Bug 1257387 - Annotate OOM allocation sizes where possible; r=jonco (f452b335) · Commits · The Tor Project / Applications / Mullvad Browser

js/public/Utility.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -180,6 +180,13 @@ namespace js {
		struct MOZ_RAII AutoEnterOOMUnsafeRegion
		{
		MOZ_NORETURN MOZ_COLD void crash(const char* reason);
		MOZ_NORETURN MOZ_COLD void crash(size_t size, const char* reason);

		using AnnotateOOMAllocationSizeCallback = void(*)(size_t);
		static AnnotateOOMAllocationSizeCallback annotateOOMSizeCallback;
		static void setAnnotateOOMAllocationSizeCallback(AnnotateOOMAllocationSizeCallback callback) {
		annotateOOMSizeCallback = callback;
		}

		#if defined(DEBUG) \|\| defined(JS_OOM_BREAKPOINT)
		AutoEnterOOMUnsafeRegion()

+6 −4

Original line number	Diff line number	Diff line
		@@ -2158,7 +2158,7 @@ js::TenuringTracer::moveToTenured(JSObject* src)
		AutoEnterOOMUnsafeRegion oomUnsafe;
		t = zone->arenas.allocateFromArena(zone, dstKind, maybeStartBackgroundAllocation);
		if (!t)
		oomUnsafe.crash("Failed to allocate object while tenuring.");
		oomUnsafe.crash(ChunkSize, "Failed to allocate object while tenuring.");
		}
		JSObject* dst = reinterpret_cast<JSObject*>(t);
		tenuredSize += moveObjectToTenured(dst, src, dstKind);
		@@ -2315,7 +2315,7 @@ js::TenuringTracer::moveSlotsToTenured(NativeObject* dst, NativeObject* src, All
		AutoEnterOOMUnsafeRegion oomUnsafe;
		dst->slots_ = zone->pod_malloc<HeapSlot>(count);
		if (!dst->slots_)
		oomUnsafe.crash("Failed to allocate slots while tenuring.");
		oomUnsafe.crash(sizeof(HeapSlot) * count, "Failed to allocate slots while tenuring.");
		}

		PodCopy(dst->slots_, src->slots_, count);
		@@ -2356,8 +2356,10 @@ js::TenuringTracer::moveElementsToTenured(NativeObject* dst, NativeObject* src,
		{
		AutoEnterOOMUnsafeRegion oomUnsafe;
		dstHeader = reinterpret_cast<ObjectElements*>(zone->pod_malloc<HeapSlot>(nslots));
		if (!dstHeader)
		oomUnsafe.crash("Failed to allocate elements while tenuring.");
		if (!dstHeader) {
		oomUnsafe.crash(sizeof(HeapSlot) * nslots,
		"Failed to allocate elements while tenuring.");
		}
		}

		js_memcpy(dstHeader, srcHeader, nslots * sizeof(HeapSlot));

+14 −0

Original line number	Diff line number	Diff line
		@@ -1240,3 +1240,17 @@ AutoEnterOOMUnsafeRegion::crash(const char* reason)
		MOZ_ReportAssertionFailure(msgbuf, __FILE__, __LINE__);
		MOZ_CRASH();
		}

		AutoEnterOOMUnsafeRegion::AnnotateOOMAllocationSizeCallback
		AutoEnterOOMUnsafeRegion::annotateOOMSizeCallback = nullptr;

		void
		AutoEnterOOMUnsafeRegion::crash(size_t size, const char* reason)
		{
		{
		JS::AutoSuppressGCAnalysis suppress;
		if (annotateOOMSizeCallback)
		annotateOOMSizeCallback(size);
		}
		crash(reason);
		}

+4 −0

Original line number	Diff line number	Diff line
		@@ -3531,6 +3531,10 @@ XPCJSRuntime::Initialize()
		js::SetActivityCallback(runtime, ActivityCallback, this);
		JS_SetInterruptCallback(runtime, InterruptCallback);
		js::SetWindowProxyClass(runtime, &OuterWindowProxyClass);
		#ifdef MOZ_CRASHREPORTER
		js::AutoEnterOOMUnsafeRegion::setAnnotateOOMAllocationSizeCallback(
		CrashReporter::AnnotateOOMAllocationSize);
		#endif

		// The JS engine needs to keep the source code around in order to implement
		// Function.prototype.toSource(). It'd be nice to not have to do this for