| blob | 5e3d42c2a6f0c7c202f49ed43af60bec8ee0d640 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=78:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JS symbol tables.
43 */
44 #include <new>
45 #include <stdlib.h>
46 #include <string.h>
73 uint32
75 {
76 uint32 shape;
81 /*
82 * FIXME bug 440834: The shape id space has overflowed. Currently we
83 * cope badly with this and schedule the GC on the every call. But
84 * first we make sure that increments from other threads would not
85 * have a chance to wrap around shapeGen to zero.
86 */
90 #ifdef JS_THREADSAFE
92 #endif
94 }
96 }
98 uint32
100 {
102 }
104 bool
106 {
109 /*
110 * Subtle rule: objects that call JSObject::ensureInstanceReservedSlots
111 * must either:
112 *
113 * (a) never escape anywhere an ad-hoc property could be set on them; or
114 *
115 * (b) protect their instance-reserved slots with shapes, at least a custom
116 * empty shape with the right slotSpan member.
117 *
118 * Block objects are the only objects that fall into category (a). While
119 * Call objects cannot escape, they can grow ad-hoc properties via eval
120 * of a var declaration, or due to a function statement being evaluated,
121 * but they have slots mapped by compiler-created shapes, and thus (b) no
122 * problem predicting first ad-hoc property slot. Bound Function objects
123 * have a custom empty shape.
124 *
125 * (Note that Block, Call, and bound Function objects are the only native
126 * class objects that are allowed to call ensureInstanceReservedSlots.)
127 */
133 }
135 #define PROPERTY_TABLE_NBYTES(n) ((n) * sizeof(Shape *))
137 #ifdef DEBUG
140 # define METER(x) JS_ATOMIC_INCREMENT(&js_scope_stats.x)
141 #else
142 # define METER(x) ((void) 0)
143 #endif
145 bool
147 {
148 /*
149 * Either we're creating a table for a large scope that was populated
150 * via property cache hit logic under JSOP_INITPROP, JSOP_SETNAME, or
151 * JSOP_SETPROP; or else calloc failed at least once already. In any
152 * event, let's try to grow, overallocating to hold at least twice the
153 * current population.
154 */
159 /*
160 * Use rt->calloc for memory accounting and overpressure handling
161 * without OOM reporting. See PropertyTable::change.
162 */
167 }
176 /*
177 * Beware duplicate args and arg vs. var conflicts: the youngest shape
178 * (nearest to lastProp) must win. See bug 600067.
179 */
182 }
184 }
186 bool
188 {
195 }
197 #ifdef DEBUG
199 # define LIVE_SCOPE_METER(cx,expr) JS_LOCK_RUNTIME_VOID(cx->runtime,expr)
200 #else
202 #endif
206 {
210 }
212 }
214 /* static */
215 bool
217 {
218 /*
219 * NewArguments allocates dslots to have enough room for the argc of the
220 * particular arguments object being created.
221 * never mutated, it's safe to pretend to have all the slots possible.
222 *
223 * Note how the fast paths in jsinterp.cpp for JSOP_LENGTH and JSOP_GETELEM
224 * bypass resolution of scope properties for length and element indices on
225 * arguments objects. This helps ensure that any arguments object needing
226 * its own mutable scope (with unique shape) is a rare event.
227 */
234 /*
235 * Initialize the shared scope for all empty Call objects so gets for args
236 * and vars do not force the creation of a mutable scope for the particular
237 * call object being accessed.
238 */
242 /* A DeclEnv object holds the name binding for a named function expression. */
246 /* Non-escaping native enumerator objects share this empty scope. */
250 /* Same drill for With objects. */
255 }
257 /* static */
258 void
260 {
267 }
272 #if JS_BYTES_PER_WORD == 4
273 # define HASH_ID(id) ((JSHashNumber)(JSID_BITS(id)))
274 #elif JS_BYTES_PER_WORD == 8
275 # define HASH_ID(id) ((JSHashNumber)(JSID_BITS(id)) ^ (JSHashNumber)((JSID_BITS(id)) >> 32))
276 #else
278 #endif
280 /*
281 * Double hashing needs the second hash code to be relatively prime to table
282 * size, so we simply make hash2 odd. The inputs to multiplicative hash are
283 * the golden ratio, expressed as a fixed-point 32 bit fraction, and the id
284 * itself.
285 */
286 #define HASH0(id) (HASH_ID(id) * JS_GOLDEN_RATIO)
287 #define HASH1(hash0,shift) ((hash0) >> (shift))
288 #define HASH2(hash0,log2,shift) ((((hash0) << (log2)) >> (shift)) | 1)
290 Shape **
292 {
296 uint32 sizeMask;
301 /* Compute the primary hash address. */
307 /* Miss: return space for a new entry. */
313 }
315 /* Hit: return entry. */
321 }
323 /* Collision: double hash. */
328 #ifdef DEBUG
330 #endif
332 /* Save the first removed entry pointer so we can recycle it if adding. */
339 #ifdef DEBUG
341 #endif
342 }
355 }
363 }
371 #ifdef DEBUG
373 #endif
374 }
375 }
377 /* NOTREACHED */
379 }
381 bool
383 {
390 /*
391 * Grow, shrink, or compress by changing this->entries. Here, we prefer
392 * cx->runtime->calloc to js_calloc, which on OOM waits for a background
393 * thread to finish sweeping and retry, if appropriate. Avoid cx->calloc
394 * so our caller can be in charge of whether to JS_ReportOutOfMemory.
395 */
405 }
407 /* Now that we have newTable allocated, update members. */
413 /* Copy only live entries, leaving removed and free ones behind. */
422 }
423 oldsize--;
424 }
426 /*
427 * Finally, free the old entries storage. Note that cx->runtime->free just
428 * calls js_free. Use js_free here to match PropertyTable::~PropertyTable,
429 * which cannot have a cx or rt parameter.
430 */
433 }
435 bool
437 {
444 else
450 }
452 }
454 Shape *
456 {
464 /*
465 * Attempt to grow table if needed before extending *listp, rather than
466 * risking OOM under table->grow after newDictionaryShape succeeds, and
467 * then have to fix up *listp.
468 */
477 /* Add newShape to the property table. */
481 /*
482 * Beware duplicate formal parameters, allowed by ECMA-262 in
483 * non-strict mode. Otherwise we know that Bindings::add (our
484 * caller) won't pass an id already in the table to us. In the
485 * case of duplicate formals, the last one wins, so while we
486 * must not overcount entries, we must store newShape.
487 */
492 /* Hand the table off from oldShape to newShape. */
498 }
500 }
503 }
510 }
517 }
519 }
521 /*
522 * Get or create a property-tree or dictionary child property of parent, which
523 * must be lastProp if inDictionaryMode(), else parent must be one of lastProp
524 * or lastProp->parent.
525 */
526 Shape *
528 {
532 /*
533 * Aliases share another property's slot, passed in the |slot| parameter.
534 * Shared properties have no slot. Unshared properties that do not alias
535 * another property's slot allocate a slot here, but may lose it due to a
536 * JS_ClearScope call.
537 */
542 /*
543 * We may have set slot from a nearly-matching shape, above. If so,
544 * we're overwriting that nearly-matching shape, so we can reuse
545 * its slot -- we don't need to allocate a new one. Similarly, we
546 * use a specific slot if provided by the caller.
547 */
550 }
551 }
562 }
573 }
578 }
580 Shape *
582 {
596 }
598 Shape *
600 {
615 }
620 }
626 }
628 bool
630 {
637 }
639 /*
640 * Normalize stub getter and setter values for faster is-stub testing in the
641 * SHAPE_CALL_[GS]ETTER macros.
642 */
648 {
652 }
654 /* Here, getter is the method, a function object reference. */
662 }
663 }
666 }
668 #ifdef DEBUG
669 # define CHECK_SHAPE_CONSISTENCY(obj) obj->checkShapeConsistency()
671 void
673 {
680 }
687 else
699 }
706 }
711 }
722 }
724 }
733 }
734 }
738 }
740 }
741 }
742 }
743 #else
744 # define CHECK_SHAPE_CONSISTENCY(obj) ((void)0)
745 #endif
752 {
758 }
762 /* Search for id with adding = true in order to claim its entry. */
770 /* Update any watchpoints referring to this property. */
776 }
784 {
794 }
805 }
806 }
808 /* Find or create a property tree node labeled by our arguments. */
810 {
813 }
819 /* Store the tree node pointer in the table entry for id. */
823 /* Pass the table along to the new lastProp, namely shape. */
827 }
828 #ifdef DEBUG
830 #endif
834 }
839 }
841 /*
842 * Check and adjust the new attributes for the shape to make sure that our
843 * slot access optimizations are sound. It is responsibility of the callers to
844 * enforce all restrictions from ECMA-262 v5 8.12.9 [[DefineOwnProperty]].
