1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef vm_SharedArrayObject_h
#define vm_SharedArrayObject_h
#include "mozilla/Atomics.h"
#include "jstypes.h"
#include "gc/Memory.h"
#include "vm/ArrayBufferObject.h"
#include "wasm/WasmMemory.h"
namespace js {
class FutexWaiter;
class WasmSharedArrayRawBuffer;
/*
* SharedArrayRawBuffer
*
* A bookkeeping object always stored before the raw buffer. The buffer itself
* is refcounted. SharedArrayBufferObjects and structured clone objects may hold
* references.
*
* WasmSharedArrayRawBuffer is a derived class that's used for Wasm buffers.
*
* - Non-Wasm buffers are allocated with a single calloc allocation, like this:
*
* |<------ sizeof ------>|<- length ->|
* | SharedArrayRawBuffer | data array |
*
* - Wasm buffers are allocated with MapBufferMemory (mmap), like this:
*
* |<-------- sizeof -------->|<- length ->|
* | waste | WasmSharedArrayRawBuffer | data array | waste |
*
* Observe that if we want to map the data array on a specific address, such
* as absolute zero (bug 1056027), then the {Wasm}SharedArrayRawBuffer cannot be
* prefixed to the data array, it has to be a separate object, also in
* shared memory. (That would get rid of ~4KB of waste, as well.) Very little
* else would have to change throughout the engine, the SARB would point to
* the data array using a constant pointer, instead of computing its
* address.
*
* For Wasm buffers, length_ can change following initialization; it may grow
* toward sourceMaxPages_. See extensive comments above WasmArrayRawBuffer in
* ArrayBufferObject.cpp. length_ only grows when the lock is held.
*/
class SharedArrayRawBuffer {
protected:
// Whether this is a WasmSharedArrayRawBuffer.
bool isWasm_;
mozilla::Atomic<uint32_t, mozilla::ReleaseAcquire> refcount_;
mozilla::Atomic<size_t, mozilla::SequentiallyConsistent> length_;
// A list of structures representing tasks waiting on some
// location within this buffer.
FutexWaiter* waiters_ = nullptr;
protected:
SharedArrayRawBuffer(bool isWasm, uint8_t* buffer, size_t length)
: isWasm_(isWasm), refcount_(1), length_(length) {
MOZ_ASSERT(buffer == dataPointerShared());
}
public:
static SharedArrayRawBuffer* Allocate(size_t length);
inline WasmSharedArrayRawBuffer* toWasmBuffer();
// This may be called from multiple threads. The caller must take
// care of mutual exclusion.
FutexWaiter* waiters() const { return waiters_; }
// This may be called from multiple threads. The caller must take
// care of mutual exclusion.
void setWaiters(FutexWaiter* waiters) { waiters_ = waiters; }
inline SharedMem<uint8_t*> dataPointerShared() const;
size_t volatileByteLength() const { return length_; }
bool isWasm() const { return isWasm_; }
uint32_t refcount() const { return refcount_; }
[[nodiscard]] bool addReference();
void dropReference();
static int32_t liveBuffers();
};
class WasmSharedArrayRawBuffer : public SharedArrayRawBuffer {
private:
Mutex growLock_ MOZ_UNANNOTATED;
// The index type of this buffer.
wasm::IndexType indexType_;
// The maximum size of this buffer in wasm pages.
wasm::Pages clampedMaxPages_;
wasm::Pages sourceMaxPages_;
size_t mappedSize_; // Does not include the page for the header.
uint8_t* basePointer() {
SharedMem<uint8_t*> p = dataPointerShared() - gc::SystemPageSize();
MOZ_ASSERT(p.asValue() % gc::SystemPageSize() == 0);
return p.unwrap(/* we trust you won't abuse it */);
}
protected:
WasmSharedArrayRawBuffer(uint8_t* buffer, size_t length,
wasm::IndexType indexType,
wasm::Pages clampedMaxPages,
wasm::Pages sourceMaxPages, size_t mappedSize)
: SharedArrayRawBuffer(/* isWasm = */ true, buffer, length),
growLock_(mutexid::SharedArrayGrow),
indexType_(indexType),
clampedMaxPages_(clampedMaxPages),
sourceMaxPages_(sourceMaxPages),
mappedSize_(mappedSize) {}
public:
friend class SharedArrayRawBuffer;
class Lock;
friend class Lock;
class MOZ_RAII Lock {
WasmSharedArrayRawBuffer* buf;
public:
explicit Lock(WasmSharedArrayRawBuffer* buf) : buf(buf) {
buf->growLock_.lock();
}
~Lock() { buf->growLock_.unlock(); }
};
static WasmSharedArrayRawBuffer* AllocateWasm(
wasm::IndexType indexType, wasm::Pages initialPages,
wasm::Pages clampedMaxPages,
const mozilla::Maybe<wasm::Pages>& sourceMaxPages,
const mozilla::Maybe<size_t>& mappedSize);
static const WasmSharedArrayRawBuffer* fromDataPtr(const uint8_t* dataPtr) {
return reinterpret_cast<const WasmSharedArrayRawBuffer*>(
dataPtr - sizeof(WasmSharedArrayRawBuffer));
}
static WasmSharedArrayRawBuffer* fromDataPtr(uint8_t* dataPtr) {
return reinterpret_cast<WasmSharedArrayRawBuffer*>(
dataPtr - sizeof(WasmSharedArrayRawBuffer));
}
wasm::IndexType wasmIndexType() const { return indexType_; }
wasm::Pages volatileWasmPages() const {
return wasm::Pages::fromByteLengthExact(length_);
}
wasm::Pages wasmClampedMaxPages() const { return clampedMaxPages_; }
wasm::Pages wasmSourceMaxPages() const { return sourceMaxPages_; }
size_t mappedSize() const { return mappedSize_; }
void tryGrowMaxPagesInPlace(wasm::Pages deltaMaxPages);
bool wasmGrowToPagesInPlace(const Lock&, wasm::IndexType t,
wasm::Pages newPages);
// Discard a region of memory, zeroing the pages and releasing physical memory
// back to the operating system. byteOffset and byteLen must be wasm page
// aligned and in bounds. A discard of zero bytes will have no effect.
void discard(size_t byteOffset, size_t byteLen);
};
inline WasmSharedArrayRawBuffer* SharedArrayRawBuffer::toWasmBuffer() {
MOZ_ASSERT(isWasm());
return static_cast<WasmSharedArrayRawBuffer*>(this);
}
inline SharedMem<uint8_t*> SharedArrayRawBuffer::dataPointerShared() const {
uint8_t* ptr =
reinterpret_cast<uint8_t*>(const_cast<SharedArrayRawBuffer*>(this));
ptr += isWasm() ? sizeof(WasmSharedArrayRawBuffer)
: sizeof(SharedArrayRawBuffer);
return SharedMem<uint8_t*>::shared(ptr);
}
/*
* SharedArrayBufferObject
*
* When transferred to a WebWorker, the buffer is not detached on the
* parent side, and both child and parent reference the same buffer.
*
* The underlying memory is memory-mapped and reference counted
* (across workers and/or processes). The SharedArrayBuffer object
* has a finalizer that decrements the refcount, the last one to leave
* (globally) unmaps the memory. The sender ups the refcount before
* transmitting the memory to another worker.
*
* SharedArrayBufferObject (or really the underlying memory) /is
* racy/: more than one worker can access the memory at the same time.
*
* A TypedArrayObject (a view) references a SharedArrayBuffer
* and keeps it alive. The SharedArrayBuffer does /not/ reference its
* views.
