1
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2
* vim: set ts=8 sw=4 et tw=78:
4
* ***** BEGIN LICENSE BLOCK *****
5
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
7
* The contents of this file are subject to the Mozilla Public License Version
8
* 1.1 (the "License"); you may not use this file except in compliance with
9
* the License. You may obtain a copy of the License at
10
* http://www.mozilla.org/MPL/
12
* Software distributed under the License is distributed on an "AS IS" basis,
13
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14
* for the specific language governing rights and limitations under the
17
* The Original Code is Mozilla Communicator client code, released
20
* The Initial Developer of the Original Code is
21
* Netscape Communications Corporation.
22
* Portions created by the Initial Developer are Copyright (C) 1998
23
* the Initial Developer. All Rights Reserved.
27
* Alternatively, the contents of this file may be used under the terms of
28
* either of the GNU General Public License Version 2 or later (the "GPL"),
29
* or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30
* in which case the provisions of the GPL or the LGPL are applicable instead
31
* of those above. If you wish to allow use of your version of this file only
32
* under the terms of either the GPL or the LGPL, and not to allow others to
33
* use your version of this file under the terms of the MPL, indicate your
34
* decision by deleting the provisions above and replace them with the notice
35
* and other provisions required by the GPL or the LGPL. If you do not delete
36
* the provisions above, a recipient may use your version of this file under
37
* the terms of any one of the MPL, the GPL or the LGPL.
39
* ***** END LICENSE BLOCK ***** */
42
* JS function support.
48
#include "jsutil.h" /* Added by JSIFY */
73
/* Generic function/call/arguments tinyids -- also reflected bit numbers. */
75
CALL_ARGUMENTS = -1, /* predefined arguments local variable */
76
ARGS_LENGTH = -2, /* number of actual args, arity if inactive */
77
ARGS_CALLEE = -3, /* reference from arguments to active funobj */
78
FUN_ARITY = -4, /* number of formal parameters; desired argc */
79
FUN_NAME = -5, /* function name, "" if anonymous */
80
FUN_CALLER = -6 /* Function.prototype.caller, backward compat */
83
#if JSFRAME_OVERRIDE_BITS < 8
84
# error "not enough override bits in JSStackFrame.flags!"
87
#define TEST_OVERRIDE_BIT(fp, tinyid) \
88
((fp)->flags & JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1)))
90
#define SET_OVERRIDE_BIT(fp, tinyid) \
91
((fp)->flags |= JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1)))
94
js_GetArgsValue(JSContext *cx, JSStackFrame *fp, jsval *vp)
98
if (TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) {
99
JS_ASSERT(fp->callobj);
100
return OBJ_GET_PROPERTY(cx, fp->callobj,
101
ATOM_TO_JSID(cx->runtime->atomState
105
argsobj = js_GetArgsObject(cx, fp);
108
*vp = OBJECT_TO_JSVAL(argsobj);
113
MarkArgDeleted(JSContext *cx, JSStackFrame *fp, uintN slot)
116
jsval bmapval, bmapint;
117
size_t nbits, nbytes;
120
argsobj = fp->argsobj;
121
(void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval);
123
JS_ASSERT(slot < nbits);
124
if (JSVAL_IS_VOID(bmapval)) {
125
if (nbits <= JSVAL_INT_BITS) {
127
bitmap = (jsbitmap *) &bmapint;
129
nbytes = JS_HOWMANY(nbits, JS_BITS_PER_WORD) * sizeof(jsbitmap);
130
bitmap = (jsbitmap *) JS_malloc(cx, nbytes);
133
memset(bitmap, 0, nbytes);
134
bmapval = PRIVATE_TO_JSVAL(bitmap);
135
JS_SetReservedSlot(cx, argsobj, 0, bmapval);
138
if (nbits <= JSVAL_INT_BITS) {
139
bmapint = JSVAL_TO_INT(bmapval);
140
bitmap = (jsbitmap *) &bmapint;
142
bitmap = (jsbitmap *) JSVAL_TO_PRIVATE(bmapval);
145
JS_SET_BIT(bitmap, slot);
146
if (bitmap == (jsbitmap *) &bmapint) {
147
bmapval = INT_TO_JSVAL(bmapint);
148
JS_SetReservedSlot(cx, argsobj, 0, bmapval);
153
/* NB: Infallible predicate, false does not mean error/exception. */
155
ArgWasDeleted(JSContext *cx, JSStackFrame *fp, uintN slot)
158
jsval bmapval, bmapint;
161
argsobj = fp->argsobj;
162
(void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval);
163
if (JSVAL_IS_VOID(bmapval))
165
if (fp->argc <= JSVAL_INT_BITS) {
166
bmapint = JSVAL_TO_INT(bmapval);
167
bitmap = (jsbitmap *) &bmapint;
169
bitmap = (jsbitmap *) JSVAL_TO_PRIVATE(bmapval);
171
return JS_TEST_BIT(bitmap, slot) != 0;
175
js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp)
181
if (TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) {
182
JS_ASSERT(fp->callobj);
183
if (!OBJ_GET_PROPERTY(cx, fp->callobj,
184
ATOM_TO_JSID(cx->runtime->atomState
189
if (JSVAL_IS_PRIMITIVE(val)) {
190
obj = js_ValueToNonNullObject(cx, val);
194
obj = JSVAL_TO_OBJECT(val);
196
return OBJ_GET_PROPERTY(cx, obj, id, vp);
200
if (JSID_IS_INT(id)) {
201
slot = (uintN) JSID_TO_INT(id);
202
if (slot < fp->argc) {
203
if (fp->argsobj && ArgWasDeleted(cx, fp, slot))
204
return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp);
205
*vp = fp->argv[slot];
208
* Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share
209
* storage between the formal parameter and arguments[k] for all
210
* fp->argc <= k && k < fp->fun->nargs. For example, in
212
* function f(x) { x = 42; return arguments[0]; }
215
* the call to f should return undefined, not 42. If fp->argsobj
216
* is null at this point, as it would be in the example, return
220
return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp);
223
if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
224
if (fp->argsobj && TEST_OVERRIDE_BIT(fp, ARGS_LENGTH))
225
return OBJ_GET_PROPERTY(cx, fp->argsobj, id, vp);
226
*vp = INT_TO_JSVAL((jsint) fp->argc);
233
js_GetArgsObject(JSContext *cx, JSStackFrame *fp)
235
JSObject *argsobj, *global, *parent;
238
* We must be in a function activation; the function must be lightweight
239
* or else fp must have a variable object.
241
JS_ASSERT(fp->fun && (!(fp->fun->flags & JSFUN_HEAVYWEIGHT) || fp->varobj));
243
/* Skip eval and debugger frames. */
244
while (fp->flags & JSFRAME_SPECIAL)
247
/* Create an arguments object for fp only if it lacks one. */
248
argsobj = fp->argsobj;
252
/* Link the new object to fp so it can get actual argument values. */
253
argsobj = js_NewObject(cx, &js_ArgumentsClass, NULL, NULL);
254
if (!argsobj || !JS_SetPrivate(cx, argsobj, fp)) {
255
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
260
* Give arguments an intrinsic scope chain link to fp's global object.
261
* Since the arguments object lacks a prototype because js_ArgumentsClass
262
* is not initialized, js_NewObject won't assign a default parent to it.
264
* Therefore if arguments is used as the head of an eval scope chain (via
265
* a direct or indirect call to eval(program, arguments)), any reference
266
* to a standard class object in the program will fail to resolve due to
267
* js_GetClassPrototype not being able to find a global object containing
268
* the standard prototype by starting from arguments and following parent.
270
global = fp->scopeChain;
271
while ((parent = OBJ_GET_PARENT(cx, global)) != NULL)
273
STOBJ_SET_PARENT(argsobj, global);
274
fp->argsobj = argsobj;
279
args_enumerate(JSContext *cx, JSObject *obj);
282
js_PutArgsObject(JSContext *cx, JSStackFrame *fp)
290
* Reuse args_enumerate here to reflect fp's actual arguments as indexed
291
* elements of argsobj. Do this first, before clearing and freeing the
292
* deleted argument slot bitmap, because args_enumerate depends on that.
294
argsobj = fp->argsobj;
295
ok = args_enumerate(cx, argsobj);
298
* Now clear the deleted argument number bitmap slot and free the bitmap,
299
* if one was actually created due to 'delete arguments[0]' or similar.
301
(void) JS_GetReservedSlot(cx, argsobj, 0, &bmapval);
302
if (!JSVAL_IS_VOID(bmapval)) {
303
JS_SetReservedSlot(cx, argsobj, 0, JSVAL_VOID);
304
if (fp->argc > JSVAL_INT_BITS)
305
JS_free(cx, JSVAL_TO_PRIVATE(bmapval));
309
* Now get the prototype properties so we snapshot fp->fun and fp->argc
310
* before fp goes away.
313
ok &= js_GetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.calleeAtom),
315
ok &= js_SetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.calleeAtom),
317
ok &= js_GetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.lengthAtom),
319
ok &= js_SetProperty(cx, argsobj, ATOM_TO_JSID(rt->atomState.lengthAtom),
323
* Clear the private pointer to fp, which is about to go away (js_Invoke).
324
* Do this last because the args_enumerate and js_GetProperty calls above
325
* need to follow the private slot to find fp.
327
ok &= JS_SetPrivate(cx, argsobj, NULL);
333
args_delProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
338
if (!JSVAL_IS_INT(id))
340
fp = (JSStackFrame *)
341
JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL);
344
JS_ASSERT(fp->argsobj);
346
slot = JSVAL_TO_INT(id);
350
SET_OVERRIDE_BIT(fp, slot);
354
if ((uintN)slot < fp->argc && !MarkArgDeleted(cx, fp, slot))
362
args_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
367
if (!JSVAL_IS_INT(id))
369
fp = (JSStackFrame *)
370
JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL);
373
JS_ASSERT(fp->argsobj);
375
slot = JSVAL_TO_INT(id);
378
if (!TEST_OVERRIDE_BIT(fp, slot))
379
*vp = OBJECT_TO_JSVAL(fp->callee);
383
if (!TEST_OVERRIDE_BIT(fp, slot))
384
*vp = INT_TO_JSVAL((jsint)fp->argc);
388
if ((uintN)slot < fp->argc && !ArgWasDeleted(cx, fp, slot))
389
*vp = fp->argv[slot];
396
args_setProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
401
if (!JSVAL_IS_INT(id))
403
fp = (JSStackFrame *)
404
JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL);
407
JS_ASSERT(fp->argsobj);
409
slot = JSVAL_TO_INT(id);
413
SET_OVERRIDE_BIT(fp, slot);
417
if (FUN_INTERPRETED(fp->fun) &&
418
(uintN)slot < fp->argc &&
419
!ArgWasDeleted(cx, fp, slot)) {
420
fp->argv[slot] = *vp;
428
args_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
439
fp = (JSStackFrame *)
440
JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL);
443
JS_ASSERT(fp->argsobj);
445
if (JSVAL_IS_INT(id)) {
446
slot = JSVAL_TO_INT(id);
447
if (slot < fp->argc && !ArgWasDeleted(cx, fp, slot)) {
448
/* XXX ECMA specs DontEnum, contrary to other array-like objects */
449
if (!js_DefineProperty(cx, obj, INT_JSVAL_TO_JSID(id),
451
args_getProperty, args_setProperty,
458
str = JSVAL_TO_STRING(id);
459
atom = cx->runtime->atomState.lengthAtom;
460
if (str == ATOM_TO_STRING(atom)) {
461
tinyid = ARGS_LENGTH;
462
value = INT_TO_JSVAL(fp->argc);
464
atom = cx->runtime->atomState.calleeAtom;
465
if (str == ATOM_TO_STRING(atom)) {
466
tinyid = ARGS_CALLEE;
467
value = OBJECT_TO_JSVAL(fp->callee);
471
/* Quell GCC overwarnings. */
477
if (atom && !TEST_OVERRIDE_BIT(fp, tinyid)) {
478
if (!js_DefineNativeProperty(cx, obj, ATOM_TO_JSID(atom), value,
479
args_getProperty, args_setProperty, 0,
480
SPROP_HAS_SHORTID, tinyid, NULL)) {
491
args_enumerate(JSContext *cx, JSObject *obj)
498
fp = (JSStackFrame *)
499
JS_GetInstancePrivate(cx, obj, &js_ArgumentsClass, NULL);
502
JS_ASSERT(fp->argsobj);
505
* Trigger reflection with value snapshot in args_resolve using a series
506
* of js_LookupProperty calls. We handle length, callee, and the indexed
507
* argument properties. We know that args_resolve covers all these cases
508
* and creates direct properties of obj, but that it may fail to resolve
509
* length or callee if overridden.
511
if (!js_LookupProperty(cx, obj,
512
ATOM_TO_JSID(cx->runtime->atomState.lengthAtom),
517
OBJ_DROP_PROPERTY(cx, pobj, prop);
519
if (!js_LookupProperty(cx, obj,
520
ATOM_TO_JSID(cx->runtime->atomState.calleeAtom),
525
OBJ_DROP_PROPERTY(cx, pobj, prop);
528
for (slot = 0; slot < argc; slot++) {
529
if (!js_LookupProperty(cx, obj, INT_TO_JSID((jsint)slot), &pobj, &prop))
532
OBJ_DROP_PROPERTY(cx, pobj, prop);
537
#if JS_HAS_GENERATORS
539
* If a generator-iterator's arguments or call object escapes, it needs to
540
* mark its generator object.
543
args_or_call_trace(JSTracer *trc, JSObject *obj)
547
fp = (JSStackFrame *) JS_GetPrivate(trc->context, obj);
548
if (fp && (fp->flags & JSFRAME_GENERATOR)) {
549
JS_CALL_OBJECT_TRACER(trc, FRAME_TO_GENERATOR(fp)->obj,
550
"FRAME_TO_GENERATOR(fp)->obj");
554
# define args_or_call_trace NULL
558
* The Arguments class is not initialized via JS_InitClass, and must not be,
559
* because its name is "Object". Per ECMA, that causes instances of it to
560
* delegate to the object named by Object.prototype. It also ensures that
561
* arguments.toString() returns "[object Object]".
563
* The JSClass functions below collaborate to lazily reflect and synchronize
564
* actual argument values, argument count, and callee function object stored
565
* in a JSStackFrame with their corresponding property values in the frame's
568
JSClass js_ArgumentsClass = {
570
JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(1) |
571
JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
572
JS_PropertyStub, args_delProperty,
573
args_getProperty, args_setProperty,
574
args_enumerate, (JSResolveOp) args_resolve,
575
JS_ConvertStub, JS_FinalizeStub,
579
JS_CLASS_TRACE(args_or_call_trace), NULL
583
js_GetCallObject(JSContext *cx, JSStackFrame *fp, JSObject *parent)
585
JSObject *callobj, *funobj;
587
/* Create a call object for fp only if it lacks one. */
589
callobj = fp->callobj;
594
/* The default call parent is its function's parent (static link). */
598
parent = OBJ_GET_PARENT(cx, funobj);
601
/* Create the call object and link it to its stack frame. */
602
callobj = js_NewObject(cx, &js_CallClass, NULL, parent);
603
if (!callobj || !JS_SetPrivate(cx, callobj, fp)) {
604
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
607
fp->callobj = callobj;
609
/* Make callobj be the scope chain and the variables object. */
610
JS_ASSERT(fp->scopeChain == parent);
611
fp->scopeChain = callobj;
612
fp->varobj = callobj;
617
call_enumerate(JSContext *cx, JSObject *obj);
620
js_PutCallObject(JSContext *cx, JSStackFrame *fp)
628
* Reuse call_enumerate here to reflect all actual args and vars into the
629
* call object from fp.
631
callobj = fp->callobj;
634
ok = call_enumerate(cx, callobj);
637
* Get the arguments object to snapshot fp's actual argument values.
640
if (!TEST_OVERRIDE_BIT(fp, CALL_ARGUMENTS)) {
641
argsid = ATOM_TO_JSID(cx->runtime->atomState.argumentsAtom);
642
aval = OBJECT_TO_JSVAL(fp->argsobj);
643
ok &= js_SetProperty(cx, callobj, argsid, &aval);
645
ok &= js_PutArgsObject(cx, fp);
649
* Clear the private pointer to fp, which is about to go away (js_Invoke).
650
* Do this last because the call_enumerate and js_GetProperty calls above
651
* need to follow the private slot to find fp.
653
ok &= JS_SetPrivate(cx, callobj, NULL);
659
call_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
664
if (!JSVAL_IS_INT(id))
666
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
671
slot = JSVAL_TO_INT(id);
674
if (!TEST_OVERRIDE_BIT(fp, slot)) {
675
JSObject *argsobj = js_GetArgsObject(cx, fp);
678
*vp = OBJECT_TO_JSVAL(argsobj);
683
if ((uintN)slot < JS_MAX(fp->argc, fp->fun->nargs))
684
*vp = fp->argv[slot];
691
call_setProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
696
if (!JSVAL_IS_INT(id))
698
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
703
slot = JSVAL_TO_INT(id);
706
SET_OVERRIDE_BIT(fp, slot);
710
if ((uintN)slot < JS_MAX(fp->argc, fp->fun->nargs))
711
fp->argv[slot] = *vp;
718
js_GetCallVariable(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
722
JS_ASSERT(JSVAL_IS_INT(id));
723
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
725
JS_ASSERT((uintN) JSVAL_TO_INT(id) < fp->nvars);
726
*vp = fp->vars[JSVAL_TO_INT(id)];
732
js_SetCallVariable(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
736
JS_ASSERT(JSVAL_IS_INT(id));
737
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
739
JS_ASSERT((uintN) JSVAL_TO_INT(id) < fp->nvars);
740
fp->vars[JSVAL_TO_INT(id)] = *vp;
746
call_enumerate(JSContext *cx, JSObject *obj)
752
JSAtom **names, *name;
757
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
760
JS_ASSERT(GET_FUNCTION_PRIVATE(cx, fp->callee) == fp->fun);
763
* Reflect actual args from fp->argv for formal parameters, and local vars
764
* and functions in fp->vars for declared variables and nested-at-top-level
768
n = fun->nargs + fun->u.i.nvars;
772
mark = JS_ARENA_MARK(&cx->tempPool);
773
names = js_GetLocalNames(cx, fun, &cx->tempPool, NULL);
777
for (i = 0; i != n; ++i) {
783
* Trigger reflection by looking up the name of the argument or
786
if (!js_LookupProperty(cx, obj, ATOM_TO_JSID(name), &pobj, &prop)) {
792
* At this point the call object always has a property corresponding
793
* to the local name because call_resolve creates the property using
796
JS_ASSERT(prop && pobj == obj);
797
slot = ((JSScopeProperty *) prop)->slot;
798
OBJ_DROP_PROPERTY(cx, pobj, prop);
800
v = (i < fun->nargs) ? fp->argv[i] : fp->vars[i - fun->nargs];
801
LOCKED_OBJ_SET_SLOT(obj, slot, v);
805
JS_ARENA_RELEASE(&cx->tempPool, mark);
806
return names != NULL;
810
call_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
816
JSLocalKind localKind;
817
JSPropertyOp getter, setter;
821
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
825
JS_ASSERT(GET_FUNCTION_PRIVATE(cx, fp->callee) == fp->fun);
827
if (!JSVAL_IS_STRING(id))
830
str = JSVAL_TO_STRING(id);
831
atom = js_AtomizeString(cx, str, 0);
835
localKind = js_LookupLocal(cx, fp->fun, atom, &slot);
836
if (localKind != JSLOCAL_NONE) {
837
if (localKind == JSLOCAL_ARG) {
838
JS_ASSERT(slot < fp->fun->nargs);
840
getter = setter = NULL;
841
attrs = JSPROP_PERMANENT;
843
JS_ASSERT(localKind == JSLOCAL_VAR || localKind == JSLOCAL_CONST);
844
JS_ASSERT(fp->fun->u.i.nvars == fp->nvars);
845
JS_ASSERT(slot < fp->nvars);
847
getter = js_GetCallVariable;
848
setter = js_SetCallVariable;
849
attrs = (localKind == JSLOCAL_CONST)
850
? JSPROP_PERMANENT | JSPROP_READONLY
853
if (!js_DefineNativeProperty(cx, obj, ATOM_TO_JSID(atom), vp[slot],
854
getter, setter, attrs,
855
SPROP_HAS_SHORTID, (int) slot, NULL)) {
863
* Resolve arguments so that we never store a particular Call object's
864
* arguments object reference in a Call prototype's |arguments| slot.
866
atom = cx->runtime->atomState.argumentsAtom;
867
if (id == ATOM_KEY(atom)) {
868
if (!js_DefineNativeProperty(cx, obj,
869
ATOM_TO_JSID(atom), JSVAL_VOID,
870
NULL, NULL, JSPROP_PERMANENT,
871
SPROP_HAS_SHORTID, CALL_ARGUMENTS,
882
call_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
886
if (type == JSTYPE_FUNCTION) {
887
fp = (JSStackFrame *) JS_GetPrivate(cx, obj);
890
*vp = OBJECT_TO_JSVAL(fp->callee);
896
JS_FRIEND_DATA(JSClass) js_CallClass = {
898
JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_IS_ANONYMOUS |
899
JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Call),
900
JS_PropertyStub, JS_PropertyStub,
901
call_getProperty, call_setProperty,
902
call_enumerate, (JSResolveOp)call_resolve,
903
call_convert, JS_FinalizeStub,
907
JS_CLASS_TRACE(args_or_call_trace), NULL,
911
* ECMA-262 specifies that length is a property of function object instances,
912
* but we can avoid that space cost by delegating to a prototype property that
913
* is JSPROP_PERMANENT and JSPROP_SHARED. Each fun_getProperty call computes
914
* a fresh length value based on the arity of the individual function object's
917
* The extensions below other than length, i.e., the ones not in ECMA-262,
918
* are neither JSPROP_READONLY nor JSPROP_SHARED, because for compatibility
919
* with ECMA we must allow a delegating object to override them. Therefore to
920
* avoid entraining garbage in Function.prototype slots, they must be resolved
921
* in non-prototype function objects, wherefore the lazy_function_props table
922
* and fun_resolve's use of it.
924
#define LENGTH_PROP_ATTRS (JSPROP_READONLY|JSPROP_PERMANENT|JSPROP_SHARED)
926
static JSPropertySpec function_props[] = {
927
{js_length_str, ARGS_LENGTH, LENGTH_PROP_ATTRS, 0,0},
931
typedef struct LazyFunctionProp {
937
/* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */
938
static LazyFunctionProp lazy_function_props[] = {
939
{ATOM_OFFSET(arguments), CALL_ARGUMENTS, JSPROP_PERMANENT},
940
{ATOM_OFFSET(arity), FUN_ARITY, JSPROP_PERMANENT},
941
{ATOM_OFFSET(caller), FUN_CALLER, JSPROP_PERMANENT},
942
{ATOM_OFFSET(name), FUN_NAME, JSPROP_PERMANENT},
946
fun_getProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
952
if (!JSVAL_IS_INT(id))
954
slot = JSVAL_TO_INT(id);
957
* Loop because getter and setter can be delegated from another class,
958
* but loop only for ARGS_LENGTH because we must pretend that f.length
959
* is in each function instance f, per ECMA-262, instead of only in the
960
* Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED
961
* to make it appear so).
963
* This code couples tightly to the attributes for the function_props[]
964
* initializers above, and to js_SetProperty and js_HasOwnPropertyHelper.
966
* It's important to allow delegating objects, even though they inherit
967
* this getter (fun_getProperty), to override arguments, arity, caller,
968
* and name. If we didn't return early for slot != ARGS_LENGTH, we would
969
* clobber *vp with the native property value, instead of letting script
970
* override that value in delegating objects.
972
* Note how that clobbering is what simulates JSPROP_READONLY for all of
973
* the non-standard properties when the directly addressed object (obj)
974
* is a function object (i.e., when this loop does not iterate).
976
while (!(fun = (JSFunction *)
977
JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL))) {
978
if (slot != ARGS_LENGTH)
980
obj = OBJ_GET_PROTO(cx, obj);
985
/* Find fun's top-most activation record. */
986
for (fp = cx->fp; fp && (fp->fun != fun || (fp->flags & JSFRAME_SPECIAL));
993
/* Warn if strict about f.arguments or equivalent unqualified uses. */
994
if (!JS_ReportErrorFlagsAndNumber(cx,
995
JSREPORT_WARNING | JSREPORT_STRICT,
996
js_GetErrorMessage, NULL,
997
JSMSG_DEPRECATED_USAGE,
1002
if (!js_GetArgsValue(cx, fp, vp))
1011
*vp = INT_TO_JSVAL((jsint)fun->nargs);
1016
? ATOM_KEY(fun->atom)
1017
: STRING_TO_JSVAL(cx->runtime->emptyString);
1021
if (fp && fp->down && fp->down->fun)
1022
*vp = OBJECT_TO_JSVAL(fp->down->callee);
1025
if (!JSVAL_IS_PRIMITIVE(*vp) && cx->runtime->checkObjectAccess) {
1026
id = ATOM_KEY(cx->runtime->atomState.callerAtom);
1027
if (!cx->runtime->checkObjectAccess(cx, obj, id, JSACC_READ, vp))
1033
/* XXX fun[0] and fun.arguments[0] are equivalent. */
1034
if (fp && fp->fun && (uintN)slot < fp->fun->nargs)
1035
*vp = fp->argv[slot];
1043
fun_enumerate(JSContext *cx, JSObject *obj)
1049
prototypeId = ATOM_TO_JSID(cx->runtime->atomState.classPrototypeAtom);
1050
if (!OBJ_LOOKUP_PROPERTY(cx, obj, prototypeId, &pobj, &prop))
1053
OBJ_DROP_PROPERTY(cx, pobj, prop);
1058
fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
1065
if (!JSVAL_IS_STRING(id))
1068
fun = GET_FUNCTION_PRIVATE(cx, obj);
1069
JS_ASSERT(fun->object);
1072
* No need to reflect fun.prototype in 'fun.prototype = ... '.
1074
* This is not just an optimization, because we must not resolve when
1075
* defining hidden properties during compilation. The setup code for the
1076
* prototype and the lazy properties below eventually calls the property
1077
* hooks for the function object. That in turn calls fun_reserveSlots to
1078
* get the number of the reserved slots which is just the number of
1079
* regular expressions literals in the function. When compiling, that
1080
* number is not yet ready so we must make sure that fun_resolve does
1081
* nothing until the code for the function is generated.
1083
if (flags & JSRESOLVE_ASSIGNING)
1087
* Ok, check whether id is 'prototype' and bootstrap the function object's
1088
* prototype property.
1090
atom = cx->runtime->atomState.classPrototypeAtom;
1091
if (id == ATOM_KEY(atom)) {
1095
* Beware of the wacky case of a user function named Object -- trying
1096
* to find a prototype for that will recur back here _ad perniciem_.
1098
if (fun->atom == CLASS_ATOM(cx, Object))
1102
* Make the prototype object to have the same parent as the function
1105
proto = js_NewObject(cx, &js_ObjectClass, NULL,
1106
OBJ_GET_PARENT(cx, obj));
1111
* ECMA (15.3.5.2) says that constructor.prototype is DontDelete for
1112
* user-defined functions, but DontEnum | ReadOnly | DontDelete for
1113
* native "system" constructors such as Object or Function. So lazily
1114
* set the former here in fun_resolve, but eagerly define the latter
1115
* in JS_InitClass, with the right attributes.
1117
if (!js_SetClassPrototype(cx, obj, proto,
1118
JSPROP_ENUMERATE | JSPROP_PERMANENT)) {
1119
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
1126
for (i = 0; i < JS_ARRAY_LENGTH(lazy_function_props); i++) {
1127
LazyFunctionProp *lfp = &lazy_function_props[i];
1129
atom = OFFSET_TO_ATOM(cx->runtime, lfp->atomOffset);
1130
if (id == ATOM_KEY(atom)) {
1131
if (!js_DefineNativeProperty(cx, obj,
1132
ATOM_TO_JSID(atom), JSVAL_VOID,
1133
NULL, NULL, lfp->attrs,
1134
SPROP_HAS_SHORTID, lfp->tinyid,
1147
fun_convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp)
1150
case JSTYPE_FUNCTION:
1151
*vp = OBJECT_TO_JSVAL(obj);
1154
return js_TryValueOf(cx, obj, type, vp);
1160
#include "jsxdrapi.h"
1162
/* XXX store parent and proto, if defined */
1164
fun_xdrObject(JSXDRState *xdr, JSObject **objp)
1168
uint32 nullAtom; /* flag to indicate if fun->atom is NULL */
1169
uintN nargs, nvars, n;
1170
uint32 localsword; /* word to xdr argument and variable counts */
1171
uint32 flagsword; /* originally only flags was JS_XDRUint8'd */
1172
JSTempValueRooter tvr;
1176
if (xdr->mode == JSXDR_ENCODE) {
1177
fun = GET_FUNCTION_PRIVATE(cx, *objp);
1178
if (!FUN_INTERPRETED(fun)) {
1179
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1180
JSMSG_NOT_SCRIPTED_FUNCTION,
1181
JS_GetFunctionName(fun));
1184
nullAtom = !fun->atom;
1186
nvars = fun->u.i.nvars;
1187
localsword = (nargs << 16) | nvars;
1188
flagsword = fun->flags;
1190
fun = js_NewFunction(cx, NULL, NULL, 0, JSFUN_INTERPRETED, NULL, NULL);
1193
STOBJ_SET_PARENT(fun->object, NULL);
1194
STOBJ_SET_PROTO(fun->object, NULL);
1196
nvars = nargs = 0; /* quell GCC uninitialized warning */
1200
/* From here on, control flow must flow through label out. */
1201
JS_PUSH_TEMP_ROOT_OBJECT(cx, fun->object, &tvr);
1204
if (!JS_XDRUint32(xdr, &nullAtom))
1206
if (!nullAtom && !js_XDRStringAtom(xdr, &fun->atom))
1208
if (!JS_XDRUint32(xdr, &localsword) ||
1209
!JS_XDRUint32(xdr, &flagsword)) {
1213
if (xdr->mode == JSXDR_DECODE) {
1214
nargs = localsword >> 16;
1215
nvars = localsword & JS_BITMASK(16);
1216
JS_ASSERT(flagsword | JSFUN_INTERPRETED);
1217
fun->flags = (uint16) flagsword;
1220
/* do arguments and local vars */
1221
if (fun->object && (n = nargs + nvars) != 0) {
1226
JSAtom **names, *name;
1227
JSLocalKind localKind;
1229
mark = JS_ARENA_MARK(&xdr->cx->tempPool);
1231
/* From this point the control must flow through label release_mark. */
1232
bitmapLength = JS_HOWMANY(n, JS_BITS_PER_UINT32);
1233
if (xdr->mode == JSXDR_ENCODE) {
1234
names = js_GetLocalNames(xdr->cx, fun, &xdr->cx->tempPool, &bitmap);
1241
names = NULL; /* quell GCC uninitialized warning */
1243
JS_ARENA_ALLOCATE_CAST(bitmap, uint32 *, &xdr->cx->tempPool,
1244
bitmapLength * sizeof *bitmap);
1246
js_ReportOutOfScriptQuota(xdr->cx);
1251
for (i = 0; i != bitmapLength; ++i) {
1252
ok = JS_XDRUint32(xdr, &bitmap[i]);
1256
for (i = 0; i != n; ++i) {
1258
!(bitmap[i / JS_BITS_PER_UINT32] &
1259
JS_BIT(i & (JS_BITS_PER_UINT32 - 1)))) {
1260
if (xdr->mode == JSXDR_DECODE) {
1261
ok = js_AddLocal(xdr->cx, fun, NULL, JSLOCAL_ARG);
1265
JS_ASSERT(!names[i]);
1269
if (xdr->mode == JSXDR_ENCODE)
1271
ok = js_XDRStringAtom(xdr, &name);
1274
if (xdr->mode == JSXDR_DECODE) {
1275
localKind = (i < nargs)
1277
: bitmap[i / JS_BITS_PER_UINT32] &
1278
JS_BIT(i & (JS_BITS_PER_UINT32 - 1))
1281
ok = js_AddLocal(xdr->cx, fun, name, localKind);
1289
JS_ARENA_RELEASE(&xdr->cx->tempPool, mark);
1293
if (xdr->mode == JSXDR_DECODE)
1294
js_FreezeLocalNames(cx, fun);
1297
if (!js_XDRScript(xdr, &fun->u.i.script, NULL))
1300
if (xdr->mode == JSXDR_DECODE) {
1301
*objp = fun->object;
1302
js_CallNewScriptHook(cx, fun->u.i.script, fun);
1306
JS_POP_TEMP_ROOT(cx, &tvr);
1314
#else /* !JS_HAS_XDR */
1316
#define fun_xdrObject NULL
1318
#endif /* !JS_HAS_XDR */
1321
* [[HasInstance]] internal method for Function objects: fetch the .prototype
1322
* property of its 'this' parameter, and walks the prototype chain of v (only
1323
* if v is an object) returning true if .prototype is found.
1326
fun_hasInstance(JSContext *cx, JSObject *obj, jsval v, JSBool *bp)
1330
if (!OBJ_GET_PROPERTY(cx, obj,
1331
ATOM_TO_JSID(cx->runtime->atomState
1332
.classPrototypeAtom),
1337
if (JSVAL_IS_PRIMITIVE(pval)) {
1339
* Throw a runtime error if instanceof is called on a function that
1340
* has a non-object as its .prototype value.
1342
js_ReportValueError(cx, JSMSG_BAD_PROTOTYPE,
1343
-1, OBJECT_TO_JSVAL(obj), NULL);
1347
return js_IsDelegate(cx, JSVAL_TO_OBJECT(pval), v, bp);
1351
fun_trace(JSTracer *trc, JSObject *obj)
1355
/* A newborn function object may have a not yet initialized private slot. */
1356
fun = (JSFunction *) JS_GetPrivate(trc->context, obj);
1358
JS_CALL_TRACER(trc, fun, JSTRACE_FUNCTION, "private");
1362
fun_reserveSlots(JSContext *cx, JSObject *obj)
1367
* We use JS_GetPrivate and not GET_FUNCTION_PRIVATE because during
1368
* js_InitFunctionClass invocation the function is called before the
1369
* private slot of the function object is set.
1371
fun = (JSFunction *) JS_GetPrivate(cx, obj);
1372
return (fun && FUN_INTERPRETED(fun) &&
1373
fun->u.i.script && fun->u.i.script->regexpsOffset != 0)
1374
? JS_SCRIPT_REGEXPS(fun->u.i.script)->length
1379
* Reserve two slots in all function objects for XPConnect. Note that this
1380
* does not bloat every instance, only those on which reserved slots are set,
1381
* and those on which ad-hoc properties are defined.
1383
JS_FRIEND_DATA(JSClass) js_FunctionClass = {
1385
JSCLASS_HAS_PRIVATE | JSCLASS_NEW_RESOLVE | JSCLASS_HAS_RESERVED_SLOTS(2) |
1386
JSCLASS_MARK_IS_TRACE | JSCLASS_HAS_CACHED_PROTO(JSProto_Function),
1387
JS_PropertyStub, JS_PropertyStub,
1388
fun_getProperty, JS_PropertyStub,
1389
fun_enumerate, (JSResolveOp)fun_resolve,
1390
fun_convert, JS_FinalizeStub,
1393
fun_xdrObject, fun_hasInstance,
1394
JS_CLASS_TRACE(fun_trace), fun_reserveSlots
1398
fun_toStringHelper(JSContext *cx, uint32 indent, uintN argc, jsval *vp)
1406
if (!VALUE_IS_FUNCTION(cx, fval)) {
1408
* If we don't have a function to start off with, try converting the
1409
* object to a function. If that doesn't work, complain.
1411
if (!JSVAL_IS_PRIMITIVE(fval)) {
1412
obj = JSVAL_TO_OBJECT(fval);
1413
if (!OBJ_GET_CLASS(cx, obj)->convert(cx, obj, JSTYPE_FUNCTION,
1419
if (!VALUE_IS_FUNCTION(cx, fval)) {
1420
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1421
JSMSG_INCOMPATIBLE_PROTO,
1422
js_Function_str, js_toString_str,
1423
JS_GetTypeName(cx, JS_TypeOfValue(cx, fval)));
1428
obj = JSVAL_TO_OBJECT(fval);
1429
if (argc != 0 && !js_ValueToECMAUint32(cx, vp[2], &indent))
1432
JS_ASSERT(JS_ObjectIsFunction(cx, obj));
1433
fun = GET_FUNCTION_PRIVATE(cx, obj);
1436
str = JS_DecompileFunction(cx, fun, (uintN)indent);
1439
*vp = STRING_TO_JSVAL(str);
1444
fun_toString(JSContext *cx, uintN argc, jsval *vp)
1446
return fun_toStringHelper(cx, 0, argc, vp);
1451
fun_toSource(JSContext *cx, uintN argc, jsval *vp)
1453
return fun_toStringHelper(cx, JS_DONT_PRETTY_PRINT, argc, vp);
1457
static const char call_str[] = "call";
1460
fun_call(JSContext *cx, uintN argc, jsval *vp)
1463
jsval fval, *argv, *invokevp;
1468
obj = JSVAL_TO_OBJECT(vp[1]);
1469
if (!OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &vp[1]))
1473
if (!VALUE_IS_FUNCTION(cx, fval)) {
1474
str = JS_ValueToString(cx, fval);
1476
const char *bytes = js_GetStringBytes(cx, str);
1479
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1480
JSMSG_INCOMPATIBLE_PROTO,
1481
js_Function_str, call_str,
1490
/* Call fun with its global object as the 'this' param if no args. */
1493
/* Otherwise convert the first arg to 'this' and skip over it. */
1494
if (!JSVAL_IS_PRIMITIVE(argv[0]))
1495
obj = JSVAL_TO_OBJECT(argv[0]);
1496
else if (!js_ValueToObject(cx, argv[0], &obj))
1502
/* Allocate stack space for fval, obj, and the args. */
1503
invokevp = js_AllocStack(cx, 2 + argc, &mark);
1507
/* Push fval, obj, and the args. */
1509
invokevp[1] = OBJECT_TO_JSVAL(obj);
1510
memcpy(invokevp + 2, argv, argc * sizeof *argv);
1512
ok = js_Invoke(cx, argc, invokevp, JSINVOKE_INTERNAL);
1514
js_FreeStack(cx, mark);
1519
fun_apply(JSContext *cx, uintN argc, jsval *vp)
1521
JSObject *obj, *aobj;
1522
jsval fval, *invokevp, *sp;
1525
JSBool arraylike, ok;
1530
/* Will get globalObject as 'this' and no other arguments. */
1531
return fun_call(cx, argc, vp);
1534
obj = JSVAL_TO_OBJECT(vp[1]);
1535
if (!OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &vp[1]))
1539
if (!VALUE_IS_FUNCTION(cx, fval)) {
1540
str = JS_ValueToString(cx, fval);
1542
const char *bytes = js_GetStringBytes(cx, str);
1545
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1546
JSMSG_INCOMPATIBLE_PROTO,
1547
js_Function_str, "apply",
1554
/* Quell GCC overwarnings. */
1559
/* If the 2nd arg is null or void, call the function with 0 args. */
1560
if (JSVAL_IS_NULL(vp[3]) || JSVAL_IS_VOID(vp[3])) {
1563
/* The second arg must be an array (or arguments object). */
1564
arraylike = JS_FALSE;
1565
if (!JSVAL_IS_PRIMITIVE(vp[3])) {
1566
aobj = JSVAL_TO_OBJECT(vp[3]);
1567
if (!js_IsArrayLike(cx, aobj, &arraylike, &length))
1571
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1572
JSMSG_BAD_APPLY_ARGS, "apply");
1578
/* Convert the first arg to 'this' and skip over it. */
1579
if (!JSVAL_IS_PRIMITIVE(vp[2]))
1580
obj = JSVAL_TO_OBJECT(vp[2]);
1581
else if (!js_ValueToObject(cx, vp[2], &obj))
1584
/* Allocate stack space for fval, obj, and the args. */
1585
argc = (uintN)JS_MIN(length, ARRAY_INIT_LIMIT - 1);
1586
invokevp = js_AllocStack(cx, 2 + argc, &mark);
1590
/* Push fval, obj, and aobj's elements as args. */
1593
*sp++ = OBJECT_TO_JSVAL(obj);
1594
for (i = 0; i < argc; i++) {
1595
ok = JS_GetElement(cx, aobj, (jsint)i, sp);
1601
ok = js_Invoke(cx, argc, invokevp, JSINVOKE_INTERNAL);
1604
js_FreeStack(cx, mark);
1610
fun_applyConstructor(JSContext *cx, uintN argc, jsval *vp)
1615
jsval *invokevp, *sp;
1618
if (JSVAL_IS_PRIMITIVE(vp[2]) ||
1619
(aobj = JSVAL_TO_OBJECT(vp[2]),
1620
OBJ_GET_CLASS(cx, aobj) != &js_ArrayClass &&
1621
OBJ_GET_CLASS(cx, aobj) != &js_ArgumentsClass)) {
1622
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1623
JSMSG_BAD_APPLY_ARGS, "__applyConstruct__");
1627
if (!js_GetLengthProperty(cx, aobj, &length))
1630
if (length >= ARRAY_INIT_LIMIT)
1631
length = ARRAY_INIT_LIMIT - 1;
1632
invokevp = js_AllocStack(cx, 2 + length, &mark);
1638
*sp++ = JSVAL_NULL; /* This is filled automagically. */
1639
for (i = 0; i < length; i++) {
1640
ok = JS_GetElement(cx, aobj, (jsint)i, sp);
1646
ok = js_InvokeConstructor(cx, invokevp, length);
1649
js_FreeStack(cx, mark);
1654
static JSFunctionSpec function_methods[] = {
1656
JS_FN(js_toSource_str, fun_toSource, 0,0,0),
1658
JS_FN(js_toString_str, fun_toString, 0,0,0),
1659
JS_FN("apply", fun_apply, 0,2,0),
1660
JS_FN(call_str, fun_call, 0,1,0),
1662
JS_FN("__applyConstructor__", fun_applyConstructor, 0,1,0),
1668
Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
1670
JSStackFrame *fp, *caller;
1675
const char *filename;
1677
JSString *str, *arg;
1679
JSPrincipals *principals;
1680
jschar *collected_args, *cp;
1682
size_t arg_length, args_length, old_args_length;
1686
if (!(fp->flags & JSFRAME_CONSTRUCTING)) {
1687
obj = js_NewObject(cx, &js_FunctionClass, NULL, NULL);
1690
*rval = OBJECT_TO_JSVAL(obj);
1694
* The constructor is called before the private slot is initialized so we
1695
* must use JS_GetPrivate, not GET_FUNCTION_PRIVATE here.
1697
fun = (JSFunction *) JS_GetPrivate(cx, obj);
1702
* NB: (new Function) is not lexically closed by its caller, it's just an
1703
* anonymous function in the top-level scope that its constructor inhabits.
1704
* Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42,
1705
* and so would a call to f from another top-level's script or function.
1707
* In older versions, before call objects, a new Function was adopted by
1708
* its running context's globalObject, which might be different from the
1709
* top-level reachable from scopeChain (in HTML frames, e.g.).
