Changeset 275243 in webkit


Ignore:
Timestamp:
Mar 30, 2021 3:46:57 PM (3 years ago)
Author:
mark.lam@apple.com
Message:

Add Options::exitOnResourceExhaustion() to enable exiting instead of crashing on resource exhaustion.
https://bugs.webkit.org/show_bug.cgi?id=223959
rdar://63934158

Reviewed by Tadeu Zagallo.

This is useful to unblock fuzzers from false positive crashes due to resource
exhaustion. Currently, this is only applied to StructureID exhaustion.

Since we're adding this facility, we might as well implement it in such a way that
it can be easily deployed for other types of resource exhaustion as well.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • runtime/OptionsList.h:
  • runtime/ResourceExhaustion.cpp: Added.

(JSC::handleResourceExhaustion):

  • runtime/ResourceExhaustion.h: Added.
  • runtime/StructureIDTable.cpp:

(JSC::StructureIDTable::resize):

Location:
trunk/Source/JavaScriptCore
Files:
2 added
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/CMakeLists.txt

    r275111 r275243  
    10451045    runtime/RegExpObject.h
    10461046    runtime/RegExpStringIteratorPrototype.h
     1047    runtime/ResourceExhaustion.h
    10471048    runtime/RuntimeFlags.h
    10481049    runtime/RuntimeType.h

  • trunk/Source/JavaScriptCore/ChangeLog

    r275233 r275243  
     12021-03-30  Mark Lam  <mark.lam@apple.com>
     2
     3        Add Options::exitOnResourceExhaustion() to enable exiting instead of crashing on resource exhaustion.
     4        https://bugs.webkit.org/show_bug.cgi?id=223959
     5        rdar://63934158
     6
     7        Reviewed by Tadeu Zagallo.
     8
     9        This is useful to unblock fuzzers from false positive crashes due to resource
     10        exhaustion.  Currently, this is only applied to StructureID exhaustion.
     11
     12        Since we're adding this facility, we might as well implement it in such a way that
     13        it can be easily deployed for other types of resource exhaustion as well.
     14
     15        * CMakeLists.txt:
     16        * JavaScriptCore.xcodeproj/project.pbxproj:
     17        * Sources.txt:
     18        * runtime/OptionsList.h:
     19        * runtime/ResourceExhaustion.cpp: Added.
     20        (JSC::handleResourceExhaustion):
     21        * runtime/ResourceExhaustion.h: Added.
     22        * runtime/StructureIDTable.cpp:
     23        (JSC::StructureIDTable::resize):
     24
    1252021-03-30  Ryan Haddad  <ryanhaddad@apple.com>
    226

  • trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

    r274522 r275243  
    19891989                FE912B5125311AD100FABDDF /* AbstractSlotVisitorInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FE912B5025311AD100FABDDF /* AbstractSlotVisitorInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
    19901990                FE99B2491C24C3D300C82159 /* JITNegGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE99B2481C24B6D300C82159 /* JITNegGenerator.h */; };
     1991                FE9F3FB92613C7890069E89F /* ResourceExhaustion.h in Headers */ = {isa = PBXBuildFile; fileRef = FE9F3FB82613C7880069E89F /* ResourceExhaustion.h */; };
    19911992                FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861E182B7A0400F6D851 /* Breakpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
    19921993                FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */; settings = {ATTRIBUTES = (Private, ); }; };
     
    53555356                FE99B2471C24B6D300C82159 /* JITNegGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITNegGenerator.cpp; sourceTree = "<group>"; };
    53565357                FE99B2481C24B6D300C82159 /* JITNegGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITNegGenerator.h; sourceTree = "<group>"; };
     5358                FE9F3FB82613C7880069E89F /* ResourceExhaustion.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ResourceExhaustion.h; sourceTree = "<group>"; };
     5359                FE9F3FBA2613C87C0069E89F /* ResourceExhaustion.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ResourceExhaustion.cpp; sourceTree = "<group>"; };
    53575360                FEA0861E182B7A0400F6D851 /* Breakpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Breakpoint.h; sourceTree = "<group>"; };
    53585361                FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebuggerPrimitives.h; sourceTree = "<group>"; };
     
    77747777                                84925A9A22B30CBA00D1DFFF /* RegExpStringIteratorPrototype.cpp */,
    77757778                                84925A9B22B30CBA00D1DFFF /* RegExpStringIteratorPrototype.h */,
     7779                                FE9F3FBA2613C87C0069E89F /* ResourceExhaustion.cpp */,
     7780                                FE9F3FB82613C7880069E89F /* ResourceExhaustion.h */,
    77767781                                70B0A9D01A9B66200001306A /* RuntimeFlags.h */,
    77777782                                527773DD1AAF83AC00BDE7E8 /* RuntimeType.cpp */,
     
    94949499                                0F4F11EB209D426600709654 /* DFGAbstractValueClobberEpoch.h in Headers */,
    94959500                                0FD3E4021B618AAF00C80E1E /* DFGAdaptiveInferredPropertyValueWatchpoint.h in Headers */,
     9501                                FE9F3FB92613C7890069E89F /* ResourceExhaustion.h in Headers */,
    94969502                                0F18D3D01B55A6E0002C5C9F /* DFGAdaptiveStructureWatchpoint.h in Headers */,
    94979503                                0F66E16B14DF3F1600B7B2E4 /* DFGAdjacencyList.h in Headers */,

  • trunk/Source/JavaScriptCore/Sources.txt

    r274522 r275243  
    975975runtime/RegExpPrototype.cpp
    976976runtime/RegExpStringIteratorPrototype.cpp
     977runtime/ResourceExhaustion.cpp
    977978runtime/RuntimeType.cpp
    978979runtime/SamplingCounter.cpp

  • trunk/Source/JavaScriptCore/runtime/OptionsList.h

    r274609 r275243  
    377377    v(Unsigned, exceptionStackTraceLimit, 100, Normal, "Stack trace limit for internal Exception object") \
    378378    v(Unsigned, defaultErrorStackTraceLimit, 100, Normal, "The default value for Error.stackTraceLimit") \
     379    v(Bool, exitOnResourceExhaustion, false, Normal, nullptr) \
    379380    v(Bool, useExceptionFuzz, false, Normal, nullptr) \
    380381    v(Unsigned, fireExceptionFuzzAt, 0, Normal, nullptr) \

  • trunk/Source/JavaScriptCore/runtime/StructureIDTable.cpp

    r264630 r275243  
    11/*
    2  * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2013-2021 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    2727#include "StructureIDTable.h"
    2828
     29#include "ResourceExhaustion.h"
    2930#include <wtf/Atomics.h>
    3031#include <wtf/DataLog.h>
     
    110111    // If m_size is already s_maximumNumberOfStructures, newCapacity becomes s_maximumNumberOfStructures in the above code.
    111112    // In that case, we should crash because of exhaust of StructureIDs.
    112     RELEASE_ASSERT_WITH_MESSAGE(m_size < newCapacity, "Crash intentionally because of exhaust of StructureIDs.");
     113    RELEASE_ASSERT_RESOURCE_AVAILABLE(m_size < newCapacity, StructureIDExhaustion, "Crash intentionally because of exhaust of StructureIDs.");
    113114
    114115    // Create the new table.
Note: See TracChangeset for help on using the changeset viewer.