Closed Bug 1129314 Opened 9 years ago Closed 9 years ago

Assertion failure: !empty(), at dist/include/mozilla/Vector.h involving oomAfterAllocations

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- fixed

People

(Reporter: gkw, Assigned: sfink)

Details

(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])

Attachments

(2 files)

stack
3.04 KB, text/plain
Details
On OOM, abort the stats collection entirely
7.97 KB, patch
terrence
: review+
Details | Diff | Splinter Review 
oomAfterAllocations(0);
gcslice(12);

asserts js debug shell on m-c changeset 58e4264903ba with --fuzzing-safe --no-threads --no-baseline --no-ion at Assertion failure: !empty(), at dist/include/mozilla/Vector.h.

Debug configure options:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-debug --enable-optimize --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

Jon/Terrence, any idea what's going on here? (fwiw stable oomAfterAllocations support was only just implemented)
Flags: needinfo?(terrence)
Attached file stack 
(lldb) bt 5
* thread #1: tid = 0x66f5d, 0x0000000100881cd4 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`mozilla::VectorBase<js::gcstats::Statistics::SliceData, 8ul, js::SystemAllocPolicy, js::Vector<js::gcstats::Statistics::SliceData, 8ul, js::SystemAllocPolicy> >::back(this=<unavailable>) + 196 at Vector.h:422, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000100881cd4 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`mozilla::VectorBase<js::gcstats::Statistics::SliceData, 8ul, js::SystemAllocPolicy, js::Vector<js::gcstats::Statistics::SliceData, 8ul, js::SystemAllocPolicy> >::back(this=<unavailable>) + 196 at Vector.h:422
    frame #1: 0x00000001007aa0f5 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`js::gc::GCRuntime::resetIncrementalGC(char const*) [inlined] js::gcstats::Statistics::reset(reason=0x000000010142fea8) + 12 at Statistics.h:172
    frame #2: 0x00000001007aa0e9 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`js::gc::GCRuntime::resetIncrementalGC(this=0x000000010201fb30, reason=0x000000010142fea8) + 1065 at jsgc.cpp:5686
    frame #3: 0x00000001007ab5a0 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`js::gc::GCRuntime::gcCycle(this=0x000000010201fb30, incremental=<unavailable>, budget=0x00007fff5fbff178, reason=DESTROY_CONTEXT) + 320 at jsgc.cpp:6032
    frame #4: 0x00000001007abe68 js-dbg-64-dm-nsprBuild-darwin-58e4264903ba`js::gc::GCRuntime::collect(this=0x000000010201fb30, incremental=false, budget=(deadline = 9223372036854775807, counter = 9223372036854775807), reason=COMPARTMENT_REVIVED) + 840 at jsgc.cpp:6171
(lldb)
Flags: needinfo?(jcoppeard)
More fallout from Steve's statistics changes.
Flags: needinfo?(terrence)
Flags: needinfo?(sphink)
Flags: needinfo?(jcoppeard)
Man, this is the gift that keeps on giving.

This patch fixes the problem in this bug (it changes to an unhandlable OOM), as well as the jsapi-tests bug that terrence reported over IRC. When first we practice to deceive... all of this is fallout from my "fixing" of an unhandlable OOM by remembering that our current stats collection is botched and continuing on without it. Perhaps I shouldn't even bother, and I should instead kill or modify the original failing test. (Or mark the stats allocations as invulnerable to oomAfterAllocations. Or something.)

But hey, unhandlable OOMs suck. So I'll keep trying for now.
Attachment #8559599 - Flags: review?(terrence)
Assignee: nobody → sphink
Status: NEW → ASSIGNED
Flags: needinfo?(sphink)
Comment on attachment 8559599 [details] [diff] [review]
On OOM, abort the stats collection entirely

Review of attachment 8559599 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/gc/Statistics.cpp
@@ +902,5 @@
>  Statistics::printStats()
>  {
> +    if (aborted) {
> +        if (fullFormat)
> +            fprintf(fp, "GC aborted\n");

This message is going to sow confusion. Let's say something like "The GC::Statistics subsystem hit an OOM and had to threw its slices overboard in order to stay afloat."
Attachment #8559599 - Flags: review?(terrence) → review+
https://hg.mozilla.org/mozilla-central/rev/ad796c7bd98a
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox38: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Summary: Assertion failure: !empty(), at dist/include/mozilla/Vector.h → Assertion failure: !empty(), at dist/include/mozilla/Vector.h involving oomAfterAllocations
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: