Debugging a crash
250 views
Skip to first unread message
randomblue
Aug 29, 2012, 6:24:56 PM8/29/12
to chromium...@chromium.org
I'm trying to debug a crash in Chrome. I've managed to build Chromium with AddressSanitizer, and the information I get is:
ASAN:SIGSEGV
==4243== ERROR: AddressSanitizer crashed on unknown address 0x00000008 (pc 0x0822d88a sp 0xc0073220 bp 0xc0073238 T0)
AddressSanitizer can not provide additional info. ABORTING
I also get what seems to be a stack trace, but no function name is attached.
I'm working under Mac OS X. What is the best way to understand what is causing this crash?
Alexander Potapenko
Aug 30, 2012, 3:55:21 AM8/30/12
to chromium...@chromium.org
Hi there.
You can use tools/valgrind/asan/asan_symbolize.py to get the function names in your stack trace.
You can also run Chrome with ASAN_OPTIONS="sleep_before_dying=100" and use gdb to attach to the process (its PID is between "==", that's 4243 in your example) and see the stack traces.
Please refer to http://dev.chromium.org/developers/testing/addresssanitizer for the instructions for building Chrome. In particular, make sure to build with component=static_library (in fact this is the default for ASan on Mac now) and pass -g to get the debug info.
Feel free to ask further questions.
HTH,
Alex
Justin Drake
Aug 31, 2012, 8:37:04 AM8/31/12
to gli...@chromium.org, chromium...@chromium.org
The asan_symbolize.py script worked great, thanks. These are the top few lines:
#1 0x870d850 in v8::internal::MacroAssembler::Push(v8::internal::Handle<v8::internal::Object>) (in Chromium Framework) + 208
#2 0x827b420 in v8::internal::FullCodeGenerator::VisitBlock(v8::internal::Block*) (in Chromium Framework) + 512
#3 0x81a8441 in v8::internal::Block::Accept(v8::internal::AstVisitor*) (in Chromium Framework) + 81
#4 0x81b0c7e in v8::internal::AstVisitor::Visit(v8::internal::AstNode*) (in Chromium Framework) + 94
#5 0x81ac8db in v8::internal::AstVisitor::VisitStatements(v8::internal::ZoneList<v8::internal::Statement*>*) (in Chromium Framework) + 123
#6 0x863b383 in v8::internal::FullCodeGenerator::Generate() (in Chromium Framework) + 4899
#7 0x82778b7 in v8::internal::FullCodeGenerator::MakeCode(v8::internal::CompilationInfo*) (in Chromium Framework) + 583
What do the offsets (+ 208, + 512, + 81, etc.) mean exactly?
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
Justin Drake
Aug 31, 2012, 8:42:31 AM8/31/12
to gli...@chromium.org, chromium...@chromium.org
Another question I wanted to ask is how can I get gdb to be able to break on these fined-grained functions, such as Block::Accept? I'm assuming I need to load some symbols file, but there seems to be many .dSYM files lying around.
Thanks.
Alexander Potapenko
Aug 31, 2012, 10:39:26 AM8/31/12
to Justin Drake, chromium...@chromium.org
This is what atos returns for the given address. I guess this is the
offset from the beginning of the corresponding symbol.
You can look at the asan_symbolize.py script to get the idea of which
.dSYM files are being loaded. There's even the DEBUG var which you can
set to True to see the atos invocation commands. The .dSYM files can
then be loaded into gdb.
--
Alexander Potapenko
Software Engineer
Google Moscow
offset from the beginning of the corresponding symbol.
You can look at the asan_symbolize.py script to get the idea of which
.dSYM files are being loaded. There's even the DEBUG var which you can
set to True to see the atos invocation commands. The .dSYM files can
then be loaded into gdb.
Alexander Potapenko
Software Engineer
Google Moscow
Reply all
Reply to author
Forward
0 new messages