[vm] Fix corruption of null and following objects during OOM.

Array::New[Uninitialized] don't expect to get null from Object::Allocate. Using longjmp seems more robust than adding checks everywhere.

TEST=vm/dart/gc/scavenger_abort_test
Bug: #60552
Change-Id: I2750427c41751f8306d5c8dc28afaf052b6e9d74
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/422902
Commit-Queue: Ryan Macnak <[email protected]>
Reviewed-by: Alexander Aprelev <[email protected]>

Author: rmacnak-google

runtime/vm/exceptions.cc

@@ -712,46 +712,44 @@ StackTracePtr Exceptions::CurrentStackTrace() {
   return GetStackTraceForException();
 }
 
-static StackTracePtr CreateStackTrace(Zone* zone) {
-  const Array& code_array = Array::Handle(
-      zone, Array::New(StackTrace::kFixedOOMStackdepth, Heap::kOld));
-  if (code_array.IsNull()) {
-    return StackTrace::null();
-  }
-  const TypedData& pc_offset_array = TypedData::Handle(
-      zone,
-      TypedData::New(kUintPtrCid, StackTrace::kFixedOOMStackdepth, Heap::kOld));
-  if (pc_offset_array.IsNull()) {
-    return StackTrace::null();
-  }
-  const StackTrace& stack_trace =
-      StackTrace::Handle(zone, StackTrace::New(code_array, pc_offset_array));
-  // Expansion of inlined functions requires additional memory at run time,
-  // avoid it.
-  if (stack_trace.IsNull()) {
+static StackTracePtr TryCreateStackTrace(Thread* thread, Zone* zone) {
+  LongJumpScope jump(thread);
+  if (DART_SETJMP(*jump.Set()) == 0) {
+    const Array& code_array = Array::Handle(
+        zone, Array::New(StackTrace::kFixedOOMStackdepth, Heap::kOld));
+    const TypedData& pc_offset_array = TypedData::Handle(
+        zone, TypedData::New(kUintPtrCid, StackTrace::kFixedOOMStackdepth,
+                             Heap::kOld));
+    const StackTrace& stack_trace =
+        StackTrace::Handle(zone, StackTrace::New(code_array, pc_offset_array));
+    // Expansion of inlined functions requires additional memory at run time,
+    // avoid it.
+    stack_trace.set_expand_inlined(false);
+    return stack_trace.ptr();
+  } else {
+    RELEASE_ASSERT(thread->StealStickyError() ==
+                   Object::out_of_memory_error().ptr());
     return StackTrace::null();
   }
-  stack_trace.set_expand_inlined(false);
-  return stack_trace.ptr();
 }
 
 static UnhandledExceptionPtr CreateUnhandledExceptionOrUsePrecanned(
     Thread* thread,
     const Instance& exception,
     const Instance& stacktrace) {
-  UnhandledException& unhandled = UnhandledException::Handle(thread->zone());
-  {
-    NoThrowOOMScope no_throw_oom_scope(thread);
-    unhandled ^= UnhandledException::New(Heap::kOld);
-  }
-  if (unhandled.IsNull()) {
-    // If we failed to create new instance, use pre-canned one.
-    unhandled ^= Object::unhandled_oom_exception().ptr();
-  } else {
+  LongJumpScope jump(thread);
+  if (DART_SETJMP(*jump.Set()) == 0) {
+    UnhandledException& unhandled =
+        UnhandledException::Handle(UnhandledException::New(Heap::kOld));
     unhandled.set_exception(exception);
     unhandled.set_stacktrace(stacktrace);
+    return unhandled.ptr();
+  } else {
+    RELEASE_ASSERT(thread->StealStickyError() ==
+                   Object::out_of_memory_error().ptr());
+    // If we failed to create new instance, use pre-canned one.
+    return Object::unhandled_oom_exception().ptr();
   }
-  return unhandled.ptr();
 }
 
 DART_NORETURN
@@ -802,12 +800,9 @@ static void ThrowExceptionHelper(Thread* thread,
   bool handler_needs_stacktrace = finder.needs_stacktrace;
   Instance& stacktrace = Instance::Handle(zone);
   if (create_stacktrace) {
-    {
-      NoThrowOOMScope no_throw_oom_scope(thread);
-      stacktrace = CreateStackTrace(zone);
-    }
     // Ensure we have enough memory to create stacktrace,
     // otherwise fallback to reporting OOM without stacktrace.
+    stacktrace = TryCreateStackTrace(thread, zone);
     if (!stacktrace.IsNull()) {
       if (handler_pc == 0) {
         // No Dart frame.

runtime/vm/object.cc

@@ -2891,9 +2891,6 @@ ObjectPtr Object::Allocate(intptr_t cls_id,
       Report::LongJump(Object::out_of_memory_error());
       UNREACHABLE();
     } else if (thread->top_exit_frame_info() != 0) {
-      if (thread->IsInNoThrowOOMScope()) {
-        return Object::null();
-      }
       Exceptions::ThrowOOM();
       UNREACHABLE();
     } else {

runtime/vm/thread.h

@@ -757,8 +757,6 @@ class Thread : public ThreadState {
     return stopped_mutators_scope_depth_ > 0;
   }
 
-  bool IsInNoThrowOOMScope() const { return no_throw_oom_scope_depth_ > 0; }
-
 #define DEFINE_OFFSET_METHOD(type_name, member_name, expr, default_init_value) \
   static intptr_t member_name##offset() {                                      \
     return OFFSET_OF(Thread, member_name);                                     \
@@ -1458,7 +1456,6 @@ class Thread : public ThreadState {
   VMHandles reusable_handles_;
   int32_t stack_overflow_count_;
   uint32_t runtime_call_count_ = 0;
-  intptr_t no_throw_oom_scope_depth_ = 0;
 
   // Deoptimization of stack frames.
   RuntimeCallDeoptAbility runtime_call_deopt_ability_ =
@@ -1632,7 +1629,6 @@ class Thread : public ThreadState {
   friend class Simulator;
   friend class StackZone;
   friend class StoppedMutatorsScope;
-  friend class NoThrowOOMScope;
   friend class ThreadRegistry;
   friend class CompilerState;
   friend class compiler::target::Thread;
@@ -1861,22 +1857,6 @@ class LeaveCompilerScope : public ValueObject {
 };
 #endif  // defined(DEBUG)
 
-class NoThrowOOMScope : public ThreadStackResource {
- public:
-  explicit NoThrowOOMScope(Thread* thread) : ThreadStackResource(thread) {
-    thread->no_throw_oom_scope_depth_++;
-    ASSERT(thread->no_throw_oom_scope_depth_ >= 0);
-  }
-
-  ~NoThrowOOMScope() {
-    thread()->no_throw_oom_scope_depth_ -= 1;
-    ASSERT(thread()->no_throw_oom_scope_depth_ >= 0);
-  }
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(NoThrowOOMScope);
-};
-
 }  // namespace dart
 
 #endif  // RUNTIME_VM_THREAD_H_