*/
class SharedArrayBufferObject : public ArrayBufferObjectMaybeShared {
static bool byteLengthGetterImpl(JSContext* cx, const CallArgs& args);
public:
// RAWBUF_SLOT holds a pointer (as "private" data) to the
// SharedArrayRawBuffer object, which is manually managed storage.
static const uint8_t RAWBUF_SLOT = 0;
// LENGTH_SLOT holds the length of the underlying buffer as it was when this
// object was created. For JS use cases this is the same length as the
// buffer, but for Wasm the buffer can grow, and the buffer's length may be
// greater than the object's length.
static const uint8_t LENGTH_SLOT = 1;
static_assert(LENGTH_SLOT == ArrayBufferObject::BYTE_LENGTH_SLOT,
"JIT code assumes the same slot is used for the length");
static const uint8_t RESERVED_SLOTS = 2;
static const JSClass class_;
static const JSClass protoClass_;
static bool byteLengthGetter(JSContext* cx, unsigned argc, Value* vp);
static bool class_constructor(JSContext* cx, unsigned argc, Value* vp);
static bool isOriginalByteLengthGetter(Native native) {
return native == byteLengthGetter;
}
// Create a SharedArrayBufferObject with a new SharedArrayRawBuffer.
static SharedArrayBufferObject* New(JSContext* cx, size_t length,
HandleObject proto = nullptr);
// Create a SharedArrayBufferObject using an existing SharedArrayRawBuffer,
// recording the given length in the SharedArrayBufferObject.
static SharedArrayBufferObject* New(JSContext* cx,
SharedArrayRawBuffer* buffer,
size_t length,
HandleObject proto = nullptr);
static void Finalize(JS::GCContext* gcx, JSObject* obj);
static void addSizeOfExcludingThis(JSObject* obj,
mozilla::MallocSizeOf mallocSizeOf,
JS::ClassInfo* info,
JS::RuntimeSizes* runtimeSizes);
static void copyData(Handle<ArrayBufferObjectMaybeShared*> toBuffer,
size_t toIndex,
Handle<ArrayBufferObjectMaybeShared*> fromBuffer,
size_t fromIndex, size_t count);
SharedArrayRawBuffer* rawBufferObject() const;
WasmSharedArrayRawBuffer* rawWasmBufferObject() const {
return rawBufferObject()->toWasmBuffer();
}
// Invariant: This method does not cause GC and can be called
// without anchoring the object it is called on.
uintptr_t globalID() const {
// The buffer address is good enough as an ID provided the memory is not
// shared between processes or, if it is, it is mapped to the same address
// in every process. (At the moment, shared memory cannot be shared between
// processes.)
return dataPointerShared().asValue();
}
size_t byteLength() const {
return size_t(getFixedSlot(LENGTH_SLOT).toPrivate());
}
bool isWasm() const { return rawBufferObject()->isWasm(); }
SharedMem<uint8_t*> dataPointerShared() const {
return rawBufferObject()->dataPointerShared();
}
// WebAssembly support:
// Create a SharedArrayBufferObject using the provided buffer and size.
// Assumes ownership of a reference to |buffer| even in case of failure,
// i.e. on failure |buffer->dropReference()| is performed.
static SharedArrayBufferObject* createFromNewRawBuffer(
JSContext* cx, WasmSharedArrayRawBuffer* buffer, size_t initialSize);
wasm::Pages volatileWasmPages() const {
return rawWasmBufferObject()->volatileWasmPages();
}
wasm::Pages wasmClampedMaxPages() const {
return rawWasmBufferObject()->wasmClampedMaxPages();
}
wasm::Pages wasmSourceMaxPages() const {
return rawWasmBufferObject()->wasmSourceMaxPages();
}
size_t wasmMappedSize() const { return rawWasmBufferObject()->mappedSize(); }
static void wasmDiscard(Handle<SharedArrayBufferObject*> buf,
uint64_t byteOffset, uint64_t byteLength);
private:
[[nodiscard]] bool acceptRawBuffer(SharedArrayRawBuffer* buffer,
size_t length);
void dropRawBuffer();
};
using RootedSharedArrayBufferObject = Rooted<SharedArrayBufferObject*>;
using HandleSharedArrayBufferObject = Handle<SharedArrayBufferObject*>;
using MutableHandleSharedArrayBufferObject =
MutableHandle<SharedArrayBufferObject*>;
} // namespace js
#endif // vm_SharedArrayObject_h
|