/[jscoverage]/trunk/js/jsgc.cpp

Diff of /trunk/js/jsgc.cpp

Parent Directory | Revision Log | View Patch Patch

-revision 399 by siliconforks,
Tue Dec  9 03:37:47 2008 UTC
+revision 507 by siliconforks,
Sun Jan 10 07:23:34 2010 UTC
 Line 1
- /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
   * vim: set ts=8 sw=4 et tw=78:
   *
   * ***** BEGIN LICENSE BLOCK *****
 Line 48
   *
   * XXX swizzle page to freelist for better locality of reference
   */
- #include "jsstddef.h"
  #include <stdlib.h>     /* for free */
  #include <math.h>
  #include <string.h>     /* for memset used when DEBUG */
  #include "jstypes.h"
+ #include "jsstdint.h"
  #include "jsutil.h" /* Added by JSIFY */
  #include "jshash.h" /* Added by JSIFY */
  #include "jsbit.h"
 Line 74
  #include "jsparse.h"
  #include "jsscope.h"
  #include "jsscript.h"
+ #include "jsstaticcheck.h"
  #include "jsstr.h"
+ #include "jstask.h"
  #include "jstracer.h"
  #if JS_HAS_XML_SUPPORT
  #include "jsxml.h"
  #endif
+ #ifdef INCLUDE_MOZILLA_DTRACE
+ #include "jsdtracef.h"
+ #endif
  /*
   * Check if posix_memalign is available.
   */
-Line 109
+Line 115
  #   define JS_GC_USE_MMAP 1
  #  endif
  #  include <windows.h>
+ # elif defined(__SYMBIAN32__)
+ // Symbian's OpenC has mmap (and #defines _POSIX_MAPPED_FILES), but
+ // doesn't implement MAP_ANON.  If we have MOZ_MEMORY, then we can use
+ // posix_memalign; we've defined HAS_POSIX_MEMALIGN above.  Otherwise,
+ // we overallocate.
  # else
  #  if defined(XP_UNIX) || defined(XP_BEOS)
  #   include <unistd.h>
-Line 123
+Line 134
  #   if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
  #    define MAP_ANONYMOUS MAP_ANON
  #   endif
+ #   if !defined(MAP_ANONYMOUS)
+ #    define MAP_ANONYMOUS 0
+ #   endif
  #  else
  #   if JS_GC_USE_MMAP
  #    error "JS_GC_USE_MMAP is set when mmap is not available"
-Line 132
+Line 146
  #endif
  /*
+  * Check JSTempValueUnion has the size of jsval and void * so we can
+  * reinterpret jsval as void* GC-thing pointer and use JSTVU_SINGLE for
+  * different GC-things.
+  */
+ JS_STATIC_ASSERT(sizeof(JSTempValueUnion) == sizeof(jsval));
+ JS_STATIC_ASSERT(sizeof(JSTempValueUnion) == sizeof(void *));
+ /*
+  * Check that JSTRACE_XML follows JSTRACE_OBJECT, JSTRACE_DOUBLE and
+  * JSTRACE_STRING.
+  */
+ JS_STATIC_ASSERT(JSTRACE_OBJECT == 0);
+ JS_STATIC_ASSERT(JSTRACE_DOUBLE == 1);
+ JS_STATIC_ASSERT(JSTRACE_STRING == 2);
+ JS_STATIC_ASSERT(JSTRACE_XML    == 3);
+ /*
+  * JS_IS_VALID_TRACE_KIND assumes that JSTRACE_STRING is the last non-xml
+  * trace kind when JS_HAS_XML_SUPPORT is false.
+  */
+ JS_STATIC_ASSERT(JSTRACE_STRING + 1 == JSTRACE_XML);
+ /*
+  * The number of used GCX-types must stay within GCX_LIMIT.
+  */
+ JS_STATIC_ASSERT(GCX_NTYPES <= GCX_LIMIT);
+ /*
+  * Check that we can reinterpret double as JSGCDoubleCell.
+  */
+ JS_STATIC_ASSERT(sizeof(JSGCDoubleCell) == sizeof(double));
+ /*
+  * Check that we can use memset(p, 0, ...) to implement JS_CLEAR_WEAK_ROOTS.
+  */
+ JS_STATIC_ASSERT(JSVAL_NULL == 0);
+ /*
   * A GC arena contains a fixed number of flag bits for each thing in its heap,
   * and supports O(1) lookup of a flag given its thing's address.
   *
-Line 387
+Line 441
      ((GC_ARENA_SIZE - (uint32) sizeof(JSGCArenaInfo)) / ((thingSize) + 1U))
  #define THING_TO_ARENA(thing)                                                 \
-     ((JSGCArenaInfo *)(((jsuword) (thing) | GC_ARENA_MASK) +                  \
+     (JS_ASSERT(!JSString::isStatic(thing)),                                   \
-- sizeof(JSGCArenaInfo)))
+      (JSGCArenaInfo *)(((jsuword) (thing) | GC_ARENA_MASK)                    \
+                        + 1 - sizeof(JSGCArenaInfo)))
  #define THING_TO_INDEX(thing, thingSize)                                      \
      ((uint32) ((jsuword) (thing) & GC_ARENA_MASK) / (uint32) (thingSize))
-Line 597
+Line 652
   * The maximum number of things to put on the local free list by taking
   * several things from the global free list or from the tail of the last
   * allocated arena to amortize the cost of rt->gcLock.
-  *
-  * We use number 8 based on benchmarks from bug 312238.
   */
- #define MAX_THREAD_LOCAL_THINGS 8
+ #define MAX_THREAD_LOCAL_THINGS 64
  #endif
-Line 670
+Line 723
  {
      if (table->array) {
          JS_ASSERT(table->count > 0);
-         free(table->array);
+         js_free(table->array);
          table->array = NULL;
          table->count = 0;
      }
-Line 704
+Line 757
              if (capacity > (size_t)-1 / sizeof table->array[0])
                  goto bad;
          }
-         array = (void **) realloc(table->array,
+         array = (void **) js_realloc(table->array,
-                                   capacity * sizeof table->array[0]);
+                                      capacity * sizeof table->array[0]);
          if (!array)
              goto bad;
  #ifdef DEBUG
-Line 744
+Line 797
          array = table->array;
          JS_ASSERT(array);
          if (capacity == 0) {
-             free(array);
+             js_free(array);
              table->array = NULL;
              return;
          }
-         array = (void **) realloc(array, capacity * sizeof array[0]);
+         array = (void **) js_realloc(array, capacity * sizeof array[0]);
          if (array)
              table->array = array;
      }
-Line 829
+Line 882
       *
       * bytes to ensure that we always have room to store the gap.
       */
-     p = malloc((js_gcArenasPerChunk + 1) << GC_ARENA_SHIFT);
+     p = js_malloc((js_gcArenasPerChunk + 1) << GC_ARENA_SHIFT);
      if (!p)
          return 0;
-Line 861
+Line 914
  #endif
  #if HAS_POSIX_MEMALIGN
-     free((void *) chunk);
+     js_free((void *) chunk);
  #else
      /* See comments in NewGCChunk. */
      JS_ASSERT(*GetMallocedChunkGapPtr(chunk) < GC_ARENA_SIZE);
-     free((void *) (chunk - *GetMallocedChunkGapPtr(chunk)));
+     js_free((void *) (chunk - *GetMallocedChunkGapPtr(chunk)));
  #endif
  }
-Line 1040
+Line 1093
      for (i = 0; i < GC_NUM_FREELISTS; i++) {
          arenaList = &rt->gcArenaList[i];
          thingSize = GC_FREELIST_NBYTES(i);
-         JS_ASSERT((size_t)(uint16)thingSize == thingSize);
          arenaList->last = NULL;
-         arenaList->lastCount = (uint16) THINGS_PER_ARENA(thingSize);
+         arenaList->lastCount = THINGS_PER_ARENA(thingSize);
-         arenaList->thingSize = (uint16) thingSize;
+         arenaList->thingSize = thingSize;
          arenaList->freeList = NULL;
      }
      rt->gcDoubleArenaList.first = NULL;
-Line 1094
+Line 1146
      JSGCArenaInfo *a;
      uint32 index;
+     if (JSString::isStatic(thing))
+         return NULL;
      a = THING_TO_ARENA(thing);
      if (!a->list)
          return NULL;
-Line 1104
+Line 1158
  intN
  js_GetExternalStringGCType(JSString *str)
  {
-     uintN type;
+     JS_ASSERT(!JSString::isStatic(str));
-     type = (uintN) *GetGCThingFlags(str) & GCF_TYPEMASK;
+     uintN type = (uintN) *GetGCThingFlags(str) & GCF_TYPEMASK;
      JS_ASSERT(type == GCX_STRING || type >= GCX_EXTERNAL_STRING);
      return (type == GCX_STRING) ? -1 : (intN) (type - GCX_EXTERNAL_STRING);
  }
-Line 1128
+Line 1182
      JSGCArenaInfo *a;
      uint32 index;
+     if (JSString::isStatic(thing))
+         return JSTRACE_STRING;
      a = THING_TO_ARENA(thing);
      if (!a->list)
          return JSTRACE_DOUBLE;
-Line 1155
+Line 1212
      JSGCArenaInfo *a;
      uint32 index, flags;
+     if (JSString::isStatic(thing))
+         return false;
      a = THING_TO_ARENA(thing);
      if (!a->list) {
          /*
-Line 1253
+Line 1313
      rt->gcMaxBytes = rt->gcMaxMallocBytes = maxbytes;
      rt->gcEmptyArenaPoolLifespan = 30000;
+     /*
+      * By default the trigger factor gets maximum possible value. This
+      * means that GC will not be triggered by growth of GC memory (gcBytes).
+      */
+     rt->setGCTriggerFactor((uint32) -1);
+     /*
+      * The assigned value prevents GC from running when GC memory is too low
+      * (during JS engine start).
+      */
+     rt->setGCLastBytes(8192);
      METER(memset(&rt->gcStats, 0, sizeof rt->gcStats));
      return JS_TRUE;
  }
-Line 1410
+Line 1482
  CheckLeakedRoots(JSRuntime *rt);
  #endif
- #ifdef JS_THREADSAFE
- static void
- TrimGCFreeListsPool(JSRuntime *rt, uintN keepCount);
- #endif
  void
  js_FinishGC(JSRuntime *rt)
  {
-Line 1426
+Line 1493
  #endif
      FreePtrTable(&rt->gcIteratorTable, &iteratorTableInfo);
- #ifdef JS_THREADSAFE
-     TrimGCFreeListsPool(rt, 0);
-     JS_ASSERT(!rt->gcFreeListsPool);
- #endif
      FinishGCArenaLists(rt);
      if (rt->gcRootsHash.ops) {
-Line 1466
+Line 1529
       * properly with a racing GC, without calling JS_AddRoot from a request.
       * We have to preserve API compatibility here, now that we avoid holding
       * rt->gcLock across the mark phase (including the root hashtable mark).
-      *
-      * If the GC is running and we're called on another thread, wait for this
-      * GC activation to finish.  We can safely wait here (in the case where we
-      * are called within a request on another thread's context) without fear
-      * of deadlock because the GC doesn't set rt->gcRunning until after it has
-      * waited for all active requests to end.
       */
      JS_LOCK_GC(rt);
- #ifdef JS_THREADSAFE
+     js_WaitForGC(rt);
-     JS_ASSERT(!rt->gcRunning || rt->gcLevel > 0);
-     if (rt->gcRunning && rt->gcThread->id != js_CurrentThreadId()) {
-         do {
-             JS_AWAIT_GC_DONE(rt);
-         } while (rt->gcLevel > 0);
-     }
- #endif
      rhe = (JSGCRootHashEntry *)
            JS_DHashTableOperate(&rt->gcRootsHash, rp, JS_DHASH_ADD);
      if (rhe) {
-Line 1503
+Line 1553
       * Same synchronization drill as above in js_AddRoot.
       */
      JS_LOCK_GC(rt);
- #ifdef JS_THREADSAFE
+     js_WaitForGC(rt);
-     JS_ASSERT(!rt->gcRunning || rt->gcLevel > 0);
-     if (rt->gcRunning && rt->gcThread->id != js_CurrentThreadId()) {
-         do {
-             JS_AWAIT_GC_DONE(rt);
-         } while (rt->gcLevel > 0);
-     }
- #endif
      (void) JS_DHashTableOperate(&rt->gcRootsHash, rp, JS_DHASH_REMOVE);
      rt->gcPoke = JS_TRUE;
      JS_UNLOCK_GC(rt);
-Line 1682
+Line 1725
  #define NGCHIST 64
  static struct GCHist {
-     JSBool      lastDitch;
+     bool        lastDitch;
      JSGCThing   *freeList;
  } gchist[NGCHIST];
  unsigned gchpos = 0;
  #endif
- #ifdef JS_THREADSAFE
+ void
+ JSRuntime::setGCTriggerFactor(uint32 factor)
- const JSGCFreeListSet js_GCEmptyFreeListSet = {
-     { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, NULL
- };
- static void
- TrimGCFreeListsPool(JSRuntime *rt, uintN keepCount)
  {
-     JSGCFreeListSet **cursor, *freeLists, *link;
+     JS_ASSERT(factor >= 100);
-     cursor = &rt->gcFreeListsPool;
+     gcTriggerFactor = factor;
-     while (keepCount != 0) {
+     setGCLastBytes(gcLastBytes);
-         --keepCount;
-         freeLists = *cursor;
-         if (!freeLists)
-             return;
-         memset(freeLists->array, 0, sizeof freeLists->array);
-         cursor = &freeLists->link;
-     }
-     freeLists = *cursor;
-     if (freeLists) {
-         *cursor = NULL;
-         do {
-             link = freeLists->link;
-             free(freeLists);
-         } while ((freeLists = link) != NULL);
-     }
  }
  void
- js_RevokeGCLocalFreeLists(JSContext *cx)
+ JSRuntime::setGCLastBytes(size_t lastBytes)
  {
-     JS_ASSERT(!cx->gcLocalFreeLists->link);
+     gcLastBytes = lastBytes;
-     if (cx->gcLocalFreeLists != &js_GCEmptyFreeListSet) {
+     uint64 triggerBytes = uint64(lastBytes) * uint64(gcTriggerFactor / 100);
-         cx->gcLocalFreeLists->link = cx->runtime->gcFreeListsPool;
+     if (triggerBytes != size_t(triggerBytes))
-         cx->runtime->gcFreeListsPool = cx->gcLocalFreeLists;
+         triggerBytes = size_t(-1);
-         cx->gcLocalFreeLists = (JSGCFreeListSet *) &js_GCEmptyFreeListSet;
+     gcTriggerBytes = size_t(triggerBytes);
-     }
  }
- static JSGCFreeListSet *
+ static JS_INLINE bool
- EnsureLocalFreeList(JSContext *cx)
+ IsGCThresholdReached(JSRuntime *rt)
  {
-     JSGCFreeListSet *freeLists;
+ #ifdef JS_GC_ZEAL
+     if (rt->gcZeal >= 1)
-     freeLists = cx->gcLocalFreeLists;
+         return true;
-     if (freeLists != &js_GCEmptyFreeListSet) {
+ #endif
-         JS_ASSERT(freeLists);
-         return freeLists;
-     }
-     freeLists = cx->runtime->gcFreeListsPool;
+     /*
-     if (freeLists) {
+      * Since the initial value of the gcLastBytes parameter is not equal to
-         cx->runtime->gcFreeListsPool = freeLists->link;
+      * zero (see the js_InitGC function) the return value is false when
-         freeLists->link = NULL;
+      * the gcBytes value is close to zero at the JS engine start.
-     } else {
+      */
-         /* JS_malloc is not used as the caller reports out-of-memory itself. */
+     return rt->gcMallocBytes >= rt->gcMaxMallocBytes ||
-         freeLists = (JSGCFreeListSet *) calloc(1, sizeof *freeLists);
+            rt->gcBytes >= rt->gcTriggerBytes;
-         if (!freeLists)
-             return NULL;
-     }
-     cx->gcLocalFreeLists = freeLists;
-     return freeLists;
  }
- #endif
+ template <class T> static JS_INLINE T*
+ NewGCThing(JSContext *cx, uintN flags)
- void *
- js_NewGCThing(JSContext *cx, uintN flags, size_t nbytes)
  {
      JSRuntime *rt;
-     uintN flindex;
+     bool doGC;
-     JSBool doGC;
      JSGCThing *thing;
      uint8 *flagp;
      JSGCArenaList *arenaList;
-Line 1775
+Line 1785
  #ifdef JS_THREADSAFE
      JSBool gcLocked;
      uintN localMallocBytes;
-     JSGCFreeListSet *freeLists;
      JSGCThing **lastptr;
      JSGCThing *tmpthing;
      uint8 *tmpflagp;
-Line 1784
+Line 1793
      JS_ASSERT((flags & GCF_TYPEMASK) != GCX_DOUBLE);
      rt = cx->runtime;
-     nbytes = JS_ROUNDUP(nbytes, sizeof(JSGCThing));
+     size_t nbytes = sizeof(T);
-     flindex = GC_FREELIST_INDEX(nbytes);
+     JS_ASSERT(JS_ROUNDUP(nbytes, sizeof(JSGCThing)) == nbytes);
+     uintN flindex = GC_FREELIST_INDEX(nbytes);
      /* Updates of metering counters here may not be thread-safe. */
      METER(astats = &cx->runtime->gcStats.arenaStats[flindex]);
-Line 1794
+Line 1804
  #ifdef JS_THREADSAFE
      gcLocked = JS_FALSE;
      JS_ASSERT(cx->thread);
-     freeLists = cx->gcLocalFreeLists;
-     thing = freeLists->array[flindex];
+     JSGCThing *&freeList = cx->thread->gcFreeLists[flindex];
-     localMallocBytes = cx->thread->gcMallocBytes;
+     thing = freeList;
+     localMallocBytes = JS_THREAD_DATA(cx)->gcMallocBytes;
      if (thing && rt->gcMaxMallocBytes - rt->gcMallocBytes > localMallocBytes) {
          flagp = thing->flagp;
-         freeLists->array[flindex] = thing->next;
+         freeList = thing->next;
          METER(astats->localalloc++);
          goto success;
      }
-Line 1809
+Line 1820
      /* Transfer thread-local counter to global one. */
      if (localMallocBytes != 0) {
-         cx->thread->gcMallocBytes = 0;
+         JS_THREAD_DATA(cx)->gcMallocBytes = 0;
          if (rt->gcMaxMallocBytes - rt->gcMallocBytes < localMallocBytes)
              rt->gcMallocBytes = rt->gcMaxMallocBytes;
          else
-Line 1823
+Line 1834
          return NULL;
      }
-     doGC = (rt->gcMallocBytes >= rt->gcMaxMallocBytes && rt->gcPoke);
+ #if defined JS_GC_ZEAL && defined JS_TRACER
- #ifdef JS_GC_ZEAL
+     if (rt->gcZeal >= 1 && JS_TRACE_MONITOR(cx).useReservedObjects)
-     doGC = doGC || rt->gcZeal >= 2 || (rt->gcZeal >= 1 && rt->gcPoke);
+         goto testReservedObjects;
  #endif
      arenaList = &rt->gcArenaList[flindex];
+     doGC = IsGCThresholdReached(rt);
      for (;;) {
-         if (doGC && !JS_ON_TRACE(cx)) {
+         if (doGC
+ #ifdef JS_TRACER
+             && !JS_ON_TRACE(cx) && !JS_TRACE_MONITOR(cx).useReservedObjects
+ #endif
+             ) {
              /*
               * Keep rt->gcLock across the call into js_GC so we don't starve
               * and lose to racing threads who deplete the heap just after
-Line 1853
+Line 1869
  #ifdef JS_THREADSAFE
              /*
               * Refill the local free list by taking several things from the
-              * global free list unless we are still at rt->gcMaxMallocBytes
+              * global free list unless the free list is already populated or
-              * barrier or the free list is already populated. The former
+              * we are still at rt->gcMaxMallocBytes barrier. The former is
-              * happens when GC is canceled due to !gcCallback(cx, JSGC_BEGIN)
+              * caused via allocating new things in gcCallback(cx, JSGC_END).
-              * or no gcPoke. The latter is caused via allocating new things
+              * The latter happens when GC is canceled due to
-              * in gcCallback(cx, JSGC_END).
+              * gcCallback(cx, JSGC_BEGIN) returning false.
               */
-             if (rt->gcMallocBytes >= rt->gcMaxMallocBytes)
+             if (freeList || rt->gcMallocBytes >= rt->gcMaxMallocBytes)
-                 break;
-             freeLists = EnsureLocalFreeList(cx);
-             if (!freeLists)
-                 goto fail;
-             if (freeLists->array[flindex])
                  break;
              tmpthing = arenaList->freeList;
-Line 1877
+Line 1887
                      tmpthing = tmpthing->next;
                  } while (--maxFreeThings != 0);
-                 freeLists->array[flindex] = arenaList->freeList;
+                 freeList = arenaList->freeList;
                  arenaList->freeList = tmpthing->next;
                  tmpthing->next = NULL;
              }
-Line 1895
+Line 1905
              JS_ASSERT(arenaList->lastCount < thingsLimit);
              a = arenaList->last;
          } else {
+ #ifdef JS_TRACER
+             if (JS_TRACE_MONITOR(cx).useReservedObjects) {
+ #ifdef JS_GC_ZEAL
+ testReservedObjects:
+ #endif
+                 JSTraceMonitor *tm = &JS_TRACE_MONITOR(cx);
+                 thing = (JSGCThing *) tm->reservedObjects;
+                 flagp = GetGCThingFlags(thing);
+                 JS_ASSERT(thing);
+                 tm->reservedObjects = JSVAL_TO_OBJECT(tm->reservedObjects->fslots[0]);
+                 break;
+             }
+ #endif
              a = NewGCArena(rt);
              if (!a) {
                  if (doGC || JS_ON_TRACE(cx))
                      goto fail;
-                 doGC = JS_TRUE;
+                 doGC = true;
                  continue;
              }
              a->list = arenaList;
-Line 1920
+Line 1945
           * arena. Prefer to order free things by ascending address in the
           * (unscientific) hope of better cache locality.
           */
-         if (rt->gcMallocBytes >= rt->gcMaxMallocBytes)
+         if (freeList || rt->gcMallocBytes >= rt->gcMaxMallocBytes)
-             break;
-         freeLists = EnsureLocalFreeList(cx);
-         if (!freeLists)
-             goto fail;
-         if (freeLists->array[flindex])
              break;
-         lastptr = &freeLists->array[flindex];
+         lastptr = &freeList;
          maxFreeThings = thingsLimit - arenaList->lastCount;
          if (maxFreeThings > MAX_THREAD_LOCAL_THINGS)
              maxFreeThings = MAX_THREAD_LOCAL_THINGS;
+         uint32 lastCount = arenaList->lastCount;
          while (maxFreeThings != 0) {
              --maxFreeThings;
-             tmpflagp = THING_FLAGP(a, arenaList->lastCount);
+             tmpflagp = THING_FLAGP(a, lastCount);
              tmpthing = FLAGP_TO_THING(tmpflagp, nbytes);
-             arenaList->lastCount++;
+             lastCount++;
              tmpthing->flagp = tmpflagp;
              *tmpflagp = GCF_FINAL;    /* signifying that thing is free */
-Line 1945
+Line 1965
              lastptr = &tmpthing->next;
          }
          *lastptr = NULL;
+         arenaList->lastCount = lastCount;
  #endif
          break;
      }
-Line 1997
+Line 2018
      if (gcLocked)
          JS_UNLOCK_GC(rt);
  #endif
-     JS_COUNT_OPERATION(cx, JSOW_ALLOCATION);
+     return (T*)thing;
-     return thing;
  fail:
  #ifdef JS_THREADSAFE
-Line 2006
+Line 2026
          JS_UNLOCK_GC(rt);
  #endif
      METER(astats->fail++);
-     if (!JS_ON_TRACE(cx))
+     js_ReportOutOfMemory(cx);
-         JS_ReportOutOfMemory(cx);
      return NULL;
  }
+ extern JSObject* js_NewGCObject(JSContext *cx, uintN flags)
+ {
+     return NewGCThing<JSObject>(cx, flags);
+ }
+ extern JSString* js_NewGCString(JSContext *cx, uintN flags)
+ {
+     return NewGCThing<JSString>(cx, flags);
+ }
+ extern JSFunction* js_NewGCFunction(JSContext *cx, uintN flags)
+ {
+     return NewGCThing<JSFunction>(cx, flags);
+ }
+ extern JSXML* js_NewGCXML(JSContext *cx, uintN flags)
+ {
+     return NewGCThing<JSXML>(cx, flags);
+ }
  static JSGCDoubleCell *
  RefillDoubleFreeList(JSContext *cx)
  {
-Line 2033
+Line 2072
          return NULL;
      }
-     if (rt->gcMallocBytes >= rt->gcMaxMallocBytes && rt->gcPoke
+     if (IsGCThresholdReached(rt))
- #ifdef JS_GC_ZEAL
-         && (rt->gcZeal >= 2 || (rt->gcZeal >= 1 && rt->gcPoke))
- #endif
-         ) {
          goto do_gc;
-     }
      /*
       * Loop until we find a flag bitmap byte with unset bits indicating free
-Line 2058
+Line 2092
                      if (didGC || JS_ON_TRACE(cx)) {
                          METER(rt->gcStats.doubleArenaStats.fail++);
                          JS_UNLOCK_GC(rt);
-                         if (!JS_ON_TRACE(cx))
+                         js_ReportOutOfMemory(cx);
-                             JS_ReportOutOfMemory(cx);
                          return NULL;
                      }
                      js_GC(cx, GC_LAST_DITCH);
-Line 2144
+Line 2177
          } while (bit != 0);
      }
      JS_ASSERT(list);
-     JS_COUNT_OPERATION(cx, JSOW_ALLOCATION * JS_BITS_PER_WORD);
      /*
       * We delegate assigning cx->doubleFreeList to js_NewDoubleInRootedValue as
-Line 2200
+Line 2232
      return dp;
  }
+ #ifdef JS_TRACER
  JSBool
- js_AddAsGCBytes(JSContext *cx, size_t sz)
+ js_ReserveObjects(JSContext *cx, size_t nobjects)
  {
-     JSRuntime *rt;
+     /*
+      * Ensure at least nobjects objects are in the list. fslots[1] of each
-     rt = cx->runtime;
+      * object on the reservedObjects list is the length of the list from there.
-     if (rt->gcBytes >= rt->gcMaxBytes ||
+      */
-         sz > (size_t) (rt->gcMaxBytes - rt->gcBytes)
+     JSObject *&head = JS_TRACE_MONITOR(cx).reservedObjects;
- #ifdef JS_GC_ZEAL
+     size_t i = head ? JSVAL_TO_INT(head->fslots[1]) : 0;
-         || rt->gcZeal >= 2 || (rt->gcZeal >= 1 && rt->gcPoke)
+     while (i < nobjects) {
- #endif
+         JSObject *obj = js_NewGCObject(cx, GCX_OBJECT);
-         ) {
+         if (!obj)
-         if (JS_ON_TRACE(cx)) {
-             JS_UNLOCK_GC(rt);
-             return JS_FALSE;
-         }
-         js_GC(cx, GC_LAST_DITCH);
-         if (rt->gcBytes >= rt->gcMaxBytes ||
-             sz > (size_t) (rt->gcMaxBytes - rt->gcBytes)) {
-             JS_UNLOCK_GC(rt);
-             JS_ReportOutOfMemory(cx);
              return JS_FALSE;
-         }
+         memset(obj, 0, sizeof(JSObject));
+         /* The class must be set to something for finalization. */
+         obj->classword = (jsuword) &js_ObjectClass;
+         obj->fslots[0] = OBJECT_TO_JSVAL(head);
+         i++;
+         obj->fslots[1] = INT_TO_JSVAL(i);
+         head = obj;
      }
-     rt->gcBytes += (uint32) sz;
-     return JS_TRUE;
- }
- void
+     return JS_TRUE;
- js_RemoveAsGCBytes(JSRuntime *rt, size_t sz)
- {
-     JS_ASSERT((size_t) rt->gcBytes >= sz);
-     rt->gcBytes -= (uint32) sz;
  }
+ #endif
  /*
   * Shallow GC-things can be locked just by setting the GCF_LOCK bit, because
-Line 2244
+Line 2268
      ((flagp) &&                                                               \
       ((*(flagp) & GCF_TYPEMASK) >= GCX_EXTERNAL_STRING ||                     \
        ((*(flagp) & GCF_TYPEMASK) == GCX_STRING &&                             \
-        !JSSTRING_IS_DEPENDENT((JSString *) (thing)))))
+        !((JSString *) (thing))->isDependent())))
  /* This is compatible with JSDHashEntryStub. */
  typedef struct JSGCLockHashEntry {
-Line 2351
+Line 2375
  JS_PUBLIC_API(void)
  JS_TraceChildren(JSTracer *trc, void *thing, uint32 kind)
  {
-     JSObject *obj;
-     size_t nslots, i;
-     jsval v;
-     JSString *str;
      switch (kind) {
-       case JSTRACE_OBJECT:
+       case JSTRACE_OBJECT: {
          /* If obj has no map, it must be a newborn. */
-         obj = (JSObject *) thing;
+         JSObject *obj = (JSObject *) thing;
          if (!obj->map)
              break;
-         if (obj->map->ops->trace) {
+         obj->map->ops->trace(trc, obj);
-             obj->map->ops->trace(trc, obj);
-         } else {
-             nslots = STOBJ_NSLOTS(obj);
-             for (i = 0; i != nslots; ++i) {
-                 v = STOBJ_GET_SLOT(obj, i);
-                 if (JSVAL_IS_TRACEABLE(v)) {
-                     JS_SET_TRACING_INDEX(trc, "slot", i);
-                     JS_CallTracer(trc, JSVAL_TO_TRACEABLE(v),
-                                   JSVAL_TRACE_KIND(v));
-                 }
-             }
-         }
          break;
+       }
-       case JSTRACE_STRING:
+       case JSTRACE_STRING: {
-         str = (JSString *)thing;
+         JSString *str = (JSString *) thing;
-         if (JSSTRING_IS_DEPENDENT(str))
+         if (str->isDependent())
-             JS_CALL_STRING_TRACER(trc, JSSTRDEP_BASE(str), "base");
+             JS_CALL_STRING_TRACER(trc, str->dependentBase(), "base");
          break;
+       }
  #if JS_HAS_XML_SUPPORT
        case JSTRACE_XML:
-Line 2598
+Line 2607
        case JSTRACE_STRING:
          for (;;) {
+             if (JSString::isStatic(thing))
+                 goto out;
              flagp = THING_TO_FLAGP(thing, sizeof(JSGCThing));
              JS_ASSERT((*flagp & GCF_FINAL) == 0);
              JS_ASSERT(kind == MapGCFlagsToTraceKind(*flagp));
-             if (!JSSTRING_IS_DEPENDENT((JSString *) thing)) {
+             if (!((JSString *) thing)->isDependent()) {
                  *flagp |= GCF_MARK;
                  goto out;
              }
              if (*flagp & GCF_MARK)
                  goto out;
              *flagp |= GCF_MARK;
-             thing = JSSTRDEP_BASE((JSString *) thing);
+             thing = ((JSString *) thing)->dependentBase();
          }
          /* NOTREACHED */
      }
-Line 2699
+Line 2710
      jsval *rp = (jsval *)rhe->root;
      jsval v = *rp;
-     /* Ignore null object and scalar values. */
+     /* Ignore null reference, scalar values, and static strings. */
-     if (!JSVAL_IS_NULL(v) && JSVAL_IS_GCTHING(v)) {
+     if (!JSVAL_IS_NULL(v) &&
+         JSVAL_IS_GCTHING(v) &&
+         !JSString::isStatic(JSVAL_TO_GCTHING(v))) {
  #ifdef DEBUG
          JSBool root_points_to_gcArenaList = JS_FALSE;
          jsuword thing = (jsuword) JSVAL_TO_GCTHING(v);
-Line 2786
+Line 2799
      if (fp->callobj)
          JS_CALL_OBJECT_TRACER(trc, fp->callobj, "call");
      if (fp->argsobj)
-         JS_CALL_OBJECT_TRACER(trc, fp->argsobj, "arguments");
+         JS_CALL_OBJECT_TRACER(trc, JSVAL_TO_OBJECT(fp->argsobj), "arguments");
      if (fp->varobj)
          JS_CALL_OBJECT_TRACER(trc, fp->varobj, "variables");
      if (fp->script) {
          js_TraceScript(trc, fp->script);
-         if (fp->regs) {
+         /* fp->slots is null for watch pseudo-frames, see js_watch_set. */
+         if (fp->slots) {
              /*
               * Don't mark what has not been pushed yet, or what has been
               * popped already.
