Closed Bug 937550 Opened 11 years ago Closed 11 years ago

Report OOM to stderr in JS_MORE_DETERMINISTIC builds

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: gkw, Assigned: jandem)

Details

(Keywords: testcase)

Attachments

(1 file)

Patch
1.12 KB, patch
jorendorff
: review+
Details | Diff | Splinter Review 
try {
    (function() {
        evalcx("\
            function f(){\
                return (\
                    ArrayBuffer(\
                        Math.imul(1635, -19798717)\
                    )\
                )\
            }", this
        )
    })()
    x = Map
    x.valueOf = f
    var r
    - x;
    x | 4
    print("FOO")
} catch (e) {}

when run with --fuzzing-safe, sometimes shows "FOO" in stdout, sometimes doesn't (nothing appears in stdout). (This happens without the flag as well) This inconsistency seems to trip up differential testing.

Tested on a 32-bit js opt more-deterministic shell on m-c changeset 16949049f03d with --fuzzing-safe.

Jan, is this a bug?

My configure flags are:

sh ./configure --target=i686-pc-linux --enable-optimize --disable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --enable-more-deterministic --with-ccache --disable-threadsafe
Flags: needinfo?(jdemooij)
This looks like an OOM: we try to allocate a huge ArrayBuffer and I think this will sometimes fail. On OS X, I get malloc failures on stderr.

Can you replace

 } catch (e) {}

with

 } catch (e) { print(e); }

And see if it prints an "out of memory" message?
Flags: needinfo?(jdemooij) → needinfo?(gary)
Yes, that's right.

$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
FOO
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
out of memory
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
FOO
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
FOO
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
out of memory
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
out of memory
$ ./js-opt-32-dm-linux-581d180a37f3 937550.js
out of memory

Any way to fix/prevent this?
Flags: needinfo?(gary) → needinfo?(jdemooij)
We could print a message on stderr when we report an OOM, like we do with over-recursion (right?). Would that work for you?
Flags: needinfo?(jdemooij) → needinfo?(gary)
Yes, that should. You might want to set this only for more-deterministic builds, since there's where we do all the differential testing.
Flags: needinfo?(gary) → needinfo?(jdemooij)
Attached patch PatchSplinter Review 
Have js_ReportOutOfMemory print to stderr in more-deterministic builds, just like js_ReportOverRecursed.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #831050 - Flags: review?(jorendorff)
Flags: needinfo?(jdemooij)
Summary: Differential Testing: Different output message involving Math.imul → Report OOM to stderr in JS_MORE_DETERMINISTIC builds
Comment on attachment 831050 [details] [diff] [review]
Patch

Review of attachment 831050 [details] [diff] [review]:
-----------------------------------------------------------------

All right.
Attachment #831050 - Flags: review?(jorendorff) → review+
https://hg.mozilla.org/mozilla-central/rev/437f53de3c7f
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: