js-confuser-vm 0.1.0 → 0.1.2

package/dist/transforms/bytecode/semanticOpcodes.js

@@ -0,0 +1,162 @@
+import { parse } from "@babel/parser";
+import traverseImport from "@babel/traverse";
+import * as t from "@babel/types";
+import { stripTypeScriptTypes } from "module";
+import { choice } from "../../utils/random-utils.js";
+import { SOURCE_NODE_SYM } from "../../compiler.js";
+import { nextFreeSlot } from "../../utils/op-utils.js";
+const traverse = traverseImport.default || traverseImport;
+const SEMANTIC_VARIANTS = {
+  ADD: {
+    matches(expr) {
+      return t.isBinaryExpression(expr, {
+        operator: "+"
+      });
+    },
+    variants: ["{ var dst = this._operand(); var a = regs[base + this._operand()]; var b = regs[base + this._operand()]; regs[base + dst] = -((-a) - b); }", "{ var dst = this._operand(); var a = regs[base + this._operand()]; var b = regs[base + this._operand()]; regs[base + dst] = a - -b; }"]
+  },
+  UNARY_BITNOT: {
+    matches(expr) {
+      return t.isUnaryExpression(expr, {
+        operator: "~"
+      });
+    },
+    variants: ["{ var dst = this._operand(); var a = regs[base + this._operand()]; regs[base + dst] = a ^ -1; }"]
+  },
+  UNARY_NEG: {
+    matches(expr) {
+      return t.isUnaryExpression(expr, {
+        operator: "-"
+      });
+    },
+    variants: ["{ var dst = this._operand(); var a = regs[base + this._operand()]; regs[base + dst] = a * -1; }", "{ var dst = this._operand(); var a = regs[base + this._operand()]; regs[base + dst] = 0 - a; }"]
+  },
+  EQ: {
+    matches(expr) {
+      return t.isBinaryExpression(expr, {
+        operator: "==="
+      });
+    },
+    variants: ["{ var dst = this._operand(); var a = regs[base + this._operand()]; var b = regs[base + this._operand()]; regs[base + dst] = !(a !== b); }"]
+  },
+  LOOSE_EQ: {
+    matches(expr) {
+      return t.isBinaryExpression(expr, {
+        operator: "=="
+      });
+    },
+    variants: ["{ var dst = this._operand(); var a = regs[base + this._operand()]; var b = regs[base + this._operand()]; regs[base + dst] = !(a != b); }"]
+  }
+};
+let cachedDefaultRuntimeAst = null;
+function readDefaultRuntimeFile() {
+  let code;
+  try {
+    code = readFileSync(join(import.meta.dirname, "../../runtime.ts"), "utf-8");
+  } catch {
+    code = readFileSync(join(import.meta.dirname, "../../runtime.js"), "utf-8");
+  }
+  return stripTypeScriptTypes?.(code) || code;
+}
+function getDefaultRuntimeAst() {
+  if (!cachedDefaultRuntimeAst) {
+    cachedDefaultRuntimeAst = parse(readDefaultRuntimeFile(), {
+      sourceType: "unambiguous"
+    });
+  }
+  return cachedDefaultRuntimeAst;
+}
+function getSwitchStatement(ast) {
+  let switchStatement = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some(c => c.value.includes("@SWITCH"))) {
+        switchStatement = path.node;
+        path.stop();
+      }
+    }
+  });
+  if (!switchStatement) {
+    throw new Error("Could not find @SWITCH statement for semantic opcodes");
+  }
+  return switchStatement;
+}
+function extractResultExpression(switchCase) {
+  const consequent = switchCase.consequent.length === 1 && t.isBlockStatement(switchCase.consequent[0]) ? switchCase.consequent[0].body : switchCase.consequent;
+  for (const statement of consequent) {
+    if (t.isExpressionStatement(statement) && t.isAssignmentExpression(statement.expression, {
+      operator: "="
+    })) {
+      return statement.expression.right;
+    }
+  }
+  return null;
+}
+function getEligibleSemanticVariants(compiler) {
+  const eligible = new Map();
+  const switchStatement = getSwitchStatement(getDefaultRuntimeAst());
+  for (const switchCase of switchStatement.cases) {
+    const test = switchCase.test;
+    if (!test || !t.isMemberExpression(test) || !t.isIdentifier(test.object, {
+      name: "OP"
+    }) || !t.isIdentifier(test.property)) {
+      continue;
+    }
+    const opName = test.property.name;
+    const config = SEMANTIC_VARIANTS[opName];
+    if (!config) continue;
+    const expr = extractResultExpression(switchCase);
+    if (!expr || !config.matches(expr)) continue;
+    const opcode = compiler.OP[opName];
+    if (typeof opcode !== "number") continue;
+    eligible.set(opcode, config.variants);
+  }
+  return eligible;
+}
+export function semanticOpcodes(bc, compiler) {
+  const eligibleVariants = getEligibleSemanticVariants(compiler);
+  if (eligibleVariants.size === 0) {
+    return {
+      bytecode: bc
+    };
+  }
+  const semanticOpsByOriginal = new Map();
+  const semanticOps = {};
+  for (const [originalOp, variants] of eligibleVariants) {
+    const originalName = compiler.OP_NAME[originalOp] ?? `OP_${originalOp}`;
+    for (let i = 0; i < variants.length; i++) {
+      const semanticOp = nextFreeSlot(compiler);
+      if (semanticOp === -1) break;
+      semanticOps[semanticOp] = {
+        originalOp,
+        code: variants[i]
+      };
+      compiler.OP_NAME[semanticOp] = `SEMANTIC_${originalName}_${i + 1}`;
+      const existing = semanticOpsByOriginal.get(originalOp) ?? [];
+      existing.push(semanticOp);
+      semanticOpsByOriginal.set(originalOp, existing);
+    }
+  }
+  compiler.SEMANTIC_OPS = semanticOps;
+  if (semanticOpsByOriginal.size === 0) {
+    return {
+      bytecode: bc
+    };
+  }
+  const result = [];
+  for (const instr of bc) {
+    const op = instr[0];
+    const semanticCandidates = typeof op === "number" ? semanticOpsByOriginal.get(op) : undefined;
+    if (!semanticCandidates || semanticCandidates.length === 0) {
+      result.push(instr);
+      continue;
+    }
+    const semanticOp = choice(semanticCandidates);
+    const newInstr = [semanticOp, ...instr.slice(1)];
+    newInstr[SOURCE_NODE_SYM] = instr[SOURCE_NODE_SYM];
+    result.push(newInstr);
+  }
+  return {
+    bytecode: result
+  };
+}

