Bug 1146696 - Don't assume there are no arenas available after last ditch GC r=terrence

2024-09-13 09:24:08 -07:00 · 2015-03-27 10:20:53 +00:00 · 2015-03-27 10:20:53 +00:00 · 55e1d6be9c
commit 55e1d6be9c
parent 8ff8e6ccf2
3 changed files with 31 additions and 7 deletions
--- a/js/src/gc/Allocator.cpp
+++ b/js/src/gc/Allocator.cpp
@ -232,7 +232,7 @@ GCRuntime::tryNewTenuredThing(ExclusiveContext *cx, AllocKind kind, size_t thing
 {
    T *t = reinterpret_cast<T *>(cx->arenas()->allocateFromFreeList(kind, thingSize));
    if (!t)
-        t = reinterpret_cast<T *>(refillFreeListFromAnyThread<allowGC>(cx, kind));
+        t = reinterpret_cast<T *>(refillFreeListFromAnyThread<allowGC>(cx, kind, thingSize));

    checkIncrementalZoneState(cx, t);
    TraceTenuredAlloc(t, kind);
@ -241,19 +241,19 @@ GCRuntime::tryNewTenuredThing(ExclusiveContext *cx, AllocKind kind, size_t thing

 template <AllowGC allowGC>
 /* static */ void *
-GCRuntime::refillFreeListFromAnyThread(ExclusiveContext *cx, AllocKind thingKind)
+GCRuntime::refillFreeListFromAnyThread(ExclusiveContext *cx, AllocKind thingKind, size_t thingSize)
 {
    MOZ_ASSERT(cx->arenas()->freeLists[thingKind].isEmpty());

    if (cx->isJSContext())
-        return refillFreeListFromMainThread<allowGC>(cx->asJSContext(), thingKind);
+        return refillFreeListFromMainThread<allowGC>(cx->asJSContext(), thingKind, thingSize);

    return refillFreeListOffMainThread(cx, thingKind);
 }

 template <AllowGC allowGC>
 /* static */ void *
-GCRuntime::refillFreeListFromMainThread(JSContext *cx, AllocKind thingKind)
+GCRuntime::refillFreeListFromMainThread(JSContext *cx, AllocKind thingKind, size_t thingSize)
 {
    JSRuntime *rt = cx->runtime();
    MOZ_ASSERT(!rt->isHeapBusy(), "allocating while under GC");
@ -277,7 +277,11 @@ GCRuntime::refillFreeListFromMainThread(JSContext *cx, AllocKind thingKind)
    }

    // Retry the allocation after the last-ditch GC.
-    thing = tryRefillFreeListFromMainThread(cx, thingKind);
+    // Note that due to GC callbacks we might already have allocated an arena
+    // for this thing kind!
+    thing = cx->arenas()->allocateFromFreeList(thingKind, thingSize);
+    if (!thing)
+        thing = tryRefillFreeListFromMainThread(cx, thingKind);
    if (thing)
        return thing;

--- a/js/src/gc/GCRuntime.h
+++ b/js/src/gc/GCRuntime.h
@ -879,9 +879,11 @@ class GCRuntime
    template <typename T>
    static void checkIncrementalZoneState(ExclusiveContext *cx, T *t);
    template <AllowGC allowGC>
-    static void *refillFreeListFromAnyThread(ExclusiveContext *cx, AllocKind thingKind);
+    static void *refillFreeListFromAnyThread(ExclusiveContext *cx, AllocKind thingKind,
+                                             size_t thingSize);
    template <AllowGC allowGC>
-    static void *refillFreeListFromMainThread(JSContext *cx, AllocKind thingKind);
+    static void *refillFreeListFromMainThread(JSContext *cx, AllocKind thingKind,
+                                              size_t thingSize);
    static void *tryRefillFreeListFromMainThread(JSContext *cx, AllocKind thingKind);
    static void *refillFreeListOffMainThread(ExclusiveContext *cx, AllocKind thingKind);

--- a/js/src/jit-test/tests/gc/bug-1146696.js
+++ b/js/src/jit-test/tests/gc/bug-1146696.js
@ -0,0 +1,18 @@
+// |jit-test| error: out of memory
+dbg1 = new Debugger();
+root2 = newGlobal();
+dbg1.memory.onGarbageCollection = function(){}
+dbg1.addDebuggee(root2);
+for (var j = 0; j < 9999; ++j) {
+    try {
+        a
+    } catch (e) {}
+}
+gcparam("maxBytes", gcparam("gcBytes") + 1);
+g();
+function g() {
+    var x = "";
+    function f() {}
+    eval('');
+    g();
+}