1121314 - Infinite loop involving a0malloc with jemalloc 3

Status: RESOLVED FIXED

(Core :: Memory Allocator, defect)

Description

[Mike Hommey [:glandium]]

See https://github.com/jemalloc/jemalloc/issues/184

Comment 1

[Mike Hommey [:glandium]]

Attachment: 0001-Bug-1121314-Avoid-needing-the-arena-in-chunk_alloc_d.patch

The infinite loop happens if chunk_alloc_arena needs to be called when a0malloc
is called. It in turn calls chunk_alloc_default, which uses tsd, which calls
a0malloc if it's the first time the tsd is being gotten from the current thread.
tsd only uses a0malloc on platforms where there is no native thread local storage
support, which, for Mozilla, essentially means anything that is not Linux.

But the tsd is only neededto get the dss precedence setting of the given arena.
That setting has no effect when dss is disabled, which it is on Windows and Mac.

Moreover, the default setting for dss precedence is "secondary", which means
jemalloc only tries dss after it failed to get memory with mmap/VirtualAlloc.
Considering the cases where mmap/VirtualAlloc would fail essentially means
there is shortage of address space, sbrk() is not going to have much more
success, so we might as well disable dss support on all platforms, avoiding
the infinite loop problem on Android and B2G as well.

Comment 2

[Nicholas Nethercote [inactive]]

Comment on attachment 8548621 [details] [diff] [review]
0001-Bug-1121314-Avoid-needing-the-arena-in-chunk_alloc_d.patch

Review of attachment 8548621 [details] [diff] [review]:
-----------------------------------------------------------------

rs=me

Comment 3

[Mike Hommey [:glandium]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/dbd00d4ec628

Comment 4

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/dbd00d4ec628