Closed Bug 947671 Opened 11 years ago Closed 11 years ago

Valgrind-on-TBPL: Valgrind sometimes crashes in JIT code

Categories

(Testing :: General, defect)

Product:
Testing
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: n.nethercote, Unassigned)

References

Details

Attachments

(1 file)

Valgrind output
3.46 KB, text/plain
Details
Attached file Valgrind output 
Valgrind crashed during this TBPL run:  https://tbpl.mozilla.org/php/getParsedLog.php?id=31614621&tree=Mozilla-Central&full=1

The relevant part of the log is attached.  There is an invalid read of size 4 in js::jit::Assembler::CodeFromJump, and then immediately afterwards Valgrind fails with "Unsupported clone() flags: 0x800600".  This is because a crash occurs and breakpad is entered, and breakpad does a clone that Valgrind can't handle.

I've seen crashes like this locally.  I suspect that nothing notable changed in the past 24 hours, but that it occurs non-deterministically.

It smells a lot like imprecise exceptions are the cause, as we've seen in some other bugs recently.
> The relevant part of the log is attached.  There is an invalid read of size
> 4 in js::jit::Assembler::CodeFromJump

There was bug 914511, which also had js::jit::Assembler::TraceJumpRelocations on that stack, but that bug seemed fixed.
Jan might be the JIT go-to person here.
Flags: needinfo?(jdemooij)
I tried turning on --vex-iropt-register-updates=allregs-at-each-insn to see if it helps:
https://hg.mozilla.org/build/tools/rev/c46f324a8b46
> I tried turning on --vex-iropt-register-updates=allregs-at-each-insn

And it does seem to be working.  I don't think I've seen a crash since I pushed that change...
(In reply to Nicholas Nethercote [:njn] from comment #5)
> And it does seem to be working.  I don't think I've seen a crash since I
> pushed that change...

Great, clearing needinfo then.
Flags: needinfo?(jdemooij)
I'm going to declare victory here.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: New Frameworks → General
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: