What is initscopedepth in ActionScript bytecode AVM2? Why getlocal_0 and pushscope?

Ok so, essentially, I have asked this question on StackOverflow, and was told to ask here as well, so here it goes:

I have looked into the AVM2 Overview document (chapter 4.11, page 33) and found the following about init_scope_depth:

The init_scope_depth field defines the minimum scope depth, relative to max_scope_depth, that may be accessed within the method.
The max_scope_depth field defines the maximum scope depth that may be accessed within the method. The difference between max_scope_depth and init_scope_depth determines the size of the local scope stack.

I have also came across a citation on the ActionScript 3.0 Bible book about the scope chain, which I believe to be related to init_scope_depth, and says:

The scope chain, shown in figure 2-1, is an internal device that is created to manage variable scope during function execution.
When a variable is referenced, the Flash Player starts with the most recent function called and checks for variable declarations. If the value isn’t found in the most local scope, it moves up one level to the parent function that called the function and checks there. This process continues until the scope chain has been checked all the way up to the global scope.


As shown in the figure, we have the scope order being, from top to bottom:

function scope -> parent function(s) scope (if any) -> instance of the class calling the function -> static instance of the class calling the function -> global scope

Notice also that the scope chain can have more levels depending on class inheritance.

Now here comes my question:

I’ve been playing with JPEXS Free Flash Decompiler and RABCDAsm, and I have a class called Global in a package called Data. The class does not extend any other classes, but implements one interface. Within this class, there are normal methods and static methods. I have noticed that the static methods have initscopedepth set to 3 and the normal methods have initscopedepth set to 4. (Note: these values were set by the compiler, as explained in the [AVM2 Overview document][1], chapter 4.11).

My guess is that the initial scope is:

method -> instance of class -> static instance of class (static variables) -> global

But I am not sure and was wondering if anyone could confirm this.

This also leads me to another question. All the methods code block, both normal and static, start with the code:


(Note: After these 2 instructions comes whatever instruction the method starts with.)
Could it be because, for normal objects it is pushing the this onto the scope stack, and for static methods it is pushing the static instance of the class onto the scope stack? If so, why is this necessary?

Instead of getting into it right away, first

What is initscopedepth in ActionScript bytecode AVM2? Why getlocal_0 and pushscope?

Why ?

What are you trying to do? build?

What problem are you trying to solve ?

I have an SWF which I’d like to modify, and for this I’d like to be able to make new methods. I don’t have access to the source code, only to the bytecode thanks to RABCDAsm and JPEXS. It would be handy to know how the compiler calculates initscopedepth, and why it is necessary to push onto the scope the this, even for static methods.

so you’re shaving a yak

think about it, you’re going into making your own ABC/SWF byte code assembler
instead of decompiling with something like JPEXS and recompiling with Flex/AIR/ASC

kind of like “I want to go to the city” and instead of taking a ride, the bus, the car,
you’re building your own v8 engine with 2 bicycle wheels …

I personally will not waste too much time on that

you want to go assembly, fine

first learn about how work a simple VM
Simple Virtual Machine

you can find docs about the ActionScript bytecode here

ideally learn how to generate the doc from doxygen


about init_scope_depth

about getlocal_0

about pushscope

My help will stop here,
good luck

JPEXS does not produce an output that I can just recompile, the SWF is complex. Thank you for your effort.

yeah you will probably have to understand a couple of things
but this is 100x much simpler than trying to assemble and/or inject bytecode by hand

this tell me you are probably trying to modify someone else work

subject close