author Terrence Cole <terrence@mozilla.com>
Thu, 14 Jan 2016 15:00:20 -0800
changeset 322106 3d8d87127bc2383d2c9380f6af19b53752b9acf5
parent 320759 4bc0041bf5f07a40bd65e4feeeb83879d3ba585b
child 326564 b001a1c7c38242c22673649b62de197c07bf67e7
permissions -rw-r--r--
Bug 1239754 - Remove HashKeyRef now that all of its users are using stable hashing; r=jonco

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
 * vim: set ts=8 sts=4 et sw=4 tw=99:
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef gc_Marking_h
#define gc_Marking_h

#include "mozilla/DebugOnly.h"
#include "mozilla/HashFunctions.h"
#include "mozilla/Move.h"

#include "jsfriendapi.h"

#include "ds/OrderedHashTable.h"
#include "gc/Heap.h"
#include "gc/Tracer.h"
#include "js/GCAPI.h"
#include "js/HeapAPI.h"
#include "js/SliceBudget.h"
#include "js/TracingAPI.h"
#include "vm/TaggedProto.h"

class JSLinearString;
class JSRope;
namespace js {
class BaseShape;
class GCMarker;
class LazyScript;
class NativeObject;
class ObjectGroup;
class WeakMapBase;
namespace gc {
struct ArenaHeader;
} // namespace gc
namespace jit {
class JitCode;
} // namespace jit

static const size_t INCREMENTAL_MARK_STACK_BASE_CAPACITY = 32768;

 * When the native stack is low, the GC does not call js::TraceChildren to mark
 * the reachable "children" of the thing. Rather the thing is put aside and
 * js::TraceChildren is called later with more space on the C stack.
 * To implement such delayed marking of the children with minimal overhead for
 * the normal case of sufficient native stack, the code adds a field per arena.
 * The field markingDelay->link links all arenas with delayed things into a
 * stack list with the pointer to stack top in GCMarker::unmarkedArenaStackTop.
 * GCMarker::delayMarkingChildren adds arenas to the stack as necessary while
 * markDelayedChildren pops the arenas from the stack until it empties.
class MarkStack
    friend class GCMarker;

    uintptr_t* stack_;
    uintptr_t* tos_;
    uintptr_t* end_;

    // The capacity we start with and reset() to.
    size_t baseCapacity_;
    size_t maxCapacity_;

    explicit MarkStack(size_t maxCapacity)
      : stack_(nullptr),

    ~MarkStack() {

    size_t capacity() { return end_ - stack_; }

    ptrdiff_t position() const { return tos_ - stack_; }

    void setStack(uintptr_t* stack, size_t tosIndex, size_t capacity) {
        stack_ = stack;
        tos_ = stack + tosIndex;
        end_ = stack + capacity;

    bool init(JSGCMode gcMode);

    void setBaseCapacity(JSGCMode mode);
    size_t maxCapacity() const { return maxCapacity_; }
    void setMaxCapacity(size_t maxCapacity);

    bool push(uintptr_t item) {
        if (tos_ == end_) {
            if (!enlarge(1))
                return false;
        MOZ_ASSERT(tos_ < end_);
        *tos_++ = item;
        return true;

    bool push(uintptr_t item1, uintptr_t item2, uintptr_t item3) {
        uintptr_t* nextTos = tos_ + 3;
        if (nextTos > end_) {
            if (!enlarge(3))
                return false;
            nextTos = tos_ + 3;
        MOZ_ASSERT(nextTos <= end_);
        tos_[0] = item1;
        tos_[1] = item2;
        tos_[2] = item3;
        tos_ = nextTos;
        return true;

    bool isEmpty() const {
        return tos_ == stack_;

    uintptr_t pop() {
        return *--tos_;

    void reset();

    /* Grow the stack, ensuring there is space for at least count elements. */
    bool enlarge(unsigned count);

    void setGCMode(JSGCMode gcMode);

    size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const;

namespace gc {

struct WeakKeyTableHashPolicy {
    typedef JS::GCCellPtr Lookup;
    static HashNumber hash(const Lookup& v) { return mozilla::HashGeneric(v.asCell()); }
    static bool match(const JS::GCCellPtr& k, const Lookup& l) { return k == l; }
    static bool isEmpty(const JS::GCCellPtr& v) { return !v; }
    static void makeEmpty(JS::GCCellPtr* vp) { *vp = nullptr; }

struct WeakMarkable {
    WeakMapBase* weakmap;
    JS::GCCellPtr key;

    WeakMarkable(WeakMapBase* weakmapArg, JS::GCCellPtr keyArg)
      : weakmap(weakmapArg), key(keyArg) {}

using WeakEntryVector = Vector<WeakMarkable, 2, js::SystemAllocPolicy>;

using WeakKeyTable = OrderedHashMap<JS::GCCellPtr,

} /* namespace gc */

class GCMarker : public JSTracer
    explicit GCMarker(JSRuntime* rt);
    bool init(JSGCMode gcMode);

    void setMaxCapacity(size_t maxCap) { stack.setMaxCapacity(maxCap); }
    size_t maxCapacity() const { return stack.maxCapacity(); }

    void start();
    void stop();
    void reset();

    // Mark the given GC thing and traverse its children at some point.
    template <typename T> void traverse(T thing);

    // Calls traverse on target after making additional assertions.
    template <typename S, typename T> void traverseEdge(S source, T* target);
    template <typename S, typename T> void traverseEdge(S source, T target);

    // Notes a weak graph edge for later sweeping.
    template <typename T> void noteWeakEdge(T* edge);

     * Care must be taken changing the mark color from gray to black. The cycle
     * collector depends on the invariant that there are no black to gray edges
     * in the GC heap. This invariant lets the CC not trace through black
     * objects. If this invariant is violated, the cycle collector may free
     * objects that are still reachable.
    void setMarkColorGray() {
        MOZ_ASSERT(color == gc::BLACK);
        color = gc::GRAY;
    void setMarkColorBlack() {
        MOZ_ASSERT(color == gc::GRAY);
        color = gc::BLACK;
    uint32_t markColor() const { return color; }

    void enterWeakMarkingMode();
    void leaveWeakMarkingMode();
    void abortLinearWeakMarking() {
        linearWeakMarkingDisabled_ = true;

    void delayMarkingArena(gc::ArenaHeader* aheader);
    void delayMarkingChildren(const void* thing);
    void markDelayedChildren(gc::ArenaHeader* aheader);
    bool markDelayedChildren(SliceBudget& budget);
    bool hasDelayedChildren() const {
        return !!unmarkedArenaStackTop;

    bool isDrained() {
        return isMarkStackEmpty() && !unmarkedArenaStackTop;

    bool drainMarkStack(SliceBudget& budget);

    void setGCMode(JSGCMode mode) { stack.setGCMode(mode); }

    size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const;

#ifdef DEBUG
    bool shouldCheckCompartments() { return strictCompartmentChecking; }

    void markEphemeronValues(gc::Cell* markedCell, gc::WeakEntryVector& entry);

#ifdef DEBUG
    void checkZone(void* p);
    void checkZone(void* p) {}

     * We use a common mark stack to mark GC things of different types and use
     * the explicit tags to distinguish them when it cannot be deduced from
     * the context of push or pop operation.
    enum StackTag {
        LastTag = JitCodeTag

    static const uintptr_t StackTagMask = 7;
    static_assert(StackTagMask >= uintptr_t(LastTag), "The tag mask must subsume the tags.");
    static_assert(StackTagMask <= gc::CellMask, "The tag mask must be embeddable in a Cell*.");

    // Push an object onto the stack for later tracing and assert that it has
    // already been marked.
    void repush(JSObject* obj) {
        pushTaggedPtr(ObjectTag, obj);

    template <typename T> void markAndTraceChildren(T* thing);
    template <typename T> void markAndPush(StackTag tag, T* thing);
    template <typename T> void markAndScan(T* thing);
    template <typename T> void markImplicitEdgesHelper(T oldThing);
    template <typename T> void markImplicitEdges(T* oldThing);
    void eagerlyMarkChildren(JSLinearString* str);
    void eagerlyMarkChildren(JSRope* rope);
    void eagerlyMarkChildren(JSString* str);
    void eagerlyMarkChildren(LazyScript *thing);
    void eagerlyMarkChildren(Shape* shape);
    void lazilyMarkChildren(ObjectGroup* group);

    // We may not have concrete types yet, so this has to be out of the header.
    template <typename T>
    void dispatchToTraceChildren(T* thing);

    // Mark the given GC thing, but do not trace its children. Return true
    // if the thing became marked.
    template <typename T>
    bool mark(T* thing);

    void pushTaggedPtr(StackTag tag, void* ptr) {
        uintptr_t addr = reinterpret_cast<uintptr_t>(ptr);
        MOZ_ASSERT(!(addr & StackTagMask));
        if (!stack.push(addr | uintptr_t(tag)))

    void pushValueArray(JSObject* obj, HeapSlot* start, HeapSlot* end) {

        MOZ_ASSERT(start <= end);
        uintptr_t tagged = reinterpret_cast<uintptr_t>(obj) | GCMarker::ValueArrayTag;
        uintptr_t startAddr = reinterpret_cast<uintptr_t>(start);
        uintptr_t endAddr = reinterpret_cast<uintptr_t>(end);

         * Push in the reverse order so obj will be on top. If we cannot push
         * the array, we trigger delay marking for the whole object.
        if (!stack.push(endAddr, startAddr, tagged))

    bool isMarkStackEmpty() {
        return stack.isEmpty();

    bool restoreValueArray(JSObject* obj, void** vpp, void** endp);
    void saveValueRanges();
    inline void processMarkStackTop(SliceBudget& budget);

    /* The mark stack. Pointers in this stack are "gray" in the GC sense. */
    MarkStack stack;

    /* The color is only applied to objects and functions. */
    uint32_t color;

    /* Pointer to the top of the stack of arenas we are delaying marking on. */
    js::gc::ArenaHeader* unmarkedArenaStackTop;

     * If the weakKeys table OOMs, disable the linear algorithm and fall back
     * to iterating until the next GC.
    bool linearWeakMarkingDisabled_;

    /* Count of arenas that are currently in the stack. */
    mozilla::DebugOnly<size_t> markLaterArenas;

    /* Assert that start and stop are called with correct ordering. */
    mozilla::DebugOnly<bool> started;

     * If this is true, all marked objects must belong to a compartment being
     * GCed. This is used to look for compartment bugs.
    mozilla::DebugOnly<bool> strictCompartmentChecking;

#ifdef DEBUG
// Return true if this trace is happening on behalf of gray buffering during
// the marking phase of incremental GC.
IsBufferGrayRootsTracer(JSTracer* trc);

namespace gc {

/*** Special Cases ***/

PushArena(GCMarker* gcmarker, ArenaHeader* aheader);

/*** Liveness ***/

template <typename T>
IsMarkedUnbarriered(T* thingp);

template <typename T>
IsMarked(WriteBarrieredBase<T>* thingp);

template <typename T>
IsAboutToBeFinalizedUnbarriered(T* thingp);

template <typename T>
IsAboutToBeFinalized(WriteBarrieredBase<T>* thingp);

template <typename T>
IsAboutToBeFinalized(ReadBarrieredBase<T>* thingp);

IsAboutToBeFinalizedDuringSweep(TenuredCell& tenured);

inline Cell*
ToMarkable(const Value& v)
    if (v.isMarkable())
        return (Cell*)v.toGCThing();
    return nullptr;

inline Cell*
ToMarkable(Cell* cell)
    return cell;

// Return true if the pointer is nullptr, or if it is a tagged pointer to
// nullptr.
IsNullTaggedPointer(void* p)
    return uintptr_t(p) <= LargestTaggedNullCellPointer;

// Wrap a GC thing pointer into a new Value or jsid. The type system enforces
// that the thing pointer is a wrappable type.
template <typename S, typename T>
struct RewrapTaggedPointer{};
#define DECLARE_REWRAP(S, T, method, prefix) \
    template <> struct RewrapTaggedPointer<S, T> { \
        static S wrap(T thing) { return method ( prefix thing ); } \
DECLARE_REWRAP(JS::Value, JSObject*, JS::ObjectOrNullValue, );
DECLARE_REWRAP(JS::Value, JSString*, JS::StringValue, );
DECLARE_REWRAP(JS::Value, JS::Symbol*, JS::SymbolValue, );
DECLARE_REWRAP(js::TaggedProto, JSObject*, js::TaggedProto, );

} /* namespace gc */

UnmarkGrayShapeRecursively(Shape* shape);

template<typename T>
CheckTracedThing(JSTracer* trc, T* thing);

template<typename T>
CheckTracedThing(JSTracer* trc, T thing);

// Define a default Policy for all pointer types. This may fail to link if this
// policy gets used on a non-GC typed pointer by accident. There is a separate
// default policy for Value and jsid.
template <typename T>
struct DefaultGCPolicy<T*>
    static void trace(JSTracer* trc, T** thingp, const char* name) {
        // If linking is failing here, it likely means that you need to define
        // or use a non-default GC policy for your non-gc-pointer type.
        if (*thingp)
            TraceManuallyBarrieredEdge(trc, thingp, name);

    static bool needsSweep(T** thingp) {
        // If linking is failing here, it likely means that you need to define
        // or use a non-default GC policy for your non-gc-pointer type.
        return *thingp && gc::IsAboutToBeFinalizedUnbarriered(thingp);

// RelocatablePtr is only defined for GC pointer types, so this default policy
// should work in all cases.
template <typename T>
struct DefaultGCPolicy<RelocatablePtr<T>>
    static void trace(JSTracer* trc, RelocatablePtr<T>* thingp, const char* name) {
        TraceEdge(trc, thingp, name);
    static bool needsSweep(RelocatablePtr<T>* thingp) {
        return gc::IsAboutToBeFinalizedUnbarriered(thingp);

template <typename T>
struct DefaultGCPolicy<ReadBarriered<T>>
    static void trace(JSTracer* trc, ReadBarriered<T>* thingp, const char* name) {
        TraceEdge(trc, thingp, name);
    static bool needsSweep(ReadBarriered<T>* thingp) {
        return gc::IsAboutToBeFinalized(thingp);

} /* namespace js */

#endif /* gc_Marking_h */