Background
SpiderMonkey bytecodes are the canonical form of code representation that is used in the JavaScript engine. The JavaScript frontend constructs an AST from the source text, then emits stack-based bytecodes from that AST as a part of the JSScript data structure. Bytecodes can reference atoms and objects (typically by array index) which are also contained in the JSScript data structure.
Within the engine, all bytecode execute within a stack frame -- even global (top-level) and eval code has a stack frame associated with it. A frame on the stack has space for JavaScript Values (the tagged value format) in a few different categories. The space for a single JavaScript value is called a "slot", so the categories are:
- Argument slots: holds the actual arguments passed to the current frame.
- Local slots: holds the local variables used by the current code.
- Expression slots: holds the temporary space that you need to calculate expressions on a stack. For example, in
(a + b) + c
you would push a, then push b, then add, then push c, then add, which requires a maximum depth of two expression slots.
There are also some slots reserved for dedicated functionality, holding values like this
and the callee / return value.
There is always a "Top of Stack" (TOS) that corresponds to the latest value pushed onto the expression stack. All bytecodes implicitly operate in terms of this location.
Bytecode Listing
All opcodes are annotated with a [-popcount, +pushcount] to represent the overall stack-effects their execution.
Bytecode listing was moved to SpiderMonkey Internals: Bytecode Descriptions page.