471562 - NanoAssert failure when LIR buffer is OOM with cache size 14

Status: VERIFIED INVALID

(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect)

Description

[David Mandelin [:dmandelin]]

I'm trying to artificially replicate a bug from crashpad that I think is due to an OOM in my usage of nanojit. To test this guess, I set the regexp Fragmento cache size to 14 (4k, I think), and tried inserting 6000 LIR_start into the buffer. I get an assert in LirBufWriter::ensureRoom in debug builds and a crash otherwise. The same thing happens if I use size 15 and insert 9000 LIR_start.

I show the code snippet with notes on what happens below. It's clear that the code before 'NanoAssert(_buf->_thresholdPage)' does not in fact establish that condition. 

Perhaps I am violating some assumption of nanojit with my usage. If so, please explain, so I can add a test for that assumption.


    if (!_buf->_thresholdPage)
    {
	    // LIR_BUF_THRESHOLD away from a new page but pre-alloc it, setting noMem for early OOM detection
	    _buf->_thresholdPage = _buf->pageAlloc();
/// The line above returns NULL after a few calls.
	    NanoAssert(_buf->_thresholdPage || _buf->_noMem);
/// The line above is OK because _noMem is set when we get the NULL.
    }
    // transition to the next page?
    if (!samepage(before,after))
    {
/// Here we start going bad because of course _buf->_thresholdPage is NULL.
	    NanoAssert(_buf->_thresholdPage);
	    _buf->_unused = &_buf->_thresholdPage->lir[0];	
	    _buf->_thresholdPage = 0;  // pageAlloc() stored it in _pages already			

	    // link LIR stream back to prior instruction (careful insLink relies on _unused...)
	    insLinkTo(LIR_skip, before-1);
    }

Comment 1

[Edwin Smith]

the OOM and buffer managment code in nanojit has been rewritten.  this needs retesting to see if it's still a valid bug.

Comment 2

[Trevor Baker]

bulk verifying resolved !fixed issues