Chromium Code Reviews Chromium Code Reviews
Issue 946163003:
Prevent GCs when constructing GC mixin objects. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| Index: Source/platform/heap/Heap.h |
| diff --git a/Source/platform/heap/Heap.h b/Source/platform/heap/Heap.h |
| index 76052f32432746a783d92fe4ed12282d7b68b9d3..58ae3b949f05b35f67b6ac3e46655709e3458cca 100644 |
| --- a/Source/platform/heap/Heap.h |
| +++ b/Source/platform/heap/Heap.h |
| @@ -1031,6 +1031,74 @@ private: |
| friend class ThreadState; |
| }; |
| +template<typename T> |
| +struct HeapIndexTrait { |
| + static int index() { return NormalPageHeapIndex; }; |
| +}; |
| + |
| +// FIXME: The forward declaration is layering violation. |
| +#define DEFINE_TYPED_HEAP_TRAIT(Type) \ |
| + class Type; \ |
| + template <> struct HeapIndexTrait<class Type> { \ |
| + static int index() { return Type##HeapIndex; }; \ |
| + }; |
| +FOR_EACH_TYPED_HEAP(DEFINE_TYPED_HEAP_TRAIT) |
| +#undef DEFINE_TYPED_HEAP_TRAIT |
| + |
| +template<typename T, typename Enabled = void> |
| +class AllocateObjectTrait { |
| +public: |
| + static inline Address allocate(size_t size) |
| + { |
| + return Heap::allocateOnHeapIndex<T>(size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index()); |
| + } |
| + |
| + static inline void constructor() |
| + { |
| + } |
| +}; |
| + |
| +template<typename T> |
| +class AllocateObjectTrait<T, typename WTF::EnableIf<blink::IsGarbageCollectedMixin<T>::value>::Type> { |
| +public: |
| + // An object which implements GarbageCollectedMixin is marked |
| + // and traced during GC by first adjusting object references to |
| + // it to refer to the leftmost base for the object (which would |
| + // be a GarbageCollected-derived class.) The prefixed object header |
| + // can be located after that adjustment and its trace() vtbl slot |
| + // will be used to fully trace the object, if not already marked. |
| + // |
| + // A C++ object's vptr will be initialized to its leftmost base's |
| + // vtabke after the constructors of all its subclasses have run, |
|
haraken
2015/02/23 08:24:23
vtable
sof
2015/02/23 10:29:02
Done.
|
| + // so if a subclass constructor tries to access any of the vtbl |
| + // entries of its leftmost base prematurely, it'll find an as-yet |
| + // incorrect vptr and fail. Which is exactly what a garbage collector |
| + // will try to do if it tries to access the leftmost base while one |
| + // of the subclass constructors of a GC mixin object triggers a GC. |
| + // It is consequently not safe to allow any GCs while these objects |
| + // are under (sub constructor) construction. |
| + // |
| + // To achieve that, the construction of mixins are handled in a |
| + // special manner: |
| + // |
| + // - The initial allocation of the mixin object will enter a no GC scope. |
| + // - The constructor for the leftmost base, which is when the mixin |
| + // object is in a state ready for a GC, leaves that GC scope. |
| + // - no-GC scope entering/leaving must support nesting. |
| + // |
| + static inline Address allocate(size_t size) |
| + { |
| + Address object = Heap::allocateOnHeapIndex<T>(size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index()); |
| + ThreadState::current()->enterNoGCAllowedScope(); |
|
haraken
2015/02/23 08:24:22
Are compilers smart enough to remove the two Threa
sof
2015/02/23 10:29:02
Reasonable to assume so, but we might as well manu
|
| + return object; |
| + } |
| + |
| + static inline void constructor() |
| + { |
| + ThreadState::current()->leaveNoGCAllowedScope(); |
| + } |
| +}; |
| + |
| // Base class for objects allocated in the Blink garbage-collected heap. |
| // |
| // Defines a 'new' operator that allocates the memory in the heap. 'delete' |
| @@ -1079,6 +1147,7 @@ public: |
| protected: |
| GarbageCollected() |
| { |
| + AllocateObjectTrait<T>::constructor(); |
| } |
| }; |
| @@ -1376,20 +1445,6 @@ Address NormalPageHeap::allocate(size_t size, size_t gcInfoIndex) |
| } |
| template<typename T> |
| -struct HeapIndexTrait { |
| - static int index() { return NormalPageHeapIndex; }; |
| -}; |
| - |
| -// FIXME: The forward declaration is layering violation. |
| -#define DEFINE_TYPED_HEAP_TRAIT(Type) \ |
| - class Type; \ |
| - template <> struct HeapIndexTrait<class Type> { \ |
| - static int index() { return Type##HeapIndex; }; \ |
| - }; |
| -FOR_EACH_TYPED_HEAP(DEFINE_TYPED_HEAP_TRAIT) |
| -#undef DEFINE_TYPED_HEAP_TRAIT |
| - |
| -template<typename T> |
| Address Heap::allocateOnHeapIndex(size_t size, int heapIndex, size_t gcInfoIndex) |
| { |
| ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state(); |
| @@ -1400,7 +1455,7 @@ Address Heap::allocateOnHeapIndex(size_t size, int heapIndex, size_t gcInfoIndex |
| template<typename T> |
| Address Heap::allocate(size_t size) |
| { |
| - return allocateOnHeapIndex<T>(size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index()); |
| + return AllocateObjectTrait<T>::allocate(size); |
| } |
| template<typename T> |