package/dist/transforms/bytecode/specializedOpcodes.js

@@ -14,6 +14,7 @@ export function specializedOpcodes(bc, compiler) {
 
   // ── Step 1: count frequency of eligible (op, operand) pairs ───────────────
   const freqMap = new Map();
+  const instrToOperandKey = new WeakMap();
   for (const instr of bc) {
     const op = instr[0];
     if (op === null || disallowedOps.has(op)) continue;
@@ -24,35 +25,38 @@ export function specializedOpcodes(bc, compiler) {
 
     // Convert numbers into operand objects so they can be modified elsewhere and preserved
     const oldOperands = instr.slice(1);
-    const operands = oldOperands.map(operand => {
+    let operands = [];
+    for (const operand of oldOperands) {
       if (typeof operand === "number") {
-        return {
+        operands.push({
           type: "number",
           value: operand,
           resolvedValue: operand
-        };
+        });
+      } else {
+        operands.push(operand);
       }
-      return operand;
-    });
+    }
     instr.length = 1;
     instr.push(...operands);
     const operandsKey = JSON.stringify(operands);
+    instrToOperandKey.set(instr, operandsKey);
     const key = `${op},${operandsKey}`;
     const entry = freqMap.get(key);
     if (entry) {
-      entry.occurences++;
+      entry.occurrences++;
     } else {
       freqMap.set(key, {
         op,
         operands,
         operandsKey,
-        occurences: 1
+        occurrences: 1
       });
     }
   }
 
   // ── Step 2: keep combinations that appear >= 2 times, sort by frequency ───
-  const candidates = Array.from(freqMap.values()).filter(e => e.occurences >= 1).sort((a, b) => b.occurences - a.occurences);
+  const candidates = Array.from(freqMap.values()).filter(e => e.occurrences >= 1).sort((a, b) => b.occurrences - a.occurrences).slice(0, 1000);
   if (candidates.length === 0) return {
     bytecode: bc
   };
@@ -60,14 +64,17 @@ export function specializedOpcodes(bc, compiler) {
   // ── Step 3: assign free opcode slots to the best candidates ───────────────
   const sigToSpecial = new Map();
   const specializedOps = {};
-  for (let i = 0; i < candidates.length; i++) {
+  let opCounts = {};
+  for (const candidate of candidates) {
+    if (opCounts[candidate.op] > 3) continue;
+    opCounts[candidate.op] = (opCounts[candidate.op] || 0) + 1;
     const specialOp = nextFreeSlot(compiler);
     if (specialOp === -1) break;
     const {
       op: originalOp,
       operands,
       operandsKey
-    } = candidates[i];
+    } = candidate;
     const key = `${originalOp},${operandsKey}`;
     sigToSpecial.set(key, specialOp);
     specializedOps[specialOp] = {
@@ -77,7 +84,7 @@ export function specializedOpcodes(bc, compiler) {
 
     // Register a human-readable name for disassembly / debugging
     const originalName = compiler.OP_NAME[originalOp] ?? `OP_${originalOp}`;
-    compiler.OP_NAME[specialOp] = `${originalName}_${JSON.stringify(operandsKey)}`;
+    compiler.OP_NAME[specialOp] = `${originalName}_${operandsKey}`;
   }
 
   // Store mapping so the interpreter knows how to dispatch the specialized op
@@ -93,7 +100,11 @@ export function specializedOpcodes(bc, compiler) {
       continue;
     }
     const operands = instr.slice(1);
-    const operandsKey = JSON.stringify(operands);
+    const operandsKey = instrToOperandKey.get(instr);
+    if (!operandsKey) {
+      result.push(instr);
+      continue;
+    }
     const key = `${op},${operandsKey}`;
     const specialOpCode = sigToSpecial.get(key);
     if (!specialOpCode) {

package/dist/transforms/bytecode/stringConcealing.js

@@ -0,0 +1,288 @@
+// String Concealing
+//
+// Replaces every string constant with a slice into a single shared "string
+// bank" that is decoded at runtime with a position-dependent keystream cipher.
+//
+// ── Why a bank ───────────────────────────────────────────────────────────────
+// Previously each string was its own encoded constant, so the encoded length
+// leaked the plaintext length (an attacker could map by length + frequency).
+// Here every string is concatenated into ONE opaque blob padded with random
+// decoy bytes, so individual boundaries and lengths are no longer visible from
+// static inspection of the constant pool.
+//
+//   bank = [100‑250 decoys] str0 [0‑5 decoys] str1 [0‑5 decoys] … [100‑250 decoys]
+//
+// Each original string is referenced by the triple (key, start, length).
+//
+// ── Cipher ───────────────────────────────────────────────────────────────────
+// A Weyl-sequence keystream (golden-ratio increment + xorshift mix) produces a
+// fresh 16-bit keyword per character, XOR'd against the char code:
+//
+//   key = (key + 0x9e3779b9) | 0          // 32-bit Weyl step
+//   ks  = (key ^ (key >>> 13)) & 0xffff   // 16-bit keystream word
+//   enc = charCode ^ ks                   // XOR (self-inverse)
+//
+// XOR over the full 16-bit range means EVERY UTF-16 code unit round-trips,
+// including control characters, newlines and non-ASCII / astral text. The
+// per-string key is a full 32-bit seed (2^32 keyspace) so the encoding is not
+// trivially enumerable.
+//
+// ── Transport / storage ──────────────────────────────────────────────────────
+// The encoded bank is full-range u16, which would serialise as a wall of CJK /
+// control glyphs. Instead it is packed as u16-LE bytes and base64-encoded, so
+// the stored constant is pure ASCII (and smaller on disk than the raw glyphs).
+//
+// ── Runtime shape — PROGRAM-LEVEL bank ───────────────────────────────────────
+// The bank is inflated EXACTLY ONCE, in the program's main scope, into a plain
+// main-scope register (NOT a global — nothing is written to globalThis). That
+// register is shared with the functions that need it through the VM's ordinary
+// upvalue mechanism: an extra upvalue is threaded down the closure-creation tree
+// to every string-using function and its ancestors. Each string-using function
+// reads the already-inflated bank from that upvalue and passes it to a small
+// per-function `decode` closure (decode itself is function-level — cheap):
+//
+//   main:               MAKE_CLOSURE rInflate
+//                       LOAD_CONST   rB64, <base64 bank>
+//                       CALL         rBankMain, rInflate, 1, rB64   (once)
+//   string-using fn:    LOAD_UPVALUE rBank, <threaded idx>
+//                       MAKE_CLOSURE rDecode
+//   per site:           LOAD_INT     rKey/rStart/rLen
+//                       CALL         rDst, rDecode, 4, rBank, rKey, rStart, rLen
+//
+// ── Pipeline position ─────────────────────────────────────────────────────────
+// Runs BEFORE resolveRegisters and resolveLabels (same slot as Dispatcher/CFF),
+// and FIRST among the bytecode passes so each FnDescriptor.upvalues count is
+// still pristine (used to pick the threaded upvalue index).
+
+import { Template } from "../../template.js";
+import * as b from "../../types.js";
+import { ref, buildMaxIdMap, allocReg, forEachFunction } from "../../utils/pass-utils.js";
+import { getRandomInt } from "../../utils/random-utils.js";
+import { U32_MAX } from "../../utils/op-utils.js";
+
+// ── Cipher ────────────────────────────────────────────────────────────────────
+// Encode mirrors the runtime decode EXACTLY (see the decode template). XOR is
+// self-inverse. `key` must be the raw (unmasked) seed emitted as the LOAD_INT
+// operand, so both sides begin the Weyl sequence from the same integer.
+function xorEncode(str, key) {
+  let k = key;
+  let out = "";
+  for (let i = 0; i < str.length; i++) {
+    k = k + 0x9e3779b9 | 0;
+    const ks = (k ^ k >>> 13) & 0xffff;
+    out += String.fromCharCode(str.charCodeAt(i) ^ ks);
+  }
+  return out;
+}
+
+// Random decoy run, full 16-bit range so decoys look like encoded payload.
+function decoyRun(count) {
+  let out = "";
+  for (let i = 0; i < count; i++) out += String.fromCharCode(getRandomInt(0, 0xffff));
+  return out;
+}
+
+// Pack the u16 bank as little-endian bytes and base64-encode (ASCII, compact).
+// Mirrored at runtime by the inflate template: byte[2i] = low, byte[2i+1] = high.
+function bankToBase64(bank) {
+  const bytes = new Uint8Array(bank.length * 2);
+  for (let i = 0; i < bank.length; i++) {
+    const c = bank.charCodeAt(i);
+    bytes[i * 2] = c & 0xff;
+    bytes[i * 2 + 1] = c >> 8 & 0xff;
+  }
+  return Buffer.from(bytes).toString("base64");
+}
+function buildBank(strings) {
+  const parts = [];
+  const table = new Map();
+  let pos = 0;
+  const lead = decoyRun(getRandomInt(100, 250)); // leading decoys
+  parts.push(lead);
+  pos += lead.length;
+  for (const str of strings) {
+    const gap = decoyRun(getRandomInt(0, 5)); // 0‑5 decoys between strings
+    parts.push(gap);
+    pos += gap.length;
+    const key = getRandomInt(1, U32_MAX);
+    const encoded = xorEncode(str, key);
+    table.set(str, {
+      key,
+      start: pos,
+      length: str.length
+    });
+    parts.push(encoded);
+    pos += encoded.length;
+  }
+  parts.push(decoyRun(getRandomInt(100, 250))); // trailing decoys
+  return {
+    bank: parts.join(""),
+    table
+  };
+}
+function isStringLoadConst(instr, OP) {
+  return instr[0] === OP.LOAD_CONST && instr.length === 3 && instr[2]?.type === "constant" && typeof instr[2].value === "string";
+}
+
+// ── Pass entry point ──────────────────────────────────────────────────────────
+export function stringConcealing(bc, compiler) {
+  const OP = compiler.OP;
+  const mainId = compiler.mainFn._fnIdx;
+  const entryLabelToFnId = new Map(compiler.fnDescriptors.map(d => [d.entryLabel, d._fnIdx]));
+  const entryLabels = new Set(entryLabelToFnId.keys());
+
+  // ── Prescan: collect strings + closure-creation graph ───────────────────────
+  // directUser  — functions that contain a string LOAD_CONST.
+  // parentOf    — childFnId → creating (lexical parent) fnId.
+  const strings = new Set();
+  const directUser = new Set();
+  const parentOf = new Map();
+  let curFn = -1;
+  for (const instr of bc) {
+    if (instr[0] === null && instr[1]?.type === "defineLabel" && entryLabels.has(instr[1].label)) {
+      curFn = entryLabelToFnId.get(instr[1].label);
+      continue;
+    }
+    if (curFn < 0) continue;
+    if (isStringLoadConst(instr, OP)) {
+      strings.add(instr[2].value);
+      directUser.add(curFn);
+    } else if (instr[0] === OP.MAKE_CLOSURE) {
+      const childId = entryLabelToFnId.get(instr[2]?.label);
+      if (childId !== undefined) parentOf.set(childId, curFn);
+    }
+  }
+  if (strings.size === 0) return {
+    bytecode: bc
+  };
+
+  // ── needSet = string users ∪ all their ancestors (so the upvalue can be
+  // threaded down to them). Walking each user to the root adds every ancestor. ──
+  const needSet = new Set();
+  for (const u of directUser) {
+    let p = u;
+    while (p !== undefined && !needSet.has(p)) {
+      needSet.add(p);
+      p = parentOf.get(p);
+    }
+  }
+
+  // Threaded upvalue index per function = its ORIGINAL upvalue count (appended
+  // last). main holds the bank as a local, so it has no threaded index.
+  const bankUvIndex = new Map();
+  for (const f of needSet) {
+    if (f === mainId) continue;
+    bankUvIndex.set(f, compiler.fnDescriptors[f]?.upvalues?.length ?? 0);
+  }
+  const maxId = buildMaxIdMap(bc);
+  const rBankMain = allocReg(mainId, maxId); // program-level inflated bank
+  const {
+    bank,
+    table
+  } = buildBank(strings);
+  const bankB64 = bankToBase64(bank);
+
+  // Helper closures, compiled once and shared by reference.
+  //   inflate(b64)                  → reconstruct the u16 bank from base64
+  //   decode(bank, key, start, len) → slice + keystream-decrypt one string
+  const helpers = new Template(`
+    function inflate(s) {
+      var bytes = atob(s);
+      var out = "";
+      for (var i = 0; i < bytes["length"]; i += 2) {
+        out += String["fromCharCode"](
+          bytes["charCodeAt"](i) | (bytes["charCodeAt"](i + 1) << 8)
+        );
+      }
+      return out;
+    }
+    function decode(bank, key, start, length) {
+      var result = "";
+      for (var i = 0; i < length; i++) {
+        key = (key + 0x9e3779b9) | 0;
+        var ks = (key ^ (key >>> 13)) & 0xffff;
+        result += String["fromCharCode"](bank["charCodeAt"](start + i) ^ ks);
+      }
+      return result;
+    }
+  `).compile({}, compiler);
+  const [inflateDesc, decodeDesc] = helpers.functions;
+  const mkClosure = (dst, desc, params) => [OP.MAKE_CLOSURE, ref(dst), {
+    type: "label",
+    label: desc.entryLabel
+  }, params, b.fnRegCountOperand(desc._fnIdx), 0,
+  // upvalue count
+  0 // hasRest
+  ];
+  const {
+    bytecode
+  } = forEachFunction(bc, compiler, (fnInstrs, fnId) => {
+    if (!needSet.has(fnId)) return {
+      instrs: fnInstrs
+    };
+    const isMain = fnId === mainId;
+    const usesStrings = directUser.has(fnId);
+
+    // Bank source for closures created in THIS frame: main captures its local,
+    // every other frame inherits its own threaded upvalue.
+    const childUpvalue = isMain ? [1, ref(rBankMain)] : [0, bankUvIndex.get(fnId)];
+    const prologue = [];
+    let rBank = null;
+    let rDecode = null;
+    let rKey, rStart, rLen;
+    if (isMain) {
+      const rInflate = allocReg(fnId, maxId);
+      const rB64 = allocReg(fnId, maxId);
+      prologue.push(mkClosure(rInflate, inflateDesc, 1));
+      prologue.push([OP.LOAD_CONST, ref(rB64), b.constantOperand(bankB64)]);
+      prologue.push([OP.CALL, ref(rBankMain), ref(rInflate), 1, ref(rB64)]);
+      rBank = rBankMain;
+    } else if (usesStrings) {
+      rBank = allocReg(fnId, maxId);
+      prologue.push([OP.LOAD_UPVALUE, ref(rBank), bankUvIndex.get(fnId)]);
+    }
+    if (usesStrings) {
+      rDecode = allocReg(fnId, maxId);
+      prologue.push(mkClosure(rDecode, decodeDesc, 4));
+      rKey = allocReg(fnId, maxId);
+      rStart = allocReg(fnId, maxId);
+      rLen = allocReg(fnId, maxId);
+    }
+    const out = [...prologue];
+    for (const instr of fnInstrs) {
+      // Thread the bank upvalue into every closure this frame creates that
+      // needs it (string users + ancestors).
+      if (instr[0] === OP.MAKE_CLOSURE) {
+        const childId = entryLabelToFnId.get(instr[2]?.label);
+        if (childId !== undefined && needSet.has(childId)) {
+          instr[5] = instr[5] + 1; // bump uvCount
+          instr.push(childUpvalue[0], childUpvalue[1]);
+        }
+        out.push(instr);
+        continue;
+      }
+      if (usesStrings && isStringLoadConst(instr, OP)) {
+        const dst = instr[1];
+        const entry = table.get(instr[2].value);
+        out.push([OP.LOAD_INT, ref(rKey), entry.key]);
+        out.push([OP.LOAD_INT, ref(rStart), entry.start]);
+        out.push([OP.LOAD_INT, ref(rLen), entry.length]);
+        out.push([OP.CALL, ref(dst), ref(rDecode), 4, ref(rBank), ref(rKey), ref(rStart), ref(rLen)]);
+        continue;
+      }
+      out.push(instr);
+    }
+    return {
+      instrs: out
+    };
+  });
+
+  // Append the helper functions' bytecode (defines their entryLabels).
+  bytecode.push(...helpers.bytecode);
+  return {
+    bytecode
+  };
+}
+
+// [isLocal flag, upvalue source] — RegisterOperand when capturing a local,
+// plain number when inheriting a parent upvalue.

