DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * vim: set ts=8 sts=2 et sw=2 tw=80:
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef vm_PIC_h
#define vm_PIC_h

#include "vm/GlobalObject.h"

namespace js {

class Shape;

template <typename Category>
class PICChain;

/*
 * The basic PICStub just has a pointer to the next stub.
 */
template <typename Category>
class PICStub {
  friend class PICChain<Category>;

 private:
  typedef typename Category::Stub CatStub;
  typedef typename Category::Chain CatChain;

 protected:
  CatStub* next_;

  PICStub() : next_(nullptr) {}
  explicit PICStub(const CatStub* next) : next_(next) { MOZ_ASSERT(next_); }
  explicit PICStub(const CatStub& other) : next_(other.next_) {}

 public:
  CatStub* next() const { return next_; }

 protected:
  void append(CatStub* stub) {
    MOZ_ASSERT(!next_);
    MOZ_ASSERT(!stub->next_);
    next_ = stub;
  }
};

/*
 * The basic PIC just has a pointer to the list of stubs.
 */
template <typename Category>
class PICChain {
 private:
  typedef typename Category::Stub CatStub;
  typedef typename Category::Chain CatChain;

 protected:
  CatStub* stubs_;

  PICChain() : stubs_(nullptr) {}
  // PICs should never be copy constructed.
  PICChain(const PICChain<Category>& other) = delete;

 public:
  CatStub* stubs() const { return stubs_; }

  void addStub(JSObject* obj, CatStub* stub);

  unsigned numStubs() const {
    unsigned count = 0;
    for (CatStub* stub = stubs_; stub; stub = stub->next()) {
      count++;
    }
    return count;
  }
};

/*
 *  ForOfPIC defines a PIC category for optimizing for-of operations.
 */
struct ForOfPIC {
  /* Forward declarations so template-substitution works. */
  class Stub;
  class Chain;

  ForOfPIC() = delete;
  ForOfPIC(const ForOfPIC& other) = delete;

  typedef PICStub<ForOfPIC> BaseStub;
  typedef PICChain<ForOfPIC> BaseChain;

  /*
   * A ForOfPIC has only one kind of stub for now: one that holds the shape
   * of an array object that does not override its @@iterator property.
   */
  class Stub : public BaseStub {
   private:
    // Shape of matching array object.
    Shape* shape_;

   public:
    explicit Stub(Shape* shape) : BaseStub(), shape_(shape) {
      MOZ_ASSERT(shape_);
    }

    Shape* shape() { return shape_; }
  };

  /*
   * A ForOfPIC chain holds the following:
   *
   *  Array.prototype (arrayProto_)
   *      To ensure that the incoming array has the standard proto.
   *
   *  Array.prototype's shape (arrayProtoShape_)
   *      To ensure that Array.prototype has not been modified.
   *
   *  ArrayIterator.prototype
   *  ArrayIterator.prototype's shape
   *      (arrayIteratorProto_, arrayIteratorProtoShape_)
   *      To ensure that an ArrayIterator.prototype has not been modified.
   *
   *  Array.prototype's slot number for @@iterator
   *  Array.prototype's canonical value for @@iterator
   *      (arrayProtoIteratorSlot_, canonicalIteratorFunc_)
   *      To quickly retrieve and ensure that the iterator constructor
   *      stored in the slot has not changed.
   *
   *  ArrayIterator.prototype's slot number for 'next'
   *  ArrayIterator.prototype's canonical value for 'next'
   *      (arrayIteratorProtoNextSlot_, canonicalNextFunc_)
   *      To quickly retrieve and ensure that the 'next' method for
   *      ArrayIterator objects has not changed.
   */
  class Chain : public BaseChain {
   private:
    // Pointer to owning JSObject for memory accounting purposes.
    GCPtrObject picObject_;

    // Pointer to canonical Array.prototype and ArrayIterator.prototype
    GCPtrNativeObject arrayProto_;
    GCPtrNativeObject arrayIteratorProto_;

    // Shape of matching Array.prototype object, and slot containing
    // the @@iterator for it, and the canonical value.
    GCPtrShape arrayProtoShape_;
    uint32_t arrayProtoIteratorSlot_;
    GCPtrValue canonicalIteratorFunc_;

    // Shape of matching ArrayIteratorProto, and slot containing
    // the 'next' property, and the canonical value.
    GCPtrShape arrayIteratorProtoShape_;
    uint32_t arrayIteratorProtoNextSlot_;
    GCPtrValue canonicalNextFunc_;

    // Initialization flag marking lazy initialization of above fields.
    bool initialized_;

    // Disabled flag is set when we don't want to try optimizing anymore
    // because core objects were changed.
    bool disabled_;

    static const unsigned MAX_STUBS = 10;

   public:
    explicit Chain(JSObject* picObject)
        : BaseChain(),
          picObject_(picObject),
          arrayProto_(nullptr),
          arrayIteratorProto_(nullptr),
          arrayProtoShape_(nullptr),
          arrayProtoIteratorSlot_(-1),
          canonicalIteratorFunc_(UndefinedValue()),
          arrayIteratorProtoShape_(nullptr),
          arrayIteratorProtoNextSlot_(-1),
          initialized_(false),
          disabled_(false) {}

    // Initialize the canonical iterator function.
    bool initialize(JSContext* cx);

    // Try to optimize this chain for an object.
    bool tryOptimizeArray(JSContext* cx, HandleArrayObject array,
                          bool* optimized);

    // Check if %ArrayIteratorPrototype% still uses the default "next" method.
    bool tryOptimizeArrayIteratorNext(JSContext* cx, bool* optimized);

    void trace(JSTracer* trc);
    void finalize(JSFreeOp* fop, JSObject* obj);

   private:
    // Check if the global array-related objects have not been messed with
    // in a way that would disable this PIC.
    bool isArrayStateStillSane();

    // Check if ArrayIterator.next is still optimizable.
    inline bool isArrayNextStillSane() {
      return (arrayIteratorProto_->lastProperty() ==
              arrayIteratorProtoShape_) &&
             (arrayIteratorProto_->getSlot(arrayIteratorProtoNextSlot_) ==
              canonicalNextFunc_);
    }

    // Check if a matching optimized stub for the given object exists.
    bool hasMatchingStub(ArrayObject* obj);

    // Reset the PIC and all info associated with it.
    void reset(JSContext* cx);

    // Erase the stub chain.
    void eraseChain(JSContext* cx);

    void freeAllStubs(JSFreeOp* fop);
  };

  // Class for object that holds ForOfPIC chain.
  static const JSClass class_;

  static NativeObject* createForOfPICObject(JSContext* cx,
                                            Handle<GlobalObject*> global);

  static inline Chain* fromJSObject(NativeObject* obj) {
    MOZ_ASSERT(obj->getClass() == &ForOfPIC::class_);
    return (ForOfPIC::Chain*)obj->getPrivate();
  }
  static inline Chain* getOrCreate(JSContext* cx) {
    NativeObject* obj = cx->global()->getForOfPICObject();
    if (obj) {
      return fromJSObject(obj);
    }
    return create(cx);
  }
  static Chain* create(JSContext* cx);
};

}  // namespace js

#endif /* vm_PIC_h */