Sorry if this is the wrong list. If there's a more appropriate one, please
let me know.
I've built a debug release of V8 (at git revision 1398078) for ARMv7, and I'm
trying to set GDB breakpoints in JIT-generated code. However when I do,
various crashes abound. Setting a breakpoint at the first instruction of an
unoptimized function results in a segfault, and doing the same thing in an
optimized function produces a sigabort due to a false assertion in the
deoptimizer.
Are others encountering this? Is there a workaround or maybe another
debugger that doesn't have these problems?
What follows is a breakdown of how I reproduce the crashes:
First, the unoptimized code case. I start the d8 shell in gdb and declare
and invoke a function, noting the address of the emitted code thanks to the
--print-code flag. I set a gdb breakpoint at that address, continue, then
invoke the same function again. Here, I would expect execution to pause at
the first instruction of the declared function, but instead I get a
segfault.
$ gdb --args out/arm.debug/d8 --print-code
GNU gdb (GDB) 7.4.1-debian
...
(gdb) r
...
d8> function foo(x) {return x ^ 0x1234;}
...
d8> foo(0);
...
--- Code ---
source_position = 12
kind = FUNCTION
name = foo
Instructions (size = 196)
0x2df888e0 0 e59d2004 ldr r2, [sp, #+4]
0x2df888e4 4 e59ac014 ldr ip, [r10, #+20]
...
(gdb) br *0x2df888e0
Breakpoint 1 at 0x2df888e0
(gdb) c
d8> foo(1);
...
Program received signal SIGSEGV, Segmentation fault.
0x2df888fc in ?? ()
(gdb) bt
#0 0x2df888fc in ?? ()
For the optimized code, my method is mostly the same, but the crash is
different. I start the d8 shell with --always opt to force optimized code
generation. After setting the breakpoint and invoking my JS function again,
there is an invalid assertion in the deoptimizer that crashes the process.
$ gdb --args out/arm.debug/d8 --print-code --always-opt
GNU gdb (GDB) 7.4.1-debian
...
(gdb) r
...
d8> function foo(x) {return x ^ 0x1234;}
...
d8> foo(0);
...
--- Optimized code ---
optimization_id = 21
source_position = 12
kind = OPTIMIZED_FUNCTION
name = foo
stack_slots = 1
Instructions (size = 131)
0x51f10720 0 e92d4882 stmdb sp!, {r1, r7, fp, lr}
0x51f10724 4 e1a0c00c mov ip, ip...
...
(gdb) br * 0x51f10720
Breakpoint 1 at 0x2df888e0
(gdb) c
d8> foo(1);
...
#
# Fatal error in ../src/deoptimizer.cc, line 2726
# CHECK_EQ(Smi::cast(function), Smi::FromInt(StackFrame::STUB)) failed
# Expected: 0x2
# Found: 0xc
#
==== C stack trace ===============================
(empty)
Program received signal SIGABRT, Aborted.
0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6
(gdb) bt
#0 0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6
#1 0xf75b5f8a in raise () from /lib/arm-linux-gnueabihf/libc.so.6
#2 0xf75b8428 in abort () from /lib/arm-linux-gnueabihf/libc.so.6
#3 0x00b20aaa in v8::base::OS::Abort () at
../src/base/platform/platform-posix.cc:220
#4 0x00b1d5ca in V8_Fatal (file=0xc89a2c "../src/deoptimizer.cc",
line=2726, format=0xc560d0 "CHECK_EQ(%s, %s) failed\n# Expected: %p\n#
Found: %p") at ../src/base/logging.cc:87
#5 0x005a8b60 in CheckEqualsHelper (file=0xc89a2c "../src/deoptimizer.cc",
line=2726, expected_source=0xc8b07c "Smi::cast(function)", expected=0x2,
value_source=0xc8b090 "Smi::FromInt(StackFrame::STUB)", value=0xc) at
.././src/base/logging.h:139
#6 0x006840be in v8::internal::Deoptimizer::ComputeIncomingArgumentSize
(this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2726
#7 0x0068405e in v8::internal::Deoptimizer::ComputeFixedSize
(this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2717
#8 0x00683fbc in v8::internal::Deoptimizer::ComputeInputFrameSize
(this=0x19bd4d8) at ../src/deoptimizer.cc:2700
#9 0x0067e91a in v8::internal::Deoptimizer::Deoptimizer (this=0x19bd4d8,
isolate=0x1995688, function=0x0, type=v8::internal::Deoptimizer::EAGER,
bailout_id=1, from=0x51f10790 "\001", fp_to_sp_delta=12,
optimized_code=0x0) at ../src/deoptimizer.cc:612
#10 0x0067d32e in v8::internal::Deoptimizer::New (function=0x2,
type=v8::internal::Deoptimizer::EAGER, bailout_id=1, from=0x51f10790
"\001", fp_to_sp_delta=12, isolate=0x1995688) at ../src/deoptimizer.cc:90
#11 0x5fb0a268 in ?? ()
#12 0x5fb0a268 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
--
--
v8-users mailing list
[email protected]
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
