Closed
Bug 1746594
Opened 2 years ago
Closed 2 years ago
Inconsistent pending exception with AllowGC::NoGC
Categories
(Core :: JavaScript Engine, task, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
97 Branch
Tracking | Status | |
---|---|---|
firefox97 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
Details
Attachments
(4 files)
string allocation code has AllowGC allowGC
template parameter,
and allowGC==NoGC
mostly means:
- if failure happens, it's out of memory due to "no GC"
- if failure happens, there's no pending exception
but JSString::validateLength
called inside those functions can call js::ReportAllocationOverflow
regardless of AllowGC
.
So, failure case for NoGC
has 2 modes:
- needs GC. there's no pending exception
- the caller can fallback to slow path that does GC and then allocate again
- allocation overflow. there's pending exception
- the caller has no fallback way
I wonder if the length validation must be done in other place, or maybe the behavior must be clearly documented.
Assignee | ||
Comment 1•2 years ago
|
||
Assignee | ||
Comment 2•2 years ago
|
||
Depends on D134171
Assignee | ||
Comment 3•2 years ago
|
||
Depends on D134172
Assignee | ||
Comment 4•2 years ago
|
||
Depends on D134173
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/406cc8559fcc Part 1: Add MOZ_UNLIKELY to JSString::validateLength call. r=iain https://hg.mozilla.org/integration/autoland/rev/0cffd4eac5d4 Part 2: Add JSString::validateLengthInternal with AllowGC template parameter to control pending exception. r=iain https://hg.mozilla.org/integration/autoland/rev/4e2fade0a654 Part 3: Call ReportOutOfMemory only for CanGC in NumberToStringWithBase. r=iain https://hg.mozilla.org/integration/autoland/rev/278328d4983f Part 4: Call ReportOutOfMemory after NoGC in PrintShapeProperties. r=iain
Comment 6•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/406cc8559fcc
https://hg.mozilla.org/mozilla-central/rev/0cffd4eac5d4
https://hg.mozilla.org/mozilla-central/rev/4e2fade0a654
https://hg.mozilla.org/mozilla-central/rev/278328d4983f
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox97:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•