1711
parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(argv[-2]));
1713
fun = js_NewFunction(cx, obj, NULL, 0, JSFUN_LAMBDA | JSFUN_INTERPRETED,
1714
parent, cx->runtime->atomState.anonymousAtom);
1720
* Function is static and not called directly by other functions in this
1721
* file, therefore it is callable only as a native function by js_Invoke.
1722
* Find the scripted caller, possibly skipping other native frames such as
1723
* are built for Function.prototype.call or .apply activations that invoke
1724
* Function indirectly from a script.
1726
JS_ASSERT(!fp->script && fp->fun && fp->fun->u.n.native == Function);
1727
caller = JS_GetScriptedCaller(cx, fp);
1729
filename = caller->script->filename;
1730
lineno = js_PCToLineNumber(cx, caller->script, caller->pc);
1731
principals = JS_EvalFramePrincipals(cx, fp, caller);
1738
/* Belt-and-braces: check that the caller has access to parent. */
1739
if (!js_CheckPrincipalsAccess(cx, parent, principals,
1740
CLASS_ATOM(cx, Function))) {
1744
n = argc ? argc - 1 : 0;
1746
enum { OK, BAD, BAD_FORMAL } state;
1749
* Collect the function-argument arguments into one string, separated
1750
* by commas, then make a tokenstream from that string, and scan it to
1751
* get the arguments. We need to throw the full scanner at the
1752
* problem, because the argument string can legitimately contain
1753
* comments and linefeeds. XXX It might be better to concatenate
1754
* everything up into a function definition and pass it to the
1755
* compiler, but doing it this way is less of a delta from the old
1756
* code. See ECMA 15.3.2.1.
1760
for (i = 0; i < n; i++) {
1761
/* Collect the lengths for all the function-argument arguments. */
1762
arg = js_ValueToString(cx, argv[i]);
1765
argv[i] = STRING_TO_JSVAL(arg);
1768
* Check for overflow. The < test works because the maximum
1769
* JSString length fits in 2 fewer bits than size_t has.
1771
old_args_length = args_length;
1772
args_length = old_args_length + JSSTRING_LENGTH(arg);
1773
if (args_length < old_args_length) {
1774
JS_ReportOutOfMemory(cx);
1779
/* Add 1 for each joining comma and check for overflow (two ways). */
1780
old_args_length = args_length;
1781
args_length = old_args_length + n - 1;
1782
if (args_length < old_args_length ||
1783
args_length >= ~(size_t)0 / sizeof(jschar)) {
1784
JS_ReportOutOfMemory(cx);
1789
* Allocate a string to hold the concatenated arguments, including room
1790
* for a terminating 0. Mark cx->tempPool for later release, to free
1791
* collected_args and its tokenstream in one swoop.
1793
mark = JS_ARENA_MARK(&cx->tempPool);
1794
JS_ARENA_ALLOCATE_CAST(cp, jschar *, &cx->tempPool,
1795
(args_length+1) * sizeof(jschar));
1797
js_ReportOutOfScriptQuota(cx);
1800
collected_args = cp;
1803
* Concatenate the arguments into the new string, separated by commas.
1805
for (i = 0; i < n; i++) {
1806
arg = JSVAL_TO_STRING(argv[i]);
1807
arg_length = JSSTRING_LENGTH(arg);
1808
(void) js_strncpy(cp, JSSTRING_CHARS(arg), arg_length);
1811
/* Add separating comma or terminating 0. */
1812
*cp++ = (i + 1 < n) ? ',' : 0;
1815
/* Initialize a tokenstream that reads from the given string. */
1816
if (!js_InitTokenStream(cx, &ts, collected_args, args_length,
1817
NULL, filename, lineno)) {
1818
JS_ARENA_RELEASE(&cx->tempPool, mark);
1822
/* The argument string may be empty or contain no tokens. */
1823
tt = js_GetToken(cx, &ts);
1824
if (tt != TOK_EOF) {
1827
* Check that it's a name. This also implicitly guards against
1828
* TOK_ERROR, which was already reported.
1834
* Get the atom corresponding to the name from the token
1835
* stream; we're assured at this point that it's a valid
1838
atom = CURRENT_TOKEN(&ts).t_atom;
1840
/* Check for a duplicate parameter name. */
1841
if (js_LookupLocal(cx, fun, atom, NULL) != JSLOCAL_NONE) {
1844
name = js_AtomToPrintableString(cx, atom);
1846
js_ReportCompileErrorNumber(cx, &ts, NULL,
1849
JSMSG_DUPLICATE_FORMAL,
1854
if (!js_AddLocal(cx, fun, atom, JSLOCAL_ARG))
1858
* Get the next token. Stop on end of stream. Otherwise
1859
* insist on a comma, get another name, and iterate.
1861
tt = js_GetToken(cx, &ts);
1864
if (tt != TOK_COMMA)
1866
tt = js_GetToken(cx, &ts);
1872
if (state == BAD_FORMAL && !(ts.flags & TSF_ERROR)) {
1874
* Report "malformed formal parameter" iff no illegal char or
1875
* similar scanner error was already reported.
1877
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
1880
js_CloseTokenStream(cx, &ts);
1881
JS_ARENA_RELEASE(&cx->tempPool, mark);
1887
str = js_ValueToString(cx, argv[argc-1]);
1890
argv[argc-1] = STRING_TO_JSVAL(str);
1892
str = cx->runtime->emptyString;
1895
return js_CompileFunctionBody(cx, fun, principals,
1896
JSSTRING_CHARS(str), JSSTRING_LENGTH(str),
1901
js_InitFunctionClass(JSContext *cx, JSObject *obj)
1907
proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1,
1908
function_props, function_methods, NULL, NULL);
1911
atom = js_Atomize(cx, js_FunctionClass.name, strlen(js_FunctionClass.name),
1915
fun = js_NewFunction(cx, proto, NULL, 0, JSFUN_INTERPRETED, obj, NULL);
1918
fun->u.i.script = js_NewScript(cx, 1, 0, 0, 0, 0, 0);
1919
if (!fun->u.i.script)
1921
fun->u.i.script->code[0] = JSOP_STOP;
1925
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
1930
js_InitCallClass(JSContext *cx, JSObject *obj)
1934
proto = JS_InitClass(cx, obj, NULL, &js_CallClass, NULL, 0,
1935
NULL, NULL, NULL, NULL);
1940
* Null Call.prototype's proto slot so that Object.prototype.* does not
1941
* pollute the scope of heavyweight functions.
1943
OBJ_SET_PROTO(cx, proto, NULL);
1948
js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
1949
uintN flags, JSObject *parent, JSAtom *atom)
1952
JSTempValueRooter tvr;
1954
/* If funobj is null, allocate an object for it. */
1956
OBJ_SET_PARENT(cx, funobj, parent);
1958
funobj = js_NewObject(cx, &js_FunctionClass, NULL, parent);
1963
/* Protect fun from any potential GC callback. */
1964
JS_PUSH_SINGLE_TEMP_ROOT(cx, OBJECT_TO_JSVAL(funobj), &tvr);
1967
* Allocate fun after allocating funobj so allocations in js_NewObject
1968
* and hooks called from it do not wipe out fun from newborn[GCX_FUNCTION].
1970
fun = (JSFunction *) js_NewGCThing(cx, GCX_FUNCTION, sizeof(JSFunction));
1974
/* Initialize all function members. */
1977
fun->flags = flags & (JSFUN_FLAGS_MASK | JSFUN_INTERPRETED);
1978
if (flags & JSFUN_INTERPRETED) {
1980
JS_ASSERT(nargs == 0);
1983
fun->u.i.script = NULL;
1985
fun->u.i.names.taggedAtom = 0;
1988
fun->u.n.native = native;
1990
fun->u.n.minargs = 0;
1991
fun->u.n.clasp = NULL;
1995
/* Link fun to funobj and vice versa. */
1996
if (!js_LinkFunctionObject(cx, fun, funobj)) {
1997
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
2002
JS_POP_TEMP_ROOT(cx, &tvr);
2007
TraceLocalNames(JSTracer *trc, JSFunction *fun);
2010
js_TraceFunction(JSTracer *trc, JSFunction *fun)
2013
JS_CALL_OBJECT_TRACER(trc, fun->object, "object");
2015
JS_CALL_STRING_TRACER(trc, ATOM_TO_STRING(fun->atom), "atom");
2016
if (FUN_INTERPRETED(fun)) {
2017
if (fun->u.i.script)
2018
js_TraceScript(trc, fun->u.i.script);
2019
TraceLocalNames(trc, fun);
2024
DestroyLocalNames(JSContext *cx, JSFunction *fun);
2027
js_FinalizeFunction(JSContext *cx, JSFunction *fun)
2030
* Null-check of i.script is required since the parser sets interpreted
2033
if (FUN_INTERPRETED(fun)) {
2034
if (fun->u.i.script)
2035
js_DestroyScript(cx, fun->u.i.script);
2036
DestroyLocalNames(cx, fun);
2041
js_CloneFunctionObject(JSContext *cx, JSObject *funobj, JSObject *parent)
2043
JSObject *newfunobj;
2046
JS_ASSERT(OBJ_GET_CLASS(cx, funobj) == &js_FunctionClass);
2047
newfunobj = js_NewObject(cx, &js_FunctionClass, NULL, parent);
2050
fun = GET_FUNCTION_PRIVATE(cx, funobj);
2051
if (!js_LinkFunctionObject(cx, fun, newfunobj)) {
2052
cx->weakRoots.newborn[GCX_OBJECT] = NULL;
2059
js_LinkFunctionObject(JSContext *cx, JSFunction *fun, JSObject *funobj)
2062
fun->object = funobj;
2063
return JS_SetPrivate(cx, funobj, fun);
2067
js_DefineFunction(JSContext *cx, JSObject *obj, JSAtom *atom, JSNative native,
2068
uintN nargs, uintN attrs)
2072
fun = js_NewFunction(cx, NULL, native, nargs, attrs, obj, atom);
2075
if (!OBJ_DEFINE_PROPERTY(cx, obj, ATOM_TO_JSID(atom),
2076
OBJECT_TO_JSVAL(fun->object),
2078
attrs & ~JSFUN_FLAGS_MASK, NULL)) {
2084
#if (JSV2F_CONSTRUCT & JSV2F_SEARCH_STACK)
