cosmopolitan/third_party/duktape/duk_heap_finalize.c

446 lines
17 KiB
C
Raw Normal View History

2020-06-15 14:18:57 +00:00
/*
* Finalizer handling.
*/
#include "third_party/duktape/duk_internal.h"
#if defined(DUK_USE_FINALIZER_SUPPORT)
/*
* Fake torture finalizer.
*/
#if defined(DUK_USE_FINALIZER_TORTURE)
DUK_LOCAL duk_ret_t duk__fake_global_finalizer(duk_hthread *thr) {
DUK_DD(DUK_DDPRINT("fake global torture finalizer executed"));
/* Require a lot of stack to force a value stack grow/shrink. */
duk_require_stack(thr, 100000);
/* Force a reallocation with pointer change for value stack
* to maximize side effects.
*/
duk_hthread_valstack_torture_realloc(thr);
/* Inner function call, error throw. */
duk_eval_string_noresult(thr,
"(function dummy() {\n"
" dummy.prototype = null; /* break reference loop */\n"
" try {\n"
" throw 'fake-finalizer-dummy-error';\n"
" } catch (e) {\n"
" void e;\n"
" }\n"
"})()");
/* The above creates garbage (e.g. a function instance). Because
* the function/prototype reference loop is broken, it gets collected
* immediately by DECREF. If Function.prototype has a _Finalizer
* property (happens in some test cases), the garbage gets queued to
* finalize_list. This still won't cause an infinite loop because
* the torture finalizer is called once per finalize_list run and
* the garbage gets handled in the same run. (If the garbage needs
* mark-and-sweep collection, an infinite loop might ensue.)
*/
return 0;
}
DUK_LOCAL void duk__run_global_torture_finalizer(duk_hthread *thr) {
DUK_ASSERT(thr != NULL);
/* Avoid fake finalization when callstack limit is near. Otherwise
* a callstack limit error will be created, then refzero'ed. The
* +5 headroom is conservative.
*/
if (thr->heap->call_recursion_depth + 5 >= thr->heap->call_recursion_limit ||
thr->callstack_top + 5 >= DUK_USE_CALLSTACK_LIMIT) {
DUK_D(DUK_DPRINT("skip global torture finalizer, too little headroom for call recursion or call stack size"));
return;
}
/* Run fake finalizer. Avoid creating unnecessary garbage. */
duk_push_c_function(thr, duk__fake_global_finalizer, 0 /*nargs*/);
(void) duk_pcall(thr, 0 /*nargs*/);
duk_pop(thr);
}
#endif /* DUK_USE_FINALIZER_TORTURE */
/*
* Process the finalize_list to completion.
*
* An object may be placed on finalize_list by either refcounting or
* mark-and-sweep. The refcount of objects placed by refcounting will be
* zero; the refcount of objects placed by mark-and-sweep is > 0. In both
* cases the refcount is bumped by 1 artificially so that a REFZERO event
* can never happen while an object is waiting for finalization. Without
* this bump a REFZERO could now happen because user code may call
* duk_push_heapptr() and then pop a value even when it's on finalize_list.
*
* List processing assumes refcounts are kept up-to-date at all times, so
* that once the finalizer returns, a zero refcount is a reliable reason to
* free the object immediately rather than place it back to the heap. This
* is the case because we run outside of refzero_list processing so that
* DECREF cascades are handled fully inline.
*
* For mark-and-sweep queued objects (had_zero_refcount false) the object
* may be freed immediately if its refcount is zero after the finalizer call
* (i.e. finalizer removed the reference loop for the object). If not, the
* next mark-and-sweep will collect the object unless it has become reachable
* (i.e. rescued) by that time and its refcount hasn't fallen to zero before
* that. Mark-and-sweep detects these objects because their FINALIZED flag
* is set.
*
* There's an inherent limitation for mark-and-sweep finalizer rescuing: an
* object won't get refinalized if (1) it's rescued, but (2) becomes
* unreachable before mark-and-sweep has had time to notice it. The next
* mark-and-sweep round simply doesn't have any information of whether the
* object has been unreachable the whole time or not (the only way to get
* that information would be a mark-and-sweep pass for *every finalized
* object*). This is awkward for the application because the mark-and-sweep
* round is not generally visible or under full application control.
*
* For refcount queued objects (had_zero_refcount true) the object is either
* immediately freed or rescued, and waiting for a mark-and-sweep round is not
* necessary (or desirable); FINALIZED is cleared when a rescued object is
* queued back to heap_allocated. The object is eligible for finalization
* again (either via refcounting or mark-and-sweep) immediately after being
* rescued. If a refcount finalized object is placed into an unreachable
* reference loop by its finalizer, it will get collected by mark-and-sweep
* and currently the finalizer will execute again.
*
* There's a special case where:
*
* - Mark-and-sweep queues an object to finalize_list for finalization.
* - The finalizer is executed, FINALIZED is set, and object is queued
* back to heap_allocated, waiting for a new mark-and-sweep round.
* - The object's refcount drops to zero before mark-and-sweep has a
* chance to run another round and make a rescue/free decision.
*
* This is now handled by refzero code: if an object has a finalizer but
* FINALIZED is already set, the object is freed without finalizer processing.
* The outcome is the same as if mark-and-sweep was executed at that point;
* mark-and-sweep would also free the object without another finalizer run.
* This could also be changed so that the refzero-triggered finalizer *IS*
* executed: being refzero collected implies someone has operated on the
* object so it hasn't been totally unreachable the whole time. This would
* risk a finalizer loop however.
*/
DUK_INTERNAL void duk_heap_process_finalize_list(duk_heap *heap) {
duk_heaphdr *curr;
#if defined(DUK_USE_DEBUG)
duk_size_t count = 0;
#endif
DUK_DDD(DUK_DDDPRINT("duk_heap_process_finalize_list: %p", (void *) heap));
if (heap->pf_prevent_count != 0) {
DUK_DDD(DUK_DDDPRINT("skip finalize_list processing: pf_prevent_count != 0"));
return;
}
/* Heap alloc prevents mark-and-sweep before heap_thread is ready. */
DUK_ASSERT(heap != NULL);
DUK_ASSERT(heap->heap_thread != NULL);
DUK_ASSERT(heap->heap_thread->valstack != NULL);
#if defined(DUK_USE_REFERENCE_COUNTING)
DUK_ASSERT(heap->refzero_list == NULL);
#endif
DUK_ASSERT(heap->pf_prevent_count == 0);
heap->pf_prevent_count = 1;
/* Mark-and-sweep no longer needs to be prevented when running
* finalizers: mark-and-sweep skips any rescue decisions if there
* are any objects in finalize_list when mark-and-sweep is entered.
* This protects finalized objects from incorrect rescue decisions
* caused by finalize_list being a reachability root and only
* partially processed. Freeing decisions are not postponed.
*/
/* When finalizer torture is enabled, make a fake finalizer call with
* maximum side effects regardless of whether finalize_list is empty.
*/
#if defined(DUK_USE_FINALIZER_TORTURE)
duk__run_global_torture_finalizer(heap->heap_thread);
#endif
/* Process finalize_list until it becomes empty. There's currently no
* protection against a finalizer always creating more garbage.
