Closed Bug 1285237 Opened 3 years ago Closed 3 years ago
_conformance __extensions __ext-shader-texture-lod .html | application crashed [@ js::Lifo Alloc::get Or Create Chunk]
Is this a debug-only thing? This is likely an assertion that I added (Bug 1264948 part 2) to ensure that we do not blindly assume that LifoAlloc are infallible, but I did not expected to see that in the Parser, but only in IonMonkey's code. Usually the stack trace is enough to investigate such issues, but this might be a little tricky as I did not expected that Parser to have a LifoAlloc with a flag set for using this assertion. 11:28:39 INFO - 0 libxul.so!js::LifoAlloc::getOrCreateChunk [LifoAlloc.h:4a8d8898e507 : 71 + 0x0] 11:28:39 INFO - 1 libxul.so!js::frontend::ParseNodeAllocator::allocNode [LifoAlloc.h:4a8d8898e507 : 225 + 0x7] 11:28:39 INFO - 2 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::newName [FullParseHandler.h:4a8d8898e507 : 33 + 0x3] 11:28:39 INFO - 3 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::identifierName [Parser.cpp:4a8d8898e507 : 8940 + 0x7] 11:28:39 INFO - 4 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::primaryExpr [Parser.cpp:4a8d8898e507 : 9571 + 0x7] 11:28:39 INFO - 5 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::memberExpr [Parser.cpp:4a8d8898e507 : 8753 + 0x11] 11:28:39 INFO - 6 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::unaryExpr [Parser.cpp:4a8d8898e507 : 8282 + 0x19] 11:28:39 INFO - 7 libxul.so!js::frontend::Parser<js::frontend::FullParseHandler>::orExpr1 [Parser.cpp:4a8d8898e507 : 7758 + 0xd] My blind guess would be that this is somewhat related to AsmJS.
This patch add a debug-only AutoFallibleScope, what this does, is that it set a flag on the LifoAlloc to mention that we are checking the return value of it. Thus, it disables the assertion in getOrCreateChunk added in Bug 1264948 part 2, and replaces it by the oomTest-able kind of allocation. This mechanism got added as a way to ensure that IonMonkey does not rely too much on the underlying ability to request more pages, without checking for OOM, while also prevent oomTest-able failures on allocations which are assumed to be infallible. This issue likely comes from the Parser instances created by AsmJS modules, which probably re-use the LifoAlloc create with the TempAllocator, which has the fallibleScope_ flag turned off by default.  http://searchfox.org/mozilla-central/source/js/src/asmjs/AsmJS.h#33  http://searchfox.org/mozilla-central/source/js/src/asmjs/WasmGenerator.h#120  http://searchfox.org/mozilla-central/source/js/src/ds/LifoAlloc.h#166
Attachment #8769688 - Flags: review?(jorendorff)
Bulk assigning P3 to all open intermittent bugs without a priority set in Firefox components per bug 1298978.
Priority: -- → P3
Attachment #8769688 - Flags: review?(jorendorff) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/60843e550836 Consider ParseNodeAllocator::allocNode as fallible. r=jorendorff
Seems like a pretty trivial patch. Should we consider it for uplift?
Comment on attachment 8769688 [details] [diff] [review] Consider ParseNodeAllocator::allocNode as fallible. Approval Request Comment [Feature/regressing bug #]: Bug 1264948 [User impact if declined]: Some intermittent remaining on treeherder [Describe test coverage new/current, TreeHerder]: treeherder [Risks and why]: None, because it is simple. [String/UUID change made/needed]: N/A
Comment on attachment 8769688 [details] [diff] [review] Consider ParseNodeAllocator::allocNode as fallible. Fixes an intermittent, Aurora51+, Beta50+
You need to log in before you can comment on or make changes to this bug.