638 lines
22 KiB
C++
638 lines
22 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef vm_ArrayBufferObject_h
|
|
#define vm_ArrayBufferObject_h
|
|
|
|
#include "mozilla/Maybe.h"
|
|
|
|
#include "jsobj.h"
|
|
|
|
#include "builtin/TypedObjectConstants.h"
|
|
#include "js/GCHashTable.h"
|
|
#include "vm/Runtime.h"
|
|
#include "vm/SharedMem.h"
|
|
|
|
typedef struct JSProperty JSProperty;
|
|
|
|
namespace js {
|
|
|
|
class ArrayBufferViewObject;
|
|
class WasmArrayRawBuffer;
|
|
|
|
// The inheritance hierarchy for the various classes relating to typed arrays
|
|
// is as follows.
|
|
//
|
|
// - NativeObject
|
|
// - ArrayBufferObjectMaybeShared
|
|
// - ArrayBufferObject
|
|
// - SharedArrayBufferObject
|
|
// - DataViewObject
|
|
// - TypedArrayObject (declared in vm/TypedArrayObject.h)
|
|
// - TypedArrayObjectTemplate
|
|
// - Int8ArrayObject
|
|
// - Uint8ArrayObject
|
|
// - ...
|
|
// - JSObject
|
|
// - ArrayBufferViewObject
|
|
// - TypedObject (declared in builtin/TypedObject.h)
|
|
//
|
|
// Note that |TypedArrayObjectTemplate| is just an implementation
|
|
// detail that makes implementing its various subclasses easier.
|
|
//
|
|
// ArrayBufferObject and SharedArrayBufferObject are unrelated data types:
|
|
// the racy memory of the latter cannot substitute for the non-racy memory of
|
|
// the former; the non-racy memory of the former cannot be used with the atomics;
|
|
// the former can be detached and the latter not. Hence they have been
|
|
// separated completely.
|
|
//
|
|
// Most APIs will only accept ArrayBufferObject. ArrayBufferObjectMaybeShared
|
|
// exists as a join point to allow APIs that can take or use either, notably AsmJS.
|
|
//
|
|
// In contrast with the separation of ArrayBufferObject and
|
|
// SharedArrayBufferObject, the TypedArray types can map either.
|
|
//
|
|
// The possible data ownership and reference relationships with ArrayBuffers
|
|
// and related classes are enumerated below. These are the possible locations
|
|
// for typed data:
|
|
//
|
|
// (1) malloc'ed or mmap'ed data owned by an ArrayBufferObject.
|
|
// (2) Data allocated inline with an ArrayBufferObject.
|
|
// (3) Data allocated inline with a TypedArrayObject.
|
|
// (4) Data allocated inline with an InlineTypedObject.
|
|
//
|
|
// An ArrayBufferObject may point to any of these sources of data, except (3).
|
|
// All array buffer views may point to any of these sources of data, except
|
|
// that (3) may only be pointed to by the typed array the data is inline with.
|
|
//
|
|
// During a minor GC, (3) and (4) may move. During a compacting GC, (2), (3),
|
|
// and (4) may move.
|
|
|
|
class ArrayBufferObjectMaybeShared;
|
|
|
|
uint32_t AnyArrayBufferByteLength(const ArrayBufferObjectMaybeShared* buf);
|
|
mozilla::Maybe<uint32_t> WasmArrayBufferMaxSize(const ArrayBufferObjectMaybeShared* buf);
|
|
size_t WasmArrayBufferMappedSize(const ArrayBufferObjectMaybeShared* buf);
|
|
bool WasmArrayBufferGrowForWasm(ArrayBufferObjectMaybeShared* buf, uint32_t delta);
|
|
bool AnyArrayBufferIsPreparedForAsmJS(const ArrayBufferObjectMaybeShared* buf);
|
|
ArrayBufferObjectMaybeShared& AsAnyArrayBuffer(HandleValue val);
|
|
|
|
class ArrayBufferObjectMaybeShared : public NativeObject
|
|
{
|
|
public:
|
|
uint32_t byteLength() {
|
|
return AnyArrayBufferByteLength(this);
|
|
}
|
|
|
|
inline bool isDetached() const;
|
|
|
|
inline SharedMem<uint8_t*> dataPointerEither();
|
|
|
|
// WebAssembly support:
|
|
// Note: the eventual goal is to remove this from ArrayBuffer and have
|
|
// (Shared)ArrayBuffers alias memory owned by some wasm::Memory object.
|
|
|
|
mozilla::Maybe<uint32_t> wasmMaxSize() const {
|
|
return WasmArrayBufferMaxSize(this);
|
|
}
|
|
size_t wasmMappedSize() const {
|
|
return WasmArrayBufferMappedSize(this);
|
|
}
|
|
#ifndef WASM_HUGE_MEMORY
|
|
uint32_t wasmBoundsCheckLimit() const;
|
|
#endif
|
|
|
|
bool isPreparedForAsmJS() const {
|
|
return AnyArrayBufferIsPreparedForAsmJS(this);
|
|
}
|
|
};
|
|
|
|
typedef Rooted<ArrayBufferObjectMaybeShared*> RootedArrayBufferObjectMaybeShared;
|
|
typedef Handle<ArrayBufferObjectMaybeShared*> HandleArrayBufferObjectMaybeShared;
|
|
typedef MutableHandle<ArrayBufferObjectMaybeShared*> MutableHandleArrayBufferObjectMaybeShared;
|
|
|
|
/*
|
|
* ArrayBufferObject
|
|
*
|
|
* This class holds the underlying raw buffer that the various ArrayBufferViews
|
|
* (eg DataViewObject, the TypedArrays, TypedObjects) access. It can be created
|
|
* explicitly and used to construct an ArrayBufferView, or can be created
|
|
* lazily when it is first accessed for a TypedArrayObject or TypedObject that
|
|
* doesn't have an explicit buffer.
|
|
*
|
|
* ArrayBufferObject (or really the underlying memory) /is not racy/: the
|
|
* memory is private to a single worker.
|
|
*/
|
|
class ArrayBufferObject : public ArrayBufferObjectMaybeShared
|
|
{
|
|
static bool byteLengthGetterImpl(JSContext* cx, const CallArgs& args);
|
|
static bool fun_slice_impl(JSContext* cx, const CallArgs& args);
|
|
|
|
public:
|
|
static const uint8_t DATA_SLOT = 0;
|
|
static const uint8_t BYTE_LENGTH_SLOT = 1;
|
|
static const uint8_t FIRST_VIEW_SLOT = 2;
|
|
static const uint8_t FLAGS_SLOT = 3;
|
|
|
|
static const uint8_t RESERVED_SLOTS = 4;
|
|
|
|
static const size_t ARRAY_BUFFER_ALIGNMENT = 8;
|
|
|
|
static_assert(FLAGS_SLOT == JS_ARRAYBUFFER_FLAGS_SLOT,
|
|
"self-hosted code with burned-in constants must get the "
|
|
"right flags slot");
|
|
|
|
public:
|
|
|
|
enum OwnsState {
|
|
DoesntOwnData = 0,
|
|
OwnsData = 1,
|
|
};
|
|
|
|
enum BufferKind {
|
|
PLAIN = 0, // malloced or inline data
|
|
WASM = 1,
|
|
MAPPED = 2,
|
|
|
|
KIND_MASK = 0x3
|
|
};
|
|
|
|
protected:
|
|
|
|
enum ArrayBufferFlags {
|
|
// The flags also store the BufferKind
|
|
BUFFER_KIND_MASK = BufferKind::KIND_MASK,
|
|
|
|
DETACHED = 0x4,
|
|
|
|
// The dataPointer() is owned by this buffer and should be released
|
|
// when no longer in use. Releasing the pointer may be done by either
|
|
// freeing or unmapping it, and how to do this is determined by the
|
|
// buffer's other flags.
|
|
//
|
|
// Array buffers which do not own their data include buffers that
|
|
// allocate their data inline, and buffers that are created lazily for
|
|
// typed objects with inline storage, in which case the buffer points
|
|
// directly to the typed object's storage.
|
|
OWNS_DATA = 0x8,
|
|
|
|
// This array buffer was created lazily for a typed object with inline
|
|
// data. This implies both that the typed object owns the buffer's data
|
|
// and that the list of views sharing this buffer's data might be
|
|
// incomplete. Any missing views will be typed objects.
|
|
FOR_INLINE_TYPED_OBJECT = 0x10,
|
|
|
|
// Views of this buffer might include typed objects.
|
|
TYPED_OBJECT_VIEWS = 0x20,
|
|
|
|
// This PLAIN or WASM buffer has been prepared for asm.js and cannot
|
|
// henceforth be transferred/detached.
|
|
FOR_ASMJS = 0x40
|
|
};
|
|
|
|
static_assert(JS_ARRAYBUFFER_DETACHED_FLAG == DETACHED,
|
|
"self-hosted code with burned-in constants must use the "
|
|
"correct DETACHED bit value");
|
|
public:
|
|
|
|
class BufferContents {
|
|
uint8_t* data_;
|
|
BufferKind kind_;
|
|
|
|
friend class ArrayBufferObject;
|
|
|
|
BufferContents(uint8_t* data, BufferKind kind) : data_(data), kind_(kind) {
|
|
MOZ_ASSERT((kind_ & ~KIND_MASK) == 0);
|
|
}
|
|
|
|
public:
|
|
|
|
template<BufferKind Kind>
|
|
static BufferContents create(void* data)
|
|
{
|
|
return BufferContents(static_cast<uint8_t*>(data), Kind);
|
|
}
|
|
|
|
static BufferContents createPlain(void* data)
|
|
{
|
|
return BufferContents(static_cast<uint8_t*>(data), PLAIN);
|
|
}
|
|
|
|
uint8_t* data() const { return data_; }
|
|
BufferKind kind() const { return kind_; }
|
|
|
|
explicit operator bool() const { return data_ != nullptr; }
|
|
WasmArrayRawBuffer* wasmBuffer() const;
|
|
};
|
|
|
|
static const Class class_;
|
|
|
|
static bool byteLengthGetter(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool fun_slice(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool fun_isView(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool fun_species(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool class_constructor(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static ArrayBufferObject* create(JSContext* cx, uint32_t nbytes,
|
|
BufferContents contents,
|
|
OwnsState ownsState = OwnsData,
|
|
HandleObject proto = nullptr,
|
|
NewObjectKind newKind = GenericObject);
|
|
static ArrayBufferObject* create(JSContext* cx, uint32_t nbytes,
|
|
HandleObject proto = nullptr,
|
|
NewObjectKind newKind = GenericObject);
|
|
|
|
// Create an ArrayBufferObject that is safely finalizable and can later be
|
|
// initialize()d to become a real, content-visible ArrayBufferObject.
|
|
static ArrayBufferObject* createEmpty(JSContext* cx);
|
|
|
|
static bool createDataViewForThisImpl(JSContext* cx, const CallArgs& args);
|
|
static bool createDataViewForThis(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
template<typename T>
|
|
static bool createTypedArrayFromBufferImpl(JSContext* cx, const CallArgs& args);
|
|
|
|
template<typename T>
|
|
static bool createTypedArrayFromBuffer(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static void copyData(Handle<ArrayBufferObject*> toBuffer,
|
|
Handle<ArrayBufferObject*> fromBuffer,
|
|
uint32_t fromIndex, uint32_t count);
|
|
|
|
static void trace(JSTracer* trc, JSObject* obj);
|
|
static void objectMoved(JSObject* obj, const JSObject* old);
|
|
|
|
static BufferContents externalizeContents(JSContext* cx,
|
|
Handle<ArrayBufferObject*> buffer,
|
|
bool hasStealableContents);
|
|
static BufferContents stealContents(JSContext* cx,
|
|
Handle<ArrayBufferObject*> buffer,
|
|
bool hasStealableContents);
|
|
|
|
bool hasStealableContents() const {
|
|
// Inline elements strictly adhere to the corresponding buffer.
|
|
return ownsData() && !isPreparedForAsmJS() && !isWasm();
|
|
}
|
|
|
|
static void addSizeOfExcludingThis(JSObject* obj, mozilla::MallocSizeOf mallocSizeOf,
|
|
JS::ClassInfo* info);
|
|
|
|
// ArrayBufferObjects (strongly) store the first view added to them, while
|
|
// later views are (weakly) stored in the compartment's InnerViewTable
|
|
// below. Buffers usually only have one view, so this slot optimizes for
|
|
// the common case. Avoiding entries in the InnerViewTable saves memory and
|
|
// non-incrementalized sweep time.
|
|
ArrayBufferViewObject* firstView();
|
|
|
|
bool addView(JSContext* cx, JSObject* view);
|
|
|
|
void setNewData(FreeOp* fop, BufferContents newContents, OwnsState ownsState);
|
|
void changeContents(JSContext* cx, BufferContents newContents, OwnsState ownsState);
|
|
|
|
// Detach this buffer from its original memory. (This necessarily makes
|
|
// views of this buffer unusable for modifying that original memory.)
|
|
static void
|
|
detach(JSContext* cx, Handle<ArrayBufferObject*> buffer, BufferContents newContents);
|
|
|
|
private:
|
|
void changeViewContents(JSContext* cx, ArrayBufferViewObject* view,
|
|
uint8_t* oldDataPointer, BufferContents newContents);
|
|
void setFirstView(ArrayBufferViewObject* view);
|
|
|
|
uint8_t* inlineDataPointer() const;
|
|
|
|
public:
|
|
uint8_t* dataPointer() const;
|
|
SharedMem<uint8_t*> dataPointerShared() const;
|
|
uint32_t byteLength() const;
|
|
|
|
BufferContents contents() const {
|
|
return BufferContents(dataPointer(), bufferKind());
|
|
}
|
|
bool hasInlineData() const {
|
|
return dataPointer() == inlineDataPointer();
|
|
}
|
|
|
|
void releaseData(FreeOp* fop);
|
|
|
|
/*
|
|
* Check if the arrayBuffer contains any data. This will return false for
|
|
* ArrayBuffer.prototype and detached ArrayBuffers.
|
|
*/
|
|
bool hasData() const {
|
|
return getClass() == &class_;
|
|
}
|
|
|
|
BufferKind bufferKind() const { return BufferKind(flags() & BUFFER_KIND_MASK); }
|
|
bool isPlain() const { return bufferKind() == PLAIN; }
|
|
bool isWasm() const { return bufferKind() == WASM; }
|
|
bool isMapped() const { return bufferKind() == MAPPED; }
|
|
bool isDetached() const { return flags() & DETACHED; }
|
|
bool isPreparedForAsmJS() const { return flags() & FOR_ASMJS; }
|
|
|
|
// WebAssembly support:
|
|
static ArrayBufferObject* createForWasm(JSContext* cx, uint32_t initialSize,
|
|
mozilla::Maybe<uint32_t> maxSize);
|
|
static MOZ_MUST_USE bool prepareForAsmJS(JSContext* cx, Handle<ArrayBufferObject*> buffer,
|
|
bool needGuard);
|
|
size_t wasmMappedSize() const;
|
|
mozilla::Maybe<uint32_t> wasmMaxSize() const;
|
|
static MOZ_MUST_USE bool wasmGrowToSizeInPlace(uint32_t newSize,
|
|
Handle<ArrayBufferObject*> oldBuf,
|
|
MutableHandle<ArrayBufferObject*> newBuf,
|
|
JSContext* cx);
|
|
#ifndef WASM_HUGE_MEMORY
|
|
static MOZ_MUST_USE bool wasmMovingGrowToSize(uint32_t newSize,
|
|
Handle<ArrayBufferObject*> oldBuf,
|
|
MutableHandle<ArrayBufferObject*> newBuf,
|
|
JSContext* cx);
|
|
uint32_t wasmBoundsCheckLimit() const;
|
|
#endif
|
|
|
|
static void finalize(FreeOp* fop, JSObject* obj);
|
|
|
|
static BufferContents createMappedContents(int fd, size_t offset, size_t length);
|
|
|
|
static size_t offsetOfFlagsSlot() {
|
|
return getFixedSlotOffset(FLAGS_SLOT);
|
|
}
|
|
static size_t offsetOfDataSlot() {
|
|
return getFixedSlotOffset(DATA_SLOT);
|
|
}
|
|
|
|
void setForInlineTypedObject() {
|
|
setFlags(flags() | FOR_INLINE_TYPED_OBJECT);
|
|
}
|
|
void setHasTypedObjectViews() {
|
|
setFlags(flags() | TYPED_OBJECT_VIEWS);
|
|
}
|
|
|
|
bool forInlineTypedObject() const { return flags() & FOR_INLINE_TYPED_OBJECT; }
|
|
|
|
protected:
|
|
void setDataPointer(BufferContents contents, OwnsState ownsState);
|
|
void setByteLength(uint32_t length);
|
|
|
|
uint32_t flags() const;
|
|
void setFlags(uint32_t flags);
|
|
|
|
bool ownsData() const { return flags() & OWNS_DATA; }
|
|
void setOwnsData(OwnsState owns) {
|
|
setFlags(owns ? (flags() | OWNS_DATA) : (flags() & ~OWNS_DATA));
|
|
}
|
|
|
|
bool hasTypedObjectViews() const { return flags() & TYPED_OBJECT_VIEWS; }
|
|
|
|
void setIsDetached() { setFlags(flags() | DETACHED); }
|
|
void setIsPreparedForAsmJS() { setFlags(flags() | FOR_ASMJS); }
|
|
|
|
void initialize(size_t byteLength, BufferContents contents, OwnsState ownsState) {
|
|
setByteLength(byteLength);
|
|
setFlags(0);
|
|
setFirstView(nullptr);
|
|
setDataPointer(contents, ownsState);
|
|
}
|
|
|
|
// Note: initialize() may be called after initEmpty(); initEmpty() must
|
|
// only initialize the ArrayBufferObject to a safe, finalizable state.
|
|
void initEmpty() {
|
|
setByteLength(0);
|
|
setFlags(0);
|
|
setFirstView(nullptr);
|
|
setDataPointer(BufferContents::createPlain(nullptr), DoesntOwnData);
|
|
}
|
|
};
|
|
|
|
typedef Rooted<ArrayBufferObject*> RootedArrayBufferObject;
|
|
typedef Handle<ArrayBufferObject*> HandleArrayBufferObject;
|
|
typedef MutableHandle<ArrayBufferObject*> MutableHandleArrayBufferObject;
|
|
|
|
/*
|
|
* ArrayBufferViewObject
|
|
*
|
|
* Common definitions shared by all array buffer views.
|
|
*/
|
|
|
|
class ArrayBufferViewObject : public JSObject
|
|
{
|
|
public:
|
|
static ArrayBufferObjectMaybeShared* bufferObject(JSContext* cx, Handle<ArrayBufferViewObject*> obj);
|
|
|
|
void notifyBufferDetached(JSContext* cx, void* newData);
|
|
|
|
#ifdef DEBUG
|
|
bool isSharedMemory();
|
|
#endif
|
|
|
|
// By construction we only need unshared variants here. See
|
|
// comments in ArrayBufferObject.cpp.
|
|
uint8_t* dataPointerUnshared(const JS::AutoRequireNoGC&);
|
|
void setDataPointerUnshared(uint8_t* data);
|
|
|
|
static void trace(JSTracer* trc, JSObject* obj);
|
|
};
|
|
|
|
bool
|
|
ToClampedIndex(JSContext* cx, HandleValue v, uint32_t length, uint32_t* out);
|
|
|
|
/*
|
|
* Tests for ArrayBufferObject, like obj->is<ArrayBufferObject>().
|
|
*/
|
|
bool IsArrayBuffer(HandleValue v);
|
|
bool IsArrayBuffer(HandleObject obj);
|
|
bool IsArrayBuffer(JSObject* obj);
|
|
ArrayBufferObject& AsArrayBuffer(HandleObject obj);
|
|
ArrayBufferObject& AsArrayBuffer(JSObject* obj);
|
|
|
|
extern uint32_t JS_FASTCALL
|
|
ClampDoubleToUint8(const double x);
|
|
|
|
struct uint8_clamped {
|
|
uint8_t val;
|
|
|
|
uint8_clamped() = default;
|
|
uint8_clamped(const uint8_clamped& other) = default;
|
|
|
|
// invoke our assignment helpers for constructor conversion
|
|
explicit uint8_clamped(uint8_t x) { *this = x; }
|
|
explicit uint8_clamped(uint16_t x) { *this = x; }
|
|
explicit uint8_clamped(uint32_t x) { *this = x; }
|
|
explicit uint8_clamped(int8_t x) { *this = x; }
|
|
explicit uint8_clamped(int16_t x) { *this = x; }
|
|
explicit uint8_clamped(int32_t x) { *this = x; }
|
|
explicit uint8_clamped(double x) { *this = x; }
|
|
|
|
uint8_clamped& operator=(const uint8_clamped& x) = default;
|
|
|
|
uint8_clamped& operator=(uint8_t x) {
|
|
val = x;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(uint16_t x) {
|
|
val = (x > 255) ? 255 : uint8_t(x);
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(uint32_t x) {
|
|
val = (x > 255) ? 255 : uint8_t(x);
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int8_t x) {
|
|
val = (x >= 0) ? uint8_t(x) : 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int16_t x) {
|
|
val = (x >= 0)
|
|
? ((x < 255)
|
|
? uint8_t(x)
|
|
: 255)
|
|
: 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int32_t x) {
|
|
val = (x >= 0)
|
|
? ((x < 255)
|
|
? uint8_t(x)
|
|
: 255)
|
|
: 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(const double x) {
|
|
val = uint8_t(ClampDoubleToUint8(x));
|
|
return *this;
|
|
}
|
|
|
|
operator uint8_t() const {
|
|
return val;
|
|
}
|
|
|
|
void staticAsserts() {
|
|
static_assert(sizeof(uint8_clamped) == 1,
|
|
"uint8_clamped must be layout-compatible with uint8_t");
|
|
}
|
|
};
|
|
|
|
/* Note that we can't use std::numeric_limits here due to uint8_clamped. */
|
|
template<typename T> inline bool TypeIsFloatingPoint() { return false; }
|
|
template<> inline bool TypeIsFloatingPoint<float>() { return true; }
|
|
template<> inline bool TypeIsFloatingPoint<double>() { return true; }
|
|
|
|
template<typename T> inline bool TypeIsUnsigned() { return false; }
|
|
template<> inline bool TypeIsUnsigned<uint8_t>() { return true; }
|
|
template<> inline bool TypeIsUnsigned<uint16_t>() { return true; }
|
|
template<> inline bool TypeIsUnsigned<uint32_t>() { return true; }
|
|
|
|
// Per-compartment table that manages the relationship between array buffers
|
|
// and the views that use their storage.
|
|
class InnerViewTable
|
|
{
|
|
public:
|
|
typedef Vector<ArrayBufferViewObject*, 1, SystemAllocPolicy> ViewVector;
|
|
|
|
friend class ArrayBufferObject;
|
|
friend class WeakCacheBase<InnerViewTable>;
|
|
|
|
private:
|
|
struct MapGCPolicy {
|
|
static bool needsSweep(JSObject** key, ViewVector* value) {
|
|
return InnerViewTable::sweepEntry(key, *value);
|
|
}
|
|
};
|
|
|
|
// This key is a raw pointer and not a ReadBarriered because the post-
|
|
// barrier would hold nursery-allocated entries live unconditionally. It is
|
|
// a very common pattern in low-level and performance-oriented JavaScript
|
|
// to create hundreds or thousands of very short lived temporary views on a
|
|
// larger buffer; having to tenured all of these would be a catastrophic
|
|
// performance regression. Thus, it is vital that nursery pointers in this
|
|
// map not be held live. Special support is required in the minor GC,
|
|
// implemented in sweepAfterMinorGC.
|
|
typedef GCHashMap<JSObject*,
|
|
ViewVector,
|
|
MovableCellHasher<JSObject*>,
|
|
SystemAllocPolicy,
|
|
MapGCPolicy> Map;
|
|
|
|
// For all objects sharing their storage with some other view, this maps
|
|
// the object to the list of such views. All entries in this map are weak.
|
|
Map map;
|
|
|
|
// List of keys from innerViews where either the source or at least one
|
|
// target is in the nursery. The raw pointer to a JSObject is allowed here
|
|
// because this vector is cleared after every minor collection. Users in
|
|
// sweepAfterMinorCollection must be careful to use MaybeForwarded before
|
|
// touching these pointers.
|
|
Vector<JSObject*, 0, SystemAllocPolicy> nurseryKeys;
|
|
|
|
// Whether nurseryKeys is a complete list.
|
|
bool nurseryKeysValid;
|
|
|
|
// Sweep an entry during GC, returning whether the entry should be removed.
|
|
static bool sweepEntry(JSObject** pkey, ViewVector& views);
|
|
|
|
bool addView(JSContext* cx, ArrayBufferObject* obj, ArrayBufferViewObject* view);
|
|
ViewVector* maybeViewsUnbarriered(ArrayBufferObject* obj);
|
|
void removeViews(ArrayBufferObject* obj);
|
|
|
|
public:
|
|
InnerViewTable()
|
|
: nurseryKeysValid(true)
|
|
{}
|
|
|
|
// Remove references to dead objects in the table and update table entries
|
|
// to reflect moved objects.
|
|
void sweep();
|
|
void sweepAfterMinorGC();
|
|
|
|
bool needsSweepAfterMinorGC() const {
|
|
return !nurseryKeys.empty() || !nurseryKeysValid;
|
|
}
|
|
|
|
size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf);
|
|
};
|
|
|
|
template <>
|
|
class WeakCacheBase<InnerViewTable>
|
|
{
|
|
InnerViewTable& table() {
|
|
return static_cast<JS::WeakCache<InnerViewTable>*>(this)->get();
|
|
}
|
|
const InnerViewTable& table() const {
|
|
return static_cast<const JS::WeakCache<InnerViewTable>*>(this)->get();
|
|
}
|
|
|
|
public:
|
|
InnerViewTable::ViewVector* maybeViewsUnbarriered(ArrayBufferObject* obj) {
|
|
return table().maybeViewsUnbarriered(obj);
|
|
}
|
|
void removeViews(ArrayBufferObject* obj) { table().removeViews(obj); }
|
|
void sweepAfterMinorGC() { table().sweepAfterMinorGC(); }
|
|
bool needsSweepAfterMinorGC() const { return table().needsSweepAfterMinorGC(); }
|
|
size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) {
|
|
return table().sizeOfExcludingThis(mallocSizeOf);
|
|
}
|
|
};
|
|
|
|
} // namespace js
|
|
|
|
template <>
|
|
bool
|
|
JSObject::is<js::ArrayBufferViewObject>() const;
|
|
|
|
template <>
|
|
bool
|
|
JSObject::is<js::ArrayBufferObjectMaybeShared>() const;
|
|
|
|
#endif // vm_ArrayBufferObject_h
|