The simulator looks like just what the Dr. ordered. Thanks for the pointer!
For posterity: The --noconcurrent_osr --noconcurrent_recompilation --noconcurrent_sweeping flags didn't change the outcome of the optimized code case and in the unoptimized code case, crashed with SIGBUS rather than segfault. Thanks for the idea anyway, Ben. On Thu, Apr 9, 2015 at 3:44 AM, Rodolph Perfetta <[email protected] > wrote: > I would suggest you use the builtin simulator and its debugger. See > https://code.google.com/p/v8-wiki/wiki/ARMDebuggingWithTheSimulator > > if you have gdb 7 or later, you can also try to build with gdbjit support > ('gdbjit=on' on the make command and '--gdbjit' on the d8 command). > > Rodolph. > > On Thu, 9 Apr 2015 at 10:29 Ben Noordhuis <[email protected]> wrote: > >> On Thu, Apr 9, 2015 at 6:32 AM, Wilson Lian <[email protected]> wrote: >> > Sorry if this is the wrong list. If there's a more appropriate one, >> please >> > let me know. >> > >> > I've built a debug release of V8 (at git revision 1398078) for ARMv7, >> and >> > I'm trying to set GDB breakpoints in JIT-generated code. However when I >> do, >> > various crashes abound. Setting a breakpoint at the first instruction >> of an >> > unoptimized function results in a segfault, and doing the same thing in >> an >> > optimized function produces a sigabort due to a false assertion in the >> > deoptimizer. >> > >> > Are others encountering this? Is there a workaround or maybe another >> > debugger that doesn't have these problems? >> > >> > What follows is a breakdown of how I reproduce the crashes: >> > First, the unoptimized code case. I start the d8 shell in gdb and >> declare >> > and invoke a function, noting the address of the emitted code thanks to >> the >> > --print-code flag. I set a gdb breakpoint at that address, continue, >> then >> > invoke the same function again. Here, I would expect execution to >> pause at >> > the first instruction of the declared function, but instead I get a >> > segfault. >> > $ gdb --args out/arm.debug/d8 --print-code >> > >> > GNU gdb (GDB) 7.4.1-debian >> > ... >> > >> > (gdb) r >> > ... >> > >> > d8> function foo(x) {return x ^ 0x1234;} >> > ... >> > d8> foo(0); >> > ... >> > >> > --- Code --- >> > source_position = 12 >> > kind = FUNCTION >> > name = foo >> > Instructions (size = 196) >> > 0x2df888e0 0 e59d2004 ldr r2, [sp, #+4] >> > 0x2df888e4 4 e59ac014 ldr ip, [r10, #+20] >> > ... >> > (gdb) br *0x2df888e0 >> > Breakpoint 1 at 0x2df888e0 >> > >> > (gdb) c >> > d8> foo(1); >> > ... >> > >> > Program received signal SIGSEGV, Segmentation fault. >> > 0x2df888fc in ?? () >> > >> > (gdb) bt >> > #0 0x2df888fc in ?? () >> > >> > >> > For the optimized code, my method is mostly the same, but the crash is >> > different. I start the d8 shell with --always opt to force optimized >> code >> > generation. After setting the breakpoint and invoking my JS function >> again, >> > there is an invalid assertion in the deoptimizer that crashes the >> process. >> > >> > $ gdb --args out/arm.debug/d8 --print-code --always-opt >> > >> > GNU gdb (GDB) 7.4.1-debian >> > ... >> > >> > (gdb) r >> > ... >> > >> > d8> function foo(x) {return x ^ 0x1234;} >> > ... >> > d8> foo(0); >> > ... >> > >> > --- Optimized code --- >> > optimization_id = 21 >> > source_position = 12 >> > kind = OPTIMIZED_FUNCTION >> > name = foo >> > stack_slots = 1 >> > >> > Instructions (size = 131) >> > 0x51f10720 0 e92d4882 stmdb sp!, {r1, r7, fp, lr} >> > 0x51f10724 4 e1a0c00c mov ip, ip... >> > >> > ... >> > (gdb) br * 0x51f10720 >> > Breakpoint 1 at 0x2df888e0 >> > >> > (gdb) c >> > d8> foo(1); >> > ... >> > >> > # >> > # Fatal error in ../src/deoptimizer.cc, line 2726 >> > # CHECK_EQ(Smi::cast(function), Smi::FromInt(StackFrame::STUB)) failed >> > # Expected: 0x2 >> > # Found: 0xc >> > # >> > >> > ==== C stack trace =============================== >> > >> > (empty) >> > >> > Program received signal SIGABRT, Aborted. >> > 0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 >> > >> > (gdb) bt >> > #0 0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 >> > #1 0xf75b5f8a in raise () from /lib/arm-linux-gnueabihf/libc.so.6 >> > #2 0xf75b8428 in abort () from /lib/arm-linux-gnueabihf/libc.so.6 >> > #3 0x00b20aaa in v8::base::OS::Abort () at >> > ../src/base/platform/platform-posix.cc:220 >> > #4 0x00b1d5ca in V8_Fatal (file=0xc89a2c "../src/deoptimizer.cc", >> > line=2726, format=0xc560d0 "CHECK_EQ(%s, %s) failed\n# Expected: %p\n# >> > Found: %p") at ../src/base/logging.cc:87 >> > #5 0x005a8b60 in CheckEqualsHelper (file=0xc89a2c >> "../src/deoptimizer.cc", >> > line=2726, expected_source=0xc8b07c "Smi::cast(function)", expected=0x2, >> > value_source=0xc8b090 "Smi::FromInt(StackFrame::STUB)", value=0xc) at >> > .././src/base/logging.h:139 >> > #6 0x006840be in v8::internal::Deoptimizer::Com >> puteIncomingArgumentSize >> > (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2726 >> > #7 0x0068405e in v8::internal::Deoptimizer::ComputeFixedSize >> > (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2717 >> > #8 0x00683fbc in v8::internal::Deoptimizer::ComputeInputFrameSize >> > (this=0x19bd4d8) at ../src/deoptimizer.cc:2700 >> > #9 0x0067e91a in v8::internal::Deoptimizer::Deoptimizer >> (this=0x19bd4d8, >> > isolate=0x1995688, function=0x0, type=v8::internal::Deoptimizer::EAGER, >> > bailout_id=1, from=0x51f10790 "\001", fp_to_sp_delta=12, >> optimized_code=0x0) >> > at ../src/deoptimizer.cc:612 >> > #10 0x0067d32e in v8::internal::Deoptimizer::New (function=0x2, >> > type=v8::internal::Deoptimizer::EAGER, bailout_id=1, from=0x51f10790 >> "\001", >> > fp_to_sp_delta=12, isolate=0x1995688) at ../src/deoptimizer.cc:90 >> > #11 0x5fb0a268 in ?? () >> > #12 0x5fb0a268 in ?? () >> > >> > Backtrace stopped: previous frame identical to this frame (corrupt >> stack?) >> >> I speculate that you need to pass --noconcurrent_osr >> --noconcurrent_recompilation --noconcurrent_sweeping on the command >> line. >> >> -- >> -- >> v8-users mailing list >> [email protected] >> http://groups.google.com/group/v8-users >> --- >> You received this message because you are subscribed to the Google Groups >> "v8-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > -- > v8-users mailing list > [email protected] > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to a topic in the > Google Groups "v8-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/v8-users/ayfxQOSwmVY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-users mailing list [email protected] http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
