js-confuser-vm 0.0.5 → 0.0.7

package/dist/transforms/bytecode/specializedOpcodes.js

@@ -1,42 +1,56 @@
 import { SOURCE_NODE_SYM } from "../../compiler.js";
-import { nextFreeSlot, U16_MAX } from "../utils/op-utils.js";
+import { getInstructionSize, nextFreeSlot } from "../../utils/op-utils.js";
+export const nSizedOps = ["MAKE_CLOSURE", "BUILD_ARRAY", "BUILD_OBJECT", "CALL", "CALL_METHOD", "NEW"];
 
 // Creates specialized opcodes for the most frequent (OPCODE + single_integer_operand) pairs.
 // Example: [OP.LOAD_CONST, 1] becomes [SPECIALIZED_LOAD_CONST_1].
 // Only instructions with *exactly one numeric operand* are considered.
-// MAKE_CLOSURE and any instruction with zero / multiple operands are skipped.
+// MAKE_CLOSURE and other N-sized instructions cannot be specialized
 // Runs after selfModifying but before resolveLabels (operands stay plain numbers).
 export function specializedOpcodes(bc, compiler) {
-  // ── Collect used opcodes exactly as specified ─────────────────────────────
-  const usedOpcodes = new Set(Object.keys(compiler.OP_NAME).map(k => parseInt(k, 10)).filter(v => !isNaN(v)));
-  if (usedOpcodes.size > U16_MAX) return {
-    bytecode: bc
-  };
+  const disallowedOps = new Set(nSizedOps.map(name => compiler.OP[name]));
 
   // ── Step 1: count frequency of eligible (op, operand) pairs ───────────────
   const freqMap = new Map();
   for (const instr of bc) {
     const op = instr[0];
-    if (op === null || op === compiler.OP.MAKE_CLOSURE) continue;
+    if (op === null || disallowedOps.has(op)) continue;
+
+    // Only supports between 1-6 operands
+    const operandCount = getInstructionSize(instr) - 1;
+    if (operandCount < 1 || operandCount > 6) continue;
 
-    // Must have exactly one operand and it must be a plain number
-    if (instr.length !== 2) continue;
-    const operand = instr[1];
-    const key = `${op},${operand}`;
+    // Convert numbers into operand objects so they can be modified elsewhere and preserved
+    const oldOperands = instr.slice(1);
+    const operands = oldOperands.map(operand => {
+      if (typeof operand === "number") {
+        return {
+          type: "number",
+          value: operand,
+          resolvedValue: operand
+        };
+      }
+      return operand;
+    });
+    instr.length = 1;
+    instr.push(...operands);
+    const operandsKey = JSON.stringify(operands);
+    const key = `${op},${operandsKey}`;
     const entry = freqMap.get(key);
     if (entry) {
-      entry.count++;
+      entry.occurences++;
     } else {
       freqMap.set(key, {
         op,
-        operand,
-        count: 1
+        operands,
+        operandsKey,
+        occurences: 1
       });
     }
   }
 
   // ── Step 2: keep combinations that appear >= 2 times, sort by frequency ───
-  const candidates = Array.from(freqMap.values()).filter(e => e.count >= 1).sort((a, b) => b.count - a.count);
+  const candidates = Array.from(freqMap.values()).filter(e => e.occurences >= 1).sort((a, b) => b.occurences - a.occurences);
   if (candidates.length === 0) return {
     bytecode: bc
   };
@@ -45,22 +59,23 @@ export function specializedOpcodes(bc, compiler) {
   const sigToSpecial = new Map();
   const specializedOps = {};
   for (let i = 0; i < candidates.length; i++) {
-    const specialOp = nextFreeSlot(usedOpcodes);
+    const specialOp = nextFreeSlot(compiler);
     if (specialOp === -1) break;
     const {
       op: originalOp,
-      operand
+      operands,
+      operandsKey
     } = candidates[i];
-    const key = `${originalOp},${JSON.stringify(operand)}`;
+    const key = `${originalOp},${operandsKey}`;
     sigToSpecial.set(key, specialOp);
     specializedOps[specialOp] = {
       originalOp,
-      operand
+      operands
     };
 
     // Register a human-readable name for disassembly / debugging
     const originalName = compiler.OP_NAME[originalOp] ?? `OP_${originalOp}`;
-    compiler.OP_NAME[specialOp] = `${originalName}_${JSON.stringify(operand)}`;
+    compiler.OP_NAME[specialOp] = `${originalName}_${JSON.stringify(operandsKey)}`;
   }
 
   // Store mapping so the interpreter knows how to dispatch the specialized op
@@ -70,32 +85,32 @@ export function specializedOpcodes(bc, compiler) {
   const result = [];
   for (const instr of bc) {
     const op = instr[0];
-    // Only consider instructions with exactly one numeric operand
-    if (op === null || instr.length !== 2 || op === compiler.OP.MAKE_CLOSURE) {
+    // Only consider instructions with one or more operands
+    if (op === null || instr.length <= 1 || op === compiler.OP.MAKE_CLOSURE) {
+      result.push(instr);
+      continue;
+    }
+    const operands = instr.slice(1);
+    const operandsKey = JSON.stringify(operands);
+    const key = `${op},${operandsKey}`;
+    const specialOpCode = sigToSpecial.get(key);
+    if (!specialOpCode) {
       result.push(instr);
       continue;
     }
-    const operand = instr[1];
-    const key = `${op},${JSON.stringify(operand)}`;
-    if (sigToSpecial.has(key)) {
-      const specialOpCode = sigToSpecial.get(key);
+    const newOperands = operands.map(operand => {
       const operandAsObject = typeof operand === "object" && operand ? operand : {
         type: "number",
-        value: operand,
         resolvedValue: operand
       };
-      const newOperand = {
-        ...operandAsObject,
-        placeholder: true
-      };
-      const newInstr = [specialOpCode, newOperand];
+      operandAsObject.placeholder = true;
+      return operandAsObject;
+    });
+    const newInstr = [specialOpCode, ...newOperands];
 
-      // Preserve source-node information for error reporting
-      newInstr[SOURCE_NODE_SYM] = instr[SOURCE_NODE_SYM];
-      result.push(newInstr);
-    } else {
-      result.push(instr);
-    }
+    // Preserve source-node information for error reporting
+    newInstr[SOURCE_NODE_SYM] = instr[SOURCE_NODE_SYM];
+    result.push(newInstr);
   }
   return {
     bytecode: result

package/dist/transforms/runtime/aliasedOpcodes.js

@@ -0,0 +1,134 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+const traverse = traverseImport.default || traverseImport;
+
+// Extract the real statement list from a SwitchCase consequent.
+function extractCaseBody(switchCase) {
+  let stmts;
+  if (switchCase.consequent.length === 1 && t.isBlockStatement(switchCase.consequent[0])) {
+    stmts = switchCase.consequent[0].body;
+  } else {
+    stmts = switchCase.consequent;
+  }
+  return stmts.filter(s => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
+}
+
+// Replace every `this._operand()` call in bodyStmts with `_operands[i]`
+// where i is the call's sequential index (0-based).
+// Returns the number of replacements performed.
+function replaceOperandCalls(bodyStmts) {
+  let replaced = 0;
+  traverse(t.blockStatement(bodyStmts), {
+    noScope: true,
+    CallExpression(path) {
+      const callee = path.node.callee;
+      const isMethodCall = methodName => {
+        return t.isMemberExpression(callee) && t.isThisExpression(callee.object) && t.isIdentifier(callee.property, {
+          name: methodName
+        }) && path.node.arguments.length === 0;
+      };
+
+      // Replace with _operands[i]
+      const createOperandAccess = () => {
+        return t.memberExpression(t.identifier("_operands"), t.numericLiteral(replaced++), true // computed
+        );
+      };
+      if (isMethodCall("_operand")) {
+        path.replaceWith(createOperandAccess());
+      }
+      if (isMethodCall("_constant")) {
+        path.node.arguments = [createOperandAccess(), createOperandAccess()];
+      }
+    }
+  });
+  return replaced;
+}
+
+// Appends a generated switch case for every entry in compiler.ALIASED_OPS.
+// Each alias case:
+//   1. Reads all operands eagerly into `_unsortedOperands` (in the shuffled
+//      bytecode order) via sequential this._operand() calls.
+//   2. Restores the original operand order into `_operands` using the INVERSE
+//      of the stored `order` permutation:
+//        inverseOrder[order[i]] = i
+//        _operands[j] = _unsortedOperands[inverseOrder[j]]
+//      This is necessary because the bytecode stored originalOperands[order[i]]
+//      at slot i, so recovering originalOperands[j] requires the inverse lookup.
+//   3. Executes a clone of the original handler body where every
+//      this._operand() has been replaced by the corresponding `_operands[i]`.
+//
+// Must run AFTER applyMacroOpcodes / applySpecializedOpcodes (so original
+// cases already exist) but BEFORE applyShuffleOpcodes (so the new alias
+// cases are also shuffled into the handler order).
+export function applyAliasedOpcodes(ast, compiler) {
+  if (!compiler.ALIASED_OPS || Object.keys(compiler.ALIASED_OPS).length === 0) return;
+  let switchStatement = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some(c => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    }
+  });
+  ok(switchStatement, "Could not find @SWITCH statement for aliased opcodes");
+
+  // Build opName → SwitchCase map from existing OP.xxx case tests.
+  const nameToCaseMap = new Map();
+  for (const sc of switchStatement.cases) {
+    const test = sc.test;
+    if (test && t.isMemberExpression(test) && t.isIdentifier(test.object, {
+      name: "OP"
+    }) && t.isIdentifier(test.property)) {
+      nameToCaseMap.set(test.property.name, sc);
+    }
+  }
+  for (const [aliasOpStr, info] of Object.entries(compiler.ALIASED_OPS)) {
+    const aliasOpCode = Number(aliasOpStr);
+    const {
+      originalOp,
+      order
+    } = info;
+    const arity = order.length;
+    const originalName = compiler.OP_NAME[originalOp];
+    if (!originalName) continue;
+    const originalCase = nameToCaseMap.get(originalName);
+    if (!originalCase) continue;
+
+    // Clone the original handler body (deep clone so we don't mutate the source)
+    const bodyStmts = extractCaseBody(originalCase).map(s => t.cloneNode(s, true));
+
+    // Replace this._operand() calls with _operands[i]
+    const replaced = replaceOperandCalls(bodyStmts);
+
+    // If the handler has a different number of _operand() calls than our
+    // recorded arity, skip this alias (variable-operand handler guard).
+    if (replaced !== arity) continue;
+
+    // Build: var _unsortedOperands = [this._operand(), this._operand(), ...]
+    // Reads operands in the NEW (shuffled) bytecode order.
+    const unsortedInit = t.variableDeclaration("let", [t.variableDeclarator(t.identifier("_unsortedOperands"), t.arrayExpression(Array.from({
+      length: arity
+    }, () => t.callExpression(t.memberExpression(t.thisExpression(), t.identifier("_operand")), []))))]);
+
+    // The inverse permutation maps original position j → unsorted index i,
+    // because the bytecode stored originalOperands[order[i]] at slot i.
+    // inverseOrder[j] = i  means: original operand j lives at _unsortedOperands[i]
+    const inverseOrder = new Array(arity);
+    for (let i = 0; i < arity; i++) {
+      inverseOrder[order[i]] = i;
+    }
+
+    // Build: var _operands = [_unsortedOperands[inverseOrder[0]], ...]
+    // Restores the original operand order expected by the handler body.
+    const operandsInit = t.variableDeclaration("let", [t.variableDeclarator(t.identifier("_operands"), t.arrayExpression(inverseOrder.map(idx => t.memberExpression(t.identifier("_unsortedOperands"), t.numericLiteral(idx), true // computed
+    ))))]);
+    const allStmts = [unsortedInit, operandsInit, ...bodyStmts];
+
+    // Add a leading comment for readability in non-minified output
+    t.addComment(allStmts[0], "leading", ` ${compiler.OP_NAME[aliasOpCode]} (order: [${order.join(",")}])`, true);
+    allStmts.push(t.breakStatement());
+    switchStatement.cases.push(t.switchCase(t.numericLiteral(aliasOpCode), [t.blockStatement(allStmts)]));
+  }
+}

package/dist/transforms/runtime/internalVariables.js

@@ -0,0 +1,202 @@
+// Goes through the switch case for defined identifiers on the statement level
+// Example:
+// case OP.LOAD_CONST: {
+//   var dst = this._operand();
+//   frame.regs[dst] = this._constant();
+//   break;
+// }
+// You find "dst" is defined in this scope.
+// You first check the compiler to see if it's already assigned an index in compiler._internals mapping varName=>index
+// If not found, use compiler._internals.globally.size as the new index (when options.randomizeOpcodes is off, when on, choose random between 0 and 65535), and add varName=>index to compiler._internals
+// Then replace the VariableDeclaration to an AssignmentExpression setting left this._internals[index] = init;
+// Then replace all identifiers of "dst" to this._internals[index] as well (Updates references)
+// Final output:
+// case OP.LOAD_CONST: {
+//   this._internals[index] = this._operand();
+//   frame.regs[this._internals[index]] = this._constant();
+//   break;
+// }
+
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { getRandomInt } from "../../utils/random-utils.js";
+import { U16_MAX } from "../../utils/op-utils.js";
+const traverse = traverseImport.default || traverseImport;
+export function makeInternalsAccess(index) {
+  return t.memberExpression(t.memberExpression(t.thisExpression(), t.identifier("_internals")), t.numericLiteral(index), true // computed
+  );
+}
+function collectUsedIndices(compiler) {
+  const used = new Set();
+  for (const v of compiler._internals.globally.values()) used.add(v);
+  for (const opMap of compiler._internals.opcodes.values()) {
+    for (const v of opMap.values()) used.add(v);
+  }
+  return used;
+}
+
+// Assign or look up the _internals slot index for a variable name within a
+// specific opcode handler.
+//
+// _internals.opcodes[currentOpcode] is the source of truth for this opcode.
+// _internals.globally holds the shared pool written on first sight.
+//
+// randomizeOpcodes OFF → always reuse / create in globally, mirror to opcodes.
+// randomizeOpcodes ON  → first time a name is seen: create global slot.
+//                        subsequent opcodes: 50% reuse global, 50% create an
+//                        opcode-specific random slot (NOT written to globally).
+function assignInternalsIndex(name, compiler, currentOpcode) {
+  // Ensure per-opcode map exists
+  let opcodeMap = compiler._internals.opcodes.get(currentOpcode);
+  if (!opcodeMap) {
+    opcodeMap = new Map();
+    compiler._internals.opcodes.set(currentOpcode, opcodeMap);
+  }
+
+  // Already registered for this opcode — return immediately
+  const existing = opcodeMap.get(name);
+  if (existing !== undefined) return existing;
+  const globalIndex = compiler._internals.globally.get(name);
+  let index;
+  if (!compiler.options.randomizeOpcodes) {
+    // Non-random: always share the global sequential slot
+    if (globalIndex === undefined) {
+      index = compiler._internals.globally.size;
+      compiler._internals.globally.set(name, index);
+    } else {
+      index = globalIndex;
+    }
+  } else if (globalIndex === undefined) {
+    // First opcode to declare this variable — establish the global slot
+    const used = collectUsedIndices(compiler);
+    let candidate;
+    do {
+      candidate = getRandomInt(0, U16_MAX);
+    } while (used.has(candidate));
+    index = candidate;
+    compiler._internals.globally.set(name, index);
+  } else {
+    // Already in global: 50% chance to reuse, 50% opcode-specific new slot
+    if (Math.random() < 0.5) {
+      index = globalIndex;
+    } else {
+      const used = collectUsedIndices(compiler);
+      let candidate;
+      do {
+        candidate = getRandomInt(0, U16_MAX);
+      } while (used.has(candidate));
+      index = candidate;
+      // Intentionally NOT written to globally — this slot is opcode-specific
+    }
+  }
+  opcodeMap.set(name, index);
+  return index;
+}
+export function applyInternalVariablesToSwitchCase(node, compiler, currentOpcode) {
+  // Work with the actual body array (block body or flat consequent)
+  let bodyArr;
+  if (node.consequent.length === 1 && t.isBlockStatement(node.consequent[0])) {
+    bodyArr = node.consequent[0].body;
+  } else {
+    bodyArr = node.consequent;
+  }
+
+  // Single traversal: declarations and references handled in one pass.
+  //
+  // Declaration (Identifier is VariableDeclarator.id):
+  //   → register/look-up slot, replace entire VariableDeclaration with
+  //     AssignmentExpression (bare for ForStatement.init, else ExpressionStatement).
+  //
+  // Reference (any other Identifier):
+  //   → look up opcodes[currentOpcode] (source of truth) and replace if found.
+  //     This handles cross-statement refs produced by micro-opcode splitting.
+  const syntheticFile = t.file(t.program(bodyArr));
+  const illegalNames = new Set(); // Nested closure names are skipped
+
+  traverse(syntheticFile, {
+    Identifier(path) {
+      const name = path.node.name;
+      if (illegalNames.has(name)) return;
+
+      // Skip non-computed property names: obj.name
+      if (t.isMemberExpression(path.parent) && !path.parent.computed && path.parent.property === path.node) {
+        return;
+      }
+
+      // Skip non-computed object-property keys: { name: value }
+      if (t.isObjectProperty(path.parent) && !path.parent.computed && path.parent.key === path.node) {
+        return;
+      }
+
+      // Don't descend into nested function scopes
+      if (path.find(p => p.isFunctionDeclaration() || p.isFunctionExpression() || p.isArrowFunctionExpression())) {
+        return;
+      }
+
+      // ── Declaration binding ──────────────────────────────────────────────
+      if (t.isVariableDeclarator(path.parent) && path.parent.id === path.node) {
+        // Verify it's not referenced in nested closure (illegal)
+        const binding = path.scope.getBinding(name);
+        if (binding?.referencePaths.some(rp => rp.findParent(p => p.isFunctionDeclaration() || p.isFunctionExpression() || p.isArrowFunctionExpression()))) {
+          illegalNames.add(name);
+          return;
+        }
+        const index = assignInternalsIndex(name, compiler, currentOpcode);
+        const init = path.parent.init;
+        const assignment = t.assignmentExpression("=", makeInternalsAccess(index), init ?? t.identifier("undefined"));
+
+        // Two levels up: VariableDeclarator → VariableDeclaration
+        const varDeclPath = path.parentPath.parentPath;
+        if (t.isForStatement(varDeclPath.parent) && varDeclPath.parent.init === varDeclPath.node) {
+          // ForStatement.init accepts an Expression directly
+          varDeclPath.replaceWith(assignment);
+        } else {
+          varDeclPath.replaceWith(t.expressionStatement(assignment));
+        }
+        return;
+      }
+
+      // ── Reference ───────────────────────────────────────────────────────
+      // Source of truth for this opcode is its own per-opcode map
+      const opcodeMap = compiler._internals.opcodes.get(currentOpcode);
+      const index = opcodeMap?.get(name);
+      if (index !== undefined) {
+        path.replaceWith(makeInternalsAccess(index));
+        path.skip();
+      }
+    }
+  });
+}
+
+// This takes the AST and finds the runtime switch statement via the leading
+// comment "@SWITCH" then applies the above transformation to each switch case.
+export function applyInteralVariablesToRuntime(ast, compiler) {
+  let switchStatement = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some(c => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    }
+  });
+  ok(switchStatement, "Could not find @SWITCH statement for internal variables");
+  for (const sc of switchStatement.cases) {
+    const test = sc.test;
+    let currentOpcode = null;
+    if (test && t.isMemberExpression(test) && t.isIdentifier(test.object, {
+      name: "OP"
+    }) && t.isIdentifier(test.property)) {
+      // case OP.LOAD_CONST: → resolve via compiler.OP
+      const opName = test.property.name;
+      const val = compiler.OP[opName];
+      if (val !== undefined) currentOpcode = val;
+    } else if (test && t.isNumericLiteral(test)) {
+      // Already a numeric literal (e.g. generated micro-opcode cases)
+      currentOpcode = test.value;
+    }
+    if (currentOpcode === null) continue;
+    applyInternalVariablesToSwitchCase(sc, compiler, currentOpcode);
+  }
+}

package/dist/transforms/runtime/macroOpcodes.js

@@ -17,6 +17,29 @@ function extractCaseBody(switchCase) {
   }
   return stmts.filter(s => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
 }
+export function getOpcodeToCaseMap(switchStatement, compiler) {
+  // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
+  const opcodeToCaseMap = new Map();
+  for (const sc of switchStatement.cases) {
+    const test = sc.test;
+    if (!test) continue;
+    let opcode;
+    let opName;
+    if (t.isMemberExpression(test) && t.isIdentifier(test.object, {
+      name: "OP"
+    }) && t.isIdentifier(test.property)) {
+      opName = test.property.name;
+      opcode = +Object.keys(compiler.OP_NAME).find(key => compiler.OP_NAME[key] == opName);
+    } else if (t.isNumericLiteral(test)) {
+      opcode = test.value;
+    }
+    ok(typeof opcode === "number" && !Number.isNaN(opcode), `Failed to parse ${opcode} from ${opName}`);
+    if (opcode !== undefined) {
+      opcodeToCaseMap.set(opcode, sc);
+    }
+  }
+  return opcodeToCaseMap;
+}
 
 // Append a generated switch case for every entry in compiler.MACRO_OPS.
 // Each case inlines the constituent case bodies directly — no operand stack,
@@ -35,17 +58,7 @@ export function applyMacroOpcodes(ast, compiler) {
     }
   });
   ok(switchStatement, "Could not find @SWITCH statement for macro opcodes");
-
-  // Build a map  opName → SwitchCase  from the existing OP.xxx case tests.
-  const nameToCaseMap = new Map();
-  for (const sc of switchStatement.cases) {
-    const test = sc.test;
-    if (test && t.isMemberExpression(test) && t.isIdentifier(test.object, {
-      name: "OP"
-    }) && t.isIdentifier(test.property)) {
-      nameToCaseMap.set(test.property.name, sc);
-    }
-  }
+  const opcodeToCaseMap = getOpcodeToCaseMap(switchStatement, compiler);
   for (const [macroOpStr, constituentOps] of Object.entries(compiler.MACRO_OPS)) {
     const macroOpCode = Number(macroOpStr);
     const N = constituentOps.length;
@@ -54,20 +67,19 @@ export function applyMacroOpcodes(ast, compiler) {
     const constituentCases = [];
     let allFound = true;
     for (const opVal of constituentOps) {
-      const opName = compiler.OP_NAME[opVal];
-      if (!opName) {
-        allFound = false;
-        break;
-      }
-      const found = nameToCaseMap.get(opName);
+      const found = opcodeToCaseMap.get(opVal);
       if (!found) {
         allFound = false;
         break;
       }
       constituentCases.push(found);
     }
-    if (!allFound) continue;
+    if (!allFound) {
+      throw new Error(`Could not find all constituent ops for macro op ${macroOpCode}`);
+    }
     const opNames = constituentOps.map(v => compiler.OP_NAME[v] ?? `OP_${v}`);
+    let newName = opNames.join(",");
+    compiler.OP_NAME[macroOpCode] = newName;
 
     // ── Build the macro case body ──────────────────────────────────────────
     // Clone and inline each sub-instruction's case body directly.

package/dist/transforms/runtime/microOpcodes.js

@@ -0,0 +1,76 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { applyInternalVariablesToSwitchCase } from "./internalVariables.js";
+const traverse = traverseImport.default || traverseImport;
+
+// Extract the real statement list from a SwitchCase consequent.
+function extractCaseBody(switchCase) {
+  let stmts;
+  if (switchCase.consequent.length === 1 && t.isBlockStatement(switchCase.consequent[0])) {
+    stmts = switchCase.consequent[0].body;
+  } else {
+    stmts = switchCase.consequent;
+  }
+  return stmts.filter(s => !t.isBreakStatement(s) && !t.isEmptyStatement(s));
+}
+
+// Append a generated switch case for every entry in compiler.MICRO_OPS.
+// applyInteralVariablesToRuntime must run before this so that the source
+// case bodies are already using this._internals[index] instead of local vars.
+// Must be called BEFORE applyShuffleOpcodes so the new cases get shuffled.
+export function applyMicroOpcodes(ast, compiler) {
+  if (!compiler.MICRO_OPS || Object.keys(compiler.MICRO_OPS).length === 0) {
+    return;
+  }
+  let switchStatement = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some(c => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    }
+  });
+  ok(switchStatement, "Could not find @SWITCH statement for micro opcodes");
+
+  // Build  opName → SwitchCase  from existing cases.
+  const nameToCaseMap = new Map();
+  for (const sc of switchStatement.cases) {
+    const test = sc.test;
+    if (test && t.isMemberExpression(test) && t.isIdentifier(test.object, {
+      name: "OP"
+    }) && t.isIdentifier(test.property)) {
+      nameToCaseMap.set(test.property.name, sc);
+    }
+  }
+  for (const [microOpStr, info] of Object.entries(compiler.MICRO_OPS)) {
+    const microOpCode = Number(microOpStr);
+    const {
+      originalOp,
+      stmtIndex
+    } = info;
+    const originalName = compiler.OP_NAME[originalOp];
+    if (!originalName) continue;
+    const originalCase = nameToCaseMap.get(originalName);
+    if (!originalCase) continue;
+
+    // Extract and clone all non-break statements from the original case body.
+    const allStmts = extractCaseBody(originalCase);
+    if (stmtIndex >= allStmts.length) continue;
+    const rawStmt = t.cloneNode(allStmts[stmtIndex], true);
+    const newCase = t.switchCase(t.numericLiteral(microOpCode), [t.blockStatement([rawStmt, t.breakStatement()])]);
+
+    // Apply internal-variable substitution — this may replace rawStmt in the
+    // block body (var decl → assignment), so add the comment afterwards on
+    // whatever the first statement of the block actually is.
+    applyInternalVariablesToSwitchCase(newCase, compiler, microOpCode);
+    const blockBody = newCase.consequent[0].body;
+    const firstStmt = blockBody[0];
+    if (firstStmt) {
+      const microName = compiler.OP_NAME[microOpCode] ?? `MICRO_${microOpCode}`;
+      t.addComment(firstStmt, "leading", ` ${microName}`, true);
+    }
+    switchStatement.cases.push(newCase);
+  }
+}

package/dist/transforms/runtime/shuffleOpcodes.js

@@ -1,6 +1,6 @@
 import traverseImport from "@babel/traverse";
 import { ok } from "assert";
-import { shuffle } from "../utils/random-utils.js";
+import { shuffle } from "../../utils/random-utils.js";
 const traverse = traverseImport.default || traverseImport;
 
 // Randomly reorder the switch cases inside the @SWITCH statement so the