1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- 2 * vim: set ts=8 sw=2 et tw=0 ft=c: 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef vm_Opcodes_h 9 #define vm_Opcodes_h 10 11 #include <stddef.h> 12 13 #include "vm/WellKnownAtom.h" // js_*_str 14 15 // clang-format off 16 /* 17 * [SMDOC] Bytecode Definitions 18 * 19 * SpiderMonkey bytecode instructions. 20 * 21 * To use this header, define a macro of the form: 22 * 23 * #define MACRO(op, op_snake, token, length, nuses, ndefs, format) ... 24 * 25 * Then `FOR_EACH_OPCODE(MACRO)` invokes `MACRO` for every opcode. 26 * 27 * Field Description 28 * ----- ----------- 29 * op UpperCamelCase form of opcode id 30 * op_snake snake_case form of opcode id 31 * token Pretty-printer string, or null if ugly 32 * length Number of bytes including any immediate operands 33 * nuses Number of stack slots consumed by bytecode, -1 if variadic 34 * ndefs Number of stack slots produced by bytecode 35 * format JOF_ flags describing instruction operand layout, etc. 36 * 37 * For more about `format`, see the comments on the `JOF_` constants defined in 38 * BytecodeUtil.h. 39 * 40 * 41 * [SMDOC] Bytecode Invariants 42 * 43 * Creating scripts that do not follow the rules can lead to undefined 44 * behavior. Bytecode has many consumers, not just the interpreter: JITs, 45 * analyses, the debugger. That's why the rules below apply even to code that 46 * can't be reached in ordinary execution (such as code after an infinite loop 47 * or inside an `if (false)` block). 48 * 49 * The `code()` of a script must be a packed (not aligned) sequence of valid 50 * instructions from start to end. Each instruction has a single byte opcode 51 * followed by a number of operand bytes based on the opcode. 52 * 53 * ## Jump instructions 54 * 55 * Operands named `offset`, `forwardOffset`, or `defaultOffset` are jump 56 * offsets, the distance in bytes from the start of the current instruction to 57 * the start of another instruction in the same script. Operands named 58 * `forwardOffset` or `defaultOffset` must be positive. 59 * 60 * Forward jumps must jump to a `JSOp::JumpTarget` instruction. Backward jumps, 61 * indicated by negative offsets, must jump to a `JSOp::LoopHead` instruction. 62 * Jump offsets can't be zero. 63 * 64 * Needless to say, scripts must not contain overlapping instruction sequences 65 * (in the sense of <https://en.wikipedia.org/wiki/Overlapping_gene>). 66 * 67 * A script's `trynotes` and `scopeNotes` impose further constraints. Each try 68 * note and each scope note marks a region of the bytecode where some invariant 69 * holds, or some cleanup behavior is needed--that there's a for-in iterator in 70 * a particular stack slot, for instance, which must be closed on error. All 71 * paths into the span must establish that invariant. In practice, this means 72 * other code never jumps into the span: the only way in is to execute the 73 * bytecode instruction that sets up the invariant (in our example, 74 * `JSOp::Iter`). 75 * 76 * If a script's `trynotes` (see "Try Notes" in JSScript.h) contain a 77 * `JSTRY_CATCH` or `JSTRY_FINALLY` span, there must be a `JSOp::Try` 78 * instruction immediately before the span and a `JSOp::JumpTarget immediately 79 * after it. Instructions must not jump to this `JSOp::JumpTarget`. (The VM puts 80 * us there on exception.) Furthermore, the instruction sequence immediately 81 * following a `JSTRY_CATCH` span must read `JumpTarget; Exception` or, in 82 * non-function scripts, `JumpTarget; Undefined; SetRval; Exception`. (These 83 * instructions run with an exception pending; other instructions aren't 84 * designed to handle that.) 85 * 86 * Unreachable instructions are allowed, but they have to follow all the rules. 87 * 88 * Control must not reach the end of a script. (Currently, the last instruction 89 * is always JSOp::RetRval.) 90 * 91 * ## Other operands 92 * 93 * Operands named `nameIndex` or `atomIndex` (which appear on instructions that 94 * have `JOF_ATOM` in the `format` field) must be valid indexes into 95 * `script->atoms()`. 96 * 97 * Operands named `argc` (`JOF_ARGC`) are argument counts for call 98 * instructions. `argc` must be small enough that the instruction's nuses is <= 99 * the current stack depth (see "Stack depth" below). 100 * 101 * Operands named `argno` (`JOF_QARG`) refer to an argument of the current 102 * function. `argno` must be in the range `0..script->function()->nargs()`. 103 * Instructions with these operands must appear only in function scripts. 104 * 105 * Operands named `localno` (`JOF_LOCAL`) refer to a local variable stored in 106 * the stack frame. `localno` must be in the range `0..script->nfixed()`. 107 * 108 * Operands named `resumeIndex` (`JOF_RESUMEINDEX`) refer to a resume point in 109 * the current script. `resumeIndex` must be a valid index into 110 * `script->resumeOffsets()`. 111 * 112 * Operands named `hops` and `slot` (`JOF_ENVCOORD`) refer a slot in an 113 * `EnvironmentObject`. At run time, they must point to a fixed slot in an 114 * object on the current environment chain. See `EnvironmentCoordinates`. 115 * 116 * Operands with the following names must be valid indexes into 117 * `script->gcthings()`, and the pointer in the vector must point to the right 118 * type of thing: 119 * 120 * - `objectIndex` (`JOF_OBJECT`): `PlainObject*` or `ArrayObject*` 121 * - `baseobjIndex` (`JOF_OBJECT`): `PlainObject*` 122 * - `funcIndex` (`JOF_OBJECT`): `JSFunction*` 123 * - `regexpIndex` (`JOF_REGEXP`): `RegExpObject*` 124 * - `scopeIndex` (`JOF_SCOPE`): `Scope*` 125 * - `lexicalScopeIndex` (`JOF_SCOPE`): `LexicalScope*` 126 * - `classBodyScopeIndex` (`JOF_SCOPE`): `ClassBodyScope*` 127 * - `withScopeIndex` (`JOF_SCOPE`): `WithScope*` 128 * - `bigIntIndex` (`JOF_BIGINT`): `BigInt*` 129 * 130 * Operands named `icIndex` (`JOF_ICINDEX`) must be exactly the number of 131 * preceding instructions in the script that have the JOF_IC flag. 132 * (Rationale: Each JOF_IC instruction has a unique entry in 133 * `script->jitScript()->icEntries()`. At run time, in the bytecode 134 * interpreter, we have to find that entry. We could store the IC index as an 135 * operand to each JOF_IC instruction, but it's more memory-efficient to use a 136 * counter and reset the counter to `icIndex` after each jump.) 137 * 138 * ## Stack depth 139 * 140 * Each instruction has a compile-time stack depth, the number of values on the 141 * interpreter stack just before executing the instruction. It isn't explicitly 142 * present in the bytecode itself, but (for reachable instructions, anyway) 143 * it's a function of the bytecode. 144 * 145 * - The first instruction has stack depth 0. 146 * 147 * - Each successor of an instruction X has a stack depth equal to 148 * 149 * X's stack depth - `js::StackUses(X)` + `js::StackDefs(X)` 150 * 151 * except for `JSOp::Case` (below). 152 * 153 * X's "successors" are: the next instruction in the script, if 154 * `js::FlowsIntoNext(op)` is true for X's opcode; one or more 155 * `JSOp::JumpTarget`s elsewhere, if X is a forward jump or 156 * `JSOp::TableSwitch`; and/or a `JSOp::LoopHead` if it's a backward jump. 157 * 158 * - `JSOp::Case` is a special case because its stack behavior is eccentric. 159 * The formula above is correct for the next instruction. The jump target 160 * has a stack depth that is 1 less. 161 * 162 * - See `JSOp::Gosub` for another special case. 163 * 164 * - The `JSOp::JumpTarget` instruction immediately following a `JSTRY_CATCH` 165 * or `JSTRY_FINALLY` span has the same stack depth as the `JSOp::Try` 166 * instruction that precedes the span. 167 * 168 * Every instruction covered by the `JSTRY_CATCH` or `JSTRY_FINALLY` span 169 * must have a stack depth >= that value, so that error recovery is 170 * guaranteed to find enough values on the stack to resume there. 171 * 172 * - `script->nslots() - script->nfixed()` must be >= the maximum stack 173 * depth of any instruction in `script`. (The stack frame must be big 174 * enough to run the code.) 175 * 176 * `BytecodeParser::parse()` computes stack depths for every reachable 177 * instruction in a script. 178 * 179 * ## Scopes and environments 180 * 181 * As with stack depth, each instruction has a static scope, which is a 182 * compile-time characterization of the eventual run-time environment chain 183 * when that instruction executes. Just as every instruction has a stack budget 184 * (nuses/ndefs), every instruction either pushes a scope, pops a scope, or 185 * neither. The same successor relation applies as above. 186 * 187 * Every scope used in a script is stored in the `JSScript::gcthings()` vector. 188 * They can be accessed using `getScope(index)` if you know what `index` to 189 * pass. 190 * 191 * The scope of every instruction (that's reachable via the successor relation) 192 * is given in two independent ways: by the bytecode itself and by the scope 193 * notes. The two sources must agree. 194 * 195 * ## Further rules 196 * 197 * All reachable instructions must be reachable without taking any backward 198 * edges. 199 * 200 * Instructions with the `JOF_CHECKSLOPPY` flag must not be used in strict mode 201 * code. `JOF_CHECKSTRICT` instructions must not be used in nonstrict code. 202 * 203 * Many instructions have their own additional rules. These are documented on 204 * the various opcodes below (look for the word "must"). 205 */ 206 // clang-format on 207 208 // clang-format off 209 /* 210 * SpiderMonkey bytecode categorization (as used in generated documentation): 211 * 212 * [Index] 213 * [Constants] 214 * [Expressions] 215 * Unary operators 216 * Binary operators 217 * Conversions 218 * Other expressions 219 * [Objects] 220 * Creating objects 221 * Defining properties 222 * Accessing properties 223 * Super 224 * Enumeration 225 * Iteration 226 * SetPrototype 227 * Array literals 228 * RegExp literals 229 * Built-in objects 230 * [Functions] 231 * Creating functions 232 * Creating constructors 233 * Calls 234 * Generators and async functions 235 * [Control flow] 236 * Jump targets 237 * Jumps 238 * Return 239 * Exceptions 240 * [Variables and scopes] 241 * Initialization 242 * Looking up bindings 243 * Getting binding values 244 * Setting binding values 245 * Entering and leaving environments 246 * Creating and deleting bindings 247 * Function environment setup 248 * [Stack operations] 249 * [Other] 250 */ 251 // clang-format on 252 253 // clang-format off 254 #define FOR_EACH_OPCODE(MACRO) \ 255 /* 256 * Push `undefined`. 257 * 258 * Category: Constants 259 * Operands: 260 * Stack: => undefined 261 */ \ 262 MACRO(Undefined, undefined, "", 1, 0, 1, JOF_BYTE) \ 263 /* 264 * Push `null`. 265 * 266 * Category: Constants 267 * Operands: 268 * Stack: => null 269 */ \ 270 MACRO(Null, null, js_null_str, 1, 0, 1, JOF_BYTE) \ 271 /* 272 * Push a boolean constant. 273 * 274 * Category: Constants 275 * Operands: 276 * Stack: => true/false 277 */ \ 278 MACRO(False, false_, js_false_str, 1, 0, 1, JOF_BYTE) \ 279 MACRO(True, true_, js_true_str, 1, 0, 1, JOF_BYTE) \ 280 /* 281 * Push the `int32_t` immediate operand as an `Int32Value`. 282 * 283 * `JSOp::Zero`, `JSOp::One`, `JSOp::Int8`, `JSOp::Uint16`, and `JSOp::Uint24` 284 * are all compact encodings for `JSOp::Int32`. 285 * 286 * Category: Constants 287 * Operands: int32_t val 288 * Stack: => val 289 */ \ 290 MACRO(Int32, int32, NULL, 5, 0, 1, JOF_INT32) \ 291 /* 292 * Push the number `0`. 293 * 294 * Category: Constants 295 * Operands: 296 * Stack: => 0 297 */ \ 298 MACRO(Zero, zero, "0", 1, 0, 1, JOF_BYTE) \ 299 /* 300 * Push the number `1`. 301 * 302 * Category: Constants 303 * Operands: 304 * Stack: => 1 305 */ \ 306 MACRO(One, one, "1", 1, 0, 1, JOF_BYTE) \ 307 /* 308 * Push the `int8_t` immediate operand as an `Int32Value`. 309 * 310 * Category: Constants 311 * Operands: int8_t val 312 * Stack: => val 313 */ \ 314 MACRO(Int8, int8, NULL, 2, 0, 1, JOF_INT8) \ 315 /* 316 * Push the `uint16_t` immediate operand as an `Int32Value`. 317 * 318 * Category: Constants 319 * Operands: uint16_t val 320 * Stack: => val 321 */ \ 322 MACRO(Uint16, uint16, NULL, 3, 0, 1, JOF_UINT16) \ 323 /* 324 * Push the `uint24_t` immediate operand as an `Int32Value`. 325 * 326 * Category: Constants 327 * Operands: uint24_t val 328 * Stack: => val 329 */ \ 330 MACRO(Uint24, uint24, NULL, 4, 0, 1, JOF_UINT24) \ 331 /* 332 * Push the 64-bit floating-point immediate operand as a `DoubleValue`. 333 * 334 * If the operand is a NaN, it must be the canonical NaN (see 335 * `JS::detail::CanonicalizeNaN`). 336 * 337 * Category: Constants 338 * Operands: double val 339 * Stack: => val 340 */ \ 341 MACRO(Double, double_, NULL, 9, 0, 1, JOF_DOUBLE) \ 342 /* 343 * Push the BigInt constant `script->getBigInt(bigIntIndex)`. 344 * 345 * Category: Constants 346 * Operands: uint32_t bigIntIndex 347 * Stack: => bigint 348 */ \ 349 MACRO(BigInt, big_int, NULL, 5, 0, 1, JOF_BIGINT) \ 350 /* 351 * Push the string constant `script->getAtom(atomIndex)`. 352 * 353 * Category: Constants 354 * Operands: uint32_t atomIndex 355 * Stack: => string 356 */ \ 357 MACRO(String, string, NULL, 5, 0, 1, JOF_ATOM) \ 358 /* 359 * Push a well-known symbol. 360 * 361 * `symbol` must be in range for `JS::SymbolCode`. 362 * 363 * Category: Constants 364 * Operands: uint8_t symbol (the JS::SymbolCode of the symbol to use) 365 * Stack: => symbol 366 */ \ 367 MACRO(Symbol, symbol, NULL, 2, 0, 1, JOF_UINT8) \ 368 /* 369 * Pop the top value on the stack, discard it, and push `undefined`. 370 * 371 * Implements: [The `void` operator][1], step 3. 372 * 373 * [1]: https://tc39.es/ecma262/#sec-void-operator 374 * 375 * Category: Expressions 376 * Type: Unary operators 377 * Operands: 378 * Stack: val => undefined 379 */ \ 380 MACRO(Void, void_, NULL, 1, 1, 1, JOF_BYTE) \ 381 /* 382 * [The `typeof` operator][1]. 383 * 384 * Infallible. The result is always a string that depends on the [type][2] 385 * of `val`. 386 * 387 * `JSOp::Typeof` and `JSOp::TypeofExpr` are the same except 388 * that--amazingly--`JSOp::Typeof` affects the behavior of an immediately 389 * *preceding* `JSOp::GetName` or `JSOp::GetGName` instruction! This is how 390 * we implement [`typeof`][1] step 2, making `typeof nonExistingVariable` 391 * return `"undefined"` instead of throwing a ReferenceError. 392 * 393 * In a global scope: 394 * 395 * - `typeof x` compiles to `GetGName "x"; Typeof`. 396 * - `typeof (0, x)` compiles to `GetGName "x"; TypeofExpr`. 397 * 398 * Emitting the same bytecode for these two expressions would be a bug. 399 * Per spec, the latter throws a ReferenceError if `x` doesn't exist. 400 * 401 * [1]: https://tc39.es/ecma262/#sec-typeof-operator 402 * [2]: https://tc39.es/ecma262/#sec-ecmascript-language-types 403 * 404 * Category: Expressions 405 * Type: Unary operators 406 * Operands: 407 * Stack: val => (typeof val) 408 */ \ 409 MACRO(Typeof, typeof_, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 410 MACRO(TypeofExpr, typeof_expr, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 411 /* 412 * [The unary `+` operator][1]. 413 * 414 * `+val` doesn't do any actual math. It just calls [ToNumber][2](val). 415 * 416 * The conversion can call `.toString()`/`.valueOf()` methods and can 417 * throw. The result on success is always a Number. (Per spec, unary `-` 418 * supports BigInts, but unary `+` does not.) 419 * 420 * [1]: https://tc39.es/ecma262/#sec-unary-plus-operator 421 * [2]: https://tc39.es/ecma262/#sec-tonumber 422 * 423 * Category: Expressions 424 * Type: Unary operators 425 * Operands: 426 * Stack: val => (+val) 427 */ \ 428 MACRO(Pos, pos, "+ ", 1, 1, 1, JOF_BYTE|JOF_IC) \ 429 /* 430 * [The unary `-` operator][1]. 431 * 432 * Convert `val` to a numeric value, then push `-val`. The conversion can 433 * call `.toString()`/`.valueOf()` methods and can throw. The result on 434 * success is always numeric. 435 * 436 * [1]: https://tc39.es/ecma262/#sec-unary-minus-operator 437 * 438 * Category: Expressions 439 * Type: Unary operators 440 * Operands: 441 * Stack: val => (-val) 442 */ \ 443 MACRO(Neg, neg, "- ", 1, 1, 1, JOF_BYTE|JOF_IC) \ 444 /* 445 * [The bitwise NOT operator][1] (`~`). 446 * 447 * `val` is converted to an integer, then bitwise negated. The conversion 448 * can call `.toString()`/`.valueOf()` methods and can throw. The result on 449 * success is always an Int32 or BigInt value. 450 * 451 * [1]: https://tc39.es/ecma262/#sec-bitwise-not-operator 452 * 453 * Category: Expressions 454 * Type: Unary operators 455 * Operands: 456 * Stack: val => (~val) 457 */ \ 458 MACRO(BitNot, bit_not, "~", 1, 1, 1, JOF_BYTE|JOF_IC) \ 459 /* 460 * [The logical NOT operator][1] (`!`). 461 * 462 * `val` is first converted with [ToBoolean][2], then logically 463 * negated. The result is always a boolean value. This does not call 464 * user-defined methods and can't throw. 465 * 466 * [1]: https://tc39.es/ecma262/#sec-logical-not-operator 467 * [2]: https://tc39.es/ecma262/#sec-toboolean 468 * 469 * Category: Expressions 470 * Type: Unary operators 471 * Operands: 472 * Stack: val => (!val) 473 */ \ 474 MACRO(Not, not_, "!", 1, 1, 1, JOF_BYTE|JOF_IC) \ 475 /* 476 * [Binary bitwise operations][1] (`|`, `^`, `&`). 477 * 478 * The arguments are converted to integers first. The conversion can call 479 * `.toString()`/`.valueOf()` methods and can throw. The result on success 480 * is always an Int32 or BigInt Value. 481 * 482 * [1]: https://tc39.es/ecma262/#sec-binary-bitwise-operators 483 * 484 * Category: Expressions 485 * Type: Binary operators 486 * Operands: 487 * Stack: lval, rval => (lval OP rval) 488 */ \ 489 MACRO(BitOr, bit_or, "|", 1, 2, 1, JOF_BYTE|JOF_IC) \ 490 MACRO(BitXor, bit_xor, "^", 1, 2, 1, JOF_BYTE|JOF_IC) \ 491 MACRO(BitAnd, bit_and, "&", 1, 2, 1, JOF_BYTE|JOF_IC) \ 492 /* 493 * Loose equality operators (`==` and `!=`). 494 * 495 * Pop two values, compare them, and push the boolean result. The 496 * comparison may perform conversions that call `.toString()`/`.valueOf()` 497 * methods and can throw. 498 * 499 * Implements: [Abstract Equality Comparison][1]. 500 * 501 * [1]: https://tc39.es/ecma262/#sec-abstract-equality-comparison 502 * 503 * Category: Expressions 504 * Type: Binary operators 505 * Operands: 506 * Stack: lval, rval => (lval OP rval) 507 */ \ 508 MACRO(Eq, eq, "==", 1, 2, 1, JOF_BYTE|JOF_IC) \ 509 MACRO(Ne, ne, "!=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 510 /* 511 * Strict equality operators (`===` and `!==`). 512 * 513 * Pop two values, check whether they're equal, and push the boolean 514 * result. This does not call user-defined methods and can't throw 515 * (except possibly due to OOM while flattening a string). 516 * 517 * Implements: [Strict Equality Comparison][1]. 518 * 519 * [1]: https://tc39.es/ecma262/#sec-strict-equality-comparison 520 * 521 * Category: Expressions 522 * Type: Binary operators 523 * Operands: 524 * Stack: lval, rval => (lval OP rval) 525 */ \ 526 MACRO(StrictEq, strict_eq, "===", 1, 2, 1, JOF_BYTE|JOF_IC) \ 527 MACRO(StrictNe, strict_ne, "!==", 1, 2, 1, JOF_BYTE|JOF_IC) \ 528 /* 529 * Relative operators (`<`, `>`, `<=`, `>=`). 530 * 531 * Pop two values, compare them, and push the boolean result. The 532 * comparison may perform conversions that call `.toString()`/`.valueOf()` 533 * methods and can throw. 534 * 535 * Implements: [Relational Operators: Evaluation][1]. 536 * 537 * [1]: https://tc39.es/ecma262/#sec-relational-operators-runtime-semantics-evaluation 538 * 539 * Category: Expressions 540 * Type: Binary operators 541 * Operands: 542 * Stack: lval, rval => (lval OP rval) 543 */ \ 544 MACRO(Lt, lt, "<", 1, 2, 1, JOF_BYTE|JOF_IC) \ 545 MACRO(Gt, gt, ">", 1, 2, 1, JOF_BYTE|JOF_IC) \ 546 MACRO(Le, le, "<=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 547 MACRO(Ge, ge, ">=", 1, 2, 1, JOF_BYTE|JOF_IC) \ 548 /* 549 * [The `instanceof` operator][1]. 550 * 551 * This throws a `TypeError` if `target` is not an object. It calls 552 * `target[Symbol.hasInstance](value)` if the method exists. On success, 553 * the result is always a boolean value. 554 * 555 * [1]: https://tc39.es/ecma262/#sec-instanceofoperator 556 * 557 * Category: Expressions 558 * Type: Binary operators 559 * Operands: 560 * Stack: value, target => (value instanceof target) 561 */ \ 562 MACRO(Instanceof, instanceof, js_instanceof_str, 1, 2, 1, JOF_BYTE|JOF_IC) \ 563 /* 564 * [The `in` operator][1]. 565 * 566 * Push `true` if `obj` has a property with the key `id`. Otherwise push `false`. 567 * 568 * This throws a `TypeError` if `obj` is not an object. This can fire 569 * proxy hooks and can throw. On success, the result is always a boolean 570 * value. 571 * 572 * [1]: https://tc39.es/ecma262/#sec-relational-operators-runtime-semantics-evaluation 573 * 574 * Category: Expressions 575 * Type: Binary operators 576 * Operands: 577 * Stack: id, obj => (id in obj) 578 */ \ 579 MACRO(In, in_, js_in_str, 1, 2, 1, JOF_BYTE|JOF_IC) \ 580 /* 581 * [Bitwise shift operators][1] (`<<`, `>>`, `>>>`). 582 * 583 * Pop two values, convert them to integers, perform a bitwise shift, and 584 * push the result. 585 * 586 * Conversion can call `.toString()`/`.valueOf()` methods and can throw. 587 * The result on success is always an Int32 or BigInt Value. 588 * 589 * [1]: https://tc39.es/ecma262/#sec-bitwise-shift-operators 590 * 591 * Category: Expressions 592 * Type: Binary operators 593 * Operands: 594 * Stack: lval, rval => (lval OP rval) 595 */ \ 596 MACRO(Lsh, lsh, "<<", 1, 2, 1, JOF_BYTE|JOF_IC) \ 597 MACRO(Rsh, rsh, ">>", 1, 2, 1, JOF_BYTE|JOF_IC) \ 598 MACRO(Ursh, ursh, ">>>", 1, 2, 1, JOF_BYTE|JOF_IC) \ 599 /* 600 * [The binary `+` operator][1]. 601 * 602 * Pop two values, convert them to primitive values, add them, and push the 603 * result. If both values are numeric, add them; if either is a 604 * string, do string concatenation instead. 605 * 606 * The conversion can call `.toString()`/`.valueOf()` methods and can throw. 607 * 608 * [1]: https://tc39.es/ecma262/#sec-addition-operator-plus-runtime-semantics-evaluation 609 * 610 * Category: Expressions 611 * Type: Binary operators 612 * Operands: 613 * Stack: lval, rval => (lval + rval) 614 */ \ 615 MACRO(Add, add, "+", 1, 2, 1, JOF_BYTE|JOF_IC) \ 616 /* 617 * [The binary `-` operator][1]. 618 * 619 * Pop two values, convert them to numeric values, subtract the top value 620 * from the other one, and push the result. 621 * 622 * The conversion can call `.toString()`/`.valueOf()` methods and can 623 * throw. On success, the result is always numeric. 624 * 625 * [1]: https://tc39.es/ecma262/#sec-subtraction-operator-minus-runtime-semantics-evaluation 626 * 627 * Category: Expressions 628 * Type: Binary operators 629 * Operands: 630 * Stack: lval, rval => (lval - rval) 631 */ \ 632 MACRO(Sub, sub, "-", 1, 2, 1, JOF_BYTE|JOF_IC) \ 633 /* 634 * Add or subtract 1. 635 * 636 * `val` must already be a numeric value, such as the result of 637 * `JSOp::ToNumeric`. 638 * 639 * Implements: [The `++` and `--` operators][1], step 3 of each algorithm. 640 * 641 * [1]: https://tc39.es/ecma262/#sec-postfix-increment-operator 642 * 643 * Category: Expressions 644 * Type: Binary operators 645 * Operands: 646 * Stack: val => (val +/- 1) 647 */ \ 648 MACRO(Inc, inc, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 649 MACRO(Dec, dec, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 650 /* 651 * [The multiplicative operators][1] (`*`, `/`, `%`). 652 * 653 * Pop two values, convert them to numeric values, do math, and push the 654 * result. 655 * 656 * The conversion can call `.toString()`/`.valueOf()` methods and can 657 * throw. On success, the result is always numeric. 658 * 659 * [1]: https://tc39.es/ecma262/#sec-multiplicative-operators-runtime-semantics-evaluation 660 * 661 * Category: Expressions 662 * Type: Binary operators 663 * Operands: 664 * Stack: lval, rval => (lval OP rval) 665 */ \ 666 MACRO(Mul, mul, "*", 1, 2, 1, JOF_BYTE|JOF_IC) \ 667 MACRO(Div, div, "/", 1, 2, 1, JOF_BYTE|JOF_IC) \ 668 MACRO(Mod, mod, "%", 1, 2, 1, JOF_BYTE|JOF_IC) \ 669 /* 670 * [The exponentiation operator][1] (`**`). 671 * 672 * Pop two values, convert them to numeric values, do exponentiation, and 673 * push the result. The top value is the exponent. 674 * 675 * The conversion can call `.toString()`/`.valueOf()` methods and can 676 * throw. This throws a RangeError if both values are BigInts and the 677 * exponent is negative. 678 * 679 * [1]: https://tc39.es/ecma262/#sec-exp-operator 680 * 681 * Category: Expressions 682 * Type: Binary operators 683 * Operands: 684 * Stack: lval, rval => (lval ** rval) 685 */ \ 686 MACRO(Pow, pow, "**", 1, 2, 1, JOF_BYTE|JOF_IC) \ 687 /* 688 * Convert a value to a property key. 689 * 690 * Implements: [ToPropertyKey][1], except that if the result would be the 691 * string representation of some integer in the range 0..2^31, we push the 692 * corresponding Int32 value instead. This is because the spec insists that 693 * array indices are strings, whereas for us they are integers. 694 * 695 * This is used for code like `++obj[index]`, which must do both a 696 * `JSOp::GetElem` and a `JSOp::SetElem` with the same property key. Both 697 * instructions would convert `index` to a property key for us, but the 698 * spec says to convert it only once. 699 * 700 * The conversion can call `.toString()`/`.valueOf()` methods and can 701 * throw. 702 * 703 * [1]: https://tc39.es/ecma262/#sec-topropertykey 704 * 705 * Category: Expressions 706 * Type: Conversions 707 * Operands: 708 * Stack: propertyNameValue => propertyKey 709 */ \ 710 MACRO(ToPropertyKey, to_property_key, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 711 /* 712 * Convert a value to a numeric value (a Number or BigInt). 713 * 714 * Implements: [ToNumeric][1](val). 715 * 716 * Note: This is used to implement [`++` and `--`][2]. Surprisingly, it's 717 * not possible to get the right behavior using `JSOp::Add` and `JSOp::Sub` 718 * alone. For one thing, `JSOp::Add` sometimes does string concatenation, 719 * while `++` always does numeric addition. More fundamentally, the result 720 * of evaluating `x--` is ToNumeric(old value of `x`), a value that the 721 * sequence `GetLocal "x"; One; Sub; SetLocal "x"` does not give us. 722 * 723 * [1]: https://tc39.es/ecma262/#sec-tonumeric 724 * [2]: https://tc39.es/ecma262/#sec-postfix-increment-operator 725 * 726 * Category: Expressions 727 * Type: Conversions 728 * Operands: 729 * Stack: val => ToNumeric(val) 730 */ \ 731 MACRO(ToNumeric, to_numeric, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 732 /* 733 * Convert a value to a string. 734 * 735 * Implements: [ToString][1](val). 736 * 737 * Note: This is used in code for template literals, like `${x}${y}`. Each 738 * substituted value must be converted using ToString. `JSOp::Add` by itself 739 * would do a slightly wrong kind of conversion (hint="number" rather than 740 * hint="string"). 741 * 742 * [1]: https://tc39.es/ecma262/#sec-tostring 743 * 744 * Category: Expressions 745 * Type: Conversions 746 * Stack: val => ToString(val) 747 */ \ 748 MACRO(ToString, to_string, NULL, 1, 1, 1, JOF_BYTE) \ 749 /* 750 * Push the global `this` value. Not to be confused with the `globalThis` 751 * property on the global. 752 * 753 * This must be used only in scopes where `this` refers to the global 754 * `this`. 755 * 756 * Category: Expressions 757 * Type: Other expressions 758 * Operands: 759 * Stack: => this 760 */ \ 761 MACRO(GlobalThis, global_this, NULL, 1, 0, 1, JOF_BYTE) \ 762 /* 763 * Push the value of `new.target`. 764 * 765 * The result is a constructor or `undefined`. 766 * 767 * This must be used only in scripts where `new.target` is allowed: 768 * non-arrow function scripts and other scripts that have a non-arrow 769 * function script on the scope chain. 770 * 771 * Implements: [GetNewTarget][1]. 772 * 773 * [1]: https://tc39.es/ecma262/#sec-getnewtarget 774 * 775 * Category: Expressions 776 * Type: Other expressions 777 * Operands: 778 * Stack: => new.target 779 */ \ 780 MACRO(NewTarget, new_target, NULL, 1, 0, 1, JOF_BYTE) \ 781 /* 782 * Dynamic import of the module specified by the string value on the top of 783 * the stack. 784 * 785 * Implements: [Import Calls][1]. 786 * 787 * [1]: https://tc39.es/ecma262/#sec-import-calls 788 * 789 * Category: Expressions 790 * Type: Other expressions 791 * Operands: 792 * Stack: moduleId => promise 793 */ \ 794 MACRO(DynamicImport, dynamic_import, NULL, 1, 1, 1, JOF_BYTE) \ 795 /* 796 * Push the `import.meta` object. 797 * 798 * This must be used only in module code. 799 * 800 * Category: Expressions 801 * Type: Other expressions 802 * Operands: 803 * Stack: => import.meta 804 */ \ 805 MACRO(ImportMeta, import_meta, NULL, 1, 0, 1, JOF_BYTE) \ 806 /* 807 * Create and push a new object with no properties. 808 * 809 * Category: Objects 810 * Type: Creating objects 811 * Operands: 812 * Stack: => obj 813 */ \ 814 MACRO(NewInit, new_init, NULL, 1, 0, 1, JOF_BYTE|JOF_IC) \ 815 /* 816 * Create and push a new object of a predetermined shape. 817 * 818 * The new object has the shape of the template object 819 * `script->getObject(baseobjIndex)`. Subsequent `InitProp` instructions 820 * must fill in all slots of the new object before it is used in any other 821 * way. 822 * 823 * Category: Objects 824 * Type: Creating objects 825 * Operands: uint32_t baseobjIndex 826 * Stack: => obj 827 */ \ 828 MACRO(NewObject, new_object, NULL, 5, 0, 1, JOF_OBJECT|JOF_IC) \ 829 /* 830 * Push a preconstructed object. 831 * 832 * Going one step further than `JSOp::NewObject`, this instruction doesn't 833 * just reuse the shape--it actually pushes the preconstructed object 834 * `script->getObject(objectIndex)` right onto the stack. The object must 835 * be a singleton `PlainObject` or `ArrayObject`. 836 * 837 * The spec requires that an *ObjectLiteral* or *ArrayLiteral* creates a 838 * new object every time it's evaluated, so this instruction must not be 839 * used anywhere it might be executed more than once. 840 * 841 * This may only be used in non-function run-once scripts. Care also must 842 * be taken to not emit in loops or other constructs where it could run 843 * more than once. 844 * 845 * Category: Objects 846 * Type: Creating objects 847 * Operands: uint32_t objectIndex 848 * Stack: => obj 849 */ \ 850 MACRO(Object, object, NULL, 5, 0, 1, JOF_OBJECT) \ 851 /* 852 * Create and push a new ordinary object with the provided [[Prototype]]. 853 * 854 * This is used to create the `.prototype` object for derived classes. 855 * 856 * Category: Objects 857 * Type: Creating objects 858 * Operands: 859 * Stack: proto => obj 860 */ \ 861 MACRO(ObjWithProto, obj_with_proto, NULL, 1, 1, 1, JOF_BYTE) \ 862 /* 863 * Define a data property on an object. 864 * 865 * `obj` must be an object. 866 * 867 * Implements: [CreateDataPropertyOrThrow][1] as used in 868 * [PropertyDefinitionEvaluation][2] of regular and shorthand 869 * *PropertyDefinition*s. 870 * 871 * [1]: https://tc39.es/ecma262/#sec-createdatapropertyorthrow 872 * [2]: https://tc39.es/ecma262/#sec-object-initializer-runtime-semantics-propertydefinitionevaluation 873 * 874 * Category: Objects 875 * Type: Defining properties 876 * Operands: uint32_t nameIndex 877 * Stack: obj, val => obj 878 */ \ 879 MACRO(InitProp, init_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 880 /* 881 * Like `JSOp::InitProp`, but define a non-enumerable property. 882 * 883 * This is used to define class methods. 884 * 885 * Implements: [PropertyDefinitionEvaluation][1] for methods, steps 3 and 886 * 4, when *enumerable* is false. 887 * 888 * [1]: https://tc39.es/ecma262/#sec-method-definitions-runtime-semantics-propertydefinitionevaluation 889 * 890 * Category: Objects 891 * Type: Defining properties 892 * Operands: uint32_t nameIndex 893 * Stack: obj, val => obj 894 */ \ 895 MACRO(InitHiddenProp, init_hidden_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 896 /* 897 * Like `JSOp::InitProp`, but define a non-enumerable, non-writable, 898 * non-configurable property. 899 * 900 * This is used to define the `.prototype` property on classes. 901 * 902 * Implements: [MakeConstructor][1], step 8, when *writablePrototype* is 903 * false. 904 * 905 * [1]: https://tc39.es/ecma262/#sec-makeconstructor 906 * 907 * Category: Objects 908 * Type: Defining properties 909 * Operands: uint32_t nameIndex 910 * Stack: obj, val => obj 911 */ \ 912 MACRO(InitLockedProp, init_locked_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT|JOF_IC) \ 913 /* 914 * Define a data property on `obj` with property key `id` and value `val`. 915 * 916 * `obj` must be an object. 917 * 918 * Implements: [CreateDataPropertyOrThrow][1]. This instruction is used for 919 * object literals like `{0: val}` and `{[id]: val}`, and methods like 920 * `*[Symbol.iterator]() {}`. 921 * 922 * `JSOp::InitHiddenElem` is the same but defines a non-enumerable property, 923 * for class methods. 924 * `JSOp::InitLockedElem` is the same but defines a non-enumerable, non-writable, non-configurable property, 925 * for private class methods. 926 * 927 * [1]: https://tc39.es/ecma262/#sec-createdatapropertyorthrow 928 * 929 * Category: Objects 930 * Type: Defining properties 931 * Operands: 932 * Stack: obj, id, val => obj 933 */ \ 934 MACRO(InitElem, init_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 935 MACRO(InitHiddenElem, init_hidden_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 936 MACRO(InitLockedElem, init_locked_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 937 /* 938 * Define an accessor property on `obj` with the given `getter`. 939 * `nameIndex` gives the property name. 940 * 941 * `obj` must be an object and `getter` must be a function. 942 * 943 * `JSOp::InitHiddenPropGetter` is the same but defines a non-enumerable 944 * property, for getters in classes. 945 * 946 * Category: Objects 947 * Type: Defining properties 948 * Operands: uint32_t nameIndex 949 * Stack: obj, getter => obj 950 */ \ 951 MACRO(InitPropGetter, init_prop_getter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 952 MACRO(InitHiddenPropGetter, init_hidden_prop_getter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 953 /* 954 * Define an accessor property on `obj` with property key `id` and the given `getter`. 955 * 956 * This is used to implement getters like `get [id]() {}` or `get 0() {}`. 957 * 958 * `obj` must be an object and `getter` must be a function. 959 * 960 * `JSOp::InitHiddenElemGetter` is the same but defines a non-enumerable 961 * property, for getters in classes. 962 * 963 * Category: Objects 964 * Type: Defining properties 965 * Operands: 966 * Stack: obj, id, getter => obj 967 */ \ 968 MACRO(InitElemGetter, init_elem_getter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 969 MACRO(InitHiddenElemGetter, init_hidden_elem_getter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 970 /* 971 * Define an accessor property on `obj` with the given `setter`. 972 * 973 * This is used to implement ordinary setters like `set foo(v) {}`. 974 * 975 * `obj` must be an object and `setter` must be a function. 976 * 977 * `JSOp::InitHiddenPropSetter` is the same but defines a non-enumerable 978 * property, for setters in classes. 979 * 980 * Category: Objects 981 * Type: Defining properties 982 * Operands: uint32_t nameIndex 983 * Stack: obj, setter => obj 984 */ \ 985 MACRO(InitPropSetter, init_prop_setter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 986 MACRO(InitHiddenPropSetter, init_hidden_prop_setter, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPINIT) \ 987 /* 988 * Define an accesssor property on `obj` with property key `id` and the 989 * given `setter`. 990 * 991 * This is used to implement setters with computed property keys or numeric 992 * keys. 993 * 994 * `JSOp::InitHiddenElemSetter` is the same but defines a non-enumerable 995 * property, for setters in classes. 996 * 997 * Category: Objects 998 * Type: Defining properties 999 * Operands: 1000 * Stack: obj, id, setter => obj 1001 */ \ 1002 MACRO(InitElemSetter, init_elem_setter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 1003 MACRO(InitHiddenElemSetter, init_hidden_elem_setter, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPINIT) \ 1004 /* 1005 * Get the value of the property `obj.name`. This can call getters and 1006 * proxy traps. 1007 * 1008 * Implements: [GetV][1], [GetValue][2] step 5. 1009 * 1010 * [1]: https://tc39.es/ecma262/#sec-getv 1011 * [2]: https://tc39.es/ecma262/#sec-getvalue 1012 * 1013 * Category: Objects 1014 * Type: Accessing properties 1015 * Operands: uint32_t nameIndex 1016 * Stack: obj => obj[name] 1017 */ \ 1018 MACRO(GetProp, get_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_IC) \ 1019 /* 1020 * Get the value of the property `obj[key]`. 1021 * 1022 * Implements: [GetV][1], [GetValue][2] step 5. 1023 * 1024 * [1]: https://tc39.es/ecma262/#sec-getv 1025 * [2]: https://tc39.es/ecma262/#sec-getvalue 1026 * 1027 * Category: Objects 1028 * Type: Accessing properties 1029 * Operands: 1030 * Stack: obj, key => obj[key] 1031 */ \ 1032 MACRO(GetElem, get_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_IC) \ 1033 /* 1034 * Non-strict assignment to a property, `obj.name = val`. 1035 * 1036 * This throws a TypeError if `obj` is null or undefined. If it's a 1037 * primitive value, the property is set on ToObject(`obj`), typically with 1038 * no effect. 1039 * 1040 * Implements: [PutValue][1] step 6 for non-strict code. 1041 * 1042 * [1]: https://tc39.es/ecma262/#sec-putvalue 1043 * 1044 * Category: Objects 1045 * Type: Accessing properties 1046 * Operands: uint32_t nameIndex 1047 * Stack: obj, val => val 1048 */ \ 1049 MACRO(SetProp, set_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 1050 /* 1051 * Like `JSOp::SetProp`, but for strict mode code. Throw a TypeError if 1052 * `obj[key]` exists but is non-writable, if it's an accessor property with 1053 * no setter, or if `obj` is a primitive value. 1054 * 1055 * Category: Objects 1056 * Type: Accessing properties 1057 * Operands: uint32_t nameIndex 1058 * Stack: obj, val => val 1059 */ \ 1060 MACRO(StrictSetProp, strict_set_prop, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 1061 /* 1062 * Non-strict assignment to a property, `obj[key] = val`. 1063 * 1064 * Implements: [PutValue][1] step 6 for non-strict code. 1065 * 1066 * [1]: https://tc39.es/ecma262/#sec-putvalue 1067 * 1068 * Category: Objects 1069 * Type: Accessing properties 1070 * Operands: 1071 * Stack: obj, key, val => val 1072 */ \ 1073 MACRO(SetElem, set_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 1074 /* 1075 * Like `JSOp::SetElem`, but for strict mode code. Throw a TypeError if 1076 * `obj[key]` exists but is non-writable, if it's an accessor property with 1077 * no setter, or if `obj` is a primitive value. 1078 * 1079 * Category: Objects 1080 * Type: Accessing properties 1081 * Operands: 1082 * Stack: obj, key, val => val 1083 */ \ 1084 MACRO(StrictSetElem, strict_set_elem, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 1085 /* 1086 * Delete a property from `obj`. Push true on success, false if the 1087 * property existed but could not be deleted. This implements `delete 1088 * obj.name` in non-strict code. 1089 * 1090 * Throws if `obj` is null or undefined. Can call proxy traps. 1091 * 1092 * Implements: [`delete obj.propname`][1] step 5 in non-strict code. 1093 * 1094 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 1095 * 1096 * Category: Objects 1097 * Type: Accessing properties 1098 * Operands: uint32_t nameIndex 1099 * Stack: obj => succeeded 1100 */ \ 1101 MACRO(DelProp, del_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_CHECKSLOPPY) \ 1102 /* 1103 * Like `JSOp::DelProp`, but for strict mode code. Push `true` on success, 1104 * else throw a TypeError. 1105 * 1106 * Category: Objects 1107 * Type: Accessing properties 1108 * Operands: uint32_t nameIndex 1109 * Stack: obj => succeeded 1110 */ \ 1111 MACRO(StrictDelProp, strict_del_prop, NULL, 5, 1, 1, JOF_ATOM|JOF_PROP|JOF_CHECKSTRICT) \ 1112 /* 1113 * Delete the property `obj[key]` and push `true` on success, `false` 1114 * if the property existed but could not be deleted. 1115 * 1116 * This throws if `obj` is null or undefined. Can call proxy traps. 1117 * 1118 * Implements: [`delete obj[key]`][1] step 5 in non-strict code. 1119 * 1120 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 1121 * 1122 * Category: Objects 1123 * Type: Accessing properties 1124 * Operands: 1125 * Stack: obj, key => succeeded 1126 */ \ 1127 MACRO(DelElem, del_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_CHECKSLOPPY) \ 1128 /* 1129 * Like `JSOp::DelElem, but for strict mode code. Push `true` on success, 1130 * else throw a TypeError. 1131 * 1132 * Category: Objects 1133 * Type: Accessing properties 1134 * Operands: 1135 * Stack: obj, key => succeeded 1136 */ \ 1137 MACRO(StrictDelElem, strict_del_elem, NULL, 1, 2, 1, JOF_BYTE|JOF_ELEM|JOF_CHECKSTRICT) \ 1138 /* 1139 * Push true if `obj` has an own property `id`. 1140 * 1141 * Note that `obj` is the top value, like `JSOp::In`. 1142 * 1143 * This opcode is not used for normal JS. Self-hosted code uses it by 1144 * calling the intrinsic `hasOwn(id, obj)`. For example, 1145 * `Object.prototype.hasOwnProperty` is implemented this way (see 1146 * js/src/builtin/Object.js). 1147 * 1148 * Category: Objects 1149 * Type: Accessing properties 1150 * Operands: 1151 * Stack: id, obj => (obj.hasOwnProperty(id)) 1152 */ \ 1153 MACRO(HasOwn, has_own, NULL, 1, 2, 1, JOF_BYTE|JOF_IC) \ 1154 /* 1155 * Push a bool representing the presence of private field id on obj. 1156 * May throw, depending on the ThrowCondition. 1157 * 1158 * Two arguments: 1159 * - throwCondition: One of the ThrowConditions defined in 1160 * ThrowMsgKind.h. Determines why (or if) this op will throw. 1161 * - msgKind: One of the ThrowMsgKinds defined in ThrowMsgKind.h, which 1162 * maps to one of the messages in js.msg. Note: It's not possible to 1163 * pass arguments to the message at the moment. 1164 * 1165 * Category: Control flow 1166 * Category: Objects 1167 * Type: Accessing properties 1168 * Operands: ThrowCondition throwCondition, ThrowMsgKind msgKind 1169 * Stack: obj, key => obj, key, (obj.hasOwnProperty(id)) 1170 */ \ 1171 MACRO(CheckPrivateField, check_private_field, NULL, 3, 2, 3, JOF_TWO_UINT8|JOF_CHECKSTRICT|JOF_IC) \ 1172 /* 1173 * Push the SuperBase of the method `callee`. The SuperBase is 1174 * `callee.[[HomeObject]].[[GetPrototypeOf]]()`, the object where `super` 1175 * property lookups should begin. 1176 * 1177 * `callee` must be a function that has a HomeObject that's an object, 1178 * typically produced by `JSOp::Callee` or `JSOp::EnvCallee`. 1179 * 1180 * Implements: [GetSuperBase][1], except that instead of the environment, 1181 * the argument supplies the callee. 1182 * 1183 * [1]: https://tc39.es/ecma262/#sec-getsuperbase 1184 * 1185 * Category: Objects 1186 * Type: Super 1187 * Operands: 1188 * Stack: callee => superBase 1189 */ \ 1190 MACRO(SuperBase, super_base, NULL, 1, 1, 1, JOF_BYTE) \ 1191 /* 1192 * Get the value of `receiver.name`, starting the property search at `obj`. 1193 * In spec terms, `obj.[[Get]](name, receiver)`. 1194 * 1195 * Implements: [GetValue][1] for references created by [`super.name`][2]. 1196 * The `receiver` is `this` and `obj` is the SuperBase of the enclosing 1197 * method. 1198 * 1199 * [1]: https://tc39.es/ecma262/#sec-getvalue 1200 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1201 * 1202 * Category: Objects 1203 * Type: Super 1204 * Operands: uint32_t nameIndex 1205 * Stack: receiver, obj => super.name 1206 */ \ 1207 MACRO(GetPropSuper, get_prop_super, NULL, 5, 2, 1, JOF_ATOM|JOF_PROP|JOF_IC) \ 1208 /* 1209 * Get the value of `receiver[key]`, starting the property search at `obj`. 1210 * In spec terms, `obj.[[Get]](key, receiver)`. 1211 * 1212 * Implements: [GetValue][1] for references created by [`super[key]`][2] 1213 * (where the `receiver` is `this` and `obj` is the SuperBase of the enclosing 1214 * method); [`Reflect.get(obj, key, receiver)`][3]. 1215 * 1216 * [1]: https://tc39.es/ecma262/#sec-getvalue 1217 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1218 * [3]: https://tc39.es/ecma262/#sec-reflect.get 1219 * 1220 * Category: Objects 1221 * Type: Super 1222 * Operands: 1223 * Stack: receiver, key, obj => super[key] 1224 */ \ 1225 MACRO(GetElemSuper, get_elem_super, NULL, 1, 3, 1, JOF_BYTE|JOF_ELEM|JOF_IC) \ 1226 /* 1227 * Assign `val` to `receiver.name`, starting the search for an existing 1228 * property at `obj`. In spec terms, `obj.[[Set]](name, val, receiver)`. 1229 * 1230 * Implements: [PutValue][1] for references created by [`super.name`][2] in 1231 * non-strict code. The `receiver` is `this` and `obj` is the SuperBase of 1232 * the enclosing method. 1233 * 1234 * [1]: https://tc39.es/ecma262/#sec-putvalue 1235 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1236 * 1237 * Category: Objects 1238 * Type: Super 1239 * Operands: uint32_t nameIndex 1240 * Stack: receiver, obj, val => val 1241 */ \ 1242 MACRO(SetPropSuper, set_prop_super, NULL, 5, 3, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSLOPPY) \ 1243 /* 1244 * Like `JSOp::SetPropSuper`, but for strict mode code. 1245 * 1246 * Category: Objects 1247 * Type: Super 1248 * Operands: uint32_t nameIndex 1249 * Stack: receiver, obj, val => val 1250 */ \ 1251 MACRO(StrictSetPropSuper, strict_set_prop_super, NULL, 5, 3, 1, JOF_ATOM|JOF_PROP|JOF_PROPSET|JOF_CHECKSTRICT) \ 1252 /* 1253 * Assign `val` to `receiver[key]`, strating the search for an existing 1254 * property at `obj`. In spec terms, `obj.[[Set]](key, val, receiver)`. 1255 * 1256 * Implements: [PutValue][1] for references created by [`super[key]`][2] in 1257 * non-strict code. The `receiver` is `this` and `obj` is the SuperBase of 1258 * the enclosing method. 1259 * 1260 * [1]: https://tc39.es/ecma262/#sec-putvalue 1261 * [2]: https://tc39.es/ecma262/#sec-super-keyword-runtime-semantics-evaluation 1262 * 1263 * Category: Objects 1264 * Type: Super 1265 * Operands: 1266 * Stack: receiver, key, obj, val => val 1267 */ \ 1268 MACRO(SetElemSuper, set_elem_super, NULL, 1, 4, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSLOPPY) \ 1269 /* 1270 * Like `JSOp::SetElemSuper`, but for strict mode code. 1271 * 1272 * Category: Objects 1273 * Type: Super 1274 * Operands: 1275 * Stack: receiver, key, obj, val => val 1276 */ \ 1277 MACRO(StrictSetElemSuper, strict_set_elem_super, NULL, 1, 4, 1, JOF_BYTE|JOF_ELEM|JOF_PROPSET|JOF_CHECKSTRICT) \ 1278 /* 1279 * Set up a for-in loop by pushing a `PropertyIteratorObject` over the 1280 * enumerable properties of `val`. 1281 * 1282 * Implements: [ForIn/OfHeadEvaluation][1] step 6, 1283 * [EnumerateObjectProperties][1]. (The spec refers to an "Iterator object" 1284 * with a `next` method, but notes that it "is never directly accessible" 1285 * to scripts. The object we use for this has no public methods.) 1286 * 1287 * If `val` is null or undefined, this pushes an empty iterator. 1288 * 1289 * The `iter` object pushed by this instruction must not be used or removed 1290 * from the stack except by `JSOp::MoreIter` and `JSOp::EndIter`, or by error 1291 * handling. 1292 * 1293 * The script's `JSScript::trynotes()` must mark the body of the `for-in` 1294 * loop, i.e. exactly those instructions that begin executing with `iter` 1295 * on the stack, starting with the next instruction (always 1296 * `JSOp::LoopHead`). Code must not jump into or out of this region: control 1297 * can enter only by executing `JSOp::Iter` and can exit only by executing a 1298 * `JSOp::EndIter` or by exception unwinding. (A `JSOp::EndIter` is always 1299 * emitted at the end of the loop, and extra copies are emitted on "exit 1300 * slides", where a `break`, `continue`, or `return` statement exits the 1301 * loop.) 1302 * 1303 * Typically a single try note entry marks the contiguous chunk of bytecode 1304 * from the instruction after `JSOp::Iter` to `JSOp::EndIter` (inclusive); 1305 * but if that range contains any instructions on exit slides, after a 1306 * `JSOp::EndIter`, then those must be correctly noted as *outside* the 1307 * loop. 1308 * 1309 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-forin-div-ofheadevaluation-tdznames-expr-iterationkind 1310 * [2]: https://tc39.es/ecma262/#sec-enumerate-object-properties 1311 * 1312 * Category: Objects 1313 * Type: Enumeration 1314 * Operands: 1315 * Stack: val => iter 1316 */ \ 1317 MACRO(Iter, iter, NULL, 1, 1, 1, JOF_BYTE|JOF_IC) \ 1318 /* 1319 * Get the next property name for a for-in loop. 1320 * 1321 * `iter` must be a `PropertyIteratorObject` produced by `JSOp::Iter`. This 1322 * pushes the property name for the next loop iteration, or 1323 * `MagicValue(JS_NO_ITER_VALUE)` if there are no more enumerable 1324 * properties to iterate over. The magic value must be used only by 1325 * `JSOp::IsNoIter` and `JSOp::EndIter`. 1326 * 1327 * Category: Objects 1328 * Type: Enumeration 1329 * Operands: 1330 * Stack: iter => iter, name 1331 */ \ 1332 MACRO(MoreIter, more_iter, NULL, 1, 1, 2, JOF_BYTE) \ 1333 /* 1334 * Test whether the value on top of the stack is 1335 * `MagicValue(JS_NO_ITER_VALUE)` and push the boolean result. 1336 * 1337 * Category: Objects 1338 * Type: Enumeration 1339 * Operands: 1340 * Stack: val => val, done 1341 */ \ 1342 MACRO(IsNoIter, is_no_iter, NULL, 1, 1, 2, JOF_BYTE) \ 1343 /* 1344 * Exit a for-in loop, closing the iterator. 1345 * 1346 * `iter` must be a `PropertyIteratorObject` pushed by `JSOp::Iter`. 1347 * 1348 * Category: Objects 1349 * Type: Enumeration 1350 * Operands: 1351 * Stack: iter, iterval => 1352 */ \ 1353 MACRO(EndIter, end_iter, NULL, 1, 2, 0, JOF_BYTE) \ 1354 /* 1355 * Check that the top value on the stack is an object, and throw a 1356 * TypeError if not. `kind` is used only to generate an appropriate error 1357 * message. 1358 * 1359 * Implements: [GetIterator][1] step 5, [IteratorNext][2] step 3. Both 1360 * operations call a JS method which scripts can define however they want, 1361 * so they check afterwards that the method returned an object. 1362 * 1363 * [1]: https://tc39.es/ecma262/#sec-getiterator 1364 * [2]: https://tc39.es/ecma262/#sec-iteratornext 1365 * 1366 * Category: Objects 1367 * Type: Iteration 1368 * Operands: CheckIsObjectKind kind 1369 * Stack: result => result 1370 */ \ 1371 MACRO(CheckIsObj, check_is_obj, NULL, 2, 1, 1, JOF_UINT8) \ 1372 /* 1373 * Throw a TypeError if `val` is `null` or `undefined`. 1374 * 1375 * Implements: [RequireObjectCoercible][1]. But most instructions that 1376 * require an object will perform this check for us, so of the dozens of 1377 * calls to RequireObjectCoercible in the spec, we need this instruction 1378 * only for [destructuring assignment][2] and [initialization][3]. 1379 * 1380 * [1]: https://tc39.es/ecma262/#sec-requireobjectcoercible 1381 * [2]: https://tc39.es/ecma262/#sec-runtime-semantics-destructuringassignmentevaluation 1382 * [3]: https://tc39.es/ecma262/#sec-destructuring-binding-patterns-runtime-semantics-bindinginitialization 1383 * 1384 * Category: Objects 1385 * Type: Iteration 1386 * Operands: 1387 * Stack: val => val 1388 */ \ 1389 MACRO(CheckObjCoercible, check_obj_coercible, NULL, 1, 1, 1, JOF_BYTE) \ 1390 /* 1391 * Create and push an async iterator wrapping the sync iterator `iter`. 1392 * `next` should be `iter`'s `.next` method. 1393 * 1394 * Implements: [CreateAsyncToSyncIterator][1]. The spec says this operation 1395 * takes one argument, but that argument is a Record with two relevant 1396 * fields, `[[Iterator]]` and `[[NextMethod]]`. 1397 * 1398 * Used for `for await` loops. 1399 * 1400 * [1]: https://tc39.es/ecma262/#sec-createasyncfromsynciterator 1401 * 1402 * Category: Objects 1403 * Type: Iteration 1404 * Operands: 1405 * Stack: iter, next => asynciter 1406 */ \ 1407 MACRO(ToAsyncIter, to_async_iter, NULL, 1, 2, 1, JOF_BYTE) \ 1408 /* 1409 * Set the prototype of `obj`. 1410 * 1411 * `obj` must be an object. 1412 * 1413 * Implements: [B.3.1 __proto__ Property Names in Object Initializers][1], step 7.a. 1414 * 1415 * [1]: https://tc39.es/ecma262/#sec-__proto__-property-names-in-object-initializers 1416 * 1417 * Category: Objects 1418 * Type: SetPrototype 1419 * Operands: 1420 * Stack: obj, protoVal => obj 1421 */ \ 1422 MACRO(MutateProto, mutate_proto, NULL, 1, 2, 1, JOF_BYTE) \ 1423 /* 1424 * Create and push a new Array object with the given `length`, 1425 * preallocating enough memory to hold that many elements. 1426 * 1427 * Category: Objects 1428 * Type: Array literals 1429 * Operands: uint32_t length 1430 * Stack: => array 1431 */ \ 1432 MACRO(NewArray, new_array, NULL, 5, 0, 1, JOF_UINT32|JOF_IC) \ 1433 /* 1434 * Initialize an array element `array[index]` with value `val`. 1435 * 1436 * `val` may be `MagicValue(JS_ELEMENTS_HOLE)` pushed by `JSOp::Hole`. 1437 * 1438 * This never calls setters or proxy traps. 1439 * 1440 * `array` must be an Array object created by `JSOp::NewArray` with length > 1441 * `index`, and never used except by `JSOp::InitElemArray`. 1442 * 1443 * Implements: [ArrayAccumulation][1], the third algorithm, step 4, in the 1444 * common case where *nextIndex* is known. 1445 * 1446 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-arrayaccumulation 1447 * 1448 * Category: Objects 1449 * Type: Array literals 1450 * Operands: uint32_t index 1451 * Stack: array, val => array 1452 */ \ 1453 MACRO(InitElemArray, init_elem_array, NULL, 5, 2, 1, JOF_UINT32|JOF_ELEM|JOF_PROPINIT) \ 1454 /* 1455 * Initialize an array element `array[index++]` with value `val`. 1456 * 1457 * `val` may be `MagicValue(JS_ELEMENTS_HOLE)` pushed by `JSOp::Hole`. If it 1458 * is, no element is defined, but the array length and the stack value 1459 * `index` are still incremented. 1460 * 1461 * This never calls setters or proxy traps. 1462 * 1463 * `array` must be an Array object created by `JSOp::NewArray` and never used 1464 * except by `JSOp::InitElemArray` and `JSOp::InitElemInc`. 1465 * 1466 * `index` must be an integer, `0 <= index <= INT32_MAX`. If `index` is 1467 * `INT32_MAX`, this throws a RangeError. 1468 * 1469 * This instruction is used when an array literal contains a 1470 * *SpreadElement*. In `[a, ...b, c]`, `InitElemArray 0` is used to put 1471 * `a` into the array, but `InitElemInc` is used for the elements of `b` 1472 * and for `c`. 1473 * 1474 * Implements: Several steps in [ArrayAccumulation][1] that call 1475 * CreateDataProperty, set the array length, and/or increment *nextIndex*. 1476 * 1477 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-arrayaccumulation 1478 * 1479 * Category: Objects 1480 * Type: Array literals 1481 * Operands: 1482 * Stack: array, index, val => array, (index + 1) 1483 */ \ 1484 MACRO(InitElemInc, init_elem_inc, NULL, 1, 3, 2, JOF_BYTE|JOF_ELEM|JOF_PROPINIT|JOF_IC) \ 1485 /* 1486 * Push `MagicValue(JS_ELEMENTS_HOLE)`, representing an *Elision* in an 1487 * array literal (like the missing property 0 in the array `[, 1]`). 1488 * 1489 * This magic value must be used only by `JSOp::InitElemArray` or 1490 * `JSOp::InitElemInc`. 1491 * 1492 * Category: Objects 1493 * Type: Array literals 1494 * Operands: 1495 * Stack: => hole 1496 */ \ 1497 MACRO(Hole, hole, NULL, 1, 0, 1, JOF_BYTE) \ 1498 /* 1499 * Clone and push a new RegExp object. 1500 * 1501 * Implements: [Evaluation for *RegularExpressionLiteral*][1]. 1502 * 1503 * [1]: https://tc39.es/ecma262/#sec-regular-expression-literals-runtime-semantics-evaluation 1504 * 1505 * Category: Objects 1506 * Type: RegExp literals 1507 * Operands: uint32_t regexpIndex 1508 * Stack: => regexp 1509 */ \ 1510 MACRO(RegExp, reg_exp, NULL, 5, 0, 1, JOF_REGEXP) \ 1511 /* 1512 * Push a new function object. 1513 * 1514 * The new function inherits the current environment chain. 1515 * 1516 * Used to create most JS functions. Notable exceptions are arrow functions 1517 * and derived or default class constructors. 1518 * 1519 * The function indicated by `funcIndex` must be a non-arrow function. 1520 * 1521 * Implements: [InstantiateFunctionObject][1], [Evaluation for 1522 * *FunctionExpression*][2], and so on. 1523 * 1524 * [1]: https://tc39.es/ecma262/#sec-function-definitions-runtime-semantics-instantiatefunctionobject 1525 * [2]: https://tc39.es/ecma262/#sec-function-definitions-runtime-semantics-evaluation 1526 * 1527 * Category: Functions 1528 * Type: Creating functions 1529 * Operands: uint32_t funcIndex 1530 * Stack: => fn 1531 */ \ 1532 MACRO(Lambda, lambda, NULL, 5, 0, 1, JOF_OBJECT) \ 1533 /* 1534 * Push a new arrow function. 1535 * 1536 * `newTarget` matters only if the arrow function uses the expression 1537 * `new.target`. It should be the current value of `new.target`, so that 1538 * the arrow function inherits `new.target` from the enclosing scope. (If 1539 * `new.target` is illegal here, the value doesn't matter; use `null`.) 1540 * 1541 * The function indicated by `funcIndex` must be an arrow function. 1542 * 1543 * Category: Functions 1544 * Type: Creating functions 1545 * Operands: uint32_t funcIndex 1546 * Stack: newTarget => arrowFn 1547 */ \ 1548 MACRO(LambdaArrow, lambda_arrow, NULL, 5, 1, 1, JOF_OBJECT) \ 1549 /* 1550 * Set the name of a function. 1551 * 1552 * `fun` must be a function object. `name` must be a string, Int32 value, 1553 * or symbol (like the result of `JSOp::ToId`). 1554 * 1555 * Implements: [SetFunctionName][1], used e.g. to name methods with 1556 * computed property names. 1557 * 1558 * [1]: https://tc39.es/ecma262/#sec-setfunctionname 1559 * 1560 * Category: Functions 1561 * Type: Creating functions 1562 * Operands: FunctionPrefixKind prefixKind 1563 * Stack: fun, name => fun 1564 */ \ 1565 MACRO(SetFunName, set_fun_name, NULL, 2, 2, 1, JOF_UINT8) \ 1566 /* 1567 * Initialize the home object for functions with super bindings. 1568 * 1569 * `fun` must be a method, getter, or setter, so that it has a 1570 * [[HomeObject]] slot. `homeObject` must be a plain object or (for static 1571 * methods) a constructor. 1572 * 1573 * Category: Functions 1574 * Type: Creating functions 1575 * Operands: 1576 * Stack: fun, homeObject => fun 1577 */ \ 1578 MACRO(InitHomeObject, init_home_object, NULL, 1, 2, 1, JOF_BYTE) \ 1579 /* 1580 * Throw a TypeError if `baseClass` isn't either `null` or a constructor. 1581 * 1582 * Implements: [ClassDefinitionEvaluation][1] step 6.f. 1583 * 1584 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1585 * 1586 * Category: Functions 1587 * Type: Creating constructors 1588 * Operands: 1589 * Stack: baseClass => baseClass 1590 */ \ 1591 MACRO(CheckClassHeritage, check_class_heritage, NULL, 1, 1, 1, JOF_BYTE) \ 1592 /* 1593 * Like `JSOp::Lambda`, but using `proto` as the new function's 1594 * `[[Prototype]]` (or `%FunctionPrototype%` if `proto` is `null`). 1595 * 1596 * `proto` must be either a constructor or `null`. We use 1597 * `JSOp::CheckClassHeritage` to check. 1598 * 1599 * This is used to create the constructor for a derived class. 1600 * 1601 * Implements: [ClassDefinitionEvaluation][1] steps 6.e.ii, 6.g.iii, and 1602 * 12 for derived classes. 1603 * 1604 * [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation 1605 * 1606 * Category: Functions 1607 * Type: Creating constructors 1608 * Operands: uint32_t funcIndex 1609 * Stack: proto => obj 1610 */ \ 1611 MACRO(FunWithProto, fun_with_proto, NULL, 5, 1, 1, JOF_OBJECT) \ 1612 /* 1613 * Pushes the current global's %BuiltinObject%. 1614 * 1615 * `kind` must be a valid `BuiltinObjectKind` (and must not be 1616 * `BuiltinObjectKind::None`). 1617 * 1618 * Category: Objects 1619 * Type: Built-in objects 1620 * Operands: uint8_t kind 1621 * Stack: => %BuiltinObject% 1622 */ \ 1623 MACRO(BuiltinObject, builtin_object, NULL, 2, 0, 1, JOF_UINT8) \ 1624 /* 1625 * Invoke `callee` with `this` and `args`, and push the return value. Throw 1626 * a TypeError if `callee` isn't a function. 1627 * 1628 * `JSOp::CallIter` is used for implicit calls to @@iterator methods, to 1629 * ensure error messages are formatted with `JSMSG_NOT_ITERABLE` ("x is not 1630 * iterable") rather than `JSMSG_NOT_FUNCTION` ("x[Symbol.iterator] is not 1631 * a function"). The `argc` operand must be 0 for this variation. 1632 * 1633 * `JSOp::FunApply` hints to the VM that this is likely a call to the 1634 * builtin method `Function.prototype.apply`, an easy optimization target. 1635 * 1636 * `JSOp::FunCall` similarly hints to the VM that the callee is likely 1637 * `Function.prototype.call`. 1638 * 1639 * `JSOp::CallIgnoresRv` hints to the VM that the return value is ignored. 1640 * This allows alternate faster implementations to be used that avoid 1641 * unnecesary allocations. 1642 * 1643 * Implements: [EvaluateCall][1] steps 4, 5, and 7. 1644 * 1645 * [1]: https://tc39.es/ecma262/#sec-evaluatecall 1646 * 1647 * Category: Functions 1648 * Type: Calls 1649 * Operands: uint16_t argc 1650 * Stack: callee, this, args[0], ..., args[argc-1] => rval 1651 */ \ 1652 MACRO(Call, call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_IC) \ 1653 MACRO(CallIter, call_iter, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_IC) \ 1654 MACRO(FunApply, fun_apply, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_IC) \ 1655 MACRO(FunCall, fun_call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_IC) \ 1656 MACRO(CallIgnoresRv, call_ignores_rv, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_IC) \ 1657 /* 1658 * Like `JSOp::Call`, but the arguments are provided in an array rather than 1659 * a span of stack slots. Used to implement spread-call syntax: 1660 * `f(...args)`. 1661 * 1662 * `args` must be an Array object containing the actual arguments. The 1663 * array must be packed (dense and free of holes; see IsPackedArray). 1664 * This can be ensured by creating the array with `JSOp::NewArray` and 1665 * populating it using `JSOp::InitElemArray`. 1666 * 1667 * Category: Functions 1668 * Type: Calls 1669 * Operands: 1670 * Stack: callee, this, args => rval 1671 */ \ 1672 MACRO(SpreadCall, spread_call, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_IC) \ 1673 /* 1674 * Push true if `arr` is an array object that can be passed directly as the 1675 * `args` argument to `JSOp::SpreadCall`. 1676 * 1677 * This instruction and the branch around the iterator loop are emitted 1678 * only when `arr` is itself a rest parameter, as in `(...arr) => 1679 * f(...arr)`, a strong hint that it's a packed Array whose prototype is 1680 * `Array.prototype`. 1681 * 1682 * See `js::OptimizeSpreadCall`. 1683 * 1684 * Category: Functions 1685 * Type: Calls 1686 * Operands: 1687 * Stack: arr => arr, optimized 1688 */ \ 1689 MACRO(OptimizeSpreadCall, optimize_spread_call, NULL, 1, 1, 2, JOF_BYTE|JOF_IC) \ 1690 /* 1691 * Perform a direct eval in the current environment if `callee` is the 1692 * builtin `eval` function, otherwise follow same behaviour as `JSOp::Call`. 1693 * 1694 * All direct evals use one of the JSOp::*Eval instructions here and these 1695 * opcodes are only used when the syntactic conditions for a direct eval 1696 * are met. If the builtin `eval` function is called though other means, it 1697 * becomes an indirect eval. 1698 * 1699 * Direct eval causes all bindings in *enclosing* non-global scopes to be 1700 * marked "aliased". The optimization that puts bindings in stack slots has 1701 * to prove that the bindings won't need to be captured by closures or 1702 * accessed using `JSOp::{Get,Bind,Set,Del}Name` instructions. Direct eval 1703 * makes that analysis impossible. 1704 * 1705 * The instruction immediately following any `JSOp::*Eval` instruction must 1706 * be `JSOp::Lineno`. 1707 * 1708 * Implements: [Function Call Evaluation][1], steps 5-7 and 9, when the 1709 * syntactic critera for direct eval in step 6 are all met. 1710 * 1711 * [1]: https://tc39.es/ecma262/#sec-function-calls-runtime-semantics-evaluation 1712 * 1713 * Category: Functions 1714 * Type: Calls 1715 * Operands: uint16_t argc 1716 * Stack: callee, this, args[0], ..., args[argc-1] => rval 1717 */ \ 1718 MACRO(Eval, eval, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CHECKSLOPPY|JOF_IC) \ 1719 /* 1720 * Spread-call variant of `JSOp::Eval`. 1721 * 1722 * See `JSOp::SpreadCall` for restrictions on `args`. 1723 * 1724 * Category: Functions 1725 * Type: Calls 1726 * Operands: 1727 * Stack: callee, this, args => rval 1728 */ \ 1729 MACRO(SpreadEval, spread_eval, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_CHECKSLOPPY|JOF_IC) \ 1730 /* 1731 * Like `JSOp::Eval`, but for strict mode code. 1732 * 1733 * Category: Functions 1734 * Type: Calls 1735 * Operands: uint16_t argc 1736 * Stack: evalFn, this, args[0], ..., args[argc-1] => rval 1737 */ \ 1738 MACRO(StrictEval, strict_eval, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CHECKSTRICT|JOF_IC) \ 1739 /* 1740 * Spread-call variant of `JSOp::StrictEval`. 1741 * 1742 * See `JSOp::SpreadCall` for restrictions on `args`. 1743 * 1744 * Category: Functions 1745 * Type: Calls 1746 * Operands: 1747 * Stack: callee, this, args => rval 1748 */ \ 1749 MACRO(StrictSpreadEval, strict_spread_eval, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE|JOF_SPREAD|JOF_CHECKSTRICT|JOF_IC) \ 1750 /* 1751 * Push the implicit `this` value for an unqualified function call, like 1752 * `foo()`. `nameIndex` gives the name of the function we're calling. 1753 * 1754 * The result is always `undefined` except when the name refers to a `with` 1755 * binding. For example, in `with (date) { getFullYear(); }`, the 1756 * implicit `this` passed to `getFullYear` is `date`, not `undefined`. 1757 * 1758 * This walks the run-time environment chain looking for the environment 1759 * record that contains the function. If the function call is not inside a 1760 * `with` statement, use `JSOp::GImplicitThis` instead. If the function call 1761 * definitely refers to a local binding, use `JSOp::Undefined`. 1762 * 1763 * Implements: [EvaluateCall][1] step 1.b. But not entirely correctly. 1764 * See [bug 1166408][2]. 1765 * 1766 * [1]: https://tc39.es/ecma262/#sec-evaluatecall 1767 * [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1166408 1768 * 1769 * Category: Functions 1770 * Type: Calls 1771 * Operands: uint32_t nameIndex 1772 * Stack: => this 1773 */ \ 1774 MACRO(ImplicitThis, implicit_this, "", 5, 0, 1, JOF_ATOM) \ 1775 /* 1776 * Like `JSOp::ImplicitThis`, but the name must not be bound in any local 1777 * environments. 1778 * 1779 * The result is always `undefined` except when the name refers to a 1780 * binding in a non-syntactic `with` environment. 1781 * 1782 * Note: The frontend has to emit `JSOp::GImplicitThis` (and not 1783 * `JSOp::Undefined`) for global unqualified function calls, even when 1784 * `CompileOptions::nonSyntacticScope == false`, because later 1785 * `js::CloneGlobalScript` can be called with `ScopeKind::NonSyntactic` to 1786 * clone the script into a non-syntactic environment, with the bytecode 1787 * reused, unchanged. 1788 * 1789 * Category: Functions 1790 * Type: Calls 1791 * Operands: uint32_t nameIndex 1792 * Stack: => this 1793 */ \ 1794 MACRO(GImplicitThis, g_implicit_this, "", 5, 0, 1, JOF_ATOM) \ 1795 /* 1796 * Push the call site object for a tagged template call. 1797 * 1798 * `script->getObject(objectIndex)` is the call site object; 1799 * `script->getObject(objectIndex + 1)` is the raw object. 1800 * 1801 * The first time this instruction runs for a given template, it assembles 1802 * the final value, defining the `.raw` property on the call site object 1803 * and freezing both objects. 1804 * 1805 * Implements: [GetTemplateObject][1], steps 4 and 12-16. 1806 * 1807 * [1]: https://tc39.es/ecma262/#sec-gettemplateobject 1808 * 1809 * Category: Functions 1810 * Type: Calls 1811 * Operands: uint32_t objectIndex 1812 * Stack: => callSiteObj 1813 */ \ 1814 MACRO(CallSiteObj, call_site_obj, NULL, 5, 0, 1, JOF_OBJECT) \ 1815 /* 1816 * Push `MagicValue(JS_IS_CONSTRUCTING)`. 1817 * 1818 * This magic value is a required argument to the `JSOp::New` and 1819 * `JSOp::SuperCall` instructions and must not be used any other way. 1820 * 1821 * Category: Functions 1822 * Type: Calls 1823 * Operands: 1824 * Stack: => JS_IS_CONSTRUCTING 1825 */ \ 1826 MACRO(IsConstructing, is_constructing, NULL, 1, 0, 1, JOF_BYTE) \ 1827 /* 1828 * Invoke `callee` as a constructor with `args` and `newTarget`, and push 1829 * the return value. Throw a TypeError if `callee` isn't a constructor. 1830 * 1831 * `isConstructing` must be the value pushed by `JSOp::IsConstructing`. 1832 * 1833 * `JSOp::SuperCall` behaves exactly like `JSOp::New`, but is used for 1834 * *SuperCall* expressions, to allow JITs to distinguish them from `new` 1835 * expressions. 1836 * 1837 * Implements: [EvaluateConstruct][1] steps 7 and 8. 1838 * 1839 * [1]: https://tc39.es/ecma262/#sec-evaluatenew 1840 * 1841 * Category: Functions 1842 * Type: Calls 1843 * Operands: uint16_t argc 1844 * Stack: callee, isConstructing, args[0], ..., args[argc-1], newTarget => rval 1845 */ \ 1846 MACRO(New, new_, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CONSTRUCT|JOF_IC) \ 1847 MACRO(SuperCall, super_call, NULL, 3, -1, 1, JOF_ARGC|JOF_INVOKE|JOF_CONSTRUCT|JOF_IC) \ 1848 /* 1849 * Spread-call variant of `JSOp::New`. 1850 * 1851 * Invokes `callee` as a constructor with `args` and `newTarget`, and 1852 * pushes the return value onto the stack. 1853 * 1854 * `isConstructing` must be the value pushed by `JSOp::IsConstructing`. 1855 * See `JSOp::SpreadCall` for restrictions on `args`. 1856 * 1857 * `JSOp::SpreadSuperCall` behaves exactly like `JSOp::SpreadNew`, but is 1858 * used for *SuperCall* expressions. 1859 * 1860 * Category: Functions 1861 * Type: Calls 1862 * Operands: 1863 * Stack: callee, isConstructing, args, newTarget => rval 1864 */ \ 1865 MACRO(SpreadNew, spread_new, NULL, 1, 4, 1, JOF_BYTE|JOF_INVOKE|JOF_CONSTRUCT|JOF_SPREAD|JOF_IC) \ 1866 MACRO(SpreadSuperCall, spread_super_call, NULL, 1, 4, 1, JOF_BYTE|JOF_INVOKE|JOF_CONSTRUCT|JOF_SPREAD|JOF_IC) \ 1867 /* 1868 * Push the prototype of `callee` in preparation for calling `super()`. 1869 * 1870 * `callee` must be a derived class constructor. 1871 * 1872 * Implements: [GetSuperConstructor][1], steps 4-7. 1873 * 1874 * [1]: https://tc39.es/ecma262/#sec-getsuperconstructor 1875 * 1876 * Category: Functions 1877 * Type: Calls 1878 * Operands: 1879 * Stack: callee => superFun 1880 */ \ 1881 MACRO(SuperFun, super_fun, NULL, 1, 1, 1, JOF_BYTE) \ 1882 /* 1883 * Throw a ReferenceError if `thisval` is not 1884 * `MagicValue(JS_UNINITIALIZED_LEXICAL)`. Used in derived class 1885 * constructors to prohibit calling `super` more than once. 1886 * 1887 * Implements: [BindThisValue][1], step 3. 1888 * 1889 * [1]: https://tc39.es/ecma262/#sec-bindthisvalue 1890 * 1891 * Category: Functions 1892 * Type: Calls 1893 * Operands: 1894 * Stack: thisval => thisval 1895 */ \ 1896 MACRO(CheckThisReinit, check_this_reinit, NULL, 1, 1, 1, JOF_BYTE) \ 1897 /* 1898 * Create and push a generator object for the current frame. 1899 * 1900 * This instruction must appear only in scripts for generators, async 1901 * functions, and async generators. There must not already be a generator 1902 * object for the current frame (that is, this instruction must execute at 1903 * most once per generator or async call). 1904 * 1905 * Category: Functions 1906 * Type: Generators and async functions 1907 * Operands: 1908 * Stack: => gen 1909 */ \ 1910 MACRO(Generator, generator, NULL, 1, 0, 1, JOF_BYTE) \ 1911 /* 1912 * Suspend the current generator and return to the caller. 1913 * 1914 * When a generator is called, its script starts running, like any other JS 1915 * function, because [FunctionDeclarationInstantation][1] and other 1916 * [generator object setup][2] are implemented mostly in bytecode. However, 1917 * the *FunctionBody* of the generator is not supposed to start running 1918 * until the first `.next()` call, so after setup the script suspends 1919 * itself: the "initial yield". 1920 * 1921 * Later, when resuming execution, `rval`, `gen` and `resumeKind` will 1922 * receive the values passed in by `JSOp::Resume`. `resumeKind` is the 1923 * `GeneratorResumeKind` stored as an Int32 value. 1924 * 1925 * This instruction must appear only in scripts for generators and async 1926 * generators. `gen` must be the generator object for the current frame. It 1927 * must not have been previously suspended. The resume point indicated by 1928 * `resumeIndex` must be the next instruction in the script, which must be 1929 * `AfterYield`. 1930 * 1931 * Implements: [GeneratorStart][3], steps 4-7. 1932 * 1933 * [1]: https://tc39.es/ecma262/#sec-functiondeclarationinstantiation 1934 * [2]: https://tc39.es/ecma262/#sec-generator-function-definitions-runtime-semantics-evaluatebody 1935 * [3]: https://tc39.es/ecma262/#sec-generatorstart 1936 * 1937 * Category: Functions 1938 * Type: Generators and async functions 1939 * Operands: uint24_t resumeIndex 1940 * Stack: gen => rval, gen, resumeKind 1941 */ \ 1942 MACRO(InitialYield, initial_yield, NULL, 4, 1, 3, JOF_RESUMEINDEX) \ 1943 /* 1944 * Bytecode emitted after `yield` expressions. This is useful for the 1945 * Debugger and `AbstractGeneratorObject::isAfterYieldOrAwait`. It's 1946 * treated as jump target op so that the Baseline Interpreter can 1947 * efficiently restore the frame's interpreterICEntry when resuming a 1948 * generator. 1949 * 1950 * The preceding instruction in the script must be `Yield`, `InitialYield`, 1951 * or `Await`. 1952 * 1953 * Category: Functions 1954 * Type: Generators and async functions 1955 * Operands: uint32_t icIndex 1956 * Stack: => 1957 */ \ 1958 MACRO(AfterYield, after_yield, NULL, 5, 0, 0, JOF_ICINDEX) \ 1959 /* 1960 * Suspend and close the current generator, async function, or async 1961 * generator. 1962 * 1963 * `gen` must be the generator object for the current frame. 1964 * 1965 * If the current function is a non-async generator, then the value in the 1966 * frame's return value slot is returned to the caller. It should be an 1967 * object of the form `{value: returnValue, done: true}`. 1968 * 1969 * If the current function is an async function or async generator, the 1970 * frame's return value slot must contain the current frame's result 1971 * promise, which must already be resolved or rejected. 1972 * 1973 * Category: Functions 1974 * Type: Generators and async functions 1975 * Operands: 1976 * Stack: gen => 1977 */ \ 1978 MACRO(FinalYieldRval, final_yield_rval, NULL, 1, 1, 0, JOF_BYTE) \ 1979 /* 1980 * Suspend execution of the current generator or async generator, returning 1981 * `rval1`. 1982 * 1983 * For non-async generators, `rval1` should be an object of the form 1984 * `{value: valueToYield, done: true}`. For async generators, `rval1` 1985 * should be the value to yield, and the caller is responsible for creating 1986 * the iterator result object (under `js::AsyncGeneratorYield`). 1987 * 1988 * This instruction must appear only in scripts for generators and async 1989 * generators. `gen` must be the generator object for the current stack 1990 * frame. The resume point indicated by `resumeIndex` must be the next 1991 * instruction in the script, which must be `AfterYield`. 1992 * 1993 * When resuming execution, `rval2`, `gen` and `resumeKind` receive the 1994 * values passed in by `JSOp::Resume`. 1995 * 1996 * Implements: [GeneratorYield][1] and [AsyncGeneratorYield][2]. 1997 * 1998 * [1]: https://tc39.es/ecma262/#sec-generatoryield 1999 * [2]: https://tc39.es/ecma262/#sec-asyncgeneratoryield 2000 * 2001 * Category: Functions 2002 * Type: Generators and async functions 2003 * Operands: uint24_t resumeIndex 2004 * Stack: rval1, gen => rval2, gen, resumeKind 2005 */ \ 2006 MACRO(Yield, yield, NULL, 4, 2, 3, JOF_RESUMEINDEX) \ 2007 /* 2008 * Pushes a boolean indicating whether the top of the stack is 2009 * `MagicValue(JS_GENERATOR_CLOSING)`. 2010 * 2011 * Category: Functions 2012 * Type: Generators and async functions 2013 * Operands: 2014 * Stack: val => val, res 2015 */ \ 2016 MACRO(IsGenClosing, is_gen_closing, NULL, 1, 1, 2, JOF_BYTE) \ 2017 /* 2018 * Arrange for this async function to resume asynchronously when `value` 2019 * becomes resolved. 2020 * 2021 * This is the last thing an async function does before suspending for an 2022 * `await` expression. It coerces the awaited `value` to a promise and 2023 * effectively calls `.then()` on it, passing handler functions that will 2024 * resume this async function call later. See `js::AsyncFunctionAwait`. 2025 * 2026 * This instruction must appear only in non-generator async function 2027 * scripts. `gen` must be the internal generator object for the current 2028 * frame. After this instruction, the script should suspend itself with 2029 * `Await` (rather than exiting any other way). 2030 * 2031 * The result `promise` is the async function's result promise, 2032 * `gen->as<AsyncFunctionGeneratorObject>().promise()`. 2033 * 2034 * Implements: [Await][1], steps 2-9. 2035 * 2036 * [1]: https://tc39.github.io/ecma262/#await 2037 * 2038 * Category: Functions 2039 * Type: Generators and async functions 2040 * Operands: 2041 * Stack: value, gen => promise 2042 */ \ 2043 MACRO(AsyncAwait, async_await, NULL, 1, 2, 1, JOF_BYTE) \ 2044 /* 2045 * Resolve or reject the current async function's result promise with 2046 * 'valueOrReason'. 2047 * 2048 * This instruction must appear only in non-generator async function 2049 * scripts. `gen` must be the internal generator object for the current 2050 * frame. This instruction must run at most once per async function call, 2051 * as resolving/rejecting an already resolved/rejected promise is not 2052 * permitted. 2053 * 2054 * The result `promise` is the async function's result promise, 2055 * `gen->as<AsyncFunctionGeneratorObject>().promise()`. 2056 * 2057 * Implements: [AsyncFunctionStart][1], step 4.d.i. and 4.e.i. 2058 * 2059 * [1]: https://tc39.es/ecma262/#sec-async-functions-abstract-operations-async-function-start 2060 * 2061 * Category: Functions 2062 * Type: Generators and async functions 2063 * Operands: AsyncFunctionResolveKind fulfillOrReject 2064 * Stack: valueOrReason, gen => promise 2065 */ \ 2066 MACRO(AsyncResolve, async_resolve, NULL, 2, 2, 1, JOF_UINT8) \ 2067 /* 2068 * Suspend the current frame for an `await` expression. 2069 * 2070 * This instruction must appear only in scripts for async functions and 2071 * async generators. `gen` must be the internal generator object for the 2072 * current frame. 2073 * 2074 * This returns `promise` to the caller. Later, when this async call is 2075 * resumed, `resolved`, `gen` and `resumeKind` receive the values passed in 2076 * by `JSOp::Resume`, and execution continues at the next instruction, 2077 * which must be `AfterYield`. 2078 * 2079 * This instruction is used in two subtly different ways. 2080 * 2081 * 1. In async functions: 2082 * 2083 * ... # valueToAwait 2084 * GetAliasedVar ".generator" # valueToAwait gen 2085 * AsyncAwait # resultPromise 2086 * GetAliasedVar ".generator" # resultPromise gen 2087 * Await # resolved gen resumeKind 2088 * AfterYield 2089 * 2090 * `AsyncAwait` arranges for this frame to be resumed later and pushes 2091 * its result promise. `Await` then suspends the frame and removes it 2092 * from the stack, returning the result promise to the caller. (If this 2093 * async call hasn't awaited before, the caller may be user code. 2094 * Otherwise, the caller is self-hosted code using `resumeGenerator`.) 2095 * 2096 * 2. In async generators: 2097 * 2098 * ... # valueToAwait 2099 * GetAliasedVar ".generator" # valueToAwait gen 2100 * Await # resolved gen resumeKind 2101 * AfterYield 2102 * 2103 * `AsyncAwait` is not used, so (1) the value returned to the caller by 2104 * `Await` is `valueToAwait`, not `resultPromise`; and (2) the caller 2105 * is responsible for doing the async-generator equivalent of 2106 * `AsyncAwait` (namely, `js::AsyncGeneratorAwait`, called from 2107 * `js::AsyncGeneratorResume` after `js::CallSelfHostedFunction` 2108 * returns). 2109 * 2110 * Implements: [Await][1], steps 10-12. 2111 * 2112 * [1]: https://tc39.es/ecma262/#await 2113 * 2114 * Category: Functions 2115 * Type: Generators and async functions 2116 * Operands: uint24_t resumeIndex 2117 * Stack: promise, gen => resolved, gen, resumeKind 2118 */ \ 2119 MACRO(Await, await, NULL, 4, 2, 3, JOF_RESUMEINDEX) \ 2120 /* 2121 * Test if the re-entry to the microtask loop may be skipped. 2122 * 2123 * This is part of an optimization for `await` expressions. Programs very 2124 * often await values that aren't promises, or promises that are already 2125 * resolved. We can then sometimes skip suspending the current frame and 2126 * returning to the microtask loop. If the circumstances permit the 2127 * optimization, `CanSkipAwait` pushes true if the optimization is allowed, 2128 * and false otherwise. 2129 * 2130 * Category: Functions 2131 * Type: Generators and async functions 2132 * Operands: 2133 * Stack: value => value, can_skip 2134 */ \ 2135 MACRO(CanSkipAwait, can_skip_await, NULL, 1, 1, 2, JOF_BYTE) \ 2136 /* 2137 * Potentially extract an awaited value, if the await is skippable 2138 * 2139 * If re-entering the microtask loop is skippable (as checked by CanSkipAwait) 2140 * if can_skip is true, `MaybeExtractAwaitValue` replaces `value` with the result of the 2141 * `await` expression (unwrapping the resolved promise, if any). Otherwise, value remains 2142 * as is. 2143 * 2144 * In both cases, can_skip remains the same. 2145 * 2146 * Category: Functions 2147 * Type: Generators and async functions 2148 * Operands: 2149 * Stack: value, can_skip => value_or_resolved, can_skip 2150 */ \ 2151 MACRO(MaybeExtractAwaitValue, maybe_extract_await_value, NULL, 1, 2, 2, JOF_BYTE) \ 2152 /* 2153 * Pushes one of the GeneratorResumeKind values as Int32Value. 2154 * 2155 * Category: Functions 2156 * Type: Generators and async functions 2157 * Operands: GeneratorResumeKind resumeKind (encoded as uint8_t) 2158 * Stack: => resumeKind 2159 */ \ 2160 MACRO(ResumeKind, resume_kind, NULL, 2, 0, 1, JOF_UINT8) \ 2161 /* 2162 * Handle Throw and Return resumption. 2163 * 2164 * `gen` must be the generator object for the current frame. `resumeKind` 2165 * must be a `GeneratorResumeKind` stored as an `Int32` value. If it is 2166 * `Next`, continue to the next instruction. If `resumeKind` is `Throw` or 2167 * `Return`, these completions are handled by throwing an exception. See 2168 * `GeneratorThrowOrReturn`. 2169 * 2170 * Category: Functions 2171 * Type: Generators and async functions 2172 * Operands: 2173 * Stack: rval, gen, resumeKind => rval 2174 */ \ 2175 MACRO(CheckResumeKind, check_resume_kind, NULL, 1, 3, 1, JOF_BYTE) \ 2176 /* 2177 * Resume execution of a generator, async function, or async generator. 2178 * 2179 * This behaves something like a call instruction. It pushes a stack frame 2180 * (the one saved when `gen` was suspended, rather than a fresh one) and 2181 * runs instructions in it. Once `gen` returns or yields, its return value 2182 * is pushed to this frame's stack and execution continues in this script. 2183 * 2184 * This instruction is emitted only for the `resumeGenerator` self-hosting 2185 * intrinsic. It is used in the implementation of 2186 * `%GeneratorPrototype%.next`, `.throw`, and `.return`. 2187 * 2188 * `gen` must be a suspended generator object. `resumeKind` must be in 2189 * range for `GeneratorResumeKind`. 2190 * 2191 * Category: Functions 2192 * Type: Generators and async functions 2193 * Operands: 2194 * Stack: gen, val, resumeKind => rval 2195 */ \ 2196 MACRO(Resume, resume, NULL, 1, 3, 1, JOF_BYTE|JOF_INVOKE) \ 2197 /* 2198 * No-op instruction marking the target of a jump instruction. 2199 * 2200 * This instruction and a few others (see `js::BytecodeIsJumpTarget`) are 2201 * jump target instructions. The Baseline Interpreter uses these 2202 * instructions to sync the frame's `interpreterICEntry` after a jump. Ion 2203 * uses them to find block boundaries when translating bytecode to MIR. 2204 * 2205 * Category: Control flow 2206 * Type: Jump targets 2207 * Operands: uint32_t icIndex 2208 * Stack: => 2209 */ \ 2210 MACRO(JumpTarget, jump_target, NULL, 5, 0, 0, JOF_ICINDEX) \ 2211 /* 2212 * Marks the target of the backwards jump for some loop. 2213 * 2214 * This is a jump target instruction (see `JSOp::JumpTarget`). Additionally, 2215 * it checks for interrupts and handles JIT tiering. 2216 * 2217 * The `depthHint` operand is a loop depth hint for Ion. It starts at 1 and 2218 * deeply nested loops all have the same value. 2219 * 2220 * For the convenience of the JITs, scripts must not start with this 2221 * instruction. See bug 1602390. 2222 * 2223 * Category: Control flow 2224 * Type: Jump targets 2225 * Operands: uint32_t icIndex, uint8_t depthHint 2226 * Stack: => 2227 */ \ 2228 MACRO(LoopHead, loop_head, NULL, 6, 0, 0, JOF_LOOPHEAD) \ 2229 /* 2230 * Jump to a 32-bit offset from the current bytecode. 2231 * 2232 * See "Jump instructions" above for details. 2233 * 2234 * Category: Control flow 2235 * Type: Jumps 2236 * Operands: int32_t offset 2237 * Stack: => 2238 */ \ 2239 MACRO(Goto, goto_, NULL, 5, 0, 0, JOF_JUMP) \ 2240 /* 2241 * If ToBoolean(`cond`) is false, jumps to a 32-bit offset from the current 2242 * instruction. 2243 * 2244 * Category: Control flow 2245 * Type: Jumps 2246 * Operands: int32_t forwardOffset 2247 * Stack: cond => 2248 */ \ 2249 MACRO(JumpIfFalse, jump_if_false, NULL, 5, 1, 0, JOF_JUMP|JOF_IC) \ 2250 /* 2251 * If ToBoolean(`cond`) is true, jump to a 32-bit offset from the current 2252 * instruction. 