mozjs_sys 0.67.1

System crate for the Mozilla SpiderMonkey JavaScript engine.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * vim: set ts=8 sts=2 et sw=2 tw=80:
 *
 * Copyright (C) 2008 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "jit/ExecutableAllocator.h"

#include "jit/JitRealm.h"
#include "js/MemoryMetrics.h"

using namespace js::jit;

ExecutablePool::~ExecutablePool() {
#ifdef DEBUG
  for (size_t bytes : m_codeBytes) {
    MOZ_ASSERT(bytes == 0);
  }
#endif

  MOZ_ASSERT(!isMarked());

  m_allocator->releasePoolPages(this);
}

void ExecutablePool::release(bool willDestroy) {
  MOZ_ASSERT(m_refCount != 0);
  MOZ_ASSERT_IF(willDestroy, m_refCount == 1);
  if (--m_refCount == 0) {
    js_delete(this);
  }
}

void ExecutablePool::release(size_t n, CodeKind kind) {
  m_codeBytes[kind] -= n;
  MOZ_ASSERT(m_codeBytes[kind] < m_allocation.size);  // Shouldn't underflow.

  release();
}

void ExecutablePool::addRef() {
  // It should be impossible for us to roll over, because only small
  // pools have multiple holders, and they have one holder per chunk
  // of generated code, and they only hold 16KB or so of code.
  MOZ_ASSERT(m_refCount);
  ++m_refCount;
  MOZ_ASSERT(m_refCount, "refcount overflow");
}

void* ExecutablePool::alloc(size_t n, CodeKind kind) {
  MOZ_ASSERT(n <= available());
  void* result = m_freePtr;
  m_freePtr += n;

  m_codeBytes[kind] += n;

  MOZ_MAKE_MEM_UNDEFINED(result, n);
  return result;
}

size_t ExecutablePool::available() const {
  MOZ_ASSERT(m_end >= m_freePtr);
  return m_end - m_freePtr;
}

ExecutableAllocator::~ExecutableAllocator() {
  for (size_t i = 0; i < m_smallPools.length(); i++) {
    m_smallPools[i]->release(/* willDestroy = */ true);
  }

  // If this asserts we have a pool leak.
  MOZ_ASSERT_IF(TlsContext.get()->runtime()->gc.shutdownCollectedEverything(),
                m_pools.empty());
}

ExecutablePool* ExecutableAllocator::poolForSize(size_t n) {
  // Try to fit in an existing small allocator.  Use the pool with the
  // least available space that is big enough (best-fit).  This is the
  // best strategy because (a) it maximizes the chance of the next
  // allocation fitting in a small pool, and (b) it minimizes the
  // potential waste when a small pool is next abandoned.
  ExecutablePool* minPool = nullptr;
  for (size_t i = 0; i < m_smallPools.length(); i++) {
    ExecutablePool* pool = m_smallPools[i];
    if (n <= pool->available() &&
        (!minPool || pool->available() < minPool->available())) {
      minPool = pool;
    }
  }
  if (minPool) {
    minPool->addRef();
    return minPool;
  }

  // If the request is large, we just provide a unshared allocator
  if (n > ExecutableCodePageSize) {
    return createPool(n);
  }

  // Create a new allocator
  ExecutablePool* pool = createPool(ExecutableCodePageSize);
  if (!pool) {
    return nullptr;
  }
  // At this point, local |pool| is the owner.

  if (m_smallPools.length() < maxSmallPools) {
    // We haven't hit the maximum number of live pools; add the new pool.
    // If append() OOMs, we just return an unshared allocator.
    if (m_smallPools.append(pool)) {
      pool->addRef();
    }
  } else {
    // Find the pool with the least space.
    int iMin = 0;
    for (size_t i = 1; i < m_smallPools.length(); i++) {
      if (m_smallPools[i]->available() < m_smallPools[iMin]->available()) {
        iMin = i;
      }
    }

    // If the new allocator will result in more free space than the small
    // pool with the least space, then we will use it instead
    ExecutablePool* minPool = m_smallPools[iMin];
    if ((pool->available() - n) > minPool->available()) {
      minPool->release();
      m_smallPools[iMin] = pool;
      pool->addRef();
    }
  }

  // Pass ownership to the caller.
  return pool;
}

/* static */
size_t ExecutableAllocator::roundUpAllocationSize(size_t request,
                                                  size_t granularity) {
  if ((std::numeric_limits<size_t>::max() - granularity) <= request) {
    return OVERSIZE_ALLOCATION;
  }

  // Round up to next page boundary
  size_t size = request + (granularity - 1);
  size = size & ~(granularity - 1);
  MOZ_ASSERT(size >= request);
  return size;
}

ExecutablePool* ExecutableAllocator::createPool(size_t n) {
  size_t allocSize = roundUpAllocationSize(n, ExecutableCodePageSize);
  if (allocSize == OVERSIZE_ALLOCATION) {
    return nullptr;
  }

  ExecutablePool::Allocation a = systemAlloc(allocSize);
  if (!a.pages) {
    return nullptr;
  }

  ExecutablePool* pool = js_new<ExecutablePool>(this, a);
  if (!pool) {
    systemRelease(a);
    return nullptr;
  }

  if (!m_pools.put(pool)) {
    // Note: this will call |systemRelease(a)|.
    js_delete(pool);
    return nullptr;
  }

  return pool;
}

void* ExecutableAllocator::alloc(JSContext* cx, size_t n,
                                 ExecutablePool** poolp, CodeKind type) {
  // Caller must ensure 'n' is word-size aligned. If all allocations are
  // of word sized quantities, then all subsequent allocations will be
  // aligned.
  MOZ_ASSERT(roundUpAllocationSize(n, sizeof(void*)) == n);

  if (n == OVERSIZE_ALLOCATION) {
    *poolp = nullptr;
    return nullptr;
  }

  *poolp = poolForSize(n);
  if (!*poolp) {
    return nullptr;
  }

  // This alloc is infallible because poolForSize() just obtained
  // (found, or created if necessary) a pool that had enough space.
  void* result = (*poolp)->alloc(n, type);
  MOZ_ASSERT(result);

  cx->zone()->updateJitCodeMallocBytes(n);

  return result;
}

void ExecutableAllocator::releasePoolPages(ExecutablePool* pool) {
  MOZ_ASSERT(pool->m_allocation.pages);
  systemRelease(pool->m_allocation);

  // Pool may not be present in m_pools if we hit OOM during creation.
  if (auto ptr = m_pools.lookup(pool)) {
    m_pools.remove(ptr);
  }
}

void ExecutableAllocator::purge() {
  for (size_t i = 0; i < m_smallPools.length();) {
    ExecutablePool* pool = m_smallPools[i];
    if (pool->m_refCount > 1) {
      // Releasing this pool is not going to deallocate it, so we might as
      // well hold on to it and reuse it for future allocations.
      i++;
      continue;
    }

    MOZ_ASSERT(pool->m_refCount == 1);
    pool->release();
    m_smallPools.erase(&m_smallPools[i]);
  }
}

void ExecutableAllocator::addSizeOfCode(JS::CodeSizes* sizes) const {
  for (ExecPoolHashSet::Range r = m_pools.all(); !r.empty(); r.popFront()) {
    ExecutablePool* pool = r.front();
    sizes->ion += pool->m_codeBytes[CodeKind::Ion];
    sizes->baseline += pool->m_codeBytes[CodeKind::Baseline];
    sizes->regexp += pool->m_codeBytes[CodeKind::RegExp];
    sizes->other += pool->m_codeBytes[CodeKind::Other];
    sizes->unused += pool->m_allocation.size - pool->usedCodeBytes();
  }
}

/* static */
void ExecutableAllocator::reprotectPool(JSRuntime* rt, ExecutablePool* pool,
                                        ProtectionSetting protection) {
  char* start = pool->m_allocation.pages;
  if (!ReprotectRegion(start, pool->m_freePtr - start, protection)) {
    MOZ_CRASH();
  }
}

/* static */
void ExecutableAllocator::poisonCode(JSRuntime* rt,
                                     JitPoisonRangeVector& ranges) {
  MOZ_ASSERT(CurrentThreadCanAccessRuntime(rt));

#ifdef DEBUG
  // Make sure no pools have the mark bit set.
  for (size_t i = 0; i < ranges.length(); i++) {
    MOZ_ASSERT(!ranges[i].pool->isMarked());
  }
#endif

  for (size_t i = 0; i < ranges.length(); i++) {
    ExecutablePool* pool = ranges[i].pool;
    if (pool->m_refCount == 1) {
      // This is the last reference so the release() call below will
      // unmap the memory. Don't bother poisoning it.
      continue;
    }

    MOZ_ASSERT(pool->m_refCount > 1);

    // Use the pool's mark bit to indicate we made the pool writable.
    // This avoids reprotecting a pool multiple times.
    if (!pool->isMarked()) {
      reprotectPool(rt, pool, ProtectionSetting::Writable);
      pool->mark();
    }

    // Note: we use memset instead of js::Poison because we want to poison
    // JIT code in release builds too. Furthermore, we don't want the
    // invalid-ObjectValue poisoning js::Poison does in debug builds.
    memset(ranges[i].start, JS_SWEPT_CODE_PATTERN, ranges[i].size);
    MOZ_MAKE_MEM_NOACCESS(ranges[i].start, ranges[i].size);
  }

  // Make the pools executable again and drop references.
  for (size_t i = 0; i < ranges.length(); i++) {
    ExecutablePool* pool = ranges[i].pool;
    if (pool->isMarked()) {
      reprotectPool(rt, pool, ProtectionSetting::Executable);
      pool->unmark();
    }
    pool->release();
  }
}

ExecutablePool::Allocation ExecutableAllocator::systemAlloc(size_t n) {
  void* allocation = AllocateExecutableMemory(n, ProtectionSetting::Executable,
                                              MemCheckKind::MakeNoAccess);
  ExecutablePool::Allocation alloc = {reinterpret_cast<char*>(allocation), n};
  return alloc;
}

void ExecutableAllocator::systemRelease(
    const ExecutablePool::Allocation& alloc) {
  DeallocateExecutableMemory(alloc.pages, alloc.size);
}