On Thu, Apr 9, 2015 at 6:32 AM, Wilson Lian <[email protected]> wrote: > Sorry if this is the wrong list. If there's a more appropriate one, please > let me know. > > I've built a debug release of V8 (at git revision 1398078) for ARMv7, and > I'm trying to set GDB breakpoints in JIT-generated code. However when I do, > various crashes abound. Setting a breakpoint at the first instruction of an > unoptimized function results in a segfault, and doing the same thing in an > optimized function produces a sigabort due to a false assertion in the > deoptimizer. > > Are others encountering this? Is there a workaround or maybe another > debugger that doesn't have these problems? > > What follows is a breakdown of how I reproduce the crashes: > First, the unoptimized code case. I start the d8 shell in gdb and declare > and invoke a function, noting the address of the emitted code thanks to the > --print-code flag. I set a gdb breakpoint at that address, continue, then > invoke the same function again. Here, I would expect execution to pause at > the first instruction of the declared function, but instead I get a > segfault. > $ gdb --args out/arm.debug/d8 --print-code > > GNU gdb (GDB) 7.4.1-debian > ... > > (gdb) r > ... > > d8> function foo(x) {return x ^ 0x1234;} > ... > d8> foo(0); > ... > > --- Code --- > source_position = 12 > kind = FUNCTION > name = foo > Instructions (size = 196) > 0x2df888e0 0 e59d2004 ldr r2, [sp, #+4] > 0x2df888e4 4 e59ac014 ldr ip, [r10, #+20] > ... > (gdb) br *0x2df888e0 > Breakpoint 1 at 0x2df888e0 > > (gdb) c > d8> foo(1); > ... > > Program received signal SIGSEGV, Segmentation fault. > 0x2df888fc in ?? () > > (gdb) bt > #0 0x2df888fc in ?? () > > > For the optimized code, my method is mostly the same, but the crash is > different. I start the d8 shell with --always opt to force optimized code > generation. After setting the breakpoint and invoking my JS function again, > there is an invalid assertion in the deoptimizer that crashes the process. > > $ gdb --args out/arm.debug/d8 --print-code --always-opt > > GNU gdb (GDB) 7.4.1-debian > ... > > (gdb) r > ... > > d8> function foo(x) {return x ^ 0x1234;} > ... > d8> foo(0); > ... > > --- Optimized code --- > optimization_id = 21 > source_position = 12 > kind = OPTIMIZED_FUNCTION > name = foo > stack_slots = 1 > > Instructions (size = 131) > 0x51f10720 0 e92d4882 stmdb sp!, {r1, r7, fp, lr} > 0x51f10724 4 e1a0c00c mov ip, ip... > > ... > (gdb) br * 0x51f10720 > Breakpoint 1 at 0x2df888e0 > > (gdb) c > d8> foo(1); > ... > > # > # Fatal error in ../src/deoptimizer.cc, line 2726 > # CHECK_EQ(Smi::cast(function), Smi::FromInt(StackFrame::STUB)) failed > # Expected: 0x2 > # Found: 0xc > # > > ==== C stack trace =============================== > > (empty) > > Program received signal SIGABRT, Aborted. > 0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 > > (gdb) bt > #0 0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 > #1 0xf75b5f8a in raise () from /lib/arm-linux-gnueabihf/libc.so.6 > #2 0xf75b8428 in abort () from /lib/arm-linux-gnueabihf/libc.so.6 > #3 0x00b20aaa in v8::base::OS::Abort () at > ../src/base/platform/platform-posix.cc:220 > #4 0x00b1d5ca in V8_Fatal (file=0xc89a2c "../src/deoptimizer.cc", > line=2726, format=0xc560d0 "CHECK_EQ(%s, %s) failed\n# Expected: %p\n# > Found: %p") at ../src/base/logging.cc:87 > #5 0x005a8b60 in CheckEqualsHelper (file=0xc89a2c "../src/deoptimizer.cc", > line=2726, expected_source=0xc8b07c "Smi::cast(function)", expected=0x2, > value_source=0xc8b090 "Smi::FromInt(StackFrame::STUB)", value=0xc) at > .././src/base/logging.h:139 > #6 0x006840be in v8::internal::Deoptimizer::ComputeIncomingArgumentSize > (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2726 > #7 0x0068405e in v8::internal::Deoptimizer::ComputeFixedSize > (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2717 > #8 0x00683fbc in v8::internal::Deoptimizer::ComputeInputFrameSize > (this=0x19bd4d8) at ../src/deoptimizer.cc:2700 > #9 0x0067e91a in v8::internal::Deoptimizer::Deoptimizer (this=0x19bd4d8, > isolate=0x1995688, function=0x0, type=v8::internal::Deoptimizer::EAGER, > bailout_id=1, from=0x51f10790 "\001", fp_to_sp_delta=12, optimized_code=0x0) > at ../src/deoptimizer.cc:612 > #10 0x0067d32e in v8::internal::Deoptimizer::New (function=0x2, > type=v8::internal::Deoptimizer::EAGER, bailout_id=1, from=0x51f10790 "\001", > fp_to_sp_delta=12, isolate=0x1995688) at ../src/deoptimizer.cc:90 > #11 0x5fb0a268 in ?? () > #12 0x5fb0a268 in ?? () > > Backtrace stopped: previous frame identical to this frame (corrupt stack?)
I speculate that you need to pass --noconcurrent_osr --noconcurrent_recompilation --noconcurrent_sweeping on the command line. -- -- v8-users mailing list [email protected] http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
