Closed Bug 675600 Opened 13 years ago Closed 6 years ago

Assertion in GC::GetPageMapValue(uintptr_t addr)

Categories

(Tamarin Graveyard :: Garbage Collection (mmGC), defect, P3)

Product:
Tamarin Graveyard
Component:
Garbage Collection (mmGC)
Platform:
x86_64
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Q1 12 - Brannan

People

(Reporter: brbaker, Assigned: treilly)

Details

While working on a selftest I started to run into the following assertion:
['failure', 'mmgc', 'basics', 'externalAllocation', 'gc->GetBytesInUse()==inuse + allocationz', '../shell/../extensions/SelftestExec.cpp', 1835]
Assertion failed: "((pageMap.AddrIsMappable(addr)))" ("../MMgc/GC-inlines.h":695)

#0  0x00007fff853ef0b6 in __kill ()
#1  0x0000000100007546 in VMPI_debugBreak () at ../VMPI/MacDebugUtils.cpp:55
#2  0x00000001000073b3 in avmplus::AvmDebugMsg (p=0x1001ee088 "Assertion failed: \"((pageMap.AddrIsMappable(addr)))\" (\"../MMgc/GC-inlines.h\":695)\n", debugBreak=true) at ../AVMPI/AvmAssert.cpp:69
#3  0x0000000100006262 in avmplus::AvmAssertFail (message=0x1001ee088 "Assertion failed: \"((pageMap.AddrIsMappable(addr)))\" (\"../MMgc/GC-inlines.h\":695)\n") at AvmAssert.h:66
#4  0x0000000100006282 in avmplus::_AvmAssertMsg (condition=0, message=0x1001ee088 "Assertion failed: \"((pageMap.AddrIsMappable(addr)))\" (\"../MMgc/GC-inlines.h\":695)\n") at AvmAssert.h:72
#5  0x000000010003e197 in MMgc::GC::GetPageMapValue (this=0x10082d800, addr=4312001176) at GC-inlines.h:695
#6  0x000000010003e1ce in MMgc::GC::FindBeginningFast (this=0x10082d800, gcItem=0x10103ea98) at GC-inlines.h:502
#7  0x00000001001be784 in MMgc::GC::TracePointerCheck (derivedPointer=0x10103ea98) at ../MMgc/GC.cpp:4063
#8  0x0000000100052dc6 in MMgc::AtomWBCore::AtomWBCore (this=0x10103ea98, a=1) at WriteBarrier-inlines.h:288
#9  0x0000000100052de2 in avmplus::AtomWB::AtomWB (this=0x10103ea98) at AtomWriteBarrier-inlines.h:45
#10 0x00000001000db9c2 in avmplus::Exception::Exception (this=0x10103ea98, core=0x101023008, atom=4311962927) at ../core/Exception.cpp:63
#11 0x0000000100053dc4 in avmplus::Selftest::verifyPass (this=0x100608ce0, expr=0, text_expr=0x1001f5948 "gc->GetBytesInUse()==inuse + allocationz", file=0x1001f3d70 "../shell/../extensions/SelftestExec.cpp", line=1835) at ../shell/../extensions/Selftest.cpp:234
#12 0x0000000100059a6c in avmplus::ST_mmgc_basics::ST_mmgc_basics::test17 (this=0x100608ce0) at ../shell/../extensions/SelftestExec.cpp:1835
#13 0x000000010005a74a in avmplus::ST_mmgc_basics::ST_mmgc_basics::run (this=0x100608ce0, n=17) at ../shell/../extensions/SelftestExec.cpp:1383
#14 0x0000000100054154 in avmplus::SelftestRunner::run (this=0x1011fd048, component_glob=0x7fff5fbff710 "mmgc", category_glob=0x7fff5fbff715 "basics", name_glob=0x0) at ../shell/../extensions/Selftest.cpp:124
#15 0x00000001000544ec in avmplus::selftests (core=0x101023008, component_glob=0x7fff5fbff710 "mmgc", category_glob=0x7fff5fbff715 "basics", name_glob=0x0) at ../shell/../extensions/Selftest.cpp:58
#16 0x0000000100041e87 in avmshell::ShellCore::executeSelftest (this=0x101023008, settings=@0x7fff5fbff660) at ../shell/ShellCore.cpp:384
#17 0x00000001000358db in avmshell::Shell::singleWorkerHelper (shell=0x101023008, settings=@0x7fff5fbff660) at ../shell/avmshell.cpp:192
#18 0x00000001000361e2 in avmshell::Shell::singleWorker (settings=@0x7fff5fbff660) at ../shell/avmshell.cpp:178
#19 0x0000000100036471 in avmshell::Shell::run (argc=2, argv=0x7fff5fbff840) at ../shell/avmshell.cpp:141
#20 0x0000000100062db6 in main (argc=2, argv=0x7fff5fbff840) at ../shell/avmshellMac.cpp:114


Reproduce:
Add the following to the end of extensions/ST_mmgc_basics.st

%%test externalAllocation
    MMGC_GCENTER(gc);
    int inuse=(int)gc->GetBytesInUse();
    size_t allocationz = 128;
    MMgc::GCHeap::SignalExternalAllocation(allocationz);
    %%verify gc->GetBytesInUse()==inuse + allocationz

Rebuild the selftests
Compile the debug x86_64 shell
    ../configure.py --target=x86_64-darwin --enable-debug --enable-debugger
Run -Dselftest=mmgc,basics,externalAllocation
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
Flags: flashplayer-bug-
OK, now if you run all of the mmgc_basics selftests then you get a different assertion:


['failure', 'mmgc', 'basics', 'externalAllocation', 'gc->GetBytesInUse()==inuse + allocationz', '../shell/../extensions/SelftestExec.cpp', 1835]
Assertion failed: "((curgc == this))" ("../MMgc/GC.cpp":3738)


#0  0x00007fff853ef0b6 in __kill ()
#1  0x00000001000071d1 in VMPI_debugBreak () at ../VMPI/MacDebugUtils.cpp:55
#2  0x00000001000071a3 in avmplus::AvmDebugMsg (p=0x1001fd550 "Assertion failed: \"((curgc == this))\" (\"../MMgc/GC.cpp\":3738)\n", debugBreak=true) at ../AVMPI/AvmAssert.cpp:69
#3  0x0000000100006052 in avmplus::AvmAssertFail (message=0x1001fd550 "Assertion failed: \"((curgc == this))\" (\"../MMgc/GC.cpp\":3738)\n") at AvmAssert.h:66
#4  0x0000000100006072 in avmplus::_AvmAssertMsg (condition=0, message=0x1001fd550 "Assertion failed: \"((curgc == this))\" (\"../MMgc/GC.cpp\":3738)\n") at AvmAssert.h:72
#5  0x00000001001adaa2 in MMgc::GC::ThreadLeave (this=0x101008010, doCollectionWork=false, prevGC=0x7fff5fbff160) at ../MMgc/GC.cpp:3738
#6  0x00000001001adc0a in MMgc::GCAutoEnter::Destroy (this=0x7fff5fbff120, doCollectionWork=false) at ../MMgc/GC.cpp:3684
#7  0x00000001001af0cb in MMgc::GC::~GC (this=0x100825800) at ../MMgc/GC.cpp:368
#8  0x000000010004b6db in avmplus::ST_mmgc_basics::ST_mmgc_basics::epilogue (this=0x100608ce0) at ../shell/../extensions/SelftestExec.cpp:1396
#9  0x000000010004b108 in avmplus::SelftestRunner::run (this=0x1011db048, component_glob=0x7fff5fbff710 "mmgc", category_glob=0x7fff5fbff715 "basics", name_glob=0x0) at ../shell/../extensions/Selftest.cpp:137
#10 0x000000010004b424 in avmplus::selftests (core=0x101021008, component_glob=0x7fff5fbff710 "mmgc", category_glob=0x7fff5fbff715 "basics", name_glob=0x0) at ../shell/../extensions/Selftest.cpp:58
#11 0x000000010003c549 in avmshell::ShellCore::executeSelftest (this=0x101021008, settings=@0x7fff5fbff660) at ../shell/ShellCore.cpp:384
#12 0x000000010003537d in avmshell::Shell::singleWorkerHelper (shell=0x101021008, settings=@0x7fff5fbff660) at ../shell/avmshell.cpp:192
#13 0x0000000100035c84 in avmshell::Shell::singleWorker (settings=@0x7fff5fbff660) at ../shell/avmshell.cpp:178
#14 0x0000000100035f13 in avmshell::Shell::run (argc=2, argv=0x7fff5fbff840) at ../shell/avmshell.cpp:141
#15 0x0000000100059f60 in main (argc=2, argv=0x7fff5fbff840) at ../shell/avmshellMac.cpp:114
This is yucky.  There's two GC's and the WriteField operation uses the wrong one to check for correctness.

There's the selftest harness GC and then there's the 'active' GC created by the mmgc basic test and that's the one this test has entered.   I wonder if WriteField should use the value to extra the GC and only use ActiveGC if value is null.
Assignee: nobody → treilly
Status: NEW → UNCONFIRMED
Ever confirmed: false
Flags: flashplayer-qrb? → flashplayer-qrb+
Target Milestone: --- → Q4 11 - Anza
Priority: -- → P3
Target Milestone: Q4 11 - Anza → Q1 12 - Brannan
Tamarin is a dead project now. Mass WONTFIX.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Tamarin isn't maintained anymore. WONTFIX remaining bugs.
You need to log in before you can comment on or make changes to this bug.