Closed Bug 1858200 Opened 2 years ago Closed 2 years ago

Malloc allocated data can grow without bound when running wasm

Categories

(Core :: JavaScript: GC, defect, P1)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox120 --- fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

Attachments

(1 file)

Bug 1858200 - Interrupt wasm when a major GC is requested r?jandem
48 bytes, text/x-phabricator-request
Details | Review

jseward has a case where allocating nursery GC things with malloc data attached can lead to unbounded memory increase when running purely in wasm.

Normally we track the amount of malloc data attached to GC things and request an interrupt to trigger a major GC when the total size passes a threshold. I suspect the reason this isn't working is that we don't check for this interrupt from wasm. We do explicitly check for requested major GC when allocating tenured GC things, but it's possible for this not to happen.

Blocks: 1855732
Severity: -- → S3
Priority: -- → P1

Currently wasm ignores GCs triggered by allocation, which can lead to unbounded
memory growth when running purely in wasm. Making the GC interrupt also
interrupt wasm fixes this.

Attachment #9357809 - Attachment description: Bug 1858200 - Interrupt wasm for when a major GC is requested r?jandem → Bug 1858200 - Interrupt wasm when a major GC is requested r?jandem
Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b8fc1c079a23 Interrupt wasm when a major GC is requested r=jandem

https://hg.mozilla.org/mozilla-central/rev/b8fc1c079a23

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox120: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: