SpiderMonkey bytecodes are the canonical form of code representation that is used in the JavaScript engine. The JavaScript frontend constructs an AST from the source text, then emits stack-based bytecodes from that AST as a part of the JSScript data structure. Bytecodes can reference atoms and objects (typically by array index) which are also contained in the JSScript data structure.

Within the engine, all bytecode execute within a stack frame -- even global (top-level) and eval code has a stack frame associated with it. A frame on the stack has space for JavaScript Values (the tagged value format) in a few different categories. The space for a single JavaScript value is called a "slot", so the categories are:

There are also some slots reserved for dedicated functionality, holding values like this and the callee / return value.

There is always a "Top of Stack" (TOS) that corresponds to the latest value pushed onto the expression stack. All bytecodes implicitly operate in terms of this location.

Bytecode Listing

All opcodes are annotated with a [-popcount, +pushcount] to represent the overall stack-effects their execution.

Bytecode listing was moved to SpiderMonkey Internals: Bytecode Descriptions page.