Skip to content

Segmentation fault during retranslation #7680

Description

@Norbyte

HHVM Version

HipHop VM 3.18.0-dev (rel)
Compiler: heads/master-0-g3fb5e0b2512234155bb07fd7bfa18b4047c42deb
Repo schema: 3ddd9660d9a7ad9cd9acd0503620d1eb9269e95a

Standalone code, or other way to reproduce the problem

HHVM crashes every time it reaches the request count specified in the config variable JitRetranslateAllRequest (default 3000).
Disabling PGO using hhvm.jit_pgo = false or retranslation using -vEval.JitRetranslateAllRequest=0 is a viable workaround. Setting a very low JitRetranslateAllRequest value (around 200-300) seems to reduce the probability of crashing.

This was tested on an internal application, using the ab -c 10 -n 10000 http://<url> benchmark. I'm not sure if this is reproducible using other codebases.

HHVM Output

Finished singleJitRequest 1
Finished singleJitRequest 2
[...]
Finished singleJitRequest 23
Scheduling the retranslation of all profiled translations
retranslateAll: starting to build the call graph
retranslateAll: finished building the call graph
Segmentation fault

Backtrace

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa77ff700 (LWP 7196)]
0x0000000001f89b51 in HPHP::jit::tc::emitTranslation(HPHP::jit::TransEnv, folly::Optional<HPHP::jit::CodeCache::View>) ()
Missing separate debuginfos, [...]
(gdb) bt
#0  0x0000000001f89b51 in HPHP::jit::tc::emitTranslation(HPHP::jit::TransEnv, folly::Optional<HPHP::jit::CodeCache::View>) ()
#1  0x0000000001da2fc2 in HPHP::jit::mcgen::translate(HPHP::jit::TransArgs, HPHP::jit::FPInvOffset, folly::Optional<HPHP::jit::CodeCache::View>) ()
#2  0x0000000001d96fa6 in HPHP::jit::mcgen::(anonymous namespace)::regeneratePrologue(int, HPHP::jit::tc::FuncMetaInfo&)::{lambda(bool)#1}::operator()(bool) const ()
#3  0x0000000001d9bf8b in HPHP::jit::mcgen::regeneratePrologues(HPHP::Func*, HPHP::jit::tc::FuncMetaInfo&) ()
#4  0x0000000001db2a61 in HPHP::jit::mcgen::(anonymous namespace)::optimize(HPHP::Func*, unsigned char*) ()
#5  0x0000000001db923e in HPHP::jit::mcgen::(anonymous namespace)::TranslateWorker::doJob(HPHP::jit::mcgen::(anonymous namespace)::OptimizeData*) ()
#6  0x0000000001d9d00d in HPHP::JobQueueWorker<HPHP::jit::mcgen::(anonymous namespace)::OptimizeData*, void*, true, true, HPHP::detail::NoDropCachePolicy>::start() ()
#7  0x0000000000d9b3b7 in HPHP::AsyncFuncImpl::ThreadFunc(void*) ()
#8  0x000000000142ae97 in HPHP::start_routine_wrapper(void*) ()
#9  0x00007ffff559fdc5 in start_thread () from /lib64/libpthread.so.0
#10 0x00007fffefa7673d in clone () from /lib64/libc.so.6

Metadata

Metadata

Assignees

Labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions