darlinghq/darling-JavaScriptCore
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-JavaScriptCore.git synced 2024-11-23 04:09:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
darling-JavaScriptCore/heap/HeapUtil.h

184 lines
8.7 KiB
C++
Raw Permalink Blame History

/*
* Copyright (C) 2016-2019 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
namespace JSC {
// Are you tired of waiting for all of WebKit to build because you changed the implementation of a
// function in HeapInlines.h? Does it bother you that you're waiting on rebuilding the JS DOM
// bindings even though your change is in a function called from only 2 .cpp files? Then HeapUtil.h
// is for you! Everything in this class should be a static method that takes a Heap& if needed.
// This is a friend of Heap, so you can access all of Heap's privates.
//
// This ends up being an issue because Heap exposes a lot of methods that ought to be inline for
// performance or that must be inline because they are templates. This class ought to contain
// methods that are used for the implementation of the collector, or for unusual clients that need
// to reach deep into the collector for some reason. Don't put things in here that would cause you
// to have to include it from more than a handful of places, since that would defeat the purpose.
// This class isn't here to look pretty. It's to let us hack the GC more easily!
class HeapUtil {
public:
// This function must be run after stopAllocation() is called and
// before liveness data is cleared to be accurate.
template<typename Func>
static void findGCObjectPointersForMarking(
Heap& heap, HeapVersion markingVersion, HeapVersion newlyAllocatedVersion, TinyBloomFilter filter,
void* passedPointer, const Func& func)
{
const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
ASSERT(heap.objectSpace().isMarking());
static constexpr bool isMarking = true;
char* pointer = static_cast<char*>(passedPointer);
// It could point to a large allocation.
if (heap.objectSpace().preciseAllocationsForThisCollectionSize()) {
if (heap.objectSpace().preciseAllocationsForThisCollectionBegin()[0]->aboveLowerBound(pointer)
&& heap.objectSpace().preciseAllocationsForThisCollectionEnd()[-1]->belowUpperBound(pointer)) {
PreciseAllocation** result = approximateBinarySearch<PreciseAllocation*>(
heap.objectSpace().preciseAllocationsForThisCollectionBegin(),
heap.objectSpace().preciseAllocationsForThisCollectionSize(),
PreciseAllocation::fromCell(pointer),
[] (PreciseAllocation** ptr) -> PreciseAllocation* { return *ptr; });
if (result) {
auto attemptLarge = [&] (PreciseAllocation* allocation) {
if (allocation->contains(pointer) && allocation->hasValidCell())
func(allocation->cell(), allocation->attributes().cellKind);
};
if (result > heap.objectSpace().preciseAllocationsForThisCollectionBegin())
attemptLarge(result[-1]);
attemptLarge(result[0]);
if (result + 1 < heap.objectSpace().preciseAllocationsForThisCollectionEnd())
attemptLarge(result[1]);
}
}
}
MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
// It's possible for a butterfly pointer to point past the end of a butterfly. Check this now.
if (pointer <= bitwise_cast<char*>(candidate) + sizeof(IndexingHeader)) {
// We may be interested in the last cell of the previous MarkedBlock.
char* previousPointer = bitwise_cast<char*>(bitwise_cast<uintptr_t>(pointer) - sizeof(IndexingHeader) - 1);
MarkedBlock* previousCandidate = MarkedBlock::blockFor(previousPointer);
if (!filter.ruleOut(bitwise_cast<Bits>(previousCandidate))
&& set.contains(previousCandidate)
&& mayHaveIndexingHeader(previousCandidate->handle().cellKind())) {
previousPointer = static_cast<char*>(previousCandidate->handle().cellAlign(previousPointer));
if (previousCandidate->handle().isLiveCell(markingVersion, newlyAllocatedVersion, isMarking, previousPointer))
func(previousPointer, previousCandidate->handle().cellKind());
}
}
if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
ASSERT(!candidate || !set.contains(candidate));
return;
}
if (!set.contains(candidate))
return;
HeapCell::Kind cellKind = candidate->handle().cellKind();
auto tryPointer = [&] (void* pointer) {
bool isLive = candidate->handle().isLiveCell(markingVersion, newlyAllocatedVersion, isMarking, pointer);
if (isLive)
func(pointer, cellKind);
// Only return early if we are marking a non-butterfly, since butterflies without indexed properties could point past the end of their allocation.
// If we do, and there is another live butterfly immediately following the first, we will mark the latter one here but we still need to
// mark the former.
return isLive && !mayHaveIndexingHeader(cellKind);
};
if (isJSCellKind(cellKind)) {
if (LIKELY(MarkedBlock::isAtomAligned(pointer))) {
if (tryPointer(pointer))
return;
}
}
// We could point into the middle of an object.
char* alignedPointer = static_cast<char*>(candidate->handle().cellAlign(pointer));
if (tryPointer(alignedPointer))
return;
// Also, a butterfly could point at the end of an object plus sizeof(IndexingHeader). In that
// case, this is pointing to the object to the right of the one we should be marking.
if (candidate->candidateAtomNumber(alignedPointer) > 0
&& pointer <= alignedPointer + sizeof(IndexingHeader))
tryPointer(alignedPointer - candidate->cellSize());
}
static bool isPointerGCObjectJSCell(Heap& heap, TinyBloomFilter filter, JSCell* pointer)
{
// It could point to a large allocation.
if (pointer->isPreciseAllocation()) {
auto* set = heap.objectSpace().preciseAllocationSet();
ASSERT(set);
if (set->isEmpty())
return false;
return set->contains(pointer);
}
const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
ASSERT(!candidate || !set.contains(candidate));
return false;
}
if (!MarkedBlock::isAtomAligned(pointer))
return false;
if (!set.contains(candidate))
return false;
if (candidate->handle().cellKind() != HeapCell::JSCell)
return false;
if (!candidate->handle().isLiveCell(pointer))
return false;
return true;
}
// This does not find the cell if the pointer is pointing at the middle of a JSCell.
static bool isValueGCObject(
Heap& heap, TinyBloomFilter filter, JSValue value)
{
ASSERT(heap.objectSpace().preciseAllocationSet());
if (!value.isCell())
return false;
return isPointerGCObjectJSCell(heap, filter, value.asCell());
}
};
} // namespace JSC
Reference in New Issue View Git Blame Copy Permalink