org.mozilla.javascript.optimizer.Codegen Maven / Gradle / Ivy
The newest version!
/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.javascript.optimizer;
import org.mozilla.javascript.*;
import org.mozilla.javascript.ast.FunctionNode;
import org.mozilla.javascript.ast.Jump;
import org.mozilla.javascript.ast.Name;
import org.mozilla.javascript.ast.ScriptNode;
import org.mozilla.classfile.*;
import java.util.*;
import java.lang.reflect.Constructor;
import static org.mozilla.classfile.ClassFileWriter.ACC_FINAL;
import static org.mozilla.classfile.ClassFileWriter.ACC_PRIVATE;
import static org.mozilla.classfile.ClassFileWriter.ACC_PUBLIC;
import static org.mozilla.classfile.ClassFileWriter.ACC_STATIC;
import static org.mozilla.classfile.ClassFileWriter.ACC_VOLATILE;
/**
* This class generates code for a given IR tree.
*
* @author Norris Boyd
* @author Roger Lawrence
*/
public class Codegen implements Evaluator
{
public void captureStackInfo(RhinoException ex) {
throw new UnsupportedOperationException();
}
public String getSourcePositionFromStack(Context cx, int[] linep) {
throw new UnsupportedOperationException();
}
public String getPatchedStack(RhinoException ex, String nativeStackTrace) {
throw new UnsupportedOperationException();
}
public List getScriptStack(RhinoException ex) {
throw new UnsupportedOperationException();
}
public void setEvalScriptFlag(Script script) {
throw new UnsupportedOperationException();
}
public Object compile(CompilerEnvirons compilerEnv,
ScriptNode tree,
String encodedSource,
boolean returnFunction)
{
int serial;
synchronized (globalLock) {
serial = ++globalSerialClassCounter;
}
String baseName = "c";
if (tree.getSourceName().length() > 0) {
baseName = tree.getSourceName().replaceAll("\\W", "_");
if (!Character.isJavaIdentifierStart(baseName.charAt(0))) {
baseName = "_" + baseName;
}
}
String mainClassName = "org.mozilla.javascript.gen." + baseName + "_" + serial;
byte[] mainClassBytes = compileToClassFile(compilerEnv, mainClassName,
tree, encodedSource,
returnFunction);
return new Object[] { mainClassName, mainClassBytes };
}
public Script createScriptObject(Object bytecode,
Object staticSecurityDomain)
{
Class> cl = defineClass(bytecode, staticSecurityDomain);
Script script;
try {
script = (Script)cl.newInstance();
} catch (Exception ex) {
throw new RuntimeException
("Unable to instantiate compiled class:" + ex.toString());
}
return script;
}
public Function createFunctionObject(Context cx, Scriptable scope,
Object bytecode,
Object staticSecurityDomain)
{
Class> cl = defineClass(bytecode, staticSecurityDomain);
NativeFunction f;
try {
Constructor>ctor = cl.getConstructors()[0];
Object[] initArgs = { scope, cx, Integer.valueOf(0) };
f = (NativeFunction)ctor.newInstance(initArgs);
} catch (Exception ex) {
throw new RuntimeException
("Unable to instantiate compiled class:"+ex.toString());
}
return f;
}
private Class> defineClass(Object bytecode,
Object staticSecurityDomain)
{
Object[] nameBytesPair = (Object[])bytecode;
String className = (String)nameBytesPair[0];
byte[] classBytes = (byte[])nameBytesPair[1];
// The generated classes in this case refer only to Rhino classes
// which must be accessible through this class loader
ClassLoader rhinoLoader = getClass().getClassLoader();
GeneratedClassLoader loader;
loader = SecurityController.createLoader(rhinoLoader,
staticSecurityDomain);
Exception e;
try {
Class> cl = loader.defineClass(className, classBytes);
loader.linkClass(cl);
return cl;
} catch (SecurityException x) {
e = x;
} catch (IllegalArgumentException x) {
e = x;
}
throw new RuntimeException("Malformed optimizer package " + e);
}
public byte[] compileToClassFile(CompilerEnvirons compilerEnv,
String mainClassName,
ScriptNode scriptOrFn,
String encodedSource,
boolean returnFunction)
{
this.compilerEnv = compilerEnv;
transform(scriptOrFn);
if (Token.printTrees) {
System.out.println(scriptOrFn.toStringTree(scriptOrFn));
}
if (returnFunction) {
scriptOrFn = scriptOrFn.getFunctionNode(0);
}
initScriptNodesData(scriptOrFn);
this.mainClassName = mainClassName;
this.mainClassSignature
= ClassFileWriter.classNameToSignature(mainClassName);
try {
return generateCode(encodedSource);
} catch (ClassFileWriter.ClassFileFormatException e) {
throw reportClassFileFormatException(scriptOrFn, e.getMessage());
}
}
private RuntimeException reportClassFileFormatException(
ScriptNode scriptOrFn,
String message)
{
String msg = scriptOrFn instanceof FunctionNode
? ScriptRuntime.getMessage2("msg.while.compiling.fn",
((FunctionNode)scriptOrFn).getFunctionName(), message)
: ScriptRuntime.getMessage1("msg.while.compiling.script", message);
return Context.reportRuntimeError(msg, scriptOrFn.getSourceName(),
scriptOrFn.getLineno(), null, 0);
}
private void transform(ScriptNode tree)
{
initOptFunctions_r(tree);
int optLevel = compilerEnv.getOptimizationLevel();
Map possibleDirectCalls = null;
if (optLevel > 0) {
/*
* Collect all of the contained functions into a hashtable
* so that the call optimizer can access the class name & parameter
* count for any call it encounters
*/
if (tree.getType() == Token.SCRIPT) {
int functionCount = tree.getFunctionCount();
for (int i = 0; i != functionCount; ++i) {
OptFunctionNode ofn = OptFunctionNode.get(tree, i);
if (ofn.fnode.getFunctionType()
== FunctionNode.FUNCTION_STATEMENT)
{
String name = ofn.fnode.getName();
if (name.length() != 0) {
if (possibleDirectCalls == null) {
possibleDirectCalls = new HashMap();
}
possibleDirectCalls.put(name, ofn);
}
}
}
}
}
if (possibleDirectCalls != null) {
directCallTargets = new ObjArray();
}
OptTransformer ot = new OptTransformer(possibleDirectCalls,
directCallTargets);
ot.transform(tree);
if (optLevel > 0) {
(new Optimizer()).optimize(tree);
}
}
private static void initOptFunctions_r(ScriptNode scriptOrFn)
{
for (int i = 0, N = scriptOrFn.getFunctionCount(); i != N; ++i) {
FunctionNode fn = scriptOrFn.getFunctionNode(i);
new OptFunctionNode(fn);
initOptFunctions_r(fn);
}
}
private void initScriptNodesData(ScriptNode scriptOrFn)
{
ObjArray x = new ObjArray();
collectScriptNodes_r(scriptOrFn, x);
int count = x.size();
scriptOrFnNodes = new ScriptNode[count];
x.toArray(scriptOrFnNodes);
scriptOrFnIndexes = new ObjToIntMap(count);
for (int i = 0; i != count; ++i) {
scriptOrFnIndexes.put(scriptOrFnNodes[i], i);
}
}
private static void collectScriptNodes_r(ScriptNode n,
ObjArray x)
{
x.add(n);
int nestedCount = n.getFunctionCount();
for (int i = 0; i != nestedCount; ++i) {
collectScriptNodes_r(n.getFunctionNode(i), x);
}
}
private byte[] generateCode(String encodedSource)
{
boolean hasScript = (scriptOrFnNodes[0].getType() == Token.SCRIPT);
boolean hasFunctions = (scriptOrFnNodes.length > 1 || !hasScript);
boolean isStrictMode = scriptOrFnNodes[0].isInStrictMode();
String sourceFile = null;
if (compilerEnv.isGenerateDebugInfo()) {
sourceFile = scriptOrFnNodes[0].getSourceName();
}
ClassFileWriter cfw = new ClassFileWriter(mainClassName,
SUPER_CLASS_NAME,
sourceFile);
cfw.addField(ID_FIELD_NAME, "I", ACC_PRIVATE);
if (hasFunctions) {
generateFunctionConstructor(cfw);
}
if (hasScript) {
cfw.addInterface("com/baidu/openrasp/org/mozilla/javascript/Script");
generateScriptCtor(cfw);
generateMain(cfw);
generateExecute(cfw);
}
generateCallMethod(cfw, isStrictMode);
generateResumeGenerator(cfw);
generateNativeFunctionOverrides(cfw, encodedSource);
int count = scriptOrFnNodes.length;
for (int i = 0; i != count; ++i) {
ScriptNode n = scriptOrFnNodes[i];
BodyCodegen bodygen = new BodyCodegen();
bodygen.cfw = cfw;
bodygen.codegen = this;
bodygen.compilerEnv = compilerEnv;
bodygen.scriptOrFn = n;
bodygen.scriptOrFnIndex = i;
try {
bodygen.generateBodyCode();
} catch (ClassFileWriter.ClassFileFormatException e) {
throw reportClassFileFormatException(n, e.getMessage());
}
if (n.getType() == Token.FUNCTION) {
OptFunctionNode ofn = OptFunctionNode.get(n);
generateFunctionInit(cfw, ofn);
if (ofn.isTargetOfDirectCall()) {
emitDirectConstructor(cfw, ofn);
}
}
}
emitRegExpInit(cfw);
emitConstantDudeInitializers(cfw);
return cfw.toByteArray();
}
private void emitDirectConstructor(ClassFileWriter cfw,
OptFunctionNode ofn)
{
/*
we generate ..
Scriptable directConstruct() {
Scriptable newInstance = createObject(cx, scope);
Object val = (cx, scope, newInstance, );
if (val instanceof Scriptable) {
return (Scriptable) val;
}
return newInstance;
}
*/
cfw.startMethod(getDirectCtorName(ofn.fnode),
getBodyMethodSignature(ofn.fnode),
(short)(ACC_STATIC | ACC_PRIVATE));
int argCount = ofn.fnode.getParamCount();
int firstLocal = (4 + argCount * 3) + 1;
cfw.addALoad(0); // this
cfw.addALoad(1); // cx
cfw.addALoad(2); // scope
cfw.addInvoke(ByteCode.INVOKEVIRTUAL,
"com/baidu/openrasp/org/mozilla/javascript/BaseFunction",
"createObject",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(firstLocal);
cfw.addALoad(0);
cfw.addALoad(1);
cfw.addALoad(2);
cfw.addALoad(firstLocal);
for (int i = 0; i < argCount; i++) {
cfw.addALoad(4 + (i * 3));
cfw.addDLoad(5 + (i * 3));
}
cfw.addALoad(4 + argCount * 3);
cfw.addInvoke(ByteCode.INVOKESTATIC,
mainClassName,
getBodyMethodName(ofn.fnode),
getBodyMethodSignature(ofn.fnode));
int exitLabel = cfw.acquireLabel();
cfw.add(ByteCode.DUP); // make a copy of direct call result
cfw.add(ByteCode.INSTANCEOF, "com/baidu/openrasp/org/mozilla/javascript/Scriptable");
cfw.add(ByteCode.IFEQ, exitLabel);
// cast direct call result
cfw.add(ByteCode.CHECKCAST, "com/baidu/openrasp/org/mozilla/javascript/Scriptable");
cfw.add(ByteCode.ARETURN);
cfw.markLabel(exitLabel);
cfw.addALoad(firstLocal);
cfw.add(ByteCode.ARETURN);
cfw.stopMethod((short)(firstLocal + 1));
}
static boolean isGenerator(ScriptNode node)
{
return (node.getType() == Token.FUNCTION ) &&
((FunctionNode)node).isGenerator();
}
// How dispatch to generators works:
// Two methods are generated corresponding to a user-written generator.
// One of these creates a generator object (NativeGenerator), which is
// returned to the user. The other method contains all of the body code
// of the generator.
// When a user calls a generator, the call() method dispatches control to
// to the method that creates the NativeGenerator object. Subsequently when
// the user invokes .next(), .send() or any such method on the generator
// object, the resumeGenerator() below dispatches the call to the
// method corresponding to the generator body. As a matter of convention
// the generator body is given the name of the generator activation function
// appended by "_gen".
private void generateResumeGenerator(ClassFileWriter cfw)
{
boolean hasGenerators = false;
for (int i=0; i < scriptOrFnNodes.length; i++) {
if (isGenerator(scriptOrFnNodes[i]))
hasGenerators = true;
}
// if there are no generators defined, we don't implement a
// resumeGenerator(). The base class provides a default implementation.
if (!hasGenerators)
return;
cfw.startMethod("resumeGenerator",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;" +
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;" +
"ILjava/lang/Object;" +
"Ljava/lang/Object;)Ljava/lang/Object;",
(short)(ACC_PUBLIC | ACC_FINAL));
// load arguments for dispatch to the corresponding *_gen method
cfw.addALoad(0);
cfw.addALoad(1);
cfw.addALoad(2);
cfw.addALoad(4);
cfw.addALoad(5);
cfw.addILoad(3);
cfw.addLoadThis();
cfw.add(ByteCode.GETFIELD, cfw.getClassName(), ID_FIELD_NAME, "I");
int startSwitch = cfw.addTableSwitch(0, scriptOrFnNodes.length - 1);
cfw.markTableSwitchDefault(startSwitch);
int endlabel = cfw.acquireLabel();
for (int i = 0; i < scriptOrFnNodes.length; i++) {
ScriptNode n = scriptOrFnNodes[i];
cfw.markTableSwitchCase(startSwitch, i, (short)6);
if (isGenerator(n)) {
String type = "(" +
mainClassSignature +
"Lcom/baidu/openrasp/org/mozilla/javascript/Context;" +
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;" +
"Ljava/lang/Object;" +
"Ljava/lang/Object;I)Ljava/lang/Object;";
cfw.addInvoke(ByteCode.INVOKESTATIC,
mainClassName,
getBodyMethodName(n) + "_gen",
type);
cfw.add(ByteCode.ARETURN);
} else {
cfw.add(ByteCode.GOTO, endlabel);
}
}
cfw.markLabel(endlabel);
pushUndefined(cfw);
cfw.add(ByteCode.ARETURN);
// this method uses as many locals as there are arguments (hence 6)
cfw.stopMethod((short)6);
}
private void generateCallMethod(ClassFileWriter cfw, boolean isStrictMode)
{
cfw.startMethod("call",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;" +
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;" +
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;" +
"[Ljava/lang/Object;)Ljava/lang/Object;",
(short)(ACC_PUBLIC | ACC_FINAL));
// Generate code for:
// if (!ScriptRuntime.hasTopCall(cx)) {
// return ScriptRuntime.doTopCall(this, cx, scope, thisObj, args);
// }
int nonTopCallLabel = cfw.acquireLabel();
cfw.addALoad(1); //cx
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"hasTopCall",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Z");
cfw.add(ByteCode.IFNE, nonTopCallLabel);
cfw.addALoad(0);
cfw.addALoad(1);
cfw.addALoad(2);
cfw.addALoad(3);
cfw.addALoad(4);
cfw.addPush(isStrictMode);
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"doTopCall",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Z"
+")Ljava/lang/Object;");
cfw.add(ByteCode.ARETURN);
cfw.markLabel(nonTopCallLabel);
// Now generate switch to call the real methods
cfw.addALoad(0);
cfw.addALoad(1);
cfw.addALoad(2);
cfw.addALoad(3);
cfw.addALoad(4);
int end = scriptOrFnNodes.length;
boolean generateSwitch = (2 <= end);
int switchStart = 0;
int switchStackTop = 0;
if (generateSwitch) {
cfw.addLoadThis();
cfw.add(ByteCode.GETFIELD, cfw.getClassName(), ID_FIELD_NAME, "I");
// do switch from (1, end - 1) mapping 0 to
// the default case
switchStart = cfw.addTableSwitch(1, end - 1);
}
for (int i = 0; i != end; ++i) {
ScriptNode n = scriptOrFnNodes[i];
if (generateSwitch) {
if (i == 0) {
cfw.markTableSwitchDefault(switchStart);
switchStackTop = cfw.getStackTop();
} else {
cfw.markTableSwitchCase(switchStart, i - 1,
switchStackTop);
}
}
if (n.getType() == Token.FUNCTION) {
OptFunctionNode ofn = OptFunctionNode.get(n);
if (ofn.isTargetOfDirectCall()) {
int pcount = ofn.fnode.getParamCount();
if (pcount != 0) {
// loop invariant:
// stack top == arguments array from addALoad4()
for (int p = 0; p != pcount; ++p) {
cfw.add(ByteCode.ARRAYLENGTH);
cfw.addPush(p);
int undefArg = cfw.acquireLabel();
int beyond = cfw.acquireLabel();
cfw.add(ByteCode.IF_ICMPLE, undefArg);
// get array[p]
cfw.addALoad(4);
cfw.addPush(p);
cfw.add(ByteCode.AALOAD);
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(undefArg);
pushUndefined(cfw);
cfw.markLabel(beyond);
// Only one push
cfw.adjustStackTop(-1);
cfw.addPush(0.0);
// restore invariant
cfw.addALoad(4);
}
}
}
}
cfw.addInvoke(ByteCode.INVOKESTATIC,
mainClassName,
getBodyMethodName(n),
getBodyMethodSignature(n));
cfw.add(ByteCode.ARETURN);
}
cfw.stopMethod((short)5);
// 5: this, cx, scope, js this, args[]
}
private void generateMain(ClassFileWriter cfw)
{
cfw.startMethod("main", "([Ljava/lang/String;)V",
(short)(ACC_PUBLIC | ACC_STATIC));
// load new ScriptImpl()
cfw.add(ByteCode.NEW, cfw.getClassName());
cfw.add(ByteCode.DUP);
cfw.addInvoke(ByteCode.INVOKESPECIAL, cfw.getClassName(),
"", "()V");
// load 'args'
cfw.add(ByteCode.ALOAD_0);
// Call mainMethodClass.main(Script script, String[] args)
cfw.addInvoke(ByteCode.INVOKESTATIC,
mainMethodClass,
"main",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Script;[Ljava/lang/String;)V");
cfw.add(ByteCode.RETURN);
// 1 = String[] args
cfw.stopMethod((short)1);
}
private void generateExecute(ClassFileWriter cfw)
{
cfw.startMethod("exec",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;",
(short)(ACC_PUBLIC | ACC_FINAL));
final int CONTEXT_ARG = 1;
final int SCOPE_ARG = 2;
cfw.addLoadThis();
cfw.addALoad(CONTEXT_ARG);
cfw.addALoad(SCOPE_ARG);
cfw.add(ByteCode.DUP);
cfw.add(ByteCode.ACONST_NULL);
cfw.addInvoke(ByteCode.INVOKEVIRTUAL,
cfw.getClassName(),
"call",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Ljava/lang/Object;");
cfw.add(ByteCode.ARETURN);
// 3 = this + context + scope
cfw.stopMethod((short)3);
}
private void generateScriptCtor(ClassFileWriter cfw)
{
cfw.startMethod("", "()V", ACC_PUBLIC);
cfw.addLoadThis();
cfw.addInvoke(ByteCode.INVOKESPECIAL, SUPER_CLASS_NAME,
"", "()V");
// set id to 0
cfw.addLoadThis();
cfw.addPush(0);
cfw.add(ByteCode.PUTFIELD, cfw.getClassName(), ID_FIELD_NAME, "I");
cfw.add(ByteCode.RETURN);
// 1 parameter = this
cfw.stopMethod((short)1);
}
private void generateFunctionConstructor(ClassFileWriter cfw)
{
final int SCOPE_ARG = 1;
final int CONTEXT_ARG = 2;
final int ID_ARG = 3;
cfw.startMethod("", FUNCTION_CONSTRUCTOR_SIGNATURE, ACC_PUBLIC);
cfw.addALoad(0);
cfw.addInvoke(ByteCode.INVOKESPECIAL, SUPER_CLASS_NAME,
"", "()V");
cfw.addLoadThis();
cfw.addILoad(ID_ARG);
cfw.add(ByteCode.PUTFIELD, cfw.getClassName(), ID_FIELD_NAME, "I");
cfw.addLoadThis();
cfw.addALoad(CONTEXT_ARG);
cfw.addALoad(SCOPE_ARG);
int start = (scriptOrFnNodes[0].getType() == Token.SCRIPT) ? 1 : 0;
int end = scriptOrFnNodes.length;
if (start == end) throw badTree();
boolean generateSwitch = (2 <= end - start);
int switchStart = 0;
int switchStackTop = 0;
if (generateSwitch) {
cfw.addILoad(ID_ARG);
// do switch from (start + 1, end - 1) mapping start to
// the default case
switchStart = cfw.addTableSwitch(start + 1, end - 1);
}
for (int i = start; i != end; ++i) {
if (generateSwitch) {
if (i == start) {
cfw.markTableSwitchDefault(switchStart);
switchStackTop = cfw.getStackTop();
} else {
cfw.markTableSwitchCase(switchStart, i - 1 - start,
switchStackTop);
}
}
OptFunctionNode ofn = OptFunctionNode.get(scriptOrFnNodes[i]);
cfw.addInvoke(ByteCode.INVOKESPECIAL,
mainClassName,
getFunctionInitMethodName(ofn),
FUNCTION_INIT_SIGNATURE);
cfw.add(ByteCode.RETURN);
}
// 4 = this + scope + context + id
cfw.stopMethod((short)4);
}
private void generateFunctionInit(ClassFileWriter cfw,
OptFunctionNode ofn)
{
final int CONTEXT_ARG = 1;
final int SCOPE_ARG = 2;
cfw.startMethod(getFunctionInitMethodName(ofn),
FUNCTION_INIT_SIGNATURE,
(short)(ACC_PRIVATE | ACC_FINAL));
// Call NativeFunction.initScriptFunction
cfw.addLoadThis();
cfw.addALoad(CONTEXT_ARG);
cfw.addALoad(SCOPE_ARG);
cfw.addInvoke(ByteCode.INVOKEVIRTUAL,
"com/baidu/openrasp/org/mozilla/javascript/NativeFunction",
"initScriptFunction",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")V");
// precompile all regexp literals
if (ofn.fnode.getRegexpCount() != 0) {
cfw.addALoad(CONTEXT_ARG);
cfw.addInvoke(ByteCode.INVOKESTATIC, mainClassName,
REGEXP_INIT_METHOD_NAME, REGEXP_INIT_METHOD_SIGNATURE);
}
cfw.add(ByteCode.RETURN);
// 3 = (scriptThis/functionRef) + scope + context
cfw.stopMethod((short)3);
}
private void generateNativeFunctionOverrides(ClassFileWriter cfw,
String encodedSource)
{
// Override NativeFunction.getLanguageVersion() with
// public int getLanguageVersion() { return ; }
cfw.startMethod("getLanguageVersion", "()I", ACC_PUBLIC);
cfw.addPush(compilerEnv.getLanguageVersion());
cfw.add(ByteCode.IRETURN);
// 1: this and no argument or locals
cfw.stopMethod((short)1);
// The rest of NativeFunction overrides require specific code for each
// script/function id
final int Do_getFunctionName = 0;
final int Do_getParamCount = 1;
final int Do_getParamAndVarCount = 2;
final int Do_getParamOrVarName = 3;
final int Do_getEncodedSource = 4;
final int Do_getParamOrVarConst = 5;
final int SWITCH_COUNT = 6;
for (int methodIndex = 0; methodIndex != SWITCH_COUNT; ++methodIndex) {
if (methodIndex == Do_getEncodedSource && encodedSource == null) {
continue;
}
// Generate:
// prologue;
// switch over function id to implement function-specific action
// epilogue
short methodLocals;
switch (methodIndex) {
case Do_getFunctionName:
methodLocals = 1; // Only this
cfw.startMethod("getFunctionName", "()Ljava/lang/String;",
ACC_PUBLIC);
break;
case Do_getParamCount:
methodLocals = 1; // Only this
cfw.startMethod("getParamCount", "()I",
ACC_PUBLIC);
break;
case Do_getParamAndVarCount:
methodLocals = 1; // Only this
cfw.startMethod("getParamAndVarCount", "()I",
ACC_PUBLIC);
break;
case Do_getParamOrVarName:
methodLocals = 1 + 1; // this + paramOrVarIndex
cfw.startMethod("getParamOrVarName", "(I)Ljava/lang/String;",
ACC_PUBLIC);
break;
case Do_getParamOrVarConst:
methodLocals = 1 + 1 + 1; // this + paramOrVarName
cfw.startMethod("getParamOrVarConst", "(I)Z",
ACC_PUBLIC);
break;
case Do_getEncodedSource:
methodLocals = 1; // Only this
cfw.startMethod("getEncodedSource", "()Ljava/lang/String;",
ACC_PUBLIC);
cfw.addPush(encodedSource);
break;
default:
throw Kit.codeBug();
}
int count = scriptOrFnNodes.length;
int switchStart = 0;
int switchStackTop = 0;
if (count > 1) {
// Generate switch but only if there is more then one
// script/function
cfw.addLoadThis();
cfw.add(ByteCode.GETFIELD, cfw.getClassName(),
ID_FIELD_NAME, "I");
// do switch from 1 .. count - 1 mapping 0 to the default case
switchStart = cfw.addTableSwitch(1, count - 1);
}
for (int i = 0; i != count; ++i) {
ScriptNode n = scriptOrFnNodes[i];
if (i == 0) {
if (count > 1) {
cfw.markTableSwitchDefault(switchStart);
switchStackTop = cfw.getStackTop();
}
} else {
cfw.markTableSwitchCase(switchStart, i - 1,
switchStackTop);
}
// Impelemnet method-specific switch code
switch (methodIndex) {
case Do_getFunctionName:
// Push function name
if (n.getType() == Token.SCRIPT) {
cfw.addPush("");
} else {
String name = ((FunctionNode)n).getName();
cfw.addPush(name);
}
cfw.add(ByteCode.ARETURN);
break;
case Do_getParamCount:
// Push number of defined parameters
cfw.addPush(n.getParamCount());
cfw.add(ByteCode.IRETURN);
break;
case Do_getParamAndVarCount:
// Push number of defined parameters and declared variables
cfw.addPush(n.getParamAndVarCount());
cfw.add(ByteCode.IRETURN);
break;
case Do_getParamOrVarName:
// Push name of parameter using another switch
// over paramAndVarCount
int paramAndVarCount = n.getParamAndVarCount();
if (paramAndVarCount == 0) {
// The runtime should never call the method in this
// case but to make bytecode verifier happy return null
// as throwing execption takes more code
cfw.add(ByteCode.ACONST_NULL);
cfw.add(ByteCode.ARETURN);
} else if (paramAndVarCount == 1) {
// As above do not check for valid index but always
// return the name of the first param
cfw.addPush(n.getParamOrVarName(0));
cfw.add(ByteCode.ARETURN);
} else {
// Do switch over getParamOrVarName
cfw.addILoad(1); // param or var index
// do switch from 1 .. paramAndVarCount - 1 mapping 0
// to the default case
int paramSwitchStart = cfw.addTableSwitch(
1, paramAndVarCount - 1);
for (int j = 0; j != paramAndVarCount; ++j) {
if (cfw.getStackTop() != 0) Kit.codeBug();
String s = n.getParamOrVarName(j);
if (j == 0) {
cfw.markTableSwitchDefault(paramSwitchStart);
} else {
cfw.markTableSwitchCase(paramSwitchStart, j - 1,
0);
}
cfw.addPush(s);
cfw.add(ByteCode.ARETURN);
}
}
break;
case Do_getParamOrVarConst:
// Push name of parameter using another switch
// over paramAndVarCount
paramAndVarCount = n.getParamAndVarCount();
boolean [] constness = n.getParamAndVarConst();
if (paramAndVarCount == 0) {
// The runtime should never call the method in this
// case but to make bytecode verifier happy return null
// as throwing execption takes more code
cfw.add(ByteCode.ICONST_0);
cfw.add(ByteCode.IRETURN);
} else if (paramAndVarCount == 1) {
// As above do not check for valid index but always
// return the name of the first param
cfw.addPush(constness[0]);
cfw.add(ByteCode.IRETURN);
} else {
// Do switch over getParamOrVarName
cfw.addILoad(1); // param or var index
// do switch from 1 .. paramAndVarCount - 1 mapping 0
// to the default case
int paramSwitchStart = cfw.addTableSwitch(
1, paramAndVarCount - 1);
for (int j = 0; j != paramAndVarCount; ++j) {
if (cfw.getStackTop() != 0) Kit.codeBug();
if (j == 0) {
cfw.markTableSwitchDefault(paramSwitchStart);
} else {
cfw.markTableSwitchCase(paramSwitchStart, j - 1,
0);
}
cfw.addPush(constness[j]);
cfw.add(ByteCode.IRETURN);
}
}
break;
case Do_getEncodedSource:
// Push number encoded source start and end
// to prepare for encodedSource.substring(start, end)
cfw.addPush(n.getEncodedSourceStart());
cfw.addPush(n.getEncodedSourceEnd());
cfw.addInvoke(ByteCode.INVOKEVIRTUAL,
"java/lang/String",
"substring",
"(II)Ljava/lang/String;");
cfw.add(ByteCode.ARETURN);
break;
default:
throw Kit.codeBug();
}
}
cfw.stopMethod(methodLocals);
}
}
private void emitRegExpInit(ClassFileWriter cfw)
{
// precompile all regexp literals
int totalRegCount = 0;
for (int i = 0; i != scriptOrFnNodes.length; ++i) {
totalRegCount += scriptOrFnNodes[i].getRegexpCount();
}
if (totalRegCount == 0) {
return;
}
cfw.startMethod(REGEXP_INIT_METHOD_NAME, REGEXP_INIT_METHOD_SIGNATURE,
(short)(ACC_STATIC | ACC_PRIVATE));
cfw.addField("_reInitDone", "Z",
(short)(ACC_STATIC | ACC_PRIVATE | ACC_VOLATILE));
cfw.add(ByteCode.GETSTATIC, mainClassName, "_reInitDone", "Z");
int doInit = cfw.acquireLabel();
cfw.add(ByteCode.IFEQ, doInit);
cfw.add(ByteCode.RETURN);
cfw.markLabel(doInit);
// get regexp proxy and store it in local slot 1
cfw.addALoad(0); // context
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"checkRegExpProxy",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/RegExpProxy;");
cfw.addAStore(1); // proxy
// We could apply double-checked locking here but concurrency
// shouldn't be a problem in practice
for (int i = 0; i != scriptOrFnNodes.length; ++i) {
ScriptNode n = scriptOrFnNodes[i];
int regCount = n.getRegexpCount();
for (int j = 0; j != regCount; ++j) {
String reFieldName = getCompiledRegexpName(n, j);
String reFieldType = "Ljava/lang/Object;";
String reString = n.getRegexpString(j);
String reFlags = n.getRegexpFlags(j);
cfw.addField(reFieldName, reFieldType,
(short)(ACC_STATIC | ACC_PRIVATE));
cfw.addALoad(1); // proxy
cfw.addALoad(0); // context
cfw.addPush(reString);
if (reFlags == null) {
cfw.add(ByteCode.ACONST_NULL);
} else {
cfw.addPush(reFlags);
}
cfw.addInvoke(ByteCode.INVOKEINTERFACE,
"com/baidu/openrasp/org/mozilla/javascript/RegExpProxy",
"compileRegExp",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Ljava/lang/String;Ljava/lang/String;"
+")Ljava/lang/Object;");
cfw.add(ByteCode.PUTSTATIC, mainClassName,
reFieldName, reFieldType);
}
}
cfw.addPush(1);
cfw.add(ByteCode.PUTSTATIC, mainClassName, "_reInitDone", "Z");
cfw.add(ByteCode.RETURN);
cfw.stopMethod((short)2);
}
private void emitConstantDudeInitializers(ClassFileWriter cfw)
{
int N = itsConstantListSize;
if (N == 0)
return;
cfw.startMethod("", "()V", (short)(ACC_STATIC | ACC_FINAL));
double[] array = itsConstantList;
for (int i = 0; i != N; ++i) {
double num = array[i];
String constantName = "_k" + i;
String constantType = getStaticConstantWrapperType(num);
cfw.addField(constantName, constantType,
(short)(ACC_STATIC | ACC_PRIVATE));
int inum = (int)num;
if (inum == num) {
cfw.addPush(inum);
cfw.addInvoke(ByteCode.INVOKESTATIC, "java/lang/Integer",
"valueOf", "(I)Ljava/lang/Integer;");
} else {
cfw.addPush(num);
addDoubleWrap(cfw);
}
cfw.add(ByteCode.PUTSTATIC, mainClassName,
constantName, constantType);
}
cfw.add(ByteCode.RETURN);
cfw.stopMethod((short)0);
}
void pushNumberAsObject(ClassFileWriter cfw, double num)
{
if (num == 0.0) {
if (1 / num > 0) {
// +0.0
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/optimizer/OptRuntime",
"zeroObj", "Ljava/lang/Double;");
} else {
cfw.addPush(num);
addDoubleWrap(cfw);
}
} else if (num == 1.0) {
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/optimizer/OptRuntime",
"oneObj", "Ljava/lang/Double;");
return;
} else if (num == -1.0) {
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/optimizer/OptRuntime",
"minusOneObj", "Ljava/lang/Double;");
} else if (num != num) {
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"NaNobj", "Ljava/lang/Double;");
} else if (itsConstantListSize >= 2000) {
// There appears to be a limit in the JVM on either the number
// of static fields in a class or the size of the class
// initializer. Either way, we can't have any more than 2000
// statically init'd constants.
cfw.addPush(num);
addDoubleWrap(cfw);
} else {
int N = itsConstantListSize;
int index = 0;
if (N == 0) {
itsConstantList = new double[64];
} else {
double[] array = itsConstantList;
while (index != N && array[index] != num) {
++index;
}
if (N == array.length) {
array = new double[N * 2];
System.arraycopy(itsConstantList, 0, array, 0, N);
itsConstantList = array;
}
}
if (index == N) {
itsConstantList[N] = num;
itsConstantListSize = N + 1;
}
String constantName = "_k" + index;
String constantType = getStaticConstantWrapperType(num);
cfw.add(ByteCode.GETSTATIC, mainClassName,
constantName, constantType);
}
}
private static void addDoubleWrap(ClassFileWriter cfw)
{
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/optimizer/OptRuntime",
"wrapDouble", "(D)Ljava/lang/Double;");
}
private static String getStaticConstantWrapperType(double num)
{
int inum = (int)num;
if (inum == num) {
return "Ljava/lang/Integer;";
} else {
return "Ljava/lang/Double;";
}
}
static void pushUndefined(ClassFileWriter cfw)
{
cfw.add(ByteCode.GETSTATIC, "com/baidu/openrasp/org/mozilla/javascript/Undefined",
"instance", "Ljava/lang/Object;");
}
int getIndex(ScriptNode n)
{
return scriptOrFnIndexes.getExisting(n);
}
String getDirectCtorName(ScriptNode n)
{
return "_n" + getIndex(n);
}
String getBodyMethodName(ScriptNode n)
{
return "_c_" + cleanName(n) + "_" + getIndex(n);
}
/**
* Gets a Java-compatible "informative" name for the the ScriptOrFnNode
*/
String cleanName(final ScriptNode n)
{
String result = "";
if (n instanceof FunctionNode) {
Name name = ((FunctionNode) n).getFunctionName();
if (name == null) {
result = "anonymous";
} else {
result = name.getIdentifier();
}
} else {
result = "script";
}
return result;
}
String getBodyMethodSignature(ScriptNode n)
{
StringBuilder sb = new StringBuilder();
sb.append('(');
sb.append(mainClassSignature);
sb.append("Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
if (n.getType() == Token.FUNCTION) {
OptFunctionNode ofn = OptFunctionNode.get(n);
if (ofn.isTargetOfDirectCall()) {
int pCount = ofn.fnode.getParamCount();
for (int i = 0; i != pCount; i++) {
sb.append("Ljava/lang/Object;D");
}
}
}
sb.append("[Ljava/lang/Object;)Ljava/lang/Object;");
return sb.toString();
}
String getFunctionInitMethodName(OptFunctionNode ofn)
{
return "_i"+getIndex(ofn.fnode);
}
String getCompiledRegexpName(ScriptNode n, int regexpIndex)
{
return "_re"+getIndex(n)+"_"+regexpIndex;
}
static RuntimeException badTree()
{
throw new RuntimeException("Bad tree in codegen");
}
public void setMainMethodClass(String className)
{
mainMethodClass = className;
}
static final String DEFAULT_MAIN_METHOD_CLASS
= "org.mozilla.javascript.optimizer.OptRuntime";
private static final String SUPER_CLASS_NAME
= "org.mozilla.javascript.NativeFunction";
static final String ID_FIELD_NAME = "_id";
static final String REGEXP_INIT_METHOD_NAME = "_reInit";
static final String REGEXP_INIT_METHOD_SIGNATURE
= "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;)V";
static final String FUNCTION_INIT_SIGNATURE
= "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")V";
static final String FUNCTION_CONSTRUCTOR_SIGNATURE
= "(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;I)V";
private static final Object globalLock = new Object();
private static int globalSerialClassCounter;
private CompilerEnvirons compilerEnv;
private ObjArray directCallTargets;
ScriptNode[] scriptOrFnNodes;
private ObjToIntMap scriptOrFnIndexes;
private String mainMethodClass = DEFAULT_MAIN_METHOD_CLASS;
String mainClassName;
String mainClassSignature;
private double[] itsConstantList;
private int itsConstantListSize;
}
class BodyCodegen
{
void generateBodyCode()
{
isGenerator = Codegen.isGenerator(scriptOrFn);
// generate the body of the current function or script object
initBodyGeneration();
if (isGenerator) {
// All functions in the generated bytecode have a unique name. Every
// generator has a unique prefix followed by _gen
String type = "(" +
codegen.mainClassSignature +
"Lcom/baidu/openrasp/org/mozilla/javascript/Context;" +
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;" +
"Ljava/lang/Object;" +
"Ljava/lang/Object;I)Ljava/lang/Object;";
cfw.startMethod(codegen.getBodyMethodName(scriptOrFn) + "_gen",
type,
(short)(ACC_STATIC | ACC_PRIVATE));
} else {
cfw.startMethod(codegen.getBodyMethodName(scriptOrFn),
codegen.getBodyMethodSignature(scriptOrFn),
(short)(ACC_STATIC | ACC_PRIVATE));
}
generatePrologue();
Node treeTop;
if (fnCurrent != null) {
treeTop = scriptOrFn.getLastChild();
} else {
treeTop = scriptOrFn;
}
generateStatement(treeTop);
generateEpilogue();
cfw.stopMethod((short)(localsMax + 1));
if (isGenerator) {
// generate the user visible method which when invoked will
// return a generator object
generateGenerator();
}
if (literals != null) {
// literals list may grow while we're looping
for (int i = 0; i < literals.size(); i++) {
Node node = literals.get(i);
int type = node.getType();
switch (type) {
case Token.OBJECTLIT:
generateObjectLiteralFactory(node, i + 1);
break;
case Token.ARRAYLIT:
generateArrayLiteralFactory(node, i + 1);
break;
default:
Kit.codeBug(Token.typeToName(type));
}
}
}
}
// This creates a the user-facing function that returns a NativeGenerator
// object.
private void generateGenerator()
{
cfw.startMethod(codegen.getBodyMethodName(scriptOrFn),
codegen.getBodyMethodSignature(scriptOrFn),
(short)(ACC_STATIC | ACC_PRIVATE));
initBodyGeneration();
argsLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
// get top level scope
if (fnCurrent != null)
{
// Unless we're in a direct call use the enclosing scope
// of the function as our variable object.
cfw.addALoad(funObjLocal);
cfw.addInvoke(ByteCode.INVOKEINTERFACE,
"com/baidu/openrasp/org/mozilla/javascript/Scriptable",
"getParentScope",
"()Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
}
// generators are forced to have an activation record
cfw.addALoad(funObjLocal);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(argsLocal);
cfw.addPush(scriptOrFn.isInStrictMode());
addScriptRuntimeInvoke("createFunctionActivation",
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Z"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
// create a function object
cfw.add(ByteCode.NEW, codegen.mainClassName);
// Call function constructor
cfw.add(ByteCode.DUP);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(contextLocal); // load 'cx'
cfw.addPush(scriptOrFnIndex);
cfw.addInvoke(ByteCode.INVOKESPECIAL, codegen.mainClassName,
"", Codegen.FUNCTION_CONSTRUCTOR_SIGNATURE);
generateNestedFunctionInits();
// create the NativeGenerator object that we return
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
cfw.addLoadConstant(maxLocals);
cfw.addLoadConstant(maxStack);
addOptRuntimeInvoke("createNativeGenerator",
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;II"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.add(ByteCode.ARETURN);
cfw.stopMethod((short)(localsMax + 1));
}
private void generateNestedFunctionInits()
{
int functionCount = scriptOrFn.getFunctionCount();
for (int i = 0; i != functionCount; i++) {
OptFunctionNode ofn = OptFunctionNode.get(scriptOrFn, i);
if (ofn.fnode.getFunctionType()
== FunctionNode.FUNCTION_STATEMENT)
{
visitFunction(ofn, FunctionNode.FUNCTION_STATEMENT);
}
}
}
private void initBodyGeneration()
{
varRegisters = null;
if (scriptOrFn.getType() == Token.FUNCTION) {
fnCurrent = OptFunctionNode.get(scriptOrFn);
hasVarsInRegs = !fnCurrent.fnode.requiresActivation();
if (hasVarsInRegs) {
int n = fnCurrent.fnode.getParamAndVarCount();
if (n != 0) {
varRegisters = new short[n];
}
}
inDirectCallFunction = fnCurrent.isTargetOfDirectCall();
if (inDirectCallFunction && !hasVarsInRegs) Codegen.badTree();
} else {
fnCurrent = null;
hasVarsInRegs = false;
inDirectCallFunction = false;
}
locals = new int[MAX_LOCALS];
funObjLocal = 0;
contextLocal = 1;
variableObjectLocal = 2;
thisObjLocal = 3;
localsMax = (short) 4; // number of parms + "this"
firstFreeLocal = 4;
popvLocal = -1;
argsLocal = -1;
itsZeroArgArray = -1;
itsOneArgArray = -1;
epilogueLabel = -1;
enterAreaStartLabel = -1;
generatorStateLocal = -1;
}
/**
* Generate the prologue for a function or script.
*/
private void generatePrologue()
{
if (inDirectCallFunction) {
int directParameterCount = scriptOrFn.getParamCount();
// 0 is reserved for function Object 'this'
// 1 is reserved for context
// 2 is reserved for parentScope
// 3 is reserved for script 'this'
if (firstFreeLocal != 4) Kit.codeBug();
for (int i = 0; i != directParameterCount; ++i) {
varRegisters[i] = firstFreeLocal;
// 3 is 1 for Object parm and 2 for double parm
firstFreeLocal += 3;
}
if (!fnCurrent.getParameterNumberContext()) {
// make sure that all parameters are objects
itsForcedObjectParameters = true;
for (int i = 0; i != directParameterCount; ++i) {
short reg = varRegisters[i];
cfw.addALoad(reg);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
int isObjectLabel = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPNE, isObjectLabel);
cfw.addDLoad(reg + 1);
addDoubleWrap();
cfw.addAStore(reg);
cfw.markLabel(isObjectLabel);
}
}
}
if (fnCurrent != null) {
// Use the enclosing scope of the function as our variable object.
cfw.addALoad(funObjLocal);
cfw.addInvoke(ByteCode.INVOKEINTERFACE,
"com/baidu/openrasp/org/mozilla/javascript/Scriptable",
"getParentScope",
"()Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
}
// reserve 'args[]'
argsLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
// Generate Generator specific prelude
if (isGenerator) {
// reserve 'args[]'
operationLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
// Local 3 is a reference to a GeneratorState object. The rest
// of codegen expects local 3 to be a reference to the thisObj.
// So move the value in local 3 to generatorStateLocal, and load
// the saved thisObj from the GeneratorState object.
cfw.addALoad(thisObjLocal);
generatorStateLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
cfw.add(ByteCode.CHECKCAST, OptRuntime.GeneratorState.CLASS_NAME);
cfw.add(ByteCode.DUP);
cfw.addAStore(generatorStateLocal);
cfw.add(ByteCode.GETFIELD,
OptRuntime.GeneratorState.CLASS_NAME,
OptRuntime.GeneratorState.thisObj_NAME,
OptRuntime.GeneratorState.thisObj_TYPE);
cfw.addAStore(thisObjLocal);
if (epilogueLabel == -1) {
epilogueLabel = cfw.acquireLabel();
}
List targets = ((FunctionNode)scriptOrFn).getResumptionPoints();
if (targets != null) {
// get resumption point
generateGetGeneratorResumptionPoint();
// generate dispatch table
generatorSwitch = cfw.addTableSwitch(0,
targets.size() + GENERATOR_START);
generateCheckForThrowOrClose(-1, false, GENERATOR_START);
}
}
// Compile RegExp literals if this is a script. For functions
// this is performed during instantiation in functionInit
if (fnCurrent == null && scriptOrFn.getRegexpCount() != 0) {
cfw.addALoad(contextLocal);
cfw.addInvoke(ByteCode.INVOKESTATIC, codegen.mainClassName,
Codegen.REGEXP_INIT_METHOD_NAME,
Codegen.REGEXP_INIT_METHOD_SIGNATURE);
}
if (compilerEnv.isGenerateObserverCount())
saveCurrentCodeOffset();
if (hasVarsInRegs) {
// No need to create activation. Pad arguments if need be.
int parmCount = scriptOrFn.getParamCount();
if (parmCount > 0 && !inDirectCallFunction) {
// Set up args array
// check length of arguments, pad if need be
cfw.addALoad(argsLocal);
cfw.add(ByteCode.ARRAYLENGTH);
cfw.addPush(parmCount);
int label = cfw.acquireLabel();
cfw.add(ByteCode.IF_ICMPGE, label);
cfw.addALoad(argsLocal);
cfw.addPush(parmCount);
addScriptRuntimeInvoke("padArguments",
"([Ljava/lang/Object;I"
+")[Ljava/lang/Object;");
cfw.addAStore(argsLocal);
cfw.markLabel(label);
}
int paramCount = fnCurrent.fnode.getParamCount();
int varCount = fnCurrent.fnode.getParamAndVarCount();
boolean [] constDeclarations = fnCurrent.fnode.getParamAndVarConst();
// REMIND - only need to initialize the vars that don't get a value
// before the next call and are used in the function
short firstUndefVar = -1;
for (int i = 0; i != varCount; ++i) {
short reg = -1;
if (i < paramCount) {
if (!inDirectCallFunction) {
reg = getNewWordLocal();
cfw.addALoad(argsLocal);
cfw.addPush(i);
cfw.add(ByteCode.AALOAD);
cfw.addAStore(reg);
}
} else if (fnCurrent.isNumberVar(i)) {
reg = getNewWordPairLocal(constDeclarations[i]);
cfw.addPush(0.0);
cfw.addDStore(reg);
} else {
reg = getNewWordLocal(constDeclarations[i]);
if (firstUndefVar == -1) {
Codegen.pushUndefined(cfw);
firstUndefVar = reg;
} else {
cfw.addALoad(firstUndefVar);
}
cfw.addAStore(reg);
}
if (reg >= 0) {
if (constDeclarations[i]) {
cfw.addPush(0);
cfw.addIStore(reg + (fnCurrent.isNumberVar(i) ? 2 : 1));
}
varRegisters[i] = reg;
}
// Add debug table entry if we're generating debug info
if (compilerEnv.isGenerateDebugInfo()) {
String name = fnCurrent.fnode.getParamOrVarName(i);
String type = fnCurrent.isNumberVar(i)
? "D" : "Ljava/lang/Object;";
int startPC = cfw.getCurrentCodeOffset();
if (reg < 0) {
reg = varRegisters[i];
}
cfw.addVariableDescriptor(name, type, startPC, reg);
}
}
// Skip creating activation object.
return;
}
// skip creating activation object for the body of a generator. The
// activation record required by a generator has already been created
// in generateGenerator().
if (isGenerator)
return;
String debugVariableName;
boolean isArrow = false;
if (scriptOrFn instanceof FunctionNode) {
isArrow = ((FunctionNode)scriptOrFn).getFunctionType() == FunctionNode.ARROW_FUNCTION;
}
if (fnCurrent != null) {
debugVariableName = "activation";
cfw.addALoad(funObjLocal);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(argsLocal);
String methodName = isArrow ? "createArrowFunctionActivation" : "createFunctionActivation";
cfw.addPush(scriptOrFn.isInStrictMode());
addScriptRuntimeInvoke(methodName,
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Z"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke("enterActivationFunction",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")V");
} else {
debugVariableName = "global";
cfw.addALoad(funObjLocal);
cfw.addALoad(thisObjLocal);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(0); // false to indicate it is not eval script
addScriptRuntimeInvoke("initScript",
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Z"
+")V");
}
enterAreaStartLabel = cfw.acquireLabel();
epilogueLabel = cfw.acquireLabel();
cfw.markLabel(enterAreaStartLabel);
generateNestedFunctionInits();
// default is to generate debug info
if (compilerEnv.isGenerateDebugInfo()) {
cfw.addVariableDescriptor(debugVariableName,
"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;",
cfw.getCurrentCodeOffset(), variableObjectLocal);
}
if (fnCurrent == null) {
// OPT: use dataflow to prove that this assignment is dead
popvLocal = getNewWordLocal();
Codegen.pushUndefined(cfw);
cfw.addAStore(popvLocal);
int linenum = scriptOrFn.getEndLineno();
if (linenum != -1)
cfw.addLineNumberEntry((short)linenum);
} else {
if (fnCurrent.itsContainsCalls0) {
itsZeroArgArray = getNewWordLocal();
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"emptyArgs", "[Ljava/lang/Object;");
cfw.addAStore(itsZeroArgArray);
}
if (fnCurrent.itsContainsCalls1) {
itsOneArgArray = getNewWordLocal();
cfw.addPush(1);
cfw.add(ByteCode.ANEWARRAY, "java/lang/Object");
cfw.addAStore(itsOneArgArray);
}
}
}
private void generateGetGeneratorResumptionPoint()
{
cfw.addALoad(generatorStateLocal);
cfw.add(ByteCode.GETFIELD,
OptRuntime.GeneratorState.CLASS_NAME,
OptRuntime.GeneratorState.resumptionPoint_NAME,
OptRuntime.GeneratorState.resumptionPoint_TYPE);
}
private void generateSetGeneratorResumptionPoint(int nextState)
{
cfw.addALoad(generatorStateLocal);
cfw.addLoadConstant(nextState);
cfw.add(ByteCode.PUTFIELD,
OptRuntime.GeneratorState.CLASS_NAME,
OptRuntime.GeneratorState.resumptionPoint_NAME,
OptRuntime.GeneratorState.resumptionPoint_TYPE);
}
private void generateGetGeneratorStackState()
{
cfw.addALoad(generatorStateLocal);
addOptRuntimeInvoke("getGeneratorStackState",
"(Ljava/lang/Object;)[Ljava/lang/Object;");
}
private void generateEpilogue()
{
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
if (isGenerator) {
// generate locals initialization
Map liveLocals = ((FunctionNode)scriptOrFn).getLiveLocals();
if (liveLocals != null) {
List nodes = ((FunctionNode)scriptOrFn).getResumptionPoints();
for (int i = 0; i < nodes.size(); i++) {
Node node = nodes.get(i);
int[] live = liveLocals.get(node);
if (live != null) {
cfw.markTableSwitchCase(generatorSwitch,
getNextGeneratorState(node));
generateGetGeneratorLocalsState();
for (int j = 0; j < live.length; j++) {
cfw.add(ByteCode.DUP);
cfw.addLoadConstant(j);
cfw.add(ByteCode.AALOAD);
cfw.addAStore(live[j]);
}
cfw.add(ByteCode.POP);
cfw.add(ByteCode.GOTO, getTargetLabel(node));
}
}
}
// generate dispatch tables for finally
if (finallys != null) {
for (Node n: finallys.keySet()) {
if (n.getType() == Token.FINALLY) {
FinallyReturnPoint ret = finallys.get(n);
// the finally will jump here
cfw.markLabel(ret.tableLabel, (short)1);
// start generating a dispatch table
int startSwitch = cfw.addTableSwitch(0,
ret.jsrPoints.size() - 1);
int c = 0;
cfw.markTableSwitchDefault(startSwitch);
for (int i = 0; i < ret.jsrPoints.size(); i++) {
// generate gotos back to the JSR location
cfw.markTableSwitchCase(startSwitch, c);
cfw.add(ByteCode.GOTO,
ret.jsrPoints.get(i).intValue());
c++;
}
}
}
}
}
if (epilogueLabel != -1) {
cfw.markLabel(epilogueLabel);
}
if (hasVarsInRegs) {
cfw.add(ByteCode.ARETURN);
return;
} else if (isGenerator) {
if (((FunctionNode)scriptOrFn).getResumptionPoints() != null) {
cfw.markTableSwitchDefault(generatorSwitch);
}
// change state for re-entry
generateSetGeneratorResumptionPoint(GENERATOR_TERMINATE);
// throw StopIteration
cfw.addALoad(variableObjectLocal);
addOptRuntimeInvoke("throwStopIteration",
"(Ljava/lang/Object;)V");
Codegen.pushUndefined(cfw);
cfw.add(ByteCode.ARETURN);
} else if (fnCurrent == null) {
cfw.addALoad(popvLocal);
cfw.add(ByteCode.ARETURN);
} else {
generateActivationExit();
cfw.add(ByteCode.ARETURN);
// Generate catch block to catch all and rethrow to call exit code
// under exception propagation as well.
int finallyHandler = cfw.acquireLabel();
cfw.markHandler(finallyHandler);
short exceptionObject = getNewWordLocal();
cfw.addAStore(exceptionObject);
// Duplicate generateActivationExit() in the catch block since it
// takes less space then full-featured ByteCode.JSR/ByteCode.RET
generateActivationExit();
cfw.addALoad(exceptionObject);
releaseWordLocal(exceptionObject);
// rethrow
cfw.add(ByteCode.ATHROW);
// mark the handler
cfw.addExceptionHandler(enterAreaStartLabel, epilogueLabel,
finallyHandler, null); // catch any
}
}
private void generateGetGeneratorLocalsState() {
cfw.addALoad(generatorStateLocal);
addOptRuntimeInvoke("getGeneratorLocalsState",
"(Ljava/lang/Object;)[Ljava/lang/Object;");
}
private void generateActivationExit()
{
if (fnCurrent == null || hasVarsInRegs) throw Kit.codeBug();
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("exitActivationFunction",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;)V");
}
private void generateStatement(Node node)
{
updateLineNumber(node);
int type = node.getType();
Node child = node.getFirstChild();
switch (type) {
case Token.LOOP:
case Token.LABEL:
case Token.WITH:
case Token.SCRIPT:
case Token.BLOCK:
case Token.EMPTY:
// no-ops.
if (compilerEnv.isGenerateObserverCount()) {
// Need to add instruction count even for no-ops to catch
// cases like while (1) {}
addInstructionCount(1);
}
while (child != null) {
generateStatement(child);
child = child.getNext();
}
break;
case Token.LOCAL_BLOCK: {
boolean prevLocal = inLocalBlock;
inLocalBlock = true;
int local = getNewWordLocal();
if (isGenerator) {
cfw.add(ByteCode.ACONST_NULL);
cfw.addAStore(local);
}
node.putIntProp(Node.LOCAL_PROP, local);
while (child != null) {
generateStatement(child);
child = child.getNext();
}
releaseWordLocal((short)local);
node.removeProp(Node.LOCAL_PROP);
inLocalBlock = prevLocal;
break;
}
case Token.FUNCTION: {
int fnIndex = node.getExistingIntProp(Node.FUNCTION_PROP);
OptFunctionNode ofn = OptFunctionNode.get(scriptOrFn, fnIndex);
int t = ofn.fnode.getFunctionType();
if (t == FunctionNode.FUNCTION_EXPRESSION_STATEMENT) {
visitFunction(ofn, t);
} else {
if (t != FunctionNode.FUNCTION_STATEMENT) {
throw Codegen.badTree();
}
}
break;
}
case Token.TRY:
visitTryCatchFinally((Jump)node, child);
break;
case Token.CATCH_SCOPE:
{
// nothing stays on the stack on entry into a catch scope
cfw.setStackTop((short) 0);
int local = getLocalBlockRegister(node);
int scopeIndex
= node.getExistingIntProp(Node.CATCH_SCOPE_PROP);
String name = child.getString(); // name of exception
child = child.getNext();
generateExpression(child, node); // load expression object
if (scopeIndex == 0) {
cfw.add(ByteCode.ACONST_NULL);
} else {
// Load previous catch scope object
cfw.addALoad(local);
}
cfw.addPush(name);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"newCatchScope",
"(Ljava/lang/Throwable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(local);
}
break;
case Token.THROW:
generateExpression(child, node);
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
generateThrowJavaScriptException();
break;
case Token.RETHROW:
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
cfw.addALoad(getLocalBlockRegister(node));
cfw.add(ByteCode.ATHROW);
break;
case Token.RETURN_RESULT:
case Token.RETURN:
if (!isGenerator) {
if (child != null) {
generateExpression(child, node);
} else if (type == Token.RETURN) {
Codegen.pushUndefined(cfw);
} else {
if (popvLocal < 0) throw Codegen.badTree();
cfw.addALoad(popvLocal);
}
}
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
if (epilogueLabel == -1) {
if (!hasVarsInRegs) throw Codegen.badTree();
epilogueLabel = cfw.acquireLabel();
}
cfw.add(ByteCode.GOTO, epilogueLabel);
break;
case Token.SWITCH:
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
visitSwitch((Jump)node, child);
break;
case Token.ENTERWITH:
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"enterWith",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
incReferenceWordLocal(variableObjectLocal);
break;
case Token.LEAVEWITH:
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"leaveWith",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
decReferenceWordLocal(variableObjectLocal);
break;
case Token.ENUM_INIT_KEYS:
case Token.ENUM_INIT_VALUES:
case Token.ENUM_INIT_ARRAY:
case Token.ENUM_INIT_VALUES_IN_ORDER:
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
int enumType = type == Token.ENUM_INIT_KEYS
? ScriptRuntime.ENUMERATE_KEYS :
type == Token.ENUM_INIT_VALUES
? ScriptRuntime.ENUMERATE_VALUES :
type == Token.ENUM_INIT_VALUES_IN_ORDER
? ScriptRuntime.ENUMERATE_VALUES_IN_ORDER :
ScriptRuntime.ENUMERATE_ARRAY;
cfw.addPush(enumType);
addScriptRuntimeInvoke("enumInit",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I"
+")Ljava/lang/Object;");
cfw.addAStore(getLocalBlockRegister(node));
break;
case Token.EXPR_VOID:
if (child.getType() == Token.SETVAR) {
/* special case this so as to avoid unnecessary
load's & pop's */
visitSetVar(child, child.getFirstChild(), false);
}
else if (child.getType() == Token.SETCONSTVAR) {
/* special case this so as to avoid unnecessary
load's & pop's */
visitSetConstVar(child, child.getFirstChild(), false);
}
else if (child.getType() == Token.YIELD) {
generateYieldPoint(child, false);
}
else {
generateExpression(child, node);
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1)
cfw.add(ByteCode.POP2);
else
cfw.add(ByteCode.POP);
}
break;
case Token.EXPR_RESULT:
generateExpression(child, node);
if (popvLocal < 0) {
popvLocal = getNewWordLocal();
}
cfw.addAStore(popvLocal);
break;
case Token.TARGET:
{
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
int label = getTargetLabel(node);
cfw.markLabel(label);
if (compilerEnv.isGenerateObserverCount())
saveCurrentCodeOffset();
}
break;
case Token.JSR:
case Token.GOTO:
case Token.IFEQ:
case Token.IFNE:
if (compilerEnv.isGenerateObserverCount())
addInstructionCount();
visitGoto((Jump)node, type, child);
break;
case Token.FINALLY:
{
// This is the non-exception case for a finally block. In
// other words, since we inline finally blocks wherever
// jsr was previously used, and jsr is only used when the
// function is not a generator, we don't need to generate
// this case if the function isn't a generator.
if (!isGenerator) {
break;
}
if (compilerEnv.isGenerateObserverCount())
saveCurrentCodeOffset();
// there is exactly one value on the stack when enterring
// finally blocks: the return address (or its int encoding)
cfw.setStackTop((short)1);
// Save return address in a new local
int finallyRegister = getNewWordLocal();
int finallyStart = cfw.acquireLabel();
int finallyEnd = cfw.acquireLabel();
cfw.markLabel(finallyStart);
generateIntegerWrap();
cfw.addAStore(finallyRegister);
while (child != null) {
generateStatement(child);
child = child.getNext();
}
cfw.addALoad(finallyRegister);
cfw.add(ByteCode.CHECKCAST, "java/lang/Integer");
generateIntegerUnwrap();
FinallyReturnPoint ret = finallys.get(node);
ret.tableLabel = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, ret.tableLabel);
releaseWordLocal((short)finallyRegister);
cfw.markLabel(finallyEnd);
}
break;
case Token.DEBUGGER:
break;
default:
throw Codegen.badTree();
}
}
private void generateIntegerWrap()
{
cfw.addInvoke(ByteCode.INVOKESTATIC, "java/lang/Integer", "valueOf",
"(I)Ljava/lang/Integer;");
}
private void generateIntegerUnwrap()
{
cfw.addInvoke(ByteCode.INVOKEVIRTUAL, "java/lang/Integer",
"intValue", "()I");
}
private void generateThrowJavaScriptException()
{
cfw.add(ByteCode.NEW,
"com/baidu/openrasp/org/mozilla/javascript/JavaScriptException");
cfw.add(ByteCode.DUP_X1);
cfw.add(ByteCode.SWAP);
cfw.addPush(scriptOrFn.getSourceName());
cfw.addPush(itsLineNumber);
cfw.addInvoke(
ByteCode.INVOKESPECIAL,
"com/baidu/openrasp/org/mozilla/javascript/JavaScriptException",
"",
"(Ljava/lang/Object;Ljava/lang/String;I)V");
cfw.add(ByteCode.ATHROW);
}
private int getNextGeneratorState(Node node)
{
int nodeIndex = ((FunctionNode)scriptOrFn).getResumptionPoints()
.indexOf(node);
return nodeIndex + GENERATOR_YIELD_START;
}
private void generateExpression(Node node, Node parent)
{
int type = node.getType();
Node child = node.getFirstChild();
switch (type) {
case Token.USE_STACK:
break;
case Token.FUNCTION:
if (fnCurrent != null || parent.getType() != Token.SCRIPT) {
int fnIndex = node.getExistingIntProp(Node.FUNCTION_PROP);
OptFunctionNode ofn = OptFunctionNode.get(scriptOrFn,
fnIndex);
int t = ofn.fnode.getFunctionType();
if (t != FunctionNode.FUNCTION_EXPRESSION &&
t != FunctionNode.ARROW_FUNCTION) {
throw Codegen.badTree();
}
visitFunction(ofn, t);
}
break;
case Token.NAME:
{
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(node.getString());
addScriptRuntimeInvoke(
"name",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+")Ljava/lang/Object;");
}
break;
case Token.CALL:
case Token.NEW:
{
int specialType = node.getIntProp(Node.SPECIALCALL_PROP,
Node.NON_SPECIALCALL);
if (specialType == Node.NON_SPECIALCALL) {
OptFunctionNode target;
target = (OptFunctionNode)node.getProp(
Node.DIRECTCALL_PROP);
if (target != null) {
visitOptimizedCall(node, target, type, child);
} else if (type == Token.CALL) {
visitStandardCall(node, child);
} else {
visitStandardNew(node, child);
}
} else {
visitSpecialCall(node, type, specialType, child);
}
}
break;
case Token.REF_CALL:
generateFunctionAndThisObj(child, node);
// stack: ... functionObj thisObj
child = child.getNext();
generateCallArgArray(node, child, false);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"callRef",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;");
break;
case Token.NUMBER:
{
double num = node.getDouble();
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
cfw.addPush(num);
} else {
codegen.pushNumberAsObject(cfw, num);
}
}
break;
case Token.STRING:
cfw.addPush(node.getString());
break;
case Token.THIS:
cfw.addALoad(thisObjLocal);
break;
case Token.THISFN:
cfw.add(ByteCode.ALOAD_0);
break;
case Token.NULL:
cfw.add(ByteCode.ACONST_NULL);
break;
case Token.TRUE:
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"TRUE", "Ljava/lang/Boolean;");
break;
case Token.FALSE:
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"FALSE", "Ljava/lang/Boolean;");
break;
case Token.REGEXP:
{
// Create a new wrapper around precompiled regexp
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
int i = node.getExistingIntProp(Node.REGEXP_PROP);
cfw.add(ByteCode.GETSTATIC, codegen.mainClassName,
codegen.getCompiledRegexpName(scriptOrFn, i),
"Ljava/lang/Object;");
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"wrapRegExp",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
break;
case Token.COMMA: {
Node next = child.getNext();
while (next != null) {
generateExpression(child, node);
cfw.add(ByteCode.POP);
child = next;
next = next.getNext();
}
generateExpression(child, node);
break;
}
case Token.ENUM_NEXT:
case Token.ENUM_ID: {
int local = getLocalBlockRegister(node);
cfw.addALoad(local);
if (type == Token.ENUM_NEXT) {
addScriptRuntimeInvoke(
"enumNext", "(Ljava/lang/Object;)Ljava/lang/Boolean;");
} else {
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("enumId",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
}
break;
}
case Token.ARRAYLIT:
visitArrayLiteral(node, child, false);
break;
case Token.OBJECTLIT:
visitObjectLiteral(node, child, false);
break;
case Token.NOT: {
int trueTarget = cfw.acquireLabel();
int falseTarget = cfw.acquireLabel();
int beyond = cfw.acquireLabel();
generateIfJump(child, node, trueTarget, falseTarget);
cfw.markLabel(trueTarget);
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"FALSE", "Ljava/lang/Boolean;");
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(falseTarget);
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"TRUE", "Ljava/lang/Boolean;");
cfw.markLabel(beyond);
cfw.adjustStackTop(-1);
break;
}
case Token.BITNOT:
generateExpression(child, node);
addScriptRuntimeInvoke("toInt32", "(Ljava/lang/Object;)I");
cfw.addPush(-1); // implement ~a as (a ^ -1)
cfw.add(ByteCode.IXOR);
cfw.add(ByteCode.I2D);
addDoubleWrap();
break;
case Token.VOID:
generateExpression(child, node);
cfw.add(ByteCode.POP);
Codegen.pushUndefined(cfw);
break;
case Token.TYPEOF:
generateExpression(child, node);
addScriptRuntimeInvoke("typeof",
"(Ljava/lang/Object;"
+")Ljava/lang/String;");
break;
case Token.TYPEOFNAME:
visitTypeofname(node);
break;
case Token.INC:
case Token.DEC:
visitIncDec(node);
break;
case Token.OR:
case Token.AND: {
generateExpression(child, node);
cfw.add(ByteCode.DUP);
addScriptRuntimeInvoke("toBoolean",
"(Ljava/lang/Object;)Z");
int falseTarget = cfw.acquireLabel();
if (type == Token.AND)
cfw.add(ByteCode.IFEQ, falseTarget);
else
cfw.add(ByteCode.IFNE, falseTarget);
cfw.add(ByteCode.POP);
generateExpression(child.getNext(), node);
cfw.markLabel(falseTarget);
}
break;
case Token.HOOK : {
Node ifThen = child.getNext();
Node ifElse = ifThen.getNext();
generateExpression(child, node);
addScriptRuntimeInvoke("toBoolean",
"(Ljava/lang/Object;)Z");
int elseTarget = cfw.acquireLabel();
cfw.add(ByteCode.IFEQ, elseTarget);
short stack = cfw.getStackTop();
generateExpression(ifThen, node);
int afterHook = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, afterHook);
cfw.markLabel(elseTarget, stack);
generateExpression(ifElse, node);
cfw.markLabel(afterHook);
}
break;
case Token.ADD: {
generateExpression(child, node);
generateExpression(child.getNext(), node);
switch (node.getIntProp(Node.ISNUMBER_PROP, -1)) {
case Node.BOTH:
cfw.add(ByteCode.DADD);
break;
case Node.LEFT:
addOptRuntimeInvoke("add",
"(DLjava/lang/Object;)Ljava/lang/Object;");
break;
case Node.RIGHT:
addOptRuntimeInvoke("add",
"(Ljava/lang/Object;D)Ljava/lang/Object;");
break;
default:
if (child.getType() == Token.STRING) {
addScriptRuntimeInvoke("add",
"(Ljava/lang/CharSequence;"
+"Ljava/lang/Object;"
+")Ljava/lang/CharSequence;");
} else if (child.getNext().getType() == Token.STRING) {
addScriptRuntimeInvoke("add",
"(Ljava/lang/Object;"
+"Ljava/lang/CharSequence;"
+")Ljava/lang/CharSequence;");
} else {
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("add",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
}
}
}
break;
case Token.MUL:
visitArithmetic(node, ByteCode.DMUL, child, parent);
break;
case Token.SUB:
visitArithmetic(node, ByteCode.DSUB, child, parent);
break;
case Token.DIV:
case Token.MOD:
visitArithmetic(node, type == Token.DIV
? ByteCode.DDIV
: ByteCode.DREM, child, parent);
break;
case Token.BITOR:
case Token.BITXOR:
case Token.BITAND:
case Token.LSH:
case Token.RSH:
case Token.URSH:
visitBitOp(node, type, child);
break;
case Token.POS:
case Token.NEG:
generateExpression(child, node);
addObjectToDouble();
if (type == Token.NEG) {
cfw.add(ByteCode.DNEG);
}
addDoubleWrap();
break;
case Token.TO_DOUBLE:
// cnvt to double (not Double)
generateExpression(child, node);
addObjectToDouble();
break;
case Token.TO_OBJECT: {
// convert from double
int prop = -1;
if (child.getType() == Token.NUMBER) {
prop = child.getIntProp(Node.ISNUMBER_PROP, -1);
}
if (prop != -1) {
child.removeProp(Node.ISNUMBER_PROP);
generateExpression(child, node);
child.putIntProp(Node.ISNUMBER_PROP, prop);
} else {
generateExpression(child, node);
addDoubleWrap();
}
break;
}
case Token.IN:
case Token.INSTANCEOF:
case Token.LE:
case Token.LT:
case Token.GE:
case Token.GT: {
int trueGOTO = cfw.acquireLabel();
int falseGOTO = cfw.acquireLabel();
visitIfJumpRelOp(node, child, trueGOTO, falseGOTO);
addJumpedBooleanWrap(trueGOTO, falseGOTO);
break;
}
case Token.EQ:
case Token.NE:
case Token.SHEQ:
case Token.SHNE: {
int trueGOTO = cfw.acquireLabel();
int falseGOTO = cfw.acquireLabel();
visitIfJumpEqOp(node, child, trueGOTO, falseGOTO);
addJumpedBooleanWrap(trueGOTO, falseGOTO);
break;
}
case Token.GETPROP:
case Token.GETPROPNOWARN:
visitGetProp(node, child);
break;
case Token.GETELEM:
generateExpression(child, node); // object
generateExpression(child.getNext(), node); // id
cfw.addALoad(contextLocal);
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
addScriptRuntimeInvoke(
"getObjectIndex",
"(Ljava/lang/Object;D"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
}
else {
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectElem",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
break;
case Token.GET_REF:
generateExpression(child, node); // reference
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"refGet",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Ref;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
break;
case Token.GETVAR:
visitGetVar(node);
break;
case Token.SETVAR:
visitSetVar(node, child, true);
break;
case Token.SETNAME:
visitSetName(node, child);
break;
case Token.STRICT_SETNAME:
visitStrictSetName(node, child);
break;
case Token.SETCONST:
visitSetConst(node, child);
break;
case Token.SETCONSTVAR:
visitSetConstVar(node, child, true);
break;
case Token.SETPROP:
case Token.SETPROP_OP:
visitSetProp(type, node, child);
break;
case Token.SETELEM:
case Token.SETELEM_OP:
visitSetElem(type, node, child);
break;
case Token.SET_REF:
case Token.SET_REF_OP:
{
generateExpression(child, node);
child = child.getNext();
if (type == Token.SET_REF_OP) {
cfw.add(ByteCode.DUP);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"refGet",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Ref;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
}
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"refSet",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Ref;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
break;
case Token.DEL_REF:
generateExpression(child, node);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("refDel",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Ref;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
break;
case Token.DELPROP:
boolean isName = child.getType() == Token.BINDNAME;
generateExpression(child, node);
child = child.getNext();
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addPush(isName);
addScriptRuntimeInvoke("delete",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Z)Ljava/lang/Object;");
break;
case Token.BINDNAME:
{
while (child != null) {
generateExpression(child, node);
child = child.getNext();
}
// Generate code for "ScriptRuntime.bind(varObj, "s")"
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(node.getString());
addScriptRuntimeInvoke(
"bind",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
break;
case Token.LOCAL_LOAD:
cfw.addALoad(getLocalBlockRegister(node));
break;
case Token.REF_SPECIAL:
{
String special = (String)node.getProp(Node.NAME_PROP);
generateExpression(child, node);
cfw.addPush(special);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"specialRef",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;");
}
break;
case Token.REF_MEMBER:
case Token.REF_NS_MEMBER:
case Token.REF_NAME:
case Token.REF_NS_NAME:
{
int memberTypeFlags
= node.getIntProp(Node.MEMBER_TYPE_PROP, 0);
// generate possible target, possible namespace and member
do {
generateExpression(child, node);
child = child.getNext();
} while (child != null);
cfw.addALoad(contextLocal);
String methodName, signature;
switch (type) {
case Token.REF_MEMBER:
methodName = "memberRef";
signature = "(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"I"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;";
break;
case Token.REF_NS_MEMBER:
methodName = "memberRef";
signature = "(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"I"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;";
break;
case Token.REF_NAME:
methodName = "nameRef";
signature = "(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;";
cfw.addALoad(variableObjectLocal);
break;
case Token.REF_NS_NAME:
methodName = "nameRef";
signature = "(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Ref;";
cfw.addALoad(variableObjectLocal);
break;
default:
throw Kit.codeBug();
}
cfw.addPush(memberTypeFlags);
addScriptRuntimeInvoke(methodName, signature);
}
break;
case Token.DOTQUERY:
visitDotQuery(node, child);
break;
case Token.ESCXMLATTR:
generateExpression(child, node);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("escapeAttributeValue",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/String;");
break;
case Token.ESCXMLTEXT:
generateExpression(child, node);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("escapeTextValue",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/String;");
break;
case Token.DEFAULTNAMESPACE:
generateExpression(child, node);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke("setDefaultNamespace",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
break;
case Token.YIELD:
generateYieldPoint(node, true);
break;
case Token.WITHEXPR: {
Node enterWith = child;
Node with = enterWith.getNext();
Node leaveWith = with.getNext();
generateStatement(enterWith);
generateExpression(with.getFirstChild(), with);
generateStatement(leaveWith);
break;
}
case Token.ARRAYCOMP: {
Node initStmt = child;
Node expr = child.getNext();
generateStatement(initStmt);
generateExpression(expr, node);
break;
}
default:
throw new RuntimeException("Unexpected node type "+type);
}
}
private void generateYieldPoint(Node node, boolean exprContext) {
// save stack state
int top = cfw.getStackTop();
maxStack = maxStack > top ? maxStack : top;
if (cfw.getStackTop() != 0) {
generateGetGeneratorStackState();
for (int i = 0; i < top; i++) {
cfw.add(ByteCode.DUP_X1);
cfw.add(ByteCode.SWAP);
cfw.addLoadConstant(i);
cfw.add(ByteCode.SWAP);
cfw.add(ByteCode.AASTORE);
}
// pop the array object
cfw.add(ByteCode.POP);
}
// generate the yield argument
Node child = node.getFirstChild();
if (child != null)
generateExpression(child, node);
else
Codegen.pushUndefined(cfw);
// change the resumption state
int nextState = getNextGeneratorState(node);
generateSetGeneratorResumptionPoint(nextState);
boolean hasLocals = generateSaveLocals(node);
cfw.add(ByteCode.ARETURN);
generateCheckForThrowOrClose(getTargetLabel(node),
hasLocals, nextState);
// reconstruct the stack
if (top != 0) {
generateGetGeneratorStackState();
for (int i = 0; i < top; i++) {
cfw.add(ByteCode.DUP);
cfw.addLoadConstant(top - i - 1);
cfw.add(ByteCode.AALOAD);
cfw.add(ByteCode.SWAP);
}
cfw.add(ByteCode.POP);
}
// load return value from yield
if (exprContext) {
cfw.addALoad(argsLocal);
}
}
private void generateCheckForThrowOrClose(int label,
boolean hasLocals,
int nextState) {
int throwLabel = cfw.acquireLabel();
int closeLabel = cfw.acquireLabel();
// throw the user provided object, if the operation is .throw()
cfw.markLabel(throwLabel);
cfw.addALoad(argsLocal);
generateThrowJavaScriptException();
// throw our special internal exception if the generator is being closed
cfw.markLabel(closeLabel);
cfw.addALoad(argsLocal);
cfw.add(ByteCode.CHECKCAST, "java/lang/Throwable");
cfw.add(ByteCode.ATHROW);
// mark the re-entry point
// jump here after initializing the locals
if (label != -1)
cfw.markLabel(label);
if (!hasLocals) {
// jump here directly if there are no locals
cfw.markTableSwitchCase(generatorSwitch, nextState);
}
// see if we need to dispatch for .close() or .throw()
cfw.addILoad(operationLocal);
cfw.addLoadConstant(NativeGenerator.GENERATOR_CLOSE);
cfw.add(ByteCode.IF_ICMPEQ, closeLabel);
cfw.addILoad(operationLocal);
cfw.addLoadConstant(NativeGenerator.GENERATOR_THROW);
cfw.add(ByteCode.IF_ICMPEQ, throwLabel);
}
private void generateIfJump(Node node, Node parent,
int trueLabel, int falseLabel)
{
// System.out.println("gen code for " + node.toString());
int type = node.getType();
Node child = node.getFirstChild();
switch (type) {
case Token.NOT:
generateIfJump(child, node, falseLabel, trueLabel);
break;
case Token.OR:
case Token.AND: {
int interLabel = cfw.acquireLabel();
if (type == Token.AND) {
generateIfJump(child, node, interLabel, falseLabel);
}
else {
generateIfJump(child, node, trueLabel, interLabel);
}
cfw.markLabel(interLabel);
child = child.getNext();
generateIfJump(child, node, trueLabel, falseLabel);
break;
}
case Token.IN:
case Token.INSTANCEOF:
case Token.LE:
case Token.LT:
case Token.GE:
case Token.GT:
visitIfJumpRelOp(node, child, trueLabel, falseLabel);
break;
case Token.EQ:
case Token.NE:
case Token.SHEQ:
case Token.SHNE:
visitIfJumpEqOp(node, child, trueLabel, falseLabel);
break;
default:
// Generate generic code for non-optimized jump
generateExpression(node, parent);
addScriptRuntimeInvoke("toBoolean", "(Ljava/lang/Object;)Z");
cfw.add(ByteCode.IFNE, trueLabel);
cfw.add(ByteCode.GOTO, falseLabel);
}
}
private void visitFunction(OptFunctionNode ofn, int functionType)
{
int fnIndex = codegen.getIndex(ofn.fnode);
cfw.add(ByteCode.NEW, codegen.mainClassName);
// Call function constructor
cfw.add(ByteCode.DUP);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(contextLocal); // load 'cx'
cfw.addPush(fnIndex);
cfw.addInvoke(ByteCode.INVOKESPECIAL, codegen.mainClassName,
"", Codegen.FUNCTION_CONSTRUCTOR_SIGNATURE);
if (functionType == FunctionNode.ARROW_FUNCTION) {
cfw.addALoad(contextLocal); // load 'cx'
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
addOptRuntimeInvoke("bindThis",
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Function;");
}
if (functionType == FunctionNode.FUNCTION_EXPRESSION ||
functionType == FunctionNode.ARROW_FUNCTION) {
// Leave closure object on stack and do not pass it to
// initFunction which suppose to connect statements to scope
return;
}
cfw.addPush(functionType);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(contextLocal); // load 'cx'
addOptRuntimeInvoke("initFunction",
"(Lcom/baidu/openrasp/org/mozilla/javascript/NativeFunction;"
+"I"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")V");
}
private int getTargetLabel(Node target)
{
int labelId = target.labelId();
if (labelId == -1) {
labelId = cfw.acquireLabel();
target.labelId(labelId);
}
return labelId;
}
private void visitGoto(Jump node, int type, Node child)
{
Node target = node.target;
if (type == Token.IFEQ || type == Token.IFNE) {
if (child == null) throw Codegen.badTree();
int targetLabel = getTargetLabel(target);
int fallThruLabel = cfw.acquireLabel();
if (type == Token.IFEQ)
generateIfJump(child, node, targetLabel, fallThruLabel);
else
generateIfJump(child, node, fallThruLabel, targetLabel);
cfw.markLabel(fallThruLabel);
} else {
if (type == Token.JSR) {
if (isGenerator) {
addGotoWithReturn(target);
} else {
// This assumes that JSR is only ever used for finally
inlineFinally(target);
}
} else {
addGoto(target, ByteCode.GOTO);
}
}
}
private void addGotoWithReturn(Node target) {
FinallyReturnPoint ret = finallys.get(target);
cfw.addLoadConstant(ret.jsrPoints.size());
addGoto(target, ByteCode.GOTO);
int retLabel = cfw.acquireLabel();
cfw.markLabel(retLabel);
ret.jsrPoints.add(Integer.valueOf(retLabel));
}
private void generateArrayLiteralFactory(Node node, int count) {
String methodName = codegen.getBodyMethodName(scriptOrFn) + "_literal" + count;
initBodyGeneration();
argsLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
cfw.startMethod(methodName, "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;",
ACC_PRIVATE);
visitArrayLiteral(node, node.getFirstChild(), true);
cfw.add(ByteCode.ARETURN);
cfw.stopMethod((short)(localsMax + 1));
}
private void generateObjectLiteralFactory(Node node, int count) {
String methodName = codegen.getBodyMethodName(scriptOrFn) + "_literal" + count;
initBodyGeneration();
argsLocal = firstFreeLocal++;
localsMax = firstFreeLocal;
cfw.startMethod(methodName, "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;",
ACC_PRIVATE);
visitObjectLiteral(node, node.getFirstChild(), true);
cfw.add(ByteCode.ARETURN);
cfw.stopMethod((short)(localsMax + 1));
}
private void visitArrayLiteral(Node node, Node child, boolean topLevel)
{
int count = 0;
for (Node cursor = child; cursor != null; cursor = cursor.getNext()) {
++count;
}
// If code budget is tight swap out literals into separate method
if (!topLevel && (count > 10 || cfw.getCurrentCodeOffset() > 30000)
&& !hasVarsInRegs && !isGenerator && !inLocalBlock) {
if (literals == null) {
literals = new LinkedList();
}
literals.add(node);
String methodName = codegen.getBodyMethodName(scriptOrFn) + "_literal" + literals.size();
cfw.addALoad(funObjLocal);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
cfw.addALoad(argsLocal);
cfw.addInvoke(ByteCode.INVOKEVIRTUAL, codegen.mainClassName, methodName,
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
return;
}
// load array to store array literal objects
if (isGenerator) {
// TODO: this is actually only necessary if the yield operation is
// a child of this array or its children (bug 757410)
for (int i = 0; i != count; ++i) {
generateExpression(child, node);
child = child.getNext();
}
addNewObjectArray(count);
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP_X1);
cfw.add(ByteCode.SWAP);
cfw.addPush(count - i - 1);
cfw.add(ByteCode.SWAP);
cfw.add(ByteCode.AASTORE);
}
} else {
addNewObjectArray(count);
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP);
cfw.addPush(i);
generateExpression(child, node);
cfw.add(ByteCode.AASTORE);
child = child.getNext();
}
}
int[] skipIndexes = (int[])node.getProp(Node.SKIP_INDEXES_PROP);
if (skipIndexes == null) {
cfw.add(ByteCode.ACONST_NULL);
cfw.add(ByteCode.ICONST_0);
} else {
cfw.addPush(OptRuntime.encodeIntArray(skipIndexes));
cfw.addPush(skipIndexes.length);
}
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addOptRuntimeInvoke("newArrayLiteral",
"([Ljava/lang/Object;"
+"Ljava/lang/String;"
+"I"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
/** load array with property ids */
private void addLoadPropertyIds(Object[] properties, int count) {
addNewObjectArray(count);
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP);
cfw.addPush(i);
Object id = properties[i];
if (id instanceof String) {
cfw.addPush((String)id);
} else {
cfw.addPush(((Integer)id).intValue());
addScriptRuntimeInvoke("wrapInt", "(I)Ljava/lang/Integer;");
}
cfw.add(ByteCode.AASTORE);
}
}
/** load array with property values */
private void addLoadPropertyValues(Node node, Node child, int count) {
if (isGenerator) {
// see bug 757410 for an explanation why we need to split this
for (int i = 0; i != count; ++i) {
int childType = child.getType();
if (childType == Token.GET || childType == Token.SET || childType == Token.METHOD) {
generateExpression(child.getFirstChild(), node);
} else {
generateExpression(child, node);
}
child = child.getNext();
}
addNewObjectArray(count);
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP_X1);
cfw.add(ByteCode.SWAP);
cfw.addPush(count - i - 1);
cfw.add(ByteCode.SWAP);
cfw.add(ByteCode.AASTORE);
}
} else {
addNewObjectArray(count);
Node child2 = child;
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP);
cfw.addPush(i);
int childType = child2.getType();
if (childType == Token.GET || childType == Token.SET || childType == Token.METHOD) {
generateExpression(child2.getFirstChild(), node);
} else {
generateExpression(child2, node);
}
cfw.add(ByteCode.AASTORE);
child2 = child2.getNext();
}
}
}
private void visitObjectLiteral(Node node, Node child, boolean topLevel)
{
Object[] properties = (Object[])node.getProp(Node.OBJECT_IDS_PROP);
int count = properties.length;
// If code budget is tight swap out literals into separate method
if (!topLevel && (count > 10 || cfw.getCurrentCodeOffset() > 30000)
&& !hasVarsInRegs && !isGenerator && !inLocalBlock) {
if (literals == null) {
literals = new LinkedList();
}
literals.add(node);
String methodName = codegen.getBodyMethodName(scriptOrFn) + "_literal" + literals.size();
cfw.addALoad(funObjLocal);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
cfw.addALoad(argsLocal);
cfw.addInvoke(ByteCode.INVOKEVIRTUAL, codegen.mainClassName, methodName,
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
return;
}
if (isGenerator) {
// TODO: this is actually only necessary if the yield operation is
// a child of this object or its children (bug 757410)
addLoadPropertyValues(node, child, count);
addLoadPropertyIds(properties, count);
// swap property-values and property-ids arrays
cfw.add(ByteCode.SWAP);
} else {
addLoadPropertyIds(properties, count);
addLoadPropertyValues(node, child, count);
}
// check if object literal actually has any getters or setters
boolean hasGetterSetters = false;
Node child2 = child;
for (int i = 0; i != count; ++i) {
int childType = child2.getType();
if (childType == Token.GET || childType == Token.SET) {
hasGetterSetters = true;
break;
}
child2 = child2.getNext();
}
// create getter/setter flag array
if (hasGetterSetters) {
cfw.addPush(count);
cfw.add(ByteCode.NEWARRAY, ByteCode.T_INT);
child2 = child;
for (int i = 0; i != count; ++i) {
cfw.add(ByteCode.DUP);
cfw.addPush(i);
int childType = child2.getType();
if (childType == Token.GET) {
cfw.add(ByteCode.ICONST_M1);
} else if (childType == Token.SET) {
cfw.add(ByteCode.ICONST_1);
} else {
cfw.add(ByteCode.ICONST_0);
}
cfw.add(ByteCode.IASTORE);
child2 = child2.getNext();
}
} else {
cfw.add(ByteCode.ACONST_NULL);
}
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke("newObjectLiteral",
"([Ljava/lang/Object;"
+"[Ljava/lang/Object;"
+"[I"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
private void visitSpecialCall(Node node, int type, int specialType,
Node child)
{
cfw.addALoad(contextLocal);
if (type == Token.NEW) {
generateExpression(child, node);
// stack: ... cx functionObj
} else {
generateFunctionAndThisObj(child, node);
// stack: ... cx functionObj thisObj
}
child = child.getNext();
generateCallArgArray(node, child, false);
String methodName;
String callSignature;
if (type == Token.NEW) {
methodName = "newObjectSpecial";
callSignature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Ljava/lang/Object;"
+"[Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I" // call type
+")Ljava/lang/Object;";
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
cfw.addPush(specialType);
} else {
methodName = "callSpecial";
callSignature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I" // call type
+"Ljava/lang/String;I" // filename, linenumber
+")Ljava/lang/Object;";
cfw.addALoad(variableObjectLocal);
cfw.addALoad(thisObjLocal);
cfw.addPush(specialType);
String sourceName = scriptOrFn.getSourceName();
cfw.addPush(sourceName == null ? "" : sourceName);
cfw.addPush(itsLineNumber);
}
addOptRuntimeInvoke(methodName, callSignature);
}
private void visitStandardCall(Node node, Node child)
{
if (node.getType() != Token.CALL) throw Codegen.badTree();
Node firstArgChild = child.getNext();
int childType = child.getType();
String methodName;
String signature;
if (firstArgChild == null) {
if (childType == Token.NAME) {
// name() call
String name = child.getString();
cfw.addPush(name);
methodName = "callName0";
signature = "(Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
} else if (childType == Token.GETPROP) {
// x.name() call
Node propTarget = child.getFirstChild();
generateExpression(propTarget, node);
Node id = propTarget.getNext();
String property = id.getString();
cfw.addPush(property);
methodName = "callProp0";
signature = "(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
} else if (childType == Token.GETPROPNOWARN) {
throw Kit.codeBug();
} else {
generateFunctionAndThisObj(child, node);
methodName = "call0";
signature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
}
} else if (childType == Token.NAME) {
// XXX: this optimization is only possible if name
// resolution
// is not affected by arguments evaluation and currently
// there are no checks for it
String name = child.getString();
generateCallArgArray(node, firstArgChild, false);
cfw.addPush(name);
methodName = "callName";
signature = "([Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
} else {
int argCount = 0;
for (Node arg = firstArgChild; arg != null; arg = arg.getNext()) {
++argCount;
}
generateFunctionAndThisObj(child, node);
// stack: ... functionObj thisObj
if (argCount == 1) {
generateExpression(firstArgChild, node);
methodName = "call1";
signature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
} else if (argCount == 2) {
generateExpression(firstArgChild, node);
generateExpression(firstArgChild.getNext(), node);
methodName = "call2";
signature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
} else {
generateCallArgArray(node, firstArgChild, false);
methodName = "callN";
signature = "(Lcom/baidu/openrasp/org/mozilla/javascript/Callable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;";
}
}
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addOptRuntimeInvoke(methodName, signature);
}
private void visitStandardNew(Node node, Node child)
{
if (node.getType() != Token.NEW) throw Codegen.badTree();
Node firstArgChild = child.getNext();
generateExpression(child, node);
// stack: ... functionObj
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
// stack: ... functionObj cx scope
generateCallArgArray(node, firstArgChild, false);
addScriptRuntimeInvoke(
"newObject",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
private void visitOptimizedCall(Node node, OptFunctionNode target,
int type, Node child)
{
Node firstArgChild = child.getNext();
String className = codegen.mainClassName;
short thisObjLocal = 0;
if (type == Token.NEW) {
generateExpression(child, node);
} else {
generateFunctionAndThisObj(child, node);
thisObjLocal = getNewWordLocal();
cfw.addAStore(thisObjLocal);
}
// stack: ... functionObj
int beyond = cfw.acquireLabel();
int regularCall = cfw.acquireLabel();
cfw.add(ByteCode.DUP);
cfw.add(ByteCode.INSTANCEOF, className);
cfw.add(ByteCode.IFEQ, regularCall);
cfw.add(ByteCode.CHECKCAST, className);
cfw.add(ByteCode.DUP);
cfw.add(ByteCode.GETFIELD, className, Codegen.ID_FIELD_NAME, "I");
cfw.addPush(codegen.getIndex(target.fnode));
cfw.add(ByteCode.IF_ICMPNE, regularCall);
// stack: ... directFunct
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
// stack: ... directFunc cx scope
if (type == Token.NEW) {
cfw.add(ByteCode.ACONST_NULL);
} else {
cfw.addALoad(thisObjLocal);
}
// stack: ... directFunc cx scope thisObj
/*
Remember that directCall parameters are paired in 1 aReg and 1 dReg
If the argument is an incoming arg, just pass the orginal pair thru.
Else, if the argument is known to be typed 'Number', pass Void.TYPE
in the aReg and the number is the dReg
Else pass the JS object in the aReg and 0.0 in the dReg.
*/
Node argChild = firstArgChild;
while (argChild != null) {
int dcp_register = nodeIsDirectCallParameter(argChild);
if (dcp_register >= 0) {
cfw.addALoad(dcp_register);
cfw.addDLoad(dcp_register + 1);
} else if (argChild.getIntProp(Node.ISNUMBER_PROP, -1)
== Node.BOTH)
{
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
generateExpression(argChild, node);
} else {
generateExpression(argChild, node);
cfw.addPush(0.0);
}
argChild = argChild.getNext();
}
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"emptyArgs", "[Ljava/lang/Object;");
cfw.addInvoke(ByteCode.INVOKESTATIC,
codegen.mainClassName,
(type == Token.NEW)
? codegen.getDirectCtorName(target.fnode)
: codegen.getBodyMethodName(target.fnode),
codegen.getBodyMethodSignature(target.fnode));
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(regularCall);
// stack: ... functionObj
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
// stack: ... functionObj cx scope
if (type != Token.NEW) {
cfw.addALoad(thisObjLocal);
releaseWordLocal(thisObjLocal);
// stack: ... functionObj cx scope thisObj
}
// XXX: this will generate code for the child array the second time,
// so expression code generation better not to alter tree structure...
generateCallArgArray(node, firstArgChild, true);
if (type == Token.NEW) {
addScriptRuntimeInvoke(
"newObject",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
} else {
cfw.addInvoke(ByteCode.INVOKEINTERFACE,
"com/baidu/openrasp/org/mozilla/javascript/Callable",
"call",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"[Ljava/lang/Object;"
+")Ljava/lang/Object;");
}
cfw.markLabel(beyond);
}
private void generateCallArgArray(Node node, Node argChild, boolean directCall)
{
int argCount = 0;
for (Node child = argChild; child != null; child = child.getNext()) {
++argCount;
}
// load array object to set arguments
if (argCount == 1 && itsOneArgArray >= 0) {
cfw.addALoad(itsOneArgArray);
} else {
addNewObjectArray(argCount);
}
// Copy arguments into it
for (int i = 0; i != argCount; ++i) {
// If we are compiling a generator an argument could be the result
// of a yield. In that case we will have an immediate on the stack
// which we need to avoid
if (!isGenerator) {
cfw.add(ByteCode.DUP);
cfw.addPush(i);
}
if (!directCall) {
generateExpression(argChild, node);
} else {
// If this has also been a directCall sequence, the Number
// flag will have remained set for any parameter so that
// the values could be copied directly into the outgoing
// args. Here we want to force it to be treated as not in
// a Number context, so we set the flag off.
int dcp_register = nodeIsDirectCallParameter(argChild);
if (dcp_register >= 0) {
dcpLoadAsObject(dcp_register);
} else {
generateExpression(argChild, node);
int childNumberFlag
= argChild.getIntProp(Node.ISNUMBER_PROP, -1);
if (childNumberFlag == Node.BOTH) {
addDoubleWrap();
}
}
}
// When compiling generators, any argument to a method may be a
// yield expression. Hence we compile the argument first and then
// load the argument index and assign the value to the args array.
if (isGenerator) {
short tempLocal = getNewWordLocal();
cfw.addAStore(tempLocal);
cfw.add(ByteCode.CHECKCAST, "[Ljava/lang/Object;");
cfw.add(ByteCode.DUP);
cfw.addPush(i);
cfw.addALoad(tempLocal);
releaseWordLocal(tempLocal);
}
cfw.add(ByteCode.AASTORE);
argChild = argChild.getNext();
}
}
private void generateFunctionAndThisObj(Node node, Node parent)
{
// Place on stack (function object, function this) pair
int type = node.getType();
switch (node.getType()) {
case Token.GETPROPNOWARN:
throw Kit.codeBug();
case Token.GETPROP:
case Token.GETELEM: {
Node target = node.getFirstChild();
generateExpression(target, node);
Node id = target.getNext();
if (type == Token.GETPROP) {
String property = id.getString();
cfw.addPush(property);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getPropFunctionAndThis",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Callable;");
} else {
generateExpression(id, node); // id
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1)
addDoubleWrap();
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getElemFunctionAndThis",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Callable;");
}
break;
}
case Token.NAME: {
String name = node.getString();
cfw.addPush(name);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getNameFunctionAndThis",
"(Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Callable;");
break;
}
default: // including GETVAR
generateExpression(node, parent);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"getValueFunctionAndThis",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Callable;");
break;
}
// Get thisObj prepared by get(Name|Prop|Elem|Value)FunctionAndThis
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"lastStoredScriptable",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
}
private void updateLineNumber(Node node)
{
itsLineNumber = node.getLineno();
if (itsLineNumber == -1)
return;
cfw.addLineNumberEntry((short)itsLineNumber);
}
private void visitTryCatchFinally(Jump node, Node child)
{
/* Save the variable object, in case there are with statements
* enclosed by the try block and we catch some exception.
* We'll restore it for the catch block so that catch block
* statements get the right scope.
*/
// OPT we only need to do this if there are enclosed WITH
// statements; could statically check and omit this if there aren't any.
// XXX OPT Maybe instead do syntactic transforms to associate
// each 'with' with a try/finally block that does the exitwith.
short savedVariableObject = getNewWordLocal();
cfw.addALoad(variableObjectLocal);
cfw.addAStore(savedVariableObject);
/*
* Generate the code for the tree; most of the work is done in IRFactory
* and NodeTransformer; Codegen just adds the java handlers for the
* javascript catch and finally clauses. */
int startLabel = cfw.acquireLabel();
cfw.markLabel(startLabel, (short)0);
Node catchTarget = node.target;
Node finallyTarget = node.getFinally();
int[] handlerLabels = new int[EXCEPTION_MAX];
exceptionManager.pushExceptionInfo(node);
if (catchTarget != null) {
handlerLabels[JAVASCRIPT_EXCEPTION] = cfw.acquireLabel();
handlerLabels[EVALUATOR_EXCEPTION] = cfw.acquireLabel();
handlerLabels[ECMAERROR_EXCEPTION] = cfw.acquireLabel();
Context cx = Context.getCurrentContext();
if (cx != null &&
cx.hasFeature(Context.FEATURE_ENHANCED_JAVA_ACCESS)) {
handlerLabels[THROWABLE_EXCEPTION] = cfw.acquireLabel();
}
}
if (finallyTarget != null) {
handlerLabels[FINALLY_EXCEPTION] = cfw.acquireLabel();
}
exceptionManager.setHandlers(handlerLabels, startLabel);
// create a table for the equivalent of JSR returns
if (isGenerator && finallyTarget != null) {
FinallyReturnPoint ret = new FinallyReturnPoint();
if (finallys == null) {
finallys = new HashMap();
}
// add the finally target to hashtable
finallys.put(finallyTarget, ret);
// add the finally node as well to the hash table
finallys.put(finallyTarget.getNext(), ret);
}
while (child != null) {
if (child == catchTarget) {
int catchLabel = getTargetLabel(catchTarget);
exceptionManager.removeHandler(JAVASCRIPT_EXCEPTION,
catchLabel);
exceptionManager.removeHandler(EVALUATOR_EXCEPTION,
catchLabel);
exceptionManager.removeHandler(ECMAERROR_EXCEPTION,
catchLabel);
exceptionManager.removeHandler(THROWABLE_EXCEPTION,
catchLabel);
}
generateStatement(child);
child = child.getNext();
}
// control flow skips the handlers
int realEnd = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, realEnd);
int exceptionLocal = getLocalBlockRegister(node);
// javascript handler; unwrap exception and GOTO to javascript
// catch area.
if (catchTarget != null) {
// get the label to goto
int catchLabel = catchTarget.labelId();
// If the function is a generator, then handlerLabels will consist
// of zero labels. generateCatchBlock will create its own label
// in this case. The extra parameter for the label is added for
// the case of non-generator functions that inline finally blocks.
generateCatchBlock(JAVASCRIPT_EXCEPTION, savedVariableObject,
catchLabel, exceptionLocal,
handlerLabels[JAVASCRIPT_EXCEPTION]);
/*
* catch WrappedExceptions, see if they are wrapped
* JavaScriptExceptions. Otherwise, rethrow.
*/
generateCatchBlock(EVALUATOR_EXCEPTION, savedVariableObject,
catchLabel, exceptionLocal,
handlerLabels[EVALUATOR_EXCEPTION]);
/*
we also need to catch EcmaErrors and feed the
associated error object to the handler
*/
generateCatchBlock(ECMAERROR_EXCEPTION, savedVariableObject,
catchLabel, exceptionLocal,
handlerLabels[ECMAERROR_EXCEPTION]);
Context cx = Context.getCurrentContext();
if (cx != null &&
cx.hasFeature(Context.FEATURE_ENHANCED_JAVA_ACCESS))
{
generateCatchBlock(THROWABLE_EXCEPTION, savedVariableObject,
catchLabel, exceptionLocal,
handlerLabels[THROWABLE_EXCEPTION]);
}
}
// finally handler; catch all exceptions, store to a local; JSR to
// the finally, then re-throw.
if (finallyTarget != null) {
int finallyHandler = cfw.acquireLabel();
int finallyEnd = cfw.acquireLabel();
cfw.markHandler(finallyHandler);
if (!isGenerator) {
cfw.markLabel(handlerLabels[FINALLY_EXCEPTION]);
}
cfw.addAStore(exceptionLocal);
// reset the variable object local
cfw.addALoad(savedVariableObject);
cfw.addAStore(variableObjectLocal);
// get the label to JSR to
int finallyLabel = finallyTarget.labelId();
if (isGenerator)
addGotoWithReturn(finallyTarget);
else {
inlineFinally(finallyTarget, handlerLabels[FINALLY_EXCEPTION],
finallyEnd);
}
// rethrow
cfw.addALoad(exceptionLocal);
if (isGenerator)
cfw.add(ByteCode.CHECKCAST, "java/lang/Throwable");
cfw.add(ByteCode.ATHROW);
cfw.markLabel(finallyEnd);
// mark the handler
if (isGenerator) {
cfw.addExceptionHandler(startLabel, finallyLabel,
finallyHandler, null); // catch any
}
}
releaseWordLocal(savedVariableObject);
cfw.markLabel(realEnd);
if (!isGenerator) {
exceptionManager.popExceptionInfo();
}
}
private static final int JAVASCRIPT_EXCEPTION = 0;
private static final int EVALUATOR_EXCEPTION = 1;
private static final int ECMAERROR_EXCEPTION = 2;
private static final int THROWABLE_EXCEPTION = 3;
// Finally catch-alls are technically Throwable, but we want a distinction
// for the exception manager and we want to use a null string instead of
// an explicit Throwable string.
private static final int FINALLY_EXCEPTION = 4;
private static final int EXCEPTION_MAX = 5;
private void generateCatchBlock(int exceptionType,
short savedVariableObject,
int catchLabel,
int exceptionLocal,
int handler)
{
if (handler == 0) {
handler = cfw.acquireLabel();
}
cfw.markHandler(handler);
// MS JVM gets cranky if the exception object is left on the stack
cfw.addAStore(exceptionLocal);
// reset the variable object local
cfw.addALoad(savedVariableObject);
cfw.addAStore(variableObjectLocal);
String exceptionName = exceptionTypeToName(exceptionType);
cfw.add(ByteCode.GOTO, catchLabel);
}
private String exceptionTypeToName(int exceptionType)
{
if (exceptionType == JAVASCRIPT_EXCEPTION) {
return "com/baidu/openrasp/org/mozilla/javascript/JavaScriptException";
} else if (exceptionType == EVALUATOR_EXCEPTION) {
return "com/baidu/openrasp/org/mozilla/javascript/EvaluatorException";
} else if (exceptionType == ECMAERROR_EXCEPTION) {
return "com/baidu/openrasp/org/mozilla/javascript/EcmaError";
} else if (exceptionType == THROWABLE_EXCEPTION) {
return "java/lang/Throwable";
} else if (exceptionType == FINALLY_EXCEPTION) {
return null;
} else {
throw Kit.codeBug();
}
}
/**
* Manages placement of exception handlers for non-generator functions.
*
* For generator functions, there are mechanisms put into place to emulate
* jsr by using a goto with a return label. That is one mechanism for
* implementing finally blocks. The other, which is implemented by Sun,
* involves duplicating the finally block where jsr instructions would
* normally be. However, inlining finally blocks causes problems with
* translating exception handlers. Instead of having one big bytecode range
* for each exception, we now have to skip over the inlined finally blocks.
* This class is meant to help implement this.
*
* Every time a try block is encountered during translation, exception
* information should be pushed into the manager, which is treated as a
* stack. The addHandler() and setHandlers() methods may be used to register
* exceptionHandlers for the try block; removeHandler() is used to reverse
* the operation. At the end of the try/catch/finally, the exception state
* for it should be popped.
*
* The important function here is markInlineFinally. This finds which
* finally block on the exception state stack is being inlined and skips
* the proper exception handlers until the finally block is generated.
*/
private class ExceptionManager
{
ExceptionManager()
{
exceptionInfo = new LinkedList();
}
/**
* Push a new try block onto the exception information stack.
*
* @param node an exception handling node (node.getType() ==
* Token.TRY)
*/
void pushExceptionInfo(Jump node)
{
Node fBlock = getFinallyAtTarget(node.getFinally());
ExceptionInfo ei = new ExceptionInfo(node, fBlock);
exceptionInfo.add(ei);
}
/**
* Register an exception handler for the try block at the top of the
* exception information stack.
*
* @param exceptionType one of the integer constants representing an
* exception type
* @param handlerLabel the label of the exception handler
* @param startLabel the label where the exception handling begins
*/
void addHandler(int exceptionType, int handlerLabel, int startLabel)
{
ExceptionInfo top = getTop();
top.handlerLabels[exceptionType] = handlerLabel;
top.exceptionStarts[exceptionType] = startLabel;
}
/**
* Register multiple exception handlers for the top try block. If the
* exception type maps to a zero label, then it is ignored.
*
* @param handlerLabels a map from integer constants representing an
* exception type to the label of the exception
* handler
* @param startLabel the label where all of the exception handling
* begins
*/
void setHandlers(int[] handlerLabels, int startLabel)
{
ExceptionInfo top = getTop();
for (int i = 0; i < handlerLabels.length; i++) {
if (handlerLabels[i] != 0) {
addHandler(i, handlerLabels[i], startLabel);
}
}
}
/**
* Remove an exception handler for the top try block.
*
* @param exceptionType one of the integer constants representing an
* exception type
* @param endLabel a label representing the end of the last bytecode
* that should be handled by the exception
* @returns the label of the exception handler associated with the
* exception type
*/
int removeHandler(int exceptionType, int endLabel)
{
ExceptionInfo top = getTop();
if (top.handlerLabels[exceptionType] != 0) {
int handlerLabel = top.handlerLabels[exceptionType];
endCatch(top, exceptionType, endLabel);
top.handlerLabels[exceptionType] = 0;
return handlerLabel;
}
return 0;
}
/**
* Remove the top try block from the exception information stack.
*/
void popExceptionInfo()
{
exceptionInfo.removeLast();
}
/**
* Mark the start of an inlined finally block.
*
* When a finally block is inlined, any exception handlers that are
* lexically inside of its try block should not cover the range of the
* exception block. We scan from the innermost try block outward until
* we find the try block that matches the finally block. For any block
* whose exception handlers that aren't currently stopped by a finally
* block, we stop the handlers at the beginning of the finally block
* and set it as the finally block that has stopped the handlers. This
* prevents other inlined finally blocks from prematurely ending skip
* ranges and creating bad exception handler ranges.
*
* @param finallyBlock the finally block that is being inlined
* @param finallyStart the label of the beginning of the inlined code
*/
void markInlineFinallyStart(Node finallyBlock, int finallyStart)
{
// Traverse the stack in LIFO order until the try block
// corresponding to the finally block has been reached. We must
// traverse backwards because the earlier exception handlers in
// the exception handler table have priority when determining which
// handler to use. Therefore, we start with the most nested try
// block and move outward.
ListIterator iter =
exceptionInfo.listIterator(exceptionInfo.size());
while (iter.hasPrevious()) {
ExceptionInfo ei = iter.previous();
for (int i = 0; i < EXCEPTION_MAX; i++) {
if (ei.handlerLabels[i] != 0 && ei.currentFinally == null) {
endCatch(ei, i, finallyStart);
ei.exceptionStarts[i] = 0;
ei.currentFinally = finallyBlock;
}
}
if (ei.finallyBlock == finallyBlock) {
break;
}
}
}
/**
* Mark the end of an inlined finally block.
*
* For any set of exception handlers that have been stopped by the
* inlined block, resume exception handling at the end of the finally
* block.
*
* @param finallyBlock the finally block that is being inlined
* @param finallyEnd the label of the end of the inlined code
*/
void markInlineFinallyEnd(Node finallyBlock, int finallyEnd)
{
ListIterator iter =
exceptionInfo.listIterator(exceptionInfo.size());
while (iter.hasPrevious()) {
ExceptionInfo ei = iter.previous();
for (int i = 0; i < EXCEPTION_MAX; i++) {
if (ei.handlerLabels[i] != 0 &&
ei.currentFinally == finallyBlock) {
ei.exceptionStarts[i] = finallyEnd;
ei.currentFinally = null;
}
}
if (ei.finallyBlock == finallyBlock) {
break;
}
}
}
/**
* Mark off the end of a bytecode chunk that should be handled by an
* exceptionHandler.
*
* The caller of this method must appropriately mark the start of the
* next bytecode chunk or remove the handler.
*/
private void endCatch(ExceptionInfo ei, int exceptionType, int catchEnd)
{
if (ei.exceptionStarts[exceptionType] == 0) {
throw new IllegalStateException("bad exception start");
}
int currentStart = ei.exceptionStarts[exceptionType];
int currentStartPC = cfw.getLabelPC(currentStart);
int catchEndPC = cfw.getLabelPC(catchEnd);
if (currentStartPC != catchEndPC) {
cfw.addExceptionHandler(ei.exceptionStarts[exceptionType],
catchEnd,
ei.handlerLabels[exceptionType],
exceptionTypeToName(exceptionType));
}
}
private ExceptionInfo getTop()
{
return exceptionInfo.getLast();
}
private class ExceptionInfo
{
ExceptionInfo(Jump node, Node finallyBlock)
{
this.node = node;
this.finallyBlock = finallyBlock;
handlerLabels = new int[EXCEPTION_MAX];
exceptionStarts = new int[EXCEPTION_MAX];
currentFinally = null;
}
Jump node;
Node finallyBlock;
int[] handlerLabels;
int[] exceptionStarts;
// The current finally block that has temporarily ended the
// exception handler ranges
Node currentFinally;
}
// A stack of try/catch block information ordered by lexical scoping
private LinkedList exceptionInfo;
}
private ExceptionManager exceptionManager = new ExceptionManager();
/**
* Inline a FINALLY node into the method bytecode.
*
* This method takes a label that points to the real start of the finally
* block as implemented in the bytecode. This is because in some cases,
* the finally block really starts before any of the code in the Node. For
* example, the catch-all-rethrow finally block has a few instructions
* prior to the finally block made by the user.
*
* In addition, an end label that should be unmarked is given as a method
* parameter. It is the responsibility of any callers of this method to
* mark the label.
*
* The start and end labels of the finally block are used to exclude the
* inlined block from the proper exception handler. For example, an inlined
* finally block should not be handled by a catch-all-rethrow.
*
* @param finallyTarget a TARGET node directly preceding a FINALLY node or
* a FINALLY node itself
* @param finallyStart a pre-marked label that indicates the actual start
* of the finally block in the bytecode.
* @param finallyEnd an unmarked label that will indicate the actual end
* of the finally block in the bytecode.
*/
private void inlineFinally(Node finallyTarget, int finallyStart,
int finallyEnd) {
Node fBlock = getFinallyAtTarget(finallyTarget);
fBlock.resetTargets();
Node child = fBlock.getFirstChild();
exceptionManager.markInlineFinallyStart(fBlock, finallyStart);
while (child != null) {
generateStatement(child);
child = child.getNext();
}
exceptionManager.markInlineFinallyEnd(fBlock, finallyEnd);
}
private void inlineFinally(Node finallyTarget) {
int finallyStart = cfw.acquireLabel();
int finallyEnd = cfw.acquireLabel();
cfw.markLabel(finallyStart);
inlineFinally(finallyTarget, finallyStart, finallyEnd);
cfw.markLabel(finallyEnd);
}
/**
* Get a FINALLY node at a point in the IR.
*
* This is strongly dependent on the generated IR. If the node is a TARGET,
* it only check the next node to see if it is a FINALLY node.
*/
private Node getFinallyAtTarget(Node node) {
if (node == null) {
return null;
} else if (node.getType() == Token.FINALLY) {
return node;
} else if (node != null && node.getType() == Token.TARGET) {
Node fBlock = node.getNext();
if (fBlock != null && fBlock.getType() == Token.FINALLY) {
return fBlock;
}
}
throw Kit.codeBug("bad finally target");
}
private boolean generateSaveLocals(Node node)
{
int count = 0;
for (int i = 0; i < firstFreeLocal; i++) {
if (locals[i] != 0)
count++;
}
if (count == 0) {
((FunctionNode)scriptOrFn).addLiveLocals(node, null);
return false;
}
// calculate the max locals
maxLocals = maxLocals > count ? maxLocals : count;
// create a locals list
int[] ls = new int[count];
int s = 0;
for (int i = 0; i < firstFreeLocal; i++) {
if (locals[i] != 0) {
ls[s] = i;
s++;
}
}
// save the locals
((FunctionNode)scriptOrFn).addLiveLocals(node, ls);
// save locals
generateGetGeneratorLocalsState();
for (int i = 0; i < count; i++) {
cfw.add(ByteCode.DUP);
cfw.addLoadConstant(i);
cfw.addALoad(ls[i]);
cfw.add(ByteCode.AASTORE);
}
// pop the array off the stack
cfw.add(ByteCode.POP);
return true;
}
private void visitSwitch(Jump switchNode, Node child)
{
// See comments in IRFactory.createSwitch() for description
// of SWITCH node
generateExpression(child, switchNode);
// save selector value
short selector = getNewWordLocal();
cfw.addAStore(selector);
for (Jump caseNode = (Jump)child.getNext();
caseNode != null;
caseNode = (Jump)caseNode.getNext())
{
if (caseNode.getType() != Token.CASE)
throw Codegen.badTree();
Node test = caseNode.getFirstChild();
generateExpression(test, caseNode);
cfw.addALoad(selector);
addScriptRuntimeInvoke("shallowEq",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+")Z");
addGoto(caseNode.target, ByteCode.IFNE);
}
releaseWordLocal(selector);
}
private void visitTypeofname(Node node)
{
if (hasVarsInRegs) {
int varIndex = fnCurrent.fnode.getIndexForNameNode(node);
if (varIndex >= 0) {
if (fnCurrent.isNumberVar(varIndex)) {
cfw.addPush("number");
} else if (varIsDirectCallParameter(varIndex)) {
int dcp_register = varRegisters[varIndex];
cfw.addALoad(dcp_register);
cfw.add(ByteCode.GETSTATIC, "java/lang/Void", "TYPE",
"Ljava/lang/Class;");
int isNumberLabel = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPEQ, isNumberLabel);
short stack = cfw.getStackTop();
cfw.addALoad(dcp_register);
addScriptRuntimeInvoke("typeof",
"(Ljava/lang/Object;"
+")Ljava/lang/String;");
int beyond = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(isNumberLabel, stack);
cfw.addPush("number");
cfw.markLabel(beyond);
} else {
cfw.addALoad(varRegisters[varIndex]);
addScriptRuntimeInvoke("typeof",
"(Ljava/lang/Object;"
+")Ljava/lang/String;");
}
return;
}
}
cfw.addALoad(variableObjectLocal);
cfw.addPush(node.getString());
addScriptRuntimeInvoke("typeofName",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+")Ljava/lang/String;");
}
/**
* Save the current code offset. This saved code offset is used to
* compute instruction counts in subsequent calls to
* {@link #addInstructionCount()}.
*/
private void saveCurrentCodeOffset() {
savedCodeOffset = cfw.getCurrentCodeOffset();
}
/**
* Generate calls to ScriptRuntime.addInstructionCount to keep track of
* executed instructions and call observeInstructionCount()
* if a threshold is exceeded.
* Calculates the count from getCurrentCodeOffset - savedCodeOffset
*/
private void addInstructionCount() {
int count = cfw.getCurrentCodeOffset() - savedCodeOffset;
// TODO we used to return for count == 0 but that broke the following:
// while(true) continue; (see bug 531600)
// To be safe, we now always count at least 1 instruction when invoked.
addInstructionCount(Math.max(count, 1));
}
/**
* Generate calls to ScriptRuntime.addInstructionCount to keep track of
* executed instructions and call observeInstructionCount()
* if a threshold is exceeded.
* Takes the count as a parameter - used to add monitoring to loops and
* other blocks that don't have any ops - this allows
* for monitoring/killing of while(true) loops and such.
*/
private void addInstructionCount(int count) {
cfw.addALoad(contextLocal);
cfw.addPush(count);
addScriptRuntimeInvoke("addInstructionCount",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"I)V");
}
private void visitIncDec(Node node)
{
int incrDecrMask = node.getExistingIntProp(Node.INCRDECR_PROP);
Node child = node.getFirstChild();
switch (child.getType()) {
case Token.GETVAR:
if (!hasVarsInRegs) Kit.codeBug();
boolean post = ((incrDecrMask & Node.POST_FLAG) != 0);
int varIndex = fnCurrent.getVarIndex(child);
short reg = varRegisters[varIndex];
boolean[] constDeclarations = fnCurrent.fnode.getParamAndVarConst();
if (constDeclarations[varIndex]) {
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
int offset = varIsDirectCallParameter(varIndex) ? 1 : 0;
cfw.addDLoad(reg + offset);
if (!post) {
cfw.addPush(1.0);
if ((incrDecrMask & Node.DECR_FLAG) == 0) {
cfw.add(ByteCode.DADD);
} else {
cfw.add(ByteCode.DSUB);
}
}
} else {
if (varIsDirectCallParameter(varIndex)) {
dcpLoadAsObject(reg);
} else {
cfw.addALoad(reg);
}
if (post) {
cfw.add(ByteCode.DUP);
addObjectToDouble();
cfw.add(ByteCode.POP2);
} else {
addObjectToDouble();
cfw.addPush(1.0);
if ((incrDecrMask & Node.DECR_FLAG) == 0) {
cfw.add(ByteCode.DADD);
} else {
cfw.add(ByteCode.DSUB);
}
addDoubleWrap();
}
}
break;
}
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
int offset = varIsDirectCallParameter(varIndex) ? 1 : 0;
cfw.addDLoad(reg + offset);
if (post) {
cfw.add(ByteCode.DUP2);
}
cfw.addPush(1.0);
if ((incrDecrMask & Node.DECR_FLAG) == 0) {
cfw.add(ByteCode.DADD);
} else {
cfw.add(ByteCode.DSUB);
}
if (!post) {
cfw.add(ByteCode.DUP2);
}
cfw.addDStore(reg + offset);
} else {
if (varIsDirectCallParameter(varIndex)) {
dcpLoadAsObject(reg);
} else {
cfw.addALoad(reg);
}
addObjectToDouble();
if (post) {
cfw.add(ByteCode.DUP2);
}
cfw.addPush(1.0);
if ((incrDecrMask & Node.DECR_FLAG) == 0) {
cfw.add(ByteCode.DADD);
} else {
cfw.add(ByteCode.DSUB);
}
addDoubleWrap();
if (!post) {
cfw.add(ByteCode.DUP);
}
cfw.addAStore(reg);
if (post) {
addDoubleWrap();
}
}
break;
case Token.NAME:
cfw.addALoad(variableObjectLocal);
cfw.addPush(child.getString()); // push name
cfw.addALoad(contextLocal);
cfw.addPush(incrDecrMask);
addScriptRuntimeInvoke("nameIncrDecr",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"I)Ljava/lang/Object;");
break;
case Token.GETPROPNOWARN:
throw Kit.codeBug();
case Token.GETPROP: {
Node getPropChild = child.getFirstChild();
generateExpression(getPropChild, node);
generateExpression(getPropChild.getNext(), node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(incrDecrMask);
addScriptRuntimeInvoke("propIncrDecr",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I)Ljava/lang/Object;");
break;
}
case Token.GETELEM: {
Node elemChild = child.getFirstChild();
generateExpression(elemChild, node);
generateExpression(elemChild.getNext(), node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(incrDecrMask);
if (elemChild.getNext().getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
addOptRuntimeInvoke("elemIncrDecr",
"(Ljava/lang/Object;"
+"D"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I"
+")Ljava/lang/Object;");
} else {
addScriptRuntimeInvoke("elemIncrDecr",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I"
+")Ljava/lang/Object;");
}
break;
}
case Token.GET_REF: {
Node refChild = child.getFirstChild();
generateExpression(refChild, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(incrDecrMask);
addScriptRuntimeInvoke(
"refIncrDecr",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Ref;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"I)Ljava/lang/Object;");
break;
}
default:
Codegen.badTree();
}
}
private static boolean isArithmeticNode(Node node)
{
int type = node.getType();
return (type == Token.SUB)
|| (type == Token.MOD)
|| (type == Token.DIV)
|| (type == Token.MUL);
}
private void visitArithmetic(Node node, int opCode, Node child,
Node parent)
{
int childNumberFlag = node.getIntProp(Node.ISNUMBER_PROP, -1);
if (childNumberFlag != -1) {
generateExpression(child, node);
generateExpression(child.getNext(), node);
cfw.add(opCode);
}
else {
boolean childOfArithmetic = isArithmeticNode(parent);
generateExpression(child, node);
if (!isArithmeticNode(child))
addObjectToDouble();
generateExpression(child.getNext(), node);
if (!isArithmeticNode(child.getNext()))
addObjectToDouble();
cfw.add(opCode);
if (!childOfArithmetic) {
addDoubleWrap();
}
}
}
private void visitBitOp(Node node, int type, Node child)
{
int childNumberFlag = node.getIntProp(Node.ISNUMBER_PROP, -1);
generateExpression(child, node);
// special-case URSH; work with the target arg as a long, so
// that we can return a 32-bit unsigned value, and call
// toUint32 instead of toInt32.
if (type == Token.URSH) {
addScriptRuntimeInvoke("toUint32", "(Ljava/lang/Object;)J");
generateExpression(child.getNext(), node);
addScriptRuntimeInvoke("toInt32", "(Ljava/lang/Object;)I");
// Looks like we need to explicitly mask the shift to 5 bits -
// LUSHR takes 6 bits.
