| blob | 624480e12981c023e4e5e9e26b4944e7b5672f1b |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* JS Garbage Collector. */
9 #ifndef jsgc_h
10 #define jsgc_h
28 }
36 MinorCollecting // doing a GC of the minor heap (nursery)
37 };
41 }
46 NO_INCREMENTAL,
47 MARK_ROOTS,
48 MARK,
49 SWEEP,
50 #ifdef JSGC_COMPACTING
51 COMPACT
52 #endif
53 };
57 {
81 };
84 }
86 /* Return a printable string for the given kind, for diagnostic purposes. */
90 /* Map from C++ type to finalize kind. JSObject does not have a 1:1 mapping, so must use Arena::thingSize. */
92 template <> struct MapTypeToFinalizeKind<JSScript> { static const AllocKind kind = FINALIZE_SCRIPT; };
93 template <> struct MapTypeToFinalizeKind<LazyScript> { static const AllocKind kind = FINALIZE_LAZY_SCRIPT; };
94 template <> struct MapTypeToFinalizeKind<Shape> { static const AllocKind kind = FINALIZE_SHAPE; };
95 template <> struct MapTypeToFinalizeKind<BaseShape> { static const AllocKind kind = FINALIZE_BASE_SHAPE; };
96 template <> struct MapTypeToFinalizeKind<types::TypeObject> { static const AllocKind kind = FINALIZE_TYPE_OBJECT; };
97 template <> struct MapTypeToFinalizeKind<JSFatInlineString> { static const AllocKind kind = FINALIZE_FAT_INLINE_STRING; };
98 template <> struct MapTypeToFinalizeKind<JSString> { static const AllocKind kind = FINALIZE_STRING; };
99 template <> struct MapTypeToFinalizeKind<JSExternalString> { static const AllocKind kind = FINALIZE_EXTERNAL_STRING; };
100 template <> struct MapTypeToFinalizeKind<JS::Symbol> { static const AllocKind kind = FINALIZE_SYMBOL; };
101 template <> struct MapTypeToFinalizeKind<jit::JitCode> { static const AllocKind kind = FINALIZE_JITCODE; };
103 #if defined(JSGC_GENERATIONAL) || defined(DEBUG)
106 {
131 };
134 }
135 #endif
137 #if defined(JSGC_FJGENERATIONAL)
138 // This is separate from IsNurseryAllocable() so that the latter can evolve
139 // without worrying about what the ForkJoinNursery's needs are, and vice
140 // versa to some extent.
143 {
168 };
171 }
172 #endif
176 {
201 };
204 }
208 {
210 /* If the class has no finalizer or a finalizer that is safe to call on
211 * a different thread, we change the finalize kind. For example,
212 * FINALIZE_OBJECT0 calls the finalizer on the main thread,
213 * FINALIZE_OBJECT0_BACKGROUND calls the finalizer on the gcHelperThread.
214 * IsBackgroundFinalized is called to prevent recursively incrementing
215 * the finalize kind; kind may already be a background finalize kind.
216 */
219 }
221 inline JSGCTraceKind
224 /* Capacity for slotsToThingKind */
229 /* Get the best kind to use when making an object with the given slot count. */
232 {
236 }
238 /* As for GetGCObjectKind, but for dense array allocation. */
241 {
242 /*
243 * Dense arrays can use their fixed slots to hold their elements array
244 * (less two Values worth of ObjectElements header), but if more than the
245 * maximum number of fixed slots is needed then the fixed slots will be
246 * unused.
247 */
252 }
256 {
259 }
263 {
267 }
269 /*
270 * Try to get the next larger size for an object, keeping BACKGROUND
271 * consistent.
272 */
275 {
281 }
283 /* Get the number of fixed slots and initial capacity associated with a kind. */
286 {
287 /* Using a switch in hopes that thingKind will usually be a compile-time constant. */
309 }
310 }
314 {
317 /* An object's private data uses the space taken by its last fixed slot. */
320 nslots--;
321 }
323 /*
324 * Functions have a larger finalize kind than FINALIZE_OBJECT to reserve
325 * space for the extra fields in JSFunction, but have no fixed slots.
326 */
331 }
333 // Class to assist in triggering background chunk allocation. This cannot be done
334 // while holding the GC or worker thread state lock due to lock ordering issues.
335 // As a result, the triggering is delayed using this class until neither of the
336 // above locks is held.
339 /*
340 * A single segment of a SortedArenaList. Each segment has a head and a tail,
341 * which track the start and end of a segment for O(1) append and concatenation.
342 */
343 struct SortedArenaListSegment
344 {
351 }
355 }
357 // Appends |aheader| to this segment.
363 }
365 // Points the tail of this segment at |aheader|, which may be null. Note
366 // that this does not change the tail itself, but merely which arena
367 // follows it. This essentially turns the tail into a cursor (see also the
368 // description of ArenaList), but from the perspective of a SortedArenaList
369 // this makes no difference.
372 }
373 };
375 /*
376 * Arena lists have a head and a cursor. The cursor conceptually lies on arena
377 * boundaries, i.e. before the first arena, between two arenas, or after the
378 * last arena.
379 *
380 * Normally the arena following the cursor is the first arena in the list with
381 * some free things and all arenas before the cursor are fully allocated. (And
382 * if the cursor is at the end of the list, then all the arenas are full.)
383 *
384 * However, the arena currently being allocated from is considered full while
385 * its list of free spans is moved into the freeList. Therefore, during GC or
386 * cell enumeration, when an unallocated freeList is moved back to the arena,
387 * we can see an arena with some free cells before the cursor.
388 *
389 * Arenas following the cursor should not be full.
390 */
392 // The cursor is implemented via an indirect pointer, |cursorp_|, to allow
393 // for efficient list insertion at the cursor point and other list
394 // manipulations.
395 //
396 // - If the list is empty: |head| is null, |cursorp_| points to |head|, and
397 // therefore |*cursorp_| is null.
398 //
399 // - If the list is not empty: |head| is non-null, and...
400 //
401 // - If the cursor is at the start of the list: |cursorp_| points to
402 // |head|, and therefore |*cursorp_| points to the first arena.
403 //
404 // - If cursor is at the end of the list: |cursorp_| points to the |next|
405 // field of the last arena, and therefore |*cursorp_| is null.
406 //
407 // - If the cursor is at neither the start nor the end of the list:
408 // |cursorp_| points to the |next| field of the arena preceding the
409 // cursor, and therefore |*cursorp_| points to the arena following the
410 // cursor.
411 //
412 // |cursorp_| is never null.
413 //
422 }
427 }
431 }
436 }
442 }
444 // This does checking just of |head_| and |cursorp_|.
446 #ifdef DEBUG
447 // If the list is empty, it must have this form.
450 // If there's an arena following the cursor, it must not be full.
453 #endif
454 }
460 }
465 }
467 // This returns nullptr if the list is empty.
471 }
476 }
481 }
483 // This can return nullptr.
487 }
489 // This moves the cursor past |aheader|. |aheader| must be an arena within
490 // this list.
494 }
496 // This does two things.
497 // - Inserts |a| at the cursor.
498 // - Leaves the cursor sitting just before |a|, if |a| is not full, or just
499 // after |a|, if |a| is full.
500 //
505 // At this point, the cursor is sitting before |a|. Move it after |a|
506 // if necessary.
510 }
512 // This inserts |other|, which must be full, at the cursor of |this|.
519 // Insert the full arenas of |other| after those of |this|.
525 }
527 #ifdef JSGC_COMPACTING
530 #endif
531 };
533 /*
534 * A class that holds arenas in sorted order by appending arenas to specific
535 * segments. Each segment has a head and a tail, which can be linked up to
536 * other segments to create a contiguous ArenaList.
537 */
538 class SortedArenaList
539 {
541 // The minimum size, in bytes, of a GC thing.
551 // The maximum number of GC things that an arena can hold.
557 // Convenience functions to get the nth head and tail.
564 }
569 }
571 // Resets the first |thingsPerArena| segments of this list for further use.
574 // Initialize the segments.
577 }
579 // Inserts a header, which has room for |nfree| more things, in its segment.
583 }
585 // Links up the tail of each non-empty segment to the head of the next
586 // non-empty segment, creating a contiguous list that is returned as an
587 // ArenaList. This is not a destructive operation: neither the head nor tail
588 // of any segment is modified. However, note that the ArenaHeaders in the
589 // resulting ArenaList should be treated as read-only unless the
590 // SortedArenaList is no longer needed: inserting or removing arenas would
591 // invalidate the SortedArenaList.
593 // Link the non-empty segment tails up to the non-empty segment heads.
599 }
600 }
601 // Point the tail of the final non-empty segment at null. Note that if
602 // the list is empty, this will just set segments[0].head to null.
604 // Create an ArenaList with head and cursor set to the head and tail of
605 // the first segment (if that segment is empty, only the head is used).
607 }
608 };
610 class ArenaLists
611 {
612 /*
613 * For each arena kind its free list is represented as the first span with
614 * free things. Initially all the spans are initialized as empty. After we
615 * find a new arena with available things we move its first free span into
616 * the list and set the arena as fully allocated. way we do not need to
617 * update the arena header after the initial allocation. When starting the
618 * GC we only move the head of the of the list of spans back to the arena
619 * only for the arena that was not fully allocated.
620 */
625 /*
626 * The background finalization adds the finalized arenas to the list at
627 * the cursor position. backgroundFinalizeState controls the interaction
628 * between the GC lock and the access to the list from the allocation
629 * thread.
630 *
631 * BFS_DONE indicates that the finalizations is not running or cannot
632 * affect this arena list. The allocation thread can access the list
633 * outside the GC lock.
634 *
635 * In BFS_RUN and BFS_JUST_FINISHED the allocation thread must take the
636 * lock. The former indicates that the finalization still runs. The latter
637 * signals that finalization just added to the list finalized arenas. In
638 * that case the lock effectively serves as a read barrier to ensure that
639 * the allocation thread sees all the writes done during finalization.
640 */
642 BFS_DONE,
643 BFS_RUN,
644 BFS_JUST_FINISHED
645 };
648 BackgroundFinalizeState;
653 /* For each arena kind, a list of arenas remaining to be swept. */
656 /* During incremental sweeping, a list of the arenas already swept. */
658 ArenaList incrementalSweptArenas;
660 /* Shape arenas to be swept in the foreground. */
673 }
677 /*
678 * We can only call this during the shutdown after the last GC when
679 * the background finalization is disabled.
680 */
684 // Copy aheader->next before releasing.
687 }
688 }
691 // Copy aheader->next before releasing.
694 }
695 }
700 }
704 }
708 }
712 }
718 }
722 }
726 /*
727 * The arena cannot be empty if the background finalization is not yet
728 * done.
729 */
734 }
736 }
740 /* The background finalization must have stopped at this point. */
746 }
747 }
748 }
753 }
757 }
759 /*
760 * Return the free list back to the arena so the GC finalization will not
761 * run the finalizers over unitialized bytes from free things.
762 */
766 }
774 }
775 }
779 /*
780 * Temporarily copy the free list heads to the arenas so the code can see
781 * the proper value in ArenaHeader::freeList when accessing the latter
782 * outside the GC.
783 */
787 }
795 }
796 }
798 /*
799 * Clear the free lists in arenas that were temporarily set there using
800 * copyToArenas.
801 */
805 }
813 }
814 }
816 /*
817 * Check that the free list is either empty or were synchronized with the
818 * arena using copyToArena().
819 */
826 /*
827 * If the arena has a free list, it must be the same as one in
828 * lists.
829 */
832 }
834 }
836 /* Check if |aheader|'s arena is in use. */
843 }
847 }
854 /*
855 * Moves all arenas from |fromArenaLists| into |this|. In
856 * parallel blocks, we temporarily create one ArenaLists per
857 * parallel thread. When the parallel block ends, we move
858 * whatever allocations may have been performed back into the
859 * compartment's main arena list using this function.
860 */
863 /* True if the ArenaHeader in question is found in this ArenaLists */
867 #ifdef DEBUG
870 #endif
871 }
875 }
877 #ifdef JSGC_COMPACTING
879 #endif
907 };
909 /*
910 * Initial allocation size for data structures holding chunks is set to hold
911 * chunks with total capacity of 16MB to avoid buffer resizes during browser
912 * startup.
913 */
916 /* The number of GC cycles an empty chunk can survive before been released. */
922 JS_GC_ROOT_VALUE_PTR,
923 JS_GC_ROOT_STRING_PTR,
924 JS_GC_ROOT_OBJECT_PTR,
925 JS_GC_ROOT_SCRIPT_PTR
932 JSGCRootType type;
933 };
936 RootInfo,
982 /*
983 * Kinds of js_GC invocation.
984 */
986 /* Normal invocation. */
989 /* Minimize GC triggers and release empty GC chunks right away. */
996 /* Functions for managing cross compartment gray pointers. */
1010 /*
1011 * Helper state for use when JS helper threads sweep and allocate GC thing kinds
1012 * that can be swept and allocated off the main thread.
1013 *
1014 * In non-threadsafe builds, all actual sweeping and allocation is performed
1015 * on the main thread, but GCHelperState encapsulates this from clients as
1016 * much as possible.
1017 */
1018 class GCHelperState
1019 {
1021 IDLE,
1022 SWEEPING,
1023 ALLOCATING,
1024 CANCEL_ALLOCATION
1025 };
1027 // Associated runtime.
1030 // Condvar for notifying the main thread when work has finished. This is
1031 // associated with the runtime's GC lock --- the worker thread state
1032 // condvars can't be used here due to lock ordering issues.
1035 // Activity for the helper to do, protected by the GC lock.
1036 State state_;
1038 // Thread which work is being performed on, or null.
1059 }
1061 /* Must be called with the GC lock taken. */
1073 { }
1080 /* Must be called with the GC lock taken. */
1083 /* Must be called with the GC lock taken. */
1086 /* Must be called without the GC lock taken. */
1089 /* Must be called without the GC lock taken. */
1092 /* Must be called with the GC lock taken. */
1097 }
1101 }
1105 /*
1106 * Outside the GC lock may give true answer when in fact the sweeping has
1107 * been done.
1108 */
1111 }
1116 }
1117 };
1122 /*
1123 * Strip zeros for better distribution after multiplying by the golden
1124 * ratio.
1125 */
1129 }
1135 }
1136 };
1142 JSGCTraceKind kind;
1143 #ifdef DEBUG
1144 JSTraceNamePrinter debugPrinter;
1147 #endif
1151 };
1153 void
1163 /*
1164 * This function calls |zoneCallback| on every zone, |compartmentCallback| on
1165 * every compartment, |arenaCallback| on every in-use arena, and |cellCallback|
1166 * on every in-use cell in the GC heap.
1167 */
1170 IterateZoneCallback zoneCallback,
1171 JSIterateCompartmentCallback compartmentCallback,
1172 IterateArenaCallback arenaCallback,
1173 IterateCellCallback cellCallback);
1175 /*
1176 * This function is like IterateZonesCompartmentsArenasCells, but does it for a
1177 * single zone.
1178 */
1181 IterateZoneCallback zoneCallback,
1182 JSIterateCompartmentCallback compartmentCallback,
1183 IterateArenaCallback arenaCallback,
1184 IterateCellCallback cellCallback);
1186 /*
1187 * Invoke chunkCallback on every in-use chunk.
1188 */
1194 /*
1195 * Invoke scriptCallback on every in-use script for
1196 * the given compartment or for all compartments if it is null.
1197 */
1209 JSCompartment *
1215 /*
1216 * Merge all contents of source into target. This can only be used if source is
1217 * the only compartment in its zone.
1218 */
1219 void
1222 #ifdef JSGC_COMPACTING
1224 /* Functions for checking and updating things that might be moved by compacting GC. */
1226 #ifdef JS_PUNBOX64
1228 #else
1230 #endif
1235 {
1239 }
1243 {
1255 }
1260 {
1264 }
1266 inline Value
1268 {
1278 }
1281 inline T
1283 {
1285 }
1287 #else
1295 #ifdef JSGC_HASH_TABLE_CHECKS
1300 {
1302 #ifdef JSGC_COMPACTING
1304 #endif
1305 }
1309 {
1316 }
1337 PreBarrierVerifier,
1338 PostBarrierVerifier
1339 };
1341 #ifdef JS_GC_ZEAL
1343 /* Check that write barriers have been used correctly. See jsgc.cpp. */
1344 void
1347 void
1350 #else
1354 {
1355 }
1359 {
1360 }
1362 #endif
1364 /*
1365 * Instances of this class set the |JSRuntime::suppressGC| flag for the duration
1366 * that they are live. Use of this class is highly discouraged. Please carefully
1367 * read the comment in jscntxt.h above |suppressGC| and take all appropriate
1368 * precautions before instantiating this class.
1369 */
1370 class AutoSuppressGC
1371 {
1380 {
1381 suppressGC_--;
1382 }
1383 };
1385 #ifdef DEBUG
1386 /* Disable OOM testing in sections which are not OOM safe. */
1387 class AutoEnterOOMUnsafeRegion
1388 {
1394 }
1397 }
1398 };
1399 #else
1403 // This tests whether something is inside the GGC's nursery only;
1404 // use sparingly, mostly testing for any nursery, using IsInsideNursery,
1405 // is appropriate.
1406 bool
1411 #ifdef DEBUG
1412 /* Use this to avoid assertions when manipulating the wrapper map. */
1413 class AutoDisableProxyCheck
1414 {
1415 MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER;
1420 MOZ_GUARD_OBJECT_NOTIFIER_PARAM);
1422 };
1423 #else
1424 struct AutoDisableProxyCheck
1425 {
1427 };
1428 #endif
1430 struct AutoDisableCompactingGC
1431 {
1432 #ifdef JSGC_COMPACTING
1438 #else
1441 #endif
1442 };
1444 void
1447 // This is the same as IsInsideNursery, but not inlined.
1448 bool