2253 * 2254 * `offset` may be positive or negative. This is the instruction used at the 2255 * end of a do-while loop to jump back to the top. 2256 * 2257 * Category: Control flow 2258 * Type: Jumps 2259 * Operands: int32_t offset 2260 * Stack: cond => 2261 */ \ 2262 MACRO(JumpIfTrue, jump_if_true, NULL, 5, 1, 0, JOF_JUMP|JOF_IC) \ 2263 /* 2264 * Short-circuit for logical AND. 2265 * 2266 * If ToBoolean(`cond`) is false, jump to a 32-bit offset from the current 2267 * instruction. The value remains on the stack. 2268 * 2269 * Category: Control flow 2270 * Type: Jumps 2271 * Operands: int32_t forwardOffset 2272 * Stack: cond => cond 2273 */ \ 2274 MACRO(And, and_, NULL, 5, 1, 1, JOF_JUMP|JOF_IC) \ 2275 /* 2276 * Short-circuit for logical OR. 2277 * 2278 * If ToBoolean(`cond`) is true, jump to a 32-bit offset from the current 2279 * instruction. The value remains on the stack. 2280 * 2281 * Category: Control flow 2282 * Type: Jumps 2283 * Operands: int32_t forwardOffset 2284 * Stack: cond => cond 2285 */ \ 2286 MACRO(Or, or_, NULL, 5, 1, 1, JOF_JUMP|JOF_IC) \ 2287 /* 2288 * Short-circuiting for nullish coalescing. 2289 * 2290 * If `val` is not null or undefined, jump to a 32-bit offset from the 2291 * current instruction. 2292 * 2293 * Category: Control flow 2294 * Type: Jumps 2295 * Operands: int32_t forwardOffset 2296 * Stack: val => val 2297 */ \ 2298 MACRO(Coalesce, coalesce, NULL, 5, 1, 1, JOF_JUMP) \ 2299 /* 2300 * Like `JSOp::JumpIfTrue`, but if the branch is taken, pop and discard an 2301 * additional stack value. 2302 * 2303 * This is used to implement `switch` statements when the 2304 * `JSOp::TableSwitch` optimization is not possible. The switch statement 2305 * 2306 * switch (expr) { 2307 * case A: stmt1; 2308 * case B: stmt2; 2309 * } 2310 * 2311 * compiles to this bytecode: 2312 * 2313 * # dispatch code - evaluate expr, check it against each `case`, 2314 * # jump to the right place in the body or to the end. 2315 * <expr> 2316 * Dup; <A>; StrictEq; Case L1; JumpTarget 2317 * Dup; <B>; StrictEq; Case L2; JumpTarget 2318 * Default LE 2319 * 2320 * # body code 2321 * L1: JumpTarget; <stmt1> 2322 * L2: JumpTarget; <stmt2> 2323 * LE: JumpTarget 2324 * 2325 * This opcode is weird: it's the only one whose ndefs varies depending on 2326 * which way a conditional branch goes. We could implement switch 2327 * statements using `JSOp::JumpIfTrue` and `JSOp::Pop`, but that would also 2328 * be awkward--putting the `JSOp::Pop` inside the `switch` body would 2329 * complicate fallthrough. 2330 * 2331 * Category: Control flow 2332 * Type: Jumps 2333 * Operands: int32_t forwardOffset 2334 * Stack: val, cond => val (if !cond) 2335 */ \ 2336 MACRO(Case, case_, NULL, 5, 2, 1, JOF_JUMP) \ 2337 /* 2338 * Like `JSOp::Goto`, but pop and discard an additional stack value. 2339 * 2340 * This appears after all cases for a non-optimized `switch` statement. If 2341 * there's a `default:` label, it jumps to that point in the body; 2342 * otherwise it jumps to the next statement. 2343 * 2344 * Category: Control flow 2345 * Type: Jumps 2346 * Operands: int32_t forwardOffset 2347 * Stack: lval => 2348 */ \ 2349 MACRO(Default, default_, NULL, 5, 1, 0, JOF_JUMP) \ 2350 /* 2351 * Optimized switch-statement dispatch, used when all `case` labels are 2352 * small integer constants. 2353 * 2354 * If `low <= i <= high`, jump to the instruction at the offset given by 2355 * `script->resumeOffsets()[firstResumeIndex + i - low]`, in bytes from the 2356 * start of the current script's bytecode. Otherwise, jump to the 2357 * instruction at `defaultOffset` from the current instruction. All of 2358 * these offsets must be in range for the current script and must point to 2359 * `JSOp::JumpTarget` instructions. 2360 * 2361 * The following inequalities must hold: `low <= high` and 2362 * `firstResumeIndex + high - low < resumeOffsets().size()`. 2363 * 2364 * Category: Control flow 2365 * Type: Jumps 2366 * Operands: int32_t defaultOffset, int32_t low, int32_t high, 2367 * uint24_t firstResumeIndex 2368 * Stack: i => 2369 */ \ 2370 MACRO(TableSwitch, table_switch, NULL, 16, 1, 0, JOF_TABLESWITCH) \ 2371 /* 2372 * Return `rval`. 2373 * 2374 * This must not be used in derived class constructors. Instead use 2375 * `JSOp::SetRval`, `JSOp::CheckReturn`, and `JSOp::RetRval`. 2376 * 2377 * Category: Control flow 2378 * Type: Return 2379 * Operands: 2380 * Stack: rval => 2381 */ \ 2382 MACRO(Return, return_, NULL, 1, 1, 0, JOF_BYTE) \ 2383 /* 2384 * Push the current stack frame's `returnValue`. If no `JSOp::SetRval` 2385 * instruction has been executed in this stack frame, this is `undefined`. 2386 * 2387 * Every stack frame has a `returnValue` slot, used by top-level scripts, 2388 * generators, async functions, and derived class constructors. Plain 2389 * functions usually use `JSOp::Return` instead. 2390 * 2391 * Category: Control flow 2392 * Type: Return 2393 * Operands: 2394 * Stack: => rval 2395 */ \ 2396 MACRO(GetRval, get_rval, NULL, 1, 0, 1, JOF_BYTE) \ 2397 /* 2398 * Store `rval` in the current stack frame's `returnValue` slot. 2399 * 2400 * This instruction must not be used in a toplevel script compiled with the 2401 * `noScriptRval` option. 2402 * 2403 * Category: Control flow 2404 * Type: Return 2405 * Operands: 2406 * Stack: rval => 2407 */ \ 2408 MACRO(SetRval, set_rval, NULL, 1, 1, 0, JOF_BYTE) \ 2409 /* 2410 * Stop execution and return the current stack frame's `returnValue`. If no 2411 * `JSOp::SetRval` instruction has been executed in this stack frame, this 2412 * is `undefined`. 2413 * 2414 * Also emitted at end of every script so consumers don't need to worry 2415 * about running off the end. 2416 * 2417 * If the current script is a derived class constructor, `returnValue` must 2418 * be an object. The script can use `JSOp::CheckReturn` to ensure this. 2419 * 2420 * Category: Control flow 2421 * Type: Return 2422 * Operands: 2423 * Stack: => 2424 */ \ 2425 MACRO(RetRval, ret_rval, NULL, 1, 0, 0, JOF_BYTE) \ 2426 /* 2427 * Check the return value in a derived class constructor. 2428 * 2429 * - If the current stack frame's `returnValue` is an object, do nothing. 2430 * 2431 * - Otherwise, if the `returnValue` is undefined and `thisval` is an 2432 * object, store `thisval` in the `returnValue` slot. 2433 * 2434 * - Otherwise, throw a TypeError. 2435 * 2436 * This is exactly what has to happen when a derived class constructor 2437 * returns. `thisval` should be the current value of `this`, or 2438 * `MagicValue(JS_UNINITIALIZED_LEXICAL)` if `this` is uninitialized. 2439 * 2440 * Implements: [The [[Construct]] internal method of JS functions][1], 2441 * steps 13 and 15. 2442 * 2443 * [1]: https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget 2444 * 2445 * Category: Control flow 2446 * Type: Return 2447 * Operands: 2448 * Stack: thisval => 2449 */ \ 2450 MACRO(CheckReturn, check_return, NULL, 1, 1, 0, JOF_BYTE) \ 2451 /* 2452 * Throw `exc`. (ノಠ益ಠ)ノ彡┴──┴ 2453 * 2454 * This sets the pending exception to `exc` and jumps to error-handling 2455 * code. If we're in a `try` block, error handling adjusts the stack and 2456 * environment chain and resumes execution at the top of the `catch` or 2457 * `finally` block. Otherwise it starts unwinding the stack. 2458 * 2459 * Implements: [*ThrowStatement* Evaluation][1], step 3. 2460 * 2461 * This is also used in for-of loops. If the body of the loop throws an 2462 * exception, we catch it, close the iterator, then use `JSOp::Throw` to 2463 * rethrow. 2464 * 2465 * [1]: https://tc39.es/ecma262/#sec-throw-statement-runtime-semantics-evaluation 2466 * 2467 * Category: Control flow 2468 * Type: Exceptions 2469 * Operands: 2470 * Stack: exc => 2471 */ \ 2472 MACRO(Throw, throw_, NULL, 1, 1, 0, JOF_BYTE) \ 2473 /* 2474 * Create and throw an Error object. 2475 * 2476 * Sometimes we know at emit time that an operation always throws. For 2477 * example, `delete super.prop;` is allowed in methods, but always throws a 2478 * ReferenceError. 2479 * 2480 * `msgNumber` determines the `.message` and [[Prototype]] of the new Error 2481 * object. It must be an error number in js/public/friend/ErrorNumbers.msg. 2482 * The number of arguments in the error message must be 0. 2483 * 2484 * Category: Control flow 2485 * Type: Exceptions 2486 * Operands: ThrowMsgKind msgNumber 2487 * Stack: => 2488 */ \ 2489 MACRO(ThrowMsg, throw_msg, NULL, 2, 0, 0, JOF_UINT8) \ 2490 /* 2491 * Throws a runtime TypeError for invalid assignment to a `const` binding. 2492 * 2493 * Category: Control flow 2494 * Type: Exceptions 2495 * Operands: uint32_t nameIndex 2496 * Stack: 2497 */ \ 2498 MACRO(ThrowSetConst, throw_set_const, NULL, 5, 0, 0, JOF_ATOM|JOF_NAME) \ 2499 /* 2500 * No-op instruction that marks the top of the bytecode for a 2501 * *TryStatement*. 2502 * 2503 * Location information for catch/finally blocks is stored in a side table, 2504 * `script->trynotes()`. 2505 * 2506 * Category: Control flow 2507 * Type: Exceptions 2508 * Operands: 2509 * Stack: => 2510 */ \ 2511 MACRO(Try, try_, NULL, 1, 0, 0, JOF_BYTE) \ 2512 /* 2513 * No-op instruction used by the exception unwinder to determine the 2514 * correct environment to unwind to when performing IteratorClose due to 2515 * destructuring. 2516 * 2517 * This instruction must appear immediately before each 2518 * `JSTRY_DESTRUCTURING` span in a script's try notes. 2519 * 2520 * Category: Control flow 2521 * Type: Exceptions 2522 * Operands: 2523 * Stack: => 2524 */ \ 2525 MACRO(TryDestructuring, try_destructuring, NULL, 1, 0, 0, JOF_BYTE) \ 2526 /* 2527 * Push and clear the pending exception. ┬──┬◡ノ(° -°ノ) 2528 * 2529 * This must be used only in the fixed sequence of instructions following a 2530 * `JSTRY_CATCH` span (see "Bytecode Invariants" above), as that's the only 2531 * way instructions would run with an exception pending. 2532 * 2533 * Used to implement catch-blocks, including the implicit ones generated as 2534 * part of for-of iteration. 2535 * 2536 * Category: Control flow 2537 * Type: Exceptions 2538 * Operands: 2539 * Stack: => exception 2540 */ \ 2541 MACRO(Exception, exception, NULL, 1, 0, 1, JOF_BYTE) \ 2542 /* 2543 * Push `resumeIndex`. 2544 * 2545 * This value must be used only by `JSOp::Gosub`, `JSOp::Finally`, and `JSOp::Retsub`. 2546 * 2547 * Category: Control flow 2548 * Type: Exceptions 2549 * Operands: uint24_t resumeIndex 2550 * Stack: => resumeIndex 2551 */ \ 2552 MACRO(ResumeIndex, resume_index, NULL, 4, 0, 1, JOF_RESUMEINDEX) \ 2553 /* 2554 * Jump to the start of a `finally` block. 2555 * 2556 * `JSOp::Gosub` is unusual: if the finally block finishes normally, it will 2557 * reach the `JSOp::Retsub` instruction at the end, and control then 2558 * "returns" to the `JSOp::Gosub` and picks up at the next instruction, like 2559 * a function call but within a single script and stack frame. (It's named 2560 * after the thing in BASIC.) 2561 * 2562 * We need this because a `try` block can terminate in several different 2563 * ways: control can flow off the end, return, throw an exception, `break` 2564 * with or without a label, or `continue`. Exceptions are handled 2565 * separately; but all those success paths are written as bytecode, and 2566 * each one needs to run the `finally` block before continuing with 2567 * whatever they were doing. They use `JSOp::Gosub` for this. It is thus 2568 * normal for multiple `Gosub` instructions in a script to target the same 2569 * `finally` block. 2570 * 2571 * Rules: `forwardOffset` must be positive and must target a 2572 * `JSOp::JumpTarget` instruction followed by `JSOp::Finally`. The 2573 * instruction immediately following `JSOp::Gosub` in the script must be a 2574 * `JSOp::JumpTarget` instruction, and `resumeIndex` must be the index into 2575 * `script->resumeOffsets()` that points to that instruction. 2576 * 2577 * Note: This op doesn't actually push or pop any values. Its use count of 2578 * 2 is a lie to make the stack depth math work for this very odd control 2579 * flow instruction. 2580 * 2581 * `JSOp::Gosub` is considered to have two "successors": the target of 2582 * `offset`, which is the actual next instruction to run; and the 2583 * instruction immediately following `JSOp::Gosub`, even though it won't run 2584 * until later. We define the successor graph this way in order to support 2585 * knowing the stack depth at that instruction without first reading the 2586 * whole `finally` block. 2587 * 2588 * The stack depth at that instruction is, as it happens, the current stack 2589 * depth minus 2. So this instruction gets nuses == 2. 2590 * 2591 * Unfortunately there is a price to be paid in horribleness. When 2592 * `JSOp::Gosub` runs, it leaves two values on the stack that the stack 2593 * depth math doesn't know about. It jumps to the finally block, where 2594 * `JSOp::Finally` again does nothing to the stack, but with a bogus def 2595 * count of 2, restoring balance to the accounting. If `JSOp::Retsub` is 2596 * reached, it pops the two values (for real this time) and control 2597 * resumes at the instruction that follows JSOp::Gosub in memory. 2598 * 2599 * Category: Control flow 2600 * Type: Exceptions 2601 * Operands: int32_t forwardOffset 2602 * Stack: false, resumeIndex => 2603 */ \ 2604 MACRO(Gosub, gosub, NULL, 5, 2, 0, JOF_JUMP) \ 2605 /* 2606 * No-op instruction that marks the start of a `finally` block. This has a 2607 * def count of 2, but the values are already on the stack (they're 2608 * actually left on the stack by `JSOp::Gosub`). 2609 * 2610 * These two values must not be used except by `JSOp::Retsub`. 2611 * 2612 * Category: Control flow 2613 * Type: Exceptions 2614 * Operands: 2615 * Stack: => false, resumeIndex 2616 */ \ 2617 MACRO(Finally, finally, NULL, 1, 0, 2, JOF_BYTE) \ 2618 /* 2619 * Jump back to the next instruction, or rethrow an exception, at the end 2620 * of a `finally` block. See `JSOp::Gosub` for the explanation. 2621 * 2622 * If `throwing` is true, throw `v`. Otherwise, `v` must be a resume index; 2623 * jump to the corresponding offset within the script. 2624 * 2625 * The two values popped must be the ones notionally pushed by 2626 * `JSOp::Finally`. 2627 * 2628 * Category: Control flow 2629 * Type: Exceptions 2630 * Operands: 2631 * Stack: throwing, v => 2632 */ \ 2633 MACRO(Retsub, retsub, NULL, 1, 2, 0, JOF_BYTE) \ 2634 /* 2635 * Push `MagicValue(JS_UNINITIALIZED_LEXICAL)`, a magic value used to mark 2636 * a binding as uninitialized. 2637 * 2638 * This magic value must be used only by `JSOp::InitLexical`. 2639 * 2640 * Category: Variables and scopes 2641 * Type: Initialization 2642 * Operands: 2643 * Stack: => uninitialized 2644 */ \ 2645 MACRO(Uninitialized, uninitialized, NULL, 1, 0, 1, JOF_BYTE) \ 2646 /* 2647 * Initialize an optimized local lexical binding; or mark it as 2648 * uninitialized. 2649 * 2650 * This stores the value `v` in the fixed slot `localno` in the current 2651 * stack frame. If `v` is the magic value produced by `JSOp::Uninitialized`, 2652 * this marks the binding as uninitialized. Otherwise this initializes the 2653 * binding with value `v`. 2654 * 2655 * Implements: [CreateMutableBinding][1] step 3, substep "record that it is 2656 * uninitialized", and [InitializeBinding][2], for optimized locals. (Note: 2657 * this is how `const` bindings are initialized.) 2658 * 2659 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-createmutablebinding-n-d 2660 * [2]: https://tc39.es/ecma262/#sec-declarative-environment-records-initializebinding-n-v 2661 * 2662 * Category: Variables and scopes 2663 * Type: Initialization 2664 * Operands: uint24_t localno 2665 * Stack: v => v 2666 */ \ 2667 MACRO(InitLexical, init_lexical, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 2668 /* 2669 * Initialize a global lexical binding. 2670 * 2671 * The binding must already have been created by 2672 * `GlobalOrEvalDeclInstantiation` and must be uninitialized. 2673 * 2674 * Like `JSOp::InitLexical` but for global lexicals. Unlike `InitLexical` 2675 * this can't be used to mark a binding as uninitialized. 2676 * 2677 * Category: Variables and scopes 2678 * Type: Initialization 2679 * Operands: uint32_t nameIndex 2680 * Stack: val => val 2681 */ \ 2682 MACRO(InitGLexical, init_g_lexical, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME|JOF_PROPINIT|JOF_GNAME|JOF_IC) \ 2683 /* 2684 * Initialize an aliased lexical binding; or mark it as uninitialized. 2685 * 2686 * Like `JSOp::InitLexical` but for aliased bindings. 2687 * 2688 * Note: There is no even-less-optimized `InitName` instruction because JS 2689 * doesn't need it. We always know statically which binding we're 2690 * initializing. 2691 * 2692 * `hops` is usually 0, but in `function f(a=eval("var b;")) { }`, the 2693 * argument `a` is initialized from inside a nested scope, so `hops == 1`. 2694 * 2695 * Category: Variables and scopes 2696 * Type: Initialization 2697 * Operands: uint8_t hops, uint24_t slot 2698 * Stack: v => v 2699 */ \ 2700 MACRO(InitAliasedLexical, init_aliased_lexical, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME|JOF_PROPINIT) \ 2701 /* 2702 * Throw a ReferenceError if the value on top of the stack is uninitialized. 2703 * 2704 * Typically used after `JSOp::GetLocal` with the same `localno`. 2705 * 2706 * Implements: [GetBindingValue][1] step 3 and [SetMutableBinding][2] step 2707 * 4 for declarative Environment Records. 2708 * 2709 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-getbindingvalue-n-s 2710 * [2]: https://tc39.es/ecma262/#sec-declarative-environment-records-setmutablebinding-n-v-s 2711 * 2712 * Category: Variables and scopes 2713 * Type: Initialization 2714 * Operands: uint24_t localno 2715 * Stack: v => v 2716 */ \ 2717 MACRO(CheckLexical, check_lexical, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 2718 /* 2719 * Like `JSOp::CheckLexical` but for aliased bindings. 2720 * 2721 * Typically used after `JSOp::GetAliasedVar` with the same hops/slot. 2722 * 2723 * Note: There are no `CheckName` or `CheckGName` instructions because 2724 * they're unnecessary. `JSOp::{Get,Set}{Name,GName}` all check for 2725 * uninitialized lexicals and throw if needed. 2726 * 2727 * Category: Variables and scopes 2728 * Type: Initialization 2729 * Operands: uint8_t hops, uint24_t slot 2730 * Stack: v => v 2731 */ \ 2732 MACRO(CheckAliasedLexical, check_aliased_lexical, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME) \ 2733 /* 2734 * Throw a ReferenceError if the value on top of the stack is 2735 * `MagicValue(JS_UNINITIALIZED_LEXICAL)`. Used in derived class 2736 * constructors to check `this` (which needs to be initialized before use, 2737 * by calling `super()`). 2738 * 2739 * Implements: [GetThisBinding][1] step 3. 2740 * 2741 * [1]: https://tc39.es/ecma262/#sec-function-environment-records-getthisbinding 2742 * 2743 * Category: Variables and scopes 2744 * Type: Initialization 2745 * Operands: 2746 * Stack: this => this 2747 */ \ 2748 MACRO(CheckThis, check_this, NULL, 1, 1, 1, JOF_BYTE) \ 2749 /* 2750 * Push the global environment onto the stack, unless the script has a 2751 * non-syntactic global scope. In that case, this acts like JSOp::BindName. 2752 * 2753 * `nameIndex` is only used when acting like JSOp::BindName. 2754 * 2755 * Category: Variables and scopes 2756 * Type: Looking up bindings 2757 * Operands: uint32_t nameIndex 2758 * Stack: => global 2759 */ \ 2760 MACRO(BindGName, bind_g_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_GNAME|JOF_IC) \ 2761 /* 2762 * Look up a name on the environment chain and push the environment which 2763 * contains a binding for that name. If no such binding exists, push the 2764 * global lexical environment. 2765 * 2766 * Category: Variables and scopes 2767 * Type: Looking up bindings 2768 * Operands: uint32_t nameIndex 2769 * Stack: => env 2770 */ \ 2771 MACRO(BindName, bind_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_IC) \ 2772 /* 2773 * Find a binding on the environment chain and push its value. 2774 * 2775 * If the binding is an uninitialized lexical, throw a ReferenceError. If 2776 * no such binding exists, throw a ReferenceError unless the next 2777 * instruction is `JSOp::Typeof`, in which case push `undefined`. 2778 * 2779 * Implements: [ResolveBinding][1] followed by [GetValue][2] 2780 * (adjusted hackily for `typeof`). 2781 * 2782 * This is the fallback `Get` instruction that handles all unoptimized 2783 * cases. Optimized instructions follow. 2784 * 2785 * [1]: https://tc39.es/ecma262/#sec-resolvebinding 2786 * [2]: https://tc39.es/ecma262/#sec-getvalue 2787 * 2788 * Category: Variables and scopes 2789 * Type: Getting binding values 2790 * Operands: uint32_t nameIndex 2791 * Stack: => val 2792 */ \ 2793 MACRO(GetName, get_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_IC) \ 2794 /* 2795 * Find a global binding and push its value. 2796 * 2797 * This searches the global lexical environment and, failing that, the 2798 * global object. (Unlike most declarative environments, the global lexical 2799 * environment can gain more bindings after compilation, possibly shadowing 2800 * global object properties.) 2801 * 2802 * This is an optimized version of `JSOp::GetName` that skips all local 2803 * scopes, for use when the name doesn't refer to any local binding. 2804 * `NonSyntacticVariablesObject`s break this optimization, so if the 2805 * current script has a non-syntactic global scope, this acts like 2806 * `JSOp::GetName`. 2807 * 2808 * Like `JSOp::GetName`, this throws a ReferenceError if no such binding is 2809 * found (unless the next instruction is `JSOp::Typeof`) or if the binding 2810 * is an uninitialized lexical. 2811 * 2812 * Category: Variables and scopes 2813 * Type: Getting binding values 2814 * Operands: uint32_t nameIndex 2815 * Stack: => val 2816 */ \ 2817 MACRO(GetGName, get_g_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_GNAME|JOF_IC) \ 2818 /* 2819 * Push the value of an argument that is stored in the stack frame 2820 * or in an `ArgumentsObject`. 2821 * 2822 * Category: Variables and scopes 2823 * Type: Getting binding values 2824 * Operands: uint16_t argno 2825 * Stack: => arguments[argno] 2826 */ \ 2827 MACRO(GetArg, get_arg, NULL, 3, 0, 1, JOF_QARG|JOF_NAME) \ 2828 /* 2829 * Push the value of an optimized local variable. 2830 * 2831 * If the variable is an uninitialized lexical, push 2832 * `MagicValue(JS_UNINIITALIZED_LEXICAL)`. 2833 * 2834 * Category: Variables and scopes 2835 * Type: Getting binding values 2836 * Operands: uint24_t localno 2837 * Stack: => val 2838 */ \ 2839 MACRO(GetLocal, get_local, NULL, 4, 0, 1, JOF_LOCAL|JOF_NAME) \ 2840 /* 2841 * Push the value of an aliased binding. 2842 * 2843 * Local bindings that aren't closed over or dynamically accessed are 2844 * stored in stack slots. Global and `with` bindings are object properties. 2845 * All other bindings are called "aliased" and stored in 2846 * `EnvironmentObject`s. 2847 * 2848 * Where possible, `Aliased` instructions are used to access aliased 2849 * bindings. (There's no difference in meaning between `AliasedVar` and 2850 * `AliasedLexical`.) Each of these instructions has operands `hops` and 2851 * `slot` that encode an [`EnvironmentCoordinate`][1], directions to the 2852 * binding from the current environment object. 2853 * 2854 * `Aliased` instructions can't be used when there's a dynamic scope (due 2855 * to non-strict `eval` or `with`) that might shadow the aliased binding. 2856 * 2857 * [1]: https://searchfox.org/mozilla-central/search?q=symbol:T_js%3A%3AEnvironmentCoordinate 2858 * 2859 * Category: Variables and scopes 2860 * Type: Getting binding values 2861 * Operands: uint8_t hops, uint24_t slot 2862 * Stack: => aliasedVar 2863 */ \ 2864 MACRO(GetAliasedVar, get_aliased_var, NULL, 5, 0, 1, JOF_ENVCOORD|JOF_NAME) \ 2865 /* 2866 * Push the value of an aliased binding, which may have to bypass a DebugEnvironmentProxy 2867 * on the environment chain. 2868 * 2869 * Category: Variables and scopes 2870 * Type: Getting binding values 2871 * Operands: uint8_t hops, uint24_t slot 2872 * Stack: => aliasedVar 2873 */ \ 2874 MACRO(GetAliasedDebugVar, get_aliased_debug_var, NULL, 5, 0, 1, JOF_DEBUGCOORD|JOF_NAME) \ 2875 /* 2876 * Get the value of a module import by name and pushes it onto the stack. 2877 * 2878 * Category: Variables and scopes 2879 * Type: Getting binding values 2880 * Operands: uint32_t nameIndex 2881 * Stack: => val 2882 */ \ 2883 MACRO(GetImport, get_import, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME) \ 2884 /* 2885 * Get the value of a binding from the environment `env`. If the name is 2886 * not bound in `env`, throw a ReferenceError. 2887 * 2888 * `env` must be an environment currently on the environment chain, pushed 2889 * by `JSOp::BindName` or `JSOp::BindVar`. 2890 * 2891 * Note: `JSOp::BindName` and `JSOp::GetBoundName` are the two halves of the 2892 * `JSOp::GetName` operation: finding and reading a variable. This 2893 * decomposed version is needed to implement the compound assignment and 2894 * increment/decrement operators, which get and then set a variable. The 2895 * spec says the variable lookup is done only once. If we did the lookup 2896 * twice, there would be observable bugs, thanks to dynamic scoping. We 2897 * could set the wrong variable or call proxy traps incorrectly. 2898 * 2899 * Implements: [GetValue][1] steps 4 and 6. 2900 * 2901 * [1]: https://tc39.es/ecma262/#sec-getvalue 2902 * 2903 * Category: Variables and scopes 2904 * Type: Getting binding values 2905 * Operands: uint32_t nameIndex 2906 * Stack: env => v 2907 */ \ 2908 MACRO(GetBoundName, get_bound_name, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME|JOF_IC) \ 2909 /* 2910 * Push the value of an intrinsic onto the stack. 2911 * 2912 * Non-standard. Intrinsics are slots in the intrinsics holder object (see 2913 * `GlobalObject::getIntrinsicsHolder`), which is used in lieu of global 2914 * bindings in self-hosting code. 2915 * 2916 * Category: Variables and scopes 2917 * Type: Getting binding values 2918 * Operands: uint32_t nameIndex 2919 * Stack: => intrinsic[name] 2920 */ \ 2921 MACRO(GetIntrinsic, get_intrinsic, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_IC) \ 2922 /* 2923 * Pushes the currently executing function onto the stack. 2924 * 2925 * The current script must be a function script. 2926 * 2927 * Used to implement `super`. This is also used sometimes as a minor 2928 * optimization when a named function expression refers to itself by name: 2929 * 2930 * f = function fac(n) { ... fac(n - 1) ... }; 2931 * 2932 * This lets us optimize away a lexical environment that contains only the 2933 * binding for `fac`, unless it's otherwise observable (via `with`, `eval`, 2934 * or a nested closure). 2935 * 2936 * Category: Variables and scopes 2937 * Type: Getting binding values 2938 * Operands: 2939 * Stack: => callee 2940 */ \ 2941 MACRO(Callee, callee, NULL, 1, 0, 1, JOF_BYTE) \ 2942 /* 2943 * Load the callee stored in a CallObject on the environment chain. The 2944 * `numHops` operand is the number of environment objects to skip on the 2945 * environment chain. The environment chain element indicated by `numHops` 2946 * must be a CallObject. 2947 * 2948 * Category: Variables and scopes 2949 * Type: Getting binding values 2950 * Operands: uint8_t numHops 2951 * Stack: => callee 2952 */ \ 2953 MACRO(EnvCallee, env_callee, NULL, 2, 0, 1, JOF_UINT8) \ 2954 /* 2955 * Assign `val` to the binding in `env` with the name given by `nameIndex`. 2956 * Throw a ReferenceError if the binding is an uninitialized lexical. 2957 * This can call setters and/or proxy traps. 2958 * 2959 * `env` must be an environment currently on the environment chain, 2960 * pushed by `JSOp::BindName` or `JSOp::BindVar`. 2961 * 2962 * This is the fallback `Set` instruction that handles all unoptimized 2963 * cases. Optimized instructions follow. 2964 * 2965 * Implements: [PutValue][1] steps 5 and 7 for unoptimized bindings. 2966 * 2967 * Note: `JSOp::BindName` and `JSOp::SetName` are the two halves of simple 2968 * assignment: finding and setting a variable. They are two separate 2969 * instructions because, per spec, the "finding" part happens before 2970 * evaluating the right-hand side of the assignment, and the "setting" part 2971 * after. Optimized cases don't need a `Bind` instruction because the 2972 * "finding" is done statically. 2973 * 2974 * [1]: https://tc39.es/ecma262/#sec-putvalue 2975 * 2976 * Category: Variables and scopes 2977 * Type: Setting binding values 2978 * Operands: uint32_t nameIndex 2979 * Stack: env, val => val 2980 */ \ 2981 MACRO(SetName, set_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_CHECKSLOPPY|JOF_IC) \ 2982 /* 2983 * Like `JSOp::SetName`, but throw a TypeError if there is no binding for 2984 * the specified name in `env`, or if the binding is immutable (a `const` 2985 * or read-only property). 2986 * 2987 * Implements: [PutValue][1] steps 5 and 7 for strict mode code. 2988 * 2989 * [1]: https://tc39.es/ecma262/#sec-putvalue 2990 * 2991 * Category: Variables and scopes 2992 * Type: Setting binding values 2993 * Operands: uint32_t nameIndex 2994 * Stack: env, val => val 2995 */ \ 2996 MACRO(StrictSetName, strict_set_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_CHECKSTRICT|JOF_IC) \ 2997 /* 2998 * Like `JSOp::SetName`, but for assigning to globals. `env` must be an 2999 * environment pushed by `JSOp::BindGName`. 3000 * 3001 * Category: Variables and scopes 3002 * Type: Setting binding values 3003 * Operands: uint32_t nameIndex 3004 * Stack: env, val => val 3005 */ \ 3006 MACRO(SetGName, set_g_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_GNAME|JOF_CHECKSLOPPY|JOF_IC) \ 3007 /* 3008 * Like `JSOp::StrictSetGName`, but for assigning to globals. `env` must be 3009 * an environment pushed by `JSOp::BindGName`. 3010 * 3011 * Category: Variables and scopes 3012 * Type: Setting binding values 3013 * Operands: uint32_t nameIndex 3014 * Stack: env, val => val 3015 */ \ 3016 MACRO(StrictSetGName, strict_set_g_name, NULL, 5, 2, 1, JOF_ATOM|JOF_NAME|JOF_PROPSET|JOF_GNAME|JOF_CHECKSTRICT|JOF_IC) \ 3017 /* 3018 * Assign `val` to an argument binding that's stored in the stack frame or 3019 * in an `ArgumentsObject`. 3020 * 3021 * Category: Variables and scopes 3022 * Type: Setting binding values 3023 * Operands: uint16_t argno 3024 * Stack: val => val 3025 */ \ 3026 MACRO(SetArg, set_arg, NULL, 3, 1, 1, JOF_QARG|JOF_NAME) \ 3027 /* 3028 * Assign to an optimized local binding. 3029 * 3030 * Category: Variables and scopes 3031 * Type: Setting binding values 3032 * Operands: uint24_t localno 3033 * Stack: v => v 3034 */ \ 3035 MACRO(SetLocal, set_local, NULL, 4, 1, 1, JOF_LOCAL|JOF_NAME) \ 3036 /* 3037 * Assign to an aliased binding. 3038 * 3039 * Implements: [SetMutableBinding for declarative Environment Records][1], 3040 * in certain cases where it's known that the binding exists, is mutable, 3041 * and has been initialized. 3042 * 3043 * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-setmutablebinding-n-v-s 3044 * 3045 * Category: Variables and scopes 3046 * Type: Setting binding values 3047 * Operands: uint8_t hops, uint24_t slot 3048 * Stack: val => val 3049 */ \ 3050 MACRO(SetAliasedVar, set_aliased_var, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME|JOF_PROPSET) \ 3051 /* 3052 * Assign to an intrinsic. 3053 * 3054 * Nonstandard. Intrinsics are used in lieu of global bindings in self- 3055 * hosted code. The value is actually stored in the intrinsics holder 3056 * object, `GlobalObject::getIntrinsicsHolder`. (Self-hosted code doesn't 3057 * have many global `var`s, but it has many `function`s.) 3058 * 3059 * Category: Variables and scopes 3060 * Type: Setting binding values 3061 * Operands: uint32_t nameIndex 3062 * Stack: val => val 3063 */ \ 3064 MACRO(SetIntrinsic, set_intrinsic, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME) \ 3065 /* 3066 * Push a lexical environment onto the environment chain. 3067 * 3068 * The `LexicalScope` indicated by `lexicalScopeIndex` determines the shape 3069 * of the new `BlockLexicalEnvironmentObject`. All bindings in the new 3070 * environment are marked as uninitialized. 3071 * 3072 * Implements: [Evaluation of *Block*][1], steps 1-4. 3073 * 3074 * #### Fine print for environment chain instructions 3075 * 3076 * The following rules for `JSOp::{Push,Pop}LexicalEnv` also apply to 3077 * `JSOp::PushClassBodyEnv`, `JSOp::PushVarEnv`, and 3078 * `JSOp::{Enter,Leave}With`. 3079 * 3080 * Each `JSOp::PopLexicalEnv` instruction matches a particular 3081 * `JSOp::PushLexicalEnv` instruction in the same script and must have the 3082 * same scope and stack depth as the instruction immediately after that 3083 * `PushLexicalEnv`. 3084 * 3085 * `JSOp::PushLexicalEnv` enters a scope that extends to some set of 3086 * instructions in the script. Code must not jump into or out of this 3087 * region: control can enter only by executing `PushLexicalEnv` and can 3088 * exit only by executing a `PopLexicalEnv` or by exception unwinding. (A 3089 * `JSOp::PopLexicalEnv` is always emitted at the end of the block, and 3090 * extra copies are emitted on "exit slides", where a `break`, `continue`, 3091 * or `return` statement exits the scope.) 3092 * 3093 * The script's `JSScript::scopeNotes()` must identify exactly which 3094 * instructions begin executing in this scope. Typically this means a 3095 * single entry marking the contiguous chunk of bytecode from the 3096 * instruction after `JSOp::PushLexicalEnv` to `JSOp::PopLexicalEnv` 3097 * (inclusive); but if that range contains any instructions on exit slides, 3098 * after a `JSOp::PopLexicalEnv`, then those must be correctly noted as 3099 * *outside* the scope. 3100 * 3101 * [1]: https://tc39.es/ecma262/#sec-block-runtime-semantics-evaluation 3102 * 3103 * Category: Variables and scopes 3104 * Type: Entering and leaving environments 3105 * Operands: uint32_t lexicalScopeIndex 3106 * Stack: => 3107 */ \ 3108 MACRO(PushLexicalEnv, push_lexical_env, NULL, 5, 0, 0, JOF_SCOPE) \ 3109 /* 3110 * Pop a lexical or class-body environment from the environment chain. 3111 * 3112 * See `JSOp::PushLexicalEnv` for the fine print. 3113 * 3114 * Category: Variables and scopes 3115 * Type: Entering and leaving environments 3116 * Operands: 3117 * Stack: => 3118 */ \ 3119 MACRO(PopLexicalEnv, pop_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3120 /* 3121 * No-op instruction that indicates leaving an optimized lexical scope. 3122 * 3123 * If all bindings in a lexical scope are optimized into stack slots, then 3124 * the runtime environment objects for that scope are optimized away. No 3125 * `JSOp::{Push,Pop}LexicalEnv` instructions are emitted. However, the 3126 * debugger still needs to be notified when control exits a scope; that's 3127 * what this instruction does. 3128 * 3129 * The last instruction in a lexical or class-body scope, as indicated by 3130 * scope notes, must be either this instruction (if the scope is optimized) 3131 * or `JSOp::PopLexicalEnv` (if not). 3132 * 3133 * Category: Variables and scopes 3134 * Type: Entering and leaving environments 3135 * Operands: 3136 * Stack: => 3137 */ \ 3138 MACRO(DebugLeaveLexicalEnv, debug_leave_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3139 /* 3140 * Replace the current block on the environment chain with a fresh block 3141 * with uninitialized bindings. This implements the behavior of inducing a 3142 * fresh lexical environment for every iteration of a for-in/of loop whose 3143 * loop-head declares lexical variables that may be captured. 3144 * 3145 * The current environment must be a BlockLexicalEnvironmentObject. 3146 * 3147 * Category: Variables and scopes 3148 * Type: Entering and leaving environments 3149 * Operands: 3150 * Stack: => 3151 */ \ 3152 MACRO(RecreateLexicalEnv, recreate_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3153 /* 3154 * Like `JSOp::RecreateLexicalEnv`, but the values of all the bindings are 3155 * copied from the old block to the new one. This is used for C-style 3156 * `for(let ...; ...; ...)` loops. 3157 * 3158 * Category: Variables and scopes 3159 * Type: Entering and leaving environments 3160 * Operands: 3161 * Stack: => 3162 */ \ 3163 MACRO(FreshenLexicalEnv, freshen_lexical_env, NULL, 1, 0, 0, JOF_BYTE) \ 3164 /* 3165 * Push a ClassBody environment onto the environment chain. 3166 * 3167 * Like `JSOp::PushLexicalEnv`, but pushes a `ClassBodyEnvironmentObject` 3168 * rather than a `BlockLexicalEnvironmentObject`. `JSOp::PopLexicalEnv` is 3169 * used to pop class-body environments as well as lexical environments. 3170 * 3171 * See `JSOp::PushLexicalEnv` for the fine print. 3172 * 3173 * Category: Variables and scopes 3174 * Type: Entering and leaving environments 3175 * Operands: uint32_t lexicalScopeIndex 3176 * Stack: => 3177 */ \ 3178 MACRO(PushClassBodyEnv, push_class_body_env, NULL, 5, 0, 0, JOF_SCOPE) \ 3179 /* 3180 * Push a var environment onto the environment chain. 3181 * 3182 * Like `JSOp::PushLexicalEnv`, but pushes a `VarEnvironmentObject` rather 3183 * than a `BlockLexicalEnvironmentObject`. The difference is that 3184 * non-strict direct `eval` can add bindings to a var environment; see 3185 * `VarScope` in Scope.h. 3186 * 3187 * See `JSOp::PushLexicalEnv` for the fine print. 3188 * 3189 * There is no corresponding `JSOp::PopVarEnv` operation, because a 3190 * `VarEnvironmentObject` is never popped from the environment chain. 3191 * 3192 * Implements: Places in the spec where the VariableEnvironment is set: 3193 * 3194 * - The bit in [PerformEval][1] where, in strict direct eval, the new 3195 * eval scope is taken as *varEnv* and becomes "*runningContext*'s 3196 * VariableEnvironment". 3197 * 3198 * - The weird scoping rules for functions with default parameter 3199 * expressions, as specified in [FunctionDeclarationInstantiation][2] 3200 * step 28 ("NOTE: A separate Environment Record is needed..."). 3201 * 3202 * Note: The spec also pushes a new VariableEnvironment on entry to every 3203 * function, but the VM takes care of that as part of pushing the stack 3204 * frame, before the function script starts to run, so `JSOp::PushVarEnv` is 3205 * not needed. 3206 * 3207 * [1]: https://tc39.es/ecma262/#sec-performeval 3208 * [2]: https://tc39.es/ecma262/#sec-functiondeclarationinstantiation 3209 * 3210 * Category: Variables and scopes 3211 * Type: Entering and leaving environments 3212 * Operands: uint32_t scopeIndex 3213 * Stack: => 3214 */ \ 3215 MACRO(PushVarEnv, push_var_env, NULL, 5, 0, 0, JOF_SCOPE) \ 3216 /* 3217 * Push a `WithEnvironmentObject` wrapping ToObject(`val`) to the 3218 * environment chain. 3219 * 3220 * Implements: [Evaluation of `with` statements][1], steps 2-6. 3221 * 3222 * Operations that may need to consult a WithEnvironment can't be correctly 3223 * implemented using optimized instructions like `JSOp::GetLocal`. A script 3224 * must use the deoptimized `JSOp::GetName`, `BindName`, `SetName`, and 3225 * `DelName` instead. Since those instructions don't work correctly with 3226 * optimized locals and arguments, all bindings in scopes enclosing a 3227 * `with` statement are marked as "aliased" and deoptimized too. 3228 * 3229 * See `JSOp::PushLexicalEnv` for the fine print. 3230 * 3231 * [1]: https://tc39.es/ecma262/#sec-with-statement-runtime-semantics-evaluation 3232 * 3233 * Category: Variables and scopes 3234 * Type: Entering and leaving environments 3235 * Operands: uint32_t staticWithIndex 3236 * Stack: val => 3237 */ \ 3238 MACRO(EnterWith, enter_with, NULL, 5, 1, 0, JOF_SCOPE) \ 3239 /* 3240 * Pop a `WithEnvironmentObject` from the environment chain. 3241 * 3242 * See `JSOp::PushLexicalEnv` for the fine print. 3243 * 3244 * Implements: [Evaluation of `with` statements][1], step 8. 3245 * 3246 * [1]: https://tc39.es/ecma262/#sec-with-statement-runtime-semantics-evaluation 3247 * 3248 * Category: Variables and scopes 3249 * Type: Entering and leaving environments 3250 * Operands: 3251 * Stack: => 3252 */ \ 3253 MACRO(LeaveWith, leave_with, NULL, 1, 0, 0, JOF_BYTE) \ 3254 /* 3255 * Push the current VariableEnvironment (the environment on the environment 3256 * chain designated to receive new variables). 3257 * 3258 * Implements: [Annex B.3.3.1, changes to FunctionDeclarationInstantiation 3259 * for block-level functions][1], step 1.a.ii.3.a, and similar steps in 3260 * other Annex B.3.3 algorithms, when setting the function's second binding 3261 * can't be optimized. 3262 * 3263 * [1]: https://tc39.es/ecma262/#sec-web-compat-functiondeclarationinstantiation 3264 * 3265 * Category: Variables and scopes 3266 * Type: Creating and deleting bindings 3267 * Operands: 3268 * Stack: => env 3269 */ \ 3270 MACRO(BindVar, bind_var, NULL, 1, 0, 1, JOF_BYTE) \ 3271 /* 3272 * Check for conflicting bindings and then initialize them in global or 3273 * sloppy eval scripts. This is required for global scripts with any 3274 * top-level bindings, or any sloppy-eval scripts with any non-lexical 3275 * top-level bindings. 3276 * 3277 * Implements: [GlobalDeclarationInstantiation][1] and 3278 * [EvalDeclarationInstantiation][2] (except step 12). 3279 * 3280 * The `lastFun` argument is a GCThingIndex of the last hoisted top-level 3281 * function that is part of top-level script initialization. The gcthings 3282 * from index `0` thru `lastFun` contain only scopes and hoisted functions. 3283 * 3284 * [1]: https://tc39.es/ecma262/#sec-globaldeclarationinstantiation 3285 * [2]: https://tc39.es/ecma262/#sec-evaldeclarationinstantiation 3286 * 3287 * Category: Variables and scopes 3288 * Type: Creating and deleting bindings 3289 * Operands: uint32_t lastFun 3290 * Stack: => 3291 */ \ 3292 MACRO(GlobalOrEvalDeclInstantiation, global_or_eval_decl_instantiation, NULL, 5, 0, 0, JOF_GCTHING) \ 3293 /* 3294 * Look up a variable on the environment chain and delete it. Push `true` 3295 * on success (if a binding was deleted, or if no such binding existed in 3296 * the first place), `false` otherwise (most kinds of bindings can't be 3297 * deleted). 3298 * 3299 * Implements: [`delete` *Identifier*][1], which [is a SyntaxError][2] in 3300 * strict mode code. 3301 * 3302 * [1]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 3303 * [2]: https://tc39.es/ecma262/#sec-delete-operator-static-semantics-early-errors 3304 * 3305 * Category: Variables and scopes 3306 * Type: Creating and deleting bindings 3307 * Operands: uint32_t nameIndex 3308 * Stack: => succeeded 3309 */ \ 3310 MACRO(DelName, del_name, NULL, 5, 0, 1, JOF_ATOM|JOF_NAME|JOF_CHECKSLOPPY) \ 3311 /* 3312 * Create and push the `arguments` object for the current function activation. 3313 * 3314 * When it exists, `arguments` is stored in an ordinary local variable. 3315 * `JSOp::Arguments` is used in function preludes, to populate that variable 3316 * before the function body runs, *not* each time `arguments` appears in a 3317 * function. 3318 * 3319 * If a function clearly doesn't use `arguments`, we optimize it away when 3320 * emitting bytecode. The function's script won't use `JSOp::Arguments` at 3321 * all. 3322 * 3323 * The current script must be a function script. This instruction must 3324 * execute at most once per function activation. 3325 * 3326 * Category: Variables and scopes 3327 * Type: Function environment setup 3328 * Operands: 3329 * Stack: => arguments 3330 */ \ 3331 MACRO(Arguments, arguments, NULL, 1, 0, 1, JOF_BYTE) \ 3332 /* 3333 * Create and push the rest parameter array for current function call. 3334 * 3335 * This must appear only in a script for a function that has a rest 3336 * parameter. 3337 * 3338 * Category: Variables and scopes 3339 * Type: Function environment setup 3340 * Operands: 3341 * Stack: => rest 3342 */ \ 3343 MACRO(Rest, rest, NULL, 1, 0, 1, JOF_BYTE|JOF_IC) \ 3344 /* 3345 * Determines the `this` value for current function frame and pushes it 3346 * onto the stack. 3347 * 3348 * In functions, `this` is stored in a local variable. This instruction is 3349 * used in the function prologue to get the value to initialize that 3350 * variable. (This doesn't apply to arrow functions, becauses they don't 3351 * have a `this` binding; also, `this` is optimized away if it's unused.) 3352 * 3353 * Functions that have a `this` binding have a local variable named 3354 * `".this"`, which is initialized using this instruction in the function 3355 * prologue. 3356 * 3357 * In non-strict functions, `this` is always an object. Undefined/null 3358 * `this` is converted into the global `this` value. Other primitive values 3359 * are boxed. See `js::BoxNonStrictThis`. 3360 * 3361 * Category: Variables and scopes 3362 * Type: Function environment setup 3363 * Operands: 3364 * Stack: => this 3365 */ \ 3366 MACRO(FunctionThis, function_this, NULL, 1, 0, 1, JOF_BYTE) \ 3367 /* 3368 * Pop the top value from the stack and discard it. 3369 * 3370 * Category: Stack operations 3371 * Operands: 3372 * Stack: v => 3373 */ \ 3374 MACRO(Pop, pop, NULL, 1, 1, 0, JOF_BYTE) \ 3375 /* 3376 * Pop the top `n` values from the stack. `n` must be <= the current stack 3377 * depth. 3378 * 3379 * Category: Stack operations 3380 * Operands: uint16_t n 3381 * Stack: v[n-1], ..., v[1], v[0] => 3382 */ \ 3383 MACRO(PopN, pop_n, NULL, 3, -1, 0, JOF_UINT16) \ 3384 /* 3385 * Push a copy of the top value on the stack. 3386 * 3387 * Category: Stack operations 3388 * Operands: 3389 * Stack: v => v, v 3390 */ \ 3391 MACRO(Dup, dup, NULL, 1, 1, 2, JOF_BYTE) \ 3392 /* 3393 * Duplicate the top two values on the stack. 3394 * 3395 * Category: Stack operations 3396 * Operands: 3397 * Stack: v1, v2 => v1, v2, v1, v2 3398 */ \ 3399 MACRO(Dup2, dup2, NULL, 1, 2, 4, JOF_BYTE) \ 3400 /* 3401 * Push a copy of the nth value from the top of the stack. 3402 * 3403 * `n` must be less than the current stack depth. 3404 * 3405 * Category: Stack operations 3406 * Operands: uint24_t n 3407 * Stack: v[n], v[n-1], ..., v[1], v[0] => 3408 * v[n], v[n-1], ..., v[1], v[0], v[n] 3409 */ \ 3410 MACRO(DupAt, dup_at, NULL, 4, 0, 1, JOF_UINT24) \ 3411 /* 3412 * Swap the top two values on the stack. 3413 * 3414 * Category: Stack operations 3415 * Operands: 3416 * Stack: v1, v2 => v2, v1 3417 */ \ 3418 MACRO(Swap, swap, NULL, 1, 2, 2, JOF_BYTE) \ 3419 /* 3420 * Pick the nth element from the stack and move it to the top of the stack. 3421 * 3422 * Category: Stack operations 3423 * Operands: uint8_t n 3424 * Stack: v[n], v[n-1], ..., v[1], v[0] => v[n-1], ..., v[1], v[0], v[n] 3425 */ \ 3426 MACRO(Pick, pick, NULL, 2, 0, 0, JOF_UINT8) \ 3427 /* 3428 * Move the top of the stack value under the `n`th element of the stack. 3429 * `n` must not be 0. 3430 * 3431 * Category: Stack operations 3432 * Operands: uint8_t n 3433 * Stack: v[n], v[n-1], ..., v[1], v[0] => v[0], v[n], v[n-1], ..., v[1] 3434 */ \ 3435 MACRO(Unpick, unpick, NULL, 2, 0, 0, JOF_UINT8) \ 3436 /* 3437 * Do nothing. This is used when we need distinct bytecode locations for 3438 * various mechanisms. 3439 * 3440 * Category: Other 3441 * Operands: 3442 * Stack: => 3443 */ \ 3444 MACRO(Nop, nop, NULL, 1, 0, 0, JOF_BYTE) \ 3445 /* 3446 * No-op instruction emitted immediately after `JSOp::*Eval` so that direct 3447 * eval does not have to do slow pc-to-line mapping. 3448 * 3449 * The `lineno` operand should agree with this script's source notes about 3450 * the line number of the preceding `*Eval` instruction. 3451 * 3452 * Category: Other 3453 * Operands: uint32_t lineno 3454 * Stack: => 3455 */ \ 3456 MACRO(Lineno, lineno, NULL, 5, 0, 0, JOF_UINT32) \ 3457 /* 3458 * No-op instruction to hint that the top stack value is uninteresting. 3459 * 3460 * This affects only debug output and some error messages. 3461 * In array destructuring, we emit bytecode that is roughly equivalent to 3462 * `result.done ? undefined : result.value`. 3463 * `NopDestructuring` is emitted after the `undefined`, so that the 3464 * expression decompiler and disassembler know to casually ignore the 3465 * possibility of `undefined`, and render the result of the conditional 3466 * expression simply as "`result.value`". 3467 * 3468 * Category: Other 3469 * Operands: 3470 * Stack: => 3471 */ \ 3472 MACRO(NopDestructuring, nop_destructuring, NULL, 1, 0, 0, JOF_BYTE) \ 3473 /* 3474 * No-op instruction only emitted in some self-hosted functions. Not 3475 * handled by the JITs or Baseline Interpreter so the script always runs in 3476 * the C++ interpreter. 3477 * 3478 * Category: Other 3479 * Operands: 3480 * Stack: => 3481 */ \ 3482 MACRO(ForceInterpreter, force_interpreter, NULL, 1, 0, 0, JOF_BYTE) \ 3483 /* 3484 * Examine the top stack value, asserting that it's either a self-hosted 3485 * function or a self-hosted intrinsic. This does nothing in a non-debug 3486 * build. 3487 * 3488 * Category: Other 3489 * Operands: 3490 * Stack: checkVal => checkVal 3491 */ \ 3492 MACRO(DebugCheckSelfHosted, debug_check_self_hosted, NULL, 1, 1, 1, JOF_BYTE) \ 3493 /* 3494 * Break in the debugger, if one is attached. Otherwise this is a no-op. 3495 * 3496 * The [`Debugger` API][1] offers a way to hook into this instruction. 3497 * 3498 * Implements: [Evaluation for *DebuggerStatement*][2]. 3499 * 3500 * [1]: https://developer.mozilla.org/en-US/docs/Tools/Debugger-API/Debugger 3501 * [2]: https://tc39.es/ecma262/#sec-debugger-statement-runtime-semantics-evaluation 3502 * 3503 * Category: Other 3504 * Operands: 3505 * Stack: => 3506 */ \ 3507 MACRO(Debugger, debugger, NULL, 1, 0, 0, JOF_BYTE) 3508 3509 // clang-format on 3510 3511 /* 3512 * In certain circumstances it may be useful to "pad out" the opcode space to 3513 * a power of two. Use this macro to do so. 3514 */ 3515 #define FOR_EACH_TRAILING_UNUSED_OPCODE(MACRO) \ 3516 MACRO(227) \ 3517 MACRO(228) \ 3518 MACRO(229) \ 3519 MACRO(230) \ 3520 MACRO(231) \ 3521 MACRO(232) \ 3522 MACRO(233) \ 3523 MACRO(234) \ 3524 MACRO(235) \ 3525 MACRO(236) \ 3526 MACRO(237) \ 3527 MACRO(238) \ 3528 MACRO(239) \ 3529 MACRO(240) \ 3530 MACRO(241) \ 3531 MACRO(242) \ 3532 MACRO(243) \ 3533 MACRO(244) \ 3534 MACRO(245) \ 3535 MACRO(246) \ 3536 MACRO(247) \ 3537 MACRO(248) \ 3538 MACRO(249) \ 3539 MACRO(250) \ 3540 MACRO(251) \ 3541 MACRO(252) \ 3542 MACRO(253) \ 3543 MACRO(254) \ 3544 MACRO(255) 3545 3546 namespace js { 3547 3548 // Sanity check that opcode values and trailing unused opcodes completely cover 3549 // the [0, 256) range. Avert your eyes! You don't want to know how the 3550 // sausage gets made. 3551 3552 // clang-format off 3553 #define PLUS_ONE(...) \ 3554 + 1 3555 constexpr int JSOP_LIMIT = 0 FOR_EACH_OPCODE(PLUS_ONE); 3556 #undef PLUS_ONE 3557 3558 #define TRAILING_VALUE_AND_VALUE_PLUS_ONE(val) \ 3559 val) && (val + 1 == 3560 static_assert((JSOP_LIMIT == 3561 FOR_EACH_TRAILING_UNUSED_OPCODE(TRAILING_VALUE_AND_VALUE_PLUS_ONE) 3562 256), 3563 "trailing unused opcode values monotonically increase " 3564 "from JSOP_LIMIT to 255"); 3565 #undef TRAILING_VALUE_AND_VALUE_PLUS_ONE 3566 // clang-format on 3567 3568 // Define JSOpLength_* constants for all ops. 3569 #define DEFINE_LENGTH_CONSTANT(op, op_snake, image, len, ...) \ 3570 constexpr size_t JSOpLength_##op = len; 3571 FOR_EACH_OPCODE(DEFINE_LENGTH_CONSTANT) 3572 #undef DEFINE_LENGTH_CONSTANT 3573 3574 } // namespace js 3575 3576 #endif // vm_Opcodes_h 3577