Pointless JS_FRESH_TENURED_PATTERN in Chunk::init on Linux

NEW
Unassigned

Status

()

Core
JavaScript: GC
P3
normal
2 years ago
8 months ago

People

(Reporter: sfink, Unassigned)

Tracking

({triage-deferred})

Firefox Tracking Flags

(Not tracked)

Details

as roc pointed out on IRC:

<roc> are people aware that in Chunk::init, the poisoning is completely pointless on Linux because (contrary to the comment above the call to decommitAllArenas) Linux immediately zeroes all decommitted memory?

And he's right. We do

    JS_POISON(this, JS_FRESH_TENURED_PATTERN, ChunkSize);

followed by

        decommitAllArenas(rt);

which on Linux does

    madvise(p, size, MADV_DONTNEED);

which will make all reads return zero.

I suppose you could argue that theoretically the madvise could fail, but in actual practice we're wasting time touching pages and then throwing them away.
Well, IIRC, the Windows behavior is different and does behave as the comment suggests.

Given that I don't think I've even seen JS_FRESH_TENURED_PATTERN in crashstats. I think we should probably just poison the footer and not touch the rest on all platforms.
Keywords: triage-deferred
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.