Closed Bug 947671 Opened 12 years ago Closed 12 years ago

Valgrind-on-TBPL: Valgrind sometimes crashes in JIT code

Categories

(Testing :: General, defect)

Product:
Testing
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: n.nethercote, Unassigned)

References

Details

Attachments

(1 file)

Valgrind output
3.46 KB, text/plain
Details
Attached file Valgrind output
Valgrind crashed during this TBPL run: https://tbpl.mozilla.org/php/getParsedLog.php?id=31614621&tree=Mozilla-Central&full=1 The relevant part of the log is attached. There is an invalid read of size 4 in js::jit::Assembler::CodeFromJump, and then immediately afterwards Valgrind fails with "Unsupported clone() flags: 0x800600". This is because a crash occurs and breakpad is entered, and breakpad does a clone that Valgrind can't handle. I've seen crashes like this locally. I suspect that nothing notable changed in the past 24 hours, but that it occurs non-deterministically. It smells a lot like imprecise exceptions are the cause, as we've seen in some other bugs recently.
> The relevant part of the log is attached. There is an invalid read of size > 4 in js::jit::Assembler::CodeFromJump There was bug 914511, which also had js::jit::Assembler::TraceJumpRelocations on that stack, but that bug seemed fixed.
Jan might be the JIT go-to person here.
Flags: needinfo?(jdemooij)
I tried turning on --vex-iropt-register-updates=allregs-at-each-insn to see if it helps: https://hg.mozilla.org/build/tools/rev/c46f324a8b46
> I tried turning on --vex-iropt-register-updates=allregs-at-each-insn And it does seem to be working. I don't think I've seen a crash since I pushed that change...
(In reply to Nicholas Nethercote [:njn] from comment #5) > And it does seem to be working. I don't think I've seen a crash since I > pushed that change... Great, clearing needinfo then.
Flags: needinfo?(jdemooij)
I'm going to declare victory here.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: New Frameworks → General
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: