `lineno` operand should agree with this script's source notes about 3573 * the line number of the preceding `*Eval` instruction. 3574 * 3575 * Category: Other 3576 * Operands: uint32_t lineno 3577 * Stack: => 3578 */ \ 3579 MACRO(Lineno, lineno, NULL, 5, 0, 0, JOF_UINT32) \ 3580 /* 3581 * No-op instruction to hint that the top stack value is uninteresting. 3582 * 3583 * This affects only debug output and some error messages. 3584 * In array destructuring, we emit bytecode that is roughly equivalent to 3585 * `result.done ? undefined : result.value`. 3586 * `NopDestructuring` is emitted after the `undefined`, so that the 3587 * expression decompiler and disassembler know to casually ignore the 3588 * possibility of `undefined`, and render the result of the conditional 3589 * expression simply as "`result.value`". 3590 * 3591 * Category: Other 3592 * Operands: 3593 * Stack: => 3594 */ \ 3595 MACRO(NopDestructuring, nop_destructuring, NULL, 1, 0, 0, JOF_BYTE) \ 3596 /* 3597 * No-op instruction only emitted in some self-hosted functions. Not 3598 * handled by the JITs or Baseline Interpreter so the script always runs in 3599 * the C++ interpreter. 3600 * 3601 * Category: Other 3602 * Operands: 3603 * Stack: => 3604 */ \ 3605 MACRO(ForceInterpreter, force_interpreter, NULL, 1, 0, 0, JOF_BYTE) \ 3606 /* 3607 * Examine the top stack value, asserting that it's either a self-hosted 3608 * function or a self-hosted intrinsic. This does nothing in a non-debug 3609 * build. 3610 * 3611 * Category: Other 3612 * Operands: 3613 * Stack: checkVal => checkVal 3614 */ \ 3615 MACRO(DebugCheckSelfHosted, debug_check_self_hosted, NULL, 1, 1, 1, JOF_BYTE) \ 3616 /* 3617 * Push a boolean indicating if instrumentation is active. 3618 * 3619 * Category: Other 3620 * Operands: 3621 * Stack: => val 3622 */ \ 3623 MACRO(InstrumentationActive, instrumentation_active, NULL, 1, 0, 1, JOF_BYTE) \ 3624 /* 3625 * Push the instrumentation callback for the current realm. 3626 * 3627 * Category: Other 3628 * Operands: 3629 * Stack: => val 3630 */ \ 3631 MACRO(InstrumentationCallback, instrumentation_callback, NULL, 1, 0, 1, JOF_BYTE) \ 3632 /* 3633 * Push the current script's instrumentation ID. 3634 * 3635 * Category: Other 3636 * Operands: 3637 * Stack: => val 3638 */ \ 3639 MACRO(InstrumentationScriptId, instrumentation_script_id, NULL, 1, 0, 1, JOF_BYTE) \ 3640 /* 3641 * Break in the debugger, if one is attached. Otherwise this is a no-op. 3642 * 3643 * The [`Debugger` API][1] offers a way to hook into this instruction. 3644 * 3645 * Implements: [Evaluation for *DebuggerStatement*][2]. 3646 * 3647 * [1]: https://developer.mozilla.org/en-US/docs/Tools/Debugger-API/Debugger 3648 * [2]: https://tc39.es/ecma262/#sec-debugger-statement-runtime-semantics-evaluation 3649 * 3650 * Category: Other 3651 * Operands: 3652 * Stack: => 3653 */ \ 3654 MACRO(Debugger, debugger, NULL, 1, 0, 0, JOF_BYTE) 3655 3656 // clang-format on 3657 3658 /* 3659 * In certain circumstances it may be useful to "pad out" the opcode space to 3660 * a power of two. Use this macro to do so. 3661 */ 3662 #define FOR_EACH_TRAILING_UNUSED_OPCODE(MACRO) \ 3663 MACRO(237) \ 3664 MACRO(238) \ 3665 MACRO(239) \ 3666 MACRO(240) \ 3667 MACRO(241) \ 3668 MACRO(242) \ 3669 MACRO(243) \ 3670 MACRO(244) \ 3671 MACRO(245) \ 3672 MACRO(246) \ 3673 MACRO(247) \ 3674 MACRO(248) \ 3675 MACRO(249) \ 3676 MACRO(250) \ 3677 MACRO(251) \ 3678 MACRO(252) \ 3679 MACRO(253) \ 3680 MACRO(254) \ 3681 MACRO(255) 3682 3683 namespace js { 3684 3685 // Sanity check that opcode values and trailing unused opcodes completely cover 3686 // the [0, 256) range. Avert your eyes! You don't want to know how the 3687 // sausage gets made. 3688 3689 // clang-format off 3690 #define PLUS_ONE(...) \ 3691 + 1 3692 constexpr int JSOP_LIMIT = 0 FOR_EACH_OPCODE(PLUS_ONE); 3693 #undef PLUS_ONE 3694 3695 #define TRAILING_VALUE_AND_VALUE_PLUS_ONE(val) \ 3696 val) && (val + 1 == 3697 static_assert((JSOP_LIMIT == 3698 FOR_EACH_TRAILING_UNUSED_OPCODE(TRAILING_VALUE_AND_VALUE_PLUS_ONE) 3699 256), 3700 "trailing unused opcode values monotonically increase " 3701 "from JSOP_LIMIT to 255"); 3702 #undef TRAILING_VALUE_AND_VALUE_PLUS_ONE 3703 // clang-format on 3704 3705 // Define JSOpLength_* constants for all ops. 3706 #define DEFINE_LENGTH_CONSTANT(op, op_snake, image, len, ...) \ 3707 constexpr size_t JSOpLength_##op = len; 3708 FOR_EACH_OPCODE(DEFINE_LENGTH_CONSTANT) 3709 #undef DEFINE_LENGTH_CONSTANT 3710 3711 } // namespace js 3712 3713 #endif // vm_Opcodes_h 3714