DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * vim: set ts=8 sts=2 et sw=2 tw=80:
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef vm_JSFunction_h
#define vm_JSFunction_h

/*
 * JS function definitions.
 */

#include "jstypes.h"

#include "vm/JSObject.h"
#include "vm/JSScript.h"

namespace js {

class FunctionExtended;
struct SelfHostedLazyScript;

typedef JSNative Native;
}  // namespace js

static const uint32_t JSSLOT_BOUND_FUNCTION_TARGET = 2;
static const uint32_t JSSLOT_BOUND_FUNCTION_THIS = 3;
static const uint32_t JSSLOT_BOUND_FUNCTION_ARGS = 4;

static const char FunctionConstructorMedialSigils[] = ") {\n";
static const char FunctionConstructorFinalBrace[] = "\n}";

enum class FunctionPrefixKind { None, Get, Set };

class FunctionFlags {
 public:
  enum FunctionKind {
    NormalFunction = 0,
    Arrow,  /* ES6 '(args) => body' syntax */
    Method, /* ES6 MethodDefinition */
    ClassConstructor,
    Getter,
    Setter,
    AsmJS, /* function is an asm.js module or exported function */
    Wasm,  /* function is an exported WebAssembly function */
    FunctionKindLimit
  };

  // I wish I didn't have to name this enum it makes consumers uglier
  enum Flags {
    INTERPRETED = 0x0001, /* function has a JSScript and environment. */
    CONSTRUCTOR = 0x0002, /* function that can be called as a constructor */
    EXTENDED = 0x0004,    /* structure is FunctionExtended */
    BOUND_FUN = 0x0008, /* function was created with Function.prototype.bind. */
    WASM_JIT_ENTRY = 0x0010,   /* the wasm function has a jit entry */
    HAS_GUESSED_ATOM = 0x0020, /* function had no explicit name, but a
                                  name was guessed for it anyway. See
                                  atom_ for more info about this flag. */
    HAS_BOUND_FUNCTION_NAME_PREFIX =
        0x0020,      /* bound functions reuse the HAS_GUESSED_ATOM
                        flag to track if atom_ already contains the
                        "bound " function name prefix */
    LAMBDA = 0x0040, /* function comes from a FunctionExpression, ArrowFunction,
                        or Function() call (not a FunctionDeclaration or
                        nonstandard function-statement) */
    SELF_HOSTED =
        0x0080, /* On an interpreted function, indicates a self-hosted builtin,
                   which must not be decompilable nor constructible. On a native
                   function, indicates an 'intrinsic', intended for use from
                   self-hosted code only. */
    HAS_INFERRED_NAME = 0x0100, /* function had no explicit name, but a name was
                                   set by SetFunctionName at compile time or
                                   SetFunctionName at runtime. See atom_ for
                                   more info about this flag. */
    INTERPRETED_LAZY =
        0x0200, /* function is interpreted but doesn't have a script yet */
    RESOLVED_LENGTH =
        0x0400,             /* f.length has been resolved (see fun_resolve). */
    RESOLVED_NAME = 0x0800, /* f.name has been resolved (see fun_resolve). */
    NEW_SCRIPT_CLEARED =
        0x1000, /* For a function used as an interpreted constructor, whether
                   a 'new' type had constructor information cleared. */

    FUNCTION_KIND_SHIFT = 13,
    FUNCTION_KIND_MASK = 0x7 << FUNCTION_KIND_SHIFT,

    ASMJS_KIND = AsmJS << FUNCTION_KIND_SHIFT,
    WASM_KIND = Wasm << FUNCTION_KIND_SHIFT,
    ARROW_KIND = Arrow << FUNCTION_KIND_SHIFT,
    METHOD_KIND = Method << FUNCTION_KIND_SHIFT,
    CLASSCONSTRUCTOR_KIND = ClassConstructor << FUNCTION_KIND_SHIFT,
    GETTER_KIND = Getter << FUNCTION_KIND_SHIFT,
    SETTER_KIND = Setter << FUNCTION_KIND_SHIFT,

    /* Derived Flags values for convenience: */
    NATIVE_FUN = 0,
    NATIVE_CTOR = NATIVE_FUN | CONSTRUCTOR,
    NATIVE_CLASS_CTOR = NATIVE_FUN | CONSTRUCTOR | CLASSCONSTRUCTOR_KIND,
    ASMJS_CTOR = ASMJS_KIND | NATIVE_CTOR,
    ASMJS_LAMBDA_CTOR = ASMJS_KIND | NATIVE_CTOR | LAMBDA,
    WASM = WASM_KIND | NATIVE_FUN,
    INTERPRETED_METHOD = INTERPRETED | METHOD_KIND,
    INTERPRETED_CLASS_CONSTRUCTOR =
        INTERPRETED | CLASSCONSTRUCTOR_KIND | CONSTRUCTOR,
    INTERPRETED_GETTER = INTERPRETED | GETTER_KIND,
    INTERPRETED_SETTER = INTERPRETED | SETTER_KIND,
    INTERPRETED_LAMBDA = INTERPRETED | LAMBDA | CONSTRUCTOR,
    INTERPRETED_LAMBDA_ARROW = INTERPRETED | LAMBDA | ARROW_KIND,
    INTERPRETED_LAMBDA_GENERATOR_OR_ASYNC = INTERPRETED | LAMBDA,
    INTERPRETED_NORMAL = INTERPRETED | CONSTRUCTOR,
    INTERPRETED_GENERATOR_OR_ASYNC = INTERPRETED,
    NO_XDR_FLAGS = RESOLVED_LENGTH | RESOLVED_NAME,

    /* Flags preserved when cloning a function.
       (Exception: js::MakeDefaultConstructor produces default constructors for
       ECMAScript classes by cloning self-hosted functions, and then clearing
       their SELF_HOSTED bit, setting their CONSTRUCTOR bit, and otherwise
       munging them to look like they originated with the class definition.) */
    STABLE_ACROSS_CLONES =
        CONSTRUCTOR | LAMBDA | SELF_HOSTED | FUNCTION_KIND_MASK
  };

  uint16_t flags_;

 public:
  FunctionFlags() : flags_() {
    static_assert(sizeof(FunctionFlags) == sizeof(flags_),
                  "No extra members allowed is it'll grow JSFunction");
    static_assert(offsetof(FunctionFlags, flags_) == 0,
                  "Required for JIT flag access");
  }

  explicit FunctionFlags(uint16_t flags) : flags_(flags) {}
  MOZ_IMPLICIT FunctionFlags(Flags f) : flags_(f) {}

  static_assert((INTERPRETED | INTERPRETED_LAZY) ==
                    js::JS_FUNCTION_INTERPRETED_BITS,
                "jsfriendapi.h's FunctionFlags::INTERPRETED-alike is wrong");
  static_assert(((FunctionKindLimit - 1) << FUNCTION_KIND_SHIFT) <=
                    FUNCTION_KIND_MASK,
                "FunctionKind doesn't fit into flags_");

  uint16_t toRaw() const { return flags_; }

  // For flag combinations the type is int.
  bool hasFlags(uint16_t flags) const { return flags_ & flags; }
  void setFlags(uint16_t flags) { flags_ |= flags; }
  void clearFlags(uint16_t flags) { flags_ &= ~flags; }

  FunctionKind kind() const {
    return static_cast<FunctionKind>((flags_ & FUNCTION_KIND_MASK) >>
                                     FUNCTION_KIND_SHIFT);
  }

  /* A function can be classified as either native (C++) or interpreted (JS): */
  bool isInterpreted() const {
    return hasFlags(INTERPRETED) || hasFlags(INTERPRETED_LAZY);
  }
  bool isNative() const { return !isInterpreted(); }

  bool isConstructor() const { return hasFlags(CONSTRUCTOR); }

  /* Possible attributes of a native function: */
  bool isAsmJSNative() const {
    MOZ_ASSERT_IF(kind() == AsmJS, isNative());
    return kind() == AsmJS;
  }
  bool isWasm() const {
    MOZ_ASSERT_IF(kind() == Wasm, isNative());
    return kind() == Wasm;
  }
  bool isWasmWithJitEntry() const {
    MOZ_ASSERT_IF(hasFlags(WASM_JIT_ENTRY), isWasm());
    return hasFlags(WASM_JIT_ENTRY);
  }
  bool isNativeWithJitEntry() const {
    MOZ_ASSERT_IF(isWasmWithJitEntry(), isNative());
    return isWasmWithJitEntry();
  }
  bool isBuiltinNative() const {
    return isNative() && !isAsmJSNative() && !isWasm();
  }

  /* Possible attributes of an interpreted function: */
  bool isBoundFunction() const { return hasFlags(BOUND_FUN); }
  bool hasInferredName() const { return hasFlags(HAS_INFERRED_NAME); }
  bool hasGuessedAtom() const {
    static_assert(HAS_GUESSED_ATOM == HAS_BOUND_FUNCTION_NAME_PREFIX,
                  "HAS_GUESSED_ATOM is unused for bound functions");
    bool hasGuessedAtom = hasFlags(HAS_GUESSED_ATOM);
    bool boundFun = hasFlags(BOUND_FUN);
    return hasGuessedAtom && !boundFun;
  }
  bool hasBoundFunctionNamePrefix() const {
    static_assert(
        HAS_BOUND_FUNCTION_NAME_PREFIX == HAS_GUESSED_ATOM,
        "HAS_BOUND_FUNCTION_NAME_PREFIX is only used for bound functions");
    MOZ_ASSERT(isBoundFunction());
    return hasFlags(HAS_BOUND_FUNCTION_NAME_PREFIX);
  }
  bool isLambda() const { return hasFlags(LAMBDA); }
  bool isInterpretedLazy() const { return hasFlags(INTERPRETED_LAZY); }

  bool isNamedLambda(JSAtom* atom) const {
    return isLambda() && atom && !hasInferredName() && !hasGuessedAtom();
  }

  // These methods determine which of the u.scripted.s union arms are active.
  // For live JSFunctions the pointer values will always be non-null, but due
  // to partial initialization the GC (and other features that scan the heap
  // directly) may still return a null pointer.
  bool hasScript() const { return hasFlags(INTERPRETED); }
  bool hasLazyScript() const {
    return isInterpretedLazy() && !isSelfHostedOrIntrinsic();
  }
  bool hasSelfHostedLazyScript() const {
    return isInterpretedLazy() && isSelfHostedOrIntrinsic();
  }

  // Arrow functions store their lexical new.target in the first extended slot.
  bool isArrow() const { return kind() == Arrow; }
  // Every class-constructor is also a method.
  bool isMethod() const {
    return kind() == Method || kind() == ClassConstructor;
  }
  bool isClassConstructor() const { return kind() == ClassConstructor; }

  bool isGetter() const { return kind() == Getter; }
  bool isSetter() const { return kind() == Setter; }

  bool allowSuperProperty() const {
    return isMethod() || isGetter() || isSetter();
  }

  bool hasResolvedLength() const { return hasFlags(RESOLVED_LENGTH); }
  bool hasResolvedName() const { return hasFlags(RESOLVED_NAME); }

  bool isSelfHostedOrIntrinsic() const { return hasFlags(SELF_HOSTED); }
  bool isSelfHostedBuiltin() const {
    return isSelfHostedOrIntrinsic() && !isNative();
  }
  bool isIntrinsic() const { return isSelfHostedOrIntrinsic() && isNative(); }

  void setKind(FunctionKind kind) {
    this->flags_ &= ~FUNCTION_KIND_MASK;
    this->flags_ |= static_cast<uint16_t>(kind) << FUNCTION_KIND_SHIFT;
  }

  // Make the function constructible.
  void setIsConstructor() {
    MOZ_ASSERT(!isConstructor());
    MOZ_ASSERT(isSelfHostedBuiltin());
    setFlags(CONSTRUCTOR);
  }

  void setIsClassConstructor() {
    MOZ_ASSERT(!isClassConstructor());
    MOZ_ASSERT(isConstructor());

    setKind(ClassConstructor);
  }

  void clearIsSelfHosted() { clearFlags(SELF_HOSTED); }

  void setIsBoundFunction() {
    MOZ_ASSERT(!isBoundFunction());
    setFlags(BOUND_FUN);
  }

  void setIsSelfHostedBuiltin() {
    MOZ_ASSERT(isInterpreted());
    MOZ_ASSERT(!isSelfHostedBuiltin());
    setFlags(SELF_HOSTED);
    // Self-hosted functions should not be constructable.
    clearFlags(CONSTRUCTOR);
  }
  void setIsIntrinsic() {
    MOZ_ASSERT(isNative());
    MOZ_ASSERT(!isIntrinsic());
    setFlags(SELF_HOSTED);
  }

  void setArrow() { setKind(Arrow); }

  void setResolvedLength() { setFlags(RESOLVED_LENGTH); }
  void setResolvedName() { setFlags(RESOLVED_NAME); }

  // Mark a function as having its 'new' script information cleared.
  bool wasNewScriptCleared() const { return hasFlags(NEW_SCRIPT_CLEARED); }
  void setNewScriptCleared() { setFlags(NEW_SCRIPT_CLEARED); }

  void setInferredName() { setFlags(HAS_INFERRED_NAME); }
  void clearInferredName() { clearFlags(HAS_INFERRED_NAME); }

  void setGuessedAtom() { setFlags(HAS_GUESSED_ATOM); }
  void clearGuessedAtom() { clearFlags(HAS_GUESSED_ATOM); }

  void setPrefixedBoundFunctionName() {
    setFlags(HAS_BOUND_FUNCTION_NAME_PREFIX);
  }

  void setInterpretedLazy() { setFlags(INTERPRETED_LAZY); }
  void clearInterpretedLazy() { clearFlags(INTERPRETED_LAZY); }
  void setInterpreted() { setFlags(INTERPRETED); }
  void clearInterpreted() { clearFlags(INTERPRETED); }

  void setWasmJitEntry() { setFlags(WASM_JIT_ENTRY); }

  bool isExtended() const { return hasFlags(EXTENDED); }
  void setIsExtended() { setFlags(EXTENDED); }

  bool isNativeConstructor() const { return hasFlags(NATIVE_CTOR); }
};

class JSFunction : public js::NativeObject {
 public:
  static const JSClass class_;

 private:
  /*
   * number of formal arguments
   * (including defaults and the rest parameter unlike f.length)
   */
  uint16_t nargs_;

  /*
   * Bitfield composed of the above Flags enum, as well as the kind.
   *
   * If any of these flags needs to be accessed in off-thread JIT
   * compilation, copy it to js::jit::WrappedFunction.
   */
  FunctionFlags flags_;

  union U {
    class {
      friend class JSFunction;
      js::Native func_; /* native method pointer or null */
      union {
        // Information about this function to be used by the JIT, only
        // used if isBuiltinNative(); use the accessor!
        const JSJitInfo* jitInfo_;
        // for wasm/asm.js without a jit entry
        size_t wasmFuncIndex_;
        // for wasm that has been given a jit entry
        void** wasmJitEntry_;
      } extra;
    } native;
    struct {
      JSObject* env_; /* environment for new activations */
      union {
        JSScript* script_;     /* interpreted bytecode descriptor or
                                  null; use the accessor! */
        js::LazyScript* lazy_; /* lazily compiled script, or nullptr */
        js::SelfHostedLazyScript* selfHostedLazy_;
      } s;
    } scripted;
  } u;

  // The |atom_| field can have different meanings depending on the function
  // type and flags. It is used for diagnostics, decompiling, and
  //
  // 1. If the function is not a bound function:
  //   a. If HAS_GUESSED_ATOM is not set, to store the initial value of the
  //      "name" property of functions. But also see RESOLVED_NAME.
  //   b. If HAS_GUESSED_ATOM is set, |atom_| is only used for diagnostics,
  //      but must not be used for the "name" property.
  //   c. If HAS_INFERRED_NAME is set, the function wasn't given an explicit
  //      name in the source text, e.g. |function fn(){}|, but instead it
  //      was inferred based on how the function was defined in the source
  //      text. The exact name inference rules are defined in the ECMAScript
  //      specification.
  //      Name inference can happen at compile-time, for example in
  //      |var fn = function(){}|, or it can happen at runtime, for example
  //      in |var o = {[Symbol.iterator]: function(){}}|. When it happens at
  //      compile-time, the HAS_INFERRED_NAME is set directly in the
  //      bytecode emitter, when it happens at runtime, the flag is set when
  //      evaluating the JSOP_SETFUNNAME bytecode.
  //   d. HAS_GUESSED_ATOM and HAS_INFERRED_NAME cannot both be set.
  //   e. |atom_| can be null if neither an explicit, nor inferred, nor a
  //      guessed name was set.
  //   f. HAS_INFERRED_NAME can be set for cloned singleton function, even
  //      though the clone shouldn't receive an inferred name. See the
  //      comments in NewFunctionClone() and SetFunctionName() for details.
  //
  // 2. If the function is a bound function:
  //   a. To store the initial value of the "name" property.
  //   b. If HAS_BOUND_FUNCTION_NAME_PREFIX is not set, |atom_| doesn't
  //      contain the "bound " prefix which is prepended to the "name"
  //      property of bound functions per ECMAScript.
  //   c. Bound functions can never have an inferred or guessed name.
  //   d. |atom_| is never null for bound functions.
  js::GCPtrAtom atom_;

 public:
  static inline JS::Result<JSFunction*, JS::OOM&> create(
      JSContext* cx, js::gc::AllocKind kind, js::gc::InitialHeap heap,
      js::HandleShape shape, js::HandleObjectGroup group);

  /* Call objects must be created for each invocation of this function. */
  bool needsCallObject() const {
    MOZ_ASSERT(!isInterpretedLazy());

    if (isNative()) {
      return false;
    }

    // Note: this should be kept in sync with
    // FunctionBox::needsCallObjectRegardlessOfBindings().
    MOZ_ASSERT_IF(nonLazyScript()->funHasExtensibleScope() ||
                      nonLazyScript()->needsHomeObject() ||
                      nonLazyScript()->isDerivedClassConstructor() ||
                      isGenerator() || isAsync(),
                  nonLazyScript()->bodyScope()->hasEnvironment());

    return nonLazyScript()->bodyScope()->hasEnvironment();
  }

  bool needsExtraBodyVarEnvironment() const;
  bool needsNamedLambdaEnvironment() const;

  bool needsFunctionEnvironmentObjects() const {
    bool res = nonLazyScript()->needsFunctionEnvironmentObjects();
    MOZ_ASSERT(res == (needsCallObject() || needsNamedLambdaEnvironment()));
    return res;
  }

  bool needsSomeEnvironmentObject() const {
    return needsFunctionEnvironmentObjects() || needsExtraBodyVarEnvironment();
  }

  static constexpr size_t NArgsBits = sizeof(nargs_) * CHAR_BIT;
  size_t nargs() const { return nargs_; }

