StackFrameDepth estimate whether recursion should succeed wrong on Win64 |
|||||||
Issue descriptionThe limit is defined as ~0ul (unsigned long) which is 32bit on Windows 64bit. This results in bogus return of StackFrameDepth::IsSafeToRecurse of true even though recursion might be disabled due to stack pressure. This could lead to crashes during GC as we effectively run out of stack space.
,
Jan 3 2018
- The bug can lead to stack overflow crashes on Windows 64bit during garbage collection. - It has been present since basically forever. Requesting merge since it is a simple fix which can reduce general noise of garbage collection crashes.
,
Jan 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd commit e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd Author: Michael Lippautz <mlippautz@chromium.org> Date: Wed Jan 03 14:00:35 2018 Revert "[oilpan] Fix stack limit check for recursive tracing" This reverts commit f5c15f9c630b370a8397db6397067392cc89f8ea. Reason for revert: Breaks https://ci.chromium.org/buildbot/chromium.win/Win%207%20Tests%20x64%20(1)/32917 Original change's description: > [oilpan] Fix stack limit check for recursive tracing > > The limit was defined as ~0ul (unsigned long) which is unsigned 32bit on Windows > 64bit and thus extended with 0 for uintptr_t. This results in bogus return of > StackFrameDepth::IsSafeToRecurse of true even though recursion might be disabled > due to stack pressure. > > Bug: chromium:798479 > Change-Id: I13710b3dca4d3785e35aedd8ba5f7ece167b20e4 > Reviewed-on: https://chromium-review.googlesource.com/847580 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Cr-Commit-Position: refs/heads/master@{#526666} TBR=haraken@chromium.org,mlippautz@chromium.org Change-Id: I11083aa7a596161e556f1f03521105db36f91668 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:798479 Reviewed-on: https://chromium-review.googlesource.com/848853 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#526679} [modify] https://crrev.com/e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd/third_party/WebKit/Source/platform/heap/HeapTest.cpp [modify] https://crrev.com/e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd/third_party/WebKit/Source/platform/heap/StackFrameDepth.h
,
Jan 3 2018
Checking what has been going on there.
,
Jan 3 2018
The assumption that _ReturnAddress() points into the current stack segment seems not to hold. Creating a simpler CL that just addresses the bug and leaves the other things for future work.
,
Jan 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6ffadfd65a3137b7b2d754cbf491268c5c85f258 commit 6ffadfd65a3137b7b2d754cbf491268c5c85f258 Author: Michael Lippautz <mlippautz@chromium.org> Date: Wed Jan 03 18:08:44 2018 Reland "[oilpan] Fix stack limit check for recursive tracing" The limit was defined as ~0ul (unsigned long) which is unsigned 32bit on Windows 64bit and thus extended with 0 for uintptr_t. This results in bogus return of StackFrameDepth::IsSafeToRecurse of true even though recursion might be disabled due to stack pressure. This reverts commit e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd. Tbr: haraken@chromium.org Bug: chromium:798479 Change-Id: Id7a897af323e230e11c7a1417f383bc868f6fe05 Reviewed-on: https://chromium-review.googlesource.com/848896 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#526738} [modify] https://crrev.com/6ffadfd65a3137b7b2d754cbf491268c5c85f258/third_party/WebKit/Source/platform/heap/HeapTest.cpp [modify] https://crrev.com/6ffadfd65a3137b7b2d754cbf491268c5c85f258/third_party/WebKit/Source/platform/heap/StackFrameDepth.h
,
Jan 3 2018
,
Jan 4 2018
This bug requires manual review: Reverts referenced in bugdroid comments after merge request. Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 4 2018
Can we wait until M65? Or can you please provide more justification for why this is needed for M64?
,
Jan 4 2018
- It's a bug on Win 64bit which is a release with lots of users. - The crash can happen on any trace method during Oilpan's garbage collection and is thus not bound to a single magic signature. Fixing this bug can reduce the general noise level in this area. - It's a very simple fix (even simpler after the reland).
,
Jan 5 2018
Approving merge for M64. Branch:3282
,
Jan 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7b9a9416cc23eb287f72b19a86cd7b49e5e71c45 commit 7b9a9416cc23eb287f72b19a86cd7b49e5e71c45 Author: Michael Lippautz <mlippautz@chromium.org> Date: Fri Jan 05 20:56:09 2018 Reland "[oilpan] Fix stack limit check for recursive tracing" The limit was defined as ~0ul (unsigned long) which is unsigned 32bit on Windows 64bit and thus extended with 0 for uintptr_t. This results in bogus return of StackFrameDepth::IsSafeToRecurse of true even though recursion might be disabled due to stack pressure. This reverts commit e5d92d3149e5e19e7bcb65ec0d27d3c610b976dd. Tbr: haraken@chromium.org Bug: chromium:798479 Change-Id: Id7a897af323e230e11c7a1417f383bc868f6fe05 Reviewed-on: https://chromium-review.googlesource.com/848896 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#526738}(cherry picked from commit 6ffadfd65a3137b7b2d754cbf491268c5c85f258) Reviewed-on: https://chromium-review.googlesource.com/852499 Cr-Commit-Position: refs/branch-heads/3282@{#424} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/7b9a9416cc23eb287f72b19a86cd7b49e5e71c45/third_party/WebKit/Source/platform/heap/HeapTest.cpp [modify] https://crrev.com/7b9a9416cc23eb287f72b19a86cd7b49e5e71c45/third_party/WebKit/Source/platform/heap/StackFrameDepth.h |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by bugdroid1@chromium.org
, Jan 3 2018