| blob | 42be14e673519370d1f2f475effe4083ef0bb94d |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef js_RootingAPI_h
8 #define js_RootingAPI_h
16 #include <tuple>
17 #include <type_traits>
18 #include <utility>
34 /*
35 * [SMDOC] Stack Rooting
36 *
37 * Moving GC Stack Rooting
38 *
39 * A moving GC may change the physical location of GC allocated things, even
40 * when they are rooted, updating all pointers to the thing to refer to its new
41 * location. The GC must therefore know about all live pointers to a thing,
42 * not just one of them, in order to behave correctly.
43 *
44 * The |Rooted| and |Handle| classes below are used to root stack locations
45 * whose value may be held live across a call that can trigger GC. For a
46 * code fragment such as:
47 *
48 * JSObject* obj = NewObject(cx);
49 * DoSomething(cx);
50 * ... = obj->lastProperty();
51 *
52 * If |DoSomething()| can trigger a GC, the stack location of |obj| must be
53 * rooted to ensure that the GC does not move the JSObject referred to by
54 * |obj| without updating |obj|'s location itself. This rooting must happen
55 * regardless of whether there are other roots which ensure that the object
56 * itself will not be collected.
57 *
58 * If |DoSomething()| cannot trigger a GC, and the same holds for all other
59 * calls made between |obj|'s definitions and its last uses, then no rooting
60 * is required.
61 *
62 * SpiderMonkey can trigger a GC at almost any time and in ways that are not
63 * always clear. For example, the following innocuous-looking actions can
64 * cause a GC: allocation of any new GC thing; JSObject::hasProperty;
65 * JS_ReportError and friends; and ToNumber, among many others. The following
66 * dangerous-looking actions cannot trigger a GC: js_malloc, cx->malloc_,
67 * rt->malloc_, and friends and JS_ReportOutOfMemory.
68 *
69 * The following family of three classes will exactly root a stack location.
70 * Incorrect usage of these classes will result in a compile error in almost
71 * all cases. Therefore, it is very hard to be incorrectly rooted if you use
72 * these classes exclusively. These classes are all templated on the type T of
73 * the value being rooted.
74 *
75 * - Rooted<T> declares a variable of type T, whose value is always rooted.
76 * Rooted<T> may be automatically coerced to a Handle<T>, below. Rooted<T>
77 * should be used whenever a local variable's value may be held live across a
78 * call which can trigger a GC.
79 *
80 * - Handle<T> is a const reference to a Rooted<T>. Functions which take GC
81 * things or values as arguments and need to root those arguments should
82 * generally use handles for those arguments and avoid any explicit rooting.
83 * This has two benefits. First, when several such functions call each other
84 * then redundant rooting of multiple copies of the GC thing can be avoided.
85 * Second, if the caller does not pass a rooted value a compile error will be
86 * generated, which is quicker and easier to fix than when relying on a
87 * separate rooting analysis.
88 *
89 * - MutableHandle<T> is a non-const reference to Rooted<T>. It is used in the
90 * same way as Handle<T> and includes a |set(const T& v)| method to allow
91 * updating the value of the referenced Rooted<T>. A MutableHandle<T> can be
92 * created with an implicit cast from a Rooted<T>*.
93 *
94 * In some cases the small performance overhead of exact rooting (measured to
95 * be a few nanoseconds on desktop) is too much. In these cases, try the
96 * following:
97 *
98 * - Move all Rooted<T> above inner loops: this allows you to re-use the root
99 * on each iteration of the loop.
100 *
101 * - Pass Handle<T> through your hot call stack to avoid re-rooting costs at
102 * every invocation.
103 *
104 * The following diagram explains the list of supported, implicit type
105 * conversions between classes of this family:
106 *
107 * Rooted<T> ----> Handle<T>
108 * | ^
109 * | |
110 * | |
111 * +---> MutableHandle<T>
112 * (via &)
113 *
114 * All of these types have an implicit conversion to raw pointers.
115 */
121 // The defaulted Enable parameter for the following two types is for restricting
122 // specializations with std::enable_if.
130 class MutableWrappedPtrOperations
141 };
146 // Cannot use FOR_EACH_HEAP_ABLE_GC_POINTER_TYPE, as this would import too many
147 // macros into scope
149 // Add a 2nd template parameter to allow conditionally enabling partial
150 // specializations via std::enable_if.
154 #define JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE(T) \
155 template <> \
156 struct IsHeapConstructibleType<T> : public std::true_type {};
159 // Note that JS_DECLARE_IS_HEAP_CONSTRUCTIBLE_TYPE is left defined, to allow
160 // declaring other types (eg from js/public/experimental/TypedData.h) to
161 // be used with Heap<>.
167 // Important: Return a reference so passing a Rooted<T>, etc. to
168 // something that takes a |const T&| is not a GC hazard.
169 #define DECLARE_POINTER_CONSTREF_OPS(T) \
170 operator const T&() const { return get(); } \
171 const T& operator->() const { return get(); }
173 // Assignment operators on a base class are hidden by the implicitly defined
174 // operator= on the derived class. Thus, define the operator= directly on the
175 // class as we would need to manually pass it through anyway.
176 #define DECLARE_POINTER_ASSIGN_OPS(Wrapper, T) \
177 Wrapper& operator=(const T& p) { \
178 set(p); \
179 return *this; \
180 } \
181 Wrapper& operator=(T&& p) { \
182 set(std::move(p)); \
183 return *this; \
184 } \
185 Wrapper& operator=(const Wrapper& other) { \
186 set(other.get()); \
187 return *this; \
188 }
190 #define DELETE_ASSIGNMENT_OPS(Wrapper, T) \
191 template <typename S> \
192 Wrapper<T>& operator=(S) = delete; \
193 Wrapper<T>& operator=(const Wrapper<T>&) = delete;
195 #define DECLARE_NONPOINTER_ACCESSOR_METHODS(ptr) \
196 const T* address() const { return &(ptr); } \
197 const T& get() const { return (ptr); }
199 #define DECLARE_NONPOINTER_MUTABLE_ACCESSOR_METHODS(ptr) \
200 T* address() { return &(ptr); } \
201 T& get() { return (ptr); }
218 /**
219 * SafelyInitialized<T>::create() creates a safely-initialized |T|, suitable for
220 * use as a default value in situations requiring a safe but arbitrary |T|
221 * value. Implemented as a static method of a struct to allow partial
222 * specialization for subclasses via the Enable template parameter.
223 */
227 // This function wants to presume that |T()| -- which value-initializes a
228 // |T| per C++11 [expr.type.conv]p2 -- will produce a safely-initialized,
229 // safely-usable T that it can return.
231 #if defined(XP_WIN) || defined(XP_DARWIN) || \
232 (defined(XP_UNIX) && !defined(__clang__))
234 // That presumption holds for pointers, where value initialization produces
235 // a null pointer.
238 // For classes and unions we *assume* that if |T|'s default constructor is
239 // non-trivial it'll initialize correctly. (This is unideal, but C++
240 // doesn't offer a type trait indicating whether a class's constructor is
241 // user-defined, which better approximates our desired semantics.)
249 #endif
252 }
253 };
255 #ifdef JS_DEBUG
256 /**
257 * For generational GC, assert that an object is in the tenured generation as
258 * opposed to being in the nursery.
259 */
263 #else
266 #endif
268 /**
269 * The Heap<T> class is a heap-stored reference to a JS GC thing for use outside
270 * the JS engine. All members of heap classes that refer to GC things should use
271 * Heap<T> (or possibly TenuredHeap<T>, described below).
272 *
273 * Heap<T> is an abstraction that hides some of the complexity required to
274 * maintain GC invariants for the contained reference. It uses operator
275 * overloading to provide a normal pointer interface, but adds barriers to
276 * notify the GC of changes.
277 *
278 * Heap<T> implements the following barriers:
279 *
280 * - Pre-write barrier (necessary for incremental GC).
281 * - Post-write barrier (necessary for generational GC).
282 * - Read barrier (necessary for cycle collector integration).
283 *
284 * Heap<T> may be moved or destroyed outside of GC finalization and hence may be
285 * used in dynamic storage such as a Vector.
286 *
287 * Heap<T> instances must be traced when their containing object is traced to
288 * keep the pointed-to GC thing alive.
289 *
290 * Heap<T> objects should only be used on the heap. GC references stored on the
291 * C/C++ stack must use Rooted/Handle/MutableHandle instead.
292 *
293 * Type T must be a public GC pointer type.
294 */
304 // No barriers are required for initialization to the default value.
307 }
310 }
312 /*
313 * For Heap, move semantics are equivalent to copy semantics. However, we want
314 * the copy constructor to be explicit, and an explicit move constructor
315 * breaks common usage of move semantics, so we need to define both, even
316 * though they are equivalent.
317 */
320 }
323 }
329 }
330 // Copy constructor defined by DECLARE_POINTER_ASSIGN_OPS.
342 }
349 }
357 }
362 }
364 T ptr;
365 };
372 };
378 }
382 }
388 }
392 }
397 }
399 // The following *IsNotGray functions take account of the eventual
400 // gray marking state at the end of any ongoing incremental GC by
401 // delaying the checks if necessary.
403 #ifdef DEBUG
408 }
409 }
413 }
417 }
419 #else
425 #endif
427 /**
428 * The TenuredHeap<T> class is similar to the Heap<T> class above in that it
429 * encapsulates the GC concerns of an on-heap reference to a JS object. However,
430 * it has two important differences:
431 *
432 * 1) Pointers which are statically known to only reference "tenured" objects
433 * can avoid the extra overhead of SpiderMonkey's post write barriers.
434 *
435 * 2) Objects in the "tenured" heap have stronger alignment restrictions than
436 * those in the "nursery", so it is possible to store flags in the lower
437 * bits of pointers known to be tenured. TenuredHeap wraps a normal tagged
438 * pointer with a nice API for accessing the flag bits and adds various
439 * assertions to ensure that it is not mis-used.
440 *
441 * GC things are said to be "tenured" when they are located in the long-lived
442 * heap: e.g. they have gained tenure as an object by surviving past at least
443 * one GC. For performance, SpiderMonkey allocates some things which are known
444 * to normally be long lived directly into the tenured generation; for example,
445 * global objects. Additionally, SpiderMonkey does not visit individual objects
446 * when deleting non-tenured objects, so object with finalizers are also always
447 * tenured; for instance, this includes most DOM objects.
448 *
449 * The considerations to keep in mind when using a TenuredHeap<T> vs a normal
450 * Heap<T> are:
451 *
452 * - It is invalid for a TenuredHeap<T> to refer to a non-tenured thing.
453 * - It is however valid for a Heap<T> to refer to a tenured thing.
454 * - It is not possible to store flag bits in a Heap<T>.
455 */
467 }
472 }
477 }
482 }
489 }
495 }
497 }
502 }
507 }
512 }
519 }
523 }
530 }
536 };
541 }
542 }
545 };
552 };
556 // std::swap uses a stack temporary, which prevents classes like Heap<T>
557 // from being declared MOZ_HEAP_CLASS.
563 }
570 }
575 }
586 /**
587 * Reference to a T that has been rooted elsewhere. This is most useful
588 * as a parameter type, which guarantees that the T lvalue is properly
589 * rooted. See "Move GC Stack Rooting" above.
590 *
591 * If you want to add additional methods to Handle for a specific
592 * specialization, define a HandleOperations<T> specialization containing them.
