Last Comment Bug 756612 - IonMonkey: OOM Testing: Crash [@ js::ion::CodeGeneratorX86Shared::visitOutOfLineBailout]
: IonMonkey: OOM Testing: Crash [@ js::ion::CodeGeneratorX86Shared::visitOutOfL...
Status: RESOLVED FIXED
: crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Other Branch
: x86_64 Linux
: -- normal (vote)
: ---
Assigned To: David Anderson [:dvander]
:
Mentors:
: 756605 756609 756611 756613 756617 756621 756622 756623 756624 756626 756627 (view as bug list)
Depends on:
Blocks: 624094
  Show dependency treegraph
 
Reported: 2012-05-18 13:55 PDT by Christian Holler (:decoder)
Modified: 2012-05-19 07:13 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
fix (4.82 KB, patch)
2012-05-18 16:46 PDT, David Anderson [:dvander]
luke: review+
Details | Diff | Splinter Review
follow-up (3.72 KB, patch)
2012-05-18 17:23 PDT, David Anderson [:dvander]
luke: review+
Details | Diff | Splinter Review

Description Christian Holler (:decoder) 2012-05-18 13:55:45 PDT
The following command crashes on ionmonkey revision 8c54899dae82 (dbg build):

js  -e 'const libdir = "js/src/jit-test/lib/";' -A 9445 -f js/src/jit-test/tests/debug/Object-parameterNames.js
Comment 1 David Anderson [:dvander] 2012-05-18 16:46:26 PDT
Created attachment 625303 [details] [diff] [review]
fix

IonMonkey relies on infallible allocations for small objects, and we ensure this with a ballast that has remained unimplemented. This patch implements it with some LifoAlloc trickery.
Comment 2 Luke Wagner [:luke] 2012-05-18 17:06:56 PDT
Comment on attachment 625303 [details] [diff] [review]
fix

Review of attachment 625303 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ds/LifoAlloc.h
@@ +241,5 @@
>  
> +    // Ensures that enough space exists to satisfy N bytes worth of
> +    // allocation requests, not necessarily contiguous.
> +    JS_ALWAYS_INLINE
> +    bool ensureUnused(size_t n) {

iiuc, this isn't strictly true for the fast-path algorithm below since, if a chunk reports k bytes of unused space and an allocation is made for >k bytes, that chunk's unused space can't be used.  However, this doesn't really matter for the purpose of the ballast since n only has to be approximate.  So my only request is to rename this to ensureUnusedApproximate and update the comment accordingly.
Comment 3 David Anderson [:dvander] 2012-05-18 17:23:19 PDT
Created attachment 625314 [details] [diff] [review]
follow-up

Quick follow-up patch to make it so OOM testing can't inject OOMs into our infallible allocations.
Comment 4 David Anderson [:dvander] 2012-05-18 17:29:53 PDT
Whoa, fast reviews! http://hg.mozilla.org/projects/ionmonkey/rev/88ea2e529609

Christian, would you mind having the OOM tester re-test all the bugs it filed today? I ran through them and could not reproduce them after implementing the ballast.
Comment 5 Christian Holler (:decoder) 2012-05-19 06:10:50 PDT
*** Bug 756605 has been marked as a duplicate of this bug. ***
Comment 6 Christian Holler (:decoder) 2012-05-19 06:11:18 PDT
*** Bug 756609 has been marked as a duplicate of this bug. ***
Comment 7 Christian Holler (:decoder) 2012-05-19 06:22:06 PDT
*** Bug 756611 has been marked as a duplicate of this bug. ***
Comment 8 Christian Holler (:decoder) 2012-05-19 06:22:27 PDT
*** Bug 756613 has been marked as a duplicate of this bug. ***
Comment 9 Christian Holler (:decoder) 2012-05-19 06:22:43 PDT
*** Bug 756614 has been marked as a duplicate of this bug. ***
Comment 10 Christian Holler (:decoder) 2012-05-19 06:35:25 PDT
*** Bug 756617 has been marked as a duplicate of this bug. ***
Comment 11 Christian Holler (:decoder) 2012-05-19 06:40:53 PDT
*** Bug 756621 has been marked as a duplicate of this bug. ***
Comment 12 Christian Holler (:decoder) 2012-05-19 07:08:38 PDT
*** Bug 756622 has been marked as a duplicate of this bug. ***
Comment 13 Christian Holler (:decoder) 2012-05-19 07:08:42 PDT
*** Bug 756623 has been marked as a duplicate of this bug. ***
Comment 14 Christian Holler (:decoder) 2012-05-19 07:08:47 PDT
*** Bug 756624 has been marked as a duplicate of this bug. ***
Comment 15 Christian Holler (:decoder) 2012-05-19 07:13:11 PDT
*** Bug 756626 has been marked as a duplicate of this bug. ***
Comment 16 Christian Holler (:decoder) 2012-05-19 07:13:17 PDT
*** Bug 756627 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.