               */
-             nslots = (uintN) (fp->regs->sp - fp->slots);
+             if (fp->regs && fp->regs->sp) {
+                 nslots = (uintN) (fp->regs->sp - fp->slots);
+                 JS_ASSERT(nslots >= fp->script->nfixed);
+             } else {
+                 nslots = fp->script->nfixed;
+             }
              TRACE_JSVALS(trc, nslots, fp->slots, "slot");
          }
      } else {
-Line 2809
+Line 2829
                (fp->fun && JSFUN_THISP_FLAGS(fp->fun->flags)));
      JS_CALL_VALUE_TRACER(trc, (jsval)fp->thisp, "this");
-     if (fp->callee)
-         JS_CALL_OBJECT_TRACER(trc, fp->callee, "callee");
      if (fp->argv) {
+         JS_CALL_VALUE_TRACER(trc, fp->argv[-2], "callee");
          nslots = fp->argc;
          skip = 0;
          if (fp->fun) {
-Line 2834
+Line 2852
          JS_CALL_OBJECT_TRACER(trc, fp->scopeChain, "scope chain");
      if (fp->sharpArray)
          JS_CALL_OBJECT_TRACER(trc, fp->sharpArray, "sharp array");
-     if (fp->xmlNamespace)
-         JS_CALL_OBJECT_TRACER(trc, fp->xmlNamespace, "xmlNamespace");
  }
  static void
-Line 2874
+Line 2889
      js_CallValueTracerIfGCThing(trc, wr->lastInternalResult);
  }
- JS_FRIEND_API(void)
+ JS_REQUIRES_STACK JS_FRIEND_API(void)
  js_TraceContext(JSTracer *trc, JSContext *acx)
  {
      JSStackFrame *fp, *nextChain;
-Line 2896
+Line 2911
              }                                                                 \
          JS_END_MACRO
- #ifdef JS_THREADSAFE
-         js_RevokeGCLocalFreeLists(acx);
- #endif
          /*
           * Release the stackPool's arenas if the stackPool has existed for
           * longer than the limit specified by gcEmptyArenaPoolLifespan.
-Line 2922
+Line 2933
       * Iterate frame chain and dormant chains.
       *
       * (NB: see comment on this whole "dormant" thing in js_Execute.)
+      *
+      * Since js_GetTopStackFrame needs to dereference cx->thread to check for
+      * JIT frames, we check for non-null thread here and avoid null checks
+      * there. See bug 471197.
       */
-     fp = acx->fp;
+ #ifdef JS_THREADSAFE
-     nextChain = acx->dormantFrameChain;
+     if (acx->thread)
-     if (!fp)
+ #endif
-         goto next_chain;
+     {
+         fp = js_GetTopStackFrame(acx);
+         nextChain = acx->dormantFrameChain;
+         if (!fp)
+             goto next_chain;
-     /* The top frame must not be dormant. */
+         /* The top frame must not be dormant. */
-     JS_ASSERT(!fp->dormantNext);
+         JS_ASSERT(!fp->dormantNext);
-     for (;;) {
+         for (;;) {
-         do {
+             do {
-             js_TraceStackFrame(trc, fp);
+                 js_TraceStackFrame(trc, fp);
-         } while ((fp = fp->down) != NULL);
+             } while ((fp = fp->down) != NULL);
-       next_chain:
+           next_chain:
-         if (!nextChain)
+             if (!nextChain)
-             break;
+                 break;
-         fp = nextChain;
+             fp = nextChain;
-         nextChain = nextChain->dormantNext;
+             nextChain = nextChain->dormantNext;
+         }
      }
      /* Mark other roots-by-definition in acx. */
-     if (acx->globalObject)
+     if (acx->globalObject && !JS_HAS_OPTION(acx, JSOPTION_UNROOTED_GLOBAL))
          JS_CALL_OBJECT_TRACER(trc, acx->globalObject, "global object");
      TraceWeakRoots(trc, &acx->weakRoots);
      if (acx->throwing) {
-Line 2976
+Line 2996
              tvr->u.trace(trc, tvr);
              break;
            case JSTVU_SPROP:
-             TRACE_SCOPE_PROPERTY(trc, tvr->u.sprop);
+             tvr->u.sprop->trace(trc);
              break;
            case JSTVU_WEAK_ROOTS:
              TraceWeakRoots(trc, tvr->u.weakRoots);
              break;
-           case JSTVU_PARSE_CONTEXT:
+           case JSTVU_COMPILER:
-             js_TraceParseContext(trc, tvr->u.parseContext);
+             tvr->u.compiler->trace(trc);
              break;
            case JSTVU_SCRIPT:
              js_TraceScript(trc, tvr->u.script);
              break;
+           case JSTVU_ENUMERATOR:
+             static_cast<JSAutoEnumStateRooter *>(tvr)->mark(trc);
+             break;
            default:
              JS_ASSERT(tvr->count >= 0);
              TRACE_JSVALS(trc, tvr->count, tvr->u.array, "tvr->u.array");
-Line 2995
+Line 3018
      if (acx->sharpObjectMap.depth > 0)
          js_TraceSharpMap(trc, &acx->sharpObjectMap);
+     js_TraceRegExpStatics(trc, acx);
+ #ifdef JS_TRACER
+     InterpState* state = acx->interpState;
+     while (state) {
+         if (state->nativeVp)
+             TRACE_JSVALS(trc, state->nativeVpLen, state->nativeVp, "nativeVp");
+         state = state->prev;
+     }
+ #endif
  }
- void
+ #ifdef JS_TRACER
- js_TraceTraceMonitor(JSTracer *trc, JSTraceMonitor *tm)
+ static void
+ MarkReservedGCThings(JSTraceMonitor *tm)
  {
-     if (IS_GC_MARKING_TRACER(trc)) {
+     /* Keep reserved doubles. */
-         tm->recoveryDoublePoolPtr = tm->recoveryDoublePool;
+     for (jsval *ptr = tm->reservedDoublePool; ptr < tm->reservedDoublePoolPtr; ++ptr) {
-         /* Make sure the global shape changes and will force a flush
+         jsdouble* dp = JSVAL_TO_DOUBLE(*ptr);
-            of the code cache. */
+         JS_ASSERT(js_GetGCThingTraceKind(dp) == JSTRACE_DOUBLE);
-         tm->globalShape = -1;
+         JSGCArenaInfo *a = THING_TO_ARENA(dp);
+         JS_ASSERT(!a->list);
+         if (!a->u.hasMarkedDoubles) {
+             ClearDoubleArenaFlags(a);
+             a->u.hasMarkedDoubles = JS_TRUE;
+         }
+         jsuint index = DOUBLE_THING_TO_INDEX(dp);
+         JS_SET_BIT(DOUBLE_ARENA_BITMAP(a), index);
+     }
+     /* Keep reserved objects. */
+     for (JSObject *obj = tm->reservedObjects; obj; obj = JSVAL_TO_OBJECT(obj->fslots[0])) {
+         uint8 *flagp = GetGCThingFlags(obj);
+         JS_ASSERT((*flagp & GCF_TYPEMASK) == GCX_OBJECT);
+         JS_ASSERT(*flagp != GCF_FINAL);
+         *flagp |= GCF_MARK;
      }
  }
- void
+ #ifdef JS_THREADSAFE
+ static JSDHashOperator
+ reserved_gcthings_marker(JSDHashTable *table, JSDHashEntryHdr *hdr,
+                          uint32, void *)
+ {
+     JSThread *thread = ((JSThreadsHashEntry *) hdr)->thread;
+     MarkReservedGCThings(&thread->data.traceMonitor);
+     return JS_DHASH_NEXT;
+ }
+ #endif
+ #endif
+ JS_REQUIRES_STACK void
  js_TraceRuntime(JSTracer *trc, JSBool allAtoms)
  {
      JSRuntime *rt = trc->context->runtime;
-Line 3018
+Line 3083
      if (rt->gcLocksHash)
          JS_DHashTableEnumerate(rt->gcLocksHash, gc_lock_traversal, trc);
      js_TraceAtomState(trc, allAtoms);
-     js_TraceNativeEnumerators(trc);
      js_TraceRuntimeNumberState(trc);
      iter = NULL;
      while ((acx = js_ContextIterator(rt, JS_TRUE, &iter)) != NULL)
          js_TraceContext(trc, acx);
+     js_TraceThreads(rt, trc);
      if (rt->gcExtraRootsTraceOp)
          rt->gcExtraRootsTraceOp(trc, rt->gcExtraRootsData);
+ #ifdef JS_TRACER
+     for (int i = 0; i < JSBUILTIN_LIMIT; i++) {
+         if (rt->builtinFunctions[i])
+             JS_CALL_OBJECT_TRACER(trc, rt->builtinFunctions[i], "builtin function");
+     }
+     /* Mark reserved gcthings unless we are shutting down. */
+     if (IS_GC_MARKING_TRACER(trc) && rt->state != JSRTS_LANDING) {
  #ifdef JS_THREADSAFE
-     /* Trace the loop table(s) which can contain pointers to code objects. */
+         JS_DHashTableEnumerate(&rt->threads, reserved_gcthings_marker, NULL);
-    while ((acx = js_ContextIterator(rt, JS_FALSE, &iter)) != NULL) {
-        if (!acx->thread)
-            continue;
-        js_TraceTraceMonitor(trc, &acx->thread->traceMonitor);
-    }
  #else
-    js_TraceTraceMonitor(trc, &rt->traceMonitor);
+         MarkReservedGCThings(&rt->threadData.traceMonitor);
+ #endif
+     }
+ #endif
+ }
+ void
+ js_TriggerGC(JSContext *cx, JSBool gcLocked)
+ {
+     JSRuntime *rt = cx->runtime;
+ #ifdef JS_THREADSAFE
+     JS_ASSERT(cx->requestDepth > 0);
  #endif
+     JS_ASSERT(!rt->gcRunning);
+     if (rt->gcIsNeeded)
+         return;
+     /*
+      * Trigger the GC when it is safe to call an operation callback on any
+      * thread.
+      */
+     rt->gcIsNeeded = JS_TRUE;
+     js_TriggerAllOperationCallbacks(rt, gcLocked);
  }
  static void
  ProcessSetSlotRequest(JSContext *cx, JSSetSlotRequest *ssr)
  {
-     JSObject *obj, *pobj;
+     JSObject *obj = ssr->obj;
-     uint32 slot;
+     JSObject *pobj = ssr->pobj;
+     uint32 slot = ssr->slot;
-     obj = ssr->obj;
-     pobj = ssr->pobj;
-     slot = ssr->slot;
      while (pobj) {
          pobj = js_GetWrappedObject(cx, pobj);
          if (pobj == obj) {
-             ssr->errnum = JSMSG_CYCLIC_VALUE;
+             ssr->cycle = true;
              return;
          }
          pobj = JSVAL_TO_OBJECT(STOBJ_GET_SLOT(pobj, slot));
      }
      pobj = ssr->pobj;
+     if (slot == JSSLOT_PROTO) {
+         obj->setProto(pobj);
+     } else {
+         JS_ASSERT(slot == JSSLOT_PARENT);
+         obj->setParent(pobj);
+     }
+ }
-     if (slot == JSSLOT_PROTO && OBJ_IS_NATIVE(obj)) {
+ void
-         JSScope *scope, *newscope;
+ js_DestroyScriptsToGC(JSContext *cx, JSThreadData *data)
-         JSObject *oldproto;
+ {
+     JSScript **listp, *script;
-         /* Check to see whether obj shares its prototype's scope. */
-         scope = OBJ_SCOPE(obj);
-         oldproto = STOBJ_GET_PROTO(obj);
-         if (oldproto && OBJ_SCOPE(oldproto) == scope) {
-             /* Either obj needs a new empty scope, or it should share pobj's. */
-             if (!pobj ||
-                 !OBJ_IS_NATIVE(pobj) ||
-                 OBJ_GET_CLASS(cx, pobj) != STOBJ_GET_CLASS(oldproto)) {
-                 /*
-                  * With no proto and no scope of its own, obj is truly empty.
-                  *
-                  * If pobj is not native, obj needs its own empty scope -- it
-                  * should not continue to share oldproto's scope once oldproto
-                  * is not on obj's prototype chain.  That would put properties
-                  * from oldproto's scope ahead of properties defined by pobj,
-                  * in lookup order.
-                  *
-                  * If pobj's class differs from oldproto's, we may need a new
-                  * scope to handle differences in private and reserved slots,
-                  * so we suboptimally but safely make one.
-                  */
-                 if (!js_GetMutableScope(cx, obj)) {
-                     ssr->errnum = JSMSG_OUT_OF_MEMORY;
-                     return;
-                 }
-             } else if (OBJ_SCOPE(pobj) != scope) {
-                 newscope = (JSScope *) js_HoldObjectMap(cx, pobj->map);
-                 obj->map = &newscope->map;
-                 js_DropObjectMap(cx, &scope->map, obj);
-                 JS_TRANSFER_SCOPE_LOCK(cx, scope, newscope);
-             }
-         }
-         /*
+     for (size_t i = 0; i != JS_ARRAY_LENGTH(data->scriptsToGC); ++i) {
-          * Regenerate property cache shape ids for all of the scopes along the
+         listp = &data->scriptsToGC[i];
-          * old prototype chain, in case any property cache entries were filled
+         while ((script = *listp) != NULL) {
-          * by looking up starting from obj.
+             *listp = script->u.nextToGC;
-          */
+             script->u.nextToGC = NULL;
-         while (oldproto && OBJ_IS_NATIVE(oldproto)) {
+             js_DestroyScript(cx, script);
-             scope = OBJ_SCOPE(oldproto);
-             SCOPE_MAKE_UNIQUE_SHAPE(cx, scope);
-             oldproto = STOBJ_GET_PROTO(scope->object);
          }
      }
-     /* Finally, do the deed. */
-     STOBJ_SET_SLOT(obj, slot, OBJECT_TO_JSVAL(pobj));
  }
  static void
- DestroyScriptsToGC(JSContext *cx, JSScript **listp)
+ FinalizeObject(JSContext *cx, JSObject *obj)
+ {
+     /* Cope with stillborn objects that have no map. */
+     if (!obj->map)
+         return;
+     if (JS_UNLIKELY(cx->debugHooks->objectHook != NULL)) {
+         cx->debugHooks->objectHook(cx, obj, JS_FALSE,
+                                    cx->debugHooks->objectHookData);
+     }
+     /* Finalize obj first, in case it needs map and slots. */
+     JSClass *clasp = STOBJ_GET_CLASS(obj);
+     if (clasp->finalize)
+         clasp->finalize(cx, obj);
+ #ifdef INCLUDE_MOZILLA_DTRACE
+     if (JAVASCRIPT_OBJECT_FINALIZE_ENABLED())
+         jsdtrace_object_finalize(obj);
+ #endif
+     if (JS_LIKELY(OBJ_IS_NATIVE(obj)))
+         OBJ_SCOPE(obj)->drop(cx, obj);
+     js_FreeSlots(cx, obj);
+ }
+ static JSStringFinalizeOp str_finalizers[GCX_NTYPES - GCX_EXTERNAL_STRING] = {
+     NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ };
+ intN
+ js_ChangeExternalStringFinalizer(JSStringFinalizeOp oldop,
+                                  JSStringFinalizeOp newop)
  {
-     JSScript *script;
+     uintN i;
+     for (i = 0; i != JS_ARRAY_LENGTH(str_finalizers); i++) {
+         if (str_finalizers[i] == oldop) {
+             str_finalizers[i] = newop;
+             return (intN) i;
+         }
+     }
+     return -1;
+ }
-     while ((script = *listp) != NULL) {
+ /*
-         *listp = script->u.nextToGC;
+  * cx is NULL when we are called from js_FinishAtomState to force the
-         script->u.nextToGC = NULL;
+  * finalization of the permanently interned strings.
-         js_DestroyScript(cx, script);
+  */
+ void
+ js_FinalizeStringRT(JSRuntime *rt, JSString *str, intN type, JSContext *cx)
+ {
+     jschar *chars;
+     JSBool valid;
+     JSStringFinalizeOp finalizer;
+     JS_RUNTIME_UNMETER(rt, liveStrings);
+     JS_ASSERT(!JSString::isStatic(str));
+     if (str->isDependent()) {
+         /* A dependent string can not be external and must be valid. */
+         JS_ASSERT(type < 0);
+         JS_ASSERT(str->dependentBase());
+         JS_RUNTIME_UNMETER(rt, liveDependentStrings);
+         valid = JS_TRUE;
+     } else {
+         /* A stillborn string has null chars, so is not valid. */
+         chars = str->flatChars();
+         valid = (chars != NULL);
+         if (valid) {
+             if (type < 0) {
+                 if (cx)
+                     cx->free(chars);
+                 else
+                     rt->free(chars);
+             } else {
+                 JS_ASSERT((uintN) type < JS_ARRAY_LENGTH(str_finalizers));
+                 finalizer = str_finalizers[type];
+                 if (finalizer) {
+                     /*
+                      * Assume that the finalizer for the permanently interned
+                      * string knows how to deal with null context.
+                      */
+                     finalizer(cx, str);
+                 }
+             }
+         }
      }
+     if (valid && str->isDeflated())
+         js_PurgeDeflatedStringCache(rt, str);
  }
  /*
-Line 3146
+Line 3284
      JSBool allClear;
  #ifdef JS_THREADSAFE
      uint32 requestDebit;
-     JSContext *acx, *iter;
  #endif
  #ifdef JS_GCMETER
      uint32 nlivearenas, nkilledarenas, nthings;
-Line 3154
+Line 3291
      JS_ASSERT_IF(gckind == GC_LAST_DITCH, !JS_ON_TRACE(cx));
      rt = cx->runtime;
  #ifdef JS_THREADSAFE
+     /*
+      * We allow js_GC calls outside a request but the context must be bound
+      * to the current thread.
+      */
+     JS_ASSERT(CURRENT_THREAD_IS_ME(cx->thread));
      /* Avoid deadlock. */
      JS_ASSERT(!JS_IS_RUNTIME_LOCKED(rt));
  #endif
-Line 3215
+Line 3359
      rt->gcPoke = JS_FALSE;
  #ifdef JS_THREADSAFE
-     JS_ASSERT(cx->thread->id == js_CurrentThreadId());
+     /*
+      * Check if the GC is already running on this or another thread and
+      * delegate the job to it.
+      */
+     if (rt->gcLevel > 0) {
+         JS_ASSERT(rt->gcThread);
-     /* Bump gcLevel and return rather than nest on this thread. */
+         /* Bump gcLevel to restart the current GC, so it finds new garbage. */
-     if (rt->gcThread == cx->thread) {
-         JS_ASSERT(rt->gcLevel > 0);
          rt->gcLevel++;
          METER_UPDATE_MAX(rt->gcStats.maxlevel, rt->gcLevel);
-         if (!(gckind & GC_LOCK_HELD))
-             JS_UNLOCK_GC(rt);
-         return;
-     }
-     /*
-      * If we're in one or more requests (possibly on more than one context)
-      * running on the current thread, indicate, temporarily, that all these
-      * requests are inactive.  If cx->thread is NULL, then cx is not using
-      * the request model, and does not contribute to rt->requestCount.
-      */
-     requestDebit = 0;
-     if (cx->thread) {
-         JSCList *head, *link;
          /*
-          * Check all contexts on cx->thread->contextList for active requests,
+          * If the GC runs on another thread, temporarily suspend the current
-          * counting each such context against requestDebit.
+          * request and wait until the GC is done.
           */
-         head = &cx->thread->contextList;
+         if (rt->gcThread != cx->thread) {
-         for (link = head->next; link != head; link = link->next) {
+             requestDebit = js_DiscountRequestsForGC(cx);
-             acx = CX_FROM_THREAD_LINKS(link);
+             js_RecountRequestsAfterGC(rt, requestDebit);
-             JS_ASSERT(acx->thread == cx->thread);
-             if (acx->requestDepth)
-                 requestDebit++;
          }
-     } else {
-         /*
-          * We assert, but check anyway, in case someone is misusing the API.
-          * Avoiding the loop over all of rt's contexts is a win in the event
-          * that the GC runs only on request-less contexts with null threads,
-          * in a special thread such as might be used by the UI/DOM/Layout
-          * "mozilla" or "main" thread in Mozilla-the-browser.
-          */
-         JS_ASSERT(cx->requestDepth == 0);
-         if (cx->requestDepth)
-             requestDebit = 1;
-     }
-     if (requestDebit) {
-         JS_ASSERT(requestDebit <= rt->requestCount);
-         rt->requestCount -= requestDebit;
-         if (rt->requestCount == 0)
-             JS_NOTIFY_REQUEST_DONE(rt);
-     }
-     /* If another thread is already in GC, don't attempt GC; wait instead. */
-     if (rt->gcLevel > 0) {
-         /* Bump gcLevel to restart the current GC, so it finds new garbage. */
-         rt->gcLevel++;
-         METER_UPDATE_MAX(rt->gcStats.maxlevel, rt->gcLevel);
-         /* Wait for the other thread to finish, then resume our request. */
-         while (rt->gcLevel > 0)
-             JS_AWAIT_GC_DONE(rt);
-         if (requestDebit)
-             rt->requestCount += requestDebit;
          if (!(gckind & GC_LOCK_HELD))
              JS_UNLOCK_GC(rt);
          return;
-Line 3287
+Line 3387
      rt->gcLevel = 1;
      rt->gcThread = cx->thread;
-     /* Wait for all other requests to finish. */
+     /*
+      * Notify all operation callbacks, which will give them a chance to
+      * yield their current request. Contexts that are not currently
+      * executing will perform their callback at some later point,
+      * which then will be unnecessary, but harmless.
+      */
+     js_NudgeOtherContexts(cx);
+     /*
+      * Discount all the requests on the current thread from contributing
+      * to rt->requestCount before we wait for all other requests to finish.
+      * JS_NOTIFY_REQUEST_DONE, which will wake us up, is only called on
+      * rt->requestCount transitions to 0.
+      */
+     requestDebit = js_CountThreadRequests(cx);
+     JS_ASSERT_IF(cx->requestDepth != 0, requestDebit >= 1);
+     rt->requestCount -= requestDebit;
      while (rt->requestCount > 0)
          JS_AWAIT_REQUEST_DONE(rt);
+     rt->requestCount += requestDebit;
  #else  /* !JS_THREADSAFE */
-Line 3329
+Line 3446
           * collect garbage only if a racing thread attempted GC and is waiting
           * for us to finish (gcLevel > 1) or if someone already poked us.
