| blob | 8698db1899ee197cad5dafa3ff919143f28c425c |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef gc_Barrier_h
8 #define gc_Barrier_h
25 /*
26 * [SMDOC] GC Barriers
27 *
28 * Several kinds of barrier are necessary to allow the GC to function correctly.
29 * These are triggered by reading or writing to GC pointers in the heap and
30 * serve to tell the collector about changes to the graph of reachable GC
31 * things.
32 *
33 * Since it would be awkward to change every write to memory into a function
34 * call, this file contains a bunch of C++ classes and templates that use
35 * operator overloading to take care of barriers automatically. In most cases,
36 * all that's necessary is to replace:
37 *
38 * Type* field;
39 *
40 * with:
41 *
42 * HeapPtr<Type> field;
43 *
44 * All heap-based GC pointers and tagged pointers must use one of these classes,
45 * except in a couple of exceptional cases.
46 *
47 * These classes are designed to be used by the internals of the JS engine.
48 * Barriers designed to be used externally are provided in js/RootingAPI.h.
49 *
50 * Overview
51 * ========
52 *
53 * This file implements the following concrete classes:
54 *
55 * HeapPtr General wrapper for heap-based pointers that provides pre- and
56 * post-write barriers. Most clients should use this.
57 *
58 * GCPtr An optimisation of HeapPtr for objects which are only destroyed
59 * by GC finalization (this rules out use in Vector, for example).
60 *
61 * PreBarriered Provides a pre-barrier but not a post-barrier. Necessary when
62 * generational GC updates are handled manually, e.g. for hash
63 * table keys that don't use StableCellHasher.
64 *
65 * HeapSlot Provides pre and post-barriers, optimised for use in JSObject
66 * slots and elements.
67 *
68 * WeakHeapPtr Provides read and post-write barriers, for use with weak
69 * pointers.
70 *
71 * UnsafeBarePtr Provides no barriers. Don't add new uses of this, or only if
72 * you really know what you are doing.
73 *
74 * The following classes are implemented in js/RootingAPI.h (in the JS
75 * namespace):
76 *
77 * Heap General wrapper for external clients. Like HeapPtr but also
78 * handles cycle collector concerns. Most external clients should
79 * use this.
80 *
81 * Heap::Tenured Like Heap but doesn't allow nursery pointers. Allows storing
82 * flags in unused lower bits of the pointer.
83 *
84 * Which class to use?
85 * -------------------
86 *
87 * Answer the following questions to decide which barrier class is right for
88 * your use case:
89 *
90 * Is your code part of the JS engine?
91 * Yes, it's internal =>
92 * Is your pointer weak or strong?
93 * Strong =>
94 * Do you want automatic handling of nursery pointers?
95 * Yes, of course =>
96 * Can your object be destroyed outside of a GC?
97 * Yes => Use HeapPtr<T>
98 * No => Use GCPtr<T> (optimization)
99 * No, I'll do this myself =>
100 * Do you want pre-barriers so incremental marking works?
101 * Yes, of course => Use PreBarriered<T>
102 * No, and I'll fix all the bugs myself => Use UnsafeBarePtr<T>
103 * Weak => Use WeakHeapPtr<T>
104 * No, it's external =>
105 * Can your pointer refer to nursery objects?
106 * Yes => Use JS::Heap<T>
107 * Never => Use JS::Heap::Tenured<T> (optimization)
108 *
109 * If in doubt, use HeapPtr<T>.
110 *
111 * Write barriers
112 * ==============
113 *
114 * A write barrier is a mechanism used by incremental or generational GCs to
115 * ensure that every value that needs to be marked is marked. In general, the
116 * write barrier should be invoked whenever a write can cause the set of things
117 * traced through by the GC to change. This includes:
118 *
119 * - writes to object properties
120 * - writes to array slots
121 * - writes to fields like JSObject::shape_ that we trace through
122 * - writes to fields in private data
123 * - writes to non-markable fields like JSObject::private that point to
124 * markable data
125 *
126 * The last category is the trickiest. Even though the private pointer does not
127 * point to a GC thing, changing the private pointer may change the set of
128 * objects that are traced by the GC. Therefore it needs a write barrier.
129 *
130 * Every barriered write should have the following form:
131 *
132 * <pre-barrier>
133 * obj->field = value; // do the actual write
134 * <post-barrier>
135 *
136 * The pre-barrier is used for incremental GC and the post-barrier is for
137 * generational GC.
138 *
139 * Pre-write barrier
140 * -----------------
141 *
142 * To understand the pre-barrier, let's consider how incremental GC works. The
143 * GC itself is divided into "slices". Between each slice, JS code is allowed to
144 * run. Each slice should be short so that the user doesn't notice the
145 * interruptions. In our GC, the structure of the slices is as follows:
146 *
147 * 1. ... JS work, which leads to a request to do GC ...
148 * 2. [first GC slice, which performs all root marking and (maybe) more marking]
149 * 3. ... more JS work is allowed to run ...
150 * 4. [GC mark slice, which runs entirely in
151 * GCRuntime::markUntilBudgetExhausted]
152 * 5. ... more JS work ...
153 * 6. [GC mark slice, which runs entirely in
154 * GCRuntime::markUntilBudgetExhausted]
155 * 7. ... more JS work ...
156 * 8. [GC marking finishes; sweeping done non-incrementally; GC is done]
157 * 9. ... JS continues uninterrupted now that GC is finishes ...
158 *
159 * Of course, there may be a different number of slices depending on how much
160 * marking is to be done.
161 *
162 * The danger inherent in this scheme is that the JS code in steps 3, 5, and 7
163 * might change the heap in a way that causes the GC to collect an object that
164 * is actually reachable. The write barrier prevents this from happening. We use
165 * a variant of incremental GC called "snapshot at the beginning." This approach
166 * guarantees the invariant that if an object is reachable in step 2, then we
167 * will mark it eventually. The name comes from the idea that we take a
168 * theoretical "snapshot" of all reachable objects in step 2; all objects in
169 * that snapshot should eventually be marked. (Note that the write barrier
170 * verifier code takes an actual snapshot.)
171 *
172 * The basic correctness invariant of a snapshot-at-the-beginning collector is
173 * that any object reachable at the end of the GC (step 9) must either:
174 * (1) have been reachable at the beginning (step 2) and thus in the snapshot
175 * (2) or must have been newly allocated, in steps 3, 5, or 7.
176 * To deal with case (2), any objects allocated during an incremental GC are
177 * automatically marked black.
178 *
179 * This strategy is actually somewhat conservative: if an object becomes
180 * unreachable between steps 2 and 8, it would be safe to collect it. We won't,
181 * mainly for simplicity. (Also, note that the snapshot is entirely
182 * theoretical. We don't actually do anything special in step 2 that we wouldn't
183 * do in a non-incremental GC.
184 *
185 * It's the pre-barrier's job to maintain the snapshot invariant. Consider the
186 * write "obj->field = value". Let the prior value of obj->field be
187 * value0. Since it's possible that value0 may have been what obj->field
188 * contained in step 2, when the snapshot was taken, the barrier marks
189 * value0. Note that it only does this if we're in the middle of an incremental
190 * GC. Since this is rare, the cost of the write barrier is usually just an
191 * extra branch.
192 *
193 * In practice, we implement the pre-barrier differently based on the type of
194 * value0. E.g., see JSObject::preWriteBarrier, which is used if obj->field is
195 * a JSObject*. It takes value0 as a parameter.
196 *
197 * Post-write barrier
198 * ------------------
199 *
200 * For generational GC, we want to be able to quickly collect the nursery in a
201 * minor collection. Part of the way this is achieved is to only mark the
202 * nursery itself; tenured things, which may form the majority of the heap, are
203 * not traced through or marked. This leads to the problem of what to do about
204 * tenured objects that have pointers into the nursery: if such things are not
205 * marked, they may be discarded while there are still live objects which
206 * reference them. The solution is to maintain information about these pointers,
207 * and mark their targets when we start a minor collection.
208 *
209 * The pointers can be thought of as edges in an object graph, and the set of
210 * edges from the tenured generation into the nursery is known as the remembered
211 * set. Post barriers are used to track this remembered set.
212 *
213 * Whenever a slot which could contain such a pointer is written, we check
214 * whether the pointed-to thing is in the nursery (if storeBuffer() returns a
215 * buffer). If so we add the cell into the store buffer, which is the
216 * collector's representation of the remembered set. This means that when we
217 * come to do a minor collection we can examine the contents of the store buffer
218 * and mark any edge targets that are in the nursery.
219 *
220 * Read barriers
221 * =============
222 *
223 * Weak pointer read barrier
224 * -------------------------
225 *
226 * Weak pointers must have a read barrier to prevent the referent from being
227 * collected if it is read after the start of an incremental GC.
228 *
229 * The problem happens when, during an incremental GC, some code reads a weak
230 * pointer and writes it somewhere on the heap that has been marked black in a
231 * previous slice. Since the weak pointer will not otherwise be marked and will
232 * be swept and finalized in the last slice, this will leave the pointer just
233 * written dangling after the GC. To solve this, we immediately mark black all
234 * weak pointers that get read between slices so that it is safe to store them
235 * in an already marked part of the heap, e.g. in Rooted.
236 *
237 * Cycle collector read barrier
238 * ----------------------------
239 *
240 * Heap pointers external to the engine may be marked gray. The JS API has an
241 * invariant that no gray pointers may be passed, and this maintained by a read
242 * barrier that calls ExposeGCThingToActiveJS on such pointers. This is
243 * implemented by JS::Heap<T> in js/RootingAPI.h.
244 *
245 * Implementation Details
246 * ======================
247 *
248 * One additional note: not all object writes need to be pre-barriered. Writes
249 * to newly allocated objects do not need a pre-barrier. In these cases, we use
250 * the "obj->field.init(value)" method instead of "obj->field = value". We use
251 * the init naming idiom in many places to signify that a field is being
252 * assigned for the first time.
253 *
254 * This file implements the following hierarchy of classes:
255 *
256 * BarrieredBase base class of all barriers
257 * | |
258 * | WriteBarriered base class which provides common write operations
259 * | | | | |
260 * | | | | PreBarriered provides pre-barriers only
261 * | | | |
262 * | | | GCPtr provides pre- and post-barriers
263 * | | |
264 * | | HeapPtr provides pre- and post-barriers; is relocatable
265 * | | and deletable for use inside C++ managed memory
266 * | |
267 * | HeapSlot similar to GCPtr, but tailored to slots storage
268 * |
269 * ReadBarriered base class which provides common read operations
270 * |
271 * WeakHeapPtr provides read barriers only
272 *
273 *
274 * The implementation of the barrier logic is implemented in the
275 * Cell/TenuredCell base classes, which are called via:
276 *
277 * WriteBarriered<T>::pre
278 * -> InternalBarrierMethods<T*>::preBarrier
279 * -> Cell::preWriteBarrier
280 * -> InternalBarrierMethods<Value>::preBarrier
281 * -> InternalBarrierMethods<jsid>::preBarrier
282 * -> InternalBarrierMethods<T*>::preBarrier
283 * -> Cell::preWriteBarrier
284 *
285 * GCPtr<T>::post and HeapPtr<T>::post
286 * -> InternalBarrierMethods<T*>::postBarrier
287 * -> gc::PostWriteBarrierImpl
288 * -> InternalBarrierMethods<Value>::postBarrier
289 * -> StoreBuffer::put
290 *
291 * Barriers for use outside of the JS engine call into the same barrier
292 * implementations at InternalBarrierMethods<T>::post via an indirect call to
293 * Heap(.+)PostWriteBarrier.
294 *
295 * These clases are designed to be used to wrap GC thing pointers or values that
296 * act like them (i.e. JS::Value and jsid). It is possible to use them for
297 * other types by supplying the necessary barrier implementations but this
298 * is not usually necessary and should be done with caution.
299 */
310 }
315 }
320 }
325 }
329 #ifdef DEBUG
335 #endif
350 }
354 #ifdef DEBUG
356 #endif
357 };
366 }
367 }
374 // If the target needs an entry, add it.
377 // If we know that the prev has already inserted an entry, we can
378 // skip doing the lookup to add the new entry. Note that we cannot
379 // safely assert the presence of the entry because it may have been
380 // added via a different store buffer.
383 }
386 }
387 // Remove the prev entry if the new value does not need it.
390 }
391 }
396 }
397 }
399 #ifdef DEBUG
402 }
403 #endif
404 };
412 }
413 }
415 #ifdef DEBUG
417 #endif
418 };
420 // Specialization for JS::ArrayBufferOrView subclasses.
428 }
431 }
433 #ifdef DEBUG
438 }
439 }
440 #endif
441 };
445 #ifdef DEBUG
448 }
449 #endif
450 }
452 // Base class of all barrier types.
453 //
454 // This is marked non-memmovable since post barriers added by derived classes
455 // can add pointers to class instances to the store buffer.
459 // BarrieredBase is not directly instantiable.
462 // BarrieredBase subclasses cannot be copy constructed by default.
465 // Storage for all barrier classes. |value| must be a GC thing reference
466 // type: either a direct pointer to a GC thing or a supported tagged
467 // pointer that can reference GC things, such as JS::Value or jsid. Nested
468 // barrier types are NOT supported. See assertTypeConstraints.
469 T value;
474 // Note: this is public because C++ cannot friend to a specific template
475 // instantiation. Friending to the generic template leads to a number of
476 // unintended consequences, including template resolution ambiguity and a
477 // circular dependency with Tracing.h.
479 };
481 // Base class for barriered pointer types that intercept only writes.
488 // WriteBarriered is not directly instantiable.
494 // Use this if the automatic coercion to T isn't working.
497 // Use this if you want to change the value without invoking barriers.
498 // Obviously this is dangerous unless you know the barrier is not needed.
501 // For users who need to manually barrier the raw types.
504 }
510 }
511 };
513 #define DECLARE_POINTER_ASSIGN_AND_MOVE_OPS(Wrapper, T) \
514 DECLARE_POINTER_ASSIGN_OPS(Wrapper, T) \
515 Wrapper<T>& operator=(Wrapper<T>&& other) noexcept { \
516 setUnchecked(other.release()); \
517 return *this; \
518 }
520 /*
521 * PreBarriered only automatically handles pre-barriers. Post-barriers must be
522 * manually implemented when using this class. GCPtr and HeapPtr should be used
523 * in all cases that do not require explicit low-level control of moving
524 * behavior.
525 *
526 * This class is useful for example for HashMap keys where automatically
527 * updating a moved nursery pointer would break the hash table.
528 */
533 /*
534 * Allow implicit construction for use in generic contexts.
535 */
548 /* Use to set the pointer to nullptr. */
556 }
562 }
568 }
569 };
577 };
582 /*
583 * A pre- and post-barriered heap pointer, for use inside the JS engine.
584 *
585 * It must only be stored in memory that has GC lifetime. GCPtr must not be
586 * used in contexts where it may be implicitly moved or deleted, e.g. most
587 * containers.
588 *
589 * The post-barriers implemented by this class are faster than those
590 * implemented by js::HeapPtr<T> or JS::Heap<T> at the cost of not
591 * automatically handling deletion or movement.
592 */
600 }
604 }
606 #ifdef DEBUG
608 // No barriers are necessary as this only happens when the GC is sweeping.
609 //
610 // If this assertion fails you may need to make the containing object use a
611 // HeapPtr instead, as this can be deleted from outside of GC.
616 }
617 #endif
623 }
630 }
638 }
640 /*
641 * Unlike HeapPtr<T>, GCPtr<T> must be managed with GC lifetimes.
642 * Specifically, the memory used by the pointer itself must be live until
643 * at least the next minor GC. For that reason, move semantics are invalid
644 * and are deleted here. Please note that not all containers support move
645 * semantics, so this does not completely prevent invalid uses.
646 */
649 };
657 };
662 /*
663 * A pre- and post-barriered heap pointer, for use inside the JS engine. These
664 * heap pointers can be stored in C++ containers like GCVector and GCHashMap.
665 *
666 * The GC sometimes keeps pointers to pointers to GC things --- for example, to
667 * track references into the nursery. However, C++ containers like GCVector and
668 * GCHashMap usually reserve the right to relocate their elements any time
669 * they're modified, invalidating all pointers to the elements. HeapPtr
670 * has a move constructor which knows how to keep the GC up to date if it is
671 * moved to a new location.
672 *
673 * However, because of this additional communication with the GC, HeapPtr
674 * is somewhat slower, so it should only be used in contexts where this ability
675 * is necessary.
676 *
677 * Obviously, JSObjects, JSStrings, and the like get tenured and compacted, so
678 * whatever pointers they contain get relocated, in the sense used here.
679 * However, since the GC itself is moving those values, it takes care of its
680 * internal pointers to those pointers itself. HeapPtr is only necessary
681 * when the relocation would otherwise occur without the GC's knowledge.
