Google Git
Sign in
webkit / WebKit / c5a1ccdb197a68efac4c94e42a8782d998706e57 / . / Source / JavaScriptCore / heap / Heap.cpp
blob: 63d1503d8eb2b3996aed0dbd49bec53ffc845d86 [file] [log] [blame]
/*
* Copyright (C) 2003-2022 Apple Inc. All rights reserved.
* Copyright (C) 2007 Eric Seidel <eric@webkit.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include "config.h"
#include "Heap.h"
#include "BuiltinExecutables.h"
#include "CodeBlock.h"
#include "CodeBlockSetInlines.h"
#include "CollectingScope.h"
#include "ConservativeRoots.h"
#include "EdenGCActivityCallback.h"
#include "Exception.h"
#include "FastMallocAlignedMemoryAllocator.h"
#include "FullGCActivityCallback.h"
#include "FunctionExecutableInlines.h"
#include "GCActivityCallback.h"
#include "GCIncomingRefCountedInlines.h"
#include "GCIncomingRefCountedSetInlines.h"
#include "GCSegmentedArrayInlines.h"
#include "GCTypeMap.h"
#include "GigacageAlignedMemoryAllocator.h"
#include "HasOwnPropertyCache.h"
#include "HeapHelperPool.h"
#include "HeapIterationScope.h"
#include "HeapProfiler.h"
#include "HeapSnapshot.h"
#include "HeapSubspaceTypes.h"
#include "HeapVerifier.h"
#include "IncrementalSweeper.h"
#include "Interpreter.h"
#include "IsoCellSetInlines.h"
#include "IsoInlinedHeapCellTypeInlines.h"
#include "IsoSubspacePerVM.h"
#include "JITStubRoutineSet.h"
#include "JITWorklistInlines.h"
#include "JSFinalizationRegistry.h"
#include "JSRemoteFunction.h"
#include "JSVirtualMachineInternal.h"
#include "JSWeakMap.h"
#include "JSWeakObjectRef.h"
#include "JSWeakSet.h"
#include "MachineStackMarker.h"
#include "MarkStackMergingConstraint.h"
#include "MarkedJSValueRefArray.h"
#include "MarkedSpaceInlines.h"
#include "MarkingConstraintSet.h"
#include "PreventCollectionScope.h"
#include "SamplingProfiler.h"
#include "ShadowChicken.h"
#include "SpaceTimeMutatorScheduler.h"
#include "StochasticSpaceTimeMutatorScheduler.h"
#include "StopIfNecessaryTimer.h"
#include "StructureAlignedMemoryAllocator.h"
#include "SubspaceInlines.h"
#include "SuperSampler.h"
#include "SweepingScope.h"
#include "SymbolTableInlines.h"
#include "SynchronousStopTheWorldMutatorScheduler.h"
#include "TypeProfiler.h"
#include "TypeProfilerLog.h"
#include "VM.h"
#include "VerifierSlotVisitorInlines.h"
#include "WeakMapImplInlines.h"
#include "WeakSetInlines.h"
#include <algorithm>
#include <wtf/CryptographicallyRandomNumber.h>
#include <wtf/ListDump.h>
#include <wtf/RAMSize.h>
#include <wtf/Scope.h>
#include <wtf/SimpleStats.h>
#include <wtf/Threading.h>
#if USE(BMALLOC_MEMORY_FOOTPRINT_API)
#include <bmalloc/bmalloc.h>
#endif
#if USE(FOUNDATION)
#include <wtf/spi/cocoa/objcSPI.h>
#endif
#ifdef JSC_GLIB_API_ENABLED
#include "JSCGLibWrapperObject.h"
#endif
namespace JSC {
namespace {
static constexpr bool verboseStop = false;
double maxPauseMS(double thisPauseMS)
{
static double maxPauseMS;
maxPauseMS = std::max(thisPauseMS, maxPauseMS);
return maxPauseMS;
}
size_t minHeapSize(HeapType heapType, size_t ramSize)
{
if (heapType == HeapType::Large) {
double result = std::min(
static_cast<double>(Options::largeHeapSize()),
ramSize * Options::smallHeapRAMFraction());
return static_cast<size_t>(result);
}
return Options::smallHeapSize();
}
size_t proportionalHeapSize(size_t heapSize, size_t ramSize)
{
if (VM::isInMiniMode())
return Options::miniVMHeapGrowthFactor() * heapSize;
#if USE(BMALLOC_MEMORY_FOOTPRINT_API)
size_t memoryFootprint = bmalloc::api::memoryFootprint();
if (memoryFootprint < ramSize * Options::smallHeapRAMFraction())
return Options::smallHeapGrowthFactor() * heapSize;
if (memoryFootprint < ramSize * Options::mediumHeapRAMFraction())
return Options::mediumHeapGrowthFactor() * heapSize;
#else
if (heapSize < ramSize * Options::smallHeapRAMFraction())
return Options::smallHeapGrowthFactor() * heapSize;
if (heapSize < ramSize * Options::mediumHeapRAMFraction())
return Options::mediumHeapGrowthFactor() * heapSize;
#endif
return Options::largeHeapGrowthFactor() * heapSize;
}
void recordType(TypeCountSet& set, JSCell* cell)
{
const char* typeName = "[unknown]";
const ClassInfo* info = cell->classInfo();
if (info && info->className)
typeName = info->className;
set.add(typeName);
}
constexpr bool measurePhaseTiming()
{
return false;
}
HashMap<const char*, GCTypeMap<SimpleStats>>& timingStats()
{
static HashMap<const char*, GCTypeMap<SimpleStats>>* result;
static std::once_flag once;
std::call_once(
once,
[] {
result = new HashMap<const char*, GCTypeMap<SimpleStats>>();
});
return *result;
}
SimpleStats& timingStats(const char* name, CollectionScope scope)
{
return timingStats().add(name, GCTypeMap<SimpleStats>()).iterator->value[scope];
}
class TimingScope {
public:
TimingScope(std::optional<CollectionScope> scope, const char* name)
: m_scope(scope)
, m_name(name)
{
if (measurePhaseTiming())
m_before = MonotonicTime::now();
}
TimingScope(Heap& heap, const char* name)
: TimingScope(heap.collectionScope(), name)
{
}
void setScope(std::optional<CollectionScope> scope)
{
m_scope = scope;
}
void setScope(Heap& heap)
{
setScope(heap.collectionScope());
}
~TimingScope()
{
if (measurePhaseTiming()) {
MonotonicTime after = MonotonicTime::now();
Seconds timing = after - m_before;
SimpleStats& stats = timingStats(m_name, *m_scope);
stats.add(timing.milliseconds());
dataLog("[GC:", *m_scope, "] ", m_name, " took: ", timing.milliseconds(), "ms (average ", stats.mean(), "ms).\n");
}
}
private:
std::optional<CollectionScope> m_scope;
MonotonicTime m_before;
const char* m_name;
};
} // anonymous namespace
class Heap::HeapThread final : public AutomaticThread {
public:
HeapThread(const AbstractLocker& locker, Heap& heap)
: AutomaticThread(locker, heap.m_threadLock, heap.m_threadCondition.copyRef())
, m_heap(heap)
{
}
const char* name() const final
{
return "JSC Heap Collector Thread";
}
private:
PollResult poll(const AbstractLocker& locker) final
{
if (m_heap.m_threadShouldStop) {
m_heap.notifyThreadStopping(locker);
return PollResult::Stop;
}
if (m_heap.shouldCollectInCollectorThread(locker)) {
m_heap.m_collectorThreadIsRunning = true;
return PollResult::Work;
}
m_heap.m_collectorThreadIsRunning = false;
return PollResult::Wait;
}
WorkResult work() final
{
m_heap.collectInCollectorThread();
return WorkResult::Continue;
}
void threadDidStart() final
{
Thread::registerGCThread(GCThreadType::Main);
}
void threadIsStopping(const AbstractLocker&) final
{
m_heap.m_collectorThreadIsRunning = false;
}
Heap& m_heap;
};
#define INIT_SERVER_ISO_SUBSPACE(name, heapCellType, type) \
, name ISO_SUBSPACE_INIT(*this, heapCellType, type)
#define INIT_SERVER_STRUCTURE_ISO_SUBSPACE(name, heapCellType, type) \
, name("Isolated" #name "Space", *this, heapCellType, WTF::roundUpToMultipleOf<type::atomSize>(sizeof(type)), type::numberOfLowerTierCells, makeUnique<StructureAlignedMemoryAllocator>("Structure"))
Heap::Heap(VM& vm, HeapType heapType)
: m_heapType(heapType)
, m_ramSize(Options::forceRAMSize() ? Options::forceRAMSize() : ramSize())
, m_minBytesPerCycle(minHeapSize(m_heapType, m_ramSize))
, m_maxEdenSize(m_minBytesPerCycle)
, m_maxHeapSize(m_minBytesPerCycle)
, m_objectSpace(this)
, m_machineThreads(makeUnique<MachineThreads>())
, m_collectorSlotVisitor(makeUnique<SlotVisitor>(*this, "C"))
, m_mutatorSlotVisitor(makeUnique<SlotVisitor>(*this, "M"))
, m_mutatorMarkStack(makeUnique<MarkStackArray>())
, m_raceMarkStack(makeUnique<MarkStackArray>())
, m_constraintSet(makeUnique<MarkingConstraintSet>(*this))
, m_handleSet(vm)
, m_codeBlocks(makeUnique<CodeBlockSet>())
, m_jitStubRoutines(makeUnique<JITStubRoutineSet>())
// We seed with 10ms so that GCActivityCallback::didAllocate doesn't continuously
// schedule the timer if we've never done a collection.
, m_fullActivityCallback(GCActivityCallback::tryCreateFullTimer(this))
, m_edenActivityCallback(GCActivityCallback::tryCreateEdenTimer(this))
, m_sweeper(adoptRef(*new IncrementalSweeper(this)))
, m_stopIfNecessaryTimer(adoptRef(*new StopIfNecessaryTimer(vm)))
, m_sharedCollectorMarkStack(makeUnique<MarkStackArray>())
, m_sharedMutatorMarkStack(makeUnique<MarkStackArray>())
, m_helperClient(&heapHelperPool())
, m_threadLock(Box<Lock>::create())
, m_threadCondition(AutomaticThreadCondition::create())
// HeapCellTypes
, auxiliaryHeapCellType(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary))
, immutableButterflyHeapCellType(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCellWithIndexingHeader))
, cellHeapCellType(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell))
, destructibleCellHeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
, apiGlobalObjectHeapCellType(IsoHeapCellType::Args<JSAPIGlobalObject>())
, callbackConstructorHeapCellType(IsoHeapCellType::Args<JSCallbackConstructor>())
, callbackGlobalObjectHeapCellType(IsoHeapCellType::Args<JSCallbackObject<JSGlobalObject>>())
, callbackObjectHeapCellType(IsoHeapCellType::Args<JSCallbackObject<JSNonFinalObject>>())
, customGetterFunctionHeapCellType(IsoHeapCellType::Args<JSCustomGetterFunction>())
, customSetterFunctionHeapCellType(IsoHeapCellType::Args<JSCustomSetterFunction>())
, dateInstanceHeapCellType(IsoHeapCellType::Args<DateInstance>())
, errorInstanceHeapCellType(IsoHeapCellType::Args<ErrorInstance>())
, finalizationRegistryCellType(IsoHeapCellType::Args<JSFinalizationRegistry>())
, globalLexicalEnvironmentHeapCellType(IsoHeapCellType::Args<JSGlobalLexicalEnvironment>())
, globalObjectHeapCellType(IsoHeapCellType::Args<JSGlobalObject>())
, injectedScriptHostSpaceHeapCellType(IsoHeapCellType::Args<Inspector::JSInjectedScriptHost>())
, javaScriptCallFrameHeapCellType(IsoHeapCellType::Args<Inspector::JSJavaScriptCallFrame>())
, jsModuleRecordHeapCellType(IsoHeapCellType::Args<JSModuleRecord>())
, moduleNamespaceObjectHeapCellType(IsoHeapCellType::Args<JSModuleNamespaceObject>())
, nativeStdFunctionHeapCellType(IsoHeapCellType::Args<JSNativeStdFunction>())
, weakMapHeapCellType(IsoHeapCellType::Args<JSWeakMap>())
, weakSetHeapCellType(IsoHeapCellType::Args<JSWeakSet>())
#if JSC_OBJC_API_ENABLED
, apiWrapperObjectHeapCellType(IsoHeapCellType::Args<JSCallbackObject<JSAPIWrapperObject>>())
, objCCallbackFunctionHeapCellType(IsoHeapCellType::Args<ObjCCallbackFunction>())
#endif
#ifdef JSC_GLIB_API_ENABLED
, apiWrapperObjectHeapCellType(IsoHeapCellType::Args<JSCallbackObject<JSAPIWrapperObject>>())
, callbackAPIWrapperGlobalObjectHeapCellType(IsoHeapCellType::Args<JSCallbackObject<JSAPIWrapperGlobalObject>>())
, jscCallbackFunctionHeapCellType(IsoHeapCellType::Args<JSCCallbackFunction>())
#endif
, intlCollatorHeapCellType(IsoHeapCellType::Args<IntlCollator>())
, intlDateTimeFormatHeapCellType(IsoHeapCellType::Args<IntlDateTimeFormat>())
, intlDisplayNamesHeapCellType(IsoHeapCellType::Args<IntlDisplayNames>())
, intlListFormatHeapCellType(IsoHeapCellType::Args<IntlListFormat>())
, intlLocaleHeapCellType(IsoHeapCellType::Args<IntlLocale>())
, intlNumberFormatHeapCellType(IsoHeapCellType::Args<IntlNumberFormat>())
, intlPluralRulesHeapCellType(IsoHeapCellType::Args<IntlPluralRules>())
, intlRelativeTimeFormatHeapCellType(IsoHeapCellType::Args<IntlRelativeTimeFormat>())
, intlSegmentIteratorHeapCellType(IsoHeapCellType::Args<IntlSegmentIterator>())
, intlSegmenterHeapCellType(IsoHeapCellType::Args<IntlSegmenter>())
, intlSegmentsHeapCellType(IsoHeapCellType::Args<IntlSegments>())
#if ENABLE(WEBASSEMBLY)
, webAssemblyExceptionHeapCellType(IsoHeapCellType::Args<JSWebAssemblyException>())
, webAssemblyFunctionHeapCellType(IsoHeapCellType::Args<WebAssemblyFunction>())
, webAssemblyGlobalHeapCellType(IsoHeapCellType::Args<JSWebAssemblyGlobal>())
, webAssemblyInstanceHeapCellType(IsoHeapCellType::Args<JSWebAssemblyInstance>())
, webAssemblyMemoryHeapCellType(IsoHeapCellType::Args<JSWebAssemblyMemory>())
, webAssemblyModuleHeapCellType(IsoHeapCellType::Args<JSWebAssemblyModule>())
, webAssemblyModuleRecordHeapCellType(IsoHeapCellType::Args<WebAssemblyModuleRecord>())
, webAssemblyTableHeapCellType(IsoHeapCellType::Args<JSWebAssemblyTable>())
, webAssemblyTagHeapCellType(IsoHeapCellType::Args<JSWebAssemblyTag>())
#endif
// AlignedMemoryAllocators
, fastMallocAllocator(makeUnique<FastMallocAlignedMemoryAllocator>())
, primitiveGigacageAllocator(makeUnique<GigacageAlignedMemoryAllocator>(Gigacage::Primitive))
, jsValueGigacageAllocator(makeUnique<GigacageAlignedMemoryAllocator>(Gigacage::JSValue))
// Subspaces
, primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", *this, auxiliaryHeapCellType, primitiveGigacageAllocator.get()) // Hash:0x3e7cd762
, jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", *this, auxiliaryHeapCellType, jsValueGigacageAllocator.get()) // Hash:0x241e946
, immutableButterflyJSValueGigacageAuxiliarySpace("ImmutableButterfly Gigacage JSCellWithIndexingHeader", *this, immutableButterflyHeapCellType, jsValueGigacageAllocator.get()) // Hash:0x7a945300
, cellSpace("JSCell", *this, cellHeapCellType, fastMallocAllocator.get()) // Hash:0xadfb5a79
, variableSizedCellSpace("Variable Sized JSCell", *this, cellHeapCellType, fastMallocAllocator.get()) // Hash:0xbcd769cc
, destructibleObjectSpace("JSDestructibleObject", *this, destructibleObjectHeapCellType, fastMallocAllocator.get()) // Hash:0x4f5ed7a9
FOR_EACH_JSC_COMMON_ISO_SUBSPACE(INIT_SERVER_ISO_SUBSPACE)
FOR_EACH_JSC_STRUCTURE_ISO_SUBSPACE(INIT_SERVER_STRUCTURE_ISO_SUBSPACE)
, codeBlockSpaceAndSet ISO_SUBSPACE_INIT(*this, destructibleCellHeapCellType, CodeBlock) // Hash:0x77e66ec9
, functionExecutableSpaceAndSet ISO_SUBSPACE_INIT(*this, destructibleCellHeapCellType, FunctionExecutable) // Hash:0x5d158f3
, programExecutableSpaceAndSet ISO_SUBSPACE_INIT(*this, destructibleCellHeapCellType, ProgramExecutable) // Hash:0x527c77e7
, unlinkedFunctionExecutableSpaceAndSet ISO_SUBSPACE_INIT(*this, destructibleCellHeapCellType, UnlinkedFunctionExecutable) // Hash:0xf6b828d9
{
m_worldState.store(0);
for (unsigned i = 0, numberOfParallelThreads = heapHelperPool().numberOfThreads(); i < numberOfParallelThreads; ++i) {
std::unique_ptr<SlotVisitor> visitor = makeUnique<SlotVisitor>(*this, toCString("P", i + 1));
if (Options::optimizeParallelSlotVisitorsForStoppedMutator())
visitor->optimizeForStoppedMutator();
m_availableParallelSlotVisitors.append(visitor.get());
m_parallelSlotVisitors.append(WTFMove(visitor));
}
if (Options::useConcurrentGC()) {
if (Options::useStochasticMutatorScheduler())
m_scheduler = makeUnique<StochasticSpaceTimeMutatorScheduler>(*this);
else
m_scheduler = makeUnique<SpaceTimeMutatorScheduler>(*this);
} else {
// We simulate turning off concurrent GC by making the scheduler say that the world
// should always be stopped when the collector is running.
m_scheduler = makeUnique<SynchronousStopTheWorldMutatorScheduler>();
}
if (Options::verifyHeap())
m_verifier = makeUnique<HeapVerifier>(this, Options::numberOfGCCyclesToRecordForVerification());
m_collectorSlotVisitor->optimizeForStoppedMutator();
// When memory is critical, allow allocating 25% of the amount above the critical threshold before collecting.
size_t memoryAboveCriticalThreshold = static_cast<size_t>(static_cast<double>(m_ramSize) * (1.0 - Options::criticalGCMemoryThreshold()));
m_maxEdenSizeWhenCritical = memoryAboveCriticalThreshold / 4;
Locker locker { *m_threadLock };
m_thread = adoptRef(new HeapThread(locker, *this));
}
#undef INIT_SERVER_ISO_SUBSPACE
#undef INIT_SERVER_STRUCTURE_ISO_SUBSPACE
Heap::~Heap()
{
// Scribble m_worldState to make it clear that the heap has already been destroyed if we crash in checkConn
m_worldState.store(0xbadbeeffu);
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitor.clearMarkStacks();
});
m_mutatorMarkStack->clear();
m_raceMarkStack->clear();
for (WeakBlock* block : m_logicallyEmptyWeakBlocks)
WeakBlock::destroy(*this, block);
for (auto* perVMIsoSubspace : perVMIsoSubspaces)
perVMIsoSubspace->releaseIsoSubspace(*this);
}
bool Heap::isPagedOut()
{
return m_objectSpace.isPagedOut();
}
void Heap::dumpHeapStatisticsAtVMDestruction()
{
unsigned counter = 0;
m_objectSpace.forEachBlock([&] (MarkedBlock::Handle* block) {
unsigned live = 0;
block->forEachCell([&] (size_t, HeapCell* cell, HeapCell::Kind) {
if (cell->isLive())
live++;
return IterationStatus::Continue;
});
dataLogLn("[", counter++, "] ", block->cellSize(), ", ", live, " / ", block->cellsPerBlock(), " ", static_cast<double>(live) / block->cellsPerBlock() * 100, "% ", block->attributes(), " ", block->subspace()->name());
block->forEachCell([&] (size_t, HeapCell* heapCell, HeapCell::Kind kind) {
if (heapCell->isLive() && kind == HeapCell::Kind::JSCell) {
auto* cell = static_cast<JSCell*>(heapCell);
if (cell->isObject())
dataLogLn(" ", JSValue((JSObject*)cell));
else
dataLogLn(" ", *cell);
}
return IterationStatus::Continue;
});
});
}
// The VM is being destroyed and the collector will never run again.
// Run all pending finalizers now because we won't get another chance.
void Heap::lastChanceToFinalize()
{
MonotonicTime before;
if (UNLIKELY(Options::logGC())) {
before = MonotonicTime::now();
dataLog("[GC<", RawPointer(this), ">: shutdown ");
}
m_isShuttingDown = true;
RELEASE_ASSERT(!vm().entryScope);
RELEASE_ASSERT(m_mutatorState == MutatorState::Running);
if (m_collectContinuouslyThread) {
{
Locker locker { m_collectContinuouslyLock };
m_shouldStopCollectingContinuously = true;
m_collectContinuouslyCondition.notifyOne();
}
m_collectContinuouslyThread->waitForCompletion();
}
dataLogIf(Options::logGC(), "1");
// Prevent new collections from being started. This is probably not even necessary, since we're not
// going to call into anything that starts collections. Still, this makes the algorithm more
// obviously sound.
m_isSafeToCollect = false;
dataLogIf(Options::logGC(), "2");
bool isCollecting;
{
Locker locker { *m_threadLock };
RELEASE_ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
isCollecting = m_lastServedTicket < m_lastGrantedTicket;
}
if (isCollecting) {
dataLogIf(Options::logGC(), "...]\n");
// Wait for the current collection to finish.
waitForCollector(
[&] (const AbstractLocker&) -> bool {
RELEASE_ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
return m_lastServedTicket == m_lastGrantedTicket;
});
dataLogIf(Options::logGC(), "[GC<", RawPointer(this), ">: shutdown ");
}
dataLogIf(Options::logGC(), "3");
RELEASE_ASSERT(m_requests.isEmpty());
RELEASE_ASSERT(m_lastServedTicket == m_lastGrantedTicket);
// Carefully bring the thread down.
bool stopped = false;
{
Locker locker { *m_threadLock };
stopped = m_thread->tryStop(locker);
m_threadShouldStop = true;
if (!stopped)
m_threadCondition->notifyOne(locker);
}
dataLogIf(Options::logGC(), "4");
if (!stopped)
m_thread->join();
dataLogIf(Options::logGC(), "5 ");
if (UNLIKELY(Options::dumpHeapStatisticsAtVMDestruction()))
dumpHeapStatisticsAtVMDestruction();
m_arrayBuffers.lastChanceToFinalize();
m_objectSpace.stopAllocatingForGood();
m_objectSpace.lastChanceToFinalize();
releaseDelayedReleasedObjects();
sweepAllLogicallyEmptyWeakBlocks();
m_objectSpace.freeMemory();
dataLogIf(Options::logGC(), (MonotonicTime::now() - before).milliseconds(), "ms]\n");
}
void Heap::releaseDelayedReleasedObjects()
{
#if USE(FOUNDATION) || defined(JSC_GLIB_API_ENABLED)
// We need to guard against the case that releasing an object can create more objects due to the
// release calling into JS. When those JS call(s) exit and all locks are being dropped we end up
// back here and could try to recursively release objects. We guard that with a recursive entry
// count. Only the initial call will release objects, recursive calls simple return and let the
// the initial call to the function take care of any objects created during release time.
// This also means that we need to loop until there are no objects in m_delayedReleaseObjects
// and use a temp Vector for the actual releasing.
if (!m_delayedReleaseRecursionCount++) {
while (!m_delayedReleaseObjects.isEmpty()) {
ASSERT(vm().currentThreadIsHoldingAPILock());
auto objectsToRelease = WTFMove(m_delayedReleaseObjects);
{
// We need to drop locks before calling out to arbitrary code.
JSLock::DropAllLocks dropAllLocks(vm());
#if USE(FOUNDATION)
void* context = objc_autoreleasePoolPush();
#endif
objectsToRelease.clear();
#if USE(FOUNDATION)
objc_autoreleasePoolPop(context);
#endif
}
}
}
m_delayedReleaseRecursionCount--;
#endif
}
void Heap::reportExtraMemoryAllocatedSlowCase(size_t size)
{
didAllocate(size);
collectIfNecessaryOrDefer();
}
void Heap::deprecatedReportExtraMemorySlowCase(size_t size)
{
// FIXME: Change this to use SaturatedArithmetic when available.
// https://bugs.webkit.org/show_bug.cgi?id=170411
CheckedSize checkedNewSize = m_deprecatedExtraMemorySize;
checkedNewSize += size;
m_deprecatedExtraMemorySize = UNLIKELY(checkedNewSize.hasOverflowed()) ? std::numeric_limits<size_t>::max() : checkedNewSize.value();
reportExtraMemoryAllocatedSlowCase(size);
}
bool Heap::overCriticalMemoryThreshold(MemoryThresholdCallType memoryThresholdCallType)
{
#if USE(BMALLOC_MEMORY_FOOTPRINT_API)
if (memoryThresholdCallType == MemoryThresholdCallType::Direct || ++m_percentAvailableMemoryCachedCallCount >= 100) {
m_overCriticalMemoryThreshold = bmalloc::api::percentAvailableMemoryInUse() > Options::criticalGCMemoryThreshold();
m_percentAvailableMemoryCachedCallCount = 0;
}
return m_overCriticalMemoryThreshold;
#else
UNUSED_PARAM(memoryThresholdCallType);
return false;
#endif
}
void Heap::reportAbandonedObjectGraph()
{
// Our clients don't know exactly how much memory they
// are abandoning so we just guess for them.
size_t abandonedBytes = static_cast<size_t>(0.1 * capacity());
// We want to accelerate the next collection. Because memory has just
// been abandoned, the next collection has the potential to
// be more profitable. Since allocation is the trigger for collection,
// we hasten the next collection by pretending that we've allocated more memory.
if (m_fullActivityCallback) {
m_fullActivityCallback->didAllocate(*this,
m_sizeAfterLastCollect - m_sizeAfterLastFullCollect + m_bytesAllocatedThisCycle + m_bytesAbandonedSinceLastFullCollect);
}
m_bytesAbandonedSinceLastFullCollect += abandonedBytes;
}
void Heap::protect(JSValue k)
{
ASSERT(k);
ASSERT(vm().currentThreadIsHoldingAPILock());
if (!k.isCell())
return;
m_protectedValues.add(k.asCell());
}
bool Heap::unprotect(JSValue k)
{
ASSERT(k);
ASSERT(vm().currentThreadIsHoldingAPILock());
if (!k.isCell())
return false;
return m_protectedValues.remove(k.asCell());
}
void Heap::addReference(JSCell* cell, ArrayBuffer* buffer)
{
if (m_arrayBuffers.addReference(cell, buffer)) {
collectIfNecessaryOrDefer();
didAllocate(buffer->gcSizeEstimateInBytes());
}
}
template<typename CellType, typename CellSet>
void Heap::finalizeMarkedUnconditionalFinalizers(CellSet& cellSet)
{
cellSet.forEachMarkedCell(
[&] (HeapCell* cell, HeapCell::Kind) {
static_cast<CellType*>(cell)->finalizeUnconditionally(vm());
});
}
void Heap::finalizeUnconditionalFinalizers()
{
VM& vm = this->vm();
vm.builtinExecutables()->finalizeUnconditionally();
{
// We run this before CodeBlock's unconditional finalizer since CodeBlock looks at the owner executable's installed CodeBlock in its finalizeUnconditionally.
