GDB breakpoints in generated ARM code crashing process

90 views
Skip to first unread message

Wilson Lian

unread,
Apr 9, 2015, 12:32:11 AM4/9/15
to v8-u...@googlegroups.com
Sorry if this is the wrong list. If there's a more appropriate one, please let me know.  

I've built a debug release of V8 (at git revision 1398078) for ARMv7, and I'm trying to set GDB breakpoints in JIT-generated code. However when I do, various crashes abound. Setting a breakpoint at the first instruction of an unoptimized function results in a segfault, and doing the same thing in an optimized function produces a sigabort due to a false assertion in the deoptimizer.

Are others encountering this? Is there a workaround or maybe another debugger that doesn't have these problems?

What follows is a breakdown of how I reproduce the crashes:
First, the unoptimized code case.  I start the d8 shell in gdb and declare and invoke a function, noting the address of the emitted code thanks to the --print-code flag. I set a gdb breakpoint at that address, continue, then invoke the same function again.  Here, I would expect execution to pause at the first instruction of the declared function, but instead I get a segfault.
$ gdb --args out/arm.debug/d8 --print-code

 GNU gdb
(GDB) 7.4.1-debian
...

(gdb) r
...

d8
> function foo(x) {return x ^ 0x1234;}
...
d8
> foo(0);
...

--- Code ---
source_position = 12
kind = FUNCTION
name = foo
Instructions (size = 196)
0x2df888e0     0  e59d2004       ldr r2, [sp, #+4]
0x2df888e4     4  e59ac014       ldr ip, [r10, #+20]
...
(gdb) br *0x2df888e0
Breakpoint 1 at 0x2df888e0

(gdb) c
d8
> foo(1);
...

Program received signal SIGSEGV, Segmentation fault.
0x2df888fc in ?? ()

(gdb) bt
#0  0x2df888fc in ?? ()


For the optimized code, my method is mostly the same, but the crash is different.  I start the d8 shell with --always opt to force optimized code generation. After setting the breakpoint and invoking my JS function again, there is an invalid assertion in the deoptimizer that crashes the process.

$ gdb --args out/arm.debug/d8 --print-code --always-opt

 GNU gdb
(GDB) 7.4.1-debian
...

(gdb) r
...

d8
> function foo(x) {return x ^ 0x1234;}
...
d8
> foo(0);
...

--- Optimized code ---
optimization_id
= 21
source_position
= 12
kind
= OPTIMIZED_FUNCTION
name
= foo
stack_slots
= 1

Instructions (size = 131)
0x51f10720     0  e92d4882       stmdb sp!, {r1, r7, fp, lr}
0x51f10724     4  e1a0c00c       mov ip, ip...

...
(gdb) br * 0x51f10720
Breakpoint 1 at 0x2df888e0

(gdb) c
d8
> foo(1);
...

#
# Fatal error in ../src/deoptimizer.cc, line 2726
# CHECK_EQ(Smi::cast(function), Smi::FromInt(StackFrame::STUB)) failed
#   Expected: 0x2
#   Found: 0xc
#

==== C stack trace ===============================

(empty)

Program received signal SIGABRT, Aborted.
0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6

(gdb) bt
#0  0xf75a7f96 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6
#1  0xf75b5f8a in raise () from /lib/arm-linux-gnueabihf/libc.so.6
#2  0xf75b8428 in abort () from /lib/arm-linux-gnueabihf/libc.so.6
#3  0x00b20aaa in v8::base::OS::Abort () at ../src/base/platform/platform-posix.cc:220
#4  0x00b1d5ca in V8_Fatal (file=0xc89a2c "../src/deoptimizer.cc", line=2726, format=0xc560d0 "CHECK_EQ(%s, %s) failed\n#   Expected: %p\n#   Found: %p") at ../src/base/logging.cc:87
#5  0x005a8b60 in CheckEqualsHelper (file=0xc89a2c "../src/deoptimizer.cc", line=2726, expected_source=0xc8b07c "Smi::cast(function)", expected=0x2, value_source=0xc8b090 "Smi::FromInt(StackFrame::STUB)", value=0xc) at .././src/base/logging.h:139
#6  0x006840be in v8::internal::Deoptimizer::ComputeIncomingArgumentSize (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2726
#7  0x0068405e in v8::internal::Deoptimizer::ComputeFixedSize (this=0x19bd4d8, function=0x2) at ../src/deoptimizer.cc:2717
#8  0x00683fbc in v8::internal::Deoptimizer::ComputeInputFrameSize (this=0x19bd4d8) at ../src/deoptimizer.cc:2700
#9  0x0067e91a in v8::internal::Deoptimizer::Deoptimizer (this=0x19bd4d8, isolate=0x1995688, function=0x0, type=v8::internal::Deoptimizer::EAGER, bailout_id=1, from=0x51f10790 "\001", fp_to_sp_delta=12, optimized_code=0x0) at ../src/deoptimizer.cc:612
#10 0x0067d32e in v8::internal::Deoptimizer::New (function=0x2, type=v8::internal::Deoptimizer::EAGER, bailout_id=1, from=0x51f10790 "\001", fp_to_sp_delta=12, isolate=0x1995688) at ../src/deoptimizer.cc:90
#11 0x5fb0a268 in ?? ()
#12 0x5fb0a268 in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)



Ben Noordhuis

unread,
Apr 9, 2015, 5:29:30 AM4/9/15
to v8-u...@googlegroups.com
I speculate that you need to pass --noconcurrent_osr
--noconcurrent_recompilation --noconcurrent_sweeping on the command
line.

Rodolph Perfetta

unread,
Apr 9, 2015, 6:44:47 AM4/9/15
to v8-u...@googlegroups.com
I would suggest you use the builtin simulator and its debugger. See https://code.google.com/p/v8-wiki/wiki/ARMDebuggingWithTheSimulator

if you have gdb 7 or later, you can also try to build with gdbjit support ('gdbjit=on' on the make command and '--gdbjit' on the d8 command).

Rodolph.

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Wilson Lian

unread,
Apr 9, 2015, 2:36:19 PM4/9/15
to v8-u...@googlegroups.com
The simulator looks like just what the Dr. ordered. Thanks for the pointer!

For posterity:
The --noconcurrent_osr --noconcurrent_recompilation --noconcurrent_sweeping flags didn't change the outcome of the optimized code case and in the unoptimized code case, crashed with SIGBUS rather than segfault. Thanks for the idea anyway, