|
|
| Line 66: |
Line 66: |
| = Roundtable = | | = Roundtable = |
| * Infallible malloc <small>(added to agenda by Jesse)</small> | | * Infallible malloc <small>(added to agenda by Jesse)</small> |
| ** The problem, which has only recently come to light:
| | ** We talked about this for 10 minutes but decided it need its own meeting, [[Platform/InfallibleMalloc]]. Notes have been moved to that meeting's page. |
| *** We haven't actually made <code>malloc</code> infallible yet. We already made <code>new</code> infallible for Firefox 4, but many data structures (including arrays and strings) can still misbehave on OOM because [https://bugzilla.mozilla.org/show_bug.cgi?id=611123 <code>malloc</code> can still return NULL].
| |
| *** Many exploitable OOM bugs are in system libraries rather than Firefox itself. Replacing <code>malloc</code> may be the <em>only</em> way for us to work around all of these bugs.
| |
| *** Security researchers have been reporting many OOM bugs lately.
| |
| **** We often can't reproduce what they see because we OOM slightly earlier or later.
| |
| **** This is a recipe for embarrassment when "old" testcases find "new" bugs, as Alex Miller [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=504342,583077,606714 discovered].
| |
| ** The plan of record:
| |
| *** [https://bugzilla.mozilla.org/show_bug.cgi?id=610823 Fix <code>nsTArray</code>]
| |
| ** Proposal:
| |
| *** [https://bugzilla.mozilla.org/show_bug.cgi?id=611123 Make <code>malloc</code> infallible]
| |
| *** Fix too-large-allocation crashes (distinct from OOM), which will be obvious in crash-stats.
| |
| **** Will require exposing a fallible malloc somehow
| |
| **** May require adding methods or variants to string classes, for example.
| |
| ** We must run GC and purge caches before giving up or we will have false positive OOMs when tons of memory is not actually live.
| |
| *** Need to monitor OS memory pressure and avoid getting close to these false OOMs.
| |
| *** This was part of E10s, is it ready for Firefox 4?
| |
| ** Damon will organize a smaller meeting later today to discuss this. Email him if you want to be part of that meeting.
| |
| * Crash Update | | * Crash Update |
| ** Crashes on trunk down considerably - ~5/100 active users. | | ** Crashes on trunk down considerably - ~5/100 active users. |