cfw.addPush(31);
cfw.add(ByteCode.IAND);
cfw.add(ByteCode.LUSHR);
cfw.add(ByteCode.L2D);
addDoubleWrap();
return;
}
if (childNumberFlag == -1) {
addScriptRuntimeInvoke("toInt32", "(Ljava/lang/Object;)I");
generateExpression(child.getNext(), node);
addScriptRuntimeInvoke("toInt32", "(Ljava/lang/Object;)I");
}
else {
addScriptRuntimeInvoke("toInt32", "(D)I");
generateExpression(child.getNext(), node);
addScriptRuntimeInvoke("toInt32", "(D)I");
}
switch (type) {
case Token.BITOR:
cfw.add(ByteCode.IOR);
break;
case Token.BITXOR:
cfw.add(ByteCode.IXOR);
break;
case Token.BITAND:
cfw.add(ByteCode.IAND);
break;
case Token.RSH:
cfw.add(ByteCode.ISHR);
break;
case Token.LSH:
cfw.add(ByteCode.ISHL);
break;
default:
throw Codegen.badTree();
}
cfw.add(ByteCode.I2D);
if (childNumberFlag == -1) {
addDoubleWrap();
}
}
private int nodeIsDirectCallParameter(Node node)
{
if (node.getType() == Token.GETVAR
&& inDirectCallFunction && !itsForcedObjectParameters)
{
int varIndex = fnCurrent.getVarIndex(node);
if (fnCurrent.isParameter(varIndex)) {
return varRegisters[varIndex];
}
}
return -1;
}
private boolean varIsDirectCallParameter(int varIndex)
{
return fnCurrent.isParameter(varIndex)
&& inDirectCallFunction && !itsForcedObjectParameters;
}
private void genSimpleCompare(int type, int trueGOTO, int falseGOTO)
{
if (trueGOTO == -1) throw Codegen.badTree();
switch (type) {
case Token.LE :
cfw.add(ByteCode.DCMPG);
cfw.add(ByteCode.IFLE, trueGOTO);
break;
case Token.GE :
cfw.add(ByteCode.DCMPL);
cfw.add(ByteCode.IFGE, trueGOTO);
break;
case Token.LT :
cfw.add(ByteCode.DCMPG);
cfw.add(ByteCode.IFLT, trueGOTO);
break;
case Token.GT :
cfw.add(ByteCode.DCMPL);
cfw.add(ByteCode.IFGT, trueGOTO);
break;
default :
throw Codegen.badTree();
}
if (falseGOTO != -1)
cfw.add(ByteCode.GOTO, falseGOTO);
}
private void visitIfJumpRelOp(Node node, Node child,
int trueGOTO, int falseGOTO)
{
if (trueGOTO == -1 || falseGOTO == -1) throw Codegen.badTree();
int type = node.getType();
Node rChild = child.getNext();
if (type == Token.INSTANCEOF || type == Token.IN) {
generateExpression(child, node);
generateExpression(rChild, node);
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
(type == Token.INSTANCEOF) ? "instanceOf" : "in",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Z");
cfw.add(ByteCode.IFNE, trueGOTO);
cfw.add(ByteCode.GOTO, falseGOTO);
return;
}
int childNumberFlag = node.getIntProp(Node.ISNUMBER_PROP, -1);
int left_dcp_register = nodeIsDirectCallParameter(child);
int right_dcp_register = nodeIsDirectCallParameter(rChild);
if (childNumberFlag != -1) {
// Force numeric context on both parameters and optimize
// direct call case as Optimizer currently does not handle it
if (childNumberFlag != Node.RIGHT) {
// Left already has number content
generateExpression(child, node);
} else if (left_dcp_register != -1) {
dcpLoadAsNumber(left_dcp_register);
} else {
generateExpression(child, node);
addObjectToDouble();
}
if (childNumberFlag != Node.LEFT) {
// Right already has number content
generateExpression(rChild, node);
} else if (right_dcp_register != -1) {
dcpLoadAsNumber(right_dcp_register);
} else {
generateExpression(rChild, node);
addObjectToDouble();
}
genSimpleCompare(type, trueGOTO, falseGOTO);
} else {
if (left_dcp_register != -1 && right_dcp_register != -1) {
// Generate code to dynamically check for number content
// if both operands are dcp
short stack = cfw.getStackTop();
int leftIsNotNumber = cfw.acquireLabel();
cfw.addALoad(left_dcp_register);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
cfw.add(ByteCode.IF_ACMPNE, leftIsNotNumber);
cfw.addDLoad(left_dcp_register + 1);
dcpLoadAsNumber(right_dcp_register);
genSimpleCompare(type, trueGOTO, falseGOTO);
if (stack != cfw.getStackTop()) throw Codegen.badTree();
cfw.markLabel(leftIsNotNumber);
int rightIsNotNumber = cfw.acquireLabel();
cfw.addALoad(right_dcp_register);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
cfw.add(ByteCode.IF_ACMPNE, rightIsNotNumber);
cfw.addALoad(left_dcp_register);
addObjectToDouble();
cfw.addDLoad(right_dcp_register + 1);
genSimpleCompare(type, trueGOTO, falseGOTO);
if (stack != cfw.getStackTop()) throw Codegen.badTree();
cfw.markLabel(rightIsNotNumber);
// Load both register as objects to call generic cmp_*
cfw.addALoad(left_dcp_register);
cfw.addALoad(right_dcp_register);
} else {
generateExpression(child, node);
generateExpression(rChild, node);
}
if (type == Token.GE || type == Token.GT) {
cfw.add(ByteCode.SWAP);
}
String routine = ((type == Token.LT)
|| (type == Token.GT)) ? "cmp_LT" : "cmp_LE";
addScriptRuntimeInvoke(routine,
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+")Z");
cfw.add(ByteCode.IFNE, trueGOTO);
cfw.add(ByteCode.GOTO, falseGOTO);
}
}
private void visitIfJumpEqOp(Node node, Node child,
int trueGOTO, int falseGOTO)
{
if (trueGOTO == -1 || falseGOTO == -1) throw Codegen.badTree();
short stackInitial = cfw.getStackTop();
int type = node.getType();
Node rChild = child.getNext();
// Optimize if one of operands is null
if (child.getType() == Token.NULL || rChild.getType() == Token.NULL) {
// eq is symmetric in this case
if (child.getType() == Token.NULL) {
child = rChild;
}
generateExpression(child, node);
if (type == Token.SHEQ || type == Token.SHNE) {
int testCode = (type == Token.SHEQ)
? ByteCode.IFNULL : ByteCode.IFNONNULL;
cfw.add(testCode, trueGOTO);
} else {
if (type != Token.EQ) {
// swap false/true targets for !=
if (type != Token.NE) throw Codegen.badTree();
int tmp = trueGOTO;
trueGOTO = falseGOTO;
falseGOTO = tmp;
}
cfw.add(ByteCode.DUP);
int undefCheckLabel = cfw.acquireLabel();
cfw.add(ByteCode.IFNONNULL, undefCheckLabel);
short stack = cfw.getStackTop();
cfw.add(ByteCode.POP);
cfw.add(ByteCode.GOTO, trueGOTO);
cfw.markLabel(undefCheckLabel, stack);
Codegen.pushUndefined(cfw);
cfw.add(ByteCode.IF_ACMPEQ, trueGOTO);
}
cfw.add(ByteCode.GOTO, falseGOTO);
} else {
int child_dcp_register = nodeIsDirectCallParameter(child);
if (child_dcp_register != -1
&& rChild.getType() == Token.TO_OBJECT)
{
Node convertChild = rChild.getFirstChild();
if (convertChild.getType() == Token.NUMBER) {
cfw.addALoad(child_dcp_register);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
int notNumbersLabel = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPNE, notNumbersLabel);
cfw.addDLoad(child_dcp_register + 1);
cfw.addPush(convertChild.getDouble());
cfw.add(ByteCode.DCMPL);
if (type == Token.EQ)
cfw.add(ByteCode.IFEQ, trueGOTO);
else
cfw.add(ByteCode.IFNE, trueGOTO);
cfw.add(ByteCode.GOTO, falseGOTO);
cfw.markLabel(notNumbersLabel);
// fall thru into generic handling
}
}
generateExpression(child, node);
generateExpression(rChild, node);
String name;
int testCode;
switch (type) {
case Token.EQ:
name = "eq";
testCode = ByteCode.IFNE;
break;
case Token.NE:
name = "eq";
testCode = ByteCode.IFEQ;
break;
case Token.SHEQ:
name = "shallowEq";
testCode = ByteCode.IFNE;
break;
case Token.SHNE:
name = "shallowEq";
testCode = ByteCode.IFEQ;
break;
default:
throw Codegen.badTree();
}
addScriptRuntimeInvoke(name,
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+")Z");
cfw.add(testCode, trueGOTO);
cfw.add(ByteCode.GOTO, falseGOTO);
}
if (stackInitial != cfw.getStackTop()) throw Codegen.badTree();
}
private void visitSetName(Node node, Node child)
{
String name = node.getFirstChild().getString();
while (child != null) {
generateExpression(child, node);
child = child.getNext();
}
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(name);
addScriptRuntimeInvoke(
"setName",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+")Ljava/lang/Object;");
}
private void visitStrictSetName(Node node, Node child)
{
String name = node.getFirstChild().getString();
while (child != null) {
generateExpression(child, node);
child = child.getNext();
}
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
cfw.addPush(name);
addScriptRuntimeInvoke(
"strictSetName",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+")Ljava/lang/Object;");
}
private void visitSetConst(Node node, Node child)
{
String name = node.getFirstChild().getString();
while (child != null) {
generateExpression(child, node);
child = child.getNext();
}
cfw.addALoad(contextLocal);
cfw.addPush(name);
addScriptRuntimeInvoke(
"setConst",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Ljava/lang/String;"
+")Ljava/lang/Object;");
}
private void visitGetVar(Node node)
{
if (!hasVarsInRegs) Kit.codeBug();
int varIndex = fnCurrent.getVarIndex(node);
short reg = varRegisters[varIndex];
if (varIsDirectCallParameter(varIndex)) {
// Remember that here the isNumber flag means that we
// want to use the incoming parameter in a Number
// context, so test the object type and convert the
// value as necessary.
if (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1) {
dcpLoadAsNumber(reg);
} else {
dcpLoadAsObject(reg);
}
} else if (fnCurrent.isNumberVar(varIndex)) {
cfw.addDLoad(reg);
} else {
cfw.addALoad(reg);
}
}
private void visitSetVar(Node node, Node child, boolean needValue)
{
if (!hasVarsInRegs) Kit.codeBug();
int varIndex = fnCurrent.getVarIndex(node);
generateExpression(child.getNext(), node);
boolean isNumber = (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1);
short reg = varRegisters[varIndex];
boolean [] constDeclarations = fnCurrent.fnode.getParamAndVarConst();
if (constDeclarations[varIndex]) {
if (!needValue) {
if (isNumber)
cfw.add(ByteCode.POP2);
else
cfw.add(ByteCode.POP);
}
}
else if (varIsDirectCallParameter(varIndex)) {
if (isNumber) {
if (needValue) cfw.add(ByteCode.DUP2);
cfw.addALoad(reg);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
int isNumberLabel = cfw.acquireLabel();
int beyond = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPEQ, isNumberLabel);
short stack = cfw.getStackTop();
addDoubleWrap();
cfw.addAStore(reg);
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(isNumberLabel, stack);
cfw.addDStore(reg + 1);
cfw.markLabel(beyond);
}
else {
if (needValue) cfw.add(ByteCode.DUP);
cfw.addAStore(reg);
}
} else {
boolean isNumberVar = fnCurrent.isNumberVar(varIndex);
if (isNumber) {
if (isNumberVar) {
cfw.addDStore(reg);
if (needValue) cfw.addDLoad(reg);
} else {
if (needValue) cfw.add(ByteCode.DUP2);
// Cannot save number in variable since !isNumberVar,
// so convert to object
addDoubleWrap();
cfw.addAStore(reg);
}
} else {
if (isNumberVar) Kit.codeBug();
cfw.addAStore(reg);
if (needValue) cfw.addALoad(reg);
}
}
}
private void visitSetConstVar(Node node, Node child, boolean needValue)
{
if (!hasVarsInRegs) Kit.codeBug();
int varIndex = fnCurrent.getVarIndex(node);
generateExpression(child.getNext(), node);
boolean isNumber = (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1);
short reg = varRegisters[varIndex];
int beyond = cfw.acquireLabel();
int noAssign = cfw.acquireLabel();
if (isNumber) {
cfw.addILoad(reg + 2);
cfw.add(ByteCode.IFNE, noAssign);
short stack = cfw.getStackTop();
cfw.addPush(1);
cfw.addIStore(reg + 2);
cfw.addDStore(reg);
if (needValue) {
cfw.addDLoad(reg);
cfw.markLabel(noAssign, stack);
} else {
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(noAssign, stack);
cfw.add(ByteCode.POP2);
}
}
else {
cfw.addILoad(reg + 1);
cfw.add(ByteCode.IFNE, noAssign);
short stack = cfw.getStackTop();
cfw.addPush(1);
cfw.addIStore(reg + 1);
cfw.addAStore(reg);
if (needValue) {
cfw.addALoad(reg);
cfw.markLabel(noAssign, stack);
} else {
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(noAssign, stack);
cfw.add(ByteCode.POP);
}
}
cfw.markLabel(beyond);
}
private void visitGetProp(Node node, Node child)
{
generateExpression(child, node); // object
Node nameChild = child.getNext();
generateExpression(nameChild, node); // the name
if (node.getType() == Token.GETPROPNOWARN) {
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectPropNoWarn",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
return;
}
/*
for 'this.foo' we call getObjectProp(Scriptable...) which can
skip some casting overhead.
*/
int childType = child.getType();
if (childType == Token.THIS && nameChild.getType() == Token.STRING) {
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"getObjectProp",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
} else {
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectProp",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
}
private void visitSetProp(int type, Node node, Node child)
{
Node objectChild = child;
generateExpression(child, node);
child = child.getNext();
if (type == Token.SETPROP_OP) {
cfw.add(ByteCode.DUP);
}
Node nameChild = child;
generateExpression(child, node);
child = child.getNext();
if (type == Token.SETPROP_OP) {
// stack: ... object object name -> ... object name object name
cfw.add(ByteCode.DUP_X1);
//for 'this.foo += ...' we call thisGet which can skip some
//casting overhead.
if (objectChild.getType() == Token.THIS
&& nameChild.getType() == Token.STRING)
{
cfw.addALoad(contextLocal);
addScriptRuntimeInvoke(
"getObjectProp",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+")Ljava/lang/Object;");
} else {
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectProp",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
}
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"setObjectProp",
"(Ljava/lang/Object;"
+"Ljava/lang/String;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
private void visitSetElem(int type, Node node, Node child)
{
generateExpression(child, node);
child = child.getNext();
if (type == Token.SETELEM_OP) {
cfw.add(ByteCode.DUP);
}
generateExpression(child, node);
child = child.getNext();
boolean indexIsNumber = (node.getIntProp(Node.ISNUMBER_PROP, -1) != -1);
if (type == Token.SETELEM_OP) {
if (indexIsNumber) {
// stack: ... object object number
// -> ... object number object number
cfw.add(ByteCode.DUP2_X1);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectIndex",
"(Ljava/lang/Object;D"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
} else {
// stack: ... object object indexObject
// -> ... object indexObject object indexObject
cfw.add(ByteCode.DUP_X1);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke(
"getObjectElem",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
}
generateExpression(child, node);
cfw.addALoad(contextLocal);
cfw.addALoad(variableObjectLocal);
if (indexIsNumber) {
addScriptRuntimeInvoke(
"setObjectIndex",
"(Ljava/lang/Object;"
+"D"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
} else {
addScriptRuntimeInvoke(
"setObjectElem",
"(Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Context;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
}
}
private void visitDotQuery(Node node, Node child)
{
updateLineNumber(node);
generateExpression(child, node);
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke("enterDotQuery",
"(Ljava/lang/Object;"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
// add push null/pop with label in between to simplify code for loop
// continue when it is necessary to pop the null result from
// updateDotQuery
cfw.add(ByteCode.ACONST_NULL);
int queryLoopStart = cfw.acquireLabel();
cfw.markLabel(queryLoopStart); // loop continue jumps here
cfw.add(ByteCode.POP);
generateExpression(child.getNext(), node);
addScriptRuntimeInvoke("toBoolean", "(Ljava/lang/Object;)Z");
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke("updateDotQuery",
"(Z"
+"Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Ljava/lang/Object;");
cfw.add(ByteCode.DUP);
cfw.add(ByteCode.IFNULL, queryLoopStart);
// stack: ... non_null_result_of_updateDotQuery
cfw.addALoad(variableObjectLocal);
addScriptRuntimeInvoke("leaveDotQuery",
"(Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;"
+")Lcom/baidu/openrasp/org/mozilla/javascript/Scriptable;");
cfw.addAStore(variableObjectLocal);
}
private int getLocalBlockRegister(Node node)
{
Node localBlock = (Node)node.getProp(Node.LOCAL_BLOCK_PROP);
int localSlot = localBlock.getExistingIntProp(Node.LOCAL_PROP);
return localSlot;
}
private void dcpLoadAsNumber(int dcp_register)
{
cfw.addALoad(dcp_register);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
int isNumberLabel = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPEQ, isNumberLabel);
short stack = cfw.getStackTop();
cfw.addALoad(dcp_register);
addObjectToDouble();
int beyond = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(isNumberLabel, stack);
cfw.addDLoad(dcp_register + 1);
cfw.markLabel(beyond);
}
private void dcpLoadAsObject(int dcp_register)
{
cfw.addALoad(dcp_register);
cfw.add(ByteCode.GETSTATIC,
"java/lang/Void",
"TYPE",
"Ljava/lang/Class;");
int isNumberLabel = cfw.acquireLabel();
cfw.add(ByteCode.IF_ACMPEQ, isNumberLabel);
short stack = cfw.getStackTop();
cfw.addALoad(dcp_register);
int beyond = cfw.acquireLabel();
cfw.add(ByteCode.GOTO, beyond);
cfw.markLabel(isNumberLabel, stack);
cfw.addDLoad(dcp_register + 1);
addDoubleWrap();
cfw.markLabel(beyond);
}
private void addGoto(Node target, int jumpcode)
{
int targetLabel = getTargetLabel(target);
cfw.add(jumpcode, targetLabel);
}
private void addObjectToDouble()
{
addScriptRuntimeInvoke("toNumber", "(Ljava/lang/Object;)D");
}
private void addNewObjectArray(int size)
{
if (size == 0) {
if (itsZeroArgArray >= 0) {
cfw.addALoad(itsZeroArgArray);
} else {
cfw.add(ByteCode.GETSTATIC,
"com/baidu/openrasp/org/mozilla/javascript/ScriptRuntime",
"emptyArgs", "[Ljava/lang/Object;");
}
} else {
cfw.addPush(size);
cfw.add(ByteCode.ANEWARRAY, "java/lang/Object");
}
}
private void addScriptRuntimeInvoke(String methodName,
String methodSignature)
{
cfw.addInvoke(ByteCode.INVOKESTATIC,
"org.mozilla.javascript.ScriptRuntime",
methodName,
methodSignature);
}
private void addOptRuntimeInvoke(String methodName,
String methodSignature)
{
cfw.addInvoke(ByteCode.INVOKESTATIC,
"com/baidu/openrasp/org/mozilla/javascript/optimizer/OptRuntime",
methodName,
methodSignature);
}
private void addJumpedBooleanWrap(int trueLabel, int falseLabel)
{
cfw.markLabel(falseLabel);
int skip = cfw.acquireLabel();
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"FALSE", "Ljava/lang/Boolean;");
cfw.add(ByteCode.GOTO, skip);
cfw.markLabel(trueLabel);
cfw.add(ByteCode.GETSTATIC, "java/lang/Boolean",
"TRUE", "Ljava/lang/Boolean;");
cfw.markLabel(skip);
cfw.adjustStackTop(-1); // only have 1 of true/false
}
private void addDoubleWrap()
{
addOptRuntimeInvoke("wrapDouble", "(D)Ljava/lang/Double;");
}
/**
* Const locals use an extra slot to hold the has-been-assigned-once flag at
* runtime.
* @param isConst true iff the variable is const
* @return the register for the word pair (double/long)
*/
private short getNewWordPairLocal(boolean isConst)
{
return getNewWordIntern(isConst ? 3 : 2);
}
private short getNewWordLocal(boolean isConst)
{
return getNewWordIntern(isConst ? 2 : 1);
}
private short getNewWordLocal()
{
return getNewWordIntern(1);
}
private short getNewWordIntern(int count)
{
assert count >= 1 && count <= 3;
int[] locals = this.locals;
int result = -1;
if (count > 1) {
// we need 'count' consecutive free slots
OUTER: for (int i = firstFreeLocal; i + count <= MAX_LOCALS;) {
for (int j = 0; j < count; ++j) {
if (locals[i + j] != 0) {
i += j + 1;
continue OUTER;
}
}
result = i;
break;
}
} else {
result = firstFreeLocal;
}
if (result != -1) {
locals[result] = 1;
if (count > 1)
locals[result + 1] = 1;
if (count > 2)
locals[result + 2] = 1;
if (result == firstFreeLocal) {
for (int i = result + count; i < MAX_LOCALS; i++) {
if (locals[i] == 0) {
firstFreeLocal = (short) i;
if (localsMax < firstFreeLocal)
localsMax = firstFreeLocal;
return (short) result;
}
}
} else {
return (short) result;
}
}
throw Context.reportRuntimeError("Program too complex (out of locals)");
}
// This is a valid call only for a local that is allocated by default.
private void incReferenceWordLocal(short local)
{
locals[local]++;
}
// This is a valid call only for a local that is allocated by default.
private void decReferenceWordLocal(short local)
{
locals[local]--;
}
private void releaseWordLocal(short local)
{
if (local < firstFreeLocal)
firstFreeLocal = local;
locals[local] = 0;
}
static final int GENERATOR_TERMINATE = -1;
static final int GENERATOR_START = 0;
static final int GENERATOR_YIELD_START = 1;
ClassFileWriter cfw;
Codegen codegen;
CompilerEnvirons compilerEnv;
ScriptNode scriptOrFn;
public int scriptOrFnIndex;
private int savedCodeOffset;
private OptFunctionNode fnCurrent;
private static final int MAX_LOCALS = 1024;
private int[] locals;
private short firstFreeLocal;
private short localsMax;
private int itsLineNumber;
private boolean hasVarsInRegs;
private short[] varRegisters;
private boolean inDirectCallFunction;
private boolean itsForcedObjectParameters;
private int enterAreaStartLabel;
private int epilogueLabel;
private boolean inLocalBlock;
// special known locals. If you add a new local here, be sure
// to initialize it to -1 in initBodyGeneration
private short variableObjectLocal;
private short popvLocal;
private short contextLocal;
private short argsLocal;
private short operationLocal;
private short thisObjLocal;
private short funObjLocal;
private short itsZeroArgArray;
private short itsOneArgArray;
private short generatorStateLocal;
private boolean isGenerator;
private int generatorSwitch;
private int maxLocals = 0;
private int maxStack = 0;
private Map finallys;
private List literals;
static class FinallyReturnPoint {
public List jsrPoints = new ArrayList();
public int tableLabel = 0;
}
}