Closed
Bug 781589
Opened 13 years ago
Closed 12 years ago
Convert some/all of the major XPConnect hash tables to something infallible
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mccr8, Assigned: mccr8)
References
Details
Attachments
(8 files, 1 obsolete file)
|
15.43 KB,
patch
|
Details | Diff | Splinter Review | |
|
12.71 KB,
patch
|
Details | Diff | Splinter Review | |
|
7.06 KB,
patch
|
Details | Diff | Splinter Review | |
|
12.36 KB,
patch
|
Details | Diff | Splinter Review | |
|
7.02 KB,
patch
|
Details | Diff | Splinter Review | |
|
18.78 KB,
patch
|
Details | Diff | Splinter Review | |
|
6.31 KB,
patch
|
Details | Diff | Splinter Review | |
|
10.76 KB,
patch
|
Details | Diff | Splinter Review |
Currently, XPConnect uses PL_DHashtable all over the place (well, the JS version). This is fallible, but I don't really trust that we're checking everything we should all over the place, and if something fails due to OOM or whatever, I don't really trust things as being handled well. This shouldn't really happen anyways.
|
Assignee | |
Comment 1•12 years ago
|
||
XPConnect is the only user of JSDHashTable in the tree!
http://mxr.mozilla.org/mozilla-central/ident?i=JSDHashTable&filter=
|
|
Assignee | |
Comment 2•12 years ago
|
||
I'm inclined to convert all uses of JSDHashTable in XPConnect over to something fallible, so we can get rid of it. Do you have any particular opinions on hash tables, bholley?
|
||
Comment 3•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #2)
> Do you have any particular opinions on hash tables, bholley?
I don't, but I think luke and terrence do.
|
||
Comment 4•12 years ago
|
||
I thought infallible allocation could only be used when we could demonstrate that the size of the allocations could be very large due to content; it seems like the various maps in XPConnect could be very large. Does the rest of DOM also allocate (say, nodes) infallibly?
|
|
Assignee | |
Comment 5•12 years ago
|
||
(In reply to Luke Wagner [:luke] from comment #4)
> I thought infallible allocation could only be used when we could demonstrate
> that the size of the allocations could be very large due to content;
I assume you mean "can't be very large" here?
> it seems like the various maps in XPConnect could be very large. Does the rest
> of DOM also allocate (say, nodes) infallibly?
My main philosophy here is skepticism that all of these maps are handling failure in a secure manner.
Is it really a danger that we can end up with a hash table operation failing when we're not already in a situation where we're already about to die anyways from OOM?
But you are right, maybe conversion to infallibility should be done on a more case-by-case basis. This bug could just be about eliminating the use of JSDHash in XPConnect, then followup bugs could flip the switch to make individual maps infallible as desired.
|
|
||
Comment 6•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #5)
> Is it really a danger that we can end up with a hash table operation failing
> when we're not already in a situation where we're already about to die
> anyways from OOM?
Yeah, that's what I was getting at by asking of DOM also dies on OOM.
> This bug could just be about eliminating the use
> of JSDHash in XPConnect, then followup bugs could flip the switch to make
> individual maps infallible as desired.
If you switch to a new hash table type, you'll effectively be auditing all uses and thus be able to catch any missing OOM checks.
|
|
Assignee | |
Comment 7•12 years ago
|
||
(In reply to Luke Wagner [:luke] from comment #6)
> Yeah, that's what I was getting at by asking of DOM also dies on OOM.
I'm not sure, I'd have to look.
>
> > This bug could just be about eliminating the use
> > of JSDHash in XPConnect, then followup bugs could flip the switch to make
> > individual maps infallible as desired.
>
> If you switch to a new hash table type, you'll effectively be auditing all
> uses and thus be able to catch any missing OOM checks.
Well, not really, because XPCMaps do this weird wrapping thing that would isolate changes. ;) But yeah, I can just look around at the code. Even if there are OOM checks, it doesn't mean that we end up in a sane state. I've fixed a bunch of sec bugs recently from cruddy error code that has never been tested. But I suppose it is easy enough to force a failure and see how badly things blow up...
|
|
||
Comment 8•12 years ago
|
||
If we OOM on account of wrapper maps we're pretty screwed. I think we should crash safely in those cases. FWIW, I'm pretty sure most of the DOM/XPCOM uses operator new, which is infallible. So we're probably already going the infallible route for node allocation.
khuey, am I correct in this?
For small allocations in large numbers, Gecko is almost entirely infallible these days. Nodes are definitely being fallibly allocated.
I think we should proceed with this.
definitely being *infallibly* allocated.
|
|
Assignee | |
Comment 11•12 years ago
|
||
I use nsTHashtable and not nsDataHashtable to preserve the behavior that if there's an existing mapping, we use that value instead of overwriting it.
|
|
Assignee | |
Comment 12•12 years ago
|
||
Assignee: nobody → continuation
Attachment #652805 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 13•12 years ago
|
||
|
|
Assignee | |
Updated•12 years ago
|
Attachment #653817 -
Attachment is patch: true
|
|
Assignee | |
Updated•12 years ago
|
Attachment #653815 -
Attachment description: convert Native2WrappedNativeMap → part 1: convert Native2WrappedNativeMap
|
|
Assignee | |
Comment 14•12 years ago
|
||
|
|
Assignee | |
Comment 15•12 years ago
|
||
|
|
Assignee | |
Comment 16•12 years ago
|
||
|
|
Assignee | |
Comment 17•12 years ago
|
||
|
|
Assignee | |
Comment 18•12 years ago
|
||
|
|
Assignee | |
Comment 19•12 years ago
|
||
I'd like to templatize a bit more here, but unfortunately the classes aren't quite close enough. For instance, consider the Add method. Three classes take a value as an argument, then extract a key from the value. Two or three take a key and a value and work directly. One of them is a set, so there is no value. One class has this weird thing where keys can be converted to values under some circumstances, so there are two separate Add methods.
I noticed that the Remove method for IID2ThisTranslatorMap is never called, which seems a little sketchy.
|
|
Assignee | |
Comment 20•12 years ago
|
||
This is the last of them.
|
|
Assignee | |
Comment 21•12 years ago
|
||
njn converted these over to PLDHashtable, and I think these patches are really tedious without any particular benefit, so I'm just going to mark this WONTFIX. If in the future we have a reason to convert these over to an infallible hashtable, these patches will be here.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•