/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- * * ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is Mozilla Communicator client code, released * March 31, 1998. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1998 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either of the GNU General Public License Version 2 or later (the "GPL"), * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* * JS Mark-and-Sweep Garbage Collector. * * This GC allocates only fixed-sized things big enough to contain two words * (pointers) on any host architecture. It allocates from an arena pool (see * jsarena.h). It uses an ideally parallel array of flag bytes to hold the * mark bit, finalizer type index, etc. * * XXX swizzle page to freelist for better locality of reference */ #include "jsstddef.h" #include /* for free, called by JS_ARENA_DESTROY */ #include /* for memset, called by jsarena.h macros if DEBUG */ #include "jstypes.h" #include "jsarena.h" /* Added by JSIFY */ #include "jsutil.h" /* Added by JSIFY */ #include "jshash.h" /* Added by JSIFY */ #include "jsapi.h" #include "jsatom.h" #include "jscntxt.h" #include "jsconfig.h" #include "jsdbgapi.h" #include "jsfun.h" #include "jsgc.h" #include "jsinterp.h" #include "jslock.h" #include "jsnum.h" #include "jsobj.h" #include "jsscope.h" #include "jsscript.h" #include "jsstr.h" #if JS_HAS_XML_SUPPORT #include "jsxml.h" #endif /* * GC arena sizing depends on amortizing arena overhead using a large number * of things per arena, and on the thing/flags ratio of 8:1 on most platforms. * * On 64-bit platforms, we would have half as many things per arena because * pointers are twice as big, so we double the bytes for things per arena. * This preserves the 1024 byte flags sub-arena size, which relates to the * GC_PAGE_SIZE (see below for why). */ #if JS_BYTES_PER_WORD == 8 # define GC_THINGS_SHIFT 14 /* 16KB for things on Alpha, etc. */ #else # define GC_THINGS_SHIFT 13 /* 8KB for things on most platforms */ #endif #define GC_THINGS_SIZE JS_BIT(GC_THINGS_SHIFT) #define GC_FLAGS_SIZE (GC_THINGS_SIZE / sizeof(JSGCThing)) #define GC_ARENA_SIZE (GC_THINGS_SIZE + GC_FLAGS_SIZE) /* * A GC arena contains one flag byte for each thing in its heap, and supports * O(1) lookup of a flag given its thing's address. * * To implement this, we take advantage of the thing/flags numerology: given * the 8K bytes worth of GC-things, there are 1K flag bytes. We mask a thing's * address with ~1023 to find a JSGCPageInfo record at the front of a mythical * "GC page" within the larger 8K thing arena. That JSGCPageInfo contains a * pointer to the 128 flag bytes corresponding to the things in the page, so we * index into this flags array using the thing's index within its page. * * To align thing pages on 1024-byte boundaries, we must allocate the 9KB of * flags+things arena payload, then find the first 0 mod 1024 boundary after * the first payload address. That's where things start, with a JSGCPageInfo * taking up the first thing-slot, as usual for 0 mod 1024 byte boundaries. * The effect of this alignment trick is to split the flags into at most 2 * discontiguous spans, one before the things and one after (if we're really * lucky, and the arena payload starts on a 0 mod 1024 byte boundary, no need * to split). * * The overhead of this scheme for most platforms is (16+8*(8+1))/(16+9K) or * .95% (assuming 16 byte JSArena header size, and 8 byte JSGCThing size). * * Here's some ASCII art showing an arena: * * split * | * V * +--+-------+-------+-------+-------+-------+-------+-------+-------+-----+ * |fB| tp0 | tp1 | tp2 | tp3 | tp4 | tp5 | tp6 | tp7 | fA | * +--+-------+-------+-------+-------+-------+-------+-------+-------+-----+ * ^ ^ * tI ---------+ | * tJ -------------------------------------------+ * * - fB are the "before split" flags, fA are the "after split" flags * - tp0-tp7 are the 8 thing pages * - thing tI points into tp1, whose flags are below the split, in fB * - thing tJ points into tp5, clearly above the split * * In general, one of the thing pages will have some of its things' flags on * the low side of the split, and the rest of its things' flags on the high * side. All the other pages have flags only below or only above. Therefore * we'll have to test something to decide whether the split divides flags in * a given thing's page. So we store the split pointer (the pointer to tp0) * in each JSGCPageInfo, along with the flags pointer for the 128 flag bytes * ideally starting, for tp0 things, at the beginning of the arena's payload * (at the start of fB). * * That is, each JSGCPageInfo's flags pointer is 128 bytes from the previous, * or at the start of the arena if there is no previous page in this arena. * Thus these ideal 128-byte flag pages run contiguously from the start of the * arena (right over the split!), and the JSGCPageInfo flags pointers contain * no discontinuities over the split created by the thing pages. So if, for a * given JSGCPageInfo *pi, we find that * * pi->flags + ((jsuword)thing % 1024) / sizeof(JSGCThing) >= pi->split * * then we must add GC_THINGS_SIZE to the nominal flags pointer to jump over * all the thing pages that split the flags into two discontiguous spans. * * (If we need to implement card-marking for an incremental GC write barrier, * we can use the low byte of the pi->split pointer as the card-mark, for an * extremely efficient write barrier: when mutating an object obj, just store * a 1 byte at (uint8 *) ((jsuword)obj & ~1023) for little-endian platforms. * When finding flags, we'll of course have to mask split with ~255, but it is * guaranteed to be 1024-byte aligned, so no information is lost by overlaying * the card-mark byte on split's low byte.) */ #define GC_PAGE_SHIFT 10 #define GC_PAGE_MASK ((jsuword) JS_BITMASK(GC_PAGE_SHIFT)) #define GC_PAGE_SIZE JS_BIT(GC_PAGE_SHIFT) typedef struct JSGCPageInfo { uint8 *split; uint8 *flags; } JSGCPageInfo; #define FIRST_THING_PAGE(a) (((a)->base + GC_FLAGS_SIZE) & ~GC_PAGE_MASK) /* * Given a jsuword page pointer p and a thing size n, return the address of * the first thing in p. We know that any n not a power of two packs from * the end of the page leaving at least enough room for one JSGCPageInfo, but * not for another thing, at the front of the page (JS_ASSERTs below insist * on this). * * This works because all allocations are a multiple of sizeof(JSGCThing) == * sizeof(JSGCPageInfo) in size. */ #define FIRST_THING(p,n) (((n) & ((n) - 1)) \ ? (p) + (uint32)(GC_PAGE_SIZE % (n)) \ : (p) + (n)) static JSGCThing * gc_new_arena(JSArenaPool *pool, size_t nbytes) { uint8 *flagp, *split, *pagep, *limit; JSArena *a; jsuword p; JSGCThing *thing; JSGCPageInfo *pi; /* Use JS_ArenaAllocate to grab another 9K-net-size hunk of space. */ flagp = (uint8 *) JS_ArenaAllocate(pool, GC_ARENA_SIZE); if (!flagp) return NULL; a = pool->current; /* Reset a->avail to start at the flags split, aka the first thing page. */ p = FIRST_THING_PAGE(a); split = pagep = (uint8 *) p; a->avail = FIRST_THING(p, nbytes); JS_ASSERT(a->avail >= p + sizeof(JSGCPageInfo)); thing = (JSGCThing *) a->avail; JS_ArenaCountAllocation(pool, a->avail - p); a->avail += nbytes; /* Initialize the JSGCPageInfo records at the start of every thing page. */ limit = pagep + GC_THINGS_SIZE; do { pi = (JSGCPageInfo *) pagep; pi->split = split; pi->flags = flagp; flagp += GC_PAGE_SIZE >> (GC_THINGS_SHIFT - GC_PAGE_SHIFT); pagep += GC_PAGE_SIZE; } while (pagep < limit); return thing; } uint8 * js_GetGCThingFlags(void *thing) { JSGCPageInfo *pi; uint8 *flagp; pi = (JSGCPageInfo *) ((jsuword)thing & ~GC_PAGE_MASK); flagp = pi->flags + ((jsuword)thing & GC_PAGE_MASK) / sizeof(JSGCThing); if (flagp >= pi->split) flagp += GC_THINGS_SIZE; return flagp; } JSBool js_IsAboutToBeFinalized(JSContext *cx, void *thing) { uint8 flags = *js_GetGCThingFlags(thing); return !(flags & (GCF_MARK | GCF_LOCK | GCF_FINAL)); } typedef void (*GCFinalizeOp)(JSContext *cx, JSGCThing *thing); #ifndef DEBUG # define js_FinalizeDouble NULL #endif #if !JS_HAS_XML_SUPPORT # define js_FinalizeXMLNamespace NULL # define js_FinalizeXMLQName NULL # define js_FinalizeXML NULL #endif static GCFinalizeOp gc_finalizers[GCX_NTYPES] = { (GCFinalizeOp) js_FinalizeObject, /* GCX_OBJECT */ (GCFinalizeOp) js_FinalizeString, /* GCX_STRING */ (GCFinalizeOp) js_FinalizeDouble, /* GCX_DOUBLE */ (GCFinalizeOp) js_FinalizeString, /* GCX_MUTABLE_STRING */ NULL, /* GCX_PRIVATE */ (GCFinalizeOp) js_FinalizeXMLNamespace, /* GCX_NAMESPACE */ (GCFinalizeOp) js_FinalizeXMLQName, /* GCX_QNAME */ (GCFinalizeOp) js_FinalizeXML, /* GCX_XML */ NULL, /* GCX_EXTERNAL_STRING */ NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #ifdef GC_MARK_DEBUG static const char newborn_external_string[] = "newborn external string"; static const char *gc_typenames[GCX_NTYPES] = { "newborn object", "newborn string", "newborn double", "newborn mutable string", "newborn private", "newborn Namespace", "newborn QName", "newborn XML", newborn_external_string, newborn_external_string, newborn_external_string, newborn_external_string, newborn_external_string, newborn_external_string, newborn_external_string, newborn_external_string }; #endif intN js_ChangeExternalStringFinalizer(JSStringFinalizeOp oldop, JSStringFinalizeOp newop) { uintN i; for (i = GCX_EXTERNAL_STRING; i < GCX_NTYPES; i++) { if (gc_finalizers[i] == (GCFinalizeOp) oldop) { gc_finalizers[i] = (GCFinalizeOp) newop; return (intN) i; } } return -1; } #ifdef JS_GCMETER #define METER(x) x #else #define METER(x) /* nothing */ #endif /* Initial size of the gcRootsHash table (SWAG, small enough to amortize). */ #define GC_ROOTS_SIZE 256 #define GC_FINALIZE_LEN 1024 JSBool js_InitGC(JSRuntime *rt, uint32 maxbytes) { uintN i; JS_ASSERT(sizeof(JSGCThing) == sizeof(JSGCPageInfo)); JS_ASSERT(sizeof(JSGCThing) >= sizeof(JSObject)); JS_ASSERT(sizeof(JSGCThing) >= sizeof(JSString)); JS_ASSERT(sizeof(JSGCThing) >= sizeof(jsdouble)); JS_ASSERT(GC_FLAGS_SIZE >= GC_PAGE_SIZE); JS_ASSERT(sizeof(JSStackHeader) >= 2 * sizeof(jsval)); for (i = 0; i < GC_NUM_FREELISTS; i++) JS_InitArenaPool(&rt->gcArenaPool[i], "gc-arena", GC_ARENA_SIZE, 1); if (!JS_DHashTableInit(&rt->gcRootsHash, JS_DHashGetStubOps(), NULL, sizeof(JSGCRootHashEntry), GC_ROOTS_SIZE)) { rt->gcRootsHash.ops = NULL; return JS_FALSE; } rt->gcLocksHash = NULL; /* create lazily */ rt->gcMaxBytes = maxbytes; return JS_TRUE; } #ifdef JS_GCMETER JS_FRIEND_API(void) js_DumpGCStats(JSRuntime *rt, FILE *fp) { uintN i; fprintf(fp, "\nGC allocation statistics:\n"); #define UL(x) ((unsigned long)(x)) #define ULSTAT(x) UL(rt->gcStats.x) fprintf(fp, " public bytes allocated: %lu\n", UL(rt->gcBytes)); fprintf(fp, " private bytes allocated: %lu\n", UL(rt->gcPrivateBytes)); fprintf(fp, " alloc attempts: %lu\n", ULSTAT(alloc)); for (i = 0; i < GC_NUM_FREELISTS; i++) { fprintf(fp, " GC freelist %u length: %lu\n", i, ULSTAT(freelen[i])); fprintf(fp, " recycles via GC freelist %u: %lu\n", i, ULSTAT(recycle[i])); } fprintf(fp, "allocation retries after GC: %lu\n", ULSTAT(retry)); fprintf(fp, " allocation failures: %lu\n", ULSTAT(fail)); fprintf(fp, " things born locked: %lu\n", ULSTAT(lockborn)); fprintf(fp, " valid lock calls: %lu\n", ULSTAT(lock)); fprintf(fp, " valid unlock calls: %lu\n", ULSTAT(unlock)); fprintf(fp, " mark recursion depth: %lu\n", ULSTAT(depth)); fprintf(fp, " maximum mark recursion: %lu\n", ULSTAT(maxdepth)); fprintf(fp, " mark C recursion depth: %lu\n", ULSTAT(cdepth)); fprintf(fp, " maximum mark C recursion: %lu\n", ULSTAT(maxcdepth)); fprintf(fp, " mark C stack overflows: %lu\n", ULSTAT(dswmark)); fprintf(fp, " mark DSW recursion depth: %lu\n", ULSTAT(dswdepth)); fprintf(fp, " maximum mark DSW recursion: %lu\n", ULSTAT(maxdswdepth)); fprintf(fp, " mark DSW up-tree movement: %lu\n", ULSTAT(dswup)); fprintf(fp, "DSW up-tree obj->slot steps: %lu\n", ULSTAT(dswupstep)); fprintf(fp, " maximum GC nesting level: %lu\n", ULSTAT(maxlevel)); fprintf(fp, "potentially useful GC calls: %lu\n", ULSTAT(poke)); fprintf(fp, " useless GC calls: %lu\n", ULSTAT(nopoke)); fprintf(fp, " thing arenas freed so far: %lu\n", ULSTAT(afree)); fprintf(fp, " stack segments scanned: %lu\n", ULSTAT(stackseg)); fprintf(fp, "stack segment slots scanned: %lu\n", ULSTAT(segslots)); #undef UL #undef US #ifdef JS_ARENAMETER JS_DumpArenaStats(fp); #endif } #endif #ifdef DEBUG JS_STATIC_DLL_CALLBACK(JSDHashOperator) js_root_printer(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 i, void *arg) { uint32 *leakedroots = (uint32 *)arg; JSGCRootHashEntry *rhe = (JSGCRootHashEntry *)hdr; (*leakedroots)++; fprintf(stderr, "JS engine warning: leaking GC root \'%s\' at %p\n", rhe->name ? (char *)rhe->name : "", rhe->root); return JS_DHASH_NEXT; } #endif void js_FinishGC(JSRuntime *rt) { uintN i; #ifdef JS_ARENAMETER JS_DumpArenaStats(stdout); #endif #ifdef JS_GCMETER js_DumpGCStats(rt, stdout); #endif for (i = 0; i < GC_NUM_FREELISTS; i++) { JS_FinishArenaPool(&rt->gcArenaPool[i]); rt->gcFreeList[i] = NULL; } JS_ArenaFinish(); if (rt->gcRootsHash.ops) { #ifdef DEBUG uint32 leakedroots = 0; /* Warn (but don't assert) debug builds of any remaining roots. */ JS_DHashTableEnumerate(&rt->gcRootsHash, js_root_printer, &leakedroots); if (leakedroots > 0) { if (leakedroots == 1) { fprintf(stderr, "JS engine warning: 1 GC root remains after destroying the JSRuntime.\n" " This root may point to freed memory. Objects reachable\n" " through it have not been finalized.\n"); } else { fprintf(stderr, "JS engine warning: %lu GC roots remain after destroying the JSRuntime.\n" " These roots may point to freed memory. Objects reachable\n" " through them have not been finalized.\n", (unsigned long) leakedroots); } } #endif JS_DHashTableFinish(&rt->gcRootsHash); rt->gcRootsHash.ops = NULL; } if (rt->gcLocksHash) { JS_DHashTableDestroy(rt->gcLocksHash); rt->gcLocksHash = NULL; } } JSBool js_AddRoot(JSContext *cx, void *rp, const char *name) { JSBool ok = js_AddRootRT(cx->runtime, rp, name); if (!ok) JS_ReportOutOfMemory(cx); return ok; } JSBool js_AddRootRT(JSRuntime *rt, void *rp, const char *name) { JSBool ok; JSGCRootHashEntry *rhe; /* * Due to the long-standing, but now removed, use of rt->gcLock across the * bulk of js_GC, API users have come to depend on JS_AddRoot etc. locking * properly with a racing GC, without calling JS_AddRoot from a request. * We have to preserve API compatibility here, now that we avoid holding * rt->gcLock across the mark phase (including the root hashtable mark). * * If the GC is running and we're called on another thread, wait for this * GC activation to finish. We can safely wait here (in the case where we * are called within a request on another thread's context) without fear * of deadlock because the GC doesn't set rt->gcRunning until after it has * waited for all active requests to end. */ JS_LOCK_GC(rt); #ifdef JS_THREADSAFE JS_ASSERT(!rt->gcRunning || rt->gcLevel > 0); if (rt->gcRunning && rt->gcThread != js_CurrentThreadId()) { do { JS_AWAIT_GC_DONE(rt); } while (rt->gcLevel > 0); } #endif rhe = (JSGCRootHashEntry *) JS_DHashTableOperate(&rt->gcRootsHash, rp, JS_DHASH_ADD); if (rhe) { rhe->root = rp; rhe->name = name; ok = JS_TRUE; } else { ok = JS_FALSE; } JS_UNLOCK_GC(rt); return ok; } JSBool js_RemoveRoot(JSRuntime *rt, void *rp) { /* * Due to the JS_RemoveRootRT API, we may be called outside of a request. * Same synchronization drill as above in js_AddRoot. */ JS_LOCK_GC(rt); #ifdef JS_THREADSAFE JS_ASSERT(!rt->gcRunning || rt->gcLevel > 0); if (rt->gcRunning && rt->gcThread != js_CurrentThreadId()) { do { JS_AWAIT_GC_DONE(rt); } while (rt->gcLevel > 0); } #endif (void) JS_DHashTableOperate(&rt->gcRootsHash, rp, JS_DHASH_REMOVE); rt->gcPoke = JS_TRUE; JS_UNLOCK_GC(rt); return JS_TRUE; } #ifdef DEBUG_brendan #define NGCHIST 64 static struct GCHist { JSBool lastDitch; JSGCThing *freeList; } gchist[NGCHIST]; unsigned gchpos; #endif void * js_NewGCThing(JSContext *cx, uintN flags, size_t nbytes) { JSBool tried_gc; JSRuntime *rt; size_t nflags; uintN i; JSGCThing *thing, **flp; uint8 *flagp; JSLocalRootStack *lrs; uint32 *bytesptr; rt = cx->runtime; JS_LOCK_GC(rt); JS_ASSERT(!rt->gcRunning); if (rt->gcRunning) { METER(rt->gcStats.finalfail++); JS_UNLOCK_GC(rt); return NULL; } #ifdef TOO_MUCH_GC #ifdef WAY_TOO_MUCH_GC rt->gcPoke = JS_TRUE; #endif js_GC(cx, GC_KEEP_ATOMS | GC_ALREADY_LOCKED); tried_gc = JS_TRUE; #else tried_gc = JS_FALSE; #endif METER(rt->gcStats.alloc++); nbytes = JS_ROUNDUP(nbytes, sizeof(JSGCThing)); nflags = nbytes / sizeof(JSGCThing); i = GC_FREELIST_INDEX(nbytes); flp = &rt->gcFreeList[i]; retry: thing = *flp; if (thing) { *flp = thing->next; flagp = thing->flagp; METER(rt->gcStats.freelen[i]--); METER(rt->gcStats.recycle[i]++); } else { if (rt->gcBytes < rt->gcMaxBytes && (tried_gc || rt->gcMallocBytes < rt->gcMaxBytes)) { /* * Inline form of JS_ARENA_ALLOCATE adapted to truncate the current * arena's limit to a GC_PAGE_SIZE boundary, and to skip over every * GC_PAGE_SIZE-byte-aligned thing (which is actually not a thing, * it's a JSGCPageInfo record). */ JSArenaPool *pool = &rt->gcArenaPool[i]; JSArena *a = pool->current; jsuword p = a->avail; jsuword q = p + nbytes; if (q > (a->limit & ~GC_PAGE_MASK)) { thing = gc_new_arena(pool, nbytes); } else { if ((p & GC_PAGE_MASK) == 0) { /* Beware, p points to a JSGCPageInfo record! */ p = FIRST_THING(p, nbytes); q = p + nbytes; JS_ArenaCountAllocation(pool, p & GC_PAGE_MASK); } a->avail = q; thing = (JSGCThing *)p; } JS_ArenaCountAllocation(pool, nbytes); } /* * Consider doing a "last ditch" GC if thing couldn't be allocated. * * Keep rt->gcLock across the call into js_GC so we don't starve and * lose to racing threads who deplete the heap just after js_GC has * replenished it (or has synchronized with a racing GC that collected * a bunch of garbage). This unfair scheduling can happen on certain * operating systems. For the gory details, see Mozilla bug 162779 * (http://bugzilla.mozilla.org/show_bug.cgi?id=162779). */ if (!thing) { if (!tried_gc) { rt->gcPoke = JS_TRUE; js_GC(cx, GC_KEEP_ATOMS | GC_ALREADY_LOCKED); if (JS_HAS_NATIVE_BRANCH_CALLBACK_OPTION(cx) && cx->branchCallback && !cx->branchCallback(cx, NULL)) { METER(rt->gcStats.retryhalt++); JS_UNLOCK_GC(rt); return NULL; } tried_gc = JS_TRUE; METER(rt->gcStats.retry++); goto retry; } goto fail; } /* Find the flags pointer given thing's address. */ flagp = js_GetGCThingFlags(thing); } lrs = cx->localRootStack; if (lrs) { /* * If we're in a local root scope, don't set cx->newborn[type] at all, * to avoid entraining garbage from it for an unbounded amount of time * on this context. A caller will leave the local root scope and pop * this reference, allowing thing to be GC'd if it has no other refs. * See JS_EnterLocalRootScope and related APIs. */ if (js_PushLocalRoot(cx, lrs, (jsval) thing) < 0) goto fail; } else { /* * No local root scope, so we're stuck with the old, fragile model of * depending on a pigeon-hole newborn per type per context. */ cx->newborn[flags & GCF_TYPEMASK] = thing; } /* We can't fail now, so update flags and rt->gc{,Private}Bytes. */ *flagp = (uint8)flags; bytesptr = ((flags & GCF_TYPEMASK) == GCX_PRIVATE) ? &rt->gcPrivateBytes : &rt->gcBytes; *bytesptr += nbytes + nflags; /* * Clear thing before unlocking in case a GC run is about to scan it, * finding it via cx->newborn[]. */ thing->next = NULL; thing->flagp = NULL; #ifdef DEBUG_brendan gchist[gchpos].lastDitch = tried_gc; gchist[gchpos].freeList = *flp; if (++gchpos == NGCHIST) gchpos = 0; #endif METER(if (flags & GCF_LOCK) rt->gcStats.lockborn++); JS_UNLOCK_GC(rt); return thing; fail: METER(rt->gcStats.fail++); JS_UNLOCK_GC(rt); JS_ReportOutOfMemory(cx); return NULL; } JSBool js_LockGCThing(JSContext *cx, void *thing) { JSBool ok = js_LockGCThingRT(cx->runtime, thing); if (!ok) JS_ReportOutOfMemory(cx); return ok; } /* * Deep GC-things can't be locked just by setting the GCF_LOCK bit, because * their descendants must be marked by the GC. To find them during the mark * phase, they are added to rt->gcLocksHash, which is created lazily. * * NB: we depend on the order of GC-thing type indexes here! */ #define GC_TYPE_IS_STRING(t) ((t) == GCX_STRING || \ (t) >= GCX_EXTERNAL_STRING) #define GC_TYPE_IS_XML(t) ((unsigned)((t) - GCX_NAMESPACE) <= \ (unsigned)(GCX_XML - GCX_NAMESPACE)) #define GC_TYPE_IS_DEEP(t) ((t) == GCX_OBJECT || GC_TYPE_IS_XML(t)) #define IS_DEEP_STRING(t,o) (GC_TYPE_IS_STRING(t) && \ JSSTRING_IS_DEPENDENT((JSString *)(o))) #define GC_THING_IS_DEEP(t,o) (GC_TYPE_IS_DEEP(t) || IS_DEEP_STRING(t, o)) JSBool js_LockGCThingRT(JSRuntime *rt, void *thing) { JSBool ok, deep; uint8 *flagp, flags, lock, type; JSGCLockHashEntry *lhe; ok = JS_TRUE; if (!thing) return ok; flagp = js_GetGCThingFlags(thing); JS_LOCK_GC(rt); flags = *flagp; lock = (flags & GCF_LOCK); type = (flags & GCF_TYPEMASK); deep = GC_THING_IS_DEEP(type, thing); /* * Avoid adding a rt->gcLocksHash entry for shallow things until someone * nests a lock -- then start such an entry with a count of 2, not 1. */ if (lock || deep) { if (!rt->gcLocksHash) { rt->gcLocksHash = JS_NewDHashTable(JS_DHashGetStubOps(), NULL, sizeof(JSGCLockHashEntry), GC_ROOTS_SIZE); if (!rt->gcLocksHash) { ok = JS_FALSE; goto done; } } else if (lock == 0) { #ifdef DEBUG JSDHashEntryHdr *hdr = JS_DHashTableOperate(rt->gcLocksHash, thing, JS_DHASH_LOOKUP); JS_ASSERT(JS_DHASH_ENTRY_IS_FREE(hdr)); #endif } lhe = (JSGCLockHashEntry *) JS_DHashTableOperate(rt->gcLocksHash, thing, JS_DHASH_ADD); if (!lhe) { ok = JS_FALSE; goto done; } if (!lhe->thing) { lhe->thing = thing; lhe->count = deep ? 1 : 2; } else { JS_ASSERT(lhe->count >= 1); lhe->count++; } } *flagp = (uint8)(flags | GCF_LOCK); METER(rt->gcStats.lock++); ok = JS_TRUE; done: JS_UNLOCK_GC(rt); return ok; } JSBool js_UnlockGCThingRT(JSRuntime *rt, void *thing) { uint8 *flagp, flags; JSGCLockHashEntry *lhe; if (!thing) return JS_TRUE; flagp = js_GetGCThingFlags(thing); JS_LOCK_GC(rt); flags = *flagp; if (flags & GCF_LOCK) { if (!rt->gcLocksHash || (lhe = (JSGCLockHashEntry *) JS_DHashTableOperate(rt->gcLocksHash, thing, JS_DHASH_LOOKUP), JS_DHASH_ENTRY_IS_FREE(&lhe->hdr))) { /* Shallow GC-thing with an implicit lock count of 1. */ JS_ASSERT(!GC_THING_IS_DEEP(flags & GCF_TYPEMASK, thing)); } else { /* Basis or nested unlock of a deep thing, or nested of shallow. */ if (--lhe->count != 0) goto out; JS_DHashTableOperate(rt->gcLocksHash, thing, JS_DHASH_REMOVE); } *flagp = (uint8)(flags & ~GCF_LOCK); } rt->gcPoke = JS_TRUE; out: METER(rt->gcStats.unlock++); JS_UNLOCK_GC(rt); return JS_TRUE; } #ifdef GC_MARK_DEBUG #include #include "jsprf.h" JS_FRIEND_DATA(FILE *) js_DumpGCHeap; JS_EXPORT_DATA(void *) js_LiveThingToFind; #ifdef HAVE_XPCONNECT #include "dump_xpc.h" #endif static const char * gc_object_class_name(void* thing) { uint8 *flagp = js_GetGCThingFlags(thing); const char *className = ""; static char depbuf[32]; switch (*flagp & GCF_TYPEMASK) { case GCX_OBJECT: { JSObject *obj = (JSObject *)thing; JSClass *clasp = JSVAL_TO_PRIVATE(obj->slots[JSSLOT_CLASS]); className = clasp->name; #ifdef HAVE_XPCONNECT if (clasp->flags & JSCLASS_PRIVATE_IS_NSISUPPORTS) { jsval privateValue = obj->slots[JSSLOT_PRIVATE]; JS_ASSERT(clasp->flags & JSCLASS_HAS_PRIVATE); if (!JSVAL_IS_VOID(privateValue)) { void *privateThing = JSVAL_TO_PRIVATE(privateValue); const char *xpcClassName = GetXPCObjectClassName(privateThing); if (xpcClassName) className = xpcClassName; } } #endif break; } case GCX_STRING: case GCX_MUTABLE_STRING: { JSString *str = (JSString *)thing; if (JSSTRING_IS_DEPENDENT(str)) { JS_snprintf(depbuf, sizeof depbuf, "start:%u, length:%u", JSSTRDEP_START(str), JSSTRDEP_LENGTH(str)); className = depbuf; } else { className = "string"; } break; } case GCX_DOUBLE: className = "double"; break; } return className; } static void gc_dump_thing(JSGCThing *thing, uint8 flags, GCMarkNode *prev, FILE *fp) { GCMarkNode *next = NULL; char *path = NULL; while (prev) { next = prev; prev = prev->prev; } while (next) { uint8 nextFlags = *js_GetGCThingFlags(next->thing); if ((nextFlags & GCF_TYPEMASK) == GCX_OBJECT) { path = JS_sprintf_append(path, "%s(%s @ 0x%08p).", next->name, gc_object_class_name(next->thing), (JSObject*)next->thing); } else { path = JS_sprintf_append(path, "%s(%s).", next->name, gc_object_class_name(next->thing)); } next = next->next; } if (!path) return; fprintf(fp, "%08lx ", (long)thing); switch (flags & GCF_TYPEMASK) { case GCX_OBJECT: { JSObject *obj = (JSObject *)thing; jsval privateValue = obj->slots[JSSLOT_PRIVATE]; void *privateThing = JSVAL_IS_VOID(privateValue) ? NULL : JSVAL_TO_PRIVATE(privateValue); const char *className = gc_object_class_name(thing); fprintf(fp, "object %8p %s", privateThing, className); break; } #if JS_HAS_XML_SUPPORT case GCX_NAMESPACE: { JSXMLNamespace *ns = (JSXMLNamespace *)thing; fprintf(fp, "namespace %s:%s", JS_GetStringBytes(ns->prefix), JS_GetStringBytes(ns->uri)); break; } case GCX_QNAME: { JSXMLQName *qn = (JSXMLQName *)thing; fprintf(fp, "qname %s(%s):%s", JS_GetStringBytes(qn->prefix), JS_GetStringBytes(qn->uri), JS_GetStringBytes(qn->localName)); break; } case GCX_XML: { extern const char *js_xml_class_str[]; JSXML *xml = (JSXML *)thing; fprintf(fp, "xml %8p %s", xml, js_xml_class_str[xml->xml_class]); break; } #endif case GCX_DOUBLE: fprintf(fp, "double %g", *(jsdouble *)thing); break; case GCX_PRIVATE: fprintf(fp, "private %8p", (void *)thing); break; default: fprintf(fp, "string %s", JS_GetStringBytes((JSString *)thing)); break; } fprintf(fp, " via %s\n", path); free(path); } #endif /* !GC_MARK_DEBUG */ static void gc_mark_atom_key_thing(void *thing, void *arg) { JSContext *cx = (JSContext *) arg; GC_MARK(cx, thing, "atom", NULL); } void js_MarkAtom(JSContext *cx, JSAtom *atom, void *arg) { jsval key; if (atom->flags & ATOM_MARK) return; atom->flags |= ATOM_MARK; key = ATOM_KEY(atom); if (JSVAL_IS_GCTHING(key)) { #ifdef GC_MARK_DEBUG char name[32]; if (JSVAL_IS_STRING(key)) { JS_snprintf(name, sizeof name, "'%s'", JS_GetStringBytes(JSVAL_TO_STRING(key))); } else { JS_snprintf(name, sizeof name, "<%x>", key); } #endif GC_MARK(cx, JSVAL_TO_GCTHING(key), name, arg); } if (atom->flags & ATOM_HIDDEN) js_MarkAtom(cx, atom->entry.value, arg); } /* * These macros help avoid passing the GC_MARK_DEBUG-only |arg| parameter * during recursive calls when GC_MARK_DEBUG is not defined. */ #ifdef GC_MARK_DEBUG # define UNMARKED_GC_THING_FLAGS(thing, arg) \ UnmarkedGCThingFlags(thing, arg) # define NEXT_UNMARKED_GC_THING(vp, end, thingp, flagpp, arg) \ NextUnmarkedGCThing(vp, end, thingp, flagpp, arg) # define MARK_GC_THING(cx, thing, flagp, arg) \ MarkGCThing(cx, thing, flagp, arg) # define CALL_GC_THING_MARKER(marker, cx, thing, arg) \ marker(cx, thing, arg) #else # define UNMARKED_GC_THING_FLAGS(thing, arg) \ UnmarkedGCThingFlags(thing) # define NEXT_UNMARKED_GC_THING(vp, end, thingp, flagpp, arg) \ NextUnmarkedGCThing(vp, end, thingp, flagpp) # define MARK_GC_THING(cx, thing, flagp, arg) \ MarkGCThing(cx, thing, flagp) # define CALL_GC_THING_MARKER(marker, cx, thing, arg) \ marker(cx, thing, NULL) #endif static uint8 * UNMARKED_GC_THING_FLAGS(void *thing, void *arg) { uint8 flags, *flagp; if (!thing) return NULL; flagp = js_GetGCThingFlags(thing); flags = *flagp; JS_ASSERT(flags != GCF_FINAL); #ifdef GC_MARK_DEBUG if (js_LiveThingToFind == thing) gc_dump_thing(thing, flags, arg, stderr); #endif if (flags & GCF_MARK) return NULL; return flagp; } static jsval * NEXT_UNMARKED_GC_THING(jsval *vp, jsval *end, void **thingp, uint8 **flagpp, void *arg) { jsval v; void *thing; uint8 *flagp; while (vp < end) { v = *vp; if (JSVAL_IS_GCTHING(v)) { thing = JSVAL_TO_GCTHING(v); flagp = UNMARKED_GC_THING_FLAGS(thing, arg); if (flagp) { *thingp = thing; *flagpp = flagp; return vp; } } vp++; } return NULL; } static void DeutschSchorrWaite(JSContext *cx, void *thing, uint8 *flagp); static JSBool MARK_GC_THING(JSContext *cx, void *thing, uint8 *flagp, void *arg) { JSRuntime *rt; JSObject *obj; jsval v, *vp, *end; JSString *str; void *next_thing; uint8 *next_flagp; #ifdef JS_GCMETER uint32 tailCallNesting; #endif #ifdef GC_MARK_DEBUG JSScope *scope; JSScopeProperty *sprop; char name[32]; #endif int stackDummy; rt = cx->runtime; METER(tailCallNesting = 0); METER(if (++rt->gcStats.cdepth > rt->gcStats.maxcdepth) rt->gcStats.maxcdepth = rt->gcStats.cdepth); #ifndef GC_MARK_DEBUG start: #endif JS_ASSERT(flagp); METER(if (++rt->gcStats.depth > rt->gcStats.maxdepth) rt->gcStats.maxdepth = rt->gcStats.depth); if (*flagp & GCF_MARK) { /* * This should happen only if recursive MARK_GC_THING marks flags * already stored in the caller's *next_flagp. */ goto out; } *flagp |= GCF_MARK; #ifdef GC_MARK_DEBUG if (js_DumpGCHeap) gc_dump_thing(thing, *flagp, arg, js_DumpGCHeap); #endif switch (*flagp & GCF_TYPEMASK) { case GCX_OBJECT: /* If obj->slots is null, obj must be a newborn. */ obj = (JSObject *) thing; vp = obj->slots; if (!vp) goto out; /* Switch to Deutsch-Schorr-Waite if we exhaust our stack quota. */ if (!JS_CHECK_STACK_SIZE(cx, stackDummy)) { METER(rt->gcStats.dswmark++); DeutschSchorrWaite(cx, thing, flagp); goto out; } /* Mark slots if they are small enough to be GC-allocated. */ if ((vp[-1] + 1) * sizeof(jsval) <= GC_NBYTES_MAX) GC_MARK(cx, vp - 1, "slots", arg); /* Set up local variables to loop over unmarked things. */ end = vp + ((obj->map->ops->mark) ? CALL_GC_THING_MARKER(obj->map->ops->mark, cx, obj, arg) : JS_MIN(obj->map->freeslot, obj->map->nslots)); vp = NEXT_UNMARKED_GC_THING(vp, end, &thing, &flagp, arg); if (!vp) goto out; v = *vp; /* * Here, thing is the first value in obj->slots referring to an * unmarked GC-thing. */ #ifdef GC_MARK_DEBUG scope = OBJ_IS_NATIVE(obj) ? OBJ_SCOPE(obj) : NULL; #endif for (;;) { /* Check loop invariants. */ JS_ASSERT(v == *vp && JSVAL_IS_GCTHING(v)); JS_ASSERT(thing == JSVAL_TO_GCTHING(v)); JS_ASSERT(flagp == js_GetGCThingFlags(thing)); #ifdef GC_MARK_DEBUG if (scope) { uint32 slot; jsval nval; slot = vp - obj->slots; for (sprop = SCOPE_LAST_PROP(scope); ; sprop = sprop->parent) { if (!sprop) { switch (slot) { case JSSLOT_PROTO: strcpy(name, js_proto_str); break; case JSSLOT_PARENT: strcpy(name, js_parent_str); break; default: JS_snprintf(name, sizeof name, "**UNKNOWN SLOT %ld**", (long)slot); break; } break; } if (sprop->slot == slot) { nval = ID_TO_VALUE(sprop->id); if (JSVAL_IS_INT(nval)) { JS_snprintf(name, sizeof name, "%ld", (long)JSVAL_TO_INT(nval)); } else if (JSVAL_IS_STRING(nval)) { JS_snprintf(name, sizeof name, "%s", JS_GetStringBytes(JSVAL_TO_STRING(nval))); } else { strcpy(name, "**FINALIZED ATOM KEY**"); } break; } } } else { strcpy(name, "**UNKNOWN OBJECT MAP ENTRY**"); } #endif do { vp = NEXT_UNMARKED_GC_THING(vp+1, end, &next_thing, &next_flagp, arg); if (!vp) { /* * Here thing came from the last unmarked GC-thing slot. * We can eliminate tail recursion unless GC_MARK_DEBUG * is defined. */ #ifdef GC_MARK_DEBUG GC_MARK(cx, thing, name, arg); goto out; #else METER(++tailCallNesting); goto start; #endif } } while (next_thing == thing); v = *vp; #ifdef GC_MARK_DEBUG GC_MARK(cx, thing, name, arg); #else MARK_GC_THING(cx, thing, flagp, arg); #endif thing = next_thing; flagp = next_flagp; } break; #ifdef DEBUG case GCX_STRING: str = (JSString *)thing; JS_ASSERT(!JSSTRING_IS_DEPENDENT(str)); break; #endif case GCX_MUTABLE_STRING: str = (JSString *)thing; if (JSSTRING_IS_DEPENDENT(str)) { thing = JSSTRDEP_BASE(str); flagp = UNMARKED_GC_THING_FLAGS(thing, arg); if (flagp) { #ifdef GC_MARK_DEBUG GC_MARK(cx, thing, "base", arg); goto out; #else METER(++tailCallNesting); goto start; #endif } } break; #if JS_HAS_XML_SUPPORT case GCX_NAMESPACE: CALL_GC_THING_MARKER(js_MarkXMLNamespace, cx, (JSXMLNamespace *)thing, arg); break; case GCX_QNAME: CALL_GC_THING_MARKER(js_MarkXMLQName, cx, (JSXMLQName *)thing, arg); break; case GCX_XML: CALL_GC_THING_MARKER(js_MarkXML, cx, (JSXML *)thing, arg); break; #endif } out: METER(rt->gcStats.depth -= 1 + tailCallNesting); METER(rt->gcStats.cdepth--); return JS_TRUE; } /* * An invalid object reference that's distinct from JSVAL_TRUE and JSVAL_FALSE * when tagged as a boolean. Used to indicate empty DSW mark stack. * * Reversed pointers that link the DSW mark stack through obj->slots entries * are also tagged as booleans so we can find each pointer and unreverse it. * Because no object pointer is <= 16, these values can be distinguished from * JSVAL_EMPTY, JSVAL_TRUE, and JSVAL_FALSE. */ #define JSVAL_EMPTY (2 << JSVAL_TAGBITS) /* * To optimize native objects to avoid O(n^2) explosion in pathological cases, * we use a dswIndex member of JSScope to tell where in obj->slots to find the * reversed pointer. Scrounging space in JSScope by packing existing members * tighter yielded 16 bits of index, which we use directly if obj->slots has * 64K or fewer slots. Otherwise we make scope->dswIndex a fixed-point 16-bit * fraction of the number of slots. */ static JS_INLINE uint16 EncodeDSWIndex(jsval *vp, jsval *slots) { uint32 nslots, limit, index; jsdouble d; nslots = slots[-1]; limit = JS_BIT(16); index = PTRDIFF(vp, slots, jsval); JS_ASSERT(index < nslots); if (nslots > limit) { d = ((jsdouble)index / nslots) * limit; JS_ASSERT(0 <= d && d < limit); return (uint16) d; } return (uint16) index; } static JS_INLINE uint32 DecodeDSWIndex(uint16 dswIndex, jsval *slots) { uint32 nslots, limit; jsdouble d; nslots = slots[-1]; limit = JS_BIT(16); JS_ASSERT(dswIndex < nslots); if (nslots > limit) { d = ((jsdouble)dswIndex * nslots) / limit; JS_ASSERT(0 <= d && d < nslots); return (uint32) d; } return dswIndex; } static void DeutschSchorrWaite(JSContext *cx, void *thing, uint8 *flagp) { jsval top, parent, v, *vp, *end; JSObject *obj; JSScope *scope; #ifdef JS_GCMETER JSRuntime *rt = cx->runtime; #endif top = JSVAL_EMPTY; down: METER(if (++rt->gcStats.dswdepth > rt->gcStats.maxdswdepth) rt->gcStats.maxdswdepth = rt->gcStats.dswdepth); obj = (JSObject *) thing; parent = OBJECT_TO_JSVAL(obj); /* Precompute for quick testing to set and get scope->dswIndex. */ scope = (OBJ_IS_NATIVE(obj) && OBJ_SCOPE(obj)->object == obj) ? OBJ_SCOPE(obj) : NULL; /* Mark slots if they are small enough to be GC-allocated. */ vp = obj->slots; if ((vp[-1] + 1) * sizeof(jsval) <= GC_NBYTES_MAX) GC_MARK(cx, vp - 1, "slots", NULL); end = vp + ((obj->map->ops->mark) ? obj->map->ops->mark(cx, obj, NULL) : JS_MIN(obj->map->freeslot, obj->map->nslots)); *flagp |= GCF_MARK; for (;;) { while ((vp = NEXT_UNMARKED_GC_THING(vp, end, &thing, &flagp, NULL)) != NULL) { v = *vp; JS_ASSERT(JSVAL_TO_GCTHING(v) == thing); if (JSVAL_IS_OBJECT(v)) { *vp = JSVAL_SETTAG(top, JSVAL_BOOLEAN); top = parent; if (scope) scope->dswIndex = EncodeDSWIndex(vp, obj->slots); goto down; } /* Handle string and double GC-things. */ MARK_GC_THING(cx, thing, flagp, NULL); } /* If we are back at the root (or we never left it), we're done. */ METER(rt->gcStats.dswdepth--); if (scope) scope->dswIndex = 0; if (top == JSVAL_EMPTY) return; /* Time to go back up the spanning tree. */ METER(rt->gcStats.dswup++); obj = JSVAL_TO_OBJECT(top); vp = obj->slots; end = vp + vp[-1]; /* * If obj is native and owns its own scope, we can minimize the cost * of searching for the reversed pointer. */ scope = (OBJ_IS_NATIVE(obj) && OBJ_SCOPE(obj)->object == obj) ? OBJ_SCOPE(obj) : NULL; if (scope) vp += DecodeDSWIndex(scope->dswIndex, vp); /* * Alas, we must search for the reversed pointer. If we used the * scope->dswIndex hint, we'll step over a few slots for objects with * a few times 64K slots, etc. For more typical (that is, far fewer * than 64K slots) native objects that own their own scopes, this loop * won't iterate at all. The order of complexity for host objects and * unmutated native objects is O(n^2), but n (4 or 5 in most cases) is * low enough that we don't care. * * We cannot use a reversed pointer into obj->slots, because there * is no way to find an object from an address within its slots. */ v = *vp; while (v <= JSVAL_TRUE || !JSVAL_IS_BOOLEAN(v)) { METER(rt->gcStats.dswupstep++); JS_ASSERT(vp + 1 < end); v = *++vp; } *vp++ = parent; parent = top; top = JSVAL_CLRTAG(v); } } void js_MarkGCThing(JSContext *cx, void *thing, void *arg) { uint8 *flagp; flagp = UNMARKED_GC_THING_FLAGS(thing, arg); if (!flagp) return; MARK_GC_THING(cx, thing, flagp, arg); } JS_STATIC_DLL_CALLBACK(JSDHashOperator) gc_root_marker(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 num, void *arg) { JSGCRootHashEntry *rhe = (JSGCRootHashEntry *)hdr; jsval *rp = (jsval *)rhe->root; jsval v = *rp; /* Ignore null object and scalar values. */ if (!JSVAL_IS_NULL(v) && JSVAL_IS_GCTHING(v)) { JSContext *cx = (JSContext *)arg; #ifdef DEBUG uintN i; JSArena *a; jsuword firstpage; JSBool root_points_to_gcArenaPool = JS_FALSE; void *thing = JSVAL_TO_GCTHING(v); for (i = 0; i < GC_NUM_FREELISTS; i++) { for (a = cx->runtime->gcArenaPool[i].first.next; a; a = a->next) { firstpage = FIRST_THING_PAGE(a); if (JS_UPTRDIFF(thing, firstpage) < a->avail - firstpage) { root_points_to_gcArenaPool = JS_TRUE; break; } } } if (!root_points_to_gcArenaPool && rhe->name) { fprintf(stderr, "JS API usage error: the address passed to JS_AddNamedRoot currently holds an\n" "invalid jsval. This is usually caused by a missing call to JS_RemoveRoot.\n" "The root's name is \"%s\".\n", rhe->name); } JS_ASSERT(root_points_to_gcArenaPool); #endif GC_MARK(cx, JSVAL_TO_GCTHING(v), rhe->name ? rhe->name : "root", NULL); } return JS_DHASH_NEXT; } JS_STATIC_DLL_CALLBACK(JSDHashOperator) gc_lock_marker(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 num, void *arg) { JSGCLockHashEntry *lhe = (JSGCLockHashEntry *)hdr; void *thing = (void *)lhe->thing; JSContext *cx = (JSContext *)arg; GC_MARK(cx, thing, "locked object", NULL); return JS_DHASH_NEXT; } void js_ForceGC(JSContext *cx, uintN gcflags) { uintN i; for (i = 0; i < GCX_NTYPES; i++) cx->newborn[i] = NULL; cx->lastAtom = NULL; cx->runtime->gcPoke = JS_TRUE; js_GC(cx, gcflags); JS_ArenaFinish(); } #define GC_MARK_JSVALS(cx, len, vec, name) \ JS_BEGIN_MACRO \ jsval _v, *_vp, *_end; \ \ for (_vp = vec, _end = _vp + len; _vp < _end; _vp++) { \ _v = *_vp; \ if (JSVAL_IS_GCTHING(_v)) \ GC_MARK(cx, JSVAL_TO_GCTHING(_v), name, NULL); \ } \ JS_END_MACRO void js_GC(JSContext *cx, uintN gcflags) { JSRuntime *rt; JSContext *iter, *acx; JSStackFrame *fp, *chain; uintN i, depth, nslots, type; JSStackHeader *sh; JSTempValueRooter *tvr; size_t nbytes, nflags; JSArena *a, **ap; uint8 flags, *flagp, *split; JSGCThing *thing, *limit, **flp, **oflp; GCFinalizeOp finalizer; uint32 *bytesptr; JSBool all_clear; #ifdef JS_THREADSAFE jsword currentThread; uint32 requestDebit; #endif rt = cx->runtime; #ifdef JS_THREADSAFE /* Avoid deadlock. */ JS_ASSERT(!JS_IS_RUNTIME_LOCKED(rt)); #endif /* * Don't collect garbage if the runtime isn't up, and cx is not the last * context in the runtime. The last context must force a GC, and nothing * should suppress that final collection or there may be shutdown leaks, * or runtime bloat until the next context is created. */ if (rt->state != JSRTS_UP && !(gcflags & GC_LAST_CONTEXT)) return; /* * Let the API user decide to defer a GC if it wants to (unless this * is the last context). Invoke the callback regardless. */ if (rt->gcCallback) { if (!rt->gcCallback(cx, JSGC_BEGIN) && !(gcflags & GC_LAST_CONTEXT)) return; } /* Lock out other GC allocator and collector invocations. */ if (!(gcflags & GC_ALREADY_LOCKED)) JS_LOCK_GC(rt); /* Do nothing if no mutator has executed since the last GC. */ if (!rt->gcPoke) { METER(rt->gcStats.nopoke++); if (!(gcflags & GC_ALREADY_LOCKED)) JS_UNLOCK_GC(rt); return; } METER(rt->gcStats.poke++); rt->gcPoke = JS_FALSE; #ifdef JS_THREADSAFE /* Bump gcLevel and return rather than nest on this thread. */ currentThread = js_CurrentThreadId(); if (rt->gcThread == currentThread) { JS_ASSERT(rt->gcLevel > 0); rt->gcLevel++; METER(if (rt->gcLevel > rt->gcStats.maxlevel) rt->gcStats.maxlevel = rt->gcLevel); if (!(gcflags & GC_ALREADY_LOCKED)) JS_UNLOCK_GC(rt); return; } /* * If we're in one or more requests (possibly on more than one context) * running on the current thread, indicate, temporarily, that all these * requests are inactive. NB: if cx->thread is 0, then cx is not using * the request model, and does not contribute to rt->requestCount. */ requestDebit = 0; if (cx->thread) { /* * Check all contexts for any with the same thread-id. XXX should we * keep a sub-list of contexts having the same id? */ iter = NULL; while ((acx = js_ContextIterator(rt, JS_FALSE, &iter)) != NULL) { if (acx->thread == cx->thread && acx->requestDepth) requestDebit++; } } else { /* * We assert, but check anyway, in case someone is misusing the API. * Avoiding the loop over all of rt's contexts is a win in the event * that the GC runs only on request-less contexts with 0 thread-ids, * in a special thread such as might be used by the UI/DOM/Layout * "mozilla" or "main" thread in Mozilla-the-browser. */ JS_ASSERT(cx->requestDepth == 0); if (cx->requestDepth) requestDebit = 1; } if (requestDebit) { JS_ASSERT(requestDebit <= rt->requestCount); rt->requestCount -= requestDebit; if (rt->requestCount == 0) JS_NOTIFY_REQUEST_DONE(rt); } /* If another thread is already in GC, don't attempt GC; wait instead. */ if (rt->gcLevel > 0) { /* Bump gcLevel to restart the current GC, so it finds new garbage. */ rt->gcLevel++; METER(if (rt->gcLevel > rt->gcStats.maxlevel) rt->gcStats.maxlevel = rt->gcLevel); /* Wait for the other thread to finish, then resume our request. */ while (rt->gcLevel > 0) JS_AWAIT_GC_DONE(rt); if (requestDebit) rt->requestCount += requestDebit; if (!(gcflags & GC_ALREADY_LOCKED)) JS_UNLOCK_GC(rt); return; } /* No other thread is in GC, so indicate that we're now in GC. */ rt->gcLevel = 1; rt->gcThread = currentThread; /* Wait for all other requests to finish. */ while (rt->requestCount > 0) JS_AWAIT_REQUEST_DONE(rt); #else /* !JS_THREADSAFE */ /* Bump gcLevel and return rather than nest; the outer gc will restart. */ rt->gcLevel++; METER(if (rt->gcLevel > rt->gcStats.maxlevel) rt->gcStats.maxlevel = rt->gcLevel); if (rt->gcLevel > 1) return; #endif /* !JS_THREADSAFE */ /* * Set rt->gcRunning here within the GC lock, and after waiting for any * active requests to end, so that new requests that try to JS_AddRoot, * JS_RemoveRoot, or JS_RemoveRootRT block in JS_BeginRequest waiting for * rt->gcLevel to drop to zero, while request-less calls to the *Root* * APIs block in js_AddRoot or js_RemoveRoot (see above in this file), * waiting for GC to finish. */ rt->gcRunning = JS_TRUE; JS_UNLOCK_GC(rt); /* If a suspended compile is running on another context, keep atoms. */ if (rt->gcKeepAtoms) gcflags |= GC_KEEP_ATOMS; /* Reset malloc counter. */ rt->gcMallocBytes = 0; /* Drop atoms held by the property cache, and clear property weak links. */ js_DisablePropertyCache(cx); js_FlushPropertyCache(cx); #ifdef DEBUG_notme { extern void js_DumpScopeMeters(JSRuntime *rt); js_DumpScopeMeters(rt); } #endif restart: rt->gcNumber++; /* * Mark phase. */ JS_DHashTableEnumerate(&rt->gcRootsHash, gc_root_marker, cx); if (rt->gcLocksHash) JS_DHashTableEnumerate(rt->gcLocksHash, gc_lock_marker, cx); js_MarkAtomState(&rt->atomState, gcflags, gc_mark_atom_key_thing, cx); js_MarkWatchPoints(rt); js_MarkScriptFilenames(rt, gcflags); iter = NULL; while ((acx = js_ContextIterator(rt, JS_TRUE, &iter)) != NULL) { /* * Iterate frame chain and dormant chains. Temporarily tack current * frame onto the head of the dormant list to ease iteration. * * (NB: see comment on this whole "dormant" thing in js_Execute.) */ chain = acx->fp; if (chain) { JS_ASSERT(!chain->dormantNext); chain->dormantNext = acx->dormantFrameChain; } else { chain = acx->dormantFrameChain; } for (fp = chain; fp; fp = chain = chain->dormantNext) { do { if (fp->callobj) GC_MARK(cx, fp->callobj, "call object", NULL); if (fp->argsobj) GC_MARK(cx, fp->argsobj, "arguments object", NULL); if (fp->varobj) GC_MARK(cx, fp->varobj, "variables object", NULL); if (fp->script) { js_MarkScript(cx, fp->script, NULL); if (fp->spbase) { /* * Don't mark what has not been pushed yet, or what * has been popped already. */ depth = fp->script->depth; nslots = (JS_UPTRDIFF(fp->sp, fp->spbase) < depth * sizeof(jsval)) ? (uintN)(fp->sp - fp->spbase) : depth; GC_MARK_JSVALS(cx, nslots, fp->spbase, "operand"); } } GC_MARK(cx, fp->thisp, "this", NULL); if (fp->argv) { nslots = fp->argc; if (fp->fun) { if (fp->fun->nargs > nslots) nslots = fp->fun->nargs; nslots += fp->fun->extra; } GC_MARK_JSVALS(cx, nslots, fp->argv, "arg"); } if (JSVAL_IS_GCTHING(fp->rval)) GC_MARK(cx, JSVAL_TO_GCTHING(fp->rval), "rval", NULL); if (fp->vars) GC_MARK_JSVALS(cx, fp->nvars, fp->vars, "var"); GC_MARK(cx, fp->scopeChain, "scope chain", NULL); if (fp->sharpArray) GC_MARK(cx, fp->sharpArray, "sharp array", NULL); if (fp->xmlNamespace) GC_MARK(cx, fp->xmlNamespace, "xmlNamespace", NULL); } while ((fp = fp->down) != NULL); } /* Cleanup temporary "dormant" linkage. */ if (acx->fp) acx->fp->dormantNext = NULL; /* Mark other roots-by-definition in acx. */ GC_MARK(cx, acx->globalObject, "global object", NULL); for (i = 0; i < GCX_NTYPES; i++) GC_MARK(cx, acx->newborn[i], gc_typenames[i], NULL); if (acx->lastAtom) GC_MARK_ATOM(cx, acx->lastAtom, NULL); if (JSVAL_IS_GCTHING(acx->lastInternalResult)) { thing = JSVAL_TO_GCTHING(acx->lastInternalResult); if (thing) GC_MARK(cx, thing, "lastInternalResult", NULL); } #if JS_HAS_EXCEPTIONS if (acx->throwing && JSVAL_IS_GCTHING(acx->exception)) GC_MARK(cx, JSVAL_TO_GCTHING(acx->exception), "exception", NULL); #endif #if JS_HAS_LVALUE_RETURN if (acx->rval2set && JSVAL_IS_GCTHING(acx->rval2)) GC_MARK(cx, JSVAL_TO_GCTHING(acx->rval2), "rval2", NULL); #endif for (sh = acx->stackHeaders; sh; sh = sh->down) { METER(rt->gcStats.stackseg++); METER(rt->gcStats.segslots += sh->nslots); GC_MARK_JSVALS(cx, sh->nslots, JS_STACK_SEGMENT(sh), "stack"); } if (acx->localRootStack) js_MarkLocalRoots(cx, acx->localRootStack); for (tvr = acx->tempValueRooters; tvr; tvr = tvr->down) { if (tvr->count < 0) { if (JSVAL_IS_GCTHING(tvr->u.value)) { GC_MARK(cx, JSVAL_TO_GCTHING(tvr->u.value), "tvr->u.value", NULL); } } else { GC_MARK_JSVALS(cx, tvr->count, tvr->u.array, "tvr->u.array"); } } } #ifdef DUMP_CALL_TABLE js_DumpCallTable(cx); #endif if (rt->gcCallback) (void) rt->gcCallback(cx, JSGC_MARK_END); /* * Sweep phase. * * Finalize as we sweep, outside of rt->gcLock, but with rt->gcRunning set * so that any attempt to allocate a GC-thing from a finalizer will fail, * rather than nest badly and leave the unmarked newborn to be swept. * * Finalize smaller objects before larger, to guarantee finalization of * GC-allocated obj->slots after obj. See FreeSlots in jsobj.c. */ js_SweepAtomState(&rt->atomState); js_SweepScopeProperties(rt); js_SweepScriptFilenames(rt); for (i = 0; i < GC_NUM_FREELISTS; i++) { nbytes = GC_FREELIST_NBYTES(i); nflags = nbytes / sizeof(JSGCThing); for (a = rt->gcArenaPool[i].first.next; a; a = a->next) { flagp = (uint8 *) a->base; split = (uint8 *) FIRST_THING_PAGE(a); limit = (JSGCThing *) a->avail; for (thing = (JSGCThing *) split; thing < limit; thing += nflags) { if (((jsuword)thing & GC_PAGE_MASK) == 0) { thing = (JSGCThing *) FIRST_THING((jsuword)thing, nbytes); flagp = js_GetGCThingFlags(thing); } flags = *flagp; if (flags & GCF_MARK) { *flagp &= ~GCF_MARK; } else if (!(flags & (GCF_LOCK | GCF_FINAL))) { /* Call the finalizer with GCF_FINAL ORed into flags. */ type = flags & GCF_TYPEMASK; finalizer = gc_finalizers[type]; if (finalizer) { *flagp = (uint8)(flags | GCF_FINAL); if (type >= GCX_EXTERNAL_STRING) js_PurgeDeflatedStringCache((JSString *)thing); finalizer(cx, thing); } /* Set flags to GCF_FINAL, signifying that thing is free. */ *flagp = GCF_FINAL; bytesptr = (type == GCX_PRIVATE) ? &rt->gcPrivateBytes : &rt->gcBytes; JS_ASSERT(*bytesptr >= nbytes + nflags); *bytesptr -= nbytes + nflags; } flagp += nflags; if (JS_UPTRDIFF(flagp, split) < nflags) flagp += GC_THINGS_SIZE; } } } /* * Free phase. * Free any unused arenas and rebuild the JSGCThing freelist. */ for (i = 0; i < GC_NUM_FREELISTS; i++) { ap = &rt->gcArenaPool[i].first.next; a = *ap; if (!a) continue; all_clear = JS_TRUE; flp = oflp = &rt->gcFreeList[i]; *flp = NULL; METER(rt->gcStats.freelen[i] = 0); nbytes = GC_FREELIST_NBYTES(i); nflags = nbytes / sizeof(JSGCThing); do { flagp = (uint8 *) a->base; split = (uint8 *) FIRST_THING_PAGE(a); limit = (JSGCThing *) a->avail; for (thing = (JSGCThing *) split; thing < limit; thing += nflags) { if (((jsuword)thing & GC_PAGE_MASK) == 0) { thing = (JSGCThing *) FIRST_THING((jsuword)thing, nbytes); flagp = js_GetGCThingFlags(thing); } if (*flagp != GCF_FINAL) { all_clear = JS_FALSE; } else { thing->flagp = flagp; *flp = thing; flp = &thing->next; METER(rt->gcStats.freelen[i]++); } flagp += nflags; if (JS_UPTRDIFF(flagp, split) < nflags) flagp += GC_THINGS_SIZE; } if (all_clear) { JS_ARENA_DESTROY(&rt->gcArenaPool[i], a, ap); flp = oflp; METER(rt->gcStats.afree++); } else { ap = &a->next; all_clear = JS_TRUE; oflp = flp; } } while ((a = *ap) != NULL); /* Terminate the new freelist. */ *flp = NULL; } if (rt->gcCallback) (void) rt->gcCallback(cx, JSGC_FINALIZE_END); #ifdef DEBUG_notme { extern void DumpSrcNoteSizeHist(); DumpSrcNoteSizeHist(); printf("GC HEAP SIZE %lu (%lu)\n", (unsigned long)rt->gcBytes, (unsigned long)rt->gcPrivateBytes); } #endif JS_LOCK_GC(rt); if (rt->gcLevel > 1 || rt->gcPoke) { rt->gcLevel = 1; rt->gcPoke = JS_FALSE; JS_UNLOCK_GC(rt); goto restart; } js_EnablePropertyCache(cx); rt->gcLevel = 0; rt->gcLastBytes = rt->gcBytes; rt->gcRunning = JS_FALSE; #ifdef JS_THREADSAFE /* If we were invoked during a request, pay back the temporary debit. */ if (requestDebit) rt->requestCount += requestDebit; rt->gcThread = 0; JS_NOTIFY_GC_DONE(rt); if (!(gcflags & GC_ALREADY_LOCKED)) JS_UNLOCK_GC(rt); #endif if (rt->gcCallback) { if (gcflags & GC_ALREADY_LOCKED) JS_UNLOCK_GC(rt); (void) rt->gcCallback(cx, JSGC_END); if (gcflags & GC_ALREADY_LOCKED) JS_LOCK_GC(rt); } }