Closed Bug 1231575 Opened 10 years ago Closed 10 years ago

JitSpew: RegAlloc: dump buffer is too small for a kraken spew

Categories

(Core :: JavaScript Engine: JIT, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla46
Tracking Status
firefox46 --- fixed

People

(Reporter: wuwei, Assigned: wuwei)

References

Details

Attachments

(1 file)

In BacktrackingAllocator.cpp:LiveRange::toString(), sizeof(buf) == 2000, seems not big enough for kraken. > cd arewefastyet/benchmarks/kraken/ > IONFLAGS=all,bl-all $JS -f xxx/prefix.js -f xxx-alone-driver.js Crashed when dumping line 1182899. > [RegAlloc] splitting reused input at 650 to try to help grouping > Live ranges by virtual register: > v1 [3,54) (def) v1:*@17 v1:*@21 v1:r?@22 v1:*@39 v1:*@47 v1:*@49 v1:*@51 v1:*@53 > v2 [5,54) (def) v2:*@17 v2:*@21 v2:r?@24 v2:*@39 v2:*@47 v2:*@49 v2:*@51 v2:*@53 > v3 [7,54) (def) v3:*@17 v3:*@21 v3:r?@26 v3:*@39 v3:*@47 v3:*@49 v3:*@51 v3:*@53 > v4 [9,54) (def) v4:*@17 v4:*@21 v4:r?@28 v4:*@39 v4:*@47 v4:*@49 v4:*@51 v4:*@53 > v5 [11,54) (def) v5:*@17 v5:*@21 v5:r?@30 v5:*@39 v5:*@47 v5:*@49 v5:*@51 v5:*@53 > v6 [13,54) (def) v6:*@17 v6:*@21 v6:r?@32 v6:*@39 v6:*@47 v6:*@49 v6:*@51 v6:*@53 > v7 [15,54) (def) v7:*@17 v7:*@21 v7:r@34 v7:*@39 v7:*@47 v7:*@49 v7:*@51 v7:*@53 > v8 [23,1830) (def) v8:*@77 v8:*@81 v8:*@87 v8:*@89 v8:*@93 v8:*@105 v8:*@107 v8:*@111 v8:*@127 v8:*@205 v8:*@207 v8:*@209 v8:*@219 v8:*@231 v8:*@233 v8:*@255 v8:*@267 v8:*@269 v8:*@271 v8:*@281 v8:*@297 v8:*@305 v8:*@321 v8:*@323 v8:*@325 v8:*@327 v8:*@345 v8:*@361 v8:*@365 v8:*@373 v8:*@381 v8:*@389 v8:*@391 v8:*@417 v8:*@437 v8:*@439 v8:*@475 v8:*@477 v8:*@505 v8:*@507 v8:*@517 v8:*@539 v8:*@545 v8:*@553 v8:*@555 v8:*@561 v8:*@599 v8:*@601 v8:*@611 v8:*@625 v8:*@627 v8:*@629 v8:*@647 v8:*@653 v8:*@661 v8:*@663 v8:*@669 v8:*@711 v8:*@749 v8:*@767 v8:*@771 v8:*@777 v8:*@805 v8:*@807 v8:*@809 v8:*@819 v8:*@831 v8:*@833 v8:*@855 v8:*@867 v8:*@869 v8:*@871 v8:*@881 v8:*@897 v8:*@907 v8:*@923 v8:*@925 v8:*@927 v8:*@929 v8:*@947 v8:*@961 v8:*@969 v8:*@979 v8:*@985 v8:*@1009 v8:*@1029 v8:*@1031 v8:*@1067 v8:*@1069 v8:*@1101 v8:*@1103 v8:*@1149 v8:*@1151 v8:*@1153 v8:*@1161 v8:*@1163 v8:*@1165 v8:*@1175 v8:*@1187 v8:*@1189 v8:*@1211 v8:*@1223 v8:*@1225 v8:*@1227 v8:*@1237 v8:*@1253 v8:*@1263 v8:*@1279 v8:*@1281 v8:*@1283 v8:*@1285 v8:*@1303 v8:*@1319 v8:*@1323 v8:*@1331 v8:*@1341 v8:*@1349 v8:*@1351 v8:*@1377 v8:*@1397 v8:*@1399 v8:*@1435 v8:*@1437 v8:*@1469 v8:*@1471 v8:*@1481 v8:*@1497 v8:*@1505 v8:*@1509 v8:*@1515 v8:*@1521 v8:*@1531 v8:*@1533 v8:*@1553 v8:*@1563 v8:*@1565 v8:*@1579 v8:*@1589 v8:*@1591 v8:*@1605 v8:*@1615 v8:*@1617 v8:*@1641 v8:*@1643 v8:*@1645 v8:*@1665 v8:*@1673 v8:*@1677 v8:*@1683 v8:*@1689 v8:*@1699 v8:*@1701 v8:*@1721 v8:*@1731 v8:*@1733 v8:*@1747 v8:*@1757 v8:*@1759 v8:*@1773 v8:*@1783 v8:*@1785 v8:*@1809 v8:*@1811 v8:*@1813 v8:*@1819 v8:*@1827 ## v8 [1832,1856) v8:*@1839 v8:*@1845 ## v8 [1858,1860) ## v8 [1864,1922) v8:*@1873 v8:*@1875 v8:*@1881 v8:*@1917 v8:*@1921 > Assertion failure: int32_t(outlen) > 0, at /work/repo/gecko-dev/js/src/jsprf.cpp:999
$git show commit a1980896be3b504dcbb9ab511421237bc72bb0c7 Merge: 11699b7 feae2f1 Author: Carsten "Tomcat" Book <cbook@mozilla.com> Date: Thu Nov 26 11:57:05 2015 +0100 merge fx-team to mozilla-central a=merge
Blocks: 1231024
copied from bug 1231024 comment 13 > Drive-by comment: > > liveRange dump has a relatively small buffer for JitSpew, which has only > 2000 bytes currently. > I tried to enlarge it to 4096, and crashed again. turns out the liveBundle > and liveRange could be > huge, and this is the largest result I profiled agains kraken benchmark: > > LiveRange usesCount: 760 > LiveRange usesCount: 762 > LiveRange usesCount: 762 > LiveRange usesCount: 762 > LiveRange usesCount: 770 > LiveRange usesCount: 770 > LiveRange usesCount: 770 > LiveBundle usesCount: 7 > LiveBundle usesCount: 7 > LiveBundle usesCount: 7 > > the easiest way is to try enlarge the buffer size (both > LiveRange::toString() and LiveBundle::toString()), or you can replace the > MOZ_CRASH() with 'break', if it is urgent. Since the extreme cases are too large to cover, we need to truncate it.
the distribution of regalloc spew data for kraken: > 1000 379913 > 2000 2654 > 4000 709 > 8000 262 > 12000 27 > 16000 7 > 20000 11 > >20k 0
Assignee: nobody → lazyparser
Enlarge the buffer size.
Attachment #8697759 - Flags: review?(bhackett1024)
Attachment #8697759 - Flags: review?(bhackett1024) → review+
Thank you :)
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: