[wasm] Trigger GC two times before reporting OOM

The first GC will collect dead JSArrayBuffers, but the release of the underlying JSArrayBuffer::Allocations might be delayed. Hence, a second GC might be needed. R=ulan@chromium.org Bug: v8:7621 Change-Id: Iee714f05cb939bb084d064be6d31dfbab32ff4ba Reviewed-on: https://chromium-review.googlesource.com/995533 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52357}
2018-04-04 15:27:12 +02:00 · 2018-04-04 15:27:12 +02:00 · b7d9672aa6
commit b7d9672aa6
parent 58b503c291
1 changed files with 10 additions and 6 deletions
--- a/src/wasm/wasm-memory.cc
+++ b/src/wasm/wasm-memory.cc
@ -33,13 +33,17 @@ void* TryAllocateBackingStore(WasmMemoryTracker* memory_tracker, Heap* heap,

  // Let the WasmMemoryTracker know we are going to reserve a bunch of
  // address space.
-  if (!memory_tracker->ReserveAddressSpace(*allocation_length)) {
-    // If we fail the first time, collect garbage and retry.
+  // Try up to three times; getting rid of dead JSArrayBuffer allocations might
+  // require two GCs.
+  // TODO(gc): Fix this to only require one GC (crbug.com/v8/7621).
+  for (int trial = 0;; ++trial) {
+    if (memory_tracker->ReserveAddressSpace(*allocation_length)) break;
+    // Collect garbage and retry.
    heap->MemoryPressureNotification(MemoryPressureLevel::kCritical, true);
-    if (!memory_tracker->ReserveAddressSpace(*allocation_length)) {
-      // If we are over the address space limit, fail.
-      return nullptr;
-    }
+    // After first and second GC: retry.
+    if (trial < 2) continue;
+    // We are over the address space limit. Fail.
+    return nullptr;
  }

  // The Reserve makes the whole region inaccessible by default.