DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * vim: set ts=8 sts=2 et sw=2 tw=80:
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef vm_Stack_h
#define vm_Stack_h

#include "mozilla/Atomics.h"
#include "mozilla/HashFunctions.h"
#include "mozilla/Maybe.h"
#include "mozilla/MaybeOneOf.h"
#include "mozilla/MemoryReporting.h"
#include "mozilla/Variant.h"

#include "jsutil.h"

#include "gc/Rooting.h"
#ifdef CHECK_OSIPOINT_REGISTERS
#  include "jit/Registers.h"  // for RegisterDump
#endif
#include "jit/JSJitFrameIter.h"
#include "js/RootingAPI.h"
#include "js/TypeDecls.h"
#include "js/UniquePtr.h"
#include "vm/ArgumentsObject.h"
#include "vm/JSFunction.h"
#include "vm/JSScript.h"
#include "vm/SavedFrame.h"
#include "wasm/WasmFrameIter.h"

namespace JS {
namespace dbg {
#ifdef JS_BROKEN_GCC_ATTRIBUTE_WARNING
#  pragma GCC diagnostic push
#  pragma GCC diagnostic ignored "-Wattributes"
#endif  // JS_BROKEN_GCC_ATTRIBUTE_WARNING

class JS_PUBLIC_API AutoEntryMonitor;

#ifdef JS_BROKEN_GCC_ATTRIBUTE_WARNING
#  pragma GCC diagnostic pop
#endif  // JS_BROKEN_GCC_ATTRIBUTE_WARNING
}  // namespace dbg
}  // namespace JS

namespace js {

class InterpreterRegs;
class CallObject;
class FrameIter;
class EnvironmentObject;
class ScriptFrameIter;
class GeckoProfilerRuntime;
class InterpreterFrame;
class LexicalEnvironmentObject;
class EnvironmentIter;
class EnvironmentCoordinate;

class SavedFrame;

namespace jit {
class CommonFrameLayout;
}
namespace wasm {
class DebugFrame;
class Instance;
}  // namespace wasm

// [SMDOC] VM stack layout
//
// A JSRuntime's stack consists of a linked list of activations. Every
// activation contains a number of scripted frames that are either running in
// the interpreter (InterpreterActivation) or JIT code (JitActivation). The
// frames inside a single activation are contiguous: whenever C++ calls back
// into JS, a new activation is pushed.
//
// Every activation is tied to a single JSContext and JS::Compartment. This
// means we can reconstruct a given context's stack by skipping activations
// belonging to other contexts. This happens whenever an embedding enters the JS
// engine on cx1 and then, from a native called by the JS engine, reenters the
// VM on cx2.

// Interpreter frames (InterpreterFrame)
//
// Each interpreter script activation (global or function code) is given a
// fixed-size header (js::InterpreterFrame). The frame contains bookkeeping
// information about the activation and links to the previous frame.
//
// The values after an InterpreterFrame in memory are its locals followed by its
// expression stack. InterpreterFrame::argv_ points to the frame's arguments.
// Missing formal arguments are padded with |undefined|, so the number of
// arguments is always >= the number of formals.
//
// The top of an activation's current frame's expression stack is pointed to by
// the activation's "current regs", which contains the stack pointer 'sp'. In
// the interpreter, sp is adjusted as individual values are pushed and popped
// from the stack and the InterpreterRegs struct (pointed to by the
// InterpreterActivation) is a local var of js::Interpret.

enum MaybeCheckAliasing { CHECK_ALIASING = true, DONT_CHECK_ALIASING = false };
enum MaybeCheckTDZ { CheckTDZ = true, DontCheckTDZ = false };

}  // namespace js

namespace mozilla {
template <>
struct IsPod<js::MaybeCheckTDZ> : TrueType {};
}  // namespace mozilla

/*****************************************************************************/

namespace js {

namespace jit {
class BaselineFrame;
class RematerializedFrame;
}  // namespace jit

/**
 * Pointer to a live JS or WASM stack frame.
 */
class AbstractFramePtr {
  friend class FrameIter;

  uintptr_t ptr_;

  enum {
    Tag_InterpreterFrame = 0x1,
    Tag_BaselineFrame = 0x2,
    Tag_RematerializedFrame = 0x3,
    Tag_WasmDebugFrame = 0x4,
    TagMask = 0x7
  };

 public:
  AbstractFramePtr() : ptr_(0) {}

  MOZ_IMPLICIT AbstractFramePtr(InterpreterFrame* fp)
      : ptr_(fp ? uintptr_t(fp) | Tag_InterpreterFrame : 0) {
    MOZ_ASSERT_IF(fp, asInterpreterFrame() == fp);
  }

  MOZ_IMPLICIT AbstractFramePtr(jit::BaselineFrame* fp)
      : ptr_(fp ? uintptr_t(fp) | Tag_BaselineFrame : 0) {
    MOZ_ASSERT_IF(fp, asBaselineFrame() == fp);
  }

  MOZ_IMPLICIT AbstractFramePtr(jit::RematerializedFrame* fp)
      : ptr_(fp ? uintptr_t(fp) | Tag_RematerializedFrame : 0) {
    MOZ_ASSERT_IF(fp, asRematerializedFrame() == fp);
  }

  MOZ_IMPLICIT AbstractFramePtr(wasm::DebugFrame* fp)
      : ptr_(fp ? uintptr_t(fp) | Tag_WasmDebugFrame : 0) {
    static_assert(wasm::DebugFrame::Alignment >= TagMask, "aligned");
    MOZ_ASSERT_IF(fp, asWasmDebugFrame() == fp);
  }

  static AbstractFramePtr FromRaw(void* raw) {
    AbstractFramePtr frame;
    frame.ptr_ = uintptr_t(raw);
    return frame;
  }

  bool isInterpreterFrame() const {
    return (ptr_ & TagMask) == Tag_InterpreterFrame;
  }
  InterpreterFrame* asInterpreterFrame() const {
    MOZ_ASSERT(isInterpreterFrame());
    InterpreterFrame* res = (InterpreterFrame*)(ptr_ & ~TagMask);
    MOZ_ASSERT(res);
    return res;
  }
  bool isBaselineFrame() const { return (ptr_ & TagMask) == Tag_BaselineFrame; }
  jit::BaselineFrame* asBaselineFrame() const {
    MOZ_ASSERT(isBaselineFrame());
    jit::BaselineFrame* res = (jit::BaselineFrame*)(ptr_ & ~TagMask);
    MOZ_ASSERT(res);
    return res;
  }
  bool isRematerializedFrame() const {
    return (ptr_ & TagMask) == Tag_RematerializedFrame;
  }
  jit::RematerializedFrame* asRematerializedFrame() const {
    MOZ_ASSERT(isRematerializedFrame());
    jit::RematerializedFrame* res =
        (jit::RematerializedFrame*)(ptr_ & ~TagMask);
    MOZ_ASSERT(res);
    return res;
  }
  bool isWasmDebugFrame() const {
    return (ptr_ & TagMask) == Tag_WasmDebugFrame;
  }
  wasm::DebugFrame* asWasmDebugFrame() const {
    MOZ_ASSERT(isWasmDebugFrame());
    wasm::DebugFrame* res = (wasm::DebugFrame*)(ptr_ & ~TagMask);
    MOZ_ASSERT(res);
    return res;
  }

  void* raw() const { return reinterpret_cast<void*>(ptr_); }

  bool operator==(const AbstractFramePtr& other) const {
    return ptr_ == other.ptr_;
  }
  bool operator!=(const AbstractFramePtr& other) const {
    return ptr_ != other.ptr_;
  }

  explicit operator bool() const { return !!ptr_; }

  inline JSObject* environmentChain() const;
  inline CallObject& callObj() const;
  inline bool initFunctionEnvironmentObjects(JSContext* cx);
  inline bool pushVarEnvironment(JSContext* cx, HandleScope scope);
  template <typename SpecificEnvironment>
  inline void pushOnEnvironmentChain(SpecificEnvironment& env);
  template <typename SpecificEnvironment>
  inline void popOffEnvironmentChain();

  inline JS::Realm* realm() const;

  inline bool hasInitialEnvironment() const;
  inline bool isGlobalFrame() const;
  inline bool isModuleFrame() const;
  inline bool isEvalFrame() const;
  inline bool isDebuggerEvalFrame() const;

  inline bool hasScript() const;
  inline JSScript* script() const;
  inline wasm::Instance* wasmInstance() const;
  inline GlobalObject* global() const;
  inline bool hasGlobal(const GlobalObject* global) const;
  inline JSFunction* callee() const;
  inline Value calleev() const;
  inline Value& thisArgument() const;

  inline bool isConstructing() const;
  inline Value newTarget() const;

  inline bool debuggerNeedsCheckPrimitiveReturn() const;

  inline bool isFunctionFrame() const;
  inline bool isGeneratorFrame() const;
  inline bool isNonStrictDirectEvalFrame() const;
  inline bool isStrictEvalFrame() const;

  inline unsigned numActualArgs() const;
  inline unsigned numFormalArgs() const;

  inline Value* argv() const;

  inline bool hasArgs() const;
  inline bool hasArgsObj() const;
  inline ArgumentsObject& argsObj() const;
  inline void initArgsObj(ArgumentsObject& argsobj) const;

  inline Value& unaliasedLocal(uint32_t i);
  inline Value& unaliasedFormal(
      unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
  inline Value& unaliasedActual(
      unsigned i, MaybeCheckAliasing checkAliasing = CHECK_ALIASING);
  template <class Op>
  inline void unaliasedForEachActual(JSContext* cx, Op op);

  inline bool prevUpToDate() const;
  inline void setPrevUpToDate() const;
  inline void unsetPrevUpToDate() const;

  inline bool isDebuggee() const;
  inline void setIsDebuggee();
  inline void unsetIsDebuggee();

  inline HandleValue returnValue() const;
  inline void setReturnValue(const Value& rval) const;

  friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&, InterpreterFrame*);
  friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
                                          jit::BaselineFrame*);
  friend void GDBTestInitAbstractFramePtr(AbstractFramePtr&,
                                          jit::RematerializedFrame*);
  friend void GDBTestInitAbstractFramePtr(AbstractFramePtr& frame,
                                          wasm::DebugFrame* ptr);
};

class NullFramePtr : public AbstractFramePtr {
 public:
  NullFramePtr() : AbstractFramePtr() {}
};

enum MaybeConstruct { NO_CONSTRUCT = false, CONSTRUCT = true };

/*****************************************************************************/

class InterpreterFrame {
  enum Flags : uint32_t {
    CONSTRUCTING = 0x1, /* frame is for a constructor invocation */

    RESUMED_GENERATOR = 0x2, /* frame is for a resumed generator invocation */

    /* Function prologue state */
    HAS_INITIAL_ENV =
        0x4,            /* callobj created for function or var env for eval */
    HAS_ARGS_OBJ = 0x8, /* ArgumentsObject created for needsArgsObj script */

    /* Lazy frame initialization */
    HAS_RVAL = 0x10, /* frame has rval_ set */

    /* Debugger state */
    PREV_UP_TO_DATE = 0x20, /* see DebugScopes::updateLiveScopes */

    /*
     * See comment above 'isDebuggee' in Realm.h for explanation of
     * invariants of debuggee compartments, scripts, and frames.
     */
    DEBUGGEE = 0x40, /* Execution is being observed by Debugger */

    /* Used in tracking calls and profiling (see vm/GeckoProfiler.cpp) */
    HAS_PUSHED_PROF_FRAME = 0x80, /* Gecko Profiler was notified of entry */

    /*
     * If set, we entered one of the JITs and ScriptFrameIter should skip
     * this frame.
     */
    RUNNING_IN_JIT = 0x100,

    /*
     * If set, this frame has been on the stack when
     * |js::SavedStacks::saveCurrentStack| was called, and so there is a
     * |js::SavedFrame| object cached for this frame.
     */
    HAS_CACHED_SAVED_FRAME = 0x200,
  };

  mutable uint32_t flags_; /* bits described by Flags */
  uint32_t nactual_;       /* number of actual arguments, for function frames */
  JSScript* script_;       /* the script we're executing */
  JSObject* envChain_;     /* current environment chain */
  Value rval_;             /* if HAS_RVAL, return value of the frame */
  ArgumentsObject* argsObj_; /* if HAS_ARGS_OBJ, the call's arguments object */

  /*
   * Previous frame and its pc and sp. Always nullptr for
   * InterpreterActivation's entry frame, always non-nullptr for inline
   * frames.
   */
  InterpreterFrame* prev_;
  jsbytecode* prevpc_;
  Value* prevsp_;

  void* unused;

  /*
   * For an eval-in-frame DEBUGGER_EVAL frame, the frame in whose scope
   * we're evaluating code. Iteration treats this as our previous frame.
   */
  AbstractFramePtr evalInFramePrev_;

  Value* argv_;          /* If hasArgs(), points to frame's arguments. */
  LifoAlloc::Mark mark_; /* Used to release memory for this frame. */

  static void staticAsserts() {
    JS_STATIC_ASSERT(offsetof(InterpreterFrame, rval_) % sizeof(Value) == 0);
    JS_STATIC_ASSERT(sizeof(InterpreterFrame) % sizeof(Value) == 0);
  }

  /*
   * The utilities are private since they are not able to assert that only
   * unaliased vars/formals are accessed. Normal code should prefer the
   * InterpreterFrame::unaliased* members (or InterpreterRegs::stackDepth for
   * the usual "depth is at least" assertions).
   */
  Value* slots() const { return (Value*)(this + 1); }
  Value* base() const { return slots() + script()->nfixed(); }

  friend class FrameIter;
  friend class InterpreterRegs;
  friend class InterpreterStack;
  friend class jit::BaselineFrame;

  /*
   * Frame initialization, called by InterpreterStack operations after acquiring
   * the raw memory for the frame:
   */

  /* Used for Invoke and Interpret. */
  void initCallFrame(InterpreterFrame* prev, jsbytecode* prevpc, Value* prevsp,
                     JSFunction& callee, JSScript* script, Value* argv,
                     uint32_t nactual, MaybeConstruct constructing);

  /* Used for global and eval frames. */
  void initExecuteFrame(JSContext* cx, HandleScript script,
                        AbstractFramePtr prev, const Value& newTargetValue,
                        HandleObject envChain);

 public:
  /*
   * Frame prologue/epilogue
   *
   * Every stack frame must have 'prologue' called before executing the
   * first op and 'epilogue' called after executing the last op and before
   * popping the frame (whether the exit is exceptional or not).
   *
   * For inline JS calls/returns, it is easy to call the prologue/epilogue
   * exactly once. When calling JS from C++, Invoke/Execute push the stack
   * frame but do *not* call the prologue/epilogue. That means Interpret
   * must call the prologue/epilogue for the entry frame. This scheme
   * simplifies jit compilation.
   *
   * An important corner case is what happens when an error occurs (OOM,
   * over-recursed) after pushing the stack frame but before 'prologue' is
   * called or completes fully. To simplify usage, 'epilogue' does not assume
   * 'prologue' has completed and handles all the intermediate state details.
   */

  bool prologue(JSContext* cx);
  void epilogue(JSContext* cx, jsbytecode* pc);

  bool checkReturn(JSContext* cx, HandleValue thisv);

  bool initFunctionEnvironmentObjects(JSContext* cx);

  /*
   * Initialize locals of newly-pushed frame to undefined.
   */
  void initLocals();

  /*
   * Stack frame type
   *
   * A stack frame may have one of four types, which determines which
   * members of the frame may be accessed and other invariants:
   *
   *  global frame:   execution of global code
   *  function frame: execution of function code
   *  module frame:   execution of a module
   *  eval frame:     execution of eval code
   */

  bool isGlobalFrame() const { return script_->isGlobalCode(); }

  bool isModuleFrame() const { return script_->module(); }

  bool isEvalFrame() const { return script_->isForEval(); }

  bool isFunctionFrame() const { return script_->functionNonDelazifying(); }

  inline bool isStrictEvalFrame() const {
    return isEvalFrame() && script()->strict();
  }

  bool isNonStrictEvalFrame() const {
    return isEvalFrame() && !script()->strict();
  }

  bool isNonGlobalEvalFrame() const;

  bool isNonStrictDirectEvalFrame() const {
    return isNonStrictEvalFrame() && isNonGlobalEvalFrame();
  }

  /*
   * Previous frame
   *
   * A frame's 'prev' frame is either null or the previous frame pointed to
   * by cx->regs->fp when this frame was pushed. Often, given two prev-linked
   * frames, the next-frame is a function or eval that was called by the
   * prev-frame, but not always: the prev-frame may have called a native that
   * reentered the VM through JS_CallFunctionValue on the same context
   * (without calling JS_SaveFrameChain) which pushed the next-frame. Thus,
   * 'prev' has little semantic meaning and basically just tells the VM what
   * to set cx->regs->fp to when this frame is popped.
   */

  InterpreterFrame* prev() const { return prev_; }

  AbstractFramePtr evalInFramePrev() const {
    MOZ_ASSERT(isEvalFrame());
    return evalInFramePrev_;
  }

  /*
   * (Unaliased) locals and arguments
   *
   * Only non-eval function frames have arguments. The arguments pushed by
   * the caller are the 'actual' arguments. The declared arguments of the
   * callee are the 'formal' arguments. When the caller passes less actual
   * arguments, missing formal arguments are padded with |undefined|.
   *
   * When a local/formal variable is aliased (accessed by nested closures,
   * environment operations, or 'arguments'), the canonical location for
   * that value is the slot of an environment object.  Aliased locals don't
   * have stack slots assigned to them.  These functions assert that
   * accesses to stack values are unaliased.
   */

  inline Value& unaliasedLocal(uint32_t i);

  bool hasArgs() const { return isFunctionFrame(); }
  inline Value& unaliasedFormal(unsigned i,
                                MaybeCheckAliasing = CHECK_ALIASING);
  inline Value& unaliasedActual(unsigned i,
                                MaybeCheckAliasing = CHECK_ALIASING);
  template <class Op>
  inline void unaliasedForEachActual(Op op);

  unsigned numFormalArgs() const {
    MOZ_ASSERT(hasArgs());
    return callee().nargs();
  }
  unsigned numActualArgs() const {
    MOZ_ASSERT(hasArgs());
    return nactual_;
  }

  /* Watch out, this exposes a pointer to the unaliased formal arg array. */
  Value* argv() const {
    MOZ_ASSERT(hasArgs());
    return argv_;
  }

  /*
   * Arguments object
   *
   * If a non-eval function has script->needsArgsObj, an arguments object is
   * created in the prologue and stored in the local variable for the
   * 'arguments' binding (script->argumentsLocal). Since this local is
   * mutable, the arguments object can be overwritten and we can "lose" the
   * arguments object. Thus, InterpreterFrame keeps an explicit argsObj_ field
   * so that the original arguments object is always available.
   */

  ArgumentsObject& argsObj() const;
  void initArgsObj(ArgumentsObject& argsobj);

  ArrayObject* createRestParameter(JSContext* cx);

  /*
   * Environment chain
   *
   * In theory, the environment chain would contain an object for every
   * lexical scope. However, only objects that are required for dynamic
   * lookup are actually created.
   *
   * Given that an InterpreterFrame corresponds roughly to a ES Execution
   * Context (ES 10.3), InterpreterFrame::varObj corresponds to the
   * VariableEnvironment component of a Exection Context. Intuitively, the
   * variables object is where new bindings (variables and functions) are
   * stored. One might expect that this is either the Call object or
   * envChain.globalObj for function or global code, respectively, however
   * the JSAPI allows calls of Execute to specify a variables object on the
   * environment chain other than the call/global object. This allows
   * embeddings to run multiple scripts under the same global, each time
   * using a new variables object to collect and discard the script's global
   * variables.
   */

  inline HandleObject environmentChain() const;

  inline EnvironmentObject& aliasedEnvironment(EnvironmentCoordinate ec) const;
  inline GlobalObject& global() const;
  inline CallObject& callObj() const;
  inline JSObject& varObj() const;
  inline LexicalEnvironmentObject& extensibleLexicalEnvironment() const;

  template <typename SpecificEnvironment>
  inline void pushOnEnvironmentChain(SpecificEnvironment& env);
  template <typename SpecificEnvironment>
  inline void popOffEnvironmentChain();
  inline void replaceInnermostEnvironment(EnvironmentObject& env);

  // Push a VarEnvironmentObject for function frames of functions that have
  // parameter expressions with closed over var bindings.
  bool pushVarEnvironment(JSContext* cx, HandleScope scope);

  /*
   * For lexical envs with aliased locals, these interfaces push and pop
   * entries on the environment chain.  The "freshen" operation replaces the
   * current lexical env with a fresh copy of it, to implement semantics
   * providing distinct bindings per iteration of a for(;;) loop whose head
   * has a lexical declaration.  The "recreate" operation replaces the
   * current lexical env with a copy of it containing uninitialized
   * bindings, to implement semantics providing distinct bindings per
   * iteration of a for-in/of loop.
   */

  bool pushLexicalEnvironment(JSContext* cx, Handle<LexicalScope*> scope);
  bool freshenLexicalEnvironment(JSContext* cx);
  bool recreateLexicalEnvironment(JSContext* cx);

  /*
   * Script
   *
   * All frames have an associated JSScript which holds the bytecode being
   * executed for the frame.
   */

  JSScript* script() const { return script_; }

  /* Return the previous frame's pc. */
  jsbytecode* prevpc() {
    MOZ_ASSERT(prev_);
    return prevpc_;
  }

  /* Return the previous frame's sp. */
  Value* prevsp() {
    MOZ_ASSERT(prev_);
    return prevsp_;
  }

  /*
   * Return the 'this' argument passed to a non-eval function frame. This is
   * not necessarily the frame's this-binding, for instance non-strict
   * functions will box primitive 'this' values and thisArgument() will
   * return the original, unboxed Value.
   */
  Value& thisArgument() const {
    MOZ_ASSERT(isFunctionFrame());
    return argv()[-1];
  }

  /*
   * Callee
   *
   * Only function frames have a callee. An eval frame in a function has the
   * same callee as its containing function frame.
   */

  JSFunction& callee() const {
    MOZ_ASSERT(isFunctionFrame());
    return calleev().toObject().as<JSFunction>();
  }

  const Value& calleev() const {
    MOZ_ASSERT(isFunctionFrame());
    return argv()[-2];
  }

  /*
   * New Target
   *
   * Only function frames have a meaningful newTarget. An eval frame in a
   * function will have a copy of the newTarget of the enclosing function
   * frame.
   */
  Value newTarget() const {
    if (isEvalFrame()) {
      return ((Value*)this)[-1];
    }

    MOZ_ASSERT(isFunctionFrame());

    if (callee().isArrow()) {
      return callee().getExtendedSlot(FunctionExtended::ARROW_NEWTARGET_SLOT);
    }

    if (isConstructing()) {
      unsigned pushedArgs = Max(numFormalArgs(), numActualArgs());
      return argv()[pushedArgs];
    }
    return UndefinedValue();
  }

  /* Profiler flags */

  bool hasPushedGeckoProfilerFrame() {
    return !!(flags_ & HAS_PUSHED_PROF_FRAME);
  }

  void setPushedGeckoProfilerFrame() { flags_ |= HAS_PUSHED_PROF_FRAME; }

  void unsetPushedGeckoProfilerFrame() { flags_ &= ~HAS_PUSHED_PROF_FRAME; }

  /* Return value */

  bool hasReturnValue() const { return flags_ & HAS_RVAL; }

  MutableHandleValue returnValue() {
    if (!hasReturnValue()) {
      rval_.setUndefined();
    }
    return MutableHandleValue::fromMarkedLocation(&rval_);
  }

  void markReturnValue() { flags_ |= HAS_RVAL; }

  void setReturnValue(const Value& v) {
    rval_ = v;
    markReturnValue();
  }

  void clearReturnValue() {
    rval_.setUndefined();
    markReturnValue();
  }

  void resumeGeneratorFrame(JSObject* envChain) {
    MOZ_ASSERT(script()->isGenerator() || script()->isAsync());
    MOZ_ASSERT(isFunctionFrame());
    flags_ |= HAS_INITIAL_ENV;
    envChain_ = envChain;
  }

  /*
   * Other flags
   */

  bool isConstructing() const { return !!(flags_ & CONSTRUCTING); }

  void setResumedGenerator() { flags_ |= RESUMED_GENERATOR; }
  bool isResumedGenerator() const { return !!(flags_ & RESUMED_GENERATOR); }

  /*
   * These two queries should not be used in general: the presence/absence of
   * the call/args object is determined by the static(ish) properties of the
   * JSFunction/JSScript. These queries should only be performed when probing
   * a stack frame that may be in the middle of the prologue (during which
   * time the call/args object are created).
   */

  inline bool hasInitialEnvironment() const;

  bool hasInitialEnvironmentUnchecked() const {
    return flags_ & HAS_INITIAL_ENV;
  }

  bool hasArgsObj() const {
    MOZ_ASSERT(script()->needsArgsObj());
    return flags_ & HAS_ARGS_OBJ;
  }

  /*
   * Debugger eval frames.
   *
   * - If evalInFramePrev_ is non-null, frame was created for an "eval in
   *   frame" call, which can push a successor to any live frame; so its
   *   logical "prev" frame is not necessarily the previous frame in memory.
   *   Iteration should treat evalInFramePrev_ as this frame's previous frame.
   *
   * - Don't bother to JIT it, because it's probably short-lived.
   *
   * - It is required to have a environment chain object outside the
   *   js::EnvironmentObject hierarchy: either a global object, or a
   *   DebugEnvironmentProxy.
   */
  bool isDebuggerEvalFrame() const {
    return isEvalFrame() && !!evalInFramePrev_;
  }

  bool prevUpToDate() const { return !!(flags_ & PREV_UP_TO_DATE); }

  void setPrevUpToDate() { flags_ |= PREV_UP_TO_DATE; }

  void unsetPrevUpToDate() { flags_ &= ~PREV_UP_TO_DATE; }

  bool isDebuggee() const { return !!(flags_ & DEBUGGEE); }

  void setIsDebuggee() { flags_ |= DEBUGGEE; }

  inline void unsetIsDebuggee();

  bool hasCachedSavedFrame() const { return flags_ & HAS_CACHED_SAVED_FRAME; }
  void setHasCachedSavedFrame() { flags_ |= HAS_CACHED_SAVED_FRAME; }
  void clearHasCachedSavedFrame() { flags_ &= ~HAS_CACHED_SAVED_FRAME; }

 public:
  void trace(JSTracer* trc, Value* sp, jsbytecode* pc);
  void traceValues(JSTracer* trc, unsigned start, unsigned end);

  // Entered Baseline/Ion from the interpreter.
  bool runningInJit() const { return !!(flags_ & RUNNING_IN_JIT); }
  void setRunningInJit() { flags_ |= RUNNING_IN_JIT; }
  void clearRunningInJit() { flags_ &= ~RUNNING_IN_JIT; }
};

/*****************************************************************************/

class InterpreterRegs {
 public:
  Value* sp;
  jsbytecode* pc;

 private:
  InterpreterFrame* fp_;

 public:
  InterpreterFrame* fp() const { return fp_; }

  unsigned stackDepth() const {
    MOZ_ASSERT(sp >= fp_->base());
    return sp - fp_->base();
  }

  Value* spForStackDepth(unsigned depth) const {
    MOZ_ASSERT(fp_->script()->nfixed() + depth <= fp_->script()->nslots());
    return fp_->base() + depth;
  }

  /* For generators. */
  void rebaseFromTo(const InterpreterRegs& from, InterpreterFrame& to) {
    fp_ = &to;
    sp = to.slots() + (from.sp - from.fp_->slots());
    pc = from.pc;
    MOZ_ASSERT(fp_);
  }

  void popInlineFrame() {
    pc = fp_->prevpc();
    unsigned spForNewTarget =
        fp_->isResumedGenerator() ? 0 : fp_->isConstructing();
    sp = fp_->prevsp() - fp_->numActualArgs() - 1 - spForNewTarget;
    fp_ = fp_->prev();
    MOZ_ASSERT(fp_);
  }
  void prepareToRun(InterpreterFrame& fp, JSScript* script) {
    pc = script->code();
    sp = fp.slots() + script->nfixed();
    fp_ = &fp;
  }

  void setToEndOfScript();

  MutableHandleValue stackHandleAt(int i) {
    return MutableHandleValue::fromMarkedLocation(&sp[i]);
  }

  HandleValue stackHandleAt(int i) const {
    return HandleValue::fromMarkedLocation(&sp[i]);
  }

  friend void GDBTestInitInterpreterRegs(InterpreterRegs&,
                                         js::InterpreterFrame*, JS::Value*,
                                         uint8_t*);
};

/*****************************************************************************/

class InterpreterStack {
  friend class InterpreterActivation;

  static const size_t DEFAULT_CHUNK_SIZE = 4 * 1024;
  LifoAlloc allocator_;

  // Number of interpreter frames on the stack, for over-recursion checks.
  static const size_t MAX_FRAMES = 50 * 1000;
  static const size_t MAX_FRAMES_TRUSTED = MAX_FRAMES + 1000;
  size_t frameCount_;

  inline uint8_t* allocateFrame(JSContext* cx, size_t size);

  inline InterpreterFrame* getCallFrame(JSContext* cx, const CallArgs& args,
                                        HandleScript script,
                                        MaybeConstruct constructing,
                                        Value** pargv);

  void releaseFrame(InterpreterFrame* fp) {
    frameCount_--;
    allocator_.release(fp->mark_);
  }

 public:
  InterpreterStack() : allocator_(DEFAULT_CHUNK_SIZE), frameCount_(0) {}

  ~InterpreterStack() { MOZ_ASSERT(frameCount_ == 0); }

  // For execution of eval or global code.
  InterpreterFrame* pushExecuteFrame(JSContext* cx, HandleScript script,
                                     const Value& newTargetValue,
                                     HandleObject envChain,
                                     AbstractFramePtr evalInFrame);

  // Called to invoke a function.
  InterpreterFrame* pushInvokeFrame(JSContext* cx, const CallArgs& args,
                                    MaybeConstruct constructing);

  // The interpreter can push light-weight, "inline" frames without entering a
  // new InterpreterActivation or recursively calling Interpret.
  bool pushInlineFrame(JSContext* cx, InterpreterRegs& regs,
                       const CallArgs& args, HandleScript script,
                       MaybeConstruct constructing);

  void popInlineFrame(InterpreterRegs& regs);

  bool resumeGeneratorCallFrame(JSContext* cx, InterpreterRegs& regs,
                                HandleFunction callee, HandleObject envChain);

  inline void purge(JSRuntime* rt);

  size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const {
    return allocator_.sizeOfExcludingThis(mallocSizeOf);
  }
};

void TraceInterpreterActivations(JSContext* cx, JSTracer* trc);

/*****************************************************************************/

/** Base class for all function call args. */
class AnyInvokeArgs : public JS::CallArgs {};

/** Base class for all function construction args. */
class AnyConstructArgs : public JS::CallArgs {
  // Only js::Construct (or internal methods that call the qualified CallArgs
  // versions) should do these things!
  void setCallee(const Value& v) = delete;
  void setThis(const Value& v) = delete;
  MutableHandleValue newTarget() const = delete;
  MutableHandleValue rval() const = delete;
};

namespace detail {

/** Function call/construct args of statically-unknown count. */
template <MaybeConstruct Construct>
class GenericArgsBase : public mozilla::Conditional<Construct, AnyConstructArgs,
                                                    AnyInvokeArgs>::Type {
 protected:
  RootedValueVector v_;

  explicit GenericArgsBase(JSContext* cx) : v_(cx) {}

 public:
  bool init(JSContext* cx, unsigned argc) {
    if (argc > ARGS_LENGTH_MAX) {
      JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
                                JSMSG_TOO_MANY_ARGUMENTS);
      return false;
    }

    // callee, this, arguments[, new.target iff constructing]
    size_t len = 2 + argc + uint32_t(Construct);
    MOZ_ASSERT(len > argc);  // no overflow
    if (!v_.resize(len)) {
      return false;
    }

    *static_cast<JS::CallArgs*>(this) = CallArgsFromVp(argc, v_.begin());
    this->constructing_ = Construct;
    if (Construct) {
      this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
    }
    return true;
  }
};

/** Function call/construct args of statically-known count. */
template <MaybeConstruct Construct, size_t N>
class FixedArgsBase : public mozilla::Conditional<Construct, AnyConstructArgs,
                                                  AnyInvokeArgs>::Type {
  static_assert(N <= ARGS_LENGTH_MAX, "o/~ too many args o/~");

 protected:
  JS::AutoValueArray<2 + N + uint32_t(Construct)> v_;

  explicit FixedArgsBase(JSContext* cx) : v_(cx) {
    *static_cast<JS::CallArgs*>(this) = CallArgsFromVp(N, v_.begin());
    this->constructing_ = Construct;
    if (Construct) {
      this->CallArgs::setThis(MagicValue(JS_IS_CONSTRUCTING));
    }
  }
};

}  // namespace detail

/** Function call args of statically-unknown count. */
class InvokeArgs : public detail::GenericArgsBase<NO_CONSTRUCT> {
  using Base = detail::GenericArgsBase<NO_CONSTRUCT>;

 public:
  explicit InvokeArgs(JSContext* cx) : Base(cx) {}
};

/** Function call args of statically-unknown count. */
class InvokeArgsMaybeIgnoresReturnValue
    : public detail::GenericArgsBase<NO_CONSTRUCT> {
  using Base = detail::GenericArgsBase<NO_CONSTRUCT>;

 public:
  explicit InvokeArgsMaybeIgnoresReturnValue(JSContext* cx,
                                             bool ignoresReturnValue)
      : Base(cx) {
    this->ignoresReturnValue_ = ignoresReturnValue;
  }
};

/** Function call args of statically-known count. */
template <size_t N>
class FixedInvokeArgs : public detail::FixedArgsBase<NO_CONSTRUCT, N> {
  using Base = detail::FixedArgsBase<NO_CONSTRUCT, N>;

 public:
  explicit FixedInvokeArgs(JSContext* cx) : Base(cx) {}
};

/** Function construct args of statically-unknown count. */
class ConstructArgs : public detail::GenericArgsBase<CONSTRUCT> {
  using Base = detail::GenericArgsBase<CONSTRUCT>;

 public:
  explicit ConstructArgs(JSContext* cx) : Base(cx) {}
};

/** Function call args of statically-known count. */
template <size_t N>
class FixedConstructArgs : public detail::FixedArgsBase<CONSTRUCT, N> {
  using Base = detail::FixedArgsBase<CONSTRUCT, N>;

 public:
  explicit FixedConstructArgs(JSContext* cx) : Base(cx) {}
};

template <class Args, class Arraylike>
inline bool FillArgumentsFromArraylike(JSContext* cx, Args& args,
                                       const Arraylike& arraylike) {
  uint32_t len = arraylike.length();
  if (!args.init(cx, len)) {
    return false;
  }

  for (uint32_t i = 0; i < len; i++) {
    args[i].set(arraylike[i]);
  }

  return true;
}

}  // namespace js

namespace mozilla {

template <>
struct DefaultHasher<js::AbstractFramePtr> {
  typedef js::AbstractFramePtr Lookup;

  static js::HashNumber hash(const Lookup& key) {
    return mozilla::HashGeneric(key.raw());
  }

  static bool match(const js::AbstractFramePtr& k, const Lookup& l) {
    return k == l;
  }
};

}  // namespace mozilla

namespace js {

/*****************************************************************************/

// [SMDOC] LiveSavedFrameCache: SavedFrame caching to minimize stack walking
//
// Since each SavedFrame object includes a 'parent' pointer to the SavedFrame
// for its caller, if we could easily find the right SavedFrame for a given
// stack frame, we wouldn't need to walk the rest of the stack. Traversing deep
// stacks can be expensive, and when we're profiling or instrumenting code, we
// may want to capture JavaScript stacks frequently, so such cases would benefit
// if we could avoid walking the entire stack.
//
// We could have a cache mapping frame addresses to their SavedFrame objects,
// but invalidating its entries would be a challenge. Popping a stack frame is
// extremely performance-sensitive, and SpiderMonkey stack frames can be OSR'd,
// thrown, rematerialized, and perhaps meet other fates; we would rather our
// cache not depend on handling so many tricky cases.
//
// It turns out that we can keep the cache accurate by reserving a single bit in
// the stack frame, which must be clear on any newly pushed frame. When we
// insert an entry into the cache mapping a given frame address to its
// SavedFrame, we set the bit in the frame. Then, we take care to probe the
// cache only for frames whose bit is set; the bit tells us that the frame has
// never left the stack, so its cache entry must be accurate, at least about
// which function the frame is executing (the line may have changed; more about
// that below). The code refers to this bit as the 'hasCachedSavedFrame' flag.
//
// We could manage such a cache replacing least-recently used entries, but we
// can do better than that: the cache can be a stack, of which we need examine
// only entries from the top.
//
// First, observe that stacks are walked from the youngest frame to the oldest,
// but SavedFrame chains are built from oldest to youngest, to ensure common
// tails are shared. This means that capturing a stack is necessarily a
// two-phase process: walk the stack, and then build the SavedFrames.
//
// Naturally, the first time we capture the stack, the cache is empty, and we
// must traverse the entire stack. As we build each SavedFrame, we push an entry
// associating the frame's address to its SavedFrame on the cache, and set the
// frame's bit. At the end, every frame has its bit set and an entry in the
// cache.
//
// Then the program runs some more. Some, none, or all of the frames are popped.
// Any new frames are pushed with their bit clear. Any frame with its bit set
// has never left the stack. The cache is left untouched.
//
// For the next capture, we walk the stack up to the first frame with its bit
// set, if there is one. Call it F; it must have a cache entry. We pop entries
// from the cache - all invalid, because they are above F's entry, and hence
// younger - until we find the entry matching F's address. Since F's bit is set,
// we know it never left the stack, and hence that no younger frame could have
// had a colliding address. And since the frame's bit was set when we pushed the
// cache entry, we know the entry is still valid.
//
// F's cache entry's SavedFrame covers the rest of the stack, so we don't need
// to walk the stack any further. Now we begin building SavedFrame objects for
// the new frames, pushing cache entries, and setting bits on the frames. By the
// end, the cache again covers the full stack, and every frame's bit is set.
//
// If we walk the stack to the end, and find no frame with its bit set, then the
// entire cache is invalid. At this point, it must be emptied, so that the new
// entries we are about to push are the only frames in the cache.
//
// For example, suppose we have the following stack (let 'A > B' mean "A called
// B", so the frames are listed oldest first):
//
//     P  > Q  > R  > S          Initial stack, bits not set.
//     P* > Q* > R* > S*         Capture a SavedFrame stack, set bits.
//                               The cache now holds: P > Q > R > S.
//     P* > Q* > R*              Return from S.
//     P* > Q*                   Return from R.
//     P* > Q* > T  > U          Call T and U. New frames have clear bits.
//
// If we capture the stack now, the cache still holds:
//
//     P  > Q  > R  > S
//
// As we traverse the stack, we'll cross U and T, and then find Q with its bit
// set. We pop entries from the cache until we find the entry for Q; this
// removes entries R and S, which were indeed invalid. In Q's cache entry, we
// find the SavedFrame representing the stack P > Q. Now we build SavedFrames
// for the new portion of the stack, pushing an entry for T and setting the bit
// on the frame, and then doing the same for U. In the end, the call stack again
// has bits set on all its frames:
//
//     P* > Q* > T* > U*         All frames are now in the cache.
//
// And the cache again holds entries for the entire stack:
//
//     P  > Q  > T  > U
//
// Details:
//
// - When we find a cache entry whose frame address matches our frame F, we know
//   that F has never left the stack, but it may certainly be the case that
//   execution took place in that frame, and that the current source position
//   within F's function has changed. This means that the entry's SavedFrame,
//   which records the source line and column as well as the function, is not
//   correct. To detect this case, when we push a cache entry, we record the
//   frame's pc. When consulting the cache, if a frame's address matches but its
//   pc does not, then we pop the cache entry, clear the frame's bit, and
//   continue walking the stack. The next stack frame will definitely hit: since
//   its callee frame never left the stack, the calling frame never got the
//   chance to execute.
//
// - Generators, at least conceptually, have long-lived stack frames that
//   disappear from the stack when the generator yields, and reappear on the
//   stack when the generator's 'next' method is called. When a generator's
//   frame is placed again atop the stack, its bit must be cleared - for the
//   purposes of the cache, treating the frame as a new frame - to respect the
//   invariants we used to justify the algorithm above. Async function
//   activations usually appear atop empty stacks, since they are invoked as a
//   promise callback, but the same rule applies.
//
// - SpiderMonkey has many types of stack frames, and not all have a place to
//   store a bit indicating a cached SavedFrame. But as long as we don't create
//   cache entries for frames we can't mark, simply omitting them from the cache
//   is harmless. Uncacheable frame types include inlined Ion frames and
//   non-Debug wasm frames. The LiveSavedFrameCache::FramePtr type represents
//   only pointers to frames that can be cached, so if you have a FramePtr, you
//   don't need to further check the frame for cachability. FramePtr provides
//   access to the hasCachedSavedFrame bit.
//
// - We actually break up the cache into one cache per Activation. Popping an
//   activation invalidates all its cache entries, simply by freeing the cache
//   altogether.
//
// - The entire chain of SavedFrames for a given stack capture is created in the
//   compartment of the code that requested the capture, *not* in that of the
//   frames it represents, so in general, different compartments may have
//   different SavedFrame objects representing the same actual stack frame. The
//   LiveSavedFrameCache simply records whichever SavedFrames were used in the
//   most recent captures. When we find a cache hit, we check the entry's
//   SavedFrame's compartment against the current compartment; if they do not
//   match, we clear the entire cache.
//
//   This means that it is not always true that, if a frame's
//   hasCachedSavedFrame bit is set, it must have an entry in the cache. The
//   actual invariant is: either the cache is completely empty, or the frames'
//   bits are trustworthy. This invariant holds even though capture can be
//   interrupted at many places by OOM failures. Clearing the cache is a single,
//   uninterruptible step. When we try to look up a frame whose bit is set and
//   find an empty cache, we clear the frame's bit. And we only add the first
//   frame to an empty cache once we've walked the stack all the way, so we know
//   that all frames' bits are cleared by that point.
//
// - When the Debugger API evaluates an expression in some frame (the 'target
//   frame'), it's SpiderMonkey's convention that the target frame be treated as
//   the parent of the eval frame. In reality, of course, the eval frame is
//   pushed on the top of the stack like any other frame, but stack captures
//   simply jump straight over the intervening frames, so that the '.parent'
//   property of a SavedFrame for the eval is the SavedFrame for the target.
//   This is arranged by giving the eval frame an 'evalInFramePrev` link
//   pointing to the target, which an ordinary FrameIter will notice and
//   respect.
//
//   If the LiveSavedFrameCache were presented with stack traversals that
//   skipped frames in this way, it would cause havoc. First, with no debugger
//   eval frames present, capture the stack, populating the cache. Then push a
//   debugger eval frame and capture again; the skipped frames to appear to be
//   absent from the stack. Now pop the debugger eval frame, and capture a third
//   time: the no-longer-skipped frames seem to reappear on the stack, with
//   their cached bits still set.
//
//   The LiveSavedFrameCache assumes that the stack it sees is used in a
//   stack-like fashion: if a frame has its bit set, it has never left the
//   stack. To support this assumption, when the cache is in use, we do not skip
//   the frames between a debugger eval frame an its target; we always traverse
//   the entire stack, invalidating and populating the cache in the usual way.
//   Instead, when we construct a SavedFrame for a debugger eval frame, we
//   select the appropriate parent at that point: rather than the next-older
//   frame, we find the SavedFrame for the eval's target frame. The skip appears
//   in the SavedFrame chains, even as the traversal covers all the frames.
//
// - Rematerialized frames (see ../jit/RematerializedFrame.h) are always created
//   with their hasCachedSavedFrame bits clear: although there may be extant
//   SavedFrames built from the original IonMonkey frame, the Rematerialized
//   frames will not have cache entries for them until they are traversed in a
//   capture themselves.
//
//   This means that, oddly, it is not always true that, once we reach a frame
//   with its hasCachedSavedFrame bit set, all its parents will have the bit set
//   as well. However, clear bits under younger set bits will only occur on
//   Rematerialized frames.
class LiveSavedFrameCache {
 public:
  // The address of a live frame for which we can cache SavedFrames: it has a
  // 'hasCachedSavedFrame' bit we can examine and set, and can be converted to
  // a Key to index the cache.
  class FramePtr {
    // We use jit::CommonFrameLayout for both Baseline frames and Ion
    // physical frames.
    using Ptr = mozilla::Variant<InterpreterFrame*, jit::CommonFrameLayout*,
                                 jit::RematerializedFrame*, wasm::DebugFrame*>;

    Ptr ptr;

    template <typename Frame>
    explicit FramePtr(Frame ptr) : ptr(ptr) {}

    struct HasCachedMatcher;
    struct SetHasCachedMatcher;
    struct ClearHasCachedMatcher;

   public:
    // If iter's frame is of a type that can be cached, construct a FramePtr
    // for its frame. Otherwise, return Nothing.
    static inline mozilla::Maybe<FramePtr> create(const FrameIter& iter);

    // Construct a FramePtr from an AbstractFramePtr. This always succeeds.
    static inline FramePtr create(AbstractFramePtr abstractFramePtr);

    inline bool hasCachedSavedFrame() const;
    inline void setHasCachedSavedFrame();
    inline void clearHasCachedSavedFrame();

    // Return true if this FramePtr refers to an interpreter frame.
    inline bool isInterpreterFrame() const {
      return ptr.is<InterpreterFrame*>();
    }

    // If this FramePtr is an interpreter frame, return a pointer to it.
    inline InterpreterFrame& asInterpreterFrame() const {
      return *ptr.as<InterpreterFrame*>();
    }

    // Return true if this FramePtr refers to a rematerialized frame.
    inline bool isRematerializedFrame() const {
      return ptr.is<jit::RematerializedFrame*>();
    }

    bool operator==(const FramePtr& rhs) const { return rhs.ptr == this->ptr; }
    bool operator!=(const FramePtr& rhs) const { return !(rhs == *this); }
  };

 private:
  // A key in the cache: the address of a frame, live or dead, for which we
  // can cache SavedFrames. Since the pointer may not be live, the only
  // operation this type permits is comparison.
  class Key {
    FramePtr framePtr;

   public:
    MOZ_IMPLICIT Key(const FramePtr& framePtr) : framePtr(framePtr) {}

    bool operator==(const Key& rhs) const {
      return rhs.framePtr == this->framePtr;
    }
    bool operator!=(const Key& rhs) const { return !(rhs == *this); }
  };

  struct Entry {
    const Key key;
    const jsbytecode* pc;
    HeapPtr<SavedFrame*> savedFrame;

    Entry(const Key& key, const jsbytecode* pc, SavedFrame* savedFrame)
        : key(key), pc(pc), savedFrame(savedFrame) {}
  };

  using EntryVector = Vector<Entry, 0, SystemAllocPolicy>;
  EntryVector* frames;

  LiveSavedFrameCache(const LiveSavedFrameCache&) = delete;
  LiveSavedFrameCache& operator=(const LiveSavedFrameCache&) = delete;

 public:
  explicit LiveSavedFrameCache() : frames(nullptr) {}

  LiveSavedFrameCache(LiveSavedFrameCache&& rhs) : frames(rhs.frames) {
    MOZ_ASSERT(this != &rhs, "self-move disallowed");
    rhs.frames = nullptr;
  }

  ~LiveSavedFrameCache() {
    if (frames) {
      js_delete(frames);
      frames = nullptr;
    }
  }

  bool initialized() const { return !!frames; }
  bool init(JSContext* cx) {
    frames = js_new<EntryVector>();
    if (!frames) {
      JS_ReportOutOfMemory(cx);
      return false;
    }
    return true;
  }

  void trace(JSTracer* trc);

  // Set |frame| to the cached SavedFrame corresponding to |framePtr| at |pc|.
  // |framePtr|'s hasCachedSavedFrame bit must be set. Remove all cache
  // entries for frames younger than that one.
  //
  // This may set |frame| to nullptr if |pc| is different from the pc supplied
  // when the cache entry was inserted. In this case, the cached SavedFrame
  // (probably) has the wrong source position. Entries for younger frames are
  // still removed. The next frame, if any, will be a cache hit.
  //
  // This may also set |frame| to nullptr if the cache was populated with
  // SavedFrame objects for a different compartment than cx's current
  // compartment. In this case, the entire cache is flushed.
  void find(JSContext* cx, FramePtr& framePtr, const jsbytecode* pc,
            MutableHandleSavedFrame frame) const;

  // Search the cache for a frame matching |framePtr|, without removing any
  // entries. Return the matching saved frame, or nullptr if none is found.
  // This is used for resolving |evalInFramePrev| links.
  void findWithoutInvalidation(const FramePtr& framePtr,
                               MutableHandleSavedFrame frame) const;

  // Push a cache entry mapping |framePtr| and |pc| to |savedFrame| on the top
  // of the cache's stack. You must insert entries for frames from oldest to
  // youngest. They must all be younger than the frame that the |find| method
  // found a hit for; or you must have cleared the entire cache with the
  // |clear| method.
  bool insert(JSContext* cx, FramePtr& framePtr, const jsbytecode* pc,
              HandleSavedFrame savedFrame);

  // Remove all entries from the cache.
  void clear() {
    if (frames) frames->clear();
  }
};

static_assert(
    sizeof(LiveSavedFrameCache) == sizeof(uintptr_t),
    "Every js::Activation has a LiveSavedFrameCache, so we need to be pretty "
    "careful "
    "about avoiding bloat. If you're adding members to LiveSavedFrameCache, "
    "maybe you "
    "should consider figuring out a way to make js::Activation have a "
    "LiveSavedFrameCache* instead of a Rooted<LiveSavedFrameCache>.");

/*****************************************************************************/

class InterpreterActivation;

namespace jit {
class JitActivation;
}  // namespace jit

// This class is separate from Activation, because it calls Compartment::wrap()
// which can GC and walk the stack. It's not safe to do that within the
// JitActivation constructor.
class MOZ_RAII ActivationEntryMonitor {
  JSContext* cx_;

  // The entry point monitor that was set on cx_->runtime() when this
  // ActivationEntryMonitor was created.
  JS::dbg::AutoEntryMonitor* entryMonitor_;

  explicit inline ActivationEntryMonitor(JSContext* cx);

  ActivationEntryMonitor(const ActivationEntryMonitor& other) = delete;
  void operator=(const ActivationEntryMonitor& other) = delete;

  void init(JSContext* cx, jit::CalleeToken entryToken);
  void init(JSContext* cx, InterpreterFrame* entryFrame);

  Value asyncStack(JSContext* cx);

 public:
  inline ActivationEntryMonitor(JSContext* cx, InterpreterFrame* entryFrame);
  inline ActivationEntryMonitor(JSContext* cx, jit::CalleeToken entryToken);
  inline ~ActivationEntryMonitor();
};

class Activation {
 protected:
  JSContext* cx_;
  JS::Compartment* compartment_;
  Activation* prev_;
  Activation* prevProfiling_;

  // Counter incremented by JS::HideScriptedCaller and decremented by
  // JS::UnhideScriptedCaller. If > 0 for the top activation,
  // DescribeScriptedCaller will return null instead of querying that
  // activation, which should prompt the caller to consult embedding-specific
  // data structures instead.
  size_t hideScriptedCallerCount_;

  // The cache of SavedFrame objects we have already captured when walking
  // this activation's stack.
  Rooted<LiveSavedFrameCache> frameCache_;

  // Youngest saved frame of an async stack that will be iterated during stack
  // capture in place of the actual stack of previous activations. Note that
  // the stack of this activation is captured entirely before this is used.
  //
  // Usually this is nullptr, meaning that normal stack capture will occur.
  // When this is set, the stack of any previous activation is ignored.
  Rooted<SavedFrame*> asyncStack_;

  // Value of asyncCause to be attached to asyncStack_.
  const char* asyncCause_;

  // True if the async call was explicitly requested, e.g. via
  // callFunctionWithAsyncStack.
  bool asyncCallIsExplicit_;

  enum Kind { Interpreter, Jit };
  Kind kind_;

  inline Activation(JSContext* cx, Kind kind);
  inline ~Activation();

 public:
  JSContext* cx() const { return cx_; }
  JS::Compartment* compartment() const { return compartment_; }
  Activation* prev() const { return prev_; }
  Activation* prevProfiling() const { return prevProfiling_; }
  inline Activation* mostRecentProfiling();

  bool isInterpreter() const { return kind_ == Interpreter; }
  bool isJit() const { return kind_ == Jit; }
  inline bool hasWasmExitFP() const;

  inline bool isProfiling() const;
  void registerProfiling();
  void unregisterProfiling();

  InterpreterActivation* asInterpreter() const {
    MOZ_ASSERT(isInterpreter());
    return (InterpreterActivation*)this;
  }
  jit::JitActivation* asJit() const {
    MOZ_ASSERT(isJit());
    return (jit::JitActivation*)this;
  }

  void hideScriptedCaller() { hideScriptedCallerCount_++; }
  void unhideScriptedCaller() {
    MOZ_ASSERT(hideScriptedCallerCount_ > 0);
    hideScriptedCallerCount_--;
  }
  bool scriptedCallerIsHidden() const { return hideScriptedCallerCount_ > 0; }

  static size_t offsetOfPrev() { return offsetof(Activation, prev_); }
  static size_t offsetOfPrevProfiling() {
    return offsetof(Activation, prevProfiling_);
  }

  SavedFrame* asyncStack() { return asyncStack_; }

  const char* asyncCause() const { return asyncCause_; }

  bool asyncCallIsExplicit() const { return asyncCallIsExplicit_; }

  inline LiveSavedFrameCache* getLiveSavedFrameCache(JSContext* cx);
  void clearLiveSavedFrameCache() { frameCache_.get().clear(); }

 private:
  Activation(const Activation& other) = delete;
  void operator=(const Activation& other) = delete;
};

// This variable holds a special opcode value which is greater than all normal
// opcodes, and is chosen such that the bitwise or of this value with any
// opcode is this value.
static const jsbytecode EnableInterruptsPseudoOpcode = -1;

static_assert(EnableInterruptsPseudoOpcode >= JSOP_LIMIT,
              "EnableInterruptsPseudoOpcode must be greater than any opcode");
static_assert(
    EnableInterruptsPseudoOpcode == jsbytecode(-1),
    "EnableInterruptsPseudoOpcode must be the maximum jsbytecode value");

class InterpreterFrameIterator;
class RunState;

class InterpreterActivation : public Activation {
  friend class js::InterpreterFrameIterator;

  InterpreterRegs regs_;
  InterpreterFrame* entryFrame_;
  size_t opMask_;  // For debugger interrupts, see js::Interpret.

#ifdef DEBUG
  size_t oldFrameCount_;
#endif

 public:
  inline InterpreterActivation(RunState& state, JSContext* cx,
                               InterpreterFrame* entryFrame);
  inline ~InterpreterActivation();

  inline bool pushInlineFrame(const CallArgs& args, HandleScript script,
                              MaybeConstruct constructing);
  inline void popInlineFrame(InterpreterFrame* frame);

  inline bool resumeGeneratorFrame(HandleFunction callee,
                                   HandleObject envChain);

  InterpreterFrame* current() const { return regs_.fp(); }
  InterpreterRegs& regs() { return regs_; }
  InterpreterFrame* entryFrame() const { return entryFrame_; }
  size_t opMask() const { return opMask_; }

  bool isProfiling() const { return false; }

  // If this js::Interpret frame is running |script|, enable interrupts.
  void enableInterruptsIfRunning(JSScript* script) {
    if (regs_.fp()->script() == script) {
      enableInterruptsUnconditionally();
    }
  }
  void enableInterruptsUnconditionally() {
    opMask_ = EnableInterruptsPseudoOpcode;
  }
  void clearInterruptsMask() { opMask_ = 0; }
};

// Iterates over a thread's activation list.
class ActivationIterator {
 protected:
  Activation* activation_;

 public:
  explicit ActivationIterator(JSContext* cx);

  ActivationIterator& operator++();

  Activation* operator->() const { return activation_; }
  Activation* activation() const { return activation_; }
  bool done() const { return activation_ == nullptr; }
};

namespace jit {

class BailoutFrameInfo;

// A JitActivation is used for frames running in Baseline or Ion.
class JitActivation : public Activation {
  // If Baseline, Ion or Wasm code is on the stack, and has called into C++,
  // this will be aligned to an ExitFrame. The last bit indicates if it's a
  // wasm frame (bit set to wasm::ExitOrJitEntryFPTag) or not
  // (bit set to ~wasm::ExitOrJitEntryFPTag).
  uint8_t* packedExitFP_;

  // When hasWasmExitFP(), encodedWasmExitReason_ holds ExitReason.
  uint32_t encodedWasmExitReason_;

  JitActivation* prevJitActivation_;

  // Rematerialized Ion frames which has info copied out of snapshots. Maps
  // frame pointers (i.e. packedExitFP_) to a vector of rematerializations of
  // all inline frames associated with that frame.
  //
  // This table is lazily initialized by calling getRematerializedFrame.
  typedef GCVector<UniquePtr<RematerializedFrame>> RematerializedFrameVector;
  typedef HashMap<uint8_t*, RematerializedFrameVector> RematerializedFrameTable;
  js::UniquePtr<RematerializedFrameTable> rematerializedFrames_;

  // This vector is used to remember the outcome of the evaluation of recover
  // instructions.
  //
  // RInstructionResults are appended into this vector when Snapshot values
  // have to be read, or when the evaluation has to run before some mutating
  // code.  Each RInstructionResults belongs to one frame which has to bailout
  // as soon as we get back to it.
  typedef Vector<RInstructionResults, 1> IonRecoveryMap;
  IonRecoveryMap ionRecovery_;

  // If we are bailing out from Ion, then this field should be a non-null
  // pointer which references the BailoutFrameInfo used to walk the inner
  // frames. This field is used for all newly constructed JSJitFrameIters to
  // read the innermost frame information from this bailout data instead of
  // reading it from the stack.
  BailoutFrameInfo* bailoutData_;

  // When profiling is enabled, these fields will be updated to reflect the
  // last pushed frame for this activation, and if that frame has been
  // left for a call, the native code site of the call.
  mozilla::Atomic<void*, mozilla::Relaxed> lastProfilingFrame_;
  mozilla::Atomic<void*, mozilla::Relaxed> lastProfilingCallSite_;
  static_assert(sizeof(mozilla::Atomic<void*, mozilla::Relaxed>) ==
                    sizeof(void*),
                "Atomic should have same memory format as underlying type.");

  // When wasm traps, the signal handler records some data for unwinding
  // purposes. Wasm code can't trap reentrantly.
  mozilla::Maybe<wasm::TrapData> wasmTrapData_;

  void clearRematerializedFrames();

#ifdef CHECK_OSIPOINT_REGISTERS
 protected:
  // Used to verify that live registers don't change between a VM call and
  // the OsiPoint that follows it. Protected to silence Clang warning.
  uint32_t checkRegs_ = 0;
  RegisterDump regs_;
#endif

 public:
  explicit JitActivation(JSContext* cx);
  ~JitActivation();

  bool isProfiling() const {
    // All JitActivations can be profiled.
    return true;
  }

  JitActivation* prevJitActivation() const { return prevJitActivation_; }
  static size_t offsetOfPrevJitActivation() {
    return offsetof(JitActivation, prevJitActivation_);
  }

  bool hasExitFP() const { return !!packedExitFP_; }
  uint8_t* jsOrWasmExitFP() const {
    return (uint8_t*)(uintptr_t(packedExitFP_) & ~wasm::ExitOrJitEntryFPTag);
  }
  static size_t offsetOfPackedExitFP() {
    return offsetof(JitActivation, packedExitFP_);
  }

  bool hasJSExitFP() const {
    return !(uintptr_t(packedExitFP_) & wasm::ExitOrJitEntryFPTag);
  }
  uint8_t* jsExitFP() const {
    MOZ_ASSERT(hasJSExitFP());
    return packedExitFP_;
  }
  void setJSExitFP(uint8_t* fp) { packedExitFP_ = fp; }

#ifdef CHECK_OSIPOINT_REGISTERS
  void setCheckRegs(bool check) { checkRegs_ = check; }
  static size_t offsetOfCheckRegs() {
    return offsetof(JitActivation, checkRegs_);
  }
  static size_t offsetOfRegs() { return offsetof(JitActivation, regs_); }
#endif

  // Look up a rematerialized frame keyed by the fp, rematerializing the
  // frame if one doesn't already exist. A frame can only be rematerialized
  // if an IonFrameIterator pointing to the nearest uninlined frame can be
  // provided, as values need to be read out of snapshots.
  //
  // The inlineDepth must be within bounds of the frame pointed to by iter.
  RematerializedFrame* getRematerializedFrame(JSContext* cx,
                                              const JSJitFrameIter& iter,
                                              size_t inlineDepth = 0);

  // Look up a rematerialized frame by the fp. If inlineDepth is out of
  // bounds of what has been rematerialized, nullptr is returned.
  RematerializedFrame* lookupRematerializedFrame(uint8_t* top,
                                                 size_t inlineDepth = 0);

  // Remove all rematerialized frames associated with the fp top from the
  // Debugger.
  void removeRematerializedFramesFromDebugger(JSContext* cx, uint8_t* top);

  bool hasRematerializedFrame(uint8_t* top, size_t inlineDepth = 0) {
    return !!lookupRematerializedFrame(top, inlineDepth);
  }

  // Remove a previous rematerialization by fp.
  void removeRematerializedFrame(uint8_t* top);

  void traceRematerializedFrames(JSTracer* trc);

  // Register the results of on Ion frame recovery.
  bool registerIonFrameRecovery(RInstructionResults&& results);

  // Return the pointer to the Ion frame recovery, if it is already registered.
  RInstructionResults* maybeIonFrameRecovery(JitFrameLayout* fp);

  // If an Ion frame recovery exists for the |fp| frame exists, then remove it
  // from the activation.
  void removeIonFrameRecovery(JitFrameLayout* fp);

  void traceIonRecovery(JSTracer* trc);

  // Return the bailout information if it is registered.
  const BailoutFrameInfo* bailoutData() const { return bailoutData_; }

  // Register the bailout data when it is constructed.
  void setBailoutData(BailoutFrameInfo* bailoutData);

  // Unregister the bailout data when the frame is reconstructed.
  void cleanBailoutData();

  static size_t offsetOfLastProfilingFrame() {
    return offsetof(JitActivation, lastProfilingFrame_);
  }
  void* lastProfilingFrame() { return lastProfilingFrame_; }
  void setLastProfilingFrame(void* ptr) { lastProfilingFrame_ = ptr; }

  static size_t offsetOfLastProfilingCallSite() {
    return offsetof(JitActivation, lastProfilingCallSite_);
  }
  void* lastProfilingCallSite() { return lastProfilingCallSite_; }
  void setLastProfilingCallSite(void* ptr) { lastProfilingCallSite_ = ptr; }

  // WebAssembly specific attributes.
  bool hasWasmExitFP() const {
    return uintptr_t(packedExitFP_) & wasm::ExitOrJitEntryFPTag;
  }
  wasm::Frame* wasmExitFP() const {
    MOZ_ASSERT(hasWasmExitFP());
    return (wasm::Frame*)(uintptr_t(packedExitFP_) &
                          ~wasm::ExitOrJitEntryFPTag);
  }
  void setWasmExitFP(const wasm::Frame* fp) {
    if (fp) {
      MOZ_ASSERT(!(uintptr_t(fp) & wasm::ExitOrJitEntryFPTag));
      packedExitFP_ = (uint8_t*)(uintptr_t(fp) | wasm::ExitOrJitEntryFPTag);
      MOZ_ASSERT(hasWasmExitFP());
    } else {
      packedExitFP_ = nullptr;
    }
  }
  wasm::ExitReason wasmExitReason() const {
    MOZ_ASSERT(hasWasmExitFP());
    return wasm::ExitReason::Decode(encodedWasmExitReason_);
  }
  static size_t offsetOfEncodedWasmExitReason() {
    return offsetof(JitActivation, encodedWasmExitReason_);
  }

  void startWasmTrap(wasm::Trap trap, uint32_t bytecodeOffset,
                     const wasm::RegisterState& state);
  void finishWasmTrap();
  bool isWasmTrapping() const { return !!wasmTrapData_; }
  const wasm::TrapData& wasmTrapData() { return *wasmTrapData_; }
};

// A filtering of the ActivationIterator to only stop at JitActivations.
class JitActivationIterator : public ActivationIterator {
  void settle() {
    while (!done() && !activation_->isJit()) {
      ActivationIterator::operator++();
    }
  }

 public:
  explicit JitActivationIterator(JSContext* cx) : ActivationIterator(cx) {
    settle();
  }

  JitActivationIterator& operator++() {
    ActivationIterator::operator++();
    settle();
    return *this;
  }
};

}  // namespace jit

inline bool Activation::hasWasmExitFP() const {
  return isJit() && asJit()->hasWasmExitFP();
}

// Iterates over the frames of a single InterpreterActivation.
class InterpreterFrameIterator {
  InterpreterActivation* activation_;
  InterpreterFrame* fp_;
  jsbytecode* pc_;
  Value* sp_;

 public:
  explicit InterpreterFrameIterator(InterpreterActivation* activation)
      : activation_(activation), fp_(nullptr), pc_(nullptr), sp_(nullptr) {
    if (activation) {
      fp_ = activation->current();
      pc_ = activation->regs().pc;
      sp_ = activation->regs().sp;
    }
  }

  InterpreterFrame* frame() const {
    MOZ_ASSERT(!done());
    return fp_;
  }
  jsbytecode* pc() const {
    MOZ_ASSERT(!done());
    return pc_;
  }
  Value* sp() const {
    MOZ_ASSERT(!done());
    return sp_;
  }

  InterpreterFrameIterator& operator++();

  bool done() const { return fp_ == nullptr; }
};

// A JitFrameIter can iterate over all kind of frames emitted by our code
// generators, be they composed of JS jit frames or wasm frames, interleaved or
// not, in any order.
//
// In the following class:
// - code generated for JS is referred to as JSJit.
// - code generated for wasm is referred to as Wasm.
// Also, Jit refers to any one of them.
//
// JitFrameIter uses JSJitFrameIter to iterate over JSJit code or a
// WasmFrameIter to iterate over wasm code; only one of them is active at the
// time. When a sub-iterator is done, the JitFrameIter knows how to stop, move
// onto the next activation or move onto another kind of Jit code.
//
// For ease of use, there is also OnlyJSJitFrameIter, which skips all the
// non-JSJit frames.
//
// Note it is allowed to get a handle to the internal frame iterator via
// asJSJit() and asWasm(), but the user has to be careful not to have those be
// used after JitFrameIter leaves the scope or the operator++ is called.
//
// In particular, this can handle the transition from wasm to jit and from jit
// to wasm, since these can be interleaved in the same JitActivation.
class JitFrameIter {
 protected:
  jit::JitActivation* act_;
  mozilla::MaybeOneOf<jit::JSJitFrameIter, wasm::WasmFrameIter> iter_;
  bool mustUnwindActivation_;

  void settle();

 public:
  JitFrameIter() : act_(nullptr), iter_(), mustUnwindActivation_(false) {}
  explicit JitFrameIter(jit::JitActivation* activation,
                        bool mustUnwindActivation = false);

  explicit JitFrameIter(const JitFrameIter& another);
  JitFrameIter& operator=(const JitFrameIter& another);

  bool isSome() const { return !iter_.empty(); }
  void reset() {
    MOZ_ASSERT(isSome());
    iter_.destroy();
  }

  bool isJSJit() const {
    return isSome() && iter_.constructed<jit::JSJitFrameIter>();
  }
  jit::JSJitFrameIter& asJSJit() { return iter_.ref<jit::JSJitFrameIter>(); }
  const jit::JSJitFrameIter& asJSJit() const {
    return iter_.ref<jit::JSJitFrameIter>();
  }

  bool isWasm() const {
    return isSome() && iter_.constructed<wasm::WasmFrameIter>();
  }
  wasm::WasmFrameIter& asWasm() { return iter_.ref<wasm::WasmFrameIter>(); }
  const wasm::WasmFrameIter& asWasm() const {
    return iter_.ref<wasm::WasmFrameIter>();
  }

  // Operations common to all frame iterators.
  const jit::JitActivation* activation() const { return act_; }
  bool done() const;
  void operator++();

  JS::Realm* realm() const;

  // Returns the address of the next instruction that will execute in this
  // frame, once control returns to this frame.
  uint8_t* resumePCinCurrentFrame() const;

  // Operations which have an effect only on JIT frames.
  void skipNonScriptedJSFrames();

  // Returns true iff this is a JIT frame with a self-hosted script. Note: be
  // careful, JitFrameIter does not consider functions inlined by Ion.
  bool isSelfHostedIgnoringInlining() const;
};

// A JitFrameIter that skips all the non-JSJit frames, skipping interleaved
// frames of any another kind.

class OnlyJSJitFrameIter : public JitFrameIter {
  void settle() {
    while (!done() && !isJSJit()) {
      JitFrameIter::operator++();
    }
  }

 public:
  explicit OnlyJSJitFrameIter(jit::JitActivation* act);
  explicit OnlyJSJitFrameIter(JSContext* cx);
  explicit OnlyJSJitFrameIter(const ActivationIterator& cx);

  void operator++() {
    JitFrameIter::operator++();
    settle();
  }

  const jit::JSJitFrameIter& frame() const { return asJSJit(); }
};

// A FrameIter walks over a context's stack of JS script activations,
// abstracting over whether the JS scripts were running in the interpreter or
// different modes of compiled code.
//
// FrameIter is parameterized by what it includes in the stack iteration:
//  - When provided, the optional JSPrincipal argument will cause FrameIter to
//    only show frames in globals whose JSPrincipals are subsumed (via
//    JSSecurityCallbacks::subsume) by the given JSPrincipal.
//
// Additionally, there are derived FrameIter types that automatically skip
// certain frames:
//  - ScriptFrameIter only shows frames that have an associated JSScript
//    (currently everything other than wasm stack frames). When !hasScript(),
//    clients must stick to the portion of the
//    interface marked below.
//  - NonBuiltinScriptFrameIter additionally filters out builtin (self-hosted)
//    scripts.
class FrameIter {
 public:
  enum DebuggerEvalOption {
    FOLLOW_DEBUGGER_EVAL_PREV_LINK,
    IGNORE_DEBUGGER_EVAL_PREV_LINK
  };

  enum State {
    DONE,    // when there are no more frames nor activations to unwind.
    INTERP,  // interpreter activation on the stack
    JIT      // jit or wasm activations on the stack
  };

  // Unlike ScriptFrameIter itself, ScriptFrameIter::Data can be allocated on
  // the heap, so this structure should not contain any GC things.
  struct Data {
    JSContext* cx_;
    DebuggerEvalOption debuggerEvalOption_;
    JSPrincipals* principals_;

    State state_;

    jsbytecode* pc_;

    InterpreterFrameIterator interpFrames_;
    ActivationIterator activations_;

    JitFrameIter jitFrames_;
    unsigned ionInlineFrameNo_;

    Data(JSContext* cx, DebuggerEvalOption debuggerEvalOption,
         JSPrincipals* principals);
    Data(const Data& other);
  };

  explicit FrameIter(JSContext* cx,
                     DebuggerEvalOption = FOLLOW_DEBUGGER_EVAL_PREV_LINK);
  FrameIter(JSContext* cx, DebuggerEvalOption, JSPrincipals*);
  FrameIter(const FrameIter& iter);
  MOZ_IMPLICIT FrameIter(const Data& data);
  MOZ_IMPLICIT FrameIter(AbstractFramePtr frame);

  bool done() const { return data_.state_ == DONE; }

  // -------------------------------------------------------
  // The following functions can only be called when !done()
  // -------------------------------------------------------

  FrameIter& operator++();

  JS::Realm* realm() const;
  JS::Compartment* compartment() const;
  Activation* activation() const { return data_.activations_.activation(); }

  bool isInterp() const {
    MOZ_ASSERT(!done());
    return data_.state_ == INTERP;
  }
  bool isJSJit() const {
    MOZ_ASSERT(!done());
    return data_.state_ == JIT && data_.jitFrames_.isJSJit();
  }
  bool isWasm() const {
    MOZ_ASSERT(!done());
    return data_.state_ == JIT && data_.jitFrames_.isWasm();
  }

  inline bool isIon() const;
  inline bool isBaseline() const;
  inline bool isPhysicalJitFrame() const;

  bool isEvalFrame() const;
  bool isFunctionFrame() const;
  bool hasArgs() const { return isFunctionFrame(); }

  ScriptSource* scriptSource() const;
  const char* filename() const;
  const char16_t* displayURL() const;
  unsigned computeLine(uint32_t* column = nullptr) const;
  JSAtom* maybeFunctionDisplayAtom() const;
  bool mutedErrors() const;

  bool hasScript() const { return !isWasm(); }

  // -----------------------------------------------------------
  //  The following functions can only be called when isWasm()
  // -----------------------------------------------------------

  inline bool wasmDebugEnabled() const;
  inline wasm::Instance* wasmInstance() const;
  inline uint32_t wasmFuncIndex() const;
  inline unsigned wasmBytecodeOffset() const;
  void wasmUpdateBytecodeOffset();

  // -----------------------------------------------------------
  // The following functions can only be called when hasScript()
  // -----------------------------------------------------------

  inline JSScript* script() const;

  bool isConstructing() const;
  jsbytecode* pc() const {
    MOZ_ASSERT(!done());
    return data_.pc_;
  }
  void updatePcQuadratic();

  // The function |calleeTemplate()| returns either the function from which
  // the current |callee| was cloned or the |callee| if it can be read. As
  // long as we do not have to investigate the environment chain or build a
  // new frame, we should prefer to use |calleeTemplate| instead of
  // |callee|, as requesting the |callee| might cause the invalidation of
  // the frame. (see js::Lambda)
  JSFunction* calleeTemplate() const;
  JSFunction* callee(JSContext* cx) const;

  JSFunction* maybeCallee(JSContext* cx) const {
    return isFunctionFrame() ? callee(cx) : nullptr;
  }

  bool matchCallee(JSContext* cx, HandleFunction fun) const;

  unsigned numActualArgs() const;
  unsigned numFormalArgs() const;
  Value unaliasedActual(unsigned i, MaybeCheckAliasing = CHECK_ALIASING) const;
  template <class Op>
  inline void unaliasedForEachActual(JSContext* cx, Op op);

  JSObject* environmentChain(JSContext* cx) const;
  bool hasInitialEnvironment(JSContext* cx) const;
  CallObject& callObj(JSContext* cx) const;

  bool hasArgsObj() const;
  ArgumentsObject& argsObj() const;

  // Get the original |this| value passed to this function. May not be the
  // actual this-binding (for instance, derived class constructors will
  // change their this-value later and non-strict functions will box
  // primitives).
  Value thisArgument(JSContext* cx) const;

  Value newTarget() const;

  Value returnValue() const;
  void setReturnValue(const Value& v);

  // These are only valid for the top frame.
  size_t numFrameSlots() const;
  Value frameSlotValue(size_t index) const;

  // Ensures that we have rematerialized the top frame and its associated
  // inline frames. Can only be called when isIon().
  bool ensureHasRematerializedFrame(JSContext* cx);

  // True when isInterp() or isBaseline(). True when isIon() if it
  // has a rematerialized frame. False otherwise.
  bool hasUsableAbstractFramePtr() const;

  // -----------------------------------------------------------
  // The following functions can only be called when isInterp(),
  // isBaseline(), isWasm() or isIon(). Further, abstractFramePtr() can
  // only be called when hasUsableAbstractFramePtr().
  // -----------------------------------------------------------

  AbstractFramePtr abstractFramePtr() const;
  Data* copyData() const;

  // This can only be called when isInterp():
  inline InterpreterFrame* interpFrame() const;

  // This can only be called when isPhysicalJitFrame():
  inline jit::CommonFrameLayout* physicalJitFrame() const;

  // This is used to provide a raw interface for debugging.
  void* rawFramePtr() const;

 private:
  Data data_;
  jit::InlineFrameIterator ionInlineFrames_;

  const jit::JSJitFrameIter& jsJitFrame() const {
    return data_.jitFrames_.asJSJit();
  }
  const wasm::WasmFrameIter& wasmFrame() const {
    return data_.jitFrames_.asWasm();
  }

  jit::JSJitFrameIter& jsJitFrame() { return data_.jitFrames_.asJSJit(); }
  wasm::WasmFrameIter& wasmFrame() { return data_.jitFrames_.asWasm(); }

  bool isIonScripted() const {
    return isJSJit() && jsJitFrame().isIonScripted();
  }

  bool principalsSubsumeFrame() const;

  void popActivation();
  void popInterpreterFrame();
  void nextJitFrame();
  void popJitFrame();
  void settleOnActivation();
};

class ScriptFrameIter : public FrameIter {
  void settle() {
    while (!done() && !hasScript()) {
      FrameIter::operator++();
    }
  }

 public:
  explicit ScriptFrameIter(
      JSContext* cx,
      DebuggerEvalOption debuggerEvalOption = FOLLOW_DEBUGGER_EVAL_PREV_LINK)
      : FrameIter(cx, debuggerEvalOption) {
    settle();
  }

  ScriptFrameIter(JSContext* cx, DebuggerEvalOption debuggerEvalOption,
                  JSPrincipals* prin)
      : FrameIter(cx, debuggerEvalOption, prin) {
    settle();
  }

  ScriptFrameIter(const ScriptFrameIter& iter) : FrameIter(iter) { settle(); }
  explicit ScriptFrameIter(const FrameIter::Data& data) : FrameIter(data) {
    settle();
  }
  explicit ScriptFrameIter(AbstractFramePtr frame) : FrameIter(frame) {
    settle();
  }

  ScriptFrameIter& operator++() {
    FrameIter::operator++();
    settle();
    return *this;
  }
};

#ifdef DEBUG
bool SelfHostedFramesVisible();
#else
static inline bool SelfHostedFramesVisible() { return false; }
#endif

/* A filtering of the FrameIter to only stop at non-self-hosted scripts. */
class NonBuiltinFrameIter : public FrameIter {
  void settle();

 public:
  explicit NonBuiltinFrameIter(
      JSContext* cx, FrameIter::DebuggerEvalOption debuggerEvalOption =
                         FrameIter::FOLLOW_DEBUGGER_EVAL_PREV_LINK)
      : FrameIter(cx, debuggerEvalOption) {
    settle();
  }

  NonBuiltinFrameIter(JSContext* cx,
                      FrameIter::DebuggerEvalOption debuggerEvalOption,
                      JSPrincipals* principals)
      : FrameIter(cx, debuggerEvalOption, principals) {
    settle();
  }

  NonBuiltinFrameIter(JSContext* cx, JSPrincipals* principals)
      : FrameIter(cx, FrameIter::FOLLOW_DEBUGGER_EVAL_PREV_LINK, principals) {
    settle();
  }

  explicit NonBuiltinFrameIter(const FrameIter::Data& data) : FrameIter(data) {}

  NonBuiltinFrameIter& operator++() {
    FrameIter::operator++();
    settle();
    return *this;
  }
};

// A filtering of the ScriptFrameIter to only stop at non-self-hosted scripts.
class NonBuiltinScriptFrameIter : public ScriptFrameIter {
  void settle();

 public:
  explicit NonBuiltinScriptFrameIter(
      JSContext* cx, ScriptFrameIter::DebuggerEvalOption debuggerEvalOption =
                         ScriptFrameIter::FOLLOW_DEBUGGER_EVAL_PREV_LINK)
      : ScriptFrameIter(cx, debuggerEvalOption) {
    settle();
  }

  NonBuiltinScriptFrameIter(
      JSContext* cx, ScriptFrameIter::DebuggerEvalOption debuggerEvalOption,
      JSPrincipals* principals)
      : ScriptFrameIter(cx, debuggerEvalOption, principals) {
    settle();
  }

  explicit NonBuiltinScriptFrameIter(const ScriptFrameIter::Data& data)
      : ScriptFrameIter(data) {}

  NonBuiltinScriptFrameIter& operator++() {
    ScriptFrameIter::operator++();
    settle();
    return *this;
  }
};

/*
 * Blindly iterate over all frames in the current thread's stack. These frames
 * can be from different contexts and compartments, so beware.
 */
class AllFramesIter : public FrameIter {
 public:
  explicit AllFramesIter(JSContext* cx)
      : FrameIter(cx, ScriptFrameIter::IGNORE_DEBUGGER_EVAL_PREV_LINK) {}
};

/* Iterates over all script frame in the current thread's stack.
 * See also AllFramesIter and ScriptFrameIter.
 */
class AllScriptFramesIter : public ScriptFrameIter {
 public:
  explicit AllScriptFramesIter(JSContext* cx)
      : ScriptFrameIter(cx, ScriptFrameIter::IGNORE_DEBUGGER_EVAL_PREV_LINK) {}
};

/* Popular inline definitions. */

inline JSScript* FrameIter::script() const {
  MOZ_ASSERT(!done());
  MOZ_ASSERT(hasScript());
  if (data_.state_ == INTERP) {
    return interpFrame()->script();
  }
  if (jsJitFrame().isIonJS()) {
    return ionInlineFrames_.script();
  }
  return jsJitFrame().script();
}

inline bool FrameIter::wasmDebugEnabled() const {
  MOZ_ASSERT(!done());
  MOZ_ASSERT(isWasm());
  return wasmFrame().debugEnabled();
}

inline wasm::Instance* FrameIter::wasmInstance() const {
  MOZ_ASSERT(!done());
  MOZ_ASSERT(isWasm());
  return wasmFrame().instance();
}

inline unsigned FrameIter::wasmBytecodeOffset() const {
  MOZ_ASSERT(!done());
  MOZ_ASSERT(isWasm());
  return wasmFrame().lineOrBytecode();
}

inline uint32_t FrameIter::wasmFuncIndex() const {
  MOZ_ASSERT(!done());
  MOZ_ASSERT(isWasm());
  return wasmFrame().funcIndex();
}

inline bool FrameIter::isIon() const {
  return isJSJit() && jsJitFrame().isIonJS();
}

inline bool FrameIter::isBaseline() const {
  return isJSJit() && jsJitFrame().isBaselineJS();
}

inline InterpreterFrame* FrameIter::interpFrame() const {
  MOZ_ASSERT(data_.state_ == INTERP);
  return data_.interpFrames_.frame();
}

inline bool FrameIter::isPhysicalJitFrame() const {
  if (!isJSJit()) {
    return false;
  }

  auto& jitFrame = jsJitFrame();

  if (jitFrame.isBaselineJS()) {
    return true;
  }

  if (jitFrame.isIonScripted()) {
    // Only the bottom of a group of inlined Ion frames is a physical frame.
    return ionInlineFrames_.frameNo() == 0;
  }

  return false;
}

inline jit::CommonFrameLayout* FrameIter::physicalJitFrame() const {
  MOZ_ASSERT(isPhysicalJitFrame());
  return jsJitFrame().current();
}

} /* namespace js */

#endif /* vm_Stack_h */