/* * Copyright (C) 2012-2017 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #pragma once #include "ConcurrentJSLock.h" #include "JSObject.h" #include "JSSymbolTableObject.h" #include "SymbolTable.h" #include <wtf/SegmentedVector.h> namespace JSC { class LLIntOffsetsExtractor; // This is a mostly drop-in replacement for JSLexicalEnvironment, except that it preserves // the invariant that after a variable is created, its address in memory will not change // so long as the JSSegmentedVariableObject is alive. This allows optimizations based // on getting the address of the variable and remembering it. As well, unlike a // JSLexicalEnvironment, this will manage the memory for the registers itself and neither // requires nor allows for the subclasses to manage that memory. Finally, // JSSegmentedVariableObject has its own GC tracing functionality, since it knows the // exact dimensions of the variables array at all times. // Except for JSGlobalObject, subclasses of this don't call the destructor and leak memory. class JSSegmentedVariableObject : public JSSymbolTableObject { friend class JIT; friend class LLIntOffsetsExtractor; public: using Base = JSSymbolTableObject; DECLARE_INFO; bool isValidScopeOffset(ScopeOffset offset) { return !!offset && offset.offset() < m_variables.size(); } // This is not thread-safe, since m_variables is a segmented vector, and its spine can resize with // malloc/free if new variables - unrelated to the one you are accessing - are added. You can get // around this by grabbing m_lock, or finding some other way to get to the variable pointer (global // variable access bytecode instructions will have a direct pointer already). WriteBarrier<Unknown>& variableAt(ScopeOffset offset) { return m_variables[offset.offset()]; } // This is a slow method call, which searches the register bank to find the index // given a pointer. It will CRASH() if it does not find the register. Only use this // in debug code (like bytecode dumping). JS_EXPORT_PRIVATE ScopeOffset findVariableIndex(void*); WriteBarrier<Unknown>* assertVariableIsInThisObject(WriteBarrier<Unknown>* variablePointer) { if (!ASSERT_DISABLED) findVariableIndex(variablePointer); return variablePointer; } // Adds numberOfRegistersToAdd registers, initializes them to Undefined, and returns // the index of the first one added. JS_EXPORT_PRIVATE ScopeOffset addVariables(unsigned numberOfVariablesToAdd, JSValue); JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&); JS_EXPORT_PRIVATE static void heapSnapshot(JSCell*, HeapSnapshotBuilder&); static void destroy(JSCell*); template<typename> static CompleteSubspace* subspaceFor(VM& vm) { return &vm.segmentedVariableObjectSpace; } const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); } protected: JSSegmentedVariableObject(VM&, Structure*, JSScope*); ~JSSegmentedVariableObject(); void finishCreation(VM&); private: SegmentedVector<WriteBarrier<Unknown>, 16> m_variables; ConcurrentJSLock m_lock; bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once. PoisonedClassInfoPtr m_classInfo; }; } // namespace JSC