mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
6629d22907
- Bug 1170717 - Move heapState check up to readBarrier; r=jonco (b9c4df5ea) - Bug 1163908 - Export GL draw data to layerscope for drawing heat-map view. r=:djg (cf078d4fd) - Bug 1161372 - Add EventRegions on LayerScope. r=dglastonbury (49fc29e8a) - Files as of Bug 1138721 - Application reputation should check mac file extensions. r=mmc (4b76de8d8) - Bug 1024774 - Part 0: Upgrade the protobuf library. r=mmc,glandium (c98c08fbd) - Bug 1149397 - JS::ubi::Node::edges should return a mozilla::UniquePtr; r=jimb (32f755867) - Bug 1110039 - Part 1 - Add nsLayoutUtils::ClampRectToScrollFrames. r=roc (a8812c287) - Bug 1110039 - Part 2.1 - Add logger facility. r=roc (1a400bb1f) - Bug 1110039 - Part 2.2 - Add AccessibleCaret. r=roc (d8c2c759f) - Bug 1110039 - Part 2.3 - Add AccessibleCaretManager. r=roc (ba8ad6424) - Bug 1110039 - Part 2.4 - Add AccessibleCaretEventHub. r=roc (db4ef1fe6) - Bug 1110039 - Part 2.5 - Add all files to build system. r=roc (bee54dc43) - fix nsRefPtr includes - but build still broken (423d9f32d) - Bug 1110039 - Part 3 - Add gtest for AccessibleCaretEventHub. r=roc (cdf0df240) - Bug 1110039 - Part 4 - Hook new classes into the system. r=roc (438a4df68) - Bug 1109183 - Fix imports of the marionette client and remove spurious entry from sys.path provided by mach. r=ahal (86b814562) - Bug 1110039 - Part 5 - Reuse marionette tests for AccessibleCaret. r=roc (d5cd35016) - Bug 1110039 followup: Add 'override' keyword to Name() decl in Access# (cd0d9b0f6) - Bug 1140994 - Notify gaia to hide selection bubble when scrolling without APZ. r=roc (ca15626fa) - Bug 1143665 - Remove the ambiguous scroll position being passed around in scroll started/stop notifications. r=roc,ehsan (ce8f1d2a9) - Bug 1140238 - Part 1: Add a test to drag first caret over non-selectable. r=automatedtester (4080723fe) - Bug 1140238 - Part 2: Adjust ranges after changing selection direction. r=mats (add1f155d) - Bug 1140238 - Part 3: Clear maintain selection when dragging caret. r=mats (0aba36f24) - Bug 1024774 - Part 2: Implement a google::protobuf::ZeroCopyOutputStream wrapper around nsIOutputStream; r=jimb (30c6272d2) - Bug 1024774 - Part 3: Serialize heap snapshots. r=jimb (9d0c8f6ec) - Bug 1024774 - Part 1: Add the ChromeUtils WebIDL interface. r=bholley (8e81e8344) - Bug 1024774 - Part 4: Add an xpcshell test for saving heap snapshots. r=jimb (6e0a07069) - Bug 1024774 - Part 5: Add GTests for core dump serialization. r=jimb (79315c540) - clean up spurious char (9a1f9bc18) - Bug 1121528 - Avoid the inspector going blank when quickly navigating; r=bgrins (f4cff269f) - Bug 1155168 - Always use the same actor pool. r=ochameau (3e6cc5504) - Bug 1137527 - Part 1: Make the memory actor emit events for garbage collection. r=jryans (6dcdb18f8) - Bug 1137527 - Part 2: Add a test for GC MemoryActor events. r=jryans (df2bcf120) - Bug 1024774 - Part 6: Add a mochitest-chrome sanity check test. r=bholley (4b5bffe79) - Bug 1024774 - Part 7: Add HeapSnapshot WebIDL interface; r=bholley (7b5ae703a) - Bug 1024774 - Part 8: Add JS::ubi::Node::isLive; r=jimb (42a965f56) - Bug 1024774 - Part 9: Deserialize heap snapshots; r=jimb (fb3edfbc0) - Bug 1024774 - Part 10: Add an xpcshell test for reading heap snapshots. r=jimb (09c3390a1) - Bug 1024774 - Part 11: Implement a JS::ubi::Node specialization for DeserializedNode; r=jimb (d73362efe) - Bug 1024774 - Part 12: Add a GTest for the JS::ubi::Node specialization for DeserializedNode; r=jimb (4415acb73) - Bug 1024774 - Part 13: Change to new SpiderMonkey style from bug 1144366; r=me (15c4bcf87) - Bug 1024774 - Part 14: Ignore protobuf indirect calls in the GC hazard analysis; r=sfink (c5b141c59) - Bug 1024774 - Followup: Don't redefine the Debugger property in xpcshell tests; r=jorendorff (dc4f1f109) - Bug 1169791 - Strongly type NoteJSRoot; r=mccr8 (ba722a44f) - Bug 1169791 - Strongly type MergeZone; r=mccr8 (a118cf612) - Bug 1169791 - Strongly type GetTenuredGCThingZone; r=jonco, r=mccr8 (a4da82aea) - Bug 1171780 - We no longer need to cast out of barrieried types in GC; r=jonco (be83218fa) - Bug 1144361: Re-enable JIT code randomization on Win64. r=jandem (6c88b4312) - pointer style (458344bcd) - Bug 1156914 - Fix the MacroAssembler::pushValue(const Address&) footgun on 32 bit platforms. (r=jandem) (52d5c351d) - Bug 1156030 - Remove some obsolete static assertion macros from the tree; r=Waldo (84d8f3fea) - pointer style (ac3c92ce1) - Bug 1151323 - Handle loading unboxed int32 properties into floating point registers, r=jandem. (790920f3d) - Bug 1023297 - Use explicit constructors for ARM-specific classes. r=jandem (f7f12cd76) - Bug 1164229 - Rename ARM SetCond_ to SBit. r=efaust (c55e1d535) - Bug 977805 - Add an option to mark JIT pages as non-writable. r=luke bug 977805 - add missing #include. r=jandem (384abd6ad) - Bug 1173992 - Add ARM64 build support. r=glandium (540a7c784) - Bug 1170750 - Replace %f by %.16g in js/src. r=jandem (48f808c73) - Bug 1170750 - Use mfbt snprintf_literal instead of sprintf. r=jandem (3b2016484) - Bug 1170750 - jsprf.cpp: Sort headers properly. r=me (0956cd3a5) - Bug 923717 - Use structured control flow when testing for the forceInlineCaches option, r=nbp. (fc1dcef6e) - Bug 1158044 - Remove unused TypeWrapper class and untemplatize/cleanup some code. r=bhackett (a4d5de646) - Bug 1169355 - Remove unnecessary assertion, r=jandem. (f55c99552) - Bug 1162986 - Allow objects to be turned into singletons dynamically, r=jandem. (9c683e420) - Bug 1169731 - [[Call]] on a class constructor should throw. (r=jandem) (470895e3f) and fix for shared-js in UbiNode.h
691 lines
20 KiB
C++
691 lines
20 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* vim: set ts=8 sw=4 et tw=78:
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "gc/Nursery-inl.h"
|
|
|
|
#include "mozilla/IntegerPrintfMacros.h"
|
|
#include "mozilla/Move.h"
|
|
|
|
#include "jscompartment.h"
|
|
#include "jsgc.h"
|
|
#include "jsutil.h"
|
|
#include "prmjtime.h"
|
|
|
|
#include "gc/GCInternals.h"
|
|
#include "gc/Memory.h"
|
|
#include "jit/JitFrames.h"
|
|
#include "vm/ArrayObject.h"
|
|
#include "vm/Debugger.h"
|
|
#if defined(DEBUG)
|
|
#include "vm/ScopeObject.h"
|
|
#endif
|
|
#include "vm/TypedArrayObject.h"
|
|
#include "vm/TypeInference.h"
|
|
|
|
#include "jsobjinlines.h"
|
|
|
|
#include "vm/NativeObject-inl.h"
|
|
|
|
using namespace js;
|
|
using namespace gc;
|
|
|
|
using mozilla::ArrayLength;
|
|
using mozilla::PodCopy;
|
|
using mozilla::PodZero;
|
|
|
|
struct js::Nursery::FreeMallocedBuffersTask : public GCParallelTask
|
|
{
|
|
explicit FreeMallocedBuffersTask(FreeOp* fop) : fop_(fop) {}
|
|
bool init() { return buffers_.init(); }
|
|
void transferBuffersToFree(MallocedBuffersSet& buffersToFree);
|
|
~FreeMallocedBuffersTask() override { join(); }
|
|
|
|
private:
|
|
FreeOp* fop_;
|
|
MallocedBuffersSet buffers_;
|
|
|
|
virtual void run() override;
|
|
};
|
|
|
|
bool
|
|
js::Nursery::init(uint32_t maxNurseryBytes)
|
|
{
|
|
/* maxNurseryBytes parameter is rounded down to a multiple of chunk size. */
|
|
