Closed Bug 1285237 Opened 5 years ago Closed 5 years ago

Intermittent test_conformance__extensions__ext-shader-texture-lod.html | application crashed [@ js::LifoAlloc::getOrCreateChunk]


(Core :: JavaScript Engine, defect, P3)




Tracking Status
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- fixed


(Reporter: intermittent-bug-filer, Assigned: nbp)



(Keywords: intermittent-failure)


(1 file)

Is this a debug-only thing?

This is likely an assertion that I added (Bug 1264948 part 2) to ensure that we do not blindly assume that LifoAlloc are infallible, but I did not expected to see that in the Parser, but only in IonMonkey's code.

Usually the stack trace is enough to investigate such issues, but this might be a little tricky as I did not expected that Parser to have a LifoAlloc with a flag set for using this assertion.

 11:28:39     INFO -   0!js::LifoAlloc::getOrCreateChunk [LifoAlloc.h:4a8d8898e507 : 71 + 0x0]
 11:28:39     INFO -   1!js::frontend::ParseNodeAllocator::allocNode [LifoAlloc.h:4a8d8898e507 : 225 + 0x7]
 11:28:39     INFO -   2!js::frontend::Parser<js::frontend::FullParseHandler>::newName [FullParseHandler.h:4a8d8898e507 : 33 + 0x3]
 11:28:39     INFO -   3!js::frontend::Parser<js::frontend::FullParseHandler>::identifierName [Parser.cpp:4a8d8898e507 : 8940 + 0x7]
 11:28:39     INFO -   4!js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr [Parser.cpp:4a8d8898e507 : 9571 + 0x7]
 11:28:39     INFO -   5!js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr [Parser.cpp:4a8d8898e507 : 8753 + 0x11]
 11:28:39     INFO -   6!js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr [Parser.cpp:4a8d8898e507 : 8282 + 0x19]
11:28:39 INFO - 7!js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1 [Parser.cpp:4a8d8898e507 : 7758 + 0xd] 

My blind guess would be that this is somewhat related to AsmJS.
Blocks: 1264948
This patch add a debug-only AutoFallibleScope, what this does, is that it
set a flag on the LifoAlloc to mention that we are checking the return value
of it.  Thus, it disables the assertion in getOrCreateChunk added in Bug
1264948 part 2, and replaces it by the oomTest-able kind of allocation.

This mechanism got added as a way to ensure that IonMonkey does not rely too
much on the underlying ability to request more pages, without checking for
OOM, while also prevent oomTest-able failures on allocations which are
assumed to be infallible.

This issue likely comes from the Parser instances created by AsmJS
modules[1], which probably re-use the LifoAlloc create with the
TempAllocator[2], which has the fallibleScope_ flag[3] turned off by default.

Attachment #8769688 - Flags: review?(jorendorff)
Bulk assigning P3 to all open intermittent bugs without a priority set in Firefox components per bug 1298978.
Priority: -- → P3
Attachment #8769688 - Flags: review?(jorendorff) → review+
Pushed by
Consider ParseNodeAllocator::allocNode as fallible. r=jorendorff
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Seems like a pretty trivial patch. Should we consider it for uplift?
Assignee: nobody → nicolas.b.pierron
Flags: needinfo?(nicolas.b.pierron)
Comment on attachment 8769688 [details] [diff] [review]
Consider ParseNodeAllocator::allocNode as fallible.

Approval Request Comment
[Feature/regressing bug #]: Bug 1264948
[User impact if declined]: Some intermittent remaining on treeherder
[Describe test coverage new/current, TreeHerder]: treeherder
[Risks and why]: None, because it is simple.
[String/UUID change made/needed]: N/A
Flags: needinfo?(nicolas.b.pierron)
Attachment #8769688 - Flags: approval-mozilla-beta?
Attachment #8769688 - Flags: approval-mozilla-aurora?
Comment on attachment 8769688 [details] [diff] [review]
Consider ParseNodeAllocator::allocNode as fallible.

Fixes an intermittent, Aurora51+, Beta50+
Attachment #8769688 - Flags: approval-mozilla-beta?
Attachment #8769688 - Flags: approval-mozilla-beta+
Attachment #8769688 - Flags: approval-mozilla-aurora?
Attachment #8769688 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.