Fix segfault during GC #5900 (4.x) by ofrobots · Pull Request #7303 · nodejs/node
added 2 commits
June 14, 2016 22:39
This is part 1/2 of the fixes from v8:4871. This fixes a segfault in verify-heap. Original commit message: [crankshaft] Write fillers for folded old space allocations during verify-heap If we don't write fillers, we crash during PagedSpace verification when we try to iterate over dead memory (unused folded allocation slots). BUG=v8:4871,chromium:580959 LOG=N Review URL: https://codereview.chromium.org/1837163002 Cr-Commit-Position: refs/heads/master@{#35097} Fixes: nodejs#5900 V8-Bug: https://bugs.chromium.org/p/v8/issues/detail?id=4871
This is part 2/2 of the fixes needed for v8:4871. This fix never landed upstream because the bug is not present in active V8 version. The patch is available from the upstream v8 bug however. The segfault occurs at the intersection of the following three conditions that are dependent on the allocation pattern of an application: A pretenured (1) allocation site has to be optimized into a merged allocation by the allocation folding optimization (2) and there needs to be overflow of the store buffer (3). This patch disables the allocation folding optimization for pretenured allocations. This may have some, hopefully negligible, performance impact on real world applications. Fixes: nodejs#5900
MylesBorins pushed a commit that referenced this pull request
Jul 1, 2016
This is part 1/2 of the fixes from v8:4871. This fixes a segfault in verify-heap. Original commit message: [crankshaft] Write fillers for folded old space allocations during verify-heap If we don't write fillers, we crash during PagedSpace verification when we try to iterate over dead memory (unused folded allocation slots). BUG=v8:4871,chromium:580959 LOG=N Review URL: https://codereview.chromium.org/1837163002 Cr-Commit-Position: refs/heads/master@{#35097} Fixes: #5900 V8-Bug: https://bugs.chromium.org/p/v8/issues/detail?id=4871 PR-URL: #7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins pushed a commit that referenced this pull request
Jul 1, 2016
This is part 2/2 of the fixes needed for v8:4871. This fix never landed upstream because the bug is not present in active V8 version. The patch is available from the upstream v8 bug however. The segfault occurs at the intersection of the following three conditions that are dependent on the allocation pattern of an application: A pretenured (1) allocation site has to be optimized into a merged allocation by the allocation folding optimization (2) and there needs to be overflow of the store buffer (3). This patch disables the allocation folding optimization for pretenured allocations. This may have some, hopefully negligible, performance impact on real world applications. Fixes: #5900 PR-URL: #7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins pushed a commit that referenced this pull request
Jul 12, 2016
This is part 1/2 of the fixes from v8:4871. This fixes a segfault in verify-heap. Original commit message: [crankshaft] Write fillers for folded old space allocations during verify-heap If we don't write fillers, we crash during PagedSpace verification when we try to iterate over dead memory (unused folded allocation slots). BUG=v8:4871,chromium:580959 LOG=N Review URL: https://codereview.chromium.org/1837163002 Cr-Commit-Position: refs/heads/master@{#35097} Fixes: #5900 V8-Bug: https://bugs.chromium.org/p/v8/issues/detail?id=4871 PR-URL: #7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
MylesBorins pushed a commit that referenced this pull request
Jul 12, 2016
This is part 2/2 of the fixes needed for v8:4871. This fix never landed upstream because the bug is not present in active V8 version. The patch is available from the upstream v8 bug however. The segfault occurs at the intersection of the following three conditions that are dependent on the allocation pattern of an application: A pretenured (1) allocation site has to be optimized into a merged allocation by the allocation folding optimization (2) and there needs to be overflow of the store buffer (3). This patch disables the allocation folding optimization for pretenured allocations. This may have some, hopefully negligible, performance impact on real world applications. Fixes: #5900 PR-URL: #7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
richardlau added a commit to ibmruntimes/node that referenced this pull request
Jul 14, 2016
Original commit message: deps: backport e7cc609 from upstream V8 This is part 1/2 of the fixes from v8:4871. This fixes a segfault in verify-heap. Original commit message: [crankshaft] Write fillers for folded old space allocations during verify-heap If we don't write fillers, we crash during PagedSpace verification when we try to iterate over dead memory (unused folded allocation slots). BUG=v8:4871,chromium:580959 LOG=N Review URL: https://codereview.chromium.org/1837163002 Cr-Commit-Position: refs/heads/master@{#35097} Fixes: nodejs/node#5900 V8-Bug: https://bugs.chromium.org/p/v8/issues/detail?id=4871 PR-URL: nodejs/node#7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
richardlau added a commit to ibmruntimes/node that referenced this pull request
Jul 14, 2016
Original commit message: deps: fix segfault during gc This is part 2/2 of the fixes needed for v8:4871. This fix never landed upstream because the bug is not present in active V8 version. The patch is available from the upstream v8 bug however. The segfault occurs at the intersection of the following three conditions that are dependent on the allocation pattern of an application: A pretenured (1) allocation site has to be optimized into a merged allocation by the allocation folding optimization (2) and there needs to be overflow of the store buffer (3). This patch disables the allocation folding optimization for pretenured allocations. This may have some, hopefully negligible, performance impact on real world applications. Fixes: nodejs/node#5900 PR-URL: nodejs/node#7303 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters