Loading...
--- xnu/xnu-201.19.3/libkern/c++/OSObject.cpp
+++ xnu/xnu-792.6.61/libkern/c++/OSObject.cpp
@@ -23,10 +23,11 @@
#include <libkern/c++/OSObject.h>
#include <libkern/c++/OSSerialize.h>
-#include <libkern/c++/OSSymbol.h>
#include <libkern/c++/OSLib.h>
#include <libkern/c++/OSCPPDebug.h>
#include <libkern/OSAtomic.h>
+
+#include <libkern/c++/OSCollection.h>
__BEGIN_DECLS
int debug_ivars_size;
@@ -91,8 +92,21 @@
OSMetaClassDefineReservedUnused(OSObject, 30);
OSMetaClassDefineReservedUnused(OSObject, 31);
-
-bool OSObject::init() { return true; }
+static const char *getClassName(const OSObject *obj)
+{
+ const OSMetaClass *meta = obj->getMetaClass();
+ return (meta) ? meta->getClassName() : "unknown class?";
+}
+
+bool OSObject::init()
+ { return true; }
+
+#if (!__ppc__) || (__GNUC__ < 3)
+
+// Implemented in assembler in post gcc 3.x systems as we have a problem
+// where the destructor in gcc2.95 gets 2 arguments. The second argument
+// appears to be a flag argument. I have copied the assembler from Puma xnu
+// to OSRuntimeSupport.c So for 2.95 builds use the C
void OSObject::free()
{
const OSMetaClass *meta = getMetaClass();
@@ -101,26 +115,135 @@
meta->instanceDestructed();
delete this;
}
+#endif /* (!__ppc__) || (__GNUC__ < 3) */
int OSObject::getRetainCount() const
{
- return retainCount;
+ return (int) ((UInt16) retainCount);
+}
+
+void OSObject::taggedRetain(const void *tag) const
+{
+ volatile UInt32 *countP = (volatile UInt32 *) &retainCount;
+ UInt32 inc = 1;
+ UInt32 origCount;
+ UInt32 newCount;
+
+ // Increment the collection bucket.
+ if ((const void *) OSTypeID(OSCollection) == tag)
+ inc |= (1UL<<16);
+
+ do {
+ origCount = *countP;
+ if ( ((UInt16) origCount | 0x1) == 0xffff ) {
+ const char *msg;
+ if (origCount & 0x1) {
+ // If count == 0xffff that means we are freeing now so we can
+ // just return obviously somebody is cleaning up dangling
+ // references.
+ msg = "Attempting to retain a freed object";
+ }
+ else {
+ // If count == 0xfffe then we have wrapped our reference count.
+ // We should stop counting now as this reference must be
+ // leaked rather than accidently wrapping around the clock and
+ // freeing a very active object later.
+
+#if !DEBUG
+ break; // Break out of update loop which pegs the reference
+#else DEBUG
+ // @@@ gvdl: eventually need to make this panic optional
+ // based on a boot argument i.e. debug= boot flag
+ msg = "About to wrap the reference count, reference leak?";
+#endif /* !DEBUG */
+ }
+ panic("OSObject::refcount: %s", msg);
+ }
+
+ newCount = origCount + inc;
+ } while (!OSCompareAndSwap(origCount, newCount, (UInt32 *) countP));
+}
+
+void OSObject::taggedRelease(const void *tag) const
+{
+ taggedRelease(tag, 1);
+}
+
+void OSObject::taggedRelease(const void *tag, const int when) const
+{
+ volatile UInt32 *countP = (volatile UInt32 *) &retainCount;
+ UInt32 dec = 1;
+ UInt32 origCount;
+ UInt32 newCount;
+ UInt32 actualCount;
+
+ // Increment the collection bucket.
+ if ((const void *) OSTypeID(OSCollection) == tag)
+ dec |= (1UL<<16);
+
+ do {
+ origCount = *countP;
+
+ if ( ((UInt16) origCount | 0x1) == 0xffff ) {
+ if (origCount & 0x1) {
+ // If count == 0xffff that means we are freeing now so we can
+ // just return obviously somebody is cleaning up some dangling
+ // references. So we blow out immediately.
+ return;
+ }
+ else {
+ // If count == 0xfffe then we have wrapped our reference
+ // count. We should stop counting now as this reference must be
+ // leaked rather than accidently freeing an active object later.
+
+#if !DEBUG
+ return; // return out of function which pegs the reference
+#else DEBUG
+ // @@@ gvdl: eventually need to make this panic optional
+ // based on a boot argument i.e. debug= boot flag
+ panic("OSObject::refcount: %s",
+ "About to unreference a pegged object, reference leak?");
+#endif /* !DEBUG */
+ }
+ }
+ actualCount = origCount - dec;
+ if ((UInt16) actualCount < when)
+ newCount = 0xffff;
+ else
+ newCount = actualCount;
+
+ } while (!OSCompareAndSwap(origCount, newCount, (UInt32 *) countP));
+
+ //
+ // This panic means that we have just attempted to release an object
+ // who's retain count has gone to less than the number of collections
+ // it is a member off. Take a panic immediately.
+ // In Fact the panic MAY not be a registry corruption but it is
+ // ALWAYS the wrong thing to do. I call it a registry corruption 'cause
+ // the registry is the biggest single use of a network of collections.
+ //
+ if ((UInt16) actualCount < (actualCount >> 16))
+ panic("A driver releasing a(n) %s has corrupted the registry\n",
+ getClassName(this));
+
+ // Check for a 'free' condition and that if we are first through
+ if (newCount == 0xffff)
+ ((OSObject *) this)->free();
+}
+
+void OSObject::release() const
+{
+ taggedRelease(0);
}
void OSObject::retain() const
{
- OSIncrementAtomic((SInt32 *) &retainCount);
+ taggedRetain(0);
}
void OSObject::release(int when) const
{
- if (OSDecrementAtomic((SInt32 *) &retainCount) <= when)
- ((OSObject *) this)->free();
-}
-
-void OSObject::release() const
-{
- release(1);
+ taggedRelease(0, when);
}
bool OSObject::serialize(OSSerialize *s) const
@@ -129,10 +252,7 @@
if (!s->addXMLStartTag(this, "string")) return false;
- const OSMetaClass *meta = getMetaClass();
- const char *className = (meta)? meta->getClassName() : "unknown class?";
-
- if (!s->addString(className)) return false;
+ if (!s->addString(getClassName(this))) return false;
if (!s->addString(" is not serializable")) return false;
return s->addXMLEndTag("string");