Issue metadata
Sign in to add a comment
|
Flaky V8 WebGL crash: Debug check failed: !Builtins::IsLazy(builtin_name). |
||||||||||||||||||||||
Issue descriptionExample failures: https://ci.chromium.org/buildbot/chromium.gpu.fyi/Win10%20FYI%20Release%20%28NVIDIA%29/440 https://ci.chromium.org/buildbot/chromium.gpu.fyi/Win10%20FYI%20Release%20%28NVIDIA%29/439 Full stack trace: # # Fatal error in ../../v8/src/deoptimizer.cc, line 1401 # Debug check failed: !Builtins::IsLazy(builtin_name). # # # #FailureMessage Object: 0536D884Backtrace: base::debug::StackTrace::StackTrace [0x6AE997E0+32] base::debug::StackTrace::StackTrace [0x6AE881FD+13] gin::V8Platform::GetStackTracePrinter [0x6BF767E3+39] V8_Fatal [0x6BE89C47+183] v8::base::SetPrintStackTrace [0x6BE89A86+38] v8::internal::Deoptimizer::DoComputeBuiltinContinuation [0x6A69EB05+3669] v8::internal::Deoptimizer::DoComputeOutputFrames [0x6A69AE31+1105] Received fatal exception EXCEPTION_ACCESS_VIOLATION Backtrace: base::win::SetAbortBehaviorForCrashReporting [0x6AE140C0+32] v8::base::OS::Abort [0x6BE8C11A+10] V8_Fatal [0x6BE89C5F+207] v8::base::SetPrintStackTrace [0x6BE89A86+38] v8::internal::Deoptimizer::DoComputeBuiltinContinuation [0x6A69EB05+3669] v8::internal::Deoptimizer::DoComputeOutputFrames [0x6A69AE31+1105] (No symbol) [0x481AE1BD] (No symbol) [0x49D99044] (No symbol) [0x49D99044] (No symbol) [0x49D99044] (No symbol) [0x49D99044] (No symbol) [0x49D949DC] (No symbol) [0x49D86D91] v8::internal::Execution::New [0x6A6F0ABD+1469] v8::internal::Execution::Call [0x6A6F03D7+247] v8::internal::Execution::Call [0x6A6F0301+33] v8::Function::Call [0x6A392153+563] blink::V8ScriptRunner::CallFunction [0x6CC6F285+577] blink::ScheduledAction::Execute [0x6D4D0029+879] blink::ScheduledAction::Execute [0x6D4CFB17+155] blink::DOMTimer::Fired [0x6D0FD35D+629] blink::TimerBase::RunInternal [0x6BEA7ACD+389] base::OnceCallback<void __cdecl(void)>::Run [0x69B55E55+43] WTF::ThreadCheckingCallbackWrapper<base::OnceCallback<void __cdecl(void)>,void __cdecl(void)>::Run [0x6AC98ECD+95] base::debug::TaskAnnotator::RunTask [0x6AE95D0D+237] blink::scheduler::internal::ThreadControllerImpl::DoWork [0x6ACCFDFB+417] base::internal::Invoker<base::internal::BindState<void (__thiscall media::AudioRendererImpl::*)(enum media::BufferingState),base::WeakPtr<media::AudioRendererImpl>,enum media::BufferingState>,void __cdecl(void)>::Run [0x6B1D5A35+59] base::debug::TaskAnnotator::RunTask [0x6AE95D0D+237] base::internal::IncomingTaskQueue::RunTask [0x6AEB3F09+105] base::MessageLoop::RunTask [0x6AE4BFA7+519] base::MessageLoop::DeferOrRunPendingTask [0x6AE4C30D+157] base::MessageLoop::DoWork [0x6AE4C53A+506] base::MessagePumpDefault::Run [0x6AEB6754+148] base::MessageLoop::Run [0x6AE4B949+169] base::RunLoop::Run [0x6AE4E8EC+204] content::RendererMain [0x6C623F8D+913] content::RunNamedProcessTypeMain [0x6AE0C2E4+268] content::ContentMainRunnerImpl::Run [0x6AE0C81D+279] service_manager::Main [0x6AE127CD+677] content::ContentMain [0x6AE0C1AF+51] ChromeMain [0x69B5111E+286] MainDllLoader::Launch [0x010D53BA+560] wWinMain [0x010D1543+1347] __scrt_common_main_seh [0x011B44E8+246] (f:\dd\vcto Could someone from the V8 team help triage this? This is affecting the stability of the ANGLE CQ and Chromium GPU bots because of the flakiness. Thanks.
,
Mar 20 2018
,
Mar 21 2018
Benedikt, could you please triage this?
,
Mar 21 2018
Looks like the Deoptimizer is not compatible with Lazy builtin loading. Jakob can you take a look please?
,
Mar 21 2018
Right, this just says that TFJ builtins that are called directly from e.g. the deoptimizer cannot be lazy. That applies to all *Continuation builtins. Looks like new ones were added to builtins-definitions.h recently but not to the Builtins::IsLazy list of exceptions. Instead of manually curating the list there, we should explicitly exclude all continuation-style builtins from IsLazy. I don't think we have such a predicate currently though.
,
Mar 21 2018
+peter as I assume we're hitting this: https://chromium-review.googlesource.com/926523
,
Mar 21 2018
That one is in the list of non-lazy builtins already: https://cs.chromium.org/chromium/src/v8/src/builtins/builtins.cc?l=270&rcl=0ddc6a129eead2d00f850803668a9fa26e9c2409 I made a CL for two that are in builtins-definitions.h but not Builtins::IsLazy: https://chromium-review.googlesource.com/c/v8/v8/+/972823 I'm not sure how we would exclude all continuation-style builtins as a rule. Possibly based on the type? Right now some are TFJ and some are TFS - it looks like all TFS are non-lazy right now. Could we just make all continuation-style builtins TFS?
,
Mar 21 2018
No, that's the kPromiseConstructorLazyDeoptContinuation, not the typed-array one ;) I already have a fix in-flight: https://crrev.com/c/972282
,
Mar 21 2018
CL is landing now, setting NextAction to verify flakes have stopped.
,
Mar 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/1ce0faedc137615c803df2dbf15eea6a98f0f090 commit 1ce0faedc137615c803df2dbf15eea6a98f0f090 Author: jgruber <jgruber@chromium.org> Date: Wed Mar 21 09:01:29 2018 Extend Builtins::IsLazy with continuations Continuations are called directly from the deoptimizer, and thus cannot be lazy. This also changes the corresponding assertion to an unconditional CHECK in order to catch this type of mistake early. Drive-by: Sort Builtins::IsLazy. Bug: chromium:823292 Change-Id: I739429ef574e40d7b9ba40cd209175054eb73349 Reviewed-on: https://chromium-review.googlesource.com/972282 Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52094} [modify] https://crrev.com/1ce0faedc137615c803df2dbf15eea6a98f0f090/src/builtins/builtins.cc [modify] https://crrev.com/1ce0faedc137615c803df2dbf15eea6a98f0f090/src/deoptimizer.cc
,
Mar 21 2018
Issue 824377 has been merged into this issue.
,
Mar 28 2018
The NextAction date has arrived: 2018-03-28
,
Mar 28 2018
From what I can tell, flakes have indeed stopped. Closing :)
,
Mar 28 2018
Thanks for the fix! |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by jmad...@chromium.org
, Mar 19 2018