// FunctionExecutable requires all live instances to run finalizers. Thus, we do not use finalizer set.
finalizeMarkedUnconditionalFinalizers<FunctionExecutable>(functionExecutableSpaceAndSet.space);
finalizeMarkedUnconditionalFinalizers<ProgramExecutable>(programExecutableSpaceAndSet.finalizerSet);
if (m_evalExecutableSpace)
finalizeMarkedUnconditionalFinalizers<EvalExecutable>(m_evalExecutableSpace->finalizerSet);
if (m_moduleProgramExecutableSpace)
finalizeMarkedUnconditionalFinalizers<ModuleProgramExecutable>(m_moduleProgramExecutableSpace->finalizerSet);
}
finalizeMarkedUnconditionalFinalizers<SymbolTable>(symbolTableSpace);
forEachCodeBlockSpace(
[&] (auto& space) {
this->finalizeMarkedUnconditionalFinalizers<CodeBlock>(space.set);
});
finalizeMarkedUnconditionalFinalizers<StructureRareData>(structureRareDataSpace);
finalizeMarkedUnconditionalFinalizers<UnlinkedFunctionExecutable>(unlinkedFunctionExecutableSpaceAndSet.set);
if (m_weakSetSpace)
finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*m_weakSetSpace);
if (m_weakMapSpace)
finalizeMarkedUnconditionalFinalizers<JSWeakMap>(*m_weakMapSpace);
if (m_weakObjectRefSpace)
finalizeMarkedUnconditionalFinalizers<JSWeakObjectRef>(*m_weakObjectRefSpace);
if (m_errorInstanceSpace)
finalizeMarkedUnconditionalFinalizers<ErrorInstance>(*m_errorInstanceSpace);
// FinalizationRegistries currently rely on serial finalization because they can post tasks to the deferredWorkTimer, which normally expects tasks to only be posted by the API lock holder.
if (m_finalizationRegistrySpace)
finalizeMarkedUnconditionalFinalizers<JSFinalizationRegistry>(*m_finalizationRegistrySpace);
#if ENABLE(WEBASSEMBLY)
if (m_webAssemblyModuleSpace)
finalizeMarkedUnconditionalFinalizers<JSWebAssemblyModule>(*m_webAssemblyModuleSpace);
#endif
}
void Heap::willStartIterating()
{
m_objectSpace.willStartIterating();
}
void Heap::didFinishIterating()
{
m_objectSpace.didFinishIterating();
}
void Heap::completeAllJITPlans()
{
if (!Options::useJIT())
return;
#if ENABLE(JIT)
JITWorklist::ensureGlobalWorklist().completeAllPlansForVM(vm());
#endif // ENABLE(JIT)
}
template<typename Visitor>
void Heap::iterateExecutingAndCompilingCodeBlocks(Visitor& visitor, const Function<void(CodeBlock*)>& func)
{
m_codeBlocks->iterateCurrentlyExecuting(func);
#if ENABLE(JIT)
if (Options::useJIT())
JITWorklist::ensureGlobalWorklist().iterateCodeBlocksForGC(visitor, vm(), func);
#else
UNUSED_PARAM(visitor);
#endif // ENABLE(JIT)
}
template<typename Func, typename Visitor>
void Heap::iterateExecutingAndCompilingCodeBlocksWithoutHoldingLocks(Visitor& visitor, const Func& func)
{
Vector<CodeBlock*, 256> codeBlocks;
iterateExecutingAndCompilingCodeBlocks(visitor,
[&] (CodeBlock* codeBlock) {
codeBlocks.append(codeBlock);
});
for (CodeBlock* codeBlock : codeBlocks)
func(codeBlock);
}
void Heap::assertMarkStacksEmpty()
{
bool ok = true;
if (!m_sharedCollectorMarkStack->isEmpty()) {
dataLog("FATAL: Shared collector mark stack not empty! It has ", m_sharedCollectorMarkStack->size(), " elements.\n");
ok = false;
}
if (!m_sharedMutatorMarkStack->isEmpty()) {
dataLog("FATAL: Shared mutator mark stack not empty! It has ", m_sharedMutatorMarkStack->size(), " elements.\n");
ok = false;
}
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
if (visitor.isEmpty())
return;
dataLog("FATAL: Visitor ", RawPointer(&visitor), " is not empty!\n");
ok = false;
});
RELEASE_ASSERT(ok);
}
void Heap::gatherStackRoots(ConservativeRoots& roots)
{
m_machineThreads->gatherConservativeRoots(roots, *m_jitStubRoutines, *m_codeBlocks, m_currentThreadState, m_currentThread);
}
void Heap::gatherJSStackRoots(ConservativeRoots& roots)
{
#if ENABLE(C_LOOP)
vm().interpreter->cloopStack().gatherConservativeRoots(roots, *m_jitStubRoutines, *m_codeBlocks);
#else
UNUSED_PARAM(roots);
#endif
}
void Heap::gatherScratchBufferRoots(ConservativeRoots& roots)
{
#if ENABLE(DFG_JIT)
if (!Options::useJIT())
return;
VM& vm = this->vm();
vm.gatherScratchBufferRoots(roots);
vm.scanSideState(roots);
#else
UNUSED_PARAM(roots);
#endif
}
void Heap::beginMarking()
{
TimingScope timingScope(*this, "Heap::beginMarking");
m_jitStubRoutines->clearMarks();
m_objectSpace.beginMarking();
setMutatorShouldBeFenced(true);
}
void Heap::removeDeadCompilerWorklistEntries()
{
if (!Options::useJIT())
return;
#if ENABLE(JIT)
JITWorklist::ensureGlobalWorklist().removeDeadPlans(vm());
#endif // ENABLE(JIT)
}
struct GatherExtraHeapData : MarkedBlock::CountFunctor {
GatherExtraHeapData(HeapAnalyzer& analyzer)
: m_analyzer(analyzer)
{
}
IterationStatus operator()(HeapCell* heapCell, HeapCell::Kind kind) const
{
if (isJSCellKind(kind)) {
JSCell* cell = static_cast<JSCell*>(heapCell);
cell->methodTable()->analyzeHeap(cell, m_analyzer);
}
return IterationStatus::Continue;
}
HeapAnalyzer& m_analyzer;
};
void Heap::gatherExtraHeapData(HeapProfiler& heapProfiler)
{
if (auto* analyzer = heapProfiler.activeHeapAnalyzer()) {
HeapIterationScope heapIterationScope(*this);
GatherExtraHeapData functor(*analyzer);
m_objectSpace.forEachLiveCell(heapIterationScope, functor);
}
}
struct RemoveDeadHeapSnapshotNodes : MarkedBlock::CountFunctor {
RemoveDeadHeapSnapshotNodes(HeapSnapshot& snapshot)
: m_snapshot(snapshot)
{
}
IterationStatus operator()(HeapCell* cell, HeapCell::Kind kind) const
{
if (isJSCellKind(kind))
m_snapshot.sweepCell(static_cast<JSCell*>(cell));
return IterationStatus::Continue;
}
HeapSnapshot& m_snapshot;
};
void Heap::removeDeadHeapSnapshotNodes(HeapProfiler& heapProfiler)
{
if (HeapSnapshot* snapshot = heapProfiler.mostRecentSnapshot()) {
HeapIterationScope heapIterationScope(*this);
RemoveDeadHeapSnapshotNodes functor(*snapshot);
m_objectSpace.forEachDeadCell(heapIterationScope, functor);
snapshot->shrinkToFit();
}
}
void Heap::updateObjectCounts()
{
if (m_collectionScope && m_collectionScope.value() == CollectionScope::Full)
m_totalBytesVisited = 0;
m_totalBytesVisitedThisCycle = bytesVisited();
m_totalBytesVisited += m_totalBytesVisitedThisCycle;
}
void Heap::endMarking()
{
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitor.reset();
});
assertMarkStacksEmpty();
RELEASE_ASSERT(m_raceMarkStack->isEmpty());
m_objectSpace.endMarking();
setMutatorShouldBeFenced(Options::forceFencedBarrier());
}
size_t Heap::objectCount()
{
return m_objectSpace.objectCount();
}
size_t Heap::extraMemorySize()
{
// FIXME: Change this to use SaturatedArithmetic when available.
// https://bugs.webkit.org/show_bug.cgi?id=170411
CheckedSize checkedTotal = m_extraMemorySize;
checkedTotal += m_deprecatedExtraMemorySize;
checkedTotal += m_arrayBuffers.size();
size_t total = UNLIKELY(checkedTotal.hasOverflowed()) ? std::numeric_limits<size_t>::max() : checkedTotal.value();
ASSERT(m_objectSpace.capacity() >= m_objectSpace.size());
return std::min(total, std::numeric_limits<size_t>::max() - m_objectSpace.capacity());
}
size_t Heap::size()
{
return m_objectSpace.size() + extraMemorySize();
}
size_t Heap::capacity()
{
return m_objectSpace.capacity() + extraMemorySize();
}
size_t Heap::protectedGlobalObjectCount()
{
size_t result = 0;
forEachProtectedCell(
[&] (JSCell* cell) {
if (cell->isObject() && asObject(cell)->isGlobalObject())
result++;
});
return result;
}
size_t Heap::globalObjectCount()
{
HeapIterationScope iterationScope(*this);
size_t result = 0;
m_objectSpace.forEachLiveCell(
iterationScope,
[&] (HeapCell* heapCell, HeapCell::Kind kind) -> IterationStatus {
if (!isJSCellKind(kind))
return IterationStatus::Continue;
JSCell* cell = static_cast<JSCell*>(heapCell);
if (cell->isObject() && asObject(cell)->isGlobalObject())
result++;
return IterationStatus::Continue;
});
return result;
}
size_t Heap::protectedObjectCount()
{
size_t result = 0;
forEachProtectedCell(
[&] (JSCell*) {
result++;
});
return result;
}
std::unique_ptr<TypeCountSet> Heap::protectedObjectTypeCounts()
{
std::unique_ptr<TypeCountSet> result = makeUnique<TypeCountSet>();
forEachProtectedCell(
[&] (JSCell* cell) {
recordType(*result, cell);
});
return result;
}
std::unique_ptr<TypeCountSet> Heap::objectTypeCounts()
{
std::unique_ptr<TypeCountSet> result = makeUnique<TypeCountSet>();
HeapIterationScope iterationScope(*this);
m_objectSpace.forEachLiveCell(
iterationScope,
[&] (HeapCell* cell, HeapCell::Kind kind) -> IterationStatus {
if (isJSCellKind(kind))
recordType(*result, static_cast<JSCell*>(cell));
return IterationStatus::Continue;
});
return result;
}
void Heap::deleteAllCodeBlocks(DeleteAllCodeEffort effort)
{
if (m_collectionScope && effort == DeleteAllCodeIfNotCollecting)
return;
VM& vm = this->vm();
PreventCollectionScope preventCollectionScope(*this);
// If JavaScript is running, it's not safe to delete all JavaScript code, since
// we'll end up returning to deleted code.
RELEASE_ASSERT(!vm.entryScope);
RELEASE_ASSERT(!m_collectionScope);
completeAllJITPlans();
forEachScriptExecutableSpace(
[&] (auto& spaceAndSet) {
HeapIterationScope heapIterationScope(*this);
auto& set = spaceAndSet.clearableCodeSet;
set.forEachLiveCell(
[&] (HeapCell* cell, HeapCell::Kind) {
ScriptExecutable* executable = static_cast<ScriptExecutable*>(cell);
executable->clearCode(set);
});
});
#if ENABLE(WEBASSEMBLY)
{
// We must ensure that we clear the JS call ICs from Wasm. Otherwise, Wasm will
// have no idea that we cleared the code from all of the Executables in the
// VM. This could leave Wasm in an inconsistent state where it has an IC that
// points into a CodeBlock that could be dead. The IC will still succeed because
// it uses a callee check, but then it will call into dead code.
HeapIterationScope heapIterationScope(*this);
if (m_webAssemblyModuleSpace) {
m_webAssemblyModuleSpace->forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) {
ASSERT_UNUSED(kind, kind == HeapCell::JSCell);
static_cast<JSWebAssemblyModule*>(cell)->clearJSCallICs(vm);
});
}
}
#endif
}
void Heap::deleteAllUnlinkedCodeBlocks(DeleteAllCodeEffort effort)
{
if (m_collectionScope && effort == DeleteAllCodeIfNotCollecting)
return;
VM& vm = this->vm();
PreventCollectionScope preventCollectionScope(*this);
RELEASE_ASSERT(!m_collectionScope);
HeapIterationScope heapIterationScope(*this);
unlinkedFunctionExecutableSpaceAndSet.set.forEachLiveCell(
[&] (HeapCell* cell, HeapCell::Kind) {
UnlinkedFunctionExecutable* executable = static_cast<UnlinkedFunctionExecutable*>(cell);
executable->clearCode(vm);
});
}
void Heap::deleteUnmarkedCompiledCode()
{
forEachScriptExecutableSpace([] (auto& space) { space.space.sweep(); });
// Sweeping must occur before deleting stubs, otherwise the stubs might still think they're alive as they get deleted.
// And CodeBlock destructor is assuming that CodeBlock gets destroyed before UnlinkedCodeBlock gets destroyed.
forEachCodeBlockSpace([] (auto& space) { space.space.sweep(); });
m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines();
}
void Heap::addToRememberedSet(const JSCell* constCell)
{
JSCell* cell = const_cast<JSCell*>(constCell);
ASSERT(cell);
ASSERT(!Options::useConcurrentJIT() || !isCompilationThread());
m_barriersExecuted++;
if (m_mutatorShouldBeFenced) {
WTF::loadLoadFence();
if (!isMarked(cell)) {
// During a full collection a store into an unmarked object that had surivived past
// collections will manifest as a store to an unmarked PossiblyBlack object. If the
// object gets marked at some time after this then it will go down the normal marking
// path. So, we don't have to remember this object. We could return here. But we go
// further and attempt to re-white the object.
RELEASE_ASSERT(m_collectionScope && m_collectionScope.value() == CollectionScope::Full);
if (cell->atomicCompareExchangeCellStateStrong(CellState::PossiblyBlack, CellState::DefinitelyWhite) == CellState::PossiblyBlack) {
// Now we protect against this race:
//
// 1) Object starts out black + unmarked.
// --> We do isMarked here.
// 2) Object is marked and greyed.
// 3) Object is scanned and blacked.
// --> We do atomicCompareExchangeCellStateStrong here.
//
// In this case we would have made the object white again, even though it should
// be black. This check lets us correct our mistake. This relies on the fact that
// isMarked converges monotonically to true.
if (isMarked(cell)) {
// It's difficult to work out whether the object should be grey or black at
// this point. We say black conservatively.
cell->setCellState(CellState::PossiblyBlack);
}
// Either way, we can return. Most likely, the object was not marked, and so the
// object is now labeled white. This means that future barrier executions will not
// fire. In the unlikely event that the object had become marked, we can still
// return anyway, since we proved that the object was not marked at the time that
// we executed this slow path.
}
return;
}
} else
ASSERT(isMarked(cell));
// It could be that the object was *just* marked. This means that the collector may set the
// state to DefinitelyGrey and then to PossiblyOldOrBlack at any time. It's OK for us to
// race with the collector here. If we win then this is accurate because the object _will_
// get scanned again. If we lose then someone else will barrier the object again. That would
// be unfortunate but not the end of the world.
cell->setCellState(CellState::PossiblyGrey);
m_mutatorMarkStack->append(cell);
}
void Heap::sweepSynchronously()
{
MonotonicTime before { };
if (UNLIKELY(Options::logGC())) {
dataLog("Full sweep: ", capacity() / 1024, "kb ");
before = MonotonicTime::now();
}
m_objectSpace.sweepBlocks();
m_objectSpace.shrink();
if (UNLIKELY(Options::logGC())) {
MonotonicTime after = MonotonicTime::now();
dataLog("=> ", capacity() / 1024, "kb, ", (after - before).milliseconds(), "ms");
}
}
void Heap::collect(Synchronousness synchronousness, GCRequest request)
{
switch (synchronousness) {
case Async:
collectAsync(request);
return;
case Sync:
collectSync(request);
return;
}
RELEASE_ASSERT_NOT_REACHED();
}
void Heap::collectNow(Synchronousness synchronousness, GCRequest request)
{
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
switch (synchronousness) {
case Async: {
collectAsync(request);
stopIfNecessary();
return;
}
case Sync: {
collectSync(request);
DeferGCForAWhile deferGC(vm());
if (UNLIKELY(Options::useImmortalObjects()))
sweeper().stopSweeping();
bool alreadySweptInCollectSync = shouldSweepSynchronously();
if (!alreadySweptInCollectSync) {
dataLogIf(Options::logGC(), "[GC<", RawPointer(this), ">: ");
sweepSynchronously();
dataLogIf(Options::logGC(), "]\n");
}
m_objectSpace.assertNoUnswept();
sweepAllLogicallyEmptyWeakBlocks();
return;
} }
RELEASE_ASSERT_NOT_REACHED();
}
void Heap::collectAsync(GCRequest request)
{
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
if (!m_isSafeToCollect)
return;
bool alreadyRequested = false;
{
Locker locker { *m_threadLock };
for (const GCRequest& previousRequest : m_requests) {
if (request.subsumedBy(previousRequest)) {
alreadyRequested = true;
break;
}
}
}
if (alreadyRequested)
return;
requestCollection(request);
}
void Heap::collectSync(GCRequest request)
{
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
if (!m_isSafeToCollect)
return;
waitForCollection(requestCollection(request));
}
bool Heap::shouldCollectInCollectorThread(const AbstractLocker&)
{
RELEASE_ASSERT(m_requests.isEmpty() == (m_lastServedTicket == m_lastGrantedTicket));
RELEASE_ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
if (false)
dataLog("Mutator has the conn = ", !!(m_worldState.load() & mutatorHasConnBit), "\n");
return !m_requests.isEmpty() && !(m_worldState.load() & mutatorHasConnBit);
}
void Heap::collectInCollectorThread()
{
for (;;) {
RunCurrentPhaseResult result = runCurrentPhase(GCConductor::Collector, nullptr);
switch (result) {
case RunCurrentPhaseResult::Finished:
return;
case RunCurrentPhaseResult::Continue:
break;
case RunCurrentPhaseResult::NeedCurrentThreadState:
RELEASE_ASSERT_NOT_REACHED();
break;
}
}
}
ALWAYS_INLINE int asInt(CollectorPhase phase)
{
return static_cast<int>(phase);
}
void Heap::checkConn(GCConductor conn)
{
unsigned worldState = m_worldState.load();
switch (conn) {
case GCConductor::Mutator:
RELEASE_ASSERT(worldState & mutatorHasConnBit, worldState, asInt(m_lastPhase), asInt(m_currentPhase), asInt(m_nextPhase), vm().id(), VM::numberOfIDs(), vm().isEntered());
return;
case GCConductor::Collector:
RELEASE_ASSERT(!(worldState & mutatorHasConnBit), worldState, asInt(m_lastPhase), asInt(m_currentPhase), asInt(m_nextPhase), vm().id(), VM::numberOfIDs(), vm().isEntered());
return;
}
RELEASE_ASSERT_NOT_REACHED();
}
auto Heap::runCurrentPhase(GCConductor conn, CurrentThreadState* currentThreadState) -> RunCurrentPhaseResult
{
checkConn(conn);
m_currentThreadState = currentThreadState;
m_currentThread = &Thread::current();
if (conn == GCConductor::Mutator)
sanitizeStackForVM(vm());
// If the collector transfers the conn to the mutator, it leaves us in between phases.
if (!finishChangingPhase(conn)) {
// A mischevious mutator could repeatedly relinquish the conn back to us. We try to avoid doing
// this, but it's probably not the end of the world if it did happen.
if (false)
dataLog("Conn bounce-back.\n");
return RunCurrentPhaseResult::Finished;
}
bool result = false;
switch (m_currentPhase) {
case CollectorPhase::NotRunning:
result = runNotRunningPhase(conn);
break;
case CollectorPhase::Begin:
result = runBeginPhase(conn);
break;
case CollectorPhase::Fixpoint:
if (!currentThreadState && conn == GCConductor::Mutator)
return RunCurrentPhaseResult::NeedCurrentThreadState;
result = runFixpointPhase(conn);
break;
case CollectorPhase::Concurrent:
result = runConcurrentPhase(conn);
break;
case CollectorPhase::Reloop:
result = runReloopPhase(conn);
break;
case CollectorPhase::End:
result = runEndPhase(conn);
break;
}
return result ? RunCurrentPhaseResult::Continue : RunCurrentPhaseResult::Finished;
}
NEVER_INLINE bool Heap::runNotRunningPhase(GCConductor conn)
{
// Check m_requests since the mutator calls this to poll what's going on.
{
Locker locker { *m_threadLock };
if (m_requests.isEmpty())
return false;
}
return changePhase(conn, CollectorPhase::Begin);
}
NEVER_INLINE bool Heap::runBeginPhase(GCConductor conn)
{
m_currentGCStartTime = MonotonicTime::now();
{
Locker locker { *m_threadLock };
RELEASE_ASSERT(!m_requests.isEmpty());
m_currentRequest = m_requests.first();
}
dataLogIf(Options::logGC(), "[GC<", RawPointer(this), ">: START ", gcConductorShortName(conn), " ", capacity() / 1024, "kb ");
m_beforeGC = MonotonicTime::now();
if (!Options::seedOfVMRandomForFuzzer())
vm().random().setSeed(cryptographicallyRandomNumber());
if (m_collectionScope) {
dataLogLn("Collection scope already set during GC: ", *m_collectionScope);
RELEASE_ASSERT_NOT_REACHED();
}
willStartCollection();
if (UNLIKELY(m_verifier)) {
// Verify that live objects from the last GC cycle haven't been corrupted by
// mutators before we begin this new GC cycle.
m_verifier->verify(HeapVerifier::Phase::BeforeGC);
m_verifier->startGC();
m_verifier->gatherLiveCells(HeapVerifier::Phase::BeforeMarking);
}
prepareForMarking();
if (m_collectionScope && m_collectionScope.value() == CollectionScope::Full) {
m_opaqueRoots.clear();
m_collectorSlotVisitor->clearMarkStacks();
m_mutatorMarkStack->clear();
}
RELEASE_ASSERT(m_raceMarkStack->isEmpty());
beginMarking();
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitor.didStartMarking();
});
m_parallelMarkersShouldExit = false;
m_helperClient.setFunction(
[this] () {
SlotVisitor* visitor;
{
Locker locker { m_parallelSlotVisitorLock };
RELEASE_ASSERT_WITH_MESSAGE(!m_availableParallelSlotVisitors.isEmpty(), "Parallel SlotVisitors are allocated apriori");
visitor = m_availableParallelSlotVisitors.takeLast();
}
Thread::registerGCThread(GCThreadType::Helper);
{
ParallelModeEnabler parallelModeEnabler(*visitor);
visitor->drainFromShared(SlotVisitor::HelperDrain);
}
{
Locker locker { m_parallelSlotVisitorLock };
m_availableParallelSlotVisitors.append(visitor);
}
});
SlotVisitor& visitor = *m_collectorSlotVisitor;
m_constraintSet->didStartMarking();
m_scheduler->beginCollection();
if (UNLIKELY(Options::logGC()))
m_scheduler->log();
// After this, we will almost certainly fall through all of the "visitor.isEmpty()"
// checks because bootstrap would have put things into the visitor. So, we should fall
// through to draining.
if (!visitor.didReachTermination()) {
dataLog("Fatal: SlotVisitor should think that GC should terminate before constraint solving, but it does not think this.\n");
dataLog("visitor.isEmpty(): ", visitor.isEmpty(), "\n");
dataLog("visitor.collectorMarkStack().isEmpty(): ", visitor.collectorMarkStack().isEmpty(), "\n");
dataLog("visitor.mutatorMarkStack().isEmpty(): ", visitor.mutatorMarkStack().isEmpty(), "\n");
dataLog("m_numberOfActiveParallelMarkers: ", m_numberOfActiveParallelMarkers, "\n");
dataLog("m_sharedCollectorMarkStack->isEmpty(): ", m_sharedCollectorMarkStack->isEmpty(), "\n");
dataLog("m_sharedMutatorMarkStack->isEmpty(): ", m_sharedMutatorMarkStack->isEmpty(), "\n");
dataLog("visitor.didReachTermination(): ", visitor.didReachTermination(), "\n");
RELEASE_ASSERT_NOT_REACHED();
}
return changePhase(conn, CollectorPhase::Fixpoint);
}
NEVER_INLINE bool Heap::runFixpointPhase(GCConductor conn)
{
RELEASE_ASSERT(conn == GCConductor::Collector || m_currentThreadState);
SlotVisitor& visitor = *m_collectorSlotVisitor;
if (UNLIKELY(Options::logGC())) {
HashMap<const char*, size_t> visitMap;
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitMap.add(visitor.codeName(), visitor.bytesVisited() / 1024);
});
auto perVisitorDump = sortedMapDump(
visitMap,
[] (const char* a, const char* b) -> bool {
return strcmp(a, b) < 0;
},
":", " ");
dataLog("v=", bytesVisited() / 1024, "kb (", perVisitorDump, ") o=", m_opaqueRoots.size(), " b=", m_barriersExecuted, " ");
}
if (visitor.didReachTermination()) {
m_opaqueRoots.deleteOldTables();
m_scheduler->didReachTermination();
assertMarkStacksEmpty();
// FIXME: Take m_mutatorDidRun into account when scheduling constraints. Most likely,
// we don't have to execute root constraints again unless the mutator did run. At a
// minimum, we could use this for work estimates - but it's probably more than just an
// estimate.
// https://bugs.webkit.org/show_bug.cgi?id=166828
// Wondering what this does? Look at Heap::addCoreConstraints(). The DOM and others can also
// add their own using Heap::addMarkingConstraint().
bool converged = m_constraintSet->executeConvergence(visitor);
// FIXME: The visitor.isEmpty() check is most likely not needed.
// https://bugs.webkit.org/show_bug.cgi?id=180310
if (converged && visitor.isEmpty()) {
assertMarkStacksEmpty();
return changePhase(conn, CollectorPhase::End);
}
m_scheduler->didExecuteConstraints();
}
dataLogIf(Options::logGC(), visitor.collectorMarkStack().size(), "+", m_mutatorMarkStack->size() + visitor.mutatorMarkStack().size(), " ");
{
ParallelModeEnabler enabler(visitor);
visitor.drainInParallel(m_scheduler->timeToResume());
}
m_scheduler->synchronousDrainingDidStall();
// This is kinda tricky. The termination check looks at:
//
// - Whether the marking threads are active. If they are not, this means that the marking threads'
// SlotVisitors are empty.
// - Whether the collector's slot visitor is empty.
// - Whether the shared mark stacks are empty.
//
// This doesn't have to check the mutator SlotVisitor because that one becomes empty after every GC
// work increment, so it must be empty now.
if (visitor.didReachTermination())
return true; // This is like relooping to the top of runFixpointPhase().
if (!m_scheduler->shouldResume())
return true;
m_scheduler->willResume();
if (UNLIKELY(Options::logGC())) {
double thisPauseMS = (MonotonicTime::now() - m_stopTime).milliseconds();
dataLog("p=", thisPauseMS, "ms (max ", maxPauseMS(thisPauseMS), ")...]\n");
}
// Forgive the mutator for its past failures to keep up.
// FIXME: Figure out if moving this to different places results in perf changes.
m_incrementBalance = 0;
return changePhase(conn, CollectorPhase::Concurrent);
}
NEVER_INLINE bool Heap::runConcurrentPhase(GCConductor conn)
{
SlotVisitor& visitor = *m_collectorSlotVisitor;
switch (conn) {
case GCConductor::Mutator: {
// When the mutator has the conn, we poll runConcurrentPhase() on every time someone says
// stopIfNecessary(), so on every allocation slow path. When that happens we poll if it's time
// to stop and do some work.
if (visitor.didReachTermination()
|| m_scheduler->shouldStop())
return changePhase(conn, CollectorPhase::Reloop);
// We could be coming from a collector phase that stuffed our SlotVisitor, so make sure we donate
// everything. This is super cheap if the SlotVisitor is already empty.
visitor.donateAll();
return false;
}
case GCConductor::Collector: {
{
ParallelModeEnabler enabler(visitor);
visitor.drainInParallelPassively(m_scheduler->timeToStop());
}
return changePhase(conn, CollectorPhase::Reloop);
} }
RELEASE_ASSERT_NOT_REACHED();
return false;
}
NEVER_INLINE bool Heap::runReloopPhase(GCConductor conn)
{
dataLogIf(Options::logGC(), "[GC<", RawPointer(this), ">: ", gcConductorShortName(conn), " ");
m_scheduler->didStop();
if (UNLIKELY(Options::logGC()))
m_scheduler->log();
return changePhase(conn, CollectorPhase::Fixpoint);
}
NEVER_INLINE bool Heap::runEndPhase(GCConductor conn)
{
m_scheduler->endCollection();
{
Locker locker { m_markingMutex };
m_parallelMarkersShouldExit = true;
m_markingConditionVariable.notifyAll();
}
m_helperClient.finish();
ASSERT(m_mutatorMarkStack->isEmpty());
ASSERT(m_raceMarkStack->isEmpty());
SlotVisitor& visitor = *m_collectorSlotVisitor;
iterateExecutingAndCompilingCodeBlocks(visitor,
[&] (CodeBlock* codeBlock) {
writeBarrier(codeBlock);
});
updateObjectCounts();
endMarking();
if (UNLIKELY(Options::verifyGC()))
verifyGC();
if (UNLIKELY(m_verifier)) {
m_verifier->gatherLiveCells(HeapVerifier::Phase::AfterMarking);
m_verifier->verify(HeapVerifier::Phase::AfterMarking);
}
{
auto* previous = Thread::current().setCurrentAtomStringTable(nullptr);
auto scopeExit = makeScopeExit([&] {
Thread::current().setCurrentAtomStringTable(previous);
});
if (vm().typeProfiler())
vm().typeProfiler()->invalidateTypeSetCache(vm());
reapWeakHandles();
pruneStaleEntriesFromWeakGCHashTables();
sweepArrayBuffers();
snapshotUnswept();
finalizeUnconditionalFinalizers(); // We rely on these unconditional finalizers running before clearCurrentlyExecuting since CodeBlock's finalizer relies on querying currently executing.
removeDeadCompilerWorklistEntries();
}
notifyIncrementalSweeper();
m_codeBlocks->iterateCurrentlyExecuting(
[&] (CodeBlock* codeBlock) {
writeBarrier(codeBlock);
});
m_codeBlocks->clearCurrentlyExecuting();
m_objectSpace.prepareForAllocation();
updateAllocationLimits();
if (UNLIKELY(m_verifier)) {
m_verifier->trimDeadCells();
m_verifier->verify(HeapVerifier::Phase::AfterGC);
}
didFinishCollection();
if (m_currentRequest.didFinishEndPhase)
m_currentRequest.didFinishEndPhase->run();
if (false) {
dataLog("Heap state after GC:\n");
m_objectSpace.dumpBits();
}
if (UNLIKELY(Options::logGC())) {
double thisPauseMS = (m_afterGC - m_stopTime).milliseconds();
dataLog("p=", thisPauseMS, "ms (max ", maxPauseMS(thisPauseMS), "), cycle ", (m_afterGC - m_beforeGC).milliseconds(), "ms END]\n");
}
{
Locker locker { *m_threadLock };
m_requests.removeFirst();
m_lastServedTicket++;
clearMutatorWaiting();
}
ParkingLot::unparkAll(&m_worldState);
dataLogLnIf(Options::logGC(), "GC END!");
setNeedFinalize();
m_lastGCStartTime = m_currentGCStartTime;
m_lastGCEndTime = MonotonicTime::now();
m_totalGCTime += m_lastGCEndTime - m_lastGCStartTime;
return changePhase(conn, CollectorPhase::NotRunning);
}
bool Heap::changePhase(GCConductor conn, CollectorPhase nextPhase)
{
checkConn(conn);
m_lastPhase = m_currentPhase;
m_nextPhase = nextPhase;
return finishChangingPhase(conn);
}
NEVER_INLINE bool Heap::finishChangingPhase(GCConductor conn)
{
checkConn(conn);
if (m_nextPhase == m_currentPhase)
return true;
if (false)
dataLog(conn, ": Going to phase: ", m_nextPhase, " (from ", m_currentPhase, ")\n");
m_phaseVersion++;
bool suspendedBefore = worldShouldBeSuspended(m_currentPhase);
bool suspendedAfter = worldShouldBeSuspended(m_nextPhase);
if (suspendedBefore != suspendedAfter) {
if (suspendedBefore) {
RELEASE_ASSERT(!suspendedAfter);
resumeThePeriphery();
if (conn == GCConductor::Collector)
resumeTheMutator();
else
handleNeedFinalize();
} else {
RELEASE_ASSERT(!suspendedBefore);
RELEASE_ASSERT(suspendedAfter);
if (conn == GCConductor::Collector) {
waitWhileNeedFinalize();
if (!stopTheMutator()) {
if (false)
dataLog("Returning false.\n");
return false;
}
} else {
sanitizeStackForVM(vm());
handleNeedFinalize();
}
stopThePeriphery(conn);
}
}
m_currentPhase = m_nextPhase;
return true;
}
void Heap::stopThePeriphery(GCConductor conn)
{
if (m_worldIsStopped) {
dataLog("FATAL: world already stopped.\n");
RELEASE_ASSERT_NOT_REACHED();
}
if (m_mutatorDidRun)
m_mutatorExecutionVersion++;
m_mutatorDidRun = false;
suspendCompilerThreads();
m_worldIsStopped = true;
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitor.updateMutatorIsStopped(NoLockingNecessary);
});
UNUSED_PARAM(conn);
if (auto* shadowChicken = vm().shadowChicken())
shadowChicken->update(vm(), vm().topCallFrame);
m_objectSpace.stopAllocating();
m_stopTime = MonotonicTime::now();
}
NEVER_INLINE void Heap::resumeThePeriphery()
{
// Calling resumeAllocating does the Right Thing depending on whether this is the end of a
// collection cycle or this is just a concurrent phase within a collection cycle:
// - At end of collection cycle: it's a no-op because prepareForAllocation already cleared the
// last active block.
// - During collection cycle: it reinstates the last active block.
m_objectSpace.resumeAllocating();
m_barriersExecuted = 0;
if (!m_worldIsStopped) {
dataLog("Fatal: collector does not believe that the world is stopped.\n");
RELEASE_ASSERT_NOT_REACHED();
}
m_worldIsStopped = false;
// FIXME: This could be vastly improved: we want to grab the locks in the order in which they
// become available. We basically want a lockAny() method that will lock whatever lock is available
// and tell you which one it locked. That would require teaching ParkingLot how to park on multiple
// queues at once, which is totally achievable - it would just require memory allocation, which is
// suboptimal but not a disaster. Alternatively, we could replace the SlotVisitor rightToRun lock
// with a DLG-style handshake mechanism, but that seems not as general.
Vector<SlotVisitor*, 8> visitorsToUpdate;
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
visitorsToUpdate.append(&visitor);
});
for (unsigned countdown = 40; !visitorsToUpdate.isEmpty() && countdown--;) {
for (unsigned index = 0; index < visitorsToUpdate.size(); ++index) {
SlotVisitor& visitor = *visitorsToUpdate[index];
bool remove = false;
if (visitor.hasAcknowledgedThatTheMutatorIsResumed())
remove = true;
else if (visitor.rightToRun().tryLock()) {
Locker locker { AdoptLock, visitor.rightToRun() };
visitor.updateMutatorIsStopped(locker);
remove = true;
}
if (remove) {
visitorsToUpdate[index--] = visitorsToUpdate.last();
visitorsToUpdate.takeLast();
}
}
Thread::yield();
}
for (SlotVisitor* visitor : visitorsToUpdate)
visitor->updateMutatorIsStopped();
resumeCompilerThreads();
}
bool Heap::stopTheMutator()
{
for (;;) {
unsigned oldState = m_worldState.load();
if (oldState & stoppedBit) {
RELEASE_ASSERT(!(oldState & hasAccessBit));
RELEASE_ASSERT(!(oldState & mutatorWaitingBit));
RELEASE_ASSERT(!(oldState & mutatorHasConnBit));
return true;
}
if (oldState & mutatorHasConnBit) {
RELEASE_ASSERT(!(oldState & hasAccessBit));
RELEASE_ASSERT(!(oldState & stoppedBit));
return false;
}
if (!(oldState & hasAccessBit)) {
RELEASE_ASSERT(!(oldState & mutatorHasConnBit));
RELEASE_ASSERT(!(oldState & mutatorWaitingBit));
// We can stop the world instantly.
if (m_worldState.compareExchangeWeak(oldState, oldState | stoppedBit))
return true;
continue;
}
// Transfer the conn to the mutator and bail.
RELEASE_ASSERT(oldState & hasAccessBit);
RELEASE_ASSERT(!(oldState & stoppedBit));
unsigned newState = (oldState | mutatorHasConnBit) & ~mutatorWaitingBit;
if (m_worldState.compareExchangeWeak(oldState, newState)) {
if (false)
dataLog("Handed off the conn.\n");
m_stopIfNecessaryTimer->scheduleSoon();
ParkingLot::unparkAll(&m_worldState);
return false;
}
}
}
NEVER_INLINE void Heap::resumeTheMutator()
{
if (false)
dataLog("Resuming the mutator.\n");
for (;;) {
unsigned oldState = m_worldState.load();
if (!!(oldState & hasAccessBit) != !(oldState & stoppedBit)) {
dataLog("Fatal: hasAccess = ", !!(oldState & hasAccessBit), ", stopped = ", !!(oldState & stoppedBit), "\n");
RELEASE_ASSERT_NOT_REACHED();
}
if (oldState & mutatorHasConnBit) {
dataLog("Fatal: mutator has the conn.\n");
RELEASE_ASSERT_NOT_REACHED();
}
if (!(oldState & stoppedBit)) {
if (false)
dataLog("Returning because not stopped.\n");
return;
}
if (m_worldState.compareExchangeWeak(oldState, oldState & ~stoppedBit)) {
if (false)
dataLog("CASing and returning.\n");
ParkingLot::unparkAll(&m_worldState);
return;
}
}
}
void Heap::stopIfNecessarySlow()
{
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
while (stopIfNecessarySlow(m_worldState.load())) { }
RELEASE_ASSERT(m_worldState.load() & hasAccessBit);
RELEASE_ASSERT(!(m_worldState.load() & stoppedBit));
handleNeedFinalize();
m_mutatorDidRun = true;
}
bool Heap::stopIfNecessarySlow(unsigned oldState)
{
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
RELEASE_ASSERT(oldState & hasAccessBit);
RELEASE_ASSERT(!(oldState & stoppedBit));
// It's possible for us to wake up with finalization already requested but the world not yet
// resumed. If that happens, we can't run finalization yet.
if (handleNeedFinalize(oldState))
return true;
// FIXME: When entering the concurrent phase, we could arrange for this branch not to fire, and then
// have the SlotVisitor do things to the m_worldState to make this branch fire again. That would
// prevent us from polling this so much. Ideally, stopIfNecessary would ignore the mutatorHasConnBit
// and there would be some other bit indicating whether we were in some GC phase other than the
// NotRunning or Concurrent ones.
if (oldState & mutatorHasConnBit)
collectInMutatorThread();
return false;
}
NEVER_INLINE void Heap::collectInMutatorThread()
{
CollectingScope collectingScope(*this);
for (;;) {
RunCurrentPhaseResult result = runCurrentPhase(GCConductor::Mutator, nullptr);
switch (result) {
case RunCurrentPhaseResult::Finished:
return;
case RunCurrentPhaseResult::Continue:
break;
case RunCurrentPhaseResult::NeedCurrentThreadState:
sanitizeStackForVM(vm());
auto lambda = [&] (CurrentThreadState& state) {
for (;;) {
RunCurrentPhaseResult result = runCurrentPhase(GCConductor::Mutator, &state);
switch (result) {
case RunCurrentPhaseResult::Finished:
return;
case RunCurrentPhaseResult::Continue:
break;
case RunCurrentPhaseResult::NeedCurrentThreadState:
RELEASE_ASSERT_NOT_REACHED();
break;
}
}
};
callWithCurrentThreadState(scopedLambda<void(CurrentThreadState&)>(WTFMove(lambda)));
return;
}
}
}
template<typename Func>
void Heap::waitForCollector(const Func& func)
{
for (;;) {
bool done;
{
Locker locker { *m_threadLock };
done = func(locker);
if (!done) {
setMutatorWaiting();
// At this point, the collector knows that we intend to wait, and he will clear the
// waiting bit and then unparkAll when the GC cycle finishes. Clearing the bit
// prevents us from parking except if there is also stop-the-world. Unparking after
// clearing means that if the clearing happens after we park, then we will unpark.
}
}
// If we're in a stop-the-world scenario, we need to wait for that even if done is true.
unsigned oldState = m_worldState.load();
if (stopIfNecessarySlow(oldState))
continue;
m_mutatorDidRun = true;
// FIXME: We wouldn't need this if stopIfNecessarySlow() had a mode where it knew to just
// do the collection.
relinquishConn();
if (done) {
clearMutatorWaiting(); // Clean up just in case.
return;
}
// If mutatorWaitingBit is still set then we want to wait.
ParkingLot::compareAndPark(&m_worldState, oldState | mutatorWaitingBit);
}
}
void Heap::acquireAccessSlow()
{
for (;;) {
unsigned oldState = m_worldState.load();
RELEASE_ASSERT(!(oldState & hasAccessBit));
if (oldState & stoppedBit) {
if (verboseStop) {
dataLog("Stopping in acquireAccess!\n");
WTFReportBacktrace();
}
// Wait until we're not stopped anymore.
ParkingLot::compareAndPark(&m_worldState, oldState);
continue;
}
RELEASE_ASSERT(!(oldState & stoppedBit));
unsigned newState = oldState | hasAccessBit;
if (m_worldState.compareExchangeWeak(oldState, newState)) {
handleNeedFinalize();
m_mutatorDidRun = true;
stopIfNecessary();
return;
}
}
}
void Heap::releaseAccessSlow()
{
for (;;) {
unsigned oldState = m_worldState.load();
if (!(oldState & hasAccessBit)) {
dataLog("FATAL: Attempting to release access but the mutator does not have access.\n");
RELEASE_ASSERT_NOT_REACHED();
}
if (oldState & stoppedBit) {
dataLog("FATAL: Attempting to release access but the mutator is stopped.\n");
RELEASE_ASSERT_NOT_REACHED();
}
if (handleNeedFinalize(oldState))
continue;
unsigned newState = oldState & ~(hasAccessBit | mutatorHasConnBit);
if ((oldState & mutatorHasConnBit)
&& m_nextPhase != m_currentPhase) {
// This means that the collector thread had given us the conn so that we would do something
// for it. Stop ourselves as we release access. This ensures that acquireAccess blocks. In
// the meantime, since we're handing the conn over, the collector will be awoken and it is
// sure to have work to do.
newState |= stoppedBit;
}
if (m_worldState.compareExchangeWeak(oldState, newState)) {
if (oldState & mutatorHasConnBit)
finishRelinquishingConn();
return;
}
}
}
bool Heap::relinquishConn(unsigned oldState)
{
RELEASE_ASSERT(oldState & hasAccessBit);
RELEASE_ASSERT(!(oldState & stoppedBit));
if (!(oldState & mutatorHasConnBit))
return false; // Done.
if (m_threadShouldStop)
return false;
if (!m_worldState.compareExchangeWeak(oldState, oldState & ~mutatorHasConnBit))
return true; // Loop around.
finishRelinquishingConn();
return true;
}
void Heap::finishRelinquishingConn()
{
if (false)
dataLog("Relinquished the conn.\n");
sanitizeStackForVM(vm());
Locker locker { *m_threadLock };
if (!m_requests.isEmpty())
m_threadCondition->notifyOne(locker);
ParkingLot::unparkAll(&m_worldState);
}
void Heap::relinquishConn()
{
while (relinquishConn(m_worldState.load())) { }
}
NEVER_INLINE bool Heap::handleNeedFinalize(unsigned oldState)
{
RELEASE_ASSERT(oldState & hasAccessBit);
RELEASE_ASSERT(!(oldState & stoppedBit));
if (!(oldState & needFinalizeBit))
return false;
if (m_worldState.compareExchangeWeak(oldState, oldState & ~needFinalizeBit)) {
finalize();
// Wake up anyone waiting for us to finalize. Note that they may have woken up already, in
// which case they would be waiting for us to release heap access.
ParkingLot::unparkAll(&m_worldState);
return true;
}
return true;
}
void Heap::handleNeedFinalize()
{
while (handleNeedFinalize(m_worldState.load())) { }
}
void Heap::setNeedFinalize()
{
m_worldState.exchangeOr(needFinalizeBit);
ParkingLot::unparkAll(&m_worldState);
m_stopIfNecessaryTimer->scheduleSoon();
}
void Heap::waitWhileNeedFinalize()
{
for (;;) {
unsigned oldState = m_worldState.load();
if (!(oldState & needFinalizeBit)) {
// This means that either there was no finalize request or the main thread will finalize
// with heap access, so a subsequent call to stopTheWorld() will return only when
// finalize finishes.
return;
}
ParkingLot::compareAndPark(&m_worldState, oldState);
}
}
void Heap::setMutatorWaiting()
{
m_worldState.exchangeOr(mutatorWaitingBit);
}
void Heap::clearMutatorWaiting()
{
m_worldState.exchangeAnd(~mutatorWaitingBit);
}
void Heap::notifyThreadStopping(const AbstractLocker&)
{
clearMutatorWaiting();
ParkingLot::unparkAll(&m_worldState);
}
void Heap::finalize()
{
MonotonicTime before;
if (UNLIKELY(Options::logGC())) {
before = MonotonicTime::now();
dataLog("[GC<", RawPointer(this), ">: finalize ");
}
{
SweepingScope sweepingScope(*this);
deleteUnmarkedCompiledCode();
deleteSourceProviderCaches();
sweepInFinalize();
}
if (HasOwnPropertyCache* cache = vm().hasOwnPropertyCache())
cache->clear();
if (m_lastCollectionScope && m_lastCollectionScope.value() == CollectionScope::Full)
vm().jsonAtomStringCache.clear();
m_possiblyAccessedStringsFromConcurrentThreads.clear();
immutableButterflyToStringCache.clear();
for (const HeapFinalizerCallback& callback : m_heapFinalizerCallbacks)
callback.run(vm());
if (shouldSweepSynchronously())
sweepSynchronously();
if (UNLIKELY(Options::logGC())) {
MonotonicTime after = MonotonicTime::now();
dataLog((after - before).milliseconds(), "ms]\n");
}
}
Heap::Ticket Heap::requestCollection(GCRequest request)
{
stopIfNecessary();
ASSERT(vm().currentThreadIsHoldingAPILock());
RELEASE_ASSERT(vm().atomStringTable() == Thread::current().atomStringTable());
Locker locker { *m_threadLock };
// We may be able to steal the conn. That only works if the collector is definitely not running
// right now. This is an optimization that prevents the collector thread from ever starting in most
// cases.
ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
if ((m_lastServedTicket == m_lastGrantedTicket) && !m_collectorThreadIsRunning) {
if (false)
dataLog("Taking the conn.\n");
m_worldState.exchangeOr(mutatorHasConnBit);
}
m_requests.append(request);
m_lastGrantedTicket++;
if (!(m_worldState.load() & mutatorHasConnBit))
m_threadCondition->notifyOne(locker);
return m_lastGrantedTicket;
}
void Heap::waitForCollection(Ticket ticket)
{
waitForCollector(
[&] (const AbstractLocker&) -> bool {
return m_lastServedTicket >= ticket;
});
}
void Heap::sweepInFinalize()
{
m_objectSpace.sweepPreciseAllocations();
#if ENABLE(WEBASSEMBLY)
// We hold onto a lot of memory, so it makes a lot of sense to be swept eagerly.
if (m_webAssemblyMemorySpace)
m_webAssemblyMemorySpace->sweep();
#endif
}
void Heap::suspendCompilerThreads()
{
#if ENABLE(JIT)
// We ensure the worklists so that it's not possible for the mutator to start a new worklist
// after we have suspended the ones that he had started before. That's not very expensive since
// the worklists use AutomaticThreads anyway.
if (!Options::useJIT())
return;
JITWorklist::ensureGlobalWorklist().suspendAllThreads();
#endif
}
void Heap::willStartCollection()
{
if (UNLIKELY(Options::verifyGC())) {
m_verifierSlotVisitor = makeUnique<VerifierSlotVisitor>(*this);
ASSERT(!m_isMarkingForGCVerifier);
}
dataLogIf(Options::logGC(), "=> ");
if (shouldDoFullCollection()) {
m_collectionScope = CollectionScope::Full;
m_shouldDoFullCollection = false;
dataLogIf(Options::logGC(), "FullCollection, ");
} else {
m_collectionScope = CollectionScope::Eden;
dataLogIf(Options::logGC(), "EdenCollection, ");
}
if (m_collectionScope && m_collectionScope.value() == CollectionScope::Full) {
m_sizeBeforeLastFullCollect = m_sizeAfterLastCollect + m_bytesAllocatedThisCycle;
m_extraMemorySize = 0;
m_deprecatedExtraMemorySize = 0;
#if ENABLE(RESOURCE_USAGE)
m_externalMemorySize = 0;
#endif
if (m_fullActivityCallback)
m_fullActivityCallback->willCollect();
} else {
ASSERT(m_collectionScope && m_collectionScope.value() == CollectionScope::Eden);
m_sizeBeforeLastEdenCollect = m_sizeAfterLastCollect + m_bytesAllocatedThisCycle;
}
if (m_edenActivityCallback)
m_edenActivityCallback->willCollect();
for (auto* observer : m_observers)
observer->willGarbageCollect();
}
void Heap::prepareForMarking()
{
m_objectSpace.prepareForMarking();
}
void Heap::reapWeakHandles()
{
m_objectSpace.reapWeakSets();
}
void Heap::pruneStaleEntriesFromWeakGCHashTables()
{
if (!m_collectionScope || m_collectionScope.value() != CollectionScope::Full)
return;
for (auto* weakGCHashTable : m_weakGCHashTables)
weakGCHashTable->pruneStaleEntries();
}
void Heap::sweepArrayBuffers()
{
m_arrayBuffers.sweep(vm());
}
void Heap::snapshotUnswept()
{
TimingScope timingScope(*this, "Heap::snapshotUnswept");
m_objectSpace.snapshotUnswept();
}
void Heap::deleteSourceProviderCaches()
{
if (m_lastCollectionScope && m_lastCollectionScope.value() == CollectionScope::Full)
vm().clearSourceProviderCaches();
}
void Heap::notifyIncrementalSweeper()
{
if (m_collectionScope && m_collectionScope.value() == CollectionScope::Full) {
if (!m_logicallyEmptyWeakBlocks.isEmpty())
m_indexOfNextLogicallyEmptyWeakBlockToSweep = 0;
}
m_sweeper->startSweeping(*this);
}
void Heap::updateAllocationLimits()
{
constexpr bool verbose = false;
if (verbose) {
dataLog("\n");
dataLog("bytesAllocatedThisCycle = ", m_bytesAllocatedThisCycle, "\n");
}
// Calculate our current heap size threshold for the purpose of figuring out when we should
// run another collection. This isn't the same as either size() or capacity(), though it should
// be somewhere between the two. The key is to match the size calculations involved calls to
// didAllocate(), while never dangerously underestimating capacity(). In extreme cases of
// fragmentation, we may have size() much smaller than capacity().
size_t currentHeapSize = 0;
// For marked space, we use the total number of bytes visited. This matches the logic for
// BlockDirectory's calls to didAllocate(), which effectively accounts for the total size of
// objects allocated rather than blocks used. This will underestimate capacity(), and in case
// of fragmentation, this may be substantial. Fortunately, marked space rarely fragments because
// cells usually have a narrow range of sizes. So, the underestimation is probably OK.
currentHeapSize += m_totalBytesVisited;
if (verbose)
dataLog("totalBytesVisited = ", m_totalBytesVisited, ", currentHeapSize = ", currentHeapSize, "\n");
// It's up to the user to ensure that extraMemorySize() ends up corresponding to allocation-time
// extra memory reporting.
currentHeapSize += extraMemorySize();
if (ASSERT_ENABLED) {
CheckedSize checkedCurrentHeapSize = m_totalBytesVisited;
checkedCurrentHeapSize += extraMemorySize();
ASSERT(!checkedCurrentHeapSize.hasOverflowed() && checkedCurrentHeapSize == currentHeapSize);
}
if (verbose)
dataLog("extraMemorySize() = ", extraMemorySize(), ", currentHeapSize = ", currentHeapSize, "\n");
if (m_collectionScope && m_collectionScope.value() == CollectionScope::Full) {
// To avoid pathological GC churn in very small and very large heaps, we set
// the new allocation limit based on the current size of the heap, with a
// fixed minimum.
m_maxHeapSize = std::max(minHeapSize(m_heapType, m_ramSize), proportionalHeapSize(currentHeapSize, m_ramSize));
if (verbose)
dataLog("Full: maxHeapSize = ", m_maxHeapSize, "\n");
m_maxEdenSize = m_maxHeapSize - currentHeapSize;
if (verbose)
dataLog("Full: maxEdenSize = ", m_maxEdenSize, "\n");
m_sizeAfterLastFullCollect = currentHeapSize;
if (verbose)
dataLog("Full: sizeAfterLastFullCollect = ", currentHeapSize, "\n");
m_bytesAbandonedSinceLastFullCollect = 0;
if (verbose)
dataLog("Full: bytesAbandonedSinceLastFullCollect = ", 0, "\n");
} else {
ASSERT(currentHeapSize >= m_sizeAfterLastCollect);
// Theoretically, we shouldn't ever scan more memory than the heap size we planned to have.
// But we are sloppy, so we have to defend against the overflow.
m_maxEdenSize = currentHeapSize > m_maxHeapSize ? 0 : m_maxHeapSize - currentHeapSize;
if (verbose)
dataLog("Eden: maxEdenSize = ", m_maxEdenSize, "\n");
m_sizeAfterLastEdenCollect = currentHeapSize;
if (verbose)
dataLog("Eden: sizeAfterLastEdenCollect = ", currentHeapSize, "\n");
double edenToOldGenerationRatio = (double)m_maxEdenSize / (double)m_maxHeapSize;
double minEdenToOldGenerationRatio = 1.0 / 3.0;
if (edenToOldGenerationRatio < minEdenToOldGenerationRatio)
m_shouldDoFullCollection = true;
// This seems suspect at first, but what it does is ensure that the nursery size is fixed.
m_maxHeapSize += currentHeapSize - m_sizeAfterLastCollect;
if (verbose)
dataLog("Eden: maxHeapSize = ", m_maxHeapSize, "\n");
m_maxEdenSize = m_maxHeapSize - currentHeapSize;
if (verbose)
dataLog("Eden: maxEdenSize = ", m_maxEdenSize, "\n");
if (m_fullActivityCallback) {
ASSERT(currentHeapSize >= m_sizeAfterLastFullCollect);
m_fullActivityCallback->didAllocate(*this, currentHeapSize - m_sizeAfterLastFullCollect);
}
}
#if USE(BMALLOC_MEMORY_FOOTPRINT_API)
// Get critical memory threshold for next cycle.
overCriticalMemoryThreshold(MemoryThresholdCallType::Direct);
#endif
m_sizeAfterLastCollect = currentHeapSize;
if (verbose)
dataLog("sizeAfterLastCollect = ", m_sizeAfterLastCollect, "\n");
m_bytesAllocatedThisCycle = 0;
dataLogIf(Options::logGC(), "=> ", currentHeapSize / 1024, "kb, ");
}
void Heap::didFinishCollection()
{
m_afterGC = MonotonicTime::now();
CollectionScope scope = *m_collectionScope;
if (scope == CollectionScope::Full)
m_lastFullGCLength = m_afterGC - m_beforeGC;
else
m_lastEdenGCLength = m_afterGC - m_beforeGC;
#if ENABLE(RESOURCE_USAGE)
ASSERT(externalMemorySize() <= extraMemorySize());
#endif
if (HeapProfiler* heapProfiler = vm().heapProfiler()) {
gatherExtraHeapData(*heapProfiler);
removeDeadHeapSnapshotNodes(*heapProfiler);
}
if (UNLIKELY(m_verifier))
m_verifier->endGC();
RELEASE_ASSERT(m_collectionScope);
m_lastCollectionScope = m_collectionScope;
m_collectionScope = std::nullopt;
for (auto* observer : m_observers)
observer->didGarbageCollect(scope);
}
void Heap::resumeCompilerThreads()
{
#if ENABLE(JIT)
if (!Options::useJIT())
return;
JITWorklist::ensureGlobalWorklist().resumeAllThreads();
#endif
}
GCActivityCallback* Heap::fullActivityCallback()
{
return m_fullActivityCallback.get();
}
GCActivityCallback* Heap::edenActivityCallback()
{
return m_edenActivityCallback.get();
}
IncrementalSweeper& Heap::sweeper()
{
return m_sweeper.get();
}
void Heap::setGarbageCollectionTimerEnabled(bool enable)
{
if (m_fullActivityCallback)
m_fullActivityCallback->setEnabled(enable);
if (m_edenActivityCallback)
m_edenActivityCallback->setEnabled(enable);
}
void Heap::didAllocate(size_t bytes)
{
if (m_edenActivityCallback)
m_edenActivityCallback->didAllocate(*this, m_bytesAllocatedThisCycle + m_bytesAbandonedSinceLastFullCollect);
m_bytesAllocatedThisCycle += bytes;
performIncrement(bytes);
}
void Heap::addFinalizer(JSCell* cell, CFinalizer finalizer)
{
WeakSet::allocate(cell, &m_cFinalizerOwner, bitwise_cast<void*>(finalizer)); // Balanced by CFinalizerOwner::finalize().
