| blob | 1224ee087ecebccbc28e0c753cbe816b8213d690 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef js_RootingAPI_h
8 #define js_RootingAPI_h
16 #include <type_traits>
17 #include <utility>
33 /*
34 * [SMDOC] Stack Rooting
35 *
36 * Moving GC Stack Rooting
37 *
38 * A moving GC may change the physical location of GC allocated things, even
39 * when they are rooted, updating all pointers to the thing to refer to its new
40 * location. The GC must therefore know about all live pointers to a thing,
41 * not just one of them, in order to behave correctly.
42 *
43 * The |Rooted| and |Handle| classes below are used to root stack locations
44 * whose value may be held live across a call that can trigger GC. For a
45 * code fragment such as:
46 *
47 * JSObject* obj = NewObject(cx);
48 * DoSomething(cx);
49 * ... = obj->lastProperty();
50 *
51 * If |DoSomething()| can trigger a GC, the stack location of |obj| must be
52 * rooted to ensure that the GC does not move the JSObject referred to by
53 * |obj| without updating |obj|'s location itself. This rooting must happen
54 * regardless of whether there are other roots which ensure that the object
55 * itself will not be collected.
56 *
57 * If |DoSomething()| cannot trigger a GC, and the same holds for all other
58 * calls made between |obj|'s definitions and its last uses, then no rooting
59 * is required.
60 *
61 * SpiderMonkey can trigger a GC at almost any time and in ways that are not
62 * always clear. For example, the following innocuous-looking actions can
63 * cause a GC: allocation of any new GC thing; JSObject::hasProperty;
64 * JS_ReportError and friends; and ToNumber, among many others. The following
65 * dangerous-looking actions cannot trigger a GC: js_malloc, cx->malloc_,
66 * rt->malloc_, and friends and JS_ReportOutOfMemory.
67 *
68 * The following family of three classes will exactly root a stack location.
69 * Incorrect usage of these classes will result in a compile error in almost
70 * all cases. Therefore, it is very hard to be incorrectly rooted if you use
71 * these classes exclusively. These classes are all templated on the type T of
72 * the value being rooted.
73 *
74 * - Rooted<T> declares a variable of type T, whose value is always rooted.
75 * Rooted<T> may be automatically coerced to a Handle<T>, below. Rooted<T>
76 * should be used whenever a local variable's value may be held live across a
77 * call which can trigger a GC.
78 *
79 * - Handle<T> is a const reference to a Rooted<T>. Functions which take GC
80 * things or values as arguments and need to root those arguments should
81 * generally use handles for those arguments and avoid any explicit rooting.
82 * This has two benefits. First, when several such functions call each other
83 * then redundant rooting of multiple copies of the GC thing can be avoided.
84 * Second, if the caller does not pass a rooted value a compile error will be
85 * generated, which is quicker and easier to fix than when relying on a
86 * separate rooting analysis.
87 *
88 * - MutableHandle<T> is a non-const reference to Rooted<T>. It is used in the
89 * same way as Handle<T> and includes a |set(const T& v)| method to allow
90 * updating the value of the referenced Rooted<T>. A MutableHandle<T> can be
91 * created with an implicit cast from a Rooted<T>*.
92 *
93 * In some cases the small performance overhead of exact rooting (measured to
94 * be a few nanoseconds on desktop) is too much. In these cases, try the
95 * following:
96 *
97 * - Move all Rooted<T> above inner loops: this allows you to re-use the root
98 * on each iteration of the loop.
99 *
100 * - Pass Handle<T> through your hot call stack to avoid re-rooting costs at
101 * every invocation.
102 *
103 * The following diagram explains the list of supported, implicit type
104 * conversions between classes of this family:
105 *
106 * Rooted<T> ----> Handle<T>
107 * | ^
108 * | |
109 * | |
110 * +---> MutableHandle<T>
111 * (via &)
112 *
113 * All of these types have an implicit conversion to raw pointers.
114 */
120 // The defaulted Enable parameter for the following two types is for restricting
121 // specializations with std::enable_if.
129 class MutableWrappedPtrOperations
140 };
145 // Cannot use FOR_EACH_HEAP_ABLE_GC_POINTER_TYPE, as this would import too many
146 // macros into scope
148 // Add a 2nd template parameter to allow conditionally enabling partial
149 // specializations via std::enable_if.
153 #define JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE(T) \
154 template <> \
155 struct IsHeapConstructibleType<T> : public std::true_type {};
158 // Note that JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE is left defined, to allow
159 // declaring other types (eg from js/public/experimental/TypedData.h) to
160 // be used with Heap<>.
166 // Important: Return a reference so passing a Rooted<T>, etc. to
167 // something that takes a |const T&| is not a GC hazard.
168 #define DECLARE_POINTER_CONSTREF_OPS(T) \
169 operator const T&() const { return get(); } \
170 const T& operator->() const { return get(); }
172 // Assignment operators on a base class are hidden by the implicitly defined
173 // operator= on the derived class. Thus, define the operator= directly on the
174 // class as we would need to manually pass it through anyway.
175 #define DECLARE_POINTER_ASSIGN_OPS(Wrapper, T) \
176 Wrapper<T>& operator=(const T& p) { \
177 set(p); \
178 return *this; \
179 } \
180 Wrapper<T>& operator=(T&& p) { \
181 set(std::move(p)); \
182 return *this; \
183 } \
184 Wrapper<T>& operator=(const Wrapper<T>& other) { \
185 set(other.get()); \
186 return *this; \
187 }
189 #define DELETE_ASSIGNMENT_OPS(Wrapper, T) \
190 template <typename S> \
191 Wrapper<T>& operator=(S) = delete; \
192 Wrapper<T>& operator=(const Wrapper<T>&) = delete;
194 #define DECLARE_NONPOINTER_ACCESSOR_METHODS(ptr) \
195 const T* address() const { return &(ptr); } \
196 const T& get() const { return (ptr); }
198 #define DECLARE_NONPOINTER_MUTABLE_ACCESSOR_METHODS(ptr) \
199 T* address() { return &(ptr); } \
200 T& get() { return (ptr); }
222 /**
223 * SafelyInitialized<T>::create() creates a safely-initialized |T|, suitable for
224 * use as a default value in situations requiring a safe but arbitrary |T|
225 * value. Implemented as a static method of a struct to allow partial
226 * specialization for subclasses via the Enable template parameter.
227 */
231 // This function wants to presume that |T()| -- which value-initializes a
232 // |T| per C++11 [expr.type.conv]p2 -- will produce a safely-initialized,
233 // safely-usable T that it can return.
235 #if defined(XP_WIN) || defined(XP_MACOSX) || \
236 (defined(XP_UNIX) && !defined(__clang__))
238 // That presumption holds for pointers, where value initialization produces
239 // a null pointer.
242 // For classes and unions we *assume* that if |T|'s default constructor is
243 // non-trivial it'll initialize correctly. (This is unideal, but C++
244 // doesn't offer a type trait indicating whether a class's constructor is
245 // user-defined, which better approximates our desired semantics.)
253 #endif
256 }
257 };
259 #ifdef JS_DEBUG
260 /**
261 * For generational GC, assert that an object is in the tenured generation as
262 * opposed to being in the nursery.
263 */
267 #else
270 #endif
272 /**
273 * The Heap<T> class is a heap-stored reference to a JS GC thing for use outside
274 * the JS engine. All members of heap classes that refer to GC things should use
275 * Heap<T> (or possibly TenuredHeap<T>, described below).
276 *
277 * Heap<T> is an abstraction that hides some of the complexity required to
278 * maintain GC invariants for the contained reference. It uses operator
279 * overloading to provide a normal pointer interface, but adds barriers to
280 * notify the GC of changes.
281 *
282 * Heap<T> implements the following barriers:
283 *
284 * - Post-write barrier (necessary for generational GC).
285 * - Read barrier (necessary for incremental GC and cycle collector
286 * integration).
287 *
288 * Note Heap<T> does not have a pre-write barrier as used internally in the
289 * engine. The read barrier is used to mark anything read from a Heap<T> during
290 * an incremental GC.
291 *
292 * Heap<T> may be moved or destroyed outside of GC finalization and hence may be
293 * used in dynamic storage such as a Vector.
294 *
295 * Heap<T> instances must be traced when their containing object is traced to
296 * keep the pointed-to GC thing alive.
297 *
298 * Heap<T> objects should only be used on the heap. GC references stored on the
299 * C/C++ stack must use Rooted/Handle/MutableHandle instead.
300 *
301 * Type T must be a public GC pointer type.
302 */
305 // Please note: this can actually also be used by nsXBLMaybeCompiled<T>, for
306 // legacy reasons.
314 // No barriers are required for initialization to the default value.
317 }
320 }
322 /*
323 * For Heap, move semantics are equivalent to copy semantics. However, we want
324 * the copy constructor to be explicit, and an explicit move constructor
325 * breaks common usage of move semantics, so we need to define both, even
326 * though they are equivalent.
327 */
330 }
333 }
339 }
353 }
357 }
364 }
372 }
375 }
380 }
382 T ptr;
383 };
390 };
396 }
400 }
406 }
410 }
415 }
417 // The following *IsNotGray functions take account of the eventual
418 // gray marking state at the end of any ongoing incremental GC by
419 // delaying the checks if necessary.
421 #ifdef DEBUG
426 }
427 }
431 }
435 }
437 #else
443 #endif
445 /**
446 * The TenuredHeap<T> class is similar to the Heap<T> class above in that it
447 * encapsulates the GC concerns of an on-heap reference to a JS object. However,
448 * it has two important differences:
449 *
450 * 1) Pointers which are statically known to only reference "tenured" objects
451 * can avoid the extra overhead of SpiderMonkey's write barriers.
452 *
453 * 2) Objects in the "tenured" heap have stronger alignment restrictions than
454 * those in the "nursery", so it is possible to store flags in the lower
455 * bits of pointers known to be tenured. TenuredHeap wraps a normal tagged
456 * pointer with a nice API for accessing the flag bits and adds various
457 * assertions to ensure that it is not mis-used.
458 *
459 * GC things are said to be "tenured" when they are located in the long-lived
460 * heap: e.g. they have gained tenure as an object by surviving past at least
461 * one GC. For performance, SpiderMonkey allocates some things which are known
462 * to normally be long lived directly into the tenured generation; for example,
463 * global objects. Additionally, SpiderMonkey does not visit individual objects
464 * when deleting non-tenured objects, so object with finalizers are also always
465 * tenured; for instance, this includes most DOM objects.
466 *
467 * The considerations to keep in mind when using a TenuredHeap<T> vs a normal
468 * Heap<T> are:
469 *
470 * - It is invalid for a TenuredHeap<T> to refer to a non-tenured thing.
471 * - It is however valid for a Heap<T> to refer to a tenured thing.
472 * - It is not possible to store flag bits in a Heap<T>.
473 */
482 }
486 }
493 }
495 }
500 }
505 }
510 }
517 }
521 }
528 }
531 }
536 }
541 }
547 };
550 };
557 };
561 // std::swap uses a stack temporary, which prevents classes like Heap<T>
562 // from being declared MOZ_HEAP_CLASS.
568 }
575 }
580 }
589 /**
590 * Reference to a T that has been rooted elsewhere. This is most useful
591 * as a parameter type, which guarantees that the T lvalue is properly
592 * rooted. See "Move GC Stack Rooting" above.
593 *
594 * If you want to add additional methods to Handle for a specific
595 * specialization, define a HandleOperations<T> specialization containing them.
596 */
606 /* Creates a handle from a handle of a type convertible to T. */
614 }
621 }
625 /*
626 * Take care when calling this method!
627 *
628 * This creates a Handle from the raw location of a T.
629 *
630 * It should be called only if the following conditions hold:
631 *
632 * 1) the location of the T is guaranteed to be marked (for some reason
633 * other than being a Rooted), e.g., if it is guaranteed to be reachable
634 * from an implicit root.
635 *
636 * 2) the contents of the location are immutable, or at least cannot change
637 * for the lifetime of the handle, as its users may not expect its value
638 * to change underneath them.
639 */
642 ImUsingThisOnlyInFromFromMarkedLocation);
643 }
645 /*
646 * Construct a handle from an explicitly rooted location. This is the
647 * normal way to create a handle, and normally happens implicitly.
648 */
659 /* Construct a read only handle from a mutable handle. */
677 };
684 };
688 /**
689 * Similar to a handle, but the underlying storage can be changed. This is
690 * useful for outparams.
691 *
692 * If you want to add additional methods to MutableHandle for a specific
693 * specialization, define a MutableHandleOperations<T> specialization containing
694 * them.
695 */
697 class MOZ_STACK_CLASS MutableHandle
706 // Disallow nullptr for overloading purposes.
714 }
718 }
720 /*
721 * This may be called only if the location of the T is guaranteed
722 * to be marked (for some reason other than being a Rooted),
723 * e.g., if it is guaranteed to be reachable from an implicit root.
724 *
725 * Create a MutableHandle from a raw location of a T.
726 */
728 MutableHandle h;
731 }
742 };
749 };
759 // Default implementations for barrier methods on GC thing pointers.
766 }
769 }
773 }
774 }
778 }
779 }
780 };
790 }
791 }
792 };
799 }
803 }
804 }
805 };
815 }
819 }
820 }
821 };
828 }
829 };
837 }
838 };
840 // Provide hash codes for Cell kinds that may be relocated and, thus, not have
841 // a stable address to use as the base for a hash code. Instead of the address,
842 // this hasher uses Cell::getUniqueId to provide exact matches and as a base
843 // for generating hash codes.
844 //
845 // Note: this hasher, like PointerHasher can "hash" a nullptr. While a nullptr
846 // would not likely be a useful key, there are some cases where being able to
847 // hash a nullptr is useful, either on purpose or because of bugs:
848 // (1) existence checks where the key may happen to be null and (2) some
849 // aggregate Lookup kinds embed a JSObject* that is frequently null and do not
850 // null test before dispatching to the hasher.
860 // The rekey hash policy method is not provided since you dont't need to
861 // rekey any more when using this policy.
862 };
871 }
874 }
877 }
880 }
881 };
892 hashOut);
893 }
897 hashOut);
898 }
899 };
908 };
921 }
922 };
924 class PersistentRootedBase
933 }
934 };
946 };
954 }
955 };
962 };
968 };
981 Limit
982 };
989 AutoGCRooter*>;
991 // Superclass of JSContext which can be used for rooting data in use by the
992 // current thread but that does not provide all the functions of a JSContext.
994 // Stack GC roots for Rooted GC heap pointers.
995 RootedListHeads stackRoots_;
999 // Stack GC roots for AutoFooRooter classes.
1000 AutoRooterListHeads autoGCRooters_;
1003 // Gecko profiling metadata.
1004 // This isn't really rooting related. It's only here because we want
1005 // GetContextProfilingStackIfEnabled to be inlineable into non-JS code, and
1006 // we didn't want to add another superclass of JSContext just for this.
1014 /* Implemented in gc/RootMarking.cpp. */
1028 }
1031 // The remaining members in this class should only be accessed through
1032 // JSContext pointers. They are unrelated to rooting and are in place so
1033 // that inlined API functions can directly access the data.
1035 /* The nursery. Null for non-main-thread contexts. */
1038 /* The current zone. */
1041 /* The current realm. */
1045 /* Limit pointer for checking native stack consumption. */
1048 #ifdef __wasi__
1049 // For WASI we can't catch call-stack overflows with stack-pointer checks, so
1050 // we count recursion depth with RAII based AutoCheckRecursionLimit.
1058 }
1062 }
1066 };
1080 }
1085 }
1095 /*
1096 * Discriminates actual subclass of this being used. The meaning is
1097 * indicated by the corresponding value in the Kind enum.
1098 */
1099 Kind kind_;
1101 /* No copy or assignment semantics. */
1106 /**
1107 * Custom rooting behavior for internal and external clients.
1108 *
1109 * Deprecated. Where possible, use Rooted<> instead.
1110 */
1122 /** Supplied by derived class to trace roots. */
1124 };
1139 /**
1140 * Local variable of type T whose value is always rooted. This is typically
1141 * used for local variables, or for non-rooted values being passed to a
1142 * function that requires a handle, e.g. Foo(Root<T>(cx, x)).
1143 *
1144 * If you want to add additional methods to Rooted for a specific
1145 * specialization, define a RootedOperations<T> specialization containing them.
1146 */
1154 }
1158 }
1161 }
1166 // Construct an empty Rooted holding a safely initialized but empty T.
1167 // Requires T to have a copy constructor in order to copy the safely
1168 // initialized value.
1169 //
1170 // Note that for SFINAE to reject this method, the 2nd template parameter must
1171 // depend on RootingContext somehow even though we really only care about T.
1174 RootingContext>>
1178 }
1180 // Provide an initial value. Requires T to be constructible from the given
1181 // argument.
1187 }
1189 // (Traceables only) Construct the contained value from the given arguments.
1190 // Constructs in-place, so T does not need to be copyable or movable.
1191 //
1192 // Note that a copyable Traceable passed only a RootingContext will
1193 // choose the above SafelyInitialized<T> constructor, because otherwise
1194 // identical functions with parameter packs are considered less specialized.
1195 //
1196 // The SFINAE type must again depend on an inferred template parameter.
1204 }
1209 }
1211 /*
1212 * This method is public for Rooted so that Codegen.py can use a Rooted
1213 * interchangeably with a MutableHandleValue.
1214 */
1218 }
1222 }
1234 T ptr;
1244 };
1252 /*
1253 * Inlinable accessors for JSContext.
1254 *
1255 * - These must not be available on the more restricted superclasses of
1256 * JSContext, so we can't simply define them on RootingContext.
1257 *
1258 * - They're perfectly ordinary JSContext functionality, so ought to be
1259 * usable without resorting to jsfriendapi.h, and when JSContext is an
1260 * incomplete type.
1261 */
1264 }
1269 }
1271 }
1275 }
1281 }
1283 /**
1284 * Augment the generic Rooted<T> interface when T = JSObject* with
1285 * class-querying and downcasting operations.
1286 *
1287 * Given a Rooted<JSObject*> obj, one can view
1288 * Handle<StringObject*> h = obj.as<StringObject*>();
1289 * as an optimization of
1290 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1291 * Handle<StringObject*> h = rooted;
1292 */
1299 };
1301 /**
1302 * Augment the generic Handle<T> interface when T = JSObject* with
1303 * downcasting operations.
1304 *
1305 * Given a Handle<JSObject*> obj, one can view
1306 * Handle<StringObject*> h = obj.as<StringObject*>();
1307 * as an optimization of
1308 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1309 * Handle<StringObject*> h = rooted;
1310 */
1317 };
1329 }
1337 }
1345 }
1352 }
1359 }
1367 /**
1368 * A copyable, assignable global GC root type with arbitrary lifetime, an
1369 * infallible constructor, and automatic unrooting on destruction.
1370 *
1371 * These roots can be used in heap-allocated data structures, so they are not
1372 * associated with any particular JSContext or stack. They are registered with
1373 * the JSRuntime itself, without locking. Initialization may take place on
1374 * construction, or in two phases if the no-argument constructor is called
1375 * followed by init().
1376 *
1377 * Note that you must not use an PersistentRooted in an object owned by a JS
1378 * object:
1379 *
1380 * Whenever one object whose lifetime is decided by the GC refers to another
1381 * such object, that edge must be traced only if the owning JS object is traced.
1382 * This applies not only to JS objects (which obviously are managed by the GC)
1383 * but also to C++ objects owned by JS objects.
1384 *
1385 * If you put a PersistentRooted in such a C++ object, that is almost certainly
1386 * a leak. When a GC begins, the referent of the PersistentRooted is treated as
1387 * live, unconditionally (because a PersistentRooted is a *root*), even if the
1388 * JS object that owns it is unreachable. If there is any path from that
1389 * referent back to the JS object, then the C++ object containing the
1390 * PersistentRooted will not be destructed, and the whole blob of objects will
1391 * not be freed, even if there are no references to them from the outside.
1392 *
1393 * In the context of Firefox, this is a severe restriction: almost everything in
1394 * Firefox is owned by some JS object or another, so using PersistentRooted in
1395 * such objects would introduce leaks. For these kinds of edges, Heap<T> or
1396 * TenuredHeap<T> would be better types. It's up to the implementor of the type
1397 * containing Heap<T> or TenuredHeap<T> members to make sure their referents get
1398 * marked when the object itself is marked.
1399 */
1407 }
1413 }
1415 // Used when JSContext type is incomplete and so it is not known to inherit
1416 // from RootingContext.
1419 }
1427 typename RootHolder,
1432 }
1440 }
1447 }
1450 /*
1451 * Copy construction takes advantage of the fact that the original
1452 * is already inserted, and simply adds itself to whatever list the
1453 * original was on - no JSRuntime pointer needed.
1454 *
1455 * This requires mutating rhs's links, but those should be 'mutable'
1456 * anyway. C++ doesn't let us declare mutable base classes.
1457 */
1459 }
1470 }
1475 }
1481 }
1482 }
1493 }
1500 }
1503 T ptr;
1511 };
1523 }
1530 };
1540 }
1542 };
1548 }
1551 // This only supports a subset of Maybe's interface.
1557 };
1565 // This only supports a subset of Maybe's interface.
1569 };
1584 }
1592 }
1597 };
1607 };