| Activation-inl.h |
static |
5399 |
| Activation.cpp |
|
3033 |
| Activation.h |
|
23903 |
| ArgumentsObject-inl.h |
namespace js |
2040 |
| ArgumentsObject.cpp |
static |
33533 |
| ArgumentsObject.h |
numArgs = std::max(numFormalArgs, numActualArgs)
The array 'args' has numArgs elements.
|
16978 |
| ArrayBufferObject-inl.h |
|
2454 |
| ArrayBufferObject.cpp |
Convert |v| to an array index for an array of length |length| per
the Typed Array Specification section 7.0, |subarray|. If successful,
the output value is in the range [0, length].
|
59654 |
| ArrayBufferObject.h |
|
25226 |
| ArrayBufferViewObject.cpp |
This method is used to trace TypedArrayObjects and DataViewObjects. We need
a custom tracer to move the object's data pointer if its owner was moved and
stores its data inline.
|
8933 |
| ArrayBufferViewObject.h |
ArrayBufferViewObject
Common base class for all array buffer views (DataViewObject and
TypedArrayObject).
|
5161 |
| ArrayObject-inl.h |
Track objects with overflowing lengths in type information. |
4378 |
| ArrayObject.h |
|
2695 |
| AsyncFunction.cpp |
|
6720 |
| AsyncFunction.h |
vm_AsyncFunction_h |
2070 |
| AsyncIteration.cpp |
static |
17893 |
| AsyncIteration.h |
|
10070 |
| AtomsTable.h |
Implementation details of the atoms table.
|
6483 |
| BigIntType.cpp |
|
109388 |
| BigIntType.h |
|
18749 |
| BooleanObject-inl.h |
= nullptr |
785 |
| BooleanObject.h |
Stores this Boolean object's [[PrimitiveValue]]. |
1441 |
| BuildId.cpp |
SpiderMonkey buildId-related functionality. |
1006 |
| BytecodeIterator-inl.h |
|
1070 |
| BytecodeIterator.h |
|
2305 |
| BytecodeLocation-inl.h |
|
2114 |
| BytecodeLocation.h |
|
5733 |
| BytecodeUtil-inl.h |
Add an extra pushed value for OR/AND opcodes, so that they are included
in the pushed array of stack values for type inference.
|
6467 |
| BytecodeUtil.cpp |
JS bytecode descriptors, disassemblers, and (expression) decompilers.
|
83117 |
| BytecodeUtil.h |
JS bytecode definitions.
|
21288 |
| Caches-inl.h |
nDynamicSlots = |
3130 |
| Caches.cpp |
|
817 |
| Caches.h |
GetSrcNote cache to avoid O(n^2) growth in finding a source note for a
given pc in a script. We use the script->code pointer to tag the cache,
instead of the script address itself, so that source notes are always found
by offset from the bytecode with which they were generated.
|
7618 |
| CallNonGenericMethod.cpp |
|
1069 |
| CharacterEncoding.cpp |
nbytes sets 1 length since this is surrogate pair. |
23598 |
| CodeCoverage.cpp |
|
21907 |
| CodeCoverage.h |
|
5646 |
| CommonPropertyNames.h |
A higher-order macro for enumerating all cached property names. |
39840 |
| Compartment-inl.h |
Only GC things have to be wrapped or copied. |
10214 |
| Compartment.cpp |
Directly allocate the copy in the destination compartment, rather than
first flattening it (and possibly allocating in source compartment),
because we don't know whether the flattening will pay off later.
|
17359 |
| Compartment.h |
|
17291 |
| CompilationAndEvaluation.cpp |
Same-thread compilation and evaluation APIs. |
22357 |
| Compression.cpp |
|
7590 |
| Compression.h |
Compress some of the input. Return true if it should be called again. |
3943 |
| DateObject.h |
Cached slots holding local properties of the date.
These are undefined until the first actual lookup occurs
and are reset to undefined whenever the date's time is modified.
|
5454 |
| DateTime.cpp |
!defined(XP_WIN) |
25816 |
| DateTime.h |
ENABLE_INTL_API && !MOZ_SYSTEM_ICU |
14795 |
| EnvironmentObject-inl.h |
namespace js |
3185 |
| EnvironmentObject.cpp |
/
Shape* js::EnvironmentCoordinateToEnvironmentShape(JSScript* script,
jsbytecode* pc) {
MOZ_ASSERT(JOF_OPTYPE(JSOp(*pc)) == JOF_ENVCOORD);
ScopeIter si(script->innermostScope(pc));
uint32_t hops = EnvironmentCoordinate(pc).hops();
while (true) {
MOZ_ASSERT(!si.done());
if (si.hasSyntacticEnvironment()) {
if (!hops) {
break;
}
hops--;
}
si++;
}
return si.environmentShape();
}
PropertyName* js::EnvironmentCoordinateNameSlow(JSScript* script,
jsbytecode* pc) {
Shape* shape = EnvironmentCoordinateToEnvironmentShape(script, pc);
EnvironmentCoordinate ec(pc);
Shape::Range<NoGC> r(shape);
while (r.front().slot() != ec.slot()) {
r.popFront();
}
jsid id = r.front().propidRaw();
/* Beware nameless destructuring formal. |
130519 |
| EnvironmentObject.h |
Return a shape representing the static scope containing the variable
accessed by the ALIASEDVAR op at 'pc'.
|
45694 |
| EqualityOperations.cpp |
|
7341 |
| EqualityOperations.h |
The equality comparisons of js/Equality.h, but with extra efficiency for
SpiderMonkey-internal callers.
These functions, assuming they're passed C++-valid arguments, are identical
to the same-named JS::-namespaced functions -- just with hidden linkage (so
they're more efficient to call), and without various external-caller-focused
JSAPI-usage assertions performed that SpiderMonkey users never come close to
failing.
|
1685 |
| ErrorObject-inl.h |
vm_ErrorObject_inl_h |
1439 |
| ErrorObject.cpp |
static |
10421 |
| ErrorObject.h |
Initialize the exception constructor/prototype hierarchy.
|
4486 |
| ErrorReporting.cpp |
|
4799 |
| ErrorReporting.h |
Metadata for a compilation error (or warning) at a particular offset, or at
no offset (i.e. with respect to a script overall).
|
4158 |
| ForOfIterator.cpp |
|
5752 |
| FrameIter-inl.h |
|
2149 |
| FrameIter.cpp |
|
28162 |
| FrameIter.h |
|
18756 |
| GeckoProfiler-inl.h |
This class is used to suppress profiler sampling during
critical sections where stack state is not valid.
|
3409 |
| GeckoProfiler.cpp |
Ensure all future generated code will be instrumented, or that all
currently instrumented code is discarded
|
18257 |
| GeckoProfiler.h |
|
9714 |
| GeneratorObject.cpp |
|
11363 |
| GeneratorObject.h |
|
8071 |
| GlobalObject-inl.h |
static |
988 |
| GlobalObject.cpp |
static |
36346 |
| GlobalObject.h |
Global object slots are reserved as follows:
[0, APPLICATION_SLOTS)
Pre-reserved slots in all global objects set aside for the embedding's
use. As with all reserved slots these start out as UndefinedValue() and
are traced for GC purposes. Apart from that the engine never touches
these slots, so the embedding can do whatever it wants with them.
[APPLICATION_SLOTS, APPLICATION_SLOTS + JSProto_LIMIT)
Stores the original value of the constructor for the corresponding
JSProtoKey.
[APPLICATION_SLOTS + JSProto_LIMIT, APPLICATION_SLOTS + 2 * JSProto_LIMIT)
Stores the prototype, if any, for the constructor for the corresponding
JSProtoKey offset from JSProto_LIMIT.
[APPLICATION_SLOTS + 2 * JSProto_LIMIT, RESERVED_SLOTS)
Various one-off values: ES5 13.2.3's [[ThrowTypeError]], RegExp statics,
the original eval for this global object (implementing |var eval =
otherWindow.eval; eval(...)| as an indirect eval), a bit indicating
whether this object has been cleared (see JS_ClearScope), and a cache for
whether eval is allowed (per the global's Content Security Policy).
The two JSProto_LIMIT-sized ranges are necessary to implement
js::FindClassObject, and spec language speaking in terms of "the original
Array prototype object", or "as if by the expression new Array()" referring
to the original Array constructor. The actual (writable and even deletable)
Object, Array, &c. properties are not stored in reserved slots.
|
36085 |
| HelperThreads.cpp |
|
83897 |
| HelperThreads.h |
Definitions for managing off-thread work using a process wide list
of worklist items and pool of threads. Worklist items are engine internal,
and are distinct from e.g. web workers.
|
30806 |
| Id.cpp |
|
636 |
| Initialization.cpp |
SpiderMonkey initialization and shutdown code. |
8153 |
| InlineCharBuffer-inl.h |
|
5046 |
| Instrumentation.cpp |
static |
8607 |
| Instrumentation.h |
The main entry point of a script. |
4353 |
| Interpreter-inl.h |
Every possible consumer of MagicValue(JS_OPTIMIZED_ARGUMENTS) (as determined
by ScriptAnalysis::needsArgsObj) must check for these magic values and, when
one is received, act as if the value were the function's ArgumentsObject.
Additionally, it is possible that, after 'arguments' was copied into a
temporary, the arguments object has been created a some other failed guard
that called JSScript::argumentsOptimizationFailed. In this case, it is
always valid (and necessary) to replace JS_OPTIMIZED_ARGUMENTS with the real
arguments object.
|
30750 |
| Interpreter.cpp |
JavaScript bytecode interpreter.
|
171327 |
| Interpreter.h |
JS interpreter interface.
|
25440 |
| Iteration.cpp |
JavaScript iterators. |
49806 |
| Iteration.h |
JavaScript iterators.
|
14564 |
| JitActivation.cpp |
|
8229 |
| JitActivation.h |
|
9743 |
| JSAtom-inl.h |
Write out character representing |index| to the memory just before |end|.
Thus |*end| is not touched, but |end[-1]| and earlier are modified as
appropriate. There must be at least js::UINT32_CHAR_BUFFER_LENGTH elements
before |end| to avoid buffer underflow. The start of the characters written
is returned and is necessarily before |end|.
|
4518 |
| JSAtom.cpp |
JS atom table.
|
41741 |
| JSAtom.h |
Return a printable, lossless char[] representation of a string-type atom.
The returned string is guaranteed to contain only ASCII characters.
|
2847 |
| JSContext-inl.h |
Set a breakpoint here (break js::ContextChecks::fail) to debug
realm/compartment/zone mismatches.
|
12915 |
| JSContext.cpp |
JS execution context.
|
45899 |
| JSContext.h |
JS execution context. |
45518 |
| JSFunction-inl.h |
For attempts to clone functions at a function definition opcode,
try to avoid the the clone if the function has singleton type. This
was called pessimistically, and we need to preserve the type's
property that if it is singleton there is only a single object
with its type in existence.
For functions inner to run once lambda, it may be possible that
the lambda runs multiple times and we repeatedly clone it. In these
cases, fall through to CloneFunctionObject, which will deep clone
the function's script.
|
5111 |
| JSFunction.cpp |
JS function support.
|
79442 |
| JSFunction.h |
JS function definitions.
|
44415 |
| JSObject-inl.h |
static |
24398 |
| JSObject.cpp |
JS object implementation.
|
132373 |
| JSObject.h |
/
class GlobalObject;
class NewObjectCache;
enum class IntegrityLevel { Sealed, Frozen };
// Forward declarations, required for later friend declarations.
bool PreventExtensions(JSContext* cx, JS::HandleObject obj,
JS::ObjectOpResult& result);
bool SetImmutablePrototype(JSContext* cx, JS::HandleObject obj,
bool* succeeded);
} /* namespace js |
40926 |
| JSONParser.cpp |
JSONString:
/^"([^\u0000-\u001F"\\]|\\(["/\\bfnrt]|u[0-9a-fA-F]{4}))*"$/
|
21541 |
| JSONParser.h |
Data members |
7558 |
| JSONPrinter.cpp |
|
4650 |
| JSONPrinter.h |
vm_JSONPrinter_h |
2565 |
| jsopcode.py |
|
13359 |
| JSScript-inl.h |
A JSScript always marks its realm's global so we can assert it's non-null
here. We don't need a read barrier here for the same reason
JSObject::nonCCWGlobal doesn't need one.
|
6917 |
| JSScript.cpp |
JS script operations.
|
175811 |
| JSScript.h |
JS script descriptor. |
125992 |
| List-inl.h |
static |
3696 |
| List.cpp |
|
419 |
| List.h |
The List specification type, ECMA-262 6.2.1.
<https://tc39.github.io/ecma262/#sec-list-and-record-specification-type>
Lists are simple mutable sequences of values. Many standards use them.
Abstractly, they're not objects; they don't have properties or prototypes;
they're for internal specification use only. ListObject is our most direct
implementation of a List: store the values in the slots of a JSObject.
We often implement Lists in other ways. For example, builtin/Utilities.js
contains a completely unrelated List constructor that's used in self-hosted
code. And AsyncGeneratorObject optimizes away the ListObject in the common
case where its internal queue never holds more than one element.
ListObjects must not be exposed to content scripts.
|
3009 |
| make_opcode_doc.py |
Usage: make_opcode_doc.py PATH_TO_MOZILLA_CENTRAL
This script generates SpiderMonkey bytecode documentation
from js/src/vm/Opcodes.h.
Output is written to stdout and should be pasted into the following
MDN page:
https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/Bytecode
|
4879 |
| MallocProvider.h |
Hierarchy of SpiderMonkey system memory allocators:
- System {m,c,re}alloc/new/free: Overridden by jemalloc in most
environments. Do not use these functions directly.
- js_{m,c,re}alloc/new/free: Wraps the system allocators and adds a
failure injection framework for use by the fuzzers as well as templated,
typesafe variants. See js/public/Utility.h.
- AllocPolicy: An interface for the js allocators, for use with templates.
These allocators are for system memory whose lifetime is not associated
with a GC thing. See js/public/AllocPolicy.h.
- SystemAllocPolicy: No extra functionality over bare allocators.
- TempAllocPolicy: Adds automatic error reporting to the provided
JSContext when allocations fail.
- ZoneAllocPolicy: Forwards to the Zone MallocProvider.
- MallocProvider. A mixin base class that handles automatically updating
the GC's state in response to allocations that are tied to a GC lifetime
or are for a particular GC purpose. These allocators must only be used
for memory that will be freed when a GC thing is swept.
- gc::Zone: Automatically triggers zone GC.
- JSRuntime: Automatically triggers full GC.
- JSContext: Dispatches directly to the runtime.
|
7825 |
| MatchPairs.h |
RegExp match results are succinctly represented by pairs of integer
indices delimiting (start, limit] segments of the input string.
The pair count for a given RegExp match is the capturing parentheses
count plus one for the "0 capturing paren" whole text match.
|
3215 |
| MemoryMetrics.cpp |
static |
28686 |
| ModuleBuilder.h |
|
4032 |
| Modules.cpp |
JavaScript modules (as in, the syntactic construct) implementation. |
5672 |
| Monitor.h |
vm_Monitor_h |
1880 |
| MutexIDs.h |
|
2797 |
| NativeObject-inl.h |
Check that the information about the object stored in the last
property's base shape is consistent with that stored in the previous
shape. If not consistent, then the last property cannot be removed as it
will induce a change in the object itself, and the object must be
converted to dictionary mode instead. See BaseShape comment in jsscope.h
|
30156 |
| NativeObject.cpp |
Objects with no elements share one empty set of elements. |
109113 |
| NativeObject.h |
To really poison a set of values, using 'magic' or 'undefined' isn't good
enough since often these will just be ignored by buggy code (see bug 629974)
in debug builds and crash in release builds. Instead, we use a safe-for-crash
pointer.
|
63415 |
| NumberObject-inl.h |
= nullptr |
816 |
| NumberObject.h |
Stores this Number object's [[PrimitiveValue]]. |
1373 |
| ObjectGroup-inl.h |
vm_ObjectGroup_inl_h |
3294 |
| ObjectGroup.cpp |
Windows may not appear on prototype chains. |
59731 |
| ObjectGroup.h |
The NewObjectKind allows an allocation site to specify the type properties
and lifetime requirements that must be fixed at allocation time.
|
24571 |
| ObjectOperations-inl.h |
Fundamental operations on objects. |
13334 |
| ObjectOperations.h |
Fundamental operations on objects. |
13562 |
| OffThreadScriptCompilation.cpp |
|
9265 |
| Opcodes.h |
[SMDOC] Bytecode Definitions
JavaScript operation bytecodes. Add a new bytecode by claiming one of the
JSOP_UNUSED* here or by extracting the first unused opcode from
FOR_EACH_TRAILING_UNUSED_OPCODE.
Includers must define a macro with the following form:
#define MACRO(op, val, name, token, length, nuses, ndefs, format) ...
Then simply use FOR_EACH_OPCODE(MACRO) to invoke MACRO for every opcode.
Selected arguments can be expanded in initializers.
Field Description
----- -----------
op Bytecode name, which is the JSOp enumerator name
value Bytecode value, which is the JSOp enumerator value
name C string containing name for disassembler
token Pretty-printer string, or null if ugly
length Number of bytes including any immediate operands
nuses Number of stack slots consumed by bytecode, -1 if variadic
ndefs Number of stack slots produced by bytecode, -1 if variadic
format Bytecode plus immediate operand encoding format
|
93064 |
| PIC.cpp |
|
10553 |
| PIC.h |
The basic PICStub just has a pointer to the next stub.
|
6972 |
| Printer.cpp |
Include trailing \0 |
12127 |
| Printer.h |
Do nothing |
6932 |
| Probes-inl.h |
Many probe handlers are implemented inline for minimal performance impact,
especially important when no backends are enabled.
|
2558 |
| Probes.cpp |
These functions call the DTrace macros for the JavaScript USDT probes.
Originally this code was inlined in the JavaScript code; however since
a number of operations are called, these have been placed into functions
to reduce any negative compiler optimization effect that the addition of
a number of usually unused lines of code would cause.
|
2119 |
| Probes.h |
Static probes
The probe points defined in this file are scattered around the SpiderMonkey
source tree. The presence of probes::SomeEvent() means that someEvent is
about to happen or has happened. To the extent possible, probes should be
inserted in all paths associated with a given event, regardless of the
active runmode (interpreter/traceJIT/methodJIT/ionJIT).
When a probe fires, it is handled by any probe handling backends that have
been compiled in. By default, most probes do nothing or at least do nothing
expensive, so the presence of the probe should have negligible effect on
running time. (Probes in slow paths may do something by default, as long as
there is no noticeable slowdown.)
For some probes, the mere existence of the probe is too expensive even if it
does nothing when called. For example, just having consistent information
available for a function call entry/exit probe causes the JITs to
de-optimize function calls. In those cases, the JITs may query at compile
time whether a probe is desired, and omit the probe invocation if not. If a
probe is runtime-disabled at compilation time, it is not guaranteed to fire
within a compiled function if it is later enabled.
Not all backends handle all of the probes listed here.
|
4310 |
| ProfilingStack.cpp |
|
1407 |
| ProxyObject.cpp |
static |
7675 |
| ProxyObject.h |
This is the base class for the various kinds of proxy objects. It's never
instantiated.
Proxy objects use their shape primarily to record flags. Property
information, &c. is all dynamically computed.
There is no class_ member to force specialization of JSObject::is<T>().
The implementation in JSObject is incorrect for proxies since it doesn't
take account of the handler type.
|
5682 |
| Realm-inl.h |
static |
3526 |
| Realm.cpp |
As a hack, we clear our timezone cache every time we create a new realm.
This ensures that the cache is always relatively fresh, but shouldn't
interfere with benchmarks that create tons of date objects (unless they
also create tons of iframes, which seems unlikely).
|
28751 |
| Realm.h |
A single-entry cache for some base-10 double-to-string conversions. This
helps date-format-xparb.js. It also avoids skewing the results for
v8-splay.js when measured by the SunSpider harness, where the splay tree
initialization (which includes many repeated double-to-string conversions)
is erroneously included in the measurement; see bug 562553.
|
32876 |
| ReceiverGuard-inl.h |
vm_ReceiverGuard_inl_h |
1212 |
| ReceiverGuard.cpp |
|
604 |
| ReceiverGuard.h |
vm_ReceiverGuard_h |
3233 |
| RegExpObject.cpp |
= nullptr |
49674 |
| RegExpObject.h |
JavaScript RegExp objects. |
8555 |
| RegExpShared.h |
The compiled representation of a RegExp, potentially shared among RegExp
instances created during separate evaluations of a single RegExp literal in
source code.
|
11957 |
| RegExpStatics.cpp |
RegExpStatics allocates memory -- in order to keep the statics stored
per-global and not leak, we create a JSClass to wrap the C++ instance and
provide an appropriate finalizer. We lazily create and store an instance of
that JSClass in a global reserved slot.
|
3539 |
| RegExpStatics.h |
The latest RegExp output, set after execution. |
9387 |
| RegExpStaticsObject.h |
vm_RegExpStaticsObject_h |
829 |
| Runtime.cpp |
static |
27870 |
| Runtime.h |
Different signature because the return type has MOZ_MUST_USE_TYPE. |
37052 |
| SavedFrame.h |
|
9355 |
| SavedStacks-inl.h |
|
1271 |
| SavedStacks.cpp |
Maximum number of saved frames returned for an async stack.
|
68220 |
| SavedStacks.h |
|
14847 |
| Scope.cpp |
|
54163 |
| Scope.h |
The various {Global,Module,...}Scope::Data classes consist of always-present
bits, then a trailing array of BindingNames. The various Data classes all
end in a TrailingNamesArray that contains sized/aligned space for *one*
BindingName. Data instances that contain N BindingNames, are then allocated
in sizeof(Data) + (space for (N - 1) BindingNames). Because this class's
|data_| field is properly sized/aligned, the N-BindingName array can start
at |data_|.
This is concededly a very low-level representation, but we want to only
allocate once for data+bindings both, and this does so approximately as
elegantly as C++ allows.
|
46765 |
| SelfHosting.cpp |
|
115192 |
| SelfHosting.h |
Check whether the given JSFunction is a self-hosted function whose
self-hosted name is the given name.
|
2947 |
| Shape-inl.h |
static |
12540 |
| Shape.cpp |
JS symbol tables. |
67582 |
| Shape.h |
[SMDOC] Shapes
In isolation, a Shape represents a property that exists in one or more
objects; it has an id, flags, etc. (But it doesn't represent the property's
value.) However, Shapes are always stored in linked linear sequence of
Shapes, called "shape lineages". Each shape lineage represents the layout of
an entire object.
Every JSObject has a pointer, |shape_|, accessible via lastProperty(), to
the last Shape in a shape lineage, which identifies the property most
recently added to the object. This pointer permits fast object layout
tests. The shape lineage order also dictates the enumeration order for the
object; ECMA requires no particular order but this implementation has
promised and delivered property definition order.
Shape lineages occur in two kinds of data structure.
1. N-ary property trees. Each path from a non-root node to the root node in
a property tree is a shape lineage. Property trees permit full (or
partial) sharing of Shapes between objects that have fully (or partly)
identical layouts. The root is an EmptyShape whose identity is determined
by the object's class, compartment and prototype. These Shapes are shared
and immutable.
2. Dictionary mode lists. Shapes in such lists are said to be "in
dictionary mode", as are objects that point to such Shapes. These Shapes
are unshared, private to a single object, and immutable except for their
links in the dictionary list.
All shape lineages are bi-directionally linked, via the |parent| and
|kids|/|listp| members.
Shape lineages start out life in the property tree. They can be converted
(by copying) to dictionary mode lists in the following circumstances.
1. The shape lineage's size reaches MAX_HEIGHT. This reasonable limit avoids
potential worst cases involving shape lineage mutations.
2. A property represented by a non-last Shape in a shape lineage is removed
from an object. (In the last Shape case, obj->shape_ can be easily
adjusted to point to obj->shape_->parent.) We originally tried lazy
forking of the property tree, but this blows up for delete/add
repetitions.
3. A property represented by a non-last Shape in a shape lineage has its
attributes modified.
To find the Shape for a particular property of an object initially requires
a linear search. But if the number of searches starting at any particular
Shape in the property tree exceeds LINEAR_SEARCHES_MAX and the Shape's
lineage has (excluding the EmptyShape) at least MIN_ENTRIES, we create an
auxiliary hash table -- the ShapeTable -- that allows faster lookup.
Furthermore, a ShapeTable is always created for dictionary mode lists,
and it is attached to the last Shape in the lineage. Shape tables for
property tree Shapes never change, but shape tables for dictionary mode
Shapes can grow and shrink.
To save memory, shape tables can be discarded on GC and recreated when
needed. AutoKeepShapeCaches can be used to avoid discarding shape tables
for a particular zone. Methods operating on ShapeTables take either an
AutoCheckCannotGC or AutoKeepShapeCaches argument, to help ensure tables
are not purged while we're using them.
There used to be a long, math-heavy comment here explaining why property
trees are more space-efficient than alternatives. This was removed in bug
631138; see that bug for the full details.
For getters/setters, an AccessorShape is allocated. This is a slightly fatter
type with extra fields for the getter/setter data.
Because many Shapes have similar data, there is actually a secondary type
called a BaseShape that holds some of a Shape's data. Many shapes can share
a single BaseShape.
|
57780 |
| SharedArrayObject.cpp |
for resize |
14621 |
| SharedArrayObject.h |
SharedArrayRawBuffer
A bookkeeping object always stored immediately before the raw buffer.
The buffer itself is mmap()'d and refcounted.
SharedArrayBufferObjects and structured clone objects may hold references.
|<------ sizeof ------>|<- length ->|
| waste | SharedArrayRawBuffer | data array | waste |
Observe that if we want to map the data array on a specific address, such
as absolute zero (bug 1056027), then the SharedArrayRawBuffer cannot be
prefixed to the data array, it has to be a separate object, also in
shared memory. (That would get rid of ~4KB of waste, as well.) Very little
else would have to change throughout the engine, the SARB would point to
the data array using a constant pointer, instead of computing its
address.
If preparedForWasm_ is true then length_ can change following initialization;
it may grow toward maxSize_. See extensive comments above WasmArrayRawBuffer
in ArrayBufferObject.cpp.
length_ only grows when the lock is held.
|
9064 |
| SharedImmutableStringsCache-inl.h |
|
2704 |
| SharedImmutableStringsCache.cpp |
|
3634 |
| SharedImmutableStringsCache.h |
The `SharedImmutableStringsCache` allows safely sharing and deduplicating
immutable strings (either `const char*` [any encoding, not restricted to
only Latin-1 or only UTF-8] or `const char16_t*`) between threads.
The locking mechanism is dead-simple and coarse grained: a single lock guards
all of the internal table itself, the table's entries, and the entries'
reference counts. It is only safe to perform any mutation on the cache or any
data stored within the cache when this lock is acquired.
|
14511 |
| SharedMem.h |
|
5155 |
| SourceHook.cpp |
|
880 |
| Stack-inl.h |
Initialize stack frame members. |
24208 |
| Stack.cpp |
|
23855 |
| Stack.h |
/
namespace js {
namespace jit {
class BaselineFrame;
class RematerializedFrame;
} // namespace jit
/**
Pointer to a live JS or WASM stack frame.
|
33337 |
| StringObject-inl.h |
static |
1531 |
| StringObject.h |
Creates a new String object boxing the given string. The object's
[[Prototype]] is determined from context.
|
2336 |
| StringType-inl.h |
Don't bother trying to find a static atom; measurement shows that not
many get here (for one, Atomize is catching them).
|
14399 |
| StringType.cpp |
|
75032 |
| StringType.h |
The buffer length required to contain any unsigned 32-bit integer. |
63749 |
| StructuredClone.cpp |
This file implements the structured data algorithms of
https://html.spec.whatwg.org/multipage/structured-data.html
The spec is in two parts:
- StructuredSerialize examines a JS value and produces a graph of Records.
- StructuredDeserialize walks the Records and produces a new JS value.
The differences between our implementation and the spec are minor:
- We call the two phases "write" and "read".
- Our algorithms use an explicit work stack, rather than recursion.
- Serialized data is a flat array of bytes, not a (possibly cyclic) graph
of "Records".
- As a consequence, we handle non-treelike object graphs differently.
We serialize objects that appear in multiple places in the input as
backreferences, using sequential integer indexes.
See `JSStructuredCloneReader::allObjs`, our take on the "memory" map
in the spec's StructuredDeserialize.
|
99426 |
| SymbolType.cpp |
|
3736 |
| SymbolType.h |
namespace JS |
4966 |
| TaggedProto.cpp |
static |
1181 |
| TaggedProto.h |
Skip nullptr and LazyProto. |
5208 |
| Time.cpp |
PR time code. |
12955 |
| Time.h |
Broken down form of 64 bit time value.
|
5414 |
| TraceLogging.cpp |
|
53823 |
| TraceLogging.h |
[SMDOC] Tracelogging overview.
Tracelogging makes it possible to trace the occurrence of a single event
and/or the start and stop of an event. This is implemented with as low
overhead as possible to not interfere with running.
Logging something is done in 3 stages.
1) Get the tracelogger of the current thread. cx may be omitted, in which
case it will be fetched from TLS.
- TraceLoggerForCurrentThread(cx);
2) Optionally create a TraceLoggerEvent for the text that needs to get
logged. This step takes some time, so try to do this beforehand, outside
the hot path and don't do unnecessary repetitions, since it will cripple
performance.
- TraceLoggerEvent event(logger, "foo");
There are also some predefined events. They are located in
TraceLoggerTextId. They don't require to create an TraceLoggerEvent and
can also be used as an argument to these functions.
3) Log the occurrence of a single event:
- TraceLogTimestamp(logger, TraceLoggerTextId);
Note: it is temporarily not supported to provide an TraceLoggerEvent as
argument to log the occurrence of a single event.
or log the start and stop of an event:
- TraceLogStartEvent(logger, TraceLoggerTextId);
- TraceLogStartEvent(logger, TraceLoggerEvent);
- TraceLogStopEvent(logger, TraceLoggerTextId);
- TraceLogStopEvent(logger, TraceLoggerEvent);
or the start/stop of an event with a RAII class:
- AutoTraceLog atl(logger, TraceLoggerTextId);
- AutoTraceLog atl(logger, TraceLoggerEvent);
|
21396 |
| TraceLoggingGraph.cpp |
|
18005 |
| TraceLoggingGraph.h |
The output of a tracelogging session is saved in /tmp/tl-data.json.
The format of that file is a JS array per tracelogger (=thread), with a map
containing:
- dict: Name of the file containing a json table with the log text.
All other files only contain a index to this table when logging.
- events: Name of the file containing a flat list of log events saved
in binary format.
(64bit: Time Stamp Counter, 32bit index to dict)
- tree: Name of the file containing the events with duration. The content
is already in a tree data structure. This is also saved in a
binary file.
- treeFormat: The format used to encode the tree. By default "64,64,31,1,32".
There are currently no other formats to save the tree.
- 64,64,31,1,32 signifies how many bytes are used for the different
parts of the tree.
=> 64 bits: Time Stamp Counter of start of event.
=> 64 bits: Time Stamp Counter of end of event.
=> 31 bits: Index to dict file containing the log text.
=> 1 bit: Boolean signifying if this entry has children.
When true, the child can be found just right after this
entry.
=> 32 bits: Containing the ID of the next event on the same depth
or 0 if there isn't an event on the same depth anymore.
/-> The position in the file. Id is this divided by size of entry.
| So in this case this would be 1 (192bits per entry).
| /-> Indicates there are children. The
| | first child is located at current
| | ID + 1. So 1 + 1 in this case: 2.
| | Or 0x00180 in the tree file.
| | /-> Next event on the same depth is
| | | located at 4. So 0x00300 in the
| | | tree file.
0x0000C0: [start, end, dictId, 1, 4]
Example:
0x0: [start, end, dictId, 1, 0]
|
/----------------------------------\
| |
0xC0: [start, end, dictId, 0, 2] 0x180 [start, end, dictId, 1, 0]
|
/----------------------------------\
| |
0x240: [start, end, dictId, 0, 4] 0x300 [start, end, dictId, 0, 0]
|
9174 |
| TraceLoggingTypes.cpp |
|
656 |
| TraceLoggingTypes.h |
Specific passes during ion compilation |
9151 |
| TypedArrayObject-inl.h |
Utilities and common inline code for TypedArray |
23004 |
| TypedArrayObject.cpp |
TypedArrayObject
The non-templated base class for the specific typed implementations.
This class holds all the member variables that are used by
the subclasses.
|
92613 |
| TypedArrayObject.h |
TypedArrayObject
The non-templated base class for the specific typed implementations.
This class holds all the member variables that are used by
the subclasses.
|
11522 |
| TypeInference-inl.h |
Inline members for javascript type inference. |
41573 |
| TypeInference.cpp |
static |
137229 |
| TypeInference.h |
Definitions related to javascript type inference. |
12314 |
| TypeSet.h |
TypeSet classes and functions. |
32142 |
| UbiNode.cpp |
|
16085 |
| UbiNodeCensus.cpp |
Count Types *********************************************************** |
41915 |
| UbiNodeShortestPaths.cpp |
= 10 |
2399 |
| Value.cpp |
|
1107 |
| Warnings.cpp |
|
1854 |
| WrapperObject.h |
vm_WrapperObject_h |
1075 |
| Xdr.cpp |
|
16054 |
| Xdr.h |
|
17716 |