package/dist/transforms/runtime/classObfuscation.js

@@ -0,0 +1,43 @@
+import * as t from "@babel/types";
+import { shuffle } from "../../utils/random-utils.js";
+function hasComment(node, text) {
+  const all = [...(node.leadingComments ?? []), ...(node.innerComments ?? []), ...(node.trailingComments ?? [])];
+  return all.some(c => c.value.includes(text));
+}
+function isPrototypeAssignment(stmt) {
+  if (!t.isExpressionStatement(stmt)) return false;
+  const expr = stmt.expression;
+  if (!t.isAssignmentExpression(expr)) return false;
+  const left = expr.left;
+  return t.isMemberExpression(left) && t.isMemberExpression(left.object) && t.isIdentifier(left.object.property, {
+    name: "prototype"
+  });
+}
+export function applyClassObfuscation(ast, _compiler) {
+  const body = ast.program.body;
+
+  // Split at the first statement that carries the @BOOT comment.
+  // Everything from that statement onward is the boot section and must stay last.
+  let bootIdx = body.findIndex(stmt => hasComment(stmt, "@BOOT"));
+  if (bootIdx === -1) bootIdx = body.length;
+  const shufflable = body.slice(0, bootIdx);
+  const boot = body.slice(bootIdx);
+
+  // Partition the shufflable section into two independent groups.
+  // Group A: variable/function declarations (constructors, standalone vars).
+  // Group B: prototype method assignments (X.prototype.Y = ...).
+  // Both groups are shuffled independently; A always precedes B so that
+  // constructors are defined before methods reference them.
+  const varDecls = [];
+  const methodDefs = [];
+  for (const stmt of shufflable) {
+    if (isPrototypeAssignment(stmt)) {
+      methodDefs.push(stmt);
+    } else {
+      varDecls.push(stmt);
+    }
+  }
+  shuffle(varDecls);
+  shuffle(methodDefs);
+  ast.program.body = [...varDecls, ...methodDefs, ...boot];
+}

