Bug 1211939 - Don't call JSRuntime::onOutOfMemory from helper threads. r=jonco
authorJan de Mooij <jdemooij@mozilla.com>
Wed, 14 Oct 2015 12:37:02 +0200
changeset 267536 0733455f90374ddbd5bae81254cd864c955f6114
parent 267535 6c4f311359707b7809692f7e2433b6f61a898b2d
child 267635 f911df85e80d06e3c7f0b2118f1c19417d92a633
push id66531
push userjandemooij@gmail.com
push dateWed, 14 Oct 2015 10:38:18 +0000
treeherdermozilla-inbound@0733455f9037 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1211939
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1211939 - Don't call JSRuntime::onOutOfMemory from helper threads. r=jonco
js/src/gc/Zone.h
js/src/jscntxt.h
js/src/vm/Runtime.cpp
--- a/js/src/gc/Zone.h
+++ b/js/src/gc/Zone.h
@@ -137,16 +137,18 @@ struct Zone : public JS::shadow::Zone,
         if (MOZ_UNLIKELY(isTooMuchMalloc()))
             onTooMuchMalloc();
     }
 
     bool isTooMuchMalloc() const { return gcMallocBytes <= 0; }
     void onTooMuchMalloc();
 
     void* onOutOfMemory(js::AllocFunction allocFunc, size_t nbytes, void* reallocPtr = nullptr) {
+        if (!CurrentThreadCanAccessRuntime(runtime_))
+            return nullptr;
         return runtimeFromMainThread()->onOutOfMemory(allocFunc, nbytes, reallocPtr);
     }
     void reportAllocationOverflow() { js::ReportAllocationOverflow(nullptr); }
 
     void beginSweepTypes(js::FreeOp* fop, bool releaseTypes);
 
     bool hasMarkedCompartments();
 
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@@ -158,17 +158,19 @@ class ExclusiveContext : public ContextF
     }
 
     template <typename T>
     inline bool isInsideCurrentCompartment(T thing) const {
         return thing->compartment() == compartment_;
     }
 
     void* onOutOfMemory(js::AllocFunction allocFunc, size_t nbytes, void* reallocPtr = nullptr) {
-        return runtime_->onOutOfMemory(allocFunc, nbytes, reallocPtr, maybeJSContext());
+        if (!isJSContext())
+            return nullptr;
+        return runtime_->onOutOfMemory(allocFunc, nbytes, reallocPtr, asJSContext());
     }
 
     /* Clear the pending exception (if any) due to OOM. */
     void recoverFromOutOfMemory();
 
     inline void updateMallocCounter(size_t nbytes) {
         // Note: this is racy.
         runtime_->updateMallocCounter(zone_, nbytes);
--- a/js/src/vm/Runtime.cpp
+++ b/js/src/vm/Runtime.cpp
@@ -755,16 +755,17 @@ JSRuntime::updateMallocCounter(JS::Zone*
     gc.updateMallocCounter(zone, nbytes);
 }
 
 JS_FRIEND_API(void*)
 JSRuntime::onOutOfMemory(AllocFunction allocFunc, size_t nbytes, void* reallocPtr,
                          JSContext* maybecx)
 {
     MOZ_ASSERT_IF(allocFunc != AllocFunction::Realloc, !reallocPtr);
+    MOZ_ASSERT(CurrentThreadCanAccessRuntime(this));
 
     if (isHeapBusy())
         return nullptr;
 
     if (!oom::IsSimulatedOOMAllocation()) {
         /*
          * Retry when we are done with the background sweeping and have stopped
          * all the allocations and released the empty GC chunks.