*/
while ((curr = heap->finalize_list) != NULL) {
#if defined(DUK_USE_REFERENCE_COUNTING)
duk_bool_t queue_back;
#endif
DUK_DD(DUK_DDPRINT("processing finalize_list entry: %p -> %!iO", (void *) curr, curr));
DUK_ASSERT(DUK_HEAPHDR_GET_TYPE(curr) == DUK_HTYPE_OBJECT); /* Only objects have finalizers. */
DUK_ASSERT(!DUK_HEAPHDR_HAS_REACHABLE(curr));
DUK_ASSERT(!DUK_HEAPHDR_HAS_TEMPROOT(curr));
DUK_ASSERT(DUK_HEAPHDR_HAS_FINALIZABLE(curr)); /* All objects on finalize_list will have this flag (except object being finalized right now). */
DUK_ASSERT(!DUK_HEAPHDR_HAS_FINALIZED(curr)); /* Queueing code ensures. */
DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY(curr)); /* ROM objects never get freed (or finalized). */
#if defined(DUK_USE_ASSERTIONS)
DUK_ASSERT(heap->currently_finalizing == NULL);
heap->currently_finalizing = curr;
#endif
/* Clear FINALIZABLE for object being finalized, so that
* duk_push_heapptr() can properly ignore the object.
*/
DUK_HEAPHDR_CLEAR_FINALIZABLE(curr);
if (DUK_LIKELY(!heap->pf_skip_finalizers)) {
/* Run the finalizer, duk_heap_run_finalizer() sets
* and checks for FINALIZED to prevent the finalizer
* from executing multiple times per finalization cycle.
* (This safeguard shouldn't be actually needed anymore).
*/
#if defined(DUK_USE_REFERENCE_COUNTING)
duk_bool_t had_zero_refcount;
#endif
/* The object's refcount is >0 throughout so it won't be
* refzero processed prematurely.
*/
#if defined(DUK_USE_REFERENCE_COUNTING)
DUK_ASSERT(DUK_HEAPHDR_GET_REFCOUNT(curr) >= 1);
had_zero_refcount = (DUK_HEAPHDR_GET_REFCOUNT(curr) == 1); /* Preincremented on finalize_list insert. */
#endif
DUK_ASSERT(!DUK_HEAPHDR_HAS_FINALIZED(curr));
duk_heap_run_finalizer(heap, (duk_hobject *) curr); /* must never longjmp */
DUK_ASSERT(DUK_HEAPHDR_HAS_FINALIZED(curr));
/* XXX: assert that object is still in finalize_list
* when duk_push_heapptr() allows automatic rescue.
*/
#if defined(DUK_USE_REFERENCE_COUNTING)
DUK_DD(DUK_DDPRINT("refcount after finalizer (includes bump): %ld", (long) DUK_HEAPHDR_GET_REFCOUNT(curr)));
if (DUK_HEAPHDR_GET_REFCOUNT(curr) == 1) { /* Only artificial bump in refcount? */
#if defined(DUK_USE_DEBUG)
if (had_zero_refcount) {
DUK_DD(DUK_DDPRINT("finalized object's refcount is zero -> free immediately (refcount queued)"));
} else {
DUK_DD(DUK_DDPRINT("finalized object's refcount is zero -> free immediately (mark-and-sweep queued)"));
}
#endif
queue_back = 0;
} else
#endif
{
#if defined(DUK_USE_REFERENCE_COUNTING)
queue_back = 1;
if (had_zero_refcount) {
/* When finalization is triggered
* by refzero and we queue the object
* back, clear FINALIZED right away
* so that the object can be refinalized
* immediately if necessary.
*/
DUK_HEAPHDR_CLEAR_FINALIZED(curr);
}
#endif
}
} else {
/* Used during heap destruction: don't actually run finalizers
* because we're heading into forced finalization. Instead,
* queue finalizable objects back to the heap_allocated list.
*/
DUK_D(DUK_DPRINT("skip finalizers flag set, queue object to heap_allocated without finalizing"));
DUK_ASSERT(!DUK_HEAPHDR_HAS_FINALIZED(curr));
#if defined(DUK_USE_REFERENCE_COUNTING)
queue_back = 1;
#endif
}
/* Dequeue object from finalize_list. Note that 'curr' may no
* longer be finalize_list head because new objects may have
* been queued to the list. As a result we can't optimize for
* the single-linked heap case and must scan the list for
* removal, typically the scan is very short however.
*/
DUK_HEAP_REMOVE_FROM_FINALIZE_LIST(heap, curr);
/* Queue back to heap_allocated or free immediately. */
#if defined(DUK_USE_REFERENCE_COUNTING)
if (queue_back) {
/* FINALIZED is only cleared if object originally
* queued for finalization by refcounting. For
* mark-and-sweep FINALIZED is left set, so that
* next mark-and-sweep round can make a rescue/free
* decision.
*/
DUK_ASSERT(DUK_HEAPHDR_GET_REFCOUNT(curr) >= 1);
DUK_HEAPHDR_PREDEC_REFCOUNT(curr); /* Remove artificial refcount bump. */
DUK_HEAPHDR_CLEAR_FINALIZABLE(curr);
DUK_HEAP_INSERT_INTO_HEAP_ALLOCATED(heap, curr);
} else {
/* No need to remove the refcount bump here. */
DUK_ASSERT(DUK_HEAPHDR_GET_TYPE(curr) == DUK_HTYPE_OBJECT); /* currently, always the case */
DUK_DD(DUK_DDPRINT("refcount finalize after finalizer call: %!O", curr));
duk_hobject_refcount_finalize_norz(heap, (duk_hobject *) curr);
duk_free_hobject(heap, (duk_hobject *) curr);
DUK_DD(DUK_DDPRINT("freed hobject after finalization: %p", (void *) curr));
}
#else /* DUK_USE_REFERENCE_COUNTING */
DUK_HEAPHDR_CLEAR_FINALIZABLE(curr);
DUK_HEAP_INSERT_INTO_HEAP_ALLOCATED(heap, curr);
#endif /* DUK_USE_REFERENCE_COUNTING */
#if defined(DUK_USE_DEBUG)
count++;
#endif
#if defined(DUK_USE_ASSERTIONS)
DUK_ASSERT(heap->currently_finalizing != NULL);
heap->currently_finalizing = NULL;
#endif
}
/* finalize_list will always be processed completely. */
DUK_ASSERT(heap->finalize_list == NULL);
#if 0
/* While NORZ macros are used above, this is unnecessary because the
* only pending side effects are now finalizers, and finalize_list is
* empty.
*/
DUK_REFZERO_CHECK_SLOW(heap->heap_thread);
#endif
/* Prevent count may be bumped while finalizers run, but should always
* be reliably unbumped by the time we get here.
*/
DUK_ASSERT(heap->pf_prevent_count == 1);
heap->pf_prevent_count = 0;
#if defined(DUK_USE_DEBUG)
DUK_DD(DUK_DDPRINT("duk_heap_process_finalize_list: %ld finalizers called", (long) count));
#endif
}
/*
* Run an duk_hobject finalizer. Must never throw an uncaught error
* (but may throw caught errors).
*
* There is no return value. Any return value or error thrown by
* the finalizer is ignored (although errors are debug logged).
*
* Notes:
*
* - The finalizer thread 'top' assertions are there because it is
* critical that strict stack policy is observed (i.e. no cruft
* left on the finalizer stack).
*/
DUK_LOCAL duk_ret_t duk__finalize_helper(duk_hthread *thr, void *udata) {
DUK_ASSERT(thr != NULL);
DUK_UNREF(udata);
DUK_DDD(DUK_DDDPRINT("protected finalization helper running"));
/* [... obj] */
/* _Finalizer property is read without checking if the value is
* callable or even exists. This is intentional, and handled
* by throwing an error which is caught by the safe call wrapper.
*
* XXX: Finalizer lookup should traverse the prototype chain (to allow
* inherited finalizers) but should not invoke accessors or proxy object
* behavior. At the moment this lookup will invoke proxy behavior, so
* caller must ensure that this function is not called if the target is
* a Proxy.
