search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1867190 - Add prefs for PHC probablities r=glandium
[gecko.git] / js / public / HeapAPI.h
blob0f1d1dfe63aa6a7d1a978e9d1b84ab1476700c6d
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef js_HeapAPI_h
8 #define js_HeapAPI_h
9
10 #include "mozilla/Atomics.h"
11 #include "mozilla/BitSet.h"
12
13 #include <limits.h>
14 #include <type_traits>
15
16 #include "js/AllocPolicy.h"
17 #include "js/GCAnnotations.h"
18 #include "js/HashTable.h"
19 #include "js/shadow/String.h" // JS::shadow::String
20 #include "js/shadow/Symbol.h" // JS::shadow::Symbol
21 #include "js/shadow/Zone.h" // JS::shadow::Zone
22 #include "js/TraceKind.h"
23 #include "js/TypeDecls.h"
24
25 /* These values are private to the JS engine. */
26 namespace js {
27
28 class NurseryDecommitTask;
29
30 JS_PUBLIC_API bool CurrentThreadCanAccessZone(JS::Zone* zone);
31
32 // To prevent false sharing, some data structures are aligned to a typical cache
33 // line size.
34 static constexpr size_t TypicalCacheLineSize = 64;
35
36 namespace gc {
37
38 class Arena;
39 struct Cell;
40 class TenuredChunk;
41 class StoreBuffer;
42 class TenuredCell;
43
44 const size_t ArenaShift = 12;
45 const size_t ArenaSize = size_t(1) << ArenaShift;
46 const size_t ArenaMask = ArenaSize - 1;
47
48 #if defined(XP_MACOSX) && defined(__aarch64__)
49 const size_t PageShift = 14;
50 #else
51 const size_t PageShift = 12;
52 #endif
53 // Expected page size, so we could initialze ArenasPerPage at compile-time.
54 // The actual system page size should be queried by SystemPageSize().
55 const size_t PageSize = size_t(1) << PageShift;
56 constexpr size_t ArenasPerPage = PageSize / ArenaSize;
57
58 const size_t ChunkShift = 20;
59 const size_t ChunkSize = size_t(1) << ChunkShift;
60 const size_t ChunkMask = ChunkSize - 1;
61
62 const size_t CellAlignShift = 3;
63 const size_t CellAlignBytes = size_t(1) << CellAlignShift;
64 const size_t CellAlignMask = CellAlignBytes - 1;
65
66 const size_t CellBytesPerMarkBit = CellAlignBytes;
67 const size_t MarkBitsPerCell = 2;
68
69 /*
70 * The mark bitmap has one bit per each possible cell start position. This
71 * wastes some space for larger GC things but allows us to avoid division by the
72 * cell's size when accessing the bitmap.
73 */
74 const size_t ArenaBitmapBits = ArenaSize / CellBytesPerMarkBit;
75 const size_t ArenaBitmapBytes = HowMany(ArenaBitmapBits, 8);
76 const size_t ArenaBitmapWords = HowMany(ArenaBitmapBits, JS_BITS_PER_WORD);
77
78 // The base class for all GC chunks, either in the nursery or in the tenured
79 // heap memory. This structure is locatable from any GC pointer by aligning to
80 // the chunk size.
81 class alignas(CellAlignBytes) ChunkBase {
82 protected:
83 ChunkBase(JSRuntime* rt, StoreBuffer* sb) {
84 MOZ_ASSERT((uintptr_t(this) & ChunkMask) == 0);
85 initBase(rt, sb);
86 }
87
88 void initBase(JSRuntime* rt, StoreBuffer* sb) {
89 runtime = rt;
90 storeBuffer = sb;
91 }
92
93 public:
94 // The store buffer for pointers from tenured things to things in this
95 // chunk. Will be non-null if and only if this is a nursery chunk.
96 StoreBuffer* storeBuffer;
97
98 // Provide quick access to the runtime from absolutely anywhere.
99 JSRuntime* runtime;
100 };
101
102 // Information about tenured heap chunks.
103 struct TenuredChunkInfo {
104 private:
105 friend class ChunkPool;
106 TenuredChunk* next = nullptr;
107 TenuredChunk* prev = nullptr;
108
109 public:
110 /* Number of free arenas, either committed or decommitted. */
111 uint32_t numArenasFree;
112
113 /* Number of free, committed arenas. */
114 uint32_t numArenasFreeCommitted;
115 };
116
117 /*
118 * Calculating ArenasPerChunk:
119 *
120 * To figure out how many Arenas will fit in a chunk we need to know how much
121 * extra space is available after we allocate the header data. This is a problem
122 * because the header size depends on the number of arenas in the chunk.
123 *
124 * The dependent fields are markBits, decommittedPages and
125 * freeCommittedArenas. markBits needs ArenaBitmapBytes bytes per arena,
126 * decommittedPages needs one bit per page and freeCommittedArenas needs one
127 * bit per arena.
128 *
129 * We can calculate an approximate value by dividing the number of bits of free
130 * space in the chunk by the number of bits needed per arena. This is an
131 * approximation because it doesn't take account of the fact that the variable
132 * sized fields must be rounded up to a whole number of words, or any padding
133 * the compiler adds between fields.
134 *
135 * Fortunately, for the chunk and arena size parameters we use this
136 * approximation turns out to be correct. If it were not we might need to adjust
137 * the arena count down by one to allow more space for the padding.
138 */
139 const size_t BitsPerPageWithHeaders =
140 (ArenaSize + ArenaBitmapBytes) * ArenasPerPage * CHAR_BIT + ArenasPerPage +
141 1;
142 const size_t ChunkBitsAvailable =
143 (ChunkSize - sizeof(ChunkBase) - sizeof(TenuredChunkInfo)) * CHAR_BIT;
144 const size_t PagesPerChunk = ChunkBitsAvailable / BitsPerPageWithHeaders;
145 const size_t ArenasPerChunk = PagesPerChunk * ArenasPerPage;
146 const size_t FreeCommittedBits = ArenasPerChunk;
147 const size_t DecommitBits = PagesPerChunk;
148 const size_t BitsPerArenaWithHeaders =
149 (ArenaSize + ArenaBitmapBytes) * CHAR_BIT +
150 (DecommitBits / ArenasPerChunk) + 1;
151
152 const size_t CalculatedChunkSizeRequired =
153 sizeof(ChunkBase) + sizeof(TenuredChunkInfo) +
154 RoundUp(ArenasPerChunk * ArenaBitmapBytes, sizeof(uintptr_t)) +
155 RoundUp(FreeCommittedBits, sizeof(uint32_t) * CHAR_BIT) / CHAR_BIT +
156 RoundUp(DecommitBits, sizeof(uint32_t) * CHAR_BIT) / CHAR_BIT +
157 ArenasPerChunk * ArenaSize;
158 static_assert(CalculatedChunkSizeRequired <= ChunkSize,
159 "Calculated ArenasPerChunk is too large");
160
161 const size_t CalculatedChunkPadSize = ChunkSize - CalculatedChunkSizeRequired;
162 static_assert(CalculatedChunkPadSize * CHAR_BIT < BitsPerArenaWithHeaders,
163 "Calculated ArenasPerChunk is too small");
164
165 static_assert(ArenasPerChunk == 252,
166 "Do not accidentally change our heap's density.");
167
168 // Mark bitmaps are atomic because they can be written by gray unmarking on the
169 // main thread while read by sweeping on a background thread. The former does
170 // not affect the result of the latter.
171 using MarkBitmapWord = mozilla::Atomic<uintptr_t, mozilla::Relaxed>;
172
173 /*
174 * Live objects are marked black or gray. Everything reachable from a JS root is
175 * marked black. Objects marked gray are eligible for cycle collection.
176 *
177 * BlackBit: GrayOrBlackBit: Color:
178 * 0 0 white
179 * 0 1 gray
180 * 1 0 black
181 * 1 1 black
182 */
183 enum class ColorBit : uint32_t { BlackBit = 0, GrayOrBlackBit = 1 };
184
185 // Mark colors. Order is important here: the greater value the 'more marked' a
186 // cell is.
187 enum class MarkColor : uint8_t { Gray = 1, Black = 2 };
188
189 // Mark bitmap for a tenured heap chunk.
190 struct alignas(TypicalCacheLineSize) MarkBitmap {
191 static constexpr size_t WordCount = ArenaBitmapWords * ArenasPerChunk;
192 MarkBitmapWord bitmap[WordCount];
193
194 inline void getMarkWordAndMask(const TenuredCell* cell, ColorBit colorBit,
195 MarkBitmapWord** wordp, uintptr_t* maskp);
196
197 // The following are not exported and are defined in gc/Heap.h:
198 inline bool markBit(const TenuredCell* cell, ColorBit colorBit);
199 inline bool isMarkedAny(const TenuredCell* cell);
200 inline bool isMarkedBlack(const TenuredCell* cell);
201 inline bool isMarkedGray(const TenuredCell* cell);
202 inline bool markIfUnmarked(const TenuredCell* cell, MarkColor color);
203 inline bool markIfUnmarkedAtomic(const TenuredCell* cell, MarkColor color);
204 inline void markBlack(const TenuredCell* cell);
205 inline void markBlackAtomic(const TenuredCell* cell);
206 inline void copyMarkBit(TenuredCell* dst, const TenuredCell* src,
207 ColorBit colorBit);
208 inline void unmark(const TenuredCell* cell);
209 inline MarkBitmapWord* arenaBits(Arena* arena);
210 };
211
212 static_assert(ArenaBitmapBytes * ArenasPerChunk == sizeof(MarkBitmap),
213 "Ensure our MarkBitmap actually covers all arenas.");
214
215 // Bitmap with one bit per page used for decommitted page set.
216 using ChunkPageBitmap = mozilla::BitSet<PagesPerChunk, uint32_t>;
217
218 // Bitmap with one bit per arena used for free committed arena set.
219 using ChunkArenaBitmap = mozilla::BitSet<ArenasPerChunk, uint32_t>;
220
221 // Base class containing data members for a tenured heap chunk.
222 class TenuredChunkBase : public ChunkBase {
223 public:
224 TenuredChunkInfo info;
225 MarkBitmap markBits;
226 ChunkArenaBitmap freeCommittedArenas;
227 ChunkPageBitmap decommittedPages;
228
229 protected:
230 explicit TenuredChunkBase(JSRuntime* runtime) : ChunkBase(runtime, nullptr) {
231 info.numArenasFree = ArenasPerChunk;
232 }
233
234 void initAsDecommitted();
235 };
236
237 /*
238 * We sometimes use an index to refer to a cell in an arena. The index for a
239 * cell is found by dividing by the cell alignment so not all indices refer to
240 * valid cells.
241 */
242 const size_t ArenaCellIndexBytes = CellAlignBytes;
243 const size_t MaxArenaCellIndex = ArenaSize / CellAlignBytes;
244
245 const size_t MarkBitmapWordBits = sizeof(MarkBitmapWord) * CHAR_BIT;
246
247 constexpr size_t FirstArenaAdjustmentBits =
248 RoundUp(sizeof(gc::TenuredChunkBase), ArenaSize) / gc::CellBytesPerMarkBit;
249
250 static_assert((FirstArenaAdjustmentBits % MarkBitmapWordBits) == 0);
251 constexpr size_t FirstArenaAdjustmentWords =
252 FirstArenaAdjustmentBits / MarkBitmapWordBits;
253
254 const size_t ChunkStoreBufferOffset = offsetof(ChunkBase, storeBuffer);
255 const size_t ChunkMarkBitmapOffset = offsetof(TenuredChunkBase, markBits);
256
257 // Hardcoded offsets into Arena class.
258 const size_t ArenaZoneOffset = 2 * sizeof(uint32_t);
259 const size_t ArenaHeaderSize = ArenaZoneOffset + 2 * sizeof(uintptr_t) +
260 sizeof(size_t) + sizeof(uintptr_t);
261
262 // The first word of a GC thing has certain requirements from the GC and is used
263 // to store flags in the low bits.
264 const size_t CellFlagBitsReservedForGC = 3;
265
266 // The first word can be used to store JSClass pointers for some thing kinds, so
267 // these must be suitably aligned.
268 const size_t JSClassAlignBytes = size_t(1) << CellFlagBitsReservedForGC;
269
270 #ifdef JS_DEBUG
271 /* When downcasting, ensure we are actually the right type. */
272 extern JS_PUBLIC_API void AssertGCThingHasType(js::gc::Cell* cell,
273 JS::TraceKind kind);
274 #else
275 inline void AssertGCThingHasType(js::gc::Cell* cell, JS::TraceKind kind) {}
276 #endif
277
278 MOZ_ALWAYS_INLINE bool IsInsideNursery(const js::gc::Cell* cell);
279 MOZ_ALWAYS_INLINE bool IsInsideNursery(const js::gc::TenuredCell* cell);
280
281 } /* namespace gc */
282 } /* namespace js */
283
284 namespace JS {
285
286 enum class HeapState {
287 Idle, // doing nothing with the GC heap
288 Tracing, // tracing the GC heap without collecting, e.g.
289 // IterateCompartments()
290 MajorCollecting, // doing a GC of the major heap
291 MinorCollecting, // doing a GC of the minor heap (nursery)
292 CycleCollecting // in the "Unlink" phase of cycle collection
293 };
294
295 JS_PUBLIC_API HeapState RuntimeHeapState();
296
297 static inline bool RuntimeHeapIsBusy() {
298 return RuntimeHeapState() != HeapState::Idle;
299 }
300
301 static inline bool RuntimeHeapIsTracing() {
302 return RuntimeHeapState() == HeapState::Tracing;
303 }
304
305 static inline bool RuntimeHeapIsMajorCollecting() {
306 return RuntimeHeapState() == HeapState::MajorCollecting;
307 }
308
309 static inline bool RuntimeHeapIsMinorCollecting() {
310 return RuntimeHeapState() == HeapState::MinorCollecting;
311 }
312
313 static inline bool RuntimeHeapIsCollecting(HeapState state) {
314 return state == HeapState::MajorCollecting ||
315 state == HeapState::MinorCollecting;
316 }
317
318 static inline bool RuntimeHeapIsCollecting() {
319 return RuntimeHeapIsCollecting(RuntimeHeapState());
320 }
321
322 static inline bool RuntimeHeapIsCycleCollecting() {
323 return RuntimeHeapState() == HeapState::CycleCollecting;
324 }
325
326 /*
327 * This list enumerates the different types of conceptual stacks we have in
328 * SpiderMonkey. In reality, they all share the C stack, but we allow different
329 * stack limits depending on the type of code running.
330 */
331 enum StackKind {
332 StackForSystemCode, // C++, such as the GC, running on behalf of the VM.
333 StackForTrustedScript, // Script running with trusted principals.
334 StackForUntrustedScript, // Script running with untrusted principals.
335 StackKindCount
336 };
337
338 /*
339 * Default maximum size for the generational nursery in bytes. This is the
340 * initial value. In the browser this configured by the
341 * javascript.options.mem.nursery.max_kb pref.
342 */
343 const uint32_t DefaultNurseryMaxBytes = 16 * js::gc::ChunkSize;
344
345 /* Default maximum heap size in bytes to pass to JS_NewContext(). */
346 const uint32_t DefaultHeapMaxBytes = 32 * 1024 * 1024;
347
348 /**
349 * A GC pointer, tagged with the trace kind.
350 *
351 * In general, a GC pointer should be stored with an exact type. This class
352 * is for use when that is not possible because a single pointer must point
353 * to several kinds of GC thing.
354 */
355 class JS_PUBLIC_API GCCellPtr {
356 public:
357 GCCellPtr() : GCCellPtr(nullptr) {}
358
359 // Construction from a void* and trace kind.
360 GCCellPtr(void* gcthing, JS::TraceKind traceKind)
361 : ptr(checkedCast(gcthing, traceKind)) {}
362
363 // Automatically construct a null GCCellPtr from nullptr.
364 MOZ_IMPLICIT GCCellPtr(decltype(nullptr))
365 : ptr(checkedCast(nullptr, JS::TraceKind::Null)) {}
366
367 // Construction from an explicit type.
368 template <typename T>
369 explicit GCCellPtr(T* p)
370 : ptr(checkedCast(p, JS::MapTypeToTraceKind<T>::kind)) {}
371 explicit GCCellPtr(JSFunction* p)
372 : ptr(checkedCast(p, JS::TraceKind::Object)) {}
373 explicit GCCellPtr(JSScript* p)
374 : ptr(checkedCast(p, JS::TraceKind::Script)) {}
375 explicit GCCellPtr(const Value& v);
376
377 JS::TraceKind kind() const {
378 uintptr_t kindBits = ptr & OutOfLineTraceKindMask;
379 if (kindBits != OutOfLineTraceKindMask) {
380 return JS::TraceKind(kindBits);
381 }
382 return outOfLineKind();
383 }
384
385 // Allow GCCellPtr to be used in a boolean context.
386 explicit operator bool() const {
387 MOZ_ASSERT(bool(asCell()) == (kind() != JS::TraceKind::Null));
388 return asCell();
389 }
390
391 // Simplify checks to the kind.
392 template <typename T, typename = std::enable_if_t<JS::IsBaseTraceType_v<T>>>
393 bool is() const {
394 return kind() == JS::MapTypeToTraceKind<T>::kind;
395 }
396
397 // Conversions to more specific types must match the kind. Access to
398 // further refined types is not allowed directly from a GCCellPtr.
399 template <typename T, typename = std::enable_if_t<JS::IsBaseTraceType_v<T>>>
400 T& as() const {
401 MOZ_ASSERT(kind() == JS::MapTypeToTraceKind<T>::kind);
402 // We can't use static_cast here, because the fact that JSObject
403 // inherits from js::gc::Cell is not part of the public API.
404 return *reinterpret_cast<T*>(asCell());
405 }
406
407 // Return a pointer to the cell this |GCCellPtr| refers to, or |nullptr|.
408 // (It would be more symmetrical with |to| for this to return a |Cell&|, but
409 // the result can be |nullptr|, and null references are undefined behavior.)
410 js::gc::Cell* asCell() const {
411 return reinterpret_cast<js::gc::Cell*>(ptr & ~OutOfLineTraceKindMask);
412 }
413
414 // The CC's trace logger needs an identity that is XPIDL serializable.
415 uint64_t unsafeAsInteger() const {
416 return static_cast<uint64_t>(unsafeAsUIntPtr());
417 }
418 // Inline mark bitmap access requires direct pointer arithmetic.
419 uintptr_t unsafeAsUIntPtr() const {
420 MOZ_ASSERT(asCell());
421 MOZ_ASSERT(!js::gc::IsInsideNursery(asCell()));
422 return reinterpret_cast<uintptr_t>(asCell());
423 }
424
425 MOZ_ALWAYS_INLINE bool mayBeOwnedByOtherRuntime() const {
426 if (!is<JSString>() && !is<JS::Symbol>()) {
427 return false;
428 }
429 if (is<JSString>()) {
430 return JS::shadow::String::isPermanentAtom(asCell());
431 }
432 MOZ_ASSERT(is<JS::Symbol>());
433 return JS::shadow::Symbol::isWellKnownSymbol(asCell());
434 }
435
436 private:
437 static uintptr_t checkedCast(void* p, JS::TraceKind traceKind) {
438 auto* cell = static_cast<js::gc::Cell*>(p);
439 MOZ_ASSERT((uintptr_t(p) & OutOfLineTraceKindMask) == 0);
440 AssertGCThingHasType(cell, traceKind);
441 // Store trace in the bottom bits of pointer for common kinds.
442 uintptr_t kindBits = uintptr_t(traceKind);
443 if (kindBits >= OutOfLineTraceKindMask) {
444 kindBits = OutOfLineTraceKindMask;
445 }
446 return uintptr_t(p) | kindBits;
447 }
448
449 JS::TraceKind outOfLineKind() const;
450
451 uintptr_t ptr;
452 } JS_HAZ_GC_POINTER;
453
454 // Unwraps the given GCCellPtr, calls the functor |f| with a template argument
455 // of the actual type of the pointer, and returns the result.
456 template <typename F>
457 auto MapGCThingTyped(GCCellPtr thing, F&& f) {
458 switch (thing.kind()) {
459 #define JS_EXPAND_DEF(name, type, _, _1) \
460 case JS::TraceKind::name: \
461 return f(&thing.as<type>());
462 JS_FOR_EACH_TRACEKIND(JS_EXPAND_DEF);
463 #undef JS_EXPAND_DEF
464 default:
465 MOZ_CRASH("Invalid trace kind in MapGCThingTyped for GCCellPtr.");
466 }
467 }
468
469 // Unwraps the given GCCellPtr and calls the functor |f| with a template
470 // argument of the actual type of the pointer. Doesn't return anything.
471 template <typename F>
472 void ApplyGCThingTyped(GCCellPtr thing, F&& f) {
473 // This function doesn't do anything but is supplied for symmetry with other
474 // MapGCThingTyped/ApplyGCThingTyped implementations that have to wrap the
475 // functor to return a dummy value that is ignored.
476 MapGCThingTyped(thing, f);
477 }
478
479 } /* namespace JS */
480
481 // These are defined in the toplevel namespace instead of within JS so that
482 // they won't shadow other operator== overloads (see bug 1456512.)
483
484 inline bool operator==(JS::GCCellPtr ptr1, JS::GCCellPtr ptr2) {
485 return ptr1.asCell() == ptr2.asCell();
486 }
487
488 inline bool operator!=(JS::GCCellPtr ptr1, JS::GCCellPtr ptr2) {
489 return !(ptr1 == ptr2);
490 }
491
492 namespace js {
493 namespace gc {
494
495 /* static */
496 MOZ_ALWAYS_INLINE void MarkBitmap::getMarkWordAndMask(const TenuredCell* cell,
497 ColorBit colorBit,
498 MarkBitmapWord** wordp,
499 uintptr_t* maskp) {
500 // Note: the JIT pre-barrier trampolines inline this code. Update
501 // MacroAssembler::emitPreBarrierFastPath code too when making changes here!
502
503 MOZ_ASSERT(size_t(colorBit) < MarkBitsPerCell);
504
505 size_t offset = uintptr_t(cell) & ChunkMask;
506 const size_t bit = offset / CellBytesPerMarkBit + size_t(colorBit);
507 size_t word = bit / MarkBitmapWordBits - FirstArenaAdjustmentWords;
508 MOZ_ASSERT(word < WordCount);
509 *wordp = &bitmap[word];
510 *maskp = uintptr_t(1) << (bit % MarkBitmapWordBits);
511 }
512
513 namespace detail {
514
515 static MOZ_ALWAYS_INLINE ChunkBase* GetCellChunkBase(const Cell* cell) {
516 MOZ_ASSERT(cell);
517 auto* chunk = reinterpret_cast<ChunkBase*>(uintptr_t(cell) & ~ChunkMask);
518 MOZ_ASSERT(chunk->runtime);
519 return chunk;
520 }
521
522 static MOZ_ALWAYS_INLINE TenuredChunkBase* GetCellChunkBase(
523 const TenuredCell* cell) {
524 MOZ_ASSERT(cell);
525 auto* chunk =
526 reinterpret_cast<TenuredChunkBase*>(uintptr_t(cell) & ~ChunkMask);
527 MOZ_ASSERT(chunk->runtime);
528 return chunk;
529 }
530
531 static MOZ_ALWAYS_INLINE JS::Zone* GetTenuredGCThingZone(const uintptr_t addr) {
532 MOZ_ASSERT(addr);
533 const uintptr_t zone_addr = (addr & ~ArenaMask) | ArenaZoneOffset;
534 return *reinterpret_cast<JS::Zone**>(zone_addr);
535 }
536
537 static MOZ_ALWAYS_INLINE bool TenuredCellIsMarkedBlack(
538 const TenuredCell* cell) {
539 // Return true if BlackBit is set.
540
541 MOZ_ASSERT(cell);
542 MOZ_ASSERT(!js::gc::IsInsideNursery(cell));
543
544 MarkBitmapWord* blackWord;
545 uintptr_t blackMask;
546 TenuredChunkBase* chunk = GetCellChunkBase(cell);
547 chunk->markBits.getMarkWordAndMask(cell, js::gc::ColorBit::BlackBit,
548 &blackWord, &blackMask);
549 return *blackWord & blackMask;
550 }
551
552 static MOZ_ALWAYS_INLINE bool NonBlackCellIsMarkedGray(
553 const TenuredCell* cell) {
554 // Return true if GrayOrBlackBit is set. Callers should check BlackBit first.
555
556 MOZ_ASSERT(cell);
557 MOZ_ASSERT(!js::gc::IsInsideNursery(cell));
558 MOZ_ASSERT(!TenuredCellIsMarkedBlack(cell));
559
560 MarkBitmapWord* grayWord;
561 uintptr_t grayMask;
562 TenuredChunkBase* chunk = GetCellChunkBase(cell);
563 chunk->markBits.getMarkWordAndMask(cell, js::gc::ColorBit::GrayOrBlackBit,
564 &grayWord, &grayMask);
565 return *grayWord & grayMask;
566 }
567
568 static MOZ_ALWAYS_INLINE bool TenuredCellIsMarkedGray(const TenuredCell* cell) {
569 return !TenuredCellIsMarkedBlack(cell) && NonBlackCellIsMarkedGray(cell);
570 }
571
572 static MOZ_ALWAYS_INLINE bool CellIsMarkedGray(const Cell* cell) {
573 MOZ_ASSERT(cell);
574 if (js::gc::IsInsideNursery(cell)) {
575 return false;
576 }
577 return TenuredCellIsMarkedGray(reinterpret_cast<const TenuredCell*>(cell));
578 }
579
580 extern JS_PUBLIC_API bool CanCheckGrayBits(const TenuredCell* cell);
581
582 extern JS_PUBLIC_API bool CellIsMarkedGrayIfKnown(const TenuredCell* cell);
583
584 #ifdef DEBUG
585 extern JS_PUBLIC_API void AssertCellIsNotGray(const Cell* cell);
586
587 extern JS_PUBLIC_API bool ObjectIsMarkedBlack(const JSObject* obj);
588 #endif
589
590 MOZ_ALWAYS_INLINE bool CellHasStoreBuffer(const Cell* cell) {
591 return GetCellChunkBase(cell)->storeBuffer;
592 }
593
594 } /* namespace detail */
595
596 MOZ_ALWAYS_INLINE bool IsInsideNursery(const Cell* cell) {
597 MOZ_ASSERT(cell);
598 return detail::CellHasStoreBuffer(cell);
599 }
600
601 MOZ_ALWAYS_INLINE bool IsInsideNursery(const TenuredCell* cell) {
602 MOZ_ASSERT(cell);
603 MOZ_ASSERT(!IsInsideNursery(reinterpret_cast<const Cell*>(cell)));
604 return false;
605 }
606
607 // Allow use before the compiler knows the derivation of JSObject, JSString, and
608 // JS::BigInt.
609 MOZ_ALWAYS_INLINE bool IsInsideNursery(const JSObject* obj) {
610 return IsInsideNursery(reinterpret_cast<const Cell*>(obj));
611 }
612 MOZ_ALWAYS_INLINE bool IsInsideNursery(const JSString* str) {
613 return IsInsideNursery(reinterpret_cast<const Cell*>(str));
614 }
615 MOZ_ALWAYS_INLINE bool IsInsideNursery(const JS::BigInt* bi) {
616 return IsInsideNursery(reinterpret_cast<const Cell*>(bi));
617 }
618
619 MOZ_ALWAYS_INLINE bool IsCellPointerValid(const void* ptr) {
620 auto addr = uintptr_t(ptr);
621 if (addr < ChunkSize || addr % CellAlignBytes != 0) {
622 return false;
623 }
624
625 auto* cell = reinterpret_cast<const Cell*>(ptr);
626 if (!IsInsideNursery(cell)) {
627 return detail::GetTenuredGCThingZone(addr) != nullptr;
628 }
629
630 return true;
631 }
632
633 MOZ_ALWAYS_INLINE bool IsCellPointerValidOrNull(const void* cell) {
634 if (!cell) {
635 return true;
636 }
637 return IsCellPointerValid(cell);
638 }
639
640 } /* namespace gc */
641 } /* namespace js */
642
643 namespace JS {
644
645 static MOZ_ALWAYS_INLINE Zone* GetTenuredGCThingZone(GCCellPtr thing) {
646 MOZ_ASSERT(!js::gc::IsInsideNursery(thing.asCell()));
647 return js::gc::detail::GetTenuredGCThingZone(thing.unsafeAsUIntPtr());
648 }
649
650 extern JS_PUBLIC_API Zone* GetNurseryCellZone(js::gc::Cell* cell);
651
652 static MOZ_ALWAYS_INLINE Zone* GetGCThingZone(GCCellPtr thing) {
653 if (!js::gc::IsInsideNursery(thing.asCell())) {
654 return js::gc::detail::GetTenuredGCThingZone(thing.unsafeAsUIntPtr());
655 }
656
657 return GetNurseryCellZone(thing.asCell());
658 }
659
660 static MOZ_ALWAYS_INLINE Zone* GetStringZone(JSString* str) {
661 if (!js::gc::IsInsideNursery(str)) {
662 return js::gc::detail::GetTenuredGCThingZone(
663 reinterpret_cast<uintptr_t>(str));
664 }
665 return GetNurseryCellZone(reinterpret_cast<js::gc::Cell*>(str));
666 }
667
668 extern JS_PUBLIC_API Zone* GetObjectZone(JSObject* obj);
669
670 static MOZ_ALWAYS_INLINE bool GCThingIsMarkedGray(GCCellPtr thing) {
671 js::gc::Cell* cell = thing.asCell();
672 if (IsInsideNursery(cell)) {
673 return false;
674 }
675
676 auto* tenuredCell = reinterpret_cast<js::gc::TenuredCell*>(cell);
677 return js::gc::detail::CellIsMarkedGrayIfKnown(tenuredCell);
678 }
679
680 // Specialised gray marking check for use by the cycle collector. This is not
681 // called during incremental GC or when the gray bits are invalid.
682 static MOZ_ALWAYS_INLINE bool GCThingIsMarkedGrayInCC(GCCellPtr thing) {
683 js::gc::Cell* cell = thing.asCell();
684 if (IsInsideNursery(cell)) {
685 return false;
686 }
687
688 auto* tenuredCell = reinterpret_cast<js::gc::TenuredCell*>(cell);
689 if (!js::gc::detail::TenuredCellIsMarkedGray(tenuredCell)) {
690 return false;
691 }
692
693 MOZ_ASSERT(js::gc::detail::CanCheckGrayBits(tenuredCell));
694
695 return true;
696 }
697
698 extern JS_PUBLIC_API JS::TraceKind GCThingTraceKind(void* thing);
699
700 extern JS_PUBLIC_API void EnableNurseryStrings(JSContext* cx);
701
702 extern JS_PUBLIC_API void DisableNurseryStrings(JSContext* cx);
703
704 extern JS_PUBLIC_API void EnableNurseryBigInts(JSContext* cx);
705
706 extern JS_PUBLIC_API void DisableNurseryBigInts(JSContext* cx);
707
708 /*
709 * Returns true when writes to GC thing pointers (and reads from weak pointers)
710 * must call an incremental barrier. This is generally only true when running
711 * mutator code in-between GC slices. At other times, the barrier may be elided
712 * for performance.
713 */
714 extern JS_PUBLIC_API bool IsIncrementalBarrierNeeded(JSContext* cx);
715
716 /*
717 * Notify the GC that a reference to a JSObject is about to be overwritten.
718 * This method must be called if IsIncrementalBarrierNeeded.
719 */
720 extern JS_PUBLIC_API void IncrementalPreWriteBarrier(JSObject* obj);
721
722 /*
723 * Notify the GC that a reference to a tenured GC cell is about to be
724 * overwritten. This method must be called if IsIncrementalBarrierNeeded.
725 */
726 extern JS_PUBLIC_API void IncrementalPreWriteBarrier(GCCellPtr thing);
727
728 /**
729 * Unsets the gray bit for anything reachable from |thing|. |kind| should not be
730 * JS::TraceKind::Shape. |thing| should be non-null. The return value indicates
731 * if anything was unmarked.
732 */
733 extern JS_PUBLIC_API bool UnmarkGrayGCThingRecursively(GCCellPtr thing);
734
735 } // namespace JS
736
737 namespace js {
738 namespace gc {
739
740 extern JS_PUBLIC_API void PerformIncrementalReadBarrier(JS::GCCellPtr thing);
741
742 static MOZ_ALWAYS_INLINE void ExposeGCThingToActiveJS(JS::GCCellPtr thing) {
743 // TODO: I'd like to assert !RuntimeHeapIsBusy() here but this gets
744 // called while we are tracing the heap, e.g. during memory reporting
745 // (see bug 1313318).
746 MOZ_ASSERT(!JS::RuntimeHeapIsCollecting());
747
748 // GC things residing in the nursery cannot be gray: they have no mark bits.
749 // All live objects in the nursery are moved to tenured at the beginning of
750 // each GC slice, so the gray marker never sees nursery things.
751 if (IsInsideNursery(thing.asCell())) {
752 return;
753 }
754
755 auto* cell = reinterpret_cast<TenuredCell*>(thing.asCell());
756 if (detail::TenuredCellIsMarkedBlack(cell)) {
757 return;
758 }
759
760 // GC things owned by other runtimes are always black.
761 MOZ_ASSERT(!thing.mayBeOwnedByOtherRuntime());
762
763 auto* zone = JS::shadow::Zone::from(JS::GetTenuredGCThingZone(thing));
764 if (zone->needsIncrementalBarrier()) {
765 PerformIncrementalReadBarrier(thing);
766 } else if (!zone->isGCPreparing() && detail::NonBlackCellIsMarkedGray(cell)) {
767 MOZ_ALWAYS_TRUE(JS::UnmarkGrayGCThingRecursively(thing));
768 }
769
770 MOZ_ASSERT_IF(!zone->isGCPreparing(), !detail::TenuredCellIsMarkedGray(cell));
771 }
772
773 static MOZ_ALWAYS_INLINE void IncrementalReadBarrier(JS::GCCellPtr thing) {
774 // This is a lighter version of ExposeGCThingToActiveJS that doesn't do gray
775 // unmarking.
776
777 if (IsInsideNursery(thing.asCell())) {
778 return;
779 }
780
781 auto* zone = JS::shadow::Zone::from(JS::GetTenuredGCThingZone(thing));
782 auto* cell = reinterpret_cast<TenuredCell*>(thing.asCell());
783 if (zone->needsIncrementalBarrier() &&
784 !detail::TenuredCellIsMarkedBlack(cell)) {
785 // GC things owned by other runtimes are always black.
786 MOZ_ASSERT(!thing.mayBeOwnedByOtherRuntime());
787 PerformIncrementalReadBarrier(thing);
788 }
789 }
790
791 template <typename T>
792 extern JS_PUBLIC_API bool EdgeNeedsSweepUnbarrieredSlow(T* thingp);
793
794 static MOZ_ALWAYS_INLINE bool EdgeNeedsSweepUnbarriered(JSObject** objp) {
795 // This function does not handle updating nursery pointers. Raw JSObject
796 // pointers should be updated separately or replaced with
797 // JS::Heap<JSObject*> which handles this automatically.
798 MOZ_ASSERT(!JS::RuntimeHeapIsMinorCollecting());
799 if (IsInsideNursery(*objp)) {
800 return false;
801 }
802
803 auto zone =
804 JS::shadow::Zone::from(detail::GetTenuredGCThingZone(uintptr_t(*objp)));
805 if (!zone->isGCSweepingOrCompacting()) {
806 return false;
807 }
808
809 return EdgeNeedsSweepUnbarrieredSlow(objp);
810 }
811
812 } // namespace gc
813 } // namespace js
814
815 namespace JS {
816
817 /*
818 * This should be called when an object that is marked gray is exposed to the JS
819 * engine (by handing it to running JS code or writing it into live JS
820 * data). During incremental GC, since the gray bits haven't been computed yet,
821 * we conservatively mark the object black.
822 */
823 static MOZ_ALWAYS_INLINE void ExposeObjectToActiveJS(JSObject* obj) {
824 MOZ_ASSERT(obj);
825 MOZ_ASSERT(!js::gc::EdgeNeedsSweepUnbarrieredSlow(&obj));
826 js::gc::ExposeGCThingToActiveJS(GCCellPtr(obj));
827 }
828
829 } /* namespace JS */
830
831 #endif /* js_HeapAPI_h */