mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-20 16:55:40 +00:00
b00f4011de
Currently incremental GC can run the finalizer for a dead reflector for a native after a new reflector for that native has been created and attached. This leads to the confusing situation where there are two reflectors that contain pointers to the same native (which has a pointer to the new one). This is a problem for memory accounting because the JS engine sees the size of the native at finalization time but does not see updates to this size after a new reflector is created. Thus the engine's idea of the size of a native can become incorrect and the memory accounting can become unbalanced. Consider the following situation: 1. Native object created of size 20MB 2. Reflector 1 created 3. Reflector 1 becomes unreachable 4. Reflector 2 created 5. Native size changes to 40MB 6. Reflector 1 finalized The memory associated with reflector 1 will be: 20MB (step 2), -20MB (step 6) The memory associated with reflector 2 will be: 20MB (step 4), 40MB (step 5) The memory associated with reflector 1 ends up negative (which should not be possible) and the total is also wrong. The patch runs the finalizer for any dead reflector when creating a new one. This ensures that finalizer sees the correct state. The native object pointer is cleared when this happens so when the GC later runs the finalizer again it is a no-op. This situation occurs pretty rarely so I don't think there is much overhead to running the finalizer more than once. This also allows us to tighten up the assertions in the finalizer. Differential Revision: https://phabricator.services.mozilla.com/D28690
72 lines
2.5 KiB
C
72 lines
2.5 KiB
C
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef nsWrapperCacheInline_h___
|
|
#define nsWrapperCacheInline_h___
|
|
|
|
#include "nsWrapperCache.h"
|
|
#include "js/TracingAPI.h"
|
|
|
|
inline JSObject* nsWrapperCache::GetWrapperPreserveColor() const {
|
|
JSObject* obj = GetWrapperMaybeDead();
|
|
if (obj && js::gc::EdgeNeedsSweepUnbarriered(&obj)) {
|
|
// The object has been found to be dead and is in the process of being
|
|
// finalized, so don't let the caller see it.
|
|
// Don't clear the cache though: this happens when a new wrapper is created
|
|
// for this native or when the wrapper is finalized.
|
|
return nullptr;
|
|
}
|
|
MOZ_ASSERT(obj == mWrapper);
|
|
return obj;
|
|
}
|
|
|
|
inline JSObject* nsWrapperCache::GetWrapper() const {
|
|
JSObject* obj = GetWrapperPreserveColor();
|
|
if (obj) {
|
|
JS::ExposeObjectToActiveJS(obj);
|
|
}
|
|
return obj;
|
|
}
|
|
|
|
inline bool nsWrapperCache::HasKnownLiveWrapper() const {
|
|
// If we have a wrapper and it's not gray in the GC-marking sense, that means
|
|
// that we can't be cycle-collected. That's because the wrapper is being kept
|
|
// alive by the JS engine (and not just due to being traced from some
|
|
// cycle-collectable thing), and the wrapper holds us alive, so we know we're
|
|
// not collectable.
|
|
JSObject* o = GetWrapperPreserveColor();
|
|
return o && !JS::ObjectIsMarkedGray(o);
|
|
}
|
|
|
|
static void SearchGray(JS::GCCellPtr aGCThing, const char* aName,
|
|
void* aClosure) {
|
|
bool* hasGrayObjects = static_cast<bool*>(aClosure);
|
|
if (!*hasGrayObjects && aGCThing && JS::GCThingIsMarkedGray(aGCThing)) {
|
|
*hasGrayObjects = true;
|
|
}
|
|
}
|
|
|
|
inline bool nsWrapperCache::HasNothingToTrace(nsISupports* aThis) {
|
|
nsXPCOMCycleCollectionParticipant* participant = nullptr;
|
|
CallQueryInterface(aThis, &participant);
|
|
bool hasGrayObjects = false;
|
|
participant->Trace(aThis, TraceCallbackFunc(SearchGray), &hasGrayObjects);
|
|
return !hasGrayObjects;
|
|
}
|
|
|
|
inline bool nsWrapperCache::HasKnownLiveWrapperAndDoesNotNeedTracing(
|
|
nsISupports* aThis) {
|
|
return HasKnownLiveWrapper() && HasNothingToTrace(aThis);
|
|
}
|
|
|
|
inline void nsWrapperCache::MarkWrapperLive() {
|
|
// Just call GetWrapper and ignore the return value. It will do the
|
|
// gray-unmarking for us.
|
|
GetWrapper();
|
|
}
|
|
|
|
#endif /* nsWrapperCache_h___ */
|