js-confuser-vm 0.0.5 → 0.0.7

package/src/transforms/runtime/internalVariables.ts

@@ -0,0 +1,270 @@
+// Goes through the switch case for defined identifiers on the statement level
+// Example:
+// case OP.LOAD_CONST: {
+//   var dst = this._operand();
+//   frame.regs[dst] = this._constant();
+//   break;
+// }
+// You find "dst" is defined in this scope.
+// You first check the compiler to see if it's already assigned an index in compiler._internals mapping varName=>index
+// If not found, use compiler._internals.globally.size as the new index (when options.randomizeOpcodes is off, when on, choose random between 0 and 65535), and add varName=>index to compiler._internals
+// Then replace the VariableDeclaration to an AssignmentExpression setting left this._internals[index] = init;
+// Then replace all identifiers of "dst" to this._internals[index] as well (Updates references)
+// Final output:
+// case OP.LOAD_CONST: {
+//   this._internals[index] = this._operand();
+//   frame.regs[this._internals[index]] = this._constant();
+//   break;
+// }
+
+import { Compiler } from "../../compiler.ts";
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { getRandomInt } from "../../utils/random-utils.ts";
+import { U16_MAX } from "../../utils/op-utils.ts";
+
+const traverse = (traverseImport.default ||
+  traverseImport) as typeof traverseImport.default;
+
+export function makeInternalsAccess(index: number): t.MemberExpression {
+  return t.memberExpression(
+    t.memberExpression(t.thisExpression(), t.identifier("_internals")),
+    t.numericLiteral(index),
+    true, // computed
+  );
+}
+
+function collectUsedIndices(compiler: Compiler): Set<number> {
+  const used = new Set<number>();
+  for (const v of compiler._internals.globally.values()) used.add(v);
+  for (const opMap of compiler._internals.opcodes.values()) {
+    for (const v of opMap.values()) used.add(v);
+  }
+  return used;
+}
+
+// Assign or look up the _internals slot index for a variable name within a
+// specific opcode handler.
+//
+// _internals.opcodes[currentOpcode] is the source of truth for this opcode.
+// _internals.globally holds the shared pool written on first sight.
+//
+// randomizeOpcodes OFF → always reuse / create in globally, mirror to opcodes.
+// randomizeOpcodes ON  → first time a name is seen: create global slot.
+//                        subsequent opcodes: 50% reuse global, 50% create an
+//                        opcode-specific random slot (NOT written to globally).
+function assignInternalsIndex(
+  name: string,
+  compiler: Compiler,
+  currentOpcode: number,
+): number {
+  // Ensure per-opcode map exists
+  let opcodeMap = compiler._internals.opcodes.get(currentOpcode);
+  if (!opcodeMap) {
+    opcodeMap = new Map();
+    compiler._internals.opcodes.set(currentOpcode, opcodeMap);
+  }
+
+  // Already registered for this opcode — return immediately
+  const existing = opcodeMap.get(name);
+  if (existing !== undefined) return existing;
+
+  const globalIndex = compiler._internals.globally.get(name);
+  let index: number;
+
+  if (!compiler.options.randomizeOpcodes) {
+    // Non-random: always share the global sequential slot
+    if (globalIndex === undefined) {
+      index = compiler._internals.globally.size;
+      compiler._internals.globally.set(name, index);
+    } else {
+      index = globalIndex;
+    }
+  } else if (globalIndex === undefined) {
+    // First opcode to declare this variable — establish the global slot
+    const used = collectUsedIndices(compiler);
+    let candidate: number;
+    do {
+      candidate = getRandomInt(0, U16_MAX);
+    } while (used.has(candidate));
+    index = candidate;
+    compiler._internals.globally.set(name, index);
+  } else {
+    // Already in global: 50% chance to reuse, 50% opcode-specific new slot
+    if (Math.random() < 0.5) {
+      index = globalIndex;
+    } else {
+      const used = collectUsedIndices(compiler);
+      let candidate: number;
+      do {
+        candidate = getRandomInt(0, U16_MAX);
+      } while (used.has(candidate));
+      index = candidate;
+      // Intentionally NOT written to globally — this slot is opcode-specific
+    }
+  }
+
+  opcodeMap.set(name, index);
+  return index;
+}
+
+export function applyInternalVariablesToSwitchCase(
+  node: t.SwitchCase,
+  compiler: Compiler,
+  currentOpcode: number,
+) {
+  // Work with the actual body array (block body or flat consequent)
+  let bodyArr: t.Statement[];
+  if (node.consequent.length === 1 && t.isBlockStatement(node.consequent[0])) {
+    bodyArr = (node.consequent[0] as t.BlockStatement).body;
+  } else {
+    bodyArr = node.consequent as t.Statement[];
+  }
+
+  // Single traversal: declarations and references handled in one pass.
+  //
+  // Declaration (Identifier is VariableDeclarator.id):
+  //   → register/look-up slot, replace entire VariableDeclaration with
+  //     AssignmentExpression (bare for ForStatement.init, else ExpressionStatement).
+  //
+  // Reference (any other Identifier):
+  //   → look up opcodes[currentOpcode] (source of truth) and replace if found.
+  //     This handles cross-statement refs produced by micro-opcode splitting.
+  const syntheticFile = t.file(t.program(bodyArr as t.Statement[]));
+  const illegalNames = new Set<string>(); // Nested closure names are skipped
+
+  traverse(syntheticFile, {
+    Identifier(path) {
+      const name = path.node.name;
+      if (illegalNames.has(name)) return;
+
+      // Skip non-computed property names: obj.name
+      if (
+        t.isMemberExpression(path.parent) &&
+        !path.parent.computed &&
+        path.parent.property === path.node
+      ) {
+        return;
+      }
+
+      // Skip non-computed object-property keys: { name: value }
+      if (
+        t.isObjectProperty(path.parent) &&
+        !path.parent.computed &&
+        path.parent.key === path.node
+      ) {
+        return;
+      }
+
+      // Don't descend into nested function scopes
+      if (
+        path.find(
+          (p) =>
+            p.isFunctionDeclaration() ||
+            p.isFunctionExpression() ||
+            p.isArrowFunctionExpression(),
+        )
+      ) {
+        return;
+      }
+
+      // ── Declaration binding ──────────────────────────────────────────────
+      if (t.isVariableDeclarator(path.parent) && path.parent.id === path.node) {
+        // Verify it's not referenced in nested closure (illegal)
+        const binding = path.scope.getBinding(name);
+        if (
+          binding?.referencePaths.some((rp) =>
+            rp.findParent(
+              (p) =>
+                p.isFunctionDeclaration() ||
+                p.isFunctionExpression() ||
+                p.isArrowFunctionExpression(),
+            ),
+          )
+        ) {
+          illegalNames.add(name);
+          return;
+        }
+
+        const index = assignInternalsIndex(name, compiler, currentOpcode);
+        const init = (path.parent as t.VariableDeclarator).init;
+
+        const assignment = t.assignmentExpression(
+          "=",
+          makeInternalsAccess(index),
+          init ?? t.identifier("undefined"),
+        );
+
+        // Two levels up: VariableDeclarator → VariableDeclaration
+        const varDeclPath = path.parentPath!.parentPath!;
+
+        if (
+          t.isForStatement(varDeclPath.parent) &&
+          varDeclPath.parent.init === varDeclPath.node
+        ) {
+          // ForStatement.init accepts an Expression directly
+          varDeclPath.replaceWith(assignment);
+        } else {
+          varDeclPath.replaceWith(t.expressionStatement(assignment));
+        }
+        return;
+      }
+
+      // ── Reference ───────────────────────────────────────────────────────
+      // Source of truth for this opcode is its own per-opcode map
+      const opcodeMap = compiler._internals.opcodes.get(currentOpcode);
+      const index = opcodeMap?.get(name);
+      if (index !== undefined) {
+        path.replaceWith(makeInternalsAccess(index));
+        path.skip();
+      }
+    },
+  });
+}
+
+// This takes the AST and finds the runtime switch statement via the leading
+// comment "@SWITCH" then applies the above transformation to each switch case.
+export function applyInteralVariablesToRuntime(
+  ast: t.File,
+  compiler: Compiler,
+) {
+  let switchStatement: t.SwitchStatement | null = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some((c) => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    },
+  });
+
+  ok(
+    switchStatement,
+    "Could not find @SWITCH statement for internal variables",
+  );
+
+  for (const sc of (switchStatement as t.SwitchStatement).cases) {
+    const test = sc.test;
+    let currentOpcode: number | null = null;
+
+    if (
+      test &&
+      t.isMemberExpression(test) &&
+      t.isIdentifier(test.object, { name: "OP" }) &&
+      t.isIdentifier(test.property)
+    ) {
+      // case OP.LOAD_CONST: → resolve via compiler.OP
+      const opName = (test.property as t.Identifier).name;
+      const val = compiler.OP[opName as keyof typeof compiler.OP];
+      if (val !== undefined) currentOpcode = val as number;
+    } else if (test && t.isNumericLiteral(test)) {
+      // Already a numeric literal (e.g. generated micro-opcode cases)
+      currentOpcode = test.value;
+    }
+
+    if (currentOpcode === null) continue;
+
+    applyInternalVariablesToSwitchCase(sc, compiler, currentOpcode);
+  }
+}

package/src/transforms/runtime/macroOpcodes.ts

@@ -2,6 +2,7 @@ import * as t from "@babel/types";
 import traverseImport from "@babel/traverse";
 import { ok } from "assert";
 import { Compiler } from "../../compiler.ts";
+import generate from "@babel/generator";
 const traverse = (traverseImport.default ||
   traverseImport) as typeof traverseImport.default;
 
@@ -23,6 +24,43 @@ function extractCaseBody(switchCase: t.SwitchCase): t.Statement[] {
   return stmts.filter((s) => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
 }
 
+export function getOpcodeToCaseMap(
+  switchStatement: t.SwitchStatement,
+  compiler: Compiler,
+): Map<number, t.SwitchCase> {
+  // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
+  const opcodeToCaseMap = new Map<number, t.SwitchCase>();
+  for (const sc of (switchStatement as t.SwitchStatement).cases) {
+    const test = sc.test;
+    if (!test) continue;
+
+    let opcode;
+    let opName;
+    if (
+      t.isMemberExpression(test) &&
+      t.isIdentifier(test.object, { name: "OP" }) &&
+      t.isIdentifier(test.property)
+    ) {
+      opName = test.property.name;
+      opcode = +Object.keys(compiler.OP_NAME).find(
+        (key) => compiler.OP_NAME[key] == opName,
+      );
+    } else if (t.isNumericLiteral(test)) {
+      opcode = test.value;
+    }
+
+    ok(
+      typeof opcode === "number" && !Number.isNaN(opcode),
+      `Failed to parse ${opcode} from ${opName}`,
+    );
+    if (opcode !== undefined) {
+      opcodeToCaseMap.set(opcode, sc);
+    }
+  }
+
+  return opcodeToCaseMap;
+}
+
 // Append a generated switch case for every entry in compiler.MACRO_OPS.
 // Each case inlines the constituent case bodies directly — no operand stack,
 // no substitution needed.  Because every opcode handler now reads its own
@@ -42,19 +80,7 @@ export function applyMacroOpcodes(ast: t.File, compiler: Compiler): void {
 
   ok(switchStatement, "Could not find @SWITCH statement for macro opcodes");
 
-  // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
-  const nameToCaseMap = new Map<string, t.SwitchCase>();
-  for (const sc of (switchStatement as t.SwitchStatement).cases) {
-    const test = sc.test;
-    if (
-      test &&
-      t.isMemberExpression(test) &&
-      t.isIdentifier(test.object, { name: "OP" }) &&
-      t.isIdentifier(test.property)
-    ) {
-      nameToCaseMap.set((test.property as t.Identifier).name, sc);
-    }
-  }
+  const opcodeToCaseMap = getOpcodeToCaseMap(switchStatement, compiler);
 
   for (const [macroOpStr, constituentOps] of Object.entries(
     compiler.MACRO_OPS,
@@ -66,21 +92,22 @@ export function applyMacroOpcodes(ast: t.File, compiler: Compiler): void {
     const constituentCases: t.SwitchCase[] = [];
     let allFound = true;
     for (const opVal of constituentOps) {
-      const opName = compiler.OP_NAME[opVal];
-      if (!opName) {
-        allFound = false;
-        break;
-      }
-      const found = nameToCaseMap.get(opName);
+      const found = opcodeToCaseMap.get(opVal);
       if (!found) {
         allFound = false;
         break;
       }
       constituentCases.push(found);
     }
-    if (!allFound) continue;
+    if (!allFound) {
+      throw new Error(
+        `Could not find all constituent ops for macro op ${macroOpCode}`,
+      );
+    }
 
     const opNames = constituentOps.map((v) => compiler.OP_NAME[v] ?? `OP_${v}`);
+    let newName = opNames.join(",");
+    compiler.OP_NAME[macroOpCode] = newName;
 
     // ── Build the macro case body ──────────────────────────────────────────
     // Clone and inline each sub-instruction's case body directly.

package/src/transforms/runtime/microOpcodes.ts

@@ -0,0 +1,93 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { Compiler } from "../../compiler.ts";
+import { applyInternalVariablesToSwitchCase } from "./internalVariables.ts";
+
+const traverse = (traverseImport.default ||
+  traverseImport) as typeof traverseImport.default;
+
+// Extract the real statement list from a SwitchCase consequent.
+function extractCaseBody(switchCase: t.SwitchCase): t.Statement[] {
+  let stmts: t.Statement[];
+  if (
+    switchCase.consequent.length === 1 &&
+    t.isBlockStatement(switchCase.consequent[0])
+  ) {
+    stmts = (switchCase.consequent[0] as t.BlockStatement).body;
+  } else {
+    stmts = switchCase.consequent as t.Statement[];
+  }
+  return stmts.filter((s) => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
+}
+
+// Append a generated switch case for every entry in compiler.MICRO_OPS.
+// applyInteralVariablesToRuntime must run before this so that the source
+// case bodies are already using this._internals[index] instead of local vars.
+// Must be called BEFORE applyShuffleOpcodes so the new cases get shuffled.
+export function applyMicroOpcodes(ast: t.File, compiler: Compiler): void {
+  if (!compiler.MICRO_OPS || Object.keys(compiler.MICRO_OPS).length === 0) {
+    return;
+  }
+
+  let switchStatement: t.SwitchStatement | null = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some((c) => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    },
+  });
+
+  ok(switchStatement, "Could not find @SWITCH statement for micro opcodes");
+
+  // Build  opName → SwitchCase  from existing cases.
+  const nameToCaseMap = new Map<string, t.SwitchCase>();
+  for (const sc of (switchStatement as t.SwitchStatement).cases) {
+    const test = sc.test;
+    if (
+      test &&
+      t.isMemberExpression(test) &&
+      t.isIdentifier(test.object, { name: "OP" }) &&
+      t.isIdentifier(test.property)
+    ) {
+      nameToCaseMap.set((test.property as t.Identifier).name, sc);
+    }
+  }
+
+  for (const [microOpStr, info] of Object.entries(compiler.MICRO_OPS)) {
+    const microOpCode = Number(microOpStr);
+    const { originalOp, stmtIndex } = info;
+
+    const originalName = compiler.OP_NAME[originalOp];
+    if (!originalName) continue;
+
+    const originalCase = nameToCaseMap.get(originalName);
+    if (!originalCase) continue;
+
+    // Extract and clone all non-break statements from the original case body.
+    const allStmts = extractCaseBody(originalCase);
+    if (stmtIndex >= allStmts.length) continue;
+
+    const rawStmt = t.cloneNode(allStmts[stmtIndex], true) as t.Statement;
+
+    const newCase = t.switchCase(t.numericLiteral(microOpCode), [
+      t.blockStatement([rawStmt, t.breakStatement()]),
+    ]);
+
+    // Apply internal-variable substitution — this may replace rawStmt in the
+    // block body (var decl → assignment), so add the comment afterwards on
+    // whatever the first statement of the block actually is.
+    applyInternalVariablesToSwitchCase(newCase, compiler, microOpCode);
+
+    const blockBody = (newCase.consequent[0] as t.BlockStatement).body;
+    const firstStmt = blockBody[0];
+    if (firstStmt) {
+      const microName = compiler.OP_NAME[microOpCode] ?? `MICRO_${microOpCode}`;
+      t.addComment(firstStmt, "leading", ` ${microName}`, true);
+    }
+
+    (switchStatement as t.SwitchStatement).cases.push(newCase);
+  }
+}

package/src/transforms/runtime/shuffleOpcodes.ts

@@ -1,7 +1,7 @@
 import * as t from "@babel/types";
 import traverseImport from "@babel/traverse";
 import { ok } from "assert";
-import { shuffle } from "../utils/random-utils.ts";
+import { shuffle } from "../../utils/random-utils.ts";
 const traverse = (traverseImport.default ||
   traverseImport) as typeof traverseImport.default;
 

package/src/transforms/runtime/specializedOpcodes.ts

@@ -2,7 +2,7 @@ import * as t from "@babel/types";
 import traverseImport from "@babel/traverse";
 import { ok } from "assert";
 import { Compiler } from "../../compiler.ts";
-import type * as b from "../../types.ts";
+import { getOpcodeToCaseMap } from "./macroOpcodes.ts";
 
 const traverse = (traverseImport.default ||
   traverseImport) as typeof traverseImport.default;
@@ -26,26 +26,50 @@ function extractCaseBody(switchCase: t.SwitchCase): t.Statement[] {
 // Because specialized opcodes are only created for instructions that have
 // *exactly one* numeric operand, every `_operand()` call inside the original
 // handler is replaced by the constant value that was baked into the opcode.
-function inlineFixedOperand(
+function inlineFixedOperands(
   bodyStmts: t.Statement[],
-  resolvedValue: number,
+  resolvedValues: number[],
 ): void {
   // Wrap the statements in a temporary BlockStatement so traverse has a root.
   // The replacement mutates the original statement objects in place.
+  var replaced = 0;
+  function consumeOperand() {
+    const resolvedValue = resolvedValues[replaced++];
+    ok(
+      typeof resolvedValue === "number",
+      `Expected a numeric operand value, got ${resolvedValue}`,
+    );
+    return t.numericLiteral(resolvedValue);
+  }
+
   traverse(t.blockStatement(bodyStmts), {
     noScope: true,
     CallExpression(path) {
       const callee = path.node.callee;
-      if (
-        t.isMemberExpression(callee) &&
-        t.isThisExpression(callee.object) &&
-        t.isIdentifier(callee.property, { name: "_operand" }) &&
-        path.node.arguments.length === 0
-      ) {
-        path.replaceWith(t.numericLiteral(resolvedValue));
+
+      const isMethodCall = (methodName) => {
+        return (
+          t.isMemberExpression(callee) &&
+          t.isThisExpression(callee.object) &&
+          t.isIdentifier(callee.property, { name: methodName }) &&
+          path.node.arguments.length === 0
+        );
+      };
+
+      if (isMethodCall("_operand")) {
+        path.replaceWith(consumeOperand());
+      }
+
+      if (isMethodCall("_constant")) {
+        path.node.arguments = [consumeOperand(), consumeOperand()];
       }
     },
   });
+
+  ok(
+    replaced === resolvedValues.length,
+    `Expected to replace ${resolvedValues.length} operands, but replaced ${replaced}`,
+  );
 }
 
 // Append a generated switch case for every entry in compiler.SPECIALIZED_OPS.
@@ -53,11 +77,7 @@ function inlineFixedOperand(
 // replaced by the constant integer that was captured at compile time.
 // Must be called AFTER applyMacroOpcodes (so the original cases exist) but
 // BEFORE applyShuffleOpcodes so the new specialized cases also get shuffled.
-export function applySpecializedOpcodes(
-  ast: t.File,
-  bytecode: b.Bytecode,
-  compiler: Compiler,
-): void {
+export function applySpecializedOpcodes(ast: t.File, compiler: Compiler): void {
   let switchStatement: t.SwitchStatement | null = null;
   traverse(ast, {
     SwitchStatement(path) {
@@ -74,55 +94,45 @@ export function applySpecializedOpcodes(
   );
 
   // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
-  const nameToCaseMap = new Map<string, t.SwitchCase>();
-  for (const sc of (switchStatement as t.SwitchStatement).cases) {
-    const test = sc.test;
-    if (
-      test &&
-      t.isMemberExpression(test) &&
-      t.isIdentifier(test.object, { name: "OP" }) &&
-      t.isIdentifier(test.property)
-    ) {
-      nameToCaseMap.set((test.property as t.Identifier).name, sc);
-    }
-  }
+  const opcodeToCaseMap = getOpcodeToCaseMap(switchStatement, compiler);
 
   if (!compiler.SPECIALIZED_OPS) return;
 
   for (const [specialOpStr, info] of Object.entries(compiler.SPECIALIZED_OPS)) {
     const specialOpCode = Number(specialOpStr);
-    const { originalOp, operand } = info as {
-      originalOp: number;
-      operand: number;
-    };
+    const { originalOp, operands } = info;
 
-    const newName = compiler.OP_NAME[specialOpCode];
+    let newName = compiler.OP_NAME[specialOpCode];
     const originalName = compiler.OP_NAME[originalOp];
-    if (!originalName) continue;
+    const originalCase = opcodeToCaseMap.get(originalOp);
 
-    const originalCase = nameToCaseMap.get(originalName);
-    if (!originalCase) continue;
+    ok(
+      originalCase,
+      `Could not find original case for opcode ${originalName} (${originalOp})`,
+    );
 
     // Clone the original handler body
     const bodyStmts: t.Statement[] = extractCaseBody(originalCase).map(
       (s) => t.cloneNode(s, true) as t.Statement,
     );
 
-    const placedOperand = info.resolvedOperand || { resolvedValue: 1337 };
-    ok(
-      placedOperand !== undefined,
-      `Could not find operand for original opcode ${newName}`,
-    );
+    const placedOperands = info.operands;
+    ok(placedOperands, `Could not find operand for original opcode ${newName}`);
 
-    const resolvedValue =
-      (placedOperand as any)?.resolvedValue ?? placedOperand;
-    if (typeof resolvedValue !== "number") {
-      console.error(resolvedValue);
+    const resolvedValues = placedOperands.map((placedOperand) => {
+      return (placedOperand as any)?.resolvedValue ?? placedOperand;
+    });
+
+    if (resolvedValues.find((v) => typeof v !== "number")) {
+      console.error(info);
+      throw new Error("Expected all resolved operand values to be numbers");
     }
-    ok(typeof resolvedValue === "number", "Expected a numeric operand value");
+
+    newName = `${originalName}_${resolvedValues.join("_")}`;
+    compiler.OP_NAME[specialOpCode] = newName;
 
     // Replace this._operand() with the baked-in constant
-    inlineFixedOperand(bodyStmts, resolvedValue);
+    inlineFixedOperands(bodyStmts, resolvedValues);
 
     // Add a leading comment so the generated source stays readable
     if (bodyStmts.length > 0) {

package/src/types.ts

@@ -8,7 +8,7 @@
 // each operand as a separate u16 slot in the bytecode array.
 export type InstrOperand =
   | number
-  | Op<{ type: "number"; value: number }>
+  | Op<{ type: "number"; value?: number }>
   | Op<{ type: "label"; label: string; offset?: number }>
   | Op<{ type: "defineLabel"; label: string }>
   | Op<{ type: "constant"; value: any }>;

package/src/utils/op-utils.ts

@@ -0,0 +1,46 @@
+import { getRandomInt } from "./random-utils.ts";
+import * as b from "../types.ts";
+import { Compiler } from "../compiler.ts";
+
+export const U16_MAX = 0xffff; // bytecode operands are u16
+
+/** Returns the next free opcode slot, or -1 when the space is exhausted. */
+export function nextFreeSlot(compiler: Compiler): number {
+  // ── Collect used opcodes exactly as specified ─────────────────────────────
+  const usedOpcodes = new Set<number>(
+    Object.keys(compiler.OP_NAME)
+      .map((k) => parseInt(k, 10))
+      .filter((v) => !isNaN(v)) as number[],
+  );
+
+  if (usedOpcodes.size > U16_MAX) return -1;
+
+  // Random opcode
+  if (compiler.options.randomizeOpcodes) {
+    let attempts = 0;
+    while (attempts++ < 512) {
+      const candidate = getRandomInt(0, U16_MAX);
+      if (!usedOpcodes.has(candidate)) {
+        usedOpcodes.add(candidate);
+        return candidate;
+      }
+    }
+  }
+
+  // Fallback: linear scan from a random start
+  const start = Object.keys(compiler.OP_NAME).length;
+  for (let i = 0; i <= U16_MAX; i++) {
+    const v = (start + i) & U16_MAX;
+    if (!usedOpcodes.has(v)) {
+      usedOpcodes.add(v);
+      return v;
+    }
+  }
+  return -1;
+}
+
+export function getInstructionSize(instr: b.Instruction): number {
+  const size = instr.filter((op) => (op as any)?.placeholder !== true).length;
+
+  return size;
+}