While testing BananaBench on ARM B2G, the asm.js compiler can fail with the following report: "asm.js type error: internal codegen failure (probably out of memory)" The oom flag is being set due to a call to fail_bail, rather than a real oom. fail_bail is being called from finishPool, and the source code includes a comment stating that this should not be possible on the ARM. IonSpew output: From finishPool: [0] Finishing pool 136 [0] Linking entry 5 in pool 0 [0] Fixing offset to -1052 [0] Linking entry 4 in pool 0 [0] Fixing offset to -1048 [0]***Offset -1048 was still out of range!*** [0] Too complicated; bailingp patchConstantPoolLoad is failing at: case PoolHintData::poolVDTR: if ((offset + (8 * data.getIndex()) - 8) < -1023 || (offset + (8 * data.getIndex()) - 8) > 1023) { return false; } with: offset -1048, and data.getIndex() 4, which gives -1024 which is out of range for this comparison. This is on a well patched m-c, running a patched benchmark, but reproducible here for now.

It seems to be caused, or tickled, by the patch in bug 865516. Let me look into it.

Comment on attachment 793270 [details] [diff] [review] Leave some head-room in the double pools to help avoid bailing out. Should this be considered for ff26? I know it's a real hack, but it does reduce the number of failures running asm.js code.

Rebase. Carrying forward r+. Note this does not solve the underlying problems with the pools, they still fail. It just leaves a little room so that a small error in packing the pools can be accepted and thus reduces the number of failures. I understand there is a larger rewrite of the code that will eventually address the problem.

The patch being reverted was a hack workaround. It's not clear if it actually caused the assertion failure in bug 944972, or just changed the pool layout and tickled it.

https://hg.mozilla.org/integration/mozilla-inbound/rev/cce5a57699a4 Is this WONTFIX now?

(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #8) > https://hg.mozilla.org/integration/mozilla-inbound/rev/cce5a57699a4 > > Is this WONTFIX now? I suggest leaving this open as the problem is not fixed and I understand there is ongoing work to address the real problem. The patch being backed out was just a quick attempt to reduce the frequency of failures in the buffer pools.

The backout made it to m-c: http://hg.mozilla.org/mozilla-central/rev/cce5a57699a4

Mass-closing JS bugs for which the platform is Gonk (Firefox OS), since Firefox OS is gone. Feel free to re-open if still valid.