[v8-dev] Re: Issue 2996 in v8: mjsunit/tools/profviz is flaky on GC stress

[codesite-noreply via v8-dev]

Comment #5 on issue 2996 by tkilar...@opera.com: mjsunit/tools/profviz is  
flaky on GC stress
https://code.google.com/p/v8/issues/detail?id=2996
I have very similar crash from release code. That is quite "old"  
chrome/35.0 based, unfortunately I have to stick to that version.
Crash is quite hard to reproduce (takes often over 24h of executing some  
test code), however is pretty consistent.
As far as I was able to investigate it, EvacuateNewSpace() is corrupting  
some object referenced from evacuation_candidates_[i]->slots_buffer_.
The object is stored in old_pointer space, and probably overwritten while  
coping some objects from new_space.
I am not sure if object was valid while the reference was added to  
slots_buffer_, or if free  list for old_pointers is valid.
....would apreciate any hint to find rootcause of the issue.


Finally I am getting segfault because map_word is invalid. The strange  
0x2ffffffa1 value is result of (0x300000000  - 96)

#0  map_word (this=0x2ffffffa1) at ../../v8/src/objects-inl.h:1358
#1  UpdateSlot (slot=0x7fffc70cb060, heap=<optimized out>)  
at ../../v8/src/mark-compact.cc:3045
#2  UpdatePointer (p=0x7fffc70cb060, this=<optimized out>)  
at ../../v8/src/mark-compact.cc:3058
#3  v8::internal::PointersUpdatingVisitor::VisitPointer  
(this=0x7fffc70cb190, p=0x7fffc70cb060) at ../../v8/src/mark-compact.cc:2989
#4  0x00007f59e38a5635 in v8::internal::ObjectVisitor::VisitCodeEntry  
(this=<optimized out>, entry_address=0x1cc950b43928 "")
    at ../../v8/src/objects.cc:10259
#5  0x00007f59e389ca81 in UpdateSlot (addr=0x1cc950b43928 "",  
slot_type=<optimized out>, v=0x7fffc70cb190, isolate=<optimized out>)
    at ../../v8/src/mark-compact.cc:3299
#6  UpdateSlots (heap=0x7f59dedf8020, this=<optimized out>)  
at ../../v8/src/mark-compact.cc:4619
#7  UpdateSlotsRecordedIn (code_slots_filtering_required=false,  
buffer=<optimized out>, heap=0x7f59dedf8020)  
at ../../v8/src/mark-compact.h:353
#8  v8::internal::MarkCompactCollector::EvacuateNewSpaceAndCandidates  
(this=this@entry=0x7f59dedfae38) at ../../v8/src/mark-compact.cc:3673
#9  0x00007f59e389ecb3 in v8::internal::MarkCompactCollector::SweepSpaces  
(this=this@entry=0x7f59dedfae38) at ../../v8/src/mark-compact.cc:4410
#10 0x00007f59e389ed8b in  
v8::internal::MarkCompactCollector::CollectGarbage  
(this=this@entry=0x7f59dedfae38)
    at ../../v8/src/mark-compact.cc:505
#11 0x00007f59e37a105b in v8::internal::Heap::MarkCompact  
(this=this@entry=0x7f59dedf8020, tracer=tracer@entry=0x7fffc70cb3a0)
    at ../../v8/src/heap.cc:1270
#12 0x00007f59e37b7433 in v8::internal::Heap::PerformGarbageCollection  
(this=this@entry=0x7f59dedf8020,
    collector=collector@entry=v8::internal::MARK_COMPACTOR,  
tracer=tracer@entry=0x7fffc70cb3a0,
    gc_callback_flags=gc_callback_flags@entry=v8::kNoGCCallbackFlags)  
at ../../v8/src/heap.cc:1112
#13 0x00007f59e37b7996 in v8::internal::Heap::CollectGarbage  
(this=this@entry=0x7f59dedf8020, collector=<optimized out>,
    collector@entry=v8::internal::MARK_COMPACTOR,  
gc_reason=gc_reason@entry=0x7f59e4b18c74 "low memory notification",
    collector_reason=<optimized out>, collector_reason@entry=0x0,  
gc_callback_flags=gc_callback_flags@entry=v8::kNoGCCallbackFlags)
    at ../../v8/src/heap.cc:853
#14 0x00007f59e37b7bcd in v8::internal::Heap::CollectAllAvailableGarbage  
(this=0x7f59dedf8020,
    gc_reason=gc_reason@entry=0x7f59e4b18c74 "low memory notification")  
at ../../v8/src/heap.cc:766
#15 0x00007f59e36d738c in v8::V8::LowMemoryNotification ()  
at ../../v8/src/api.cc:5307
#16 0x00007f59e2a1e8fa in  
opera::impl::RenderMemoryAllowanceCollaborator::Yield (this=0x7f59dee0cc20,  
priority=75)
     
at ../../../../tvsdk/impl/memory_allowance/renderer/render_memory_allowance_collaborator.cc:40
#17 0x00007f59e2a1e1a4 in RunCollaborators (priority=75, this=<optimized  
out>)
     
at ../../../../tvsdk/impl/memory_allowance/common/tv_memory_allowance_agent.cc:540
#18 opera::impl::TVMemoryAllowanceAgent::CheckAllowance  
(this=0x7f59dee06c40)
     
at ../../../../tvsdk/impl/memory_allowance/common/tv_memory_allowance_agent.cc:277
#19 0x00007f59e2ba8bf0 in base::MessageLoop::RunTask  
(this=this@entry=0x7fffc70cbb90, pending_task=...)
    at ../../base/message_loop/message_loop.cc:472
#20 0x00007f59e2ba9928 in base::MessageLoop::DeferOrRunPendingTask  
(this=this@entry=0x7fffc70cbb90, pending_task=...)
    at ../../base/message_loop/message_loop.cc:477
#21 0x00007f59e2baca2a in DoWork (this=<optimized out>)  
at ../../base/message_loop/message_loop.cc:593
#22 base::MessageLoop::DoWork (this=0x7fffc70cbb90)  
at ../../base/message_loop/message_loop.cc:570


--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.