mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1473289 - Work around page table fragmentation caused by mprotect / VirtualProtect using LifoAlloc r=tcampbell

This commit is contained in:
Nicolas B. Pierron 2018-07-16 18:13:51 +00:00
Родитель 8cd0e59ac5
Коммит 5c9acf58b6
3 изменённых файлов: 539 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
js/src/ds/LifoAlloc.cpp
Просмотреть файл

@ -208,6 +208,14 @@ LifoAlloc::newChunkWithCapacity(size_t n)
bool protect = false;
#ifdef LIFO_CHUNK_PROTECT
protect = protect_;
// In a few cases where we keep adding memory protection, we might OOM while
// doing a mprotect / VirtualProtect due to the consumption of space in the
// page table reserved by the system. This error appears as an OOM on Linux,
// as an Invalid parameters on Windows and as a crash on OS/X. This code caps
// the amount of memory protected in order to limit occurences of this issue.
const size_t MaxPeakSize = 32 * 1024 * 1024;
if (protect && MaxPeakSize <= this->peakSize_)
protect = false;
#endif
// Create a new BumpChunk, and allocate space for it.

495
js/src/jit-test/tests/basic/consume-interpreter-stack-bug1473289.js Normal file
Просмотреть файл

@ -0,0 +1,495 @@
// |jit-test| allow-overrecursed
(function f(x) {
f(x - 1);
Array.prototype.unshift.call(a1, s2, a1, t2, a0, p2, t2);
var r2;
var r3;
var r4;
var r5;
var r6;
var r7;
var r8;
var r9;
var r10;
var r11;
var r12;
var r13;
var r14;
var r15;
var r16;
var r17;
var r18;
var r19;
var r20;
var r21;
var r22;
var r23;
var r24;
var r25;
var r26;
var r27;
var r28;
var r29;
var r30;
var r31;
var r32;
var r33;
var r34;
var r35;
var r36;
var r37;
var r38;
var r39;
var r40;
var r41;
var r42;
var r43;
var r44;
var r45;
var r46;
var r47;
var r48;
var r49;
var r50;
var r51;
var r52;
var r53;
var r54;
var r55;
var r56;
var r57;
var r58;
var r59;
var r60;
var r61;
var r62;
var r63;
var r64;
var r65;
var r66;
var r67;
var r68;
var r69;
var r70;
var r71;
var r72;
var r73;
var r74;
var r75;
var r76;
var r77;
var r78;
var r79;
var r80;
var r81;
var r82;
var r83;
var r84;
var r85;
var r86;
var r87;
var r88;
var r89;
var r90;
var r91;
var r92;
var r93;
var r149;
var r150;
var r151;
var r152;
var r153;
var r154;
var r155;
var r156;
var r157;
var r158;
var r159;
var r160;
var r161;
var r162;
var r163;
var r164;
var r165;
var r166;
var r167;
var r168;
var r169;
var r170;
var r171;
var r172;
var r173;
var r174;
var r175;
var r176;
var r177;
var r178;
var r179;
var r180;
var r181;
var r182;
var r183;
var r184;
var r185;
var r186;
var r187;
var r188;
var r189;
var r190;
var r191;
var r192;
var r193;
var r194;
var r195;
var r196;
var r197;
var r198;
var r199;
var r200;
var r201;
var r202;
var r203;
var r204;
var r205;
var r206;
var r207;
var r208;
var r209;
var r210;
var r211;
var r212;
var r213;
var r214;
var r215;
var r216;
var r217;
var r218;
var r219;
var r220;
var r221;
var r222;
var r223;
var r224;
var r225;
var r226;
var r227;
var r228;
var r229;
var r230;
var r231;
var r232;
var r233;
var r234;
var r235;
var r236;
var r237;
var r238;
var r239;
var r240;
var r241;
var r242;
var r243;
var r244;
var r245;
var r246;
var r247;
var r248;
var r249;
var r250;
var r251;
var r252;
var r253;
var r254;
var r255;
var r256;
var r257;
var r258;
var r259;
var r260;
var r261;
var r262;
var r263;
var r264;
var r265;
var r266;
var r267;
var r268;
var r269;
var r270;
var r271;
var r272;
var r273;
var r274;
var r275;
var r276;
var r277;
var r278;
var r279;
var r280;
var r281;
var r282;
var r283;
var r284;
var r285;
var r286;
var r287;
var r288;
var r289;
var r290;
var r291;
var r292;
var r293;
var r294;
var r295;
var r296;
var r297;
var r298;
var r299;
var r300;
var r301;
var r302;
var r303;
var r304;
var r305;
var r306;
var r307;
var r308;
var r309;
var r310;
var r311;
var r312;
var r313;
var r314;
var r315;
var r316;
var r317;
var r318;
var r319;
var r320;
var r321;
var r322;
var r323;
var r324;
var r325;
var r326;
var r327;
var r328;
var r329;
var r330;
var r331;
var r332;
var r333;
var r334;
var r335;
var r336;
var r337;
var r338;
var r339;
var r340;
var r341;
var r342;
var r343;
var r344;
var r345;
var r346;
var r347;
var r348;
var r349;
var r350;
var r351;
var r352;
var r353;
var r354;
var r355;
var r356;
var r357;
var r358;
var r359;
var r360;
var r361;
var r362;
var r363;
var r364;
var r365;
var r366;
var r367;
var r368;
var r369;
var r370;
var r371;
var r372;
var r373;
var r374;
var r375;
var r376;
var r377;
var r378;
var r379;
var r380;
var r381;
var r382;
var r383;
var r384;
var r385;
var r386;
var r387;
var r388;
var r389;
var r390;
var r391;
var r392;
var r393;
var r394;
var r395;
var r396;
var r397;
var r398;
var r399;
var r400;
var r401;
var r402;
var r403;
var r404;
var r405;
var r406;
var r407;
var r408;
var r409;
var r410;
var r411;
var r412;
var r413;
var r414;
var r415;
var r416;
var r417;
var r418;
var r419;
var r420;
var r421;
var r422;
var r423;
var r424;
var r425;
var r426;
var r427;
var r428;
var r429;
var r430;
var r431;
var r432;
var r433;
var r434;
var r435;
var r436;
var r437;
var r438;
var r439;
var r440;
var r441;
var r442;
var r443;
var r444;
var r445;
var r446;
var r447;
var r448;
var r449;
var r450;
var r451;
var r452;
var r453;
var r454;
var r455;
var r456;
var r457;
var r458;
var r459;
var r460;
var r461;
var r462;
var r463;
var r464;
var r465;
var r466;
var r467;
var r468;
var r469;
var r470;
var r471;
var r472;
var r473;
var r474;
var r475;
var r476;
var r477;
var r478;
var r479;
var r480;
var r481;
var r482;
var r483;
var r484;
var r485;
var r486;
var r487;
var r488;
var r489;
var r490;
var r491;
var r492;
var r493;
var r494;
var r495;
var r496;
var r497;
var r498;
var r499;
var r500;
var r501;
var r502;
var r503;
var r504;
var r505;
var r506;
var r507;
var r508;
var r509;
var r510;
var r511;
var r512;
var r513;
var r514;
var r515;
var r516;
var r517;
var r518;
var r519;
var r520;
var r521;
var r522;
var r523;
var r524;
var r525;
var r526;
var r527;
var r528;
var r529;
var r530;
var r531;
var r532;
var r533;
var r534;
var r535;
var r536;
var r537;
var r538;
var r539;
var r540;
var r541;
var r542;
var r543;
var r544;
var r545;
})(32769);

36
js/src/jit-test/tests/basic/expr-decompiler-bug1475953.js Normal file
Просмотреть файл

@ -0,0 +1,36 @@
Object.defineProperty(this, "fuzzutils", { value:{} });
setModuleResolveHook(function(module, specifier) {});
try { evaluate(`
var f = 396684;
var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
var result = new Function(src)();
`);
} catch (exc) {}
try {
evalInWorker(`
function lfEvalInCache(lfCode, lfIncremental = false, lfRunOnce = false) {
ctx = Object.create(ctx, {});
}
try { evaluate(\`
var f = 396684;
var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
var result = new Function(src)();
\`); } catch(exc) {}
`);
evalInWorker(`
Object.defineProperty(this, "fuzzutils", { value:{} });
try { evaluate(\`
var f = 396684;
var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
var result = new Function(src)();
\`); } catch(exc) {}
`);
} catch (exc) {}
try { evalInWorker(`
try { evaluate(\`
var f = 396684;
var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
var result = new Function(src)();
\`); } catch(exc) {}
`);
} catch (exc) {}