|
github.com/moarvm/moarvm | IRC logs at colabti.org/irclogger/irclogger_logs/moarvm Set by AlexDaniel on 12 June 2018. |
|||
|
00:15
patrickb left
00:57
scovit_ joined
01:02
scovit left
01:07
MasterDuke left
01:09
MasterDuke joined,
MasterDuke left,
MasterDuke joined
|
|||
| MasterDuke | timotimo: fyi blog.mozilla.org/nnethercote/2019/...tter-dhat/ | 01:35 | |
|
04:50
ggoebel joined
05:14
domidumont joined
06:49
domidumont left
07:01
domidumont joined
07:29
brrt joined
07:51
patrickb joined
07:52
zakharyas joined
|
|||
| brrt | \o | 07:54 | |
| patrickb | o/ | ||
| jnthn | o/ | 09:14 | |
| timotimo | o/ | 09:24 | |
| afl found out that P6opaque just writes to whatever reprid slot is in the serialized blob at that position, no matter how high (but truncated to a 16 bit unsigned integer) | 09:59 | ||
| in its deserialize_repr_data function | |||
| huh. it doesn't write the reprid/slot if the reprid is 0, which would be MVMString | 10:01 | ||
| that can't be right? | |||
| Geth | MoarVM: 275098a2db | (Timo Paulssen)++ | src/6model/reprs/P6opaque.c fuzzing: don't accept out-of-range repr ids also: accept 0 as repr id (it's MVMString) |
10:15 | |
| timotimo | ==7491== Warning: set address range perms: large range [0x7a6d040, 0x17b574a8) (undefined) | 10:16 | |
| what the? :D | |||
|
10:22
domidumont left
|
|||
| timotimo | i wonder if moar should actually immediately panic when it encounters a wrong value there | 10:22 | |
| lizmat | seems like a good thing to do to me | 10:23 | |
| timotimo | another piece of that function throws an exception when serialization goes wrong | ||
| which ... is kind of odd, but okay | |||
| also, the code should probably check against out-of-range slots, too | |||
| jnthn: is spesh robust against "log_parameter" just not doing anything in some instances? because afl found a way to smuggle a low-level null in there and it makes log_parameter's first line, which tries to get the container spec via STABLE(obj), segfault | 10:47 | ||
| jnthn | timotimo: The problem is it got the low-level null in there in the first place, I'd say | 10:48 | |
| We shouldn't solve problems by sprinking null checks everywhere, but rather figure out how we manage to end up with real NULLs in object registers | 10:49 | ||
| timotimo | aye | 10:53 | |
| i'll have a closerl ook | |||
|
11:05
brrt left
|
|||
| Geth | MoarVM: 0e94d75a7b | (Ben Davies)++ | build/setup.pm Temporarily use -fno-ret-protector when building on OpenBSD See #1091 |
11:11 | |
| MoarVM: e73e82fa36 | (Jonathan Worthington)++ (committed using GitHub Web editor) | build/setup.pm Merge pull request #1092 from Kaiepi/retguard Temporarily use -fno-ret-protector when building on OpenBSD |
|||
| MoarVM: 09e1575355 | (Ben Davies)++ (committed using GitHub Web editor) | src/core/alloc.h Remove unnecessary (void *) cast in MVM_free_zero |
11:12 | ||
| MoarVM: d111dd9014 | (Jonathan Worthington)++ (committed using GitHub Web editor) | src/core/alloc.h Merge pull request #1088 from Kaiepi/patch-1 Remove unnecessary (void *) cast in MVM_free_null |
|||
MoarVM/master: 6 commits pushed by (Vadim Belman)++, (Jonathan Worthington)++
|
11:13 | ||
| patrickb | jnthn++ # Great you're working on getting the PR backlog smaller! | 11:14 | |
| Geth | MoarVM: cc06ad280e | (Patrick Bƶker)++ | Configure.pl Never build a relocatable moar on OpenBSD See github.com/rakudo/rakudo/issues/2818 OpenBSDs implementation of $ORIGIN in rpath is unreliable. Also it misses a mechanism to determine the executable path in general. So even at runtime one has a hard time implementing something like this in a robust manner. |
11:16 | |
| MoarVM: 12e7590cf9 | (Jonathan Worthington)++ (committed using GitHub Web editor) | Configure.pl Merge pull request #1089 from patzim/openbsd-no-relocatable Never build a relocatable moar on OpenBSD |
|||
|
11:18
brrt joined
11:23
domidumont joined
11:37
zakharyas left
|
|||
| timotimo | i don't really get it ... | 11:43 | |
| the frame just sets up a callsite with one positional arg and a few nameds, passes a single object argument, and invokes what the frame got called with (after a decont) | |||
| the frame is <main>, the object it passes is what it gets from MVM_clargs | 11:44 | ||
|
11:45
travis-ci joined
|
|||
| travis-ci | MoarVM build passed. Jonathan Worthington 'Merge pull request #1089 from patzim/openbsd-no-relocatable | 11:45 | |
| travis-ci.org/MoarVM/MoarVM/builds/521669706 github.com/MoarVM/MoarVM/compare/0...e7590cf9c1 | |||
|
11:45
travis-ci left
|
|||
| timotimo | perhaps i'm looking at the wrong frame here? | 11:48 | |
|
11:48
ggoebel left
|
|||
| timotimo | oh, wait, the callsite has a flag_count of 6, arg_count of 11, and num_pos of 1, but there's only a single argument being passed | 11:54 | |
| so the reason why we get this problem is that the callsite used in the bytecode has a different amount of arguments than the bytecode | 11:56 | ||
| so the validator needs to be a bit more agressive when it comes to argument and invoke sequences | 12:01 | ||
|
12:04
brrt left
12:06
brrt joined
12:20
brrt left
12:21
brrt joined
|
|||
| timotimo | so it turns out the necessary code to make sure all flags actually have values passed is already in the validator, it just doesn't get called in the necessary place | 12:58 | |
| spec tests don't seem unhappy yet (though i haven't run them all yet) | 13:03 | ||
|
13:16
domidumont1 joined
|
|||
| timotimo | i should perhaps have recompiled moar with C optimization before running a spec test, i now realize | 13:19 | |
|
13:20
domidumont left
|
|||
| timotimo | that's a full pass! | 13:20 | |
| Geth | MoarVM: 654417932b | (Timo Paulssen)++ | src/core/validation.c fuzzing: activate 2nd argument count check for invocations until now the bytecode validator only made sure the number of positionals in the callsite matched the number of arg commands that corresponded to positionals, but there could be nameds that didn't have a corresponding arg command that would then leave a low-level null in object registers, which spesh would stumble over |
13:27 | |
| MoarVM: 8fef199947 | (Timo Paulssen)++ | src/6model/reprs/P6opaque.c fuzzing: reject out-of-bounds unbox slot numbers |
|||
| timotimo | oh my, the cur_arg variable in the validator's "validate the argument passing ops" just counts from 0 to n and makes an index comparison there | 13:37 | |
| so it doesn't catch when an argument op has an out-of-bounds arg index | |||
|
13:42
lizmat left
13:49
MasterDuke left
13:54
zakharyas joined
14:04
patrickb left
14:30
brrt left
14:31
domidumont joined
14:34
domidumont1 left
14:42
zakharyas left
14:43
zakharyas joined
14:48
lucasb joined
|
|||
| japhb | timotimo: BTW, huge fan of this fuzzing work. Thank you! | 15:05 | |
|
15:09
domidumont left
|
|||
| timotimo | japhb: sadly the effects will barely be felt IRL :P | 15:15 | |
| japhb | timotimo: IRL I work for a company that is literally constantly under attack from major governments. Fuzzing seems incredibly useful to me. Also, as jnthn points out, some of the situations the fuzzer is pointing out aren't just cases of a missing null check (where a null would be rare but reasonable), but indications of something more serious wrong in that a null shouldn't even be possible at that point. | 15:17 | |
| So it's catching real implementation issues, not just forgetfulness. | 15:18 | ||
| timotimo | right, though the current fuzzing work mostly requires you to actually manipulate bytecode or the serialized blob :) | ||
| some things like nqp::elems(nqp::array) null-pointering can be reached | |||
| but not something like "the argument passing ops aren't proper" | 15:19 | ||
| japhb | Also the company I work for deals with enough data for bit errors to be an effectively constant problem. We do a lot of ECC. ;-) | ||
| ugexe | we are missing the most important part of fuzzing: the $some-amount of buzz it generates when someone eventually posts it on hackernews | 15:22 | |
| timotimo | hah | 15:26 | |
| we don't have something for "the bytecode was correct when the validator saw it, but then it got corrupted in memory by a bit-flip" | 15:27 | ||
| ugexe: would be very nice to at some point fuzz actual perl6 code, but our run time speed isn't there yet | 15:28 | ||
| and of course the first run through the test corpus i'm using won't be terribly interesting from the standpoint of tickling deep bugs | 15:30 | ||
| since it's currently only doing one derivation step from what i put in (which is the stage2 of nqp) | 15:31 | ||
| it should also do some "mixing" near the end of the first run; cut portions out, move big chunks around, cross-over with other versions perhaps? | |||
| but since it's usually doing about 75 executions per second and i'm only utilizing a single of hack's 4 cores ... | 15:32 | ||
| ugexe | is your local environment not sufficient? | 15:33 | |
| timotimo | it tends to be ram-starved because i use a web browser | 15:34 | |
| tadzik | ouch :D | 15:35 | |
| timotimo | 16 gig just ain't cutting it these days | ||
| tadzik | huh | ||
| 8 is usually sufficient for me | |||
| but I'm a person who closes tabs | |||
| timotimo | i close tabs also, but i still have too many of 'em | 15:37 | |
| tadzik | :( | ||
| ugexe | browse on hack via VNC and develop locally | 15:38 | |
| japhb | I sleep tabs, on machines where I have the proper extensions installed. That way I can get them back without too much trouble, thus keeping me from tab hoarding *too* strongly. | ||
| timotimo | is gurgel chrome capable of that? | 15:39 | |
| japhb | timotimo: I use Tabs Outliner (free version) for Chrome. Some other people on my team use an extension that auto-sleeps any tab you haven't looked at in a while. Advantage of Tabs Outliner is that the tabs/windows you sleep actually disappear (becoming grayed out in the outline), it tracks what tabs launch other tabs, you can drag and drop tab hierarchies around easily, and you can sleep large swaths of | 15:42 | |
| the tab outline all at once. | |||
| Advantage of their extension: You don't have to think about it at all, it's like having automatic memory and CPU reduction for Chrome. | 15:43 | ||
| Which, let's face it, is not terribly light on either. | |||
| timotimo | ah, i also have tabs outliner | ||
| i barely open it | |||
| it's got about a hundred "crashed windows" that i never got around to cleaning up | 15:44 | ||
| japhb | Heh | ||
| Would be nice if Chrome didn't produce quite so many of those .... | |||
| timotimo | i don't recall a time it crashed on me because of chrome | 15:45 | |
| usually it's one thread exhausting ram or something, then the core dump exhausts my hard drive, then chrome hangs and gets killed ... or dies? dunno. | |||
| ugexe | hmmmm, what the hell sites are you vising that do all that... | 15:47 | |
| timotimo | oh, the sites don't do that | 15:48 | |
| rakudo does | |||
| when i let it write extraordinarily big profiles or heap snapshots into /tmp, which is in my ram, for example | |||
| dogbert17 | japhb: wrt R#2848 running your example with MVM_SPESH_INLINE_DISABLE=1 seems to resolve the problem | 16:00 | |
| synopsebot | R#2848 [open]: github.com/rakudo/rakudo/issues/2848 Writing to many synchronously run child processes grinds to a halt | ||
| japhb | dogbert17: Oooh, that is very interesting. | 16:15 | |
| dogbert17: Yup, confirmed even with 4 threads max. In fact, running with RAKUDO_SCHEDULER_DEBUG=1 RAKUDO_MAX_THREADS=4 MVM_SPESH_INLINE_DISABLE=1 shows no new threads at all. | 16:18 | ||
|
16:26
lizmat joined
16:31
zakharyas left
17:15
lizmat left
17:31
brrt joined
17:48
lizmat joined
18:12
brrt left
19:05
lizmat left
19:15
zakharyas joined
19:23
zakharyas left
19:38
lucasb left
19:44
lizmat joined
19:52
brrt joined
19:54
lizmat left
|
|||
| brrt | \o | 20:09 | |
|
20:16
AlexDaniel left
20:24
squashable6 left
20:27
squashable6 joined
21:00
brrt left
22:12
lizmat joined
|
|||
| samcv | jnthn, how do you feel about having a thing to check for malloc_trim in configure.pm? | 22:43 | |
| or whichever file it was :). since there seems to be no better way to detect this, but it would be nice to be able to ensure perl 6 lowers its memory usage. or at least what shows up | 22:44 | ||
| jnthn | samcv: Yeah, a probe for its availability is fine. I think the only outstanding questions are how often to call it, and what the value to it should be. I think it's pretty much agreed we want it. | 22:57 | |
| Also, maybe the best way to determine those two will be to get it in and prof real programs | |||
| samcv | yeah | 22:58 | |
| jnthn, sounds good. will look into that | 22:59 | ||
| jnthn | samcv++ | ||
| samcv | maybe we want to make sure not to call it more than X number of ms or something | 23:00 | |
| jnthn | Putting it after GC is probably reasonable, though question is if it's every run, every N runs, or every full (non-nursery) collection | 23:01 | |
| japhb | jnthn: While every full collection seems like a good default, I worry about further extending the difference in pause time between nursery and full collections. Animation code I've written that shows frame-by-frame delay shows a clear signal of pauses every ~N frames long enough to be perceived as visible stutter; my best guess (until we have telemetry of some sort for when GC pauses happen and what type) | 23:13 | |
| is that these are the full GC cycles. | 23:14 | ||
| Oddly, for animations it's often OK to have lower but steadier frame rate. | |||
| (As a side note, a pause of just 16-17 milliseconds represents a full dropped frame at 60 fps, so it doesn't take a very long pause to make a very big stutter.) | 23:16 | ||
| jnthn | japhb: Hmm, does such code normally have a lot of objects that would live long enough to get promoted? | 23:18 | |
| Perhaps, given Perl 6 being allocation heavy, the answer is "yes, until EA is doing a better job" :) | 23:19 | ||
| I ask because full collects are not just "every N nursery collects", but based on the rate of object promotion | |||
| A program that never promotes anything will potentially never do a full collect | |||
| That's also an interesting point were we to pick doing it every gen2: what of programs that manage to fragment unmanaged memory while never causing enough gen2 promotion to trigger the malloc_trim? | 23:21 | ||
| japhb | jnthn: Yeah, that latter bit is true. :-) But actually, I wonder if there isn't some amount of "There's enough in Gen 2 after a while that full collections are just slow even if the fraction of new objects is low." (I get your point about a certain number of object promotions being necessary to trigger full GC, and I'm not sure what exactly is getting promoted each time.) | ||
| (latter bit == promotions common until EA does better) | |||
| Oh yeah, fragmented unmanaged memory is an interesting question. | 23:22 | ||
| jnthn | The EA work is looking quite promising, it's just tricky :) | ||
| japhb | I BET! | ||
| jnthn: Are you holding back merging EA until it is "more correct", "more effective", or "after the release cycle"? | 23:24 | ||
| jnthn | japhb: I'm working on it in phases, merging each phase "when it's ready". The initial one was "do some EA in very simple cases"; that's already in master. | 23:29 | |
| japhb | jnthn: Yeah, that one I'd seen. I guess I meant the branch you've been working on a while. | 23:30 | |
| jnthn | The current phase is: analyzing transitive references, P6bigint handling, and making it handle partial escapes, which together should be effective in a lot more cases. | ||
| Transitive references: the analysis is correct, but deopt needs adaptation. | 23:31 | ||
| P6bigint handling: just got some first cases of that working. Will probably handle a few more, though doing them all isn't a pre-req for merge. BUT it does need further work to make sure it won't ever leak the unmanaged mp_int buffers. That's quite important to get right. :) | |||
| japhb | oh yeah, definitely. | 23:32 | |
| jnthn | Partial escapes: actually the algorithm we're using was based on one found in a paper on partial escape analysis, so a lot is set up for this already. It'll also make things vastly more useful. | ||
| japhb | nodnod | 23:33 | |
| jnthn | Example of the latter: array indexing. We inline the fast-path common case. But the Int index can escape to the slow path (out of bounds erorr reporting, etc.) | ||
| Partial escape handling lets us defer the allocation to the point we know it's escapging | 23:34 | ||
| *escaping | |||
| But also, if we have a bunch of integer calculations and store the final result, we also want to materialize the final result at that point too; at the moment we can't do that, so end up with the whole chain of operations being considered escaping. | 23:35 | ||
| Once I get those 3 in decent shape, I'll merge. I hope to make it in time for the 2019.5 release, but won't be rushing. | |||
| The phase after that will be about handling EA in code involving loops and OSR. | 23:36 | ||
| Once that is done, we have a fairly complete overall structure, so it'll be a case of smaller situation-specific additions. | 23:37 | ||
| For example, extending it to cover things other than P6opaque, such as hashes indexed entirely with constant keys | 23:38 | ||
| The hash case is very common in object construction; in principle, the slurpy hash and the indexing of it could in some cases entirely go away. | 23:39 | ||
| japhb | Oh nice, that would probably have quite a big effect. | 23:53 | |
| jnthn | Hope so. :) | 23:58 | |
| sleep o/ | |||