Closed
Bug 471562
Opened 16 years ago
Closed 14 years ago
NanoAssert failure when LIR buffer is OOM with cache size 14
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect)
Tracking
(Not tracked)
VERIFIED
INVALID
Future
People
(Reporter: dmandelin, Unassigned)
Details
I'm trying to artificially replicate a bug from crashpad that I think is due to an OOM in my usage of nanojit. To test this guess, I set the regexp Fragmento cache size to 14 (4k, I think), and tried inserting 6000 LIR_start into the buffer. I get an assert in LirBufWriter::ensureRoom in debug builds and a crash otherwise. The same thing happens if I use size 15 and insert 9000 LIR_start. I show the code snippet with notes on what happens below. It's clear that the code before 'NanoAssert(_buf->_thresholdPage)' does not in fact establish that condition. Perhaps I am violating some assumption of nanojit with my usage. If so, please explain, so I can add a test for that assumption. if (!_buf->_thresholdPage) { // LIR_BUF_THRESHOLD away from a new page but pre-alloc it, setting noMem for early OOM detection _buf->_thresholdPage = _buf->pageAlloc(); /// The line above returns NULL after a few calls. NanoAssert(_buf->_thresholdPage || _buf->_noMem); /// The line above is OK because _noMem is set when we get the NULL. } // transition to the next page? if (!samepage(before,after)) { /// Here we start going bad because of course _buf->_thresholdPage is NULL. NanoAssert(_buf->_thresholdPage); _buf->_unused = &_buf->_thresholdPage->lir[0]; _buf->_thresholdPage = 0; // pageAlloc() stored it in _pages already // link LIR stream back to prior instruction (careful insLink relies on _unused...) insLinkTo(LIR_skip, before-1); }
Updated•16 years ago
|
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
Updated•15 years ago
|
Target Milestone: --- → Future
Comment 1•15 years ago
|
||
the OOM and buffer managment code in nanojit has been rewritten. this needs retesting to see if it's still a valid bug.
Status: NEW → UNCONFIRMED
Ever confirmed: false
OS: Mac OS X → All
Updated•14 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•