webkitgtk-2.16.5HEADwebkitgtk-2.16.5master

1 files changed, 189 insertions, 0 deletions

diff --git a/Source/JavaScriptCore/heap/HeapUtil.h b/Source/JavaScriptCore/heap/HeapUtil.h
new file mode 100644
index 000000000..44d14baff
--- /dev/null
+++ b/Source/JavaScriptCore/heap/HeapUtil.h
@@ -0,0 +1,189 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace JSC {
+
+// Are you tired of waiting for all of WebKit to build because you changed the implementation of a
+// function in HeapInlines.h?  Does it bother you that you're waiting on rebuilding the JS DOM
+// bindings even though your change is in a function called from only 2 .cpp files?  Then HeapUtil.h
+// is for you!  Everything in this class should be a static method that takes a Heap& if needed.
+// This is a friend of Heap, so you can access all of Heap's privates.
+//
+// This ends up being an issue because Heap exposes a lot of methods that ought to be inline for
+// performance or that must be inline because they are templates.  This class ought to contain
+// methods that are used for the implementation of the collector, or for unusual clients that need
+// to reach deep into the collector for some reason.  Don't put things in here that would cause you
+// to have to include it from more than a handful of places, since that would defeat the purpose.
+// This class isn't here to look pretty.  It's to let us hack the GC more easily!
+
+class HeapUtil {
+public:
+    // This function must be run after stopAllocation() is called and 
+    // before liveness data is cleared to be accurate.
+    template<typename Func>
+    static void findGCObjectPointersForMarking(
+        Heap& heap, HeapVersion markingVersion, TinyBloomFilter filter, void* passedPointer,
+        const Func& func)
+    {
+        const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
+        
+        ASSERT(heap.objectSpace().isMarking());
+        static const bool isMarking = true;
+        
+        char* pointer = static_cast<char*>(passedPointer);
+        
+        // It could point to a large allocation.
+        if (heap.objectSpace().largeAllocationsForThisCollectionSize()) {
+            if (heap.objectSpace().largeAllocationsForThisCollectionBegin()[0]->aboveLowerBound(pointer)
+                && heap.objectSpace().largeAllocationsForThisCollectionEnd()[-1]->belowUpperBound(pointer)) {
+                LargeAllocation** result = approximateBinarySearch<LargeAllocation*>(
+                    heap.objectSpace().largeAllocationsForThisCollectionBegin(),
+                    heap.objectSpace().largeAllocationsForThisCollectionSize(),
+                    LargeAllocation::fromCell(pointer),
+                    [] (LargeAllocation** ptr) -> LargeAllocation* { return *ptr; });
+                if (result) {
+                    if (result > heap.objectSpace().largeAllocationsForThisCollectionBegin()
+                        && result[-1]->contains(pointer))
+                        func(result[-1]->cell());
+                    if (result[0]->contains(pointer))
+                        func(result[0]->cell());
+                    if (result + 1 < heap.objectSpace().largeAllocationsForThisCollectionEnd()
+                        && result[1]->contains(pointer))
+                        func(result[1]->cell());
+                }
+            }
+        }
+    
+        MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
+        // It's possible for a butterfly pointer to point past the end of a butterfly. Check this now.
+        if (pointer <= bitwise_cast<char*>(candidate) + sizeof(IndexingHeader)) {
+            // We may be interested in the last cell of the previous MarkedBlock.
+            char* previousPointer = pointer - sizeof(IndexingHeader) - 1;
+            MarkedBlock* previousCandidate = MarkedBlock::blockFor(previousPointer);
+            if (!filter.ruleOut(bitwise_cast<Bits>(previousCandidate))
+                && set.contains(previousCandidate)
+                && previousCandidate->handle().cellKind() == HeapCell::Auxiliary) {
+                previousPointer = static_cast<char*>(previousCandidate->handle().cellAlign(previousPointer));
+                if (previousCandidate->handle().isLiveCell(markingVersion, isMarking, previousPointer))
+                    func(previousPointer);
+            }
+        }
+    
+        if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
+            ASSERT(!candidate || !set.contains(candidate));
+            return;
+        }
+    
+        if (!set.contains(candidate))
+            return;
+        
+        auto tryPointer = [&] (void* pointer) {
+            if (candidate->handle().isLiveCell(markingVersion, isMarking, pointer))
+                func(pointer);
+        };
+    
+        if (candidate->handle().cellKind() == HeapCell::JSCell) {
+            if (!MarkedBlock::isAtomAligned(pointer))
+                return;
+        
+            tryPointer(pointer);
+            return;
+        }
+    
+        // A butterfly could point into the middle of an object.
+        char* alignedPointer = static_cast<char*>(candidate->handle().cellAlign(pointer));
+        tryPointer(alignedPointer);
+    
+        // Also, a butterfly could point at the end of an object plus sizeof(IndexingHeader). In that
+        // case, this is pointing to the object to the right of the one we should be marking.
+        if (candidate->atomNumber(alignedPointer) > MarkedBlock::firstAtom()
+            && pointer <= alignedPointer + sizeof(IndexingHeader))
+            tryPointer(alignedPointer - candidate->cellSize());
+    }
+    
+    static bool isPointerGCObjectJSCell(
+        Heap& heap, TinyBloomFilter filter, const void* pointer)
+    {
+        // It could point to a large allocation.
+        const Vector<LargeAllocation*>& largeAllocations = heap.objectSpace().largeAllocations();
+        if (!largeAllocations.isEmpty()) {
+            if (largeAllocations[0]->aboveLowerBound(pointer)
+                && largeAllocations.last()->belowUpperBound(pointer)) {
+                LargeAllocation*const* result = approximateBinarySearch<LargeAllocation*const>(
+                    largeAllocations.begin(), largeAllocations.size(),
+                    LargeAllocation::fromCell(pointer),
+                    [] (LargeAllocation*const* ptr) -> LargeAllocation* { return *ptr; });
+                if (result) {
+                    if (result > largeAllocations.begin()
+                        && result[-1]->cell() == pointer
+                        && result[-1]->attributes().cellKind == HeapCell::JSCell)
+                        return true;
+                    if (result[0]->cell() == pointer
+                        && result[0]->attributes().cellKind == HeapCell::JSCell)
+                        return true;
+                    if (result + 1 < largeAllocations.end()
+                        && result[1]->cell() == pointer
+                        && result[1]->attributes().cellKind == HeapCell::JSCell)
+                        return true;
+                }
+            }
+        }
+    
+        const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
+        
+        MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
+        if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
+            ASSERT(!candidate || !set.contains(candidate));
+            return false;
+        }
+        
+        if (!MarkedBlock::isAtomAligned(pointer))
+            return false;
+        
+        if (!set.contains(candidate))
+            return false;
+        
+        if (candidate->handle().cellKind() != HeapCell::JSCell)
+            return false;
+        
+        if (!candidate->handle().isLiveCell(pointer))
+            return false;
+        
+        return true;
+    }
+    
+    static bool isValueGCObject(
+        Heap& heap, TinyBloomFilter filter, JSValue value)
+    {
+        if (!value.isCell())
+            return false;
+        return isPointerGCObjectJSCell(heap, filter, static_cast<void*>(value.asCell()));
+    }
+};
+
+} // namespace JSC
+