682 */
688 // Implicitly adding barriers is a reasonable default.
691 }
695 }
699 }
704 }
711 }
718 }
720 /* Make this friend so it can access pre() and post(). */
729 }
735 }
741 }
742 };
744 /*
745 * A pre-barriered heap pointer, for use inside the JS engine.
746 *
747 * Similar to GCPtr, but used for a pointer to a malloc-allocated structure
748 * containing GC thing pointers.
749 *
750 * It must only be stored in memory that has GC lifetime. It must not be used in
751 * contexts where it may be implicitly moved or deleted, e.g. most containers.
752 *
753 * A post-barrier is unnecessary since malloc-allocated structures cannot be in
754 * the nursery.
755 */
759 // This is sometimes used to hold tagged pointers.
764 // Implicitly adding barriers is a reasonable default.
773 // No barriers are necessary as this only happens when the GC is sweeping.
776 }
782 }
787 }
799 }
800 }
801 };
809 };
814 // Base class for barriered pointer types that intercept reads and writes.
818 // ReadBarriered is not directly instantiable.
824 }
825 };
827 // Incremental GC requires that weak pointers have read barriers. See the block
828 // comment at the top of Barrier.h for a complete discussion of why.
829 //
830 // Note that this class also has post-barriers, so is safe to use with nursery
831 // pointers. However, when used as a hashtable key, care must still be taken to
832 // insert manual post-barriers on the table for rekeying if the key is based in
833 // any way on the address of the object.
843 // It is okay to add barriers implicitly.
846 }
848 // The copy constructor creates a new weak edge but the wrapped pointer does
849 // not escape, so no read barrier is necessary.
852 }
854 // Move retains the lifetime status of the source edge, so does not fire
855 // the read barrier of the defunct edge.
859 }
863 }
871 }
876 }
878 }
891 }
896 }
903 }
909 }
910 };
912 // A wrapper for a bare pointer, with no barriers.
913 //
914 // This should only be necessary in a limited number of cases. Please don't add
915 // more uses of this if at all possible.
924 };
933 }
934 };
939 // A pre- and post-barriered Value that is specialized to be aware that it
940 // resides in a slots or elements vector. This allows it to be relocated in
941 // memory, but with substantially less overhead than a HeapPtr.
949 }
958 }
960 #ifdef DEBUG
965 #endif
973 }
978 #ifdef DEBUG
980 #endif
985 }
986 }
987 }
988 };
996 };
1013 }
1018 }
1021 }
1022 };
1024 /*
1025 * This is a hack for RegExpStatics::updateFromMatch. It allows us to do two
1026 * barriers with only one branch to check if we're in an incremental GC.
1027 */
1036 }
1039 }
1041 /*
1042 * ImmutableTenuredPtr is designed for one very narrow case: replacing
1043 * immutable raw pointers to GC-managed things, implicitly converting to a
1044 * handle type for ease of use. Pointers encapsulated by this type must:
1045 *
1046 * be immutable (no incremental write barriers),
1047 * never point into the nursery (no generational write barriers), and
1048 * be traced via MarkRuntime (we use fromMarkedLocation).
1049 *
1050 * In short: you *really* need to know what you're doing before you use this
1051 * class!
1052 */
1055 T value;
1061 // `ImmutableTenuredPtr<T>` is implicitly convertible to `Handle<T>`.
1062 //
1063 // In case you need to convert to `Handle<U>` where `U` is base class of `T`,
1064 // convert this to `Handle<T>` by `toHandle()` and then use implicit
1065 // conversion from `Handle<T>` to `Handle<U>`.
1073 }
1077 };
1079 // Template to remove any barrier wrapper and get the underlying type.
1083 };
1087 };
1091 };
1095 };
1099 };
1101 #if MOZ_IS_GCC
1103 #endif
1112 }
1115 }
1118 }
1121 }
1122 };
1131 }
1134 }
1137 }
1140 }
1141 };
1150 }
1153 }
1156 }
1159 }
1160 };
1162 /* Useful for hashtables with a HeapPtr as key. */
1171 };
1181 };
1183 /* Useful for hashtables with a WeakHeapPtr as key. */
1193 }
1194 };
1204 };
1215 // Not implemented. GCPtr can't be used as a hash table key because it has a
1216 // post barrier but doesn't support relocation.
1217 };