"Assertion failure: nanojit::Allocator::allocChunk: out of memory"

RESOLVED INVALID

Status

()

Core
JavaScript Engine
--
critical
RESOLVED INVALID
7 years ago
7 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({assertion})

Trunk
x86_64
Mac OS X
assertion
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
The js engine has a policy of not crashing on OOM, so I think this is a bug.

./js -A 7

Assertion failure: nanojit::Allocator::allocChunk: out of memory, at /var/folders/Ru/RuL9UUUZGv85umnat33ZKU+++TM/-Tmp-/abc-a55e103ba5c6-_u3hpQ/compilePath/js/src/jstracer.cpp:206
(Reporter)

Comment 1

7 years ago
same with -A 51
For Nanojit, the policy is "malloc is (mostly) infallble!"  The implementation story is "we have some reserve memory that in theory should be big enough that we can recover from any OOM, but if that theory is wrong, we abort".

This is exactly an abort of that kind, jstracer.cpp:206 is this:

  if (vma->mReserveCurr > vma->mReserveLimit)
      OUT_OF_MEMORY_ABORT("nanojit::Allocator::allocChunk: out of memory");

OUT_OF_MEMORY_ABORT is implemented using JS_Assert, so it's not a crash but a deliberate abort.  (It uses JS_Assert because that's the most reliable way to abort from the JS engine.)

Furthermore, this abort is happening in the allocator that deals with debug-only profiling output, where the reserve memory's size is zero.

In other words, this behaves exactly as expected :)
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.