The Tor Browser / annotate

js/src/jspropertytree.cpp@b8a032363ba2 (annotated)

js/src/jspropertytree.cpp

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
michael@0 2 * vim: set ts=8 sts=4 et sw=4 tw=99:
michael@0 3 * This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "jspropertytree.h"
michael@0 8
michael@0 9 #include "jscntxt.h"
michael@0 10 #include "jsgc.h"
michael@0 11 #include "jstypes.h"
michael@0 12
michael@0 13 #include "vm/Shape.h"
michael@0 14
michael@0 15 #include "jsgcinlines.h"
michael@0 16
michael@0 17 #include "vm/Shape-inl.h"
michael@0 18
michael@0 19 using namespace js;
michael@0 20
michael@0 21 inline HashNumber
michael@0 22 ShapeHasher::hash(const Lookup &l)
michael@0 23 {
michael@0 24 return l.hash();
michael@0 25 }
michael@0 26
michael@0 27 inline bool
michael@0 28 ShapeHasher::match(const Key k, const Lookup &l)
michael@0 29 {
michael@0 30 return k->matches(l);
michael@0 31 }
michael@0 32
michael@0 33 Shape *
michael@0 34 PropertyTree::newShape(ExclusiveContext *cx)
michael@0 35 {
michael@0 36 Shape *shape = js_NewGCShape(cx);
michael@0 37 if (!shape)
michael@0 38 js_ReportOutOfMemory(cx);
michael@0 39 return shape;
michael@0 40 }
michael@0 41
michael@0 42 static KidsHash *
michael@0 43 HashChildren(Shape *kid1, Shape *kid2)
michael@0 44 {
michael@0 45 KidsHash *hash = js_new<KidsHash>();
michael@0 46 if (!hash || !hash->init(2)) {
michael@0 47 js_delete(hash);
michael@0 48 return nullptr;
michael@0 49 }
michael@0 50
michael@0 51 JS_ALWAYS_TRUE(hash->putNew(kid1, kid1));
michael@0 52 JS_ALWAYS_TRUE(hash->putNew(kid2, kid2));
michael@0 53 return hash;
michael@0 54 }
michael@0 55
michael@0 56 bool
michael@0 57 PropertyTree::insertChild(ExclusiveContext *cx, Shape *parent, Shape *child)
michael@0 58 {
michael@0 59 JS_ASSERT(!parent->inDictionary());
michael@0 60 JS_ASSERT(!child->parent);
michael@0 61 JS_ASSERT(!child->inDictionary());
michael@0 62 JS_ASSERT(child->compartment() == parent->compartment());
michael@0 63 JS_ASSERT(cx->isInsideCurrentCompartment(this));
michael@0 64
michael@0 65 KidsPointer *kidp = &parent->kids;
michael@0 66
michael@0 67 if (kidp->isNull()) {
michael@0 68 child->setParent(parent);
michael@0 69 kidp->setShape(child);
michael@0 70 return true;
michael@0 71 }
michael@0 72
michael@0 73 if (kidp->isShape()) {
michael@0 74 Shape *shape = kidp->toShape();
michael@0 75 JS_ASSERT(shape != child);
michael@0 76 JS_ASSERT(!shape->matches(child));
michael@0 77
michael@0 78 KidsHash *hash = HashChildren(shape, child);
michael@0 79 if (!hash) {
michael@0 80 js_ReportOutOfMemory(cx);
michael@0 81 return false;
michael@0 82 }
michael@0 83 kidp->setHash(hash);
michael@0 84 child->setParent(parent);
michael@0 85 return true;
michael@0 86 }
michael@0 87
michael@0 88 if (!kidp->toHash()->putNew(child, child)) {
michael@0 89 js_ReportOutOfMemory(cx);
michael@0 90 return false;
michael@0 91 }
michael@0 92
michael@0 93 child->setParent(parent);
michael@0 94 return true;
michael@0 95 }
michael@0 96
michael@0 97 void
michael@0 98 Shape::removeChild(Shape *child)
michael@0 99 {
michael@0 100 JS_ASSERT(!child->inDictionary());
michael@0 101 JS_ASSERT(child->parent == this);
michael@0 102
michael@0 103 KidsPointer *kidp = &kids;
michael@0 104
michael@0 105 if (kidp->isShape()) {
michael@0 106 JS_ASSERT(kidp->toShape() == child);
michael@0 107 kidp->setNull();
michael@0 108 child->parent = nullptr;
michael@0 109 return;
michael@0 110 }
michael@0 111
michael@0 112 KidsHash *hash = kidp->toHash();
michael@0 113 JS_ASSERT(hash->count() >= 2); /* otherwise kidp->isShape() should be true */
michael@0 114
michael@0 115 hash->remove(child);
michael@0 116 child->parent = nullptr;
michael@0 117
michael@0 118 if (hash->count() == 1) {
michael@0 119 /* Convert from HASH form back to SHAPE form. */
michael@0 120 KidsHash::Range r = hash->all();
michael@0 121 Shape *otherChild = r.front();
michael@0 122 JS_ASSERT((r.popFront(), r.empty())); /* No more elements! */
michael@0 123 kidp->setShape(otherChild);
michael@0 124 js_delete(hash);
michael@0 125 }
michael@0 126 }
michael@0 127
michael@0 128 Shape *
michael@0 129 PropertyTree::getChild(ExclusiveContext *cx, Shape *parentArg, StackShape &unrootedChild)
michael@0 130 {
michael@0 131 RootedShape parent(cx, parentArg);
michael@0 132 JS_ASSERT(parent);
michael@0 133
michael@0 134 Shape *existingShape = nullptr;
michael@0 135
michael@0 136 /*
michael@0 137 * The property tree has extremely low fan-out below its root in
michael@0 138 * popular embeddings with real-world workloads. Patterns such as
michael@0 139 * defining closures that capture a constructor's environment as
michael@0 140 * getters or setters on the new object that is passed in as
michael@0 141 * |this| can significantly increase fan-out below the property
michael@0 142 * tree root -- see bug 335700 for details.
michael@0 143 */
michael@0 144 KidsPointer *kidp = &parent->kids;
michael@0 145 if (kidp->isShape()) {
michael@0 146 Shape *kid = kidp->toShape();
michael@0 147 if (kid->matches(unrootedChild))
michael@0 148 existingShape = kid;
michael@0 149 } else if (kidp->isHash()) {
michael@0 150 if (KidsHash::Ptr p = kidp->toHash()->lookup(unrootedChild))
michael@0 151 existingShape = *p;
michael@0 152 } else {
michael@0 153 /* If kidp->isNull(), we always insert. */
michael@0 154 }
michael@0 155
michael@0 156 #ifdef JSGC_INCREMENTAL
michael@0 157 if (existingShape) {
michael@0 158 JS::Zone *zone = existingShape->zone();
michael@0 159 if (zone->needsBarrier()) {
michael@0 160 /*
michael@0 161 * We need a read barrier for the shape tree, since these are weak
michael@0 162 * pointers.
michael@0 163 */
michael@0 164 Shape *tmp = existingShape;
michael@0 165 MarkShapeUnbarriered(zone->barrierTracer(), &tmp, "read barrier");
michael@0 166 JS_ASSERT(tmp == existingShape);
michael@0 167 } else if (zone->isGCSweeping() && !existingShape->isMarked() &&
michael@0 168 !existingShape->arenaHeader()->allocatedDuringIncremental)
michael@0 169 {
michael@0 170 /*
michael@0 171 * The shape we've found is unreachable and due to be finalized, so
michael@0 172 * remove our weak reference to it and don't use it.
michael@0 173 */
michael@0 174 JS_ASSERT(parent->isMarked());
michael@0 175 parent->removeChild(existingShape);
michael@0 176 existingShape = nullptr;
michael@0 177 }
michael@0 178 }
michael@0 179 #endif
michael@0 180
michael@0 181 if (existingShape)
michael@0 182 return existingShape;
michael@0 183
michael@0 184 RootedGeneric<StackShape*> child(cx, &unrootedChild);
michael@0 185
michael@0 186 Shape *shape = newShape(cx);
michael@0 187 if (!shape)
michael@0 188 return nullptr;
michael@0 189
michael@0 190 new (shape) Shape(*child, parent->numFixedSlots());
michael@0 191
michael@0 192 if (!insertChild(cx, parent, shape))
michael@0 193 return nullptr;
michael@0 194
michael@0 195 return shape;
michael@0 196 }
michael@0 197
michael@0 198 Shape *
michael@0 199 PropertyTree::lookupChild(ThreadSafeContext *cx, Shape *parent, const StackShape &child)
michael@0 200 {
michael@0 201 /* Keep this in sync with the logic of getChild above. */
michael@0 202 Shape *shape = nullptr;
michael@0 203
michael@0 204 JS_ASSERT(parent);
michael@0 205
michael@0 206 KidsPointer *kidp = &parent->kids;
michael@0 207 if (kidp->isShape()) {
michael@0 208 Shape *kid = kidp->toShape();
michael@0 209 if (kid->matches(child))
michael@0 210 shape = kid;
michael@0 211 } else if (kidp->isHash()) {
michael@0 212 if (KidsHash::Ptr p = kidp->toHash()->readonlyThreadsafeLookup(child))
michael@0 213 shape = *p;
michael@0 214 } else {
michael@0 215 return nullptr;
michael@0 216 }
michael@0 217
michael@0 218 #if defined(JSGC_INCREMENTAL) && defined(DEBUG)
michael@0 219 if (shape) {
michael@0 220 JS::Zone *zone = shape->arenaHeader()->zone;
michael@0 221 JS_ASSERT(!zone->needsBarrier());
michael@0 222 JS_ASSERT(!(zone->isGCSweeping() && !shape->isMarked() &&
michael@0 223 !shape->arenaHeader()->allocatedDuringIncremental));
michael@0 224 }
michael@0 225 #endif
michael@0 226
michael@0 227 return shape;
michael@0 228 }
michael@0 229
michael@0 230 void
michael@0 231 Shape::sweep()
michael@0 232 {
michael@0 233 if (inDictionary())
michael@0 234 return;
michael@0 235
michael@0 236 /*
michael@0 237 * We detach the child from the parent if the parent is reachable.
michael@0 238 *
michael@0 239 * Note that due to incremental sweeping, the parent pointer may point
michael@0 240 * to the original reachable parent, or it may point to a new live
michael@0 241 * object allocated in the same cell that used to hold the parent.
michael@0 242 *
michael@0 243 * There are three cases:
michael@0 244 *
michael@0 245 * Case 1: parent is not marked - parent is unreachable, may have been
michael@0 246 * finalized, and the cell may subsequently have been
michael@0 247 * reallocated to a compartment that is not being marked (cells
michael@0 248 * are marked when allocated in a compartment that is currenly
michael@0 249 * being marked by the collector).
michael@0 250 *
michael@0 251 * Case 2: parent is marked and is in a different compartment - parent
michael@0 252 * has been freed and reallocated to compartment that was being
michael@0 253 * marked.
michael@0 254 *
michael@0 255 * Case 3: parent is marked and is in the same compartment - parent is
michael@0 256 * stil reachable and we need to detach from it.
michael@0 257 */
michael@0 258 if (parent && parent->isMarked() && parent->compartment() == compartment())
michael@0 259 parent->removeChild(this);
michael@0 260 }
michael@0 261
michael@0 262 void
michael@0 263 Shape::finalize(FreeOp *fop)
michael@0 264 {
michael@0 265 if (!inDictionary() && kids.isHash())
michael@0 266 fop->delete_(kids.toHash());
michael@0 267 }
michael@0 268
michael@0 269 #ifdef DEBUG
michael@0 270
michael@0 271 void
michael@0 272 KidsPointer::checkConsistency(Shape *aKid) const
michael@0 273 {
michael@0 274 if (isShape()) {
michael@0 275 JS_ASSERT(toShape() == aKid);
michael@0 276 } else {
michael@0 277 JS_ASSERT(isHash());
michael@0 278 KidsHash *hash = toHash();
michael@0 279 KidsHash::Ptr ptr = hash->lookup(aKid);
michael@0 280 JS_ASSERT(*ptr == aKid);
michael@0 281 }
michael@0 282 }
michael@0 283
michael@0 284 void
michael@0 285 Shape::dump(JSContext *cx, FILE *fp) const
michael@0 286 {
michael@0 287 /* This is only used from gdb, so allowing GC here would just be confusing. */
michael@0 288 gc::AutoSuppressGC suppress(cx);
michael@0 289
michael@0 290 jsid propid = this->propid();
michael@0 291
michael@0 292 JS_ASSERT(!JSID_IS_VOID(propid));
michael@0 293
michael@0 294 if (JSID_IS_INT(propid)) {
michael@0 295 fprintf(fp, "[%ld]", (long) JSID_TO_INT(propid));
michael@0 296 } else {
michael@0 297 JSLinearString *str;
michael@0 298 if (JSID_IS_ATOM(propid)) {
michael@0 299 str = JSID_TO_ATOM(propid);
michael@0 300 } else {
michael@0 301 JS_ASSERT(JSID_IS_OBJECT(propid));
michael@0 302 Value v = IdToValue(propid);
michael@0 303 JSString *s = ToStringSlow<NoGC>(cx, v);
michael@0 304 fputs("object ", fp);
michael@0 305 str = s ? s->ensureLinear(cx) : nullptr;
michael@0 306 }
michael@0 307 if (!str)
michael@0 308 fputs("<error>", fp);
michael@0 309 else
michael@0 310 FileEscapedString(fp, str, '"');
michael@0 311 }
michael@0 312
michael@0 313 fprintf(fp, " g/s %p/%p slot %d attrs %x ",
michael@0 314 JS_FUNC_TO_DATA_PTR(void *, base()->rawGetter),
michael@0 315 JS_FUNC_TO_DATA_PTR(void *, base()->rawSetter),
michael@0 316 hasSlot() ? slot() : -1, attrs);
michael@0 317
michael@0 318 if (attrs) {
michael@0 319 int first = 1;
michael@0 320 fputs("(", fp);
michael@0 321 #define DUMP_ATTR(name, display) if (attrs & JSPROP_##name) fputs(&(" " #display)[first], fp), first = 0
michael@0 322 DUMP_ATTR(ENUMERATE, enumerate);
michael@0 323 DUMP_ATTR(READONLY, readonly);
michael@0 324 DUMP_ATTR(PERMANENT, permanent);
michael@0 325 DUMP_ATTR(GETTER, getter);
michael@0 326 DUMP_ATTR(SETTER, setter);
michael@0 327 DUMP_ATTR(SHARED, shared);
michael@0 328 #undef DUMP_ATTR
michael@0 329 fputs(") ", fp);
michael@0 330 }
michael@0 331
michael@0 332 fprintf(fp, "flags %x ", flags);
michael@0 333 if (flags) {
michael@0 334 int first = 1;
michael@0 335 fputs("(", fp);
michael@0 336 #define DUMP_FLAG(name, display) if (flags & name) fputs(&(" " #display)[first], fp), first = 0
michael@0 337 DUMP_FLAG(IN_DICTIONARY, in_dictionary);
michael@0 338 #undef DUMP_FLAG
michael@0 339 fputs(") ", fp);
michael@0 340 }
michael@0 341 }
michael@0 342
michael@0 343 void
michael@0 344 Shape::dumpSubtree(JSContext *cx, int level, FILE *fp) const
michael@0 345 {
michael@0 346 if (!parent) {
michael@0 347 JS_ASSERT(level == 0);
michael@0 348 JS_ASSERT(JSID_IS_EMPTY(propid_));
michael@0 349 fprintf(fp, "class %s emptyShape\n", getObjectClass()->name);
michael@0 350 } else {
michael@0 351 fprintf(fp, "%*sid ", level, "");
michael@0 352 dump(cx, fp);
michael@0 353 }
michael@0 354
michael@0 355 if (!kids.isNull()) {
michael@0 356 ++level;
michael@0 357 if (kids.isShape()) {
michael@0 358 Shape *kid = kids.toShape();
michael@0 359 JS_ASSERT(kid->parent == this);
michael@0 360 kid->dumpSubtree(cx, level, fp);
michael@0 361 } else {
michael@0 362 const KidsHash &hash = *kids.toHash();
michael@0 363 for (KidsHash::Range range = hash.all(); !range.empty(); range.popFront()) {
michael@0 364 Shape *kid = range.front();
michael@0 365
michael@0 366 JS_ASSERT(kid->parent == this);
michael@0 367 kid->dumpSubtree(cx, level, fp);
michael@0 368 }
michael@0 369 }
michael@0 370 }
michael@0 371 }
michael@0 372
michael@0 373 #endif

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial