js-confuser-vm 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/CHANGELOG.md +57 -2
  2. package/README.MD +186 -107
  3. package/dist/build-runtime.js +7 -1
  4. package/dist/compiler.js +801 -785
  5. package/dist/runtime.js +409 -332
  6. package/dist/transforms/bytecode/aliasedOpcodes.js +140 -0
  7. package/dist/transforms/bytecode/concealConstants.js +31 -0
  8. package/dist/transforms/bytecode/macroOpcodes.js +22 -10
  9. package/dist/transforms/bytecode/resolveContants.js +73 -10
  10. package/dist/transforms/bytecode/selfModifying.js +3 -2
  11. package/dist/transforms/bytecode/specializedOpcodes.js +38 -28
  12. package/dist/transforms/runtime/aliasedOpcodes.js +134 -0
  13. package/dist/transforms/runtime/shuffleOpcodes.js +1 -1
  14. package/dist/transforms/runtime/specializedOpcodes.js +21 -16
  15. package/dist/utils/op-utils.js +29 -0
  16. package/dist/utils/random-utils.js +27 -0
  17. package/index.ts +10 -8
  18. package/jest.config.js +10 -0
  19. package/package.json +1 -1
  20. package/src/build-runtime.ts +7 -1
  21. package/src/compiler.ts +2395 -2069
  22. package/src/options.ts +2 -0
  23. package/src/runtime.ts +838 -771
  24. package/src/transforms/bytecode/aliasedOpcodes.ts +158 -0
  25. package/src/transforms/bytecode/concealConstants.ts +52 -0
  26. package/src/transforms/bytecode/macroOpcodes.ts +32 -15
  27. package/src/transforms/bytecode/resolveContants.ts +87 -16
  28. package/src/transforms/bytecode/selfModifying.ts +3 -3
  29. package/src/transforms/bytecode/specializedOpcodes.ts +58 -29
  30. package/src/transforms/runtime/aliasedOpcodes.ts +191 -0
  31. package/src/transforms/runtime/shuffleOpcodes.ts +1 -1
  32. package/src/transforms/runtime/specializedOpcodes.ts +39 -24
  33. package/src/{transforms/utils → utils}/op-utils.ts +7 -0
  34. /package/src/{transforms/utils → utils}/random-utils.ts +0 -0
package/src/runtime.ts CHANGED
@@ -1,771 +1,838 @@
1
- import { OP_ORIGINAL as OP } from "./compiler.ts";
2
- const BYTECODE = [];
3
- const MAIN_START_PC = 0;
4
- const CONSTANTS = [];
5
- const ENCODE_BYTECODE = false;
6
- const TIMING_CHECKS = false;
7
- // The text above is not included in the compiled output - for type intellisense only
8
- // @START
9
-
10
- function decodeBytecode(s) {
11
- if (!ENCODE_BYTECODE) return s;
12
-
13
- var b =
14
- typeof Buffer !== "undefined"
15
- ? Buffer.from(s, "base64")
16
- : Uint8Array.from(atob(s), function (c) {
17
- return c.charCodeAt(0);
18
- });
19
- // Each slot is a u16 stored as 2 little-endian bytes.
20
- var r = new Uint16Array(b.length / 2);
21
- for (var i = 0; i < r.length; i++) r[i] = b[i * 2] | (b[i * 2 + 1] << 8);
22
- return r;
23
- }
24
-
25
- // Closure symbol
26
- // Used to tag shell functions so the VM can fast-path back to the
27
- // inner Closure instead of going through a sub-VM on internal calls.
28
- var CLOSURE_SYM = Symbol(); // Nameless for obfuscation
29
-
30
- // Upvalue
31
- // While the outer frame is alive: reads/writes go to frame.locals[slot].
32
- // After the outer frame returns (closed): reads/writes hit this.value.
33
- function Upvalue(frame, slot) {
34
- this._frame = frame;
35
- this._slot = slot;
36
- this._closed = false;
37
- this._value = undefined;
38
- }
39
- Upvalue.prototype._read = function () {
40
- return this._closed ? this._value : this._frame.locals[this._slot];
41
- };
42
- Upvalue.prototype._write = function (v) {
43
- if (this._closed) this._value = v;
44
- else this._frame.locals[this._slot] = v;
45
- };
46
- Upvalue.prototype._close = function () {
47
- this._value = this._frame.locals[this._slot];
48
- this._closed = true;
49
- };
50
-
51
- // Closure & Frame
52
- function Closure(fn) {
53
- this.fn = fn;
54
- this.upvalues = [];
55
- this.prototype = {}; // <- default prototype object for \`new\`
56
- }
57
-
58
- function Frame(closure, returnPc, parent, thisVal?) {
59
- this.closure = closure;
60
- this.locals = new Array(closure.fn.localCount).fill(undefined);
61
- this._pc = closure.fn.startPc; // <- initialize from fn descriptor
62
- this._returnPc = returnPc; // pc to resume in parent frame after RETURN
63
- this._parent = parent;
64
- this.thisVal = thisVal !== undefined ? thisVal : undefined;
65
- this._newObj = null; // <- set by NEW so RETURN can see it
66
- this._handlerStack = []; // <- exception handlers pushed by TRY_SETUP
67
- }
68
-
69
- // VM
70
- function VM(bytecode, mainStartPc, constants, globals) {
71
- this.bytecode = bytecode;
72
- this.constants = constants;
73
- this.globals = globals;
74
- this._stack = [];
75
- this._frameStack = [];
76
- this._openUpvalues = []; // all currently open Upvalue objects across all frames
77
-
78
- var mainFn = {
79
- paramCount: 0,
80
- localCount: 0,
81
- startPc: mainStartPc, // <- where main begins
82
- };
83
- this._currentFrame = new Frame(new Closure(mainFn), null, null);
84
- }
85
-
86
- VM.prototype._push = function (v) {
87
- this._stack.push(v);
88
- };
89
- VM.prototype._pop = function () {
90
- return this._stack.pop();
91
- };
92
- VM.prototype.peek = function () {
93
- return this._stack[this._stack.length - 1];
94
- };
95
-
96
- // Consume the next slot from the flat bytecode stream and advance the PC.
97
- // Called by opcode handlers to read each of their operands in order.
98
- VM.prototype._operand = function () {
99
- return this.bytecode[this._currentFrame._pc++];
100
- };
101
-
102
- VM.prototype.captureUpvalue = function (frame, slot) {
103
- // Reuse existing open upvalue for this frame+slot if one exists.
104
- // This is what makes two closures share the same mutable cell.
105
- for (var i = 0; i < this._openUpvalues.length; i++) {
106
- var uv = this._openUpvalues[i];
107
- if (uv._frame === frame && uv._slot === slot) return uv;
108
- }
109
- var uv = new Upvalue(frame, slot);
110
- this._openUpvalues.push(uv);
111
- return uv;
112
- };
113
-
114
- VM.prototype._closeUpvaluesFor = function (frame) {
115
- // Called on RETURN - close every upvalue that was pointing into this frame.
116
- // After this, closures that captured from the frame read from upvalue.value.
117
- this._openUpvalues = this._openUpvalues.filter(function (uv) {
118
- if (uv._frame === frame) {
119
- uv._close();
120
- return false;
121
- }
122
- return true;
123
- });
124
- };
125
-
126
- VM.prototype.run = function () {
127
- var now = () => {
128
- return performance.now();
129
- };
130
-
131
- var lastTime = now();
132
-
133
- while (true) {
134
- var frame = this._currentFrame;
135
- var bc = this.bytecode;
136
- if (frame._pc >= bc.length) break;
137
-
138
- var op = this.bytecode[frame._pc++];
139
-
140
- // console.log(frame._pc - 1, op);
141
-
142
- // Debugging protection: Detects debugger by checking for >1s pauses which can only happen from debugger; or extremely slow sync tasks
143
- if (TIMING_CHECKS) {
144
- var currentTime = now();
145
- var isTamper = currentTime - lastTime > 1000;
146
- lastTime = currentTime;
147
- if (isTamper) {
148
- // Poison the bytecode
149
- for (var i = 0; i < this.bytecode.length; i++) this.bytecode[i] = 0;
150
- // Break the current state
151
- op = OP.POP;
152
- this._stack = [];
153
- }
154
- }
155
-
156
- try {
157
- /* @SWITCH */
158
- switch (op) {
159
- case OP.LOAD_CONST:
160
- this._push(this.constants[this._operand()]);
161
- break;
162
-
163
- case OP.LOAD_INT:
164
- this._push(this._operand());
165
- break;
166
-
167
- case OP.LOAD_LOCAL:
168
- this._push(frame.locals[this._operand()]);
169
- break;
170
-
171
- case OP.STORE_LOCAL:
172
- frame.locals[this._operand()] = this._pop();
173
- break;
174
-
175
- case OP.LOAD_GLOBAL:
176
- this._push(this.globals[this.constants[this._operand()]]);
177
- break;
178
-
179
- case OP.STORE_GLOBAL:
180
- this.globals[this.constants[this._operand()]] = this._pop();
181
- break;
182
-
183
- case OP.GET_PROP: {
184
- // Stack: [..., obj, key] -> [..., obj, obj[key]]
185
- // obj is PEEKED (not popped) - CALL_METHOD needs it as receiver
186
- var key = this._pop();
187
- var obj = this.peek();
188
- this._push(obj[key]);
189
- break;
190
- }
191
-
192
- case OP.ADD: {
193
- var b = this._pop();
194
- this._push(this._pop() + b);
195
- break;
196
- }
197
- case OP.SUB: {
198
- var b = this._pop();
199
- this._push(this._pop() - b);
200
- break;
201
- }
202
- case OP.MUL: {
203
- var b = this._pop();
204
- this._push(this._pop() * b);
205
- break;
206
- }
207
- case OP.DIV: {
208
- var b = this._pop();
209
- this._push(this._pop() / b);
210
- break;
211
- }
212
- case OP.MOD: {
213
- var b = this._pop();
214
- this._push(this._pop() % b);
215
- break;
216
- }
217
- case OP.BAND: {
218
- var b = this._pop();
219
- this._push(this._pop() & b);
220
- break;
221
- }
222
- case OP.BOR: {
223
- var b = this._pop();
224
- this._push(this._pop() | b);
225
- break;
226
- }
227
- case OP.BXOR: {
228
- var b = this._pop();
229
- this._push(this._pop() ^ b);
230
- break;
231
- }
232
- case OP.SHL: {
233
- var b = this._pop();
234
- this._push(this._pop() << b);
235
- break;
236
- }
237
- case OP.SHR: {
238
- var b = this._pop();
239
- this._push(this._pop() >> b);
240
- break;
241
- }
242
- case OP.USHR: {
243
- var b = this._pop();
244
- this._push(this._pop() >>> b);
245
- break;
246
- }
247
-
248
- case OP.LT: {
249
- var b = this._pop();
250
- this._push(this._pop() < b);
251
- break;
252
- }
253
- case OP.GT: {
254
- var b = this._pop();
255
- this._push(this._pop() > b);
256
- break;
257
- }
258
- case OP.EQ: {
259
- var b = this._pop();
260
- this._push(this._pop() === b);
261
- break;
262
- }
263
-
264
- case OP.LTE: {
265
- var b = this._pop();
266
- this._push(this._pop() <= b);
267
- break;
268
- }
269
- case OP.GTE: {
270
- var b = this._pop();
271
- this._push(this._pop() >= b);
272
- break;
273
- }
274
- case OP.NEQ: {
275
- var b = this._pop();
276
- this._push(this._pop() !== b);
277
- break;
278
- }
279
- case OP.LOOSE_EQ: {
280
- var b = this._pop();
281
- this._push(this._pop() == b);
282
- break;
283
- }
284
- case OP.LOOSE_NEQ: {
285
- var b = this._pop();
286
- this._push(this._pop() != b);
287
- break;
288
- }
289
-
290
- case OP.IN: {
291
- var b = this._pop();
292
- this._push(this._pop() in b);
293
- break;
294
- }
295
-
296
- case OP.INSTANCEOF: {
297
- var ctor = this._pop();
298
- var obj = this._pop();
299
- if (typeof ctor === "function") {
300
- // Native constructor (e.g. Array, Date) - native instanceof is fine
301
- this._push(obj instanceof ctor);
302
- } else {
303
- // VM Closure - ctor.prototype was set by MAKE_CLOSURE / user assignment.
304
- // Walk obj's prototype chain looking for identity with ctor.prototype.
305
- var proto = ctor.prototype; // the .prototype property on the Closure
306
- var target = Object.getPrototypeOf(obj);
307
- var result = false;
308
- while (target !== null) {
309
- if (target === proto) {
310
- result = true;
311
- break;
312
- }
313
- target = Object.getPrototypeOf(target);
314
- }
315
- this._push(result);
316
- }
317
- break;
318
- }
319
-
320
- case OP.UNARY_NEG:
321
- this._push(-this._pop());
322
- break;
323
- case OP.UNARY_POS:
324
- this._push(this._pop());
325
- break;
326
- case OP.UNARY_NOT:
327
- this._push(!this._pop());
328
- break;
329
- case OP.UNARY_BITNOT:
330
- this._push(~this._pop());
331
- break;
332
- case OP.TYPEOF:
333
- this._push(typeof this._pop());
334
- break;
335
- case OP.VOID:
336
- this._pop();
337
- this._push(undefined);
338
- break;
339
-
340
- case OP.TYPEOF_SAFE: {
341
- // operand is a const index holding the variable name string.
342
- // Mimics JS semantics: typeof undeclaredVar === "undefined" (no throw).
343
- var name = this._pop(); // LOAD_CONST pushed the name - consume it
344
- var val = Object.prototype.hasOwnProperty.call(this.globals, name)
345
- ? this.globals[name]
346
- : undefined;
347
- this._push(typeof val);
348
- break;
349
- }
350
-
351
- case OP.JUMP:
352
- frame._pc = this._operand();
353
- break;
354
-
355
- case OP.JUMP_IF_FALSE: {
356
- var target = this._operand();
357
- if (!this._pop()) frame._pc = target;
358
- break;
359
- }
360
-
361
- case OP.JUMP_IF_TRUE_OR_POP: {
362
- // || semantics: if truthy, we're done - leave value, jump over RHS.
363
- // If falsy, discard it and fall through to evaluate RHS.
364
- var target = this._operand();
365
- if (this.peek()) {
366
- frame._pc = target;
367
- } else {
368
- this._pop();
369
- }
370
- break;
371
- }
372
-
373
- case OP.JUMP_IF_FALSE_OR_POP: {
374
- // && semantics: if falsy, we're done - leave value, jump over RHS.
375
- // If truthy, discard it and fall through to evaluate RHS.
376
- var target = this._operand();
377
- if (!this.peek()) {
378
- frame._pc = target;
379
- } else {
380
- this._pop();
381
- }
382
- break;
383
- }
384
-
385
- case OP.MAKE_CLOSURE: {
386
- // Inline operands: startPc, paramCount, localCount, uvCount,
387
- // [isLocal_0, idx_0, isLocal_1, idx_1, ...]
388
- var startPc = this._operand();
389
- var paramCount = this._operand();
390
- var localCount = this._operand();
391
- var uvCount = this._operand();
392
-
393
- var uvDescs = new Array(uvCount);
394
- for (var i = 0; i < uvCount; i++) {
395
- var isLocalRaw = this._operand();
396
- var uvIndex = this._operand();
397
- uvDescs[i] = { isLocal: isLocalRaw, _index: uvIndex };
398
- }
399
-
400
- var fn = {
401
- paramCount: paramCount,
402
- localCount: localCount,
403
- startPc: startPc,
404
- upvalueDescriptors: uvDescs,
405
- };
406
-
407
- var closure = new Closure(fn);
408
- for (var i = 0; i < uvDescs.length; i++) {
409
- var uvd = uvDescs[i];
410
- if (uvd.isLocal) {
411
- // Capture directly from current frame's local slot
412
- closure.upvalues.push(this.captureUpvalue(frame, uvd._index));
413
- } else {
414
- // Relay - take upvalue from the enclosing closure's list
415
- closure.upvalues.push(frame.closure.upvalues[uvd._index]);
416
- }
417
- }
418
- // Wrap in a native callable shell so host code (array methods,
419
- // test assertions, setTimeout, etc.) can invoke VM closures.
420
- // CLOSURE_SYM lets VM-internal CALL/NEW bypass the sub-VM entirely.
421
- var self = this;
422
- var shell = (function (c) {
423
- return function () {
424
- var args = Array.prototype.slice.call(arguments);
425
- var sub = new VM(self.bytecode, 0, self.constants, self.globals);
426
- // Sloppy-mode: null/undefined thisArg → global object
427
- var f = new Frame(
428
- c,
429
- null,
430
- null,
431
- this == null ? self.globals : this,
432
- );
433
- for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
434
- f.locals[c.fn.paramCount] = args;
435
- sub._currentFrame = f;
436
- return sub.run();
437
- };
438
- })(closure);
439
- shell[CLOSURE_SYM] = closure;
440
- shell.prototype = closure.prototype; // unified prototype for new/instanceof
441
- this._push(shell);
442
- break;
443
- }
444
-
445
- case OP.LOAD_UPVALUE:
446
- this._push(frame.closure.upvalues[this._operand()]._read());
447
- break;
448
-
449
- case OP.STORE_UPVALUE:
450
- frame.closure.upvalues[this._operand()]._write(this._pop());
451
- break;
452
-
453
- case OP.BUILD_ARRAY: {
454
- var elems = this._stack.splice(this._stack.length - this._operand());
455
- this._push(elems);
456
- break;
457
- }
458
-
459
- case OP.BUILD_OBJECT: {
460
- // Stack has: key0, val0, key1, val1 ... keyN, valN (pushed left->right)
461
- // Pop all pairs and build the object.
462
- var pairs = this._stack.splice(
463
- this._stack.length - this._operand() * 2,
464
- );
465
- var o = {};
466
- for (var i = 0; i < pairs.length; i += 2) {
467
- o[pairs[i]] = pairs[i + 1]; // key at even index, val at odd
468
- }
469
- this._push(o);
470
- break;
471
- }
472
- case OP.SET_PROP: {
473
- // Stack: [..., obj, key, val]
474
- // Leaves val on stack - assignment is an expression in JS.
475
- var val = this._pop();
476
- var key = this._pop();
477
- var obj = this._pop();
478
- // Reflect.set performs [[Set]] without throwing on failure,
479
- // correctly simulating sloppy-mode assignment from a strict-mode host
480
- // (output.js is an ES module). This also properly invokes inherited
481
- // or prototype-chain setter functions.
482
- Reflect.set(obj, key, val);
483
- this._push(val); // assignment expression evaluates to the assigned value
484
- break;
485
- }
486
- case OP.GET_PROP_COMPUTED: {
487
- // Stack: [..., obj, key] - key is a runtime value (nums[i])
488
- // Mirrors GET_PROP but pops the key that was pushed dynamically.
489
- var key = this._pop();
490
- var obj = this._pop();
491
- this._push(obj[key]);
492
- break;
493
- }
494
- case OP.DELETE_PROP: {
495
- var key = this._pop();
496
- var obj = this._pop();
497
- this._push(delete obj[key]);
498
- break;
499
- }
500
-
501
- case OP.CALL: {
502
- var args = this._stack.splice(this._stack.length - this._operand());
503
- var callee = this._pop();
504
- if (callee && callee[CLOSURE_SYM]) {
505
- // VM closure - run directly in this VM, no sub-VM overhead
506
- var c = callee[CLOSURE_SYM];
507
- // Sloppy-mode: plain function call → global object as this
508
- var f = new Frame(c, frame._pc, frame, this.globals);
509
- for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
510
- f.locals[c.fn.paramCount] = args;
511
- this._frameStack.push(this._currentFrame);
512
- this._currentFrame = f;
513
- } else {
514
- // Native function
515
- this._push(callee.apply(null, args));
516
- }
517
- break;
518
- }
519
-
520
- case OP.CALL_METHOD: {
521
- var args = this._stack.splice(this._stack.length - this._operand());
522
- var callee = this._pop();
523
- var receiver = this._pop(); // left on stack by GET_PROP
524
- if (callee && callee[CLOSURE_SYM]) {
525
- // VM closure - run directly in this VM with receiver as this
526
- var c = callee[CLOSURE_SYM];
527
- var f = new Frame(c, frame._pc, frame, receiver);
528
- for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
529
- f.locals[c.fn.paramCount] = args;
530
- this._frameStack.push(this._currentFrame);
531
- this._currentFrame = f;
532
- } else {
533
- // Native method
534
- this._push(callee.apply(receiver, args));
535
- }
536
- break;
537
- }
538
-
539
- case OP.LOAD_THIS:
540
- this._push(frame.thisVal);
541
- break;
542
-
543
- case OP.NEW: {
544
- var args = this._stack.splice(this._stack.length - this._operand());
545
- var callee = this._pop();
546
- if (callee && callee[CLOSURE_SYM]) {
547
- // VM closure constructor - prototype is unified via shell.prototype = closure.prototype
548
- var c = callee[CLOSURE_SYM];
549
- var newObj = Object.create(c.prototype || null);
550
- var f = new Frame(c, frame._pc, frame, newObj);
551
- f._newObj = newObj;
552
- for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
553
- f.locals[c.fn.paramCount] = args;
554
- this._frameStack.push(this._currentFrame);
555
- this._currentFrame = f;
556
- } else {
557
- // Native constructor (e.g. new Error(), new Date()).
558
- // Reflect.construct is required - Object.create+apply does NOT set
559
- // internal slots ([[NumberData]], [[StringData]], etc.) for built-ins.
560
- this._push(Reflect.construct(callee, args));
561
- }
562
- break;
563
- }
564
-
565
- case OP.RETURN: {
566
- var retVal = this._pop();
567
- this._closeUpvaluesFor(frame); // must happen before frame is abandoned
568
- if (this._frameStack.length === 0) return retVal;
569
-
570
- // new-call rule: primitive return -> discard, use the constructed object instead
571
- if (frame._newObj !== null) {
572
- if (typeof retVal !== "object" || retVal === null)
573
- retVal = frame._newObj;
574
- }
575
-
576
- this._currentFrame = this._frameStack.pop();
577
- this._push(retVal);
578
- break;
579
- }
580
-
581
- case OP.POP:
582
- this._pop();
583
- break;
584
-
585
- case OP.DUP:
586
- this._push(this.peek());
587
- break;
588
-
589
- case OP.THROW:
590
- throw this._pop();
591
-
592
- case OP.FOR_IN_SETUP: {
593
- // Pop the object; build an ordered list of all enumerable own+inherited
594
- // string keys by walking the prototype chain manually.
595
- // Uses getOwnPropertyNames (includes non-enumerable) + descriptor check,
596
- // so we never rely on Object.keys() and we handle inheritance correctly.
597
- var obj = this._pop();
598
- var keys = [];
599
- if (obj !== null && obj !== undefined) {
600
- var seen = Object.create(null);
601
- var cur = Object(obj); // box primitives
602
- while (cur !== null) {
603
- var ownNames = Object.getOwnPropertyNames(cur);
604
- for (var i = 0; i < ownNames.length; i++) {
605
- var k = ownNames[i];
606
- if (!(k in seen)) {
607
- seen[k] = true;
608
- var propDesc = Object.getOwnPropertyDescriptor(cur, k);
609
- if (propDesc && propDesc.enumerable) {
610
- keys.push(k);
611
- }
612
- }
613
- }
614
- cur = Object.getPrototypeOf(cur);
615
- }
616
- }
617
- this._push({ _keys: keys, i: 0 });
618
- break;
619
- }
620
-
621
- case OP.FOR_IN_NEXT: {
622
- // Operand = jump target for the done case. Must be read before the
623
- // conditional so the PC stays correctly aligned either way.
624
- var target = this._operand();
625
- var iter = this._pop();
626
- if (iter.i >= iter._keys.length) {
627
- frame._pc = target;
628
- } else {
629
- this._push(iter._keys[iter.i++]);
630
- }
631
- break;
632
- }
633
-
634
- case OP.PATCH: {
635
- // Inline operands: destPc, sliceStart, sliceEnd
636
- // Copies bytecode[sliceStart..sliceEnd) flat u16 slots to destPc.
637
- var destPc = this._operand();
638
- var sliceStart = this._operand();
639
- var sliceEnd = this._operand();
640
-
641
- for (var pi = sliceStart; pi < sliceEnd; pi++) {
642
- this.bytecode[destPc + (pi - sliceStart)] = this.bytecode[pi];
643
- }
644
- break;
645
- }
646
-
647
- case OP.TRY_SETUP: {
648
- // Push an exception handler record onto the current frame.
649
- // Saves: catch PC (operand), current stack depth, current frame-stack depth.
650
- // If an exception is thrown before TRY_END fires, the VM jumps here.
651
- frame._handlerStack.push({
652
- handlerPc: this._operand(),
653
- stackDepth: this._stack.length,
654
- frameStackDepth: this._frameStack.length,
655
- });
656
- break;
657
- }
658
-
659
- case OP.TRY_END: {
660
- // Normal exit from a try block — disarm the exception handler.
661
- frame._handlerStack.pop();
662
- break;
663
- }
664
-
665
- case OP.DEFINE_GETTER: {
666
- // Stack: [..., obj, key, getterFn]
667
- // Pops all three; defines an enumerable, configurable getter on obj.
668
- // If a setter was already defined for this key, it is preserved.
669
- var getterFn = this._pop();
670
- var key = this._pop();
671
- var obj = this._pop();
672
- var existingDesc = Object.getOwnPropertyDescriptor(obj, key);
673
- var getDesc: PropertyDescriptor = {
674
- get: getterFn,
675
- configurable: true,
676
- enumerable: true,
677
- };
678
- if (existingDesc && typeof existingDesc.set === "function") {
679
- getDesc.set = existingDesc.set;
680
- }
681
- Object.defineProperty(obj, key, getDesc);
682
- break;
683
- }
684
-
685
- case OP.DEFINE_SETTER: {
686
- // Stack: [..., obj, key, setterFn]
687
- // Pops all three; defines an enumerable, configurable setter on obj.
688
- // If a getter was already defined for this key, it is preserved.
689
- var setterFn = this._pop();
690
- var key = this._pop();
691
- var obj = this._pop();
692
- var existingDesc = Object.getOwnPropertyDescriptor(obj, key);
693
- var setDesc: PropertyDescriptor = {
694
- set: setterFn,
695
- configurable: true,
696
- enumerable: true,
697
- };
698
- if (existingDesc && typeof existingDesc.get === "function") {
699
- setDesc.get = existingDesc.get;
700
- }
701
- Object.defineProperty(obj, key, setDesc);
702
- break;
703
- }
704
-
705
- case OP.DEBUGGER: {
706
- debugger;
707
- break;
708
- }
709
-
710
- default:
711
- throw new Error(
712
- "Unknown opcode: " + op + " at pc " + (frame._pc - 1),
713
- );
714
- }
715
- } catch (err) {
716
- // Exception handler unwinding (CPython-style frame walk, Lua-style upvalue close).
717
- // Walk from the current frame upward until we find a frame that has an open
718
- // exception handler (TRY_SETUP without a matching TRY_END).
719
- // For every frame we abandon along the way, close its captured upvalues.
720
- var handledFrame = null;
721
- var searchFrame = this._currentFrame;
722
- while (true) {
723
- if (searchFrame._handlerStack.length > 0) {
724
- handledFrame = searchFrame;
725
- break;
726
- }
727
- // No handler in this frame — abandon it and walk up.
728
- this._closeUpvaluesFor(searchFrame);
729
- if (this._frameStack.length === 0) break;
730
- searchFrame = this._frameStack.pop();
731
- this._currentFrame = searchFrame;
732
- }
733
-
734
- if (!handledFrame) throw err; // no handler anywhere — propagate to host
735
-
736
- var h = handledFrame._handlerStack.pop();
737
- // Restore the VM value stack to the depth recorded at TRY_SETUP time,
738
- // then push the caught exception so the catch binding can store it.
739
- this._stack.length = h.stackDepth;
740
- this._push(err);
741
- // Discard any call-frames that were pushed inside the try body
742
- // (functions called from within the try block that are still live).
743
- this._frameStack.length = h.frameStackDepth;
744
- // Jump to the catch block.
745
- handledFrame._pc = h.handlerPc;
746
- this._currentFrame = handledFrame;
747
- }
748
- }
749
- };
750
-
751
- // Boot
752
- var globals: any = {}; // global object for globals
753
-
754
- // Always pull built-ins from globalThis so eval() scoping can't shadow them
755
- // with a local `window` variable (e.g. the test harness fake window).
756
- for (var k of Object.getOwnPropertyNames(globalThis)) {
757
- globals[k] = globalThis[k];
758
- }
759
- // If a window object is in scope (browser or test harness), capture it
760
- // explicitly so VM code can read/write window.TEST_OUTPUT etc.
761
- if (typeof window !== "undefined") {
762
- globals["window"] = window;
763
- }
764
-
765
- // Transfer common primitives
766
- globals.undefined = undefined;
767
- globals.Infinity = Infinity;
768
- globals.NaN = NaN;
769
-
770
- var vm = new VM(decodeBytecode(BYTECODE), MAIN_START_PC, CONSTANTS, globals);
771
- vm.run();
1
+ import { OP_ORIGINAL as OP } from "./compiler.ts";
2
+ const BYTECODE = [];
3
+ const MAIN_START_PC = 0;
4
+ const MAIN_REG_COUNT = 0;
5
+ const CONSTANTS = [];
6
+ const ENCODE_BYTECODE = false;
7
+ const TIMING_CHECKS = false;
8
+ // The text above is not included in the compiled output - for type intellisense only
9
+ // @START
10
+
11
+ function decodeBytecode(s) {
12
+ if (!ENCODE_BYTECODE) return s;
13
+
14
+ var b =
15
+ typeof Buffer !== "undefined"
16
+ ? Buffer.from(s, "base64")
17
+ : Uint8Array.from(atob(s), function (c) {
18
+ return c.charCodeAt(0);
19
+ });
20
+ // Each slot is a u16 stored as 2 little-endian bytes.
21
+ var r = new Uint16Array(b.length / 2);
22
+ for (var i = 0; i < r.length; i++) r[i] = b[i * 2] | (b[i * 2 + 1] << 8);
23
+ return r;
24
+ }
25
+
26
+ // Closure symbol
27
+ // Used to tag shell functions so the VM can fast-path back to the
28
+ // inner Closure instead of going through a sub-VM on internal calls.
29
+ var CLOSURE_SYM = Symbol(); // Nameless for obfuscation
30
+
31
+ // Upvalue
32
+ // While the outer frame is alive: reads/writes go to frame.regs[slot].
33
+ // After the outer frame returns (closed): reads/writes hit this._value.
34
+ function Upvalue(frame, slot) {
35
+ this._frame = frame;
36
+ this._slot = slot;
37
+ this._closed = false;
38
+ this._value = undefined;
39
+ }
40
+ Upvalue.prototype._read = function () {
41
+ return this._closed ? this._value : this._frame.regs[this._slot];
42
+ };
43
+ Upvalue.prototype._write = function (v) {
44
+ if (this._closed) this._value = v;
45
+ else this._frame.regs[this._slot] = v;
46
+ };
47
+ Upvalue.prototype._close = function () {
48
+ this._value = this._frame.regs[this._slot];
49
+ this._closed = true;
50
+ };
51
+
52
+ // Closure & Frame
53
+ function Closure(fn) {
54
+ this.fn = fn;
55
+ this.upvalues = [];
56
+ this.prototype = {}; // <- default prototype object for `new`
57
+ }
58
+
59
+ function Frame(closure, returnPc, parent, thisVal, retDstReg) {
60
+ this.closure = closure;
61
+ this.regs = new Array(closure.fn.regCount).fill(undefined);
62
+ this._pc = closure.fn.startPc; // <- initialize from fn descriptor
63
+ this._returnPc = returnPc; // pc to resume in parent frame after RETURN
64
+ this._parent = parent;
65
+ this.thisVal = thisVal !== undefined ? thisVal : undefined;
66
+ this._retDstReg = retDstReg !== undefined ? retDstReg : 0; // register in parent to write return value
67
+ this._newObj = null; // <- set by NEW so RETURN can see it
68
+ this._handlerStack = []; // <- exception handlers pushed by TRY_SETUP
69
+ }
70
+
71
+ // VM
72
+ function VM(bytecode, mainStartPc, mainRegCount, constants, globals) {
73
+ this.bytecode = bytecode;
74
+ this.constants = constants;
75
+ this.globals = globals;
76
+ this._frameStack = [];
77
+ this._openUpvalues = []; // all currently open Upvalue objects across all frames
78
+
79
+ var mainFn = {
80
+ paramCount: 0,
81
+ regCount: mainRegCount,
82
+ startPc: mainStartPc, // <- where main begins
83
+ };
84
+ this._currentFrame = new Frame(new Closure(mainFn), null, null, undefined, 0);
85
+ }
86
+
87
+ // Consume the next slot from the flat bytecode stream and advance the PC.
88
+ // Called by opcode handlers to read each of their operands in order.
89
+ VM.prototype._operand = function () {
90
+ return this.bytecode[this._currentFrame._pc++];
91
+ };
92
+
93
+ VM.prototype.captureUpvalue = function (frame, slot) {
94
+ // Reuse existing open upvalue for this frame+slot if one exists.
95
+ // This is what makes two closures share the same mutable cell.
96
+ for (var i = 0; i < this._openUpvalues.length; i++) {
97
+ var uv = this._openUpvalues[i];
98
+ if (uv._frame === frame && uv._slot === slot) return uv;
99
+ }
100
+ var uv = new Upvalue(frame, slot);
101
+ this._openUpvalues.push(uv);
102
+ return uv;
103
+ };
104
+
105
+ // Reads and decodes a constant from the pool.
106
+ // idx — pool index (first operand of the constant pair emitted by resolveConstants).
107
+ // key — conceal key (second operand). 0 means no concealment.
108
+ //
109
+ // For integers: stored value is (original ^ key); XOR again to recover.
110
+ // For strings: stored value is a base64 string containing u16 LE byte pairs.
111
+ // Mirrors decodeBytecode: base64 → bytes → u16 LE → XOR with
112
+ // (key + i) & 0xFFFF to recover the original char codes.
113
+ // idxIn, keyIn are passed in from specializedOpcodes when the operands are determined at compile time.
114
+ VM.prototype._constant = function (idxIn, keyIn) {
115
+ var idx = idxIn ?? this._operand();
116
+ var key = keyIn ?? this._operand();
117
+
118
+ var v = this.constants[idx];
119
+ if (!key) return v;
120
+ if (typeof v === "number") return v ^ key;
121
+ // String: base64-decode to u16 LE byte pairs, then XOR each code with (key+i).
122
+ var b =
123
+ typeof Buffer !== "undefined"
124
+ ? Buffer.from(v, "base64")
125
+ : Uint8Array.from(atob(v), function (c) {
126
+ return c.charCodeAt(0);
127
+ });
128
+ var out = "";
129
+ for (var i = 0; i < b.length / 2; i++) {
130
+ var code = b[i * 2] | (b[i * 2 + 1] << 8); // u16 LE
131
+ out += String.fromCharCode(code ^ ((key + i) & 0xffff));
132
+ }
133
+ return out;
134
+ };
135
+
136
+ VM.prototype._closeUpvaluesFor = function (frame) {
137
+ // Called on RETURN - close every upvalue that was pointing into this frame.
138
+ // After this, closures that captured from the frame read from upvalue.value.
139
+ this._openUpvalues = this._openUpvalues.filter(function (uv) {
140
+ if (uv._frame === frame) {
141
+ uv._close();
142
+ return false;
143
+ }
144
+ return true;
145
+ });
146
+ };
147
+
148
+ VM.prototype.run = function () {
149
+ var now = () => {
150
+ return performance.now();
151
+ };
152
+
153
+ var lastTime = now();
154
+
155
+ while (true) {
156
+ var frame = this._currentFrame;
157
+ var bc = this.bytecode;
158
+ if (frame._pc >= bc.length) break;
159
+
160
+ var pc = frame._pc++;
161
+ var op = this.bytecode[pc];
162
+ var opcode = this.bytecode[pc];
163
+ // console.log(
164
+ // "pc=" + pc,
165
+ // "opcode=" + opcode,
166
+ // Object.keys(OP).find((key) => OP[key] === opcode),
167
+ // );
168
+
169
+ // Debugging protection: Detects debugger by checking for >1s pauses which can only happen from debugger; or extremely slow sync tasks
170
+ if (TIMING_CHECKS) {
171
+ var currentTime = now();
172
+ var isTamper = currentTime - lastTime > 1000;
173
+ lastTime = currentTime;
174
+ if (isTamper) {
175
+ // Poison the bytecode
176
+ for (var i = 0; i < this.bytecode.length; i++) this.bytecode[i] = 0;
177
+ // Break the current state
178
+ frame.regs.fill(undefined);
179
+ op = OP.JUMP;
180
+ frame._pc = this.bytecode.length; // jump past end to halt
181
+ }
182
+ }
183
+
184
+ try {
185
+ /* @SWITCH */
186
+ switch (op) {
187
+ case OP.LOAD_CONST: {
188
+ var dst = this._operand();
189
+ frame.regs[dst] = this._constant();
190
+ break;
191
+ }
192
+
193
+ case OP.LOAD_INT: {
194
+ var dst = this._operand();
195
+ frame.regs[dst] = this._operand();
196
+ break;
197
+ }
198
+
199
+ case OP.LOAD_GLOBAL: {
200
+ var dst = this._operand();
201
+ var globalName = this._constant();
202
+
203
+ if (!(globalName in this.globals)) {
204
+ throw new ReferenceError(`${globalName} is not defined`);
205
+ }
206
+
207
+ frame.regs[dst] = this.globals[globalName];
208
+ break;
209
+ }
210
+
211
+ case OP.LOAD_UPVALUE: {
212
+ var dst = this._operand();
213
+ frame.regs[dst] = frame.closure.upvalues[this._operand()]._read();
214
+ break;
215
+ }
216
+
217
+ case OP.LOAD_THIS: {
218
+ var dst = this._operand();
219
+ frame.regs[dst] = frame.thisVal;
220
+ break;
221
+ }
222
+
223
+ case OP.MOVE: {
224
+ var dst = this._operand();
225
+ frame.regs[dst] = frame.regs[this._operand()];
226
+ break;
227
+ }
228
+
229
+ case OP.STORE_GLOBAL: {
230
+ // nameIdx and key are consumed inline so the concealConstants runtime
231
+ // transform can rewrite this._constant() consistently.
232
+ this.globals[this._constant()] = frame.regs[this._operand()];
233
+ break;
234
+ }
235
+
236
+ case OP.STORE_UPVALUE: {
237
+ var uvIdx = this._operand();
238
+ frame.closure.upvalues[uvIdx]._write(frame.regs[this._operand()]);
239
+ break;
240
+ }
241
+
242
+ case OP.GET_PROP: {
243
+ // dst = regs[obj][regs[key]]
244
+ var dst = this._operand();
245
+ var obj = frame.regs[this._operand()];
246
+ var key = frame.regs[this._operand()];
247
+ frame.regs[dst] = obj[key];
248
+ break;
249
+ }
250
+
251
+ case OP.SET_PROP: {
252
+ // regs[obj][regs[key]] = regs[val]
253
+ var obj = frame.regs[this._operand()];
254
+ var key = frame.regs[this._operand()];
255
+ var val = frame.regs[this._operand()];
256
+ // Reflect.set performs [[Set]] without throwing on failure,
257
+ // correctly simulating sloppy-mode assignment from a strict-mode host.
258
+ Reflect.set(obj, key, val);
259
+ break;
260
+ }
261
+
262
+ case OP.DELETE_PROP: {
263
+ var dst = this._operand();
264
+ var obj = frame.regs[this._operand()];
265
+ var key = frame.regs[this._operand()];
266
+ frame.regs[dst] = delete obj[key];
267
+ break;
268
+ }
269
+
270
+ // ── Arithmetic (dst, src1, src2) ────────────────────────────────────
271
+ case OP.ADD: {
272
+ var dst = this._operand();
273
+ var a = frame.regs[this._operand()];
274
+ frame.regs[dst] = a + frame.regs[this._operand()];
275
+ break;
276
+ }
277
+ case OP.SUB: {
278
+ var dst = this._operand();
279
+ var a = frame.regs[this._operand()];
280
+ frame.regs[dst] = a - frame.regs[this._operand()];
281
+ break;
282
+ }
283
+ case OP.MUL: {
284
+ var dst = this._operand();
285
+ var a = frame.regs[this._operand()];
286
+ frame.regs[dst] = a * frame.regs[this._operand()];
287
+ break;
288
+ }
289
+ case OP.DIV: {
290
+ var dst = this._operand();
291
+ var a = frame.regs[this._operand()];
292
+ frame.regs[dst] = a / frame.regs[this._operand()];
293
+ break;
294
+ }
295
+ case OP.MOD: {
296
+ var dst = this._operand();
297
+ var a = frame.regs[this._operand()];
298
+ frame.regs[dst] = a % frame.regs[this._operand()];
299
+ break;
300
+ }
301
+ case OP.BAND: {
302
+ var dst = this._operand();
303
+ var a = frame.regs[this._operand()];
304
+ frame.regs[dst] = a & frame.regs[this._operand()];
305
+ break;
306
+ }
307
+ case OP.BOR: {
308
+ var dst = this._operand();
309
+ var a = frame.regs[this._operand()];
310
+ frame.regs[dst] = a | frame.regs[this._operand()];
311
+ break;
312
+ }
313
+ case OP.BXOR: {
314
+ var dst = this._operand();
315
+ var a = frame.regs[this._operand()];
316
+ frame.regs[dst] = a ^ frame.regs[this._operand()];
317
+ break;
318
+ }
319
+ case OP.SHL: {
320
+ var dst = this._operand();
321
+ var a = frame.regs[this._operand()];
322
+ frame.regs[dst] = a << frame.regs[this._operand()];
323
+ break;
324
+ }
325
+ case OP.SHR: {
326
+ var dst = this._operand();
327
+ var a = frame.regs[this._operand()];
328
+ frame.regs[dst] = a >> frame.regs[this._operand()];
329
+ break;
330
+ }
331
+ case OP.USHR: {
332
+ var dst = this._operand();
333
+ var a = frame.regs[this._operand()];
334
+ frame.regs[dst] = a >>> frame.regs[this._operand()];
335
+ break;
336
+ }
337
+
338
+ // ── Comparison (dst, src1, src2) ─────────────────────────────────────
339
+ case OP.LT: {
340
+ var dst = this._operand();
341
+ var a = frame.regs[this._operand()];
342
+ frame.regs[dst] = a < frame.regs[this._operand()];
343
+ break;
344
+ }
345
+ case OP.GT: {
346
+ var dst = this._operand();
347
+ var a = frame.regs[this._operand()];
348
+ frame.regs[dst] = a > frame.regs[this._operand()];
349
+ break;
350
+ }
351
+ case OP.LTE: {
352
+ var dst = this._operand();
353
+ var a = frame.regs[this._operand()];
354
+ frame.regs[dst] = a <= frame.regs[this._operand()];
355
+ break;
356
+ }
357
+ case OP.GTE: {
358
+ var dst = this._operand();
359
+ var a = frame.regs[this._operand()];
360
+ frame.regs[dst] = a >= frame.regs[this._operand()];
361
+ break;
362
+ }
363
+ case OP.EQ: {
364
+ var dst = this._operand();
365
+ var a = frame.regs[this._operand()];
366
+ frame.regs[dst] = a === frame.regs[this._operand()];
367
+ break;
368
+ }
369
+ case OP.NEQ: {
370
+ var dst = this._operand();
371
+ var a = frame.regs[this._operand()];
372
+ frame.regs[dst] = a !== frame.regs[this._operand()];
373
+ break;
374
+ }
375
+ case OP.LOOSE_EQ: {
376
+ var dst = this._operand();
377
+ var a = frame.regs[this._operand()];
378
+ frame.regs[dst] = a == frame.regs[this._operand()];
379
+ break;
380
+ }
381
+ case OP.LOOSE_NEQ: {
382
+ var dst = this._operand();
383
+ var a = frame.regs[this._operand()];
384
+ frame.regs[dst] = a != frame.regs[this._operand()];
385
+ break;
386
+ }
387
+ case OP.IN: {
388
+ var dst = this._operand();
389
+ var a = frame.regs[this._operand()];
390
+ frame.regs[dst] = a in frame.regs[this._operand()];
391
+ break;
392
+ }
393
+ case OP.INSTANCEOF: {
394
+ var dst = this._operand();
395
+ var obj = frame.regs[this._operand()];
396
+ var ctor = frame.regs[this._operand()];
397
+ if (typeof ctor === "function") {
398
+ frame.regs[dst] = obj instanceof ctor;
399
+ } else {
400
+ // VM Closure - walk prototype chain for identity with ctor.prototype.
401
+ var proto = ctor.prototype;
402
+ var target = Object.getPrototypeOf(obj);
403
+ var result = false;
404
+ while (target !== null) {
405
+ if (target === proto) {
406
+ result = true;
407
+ break;
408
+ }
409
+ target = Object.getPrototypeOf(target);
410
+ }
411
+ frame.regs[dst] = result;
412
+ }
413
+ break;
414
+ }
415
+
416
+ // ── Unary (dst, src) ─────────────────────────────────────────────────
417
+ case OP.UNARY_NEG: {
418
+ var dst = this._operand();
419
+ frame.regs[dst] = -frame.regs[this._operand()];
420
+ break;
421
+ }
422
+ case OP.UNARY_POS: {
423
+ var dst = this._operand();
424
+ frame.regs[dst] = +frame.regs[this._operand()];
425
+ break;
426
+ }
427
+ case OP.UNARY_NOT: {
428
+ var dst = this._operand();
429
+ frame.regs[dst] = !frame.regs[this._operand()];
430
+ break;
431
+ }
432
+ case OP.UNARY_BITNOT: {
433
+ var dst = this._operand();
434
+ frame.regs[dst] = ~frame.regs[this._operand()];
435
+ break;
436
+ }
437
+ case OP.TYPEOF: {
438
+ var dst = this._operand();
439
+ frame.regs[dst] = typeof frame.regs[this._operand()];
440
+ break;
441
+ }
442
+ case OP.VOID: {
443
+ var dst = this._operand();
444
+ this._operand(); // consume src — evaluated for side-effects by compiler
445
+ frame.regs[dst] = undefined;
446
+ break;
447
+ }
448
+ case OP.TYPEOF_SAFE: {
449
+ // dst, nameConstIdx — safe typeof for potentially-undeclared globals.
450
+ var dst = this._operand();
451
+ var name = this._constant();
452
+ var val = Object.prototype.hasOwnProperty.call(this.globals, name)
453
+ ? this.globals[name]
454
+ : undefined;
455
+ frame.regs[dst] = typeof val;
456
+ break;
457
+ }
458
+
459
+ // ── Control flow ──────────────────────────────────────────────────────
460
+ case OP.JUMP:
461
+ frame._pc = this._operand();
462
+ break;
463
+
464
+ case OP.JUMP_IF_FALSE: {
465
+ var src = this._operand();
466
+ var target = this._operand();
467
+ if (!frame.regs[src]) frame._pc = target;
468
+ break;
469
+ }
470
+
471
+ case OP.JUMP_IF_TRUE: {
472
+ // || short-circuit: if truthy, jump over RHS.
473
+ var src = this._operand();
474
+ var target = this._operand();
475
+ if (frame.regs[src]) frame._pc = target;
476
+ break;
477
+ }
478
+
479
+ // ── Calls ─────────────────────────────────────────────────────────────
480
+ case OP.CALL: {
481
+ // dst, calleeReg, argc, [argReg...]
482
+ var dst = this._operand();
483
+ var callee = frame.regs[this._operand()];
484
+ var argc = this._operand();
485
+ var args = new Array(argc);
486
+ for (var i = 0; i < argc; i++) args[i] = frame.regs[this._operand()];
487
+
488
+ if (callee && callee[CLOSURE_SYM]) {
489
+ var c = callee[CLOSURE_SYM];
490
+ var f = new Frame(c, frame._pc, frame, this.globals, dst);
491
+ for (var i = 0; i < args.length; i++) f.regs[i] = args[i];
492
+ f.regs[c.fn.paramCount] = args;
493
+ this._frameStack.push(this._currentFrame);
494
+ this._currentFrame = f;
495
+ } else {
496
+ frame.regs[dst] = callee.apply(null, args);
497
+ }
498
+ break;
499
+ }
500
+
501
+ case OP.CALL_METHOD: {
502
+ // dst, receiverReg, calleeReg, argc, [argReg...]
503
+ var dst = this._operand();
504
+ var receiver = frame.regs[this._operand()];
505
+ var callee = frame.regs[this._operand()];
506
+ var argc = this._operand();
507
+ var args = new Array(argc);
508
+ for (var i = 0; i < argc; i++) args[i] = frame.regs[this._operand()];
509
+
510
+ if (callee && callee[CLOSURE_SYM]) {
511
+ var c = callee[CLOSURE_SYM];
512
+ var f = new Frame(c, frame._pc, frame, receiver, dst);
513
+ for (var i = 0; i < args.length; i++) f.regs[i] = args[i];
514
+ f.regs[c.fn.paramCount] = args;
515
+ this._frameStack.push(this._currentFrame);
516
+ this._currentFrame = f;
517
+ } else {
518
+ frame.regs[dst] = callee.apply(receiver, args);
519
+ }
520
+ break;
521
+ }
522
+
523
+ case OP.NEW: {
524
+ // dst, calleeReg, argc, [argReg...]
525
+ var dst = this._operand();
526
+ var callee = frame.regs[this._operand()];
527
+ var argc = this._operand();
528
+ var args = new Array(argc);
529
+ for (var i = 0; i < argc; i++) args[i] = frame.regs[this._operand()];
530
+
531
+ if (callee && callee[CLOSURE_SYM]) {
532
+ var c = callee[CLOSURE_SYM];
533
+ var newObj = Object.create(c.prototype || null);
534
+ var f = new Frame(c, frame._pc, frame, newObj, dst);
535
+ f._newObj = newObj;
536
+ for (var i = 0; i < args.length; i++) f.regs[i] = args[i];
537
+ f.regs[c.fn.paramCount] = args;
538
+ this._frameStack.push(this._currentFrame);
539
+ this._currentFrame = f;
540
+ } else {
541
+ // Reflect.construct is required - Object.create+apply does NOT set
542
+ // internal slots ([[NumberData]], [[StringData]], etc.) for built-ins.
543
+ frame.regs[dst] = Reflect.construct(callee, args);
544
+ }
545
+ break;
546
+ }
547
+
548
+ case OP.RETURN: {
549
+ var retVal = frame.regs[this._operand()];
550
+ this._closeUpvaluesFor(frame); // must happen before frame is abandoned
551
+
552
+ if (this._frameStack.length === 0) return retVal; // main script returning
553
+
554
+ // new-call rule: primitive return -> discard, use the constructed object instead
555
+ if (frame._newObj !== null) {
556
+ if (typeof retVal !== "object" || retVal === null)
557
+ retVal = frame._newObj;
558
+ }
559
+
560
+ var parentFrame = this._frameStack.pop();
561
+ parentFrame.regs[frame._retDstReg] = retVal;
562
+ this._currentFrame = parentFrame;
563
+ break;
564
+ }
565
+
566
+ case OP.THROW:
567
+ throw frame.regs[this._operand()];
568
+
569
+ // ── Closures ──────────────────────────────────────────────────────────
570
+ case OP.MAKE_CLOSURE: {
571
+ // dst, startPc, paramCount, regCount, uvCount, [isLocal, idx, ...]
572
+ var dst = this._operand();
573
+ var startPc = this._operand();
574
+ var paramCount = this._operand();
575
+ var regCount = this._operand();
576
+ var uvCount = this._operand();
577
+
578
+ var uvDescs = new Array(uvCount);
579
+ for (var i = 0; i < uvCount; i++) {
580
+ var isLocalRaw = this._operand();
581
+ var uvIndex = this._operand();
582
+ uvDescs[i] = { isLocal: isLocalRaw, _index: uvIndex };
583
+ }
584
+
585
+ var fn = {
586
+ paramCount: paramCount,
587
+ regCount: regCount,
588
+ startPc: startPc,
589
+ upvalueDescriptors: uvDescs,
590
+ };
591
+
592
+ var closure = new Closure(fn);
593
+ for (var i = 0; i < uvDescs.length; i++) {
594
+ var uvd = uvDescs[i];
595
+ if (uvd.isLocal) {
596
+ closure.upvalues.push(this.captureUpvalue(frame, uvd._index));
597
+ } else {
598
+ closure.upvalues.push(frame.closure.upvalues[uvd._index]);
599
+ }
600
+ }
601
+
602
+ // Wrap in a native callable shell so host code (array methods,
603
+ // test assertions, setTimeout, etc.) can invoke VM closures.
604
+ // CLOSURE_SYM lets VM-internal CALL/NEW bypass the sub-VM entirely.
605
+ var self = this;
606
+ var shell = (function (c) {
607
+ return function () {
608
+ var args = Array.prototype.slice.call(arguments);
609
+ var sub = new VM(
610
+ self.bytecode,
611
+ 0,
612
+ c.fn.regCount,
613
+ self.constants,
614
+ self.globals,
615
+ );
616
+ var f = new Frame(
617
+ c,
618
+ null,
619
+ null,
620
+ this == null ? self.globals : this,
621
+ 0,
622
+ );
623
+ for (var i = 0; i < args.length; i++) f.regs[i] = args[i];
624
+ f.regs[c.fn.paramCount] = args;
625
+ sub._currentFrame = f;
626
+ return sub.run();
627
+ };
628
+ })(closure);
629
+ shell[CLOSURE_SYM] = closure;
630
+ shell.prototype = closure.prototype; // unified prototype for new/instanceof
631
+ frame.regs[dst] = shell;
632
+ break;
633
+ }
634
+
635
+ // ── Collections ───────────────────────────────────────────────────────
636
+ case OP.BUILD_ARRAY: {
637
+ // dst, count, [elemReg...]
638
+ var dst = this._operand();
639
+ var count = this._operand();
640
+ var elems = new Array(count);
641
+ for (var i = 0; i < count; i++)
642
+ elems[i] = frame.regs[this._operand()];
643
+ frame.regs[dst] = elems;
644
+ break;
645
+ }
646
+
647
+ case OP.BUILD_OBJECT: {
648
+ // dst, pairCount, [keyReg, valReg, ...]
649
+ var dst = this._operand();
650
+ var pairCount = this._operand();
651
+ var o = {};
652
+ for (var i = 0; i < pairCount; i++) {
653
+ var key = frame.regs[this._operand()];
654
+ var val = frame.regs[this._operand()];
655
+ o[key] = val;
656
+ }
657
+ frame.regs[dst] = o;
658
+ break;
659
+ }
660
+
661
+ // ── Property definitions (getters / setters) ──────────────────────────
662
+ case OP.DEFINE_GETTER: {
663
+ // obj, key, fn
664
+ var obj = frame.regs[this._operand()];
665
+ var key = frame.regs[this._operand()];
666
+ var getterFn = frame.regs[this._operand()];
667
+ var existingDesc = Object.getOwnPropertyDescriptor(obj, key);
668
+ var getDesc: PropertyDescriptor = {
669
+ get: getterFn,
670
+ configurable: true,
671
+ enumerable: true,
672
+ };
673
+ if (existingDesc && typeof existingDesc.set === "function") {
674
+ getDesc.set = existingDesc.set;
675
+ }
676
+ Object.defineProperty(obj, key, getDesc);
677
+ break;
678
+ }
679
+
680
+ case OP.DEFINE_SETTER: {
681
+ // obj, key, fn
682
+ var obj = frame.regs[this._operand()];
683
+ var key = frame.regs[this._operand()];
684
+ var setterFn = frame.regs[this._operand()];
685
+ var existingDesc = Object.getOwnPropertyDescriptor(obj, key);
686
+ var setDesc: PropertyDescriptor = {
687
+ set: setterFn,
688
+ configurable: true,
689
+ enumerable: true,
690
+ };
691
+ if (existingDesc && typeof existingDesc.get === "function") {
692
+ setDesc.get = existingDesc.get;
693
+ }
694
+ Object.defineProperty(obj, key, setDesc);
695
+ break;
696
+ }
697
+
698
+ // ── For-in iteration ──────────────────────────────────────────────────
699
+ case OP.FOR_IN_SETUP: {
700
+ // dst, src — build iterator object from enumerable keys of regs[src]
701
+ var dst = this._operand();
702
+ var obj = frame.regs[this._operand()];
703
+ var keys = [];
704
+ if (obj !== null && obj !== undefined) {
705
+ var seen = Object.create(null);
706
+ var cur = Object(obj); // box primitives
707
+ while (cur !== null) {
708
+ var ownNames = Object.getOwnPropertyNames(cur);
709
+ for (var i = 0; i < ownNames.length; i++) {
710
+ var k = ownNames[i];
711
+ if (!(k in seen)) {
712
+ seen[k] = true;
713
+ var propDesc = Object.getOwnPropertyDescriptor(cur, k);
714
+ if (propDesc && propDesc.enumerable) {
715
+ keys.push(k);
716
+ }
717
+ }
718
+ }
719
+ cur = Object.getPrototypeOf(cur);
720
+ }
721
+ }
722
+ frame.regs[dst] = { _keys: keys, i: 0 };
723
+ break;
724
+ }
725
+
726
+ case OP.FOR_IN_NEXT: {
727
+ // dst, iterReg, exitTarget
728
+ // Advances iterator; writes next key to dst, or jumps to exitTarget when done.
729
+ var dst = this._operand();
730
+ var iter = frame.regs[this._operand()];
731
+ var exitTarget = this._operand();
732
+ if (iter.i >= iter._keys.length) {
733
+ frame._pc = exitTarget;
734
+ } else {
735
+ frame.regs[dst] = iter._keys[iter.i++];
736
+ }
737
+ break;
738
+ }
739
+
740
+ // ── Exception handling ────────────────────────────────────────────────
741
+ case OP.TRY_SETUP: {
742
+ // handlerPc, exceptionReg push exception handler record onto current frame.
743
+ frame._handlerStack.push({
744
+ handlerPc: this._operand(),
745
+ exceptionReg: this._operand(),
746
+ frameStackDepth: this._frameStack.length,
747
+ });
748
+ break;
749
+ }
750
+
751
+ case OP.TRY_END: {
752
+ // Normal exit from a try block disarm the exception handler.
753
+ frame._handlerStack.pop();
754
+ break;
755
+ }
756
+
757
+ // ── Self-modifying bytecode ───────────────────────────────────────────
758
+ case OP.PATCH: {
759
+ // destPc, sliceStart, sliceEnd
760
+ var destPc = this._operand();
761
+ var sliceStart = this._operand();
762
+ var sliceEnd = this._operand();
763
+ for (var pi = sliceStart; pi < sliceEnd; pi++) {
764
+ this.bytecode[destPc + (pi - sliceStart)] = this.bytecode[pi];
765
+ }
766
+ break;
767
+ }
768
+
769
+ case OP.DEBUGGER: {
770
+ debugger;
771
+ break;
772
+ }
773
+
774
+ default:
775
+ throw new Error(
776
+ "Unknown opcode: " + op + " at pc " + (frame._pc - 1),
777
+ );
778
+ }
779
+ } catch (err) {
780
+ // Exception handler unwinding (CPython-style frame walk, Lua-style upvalue close).
781
+ // Walk from the current frame upward until we find a frame that has an open
782
+ // exception handler (TRY_SETUP without a matching TRY_END).
783
+ // For every frame we abandon along the way, close its captured upvalues.
784
+ var handledFrame = null;
785
+ var searchFrame = this._currentFrame;
786
+ while (true) {
787
+ if (searchFrame._handlerStack.length > 0) {
788
+ handledFrame = searchFrame;
789
+ break;
790
+ }
791
+ // No handler in this frame — abandon it and walk up.
792
+ this._closeUpvaluesFor(searchFrame);
793
+ if (this._frameStack.length === 0) break;
794
+ searchFrame = this._frameStack.pop();
795
+ this._currentFrame = searchFrame;
796
+ }
797
+
798
+ if (!handledFrame) throw err; // no handler anywhere — propagate to host
799
+
800
+ var h = handledFrame._handlerStack.pop();
801
+ // Discard any call-frames that were pushed inside the try body.
802
+ this._frameStack.length = h.frameStackDepth;
803
+ // Write the caught exception directly into the designated register.
804
+ handledFrame.regs[h.exceptionReg] = err;
805
+ // Jump to the catch block.
806
+ handledFrame._pc = h.handlerPc;
807
+ this._currentFrame = handledFrame;
808
+ }
809
+ }
810
+ };
811
+
812
+ // Boot
813
+ var globals: any = {}; // global object for globals
814
+
815
+ // Always pull built-ins from globalThis so eval() scoping can't shadow them
816
+ // with a local `window` variable (e.g. the test harness fake window).
817
+ for (var k of Object.getOwnPropertyNames(globalThis)) {
818
+ globals[k] = globalThis[k];
819
+ }
820
+ // If a window object is in scope (browser or test harness), capture it
821
+ // explicitly so VM code can read/write window.TEST_OUTPUT etc.
822
+ if (typeof window !== "undefined") {
823
+ globals["window"] = window;
824
+ }
825
+
826
+ // Transfer common primitives
827
+ globals.undefined = undefined;
828
+ globals.Infinity = Infinity;
829
+ globals.NaN = NaN;
830
+
831
+ var vm = new VM(
832
+ decodeBytecode(BYTECODE),
833
+ MAIN_START_PC,
834
+ MAIN_REG_COUNT,
835
+ CONSTANTS,
836
+ globals,
837
+ );
838
+ vm.run();