1911063 - Expose `hadOutOfMemory` flag in JS shell and reset it in JSRT

Status: RESOLVED FIXED

(Core :: JavaScript Engine, enhancement)

Description

[Christian Holler (:decoder)]

When doing differential fuzzing with JSRT, it is possible to hit out of memory inside the engine that isn't propagated as an exception and hence not seen by the fuzzing implementation running in JS itself. Older differential fuzzers used the stderr output to determine if this happened but there is no way for JSRT fuzzers to do the same.

We are currently seeing some non-reproducible differential crashes in wasm fuzzing that are likely OOM-related and as a start, I would like to expose the hadOutOfMemory field in the JS runtime to the JS code so we can avoid a crash and return back to the JSRT C++ code if it is set to true.

The JSRT code also needs to be adjusted to reset this back to false before starting the next iteration.

Note that there are other sources of differential errors that cannot be observed with this and might potentially require follow-up patches (e.g. OOM in frontend and overrecursion errors that don't propagate). But I'd like to start with this easier change to see if it fixes the issues we are currently seeing.

Comment 1

[Christian Holler (:decoder)]

Attachment: Bug 1911063 - Expose `hadOutOfMemory` flag in JS shell and reset it in JSRT. r?jandem

Comment 2

[Pulsebot]

Pushed by choller@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2ee1b0ef620e
Expose `hadOutOfMemory` flag in JS shell and reset it in JSRT. r=jandem

Comment 3

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/2ee1b0ef620e