Name Description Size
Activation-inl.h static 5433
Activation.cpp 3056
Activation.h 23952
ArgumentsObject-inl.h namespace js 2040
ArgumentsObject.cpp static 34463
ArgumentsObject.h numArgs = std::max(numFormalArgs, numActualArgs) The array 'args' has numArgs elements. 16973
ArrayBufferObject-inl.h 2454
ArrayBufferObject.cpp 61805
ArrayBufferObject.h 25401
ArrayBufferObjectMaybeShared.cpp 2184
ArrayBufferViewObject.cpp This method is used to trace TypedArrayObjects and DataViewObjects. We need a custom tracer to move the object's data pointer if its owner was moved and stores its data inline. 8907
ArrayBufferViewObject.h ArrayBufferViewObject Common base class for all array buffer views (DataViewObject and TypedArrayObject). 5264
ArrayObject-inl.h Track objects with overflowing lengths in type information. 4375
ArrayObject.h 2695
AsyncFunction.cpp 8400
AsyncFunction.h vm_AsyncFunction_h 2021
AsyncFunctionResolveKind.h vm_AsyncFunctionResolveKind_h 578
AsyncIteration.cpp static 19707
AsyncIteration.h 10000
AtomsTable.h Implementation details of the atoms table. 6437
BigIntType.cpp 114962
BigIntType.h 20943
BooleanObject-inl.h = nullptr 785
BooleanObject.h Stores this Boolean object's [[PrimitiveValue]]. 1334
BuildId.cpp SpiderMonkey buildId-related functionality. 1006
BytecodeFormatFlags.h [SMDOC] Bytecode Format flags (JOF_*) 2859
BytecodeIterator-inl.h 1070
BytecodeIterator.h 2305
BytecodeLocation-inl.h 3576
BytecodeLocation.cpp 825
BytecodeLocation.h 9601
BytecodeUtil-inl.h Add an extra pushed value for Or/And opcodes, so that they are included in the pushed array of stack values for type inference. 6575
BytecodeUtil.cpp JS bytecode descriptors, disassemblers, and (expression) decompilers. 83834
BytecodeUtil.h JS bytecode definitions. 19957
Caches-inl.h nDynamicSlots = 3131
Caches.cpp 817
Caches.h GetSrcNote cache to avoid O(n^2) growth in finding a source note for a given pc in a script. We use the script->code pointer to tag the cache, instead of the script address itself, so that source notes are always found by offset from the bytecode with which they were generated. 7625
CallNonGenericMethod.cpp 1069
CharacterEncoding.cpp nbytes sets 1 length since this is surrogate pair. 23536
CheckIsObjectKind.h vm_CheckIsObjectKind_h 619
CodeCoverage.cpp 19327
CodeCoverage.h 5450
CommonPropertyNames.h A higher-order macro for enumerating all cached property names. 39597
Compartment-inl.h Only GC things have to be wrapped or copied. 10457
Compartment.cpp Directly allocate the copy in the destination compartment, rather than first flattening it (and possibly allocating in source compartment), because we don't know whether the flattening will pay off later. 17689
Compartment.h 17348
CompilationAndEvaluation.cpp Same-thread compilation and evaluation APIs. 18935
Compression.cpp 7590
Compression.h Compress some of the input. Return true if it should be called again. 3943
DateObject.h Cached slots holding local properties of the date. These are undefined until the first actual lookup occurs and are reset to undefined whenever the date's time is modified. 5454
DateTime.cpp !defined(XP_WIN) 25816
EnvironmentObject-inl.h namespace js 3185
EnvironmentObject.cpp / Shape* js::EnvironmentCoordinateToEnvironmentShape(JSScript* script, jsbytecode* pc) { MOZ_ASSERT(JOF_OPTYPE(JSOp(*pc)) == JOF_ENVCOORD); ScopeIter si(script->innermostScope(pc)); uint32_t hops = EnvironmentCoordinate(pc).hops(); while (true) { MOZ_ASSERT(!si.done()); if (si.hasSyntacticEnvironment()) { if (!hops) { break; } hops--; } si++; } return si.environmentShape(); } PropertyName* js::EnvironmentCoordinateNameSlow(JSScript* script, jsbytecode* pc) { Shape* shape = EnvironmentCoordinateToEnvironmentShape(script, pc); EnvironmentCoordinate ec(pc); Shape::Range<NoGC> r(shape); while (r.front().slot() != ec.slot()) { r.popFront(); } jsid id = r.front().propidRaw(); /* Beware nameless destructuring formal. 134782
EnvironmentObject.h Return a shape representing the static scope containing the variable accessed by the ALIASEDVAR op at 'pc'. 46223
EqualityOperations.cpp 7341
EqualityOperations.h The equality comparisons of js/Equality.h, but with extra efficiency for SpiderMonkey-internal callers. These functions, assuming they're passed C++-valid arguments, are identical to the same-named JS::-namespaced functions -- just with hidden linkage (so they're more efficient to call), and without various external-caller-focused JSAPI-usage assertions performed that SpiderMonkey users never come close to failing. 1685
ErrorObject-inl.h vm_ErrorObject_inl_h 1269
ErrorObject.cpp 26506
ErrorObject.h Assign the initial error shape to the empty object. (This shape does *not* include .message, which must be added separately if needed; see ErrorObject::init.) 5230
ErrorReporting.cpp 19485
ErrorReporting.h Metadata for a compilation error (or warning) at a particular offset, or at no offset (i.e. with respect to a script overall). 7112
Exception.cpp 1867
ForOfIterator.cpp 5752
FrameIter-inl.h 2149
FrameIter.cpp 27690
FrameIter.h 18754
FunctionFlags.cpp 688
FunctionFlags.h 11702
FunctionPrefixKind.h vm_FunctionPrefixKind_h 553
GeckoProfiler-inl.h This class is used to suppress profiler sampling during critical sections where stack state is not valid. 3409
GeckoProfiler.cpp Ensure all future generated code will be instrumented, or that all currently instrumented code is discarded 18306
GeckoProfiler.h 9728
GeneratorAndAsyncKind.h namespace js 601
GeneratorObject.cpp 13852
GeneratorObject.h 8000
GeneratorResumeKind.h vm_GeneratorResumeKind_h 562
GlobalObject-inl.h static 988
GlobalObject.cpp static 37559
GlobalObject.h Global object slots are reserved as follows: [0, APPLICATION_SLOTS) Pre-reserved slots in all global objects set aside for the embedding's use. As with all reserved slots these start out as UndefinedValue() and are traced for GC purposes. Apart from that the engine never touches these slots, so the embedding can do whatever it wants with them. [APPLICATION_SLOTS, APPLICATION_SLOTS + JSProto_LIMIT) Stores the original value of the constructor for the corresponding JSProtoKey. [APPLICATION_SLOTS + JSProto_LIMIT, APPLICATION_SLOTS + 2 * JSProto_LIMIT) Stores the prototype, if any, for the constructor for the corresponding JSProtoKey offset from JSProto_LIMIT. [APPLICATION_SLOTS + 2 * JSProto_LIMIT, RESERVED_SLOTS) Various one-off values: ES5 13.2.3's [[ThrowTypeError]], RegExp statics, the original eval for this global object (implementing |var eval = otherWindow.eval; eval(...)| as an indirect eval), a bit indicating whether this object has been cleared (see JS_ClearScope), and a cache for whether eval is allowed (per the global's Content Security Policy). The two JSProto_LIMIT-sized ranges are necessary to implement js::FindClassObject, and spec language speaking in terms of "the original Array prototype object", or "as if by the expression new Array()" referring to the original Array constructor. The actual (writable and even deletable) Object, Array, &c. properties are not stored in reserved slots. 35866
HelperThreads.cpp 81043
HelperThreads.h Definitions for managing off-thread work using a process wide list of worklist items and pool of threads. Worklist items are engine internal, and are distinct from e.g. web workers. 31493
Id.cpp static 1388
Initialization.cpp SpiderMonkey initialization and shutdown code. 8233
InlineCharBuffer-inl.h 5046
Instrumentation.cpp static 9181
Instrumentation.h The main entry point of a script. 4353
Interpreter-inl.h Every possible consumer of MagicValue(JS_OPTIMIZED_ARGUMENTS) (as determined by ScriptAnalysis::needsArgsObj) must check for these magic values and, when one is received, act as if the value were the function's ArgumentsObject. Additionally, it is possible that, after 'arguments' was copied into a temporary, the arguments object has been created a some other failed guard that called JSScript::argumentsOptimizationFailed. In this case, it is always valid (and necessary) to replace JS_OPTIMIZED_ARGUMENTS with the real arguments object. 21878
Interpreter.cpp JavaScript bytecode interpreter. 174827
Interpreter.h JS interpreter interface. 27130
IsGivenTypeObject-inl.h 894
Iteration.cpp JavaScript iterators. 50495
Iteration.h JavaScript iterators. 14641
JSAtom-inl.h Write out character representing |index| to the memory just before |end|. Thus |*end| is not touched, but |end[-1]| and earlier are modified as appropriate. There must be at least js::UINT32_CHAR_BUFFER_LENGTH elements before |end| to avoid buffer underflow. The start of the characters written is returned and is necessarily before |end|. 4509
JSAtom.cpp JS atom table. 42283
JSAtom.h Return a printable, lossless char[] representation of a string-type atom. The returned string is guaranteed to contain only ASCII characters. 3363
JSContext-inl.h Set a breakpoint here (break js::ContextChecks::fail) to debug realm/compartment/zone mismatches. 12712
JSContext.cpp JS execution context. 36225
JSContext.h JS execution context. 42888
JSFunction-inl.h For attempts to clone functions at a function definition opcode, try to avoid the the clone if the function has singleton type. This was called pessimistically, and we need to preserve the type's property that if it is singleton there is only a single object with its type in existence. For functions inner to run once lambda, it may be possible that the lambda runs multiple times and we repeatedly clone it. In these cases, fall through to CloneFunctionObject, which will deep clone the function's script. 4974
JSFunction.cpp JS function support. 78912
JSFunction.h JS function definitions. 33507
JSONParser.cpp JSONString: /^"([^\u0000-\u001F"\\]|\\(["/\\bfnrt]|u[0-9a-fA-F]{4}))*"$/ 21533
JSONParser.h Data members 7558
JSONPrinter.cpp 4650
JSONPrinter.h vm_JSONPrinter_h 2565
JSObject-inl.h Get the GC kind to use for scripted 'new' on the given class. FIXME bug 547327: estimate the size from the allocation site. 24347
JSObject.cpp JS object implementation. 126500
JSObject.h / class GlobalObject; class NewObjectCache; enum class IntegrityLevel { Sealed, Frozen }; // Forward declarations, required for later friend declarations. bool PreventExtensions(JSContext* cx, JS::HandleObject obj, JS::ObjectOpResult& result); bool SetImmutablePrototype(JSContext* cx, JS::HandleObject obj, bool* succeeded); } /* namespace js 41642
JSScript-inl.h A JSScript always marks its realm's global so we can assert it's non-null here. We don't need a read barrier here for the same reason JSObject::nonCCWGlobal doesn't need one. 7942
JSScript.cpp JS script operations. 171115
JSScript.h JS script descriptor. 101090
JitActivation.cpp 8297
JitActivation.h 9806
List-inl.h static 4234
List.cpp 419
List.h The List specification type, ECMA-262 6.2.1. <> Lists are simple mutable sequences of values. Many standards use them. Abstractly, they're not objects; they don't have properties or prototypes; they're for internal specification use only. ListObject is our most direct implementation of a List: store the values in the slots of a JSObject. We often implement Lists in other ways. For example, builtin/Utilities.js contains a completely unrelated List constructor that's used in self-hosted code. And AsyncGeneratorObject optimizes away the ListObject in the common case where its internal queue never holds more than one element. ListObjects must not be exposed to content scripts. 3009
MallocProvider.h Hierarchy of SpiderMonkey system memory allocators: - System {m,c,re}alloc/new/free: Overridden by jemalloc in most environments. Do not use these functions directly. - js_{m,c,re}alloc/new/free: Wraps the system allocators and adds a failure injection framework for use by the fuzzers as well as templated, typesafe variants. See js/public/Utility.h. - AllocPolicy: An interface for the js allocators, for use with templates. These allocators are for system memory whose lifetime is not associated with a GC thing. See js/public/AllocPolicy.h. - SystemAllocPolicy: No extra functionality over bare allocators. - TempAllocPolicy: Adds automatic error reporting to the provided JSContext when allocations fail. - ZoneAllocPolicy: Forwards to the Zone MallocProvider. - MallocProvider. A mixin base class that handles automatically updating the GC's state in response to allocations that are tied to a GC lifetime or are for a particular GC purpose. These allocators must only be used for memory that will be freed when a GC thing is swept. - gc::Zone: Automatically triggers zone GC. - JSRuntime: Automatically triggers full GC. - JSContext: Dispatches directly to the runtime. 7825
MatchPairs.h RegExp match results are succinctly represented by pairs of integer indices delimiting (start, limit] segments of the input string. The pair count for a given RegExp match is the capturing parentheses count plus one for the "0 capturing paren" whole text match. 3215
MemoryMetrics.cpp static 28739
ModuleBuilder.h 3981
Modules.cpp JavaScript modules (as in, the syntactic construct) implementation. 5736
Monitor.h vm_Monitor_h 1880
MutexIDs.h 2837
NativeObject-inl.h Check that the information about the object stored in the last property's base shape is consistent with that stored in the previous shape. If not consistent, then the last property cannot be removed as it will induce a change in the object itself, and the object must be converted to dictionary mode instead. See BaseShape comment in jsscope.h 26715
NativeObject.cpp Objects with no elements share one empty set of elements. 104157
NativeObject.h To really poison a set of values, using 'magic' or 'undefined' isn't good enough since often these will just be ignored by buggy code (see bug 629974) in debug builds and crash in release builds. Instead, we use a safe-for-crash pointer. 63548
NumberObject-inl.h = nullptr 816
NumberObject.h Stores this Number object's [[PrimitiveValue]]. 1283
ObjectGroup-inl.h static 4160
ObjectGroup.cpp Windows may not appear on prototype chains. 58676
ObjectGroup.h The NewObjectKind allows an allocation site to specify the type properties and lifetime requirements that must be fixed at allocation time. 24935
ObjectOperations-inl.h Fundamental operations on objects. 13329
ObjectOperations.h Fundamental operations on objects. 13109
OffThreadPromiseRuntimeState.cpp 10344
OffThreadPromiseRuntimeState.h 9190
OffThreadScriptCompilation.cpp 9721
Opcodes.h 145352
PIC.cpp 10323
PIC.h The basic PICStub just has a pointer to the next stub. 7045
PlainObject-inl.h static 3817
PlainObject.cpp JS object implementation. 6912
PlainObject.h Return the allocKind we would use if we were to tenure this object. 2346
Printer.cpp Include trailing \0 12611
Printer.h Do nothing 7220
Probes-inl.h Many probe handlers are implemented inline for minimal performance impact, especially important when no backends are enabled. 2446
Probes.cpp These functions call the DTrace macros for the JavaScript USDT probes. Originally this code was inlined in the JavaScript code; however since a number of operations are called, these have been placed into functions to reduce any negative compiler optimization effect that the addition of a number of usually unused lines of code would cause. 2119
Probes.h Static probes The probe points defined in this file are scattered around the SpiderMonkey source tree. The presence of probes::SomeEvent() means that someEvent is about to happen or has happened. To the extent possible, probes should be inserted in all paths associated with a given event, regardless of the active runmode (interpreter/traceJIT/methodJIT/ionJIT). When a probe fires, it is handled by any probe handling backends that have been compiled in. By default, most probes do nothing or at least do nothing expensive, so the presence of the probe should have negligible effect on running time. (Probes in slow paths may do something by default, as long as there is no noticeable slowdown.) For some probes, the mere existence of the probe is too expensive even if it does nothing when called. For example, just having consistent information available for a function call entry/exit probe causes the JITs to de-optimize function calls. In those cases, the JITs may query at compile time whether a probe is desired, and omit the probe invocation if not. If a probe is runtime-disabled at compilation time, it is not guaranteed to fire within a compiled function if it is later enabled. Not all backends handle all of the probes listed here. 4310
ProfilingStack.cpp 1407
PromiseLookup.cpp 9554
PromiseLookup.h A PromiseLookup holds the following: Promise's shape (promiseConstructorShape_) To ensure that Promise has not been modified. Promise.prototype's shape (promiseProtoShape_) To ensure that Promise.prototype has not been modified. Promise's shape for the @@species getter. (promiseSpeciesShape_) To quickly retrieve the @@species getter for Promise. Promise's slot number for resolve (promiseResolveSlot_) To quickly retrieve the Promise.resolve function. Promise.prototype's slot number for constructor (promiseProtoConstructorSlot_) To quickly retrieve the Promise.prototype.constructor property. Promise.prototype's slot number for then (promiseProtoThenSlot_) To quickly retrieve the Promise.prototype.then function. MOZ_INIT_OUTSIDE_CTOR fields below are set in |initialize()|. The constructor only initializes a |state_| field, that defines whether the other fields are accessible. 6037
PromiseObject.h 9259
ProxyObject.cpp static 10039
ProxyObject.h This is the base class for the various kinds of proxy objects. It's never instantiated. Proxy objects use their shape primarily to record flags. Property information, &c. is all dynamically computed. There is no class_ member to force specialization of JSObject::is<T>(). The implementation in JSObject is incorrect for proxies since it doesn't take account of the handler type. 5629
Realm-inl.h static 3526
Realm.cpp As a hack, we clear our timezone cache every time we create a new realm. This ensures that the cache is always relatively fresh, but shouldn't interfere with benchmarks that create tons of date objects (unless they also create tons of iframes, which seems unlikely). 28679
Realm.h A single-entry cache for some base-10 double-to-string conversions. This helps date-format-xparb.js. It also avoids skewing the results for v8-splay.js when measured by the SunSpider harness, where the splay tree initialization (which includes many repeated double-to-string conversions) is erroneously included in the measurement; see bug 562553. 33123
ReceiverGuard-inl.h vm_ReceiverGuard_inl_h 1212
ReceiverGuard.cpp 604
ReceiverGuard.h vm_ReceiverGuard_h 3233
RegExpObject.cpp = nullptr 59191
RegExpObject.h JavaScript RegExp objects. 8552
RegExpShared.h The compiled representation of a RegExp, potentially shared among RegExp instances created during separate evaluations of a single RegExp literal in source code. 14642
RegExpStatics.cpp RegExpStatics allocates memory -- in order to keep the statics stored per-global and not leak, we create a JSClass to wrap the C++ instance and provide an appropriate finalizer. We lazily create and store an instance of that JSClass in a global reserved slot. 3435
RegExpStatics.h The latest RegExp output, set after execution. 9392
RegExpStaticsObject.h vm_RegExpStaticsObject_h 829
Runtime.cpp static 26752
Runtime.h Different signature because the return type has MOZ_MUST_USE_TYPE. 37690
SavedFrame.h 9491
SavedStacks-inl.h 1271
SavedStacks.cpp Maximum number of saved frames returned for an async stack. 68963
SavedStacks.h 15148
Scope.cpp 68945
Scope.h The various {Global,Module,...}Scope::Data classes consist of always-present bits, then a trailing array of BindingNames. The various Data classes all end in a TrailingNamesArray that contains sized/aligned space for *one* BindingName. Data instances that contain N BindingNames, are then allocated in sizeof(Data) + (space for (N - 1) BindingNames). Because this class's |data_| field is properly sized/aligned, the N-BindingName array can start at |data_|. This is concededly a very low-level representation, but we want to only allocate once for data+bindings both, and this does so approximately as elegantly as C++ allows. 49810
ScopeKind.h 876
SelfHosting.cpp 113885
SelfHosting.h Check whether the given JSFunction is a self-hosted function whose self-hosted name is the given name. 2828
Shape-inl.h static 13410
Shape.cpp JS symbol tables. 67252
Shape.h [SMDOC] Shapes In isolation, a Shape represents a property that exists in one or more objects; it has an id, flags, etc. (But it doesn't represent the property's value.) However, Shapes are always stored in linked linear sequence of Shapes, called "shape lineages". Each shape lineage represents the layout of an entire object. Every JSObject has a pointer, |shape_|, accessible via lastProperty(), to the last Shape in a shape lineage, which identifies the property most recently added to the object. This pointer permits fast object layout tests. The shape lineage order also dictates the enumeration order for the object; ECMA requires no particular order but this implementation has promised and delivered property definition order. Shape lineages occur in two kinds of data structure. 1. N-ary property trees. Each path from a non-root node to the root node in a property tree is a shape lineage. Property trees permit full (or partial) sharing of Shapes between objects that have fully (or partly) identical layouts. The root is an EmptyShape whose identity is determined by the object's class, compartment and prototype. These Shapes are shared and immutable. 2. Dictionary mode lists. Shapes in such lists are said to be "in dictionary mode", as are objects that point to such Shapes. These Shapes are unshared, private to a single object, and immutable except for their links in the dictionary list. All shape lineages are bi-directionally linked, via the |parent| and |children|/|listp| members. Shape lineages start out life in the property tree. They can be converted (by copying) to dictionary mode lists in the following circumstances. 1. The shape lineage's size reaches MAX_HEIGHT. This reasonable limit avoids potential worst cases involving shape lineage mutations. 2. A property represented by a non-last Shape in a shape lineage is removed from an object. (In the last Shape case, obj->shape_ can be easily adjusted to point to obj->shape_->parent.) We originally tried lazy forking of the property tree, but this blows up for delete/add repetitions. 3. A property represented by a non-last Shape in a shape lineage has its attributes modified. To find the Shape for a particular property of an object initially requires a linear search. But if the number of searches starting at any particular Shape in the property tree exceeds LINEAR_SEARCHES_MAX and the Shape's lineage has (excluding the EmptyShape) at least MIN_ENTRIES, we create an auxiliary hash table -- the ShapeTable -- that allows faster lookup. Furthermore, a ShapeTable is always created for dictionary mode lists, and it is attached to the last Shape in the lineage. Shape tables for property tree Shapes never change, but shape tables for dictionary mode Shapes can grow and shrink. To save memory, shape tables can be discarded on GC and recreated when needed. AutoKeepShapeCaches can be used to avoid discarding shape tables for a particular zone. Methods operating on ShapeTables take either an AutoCheckCannotGC or AutoKeepShapeCaches argument, to help ensure tables are not purged while we're using them. There used to be a long, math-heavy comment here explaining why property trees are more space-efficient than alternatives. This was removed in bug 631138; see that bug for the full details. For getters/setters, an AccessorShape is allocated. This is a slightly fatter type with extra fields for the getter/setter data. Because many Shapes have similar data, there is actually a secondary type called a BaseShape that holds some of a Shape's data. Many shapes can share a single BaseShape. 59547
SharedArrayObject.cpp for resize 16090