}
void Heap::addFinalizer(JSCell* cell, LambdaFinalizer function)
{
WeakSet::allocate(cell, &m_lambdaFinalizerOwner, function.leak()); // Balanced by LambdaFinalizerOwner::finalize().
}
void Heap::CFinalizerOwner::finalize(Handle<Unknown> handle, void* context)
{
HandleSlot slot = handle.slot();
CFinalizer finalizer = bitwise_cast<CFinalizer>(context);
finalizer(slot->asCell());
WeakSet::deallocate(WeakImpl::asWeakImpl(slot));
}
void Heap::LambdaFinalizerOwner::finalize(Handle<Unknown> handle, void* context)
{
auto finalizer = WTF::adopt(static_cast<LambdaFinalizer::Impl*>(context));
HandleSlot slot = handle.slot();
finalizer(slot->asCell());
WeakSet::deallocate(WeakImpl::asWeakImpl(slot));
}
void Heap::collectNowFullIfNotDoneRecently(Synchronousness synchronousness)
{
if (!m_fullActivityCallback) {
collectNow(synchronousness, CollectionScope::Full);
return;
}
if (m_fullActivityCallback->didGCRecently()) {
// A synchronous GC was already requested recently so we merely accelerate next collection.
reportAbandonedObjectGraph();
return;
}
m_fullActivityCallback->setDidGCRecently();
collectNow(synchronousness, CollectionScope::Full);
}
bool Heap::useGenerationalGC()
{
return Options::useGenerationalGC() && !VM::isInMiniMode();
}
bool Heap::shouldSweepSynchronously()
{
return Options::sweepSynchronously() || VM::isInMiniMode();
}
bool Heap::shouldDoFullCollection()
{
if (!useGenerationalGC())
return true;
if (!m_currentRequest.scope)
return m_shouldDoFullCollection || overCriticalMemoryThreshold();
return *m_currentRequest.scope == CollectionScope::Full;
}
void Heap::addLogicallyEmptyWeakBlock(WeakBlock* block)
{
m_logicallyEmptyWeakBlocks.append(block);
}
void Heap::sweepAllLogicallyEmptyWeakBlocks()
{
if (m_logicallyEmptyWeakBlocks.isEmpty())
return;
m_indexOfNextLogicallyEmptyWeakBlockToSweep = 0;
while (sweepNextLogicallyEmptyWeakBlock()) { }
}
bool Heap::sweepNextLogicallyEmptyWeakBlock()
{
if (m_indexOfNextLogicallyEmptyWeakBlockToSweep == WTF::notFound)
return false;
WeakBlock* block = m_logicallyEmptyWeakBlocks[m_indexOfNextLogicallyEmptyWeakBlockToSweep];
block->sweep();
if (block->isEmpty()) {
std::swap(m_logicallyEmptyWeakBlocks[m_indexOfNextLogicallyEmptyWeakBlockToSweep], m_logicallyEmptyWeakBlocks.last());
m_logicallyEmptyWeakBlocks.removeLast();
WeakBlock::destroy(*this, block);
} else
m_indexOfNextLogicallyEmptyWeakBlockToSweep++;
if (m_indexOfNextLogicallyEmptyWeakBlockToSweep >= m_logicallyEmptyWeakBlocks.size()) {
m_indexOfNextLogicallyEmptyWeakBlockToSweep = WTF::notFound;
return false;
}
return true;
}
size_t Heap::visitCount()
{
size_t result = 0;
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
result += visitor.visitCount();
});
return result;
}
size_t Heap::bytesVisited()
{
size_t result = 0;
forEachSlotVisitor(
[&] (SlotVisitor& visitor) {
result += visitor.bytesVisited();
});
return result;
}
void Heap::forEachCodeBlockImpl(const ScopedLambda<void(CodeBlock*)>& func)
{
// We don't know the full set of CodeBlocks until compilation has terminated.
completeAllJITPlans();
return m_codeBlocks->iterate(func);
}
void Heap::forEachCodeBlockIgnoringJITPlansImpl(const AbstractLocker& locker, const ScopedLambda<void(CodeBlock*)>& func)
{
return m_codeBlocks->iterate(locker, func);
}
void Heap::writeBarrierSlowPath(const JSCell* from)
{
if (UNLIKELY(mutatorShouldBeFenced())) {
// In this case, the barrierThreshold is the tautological threshold, so from could still be
// not black. But we can't know for sure until we fire off a fence.
WTF::storeLoadFence();
if (from->cellState() != CellState::PossiblyBlack)
return;
}
addToRememberedSet(from);
}
bool Heap::currentThreadIsDoingGCWork()
{
return Thread::mayBeGCThread() || mutatorState() != MutatorState::Running;
}
void Heap::reportExtraMemoryVisited(size_t size)
{
size_t* counter = &m_extraMemorySize;
for (;;) {
size_t oldSize = *counter;
// FIXME: Change this to use SaturatedArithmetic when available.
// https://bugs.webkit.org/show_bug.cgi?id=170411
CheckedSize checkedNewSize = oldSize;
checkedNewSize += size;
size_t newSize = UNLIKELY(checkedNewSize.hasOverflowed()) ? std::numeric_limits<size_t>::max() : checkedNewSize.value();
if (WTF::atomicCompareExchangeWeakRelaxed(counter, oldSize, newSize))
return;
}
}
#if ENABLE(RESOURCE_USAGE)
void Heap::reportExternalMemoryVisited(size_t size)
{
size_t* counter = &m_externalMemorySize;
for (;;) {
size_t oldSize = *counter;
if (WTF::atomicCompareExchangeWeakRelaxed(counter, oldSize, oldSize + size))
return;
}
}
#endif
void Heap::collectIfNecessaryOrDefer(GCDeferralContext* deferralContext)
{
ASSERT(deferralContext || isDeferred() || !DisallowGC::isInEffectOnCurrentThread());
if constexpr (validateDFGDoesGC)
vm().verifyCanGC();
if (!m_isSafeToCollect)
return;
switch (mutatorState()) {
case MutatorState::Running:
case MutatorState::Allocating:
break;
case MutatorState::Sweeping:
case MutatorState::Collecting:
return;
}
if (!Options::useGC())
return;
if (mayNeedToStop()) {
if (deferralContext)
deferralContext->m_shouldGC = true;
else if (isDeferred())
m_didDeferGCWork = true;
else
stopIfNecessary();
}
if (UNLIKELY(Options::gcMaxHeapSize())) {
if (m_bytesAllocatedThisCycle <= Options::gcMaxHeapSize())
return;
} else {
size_t bytesAllowedThisCycle = m_maxEdenSize;
#if USE(BMALLOC_MEMORY_FOOTPRINT_API)
if (overCriticalMemoryThreshold())
bytesAllowedThisCycle = std::min(m_maxEdenSizeWhenCritical, bytesAllowedThisCycle);
#endif
if (m_bytesAllocatedThisCycle <= bytesAllowedThisCycle)
return;
}
if (deferralContext)
deferralContext->m_shouldGC = true;
else if (isDeferred())
m_didDeferGCWork = true;
else {
collectAsync();
stopIfNecessary(); // This will immediately start the collection if we have the conn.
}
}
void Heap::decrementDeferralDepthAndGCIfNeededSlow()
{
// Can't do anything if we're still deferred.
if (m_deferralDepth)
return;
ASSERT(!isDeferred());
m_didDeferGCWork = false;
// FIXME: Bring back something like the DeferGCProbability mode.
// https://bugs.webkit.org/show_bug.cgi?id=166627
collectIfNecessaryOrDefer();
}
void Heap::registerWeakGCHashTable(WeakGCHashTable* weakGCHashTable)
{
m_weakGCHashTables.add(weakGCHashTable);
}
void Heap::unregisterWeakGCHashTable(WeakGCHashTable* weakGCHashTable)
{
m_weakGCHashTables.remove(weakGCHashTable);
}
void Heap::didAllocateBlock(size_t capacity)
{
#if ENABLE(RESOURCE_USAGE)
m_blockBytesAllocated += capacity;
#else
UNUSED_PARAM(capacity);
#endif
}
void Heap::didFreeBlock(size_t capacity)
{
#if ENABLE(RESOURCE_USAGE)
m_blockBytesAllocated -= capacity;
#else
UNUSED_PARAM(capacity);
#endif
}
// The following are pulled out of the body of Heap::addCoreConstraints() only
// because the WinCairo port is not able to handle #if's inside the body of the
// lambda passed into the MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR macro. This works
// around that issue.
#if JSC_OBJC_API_ENABLED
constexpr bool objcAPIEnabled = true;
#else
constexpr bool objcAPIEnabled = false;
static UNUSED_FUNCTION void scanExternalRememberedSet(VM&, AbstractSlotVisitor&) { }
#endif
#if ENABLE(SAMPLING_PROFILER)
constexpr bool samplingProfilerSupported = true;
template<typename Visitor>
static ALWAYS_INLINE void visitSamplingProfiler(VM& vm, Visitor& visitor)
{
SamplingProfiler* samplingProfiler = vm.samplingProfiler();
if (UNLIKELY(samplingProfiler)) {
Locker locker { samplingProfiler->getLock() };
samplingProfiler->processUnverifiedStackTraces();
samplingProfiler->visit(visitor);
if (Options::logGC() == GCLogging::Verbose)
dataLog("Sampling Profiler data:\n", visitor);
}
};
#else
constexpr bool samplingProfilerSupported = false;
static UNUSED_FUNCTION void visitSamplingProfiler(VM&, AbstractSlotVisitor&) { };
#endif
void Heap::addCoreConstraints()
{
m_constraintSet->add(
"Cs", "Conservative Scan",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this, lastVersion = static_cast<uint64_t>(0)] (auto& visitor) mutable {
bool shouldNotProduceWork = lastVersion == m_phaseVersion;
// For the GC Verfier, we would like to use the identical set of conservative roots
// as the real GC. Otherwise, the GC verifier may report false negatives due to
// variations in stack values. For this same reason, we will skip this constraint
// when we're running the GC verification in the End phase.
if (shouldNotProduceWork || m_isMarkingForGCVerifier)
return;
TimingScope preConvergenceTimingScope(*this, "Constraint: conservative scan");
m_objectSpace.prepareForConservativeScan();
m_jitStubRoutines->prepareForConservativeScan();
{
ConservativeRoots conservativeRoots(*this);
SuperSamplerScope superSamplerScope(false);
gatherStackRoots(conservativeRoots);
gatherJSStackRoots(conservativeRoots);
gatherScratchBufferRoots(conservativeRoots);
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ConservativeScan);
visitor.append(conservativeRoots);
if (UNLIKELY(m_verifierSlotVisitor)) {
SetRootMarkReasonScope rootScope(*m_verifierSlotVisitor, RootMarkReason::ConservativeScan);
m_verifierSlotVisitor->append(conservativeRoots);
}
}
if (Options::useJIT()) {
// JITStubRoutines must be visited after scanning ConservativeRoots since JITStubRoutines depend on the hook executed during gathering ConservativeRoots.
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::JITStubRoutines);
m_jitStubRoutines->traceMarkedStubRoutines(visitor);
if (UNLIKELY(m_verifierSlotVisitor)) {
// It's important to cast m_verifierSlotVisitor to an AbstractSlotVisitor here
// so that we'll call the AbstractSlotVisitor version of traceMarkedStubRoutines().
AbstractSlotVisitor& visitor = *m_verifierSlotVisitor;
m_jitStubRoutines->traceMarkedStubRoutines(visitor);
}
}
lastVersion = m_phaseVersion;
})),
ConstraintVolatility::GreyedByExecution);
m_constraintSet->add(
"Msr", "Misc Small Roots",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
VM& vm = this->vm();
if constexpr (objcAPIEnabled) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ExternalRememberedSet);
scanExternalRememberedSet(vm, visitor);
}
if (vm.smallStrings.needsToBeVisited(*m_collectionScope)) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::StrongReferences);
vm.smallStrings.visitStrongReferences(visitor);
}
{
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ProtectedValues);
for (auto& pair : m_protectedValues)
visitor.appendUnbarriered(pair.key);
}
if (!m_markListSet.isEmpty()) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ConservativeScan);
MarkedArgumentBufferBase::markLists(visitor, m_markListSet);
}
{
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::MarkedJSValueRefArray);
m_markedJSValueRefArrays.forEach([&] (MarkedJSValueRefArray* array) {
array->visitAggregate(visitor);
});
}
{
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::VMExceptions);
visitor.appendUnbarriered(vm.exception());
visitor.appendUnbarriered(vm.lastException());
// We're going to m_terminationException directly instead of going through
// the exception() getter because we want to assert in the getter that the
// TerminationException has been reified. Here, we don't care if it is
// reified or not.
visitor.appendUnbarriered(vm.m_terminationException);
}
})),
ConstraintVolatility::GreyedByExecution);
m_constraintSet->add(
"Sh", "Strong Handles",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::StrongHandles);
m_handleSet.visitStrongHandles(visitor);
})),
ConstraintVolatility::GreyedByExecution);
m_constraintSet->add(
"D", "Debugger",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::Debugger);
VM& vm = this->vm();
if constexpr (samplingProfilerSupported)
visitSamplingProfiler(vm, visitor);
if (vm.typeProfiler())
vm.typeProfilerLog()->visit(visitor);
if (auto* shadowChicken = vm.shadowChicken())
shadowChicken->visitChildren(visitor);
})),
ConstraintVolatility::GreyedByExecution);
m_constraintSet->add(
"Ws", "Weak Sets",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::WeakSets);
m_objectSpace.visitWeakSets(visitor);
})),
ConstraintVolatility::GreyedByMarking);
m_constraintSet->add(
"O", "Output",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([] (auto& visitor) {
Heap* heap = visitor.heap();
// The `visitor2` argument is strangely named because the WinCairo port
// gets confused and thinks we're trying to capture the outer visitor
// arg here. Giving it a unique name works around this issue.
auto callOutputConstraint = [] (auto& visitor2, HeapCell* heapCell, HeapCell::Kind) {
SetRootMarkReasonScope rootScope(visitor2, RootMarkReason::Output);
JSCell* cell = static_cast<JSCell*>(heapCell);
cell->methodTable()->visitOutputConstraints(cell, visitor2);
};
auto add = [&] (auto& set) {
RefPtr<SharedTask<void(decltype(visitor)&)>> task = set.template forEachMarkedCellInParallel<decltype(visitor)>(callOutputConstraint);
visitor.addParallelConstraintTask(task);
};
{
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ExecutableToCodeBlockEdges);
add(heap->functionExecutableSpaceAndSet.outputConstraintsSet);
add(heap->programExecutableSpaceAndSet.outputConstraintsSet);
if (heap->m_evalExecutableSpace)
add(heap->m_evalExecutableSpace->outputConstraintsSet);
if (heap->m_moduleProgramExecutableSpace)
add(heap->m_moduleProgramExecutableSpace->outputConstraintsSet);
}
if (heap->m_weakMapSpace) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::WeakMapSpace);
add(*heap->m_weakMapSpace);
}
})),
ConstraintVolatility::GreyedByMarking,
ConstraintParallelism::Parallel);
#if ENABLE(JIT)
if (Options::useJIT()) {
m_constraintSet->add(
"Jw", "JIT Worklist",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::JITWorkList);
JITWorklist::ensureGlobalWorklist().visitWeakReferences(visitor);
// FIXME: This is almost certainly unnecessary.
// https://bugs.webkit.org/show_bug.cgi?id=166829
JITWorklist::ensureGlobalWorklist().iterateCodeBlocksForGC(visitor,
vm(),
[&] (CodeBlock* codeBlock) {
visitor.appendUnbarriered(codeBlock);
});
if (Options::logGC() == GCLogging::Verbose)
dataLog("JIT Worklists:\n", visitor);
})),
ConstraintVolatility::GreyedByMarking);
}
#endif
m_constraintSet->add(
"Cb", "CodeBlocks",
MAKE_MARKING_CONSTRAINT_EXECUTOR_PAIR(([this] (auto& visitor) {
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::CodeBlocks);
iterateExecutingAndCompilingCodeBlocksWithoutHoldingLocks(visitor,
[&] (CodeBlock* codeBlock) {
// Visit the CodeBlock as a constraint only if it's black.
if (visitor.isMarked(codeBlock)
&& codeBlock->cellState() == CellState::PossiblyBlack)
visitor.visitAsConstraint(codeBlock);
});
})),
ConstraintVolatility::SeldomGreyed);
m_constraintSet->add(makeUnique<MarkStackMergingConstraint>(*this));
}
void Heap::addMarkingConstraint(std::unique_ptr<MarkingConstraint> constraint)
{
PreventCollectionScope preventCollectionScope(*this);
m_constraintSet->add(WTFMove(constraint));
}
void Heap::notifyIsSafeToCollect()
{
MonotonicTime before;
if (UNLIKELY(Options::logGC())) {
before = MonotonicTime::now();
dataLog("[GC<", RawPointer(this), ">: starting ");
}
addCoreConstraints();
m_isSafeToCollect = true;
if (Options::collectContinuously()) {
m_collectContinuouslyThread = Thread::create(
"JSC DEBUG Continuous GC",
[this] () {
MonotonicTime initialTime = MonotonicTime::now();
Seconds period = Seconds::fromMilliseconds(Options::collectContinuouslyPeriodMS());
while (true) {
Locker locker { m_collectContinuouslyLock };
{
Locker locker { *m_threadLock };
if (m_requests.isEmpty()) {
m_requests.append(std::nullopt);
m_lastGrantedTicket++;
m_threadCondition->notifyOne(locker);
}
}
Seconds elapsed = MonotonicTime::now() - initialTime;
Seconds elapsedInPeriod = elapsed % period;
MonotonicTime timeToWakeUp =
initialTime + elapsed - elapsedInPeriod + period;
while (!hasElapsed(timeToWakeUp) && !m_shouldStopCollectingContinuously) {
m_collectContinuouslyCondition.waitUntil(
m_collectContinuouslyLock, timeToWakeUp);
}
if (m_shouldStopCollectingContinuously)
break;
}
}, ThreadType::GarbageCollection);
}
dataLogIf(Options::logGC(), (MonotonicTime::now() - before).milliseconds(), "ms]\n");
}
// Use WTF_IGNORES_THREAD_SAFETY_ANALYSIS because this function conditionally locks m_collectContinuouslyLock,
// which is not supported by analysis.
void Heap::preventCollection() WTF_IGNORES_THREAD_SAFETY_ANALYSIS
{
if (!m_isSafeToCollect)
return;
// This prevents the collectContinuously thread from starting a collection.
m_collectContinuouslyLock.lock();
// Wait for all collections to finish.
waitForCollector(
[&] (const AbstractLocker&) -> bool {
ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
return m_lastServedTicket == m_lastGrantedTicket;
});
// Now a collection can only start if this thread starts it.
RELEASE_ASSERT(!m_collectionScope);
}
// Use WTF_IGNORES_THREAD_SAFETY_ANALYSIS because this function conditionally unlocks m_collectContinuouslyLock,
// which is not supported by analysis.
void Heap::allowCollection() WTF_IGNORES_THREAD_SAFETY_ANALYSIS
{
if (!m_isSafeToCollect)
return;
m_collectContinuouslyLock.unlock();
}
void Heap::setMutatorShouldBeFenced(bool value)
{
m_mutatorShouldBeFenced = value;
m_barrierThreshold = value ? tautologicalThreshold : blackThreshold;
}
void Heap::performIncrement(size_t bytes)
{
if (!m_objectSpace.isMarking())
return;
if (isDeferred())
return;
m_incrementBalance += bytes * Options::gcIncrementScale();
// Save ourselves from crazy. Since this is an optimization, it's OK to go back to any consistent
// state when the double goes wild.
if (std::isnan(m_incrementBalance) || std::isinf(m_incrementBalance))
m_incrementBalance = 0;
if (m_incrementBalance < static_cast<double>(Options::gcIncrementBytes()))
return;
double targetBytes = m_incrementBalance;
if (targetBytes <= 0)
return;
targetBytes = std::min(targetBytes, Options::gcIncrementMaxBytes());
SlotVisitor& visitor = *m_mutatorSlotVisitor;
ParallelModeEnabler parallelModeEnabler(visitor);
size_t bytesVisited = visitor.performIncrementOfDraining(static_cast<size_t>(targetBytes));
// incrementBalance may go negative here because it'll remember how many bytes we overshot.
m_incrementBalance -= bytesVisited;
}
void Heap::addHeapFinalizerCallback(const HeapFinalizerCallback& callback)
{
m_heapFinalizerCallbacks.append(callback);
}
void Heap::removeHeapFinalizerCallback(const HeapFinalizerCallback& callback)
{
m_heapFinalizerCallbacks.removeFirst(callback);
}
void Heap::setBonusVisitorTask(RefPtr<SharedTask<void(SlotVisitor&)>> task)
{
Locker locker { m_markingMutex };
m_bonusVisitorTask = task;
m_markingConditionVariable.notifyAll();
}
void Heap::addMarkedJSValueRefArray(MarkedJSValueRefArray* array)
{
m_markedJSValueRefArrays.append(array);
}
void Heap::runTaskInParallel(RefPtr<SharedTask<void(SlotVisitor&)>> task)
{
unsigned initialRefCount = task->refCount();
setBonusVisitorTask(task);
task->run(*m_collectorSlotVisitor);
setBonusVisitorTask(nullptr);
// The constraint solver expects return of this function to imply termination of the task in all
// threads. This ensures that property.
{
Locker locker { m_markingMutex };
while (task->refCount() > initialRefCount)
m_markingConditionVariable.wait(m_markingMutex);
}
}
void Heap::verifyGC()
{
RELEASE_ASSERT(m_verifierSlotVisitor);
RELEASE_ASSERT(!m_isMarkingForGCVerifier);
m_isMarkingForGCVerifier = true;
VerifierSlotVisitor& visitor = *m_verifierSlotVisitor;
do {
while (!visitor.isEmpty())
visitor.drain();
m_constraintSet->executeAllSynchronously(visitor);
visitor.executeConstraintTasks();
} while (!visitor.isEmpty());
m_isMarkingForGCVerifier = false;
visitor.forEachLiveCell([&] (HeapCell* cell) {
if (Heap::isMarked(cell))
return;
dataLogLn("\n" "GC Verifier: ERROR cell ", RawPointer(cell), " was not marked");
if (UNLIKELY(Options::verboseVerifyGC()))
visitor.dumpMarkerData(cell);
RELEASE_ASSERT(this->isMarked(cell));
});
m_verifierSlotVisitor = nullptr;
}
#define DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW(name, heapCellType, type) \
IsoSubspace* Heap::name##Slow() \
{ \
ASSERT(!m_##name); \
auto space = makeUnique<IsoSubspace> ISO_SUBSPACE_INIT(*this, heapCellType, type); \
WTF::storeStoreFence(); \
m_##name = WTFMove(space); \
return m_##name.get(); \
}
FOR_EACH_JSC_DYNAMIC_ISO_SUBSPACE(DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW)
#undef DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW
#define DEFINE_DYNAMIC_SPACE_AND_SET_MEMBER_SLOW(name, heapCellType, type, spaceType) \
IsoSubspace* Heap::name##Slow() \
{ \
ASSERT(!m_##name); \
auto space = makeUnique<spaceType> ISO_SUBSPACE_INIT(*this, heapCellType, type); \
WTF::storeStoreFence(); \
m_##name = WTFMove(space); \
return &m_##name->space; \
}
DEFINE_DYNAMIC_SPACE_AND_SET_MEMBER_SLOW(evalExecutableSpace, destructibleCellHeapCellType, EvalExecutable, Heap::ScriptExecutableSpaceAndSets) // Hash:0x958e3e9d
DEFINE_DYNAMIC_SPACE_AND_SET_MEMBER_SLOW(moduleProgramExecutableSpace, destructibleCellHeapCellType, ModuleProgramExecutable, Heap::ScriptExecutableSpaceAndSets) // Hash:0x6506fa3c
#undef DEFINE_DYNAMIC_SPACE_AND_SET_MEMBER_SLOW
namespace GCClient {
#define INIT_CLIENT_ISO_SUBSPACE_FROM_SPACE_AND_SET(subspace) subspace(heap.subspace##AndSet.space)
#define INIT_CLIENT_ISO_SUBSPACE(name, heapCellType, type) \
, name(heap.name)
Heap::Heap(JSC::Heap& heap)
: m_server(heap)
FOR_EACH_JSC_ISO_SUBSPACE(INIT_CLIENT_ISO_SUBSPACE)
, INIT_CLIENT_ISO_SUBSPACE_FROM_SPACE_AND_SET(codeBlockSpace)
, INIT_CLIENT_ISO_SUBSPACE_FROM_SPACE_AND_SET(functionExecutableSpace)
, INIT_CLIENT_ISO_SUBSPACE_FROM_SPACE_AND_SET(programExecutableSpace)
, INIT_CLIENT_ISO_SUBSPACE_FROM_SPACE_AND_SET(unlinkedFunctionExecutableSpace)
{
}
Heap::~Heap()
{
for (auto* perVMIsoSubspace : perVMIsoSubspaces)
perVMIsoSubspace->releaseClientIsoSubspace(vm());
}
#undef INIT_CLIENT_ISO_SUBSPACE
#undef CLIENT_ISO_SUBSPACE_INIT_FROM_SPACE_AND_SET
#define DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW_IMPL(name, heapCellType, type) \
IsoSubspace* Heap::name##Slow() \
{ \
ASSERT(!m_##name); \
Locker locker { server().m_lock }; \
JSC::IsoSubspace& serverSpace = *server().name<SubspaceAccess::OnMainThread>(); \
auto space = makeUnique<IsoSubspace>(serverSpace); \
WTF::storeStoreFence(); \
m_##name = WTFMove(space); \
return m_##name.get(); \
}
#define DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW(name) \
DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW_IMPL(name, unused, unused2) \
FOR_EACH_JSC_DYNAMIC_ISO_SUBSPACE(DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW_IMPL)
DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW(evalExecutableSpace)
DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW(moduleProgramExecutableSpace)
#undef DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW_IMPL
#undef DEFINE_DYNAMIC_ISO_SUBSPACE_MEMBER_SLOW
} // namespace GCClient
} // namespace JSC