The latter no longer calls the former via js_ConstructObject, to
minimize failure opportunities when converting an error into an
exception. Also, the 'stack' property of exception objects
faithfully preserves Unicode in function names and decompiled
actual argument sources.
Also, fun_xdrObject was reversing property order when encoding;
fixed to maximize property tree compression gain.
Also^2, js_ConstructObject was not handling success+not-found
return from FindConstructor.
bug 127136, r=rginda, sr=shaver, a=chofmann
git-svn-id: svn://10.0.0.236/trunk@115662 18797224-902f-48f8-a5cc-f745e15eee43
js_SetProtoOrParent should always have used a condvar in addition to a lock.
- Fix bug 79129, assert-botch in js_AllocSlot (r/sr=jband, sr=shaver)
JS_INITIAL_NSLOTS is the minimum number of slots, js_FreeSlot guarantees it.
git-svn-id: svn://10.0.0.236/trunk@94190 18797224-902f-48f8-a5cc-f745e15eee43
especially to jband for his great stress-test setup and particularly helpful
(in terms of reproducing bugs in draft patches) MP and laptop machines.
- Radical(*) object (scope) locking optimization: don't lock if a scope is
accessed on the context that exclusively owns it (initially, the context
on which the scope was created). Once a scope becomes shared among more
than one owner-context, give it the usual thin or fat lock, per existing
jslock.c code.
I did this at the memory cost of another word per JSScope, ownercx, which
raised scope size from 12 to 13 words if !DEBUG. I also added a linked
list head pointer, rt->scopeSharingTodo, and a scopeSharingDone condition
variable to JSRuntime, and a scopeToShare pointer to JSContext that's
necessary for deadlock avoidance.
The rt->scopeSharingTodo list links JSScopes through the scope->u.link
union arm, which overlays the pre-existing scope->count (now u.count)
member. This list holds scopes still exclusively owned by a context, but
wanted by js_LockScope calls active on other threads. Those calls wait
on the rt->scopeSharingDone condition, which is notified every time an
owner-context ends the request running on it, in which code active on
that context may be using scope freely until end of request.
The code that waits on rt->scopeSharingDone must first suspend any and
all requests active on the calling context, and resume those contexts
after the wait is notified. This means a GC could happen while the
thread locking a scope owned by another thread's context blocks; all
calls to JS_LOCK_OBJ must therefore first home fp->sp above any live
operands, e.g. The interpreter takes care to do that already.
To avoid AB-BA deadlocks, if a js_LockScope attempt on one context finds
that the owner-context of the scope is already waiting on a scope owned
by the current context (or indirectly depending on such a scope lock),
the attempt converts the scope from lock-free exclusive ownership to
shared ownership (thin or fat lock).
- Fix js_SetupLocks and the js_LockGlobal/js_UnlockGlobal code to avoid
divmod instruction costs, strength-reducing to bit-mask instructions.
- The radical lock-free scope change required care in handling the 0=>1
and 1=>0 transitions of cx->requestDepth, which was till now thread-local
because part of the JSContext not manipulated by other threads. It's
still updated only by cx's thread, but it is read by other threads in
the course of attempting to claim exclusive ownership of a scope for more
lock-free JS object operations.
- The JS_SuspendRequest and JS_ResumeRequest APIs have changed incompatibly
to require their caller to save and restore the requestCount found when
JS_SuspendRequest is called. This is necessary to avoid deadlock; sorry
for the incompatible change.
- Fixed various nits in jslock.[ch], including using Init/Finish rather
than New/Destroy for the methods that take a JSThinLock and initialize
and finish/free its members. Another example: JS_ATOMIC_ADDREF is now
JS_ATOMIC_INCREMENT and JS_ATOMIC_DECREMENT, so the two cases can be
mapped to PR_AtomicIncrement and PR_AtomicDecrement. This entailed
changing jsrefcount from jsword to int32 (PRInt32).
- No need to use JS_ATOMIC_INCREMENT on JSScopeProperty.nrefs, as it is
always and everywhere protected by the property's JSScope.lock.
- Cleaned up gratuitous casts in jscntxt.c by using &cx->links, etc.
- The lock used for mutual exclusion around both request begin and end vs.
GC synchronization is rt->gcLock, and this lock now also protects all
scope->ownercx pointer changes from non-null (exclusive) to null (shared),
the rt->scopeSharingTodo/scope->u.link list operations, and of course the
rt->scopeSharingDone condition.
But this means that js_GC cannot hold rt->gcLock across the bulk of its
body, in particular the mark phase, during which JS_GetPrivate calls,
e.g., may need to "promote" scope locks from lock-free to thin or fat,
because doing so would double-trip. There never was any good reason to
hold rt->gcLock so long, of course -- locks are for mutual exclusion, not
for waiting or notifying a thread -- those operations require a condition,
rt->gcDone, which we already use along with rt->gcLevel to keep racing GC
attempts at bay.
So now that rt->gcLock does not protect the mark phase, the enumeration
of rt->gcRootsHash can race badly with JS_RemoveRootRT, an API that may
legitimately be called outside of a request, without even a context. It
turns out that people may be cheating on the request model even with
JS_AddRoot, JS_AddNamedRoot, and JS_RemoveRoot calls, so we must make
all of those interlock with the GC using gcLevel and gcDone, unless they
are called on the gcThread.
Also, since bug 49816 was fixed, there has been no need for a separate
finalize phase, or for rt->gcFinalVec. Finalizers can no longer allocate
newborn GC-things that might be swept (because unmarked), or double-trip
on rt->gcLock (which is no longer held). So js_GC finalizes as it sweeps,
just as it did in days of old.
- I added comments to jslock.h making it plain that callers of JS_LOCK_OBJ
and JS_UNLOCK_OBJ must either be implementations of js_ObjectOps hooks,
or code reachable only from those hooks; or else must be predicated on
OBJ_IS_NATIVE tests. It turns out jsinterp.c's CACHED_GET and CACHED_SET
macros neglected to do such tests, limiting the ability of JS embeddings
to implement JSObjectOps with their own non-JSScope JSObjectMap subclass.
Fixed, small performance hit that the lock-free optimization should more
than make up for.
- jslock.c now gives a #error if you try to compile it on a platform that
lacks a compare-and-swap instruction. The #error says to use NSPR locks.
Before this change, some platforms would emulate compare-and-swap using
a global PRLock, which is always worse in runtime than using per-scope
PRLocks.
git-svn-id: svn://10.0.0.236/trunk@83229 18797224-902f-48f8-a5cc-f745e15eee43
- All jsvals for which JSVAL_IS_GCTHING evaluates to true must contain tagged
pointers into the GC heap -- therefore jsapi.c's JS_DefineConstDoubles cannot
"cheat" by tagging addresses of static jsdoubles to avoid js_NewNumberValue.
- Finalization is now interleaved with the Sweep phase, to avoid allocating
memory for finalization records while sweeping. Instead, the JSRuntime holds a
preallocated JSGCThing vector (gcFinalVec) that the Sweep phase fills and
flushes via gc_finalize_phase, repeatedly.
This means that finalizers cannot allocate a new GC thing, an incompatible but
plausible change. js_AllocGCThing asserts and then checks whether it is called
while rt->gcLevel is non-zero, and fails the allocation attempt if so. But this
fixes bug 38942, where the old sweep-then-finalize with a sweep => malloc
dependency could lead to memory exhaustion.
- Instead of scanning whole stackPool arenas, which led to UMRs (bug 27924) and
sometimes to gross over-scanning that depended on the GC bounds-checking all
thing pointers against its heap, we scan exactly those stack slots in use:
- arguments reachable from fp->argv;
- variables reachable from fp->vars;
- operands now reachable from fp->spbase, bounded above by the lesser of
fp->sp or fp->spbase + fp->script->depth for an interpreted frame; if the
latter, fp->sp has advanced logically above the operand budget, in order to
call a native method, and all unused slots from fp->sp up to depth slots
above fp->spbase must be set to JSVAL_VOID;
- stack segments pushed when calling native methods, prefixed by JSStackHeader
structs and linked from cx->stackSegments through each header.
The stack segment headers help the GC avoid scanning unused portions of the
stack: the generating pc slots running depth slots below fp->spbase, and slots
at the end of an arena that aren't sufficient to satisfy a contiguous allocation
for more args, vars, or operands.
- Exact GC means the stack pointer must remain above live operands until the
interpreter is done with them, so jsinterp.c got heavily whacked. Instead of
POPs of various kinds followed by a PUSH for binary operators (e.g.), we use
FETCH and STORE macros that index by -1 and -2 from sp, and minimize adjustments
to sp. When sp is homed to fp->sp, this allows js_DecompileValueGenerator to
find the value reliably, and if possible its generating pc.
- Finally, the O(n**2) growth rate of gc_find_flags has been fixed, using the
scheme sketched in bug 49816 and documented in a new major comment in jsgc.c.
Briefly, by allocating flags and things from one arena, we can align things on
1024-byte "thing page" boundaries, and use JSGCPageInfo headers in each page to
find a given thing's flags in O(1) time.
/be
git-svn-id: svn://10.0.0.236/trunk@79087 18797224-902f-48f8-a5cc-f745e15eee43
- #if JS_HAS_LVALUE_RETURN around cx->rval2/rval2set defs and uses.
- Instrument different kinds of invocations, #ifdef DEBUG only.
- Clean up basis case of empty switch statement to use high = -1, low = 0,
requiring care when optimizing in-range tests using unsigned casts, but
freeing the interpreter and decompiler from having to do an extra test
before looping from low to high.
- Clean up all codegen to use JUMP_OFFSET_LEN, ATOM_INDEX_LEN, etc. instead of
magic 2 or 4.
- Add JSOP_TRY and JSOP_FINALLY no-ops to save a srcnote per JSOP_NOP, and to
make decompilation and jit'ing easier.
- Minimize number of source notes to maximize SRC_XDELTA span.
- Use JSSCRIPT_FIND_CATCH_START in throw code.
- Indentation and bracing nits picked.
git-svn-id: svn://10.0.0.236/trunk@77900 18797224-902f-48f8-a5cc-f745e15eee43
2. Cleaned up ugly JS_GC_Flag typedef name and put XXXbe comment in there for
next time: someone seems to have patched around a deadlock that has since
bit chouck@geocast.com.
3. Fixed gcDisabled by moving it from cx to rt and updating it atomically.
4. Fixed ECMA violation where for (var i, j in o) ... was permitted; only one
variable is allowed.
(Item 4 was a bug on rogerl's list, since closed? r=shaver@mozilla.org.)
git-svn-id: svn://10.0.0.236/trunk@50795 18797224-902f-48f8-a5cc-f745e15eee43
Merged server specific GC changes from NES branch.
Bunch o' ECMA version 3 fixes to jsregexp.
git-svn-id: svn://10.0.0.236/trunk@46219 18797224-902f-48f8-a5cc-f745e15eee43
Incorporated changes from JS_STABLE_DROP_04261999 to JS_STABLE_DROP_06221999
git-svn-id: svn://10.0.0.236/trunk@36563 18797224-902f-48f8-a5cc-f745e15eee43
+ merging of js/src and js/ref
+ elimination of most dependencies on NSPR
+ JS1.4 feature additions and accumulated bug fixes
More details are in last week's mozilla status report.
git-svn-id: svn://10.0.0.236/trunk@12797 18797224-902f-48f8-a5cc-f745e15eee43
and development branches, including but
not limited to:
- Preliminary exception handling per
ECMA proposal; try, multiple
catchblocks, and finally. Catchblocks
are of the form catch (v) or
catch(v:<guard>), where guard is an
optional boolean expression that is
evaluated to determine whether the
exception is to be caught by that block.
- ECMA-proposed 'in' operator; "'foo' in
o" or "4 in o" asks if o has property
foo or element 4.
- Added a new set of defines in
jsconfig.h for js 1.4
features-in-progress. (in, instanceof,
exception handling.) Default build
version is now 1.4. Fixed a few
conditional features that had become
broken.
- Progress towards porting to FreeBSD
and Alpha; casts of NaN and friends to
int are a little more localized. Not
there yet...
- New config files to compile on more
OSes; various fixes to improve
portability.
git-svn-id: svn://10.0.0.236/trunk@6907 18797224-902f-48f8-a5cc-f745e15eee43
