Oilpan: Support polymorphic objects in HeapVectorBackings

Source/platform/heap/Heap.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 318 matching lines @@
 {
     return reinterpret_cast<Address>(reinterpret_cast<uintptr_t>(address - 1) & blinkPageBaseMask) + blinkPageSize;
 }
 
 // Masks an address down to the enclosing blink page base address.
 inline Address blinkPageAddress(Address address)
 {
     return reinterpret_cast<Address>(reinterpret_cast<uintptr_t>(address) & blinkPageBaseMask);
 }
 
+inline bool vTableInitialized(void* objectPointer)
+{
+    return !!(*reinterpret_cast<Address*>(objectPointer));
+}
+
 #if ENABLE(ASSERT)
-
 // Sanity check for a page header address: the address of the page
 // header should be OS page size away from being Blink page size
 // aligned.
 inline bool isPageHeaderAddress(Address address)
 {
     return !((reinterpret_cast<uintptr_t>(address) & blinkPageOffsetMask) - WTF::kSystemPageSize);
 }
 #endif
 
 // BasePage is a base class for NormalPage and LargeObjectPage.
@@ skipping 1355 matching lines @@
     }
 };
 
 // Vector backing that needs marking. We don't support weak members in vectors.
 template<ShouldWeakPointersBeMarkedStrongly strongify, typename T, typename Traits>
 struct TraceInCollectionTrait<NoWeakHandlingInCollections, strongify, blink::HeapVectorBacking<T, Traits>, void> {
     template<typename VisitorDispatcher>
     static bool trace(VisitorDispatcher visitor, void* self)
     {
         // HeapVectorBacking does not know the exact size of the vector
-        // and thus cannot avoid tracing all slots in the backing.
-        // This works correctly as long as unused slots are cleared out
-        // (this is done by VectorUnusedSlotClearer) and T can be initialized
-        // with memset (if T can be initialized with memset, it is safe to
-        // treat a zeroed object as a valid object).
-        static_assert(!ShouldBeTraced<Traits>::value || Traits::canInitializeWithMemset, "HeapVectorBacking doesn't support objects that cannot be initialized with memset.");
+        // and just knows the capacity of the vector. Due to the constraint,
+        // HeapVectorBacking can support only the following objects:
+        //
+        // - An object that has a vtable. In this case, HeapVectorBacking
+        //   traces only slots that are not zeroed out. This is because if
+        //   the object has a vtable, the zeroed slot means that it is
+        //   an unused slot (Remember that the unused slots are guaranteed
+        //   to be zeroed out by VectorUnusedSlotClearer).
+        //
+        // - An object that can be initialized with memset. In this case,
+        //   HeapVectorBacking traces all slots including unused slots.
+        //   This is fine because the fact that the object can be initialized
+        //   with memset indicates that it is safe to treat the zerod slot
+        //   as a valid object.
+        static_assert(!ShouldBeTraced<Traits>::value || Traits::canInitializeWithMemset || WTF::IsPolymorphic<T>::value, "HeapVectorBacking doesn't support objects that cannot be initialized with memset.");
 
         T* array = reinterpret_cast<T*>(self);
         blink::HeapObjectHeader* header = blink::HeapObjectHeader::fromPayload(self);
         // Use the payload size as recorded by the heap to determine how many
         // elements to trace.
         size_t length = header->payloadSize() / sizeof(T);
+        if (WTF::IsPolymorphic<T>::value) {
+            for (size_t i = 0; i < length; ++i) {
+                if (blink::vTableInitialized(&array[i]))
+                    blink::CollectionBackingTraceTrait<ShouldBeTraced<Traits>::value, Traits::weakHandlingFlag, WeakPointersActStrong, T, Traits>::trace(visitor, array[i]);
+            }
+        } else {
 #ifdef ANNOTATE_CONTIGUOUS_CONTAINER
-        // As commented above, HeapVectorBacking can trace unused slots
-        // (which are already zeroed out).
-        ANNOTATE_CHANGE_SIZE(array, length, 0, length);
+            // As commented above, HeapVectorBacking can trace unused slots
+            // (which are already zeroed out).
+            ANNOTATE_CHANGE_SIZE(array, length, 0, length);
 #endif
-        for (size_t i = 0; i < length; ++i)
-            blink::CollectionBackingTraceTrait<ShouldBeTraced<Traits>::value, Traits::weakHandlingFlag, WeakPointersActStrong, T, Traits>::trace(visitor, array[i]);
+            for (size_t i = 0; i < length; ++i)
+                blink::CollectionBackingTraceTrait<ShouldBeTraced<Traits>::value, Traits::weakHandlingFlag, WeakPointersActStrong, T, Traits>::trace(visitor, array[i]);
+        }
         return false;
     }
 };
 
 // Almost all hash table backings are visited with this specialization.
 template<ShouldWeakPointersBeMarkedStrongly strongify, typename Table>
 struct TraceInCollectionTrait<NoWeakHandlingInCollections, strongify, blink::HeapHashTableBacking<Table>, void> {
     using Value = typename Table::ValueType;
     using Traits = typename Table::ValueTraits;
 
@@ skipping 257 matching lines @@
 #if ENABLE(ASSERT)
         assertObjectHasGCInfo(const_cast<Backing*>(backing), GCInfoTrait<Backing>::index());
 #endif
     }
 };
 
 template<typename T, typename Traits>
 void HeapVectorBacking<T, Traits>::finalize(void* pointer)
 {
     static_assert(Traits::needsDestruction, "Only vector buffers with items requiring destruction should be finalized");
-    // HeapVectorBacking does not know the exact size of the vector
-    // and thus cannot avoid calling finalizers for all slots in the backing.
-    // This works correctly as long as unused slots are cleared out
-    // (this is done by VectorUnusedSlotClearer) and T can be initialized
-    // with memset (if T can be initialized with memset, it is safe to
-    // treat a zeroed object as a valid object).
-    static_assert(Traits::canInitializeWithMemset, "HeapVectorBacking doesn't support objects that cannot be initialized with memset.");
+    // See the comment in HeapVectorBacking::trace.
+    static_assert(Traits::canInitializeWithMemset || WTF::IsPolymorphic<T>::value, "HeapVectorBacking doesn't support objects that cannot be initialized with memset or don't have a vtable");
 
     ASSERT(!WTF::IsTriviallyDestructible<T>::value);
     HeapObjectHeader* header = HeapObjectHeader::fromPayload(pointer);
     // Use the payload size as recorded by the heap to determine how many
     // elements to finalize.
     size_t length = header->payloadSize() / sizeof(T);
     T* buffer = reinterpret_cast<T*>(pointer);
 #ifdef ANNOTATE_CONTIGUOUS_CONTAINER
     // As commented above, HeapVectorBacking calls finalizers for unused slots
     // (which are already zeroed out).
     ANNOTATE_CHANGE_SIZE(buffer, length, 0, length);
 #endif
-    for (unsigned i = 0; i < length; ++i)
-        buffer[i].~T();
+    if (WTF::IsPolymorphic<T>::value) {
+        for (unsigned i = 0; i < length; ++i) {
+            if (blink::vTableInitialized(&buffer[i]))
+                buffer[i].~T();
+        }
+    } else {
+        for (unsigned i = 0; i < length; ++i) {
+            buffer[i].~T();
+        }
+    }
 }
 
 template<typename Table>
 void HeapHashTableBacking<Table>::finalize(void* pointer)
 {
     using Value = typename Table::ValueType;
     ASSERT(!WTF::IsTriviallyDestructible<Value>::value);
     HeapObjectHeader* header = HeapObjectHeader::fromPayload(pointer);
     // Use the payload size as recorded by the heap to determine how many
     // elements to finalize.
     size_t length = header->payloadSize() / sizeof(Value);
     Value* table = reinterpret_cast<Value*>(pointer);
     for (unsigned i = 0; i < length; ++i) {
         if (!Table::isEmptyOrDeletedBucket(table[i]))
             table[i].~Value();
     }
 }
 
 } // namespace blink
 
 #endif // Heap_h