package/dist/transforms/runtime/handlerTable.js

@@ -0,0 +1,91 @@
+import * as t from "@babel/types";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { parse } from "@babel/parser";
+const traverse = traverseImport.default || traverseImport;
+
+// Converts the switch-case dispatch into a handler table:
+//
+// Before (in .run):
+//   switch(op) { case OP.ADD: { ... break; } default: { ... } }
+//
+// After (in .init):
+//   this[OP.ADD] = function(){ ... }
+//   this["default"] = function(){ ... }
+//
+// After (in .run, replacing the switch):
+//   if(!this[op]) this["default"]();
+//   else this[op]();
+//
+export function applyHandlerTable(ast) {
+  // 1. Find the @SWITCH statement
+  let switchPath = null;
+  traverse(ast, {
+    SwitchStatement(path) {
+      if (path.node.leadingComments?.some(c => c.value.includes("@SWITCH"))) {
+        switchPath = path;
+        path.stop();
+      }
+    }
+  });
+  ok(switchPath, "Could not find opcode handlers switch statement");
+  const switchNode = switchPath.node;
+  const discriminant = switchNode.discriminant; // `op`
+
+  // 2. Find the @INIT method
+  let initPath = null;
+  traverse(ast, {
+    BlockStatement(path) {
+      if (path.node.innerComments?.some(c => c.value.includes("@INIT"))) {
+        initPath = path;
+        path.stop();
+      }
+    }
+  });
+  ok(initPath, "Could not find @INIT method");
+  const initFn = initPath.parentPath;
+
+  // 3. Build handler assignments for each case
+  const handlerAssignments = [];
+  for (const switchCase of switchNode.cases) {
+    // Strip trailing `break` from body
+    let body = [...switchCase.consequent];
+    if (body.length === 1 && t.isBlockStatement(body[0])) {
+      body = body[0].body;
+    }
+    if (body.length > 0 && t.isBreakStatement(body[body.length - 1])) {
+      body.pop();
+    }
+    body.unshift(...parse("var frame = this._currentFrame; var base = frame._base; var pc = frame._pc - 1; var regs = this._regs; ").program.body);
+    const block = t.blockStatement(body);
+    traverse(block, {
+      noScope: true,
+      ThisExpression(path) {
+        path.replaceWith(t.identifier("_this"));
+      },
+      Function(path) {
+        path.skip();
+      }
+    });
+
+    // Key: the case test, or "default" for the default case
+    const key = switchCase.test ? switchCase.test : t.stringLiteral("default");
+
+    // this[key] = function(){ ...body }
+    const handlerFn = t.functionExpression(null, [], block);
+    const assignment = t.expressionStatement(t.assignmentExpression("=", t.memberExpression(t.thisExpression(), key, true), handlerFn));
+    handlerAssignments.push(assignment);
+  }
+
+  // 4. Inject handler assignments into the @INIT body
+  initPath.node.body = handlerAssignments;
+
+  // 5. Replace the switch statement with handler dispatch:
+  //    if(!this[op]) this["default"]();
+  //    else this[op]();
+  const thisLookup = t.memberExpression(t.thisExpression(), discriminant, true);
+  const defaultCall = t.expressionStatement(t.callExpression(t.memberExpression(t.thisExpression(), t.stringLiteral("default"), true), []));
+  const handlerCall = t.expressionStatement(t.callExpression(thisLookup, []));
+  const dispatch = t.ifStatement(t.unaryExpression("!", thisLookup), t.blockStatement([defaultCall]), t.blockStatement([handlerCall]));
+  switchPath.replaceWith(dispatch);
+}