OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
82 const size_t largeObjectSizeThreshold = blinkPageSize / 2; | 82 const size_t largeObjectSizeThreshold = blinkPageSize / 2; |
83 | 83 |
84 // A zap value used for freed memory that is allowed to be added to the free | 84 // A zap value used for freed memory that is allowed to be added to the free |
85 // list in the next addToFreeList(). | 85 // list in the next addToFreeList(). |
86 const uint8_t reuseAllowedZapValue = 0x2a; | 86 const uint8_t reuseAllowedZapValue = 0x2a; |
87 // A zap value used for freed memory that is forbidden to be added to the free | 87 // A zap value used for freed memory that is forbidden to be added to the free |
88 // list in the next addToFreeList(). | 88 // list in the next addToFreeList(). |
89 const uint8_t reuseForbiddenZapValue = 0x2c; | 89 const uint8_t reuseForbiddenZapValue = 0x2c; |
90 | 90 |
91 // In non-production builds, memory is zapped when it's freed. The zapped | 91 // In non-production builds, memory is zapped when it's freed. The zapped |
92 // memory is zeroed out when the memory is reused in ThreadHeap::allocateObject(
). | 92 // memory is zeroed out when the memory is reused in |
| 93 // ThreadHeap::allocateObject(). |
93 // In production builds, memory is not zapped (for performance). The memory | 94 // In production builds, memory is not zapped (for performance). The memory |
94 // is just zeroed out when it is added to the free list. | 95 // is just zeroed out when it is added to the free list. |
95 #if defined(MEMORY_SANITIZER) | 96 #if defined(MEMORY_SANITIZER) |
96 // TODO(kojii): We actually need __msan_poison/unpoison here, but it'll be | 97 // TODO(kojii): We actually need __msan_poison/unpoison here, but it'll be |
97 // added later. | 98 // added later. |
98 #define SET_MEMORY_INACCESSIBLE(address, size) \ | 99 #define SET_MEMORY_INACCESSIBLE(address, size) \ |
99 FreeList::zapFreedMemory(address, size); | 100 FreeList::zapFreedMemory(address, size); |
100 #define SET_MEMORY_ACCESSIBLE(address, size) memset((address), 0, (size)) | 101 #define SET_MEMORY_ACCESSIBLE(address, size) memset((address), 0, (size)) |
101 #define CHECK_MEMORY_INACCESSIBLE(address, size) \ | 102 #define CHECK_MEMORY_INACCESSIBLE(address, size) \ |
102 ASAN_UNPOISON_MEMORY_REGION(address, size); \ | 103 ASAN_UNPOISON_MEMORY_REGION(address, size); \ |
(...skipping 29 matching lines...) Expand all Loading... |
132 class CallbackStack; | 133 class CallbackStack; |
133 class FreePagePool; | 134 class FreePagePool; |
134 class NormalPageArena; | 135 class NormalPageArena; |
135 class OrphanedPagePool; | 136 class OrphanedPagePool; |
136 class PageMemory; | 137 class PageMemory; |
137 class PageMemoryRegion; | 138 class PageMemoryRegion; |
138 class WebMemoryAllocatorDump; | 139 class WebMemoryAllocatorDump; |
139 | 140 |
140 // HeapObjectHeader is 4 byte (32 bit) that has the following layout: | 141 // HeapObjectHeader is 4 byte (32 bit) that has the following layout: |
141 // | 142 // |
142 // | gcInfoIndex (14 bit) | DOM mark bit (1 bit) | size (14 bit) | dead bit (1 b
it) | freed bit (1 bit) | mark bit (1 bit) | | 143 // | gcInfoIndex (14 bit) | |
| 144 // | DOM mark bit (1 bit) | |
| 145 // | size (14 bit) | |
| 146 // | dead bit (1 bit) | |
| 147 // | freed bit (1 bit) | |
| 148 // | mark bit (1 bit) | |
143 // | 149 // |
144 // - For non-large objects, 14 bit is enough for |size| because the blink | 150 // - For non-large objects, 14 bit is enough for |size| because the blink |
145 // page size is 2^17 byte and each object is guaranteed to be aligned with | 151 // page size is 2^17 byte and each object is guaranteed to be aligned with |
146 // 2^3 byte. | 152 // 2^3 byte. |
147 // - For large objects, |size| is 0. The actual size of a large object is | 153 // - For large objects, |size| is 0. The actual size of a large object is |
148 // stored in LargeObjectPage::m_payloadSize. | 154 // stored in LargeObjectPage::m_payloadSize. |
149 // - 1 bit used to mark DOM trees for V8. | 155 // - 1 bit used to mark DOM trees for V8. |
150 // - 14 bit is enough for gcInfoIndex because there are less than 2^14 types | 156 // - 14 bit is enough for gcInfoIndex because there are less than 2^14 types |
