js-confuser-vm 0.0.3 → 0.0.5

package/src/transforms/runtime/minify.ts

@@ -0,0 +1 @@
+export { minify as applyMinify } from "../../minify.ts";

package/src/transforms/runtime/shuffleOpcodes.ts

@@ -0,0 +1,24 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { shuffle } from "../utils/random-utils.ts";
+const traverse = (traverseImport.default ||
+  traverseImport) as typeof traverseImport.default;
+
+// Randomly reorder the switch cases inside the @SWITCH statement so the
+// opcode handler order varies per build.
+export function applyShuffleOpcodes(ast: t.File): void {
+  let switchStatement: t.SwitchStatement | null = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some((c) => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    },
+  });
+
+  ok(switchStatement, "Could not find opcode handlers switch statement");
+
+  switchStatement.cases = shuffle(switchStatement.cases);
+}

package/src/transforms/runtime/specializedOpcodes.ts

@@ -0,0 +1,146 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { Compiler } from "../../compiler.ts";
+import type * as b from "../../types.ts";
+
+const traverse = (traverseImport.default ||
+  traverseImport) as typeof traverseImport.default;
+
+// Extract the real statement list from a SwitchCase consequent (identical to the
+// helper used by applyMacroOpcodes so the two files stay in sync).
+function extractCaseBody(switchCase: t.SwitchCase): t.Statement[] {
+  let stmts: t.Statement[];
+  if (
+    switchCase.consequent.length === 1 &&
+    t.isBlockStatement(switchCase.consequent[0])
+  ) {
+    stmts = (switchCase.consequent[0] as t.BlockStatement).body;
+  } else {
+    stmts = switchCase.consequent as t.Statement[];
+  }
+  return stmts.filter((s) => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
+}
+
+// Inline a fixed numeric operand in place of every `this._operand()` call.
+// Because specialized opcodes are only created for instructions that have
+// *exactly one* numeric operand, every `_operand()` call inside the original
+// handler is replaced by the constant value that was baked into the opcode.
+function inlineFixedOperand(
+  bodyStmts: t.Statement[],
+  resolvedValue: number,
+): void {
+  // Wrap the statements in a temporary BlockStatement so traverse has a root.
+  // The replacement mutates the original statement objects in place.
+  traverse(t.blockStatement(bodyStmts), {
+    noScope: true,
+    CallExpression(path) {
+      const callee = path.node.callee;
+      if (
+        t.isMemberExpression(callee) &&
+        t.isThisExpression(callee.object) &&
+        t.isIdentifier(callee.property, { name: "_operand" }) &&
+        path.node.arguments.length === 0
+      ) {
+        path.replaceWith(t.numericLiteral(resolvedValue));
+      }
+    },
+  });
+}
+
+// Append a generated switch case for every entry in compiler.SPECIALIZED_OPS.
+// Each case is a clone of the original opcode’s handler with `this._operand()`
+// replaced by the constant integer that was captured at compile time.
+// Must be called AFTER applyMacroOpcodes (so the original cases exist) but
+// BEFORE applyShuffleOpcodes so the new specialized cases also get shuffled.
+export function applySpecializedOpcodes(
+  ast: t.File,
+  bytecode: b.Bytecode,
+  compiler: Compiler,
+): void {
+  let switchStatement: t.SwitchStatement | null = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some((c) => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    },
+  });
+
+  ok(
+    switchStatement,
+    "Could not find @SWITCH statement for specialized opcodes",
+  );
+
+  // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
+  const nameToCaseMap = new Map<string, t.SwitchCase>();
+  for (const sc of (switchStatement as t.SwitchStatement).cases) {
+    const test = sc.test;
+    if (
+      test &&
+      t.isMemberExpression(test) &&
+      t.isIdentifier(test.object, { name: "OP" }) &&
+      t.isIdentifier(test.property)
+    ) {
+      nameToCaseMap.set((test.property as t.Identifier).name, sc);
+    }
+  }
+
+  if (!compiler.SPECIALIZED_OPS) return;
+
+  for (const [specialOpStr, info] of Object.entries(compiler.SPECIALIZED_OPS)) {
+    const specialOpCode = Number(specialOpStr);
+    const { originalOp, operand } = info as {
+      originalOp: number;
+      operand: number;
+    };
+
+    const newName = compiler.OP_NAME[specialOpCode];
+    const originalName = compiler.OP_NAME[originalOp];
+    if (!originalName) continue;
+
+    const originalCase = nameToCaseMap.get(originalName);
+    if (!originalCase) continue;
+
+    // Clone the original handler body
+    const bodyStmts: t.Statement[] = extractCaseBody(originalCase).map(
+      (s) => t.cloneNode(s, true) as t.Statement,
+    );
+
+    const placedOperand = info.resolvedOperand || { resolvedValue: 1337 };
+    ok(
+      placedOperand !== undefined,
+      `Could not find operand for original opcode ${newName}`,
+    );
+
+    const resolvedValue =
+      (placedOperand as any)?.resolvedValue ?? placedOperand;
+    if (typeof resolvedValue !== "number") {
+      console.error(resolvedValue);
+    }
+    ok(typeof resolvedValue === "number", "Expected a numeric operand value");
+
+    // Replace this._operand() with the baked-in constant
+    inlineFixedOperand(bodyStmts, resolvedValue);
+
+    // Add a leading comment so the generated source stays readable
+    if (bodyStmts.length > 0) {
+      t.addComment(
+        bodyStmts[0],
+        "leading",
+        ` ${compiler.OP_NAME[specialOpCode]} (specialized)`,
+        true,
+      );
+    }
+
+    bodyStmts.push(t.breakStatement());
+
+    // Insert the new specialized case into the big switch
+    (switchStatement as t.SwitchStatement).cases.push(
+      t.switchCase(t.numericLiteral(specialOpCode), [
+        t.blockStatement(bodyStmts),
+      ]),
+    );
+  }
+}

package/src/transforms/utils/op-utils.ts

@@ -0,0 +1,26 @@
+import { getRandomInt } from "./random-utils.ts";
+
+export const U16_MAX = 0xffff; // bytecode operands are u16
+
+/** Returns the next free opcode slot, or -1 when the space is exhausted. */
+export function nextFreeSlot(usedOpcodes: Set<number>): number {
+  if (usedOpcodes.size > U16_MAX) return -1;
+  let attempts = 0;
+  while (attempts++ < 512) {
+    const candidate = getRandomInt(0, U16_MAX);
+    if (!usedOpcodes.has(candidate)) {
+      usedOpcodes.add(candidate);
+      return candidate;
+    }
+  }
+  // Fallback: linear scan from a random start
+  const start = getRandomInt(0, U16_MAX);
+  for (let i = 0; i <= U16_MAX; i++) {
+    const v = (start + i) & U16_MAX;
+    if (!usedOpcodes.has(v)) {
+      usedOpcodes.add(v);
+      return v;
+    }
+  }
+  return -1;
+}

package/src/{random.ts → transforms/utils/random-utils.ts}

@@ -1,31 +1,31 @@
-import { ok } from "assert";
-
-export function getPlaceholder() {
-  return Math.random().toString(36).substring(2, 15);
-}
-
-export function choice<T>(elements: T[]): T {
-  ok(elements.length > 0, "choice() called on empty sequence");
-  return elements[Math.floor(Math.random() * elements.length)];
-}
-
-export function getRandom(): number {
-  return Math.random();
-}
-
-export function getRandomInt(min: number, max: number): number {
-  ok(min <= max, "min must be <= max");
-  return Math.floor(Math.random() * (max - min + 1)) + min;
-}
-
-/**
- * Shuffles an array in-place using the Fisher-Yates algorithm.
- * @param array - The array to shuffle (mutated)
- */
-export function shuffle<T>(array: T[]): T[] {
-  for (let i = array.length - 1; i > 0; i--) {
-    const j = Math.floor(Math.random() * (i + 1));
-    [array[i], array[j]] = [array[j], array[i]];
-  }
-  return array;
-}
+import { ok } from "assert";
+
+export function getPlaceholder() {
+  return Math.random().toString(36).substring(2, 15);
+}
+
+export function choice<T>(elements: T[]): T {
+  ok(elements.length > 0, "choice() called on empty sequence");
+  return elements[Math.floor(Math.random() * elements.length)];
+}
+
+export function getRandom(): number {
+  return Math.random();
+}
+
+export function getRandomInt(min: number, max: number): number {
+  ok(min <= max, "min must be <= max");
+  return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+/**
+ * Shuffles an array in-place using the Fisher-Yates algorithm.
+ * @param array - The array to shuffle (mutated)
+ */
+export function shuffle<T>(array: T[]): T[] {
+  for (let i = array.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [array[i], array[j]] = [array[j], array[i]];
+  }
+  return array;
+}

package/src/types.ts

@@ -1,24 +1,33 @@
-// Bytecode supports both real instructions and IR pseudo-instructions
-// Real instruction: [OP.ADD, 5]
-// IR instruction: [null, { type: "defineLabel", label: "FN_ENTRY_1" }]
-
-// IR instructions are used to hold symbolic information during compilation
-// All "null" instructions are dropped before assembly time
-export type Instruction = [
-  number | null,
-  (
-    | number
-    | { type: "label"; label: string; offset?: number }
-    | { type: "defineLabel"; label: string }
-    | { type: "constant"; value: any }
-  )?,
-];
-
-export type Bytecode = Instruction[];
-
-export function constantOperand(value: any): Instruction[1] {
-  return {
-    type: "constant",
-    value: value,
-  };
-}
+// Bytecode supports both real instructions and IR pseudo-instructions
+// Real instruction: [OP.ADD, 5]  or multi-operand: [OP.MAKE_CLOSURE, labelRef, 2, 3, 0]
+// IR instruction: [null, { type: "defineLabel", label: "FN_ENTRY_1" }]
+
+// IR instructions are used to hold symbolic information during compilation
+// All "null" instructions are dropped before assembly time.
+// Instructions may carry any number of operands; the flat output serializes
+// each operand as a separate u16 slot in the bytecode array.
+export type InstrOperand =
+  | number
+  | Op<{ type: "number"; value: number }>
+  | Op<{ type: "label"; label: string; offset?: number }>
+  | Op<{ type: "defineLabel"; label: string }>
+  | Op<{ type: "constant"; value: any }>;
+
+export interface Operand {
+  type: string;
+  placeholder?: boolean;
+  resolvedValue?: number;
+}
+
+type Op<T extends object> = Operand & T;
+
+export type Instruction = [number | null, ...InstrOperand[]];
+
+export type Bytecode = Instruction[];
+
+export function constantOperand(value: any): Instruction[1] {
+  return {
+    type: "constant",
+    value: value,
+  };
+}

package/src/utilts.ts

@@ -1,3 +1,3 @@
-export function escapeRegex(s: string): string {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
+export function escapeRegex(s: string): string {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/tsconfig.json

@@ -1,12 +1,12 @@
-{
-  "compilerOptions": {
-    "target": "esnext",
-    "module": "nodenext",
-    "outDir": "./dist",
-    "rootDir": "./",
-    "strict": false,
-    "noEmit": true,
-    "types": ["node"],
-    "allowImportingTsExtensions": true
-  }
-}
+{
+  "compilerOptions": {
+    "target": "esnext",
+    "module": "nodenext",
+    "outDir": "./dist",
+    "rootDir": "./",
+    "strict": false,
+    "noEmit": true,
+    "types": ["node"],
+    "allowImportingTsExtensions": true
+  }
+}

package/dist/runtimeObf.js

@@ -1,56 +0,0 @@
-import { generate } from "@babel/generator";
-import { parse } from "@babel/parser";
-import traverseImport from "@babel/traverse";
-import { ok } from "assert";
-import { shuffle } from "./random.js";
-import { minify } from "./minify.js";
-const traverse = traverseImport.default || traverseImport;
-export async function obfuscateRuntime(runtime, options) {
-  let ast;
-  try {
-    ast = parse(runtime, {
-      sourceType: "unambiguous"
-    });
-  } catch (error) {
-    throw new Error("VM-Runtime final parsing failed", {
-      cause: error
-    });
-  }
-
-  // shuffle order of opcode handlers
-
-  if (options.shuffleOpcodes) {
-    let switchStatement = null;
-    traverse(ast, {
-      SwitchStatement(path) {
-        if (path.node.leadingComments?.some(comment => comment.value.includes("@SWITCH"))) {
-          switchStatement = path.node;
-          path.stop();
-        }
-      }
-    });
-    ok(switchStatement, "Could not find opcode handlers switch statement");
-
-    // simply shuffle the order of the cases
-
-    switchStatement.cases = shuffle(switchStatement.cases);
-  }
-  let generated;
-  try {
-    generated = generate(ast).code;
-  } catch (error) {
-    throw new Error("VM-Runtime final generation failed", {
-      cause: error
-    });
-  }
-  if (options.minify) {
-    try {
-      generated = await minify(generated);
-    } catch (error) {
-      throw new Error("VM-Runtime final minification failed", {
-        cause: error
-      });
-    }
-  }
-  return generated;
-}

