Closed Bug 1561832 Opened 4 months ago Closed 4 months ago

Nursery poisoning (and asan calls) are inconsistent with nursery sizing

Categories

(Core :: JavaScript: GC, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla69
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- wontfix
firefox68 --- wontfix
firefox69 --- fixed

People

(Reporter: pbone, Assigned: pbone)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

During a minor GC the following operations occur.

  • ..actual collection..
  • clear()
    ** poison the allocated ranges of all chunks, this also marks them as inaccessable for asan.
    ** set the current chunk and current position to the 1st chunk and start() of that chunk.
    *** this re-poisons with the init pattern and marks the may-be accessed area of the first chunk as uninitialised.
  • maybeResizeNursery()
    ** Choose new size and set the capacity_ and currentEnd_ members.

Note that the new size might be more than the re-poisioned and marked-valid area in the previous step. But this never causes an asan failure because the first time the chunk it setup it is set as completely uninitialised, regardless of how much of that chunk we will actually use. Regardless of what resizes the nursery goes through it will now never access inaccessable memory, nevertheless this ought to be fixed and will help with getting asan right in Bug 1506733.

This allows us to run the poisoning code after resizing the nursery,
ensuring that the correct region of that chunk is poisoned, fixing the bug.

This also simplifies the logic around how much of the nursery to poison, we
always poison the valid region of the nursery regardless of how much was
used (removing an earlier optimisation).

Depends on D36314

Interesting, I'm seeing some asan failures on try:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=69e9c25d9dde7f3f4a215aa6c29a683a9c4b3224&selectedJob=253918619

I wonder if this is a problem with my patch or they're existing problems that are now getting detected. I'll find out on Monday.

Blocks: 1562550
Blocks: 1562551
Pushed by pbone@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/75e28014a6bb
Separate setting the current chunk from poisoning it r=jonco
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.