Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certain values of --max_old_space_size cause segmentation fault #648

Closed
sevastos opened this issue Jan 29, 2015 · 5 comments
Closed

Certain values of --max_old_space_size cause segmentation fault #648

sevastos opened this issue Jan 29, 2015 · 5 comments
Labels
confirmed-bug Issues with confirmed bugs.

Comments

@sevastos
Copy link 

iojs --max_old_space_size=4096 simple.js
[1]    18001 segmentation fault (core dumped)  iojs --max_old_space_size=4096 simple.js

There is a pattern on values that causes segfault: 2^n + 0...3 where n >= 12
e.g: 4096,4097,4098,4099,8192,8193,8194,8195 etc...
The rest values work fine.

Issue present on v0.11.15, v1.0.4 but works fine on v0.10.36.

It's funny because the first value I tried were 4096, 8192 and I would expect most to do the same.

Some info from gdb:

➜  gdb --args iojs --max_old_space_size=4096 simple.js
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
[...]
This GDB was configured as "x86_64-linux-gnu".
[...]
Reading symbols from /home/uvv/.nvm/versions/io.js/v1.0.4/bin/iojs...done.
(gdb) run
Starting program: /home/uvv/.nvm/versions/io.js/v1.0.4/bin/iojs --max_old_space_size=4096 simple.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff6bd2700 (LWP 20376)]
[New Thread 0x7ffff63d1700 (LWP 20377)]
[New Thread 0x7ffff5bd0700 (LWP 20378)]
[New Thread 0x7ffff53cf700 (LWP 20379)]

Program received signal SIGSEGV, Segmentation fault.
0x000000000097d9c0 in v8::internal::Heap::ClearJSFunctionResultCaches() ()
(gdb) c
Continuing.
[Thread 0x7ffff53cf700 (LWP 20379) exited]
[Thread 0x7ffff5bd0700 (LWP 20378) exited]
[Thread 0x7ffff63d1700 (LWP 20377) exited]
[Thread 0x7ffff6bd2700 (LWP 20376) exited]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
@brendanashworth brendanashworth added the confirmed-bug Issues with confirmed bugs. label Jan 29, 2015
@brendanashworth
Copy link
Contributor

I can confirm this also happens on OSX 10.9.5, running with 4GB of RAM. It works fine though at levels above 4GB (unless they follow that pattern) so I'm fairly sure this isn't the case. Looks like its a V8 bug though, if I could throw a guess.

Edit: oop. Could a 1.7GB limit on 64 bit machines have anything to do with it?

@bnoordhuis
Copy link
Member

I looked at this briefly earlier today. I'm not 100% sure but it might be caused by something trivial like signed/unsigned overflow. I'll take a closer look.

@bnoordhuis
Copy link
Member

It was indeed integer math overflow: the result of 4096 * MB doesn't fit in an int. Proposed fix: https://codereview.chromium.org/890563003/

@bnoordhuis bnoordhuis mentioned this issue Jan 29, 2015
Merged
@sevastos
Copy link
Author

Nice, thanks :)

@bnoordhuis bnoordhuis mentioned this issue Jan 30, 2015
Closed
@Fishrock123
Copy link
Contributor

Looks like the fix landed upstream. Should land down here when the next v8 update gets pulled, I think.

@Fishrock123 Fishrock123 reopened this Feb 4, 2015
@bnoordhuis bnoordhuis mentioned this issue Feb 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed-bug Issues with confirmed bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bnoordhuis @sevastos @Fishrock123 @brendanashworth