845 */
848 {
852 /* A permanent property must stay permanent. */
855 /* Reject attempts to remove a slot from the permanent data property. */
860 }
863 }
870 {
873 /*
874 * Horrid non-strict eval, debuggers, and |default xml namespace ...| may
875 * extend Call objects.
876 */
881 }
885 /* Search for id in order to claim its entry if table has been allocated. */
889 /*
890 * You can't add properties to a non-extensible object, but you can change
891 * attributes of properties in such objects.
892 */
896 }
906 }
908 /* Property exists: search must have returned a valid *spp. */
914 /*
915 * If the caller wants to allocate a slot, but doesn't care which slot,
916 * copy the existing shape's slot into slot so we can match shape, if all
917 * other members match.
918 */
924 /*
925 * Now that we've possibly preserved slot, check whether all members match.
926 * If so, this is a redundant "put" and we can return without more work.
927 */
931 }
933 /*
934 * Overwriting a non-last property requires switching to dictionary mode.
935 * The shape tree is shared immutable, and we can't removeProperty and then
936 * addPropertyInternal because a failure under add would lose data.
937 */
943 }
945 /*
946 * Now that we have passed the lastProp->frozen() check at the top of this
947 * method, and the non-last-property conditioning just above, we are ready
948 * to overwrite.
949 *
950 * Optimize the case of a non-frozen dictionary-mode object based on the
951 * property that dictionaries exclusively own their mutable shape structs,
952 * each of which has a unique shape number (not shared via a shape tree).
953 *
954 * This is more than an optimization: it is required to preserve for-in
955 * enumeration order (see bug 601399).
956 */
958 /* FIXME bug 593129 -- slot allocation and JSObject *this must move out of here! */
962 }
971 }
972 }
980 /*
981 * We are done updating shape and lastProp. Now we may need to update
982 * flags and we will need to update objShape, which is no longer "own".
983 * In the last non-dictionary property case in the else clause just
984 * below, getChildProperty handles this for us. First update flags.
985 */
988 /*
989 * We have just mutated shape in place, but nothing caches it based on
990 * shape->shape unless shape is lastProp and !hasOwnShape()). Therefore
991 * we regenerate only lastProp->shape. We will clearOwnShape(), which
992 * sets objShape to lastProp->shape.
993 */
997 /*
998 * Updating lastProp in a non-dictionary-mode object. Such objects
999 * share their shapes via a tree rooted at a prototype emptyShape, or
1000 * perhaps a well-known compartment-wide singleton emptyShape.
1001 *
1002 * If any shape in the tree has a property hashtable, it is shared and
1003 * immutable too, therefore we must not update *spp.
1004 */
1008 /* Find or create a property tree node labeled by our arguments. */
1017 }
1020 }
1022 /*
1023 * Can't fail now, so free the previous incarnation's slot if the new shape
1024 * has no slot. But we do not need to free oldSlot (and must not, as trying
1025 * to will botch an assertion in JSObject::freeSlot) if the new lastProp
1026 * (shape here) has a slotSpan that does not cover it.
1027 */
1031 #ifdef DEBUG
1032 else
1034 #endif
1036 }
1045 }
1050 {
1057 /* Allow only shared (slotless) => unshared (slotful) transition. */
1061 /* Don't allow method properties to be changed to have a getter. */
1077 /*
1078 * Dictionary-mode objects exclusively own their mutable shape structs, so
1079 * we simply modify in place.
1080 */
1082 /* FIXME bug 593129 -- slot allocation and JSObject *this must move out of here! */
1087 }
1097 }
1098 }
1106 /* See the corresponding code in putProperty. */
1114 }
1121 #ifdef DEBUG
1127 }
1128 }
1129 #endif
1131 /*
1132 * Let JSObject::putProperty handle this |overwriting| case, including
1133 * the conservation of shape->slot (if it's valid). We must not call
1134 * removeProperty because it will free an allocated shape->slot, and
1135 * putProperty won't re-allocate it.
1136 */
1140 #ifdef DEBUG
1143 #endif
1144 }
1146 #ifdef DEBUG
1150 else
1152 #endif
1154 }
1156 bool
1158 {
1164 }
1166 /* First, if shape is unshared and not has a slot, free its slot number. */
1172 }
1175 /* If shape is not the last property added, switch to dictionary mode. */
1181 }
1183 /*
1184 * A dictionary-mode object owns mutable, unique shapes on a non-circular
1185 * doubly linked list, optionally hashed by lastProp->table. So we can edit
1186 * the list and hash in place.
1187 */
1202 #ifdef DEBUG
1203 /*
1204 * Check the consistency of the table but limit the number of
1205 * checks not to alter significantly the complexity of the
1206 * delete in debug builds, see bug 534493.
1207 */
1211 #endif
1212 }
1213 }
1215 /*
1216 * Remove shape from its non-circular doubly linked list, setting this
1217 * object's OWN_SHAPE flag so the updateShape(cx) further below will
1218 * generate a fresh shape id for this object, distinct from the id of
1219 * any shape in the list. We need a fresh shape for all deletions, even
1220 * of lastProp. Otherwise, a shape number could replay and caches might
1221 * return get deleted DictionaryShapes! See bug 595365.
1222 */
1234 /*
1235 * Maintain slot freelist consistency. The only constraint we
1236 * have is that slot numbers on the freelist are less than
1237 * lastProp->slotSpan. Thus, if the freelist is non-empty,
1238 * then lastProp->slotSpan may not decrease.
1239 */
1243 /* Add the slot to the freelist if it wasn't added in freeSlot. */
1247 }
1248 }
1249 }
1251 /* Hand off table from old to new lastProp. */
1254 }
1256 /*
1257 * Non-dictionary-mode property tables are shared immutables, so all we
1258 * need do is retract lastProp and we'll either get or else lazily make
1259 * via a later hashify the exact table for the new property lineage.
1260 */
1264 /*
1265 * Revert to fixed slots if this was the first dynamically allocated slot,
1266 * preserving invariant that objects with the same shape use the fixed
1267 * slots in the same way.
1268 */
1274 }
1275 }
1278 /* On the way out, consider shrinking table if its load factor is <= .25. */
1285 }
1286 }
1292 }
1294 void
1296 {
1305 }
1311 /*
1312 * Revert to fixed slots if we have cleared below the first dynamically
1313 * allocated slot, preserving invariant that objects with the same shape
1314 * use the fixed slots in the same way.
1315 */
1319 /*
1320 * We have rewound to a uniquely-shaped empty scope, so we don't need an
1321 * override for this object's shape.
1322 */
1329 }
1331 void
1333 {
1334 #ifdef JS_TRACER
1338 /*
1339 * If we are recording, here is where we forget already-guarded shapes.
1340 * Any subsequent property operation upon object on the trace currently
1341 * being recorded will re-guard (and re-memoize).
1342 */
1345 #endif
1348 }
1350 void
1352 {
1355 }
1359 {
1364 #ifdef DEBUG
1370 #endif
1372 /*
1373 * Pass null to make a stub getter, but pass along shape.rawSetter to
1374 * preserve watchpoints. Clear Shape::METHOD from flags as we are
1375 * despecializing from a method memoized in the property tree to a
1376 * plain old function-valued property.
1377 */
1384 }
1394 }
1395 }
1396 }
1400 }
1402 bool
1404 {
1413 }
1414 }
1416 }
1418 void
1420 {
1422 }
1424 void
1426 {
1429 }
1431 bool
1433 {
1436 }
1438 #ifdef DEBUG
1439 static void
1441 {
1443 jsid id;
1461 }
1462 }
1464 static void
1466 {
1468 jsid id;
1480 }
1481 #endif
1483 void
1485 {
1486 #ifdef DEBUG
1489 #endif
1500 }
1504 }
1505 }
1510 }
1511 }