Closed
Bug 1231575
Opened 10 years ago
Closed 10 years ago
JitSpew: RegAlloc: dump buffer is too small for a kraken spew
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla46
| Tracking | Status | |
|---|---|---|
| firefox46 | --- | fixed |
People
(Reporter: wuwei, Assigned: wuwei)
References
Details
Attachments
(1 file)
|
1.27 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
In BacktrackingAllocator.cpp:LiveRange::toString(), sizeof(buf) == 2000, seems not big enough for kraken.
> cd arewefastyet/benchmarks/kraken/
> IONFLAGS=all,bl-all $JS -f xxx/prefix.js -f xxx-alone-driver.js
Crashed when dumping line 1182899.
> [RegAlloc] splitting reused input at 650 to try to help grouping
> Live ranges by virtual register:
> v1 [3,54) (def) v1:*@17 v1:*@21 v1:r?@22 v1:*@39 v1:*@47 v1:*@49 v1:*@51 v1:*@53
> v2 [5,54) (def) v2:*@17 v2:*@21 v2:r?@24 v2:*@39 v2:*@47 v2:*@49 v2:*@51 v2:*@53
> v3 [7,54) (def) v3:*@17 v3:*@21 v3:r?@26 v3:*@39 v3:*@47 v3:*@49 v3:*@51 v3:*@53
> v4 [9,54) (def) v4:*@17 v4:*@21 v4:r?@28 v4:*@39 v4:*@47 v4:*@49 v4:*@51 v4:*@53
> v5 [11,54) (def) v5:*@17 v5:*@21 v5:r?@30 v5:*@39 v5:*@47 v5:*@49 v5:*@51 v5:*@53
> v6 [13,54) (def) v6:*@17 v6:*@21 v6:r?@32 v6:*@39 v6:*@47 v6:*@49 v6:*@51 v6:*@53
> v7 [15,54) (def) v7:*@17 v7:*@21 v7:r@34 v7:*@39 v7:*@47 v7:*@49 v7:*@51 v7:*@53
> v8 [23,1830) (def) v8:*@77 v8:*@81 v8:*@87 v8:*@89 v8:*@93 v8:*@105 v8:*@107 v8:*@111 v8:*@127 v8:*@205 v8:*@207 v8:*@209 v8:*@219 v8:*@231 v8:*@233 v8:*@255 v8:*@267 v8:*@269 v8:*@271 v8:*@281 v8:*@297 v8:*@305 v8:*@321 v8:*@323 v8:*@325 v8:*@327 v8:*@345 v8:*@361 v8:*@365 v8:*@373 v8:*@381 v8:*@389 v8:*@391 v8:*@417 v8:*@437 v8:*@439 v8:*@475 v8:*@477 v8:*@505 v8:*@507 v8:*@517 v8:*@539 v8:*@545 v8:*@553 v8:*@555 v8:*@561 v8:*@599 v8:*@601 v8:*@611 v8:*@625 v8:*@627 v8:*@629 v8:*@647 v8:*@653 v8:*@661 v8:*@663 v8:*@669 v8:*@711 v8:*@749 v8:*@767 v8:*@771 v8:*@777 v8:*@805 v8:*@807 v8:*@809 v8:*@819 v8:*@831 v8:*@833 v8:*@855 v8:*@867 v8:*@869 v8:*@871 v8:*@881 v8:*@897 v8:*@907 v8:*@923 v8:*@925 v8:*@927 v8:*@929 v8:*@947 v8:*@961 v8:*@969 v8:*@979 v8:*@985 v8:*@1009 v8:*@1029 v8:*@1031 v8:*@1067 v8:*@1069 v8:*@1101 v8:*@1103 v8:*@1149 v8:*@1151 v8:*@1153 v8:*@1161 v8:*@1163 v8:*@1165 v8:*@1175 v8:*@1187 v8:*@1189 v8:*@1211 v8:*@1223 v8:*@1225 v8:*@1227 v8:*@1237 v8:*@1253 v8:*@1263 v8:*@1279 v8:*@1281 v8:*@1283 v8:*@1285 v8:*@1303 v8:*@1319 v8:*@1323 v8:*@1331 v8:*@1341 v8:*@1349 v8:*@1351 v8:*@1377 v8:*@1397 v8:*@1399 v8:*@1435 v8:*@1437 v8:*@1469 v8:*@1471 v8:*@1481 v8:*@1497 v8:*@1505 v8:*@1509 v8:*@1515 v8:*@1521 v8:*@1531 v8:*@1533 v8:*@1553 v8:*@1563 v8:*@1565 v8:*@1579 v8:*@1589 v8:*@1591 v8:*@1605 v8:*@1615 v8:*@1617 v8:*@1641 v8:*@1643 v8:*@1645 v8:*@1665 v8:*@1673 v8:*@1677 v8:*@1683 v8:*@1689 v8:*@1699 v8:*@1701 v8:*@1721 v8:*@1731 v8:*@1733 v8:*@1747 v8:*@1757 v8:*@1759 v8:*@1773 v8:*@1783 v8:*@1785 v8:*@1809 v8:*@1811 v8:*@1813 v8:*@1819 v8:*@1827 ## v8 [1832,1856) v8:*@1839 v8:*@1845 ## v8 [1858,1860) ## v8 [1864,1922) v8:*@1873 v8:*@1875 v8:*@1881 v8:*@1917 v8:*@1921
> Assertion failure: int32_t(outlen) > 0, at /work/repo/gecko-dev/js/src/jsprf.cpp:999
|
Assignee | |
Comment 1•10 years ago
|
||
$git show
commit a1980896be3b504dcbb9ab511421237bc72bb0c7
Merge: 11699b7 feae2f1
Author: Carsten "Tomcat" Book <cbook@mozilla.com>
Date: Thu Nov 26 11:57:05 2015 +0100
merge fx-team to mozilla-central a=merge
|
|
Assignee | |
Comment 2•10 years ago
|
||
copied from bug 1231024 comment 13
> Drive-by comment:
>
> liveRange dump has a relatively small buffer for JitSpew, which has only
> 2000 bytes currently.
> I tried to enlarge it to 4096, and crashed again. turns out the liveBundle
> and liveRange could be
> huge, and this is the largest result I profiled agains kraken benchmark:
>
> LiveRange usesCount: 760
> LiveRange usesCount: 762
> LiveRange usesCount: 762
> LiveRange usesCount: 762
> LiveRange usesCount: 770
> LiveRange usesCount: 770
> LiveRange usesCount: 770
> LiveBundle usesCount: 7
> LiveBundle usesCount: 7
> LiveBundle usesCount: 7
>
> the easiest way is to try enlarge the buffer size (both
> LiveRange::toString() and LiveBundle::toString()), or you can replace the
> MOZ_CRASH() with 'break', if it is urgent.
Since the extreme cases are too large to cover, we need to truncate it.
|
|
Assignee | |
Comment 3•10 years ago
|
||
the distribution of regalloc spew data for kraken:
> 1000 379913
> 2000 2654
> 4000 709
> 8000 262
> 12000 27
> 16000 7
> 20000 11
> >20k 0
Assignee: nobody → lazyparser
|
|
Assignee | |
Comment 4•10 years ago
|
||
Enlarge the buffer size.
Attachment #8697759 -
Flags: review?(bhackett1024)
|
||
Updated•10 years ago
|
Attachment #8697759 -
Flags: review?(bhackett1024) → review+
Keywords: checkin-needed
|
||
Comment 7•10 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox46:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in
before you can comment on or make changes to this bug.
Description
•