Closed Bug 1692221 Opened 3 years ago Closed 3 years ago

TenuredChunk::decommitFreeArenasWithoutUnlocking doesn't clear the free committed arenas list

Categories

(Core :: JavaScript: GC, defect, P1)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
87 Branch
Tracking Flags:
Tracking Status
firefox87 --- fixed

People

(Reporter: jonco, Assigned: jonco)

Details

Attachments

(1 file)

Bug 1692221 - Update list of free committed arenas in TenuredChunk::decommitFreeArenasWithoutUnlocking r?sfink
48 bytes, text/x-phabricator-request
Details | Review

TenuredChunkInfo contains a bunch of information about the chunk, including counts of free and free committed arenas and a list of free committed arenas (arenas can be in three states: allocated, free committed and free decommitted).

I noticed when reviewing the patch in bug 1660006 comment 17 that TenuredChunk::decommitFreeArenasWithoutUnlocking doesn't update the list of free committed arenas. I'm not sure how bad this is because in general we check the counts to see if there are free committed arenas before pulling one off the list, but this could well be hiding bugs.

This method is only called rarely (in response to OOM) and hardly shows up in our testing.

This adds methods to verify the chunk metadata very GC in debug builds (held relocated arenas mess things up because they're mprotected so it's checked after we free those).

The code in question was hard to exercise and I had to update reportLargeAllocationFailure to take a byte count so we could avoid calling the shell's large allocation failure callback, which causes the shell to exit (see JSRuntime::onOutOfMemoryCanGC).

It's debateable whether it's worth handling OOM from MarkPagesUnusedSoft. If we assume pages have been been successfully marked unused regardless of failure I think the worst that happens is that we don't reuse them immediately... I ended up handling this anyway though, and rebuilding the list rather than clearing it entirely in decommitFreeArenasWithoutUnlocking.

Assignee: nobody → jcoppeard
Status: NEW → ASSIGNED
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/92d91d4eb2cd
Update list of free committed arenas in TenuredChunk::decommitFreeArenasWithoutUnlocking r=sfink
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6214d7dd8d9b
Update list of free committed arenas in TenuredChunk::decommitFreeArenasWithoutUnlocking r=sfink

https://hg.mozilla.org/mozilla-central/rev/6214d7dd8d9b

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox87: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
Flags: needinfo?(jcoppeard)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: