| blob | 471c72dc423c24737fc3580c5eb38685d878c324 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef js_RootingAPI_h
8 #define js_RootingAPI_h
16 #include <type_traits>
17 #include <utility>
33 /*
34 * [SMDOC] Stack Rooting
35 *
36 * Moving GC Stack Rooting
37 *
38 * A moving GC may change the physical location of GC allocated things, even
39 * when they are rooted, updating all pointers to the thing to refer to its new
40 * location. The GC must therefore know about all live pointers to a thing,
41 * not just one of them, in order to behave correctly.
42 *
43 * The |Rooted| and |Handle| classes below are used to root stack locations
44 * whose value may be held live across a call that can trigger GC. For a
45 * code fragment such as:
46 *
47 * JSObject* obj = NewObject(cx);
48 * DoSomething(cx);
49 * ... = obj->lastProperty();
50 *
51 * If |DoSomething()| can trigger a GC, the stack location of |obj| must be
52 * rooted to ensure that the GC does not move the JSObject referred to by
53 * |obj| without updating |obj|'s location itself. This rooting must happen
54 * regardless of whether there are other roots which ensure that the object
55 * itself will not be collected.
56 *
57 * If |DoSomething()| cannot trigger a GC, and the same holds for all other
58 * calls made between |obj|'s definitions and its last uses, then no rooting
59 * is required.
60 *
61 * SpiderMonkey can trigger a GC at almost any time and in ways that are not
62 * always clear. For example, the following innocuous-looking actions can
63 * cause a GC: allocation of any new GC thing; JSObject::hasProperty;
64 * JS_ReportError and friends; and ToNumber, among many others. The following
65 * dangerous-looking actions cannot trigger a GC: js_malloc, cx->malloc_,
66 * rt->malloc_, and friends and JS_ReportOutOfMemory.
67 *
68 * The following family of three classes will exactly root a stack location.
69 * Incorrect usage of these classes will result in a compile error in almost
70 * all cases. Therefore, it is very hard to be incorrectly rooted if you use
71 * these classes exclusively. These classes are all templated on the type T of
72 * the value being rooted.
73 *
74 * - Rooted<T> declares a variable of type T, whose value is always rooted.
75 * Rooted<T> may be automatically coerced to a Handle<T>, below. Rooted<T>
76 * should be used whenever a local variable's value may be held live across a
77 * call which can trigger a GC.
78 *
79 * - Handle<T> is a const reference to a Rooted<T>. Functions which take GC
80 * things or values as arguments and need to root those arguments should
81 * generally use handles for those arguments and avoid any explicit rooting.
82 * This has two benefits. First, when several such functions call each other
83 * then redundant rooting of multiple copies of the GC thing can be avoided.
84 * Second, if the caller does not pass a rooted value a compile error will be
85 * generated, which is quicker and easier to fix than when relying on a
86 * separate rooting analysis.
87 *
88 * - MutableHandle<T> is a non-const reference to Rooted<T>. It is used in the
89 * same way as Handle<T> and includes a |set(const T& v)| method to allow
90 * updating the value of the referenced Rooted<T>. A MutableHandle<T> can be
91 * created with an implicit cast from a Rooted<T>*.
92 *
93 * In some cases the small performance overhead of exact rooting (measured to
94 * be a few nanoseconds on desktop) is too much. In these cases, try the
95 * following:
96 *
97 * - Move all Rooted<T> above inner loops: this allows you to re-use the root
98 * on each iteration of the loop.
99 *
100 * - Pass Handle<T> through your hot call stack to avoid re-rooting costs at
101 * every invocation.
102 *
103 * The following diagram explains the list of supported, implicit type
104 * conversions between classes of this family:
105 *
106 * Rooted<T> ----> Handle<T>
107 * | ^
108 * | |
109 * | |
110 * +---> MutableHandle<T>
111 * (via &)
112 *
113 * All of these types have an implicit conversion to raw pointers.
114 */
120 // The defaulted Enable parameter for the following two types is for restricting
121 // specializations with std::enable_if.
129 class MutableWrappedPtrOperations
140 };
145 // Cannot use FOR_EACH_HEAP_ABLE_GC_POINTER_TYPE, as this would import too many
146 // macros into scope
148 // Add a 2nd template parameter to allow conditionally enabling partial
149 // specializations via std::enable_if.
153 #define JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE(T) \
154 template <> \
155 struct IsHeapConstructibleType<T> : public std::true_type {};
158 // Note that JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE is left defined, to allow
159 // declaring other types (eg from js/public/experimental/TypedData.h) to
160 // be used with Heap<>.
166 // Important: Return a reference so passing a Rooted<T>, etc. to
167 // something that takes a |const T&| is not a GC hazard.
168 #define DECLARE_POINTER_CONSTREF_OPS(T) \
169 operator const T&() const { return get(); } \
170 const T& operator->() const { return get(); }
172 // Assignment operators on a base class are hidden by the implicitly defined
173 // operator= on the derived class. Thus, define the operator= directly on the
174 // class as we would need to manually pass it through anyway.
175 #define DECLARE_POINTER_ASSIGN_OPS(Wrapper, T) \
176 Wrapper<T>& operator=(const T& p) { \
177 set(p); \
178 return *this; \
179 } \
180 Wrapper<T>& operator=(T&& p) { \
181 set(std::move(p)); \
182 return *this; \
183 } \
184 Wrapper<T>& operator=(const Wrapper<T>& other) { \
185 set(other.get()); \
186 return *this; \
187 }
189 #define DELETE_ASSIGNMENT_OPS(Wrapper, T) \
190 template <typename S> \
191 Wrapper<T>& operator=(S) = delete; \
192 Wrapper<T>& operator=(const Wrapper<T>&) = delete;
194 #define DECLARE_NONPOINTER_ACCESSOR_METHODS(ptr) \
195 const T* address() const { return &(ptr); } \
196 const T& get() const { return (ptr); }
198 #define DECLARE_NONPOINTER_MUTABLE_ACCESSOR_METHODS(ptr) \
199 T* address() { return &(ptr); } \
200 T& get() { return (ptr); }
222 /**
223 * SafelyInitialized<T>::create() creates a safely-initialized |T|, suitable for
224 * use as a default value in situations requiring a safe but arbitrary |T|
225 * value. Implemented as a static method of a struct to allow partial
226 * specialization for subclasses via the Enable template parameter.
227 */
231 // This function wants to presume that |T()| -- which value-initializes a
232 // |T| per C++11 [expr.type.conv]p2 -- will produce a safely-initialized,
233 // safely-usable T that it can return.
235 #if defined(XP_WIN) || defined(XP_MACOSX) || \
236 (defined(XP_UNIX) && !defined(__clang__))
238 // That presumption holds for pointers, where value initialization produces
239 // a null pointer.
242 // For classes and unions we *assume* that if |T|'s default constructor is
243 // non-trivial it'll initialize correctly. (This is unideal, but C++
244 // doesn't offer a type trait indicating whether a class's constructor is
245 // user-defined, which better approximates our desired semantics.)
253 #endif
256 }
257 };
259 #ifdef JS_DEBUG
260 /**
261 * For generational GC, assert that an object is in the tenured generation as
262 * opposed to being in the nursery.
263 */
267 #else
270 #endif
272 /**
273 * The Heap<T> class is a heap-stored reference to a JS GC thing for use outside
274 * the JS engine. All members of heap classes that refer to GC things should use
275 * Heap<T> (or possibly TenuredHeap<T>, described below).
276 *
277 * Heap<T> is an abstraction that hides some of the complexity required to
278 * maintain GC invariants for the contained reference. It uses operator
279 * overloading to provide a normal pointer interface, but adds barriers to
280 * notify the GC of changes.
281 *
282 * Heap<T> implements the following barriers:
283 *
284 * - Post-write barrier (necessary for generational GC).
285 * - Read barrier (necessary for incremental GC and cycle collector
286 * integration).
287 *
288 * Note Heap<T> does not have a pre-write barrier as used internally in the
289 * engine. The read barrier is used to mark anything read from a Heap<T> during
290 * an incremental GC.
291 *
292 * Heap<T> may be moved or destroyed outside of GC finalization and hence may be
293 * used in dynamic storage such as a Vector.
294 *
295 * Heap<T> instances must be traced when their containing object is traced to
296 * keep the pointed-to GC thing alive.
297 *
298 * Heap<T> objects should only be used on the heap. GC references stored on the
299 * C/C++ stack must use Rooted/Handle/MutableHandle instead.
300 *
301 * Type T must be a public GC pointer type.
302 */
305 // Please note: this can actually also be used by nsXBLMaybeCompiled<T>, for
306 // legacy reasons.
314 // No barriers are required for initialization to the default value.
317 }
320 }
322 /*
323 * For Heap, move semantics are equivalent to copy semantics. However, we want
324 * the copy constructor to be explicit, and an explicit move constructor
325 * breaks common usage of move semantics, so we need to define both, even
326 * though they are equivalent.
327 */
330 }
333 }
339 }
353 }
357 }
364 }
372 }
375 }
380 }
382 T ptr;
383 };
390 };
396 }
400 }
406 }
410 }
415 }
417 // The following *IsNotGray functions take account of the eventual
418 // gray marking state at the end of any ongoing incremental GC by
419 // delaying the checks if necessary.
421 #ifdef DEBUG
426 }
427 }
431 }
435 }
437 #else
443 #endif
445 /**
446 * The TenuredHeap<T> class is similar to the Heap<T> class above in that it
447 * encapsulates the GC concerns of an on-heap reference to a JS object. However,
448 * it has two important differences:
449 *
450 * 1) Pointers which are statically known to only reference "tenured" objects
451 * can avoid the extra overhead of SpiderMonkey's write barriers.
452 *
453 * 2) Objects in the "tenured" heap have stronger alignment restrictions than
454 * those in the "nursery", so it is possible to store flags in the lower
455 * bits of pointers known to be tenured. TenuredHeap wraps a normal tagged
456 * pointer with a nice API for accessing the flag bits and adds various
457 * assertions to ensure that it is not mis-used.
458 *
459 * GC things are said to be "tenured" when they are located in the long-lived
460 * heap: e.g. they have gained tenure as an object by surviving past at least
461 * one GC. For performance, SpiderMonkey allocates some things which are known
462 * to normally be long lived directly into the tenured generation; for example,
463 * global objects. Additionally, SpiderMonkey does not visit individual objects
464 * when deleting non-tenured objects, so object with finalizers are also always
465 * tenured; for instance, this includes most DOM objects.
466 *
467 * The considerations to keep in mind when using a TenuredHeap<T> vs a normal
468 * Heap<T> are:
469 *
470 * - It is invalid for a TenuredHeap<T> to refer to a non-tenured thing.
471 * - It is however valid for a Heap<T> to refer to a tenured thing.
472 * - It is not possible to store flag bits in a Heap<T>.
473 */
482 }
486 }
493 }
495 }
500 }
505 }
510 }
517 }
521 }
528 }
531 }
536 }
541 }
547 };
550 };
557 };
561 // std::swap uses a stack temporary, which prevents classes like Heap<T>
562 // from being declared MOZ_HEAP_CLASS.
568 }
575 }
580 }
589 /**
590 * Reference to a T that has been rooted elsewhere. This is most useful
591 * as a parameter type, which guarantees that the T lvalue is properly
592 * rooted. See "Move GC Stack Rooting" above.
593 *
594 * If you want to add additional methods to Handle for a specific
595 * specialization, define a HandleOperations<T> specialization containing them.
596 */
606 /* Creates a handle from a handle of a type convertible to T. */
614 }
621 }
625 /*
626 * Take care when calling this method!
627 *
628 * This creates a Handle from the raw location of a T.
629 *
630 * It should be called only if the following conditions hold:
631 *
632 * 1) the location of the T is guaranteed to be marked (for some reason
633 * other than being a Rooted), e.g., if it is guaranteed to be reachable
634 * from an implicit root.
635 *
636 * 2) the contents of the location are immutable, or at least cannot change
637 * for the lifetime of the handle, as its users may not expect its value
638 * to change underneath them.
639 */
642 ImUsingThisOnlyInFromFromMarkedLocation);
643 }
645 /*
646 * Construct a handle from an explicitly rooted location. This is the
647 * normal way to create a handle, and normally happens implicitly.
648 */
659 /* Construct a read only handle from a mutable handle. */
677 };
684 };
688 /**
689 * Similar to a handle, but the underlying storage can be changed. This is
690 * useful for outparams.
691 *
692 * If you want to add additional methods to MutableHandle for a specific
693 * specialization, define a MutableHandleOperations<T> specialization containing
694 * them.
695 */
697 class MOZ_STACK_CLASS MutableHandle
706 // Disallow nullptr for overloading purposes.
714 }
718 }
720 /*
721 * This may be called only if the location of the T is guaranteed
722 * to be marked (for some reason other than being a Rooted),
723 * e.g., if it is guaranteed to be reachable from an implicit root.
724 *
725 * Create a MutableHandle from a raw location of a T.
726 */
728 MutableHandle h;
731 }
742 };
749 };
759 // Default implementations for barrier methods on GC thing pointers.
766 }
769 }
773 }
774 }
778 }
779 }
780 };
790 }
791 }
792 };
799 }
803 }
804 }
805 };
815 }
819 }
820 }
821 };
828 }
829 };
837 }
838 };
840 // Provide hash codes for Cell kinds that may be relocated and, thus, not have
841 // a stable address to use as the base for a hash code. Instead of the address,
842 // this hasher uses Cell::getUniqueId to provide exact matches and as a base
843 // for generating hash codes.
844 //
845 // Note: this hasher, like PointerHasher can "hash" a nullptr. While a nullptr
846 // would not likely be a useful key, there are some cases where being able to
847 // hash a nullptr is useful, either on purpose or because of bugs:
848 // (1) existence checks where the key may happen to be null and (2) some
849 // aggregate Lookup kinds embed a JSObject* that is frequently null and do not
850 // null test before dispatching to the hasher.
860 // The rekey hash policy method is not provided since you dont't need to
861 // rekey any more when using this policy.
862 };
871 }
874 }
877 }
880 }
881 };
892 hashOut);
893 }
897 hashOut);
898 }
899 };
908 };
921 }
922 };
924 class PersistentRootedBase
933 }
934 };
946 };
954 }
955 };
962 };
968 };
981 Limit
982 };
989 AutoGCRooter*>;
991 // Superclass of JSContext which can be used for rooting data in use by the
992 // current thread but that does not provide all the functions of a JSContext.
994 // Stack GC roots for Rooted GC heap pointers.
995 RootedListHeads stackRoots_;
999 // Stack GC roots for AutoFooRooter classes.
1000 AutoRooterListHeads autoGCRooters_;
1003 // Gecko profiling metadata.
1004 // This isn't really rooting related. It's only here because we want
1005 // GetContextProfilingStackIfEnabled to be inlineable into non-JS code, and
1006 // we didn't want to add another superclass of JSContext just for this.
1014 /* Implemented in gc/RootMarking.cpp. */
1026 }
1029 // The remaining members in this class should only be accessed through
1030 // JSContext pointers. They are unrelated to rooting and are in place so
1031 // that inlined API functions can directly access the data.
1033 /* The nursery. Null for non-main-thread contexts. */
1036 /* The current zone. */
1039 /* The current realm. */
1043 /* Limit pointer for checking native stack consumption. */
1046 #ifdef __wasi__
1047 // For WASI we can't catch call-stack overflows with stack-pointer checks, so
1048 // we count recursion depth with RAII based AutoCheckRecursionLimit.
1056 }
1060 }
1064 };
1078 }
1083 }
1093 /*
1094 * Discriminates actual subclass of this being used. The meaning is
1095 * indicated by the corresponding value in the Kind enum.
1096 */
1097 Kind kind_;
1099 /* No copy or assignment semantics. */
1104 /**
1105 * Custom rooting behavior for internal and external clients.
1106 *
1107 * Deprecated. Where possible, use Rooted<> instead.
1108 */
1120 /** Supplied by derived class to trace roots. */
1122 };
1137 /**
1138 * Local variable of type T whose value is always rooted. This is typically
1139 * used for local variables, or for non-rooted values being passed to a
1140 * function that requires a handle, e.g. Foo(Root<T>(cx, x)).
1141 *
1142 * If you want to add additional methods to Rooted for a specific
1143 * specialization, define a RootedOperations<T> specialization containing them.
1144 */
1152 }
1156 }
1159 }
1164 // Construct an empty Rooted holding a safely initialized but empty T.
1165 // Requires T to have a copy constructor in order to copy the safely
1166 // initialized value.
1167 //
1168 // Note that for SFINAE to reject this method, the 2nd template parameter must
1169 // depend on RootingContext somehow even though we really only care about T.
1172 RootingContext>>
1176 }
1178 // Provide an initial value. Requires T to be constructible from the given
1179 // argument.
1185 }
1187 // (Traceables only) Construct the contained value from the given arguments.
1188 // Constructs in-place, so T does not need to be copyable or movable.
1189 //
1190 // Note that a copyable Traceable passed only a RootingContext will
1191 // choose the above SafelyInitialized<T> constructor, because otherwise
1192 // identical functions with parameter packs are considered less specialized.
1193 //
1194 // The SFINAE type must again depend on an inferred template parameter.
1202 }
1207 }
1209 /*
1210 * This method is public for Rooted so that Codegen.py can use a Rooted
1211 * interchangeably with a MutableHandleValue.
1212 */
1216 }
1220 }
1232 T ptr;
1242 };
1250 /*
1251 * Inlinable accessors for JSContext.
1252 *
1253 * - These must not be available on the more restricted superclasses of
1254 * JSContext, so we can't simply define them on RootingContext.
1255 *
1256 * - They're perfectly ordinary JSContext functionality, so ought to be
1257 * usable without resorting to jsfriendapi.h, and when JSContext is an
1258 * incomplete type.
1259 */
1262 }
1267 }
1269 }
1273 }
1279 }
1281 /**
1282 * Augment the generic Rooted<T> interface when T = JSObject* with
1283 * class-querying and downcasting operations.
1284 *
1285 * Given a Rooted<JSObject*> obj, one can view
1286 * Handle<StringObject*> h = obj.as<StringObject*>();
1287 * as an optimization of
1288 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1289 * Handle<StringObject*> h = rooted;
1290 */
1297 };
1299 /**
1300 * Augment the generic Handle<T> interface when T = JSObject* with
1301 * downcasting operations.
1302 *
1303 * Given a Handle<JSObject*> obj, one can view
1304 * Handle<StringObject*> h = obj.as<StringObject*>();
1305 * as an optimization of
1306 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1307 * Handle<StringObject*> h = rooted;
1308 */
1315 };
1327 }
1335 }
1343 }
1350 }
1357 }
1365 /**
1366 * A copyable, assignable global GC root type with arbitrary lifetime, an
1367 * infallible constructor, and automatic unrooting on destruction.
1368 *
1369 * These roots can be used in heap-allocated data structures, so they are not
1370 * associated with any particular JSContext or stack. They are registered with
1371 * the JSRuntime itself, without locking. Initialization may take place on
1372 * construction, or in two phases if the no-argument constructor is called
1373 * followed by init().
1374 *
1375 * Note that you must not use an PersistentRooted in an object owned by a JS
1376 * object:
1377 *
1378 * Whenever one object whose lifetime is decided by the GC refers to another
1379 * such object, that edge must be traced only if the owning JS object is traced.
1380 * This applies not only to JS objects (which obviously are managed by the GC)
1381 * but also to C++ objects owned by JS objects.
1382 *
1383 * If you put a PersistentRooted in such a C++ object, that is almost certainly
1384 * a leak. When a GC begins, the referent of the PersistentRooted is treated as
1385 * live, unconditionally (because a PersistentRooted is a *root*), even if the
1386 * JS object that owns it is unreachable. If there is any path from that
1387 * referent back to the JS object, then the C++ object containing the
1388 * PersistentRooted will not be destructed, and the whole blob of objects will
1389 * not be freed, even if there are no references to them from the outside.
1390 *
1391 * In the context of Firefox, this is a severe restriction: almost everything in
1392 * Firefox is owned by some JS object or another, so using PersistentRooted in
1393 * such objects would introduce leaks. For these kinds of edges, Heap<T> or
1394 * TenuredHeap<T> would be better types. It's up to the implementor of the type
1395 * containing Heap<T> or TenuredHeap<T> members to make sure their referents get
1396 * marked when the object itself is marked.
1397 */
1405 }
1411 }
1413 // Used when JSContext type is incomplete and so it is not known to inherit
1414 // from RootingContext.
1417 }
1425 typename RootHolder,
1430 }
1438 }
1445 }
1448 /*
1449 * Copy construction takes advantage of the fact that the original
1450 * is already inserted, and simply adds itself to whatever list the
1451 * original was on - no JSRuntime pointer needed.
1452 *
1453 * This requires mutating rhs's links, but those should be 'mutable'
1454 * anyway. C++ doesn't let us declare mutable base classes.
1455 */
1457 }
1468 }
1473 }
1479 }
1480 }
1491 }
1498 }
1501 T ptr;
1509 };
1521 }
1528 };
1538 }
1540 };
1546 }
1549 // This only supports a subset of Maybe's interface.
1555 };
1563 // This only supports a subset of Maybe's interface.
1567 };
1582 }
1590 }
1595 };
1605 };