package/dist/transforms/controlFlowFlattening.js

@@ -1,22 +0,0 @@
-/**
- * Breaks functions into DAGs (Directed Acyclic Graphs)
- *
- * - 1. Break bytecode into chunks
- * - 2. Shuffle chunks but remember their original position
- * - 3. Create an effectively Switch statement inside a While loop, each case is a chunk, and the while loops exits on the last transition.
- *
- * The Switch statement:
- *
- * - 1. The state variable controls which case will run next
- * - 2. At the end of each case, the state variable is updated to the next block of code.
- * - 3. The while loop continues until the the state variable is the end state.
- */
-export async function controlFlowFlattening(bytecode) {
-  // break bytecode into basic blocks
-  // 1. read bytecode and track the current label from the IR-instruction "defineLabel"
-  // 2. track any potential jumps inside this block using the IR-instruction operand "label"
-  // at this stage in the passing process, may still use these IR-instruction labels for jumps, meaning no effort is required to maintain absolute PCs
-  // create a bare CFF implementation of a simple switch dispatch loop effectively
-  // This CFF implementation should only apply to "easy jumps" such as conditional jump (if-statement)
-  // the complex and specific jumps for for..in shouldn't get flattened
-}

package/dist/transforms/resolveLabels.js

@@ -1,59 +0,0 @@
-// --- Label IR ---
-// During compilation, jump targets are symbolic labels instead of hard-coded
-// PC numbers.  Two IR "pseudo operands" carry the label information:
-//
-//   defineLabel operand  : [null, {type:"defineLabel", label:"FN_ENTRY_1"}]
-//     Marks a position in the bytecode array.
-//     resolveLabels() strips these out entirely.
-//
-//   label ref operand      : [OP.JUMP, {type:"label", label:"FN_ENTRY_1"}]
-//     Used as the operand of any jump instruction. resolveLabels() replaces
-//     it with the integer PC that the corresponding defineLabel resolves to.
-
-// Resolve symbolic labels to absolute PC indices within a bytecode array.
-// defineLabel pseudo-instructions are stripped; label-ref operands become ints.
-// Mutates `bc` in place so callers holding a reference see the resolved result.
-export function resolveLabels(bc, compiler) {
-  // Pass 1 – walk the array and record each label's real PC, counting only
-  // real instructions (defineLabel pseudo-ops don't occupy a PC slot).
-  const labelToPc = new Map();
-  let realPc = 0;
-  for (const instr of bc) {
-    const op = instr[0];
-    const operand = instr[1];
-    if (op === null && operand !== null && typeof operand === "object" && operand.type === "defineLabel") {
-      labelToPc.set(operand.label, realPc);
-    } else {
-      realPc++;
-    }
-  }
-
-  // Pass 2 – build the resolved instruction list.
-  const resolved = [];
-  for (const instr of bc) {
-    const op = instr[0];
-    const operand = instr[1];
-
-    // Strip defineLabel pseudo-ops.
-    if (op === null && typeof operand === "object" && operand?.type === "defineLabel") {
-      continue;
-    }
-
-    // Replace label-ref operands with integer PCs.
-    if (operand !== undefined && operand !== null && typeof operand === "object" && operand.type === "label") {
-      const pc = labelToPc.get(operand.label);
-      if (pc === undefined) throw new Error(`Undefined label: ${operand.label}`);
-      resolved.push([op, pc + (operand.offset ?? 0)]);
-    } else {
-      resolved.push(instr);
-    }
-  }
-
-  // Patch each function descriptor's startPc now that labels are resolved.
-  for (const desc of compiler.fnDescriptors) {
-    desc.startPc = labelToPc.get(desc.startLabel);
-  }
-  return {
-    bytecode: resolved
-  };
-}

package/src/runtimeObf.ts

@@ -1,62 +0,0 @@
-import * as t from "@babel/types";
-import { generate } from "@babel/generator";
-import { parse } from "@babel/parser";
-import traverseImport from "@babel/traverse";
-import { ok } from "assert";
-import { shuffle } from "./random.ts";
-import type { Options } from "./options.ts";
-import { minify } from "./minify.ts";
-const traverse = (traverseImport.default ||
-  traverseImport) as typeof traverseImport.default;
-
-export async function obfuscateRuntime(runtime: string, options: Options) {
-  let ast: t.File;
-  try {
-    ast = parse(runtime, {
-      sourceType: "unambiguous",
-    });
-  } catch (error) {
-    throw new Error("VM-Runtime final parsing failed", { cause: error });
-  }
-
-  // shuffle order of opcode handlers
-
-  if (options.shuffleOpcodes) {
-    let switchStatement: t.SwitchStatement | null = null;
-    traverse(ast, {
-      SwitchStatement(path) {
-        if (
-          path.node.leadingComments?.some((comment) =>
-            comment.value.includes("@SWITCH"),
-          )
-        ) {
-          switchStatement = path.node;
-          path.stop();
-        }
-      },
-    });
-
-    ok(switchStatement, "Could not find opcode handlers switch statement");
-
-    // simply shuffle the order of the cases
-
-    switchStatement.cases = shuffle(switchStatement.cases);
-  }
-
-  let generated: string;
-  try {
-    generated = generate(ast).code;
-  } catch (error) {
-    throw new Error("VM-Runtime final generation failed", { cause: error });
-  }
-
-  if (options.minify) {
-    try {
-      generated = await minify(generated);
-    } catch (error) {
-      throw new Error("VM-Runtime final minification failed", { cause: error });
-    }
-  }
-
-  return generated;
-}

package/src/transforms/controlFlowFlattening.ts

@@ -1,30 +0,0 @@
-import { Instruction } from "../types.ts";
-
-interface BasicBlock {
-  label: string;
-  body: Instruction;
-  jumpLabels?: Set<string>;
-}
-
-/**
- * Breaks functions into DAGs (Directed Acyclic Graphs)
- *
- * - 1. Break bytecode into chunks
- * - 2. Shuffle chunks but remember their original position
- * - 3. Create an effectively Switch statement inside a While loop, each case is a chunk, and the while loops exits on the last transition.
- *
- * The Switch statement:
- *
- * - 1. The state variable controls which case will run next
- * - 2. At the end of each case, the state variable is updated to the next block of code.
- * - 3. The while loop continues until the the state variable is the end state.
- */
-export async function controlFlowFlattening(bytecode: Instruction) {
-  // break bytecode into basic blocks
-  // 1. read bytecode and track the current label from the IR-instruction "defineLabel"
-  // 2. track any potential jumps inside this block using the IR-instruction operand "label"
-  // at this stage in the passing process, may still use these IR-instruction labels for jumps, meaning no effort is required to maintain absolute PCs
-  // create a bare CFF implementation of a simple switch dispatch loop effectively
-  // This CFF implementation should only apply to "easy jumps" such as conditional jump (if-statement)
-  // the complex and specific jumps for for..in shouldn't get flattened
-}

package/src/transforms/resolveContants.ts

@@ -1,42 +0,0 @@
-import type { Bytecode, Instruction } from "../types.ts";
-import { SOURCE_NODE_SYM } from "../compiler.ts";
-
-// Resolve all {type:"constant", value} operands to integer indices into the
-// constants pool.  Returns both the resolved bytecode and the constants array
-// so the Serializer can use it for comment generation and output.
-export function resolveConstants(bc: Bytecode): {
-  bytecode: Bytecode;
-  constants: any[];
-} {
-  const constants: any[] = [];
-  const constantsMap = new Map<any, number>();
-
-  function intern(value: any): number {
-    let idx = constantsMap.get(value);
-    if (typeof idx !== "number") {
-      idx = constants.length;
-      constantsMap.set(value, idx);
-      constants.push(value);
-    }
-    return idx;
-  }
-
-  const resolved: Bytecode = [];
-  for (const instr of bc) {
-    const [op, operand] = instr;
-    if (
-      operand !== undefined &&
-      operand !== null &&
-      typeof operand === "object" &&
-      (operand as any).type === "constant"
-    ) {
-      const newInstr: Instruction = [op, intern((operand as any).value)];
-      (newInstr as any)[SOURCE_NODE_SYM] = (instr as any)[SOURCE_NODE_SYM];
-      resolved.push(newInstr);
-    } else {
-      resolved.push(instr);
-    }
-  }
-
-  return { bytecode: resolved, constants };
-}