593 */
603 /* Creates a handle from a handle of a type convertible to T. */
611 }
618 }
622 /*
623 * Take care when calling this method!
624 *
625 * This creates a Handle from the raw location of a T.
626 *
627 * It should be called only if the following conditions hold:
628 *
629 * 1) the location of the T is guaranteed to be marked (for some reason
630 * other than being a Rooted), e.g., if it is guaranteed to be reachable
631 * from an implicit root.
632 *
633 * 2) the contents of the location are immutable, or at least cannot change
634 * for the lifetime of the handle, as its users may not expect its value
635 * to change underneath them.
636 */
639 ImUsingThisOnlyInFromFromMarkedLocation);
640 }
642 /*
643 * Construct a handle from an explicitly rooted location. This is the
644 * normal way to create a handle, and normally happens implicitly.
645 */
656 /* Construct a read only handle from a mutable handle. */
679 };
686 };
690 /**
691 * Similar to a handle, but the underlying storage can be changed. This is
692 * useful for outparams.
693 *
694 * If you want to add additional methods to MutableHandle for a specific
695 * specialization, define a MutableHandleOperations<T> specialization containing
696 * them.
697 */
699 class MOZ_STACK_CLASS MutableHandle
710 // Disallow nullptr for overloading purposes.
718 }
722 }
724 /*
725 * This may be called only if the location of the T is guaranteed
726 * to be marked (for some reason other than being a Rooted),
727 * e.g., if it is guaranteed to be reachable from an implicit root.
728 *
729 * Create a MutableHandle from a raw location of a T.
730 */
732 MutableHandle h;
735 }
746 };
753 };
763 // Default implementations for barrier methods on GC thing pointers.
770 }
773 }
777 }
778 }
782 }
783 }
784 };
793 }
797 }
798 }
799 };
806 }
809 }
813 }
814 }
815 };
825 }
829 }
830 }
831 };
838 }
839 };
846 }
847 };
855 }
856 };
858 // Provide hash codes for Cell kinds that may be relocated and, thus, not have
859 // a stable address to use as the base for a hash code. Instead of the address,
860 // this hasher uses Cell::getUniqueId to provide exact matches and as a base
861 // for generating hash codes.
862 //
863 // Note: this hasher, like PointerHasher can "hash" a nullptr. While a nullptr
864 // would not likely be a useful key, there are some cases where being able to
865 // hash a nullptr is useful, either on purpose or because of bugs:
866 // (1) existence checks where the key may happen to be null and (2) some
867 // aggregate Lookup kinds embed a JSObject* that is frequently null and do not
868 // null test before dispatching to the hasher.
878 // The rekey hash policy method is not provided since you dont't need to
879 // rekey any more when using this policy.
880 };
889 }
892 }
895 }
898 }
899 };
910 hashOut);
911 }
915 hashOut);
916 }
917 };
926 };
939 }
940 };
942 class PersistentRootedBase
951 }
952 };
964 };
972 }
973 };
980 };
986 };
999 Limit
1000 };
1009 // Superclass of JSContext which can be used for rooting data in use by the
1010 // current thread but that does not provide all the functions of a JSContext.
1012 // Stack GC roots for Rooted GC heap pointers.
1013 RootedListHeads stackRoots_;
1017 // Stack GC roots for AutoFooRooter classes.
1018 AutoRooterListHeads autoGCRooters_;
1021 // Gecko profiling metadata.
1022 // This isn't really rooting related. It's only here because we want
1023 // GetContextProfilingStackIfEnabled to be inlineable into non-JS code, and
1024 // we didn't want to add another superclass of JSContext just for this.
1032 /* Implemented in gc/RootMarking.cpp. */
1044 }
1047 // The remaining members in this class should only be accessed through
1048 // JSContext pointers. They are unrelated to rooting and are in place so
1049 // that inlined API functions can directly access the data.
1051 /* The nursery. Null for non-main-thread contexts. */
1054 /* The current zone. */
1057 /* The current realm. */
1061 /* Limit pointer for checking native stack consumption. */
1064 #ifdef __wasi__
1065 // For WASI we can't catch call-stack overflows with stack-pointer checks, so
1066 // we count recursion depth with RAII based AutoCheckRecursionLimit.
1074 }
1078 }
1082 };
1096 }
1101 }
1111 /*
1112 * Discriminates actual subclass of this being used. The meaning is
1113 * indicated by the corresponding value in the Kind enum.
1114 */
1115 Kind kind_;
1117 /* No copy or assignment semantics. */
1122 /**
1123 * Custom rooting behavior for internal and external clients.
1124 *
1125 * Deprecated. Where possible, use Rooted<> instead.
1126 */
1138 /** Supplied by derived class to trace roots. */
1140 };
1155 /**
1156 * Local variable of type T whose value is always rooted. This is typically
1157 * used for local variables, or for non-rooted values being passed to a
1158 * function that requires a handle, e.g. Foo(Root<T>(cx, x)).
1159 *
1160 * If you want to add additional methods to Rooted for a specific
1161 * specialization, define a RootedOperations<T> specialization containing them.
1162 */
1170 }
1174 }
1177 }
1182 // Construct an empty Rooted holding a safely initialized but empty T.
1183 // Requires T to have a copy constructor in order to copy the safely
1184 // initialized value.
1185 //
1186 // Note that for SFINAE to reject this method, the 2nd template parameter must
1187 // depend on RootingContext somehow even though we really only care about T.
1190 RootingContext>>
1194 }
1196 // Provide an initial value. Requires T to be constructible from the given
1197 // argument.
1203 }
1205 // (Traceables only) Construct the contained value from the given arguments.
1206 // Constructs in-place, so T does not need to be copyable or movable.
1207 //
1208 // Note that a copyable Traceable passed only a RootingContext will
1209 // choose the above SafelyInitialized<T> constructor, because otherwise
1210 // identical functions with parameter packs are considered less specialized.
1211 //
1212 // The SFINAE type must again depend on an inferred template parameter.
1220 }
1225 }
1227 /*
1228 * This method is public for Rooted so that Codegen.py can use a Rooted
1229 * interchangeably with a MutableHandleValue.
1230 */
1234 }
1238 }
1250 T ptr;
1260 };
1267 // Reference to a field in a RootedTuple. This is a drop-in replacement for an
1268 // individual Rooted.
1269 //
1270 // This is very similar to a MutableHandle but with two differences: it has an
1271 // assignment operator so doesn't require set() to be called and its address
1272 // converts to a MutableHandle in the same way as a Rooted.
1273 //
1274 // The field is specified by the type parameter, optionally disambiguated by
1275 // supplying the field index too.
1276 //
1277 // Used like this:
1278 //
1279 // RootedTuple<JSObject*, JSString*> roots(cx);
1280 // RootedField<JSObject*> obj(roots);
1281 // RootedField<JSString*> str(roots);
1282 //
1283 // or:
1284 //
1285 // RootedTuple<JString*, JSObject*, JSObject*> roots(cx);
1286 // RootedField<JString*, 0> str(roots);
1287 // RootedField<JSObject*, 1> obj1(roots);
1288 // RootedField<JSObject*, 2> obj2(roots);
1307 }
1308 }
1313 }
1320 }
1324 }
1329 // DECLARE_NONPOINTER_ACCESSOR_METHODS(*ptr);
1330 // DECLARE_NONPOINTER_MUTABLE_ACCESSOR_METHODS(*ptr);
1335 };
1341 };
1348 /*
1349 * Inlinable accessors for JSContext.
1350 *
1351 * - These must not be available on the more restricted superclasses of
1352 * JSContext, so we can't simply define them on RootingContext.
1353 *
1354 * - They're perfectly ordinary JSContext functionality, so ought to be
1355 * usable without resorting to jsfriendapi.h, and when JSContext is an
1356 * incomplete type.
1357 */
1360 }
1365 }
1367 }
1371 }
1377 }
1379 /**
1380 * Augment the generic Rooted<T> interface when T = JSObject* with
1381 * class-querying and downcasting operations.
1382 *
1383 * Given a Rooted<JSObject*> obj, one can view
1384 * Handle<StringObject*> h = obj.as<StringObject*>();
1385 * as an optimization of
1386 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1387 * Handle<StringObject*> h = rooted;
1388 */
1395 };
1397 /**
1398 * Augment the generic Handle<T> interface when T = JSObject* with
1399 * downcasting operations.
1400 *
1401 * Given a Handle<JSObject*> obj, one can view
1402 * Handle<StringObject*> h = obj.as<StringObject*>();
1403 * as an optimization of
1404 * Rooted<StringObject*> rooted(cx, &obj->as<StringObject*>());
1405 * Handle<StringObject*> h = rooted;
1406 */
1413 };
1425 }
1433 }
1441 }
1449 }
1456 }
1462 }
1469 }
1477 /**
1478 * A copyable, assignable global GC root type with arbitrary lifetime, an
1479 * infallible constructor, and automatic unrooting on destruction.
1480 *
1481 * These roots can be used in heap-allocated data structures, so they are not
1482 * associated with any particular JSContext or stack. They are registered with
1483 * the JSRuntime itself, without locking. Initialization may take place on
1484 * construction, or in two phases if the no-argument constructor is called
1485 * followed by init().
1486 *
1487 * Note that you must not use an PersistentRooted in an object owned by a JS
1488 * object:
1489 *
1490 * Whenever one object whose lifetime is decided by the GC refers to another
1491 * such object, that edge must be traced only if the owning JS object is traced.
1492 * This applies not only to JS objects (which obviously are managed by the GC)
1493 * but also to C++ objects owned by JS objects.
1494 *
1495 * If you put a PersistentRooted in such a C++ object, that is almost certainly
1496 * a leak. When a GC begins, the referent of the PersistentRooted is treated as
1497 * live, unconditionally (because a PersistentRooted is a *root*), even if the
1498 * JS object that owns it is unreachable. If there is any path from that
1499 * referent back to the JS object, then the C++ object containing the
1500 * PersistentRooted will not be destructed, and the whole blob of objects will
1501 * not be freed, even if there are no references to them from the outside.
1502 *
1503 * In the context of Firefox, this is a severe restriction: almost everything in
1504 * Firefox is owned by some JS object or another, so using PersistentRooted in
1505 * such objects would introduce leaks. For these kinds of edges, Heap<T> or
1506 * TenuredHeap<T> would be better types. It's up to the implementor of the type
1507 * containing Heap<T> or TenuredHeap<T> members to make sure their referents get
1508 * marked when the object itself is marked.
1509 */
1517 }
1523 }
1525 // Used when JSContext type is incomplete and so it is not known to inherit
1526 // from RootingContext.
1529 }
1537 typename RootHolder,
1542 }
1550 }
1557 }
1560 /*
1561 * Copy construction takes advantage of the fact that the original
1562 * is already inserted, and simply adds itself to whatever list the
1563 * original was on - no JSRuntime pointer needed.
1564 *
1565 * This requires mutating rhs's links, but those should be 'mutable'
1566 * anyway. C++ doesn't let us declare mutable base classes.
1567 */
1569 }
1580 }
1585 }
1591 }
1592 }
1603 }
1610 }
1613 T ptr;
1621 };
1633 }
1640 };
1650 }
1652 };
1658 }
1661 // This only supports a subset of Maybe's interface.
1667 };
1675 // This only supports a subset of Maybe's interface.
1679 };
1694 }
1702 }
1707 };
1717 };