1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
* vim: set ts=8 sts=4 et sw=4 tw=99:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef vm_SharedArrayObject_h
#define vm_SharedArrayObject_h
#include "mozilla/Atomics.h"
#include "jsapi.h"
#include "jsobj.h"
#include "jstypes.h"
#include "gc/Barrier.h"
#include "vm/ArrayBufferObject.h"
typedef struct JSProperty JSProperty;
namespace js {
class FutexWaiter;
/*
* SharedArrayRawBuffer
*
* A bookkeeping object always stored immediately before the raw buffer.
* The buffer itself is mmap()'d and refcounted.
* SharedArrayBufferObjects and AsmJS code may hold references.
*
* |<------ sizeof ------>|<- length ->|
*
* | waste | SharedArrayRawBuffer | data array | waste |
*
* Observe that if we want to map the data array on a specific address, such
* as absolute zero (bug 1056027), then the SharedArrayRawBuffer cannot be
* prefixed to the data array, it has to be a separate object, also in
* shared memory. (That would get rid of ~4KB of waste, as well.) Very little
* else would have to change throughout the engine, the SARB would point to
* the data array using a constant pointer, instead of computing its
* address.
*/
class SharedArrayRawBuffer
{
private:
mozilla::Atomic<uint32_t, mozilla::ReleaseAcquire> refcount_;
uint32_t length;
bool preparedForAsmJS;
// A list of structures representing tasks waiting on some
// location within this buffer.
FutexWaiter* waiters_;
protected:
SharedArrayRawBuffer(uint8_t* buffer, uint32_t length, bool preparedForAsmJS)
: refcount_(1),
length(length),
preparedForAsmJS(preparedForAsmJS),
waiters_(nullptr)
{
MOZ_ASSERT(buffer == dataPointerShared());
}
public:
static SharedArrayRawBuffer* New(JSContext* cx, uint32_t length);
// This may be called from multiple threads. The caller must take
// care of mutual exclusion.
FutexWaiter* waiters() const {
return waiters_;
}
// This may be called from multiple threads. The caller must take
// care of mutual exclusion.
void setWaiters(FutexWaiter* waiters) {
waiters_ = waiters;
}
SharedMem<uint8_t*> dataPointerShared() const {
uint8_t* ptr = reinterpret_cast<uint8_t*>(const_cast<SharedArrayRawBuffer*>(this));
return SharedMem<uint8_t*>::shared(ptr + sizeof(SharedArrayRawBuffer));
}
uint32_t byteLength() const {
return length;
}
bool isPreparedForAsmJS() const {
return preparedForAsmJS;
}
uint32_t refcount() const { return refcount_; }
void addReference();
void dropReference();
};
/*
* SharedArrayBufferObject
*
* When transferred to a WebWorker, the buffer is not detached on the
* parent side, and both child and parent reference the same buffer.
*
* The underlying memory is memory-mapped and reference counted
* (across workers and/or processes). The SharedArrayBuffer object
* has a finalizer that decrements the refcount, the last one to leave
* (globally) unmaps the memory. The sender ups the refcount before
* transmitting the memory to another worker.
*
* SharedArrayBufferObject (or really the underlying memory) /is
* racy/: more than one worker can access the memory at the same time.
*
* A TypedArrayObject (a view) references a SharedArrayBuffer
* and keeps it alive. The SharedArrayBuffer does /not/ reference its
* views.
*/
class SharedArrayBufferObject : public ArrayBufferObjectMaybeShared
{
static bool byteLengthGetterImpl(JSContext* cx, const CallArgs& args);
public:
// RAWBUF_SLOT holds a pointer (as "private" data) to the
// SharedArrayRawBuffer object, which is manually managed storage.
static const uint8_t RAWBUF_SLOT = 0;
static const uint8_t RESERVED_SLOTS = 1;
static const Class class_;
static bool byteLengthGetter(JSContext* cx, unsigned argc, Value* vp);
static bool class_constructor(JSContext* cx, unsigned argc, Value* vp);
// Create a SharedArrayBufferObject with a new SharedArrayRawBuffer.
static SharedArrayBufferObject* New(JSContext* cx,
uint32_t length,
HandleObject proto = nullptr);
// Create a SharedArrayBufferObject using an existing SharedArrayRawBuffer.
static SharedArrayBufferObject* New(JSContext* cx,
SharedArrayRawBuffer* buffer,
HandleObject proto = nullptr);
static void Finalize(FreeOp* fop, JSObject* obj);
static void addSizeOfExcludingThis(JSObject* obj, mozilla::MallocSizeOf mallocSizeOf,
JS::ClassInfo* info);
static void copyData(Handle<SharedArrayBufferObject*> toBuffer,
Handle<SharedArrayBufferObject*> fromBuffer,
uint32_t fromIndex, uint32_t count);
SharedArrayRawBuffer* rawBufferObject() const;
// Invariant: This method does not cause GC and can be called
// without anchoring the object it is called on.
uintptr_t globalID() const {
// The buffer address is good enough as an ID provided the memory is not shared
// between processes or, if it is, it is mapped to the same address in every
// process. (At the moment, shared memory cannot be shared between processes.)
return dataPointerShared().asValue();
}
uint32_t byteLength() const {
return rawBufferObject()->byteLength();
}
bool isPreparedForAsmJS() const {
return rawBufferObject()->isPreparedForAsmJS();
}
SharedMem<uint8_t*> dataPointerShared() const {
return rawBufferObject()->dataPointerShared();
}
private:
void acceptRawBuffer(SharedArrayRawBuffer* buffer);
void dropRawBuffer();
};
bool IsSharedArrayBuffer(HandleValue v);
bool IsSharedArrayBuffer(HandleObject o);
bool IsSharedArrayBuffer(JSObject* o);
SharedArrayBufferObject& AsSharedArrayBuffer(HandleObject o);
} // namespace js
#endif // vm_SharedArrayObject_h
|