/js/src/frontend/BytecodeEmitter.cpp and 4 more files have been updated (d7685b70)

[github-actions[bot]]

Files

• /js/src/frontend/BytecodeEmitter.cpp
• /js/src/frontend/BytecodeEmitter.h
• /js/src/frontend/NameOpEmitter.cpp
• /js/src/vm/BytecodeUtil.cpp
• /js/src/vm/Opcodes.h

Changesets

• Bug 1620036 - Remove LazyScript references from JS frontend. r=djvj
  https://hg.mozilla.org/mozilla-central/rev/d7685b7062706f451a7277581f0b0b14542b1a1e
• Bug 1619932 - Simplify JSOp::CheckLexical and remove JSOp::CheckAliasedLexical. r=arai
  https://hg.mozilla.org/mozilla-central/rev/e00eb4d3b3b06b232434ac50e6aedccb09b07c42
• Bug 1620150 - Merge ThrowSet{Const, AliasedConst, Callee} bytecode ops. r=arai
  https://hg.mozilla.org/mozilla-central/rev/ba8de6a4229732265c447e22e63d2cddd6f772fe
• Bug 1620036 - Remove LazyScript references from script-iterator API. r=djvj
  https://hg.mozilla.org/mozilla-central/rev/72975d0d8292a67ab6d44f7ae390b345d131e930
• Bug 1620036 - Add BaseScript::asJSScript() instead of static_casts. r=djvj
  https://hg.mozilla.org/mozilla-central/rev/2fec64fbdce6b27ed887a24a2529a254c4c0dc40

Diffs

/js/src/frontend/BytecodeEmitter.cpp

--- fb37eb89401b9a06046d72fa6f48193570ec49a4/js/src/frontend/BytecodeEmitter.cpp
+++ d7685b7062706f451a7277581f0b0b14542b1a1e/js/src/frontend/BytecodeEmitter.cpp
@@ -57,19 +57,19 @@
 #include "frontend/WhileEmitter.h"   // WhileEmitter
 #include "js/CompileOptions.h"       // TransitiveCompileOptions, CompileOptions
 #include "vm/AsyncFunction.h"        // AsyncFunctionResolveKind
 #include "vm/BytecodeUtil.h"  // IsArgOp, IsLocalOp, SET_UINT24, SET_ICINDEX, BytecodeFallsThrough, BytecodeIsJumpTarget
 #include "vm/GeneratorObject.h"  // AbstractGeneratorObject
 #include "vm/JSAtom.h"           // JSAtom, js_*_str
 #include "vm/JSContext.h"        // JSContext
 #include "vm/JSFunction.h"       // FunctionPrefixKind, JSFunction,
-#include "vm/JSScript.h"  // JSScript, ScopeNote, ScriptSourceObject, FieldInitializers, JSScript, LazyScript
-#include "vm/Opcodes.h"   // JSOp, JSOpLength_*
-#include "wasm/AsmJS.h"   // IsAsmJSModule
+#include "vm/JSScript.h"  // JSScript, ScopeNote, ScriptSourceObject, FieldInitializers, BaseScript
+#include "vm/Opcodes.h"  // JSOp, JSOpLength_*
+#include "wasm/AsmJS.h"  // IsAsmJSModule

 #include "vm/JSObject-inl.h"  // JSObject

 using namespace js;
 using namespace js::frontend;

 using mozilla::ArrayLength;
 using mozilla::AssertedCast;
@@ -92,17 +92,17 @@ static bool ParseNodeRequiresSpecialLine

   ParseNodeKind kind = pn->getKind();
   return kind == ParseNodeKind::WhileStmt || kind == ParseNodeKind::ForStmt ||
          kind == ParseNodeKind::Function;
 }

 BytecodeEmitter::BytecodeEmitter(
     BytecodeEmitter* parent, SharedContext* sc, HandleScript script,
-    Handle<LazyScript*> lazyScript, uint32_t line, uint32_t column,
+    Handle<BaseScript*> lazyScript, uint32_t line, uint32_t column,
     CompilationInfo& compilationInfo, EmitterMode emitterMode,
     FieldInitializers fieldInitializers /* = FieldInitializers::Invalid() */)
     : sc(sc),
       cx(sc->cx_),
       parent(parent),
       script(cx, script),
       lazyScript(cx, lazyScript),
       bytecodeSection_(cx, line),
@@ -117,28 +117,28 @@ BytecodeEmitter::BytecodeEmitter(
   if (IsTypeInferenceEnabled() && sc->isFunctionBox()) {
     // Functions have IC entries for type monitoring |this| and arguments.
     bytecodeSection().setNumICEntries(sc->asFunctionBox()->nargs() + 1);
   }
 }

 BytecodeEmitter::BytecodeEmitter(
     BytecodeEmitter* parent, BCEParserHandle* handle, SharedContext* sc,
-    HandleScript script, Handle<LazyScript*> lazyScript, uint32_t line,
+    HandleScript script, Handle<BaseScript*> lazyScript, uint32_t line,
     uint32_t column, CompilationInfo& compilationInfo, EmitterMode emitterMode,
     FieldInitializers fieldInitializers)
     : BytecodeEmitter(parent, sc, script, lazyScript, line, column,
                       compilationInfo, emitterMode, fieldInitializers) {
   parser = handle;
   instrumentationKinds = parser->options().instrumentationKinds;
 }

 BytecodeEmitter::BytecodeEmitter(
     BytecodeEmitter* parent, const EitherParser& parser, SharedContext* sc,
-    HandleScript script, Handle<LazyScript*> lazyScript, uint32_t line,
+    HandleScript script, Handle<BaseScript*> lazyScript, uint32_t line,
     uint32_t column, CompilationInfo& compilationInfo, EmitterMode emitterMode,
     FieldInitializers fieldInitializers)
     : BytecodeEmitter(parent, sc, script, lazyScript, line, column,
                       compilationInfo, emitterMode, fieldInitializers) {
   ep_.emplace(parser);
   this->parser = ep_.ptr();
   instrumentationKinds = this->parser->options().instrumentationKinds;
 }
@@ -1732,40 +1732,53 @@ bool BytecodeEmitter::emitGetNameAtLocat
 }

 bool BytecodeEmitter::emitGetName(NameNode* name) {
   RootedAtom nameAtom(cx, name->name());
   return emitGetName(nameAtom);
 }

 bool BytecodeEmitter::emitTDZCheckIfNeeded(HandleAtom name,
-                                           const NameLocation& loc) {
+                                           const NameLocation& loc,
+                                           ValueIsOnStack isOnStack) {
   // Dynamic accesses have TDZ checks built into their VM code and should
   // never emit explicit TDZ checks.
   MOZ_ASSERT(loc.hasKnownSlot());
   MOZ_ASSERT(loc.isLexical());

   Maybe<MaybeCheckTDZ> check =
       innermostTDZCheckCache->needsTDZCheck(this, name);
   if (!check) {
     return false;
   }

   // We've already emitted a check in this basic block.
   if (*check == DontCheckTDZ) {
     return true;
   }

-  if (loc.kind() == NameLocation::Kind::FrameSlot) {
-    if (!emitLocalOp(JSOp::CheckLexical, loc.frameSlot())) {
-      return false;
+  // If the value is not on the stack, we have to load it first.
+  if (isOnStack == ValueIsOnStack::No) {
+    if (loc.kind() == NameLocation::Kind::FrameSlot) {
+      if (!emitLocalOp(JSOp::GetLocal, loc.frameSlot())) {
+        return false;
+      }
+    } else {
+      if (!emitEnvCoordOp(JSOp::GetAliasedVar, loc.environmentCoordinate())) {
+        return false;
+      }
     }
-  } else {
-    if (!emitEnvCoordOp(JSOp::CheckAliasedLexical,
-                        loc.environmentCoordinate())) {
+  }
+
+  if (!emitAtomOp(JSOp::CheckLexical, name)) {
+    return false;
+  }
+
+  if (isOnStack == ValueIsOnStack::No) {
+    if (!emit1(JSOp::Pop)) {
       return false;
     }
   }

   return innermostTDZCheckCache->noteTDZCheck(this, name, DontCheckTDZ);
 }

 bool BytecodeEmitter::emitPropLHS(PropertyAccess* prop) {

/js/src/frontend/BytecodeEmitter.h

--- fb37eb89401b9a06046d72fa6f48193570ec49a4/js/src/frontend/BytecodeEmitter.h
+++ d7685b7062706f451a7277581f0b0b14542b1a1e/js/src/frontend/BytecodeEmitter.h
@@ -41,17 +41,17 @@
 #include "frontend/ValueUsage.h"     // ValueUsage
 #include "js/RootingAPI.h"           // JS::Rooted, JS::Handle
 #include "js/TypeDecls.h"            // jsbytecode
 #include "vm/BytecodeUtil.h"         // JSOp
 #include "vm/Instrumentation.h"      // InstrumentationKind
 #include "vm/Interpreter.h"          // CheckIsObjectKind, CheckIsCallableKind
 #include "vm/Iteration.h"            // IteratorKind
 #include "vm/JSFunction.h"           // JSFunction, FunctionPrefixKind
-#include "vm/JSScript.h"  // JSScript, LazyScript, FieldInitializers, JSTryNoteKind
+#include "vm/JSScript.h"  // JSScript, BaseScript, FieldInitializers, JSTryNoteKind
 #include "vm/Runtime.h"     // ReportOutOfMemory
 #include "vm/StringType.h"  // JSAtom

 namespace js {

 enum class GeneratorResumeKind;

 }  // namespace js
@@ -65,30 +65,32 @@ class ElemOpEmitter;
 class EmitterScope;
 class NestableControl;
 class PropertyEmitter;
 class PropOpEmitter;
 class OptionalEmitter;
 class TDZCheckCache;
 class TryEmitter;

+enum class ValueIsOnStack { Yes, No };
+
 struct MOZ_STACK_CLASS BytecodeEmitter {
   // Context shared between parsing and bytecode generation.
   SharedContext* const sc = nullptr;

   JSContext* const cx = nullptr;

   // Enclosing function or global context.
   BytecodeEmitter* const parent = nullptr;

   // The JSScript we're ultimately producing.
   JS::Rooted<JSScript*> script;

   // The lazy script if mode is LazyFunction, nullptr otherwise.
-  JS::Rooted<LazyScript*> lazyScript;
+  JS::Rooted<BaseScript*> lazyScript;

  private:
   BytecodeSection bytecodeSection_;

  public:
   BytecodeSection& bytecodeSection() { return bytecodeSection_; }
   const BytecodeSection& bytecodeSection() const { return bytecodeSection_; }

@@ -181,17 +183,17 @@ struct MOZ_STACK_CLASS BytecodeEmitter {
    * space above their tempMark points. This means that you cannot alloc from
    * tempLifoAlloc and save the pointer beyond the next BytecodeEmitter
    * destruction.
    */
  private:
   // Internal constructor, for delegation use only.
   BytecodeEmitter(
       BytecodeEmitter* parent, SharedContext* sc, JS::Handle<JSScript*> script,
-      JS::Handle<LazyScript*> lazyScript, uint32_t line, uint32_t column,
+      JS::Handle<BaseScript*> lazyScript, uint32_t line, uint32_t column,
       CompilationInfo& compilationInfo, EmitterMode emitterMode,
       FieldInitializers fieldInitializers = FieldInitializers::Invalid());

   void initFromBodyPosition(TokenPos bodyPosition);

   /*
    * Helper for reporting that we have insufficient args.  pluralizer
    * should be "s" if requiredArgs is anything other than "1" and ""
@@ -199,33 +201,33 @@ struct MOZ_STACK_CLASS BytecodeEmitter {
    */
   void reportNeedMoreArgsError(ParseNode* pn, const char* errorName,
                                const char* requiredArgs, const char* pluralizer,
                                const ListNode* argsList);

  public:
   BytecodeEmitter(
       BytecodeEmitter* parent, BCEParserHandle* parser, SharedContext* sc,
-      JS::Handle<JSScript*> script, JS::Handle<LazyScript*> lazyScript,
+      JS::Handle<JSScript*> script, JS::Handle<BaseScript*> lazyScript,
       uint32_t line, uint32_t column, CompilationInfo& compilationInfo,
       EmitterMode emitterMode = Normal,
       FieldInitializers fieldInitializers = FieldInitializers::Invalid());

   BytecodeEmitter(
       BytecodeEmitter* parent, const EitherParser& parser, SharedContext* sc,
-      JS::Handle<JSScript*> script, JS::Handle<LazyScript*> lazyScript,
+      JS::Handle<JSScript*> script, JS::Handle<BaseScript*> lazyScript,
       uint32_t line, uint32_t column, CompilationInfo& compilationInfo,
       EmitterMode emitterMode = Normal,
       FieldInitializers fieldInitializers = FieldInitializers::Invalid());

   template <typename Unit>
   BytecodeEmitter(
       BytecodeEmitter* parent, Parser<FullParseHandler, Unit>* parser,
       SharedContext* sc, JS::Handle<JSScript*> script,
-      JS::Handle<LazyScript*> lazyScript, uint32_t line, uint32_t column,
+      JS::Handle<BaseScript*> lazyScript, uint32_t line, uint32_t column,
       CompilationInfo& compilationInfo, EmitterMode emitterMode = Normal,
       FieldInitializers fieldInitializers = FieldInitializers::Invalid())
       : BytecodeEmitter(parent, EitherParser(parser), sc, script, lazyScript,
                         line, column, compilationInfo, emitterMode,
                         fieldInitializers) {}

   MOZ_MUST_USE bool init();
   MOZ_MUST_USE bool init(TokenPos bodyPosition);
@@ -548,17 +550,18 @@ struct MOZ_STACK_CLASS BytecodeEmitter {
     return emitGetNameAtLocation(name, lookupName(name));
   }
   MOZ_MUST_USE bool emitGetName(ImmutablePropertyNamePtr name) {
     return emitGetNameAtLocation(name, lookupName(name));
   }
   MOZ_MUST_USE bool emitGetName(NameNode* name);

   MOZ_MUST_USE bool emitTDZCheckIfNeeded(HandleAtom name,
-                                         const NameLocation& loc);
+                                         const NameLocation& loc,
+                                         ValueIsOnStack isOnStack);

   MOZ_MUST_USE bool emitNameIncDec(UnaryNode* incDec);

   MOZ_MUST_USE bool emitDeclarationList(ListNode* declList);
   MOZ_MUST_USE bool emitSingleDeclaration(ListNode* declList, NameNode* decl,
                                           ParseNode* initializer);
   MOZ_MUST_USE bool emitAssignmentRhs(ParseNode* rhs,
                                       HandleAtom anonFunctionName);

/js/src/frontend/NameOpEmitter.cpp

--- 6a01bbfc11f77be6258af76ed6af5405df78995e/js/src/frontend/NameOpEmitter.cpp
+++ ba8de6a4229732265c447e22e63d2cddd6f772fe/js/src/frontend/NameOpEmitter.cpp
@@ -61,37 +61,39 @@ bool NameOpEmitter::emitGet() {
       break;
     case NameLocation::Kind::ArgumentSlot:
       if (!bce_->emitArgOp(JSOp::GetArg, loc_.argumentSlot())) {
         //          [stack] VAL
         return false;
       }
       break;
     case NameLocation::Kind::FrameSlot:
-      if (loc_.isLexical()) {
-        if (!bce_->emitTDZCheckIfNeeded(name_, loc_)) {
-          return false;
-        }
-      }
       if (!bce_->emitLocalOp(JSOp::GetLocal, loc_.frameSlot())) {
         //          [stack] VAL
         return false;
       }
-      break;
-    case NameLocation::Kind::EnvironmentCoordinate:
       if (loc_.isLexical()) {
-        if (!bce_->emitTDZCheckIfNeeded(name_, loc_)) {
+        if (!bce_->emitTDZCheckIfNeeded(name_, loc_, ValueIsOnStack::Yes)) {
+          //        [stack] VAL
           return false;
         }
       }
+      break;
+    case NameLocation::Kind::EnvironmentCoordinate:
       if (!bce_->emitEnvCoordOp(JSOp::GetAliasedVar,
                                 loc_.environmentCoordinate())) {
         //          [stack] VAL
         return false;
       }
+      if (loc_.isLexical()) {
+        if (!bce_->emitTDZCheckIfNeeded(name_, loc_, ValueIsOnStack::Yes)) {
+          //        [stack] VAL
+          return false;
+        }
+      }
       break;
     case NameLocation::Kind::DynamicAnnexBVar:
       MOZ_CRASH(
           "Synthesized vars for Annex B.3.3 should only be used in "
           "initialization");
   }

   if (isCall()) {
@@ -250,17 +252,17 @@ bool NameOpEmitter::emitAssignment() {
       if (!bce_->emitAtomOp(JSOp::SetIntrinsic, name_)) {
         return false;
       }
       break;
     case NameLocation::Kind::NamedLambdaCallee:
       // Assigning to the named lambda is a no-op in sloppy mode but
       // throws in strict mode.
       if (bce_->sc->strict()) {
-        if (!bce_->emit1(JSOp::ThrowSetCallee)) {
+        if (!bce_->emitAtomOp(JSOp::ThrowSetConst, name_)) {
           return false;
         }
       }
       break;
     case NameLocation::Kind::ArgumentSlot:
       if (!bce_->emitArgOp(JSOp::SetArg, loc_.argumentSlot())) {
         return false;
       }
@@ -269,60 +271,70 @@ bool NameOpEmitter::emitAssignment() {
       JSOp op = JSOp::SetLocal;
       if (loc_.isLexical()) {
         if (isInitialize()) {
           op = JSOp::InitLexical;
         } else {
           if (loc_.isConst()) {
             op = JSOp::ThrowSetConst;
           }
-
-          if (!bce_->emitTDZCheckIfNeeded(name_, loc_)) {
+          if (!bce_->emitTDZCheckIfNeeded(name_, loc_, ValueIsOnStack::No)) {
             return false;
           }
         }
       }
-      if (!bce_->emitLocalOp(op, loc_.frameSlot())) {
-        return false;
+      if (op == JSOp::ThrowSetConst) {
+        if (!bce_->emitAtomOp(op, name_)) {
+          return false;
+        }
+      } else {
+        if (!bce_->emitLocalOp(op, loc_.frameSlot())) {
+          return false;
+        }
       }
       if (op == JSOp::InitLexical) {
         if (!bce_->innermostTDZCheckCache->noteTDZCheck(bce_, name_,
                                                         DontCheckTDZ)) {
           return false;
         }
       }
       break;
     }
     case NameLocation::Kind::EnvironmentCoordinate: {
       JSOp op = JSOp::SetAliasedVar;
       if (loc_.isLexical()) {
         if (isInitialize()) {
           op = JSOp::InitAliasedLexical;
         } else {
           if (loc_.isConst()) {
-            op = JSOp::ThrowSetAliasedConst;
+            op = JSOp::ThrowSetConst;
           }
-
-          if (!bce_->emitTDZCheckIfNeeded(name_, loc_)) {
+          if (!bce_->emitTDZCheckIfNeeded(name_, loc_, ValueIsOnStack::No)) {
             return false;
           }
         }
       }
       if (loc_.bindingKind() == BindingKind::NamedLambdaCallee) {
         // Assigning to the named lambda is a no-op in sloppy mode and throws
         // in strict mode.
-        op = JSOp::ThrowSetAliasedConst;
+        op = JSOp::ThrowSetConst;
         if (bce_->sc->strict()) {
-          if (!bce_->emitEnvCoordOp(op, loc_.environmentCoordinate())) {
+          if (!bce_->emitAtomOp(op, name_)) {
             return false;
           }
         }
       } else {
-        if (!bce_->emitEnvCoordOp(op, loc_.environmentCoordinate())) {
-          return false;
+        if (op == JSOp::ThrowSetConst) {
+          if (!bce_->emitAtomOp(op, name_)) {
+            return false;
+          }
+        } else {
+          if (!bce_->emitEnvCoordOp(op, loc_.environmentCoordinate())) {
+            return false;
+          }
         }
       }
       if (op == JSOp::InitAliasedLexical) {
         if (!bce_->innermostTDZCheckCache->noteTDZCheck(bce_, name_,
                                                         DontCheckTDZ)) {
           return false;
         }
       }

/js/src/vm/BytecodeUtil.cpp

--- de19d10a33ca97636d9a6470f6119d1cfb1fac30/js/src/vm/BytecodeUtil.cpp
+++ 72975d0d8292a67ab6d44f7ae390b345d131e930/js/src/vm/BytecodeUtil.cpp
@@ -185,17 +185,17 @@ static MOZ_MUST_USE bool DumpPCCounts(JS

 bool js::DumpRealmPCCounts(JSContext* cx) {
   Rooted<GCVector<JSScript*>> scripts(cx, GCVector<JSScript*>(cx));
   for (auto base = cx->zone()->cellIter<BaseScript>(); !base.done();
        base.next()) {
     if (base->isLazyScript()) {
       continue;
     }
-    JSScript* script = static_cast<JSScript*>(base.get());
+    JSScript* script = base->asJSScript();
     if (script->realm() != cx->realm()) {
       continue;
     }
     if (script->hasScriptCounts()) {
       if (!scripts.append(script)) {
         return false;
       }
     }
@@ -690,16 +690,17 @@ uint32_t BytecodeParser::simulateOp(JSOp
     case JSOp::Or:
     case JSOp::Coalesce:
     case JSOp::SetAliasedVar:
     case JSOp::SetArg:
     case JSOp::SetIntrinsic:
     case JSOp::SetLocal:
     case JSOp::InitAliasedLexical:
     case JSOp::IterNext:
+    case JSOp::CheckLexical:
       // Keep the top value.
       MOZ_ASSERT(nuses == 1);
       MOZ_ASSERT(ndefs == 1);
       break;

     case JSOp::InitHomeObject:
       // Pop the top value, keep the other value.
       MOZ_ASSERT(nuses == 2);
@@ -2592,17 +2593,17 @@ JS_FRIEND_API void js::StopPCCountProfil
     return;
   }

   for (ZonesIter zone(rt, SkipAtoms); !zone.done(); zone.next()) {
     for (auto base = zone->cellIter<BaseScript>(); !base.done(); base.next()) {
       if (base->isLazyScript()) {
         continue;
       }
-      JSScript* script = static_cast<JSScript*>(base.get());
+      JSScript* script = base->asJSScript();
       if (script->hasScriptCounts() && script->hasJitScript()) {
         if (!vec->append(script)) {
           return;
         }
       }
     }
   }

@@ -2884,23 +2885,23 @@ JS_FRIEND_API JSString* js::GetPCCountSc

 struct CollectedScripts {
   MutableHandle<ScriptVector> scripts;
   bool ok = true;

   explicit CollectedScripts(MutableHandle<ScriptVector> scripts)
       : scripts(scripts) {}

-  static void consider(JSRuntime* rt, void* data, JSScript* script,
+  static void consider(JSRuntime* rt, void* data, BaseScript* script,
                        const JS::AutoRequireNoGC& nogc) {
     auto self = static_cast<CollectedScripts*>(data);
     if (!script->filename()) {
       return;
     }
-    if (!self->scripts.append(script)) {
+    if (!self->scripts.append(script->asJSScript())) {
       self->ok = false;
     }
   }
 };

 static bool GenerateLcovInfo(JSContext* cx, JS::Realm* realm,
                              GenericPrinter& out) {
   AutoRealmUnchecked ar(cx, realm);

/js/src/vm/Opcodes.h

--- f7e3d1e375d7a20b79960b6b5619b685d3342148/js/src/vm/Opcodes.h
+++ ba8de6a4229732265c447e22e63d2cddd6f772fe/js/src/vm/Opcodes.h
@@ -2397,49 +2397,24 @@
      *
      *   Category: Control flow
      *   Type: Exceptions
      *   Operands: uint16_t msgNumber
      *   Stack: =>
      */ \
     MACRO(ThrowMsg, throw_msg, NULL, 3, 0, 0, JOF_UINT16) \
     /*
-     * Throw a TypeError for invalid assignment to a `const`. The environment
-     * coordinate is used to get the variable name for the error message.
+     * Throws a runtime TypeError for invalid assignment to a `const` binding.
      *
      *   Category: Control flow
      *   Type: Exceptions
-     *   Operands: uint8_t hops, uint24_t slot
-     *   Stack:
-     */ \
-    MACRO(ThrowSetAliasedConst, throw_set_aliased_const, NULL, 5, 0, 0, JOF_ENVCOORD|JOF_NAME|JOF_DETECTING) \
-    /*
-     * Throw a TypeError for invalid assignment to the callee binding in a named
-     * lambda, which is always a `const` binding. This is a different bytecode
-     * than `JSOp::ThrowSetConst` because the named lambda callee, if not closed
-     * over, does not have a frame slot to look up the name with for the error
-     * message.
-     *
-     *   Category: Control flow
-     *   Type: Exceptions
-     *   Operands:
-     *   Stack:
-     */ \
-    MACRO(ThrowSetCallee, throw_set_callee, NULL, 1, 0, 0, JOF_BYTE) \
-    /*
-     * Throws a runtime TypeError for invalid assignment to an optimized
-     * `const` binding. `localno` is used to get the variable name for the
-     * error message.
-     *
-     *   Category: Control flow
-     *   Type: Exceptions
-     *   Operands: uint24_t localno
+     *   Operands: uint32_t nameIndex
      *   Stack:
      */ \
-    MACRO(ThrowSetConst, throw_set_const, NULL, 4, 0, 0, JOF_LOCAL|JOF_NAME|JOF_DETECTING) \
+    MACRO(ThrowSetConst, throw_set_const, NULL, 5, 0, 0, JOF_ATOM|JOF_NAME|JOF_DETECTING) \
     /*
      * No-op instruction that marks the top of the bytecode for a
      * *TryStatement*.
      *
      * The `jumpAtEndOffset` operand is the offset (relative to the current op)
      * of the `JSOp::Goto` at the end of the try-block body. This is used by
      * bytecode analysis and JIT compilation.
      *
@@ -2630,49 +2605,32 @@
      *
      *   Category: Variables and scopes
      *   Type: Initialization
      *   Operands: uint8_t hops, uint24_t slot
      *   Stack: v => v
      */ \
     MACRO(InitAliasedLexical, init_aliased_lexical, NULL, 5, 1, 1, JOF_ENVCOORD|JOF_NAME|JOF_PROPINIT|JOF_DETECTING) \
     /*
-     * Throw a ReferenceError if the optimized local `localno` is
-     * uninitialized.
+     * Throw a ReferenceError if the value on top of the stack is uninitialized.
      *
-     * `localno` must be the number of a fixed slot in the current stack frame
-     * previously initialized or marked uninitialized using `JSOp::InitLexical`.
-     *
-     * Typically used before `JSOp::GetLocal` or `JSOp::SetLocal`.
+     * Typically used after `JSOp::GetLocal` or `JSOp::GetAliasedVar`.
      *
      * Implements: [GetBindingValue][1] step 3 and [SetMutableBinding][2] step
      * 4 for declarative Environment Records.
      *
      * [1]: https://tc39.es/ecma262/#sec-declarative-environment-records-getbindingvalue-n-s
      * [2]: https://tc39.es/ecma262/#sec-declarative-environment-records-setmutablebinding-n-v-s
      *
      *   Category: Variables and scopes
      *   Type: Initialization
-     *   Operands: uint24_t localno
-     *   Stack: =>
-     */ \
-    MACRO(CheckLexical, check_lexical, NULL, 4, 0, 0, JOF_LOCAL|JOF_NAME) \
-    /*
-     * Like `JSOp::CheckLexical` but for aliased bindings.
-     *
-     * Note: There are no `CheckName` or `CheckGName` instructions because
-     * they're unnecessary. `JSOp::{Get,Set}{Name,GName}` all check for
-     * uninitialized lexicals and throw if needed.
-     *
-     *   Category: Variables and scopes
-     *   Type: Initialization
-     *   Operands: uint8_t hops, uint24_t slot
-     *   Stack: =>
+     *   Operands: uint32_t nameIndex
+     *   Stack: v => v
      */ \
-    MACRO(CheckAliasedLexical, check_aliased_lexical, NULL, 5, 0, 0, JOF_ENVCOORD|JOF_NAME) \
+    MACRO(CheckLexical, check_lexical, NULL, 5, 1, 1, JOF_ATOM|JOF_NAME) \
     /*
      * Throw a ReferenceError if the value on top of the stack is
      * `MagicValue(JS_UNINITIALIZED_LEXICAL)`. Used in derived class
      * constructors to check `this` (which needs to be initialized before use,
      * by calling `super()`).
      *
      * Implements: [GetThisBinding][1] step 3.
      *
@@ -3500,16 +3458,19 @@

 // clang-format on

 /*
  * In certain circumstances it may be useful to "pad out" the opcode space to
  * a power of two.  Use this macro to do so.
  */
 #define FOR_EACH_TRAILING_UNUSED_OPCODE(MACRO) \
+  MACRO(236)                                   \
+  MACRO(237)                                   \
+  MACRO(238)                                   \
   MACRO(239)                                   \
   MACRO(240)                                   \
   MACRO(241)                                   \
   MACRO(242)                                   \
   MACRO(243)                                   \
   MACRO(244)                                   \
   MACRO(245)                                   \
   MACRO(246)                                   \

[arai-a]

patch in https://github.com/mozilla-spidermonkey/jsparagus/pull/355