numNurseryChunks_ = maxNurseryBytes >> ChunkShift;
|
|
|
|
/* If no chunks are specified then the nursery is permenantly disabled. */
|
|
if (numNurseryChunks_ == 0)
|
|
return true;
|
|
|
|
if (!mallocedBuffers.init())
|
|
return false;
|
|
|
|
void* heap = MapAlignedPages(nurserySize(), Alignment);
|
|
if (!heap)
|
|
return false;
|
|
|
|
freeMallocedBuffersTask = js_new<FreeMallocedBuffersTask>(runtime()->defaultFreeOp());
|
|
if (!freeMallocedBuffersTask || !freeMallocedBuffersTask->init())
|
|
return false;
|
|
|
|
heapStart_ = uintptr_t(heap);
|
|
heapEnd_ = heapStart_ + nurserySize();
|
|
currentStart_ = start();
|
|
numActiveChunks_ = 1;
|
|
JS_POISON(heap, JS_FRESH_NURSERY_PATTERN, nurserySize());
|
|
setCurrentChunk(0);
|
|
updateDecommittedRegion();
|
|
|
|
char* env = getenv("JS_GC_PROFILE_NURSERY");
|
|
if (env) {
|
|
if (0 == strcmp(env, "help")) {
|
|
fprintf(stderr, "JS_GC_PROFILE_NURSERY=N\n\n"
|
|
"\tReport minor GC's taking more than N microseconds.");
|
|
exit(0);
|
|
}
|
|
enableProfiling_ = true;
|
|
profileThreshold_ = atoi(env);
|
|
}
|
|
|
|
MOZ_ASSERT(isEnabled());
|
|
return true;
|
|
}
|
|
|
|
js::Nursery::~Nursery()
|
|
{
|
|
if (start())
|
|
UnmapPages((void*)start(), nurserySize());
|
|
|
|
js_delete(freeMallocedBuffersTask);
|
|
}
|
|
|
|
void
|
|
js::Nursery::updateDecommittedRegion()
|
|
{
|
|
#ifndef JS_GC_ZEAL
|
|
if (numActiveChunks_ < numNurseryChunks_) {
|
|
// Bug 994054: madvise on MacOS is too slow to make this
|
|
// optimization worthwhile.
|
|
# ifndef XP_MACOSX
|
|
uintptr_t decommitStart = chunk(numActiveChunks_).start();
|
|
uintptr_t decommitSize = heapEnd() - decommitStart;
|
|
MOZ_ASSERT(decommitStart == AlignBytes(decommitStart, Alignment));
|
|
MOZ_ASSERT(decommitSize == AlignBytes(decommitStart, Alignment));
|
|
MarkPagesUnused((void*)decommitStart, decommitSize);
|
|
# endif
|
|
}
|
|
#endif
|
|
}
|
|
|
|
void
|
|
js::Nursery::enable()
|
|
{
|
|
MOZ_ASSERT(isEmpty());
|
|
MOZ_ASSERT(!runtime()->gc.isVerifyPreBarriersEnabled());
|
|
if (isEnabled())
|
|
return;
|
|
numActiveChunks_ = 1;
|
|
setCurrentChunk(0);
|
|
currentStart_ = position();
|
|
#ifdef JS_GC_ZEAL
|
|
if (runtime()->gcZeal() == ZealGenerationalGCValue)
|
|
enterZealMode();
|
|
#endif
|
|
}
|
|
|
|
void
|
|
js::Nursery::disable()
|
|
{
|
|
MOZ_ASSERT(isEmpty());
|
|
if (!isEnabled())
|
|
return;
|
|
numActiveChunks_ = 0;
|
|
currentEnd_ = 0;
|
|
updateDecommittedRegion();
|
|
}
|
|
|
|
bool
|
|
js::Nursery::isEmpty() const
|
|
{
|
|
MOZ_ASSERT(runtime_);
|
|
if (!isEnabled())
|
|
return true;
|
|
MOZ_ASSERT_IF(runtime_->gcZeal() != ZealGenerationalGCValue, currentStart_ == start());
|
|
return position() == currentStart_;
|
|
}
|
|
|
|
#ifdef JS_GC_ZEAL
|
|
void
|
|
js::Nursery::enterZealMode() {
|
|
if (isEnabled())
|
|
numActiveChunks_ = numNurseryChunks_;
|
|
}
|
|
|
|
void
|
|
js::Nursery::leaveZealMode() {
|
|
if (isEnabled()) {
|
|
MOZ_ASSERT(isEmpty());
|
|
setCurrentChunk(0);
|
|
currentStart_ = start();
|
|
}
|
|
}
|
|
#endif // JS_GC_ZEAL
|
|
|
|
JSObject*
|
|
js::Nursery::allocateObject(JSContext* cx, size_t size, size_t numDynamic, const js::Class* clasp)
|
|
{
|
|
/* Ensure there's enough space to replace the contents with a RelocationOverlay. */
|
|
MOZ_ASSERT(size >= sizeof(RelocationOverlay));
|
|
|
|
/*
|
|
* Classes with JSCLASS_SKIP_NURSERY_FINALIZE will not have their finalizer
|
|
* called if they are nursery allocated and not promoted to the tenured
|
|
* heap. The finalizers for these classes must do nothing except free data
|
|
* which was allocated via Nursery::allocateBuffer.
|
|
*/
|
|
MOZ_ASSERT_IF(clasp->finalize, clasp->flags & JSCLASS_SKIP_NURSERY_FINALIZE);
|
|
|
|
/* Make the object allocation. */
|
|
JSObject* obj = static_cast<JSObject*>(allocate(size));
|
|
if (!obj)
|
|
return nullptr;
|
|
|
|
/* If we want external slots, add them. */
|
|
HeapSlot* slots = nullptr;
|
|
if (numDynamic) {
|
|
slots = static_cast<HeapSlot*>(allocateBuffer(cx->zone(), numDynamic * sizeof(HeapSlot)));
|
|
if (!slots) {
|
|
/*
|
|
* It is safe to leave the allocated object uninitialized, since we
|
|
* do not visit unallocated things in the nursery.
|
|
*/
|
|
return nullptr;
|
|
}
|
|
}
|
|
|
|
/* Always initialize the slots field to match the JIT behavior. */
|
|
obj->setInitialSlotsMaybeNonNative(slots);
|
|
|
|
TraceNurseryAlloc(obj, size);
|
|
return obj;
|
|
}
|
|
|
|
void*
|
|
js::Nursery::allocate(size_t size)
|
|
{
|
|
MOZ_ASSERT(isEnabled());
|
|
MOZ_ASSERT(!runtime()->isHeapBusy());
|
|
MOZ_ASSERT(position() >= currentStart_);
|
|
|
|
if (currentEnd() < position() + size) {
|
|
if (currentChunk_ + 1 == numActiveChunks_)
|
|
return nullptr;
|
|
setCurrentChunk(currentChunk_ + 1);
|
|
}
|
|
|
|
void* thing = (void*)position();
|
|
position_ = position() + size;
|
|
|
|
JS_EXTRA_POISON(thing, JS_ALLOCATED_NURSERY_PATTERN, size);
|
|
return thing;
|
|
}
|
|
|
|
void*
|
|
js::Nursery::allocateBuffer(Zone* zone, uint32_t nbytes)
|
|
{
|
|
MOZ_ASSERT(nbytes > 0);
|
|
|
|
if (nbytes <= MaxNurseryBufferSize) {
|
|
void* buffer = allocate(nbytes);
|
|
if (buffer)
|
|
return buffer;
|
|
}
|
|
|
|
void* buffer = zone->pod_malloc<uint8_t>(nbytes);
|
|
if (buffer) {
|
|
/* If this put fails, we will only leak the slots. */
|
|
(void)mallocedBuffers.put(buffer);
|
|
}
|
|
return buffer;
|
|
}
|
|
|
|
void*
|
|
js::Nursery::allocateBuffer(JSObject* obj, uint32_t nbytes)
|
|
{
|
|
MOZ_ASSERT(obj);
|
|
MOZ_ASSERT(nbytes > 0);
|
|
|
|
if (!IsInsideNursery(obj))
|
|
return obj->zone()->pod_malloc<uint8_t>(nbytes);
|
|
return allocateBuffer(obj->zone(), nbytes);
|
|
}
|
|
|
|
void*
|
|
js::Nursery::reallocateBuffer(JSObject* obj, void* oldBuffer,
|
|
uint32_t oldBytes, uint32_t newBytes)
|
|
{
|
|
if (!IsInsideNursery(obj))
|
|
return obj->zone()->pod_realloc<uint8_t>((uint8_t*)oldBuffer, oldBytes, newBytes);
|
|
|
|
if (!isInside(oldBuffer)) {
|
|
void* newBuffer = obj->zone()->pod_realloc<uint8_t>((uint8_t*)oldBuffer, oldBytes, newBytes);
|
|
if (newBuffer && oldBytes != newBytes) {
|
|
removeMallocedBuffer(oldBuffer);
|
|
/* If this put fails, we will only leak the slots. */
|
|
(void)mallocedBuffers.put(newBuffer);
|
|
}
|
|
return newBuffer;
|
|
}
|
|
|
|
/* The nursery cannot make use of the returned slots data. */
|
|
if (newBytes < oldBytes)
|
|
return oldBuffer;
|
|
|
|
void* newBuffer = allocateBuffer(obj->zone(), newBytes);
|
|
if (newBuffer)
|
|
PodCopy((uint8_t*)newBuffer, (uint8_t*)oldBuffer, oldBytes);
|
|
return newBuffer;
|
|
}
|
|
|
|
void
|
|
js::Nursery::freeBuffer(void* buffer)
|
|
{
|
|
if (!isInside(buffer)) {
|
|
removeMallocedBuffer(buffer);
|
|
js_free(buffer);
|
|
}
|
|
}
|
|
|
|
void
|
|
Nursery::setForwardingPointer(void* oldData, void* newData, bool direct)
|
|
{
|
|
MOZ_ASSERT(isInside(oldData));
|
|
MOZ_ASSERT(!isInside(newData));
|
|
|
|
if (direct) {
|
|
*reinterpret_cast<void**>(oldData) = newData;
|
|
} else {
|
|
if (!forwardedBuffers.initialized() && !forwardedBuffers.init())
|
|
CrashAtUnhandlableOOM("Nursery::setForwardingPointer");
|
|
#ifdef DEBUG
|
|
if (ForwardedBufferMap::Ptr p = forwardedBuffers.lookup(oldData))
|
|
MOZ_ASSERT(p->value() == newData);
|
|
#endif
|
|
if (!forwardedBuffers.put(oldData, newData))
|
|
CrashAtUnhandlableOOM("Nursery::setForwardingPointer");
|
|
}
|
|
}
|
|
|
|
void
|
|
Nursery::setSlotsForwardingPointer(HeapSlot* oldSlots, HeapSlot* newSlots, uint32_t nslots)
|
|
{
|
|
// Slot arrays always have enough space for a forwarding pointer, since the
|
|
// number of slots is never zero.
|
|
MOZ_ASSERT(nslots > 0);
|
|
setForwardingPointer(oldSlots, newSlots, /* direct = */ true);
|
|
}
|
|
|
|
void
|
|
Nursery::setElementsForwardingPointer(ObjectElements* oldHeader, ObjectElements* newHeader,
|
|
uint32_t nelems)
|
|
{
|
|
// Only use a direct forwarding pointer if there is enough space for one.
|
|
setForwardingPointer(oldHeader->elements(), newHeader->elements(),
|
|
nelems > ObjectElements::VALUES_PER_HEADER);
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
static bool IsWriteableAddress(void* ptr)
|
|
{
|
|
volatile uint64_t* vPtr = reinterpret_cast<volatile uint64_t*>(ptr);
|
|
*vPtr = *vPtr;
|
|
return true;
|
|
}
|
|
#endif
|
|
|
|
void
|
|
js::Nursery::forwardBufferPointer(HeapSlot** pSlotsElems)
|
|
{
|
|
HeapSlot* old = *pSlotsElems;
|
|
|
|
if (!isInside(old))
|
|
return;
|
|
|
|
// The new location for this buffer is either stored inline with it or in
|
|
// the forwardedBuffers table.
|
|
do {
|
|
if (forwardedBuffers.initialized()) {
|
|
if (ForwardedBufferMap::Ptr p = forwardedBuffers.lookup(old)) {
|
|
*pSlotsElems = reinterpret_cast<HeapSlot*>(p->value());
|
|
break;
|
|
}
|
|
}
|
|
|
|
*pSlotsElems = *reinterpret_cast<HeapSlot**>(old);
|
|
} while (false);
|
|
|
|
MOZ_ASSERT(!isInside(*pSlotsElems));
|
|
MOZ_ASSERT(IsWriteableAddress(*pSlotsElems));
|
|
}
|
|
|
|
js::TenuringTracer::TenuringTracer(JSRuntime* rt, Nursery* nursery)
|
|
: JSTracer(rt, JSTracer::TracerKindTag::Tenuring, TraceWeakMapKeysValues)
|
|
, nursery_(*nursery)
|
|
, tenuredSize(0)
|
|
, head(nullptr)
|
|
, tail(&head)
|
|
{
|
|
rt->gc.incGcNumber();
|
|
}
|
|
|
|
#define TIME_START(name) int64_t timestampStart_##name = enableProfiling_ ? PRMJ_Now() : 0
|
|
#define TIME_END(name) int64_t timestampEnd_##name = enableProfiling_ ? PRMJ_Now() : 0
|
|
#define TIME_TOTAL(name) (timestampEnd_##name - timestampStart_##name)
|
|
|
|
void
|
|
js::Nursery::collect(JSRuntime* rt, JS::gcreason::Reason reason, ObjectGroupList* pretenureGroups)
|
|
{
|
|
if (rt->mainThread.suppressGC)
|
|
return;
|
|
|
|
JS_AbortIfWrongThread(rt);
|
|
|
|
StoreBuffer& sb = rt->gc.storeBuffer;
|
|
if (!isEnabled() || isEmpty()) {
|
|
/*
|
|
* Our barriers are not always exact, and there may be entries in the
|
|
* storebuffer even when the nursery is disabled or empty. It's not
|
|
* safe to keep these entries as they may refer to tenured cells which
|
|
* may be freed after this point.
|
|
*/
|
|
sb.clear();
|
|
return;
|
|
}
|
|
|
|
rt->gc.incMinorGcNumber();
|
|
|
|
rt->gc.stats.count(gcstats::STAT_MINOR_GC);
|
|
|
|
TraceMinorGCStart();
|
|
|
|
int64_t timestampStart_total = PRMJ_Now();
|
|
|
|
AutoTraceSession session(rt, JS::HeapState::MinorCollecting);
|
|
AutoStopVerifyingBarriers av(rt, false);
|
|
AutoDisableProxyCheck disableStrictProxyChecking(rt);
|
|
mozilla::DebugOnly<AutoEnterOOMUnsafeRegion> oomUnsafeRegion;
|
|
|
|
// Move objects pointed to by roots from the nursery to the major heap.
|
|
TenuringTracer mover(rt, this);
|
|
|
|
// Mark the store buffer. This must happen first.
|
|
|
|
TIME_START(cancelIonCompilations);
|
|
if (sb.cancelIonCompilations()) {
|
|
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next())
|
|
jit::StopAllOffThreadCompilations(c);
|
|
}
|
|
TIME_END(cancelIonCompilations);
|
|
|
|
TIME_START(traceValues);
|
|
sb.traceValues(mover);
|
|
TIME_END(traceValues);
|
|
|
|
TIME_START(traceCells);
|
|
sb.traceCells(mover);
|
|
TIME_END(traceCells);
|
|
|
|
TIME_START(traceSlots);
|
|
sb.traceSlots(mover);
|
|
TIME_END(traceSlots);
|
|
|
|
TIME_START(traceWholeCells);
|
|
sb.traceWholeCells(mover);
|
|
TIME_END(traceWholeCells);
|
|
|
|
TIME_START(traceRelocatableValues);
|
|
sb.traceRelocatableValues(mover);
|
|
TIME_END(traceRelocatableValues);
|
|
|
|
TIME_START(traceRelocatableCells);
|
|
sb.traceRelocatableCells(mover);
|
|
TIME_END(traceRelocatableCells);
|
|
|
|
TIME_START(traceGenericEntries);
|
|
sb.traceGenericEntries(&mover);
|
|
TIME_END(traceGenericEntries);
|
|
|
|
TIME_START(markRuntime);
|
|
rt->gc.markRuntime(&mover);
|
|
TIME_END(markRuntime);
|
|
|
|
TIME_START(markDebugger);
|
|
{
|
|
gcstats::AutoPhase ap(rt->gc.stats, gcstats::PHASE_MARK_ROOTS);
|
|
Debugger::markAll(&mover);
|
|
}
|
|
TIME_END(markDebugger);
|
|
|
|
TIME_START(clearNewObjectCache);
|
|
rt->newObjectCache.clearNurseryObjects(rt);
|
|
TIME_END(clearNewObjectCache);
|
|
|
|
// Most of the work is done here. This loop iterates over objects that have
|
|
// been moved to the major heap. If these objects have any outgoing pointers
|
|
// to the nursery, then those nursery objects get moved as well, until no
|
|
// objects are left to move. That is, we iterate to a fixed point.
|
|
TIME_START(collectToFP);
|
|
TenureCountCache tenureCounts;
|
|
collectToFixedPoint(mover, tenureCounts);
|
|
TIME_END(collectToFP);
|
|
|
|
// Update the array buffer object's view lists.
|
|
TIME_START(sweepArrayBufferViewList);
|
|
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next()) {
|
|
if (c->innerViews.needsSweepAfterMinorGC())
|
|
c->innerViews.sweepAfterMinorGC(rt);
|
|
}
|
|
TIME_END(sweepArrayBufferViewList);
|
|
|
|
// Update any slot or element pointers whose destination has been tenured.
|
|
TIME_START(updateJitActivations);
|
|
js::jit::UpdateJitActivationsForMinorGC(rt, &mover);
|
|
forwardedBuffers.finish();
|
|
TIME_END(updateJitActivations);
|
|
|
|
// Sweep.
|
|
TIME_START(freeMallocedBuffers);
|
|
freeMallocedBuffers();
|
|
TIME_END(freeMallocedBuffers);
|
|
|
|
TIME_START(sweep);
|
|
sweep();
|
|
TIME_END(sweep);
|
|
|
|
TIME_START(clearStoreBuffer);
|
|
rt->gc.storeBuffer.clear();
|
|
TIME_END(clearStoreBuffer);
|
|
|
|
// Make sure hashtables have been updated after the collection.
|
|
TIME_START(checkHashTables);
|
|
#ifdef JS_GC_ZEAL
|
|
if (rt->gcZeal() == ZealCheckHashTablesOnMinorGC)
|
|
CheckHashTablesAfterMovingGC(rt);
|
|
#endif
|
|
TIME_END(checkHashTables);
|
|
|
|
// Resize the nursery.
|
|
TIME_START(resize);
|
|
double promotionRate = mover.tenuredSize / double(allocationEnd() - start());
|
|
if (promotionRate > 0.05)
|
|
growAllocableSpace();
|
|
else if (promotionRate < 0.01)
|
|
shrinkAllocableSpace();
|
|
TIME_END(resize);
|
|
|
|
// If we are promoting the nursery, or exhausted the store buffer with
|
|
// pointers to nursery things, which will force a collection well before
|
|
// the nursery is full, look for object groups that are getting promoted
|
|
// excessively and try to pretenure them.
|
|
TIME_START(pretenure);
|
|
if (pretenureGroups && (promotionRate > 0.8 || reason == JS::gcreason::FULL_STORE_BUFFER)) {
|
|
for (size_t i = 0; i < ArrayLength(tenureCounts.entries); i++) {
|
|
const TenureCount& entry = tenureCounts.entries[i];
|
|
if (entry.count >= 3000)
|
|
(void)pretenureGroups->append(entry.group); // ignore alloc failure
|
|
}
|
|
}
|
|
TIME_END(pretenure);
|
|
|
|
// We ignore gcMaxBytes when allocating for minor collection. However, if we
|
|
// overflowed, we disable the nursery. The next time we allocate, we'll fail
|
|
// because gcBytes >= gcMaxBytes.
|
|
if (rt->gc.usage.gcBytes() >= rt->gc.tunables.gcMaxBytes())
|
|
disable();
|
|
|
|
int64_t totalTime = PRMJ_Now() - timestampStart_total;
|
|
|
|
TraceMinorGCEnd();
|
|
|
|
if (enableProfiling_ && totalTime >= profileThreshold_) {
|
|
static bool printedHeader = false;
|
|
if (!printedHeader) {
|
|
fprintf(stderr,
|
|
"MinorGC: Reason PRate Size Time mkVals mkClls mkSlts mkWCll mkRVal mkRCll mkGnrc ckTbls mkRntm mkDbgr clrNOC collct swpABO updtIn runFin frSlts clrSB sweep resize pretnr\n");
|
|
printedHeader = true;
|
|
}
|
|
|
|
#define FMT " %6" PRIu64
|
|
fprintf(stderr,
|
|
"MinorGC: %20s %5.1f%% %4d" FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT FMT "\n",
|
|
js::gcstats::ExplainReason(reason),
|
|
promotionRate * 100,
|
|
numActiveChunks_,
|
|
totalTime,
|
|
TIME_TOTAL(cancelIonCompilations),
|
|
TIME_TOTAL(traceValues),
|
|
TIME_TOTAL(traceCells),
|
|
TIME_TOTAL(traceSlots),
|
|
TIME_TOTAL(traceWholeCells),
|
|
TIME_TOTAL(traceRelocatableValues),
|
|
TIME_TOTAL(traceRelocatableCells),
|
|
TIME_TOTAL(traceGenericEntries),
|
|
TIME_TOTAL(checkHashTables),
|
|
TIME_TOTAL(markRuntime),
|
|
TIME_TOTAL(markDebugger),
|
|
TIME_TOTAL(clearNewObjectCache),
|
|
TIME_TOTAL(collectToFP),
|
|
TIME_TOTAL(sweepArrayBufferViewList),
|
|
TIME_TOTAL(updateJitActivations),
|
|
TIME_TOTAL(freeMallocedBuffers),
|
|
TIME_TOTAL(clearStoreBuffer),
|
|
TIME_TOTAL(sweep),
|
|
TIME_TOTAL(resize),
|
|
TIME_TOTAL(pretenure));
|
|
#undef FMT
|
|
}
|
|
}
|
|
|
|
#undef TIME_START
|
|
#undef TIME_END
|
|
#undef TIME_TOTAL
|
|
|
|
void
|
|
js::Nursery::FreeMallocedBuffersTask::transferBuffersToFree(MallocedBuffersSet& buffersToFree)
|
|
{
|
|
// Transfer the contents of the source set to the task's buffers_ member by
|
|
// swapping the sets, which also clears the source.
|
|
MOZ_ASSERT(!isRunning());
|
|
MOZ_ASSERT(buffers_.empty());
|
|
mozilla::Swap(buffers_, buffersToFree);
|
|
}
|
|
|
|
void
|
|
js::Nursery::FreeMallocedBuffersTask::run()
|
|
{
|
|
for (MallocedBuffersSet::Range r = buffers_.all(); !r.empty(); r.popFront())
|
|
fop_->free_(r.front());
|
|
buffers_.clear();
|
|
}
|
|
|
|
void
|
|
js::Nursery::freeMallocedBuffers()
|
|
{
|
|
if (mallocedBuffers.empty())
|
|
return;
|
|
|
|
bool started;
|
|
{
|
|
AutoLockHelperThreadState lock;
|
|
freeMallocedBuffersTask->joinWithLockHeld();
|
|
freeMallocedBuffersTask->transferBuffersToFree(mallocedBuffers);
|
|
started = freeMallocedBuffersTask->startWithLockHeld();
|
|
}
|
|
|
|
if (!started)
|
|
freeMallocedBuffersTask->runFromMainThread(runtime());
|
|
|
|
MOZ_ASSERT(mallocedBuffers.empty());
|
|
}
|
|
|
|
void
|
|
js::Nursery::waitBackgroundFreeEnd()
|
|
{
|
|
freeMallocedBuffersTask->join();
|
|
}
|
|
|
|
void
|
|
js::Nursery::sweep()
|
|
{
|
|
#ifdef JS_GC_ZEAL
|
|
/* Poison the nursery contents so touching a freed object will crash. */
|
|
JS_POISON((void*)start(), JS_SWEPT_NURSERY_PATTERN, nurserySize());
|
|
for (int i = 0; i < numNurseryChunks_; ++i)
|
|
initChunk(i);
|
|
|
|
if (runtime()->gcZeal() == ZealGenerationalGCValue) {
|
|
MOZ_ASSERT(numActiveChunks_ == numNurseryChunks_);
|
|
|
|
/* Only reset the alloc point when we are close to the end. */
|
|
if (currentChunk_ + 1 == numNurseryChunks_)
|
|
setCurrentChunk(0);
|
|
} else
|
|
#endif
|
|
{
|
|
#ifdef JS_CRASH_DIAGNOSTICS
|
|
JS_POISON((void*)start(), JS_SWEPT_NURSERY_PATTERN, allocationEnd() - start());
|
|
for (int i = 0; i < numActiveChunks_; ++i)
|
|
chunk(i).trailer.runtime = runtime();
|
|
#endif
|
|
setCurrentChunk(0);
|
|
}
|
|
|
|
/* Set current start position for isEmpty checks. */
|
|
currentStart_ = position();
|
|
}
|
|
|
|
void
|
|
js::Nursery::growAllocableSpace()
|
|
{
|
|
#ifdef JS_GC_ZEAL
|
|
MOZ_ASSERT_IF(runtime()->gcZeal() == ZealGenerationalGCValue,
|
|
numActiveChunks_ == numNurseryChunks_);
|
|
#endif
|
|
numActiveChunks_ = Min(numActiveChunks_ * 2, numNurseryChunks_);
|
|
}
|
|
|
|
void
|
|
js::Nursery::shrinkAllocableSpace()
|
|
{
|
|
#ifdef JS_GC_ZEAL
|
|
if (runtime()->gcZeal() == ZealGenerationalGCValue)
|
|
return;
|
|
#endif
|
|
numActiveChunks_ = Max(numActiveChunks_ - 1, 1);
|
|
updateDecommittedRegion();
|
|
}
|