151 // in Blink. | 157 // in Blink. |
152 const size_t headerWrapperMarkBitMask = 1u << 17; | 158 const size_t headerWrapperMarkBitMask = 1u << 17; |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
254 | 260 |
255 private: | 261 private: |
256 uint32_t m_encoded; | 262 uint32_t m_encoded; |
257 #if ENABLE(ASSERT) | 263 #if ENABLE(ASSERT) |
258 uint16_t m_magic; | 264 uint16_t m_magic; |
259 #endif | 265 #endif |
260 | 266 |
261 // In 64 bit architectures, we intentionally add 4 byte padding immediately | 267 // In 64 bit architectures, we intentionally add 4 byte padding immediately |
262 // after the HeapObjectHeader. This is because: | 268 // after the HeapObjectHeader. This is because: |
263 // | 269 // |
264 // | HeapObjectHeader (4 byte) | padding (4 byte) | object payload (8 * n byte)
| | 270 // | HeapObjectHeader (4 byte) | <- 8 byte aligned |
265 // ^8 byte aligned ^8 byte aligned | 271 // | padding (4 byte) | |
| 272 // | object payload (8 * n byte) | <- 8 byte aligned |
266 // | 273 // |
267 // is better than: | 274 // is better than: |
268 // | 275 // |
269 // | HeapObjectHeader (4 byte) | object payload (8 * n byte) | padding (4 byte)
| | 276 // | HeapObjectHeader (4 byte) | <- 4 byte aligned |
270 // ^4 byte aligned ^8 byte aligned ^4 byte aligned | 277 // | object payload (8 * n byte) | <- 8 byte aligned |
| 278 // | padding (4 byte) | <- 4 byte aligned |
271 // | 279 // |
272 // since the former layout aligns both header and payload to 8 byte. | 280 // since the former layout aligns both header and payload to 8 byte. |
273 #if USE_4BYTE_HEADER_PADDING | 281 #if USE_4BYTE_HEADER_PADDING |
274 public: | 282 public: |
275 uint32_t m_padding; | 283 uint32_t m_padding; |
276 #endif | 284 #endif |
277 }; | 285 }; |
278 | 286 |
279 class FreeListEntry final : public HeapObjectHeader { | 287 class FreeListEntry final : public HeapObjectHeader { |
280 public: | 288 public: |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
595 // cache. If there is a miss in the cache we can determine the status of the | 603 // cache. If there is a miss in the cache we can determine the status of the |
596 // pointer precisely using the heap RegionTree. | 604 // pointer precisely using the heap RegionTree. |
597 // | 605 // |
598 // The HeapDoesNotContainCache is a negative cache, so it must be flushed when | 606 // The HeapDoesNotContainCache is a negative cache, so it must be flushed when |
599 // memory is added to the heap. | 607 // memory is added to the heap. |
600 class HeapDoesNotContainCache { | 608 class HeapDoesNotContainCache { |
601 USING_FAST_MALLOC(HeapDoesNotContainCache); | 609 USING_FAST_MALLOC(HeapDoesNotContainCache); |
602 | 610 |
603 public: | 611 public: |
604 HeapDoesNotContainCache() : m_hasEntries(false) { | 612 HeapDoesNotContainCache() : m_hasEntries(false) { |
605 // Start by flushing the cache in a non-empty state to initialize all the ca
che entries. | 613 // Start by flushing the cache in a non-empty state to initialize all the |
| 614 // cache entries. |
606 for (int i = 0; i < numberOfEntries; ++i) | 615 for (int i = 0; i < numberOfEntries; ++i) |
607 m_entries[i] = nullptr; | 616 m_entries[i] = nullptr; |
608 } | 617 } |
609 | 618 |
610 void flush(); | 619 void flush(); |
611 bool isEmpty() { return !m_hasEntries; } | 620 bool isEmpty() { return !m_hasEntries; } |
612 | 621 |
613 // Perform a lookup in the cache. | 622 // Perform a lookup in the cache. |
614 // | 623 // |
615 // If lookup returns false, the argument address was not found in | 624 // If lookup returns false, the argument address was not found in |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
916 return outOfLineAllocate(allocationSize, gcInfoIndex); | 925 return outOfLineAllocate(allocationSize, gcInfoIndex); |
917 } | 926 } |
918 | 927 |
919 inline NormalPageArena* NormalPage::arenaForNormalPage() const { | 928 inline NormalPageArena* NormalPage::arenaForNormalPage() const { |
920 return static_cast<NormalPageArena*>(arena()); | 929 return static_cast<NormalPageArena*>(arena()); |
921 } | 930 } |
922 | 931 |
923 } // namespace blink | 932 } // namespace blink |
924 | 933 |
925 #endif // HeapPage_h | 934 #endif // HeapPage_h |
OLD | NEW |