js-confuser-vm 0.1.0 → 0.1.2

package/dist/template.js

@@ -5,13 +5,13 @@
 //
 // ── Usage ─────────────────────────────────────────────────────────────────────
 //
-//   const tmpl = new Template(`
+//   const template = new Template(`
 //     function {name}(x, y) {
 //       return x + y;
 //     }
 //   `);
 //
-//   const bc = tmpl.compile({ name: "myHelper" }, parentCompiler);
+//   const bc = template.compile({ name: "myHelper" }, parentCompiler);
 //   result.push(...bc);
 //
 // ── How it works ──────────────────────────────────────────────────────────────
@@ -45,7 +45,7 @@
 // • Opcodes with no JS equivalent (JUMP_REG, BXOR used as decode, etc.) cannot
 //   be expressed in a template; write those instruction arrays manually.
 
-import { Compiler } from "./compiler.js";
+import { Compiler, SOURCE_NODE_SYM } from "./compiler.js";
 import { DEFAULT_OPTIONS } from "./options.js";
 export class Template {
   constructor(source) {
@@ -62,6 +62,67 @@ export class Template {
     });
   }
 
+  // ── Shared child-compiler setup ───────────────────────────────────────────
+  // Creates a child Compiler that inherits the parent's OP table and label
+  // counter, shares fnDescriptors (so inner functions auto-register), then
+  // compiles `code` to raw IR.  Returns startIdx so callers can slice out
+  // the descriptors that belong to this template invocation.
+  _setupChild(code, parentCompiler) {
+    const child = new Compiler({
+      ...DEFAULT_OPTIONS,
+      randomizeOpcodes: false
+    });
+    child.OP = {
+      ...parentCompiler.OP
+    };
+    child.OP_NAME = {
+      ...parentCompiler.OP_NAME
+    };
+    child.JUMP_OPS = new Set(parentCompiler.JUMP_OPS);
+    child.SENTINELS = {
+      ...parentCompiler.SENTINELS
+    };
+    child._makeLabel = parentCompiler._makeLabel.bind(parentCompiler);
+    const startIdx = parentCompiler.fnDescriptors.length;
+    child.fnDescriptors = parentCompiler.fnDescriptors;
+    child.compile(code);
+    return {
+      startIdx
+    };
+  }
+
+  // ── Inner-function bytecode collection ───────────────────────────────────
+  // Gathers the descriptors for functions declared inside the template (all
+  // entries after startIdx in fnDescriptors), assembles their defineLabel +
+  // body into a flat bytecode array, and strips template source locations so
+  // they never leak into the parent's debug output.
+  _collectInnerFunctions(parentCompiler, startIdx) {
+    const innerFns = parentCompiler.fnDescriptors.slice(startIdx + 1);
+    const innerBytecode = [];
+    for (const desc of innerFns) {
+      innerBytecode.push([null, {
+        type: "defineLabel",
+        label: desc.entryLabel
+      }]);
+      for (const instr of desc.bytecode) {
+        innerBytecode.push(instr);
+      }
+    }
+    this._stripSourceNodes(innerBytecode);
+    return {
+      innerFns,
+      innerBytecode
+    };
+  }
+
+  // ── Source-location stripping ─────────────────────────────────────────────
+  // Removes the SOURCE_NODE_SYM symbol from every instruction so that template-
+  // internal line numbers (which point into the template string, not the user's
+  // source) never appear in the bytecode comment block.
+  _stripSourceNodes(bytecode) {
+    for (const instr of bytecode) delete instr[SOURCE_NODE_SYM];
+  }
+
   // ── Main entry point ───────────────────────────────────────────────────────
   /**
    * Compile the template and return the inner (non-main) function descriptors
@@ -90,53 +151,113 @@ export class Template {
    *                template's main-scope instructions.
    */
   compile(variables, parentCompiler) {
-    // ── 1. Interpolate ────────────────────────────────────────────────────
     const code = this._interpolate(variables);
-
-    // ── 2. Create child compiler, inherit parent's OP table ───────────────
-    // randomizeOpcodes is disabled — we copy the parent's already-randomized
-    // mapping directly so all opcode numbers are identical.
-    const child = new Compiler({
-      ...DEFAULT_OPTIONS,
-      randomizeOpcodes: false
-    });
-    child.OP = {
-      ...parentCompiler.OP
-    };
-    child.OP_NAME = {
-      ...parentCompiler.OP_NAME
+    const {
+      startIdx
+    } = this._setupChild(code, parentCompiler);
+    const {
+      innerFns,
+      innerBytecode
+    } = this._collectInnerFunctions(parentCompiler, startIdx);
+    return {
+      functions: innerFns,
+      bytecode: innerBytecode
     };
-    child.JUMP_OPS = new Set(parentCompiler.JUMP_OPS);
-    child._makeLabel = parentCompiler._makeLabel.bind(parentCompiler);
+  }
 
-    // Record how many descriptors the parent already has so we can find the
-    // child's main (index = startIdx) and inner functions (startIdx+1 …).
-    const startIdx = parentCompiler.fnDescriptors.length;
-    child.fnDescriptors = parentCompiler.fnDescriptors; // share — inner functions auto-register
+  // ── Inline compilation ───────────────────────────────────────────────────
+  /**
+   * Compile the template and return the **main scope** bytecode, with all
+   * register operands remapped to belong to `targetFnId`.  This allows
+   * bytecode transforms to express high-level JS control flow (while-loops,
+   * if-chains, variable declarations) via Template and splice the result
+   * directly into an existing function's instruction stream.
+   *
+   * The implicit trailing RETURN added by _compileFunctionDecl is stripped —
+   * inline code should flow into the surrounding bytecode, not return.
+   *
+   * @param variables       Substitution map for {name} placeholders.
+   * @param parentCompiler  The Compiler whose OP table, label counter, and
+   *                        fnDescriptors are shared.
+   * @param targetFnId      The function whose register file the template's
+   *                        registers should be remapped into.
+   * @param maxId           Live map of max register id per fnId — updated
+   *                        in-place as new registers are allocated.
+   *
+   * @returns
+   *   bytecode   — main-scope IR (no entry defineLabel, no trailing RETURN),
+   *                ready to splice into the target function's instruction stream.
+   *   registers  — mapping of JS variable names → remapped RegisterOperands,
+   *                so the caller can reference template-declared variables
+   *                (e.g. the `state` variable in CFF).
+   *   functions  — inner function descriptors (same as compile()).
+   *   innerBytecode — inner function bytecode blocks (same as compile()).
+   */
+  compileInline(variables, parentCompiler, targetFnId, maxId) {
+    const code = this._interpolate(variables);
+    const {
+      startIdx
+    } = this._setupChild(code, parentCompiler);
+    const mainDesc = parentCompiler.fnDescriptors[startIdx];
+    const mainFnId = mainDesc._fnIdx;
+    const mainBc = mainDesc.bytecode;
 
-    // ── 3. Compile to raw IR (no passes) ──────────────────────────────────
-    child.compile(code);
+    // ── Remap registers from the template's main fnId → targetFnId ────────
+    // Build a mapping: old register id → new RegisterOperand in targetFnId.
+    const regRemap = new Map();
+    const remapReg = id => {
+      if (!regRemap.has(id)) {
+        const next = (maxId.get(targetFnId) ?? -1) + 1;
+        maxId.set(targetFnId, next);
+        regRemap.set(id, {
+          type: "register",
+          id: next,
+          fnId: targetFnId
+        });
+      }
+      return regRemap.get(id);
+    };
+    for (const instr of mainBc) {
+      for (let j = 1; j < instr.length; j++) {
+        const op = instr[j];
+        if (op && typeof op === "object" && op.type === "register" && op.fnId === mainFnId) {
+          const mapped = remapReg(op.id);
+          op.id = mapped.id;
+          op.fnId = mapped.fnId;
+        }
+      }
+    }
 
-    // parentCompiler.fnDescriptors[startIdx]   → child's main (discard)
-    // parentCompiler.fnDescriptors[startIdx+1…] → inner helper functions
-    const innerDescs = parentCompiler.fnDescriptors.slice(startIdx + 1);
+    // ── Build variable name → remapped register mapping ───────────────────
+    const registers = new Map();
+    const locals = mainDesc.ctx.scope._locals;
+    for (const [name, reg] of locals) {
+      const mapped = regRemap.get(reg.id);
+      if (mapped) registers.set(name, mapped);
+    }
 
-    // Build bytecode blocks for inner functions only.
-    // child.bytecode was assembled by _compileMain from ALL fnDescriptors
-    // starting at startIdx.  We rebuild it here from the inner descs only.
-    const innerBytecode = [];
-    for (const desc of innerDescs) {
-      innerBytecode.push([null, {
-        type: "defineLabel",
-        label: desc.entryLabel
-      }]);
-      for (const instr of desc.bytecode) {
-        innerBytecode.push(instr);
-      }
+    // ── Strip entry defineLabel and trailing implicit RETURN ───────────────
+    let bytecode = mainBc.filter(instr => {
+      const op0 = instr[1];
+      return !(instr[0] === null && op0?.type === "defineLabel" && op0.label === mainDesc.entryLabel);
+    });
+
+    // Remove trailing LOAD_CONST undefined + RETURN (implicit return added
+    // by _compileFunctionDecl).
+    const OP = parentCompiler.OP;
+    if (bytecode.length >= 2 && bytecode[bytecode.length - 1][0] === OP.RETURN && bytecode[bytecode.length - 2][0] === OP.LOAD_CONST) {
+      bytecode = bytecode.slice(0, -2);
     }
+    this._stripSourceNodes(bytecode);
+    const {
+      innerFns,
+      innerBytecode
+    } = this._collectInnerFunctions(parentCompiler, startIdx);
     return {
-      functions: innerDescs,
-      bytecode: innerBytecode
+      bytecode,
+      registers,
+      functions: innerFns,
+      innerBytecode
     };
   }
 }

package/dist/transforms/bytecode/aliasedOpcodes.js

@@ -1,4 +1,4 @@
-import { SOURCE_NODE_SYM } from "../../compiler.js";
+import { OP_ORIGINAL, SOURCE_NODE_SYM } from "../../compiler.js";
 import { nextFreeSlot } from "../../utils/op-utils.js";
 import { shuffle } from "../../utils/random-utils.js";
 
@@ -41,6 +41,9 @@ export function aliasedOpcodes(bc, compiler) {
     const arity = instr.length - 1;
     if (arity < 1) continue; // 0-operand opcodes have nothing to permute
 
+    const opName = compiler.OP_NAME[op];
+    if (!OP_ORIGINAL[opName]) continue; // only consider original ops, not already-specialized ones
+
     const existing = opStats.get(op);
     if (!existing) {
       opStats.set(op, {

package/dist/transforms/bytecode/concealConstants.js

@@ -2,8 +2,8 @@ export function concealConstants(bytecode, compiler) {
   const newBytecode = [];
   for (const instr of bytecode) {
     const [op, ...operands] = instr;
-    const hasContant = operands.some(o => o !== undefined && o !== null && typeof o === "object" && o.type === "constant");
-    if (!hasContant) {
+    const hasConstant = operands.some(o => o !== undefined && o !== null && typeof o === "object" && o.type === "constant");
+    if (!hasConstant) {
       newBytecode.push(instr);
       continue;
     }