1/*
2 * Copyright (C) 2016 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#pragma once
27
28#include "HeapAnalyzer.h"
29#include <functional>
30#include <wtf/Lock.h>
31#include <wtf/Vector.h>
32
33namespace JSC {
34
35class ConservativeRoots;
36class HeapProfiler;
37class HeapSnapshot;
38class JSCell;
39
40typedef unsigned NodeIdentifier;
41
42struct HeapSnapshotNode {
43 HeapSnapshotNode(JSCell* cell, unsigned identifier)
44 : cell(cell)
45 , identifier(identifier)
46 { }
47
48 JSCell* cell;
49 NodeIdentifier identifier;
50};
51
52enum class EdgeType : uint8_t {
53 Internal, // Normal strong reference. No name.
54 Property, // Named property. In `object.property` the name is "property"
55 Index, // Indexed property. In `array[0]` name is index "0".
56 Variable, // Variable held by a scope. In `let x, f=() => x++` name is "x" in f's captured scope.
57 // FIXME: <https://webkit.org/b/154934> Heap Snapshot should include "Weak" edges
58};
59
60struct HeapSnapshotEdge {
61 HeapSnapshotEdge(JSCell* fromCell, JSCell* toCell)
62 : type(EdgeType::Internal)
63 {
64 from.cell = fromCell;
65 to.cell = toCell;
66 }
67
68 HeapSnapshotEdge(JSCell* fromCell, JSCell* toCell, EdgeType type, UniquedStringImpl* name)
69 : type(type)
70 {
71 ASSERT(type == EdgeType::Property || type == EdgeType::Variable);
72 from.cell = fromCell;
73 to.cell = toCell;
74 u.name = name;
75 }
76
77 HeapSnapshotEdge(JSCell* fromCell, JSCell* toCell, uint32_t index)
78 : type(EdgeType::Index)
79 {
80 from.cell = fromCell;
81 to.cell = toCell;
82 u.index = index;
83 }
84
85 union {
86 JSCell *cell;
87 NodeIdentifier identifier;
88 } from;
89
90 union {
91 JSCell *cell;
92 NodeIdentifier identifier;
93 } to;
94
95 union {
96 UniquedStringImpl* name;
97 uint32_t index;
98 } u;
99
100 EdgeType type;
101};
102
103class JS_EXPORT_PRIVATE HeapSnapshotBuilder final : public HeapAnalyzer {
104 WTF_MAKE_FAST_ALLOCATED;
105public:
106 enum SnapshotType { InspectorSnapshot, GCDebuggingSnapshot };
107
108 HeapSnapshotBuilder(HeapProfiler&, SnapshotType = SnapshotType::InspectorSnapshot);
109 ~HeapSnapshotBuilder();
110
111 static void resetNextAvailableObjectIdentifier();
112
113 // Performs a garbage collection that builds a snapshot of all live cells.
114 void buildSnapshot();
115
116 // A root or marked cell.
117 void analyzeNode(JSCell*);
118
119 // A reference from one cell to another.
120 void analyzeEdge(JSCell* from, JSCell* to, SlotVisitor::RootMarkReason);
121 void analyzePropertyNameEdge(JSCell* from, JSCell* to, UniquedStringImpl* propertyName);
122 void analyzeVariableNameEdge(JSCell* from, JSCell* to, UniquedStringImpl* variableName);
123 void analyzeIndexEdge(JSCell* from, JSCell* to, uint32_t index);
124
125 void setOpaqueRootReachabilityReasonForCell(JSCell*, const char*);
126 void setWrappedObjectForCell(JSCell*, void*);
127 void setLabelForCell(JSCell*, const String&);
128
129 String json();
130 String json(Function<bool (const HeapSnapshotNode&)> allowNodeCallback);
131
132private:
133 static NodeIdentifier nextAvailableObjectIdentifier;
134 static NodeIdentifier getNextObjectIdentifier();
135
136 // Finalized snapshots are not modified during building. So searching them
137 // for an existing node can be done concurrently without a lock.
138 bool previousSnapshotHasNodeForCell(JSCell*, NodeIdentifier&);
139
140 String descriptionForCell(JSCell*) const;
141
142 struct RootData {
143 const char* reachabilityFromOpaqueRootReasons { nullptr };
144 SlotVisitor::RootMarkReason markReason { SlotVisitor::RootMarkReason::None };
145 };
146
147 HeapProfiler& m_profiler;
148
149 // SlotVisitors run in parallel.
150 Lock m_buildingNodeMutex;
151 std::unique_ptr<HeapSnapshot> m_snapshot;
152 Lock m_buildingEdgeMutex;
153 Vector<HeapSnapshotEdge> m_edges;
154 HashMap<JSCell*, RootData> m_rootData;
155 HashMap<JSCell*, void*> m_wrappedObjectPointers;
156 HashMap<JSCell*, String> m_cellLabels;
157 SnapshotType m_snapshotType;
158};
159
160} // namespace JSC
161