  FunctionFlags flags() { return flags_; }

  FunctionFlags::FunctionKind kind() const { return flags_.kind(); }

  /* A function can be classified as either native (C++) or interpreted (JS): */
  bool isInterpreted() const { return flags_.isInterpreted(); }
  bool isNative() const { return flags_.isNative(); }

  bool isConstructor() const { return flags_.isConstructor(); }

  /* Possible attributes of a native function: */
  bool isAsmJSNative() const { return flags_.isAsmJSNative(); }

  bool isWasm() const { return flags_.isWasm(); }
  bool isWasmWithJitEntry() const { return flags_.isWasmWithJitEntry(); }
  bool isNativeWithJitEntry() const { return flags_.isNativeWithJitEntry(); }
  bool isBuiltinNative() const { return flags_.isBuiltinNative(); }

  /* Possible attributes of an interpreted function: */
  bool isBoundFunction() const { return flags_.isBoundFunction(); }
  bool hasInferredName() const { return flags_.hasInferredName(); }
  bool hasGuessedAtom() const { return flags_.hasGuessedAtom(); }
  bool hasBoundFunctionNamePrefix() const {
    return flags_.hasBoundFunctionNamePrefix();
  }

  bool isLambda() const { return flags_.isLambda(); }
  bool isInterpretedLazy() const { return flags_.isInterpretedLazy(); }

  // These methods determine which of the u.scripted.s union arms are active.
  // For live JSFunctions the pointer values will always be non-null, but due
  // to partial initialization the GC (and other features that scan the heap
  // directly) may still return a null pointer.
  bool hasScript() const { return flags_.hasScript(); }
  bool hasLazyScript() const { return flags_.hasLazyScript(); }
  bool hasSelfHostedLazyScript() const {
    return flags_.hasSelfHostedLazyScript();
  }

  // Arrow functions store their lexical new.target in the first extended slot.
  bool isArrow() const { return flags_.isArrow(); }
  // Every class-constructor is also a method.
  bool isMethod() const { return flags_.isMethod(); }
  bool isClassConstructor() const { return flags_.isClassConstructor(); }

  bool isGetter() const { return flags_.isGetter(); }
  bool isSetter() const { return flags_.isSetter(); }

  bool allowSuperProperty() const { return flags_.allowSuperProperty(); }

  bool hasResolvedLength() const { return flags_.hasResolvedLength(); }
  bool hasResolvedName() const { return flags_.hasResolvedName(); }

  bool isSelfHostedOrIntrinsic() const {
    return flags_.isSelfHostedOrIntrinsic();
  }
  bool isSelfHostedBuiltin() const { return flags_.isSelfHostedBuiltin(); }

  bool isIntrinsic() const { return flags_.isIntrinsic(); }

  bool hasJitScript() const {
    if (!hasScript()) {
      return false;
    }

    return nonLazyScript()->hasJitScript();
  }
  bool hasJitEntry() const {
    return hasScript() || isInterpretedLazy() || isNativeWithJitEntry();
  }

  /* Compound attributes: */
  bool isBuiltin() const { return isBuiltinNative() || isSelfHostedBuiltin(); }

  bool isNamedLambda() const { return flags_.isNamedLambda(displayAtom()); }

  bool hasLexicalThis() const { return isArrow(); }

  bool isBuiltinFunctionConstructor();
  bool needsPrototypeProperty();

  /* Returns the strictness of this function, which must be interpreted. */
  bool strict() const {
    MOZ_ASSERT(isInterpreted());
    return isInterpretedLazy() ? lazyScript()->strict()
                               : nonLazyScript()->strict();
  }

  void setFlags(uint16_t flags) { flags_ = FunctionFlags(flags); }
  void setFlags(FunctionFlags flags) { flags_ = flags; }
  void setKind(FunctionFlags::FunctionKind kind) { flags_.setKind(kind); }

  // Make the function constructible.
  void setIsConstructor() { flags_.setIsConstructor(); }
  void setIsClassConstructor() { flags_.setIsClassConstructor(); }

  void clearIsSelfHosted() { flags_.clearIsSelfHosted(); }

  // Can be called multiple times by the parser.
  void setArgCount(uint16_t nargs) { this->nargs_ = nargs; }

  void setIsBoundFunction() { flags_.setIsBoundFunction(); }
  void setIsSelfHostedBuiltin() { flags_.setIsSelfHostedBuiltin(); }
  void setIsIntrinsic() { flags_.setIsIntrinsic(); }

  void setArrow() { flags_.setArrow(); }
  void setResolvedLength() { flags_.setResolvedLength(); }
  void setResolvedName() { flags_.setResolvedName(); }

  // Mark a function as having its 'new' script information cleared.
  bool wasNewScriptCleared() const { return flags_.wasNewScriptCleared(); }
  void setNewScriptCleared() { flags_.setNewScriptCleared(); }

  static bool getUnresolvedLength(JSContext* cx, js::HandleFunction fun,
                                  js::MutableHandleValue v);

  JSAtom* infallibleGetUnresolvedName(JSContext* cx);

  static bool getUnresolvedName(JSContext* cx, js::HandleFunction fun,
                                js::MutableHandleValue v);

  static JSLinearString* getBoundFunctionName(JSContext* cx,
                                              js::HandleFunction fun);

  JSAtom* explicitName() const {
    return (hasInferredName() || hasGuessedAtom()) ? nullptr : atom_.get();
  }

  JSAtom* explicitOrInferredName() const {
    return hasGuessedAtom() ? nullptr : atom_.get();
  }

  void initAtom(JSAtom* atom) {
    MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
    atom_.init(atom);
  }

  void setAtom(JSAtom* atom) {
    MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
    atom_ = atom;
  }

  JSAtom* displayAtom() const { return atom_; }

  void setInferredName(JSAtom* atom) {
    MOZ_ASSERT(!atom_);
    MOZ_ASSERT(atom);
    MOZ_ASSERT(!hasGuessedAtom());
    setAtom(atom);
    flags_.setInferredName();
  }
  void clearInferredName() {
    MOZ_ASSERT(hasInferredName());
    MOZ_ASSERT(atom_);
    setAtom(nullptr);
    flags_.clearInferredName();
  }
  JSAtom* inferredName() const {
    MOZ_ASSERT(hasInferredName());
    MOZ_ASSERT(atom_);
    return atom_;
  }

  void setGuessedAtom(JSAtom* atom) {
    MOZ_ASSERT(!atom_);
    MOZ_ASSERT(atom);
    MOZ_ASSERT(!hasInferredName());
    MOZ_ASSERT(!hasGuessedAtom());
    MOZ_ASSERT(!isBoundFunction());
    setAtom(atom);
    flags_.setGuessedAtom();
  }
  void clearGuessedAtom() {
    MOZ_ASSERT(hasGuessedAtom());
    MOZ_ASSERT(!isBoundFunction());
    MOZ_ASSERT(atom_);
    setAtom(nullptr);
    flags_.clearGuessedAtom();
  }

  void setPrefixedBoundFunctionName(JSAtom* atom) {
    MOZ_ASSERT(!hasBoundFunctionNamePrefix());
    MOZ_ASSERT(atom);
    flags_.setPrefixedBoundFunctionName();
    setAtom(atom);
  }

  /* uint16_t representation bounds number of call object dynamic slots. */
  enum { MAX_ARGS_AND_VARS = 2 * ((1U << 16) - 1) };

  /*
   * For an interpreted function, accessors for the initial scope object of
   * activations (stack frames) of the function.
   */
  JSObject* environment() const {
    MOZ_ASSERT(isInterpreted());
    return u.scripted.env_;
  }

  void setEnvironment(JSObject* obj) {
    MOZ_ASSERT(isInterpreted());
    *reinterpret_cast<js::GCPtrObject*>(&u.scripted.env_) = obj;
  }

  void initEnvironment(JSObject* obj) {
    MOZ_ASSERT(isInterpreted());
    reinterpret_cast<js::GCPtrObject*>(&u.scripted.env_)->init(obj);
  }

  void unsetEnvironment() { setEnvironment(nullptr); }

 public:
  static constexpr size_t offsetOfNargs() {
    return offsetof(JSFunction, nargs_);
  }
  static constexpr size_t offsetOfFlags() {
    return offsetof(JSFunction, flags_);
  }
  static size_t offsetOfEnvironment() {
    return offsetof(JSFunction, u.scripted.env_);
  }
  static size_t offsetOfAtom() { return offsetof(JSFunction, atom_); }

  static bool createScriptForLazilyInterpretedFunction(JSContext* cx,
                                                       js::HandleFunction fun);
  void maybeRelazify(JSRuntime* rt);

  // Function Scripts
  //
  // Interpreted functions may either have an explicit JSScript (hasScript())
  // or be lazy with sufficient information to construct the JSScript if
  // necessary (isInterpretedLazy()).
  //
  // A lazy function will have a LazyScript if the function came from parsed
  // source, or nullptr if the function is a clone of a self hosted function.
  //
  // There are several methods to get the script of an interpreted function:
  //
  // - For all interpreted functions, getOrCreateScript() will get the
  //   JSScript, delazifying the function if necessary. This is the safest to
  //   use, but has extra checks, requires a cx and may trigger a GC.
  //
  // - For inlined functions which may have a LazyScript but whose JSScript
  //   is known to exist, existingScript() will get the script and delazify
  //   the function if necessary. If the function should not be delazified,
  //   use existingScriptNonDelazifying().
  //
  // - For functions known to have a JSScript, nonLazyScript() will get it.

  static JSScript* getOrCreateScript(JSContext* cx, js::HandleFunction fun) {
    MOZ_ASSERT(fun->isInterpreted());
    MOZ_ASSERT(cx);
    if (fun->isInterpretedLazy()) {
      if (!createScriptForLazilyInterpretedFunction(cx, fun)) {
        return nullptr;
      }
      return fun->nonLazyScript();
    }
    return fun->nonLazyScript();
  }

  JSScript* existingScriptNonDelazifying() const {
    MOZ_ASSERT(isInterpreted());
    if (isInterpretedLazy()) {
      // Get the script from the canonical function. Ion used the
      // canonical function to inline the script and because it has
      // Baseline code it has not been relazified. Note that we can't
      // use lazyScript->script_ here as it may be null in some cases,
      // see bug 976536.
      js::LazyScript* lazy = lazyScript();
      JSFunction* fun = lazy->functionNonDelazifying();
      MOZ_ASSERT(fun);
      return fun->nonLazyScript();
    }
    return nonLazyScript();
  }

  JSScript* existingScript() {
    MOZ_ASSERT(isInterpreted());
    if (isInterpretedLazy()) {
      if (shadowZone()->needsIncrementalBarrier()) {
        js::LazyScript::writeBarrierPre(lazyScript());
      }
      JSScript* script = existingScriptNonDelazifying();
      flags_.clearInterpretedLazy();
      flags_.setInterpreted();
      initScript(script);
    }
    return nonLazyScript();
  }

  // If this is a scripted function, returns its canonical function (the
  // original function allocated by the frontend). Note that lazy self-hosted
  // builtins don't have a lazy script so in that case we also return nullptr.
  JSFunction* maybeCanonicalFunction() const {
    if (hasScript()) {
      return nonLazyScript()->functionNonDelazifying();
    }
    if (hasLazyScript()) {
      return lazyScript()->functionNonDelazifying();
    }
    return nullptr;
  }

  // The state of a JSFunction whose script errored out during bytecode
  // compilation. Such JSFunctions are only reachable via GC iteration and
  // not from script.
  // If u.scripted.s.script_ is non-null, the pointed JSScript is guaranteed
  // to be complete (see the comment above JSScript::initFromFunctionBox
  // callsite in JSScript::fullyInitFromEmitter).
  bool hasUncompletedScript() const {
    MOZ_ASSERT(hasScript());
    return !u.scripted.s.script_;
  }

  JSScript* nonLazyScript() const {
    MOZ_ASSERT(!hasUncompletedScript());
    return u.scripted.s.script_;
  }

  static bool getLength(JSContext* cx, js::HandleFunction fun,
                        uint16_t* length);

  js::LazyScript* lazyScript() const {
    MOZ_ASSERT(hasLazyScript() && u.scripted.s.lazy_);
    return u.scripted.s.lazy_;
  }
  js::LazyScript* maybeLazyScript() const {
    MOZ_ASSERT(hasLazyScript());
    return u.scripted.s.lazy_;
  }

  js::SelfHostedLazyScript* selfHostedLazyScript() const {
    MOZ_ASSERT(hasSelfHostedLazyScript() && u.scripted.s.selfHostedLazy_);
    return u.scripted.s.selfHostedLazy_;
  }

  js::GeneratorKind generatorKind() const {
    if (!isInterpreted()) {
      return js::GeneratorKind::NotGenerator;
    }
    if (hasScript()) {
      return nonLazyScript()->generatorKind();
    }
    if (hasLazyScript()) {
      return lazyScript()->generatorKind();
    }
    MOZ_ASSERT(isSelfHostedBuiltin());
    return js::GeneratorKind::NotGenerator;
  }

  bool isGenerator() const {
    return generatorKind() == js::GeneratorKind::Generator;
  }

  js::FunctionAsyncKind asyncKind() const {
    if (!isInterpreted()) {
      return js::FunctionAsyncKind::SyncFunction;
    }
    if (hasScript()) {
      return nonLazyScript()->asyncKind();
    }
    if (hasLazyScript()) {
      return lazyScript()->asyncKind();
    }
    MOZ_ASSERT(isSelfHostedBuiltin());
    return js::FunctionAsyncKind::SyncFunction;
  }

  bool isAsync() const {
    return asyncKind() == js::FunctionAsyncKind::AsyncFunction;
  }

  void setScript(JSScript* script) {
    MOZ_ASSERT(realm() == script->realm());
    mutableScript() = script;
  }

  void initScript(JSScript* script) {
    MOZ_ASSERT_IF(script, realm() == script->realm());
    mutableScript().init(script);
  }

  void setUnlazifiedScript(JSScript* script) {
    MOZ_ASSERT(isInterpretedLazy());
    if (hasLazyScript()) {
      // Trigger a pre barrier on the lazy script being overwritten.
      js::LazyScript::writeBarrierPre(lazyScript());
      if (!lazyScript()->maybeScript()) {
        lazyScript()->initScript(script);
      }
    }
    flags_.clearInterpretedLazy();
    flags_.setInterpreted();
    initScript(script);
  }

  void initLazyScript(js::LazyScript* lazy) {
    MOZ_ASSERT(isInterpreted());
    flags_.clearInterpreted();
    flags_.setInterpretedLazy();
    u.scripted.s.lazy_ = lazy;
  }

  void initSelfHostLazyScript(js::SelfHostedLazyScript* lazy) {
    MOZ_ASSERT(isInterpreted());
    MOZ_ASSERT(isSelfHostedBuiltin());
    flags_.clearInterpreted();
    flags_.setInterpretedLazy();
    u.scripted.s.selfHostedLazy_ = lazy;
  }

  JSNative native() const {
    MOZ_ASSERT(isNative());
    return u.native.func_;
  }

  JSNative maybeNative() const { return isInterpreted() ? nullptr : native(); }

  void initNative(js::Native native, const JSJitInfo* jitInfo) {
    MOZ_ASSERT(isNative());
    MOZ_ASSERT_IF(jitInfo, isBuiltinNative());
    MOZ_ASSERT(native);
    u.native.func_ = native;
    u.native.extra.jitInfo_ = jitInfo;
  }
  bool hasJitInfo() const {
    return isBuiltinNative() && u.native.extra.jitInfo_;
  }
  const JSJitInfo* jitInfo() const {
    MOZ_ASSERT(hasJitInfo());
    return u.native.extra.jitInfo_;
  }
  void setJitInfo(const JSJitInfo* data) {
    MOZ_ASSERT(isBuiltinNative());
    u.native.extra.jitInfo_ = data;
  }

  // wasm functions are always natives and either:
  //  - store a function-index in u.n.extra and can only be called through the
  //    fun->native() entry point from C++.
  //  - store a jit-entry code pointer in u.n.extra and can be called by jit
  //    code directly. C++ callers can still use the fun->native() entry point
  //    (computing the function index from the jit-entry point).
  void setWasmFuncIndex(uint32_t funcIndex) {
    MOZ_ASSERT(isWasm() || isAsmJSNative());
    MOZ_ASSERT(!isWasmWithJitEntry());
    MOZ_ASSERT(!u.native.extra.wasmFuncIndex_);
    u.native.extra.wasmFuncIndex_ = funcIndex;
  }
  uint32_t wasmFuncIndex() const {
    MOZ_ASSERT(isWasm() || isAsmJSNative());
    MOZ_ASSERT(!isWasmWithJitEntry());
    return u.native.extra.wasmFuncIndex_;
  }
  void setWasmJitEntry(void** entry) {
    MOZ_ASSERT(*entry);
    MOZ_ASSERT(isWasm());
    MOZ_ASSERT(!isWasmWithJitEntry());
    flags_.setWasmJitEntry();
    u.native.extra.wasmJitEntry_ = entry;
    MOZ_ASSERT(isWasmWithJitEntry());
  }
  void** wasmJitEntry() const {
    MOZ_ASSERT(isWasmWithJitEntry());
    MOZ_ASSERT(u.native.extra.wasmJitEntry_);
    return u.native.extra.wasmJitEntry_;
  }

  bool isDerivedClassConstructor();

  static unsigned offsetOfNative() {
    return offsetof(JSFunction, u.native.func_);
  }
  static unsigned offsetOfScript() {
    static_assert(offsetof(U, scripted.s.script_) ==
                      offsetof(U, native.extra.wasmJitEntry_),
                  "scripted.s.script_ must be at the same offset as "
                  "native.extra.wasmJitEntry_");
    return offsetof(JSFunction, u.scripted.s.script_);
  }
  static unsigned offsetOfNativeOrEnv() {
    static_assert(
        offsetof(U, native.func_) == offsetof(U, scripted.env_),
        "U.native.func_ must be at the same offset as U.scripted.env_");
    return offsetOfNative();
  }
  static unsigned offsetOfScriptOrLazyScript() {
    static_assert(
        offsetof(U, scripted.s.script_) == offsetof(U, scripted.s.lazy_),
        "U.scripted.s.script_ must be at the same offset as lazy_");
    return offsetof(JSFunction, u.scripted.s.script_);
  }

  static unsigned offsetOfJitInfo() {
    return offsetof(JSFunction, u.native.extra.jitInfo_);
  }

  inline void trace(JSTracer* trc);

  /* Bound function accessors. */

  JSObject* getBoundFunctionTarget() const;
  const js::Value& getBoundFunctionThis() const;
  const js::Value& getBoundFunctionArgument(unsigned which) const;
  size_t getBoundFunctionArgumentCount() const;

  /*
   * Used to mark bound functions as such and make them constructible if the
   * target is. Also assigns the prototype and sets the name and correct length.
   */
  static bool finishBoundFunctionInit(JSContext* cx, js::HandleFunction bound,
                                      js::HandleObject targetObj,
                                      int32_t argCount);

 private:
  js::GCPtrScript& mutableScript() {
    MOZ_ASSERT(hasScript());
    return *(js::GCPtrScript*)&u.scripted.s.script_;
  }

  inline js::FunctionExtended* toExtended();
  inline const js::FunctionExtended* toExtended() const;

 public:
  inline bool isExtended() const {
    bool extended = flags_.isExtended();
    MOZ_ASSERT_IF(isTenured(),
                  extended == (asTenured().getAllocKind() ==
                               js::gc::AllocKind::FUNCTION_EXTENDED));
    return extended;
  }

  /*
   * Accessors for data stored in extended functions. Use setExtendedSlot if
   * the function has already been initialized. Otherwise use
   * initExtendedSlot.
   */
  inline void initializeExtended();
  inline void initExtendedSlot(size_t which, const js::Value& val);
  inline void setExtendedSlot(size_t which, const js::Value& val);
  inline const js::Value& getExtendedSlot(size_t which) const;

  /*
   * Same as `toExtended` and `getExtendedSlot`, but `this` is guaranteed to be
   * an extended function.
   *
   * This function is supposed to be used off-thread, especially the JIT
   * compilation thread, that cannot access JSFunction.flags_, because of
   * a race condition.
   *
   * See Also: WrappedFunction.isExtended_
   */
  inline js::FunctionExtended* toExtendedOffMainThread();
  inline const js::FunctionExtended* toExtendedOffMainThread() const;
  inline const js::Value& getExtendedSlotOffMainThread(size_t which) const;

  /* Constructs a new type for the function if necessary. */
  static bool setTypeForScriptedFunction(JSContext* cx, js::HandleFunction fun,
                                         bool singleton = false);

  /* GC support. */
  js::gc::AllocKind getAllocKind() const {
    static_assert(
        js::gc::AllocKind::FUNCTION != js::gc::AllocKind::FUNCTION_EXTENDED,
        "extended/non-extended AllocKinds have to be different "
        "for getAllocKind() to have a reason to exist");

    js::gc::AllocKind kind = js::gc::AllocKind::FUNCTION;
    if (isExtended()) {
      kind = js::gc::AllocKind::FUNCTION_EXTENDED;
    }
    MOZ_ASSERT_IF(isTenured(), kind == asTenured().getAllocKind());
    return kind;
  }
};

static_assert(sizeof(JSFunction) == sizeof(js::shadow::Function),
              "shadow interface must match actual interface");

extern JSString* fun_toStringHelper(JSContext* cx, js::HandleObject obj,
                                    bool isToSource);

namespace js {

extern bool Function(JSContext* cx, unsigned argc, Value* vp);

extern bool Generator(JSContext* cx, unsigned argc, Value* vp);

extern bool AsyncFunctionConstructor(JSContext* cx, unsigned argc, Value* vp);

extern bool AsyncGeneratorConstructor(JSContext* cx, unsigned argc, Value* vp);

// If enclosingEnv is null, the function will have a null environment()
// (yes, null, not the global).  In all cases, the global will be used as the
// parent.

extern JSFunction* NewFunctionWithProto(
    JSContext* cx, JSNative native, unsigned nargs, FunctionFlags flags,
    HandleObject enclosingEnv, HandleAtom atom, HandleObject proto,
    gc::AllocKind allocKind = gc::AllocKind::FUNCTION,
    NewObjectKind newKind = GenericObject);

// Allocate a new function backed by a JSNative.  Note that by default this
// creates a singleton object.
inline JSFunction* NewNativeFunction(
    JSContext* cx, JSNative native, unsigned nargs, HandleAtom atom,
    gc::AllocKind allocKind = gc::AllocKind::FUNCTION,
    NewObjectKind newKind = SingletonObject,
    FunctionFlags flags = FunctionFlags::NATIVE_FUN) {
  MOZ_ASSERT(native);
  return NewFunctionWithProto(cx, native, nargs, flags, nullptr, atom, nullptr,
                              allocKind, newKind);
}

// Allocate a new constructor backed by a JSNative.  Note that by default this
// creates a singleton object.
inline JSFunction* NewNativeConstructor(
    JSContext* cx, JSNative native, unsigned nargs, HandleAtom atom,
    gc::AllocKind allocKind = gc::AllocKind::FUNCTION,
    NewObjectKind newKind = SingletonObject,
    FunctionFlags flags = FunctionFlags::NATIVE_CTOR) {
  MOZ_ASSERT(native);
  MOZ_ASSERT(flags.isNativeConstructor());
  return NewFunctionWithProto(cx, native, nargs, flags, nullptr, atom, nullptr,
                              allocKind, newKind);
}

// Allocate a new scripted function.  If enclosingEnv is null, the
// global will be used.  In all cases the parent of the resulting object will be
// the global.
extern JSFunction* NewScriptedFunction(
    JSContext* cx, unsigned nargs, FunctionFlags flags, HandleAtom atom,
    HandleObject proto = nullptr,
    gc::AllocKind allocKind = gc::AllocKind::FUNCTION,
    NewObjectKind newKind = GenericObject, HandleObject enclosingEnv = nullptr);

// Determine which [[Prototype]] to use when creating a new function using the
// requested generator and async kind.
//
// This sets `proto` to `nullptr` for non-generator, synchronous functions to
// mean "the builtin %FunctionPrototype% in the current realm", the common case.
//
// We could set it to `cx->global()->getOrCreateFunctionPrototype()`, but
// nullptr gets a fast path in e.g. js::NewObjectWithClassProtoCommon.
extern bool GetFunctionPrototype(JSContext* cx, js::GeneratorKind generatorKind,
                                 js::FunctionAsyncKind asyncKind,
                                 js::MutableHandleObject proto);

extern JSAtom* IdToFunctionName(
    JSContext* cx, HandleId id,
    FunctionPrefixKind prefixKind = FunctionPrefixKind::None);

extern bool SetFunctionName(JSContext* cx, HandleFunction fun, HandleValue name,
                            FunctionPrefixKind prefixKind);

extern JSFunction* DefineFunction(
    JSContext* cx, HandleObject obj, HandleId id, JSNative native,
    unsigned nargs, unsigned flags,
    gc::AllocKind allocKind = gc::AllocKind::FUNCTION);

extern bool fun_toString(JSContext* cx, unsigned argc, Value* vp);

struct WellKnownSymbols;

// Assumes that fun.__proto__ === Function.__proto__, i.e., does not check for
// the case where a function with a non-default __proto__ has an overridden
// @@hasInstance handler. Will assert if not.
extern bool FunctionHasDefaultHasInstance(JSFunction* fun,
                                          const WellKnownSymbols& symbols);

extern void ThrowTypeErrorBehavior(JSContext* cx);

/*
 * Function extended with reserved slots for use by various kinds of functions.
 * Most functions do not have these extensions, but enough do that efficient
 * storage is required (no malloc'ed reserved slots).
 */
class FunctionExtended : public JSFunction {
 public:
  static const unsigned NUM_EXTENDED_SLOTS = 2;

  // Arrow functions store their lexical new.target in the first extended
  // slot.
  static const unsigned ARROW_NEWTARGET_SLOT = 0;

  static const unsigned METHOD_HOMEOBJECT_SLOT = 0;

  // Exported asm.js/wasm functions store their WasmInstanceObject in the
  // first slot.
  static const unsigned WASM_INSTANCE_SLOT = 0;

  // wasm/asm.js exported functions store the wasm::TlsData pointer of their
  // instance.
  static const unsigned WASM_TLSDATA_SLOT = 1;

  // asm.js module functions store their WasmModuleObject in the first slot.
  static const unsigned ASMJS_MODULE_SLOT = 0;

  static inline size_t offsetOfExtendedSlot(unsigned which) {
    MOZ_ASSERT(which < NUM_EXTENDED_SLOTS);
    return offsetof(FunctionExtended, extendedSlots) +
           which * sizeof(GCPtrValue);
  }
  static inline size_t offsetOfArrowNewTargetSlot() {
    return offsetOfExtendedSlot(ARROW_NEWTARGET_SLOT);
  }
  static inline size_t offsetOfMethodHomeObjectSlot() {
    return offsetOfExtendedSlot(METHOD_HOMEOBJECT_SLOT);
  }

 private:
  friend class JSFunction;

  /* Reserved slots available for storage by particular native functions. */
  GCPtrValue extendedSlots[NUM_EXTENDED_SLOTS];
};

extern bool CanReuseScriptForClone(JS::Realm* realm, HandleFunction fun,
                                   HandleObject newParent);

extern JSFunction* CloneFunctionReuseScript(
    JSContext* cx, HandleFunction fun, HandleObject parent,
    gc::AllocKind kind = gc::AllocKind::FUNCTION,
    NewObjectKind newKindArg = GenericObject, HandleObject proto = nullptr);

// Functions whose scripts are cloned are always given singleton types.
extern JSFunction* CloneFunctionAndScript(
    JSContext* cx, HandleFunction fun, HandleObject parent,
    HandleScope newScope, Handle<ScriptSourceObject*> sourceObject,
    gc::AllocKind kind = gc::AllocKind::FUNCTION, HandleObject proto = nullptr);

extern JSFunction* CloneAsmJSModuleFunction(JSContext* cx, HandleFunction fun);

extern JSFunction* CloneSelfHostingIntrinsic(JSContext* cx, HandleFunction fun);

}  // namespace js

inline js::FunctionExtended* JSFunction::toExtended() {
  MOZ_ASSERT(isExtended());
  return static_cast<js::FunctionExtended*>(this);
}

inline const js::FunctionExtended* JSFunction::toExtended() const {
  MOZ_ASSERT(isExtended());
  return static_cast<const js::FunctionExtended*>(this);
}

inline js::FunctionExtended* JSFunction::toExtendedOffMainThread() {
  return static_cast<js::FunctionExtended*>(this);
}

inline const js::FunctionExtended* JSFunction::toExtendedOffMainThread() const {
  return static_cast<const js::FunctionExtended*>(this);
}

inline void JSFunction::initializeExtended() {
  MOZ_ASSERT(isExtended());

  MOZ_ASSERT(mozilla::ArrayLength(toExtended()->extendedSlots) == 2);
  toExtended()->extendedSlots[0].init(js::UndefinedValue());
  toExtended()->extendedSlots[1].init(js::UndefinedValue());
}

inline void JSFunction::initExtendedSlot(size_t which, const js::Value& val) {
  MOZ_ASSERT(which < mozilla::ArrayLength(toExtended()->extendedSlots));
  MOZ_ASSERT(js::IsObjectValueInCompartment(val, compartment()));
  toExtended()->extendedSlots[which].init(val);
}

inline void JSFunction::setExtendedSlot(size_t which, const js::Value& val) {
  MOZ_ASSERT(which < mozilla::ArrayLength(toExtended()->extendedSlots));
  MOZ_ASSERT(js::IsObjectValueInCompartment(val, compartment()));
  toExtended()->extendedSlots[which] = val;
}

inline const js::Value& JSFunction::getExtendedSlot(size_t which) const {
  MOZ_ASSERT(which < mozilla::ArrayLength(toExtended()->extendedSlots));
  return toExtended()->extendedSlots[which];
}

inline const js::Value& JSFunction::getExtendedSlotOffMainThread(
    size_t which) const {
  MOZ_ASSERT(which <
             mozilla::ArrayLength(toExtendedOffMainThread()->extendedSlots));
  return toExtendedOffMainThread()->extendedSlots[which];
}

namespace js {

JSString* FunctionToString(JSContext* cx, HandleFunction fun, bool isToSource);

template <XDRMode mode>
XDRResult XDRInterpretedFunction(XDRState<mode>* xdr,
                                 HandleScope enclosingScope,
                                 HandleScriptSourceObject sourceObject,
                                 MutableHandleFunction objp);

/*
 * Report an error that call.thisv is not compatible with the specified class,
 * assuming that the method (clasp->name).prototype.<name of callee function>
 * is what was called.
 */
extern void ReportIncompatibleMethod(JSContext* cx, const CallArgs& args,
                                     const JSClass* clasp);

/*
 * Report an error that call.thisv is not an acceptable this for the callee
 * function.
 */
extern void ReportIncompatible(JSContext* cx, const CallArgs& args);

extern bool fun_apply(JSContext* cx, unsigned argc, Value* vp);

extern bool fun_call(JSContext* cx, unsigned argc, Value* vp);

} /* namespace js */

#ifdef DEBUG
namespace JS {
namespace detail {

JS_PUBLIC_API void CheckIsValidConstructible(const Value& calleev);

}  // namespace detail
}  // namespace JS
#endif

#endif /* vm_JSFunction_h */