           */
-         if (rt->gcLevel == 1 && !rt->gcPoke)
+         if (rt->gcLevel == 1 && !rt->gcPoke && !rt->gcIsNeeded)
              goto done_running;
          rt->gcLevel = 0;
-Line 3337
+Line 3454
          rt->gcRunning = JS_FALSE;
  #ifdef JS_THREADSAFE
          rt->gcThread = NULL;
-         rt->requestCount += requestDebit;
  #endif
          gckind = GC_LOCK_HELD;
          goto restart_at_beginning;
-Line 3349
+Line 3465
      if (JS_ON_TRACE(cx))
          goto out;
  #endif
+     VOUCH_HAVE_STACK();
+     /* Clear gcIsNeeded now, when we are about to start a normal GC cycle. */
+     rt->gcIsNeeded = JS_FALSE;
      /* Reset malloc counter. */
      rt->gcMallocBytes = 0;
-Line 3359
+Line 3479
    }
  #endif
-     /* Clear property and JIT oracle caches (only for cx->thread if JS_THREADSAFE). */
-     js_FlushPropertyCache(cx);
  #ifdef JS_TRACER
-     js_FlushJITOracle(cx);
+     js_PurgeJITOracle();
  #endif
-     /* Destroy eval'ed scripts. */
+   restart:
-     DestroyScriptsToGC(cx, &JS_SCRIPTS_TO_GC(cx));
+     rt->gcNumber++;
+     JS_ASSERT(!rt->gcUntracedArenaStackTop);
+     JS_ASSERT(rt->gcTraceLaterCount == 0);
- #ifdef JS_THREADSAFE
      /*
-      * Clear thread-based caches. To avoid redundant clearing we unroll the
+      * Reset the property cache's type id generator so we can compress ids.
-      * current thread's step.
+      * Same for the protoHazardShape proxy-shape standing in for all object
-      *
+      * prototypes having readonly or setter properties.
-      * In case a JSScript wrapped within an object was finalized, we null
-      * acx->thread->gsnCache.script and finish the cache's hashtable. Note
-      * that js_DestroyScript, called from script_finalize, will have already
-      * cleared cx->thread->gsnCache above during finalization, so we don't
-      * have to here.
       */
-     iter = NULL;
+     if (rt->shapeGen & SHAPE_OVERFLOW_BIT
-     while ((acx = js_ContextIterator(rt, JS_FALSE, &iter)) != NULL) {
+ #ifdef JS_GC_ZEAL
-         if (!acx->thread || acx->thread == cx->thread)
+         || rt->gcZeal >= 1
-             continue;
-         GSN_CACHE_CLEAR(&acx->thread->gsnCache);
-         js_FlushPropertyCache(acx);
- #ifdef JS_TRACER
-         js_FlushJITOracle(acx);
  #endif
-         DestroyScriptsToGC(cx, &acx->thread->scriptsToGC);
+         ) {
+         rt->gcRegenShapes = true;
+         rt->gcRegenShapesScopeFlag ^= JSScope::SHAPE_REGEN;
+         rt->shapeGen = 0;
+         rt->protoHazardShape = 0;
      }
- #else
-     /* The thread-unsafe case just has to clear the runtime's GSN cache. */
-     GSN_CACHE_CLEAR(&rt->gsnCache);
- #endif
-   restart:
-     rt->gcNumber++;
-     JS_ASSERT(!rt->gcUntracedArenaStackTop);
-     JS_ASSERT(rt->gcTraceLaterCount == 0);
-     /* Reset the property cache's type id generator so we can compress ids. */
+     js_PurgeThreads(cx);
-     rt->shapeGen = 0;
+ #ifdef JS_TRACER
+     if (gckind == GC_LAST_CONTEXT) {
+         /* Clear builtin functions, which are recreated on demand. */
+         memset(rt->builtinFunctions, 0, sizeof rt->builtinFunctions);
+     }
+ #endif
      /*
       * Mark phase.
-Line 3433
+Line 3542
      rt->gcMarkingTracer = NULL;
+ #ifdef JS_THREADSAFE
+     cx->createDeallocatorTask();
+ #endif
      /*
       * Sweep phase.
       *
-Line 3506
+Line 3619
                          type = flags & GCF_TYPEMASK;
                          switch (type) {
                            case GCX_OBJECT:
-                             js_FinalizeObject(cx, (JSObject *) thing);
+                             FinalizeObject(cx, (JSObject *) thing);
-                             break;
-                           case GCX_DOUBLE:
-                             /* Do nothing. */
                              break;
  #if JS_HAS_XML_SUPPORT
                            case GCX_XML:
-Line 3543
+Line 3653
                   */
                  freeList = arenaList->freeList;
                  if (a == arenaList->last)
-                     arenaList->lastCount = (uint16) indexLimit;
+                     arenaList->lastCount = indexLimit;
                  *ap = a->prev;
                  a->prev = emptyArenas;
                  emptyArenas = a;
-Line 3567
+Line 3677
                                 nlivearenas, nkilledarenas, nthings));
      }
- #ifdef JS_THREADSAFE
-     /*
-      * Release all but two free list sets to avoid allocating a new set in
-      * js_NewGCThing.
-      */
-     TrimGCFreeListsPool(rt, 2);
- #endif
      ap = &rt->gcDoubleArenaList.first;
      METER((nlivearenas = 0, nkilledarenas = 0, nthings = 0));
      while ((a = *ap) != NULL) {
-Line 3622
+Line 3724
       */
      DestroyGCArenas(rt, emptyArenas);
+ #ifdef JS_THREADSAFE
+     cx->submitDeallocatorTask();
+ #endif
      if (rt->gcCallback)
          (void) rt->gcCallback(cx, JSGC_FINALIZE_END);
  #ifdef DEBUG_srcnotesize
-Line 3668
+Line 3774
       * We want to restart GC if js_GC was called recursively or if any of the
       * finalizers called js_RemoveRoot or js_UnlockGCThingRT.
       */
-     if (rt->gcLevel > 1 || rt->gcPoke) {
+     if (!JS_ON_TRACE(cx) && (rt->gcLevel > 1 || rt->gcPoke)) {
+         VOUCH_HAVE_STACK();
          rt->gcLevel = 1;
          rt->gcPoke = JS_FALSE;
          JS_UNLOCK_GC(rt);
          goto restart;
      }
-     if (rt->shapeGen >= SHAPE_OVERFLOW_BIT - 1) {
+     rt->setGCLastBytes(rt->gcBytes);
-         /*
-          * FIXME bug 440834: The shape id space has overflowed. Currently we
-          * cope badly with this. Every call to js_GenerateShape does GC, and
-          * we never re-enable the property cache.
-          */
-         js_DisablePropertyCache(cx);
- #ifdef JS_THREADSAFE
-         iter = NULL;
-         while ((acx = js_ContextIterator(rt, JS_FALSE, &iter)) != NULL) {
-             if (!acx->thread || acx->thread == cx->thread)
-                 continue;
-             js_DisablePropertyCache(acx);
-         }
- #endif
-     }
-     rt->gcLastBytes = rt->gcBytes;
    done_running:
      rt->gcLevel = 0;
-     rt->gcRunning = JS_FALSE;
+     rt->gcRunning = rt->gcRegenShapes = false;
  #ifdef JS_THREADSAFE
-     /* If we were invoked during a request, pay back the temporary debit. */
-     if (requestDebit)
-         rt->requestCount += requestDebit;
      rt->gcThread = NULL;
      JS_NOTIFY_GC_DONE(rt);
-Line 3747
+Line 3834
          }
      }
  }
- void
- js_UpdateMallocCounter(JSContext *cx, size_t nbytes)
- {
-     uint32 *pbytes, bytes;
- #ifdef JS_THREADSAFE
-     pbytes = &cx->thread->gcMallocBytes;
- #else
-     pbytes = &cx->runtime->gcMallocBytes;
- #endif
-     bytes = *pbytes;
-     *pbytes = ((uint32)-1 - bytes <= nbytes) ? (uint32)-1 : bytes + nbytes;
- }

 Legend:



Removed from v.399
 


changed lines


 
Added in v.507
 Legend:



Removed from v.399
 


changed lines


 
Added in v.507
-Removed from v.399
+Added in v.507

	ViewVC Help
Powered by ViewVC 1.1.24