Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 01:35:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backed out 3 changesets (bug 1627248) for causing bustages in src/js/src/gc/GC.cpp

Browse Source 
CLOSED TREE

Backed out changeset f7bda197d6b9 (bug 1627248)
Backed out changeset cc6e408e477c (bug 1627248)
Backed out changeset f6ca42417f92 (bug 1627248)
This commit is contained in:
Mihai Alexandru Michis 2020-04-07 12:30:36 +03:00
parent de8847102d
commit 2b0db08709
6 changed files with 29 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
js/src/gc/Cell.h
View File

@ -124,13 +124,9 @@ class CellHeader {
// or JSObject/JSString (0).
static constexpr uintptr_t BIGINT_BIT = Bit(2);
bool isForwarded() const { return header_ & FORWARD_BIT; }
bool isString() const { return header_ & JSSTRING_BIT; }
bool isBigInt() const { return header_ & BIGINT_BIT; }
protected:
uintptr_t flags() const { return header_ & RESERVED_MASK; }
protected:
// NOTE: This word can also be used for temporary storage, see
// setTemporaryGCUnsafeData.
uintptr_t header_;
@ -185,17 +181,20 @@ struct alignas(gc::CellAlignBytes) Cell {
static MOZ_ALWAYS_INLINE bool needWriteBarrierPre(JS::Zone* zone);
inline bool isForwarded() const {
return reinterpret_cast<const CellHeader*>(this)->isForwarded();
uintptr_t firstWord = *reinterpret_cast<const uintptr_t*>(this);
return firstWord & CellHeader::FORWARD_BIT;
}
inline bool nurseryCellIsString() const {
MOZ_ASSERT(!isTenured());
return reinterpret_cast<const CellHeader*>(this)->isString();
uintptr_t firstWord = *reinterpret_cast<const uintptr_t*>(this);
return firstWord & CellHeader::JSSTRING_BIT;
}
inline bool nurseryCellIsBigInt() const {
MOZ_ASSERT(!isTenured());
return reinterpret_cast<const CellHeader*>(this)->isBigInt();
uintptr_t firstWord = *reinterpret_cast<const uintptr_t*>(this);
return firstWord & CellHeader::BIGINT_BIT;
}
template <class T>

14
js/src/gc/GC.cpp
View File

@ -313,17 +313,6 @@ static_assert(mozilla::ArrayLength(slotsToThingKind) ==
FOR_EACH_ALLOCKIND(CHECK_THING_SIZE);
#undef CHECK_THING_SIZE
// GC things must be standard-layout classes so we can access the cell header by
// casting the thing pointer to a CellHeader*. This checks the property for the
// least derived thing type.
#define CHECK_THING_LAYOUT(_1, traceKind, _2, _3, _4, _5, _6) \
static_assert( \
std::is_standard_layout< \
MapTraceKindToType<JS::TraceKind::traceKind>::Type>::value, \
"The class for " #traceKind " must by a standard layout type.");
FOR_EACH_ALLOCKIND(CHECK_THING_LAYOUT)
#undef CHECK_THING_LAYOUT
template <typename T>
struct ArenaLayout {
static constexpr size_t thingSize() { return sizeof(T); }
@ -1916,7 +1905,8 @@ static void RelocateCell(Zone* zone, TenuredCell* src, AllocKind thingKind,
#endif
// Mark source cell as forwarded and leave a pointer to the destination.
RelocationOverlay::forwardCell(src, dst);
RelocationOverlay* overlay = RelocationOverlay::fromCell(src);
overlay->forwardTo(dst);
}
static void RelocateArena(Arena* arena, SliceBudget& sliceBudget) {

23
js/src/gc/Marking-inl.h
View File

@ -108,21 +108,10 @@ inline T MaybeForwarded(T t) {
return t;
}
inline RelocatedCellHeader::RelocatedCellHeader(Cell* location,
uintptr_t flags) {
uintptr_t ptr = uintptr_t(location);
MOZ_ASSERT((ptr & RESERVED_MASK) == 0);
MOZ_ASSERT((flags & ~RESERVED_MASK) == 0);
header_ = ptr | flags | FORWARD_BIT;
}
inline RelocationOverlay::RelocationOverlay(Cell* dst, uintptr_t flags)
: header_(dst, flags) {}
/* static */
inline RelocationOverlay* RelocationOverlay::forwardCell(Cell* src, Cell* dst) {
MOZ_ASSERT(!src->isForwarded());
MOZ_ASSERT(!dst->isForwarded());
inline void RelocationOverlay::forwardTo(Cell* cell) {
MOZ_ASSERT(!isForwarded());
MOZ_ASSERT((uintptr_t(cell) & CellHeader::RESERVED_MASK) == 0,
"preserving flags doesn't clobber any existing bits");
// Preserve old flags because nursery may check them before checking
// if this is a forwarded Cell.
@ -132,8 +121,8 @@ inline RelocationOverlay* RelocationOverlay::forwardCell(Cell* src, Cell* dst) {
//
// The copied over flags are only used for nursery Cells, when the Cell is
// tenured, these bits are never read and hence may contain any content.
uintptr_t flags = reinterpret_cast<CellHeader*>(dst)->flags();
return new (src) RelocationOverlay(dst, flags);
uintptr_t gcFlags = dataWithTag_ & CellHeader::RESERVED_MASK;
dataWithTag_ = uintptr_t(cell) | gcFlags | CellHeader::FORWARD_BIT;
}
inline bool IsAboutToBeFinalizedDuringMinorSweep(Cell** cellp) {

12
js/src/gc/Marking.cpp
View File

@ -3245,7 +3245,8 @@ JSObject* js::TenuringTracer::moveToTenuredSlow(JSObject* src) {
CanNurseryAllocateFinalizedClass(src->getClass()));
}
RelocationOverlay* overlay = RelocationOverlay::forwardCell(src, dst);
RelocationOverlay* overlay = RelocationOverlay::fromCell(src);
overlay->forwardTo(dst);
insertIntoObjectFixupList(overlay);
gcTracer.tracePromoteToTenured(src, dst);
@ -3276,7 +3277,8 @@ inline JSObject* js::TenuringTracer::movePlainObjectToTenured(
MOZ_ASSERT(!dst->getClass()->extObjectMovedOp());
RelocationOverlay* overlay = RelocationOverlay::forwardCell(src, dst);
RelocationOverlay* overlay = RelocationOverlay::fromCell(src);
overlay->forwardTo(dst);
insertIntoObjectFixupList(overlay);
gcTracer.tracePromoteToTenured(src, dst);
@ -3394,7 +3396,8 @@ JSString* js::TenuringTracer::moveToTenured(JSString* src) {
tenuredSize += moveStringToTenured(dst, src, dstKind);
tenuredCells++;
RelocationOverlay* overlay = RelocationOverlay::forwardCell(src, dst);
RelocationOverlay* overlay = RelocationOverlay::fromCell(src);
overlay->forwardTo(dst);
insertIntoStringFixupList(overlay);
gcTracer.tracePromoteToTenured(src, dst);
@ -3420,7 +3423,8 @@ JS::BigInt* js::TenuringTracer::moveToTenured(JS::BigInt* src) {
tenuredSize += moveBigIntToTenured(dst, src, dstKind);
tenuredCells++;
RelocationOverlay* overlay = RelocationOverlay::forwardCell(src, dst);
RelocationOverlay* overlay = RelocationOverlay::fromCell(src);
overlay->forwardTo(dst);
insertIntoBigIntFixupList(overlay);
gcTracer.tracePromoteToTenured(src, dst);

20
js/src/gc/RelocationOverlay.h
View File

@ -20,15 +20,6 @@
namespace js {
namespace gc {
class RelocatedCellHeader : public CellHeader {
public:
RelocatedCellHeader(Cell* location, uintptr_t flags);
Cell* location() const {
return reinterpret_cast<Cell*>(header_ & ~RESERVED_MASK);
}
};
/*
* This structure overlays a Cell that has been moved and provides a way to find
* its new location. It's used during generational and compacting GC.
@ -40,13 +31,11 @@ class RelocationOverlay : public Cell {
// -------------------------
// | NewLocation | GCFlags |
// -------------------------
RelocatedCellHeader header_;
uintptr_t dataWithTag_;
/* A list entry to track all relocated things. */
RelocationOverlay* next_;
RelocationOverlay(Cell* dst, uintptr_t flags);
public:
static const RelocationOverlay* fromCell(const Cell* cell) {
return static_cast<const RelocationOverlay*>(cell);
@ -56,13 +45,14 @@ class RelocationOverlay : public Cell {
return static_cast<RelocationOverlay*>(cell);
}
static RelocationOverlay* forwardCell(Cell* src, Cell* dst);
Cell* forwardingAddress() const {
MOZ_ASSERT(isForwarded());
return header_.location();
uintptr_t newLocation = dataWithTag_ & ~CellHeader::RESERVED_MASK;
return reinterpret_cast<Cell*>(newLocation);
}
void forwardTo(Cell* cell);
RelocationOverlay*& nextRef() {
MOZ_ASSERT(isForwarded());
return next_;

2
js/src/vm/Scope.h
View File

@ -245,7 +245,6 @@ class Scope : public js::gc::TenuredCell {
friend class GCMarker;
friend class frontend::ScopeCreationData;
protected:
// The enclosing scope or nullptr.
using HeaderWithScope = gc::CellHeaderWithTenuredGCPointer<Scope>;
HeaderWithScope headerAndEnclosingScope_;
@ -257,6 +256,7 @@ class Scope : public js::gc::TenuredCell {
// EnvironmentObject. Otherwise nullptr.
const GCPtrShape environmentShape_;
protected:
BaseScopeData* data_;
Scope(ScopeKind kind, Scope* enclosing, Shape* environmentShape)