Assertion failure: !cx->isExceptionPending() when disassemble after oomAtAllocation
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox115 | --- | fixed |
People
(Reporter: yuhao.6218, Assigned: mgaudet)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 1 obsolete file)
Steps to reproduce:
tested against git commit 62f7b36735a93b7e273cdc9b1b6e5f608ab6e494
build with the following mozconfigfile:
ac_add_options --enable-project=js
ac_add_options --enable-build-backends=CompileDB,RecursiveMake
ac_add_options --enable-debug
ac_add_options --disable-optimize
run attachment with the following command:
gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js --baseline-warmup-threshold=10 --ion-warmup-threshold=100 --ion-check-range-analysis --ion-extra-checks --fuzzing-safe test2.js
Actual results:
Assertion failure: !cx->isExceptionPending(), at /home/frto027/Projects/SpiderMonkey/gecko-dev/js/src/vm/JSContext-inl.h:252
#01: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1efc950]
#02: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x204c6d4]
#03: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046fdf]
#04: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046ca1]
#05: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047813]
#06: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047d89]
#07: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047f39]
#08: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2048cc7]
#09: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x24373ea]
#10: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2428857]
#11: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x242903e]
#12: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2428da5]
#13: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1ef558a]
#14: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1f1a215]
#15: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2068632]
#16: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2064c59]
#17: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2053724]
#18: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046fdf]
#19: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046ca1]
#20: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047813]
#21: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047d89]
#22: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047f39]
#23: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2294e8a]
#24: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x25fb0de]
#25: JSScript::dumpGCThings(JSContext*, JS::Handle<JSScript*>, js::Sprinter*)[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x238f3f3]
#26: JSScript::dump(JSContext*, JS::Handle<JSScript*>, JSScript::DumpOptions&, js::Sprinter*)[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x238db74]
#27: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e9403e]
#28: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e8026b]
#29: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x207044c]
#30: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047603]
#31: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047d89]
#32: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2047bc3]
#33: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2056278]
#34: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046fdf]
#35: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2046ca1]
#36: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x20491d1]
#37: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x2049544]
#38: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x22138ae]
#39: JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>)[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x22139d5]
#40: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1ea0a4f]
#41: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1ea031c]
#42: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e7a8c1]
#43: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e69823]
#44: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e64656]
#45: ???[/lib64/libc.so.6 +0x27510]
#46: __libc_start_main[/lib64/libc.so.6 +0x275c9]
#47: ???[/home/frto027/Projects/SpiderMonkey/gecko-dev/obj-x86_64-pc-linux-gnu/dist/bin/js +0x1e5ac99]
#48: ??? (???:???)
Process finished with exit code 139 (interrupted by signal 11: SIGSEGV)
Expected results:
The js engine should output something like the following text:
uncaught exception: out of memory
|
||
Comment 2•1 years ago
|
||
Matthew, you ask for it, literally, so here is a bug for you ;)
|
Assignee | |
Comment 3•1 years ago
|
||
This is a side effect of a very unfortunate API design.
JSONPrinter tries to defer reporting OOM until late; but this means the caller needs to find an appropriate time to report this, and it's not clear when that is.
|
|
Assignee | |
Comment 4•1 years ago
|
||
Also changed another place to use new API for clarity
|
||
Updated•1 years ago
|
|
|
||
Comment 5•1 years ago
|
||
(In reply to Matthew Gaudet (he/him) [:mgaudet] from comment #3)
JSONPrintertries to defer reporting OOM until late; but this means the caller needs to find an appropriate time to report this, and it's not clear when that is.
The logging can fail separately, and the API is designed such that you should consider the logging API as infallible.
OOM checks only happens when the result is requested.
In the case of the JSONPrinter, such OOM would be reported on the GenericPrinter& out field which has a virtual function hadOutOfMemory() to check for OOMs.
|
|
Assignee | |
Comment 6•1 years ago
|
||
I'll make the changes you've requested: However, there's an impedence mismatch between the idea of deferred OOM reporting and the invariant we maintain that we don't check for interrupt while there's a pending exception.
The API is challenging to use correctly because you need to explicitly check an underlying source for OOM status before doing anything which could could potentially run code (in this case, dumpGCThings calls valueToSource which can end up running script, and trips the check-for-interrupt assert).
For dumping code it's not the worst thing in the world, but there's a tension here.
|
||
Comment 8•1 years ago
|
||
| bugherder | ||
Description
•