Hi Jakob, Thanks for the reply.
Yes, the crash is reproducible every time on an ARM device (it works on x86 android emulator). Here's a link to the javascript code we used to generate the snapshot: https://gist.github.com/darind/ac13306230a7d6beeca4a14c1ac64187. Here's another stacktrace we are getting with unreachable code in V8 source: v8::base::OS::Abort() 0x00000000a184620e V8_Fatal(char const*, int, char const*, ...) 0x00000000a184585a v8::internal::SafepointTable::FindEntry(unsigned int) const 0x00000000a148f170 v8::internal::Code::GetSafepointEntry(unsigned int) 0x00000000a13d8dba v8::internal::StandardFrame::IterateCompiledFrame(v8::internal::RootVisitor*) const 0x00000000a130a2cc v8::internal::Isolate::Iterate(v8::internal::RootVisitor*, v8::internal::ThreadLocalTop*) 0x00000000a1342510 v8::internal::Heap::IterateStrongRoots(v8::internal::RootVisitor*, v8::internal::VisitMode) 0x00000000a131c132 v8::internal::MarkCompactCollector::MarkRoots(v8::internal::RootVisitor*, v8::internal::ObjectVisitor*) 0x00000000a1384ade v8::internal::MarkCompactCollector::MarkLiveObjects() 0x00000000a1382c7a v8::internal::MarkCompactCollector::CollectGarbage() 0x00000000a13828e0 v8::internal::Heap::MarkCompact() 0x00000000a1317ffe v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) 0x00000000a13169e6 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) 0x00000000a13159b2 v8::internal::Heap::AllocateRawWithLightRetry(int, v8::internal::AllocationSpace, v8::internal::AllocationAlignment) 0x00000000a131cfca v8::internal::Heap::AllocateRawWithRetryOrFail(int, v8::internal::AllocationSpace, v8::internal::AllocationAlignment) 0x00000000a131d018 v8::internal::Factory::NewFixedArrayWithFiller(v8::internal::RootIndex, int, v8::internal::Object*, v8::internal::PretenureFlag) 0x00000000a12f353a v8::internal::Factory::NewScopeInfo(int) 0x00000000a12fcb6a v8::internal::ScopeInfo::Create(v8::internal::Isolate*, v8::internal::Zone*, v8::internal::Scope*, v8::internal::MaybeHandle<v8::internal::ScopeInfo>) 0x00000000a14b2e10 v8::internal::Scope::AllocateScopeInfosRecursively(v8::internal::Isolate*, v8::internal::MaybeHandle<v8::internal::ScopeInfo>) 0x00000000a14b8592 v8::internal::DeclarationScope::AllocateScopeInfos(v8::internal::ParseInfo*, v8::internal::Isolate*) 0x00000000a14b85ee v8::internal::(anonymous namespace)::FinalizeUnoptimizedCode(v8::internal::ParseInfo*, v8::internal::Isolate*, v8::internal::Handle<v8::internal::SharedFunctionInfo>, v8::internal::UnoptimizedCompilationJob*, std::__ndk1::forward_list<std::__ndk1::unique_ptr<v8::internal::UnoptimizedCompilationJob, std::__ndk1::default_delete<v8::internal::UnoptimizedCompilationJob> >, std::__ndk1::allocator<std::__ndk1::unique_ptr<v8::internal::UnoptimizedCompilationJob, std::__ndk1::default_delete<v8::internal::UnoptimizedCompilationJob> > > >*) 0x00000000a1296474 v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal::SharedFunctionInfo>, v8::internal::Compiler::ClearExceptionFlag) 0x00000000a1296110 v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Compiler::ClearExceptionFlag) 0x00000000a129658a v8::internal::Runtime_CompileLazy(int, v8::internal::Object**, v8::internal::Isolate*) 0x00000000a16d9eb6 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit 0x00000000a17c9d50 Builtins_CompileLazy 0x00000000a172889c Builtins_LoadIC_Uninitialized 0x00000000a1731e94 Builtins_LdaNamedPropertyHandler 0x00000000a17f3b44 <unknown> 0x000000005a88d4b8 <unknown> 0x000000005a88d4b8 <unknown> 0x000000005a88d4b8 <unknown> 0x000000005a88d4b8 <unknown> 0x000000005a88d4b8 Builtins_JSEntryTrampoline 0x00000000a1725608 <unknown> 0x000000005a886d54 and the error message logged in the console: 12-10 10:40:35.091 17752-17752/org.nativescript.snap1 E/v8: # # Fatal error in , line 0 # 12-10 10:40:35.091 17752-17752/org.nativescript.snap1 E/v8: unreachable code 12-10 10:40:35.091 17752-17752/org.nativescript.snap1 E/v8: # # # #FailureMessage Object: 0xbeedfaf0 12-10 10:40:35.092 17752-17752/org.nativescript.snap1 I/v8: # 00xa183cb2c # 10xa1845850 # 20xa148f170 # 30xa13d8dba # 40xa130a2cc # 50xa1342510 # 60xa131c132 # 70xa1384ade # 80xa1382c7a # 90xa13828e0 #100xa1317ffe #110xa13169e6 #120xa13159b2 #130xa131cfca #140xa131d018 #150xa12f353a #160xa12fcb6a #170xa14b2e10 #180xa14b8592 #190xa14b85ee #200xa1296474 #210xa1296110 #220xa129658a #230xa16d9eb6 With the latest version of v8 from the master branch (7.3.0), we are not even able to generate the snapshot, the mksnapshot tool is failing with this error: # # Fatal error in , line 0 # Check failed: Builtins::IsIsolateIndependentBuiltin(host). # # # #FailureMessage Object: 0xff9690b0 ==== C stack trace =============================== /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0xa907df) [0xf76467df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0xa8cc65) [0xf7642c65] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0xa87fcf) [0xf763dfcf] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5de239) [0xf7194239] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5deeeb) [0xf7194eeb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a5505) [0xf705b505] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc749) [0xf7192749] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5e1e7f) [0xf7197e7f] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d7d52) [0xf718dd52] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5e24a5) [0xf71984a5] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d65da) [0xf718c5da] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dcf56) [0xf7192f56] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a52d2) [0xf705b2d2] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d679c) [0xf718c79c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dcf56) [0xf7192f56] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a52d2) [0xf705b2d2] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d679c) [0xf718c79c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dcf56) [0xf7192f56] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a52d2) [0xf705b2d2] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d679c) [0xf718c79c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dcf56) [0xf7192f56] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a56de) [0xf705b6de] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d679c) [0xf718c79c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a581c) [0xf705b81c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dbd6d) [0xf7191d6d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc4eb) [0xf71924eb] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d679c) [0xf718c79c] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dd2df) [0xf71932df] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dcf56) [0xf7192f56] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x4a52d2) [0xf705b2d2] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x474bf8) [0xf702abf8] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5dc788) [0xf7192788] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d985d) [0xf718f85d] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d94e3) [0xf718f4e3] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x5d62da) [0xf718c2da] /home/ubuntu/v8-7/v8/outgn/arm-release/clang_x86_v8_arm/mksnapshot(+0x3ed7e) [0xf6bf4d7e] Illegal instruction (core dumped) Thanks again for looking into this, Darin. On Wednesday, December 5, 2018 at 6:46:41 PM UTC+2, Darin Dimitrov wrote: > > Hello, > > We are embedding v8 in android on an ARM device and trying to load a heap > snapshot generated with the mksnapshot utility: > > ./outgn/arm-release/clang_x86_v8_arm/mksnapshot ./test.js --startup_blob > ./snapshot.blob --profile_deserialization > > And we are getting the following crash at runtime: > > SIGSEGV (signal SIGSEGV: address access protected (fault address: > 0x34ff4d81)) > > > v8::internal::SafepointEntry::HasRegisters() const 0x00000000a148f03a > v8::internal::StandardFrame::IterateCompiledFrame(v8::internal:: > RootVisitor*) const 0x00000000a130a394 > v8::internal::Isolate::Iterate(v8::internal::RootVisitor*, v8::internal:: > ThreadLocalTop*) 0x00000000a1342510 > v8::internal::Heap::IterateStrongRoots(v8::internal::RootVisitor*, v8:: > internal::VisitMode) 0x00000000a131c132 > v8::internal::MarkCompactCollector::MarkRoots(v8::internal::RootVisitor*, > v8::internal::ObjectVisitor*) 0x00000000a1384ade > v8::internal::MarkCompactCollector::MarkLiveObjects() 0x00000000a1382c7a > v8::internal::MarkCompactCollector::CollectGarbage() 0x00000000a13828e0 > v8::internal::Heap::MarkCompact() 0x00000000a1317ffe > v8::internal::Heap::PerformGarbageCollection(v8::internal:: > GarbageCollector, v8::GCCallbackFlags) 0x00000000a13169e6 > v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8:: > internal::GarbageCollectionReason, v8::GCCallbackFlags) 0x00000000a13159b2 > v8::internal::Heap::AllocateRawWithLightRetry(int, v8::internal:: > AllocationSpace, v8::internal::AllocationAlignment) 0x00000000a131cfca > v8::internal::Heap::AllocateRawWithRetryOrFail(int, v8::internal:: > AllocationSpace, v8::internal::AllocationAlignment) 0x00000000a131d018 > v8::internal::Factory::NewFeedbackVector(v8::internal::Handle<v8::internal > ::SharedFunctionInfo>, v8::internal::PretenureFlag) 0x00000000a12f4ccc > v8::internal::FeedbackVector::New(v8::internal::Isolate*, v8::internal:: > Handle<v8::internal::SharedFunctionInfo>) 0x00000000a1303564 > v8::internal::JSFunction::EnsureFeedbackVector(v8::internal::Handle<v8:: > internal::JSFunction>) 0x00000000a13d4862 > v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal:: > JSFunction>, v8::internal::Compiler::ClearExceptionFlag) > 0x00000000a12965d2 > v8::internal::Runtime_CompileLazy(int, v8::internal::Object**, v8:: > internal::Isolate*) 0x00000000a16d9f16 > Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit > 0x00000000a17c9db0 > Builtins_CompileLazy 0x00000000a17288fc > <unknown> 0x000000004658d4b8 > <unknown> 0x000000004658d4b8 > <unknown> 0x000000004658d4b8 > <unknown> 0x000000004658d4b8 > Builtins_JSEntryTrampoline 0x00000000a1725668 > <unknown> 0x0000000046586d54 > > Unfortunately this stacktrace doesn't originate from our code which makes > it very hard to debug. This error only happens with V8 7.1.302.28, the > snapshot worked pretty smooth in 6.9.427.23. > > Do you have any idea what might be causing this crash or any pointers that > could help us further diagnose it? > > Note: V8 is compiled with the following flags: > > gn gen outgn/arm-release --args="v8_use_snapshot=true > v8_use_external_startup_data=false is_official_build=true is_debug=false > symbol_level=0 use_thin_lto=false target_cpu=\"arm\" v8_target_cpu=\"arm\" > v8_enable_i18n_support=false target_os=\"android\" > v8_android_log_stdout=false" > > ninja -C outgn/arm-release v8_base v8_libplatform v8_libbase > v8_libsampler v8_snapshot v8_initializers v8_init inspector > > > > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