*/
duk_get_prop_stridx_short(thr, -1, DUK_STRIDX_INT_FINALIZER); /* -> [... obj finalizer] */
duk_dup_m2(thr);
duk_push_boolean(thr, DUK_HEAP_HAS_FINALIZER_NORESCUE(thr->heap));
DUK_DDD(DUK_DDDPRINT("calling finalizer"));
duk_call(thr, 2); /* [ ... obj finalizer obj heapDestruct ] -> [ ... obj retval ] */
DUK_DDD(DUK_DDDPRINT("finalizer returned successfully"));
return 0;
/* Note: we rely on duk_safe_call() to fix up the stack for the caller,
* so we don't need to pop stuff here. There is no return value;
* caller determines rescued status based on object refcount.
*/
}
DUK_INTERNAL void duk_heap_run_finalizer(duk_heap *heap, duk_hobject *obj) {
duk_hthread *thr;
duk_ret_t rc;
#if defined(DUK_USE_ASSERTIONS)
duk_idx_t entry_top;
#endif
DUK_DD(DUK_DDPRINT("running duk_hobject finalizer for object: %p", (void *) obj));
DUK_ASSERT(heap != NULL);
DUK_ASSERT(heap->heap_thread != NULL);
thr = heap->heap_thread;
DUK_ASSERT(obj != NULL);
DUK_ASSERT_VALSTACK_SPACE(heap->heap_thread, 1);
#if defined(DUK_USE_ASSERTIONS)
entry_top = duk_get_top(thr);
#endif
/*
* Get and call the finalizer. All of this must be wrapped
* in a protected call, because even getting the finalizer
* may trigger an error (getter may throw one, for instance).
*/
/* ROM objects could inherit a finalizer, but they are never deemed
* unreachable by mark-and-sweep, and their refcount never falls to 0.
*/
DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj));
/* Duktape 2.1: finalize_list never contains objects with FINALIZED
* set, so no need to check here.
*/
DUK_ASSERT(!DUK_HEAPHDR_HAS_FINALIZED((duk_heaphdr *) obj));
#if 0
if (DUK_HEAPHDR_HAS_FINALIZED((duk_heaphdr *) obj)) {
DUK_D(DUK_DPRINT("object already finalized, avoid running finalizer twice: %!O", obj));
return;
}
#endif
DUK_HEAPHDR_SET_FINALIZED((duk_heaphdr *) obj); /* ensure never re-entered until rescue cycle complete */
#if defined(DUK_USE_ES6_PROXY)
if (DUK_HOBJECT_IS_PROXY(obj)) {
/* This may happen if duk_set_finalizer() or Duktape.fin() is
* called for a Proxy object. In such cases the fast finalizer
* flag will be set on the Proxy, not the target, and neither
* will be finalized.
*/
DUK_D(DUK_DPRINT("object is a Proxy, skip finalizer call"));
return;
}
#endif /* DUK_USE_ES6_PROXY */
duk_push_hobject(thr, obj); /* this also increases refcount by one */
rc = duk_safe_call(thr, duk__finalize_helper, NULL /*udata*/, 0 /*nargs*/, 1 /*nrets*/); /* -> [... obj retval/error] */
DUK_ASSERT_TOP(thr, entry_top + 2); /* duk_safe_call discipline */
if (rc != DUK_EXEC_SUCCESS) {
/* Note: we ask for one return value from duk_safe_call to get this
* error debugging here.
*/
DUK_D(DUK_DPRINT("wrapped finalizer call failed for object %p (ignored); error: %!T",
(void *) obj, (duk_tval *) duk_get_tval(thr, -1)));
}
duk_pop_2(thr); /* -> [...] */
DUK_ASSERT_TOP(thr, entry_top);
}
#else /* DUK_USE_FINALIZER_SUPPORT */
/* nothing */
#endif /* DUK_USE_FINALIZER_SUPPORT */