2085
# error "JSINVOKE_CONSTRUCT and JSV2F_SEARCH_STACK are not disjoint!"
2089
js_ValueToFunction(JSContext *cx, jsval *vp, uintN flags)
2096
if (JSVAL_IS_OBJECT(v)) {
2097
obj = JSVAL_TO_OBJECT(v);
2098
if (obj && OBJ_GET_CLASS(cx, obj) != &js_FunctionClass) {
2099
if (!OBJ_DEFAULT_VALUE(cx, obj, JSTYPE_FUNCTION, &v))
2101
obj = VALUE_IS_FUNCTION(cx, v) ? JSVAL_TO_OBJECT(v) : NULL;
2105
js_ReportIsNotFunction(cx, vp, flags);
2108
return GET_FUNCTION_PRIVATE(cx, obj);
2112
js_ValueToFunctionObject(JSContext *cx, jsval *vp, uintN flags)
2116
JSStackFrame *caller;
2117
JSPrincipals *principals;
2119
if (VALUE_IS_FUNCTION(cx, *vp))
2120
return JSVAL_TO_OBJECT(*vp);
2122
fun = js_ValueToFunction(cx, vp, flags);
2125
funobj = fun->object;
2126
*vp = OBJECT_TO_JSVAL(funobj);
2128
caller = JS_GetScriptedCaller(cx, cx->fp);
2130
principals = caller->script->principals;
2132
/* No scripted caller, don't allow access. */
2136
if (!js_CheckPrincipalsAccess(cx, funobj, principals,
2139
: cx->runtime->atomState.anonymousAtom)) {
2146
js_ValueToCallableObject(JSContext *cx, jsval *vp, uintN flags)
2150
callable = JSVAL_IS_PRIMITIVE(*vp) ? NULL : JSVAL_TO_OBJECT(*vp);
2152
((callable->map->ops == &js_ObjectOps)
2153
? OBJ_GET_CLASS(cx, callable)->call
2154
: callable->map->ops->call)) {
2155
*vp = OBJECT_TO_JSVAL(callable);
2157
callable = js_ValueToFunctionObject(cx, vp, flags);
2163
js_ReportIsNotFunction(JSContext *cx, jsval *vp, uintN flags)
2167
const char *name, *source;
2169
for (fp = cx->fp; fp && !fp->spbase; fp = fp->down)
2173
if (flags & JSV2F_ITERATOR) {
2174
error = JSMSG_BAD_ITERATOR;
2175
name = js_iterator_str;
2176
source = js_ValueToPrintableSource(cx, *vp);
2179
} else if (flags & JSV2F_CONSTRUCT) {
2180
error = JSMSG_NOT_CONSTRUCTOR;
2182
error = JSMSG_NOT_FUNCTION;
2185
js_ReportValueError3(cx, error,
2186
(fp && fp->spbase <= vp && vp < fp->sp)
2188
: (flags & JSV2F_SEARCH_STACK)
2189
? JSDVG_SEARCH_STACK
2190
: JSDVG_IGNORE_STACK,
2196
* When a function has between 2 and MAX_ARRAY_LOCALS arguments and variables,
2197
* their name are stored as the JSLocalNames.array.
2199
#define MAX_ARRAY_LOCALS 8
2201
JS_STATIC_ASSERT(2 <= MAX_ARRAY_LOCALS);
2202
JS_STATIC_ASSERT(MAX_ARRAY_LOCALS < JS_BITMASK(16));
2205
* We use the lowest bit of the string atom to distinguish const from var
2206
* name when there is only single name or when names are stored as an array.
2208
JS_STATIC_ASSERT((JSVAL_STRING & 1) == 0);
2211
* When we use a hash table to store the local names, we use a singly linked
2212
* list to record the indexes of duplicated parameter names to preserve the
2213
* duplicates for the decompiler.
2215
typedef struct JSNameIndexPair JSNameIndexPair;
2217
struct JSNameIndexPair {
2220
JSNameIndexPair *link;
2223
struct JSLocalNameMap {
2225
JSNameIndexPair *lastdup;
2228
typedef struct JSLocalNameHashEntry {
2229
JSDHashEntryHdr hdr;
2233
} JSLocalNameHashEntry;
2236
FreeLocalNameHash(JSContext *cx, JSLocalNameMap *map)
2238
JSNameIndexPair *dup, *next;
2240
for (dup = map->lastdup; dup; dup = next) {
2244
JS_DHashTableFinish(&map->names);
2249
HashLocalName(JSContext *cx, JSLocalNameMap *map, JSAtom *name,
2250
JSLocalKind localKind, uintN index)
2252
JSLocalNameHashEntry *entry;
2253
JSNameIndexPair *dup;
2255
JS_ASSERT(index <= JS_BITMASK(16));
2256
#if JS_HAS_DESTRUCTURING
2258
/* A destructuring pattern does not need a hash entry. */
2259
JS_ASSERT(localKind == JSLOCAL_ARG);
2263
JS_ASSERT(ATOM_IS_STRING(name));
2264
entry = (JSLocalNameHashEntry *)
2265
JS_DHashTableOperate(&map->names, name, JS_DHASH_ADD);
2267
JS_ReportOutOfMemory(cx);
2271
JS_ASSERT(entry->name == name);
2272
JS_ASSERT(entry->localKind == JSLOCAL_ARG);
2273
dup = (JSNameIndexPair *) JS_malloc(cx, sizeof *dup);
2276
dup->name = entry->name;
2277
dup->index = entry->index;
2278
dup->link = map->lastdup;
2282
entry->index = (uint16) index;
2283
entry->localKind = (uint8) localKind;
2288
js_AddLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, JSLocalKind kind)
2294
JSLocalNameMap *map;
2296
JS_ASSERT(FUN_INTERPRETED(fun));
2297
JS_ASSERT(!fun->u.i.script);
2298
JS_ASSERT(((jsuword) atom & 1) == 0);
2299
taggedAtom = (jsuword) atom;
2300
if (kind == JSLOCAL_ARG) {
2301
indexp = &fun->nargs;
2303
indexp = &fun->u.i.nvars;
2304
if (kind == JSLOCAL_CONST)
2307
JS_ASSERT(kind == JSLOCAL_VAR);
2309
n = fun->nargs + fun->u.i.nvars;
2311
JS_ASSERT(fun->u.i.names.taggedAtom == 0);
2312
fun->u.i.names.taggedAtom = taggedAtom;
2313
} else if (n < MAX_ARRAY_LOCALS) {
2315
array = fun->u.i.names.array;
2317
array = (jsuword *) JS_malloc(cx, MAX_ARRAY_LOCALS * sizeof *array);
2320
array[0] = fun->u.i.names.taggedAtom;
2321
fun->u.i.names.array = array;
2323
if (kind == JSLOCAL_ARG) {
2325
* A destructuring argument pattern adds variables, not arguments,
2326
* so for the following arguments nvars != 0.
2328
#if JS_HAS_DESTRUCTURING
2329
if (fun->u.i.nvars != 0) {
2330
memmove(array + fun->nargs + 1, array + fun->nargs,
2331
fun->u.i.nvars * sizeof *array);
2334
JS_ASSERT(fun->u.i.nvars == 0);
2336
array[fun->nargs] = taggedAtom;
2338
array[n] = taggedAtom;
2340
} else if (n == MAX_ARRAY_LOCALS) {
2341
array = fun->u.i.names.array;
2342
map = (JSLocalNameMap *) JS_malloc(cx, sizeof *map);
2345
if (!JS_DHashTableInit(&map->names, JS_DHashGetStubOps(),
2346
NULL, sizeof(JSLocalNameHashEntry),
2347
JS_DHASH_DEFAULT_CAPACITY(MAX_ARRAY_LOCALS
2349
JS_ReportOutOfMemory(cx);
2354
map->lastdup = NULL;
2355
for (i = 0; i != MAX_ARRAY_LOCALS; ++i) {
2356
taggedAtom = array[i];
2357
if (!HashLocalName(cx, map, (JSAtom *) (taggedAtom & ~1),
2360
: (taggedAtom & 1) ? JSLOCAL_CONST : JSLOCAL_VAR,
2361
(i < fun->nargs) ? i : i - fun->nargs)) {
2362
FreeLocalNameHash(cx, map);
2366
if (!HashLocalName(cx, map, atom, kind, *indexp)) {
2367
FreeLocalNameHash(cx, map);
2372
* At this point the entry is added and we cannot fail. It is time
2373
* to replace fun->u.i.names with the built map.
2375
fun->u.i.names.map = map;
2378
if (*indexp == JS_BITMASK(16)) {
2379
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
2380
(kind == JSLOCAL_ARG)
2381
? JSMSG_TOO_MANY_FUN_ARGS
2382
: JSMSG_TOO_MANY_FUN_VARS);
2385
if (!HashLocalName(cx, fun->u.i.names.map, atom, kind, *indexp))
2389
/* Update the argument or variable counter. */
2395
js_LookupLocal(JSContext *cx, JSFunction *fun, JSAtom *atom, uintN *indexp)
2399
JSLocalNameHashEntry *entry;
2401
JS_ASSERT(FUN_INTERPRETED(fun));
2402
n = fun->nargs + fun->u.i.nvars;
2404
return JSLOCAL_NONE;
2405
if (n <= MAX_ARRAY_LOCALS) {
2406
array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2408
/* Search from the tail to pick up the last duplicated name. */
2412
if (atom == (JSAtom *) (array[i] & ~1)) {
2413
if (i < fun->nargs) {
2419
*indexp = i - fun->nargs;
2420
return (array[i] & 1) ? JSLOCAL_CONST : JSLOCAL_VAR;
2424
entry = (JSLocalNameHashEntry *)
2425
JS_DHashTableOperate(&fun->u.i.names.map->names, atom,
2427
if (JS_DHASH_ENTRY_IS_BUSY(&entry->hdr)) {
2428
JS_ASSERT(entry->localKind != JSLOCAL_NONE);
2430
*indexp = entry->index;
2431
return (JSLocalKind) entry->localKind;
2434
return JSLOCAL_NONE;
2437
typedef struct JSGetLocalNamesArgs {
2445
} JSGetLocalNamesArgs;
2447
#define SET_BIT32(bitmap, bit) \
2448
((bitmap)[(bit) >> JS_BITS_PER_UINT32_LOG2] |= \
2449
JS_BIT((bit) & (JS_BITS_PER_UINT32 - 1)))
2451
JS_STATIC_DLL_CALLBACK(JSDHashOperator)
2452
get_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2453
uint32 number, void *arg)
2455
JSLocalNameHashEntry *entry;
2456
JSGetLocalNamesArgs *args;
2459
entry = (JSLocalNameHashEntry *) hdr;
2460
args = (JSGetLocalNamesArgs *) arg;
2461
JS_ASSERT(entry->name);
2462
if (entry->localKind == JSLOCAL_ARG) {
2463
JS_ASSERT(entry->index < args->fun->nargs);
2464
JS_ASSERT(args->nCopiedArgs++ < args->fun->nargs);
2467
JS_ASSERT(entry->localKind == JSLOCAL_VAR ||
2468
entry->localKind == JSLOCAL_CONST);
2469
JS_ASSERT(entry->index < args->fun->u.i.nvars);
2470
JS_ASSERT(args->nCopiedVars++ < args->fun->u.i.nvars);
2471
i = args->fun->nargs + entry->index;
2473
args->names[i] = entry->name;
2474
if (args->bitmap && entry->localKind != JSLOCAL_VAR)
2475
SET_BIT32(args->bitmap, i);
2476
return JS_DHASH_NEXT;
2480
js_GetLocalNames(JSContext *cx, JSFunction *fun, JSArenaPool *pool,
2487
JSLocalNameMap *map;
2488
JSGetLocalNamesArgs args;
2489
JSNameIndexPair *dup;
2491
JS_ASSERT(FUN_INTERPRETED(fun));
2492
JS_ASSERT(OBJ_IS_NATIVE(fun->object));
2493
n = fun->nargs + fun->u.i.nvars;
2495
allocsize = n * sizeof *names;
2497
allocsize += JS_HOWMANY(n, JS_BITS_PER_UINT32) * sizeof(uint32);
2498
JS_ARENA_ALLOCATE_CAST(names, JSAtom **, pool, allocsize);
2500
js_ReportOutOfScriptQuota(cx);
2504
#if JS_HAS_DESTRUCTURING
2505
/* Some parameter names can be NULL due to destructuring patterns. */
2506
memset(names, 0, fun->nargs * sizeof *names);
2509
*bitmap = (uint32 *) (names + n);
2510
memset(*bitmap, 0, JS_HOWMANY(n, JS_BITS_PER_UINT32) * sizeof(uint32));
2513
if (n <= MAX_ARRAY_LOCALS) {
2514
array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2519
names[i] = (JSAtom *) (array[i] & ~1);
2521
(i < fun->nargs ? array[i] != 0 : array[i] & 1)) {
2522
SET_BIT32(*bitmap, i);
2526
map = fun->u.i.names.map;
2529
args.bitmap = bitmap ? *bitmap : NULL;
2531
args.nCopiedArgs = 0;
2532
args.nCopiedVars = 0;
2534
JS_DHashTableEnumerate(&map->names, get_local_names_enumerator, &args);
2535
for (dup = map->lastdup; dup; dup = dup->link) {
2536
JS_ASSERT(dup->index < fun->nargs);
2537
JS_ASSERT(args.nCopiedArgs++ < fun->nargs);
2538
names[dup->index] = dup->name;
2540
SET_BIT32(*bitmap, dup->index);
2542
#if !JS_HAS_DESTRUCTURING
2543
JS_ASSERT(args.nCopiedArgs == fun->nargs);
2545
JS_ASSERT(args.nCopiedVars == fun->u.i.nvars);
2551
JS_STATIC_DLL_CALLBACK(JSDHashOperator)
2552
trace_local_names_enumerator(JSDHashTable *table, JSDHashEntryHdr *hdr,
2553
uint32 number, void *arg)
2555
JSLocalNameHashEntry *entry;
2558
entry = (JSLocalNameHashEntry *) hdr;
2559
JS_ASSERT(entry->name);
2560
trc = (JSTracer *) arg;
2561
JS_SET_TRACING_INDEX(trc,
2562
entry->localKind == JSLOCAL_ARG ? "arg" : "var",
2564
JS_CallTracer(trc, ATOM_TO_STRING(entry->name), JSTRACE_STRING);
2565
return JS_DHASH_NEXT;
2569
TraceLocalNames(JSTracer *trc, JSFunction *fun)
2575
JS_ASSERT(FUN_INTERPRETED(fun));
2576
n = fun->nargs + fun->u.i.nvars;
2579
if (n <= MAX_ARRAY_LOCALS) {
2580
array = (n == 1) ? &fun->u.i.names.taggedAtom : fun->u.i.names.array;
2584
atom = (JSAtom *) (array[i] & ~1);
2586
JS_SET_TRACING_INDEX(trc,
2587
i < fun->nargs ? "arg" : "var",
2588
i < fun->nargs ? i : i - fun->nargs);
2589
JS_CallTracer(trc, ATOM_TO_STRING(atom), JSTRACE_STRING);
2593
JS_DHashTableEnumerate(&fun->u.i.names.map->names,
2594
trace_local_names_enumerator, trc);
2597
* No need to trace the list of duplicates in map->lastdup as the
2598
* names there are traced when enumerating the hash table.
2604
DestroyLocalNames(JSContext *cx, JSFunction *fun)
2608
n = fun->nargs + fun->u.i.nvars;
2611
if (n <= MAX_ARRAY_LOCALS)
2612
JS_free(cx, fun->u.i.names.array);
2614
FreeLocalNameHash(cx, fun->u.i.names.map);
2618
js_FreezeLocalNames(JSContext *cx, JSFunction *fun)
2623
JS_ASSERT(FUN_INTERPRETED(fun));
2624
JS_ASSERT(!fun->u.i.script);
2625
n = fun->nargs + fun->u.i.nvars;
2626
if (2 <= n && n < MAX_ARRAY_LOCALS) {
2627
/* Shrink over-allocated array ignoring realloc failures. */
2628
array = (jsuword *) JS_realloc(cx, fun->u.i.names.array,
2631
fun->u.i.names.array = array;