Page MenuHomePhabricator

Bug 1841040 - Remove over-alignment from GCMarker and Nursery, r=jonco
ClosedPublic

Authored by xry111 on Jun 30 2023, 8:33 AM.
Referenced Files
Unknown Object (File)
Tue, Oct 14, 10:14 PM
Unknown Object (File)
Mon, Oct 13, 1:12 AM
Unknown Object (File)
Aug 5 2025, 10:28 PM
Unknown Object (File)
Aug 5 2025, 10:28 PM
Unknown Object (File)
Aug 5 2025, 10:10 AM
Unknown Object (File)
Aug 5 2025, 10:10 AM
Unknown Object (File)
Aug 5 2025, 12:07 AM
Unknown Object (File)
Aug 5 2025, 12:07 AM
Subscribers

Details

Summary

js_new<T> cannot guarantee the alignment if T is over-aligned, and this
issue is not trivial to fix (blocked by Bug 1842582).

Add a static assert to detect the attempt using js_new<T> for
over-aligned T, and remove the problematic alignas() attributes as a
short-term fix.

Event Timeline

phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".
phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".
phab-bot removed a project: secure-revision.

Thanks for working on this.

js/public/Utility.h
481

nit: maybe add a message to say this doesn't support the larger alignment.

533

Rather than adding this block, it would be simpler to add a version of js_malloc that takes an alignment argument and use it with JS_DECLARE_NEW_METHODS here.

js/public/Utility.h
533

Modifying JS_DECLARE_NEW_METHODS to use a 3-parameter ALLOCATOR will need a tree-wide change (JS_DECLARE_NEW_METHODS is directly used in various files). If you really prefer this way I can make a try though.

js/public/Utility.h
533

Yes, that's true.

Does your patch build with --disable-jemalloc in your mozconfig?

js/public/Utility.h
533

Yes, --disable-jemalloc is (almost always) needed for a standalone Spidermonkey build.

It might be nicer to continue to use JS_DECLARE_NEW_METHODS for js_new but it's more important to fix the problem without making more sweeping changes to the codebase. All this code could use some careful refactoring anyway.

Thanks for the fix.

This revision is now accepted and ready to land.Jun 30 2023, 10:20 AM

It might be nicer to continue to use JS_DECLARE_NEW_METHODS for js_new but it's more important to fix the problem without making more sweeping changes to the codebase. All this code could use some careful refactoring anyway.

Thanks for the fix.

I don't have write access to mozilla-central, so I need some help to land it.

And I see it's "blocked" for "no author info" because I've not used hg for generating the patch. Is it possible to work it around or I really need to clone the large hg repository and regenerate the patch?

I don't have write access to mozilla-central, so I need some help to land it.

I can push this for you next week (there's a code freeze right now).

And I see it's "blocked" for "no author info" because I've not used hg for generating the patch. Is it possible to work it around or I really need to clone the large hg repository and regenerate the patch?

I can't seem to change that. You could ask in #developers in case anyone knows.

I don't have write access to mozilla-central, so I need some help to land it.

I can push this for you next week (there's a code freeze right now).

And I see it's "blocked" for "no author info" because I've not used hg for generating the patch. Is it possible to work it around or I really need to clone the large hg repository and regenerate the patch?

I can't seem to change that. You could ask in #developers in case anyone knows.

Then I'll try hg in the weekend, and I can add a message to static_assert by the way.

xry111 retitled this revision from Bug 1841040 - Ensure the allocated memory block aligned to alignof(T) for js_new<T> to Bug 1841040 - Ensure the allocated memory block aligned to alignof(T) for js_new<T>, r=jonco.

Is the branch opened now?

Sorry for the delay.

js/public/Utility.h
529

I did a try push and it pointed out that 'bytes' is not defined here. This causes builds with --enable-fuzzing to fail. I guess that's the only time JS_CHECK_LARGE_ALLOC is defined.

For consistency with the rest of the allocation functions, could you also make a js_malloc_aligned function along the same lines as js_malloc and use it here?

xry111 added inline comments.
js/public/Utility.h
529

Ah, I was so stupid to write "bytes" there...

I've added js_arena_memalign and js_memalign.

Code analysis found 4 defects in diff 740188:

  • 1 defect found by clang-format
  • 3 defects found by clang-format (Mozlint)
WARNING: Found 4 defects (warning level) that can be dismissed.

You can run this analysis locally with:

  • ./mach lint --warnings --outgoing
  • ./mach clang-format -p js/public/Utility.h

For your convenience, here is a patch that fixes all the clang-format defects (use it in your repository with hg import or git apply -p0).


If you see a problem in this automated review, please report it here.

You can view these defects in the Diff Detail section of Phabricator diff 740188.

xry111 marked an inline comment as done.

Code analysis found 3 defects in diff 740195:

  • 3 defects found by clang-format (Mozlint)

4 defects closed compared to the previous diff 740188.

WARNING: Found 3 defects (warning level) that can be dismissed.

You can run this analysis locally with:

  • ./mach lint --warnings --outgoing

If you see a problem in this automated review, please report it here.

You can view these defects in the Diff Detail section of Phabricator diff 740195.

3 defects closed compared to the previous diff 740195.


If you see a problem in this automated review, please report it here.

Thanks for the updates!

I pushed this to try again but there are some failures during asan tests: https://treeherder.mozilla.org/logviewer?job_id=422108005&repo=try&lineNumber=2016

I'm not exactly sure what's happening here but it may be due to how asan is set up.

Thanks for the updates!

I pushed this to try again but there are some failures during asan tests: https://treeherder.mozilla.org/logviewer?job_id=422108005&repo=try&lineNumber=2016

I'm not exactly sure what's happening here but it may be due to how asan is set up.

Ooooops... From the man page of memalign:

POSIX requires that memory obtained from posix_memalign() can be freed using free(3). Some systems provide no way to reclaim memory allocated with memalign() or valloc() (because one can pass to free(3) only a pointer obtained from malloc(3), while, for example, memalign() would call malloc(3) and then align the obtained value). The glibc implementation allows memory obtained from any of these functions to be reclaimed with free(3).

I guess Windows is a platform where you cannot free the pointer returned by memalign :(. I'll try to figure out a solution.

We have:

#ifndef HAVE_MEMALIGN
MOZ_MEMORY_API void* memalign(size_t aAlignment, size_t aSize) {
#  ifdef XP_WIN
  return _aligned_malloc(aSize, aAlignment);
#  else
  void* ret;
  if (posix_memalign(&ret, aAlignment, aSize) != 0) {
    return nullptr;
  }
  return ret;
#  endif
}
#endif

but Microsoft explicitly says we cannot free() a pointer returned by _aligned_malloc.

That seems wrong... do you want to file a bug for that?

That seems wrong... do you want to file a bug for that?

https://bugzilla.mozilla.org/show_bug.cgi?id=1842582

In the meantime maybe I should try to make GCRuntime no longer over-aligned instead...

xry111 retitled this revision from Bug 1841040 - Ensure the allocated memory block aligned to alignof(T) for js_new<T>, r=jonco to Bug 1841040 - Remove over-alignment from GCMarker and Nursery, r=jonco.
xry111 edited the summary of this revision. (Show Details)

Alright, so I guess we should just remove the over-alignment of js::Nursery and js::GCMarker for now. Anyway js_new does not guarantee the alignment for them, so let's stop "pretending" they were aligned.

Code analysis found 6 defects in diff 740386:

  • 6 defects found by clang-format (Mozlint)
WARNING: Found 6 defects (warning level) that can be dismissed.

You can run this analysis locally with:

  • ./mach lint --warnings --outgoing

If you see a problem in this automated review, please report it here.

You can view these defects in the Diff Detail section of Phabricator diff 740386.

6 defects closed compared to the previous diff 740386.


If you see a problem in this automated review, please report it here.