SharedArrayObject.h SharedArrayRawBuffer A bookkeeping object always stored immediately before the raw buffer. The buffer itself is mmap()'d and refcounted. SharedArrayBufferObjects and structured clone objects may hold references. |<------ sizeof ------>|<- length ->| | waste | SharedArrayRawBuffer | data array | waste | Observe that if we want to map the data array on a specific address, such as absolute zero (bug 1056027), then the SharedArrayRawBuffer cannot be prefixed to the data array, it has to be a separate object, also in shared memory. (That would get rid of ~4KB of waste, as well.) Very little else would have to change throughout the engine, the SARB would point to the data array using a constant pointer, instead of computing its address. If preparedForWasm_ is true then length_ can change following initialization; it may grow toward maxSize_. See extensive comments above WasmArrayRawBuffer in ArrayBufferObject.cpp. length_ only grows when the lock is held. 9113
SharedImmutableStringsCache-inl.h 2704
SharedImmutableStringsCache.cpp 3634
SharedImmutableStringsCache.h The `SharedImmutableStringsCache` allows safely sharing and deduplicating immutable strings (either `const char*` [any encoding, not restricted to only Latin-1 or only UTF-8] or `const char16_t*`) between threads. The locking mechanism is dead-simple and coarse grained: a single lock guards all of the internal table itself, the table's entries, and the entries' reference counts. It is only safe to perform any mutation on the cache or any data stored within the cache when this lock is acquired. 14511
SharedMem.h 4930
SharedStencil.h Exception handling record. 14287
SourceHook.cpp 880
Stack-inl.h Initialize stack frame members. 23496
Stack.cpp 23217
Stack.h / namespace js { namespace jit { class BaselineFrame; class RematerializedFrame; } // namespace jit /** Pointer to a live JS or WASM stack frame. 32337
StencilEnums.h 12678
StringObject-inl.h static 1538
StringObject.h Creates a new String object boxing the given string. The object's [[Prototype]] is determined from context. 2163
StringType-inl.h Don't bother trying to find a static atom; measurement shows that not many get here (for one, Atomize is catching them). 14415
StringType.cpp 71804
StringType.h The buffer length required to contain any unsigned 32-bit integer. 63709
StructuredClone.cpp This file implements the structured data algorithms of The spec is in two parts: - StructuredSerialize examines a JS value and produces a graph of Records. - StructuredDeserialize walks the Records and produces a new JS value. The differences between our implementation and the spec are minor: - We call the two phases "write" and "read". - Our algorithms use an explicit work stack, rather than recursion. - Serialized data is a flat array of bytes, not a (possibly cyclic) graph of "Records". - As a consequence, we handle non-treelike object graphs differently. We serialize objects that appear in multiple places in the input as backreferences, using sequential integer indexes. See `JSStructuredCloneReader::allObjs`, our take on the "memory" map in the spec's StructuredDeserialize. 102874
SymbolType.cpp 3736
SymbolType.h namespace JS 5176
TaggedProto.cpp static 1181
TaggedProto.h Skip nullptr and LazyProto. 5138
ThrowMsgKind.cpp 794
ThrowMsgKind.h vm_ThrowMsgKind_h 657
Time.cpp PR time code. 12955
Time.h Broken down form of 64 bit time value. 5026
ToSource.cpp Convert a JSString to its source expression; returns null after reporting an error, otherwise returns a new string reference. No Handle needed since the input is dead after the GC. 6719
ToSource.h 817
TraceLogging.cpp 53824
TraceLogging.h [SMDOC] Tracelogging overview. Tracelogging makes it possible to trace the occurrence of a single event and/or the start and stop of an event. This is implemented with as low overhead as possible to not interfere with running. Logging something is done in 3 stages. 1) Get the tracelogger of the current thread. cx may be omitted, in which case it will be fetched from TLS. - TraceLoggerForCurrentThread(cx); 2) Optionally create a TraceLoggerEvent for the text that needs to get logged. This step takes some time, so try to do this beforehand, outside the hot path and don't do unnecessary repetitions, since it will cripple performance. - TraceLoggerEvent event(logger, "foo"); There are also some predefined events. They are located in TraceLoggerTextId. They don't require to create an TraceLoggerEvent and can also be used as an argument to these functions. 3) Log the occurrence of a single event: - TraceLogTimestamp(logger, TraceLoggerTextId); Note: it is temporarily not supported to provide an TraceLoggerEvent as argument to log the occurrence of a single event. or log the start and stop of an event: - TraceLogStartEvent(logger, TraceLoggerTextId); - TraceLogStartEvent(logger, TraceLoggerEvent); - TraceLogStopEvent(logger, TraceLoggerTextId); - TraceLogStopEvent(logger, TraceLoggerEvent); or the start/stop of an event with a RAII class: - AutoTraceLog atl(logger, TraceLoggerTextId); - AutoTraceLog atl(logger, TraceLoggerEvent); 21396
TraceLoggingGraph.cpp 18005
TraceLoggingGraph.h The output of a tracelogging session is saved in /tmp/tl-data.json. The format of that file is a JS array per tracelogger (=thread), with a map containing: - dict: Name of the file containing a json table with the log text. All other files only contain a index to this table when logging. - events: Name of the file containing a flat list of log events saved in binary format. (64bit: Time Stamp Counter, 32bit index to dict) - tree: Name of the file containing the events with duration. The content is already in a tree data structure. This is also saved in a binary file. - treeFormat: The format used to encode the tree. By default "64,64,31,1,32". There are currently no other formats to save the tree. - 64,64,31,1,32 signifies how many bytes are used for the different parts of the tree. => 64 bits: Time Stamp Counter of start of event. => 64 bits: Time Stamp Counter of end of event. => 31 bits: Index to dict file containing the log text. => 1 bit: Boolean signifying if this entry has children. When true, the child can be found just right after this entry. => 32 bits: Containing the ID of the next event on the same depth or 0 if there isn't an event on the same depth anymore. /-> The position in the file. Id is this divided by size of entry. | So in this case this would be 1 (192bits per entry). | /-> Indicates there are children. The | | first child is located at current | | ID + 1. So 1 + 1 in this case: 2. | | Or 0x00180 in the tree file. | | /-> Next event on the same depth is | | | located at 4. So 0x00300 in the | | | tree file. 0x0000C0: [start, end, dictId, 1, 4] Example: 0x0: [start, end, dictId, 1, 0] | /----------------------------------\ | | 0xC0: [start, end, dictId, 0, 2] 0x180 [start, end, dictId, 1, 0] | /----------------------------------\ | | 0x240: [start, end, dictId, 0, 4] 0x300 [start, end, dictId, 0, 0] 9182
TraceLoggingTypes.cpp 656
TraceLoggingTypes.h Specific passes during ion compilation 9200
TypeInference-inl.h Inline members for javascript type inference. 45591
TypeInference.cpp static 139185
TypeInference.h Definitions related to javascript type inference. 12227
TypeSet.h TypeSet classes and functions. 32381
TypedArrayObject-inl.h Utilities and common inline code for TypedArray 22985
TypedArrayObject.cpp TypedArrayObject The non-templated base class for the specific typed implementations. This class holds all the member variables that are used by the subclasses. 93152
TypedArrayObject.h TypedArrayObject The non-templated base class for the specific typed implementations. This class holds all the member variables that are used by the subclasses. 11238
UbiNode.cpp 15864
UbiNodeCensus.cpp Count Types *********************************************************** 41963
UbiNodeShortestPaths.cpp = 10 2393
Value.cpp 1289
Warnings.cpp 3157
Warnings.h vm_Warnings_h 839
WrapperObject.h vm_WrapperObject_h 1075
Xdr.cpp 16761
Xdr.h 17856 12015 Usage: python This script generates SpiderMonkey bytecode documentation from js/src/vm/Opcodes.h. Output is written to stdout and should be pasted into the following MDN page: 5372