Closed Bug 566949 Opened 14 years ago Closed 14 years ago

JSContext::malloc should not insist on a call outside a request

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: igor, Assigned: igor)

References

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

v1 for real
1.16 KB, patch
jorendorff
: review+
Details | Diff | Splinter Review 
JSContext::malloc or JS_malloc is allowed to be called outside a request, yet the TriggerGC call that it does insists on that. That could a reason for a test case failure like in bug 237006 comment 6.
Attached patch v1 (obsolete) — Splinter Review 
Here is an essentially one-liner to disable js_TriggerGC calls outside request on malloc pressure.
Attachment #446493 - Flags: review?(jorendorff)
Attached patch v1 for realSplinter Review 
v1 is unrelated patch, sorry for bugzilla spam
Attachment #446493 - Attachment is obsolete: true
Attachment #446495 - Flags: review?(jorendorff)
Attachment #446493 - Flags: review?(jorendorff)
Comment on attachment 446495 [details] [diff] [review]
v1 for real

>-    if (runtime->isGCMallocLimitReached())
>+
>+    /* Trigger the GC on memory pressure but only if we are inside a request. */
>+    if (runtime->isGCMallocLimitReached() &&
>+        (requestDepth != 0 || thread == runtime->gcThread))

We shouldn't be malloc-ing during GC, so why allow
`thread == runtime->gcThread` here?

js_TriggerGC asserts that !rt->gcRunning, so if we ever *did* get here during GC, I think it would be a bug.

r=me with that sorted out.
Attachment #446495 - Flags: review?(jorendorff) → review+
(In reply to comment #3)
> (From update of attachment 446495 [details] [diff] [review])
> >-    if (runtime->isGCMallocLimitReached())
> >+
> >+    /* Trigger the GC on memory pressure but only if we are inside a request. */
> >+    if (runtime->isGCMallocLimitReached() &&
> >+        (requestDepth != 0 || thread == runtime->gcThread))

> 
Thanks for catching this, the condition should be requestDepth != 0 && thread != runtime->gcThread to avoid triggering the GC recursively.

> We shouldn't be malloc-ing during GC, so why allow
> `thread == runtime->gcThread` here?

For compatibility we should allow for JS_malloc calls as, for example, the cycle collector allocated a lot of things.
http://hg.mozilla.org/tracemonkey/rev/4260c0df53c0
Whiteboard: fixed-in-tracemonkey
(In reply to comment #4)
> For compatibility we should allow for JS_malloc calls as, for example, the
> cycle collector allocated a lot of things.

Makes sense. Thanks.
Blocks: 567530
http://hg.mozilla.org/mozilla-central/rev/4260c0df53c0
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: