void
JSCompartment::sweep(FreeOp *fop, bool releaseTypes)
{
JS_ASSERT(!activeAnalysis);
/* This function includes itself in PHASE_SWEEP_TABLES. */
sweepCrossCompartmentWrappers();
{
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP_TABLES);
/* Remove dead references held weakly by the compartment. */
sweepBaseShapeTable();
sweepInitialShapeTable();
sweepNewTypeObjectTable(newTypeObjects);
sweepNewTypeObjectTable(lazyTypeObjects);
sweepCallsiteClones();
if (global_ && IsObjectAboutToBeFinalized(global_.unsafeGet()))
global_ = NULL;
#ifdef JS_ION
if (ionCompartment_)
ionCompartment_->sweep(fop);
#endif
/*
* JIT code increments activeUseCount for any RegExpShared used by jit
* code for the lifetime of the JIT script. Thus, we must perform
* sweeping after clearing jit code.
*/
regExps.sweep(rt);
if (debugScopes)
debugScopes->sweep(rt);
/* Finalize unreachable (key,value) pairs in all weak maps. */
WeakMapBase::sweepCompartment(this);
}
if (!zone()->isPreservingCode()) {
JS_ASSERT(!types.constrainedOutputs);
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_DISCARD_ANALYSIS);
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_FREE_TI_ARENA);
rt->freeLifoAlloc.transferFrom(&analysisLifoAlloc);
} else {
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_DISCARD_ANALYSIS);
types.sweepShapes(fop);
}
NativeIterator *ni = enumerators->next();
while (ni != enumerators) {
JSObject *iterObj = ni->iterObj();
NativeIterator *next = ni->next();
if (gc::IsObjectAboutToBeFinalized(&iterObj))
ni->unlink();
ni = next;
}
}
static JSObject* Reify(JSContext* cx, JS::Compartment* origin,
HandleObject iter) {
// Ensure iterator gets closed.
auto autoCloseIterator = mozilla::MakeScopeExit([=] { CloseIterator(iter); });
NativeIterator* ni = iter->as<PropertyIteratorObject>().getNativeIterator();
RootedObject obj(cx, ni->objectBeingIterated());
// Wrap iteratee.
if (!origin->wrap(cx, &obj)) {
return nullptr;
}
// Wrap the elements in the iterator's snapshot.
size_t length = ni->numKeys();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.reserve(length)) {
return nullptr;
}
RootedId id(cx);
RootedValue v(cx);
for (size_t i = 0; i < length; ++i) {
v.setString(ni->propertiesBegin()[i]);
if (!ValueToId<CanGC>(cx, v, &id)) {
return nullptr;
}
cx->markId(id);
keys.infallibleAppend(id);
}
}
// Return iterator in current compartment.
return EnumeratedIdVectorToIterator(cx, obj, keys);
}
void
js::UnwindIteratorForUncatchableException(JSObject* obj)
{
if (obj->is<PropertyIteratorObject>()) {
NativeIterator* ni = obj->as<PropertyIteratorObject>().getNativeIterator();
ni->unlink();
}
}
static void
iterator_trace(JSTracer *trc, JSObject *obj)
{
NativeIterator *ni = obj->getNativeIterator();
if (ni)
ni->mark(trc);
}
void
JSCompartment::sweep(FreeOp *fop, bool releaseTypes)
{
JS_ASSERT(!activeAnalysis);
/* This function includes itself in PHASE_SWEEP_TABLES. */
sweepCrossCompartmentWrappers();
JSRuntime *rt = runtimeFromMainThread();
{
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP_TABLES);
/* Remove dead references held weakly by the compartment. */
sweepBaseShapeTable();
sweepInitialShapeTable();
sweepNewTypeObjectTable(newTypeObjects);
sweepNewTypeObjectTable(lazyTypeObjects);
sweepCallsiteClones();
if (global_ && IsObjectAboutToBeFinalized(global_.unsafeGet()))
global_ = nullptr;
if (selfHostingScriptSource &&
IsObjectAboutToBeFinalized((JSObject **) selfHostingScriptSource.unsafeGet()))
{
selfHostingScriptSource = nullptr;
}
#ifdef JS_ION
if (jitCompartment_)
jitCompartment_->sweep(fop);
#endif
/*
* JIT code increments activeUseCount for any RegExpShared used by jit
* code for the lifetime of the JIT script. Thus, we must perform
* sweeping after clearing jit code.
*/
regExps.sweep(rt);
if (debugScopes)
debugScopes->sweep(rt);
/* Finalize unreachable (key,value) pairs in all weak maps. */
WeakMapBase::sweepCompartment(this);
}
NativeIterator *ni = enumerators->next();
while (ni != enumerators) {
JSObject *iterObj = ni->iterObj();
NativeIterator *next = ni->next();
if (gc::IsObjectAboutToBeFinalized(&iterObj))
ni->unlink();
ni = next;
}
}
void
JSCompartment::sweepNativeIterators()
{
/* Sweep list of native iterators. */
NativeIterator* ni = enumerators->next();
while (ni != enumerators) {
JSObject* iterObj = ni->iterObj();
NativeIterator* next = ni->next();
if (gc::IsAboutToBeFinalizedUnbarriered(&iterObj))
ni->unlink();
ni = next;
}
}
static bool
Reify(JSContext *cx, JSCompartment *origin, Value *vp)
{
Rooted<PropertyIteratorObject*> iterObj(cx, &vp->toObject().asPropertyIterator());
NativeIterator *ni = iterObj->getNativeIterator();
AutoCloseIterator close(cx, iterObj);
/* Wrap the iteratee. */
RootedObject obj(cx, ni->obj);
if (!origin->wrap(cx, obj.address()))
return false;
/*
* Wrap the elements in the iterator's snapshot.
* N.B. the order of closing/creating iterators is important due to the
* implicit cx->enumerators state.
*/
size_t length = ni->numKeys();
bool isKeyIter = ni->isKeyIter();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.reserve(length))
return false;
for (size_t i = 0; i < length; ++i) {
jsid id;
if (!ValueToId(cx, StringValue(ni->begin()[i]), &id))
return false;
keys.infallibleAppend(id);
if (!origin->wrapId(cx, &keys[i]))
return false;
}
}
close.clear();
if (!CloseIterator(cx, iterObj))
return false;
RootedValue value(cx, *vp);
if (isKeyIter) {
if (!VectorToKeyIterator(cx, obj, ni->flags, keys, &value))
return false;
} else {
if (!VectorToValueIterator(cx, obj, ni->flags, keys, &value))
return false;
}
*vp = value;
return true;
}
static inline PropertyIteratorObject*
VectorToKeyIterator(JSContext* cx, HandleObject obj, AutoIdVector& keys, uint32_t numGuards)
{
if (obj->isSingleton() && !JSObject::setIteratedSingleton(cx, obj))
return nullptr;
MarkObjectGroupFlags(cx, obj, OBJECT_FLAG_ITERATED);
Rooted<PropertyIteratorObject*> iterobj(cx, NewPropertyIteratorObject(cx));
if (!iterobj)
return nullptr;
NativeIterator* ni = NativeIterator::allocateIterator(cx, numGuards, keys.length());
if (!ni)
return nullptr;
iterobj->setNativeIterator(ni);
ni->init(obj, iterobj, numGuards, 0);
if (!ni->initProperties(cx, iterobj, keys))
return nullptr;
if (numGuards) {
// Fill in the guard array from scratch. Also recompute the guard key
// as we might have reshaped the object (see for instance the
// setIteratedSingleton call above) or GC might have moved shapes and
// groups in memory.
JSObject* pobj = obj;
size_t ind = 0;
uint32_t key = 0;
do {
ReceiverGuard guard(pobj);
ni->guard_array[ind++].init(guard);
key = mozilla::AddToHash(key, guard.hash());
// The one caller of this method that passes |numGuards > 0|, does
// so only if the entire chain consists of cacheable objects (that
// necessarily have static prototypes).
pobj = pobj->staticPrototype();
} while (pobj);
ni->guard_key = key;
MOZ_ASSERT(ind == numGuards);
}
RegisterEnumerator(cx, ni);
return iterobj;
}
static bool
Reify(JSContext *cx, JSCompartment *origin, Value *vp)
{
JSObject *iterObj = &vp->toObject();
NativeIterator *ni = iterObj->getNativeIterator();
AutoCloseIterator close(cx, iterObj);
/* Wrap the iteratee. */
JSObject *obj = ni->obj;
if (!origin->wrap(cx, &obj))
return false;
/*
* Wrap the elements in the iterator's snapshot.
* N.B. the order of closing/creating iterators is important due to the
* implicit cx->enumerators state.
*/
size_t length = ni->numKeys();
bool isKeyIter = ni->isKeyIter();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.resize(length))
return false;
for (size_t i = 0; i < length; ++i) {
jsid id;
if (!ValueToId(cx, StringValue(ni->begin()[i]), &id))
return false;
id = js_CheckForStringIndex(id);
keys[i] = id;
if (!origin->wrapId(cx, &keys[i]))
return false;
}
}
close.clear();
if (!js_CloseIterator(cx, iterObj))
return false;
if (isKeyIter)
return VectorToKeyIterator(cx, obj, ni->flags, keys, vp);
return VectorToValueIterator(cx, obj, ni->flags, keys, vp);
}
void
js::CloseIterator(JSObject* obj)
{
if (obj->is<PropertyIteratorObject>()) {
/* Remove enumerators from the active list, which is a stack. */
NativeIterator* ni = obj->as<PropertyIteratorObject>().getNativeIterator();
ni->unlink();
MOZ_ASSERT(ni->flags & JSITER_ACTIVE);
ni->flags &= ~JSITER_ACTIVE;
/*
* Reset the enumerator; it may still be in the cached iterators
* for this thread, and can be reused.
*/
ni->props_cursor = ni->props_array;
}
}
static JSObject*
Reify(JSContext* cx, JSCompartment* origin, HandleObject objp)
{
Rooted<PropertyIteratorObject*> iterObj(cx, &objp->as<PropertyIteratorObject>());
NativeIterator* ni = iterObj->getNativeIterator();
RootedObject obj(cx, ni->obj);
{
AutoCloseIterator close(cx, iterObj);
/* Wrap the iteratee. */
if (!origin->wrap(cx, &obj))
return nullptr;
/*
* Wrap the elements in the iterator's snapshot.
* N.B. the order of closing/creating iterators is important due to the
* implicit cx->enumerators state.
*/
size_t length = ni->numKeys();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.reserve(length))
return nullptr;
RootedId id(cx);
RootedValue v(cx);
for (size_t i = 0; i < length; ++i) {
v.setString(ni->begin()[i]);
if (!ValueToId<CanGC>(cx, v, &id))
return nullptr;
cx->markId(id);
keys.infallibleAppend(id);
}
}
close.clear();
CloseIterator(iterObj);
obj = EnumeratedIdVectorToIterator(cx, obj, keys);
}
return obj;
}
// Mainly used for .. in over null/undefined
JSObject*
js::NewEmptyPropertyIterator(JSContext* cx)
{
Rooted<PropertyIteratorObject*> iterobj(cx, NewPropertyIteratorObject(cx));
if (!iterobj)
return nullptr;
AutoIdVector keys(cx); // Empty
NativeIterator* ni = NativeIterator::allocateIterator(cx, 0, keys.length());
if (!ni)
return nullptr;
iterobj->setNativeIterator(ni);
ni->init(nullptr, iterobj, 0, 0);
if (!ni->initProperties(cx, iterobj, keys))
return nullptr;
RegisterEnumerator(cx, ni);
return iterobj;
}
static bool
Reify(JSContext* cx, JSCompartment* origin, MutableHandleObject objp)
{
Rooted<PropertyIteratorObject*> iterObj(cx, &objp->as<PropertyIteratorObject>());
NativeIterator* ni = iterObj->getNativeIterator();
AutoCloseIterator close(cx, iterObj);
/* Wrap the iteratee. */
RootedObject obj(cx, ni->obj);
if (!origin->wrap(cx, &obj))
return false;
/*
* Wrap the elements in the iterator's snapshot.
* N.B. the order of closing/creating iterators is important due to the
* implicit cx->enumerators state.
*/
size_t length = ni->numKeys();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.reserve(length))
return false;
for (size_t i = 0; i < length; ++i) {
RootedId id(cx);
RootedValue v(cx, StringValue(ni->begin()[i]));
if (!ValueToId<CanGC>(cx, v, &id))
return false;
keys.infallibleAppend(id);
}
}
close.clear();
MOZ_ALWAYS_TRUE(CloseIterator(cx, iterObj));
return EnumeratedIdVectorToIterator(cx, obj, ni->flags, keys, objp);
}
static bool
Reify(JSContext *cx, JSCompartment *origin, Value *vp)
{
JSObject *iterObj = &vp->toObject();
NativeIterator *ni = iterObj->getNativeIterator();
/* Wrap the iteratee. */
JSObject *obj = ni->obj;
if (!origin->wrap(cx, &obj))
return false;
/*
* Wrap the elements in the iterator's snapshot.
* N.B. the order of closing/creating iterators is important due to the
* implicit cx->enumerators state.
*/
if (ni->isKeyIter()) {
size_t length = ni->numKeys();
AutoIdVector keys(cx);
if (length > 0) {
if (!keys.resize(length))
return false;
for (size_t i = 0; i < length; ++i) {
keys[i] = ni->beginKey()[i];
if (!origin->wrapId(cx, &keys[i]))
return false;
}
}
return js_CloseIterator(cx, iterObj) &&
VectorToKeyIterator(cx, obj, ni->flags, keys, vp);
}
size_t length = ni->numValues();
AutoValueVector vals(cx);
if (length > 0) {
if (!vals.resize(length))
return false;
for (size_t i = 0; i < length; ++i) {
vals[i] = ni->beginValue()[i];
if (!origin->wrap(cx, &vals[i]))
return false;
}
}
return js_CloseIterator(cx, iterObj) &&
VectorToValueIterator(cx, obj, ni->flags, vals, vp);
}
void
JSCompartment::sweep(FreeOp *fop, bool releaseTypes)
{
JS_ASSERT(!activeAnalysis);
{
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP_DISCARD_CODE);
discardJitCode(fop, !zone()->isPreservingCode());
}
/* This function includes itself in PHASE_SWEEP_TABLES. */
sweepCrossCompartmentWrappers();
{
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP_TABLES);
/* Remove dead references held weakly by the compartment. */
sweepBaseShapeTable();
sweepInitialShapeTable();
sweepNewTypeObjectTable(newTypeObjects);
sweepNewTypeObjectTable(lazyTypeObjects);
sweepBreakpoints(fop);
sweepCallsiteClones();
if (global_ && IsObjectAboutToBeFinalized(global_.unsafeGet()))
global_ = NULL;
#ifdef JS_ION
if (ionCompartment_)
ionCompartment_->sweep(fop);
#endif
/*
* JIT code increments activeUseCount for any RegExpShared used by jit
* code for the lifetime of the JIT script. Thus, we must perform
* sweeping after clearing jit code.
*/
regExps.sweep(rt);
if (debugScopes)
debugScopes->sweep(rt);
/* Finalize unreachable (key,value) pairs in all weak maps. */
WeakMapBase::sweepCompartment(this);
}
if (!zone()->isPreservingCode()) {
JS_ASSERT(!types.constrainedOutputs);
gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_DISCARD_ANALYSIS);
/*
* Clear the analysis pool, but don't release its data yet. While
* sweeping types any live data will be allocated into the pool.
*/
LifoAlloc oldAlloc(typeLifoAlloc.defaultChunkSize());
oldAlloc.steal(&typeLifoAlloc);
/*
* Periodically release observed types for all scripts. This is safe to
* do when there are no frames for the compartment on the stack.
*/
if (active)
releaseTypes = false;
/*
* Sweep analysis information and everything depending on it from the
* compartment, including all remaining mjit code if inference is
* enabled in the compartment.
*/
if (types.inferenceEnabled) {
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_DISCARD_TI);
for (CellIterUnderGC i(this, FINALIZE_SCRIPT); !i.done(); i.next()) {
RawScript script = i.get<JSScript>();
if (script->types) {
types::TypeScript::Sweep(fop, script);
if (releaseTypes) {
script->types->destroy();
script->types = NULL;
}
}
}
}
{
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_SWEEP_TYPES);
types.sweep(fop);
}
{
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_CLEAR_SCRIPT_ANALYSIS);
for (CellIterUnderGC i(this, FINALIZE_SCRIPT); !i.done(); i.next()) {
JSScript *script = i.get<JSScript>();
script->clearAnalysis();
script->clearPropertyReadTypes();
}
}
{
gcstats::AutoPhase ap2(rt->gcStats, gcstats::PHASE_FREE_TI_ARENA);
rt->freeLifoAlloc.transferFrom(&analysisLifoAlloc);
rt->freeLifoAlloc.transferFrom(&oldAlloc);
}
}
NativeIterator *ni = enumerators->next();
while (ni != enumerators) {
JSObject *iterObj = ni->iterObj();
NativeIterator *next = ni->next();
if (gc::IsObjectAboutToBeFinalized(&iterObj))
ni->unlink();
ni = next;
}
active = false;
}
static bool
SuppressDeletedPropertyHelper(JSContext* cx, HandleObject obj, StringPredicate predicate)
{
NativeIterator* enumeratorList = cx->compartment()->enumerators;
NativeIterator* ni = enumeratorList->next();
while (ni != enumeratorList) {
again:
if (ni->obj == obj && ni->props_cursor < ni->props_end) {
/* Check whether id is still to come. */
GCPtrFlatString* props_cursor = ni->current();
GCPtrFlatString* props_end = ni->end();
for (GCPtrFlatString* idp = props_cursor; idp < props_end; ++idp) {
if (predicate(*idp)) {
/*
* Check whether another property along the prototype chain
* became visible as a result of this deletion.
*/
RootedObject proto(cx);
if (!GetPrototype(cx, obj, &proto))
return false;
if (proto) {
RootedId id(cx);
RootedValue idv(cx, StringValue(*idp));
if (!ValueToId<CanGC>(cx, idv, &id))
return false;
Rooted<PropertyDescriptor> desc(cx);
if (!GetPropertyDescriptor(cx, proto, id, &desc))
return false;
if (desc.object()) {
if (desc.enumerable())
continue;
}
}
/*
* If GetPropertyDescriptorById above removed a property from
* ni, start over.
*/
if (props_end != ni->props_end || props_cursor != ni->props_cursor)
goto again;
/*
* No property along the prototype chain stepped in to take the
* property's place, so go ahead and delete id from the list.
* If it is the next property to be enumerated, just skip it.
*/
if (idp == props_cursor) {
ni->incCursor();
} else {
for (GCPtrFlatString* p = idp; p + 1 != props_end; p++)
*p = *(p + 1);
ni->props_end = ni->end() - 1;
/*
* This invokes the pre barrier on this element, since
* it's no longer going to be marked, and ensures that
* any existing remembered set entry will be dropped.
*/
*ni->props_end = nullptr;
}
/* Don't reuse modified native iterators. */
ni->flags |= JSITER_UNREUSABLE;
if (predicate.matchesAtMostOne())
break;
}
}
}
ni = ni->next();
}
return true;
}
void
JSCompartment::sweep(FreeOp *fop, bool releaseTypes)
{
JS_ASSERT(!activeAnalysis);
JSRuntime *rt = runtimeFromMainThread();
{
gcstats::MaybeAutoPhase ap(rt->gc.stats, !rt->isHeapCompacting(),
gcstats::PHASE_SWEEP_TABLES_INNER_VIEWS);
innerViews.sweep(rt);
}
{
gcstats::MaybeAutoPhase ap(rt->gc.stats, !rt->isHeapCompacting(),
gcstats::PHASE_SWEEP_TABLES_WRAPPER);
sweepCrossCompartmentWrappers();
}
/* Remove dead references held weakly by the compartment. */
sweepBaseShapeTable();
sweepInitialShapeTable();
{
gcstats::MaybeAutoPhase ap(rt->gc.stats, !rt->isHeapCompacting(),
gcstats::PHASE_SWEEP_TABLES_TYPE_OBJECT);
sweepNewTypeObjectTable(newTypeObjects);
sweepNewTypeObjectTable(lazyTypeObjects);
}
sweepCallsiteClones();
savedStacks_.sweep(rt);
if (global_ && IsObjectAboutToBeFinalized(global_.unsafeGet())) {
if (debugMode())
Debugger::detachAllDebuggersFromGlobal(fop, global_);
global_.set(nullptr);
}
if (selfHostingScriptSource &&
IsObjectAboutToBeFinalized((JSObject **) selfHostingScriptSource.unsafeGet()))
{
selfHostingScriptSource.set(nullptr);
}
if (jitCompartment_)
jitCompartment_->sweep(fop, this);
/*
* JIT code increments activeWarmUpCounter for any RegExpShared used by jit
* code for the lifetime of the JIT script. Thus, we must perform
* sweeping after clearing jit code.
*/
regExps.sweep(rt);
if (debugScopes)
debugScopes->sweep(rt);
/* Finalize unreachable (key,value) pairs in all weak maps. */
WeakMapBase::sweepCompartment(this);
/* Sweep list of native iterators. */
NativeIterator *ni = enumerators->next();
while (ni != enumerators) {
JSObject *iterObj = ni->iterObj();
NativeIterator *next = ni->next();
if (gc::IsObjectAboutToBeFinalized(&iterObj))
ni->unlink();
ni = next;
}
}
