Closed Bug 1746594 Opened 2 years ago Closed 2 years ago

Inconsistent pending exception with AllowGC::NoGC

Categories

(Core :: JavaScript Engine, task, P3)

Product:
Core
Component:
JavaScript Engine
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
97 Branch
Tracking Flags:
Tracking Status
firefox97 --- fixed

People

(Reporter: arai, Assigned: arai)

References

Details

Attachments

(4 files)

Bug 1746594 - Part 1: Add MOZ_UNLIKELY to JSString::validateLength call. r?iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1746594 - Part 2: Add JSString::validateLengthInternal with AllowGC template parameter to control pending exception. r?iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1746594 - Part 3: Call ReportOutOfMemory only for CanGC in NumberToStringWithBase. r?iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1746594 - Part 4: Call ReportOutOfMemory after NoGC in PrintShapeProperties. r?iain!
48 bytes, text/x-phabricator-request
Details | Review

string allocation code has AllowGC allowGC template parameter,
and allowGC==NoGC mostly means:

  • if failure happens, it's out of memory due to "no GC"
  • if failure happens, there's no pending exception

but JSString::validateLength called inside those functions can call js::ReportAllocationOverflow regardless of AllowGC.

So, failure case for NoGC has 2 modes:

  • needs GC. there's no pending exception
    • the caller can fallback to slow path that does GC and then allocate again
  • allocation overflow. there's pending exception
    • the caller has no fallback way

I wonder if the length validation must be done in other place, or maybe the behavior must be clearly documented.

Blocks: 1746619
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/406cc8559fcc
Part 1: Add MOZ_UNLIKELY to JSString::validateLength call. r=iain
https://hg.mozilla.org/integration/autoland/rev/0cffd4eac5d4
Part 2: Add JSString::validateLengthInternal with AllowGC template parameter to control pending exception. r=iain
https://hg.mozilla.org/integration/autoland/rev/4e2fade0a654
Part 3: Call ReportOutOfMemory only for CanGC in NumberToStringWithBase. r=iain
https://hg.mozilla.org/integration/autoland/rev/278328d4983f
Part 4: Call ReportOutOfMemory after NoGC in PrintShapeProperties. r=iain
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: