Bug 1057393 - Fix a regression on octane-zlib; r=sfink
authorTerrence Cole <terrence@mozilla.com>
Mon, 25 Aug 2014 09:29:51 -0700
changeset 223872 bd8609eb0179125616558d2f431bbcf488bfd28b
parent 223871 fe22fccea4aea9abcf32727cc9b94c2606847250
child 223873 6ab548becb6fe42d33f04086deaf882a06159f7e
push id3979
push userraliiev@mozilla.com
push dateMon, 13 Oct 2014 16:35:44 +0000
treeherdermozilla-beta@30f2cc610691 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs1057393
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1057393 - Fix a regression on octane-zlib; r=sfink
js/src/jsgc.cpp
js/src/vm/MallocProvider.h
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -2764,17 +2764,17 @@ ArenaLists::refillFreeList<CanGC>(Thread
 ArenaLists::refillFreeListInGC(Zone *zone, AllocKind thingKind)
 {
     /*
      * Called by compacting GC to refill a free list while we are in a GC.
      */
 
     Allocator &allocator = zone->allocator;
     JS_ASSERT(allocator.arenas.freeLists[thingKind].isEmpty());
-    JSRuntime *rt = zone->runtimeFromMainThread();
+    mozilla::DebugOnly<JSRuntime *> rt = zone->runtimeFromMainThread();
     JS_ASSERT(rt->isHeapMajorCollecting());
     JS_ASSERT(!rt->gc.isBackgroundSweeping());
 
     return allocator.arenas.allocateFromArena(zone, thingKind);
 }
 
 /* static */ int64_t
 SliceBudget::TimeBudget(int64_t millis)
--- a/js/src/vm/MallocProvider.h
+++ b/js/src/vm/MallocProvider.h
@@ -78,17 +78,17 @@ struct MallocProvider
             client()->reportAllocationOverflow();
             return nullptr;
         }
         size_t bytes = sizeof(T) + numExtra * sizeof(U);
         if (bytes < sizeof(T)) {
             client()->reportAllocationOverflow();
             return nullptr;
         }
-        T *p = (T *)js_pod_malloc<uint8_t>(bytes);
+        T *p = reinterpret_cast<T *>(js_pod_malloc<uint8_t>(bytes));
         if (MOZ_LIKELY(p)) {
             client()->updateMallocCounter(bytes);
             return p;
         }
         client()->onOutOfMemory(nullptr, bytes);
         return nullptr;
     }
 
@@ -99,33 +99,48 @@ struct MallocProvider
     }
 
     template <class T>
     T *pod_calloc() {
         return pod_calloc<T>(1);
     }
 
     template <class T>
-    T *
-    pod_calloc(size_t numElems) {
-        T *p = pod_malloc<T>(numElems);
-        if (MOZ_UNLIKELY(!p))
+    T *pod_calloc(size_t numElems) {
+        T *p = js_pod_calloc<T>(numElems);
+        if (MOZ_LIKELY(p)) {
+            client()->updateMallocCounter(numElems * sizeof(T));
+            return p;
+        }
+        if (numElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
+            client()->reportAllocationOverflow();
             return nullptr;
-        memset(p, 0, numElems * sizeof(T));
-        return p;
+        }
+        client()->onOutOfMemory(nullptr, numElems * sizeof(T));
+        return nullptr;
     }
 
     template <class T, class U>
-    T *
-    pod_calloc_with_extra(size_t numExtra) {
-        T *p = pod_malloc_with_extra<T, U>(numExtra);
-        if (MOZ_UNLIKELY(!p))
+    T *pod_calloc_with_extra(size_t numExtra) {
+        if (numExtra & mozilla::tl::MulOverflowMask<sizeof(U)>::value) {
+            client()->reportAllocationOverflow();
+            return nullptr;
+        }
+        size_t bytes = sizeof(T) + numExtra * sizeof(U);
+        if (bytes < sizeof(T)) {
+            client()->reportAllocationOverflow();
             return nullptr;
-        memset(p, 0, sizeof(T) + numExtra * sizeof(U));
-        return p;
+        }
+        T *p = reinterpret_cast<T *>(js_pod_calloc<uint8_t>(bytes));
+        if (MOZ_LIKELY(p)) {
+            client()->updateMallocCounter(bytes);
+            return p;
+        }
+        client()->onOutOfMemory(nullptr, bytes);
+        return nullptr;
     }
 
     template <class T>
     mozilla::UniquePtr<T[], JS::FreePolicy>
     make_zeroed_pod_array(size_t numElems)
     {
         return mozilla::UniquePtr<T[], JS::FreePolicy>(pod_calloc<T>(numElems));
     }