Closed
Bug 804492
Opened 12 years ago
Closed 12 years ago
SpiderMonkey should stop trying to recover from most OOM
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 606198
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: sec-want)
* What little testing of OOM handling we've done has shown that many paths in the JS engine do not recover correctly. A significant fraction of these bugs affect memory safety. (See bug 471528, bug 687256, and bug 624094.) * Most of the browser (along with some pieces of SpiderMonkey, such as YARR and the IonMonkey compiler) do not attempt to recover from small-allocation failures. So when Firefox is out of memory, it's probably going to crash eventually anyway. * Chrome JS is impossible to analyze if a web page can cause its execution to just halt, at any point, by leaving just the right amount of memory available. I think SpiderMonkey should - Try to recover in a few cases (strings and arrays) - Perhaps with the rule that it must be an exception rather than a terminate() - But notify the embedding, so it can bail if security-relevant chrome JS OOMs - Avoid starting big computations (e.g. parsing or compiling) when low on memory - Just crash on OOM "by default" and wherever it's not obvious how to recover
The GC heap allocates memory in large (1MB I think) chunks, not small bits, so it's not clear to me what this would mean in practice. CCing some people who may be interested.
Comment 2•12 years ago
|
||
The JS engine uses two kinds of allocation, the chunks for the GC, but also normal jemalloc allocations.
Comment 3•12 years ago
|
||
This is well-trodden ground, see bug 606198. The short version is: Brendan never much liked the idea.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•12 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•