[陆亚涵]

Hi everyone ~

 

     I  participate in porting v8 into risc-v(https://github.com/v8-riscv/v8/).

     I encount a error about jitless. If i run a helloworld.js with '--jitless', it occurs SEGV_ACCERR.

 

error log:

````` ````````````````````````````````````````````````````````````````````````````  

$ ./d8 ./test.js --jitless

Warning: unknown flag --enable-slow-asserts. 

Try --help for options Received signal 11 SEGV_ACCERR 003fbfe45780 

 ==== C stack trace ===============================

 [0x002ac3444ea2] 

 [0x002ac34455ca] 

 0x003fc1bb0800] 

 [0x003fbfe45780] 

[end of stack trace] 

Segmentation fault (core dumped)  

````` ```````````````````````````````````````````````````````````````````````````` 

 

address 003fbfe45780 is a Trampoline of builtin function JSEntryTrampoline

 

````` ````````````````````````````````````````````````````````````````````````````  

kind = BUILTIN

name = JSEntryTrampoline 

compiler = unknown 

address = 0xd3886c5721 

Trampoline (size = 36) 

0xd3886c5780 0 00000e37 lui t3, 0x0

0xd3886c5784 4 564e0e1b addiw t3, t3, 1380

0xd3886c5788 8 00ce1e13 slli t3, t3, 12

0xd3886c578c c b10e0e13 addi t3, t3, -1264

0xd3886c5790 10 00ce1e13 slli t3, t3, 12

0xd3886c5794 14 503e0e13 addi t3, t3, 1283

0xd3886c5798 18 00ce1e13 slli t3, t3, 12

0xd3886c579c 1c 500e0e13 addi t3, t3, 1280

0xd3886c57a0 20 000e0067 jr t3  

````` ````````````````````````````````````````````````````````````````````````````

 

I found these code leading to it:

 

```

  void SetDefaultCodePermissions() {

    if (FLAG_jitless) {

      SetReadable();

    } else {

      SetReadAndExecutable();

    }

  }

```

 

But i don't know how to fix it.

   Thank you.

 

[Jakob Gruber]

Code space is not executable in jitless mode. Instead, builtins are compiled into the binary, which is where JSEntryTrampoline should be located. 

So it sounds to me like either 1. there's an interesting misconfiguration in your build and you are attempting to jump to the on-heap JSEntryTrampoline code section; or 2. the embedded builtins section of the binary (the .text section on linux) is not executable. To be honest, I'd be surprised by either option but anything is possible.

Given the `address = 0xd3886c5721` from your output above, it sounds like option 1. In that case, I would investigate where the call to JSEntry is coming from, and why it doesn't properly jump to the binary-embedded instructions. Perhaps Invoke? https://source.chromium.org/chromium/chromium/src/+/master:v8/src/execution/execution.cc;l=241;drc=df4bfabd8b949084fd3c051e23a42c7a11ea83d4 

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/5F44DBE3.0458EC.27333%40cstnet.cn.

[陆亚涵]

Sorry. I have a question about “jump to the on-heap JSEntryTrampoline code section”. I only find  “off heap target” in code. Are you mean “jump to the off-heap JSEntryTrampoline code section”

 

发送自 Windows 10 版邮件应用

 

发件人: Jakob Gruber
发送时间: 2020年8月25日 18:05
收件人: v8-...@googlegroups.com
主题: Re: [v8-dev]

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAH3p7oNUEw%2Bz2AokQR_XAWhhSbxEDg%2B6KGesj26%3D1F-weRazCw%40mail.gmail.com.

 

[陆亚涵]

Hi Jakob Gruber ~:

I debug it and found JSEntryTrampoline be called by JSEntry which is be writed by macroassembler.

It seems always call JSEntryTrampoline through trampoline in JSEntry with or without the jitless parameter.

 

 

发件人: Jakob Gruber
发送时间: 2020年8月25日 18:10

收件人: v8-...@googlegroups.com
主题: Re: [v8-dev]

 

Code space is not executable in jitless mode. Instead, builtins are compiled into the binary, which is where JSEntryTrampoline should be located. 

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAH3p7oNUEw%2Bz2AokQR_XAWhhSbxEDg%2B6KGesj26%3D1F-weRazCw%40mail.gmail.com.

 

[Jakob Gruber]

Not sure I understand what you said. The JSEntryTrampoline call itself, here, is fine; but the call target, generated here, should have been fixed up by mksnapshot to point at the off-heap instruction stream for the JSEntryTrampoline. That happens here on x64, other platforms have different mechanisms. Perhaps one of those parts is missing in your port? See also the design for embedded builtins (probably outdated in parts). We can chat in more detail if you like as well, feel free to send me a direct mail.  

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/5F45E6EC.031855.53091%40cstnet.cn.

Jakob Gruber

Software Engineer

jgr...@google.com

Google Germany GmbH

Erika-Mann-Straße 33

80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.

    

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.

[陆亚涵]

 

 

 

 

 

 

发件人: Jakob Gruber
发送时间: 2020年8月26日 13:27

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAH3p7oNqBXu3vpQAHg5p-g36yH6QwSh4AfEV0pTMzZr1GMCYYQ%40mail.gmail.com.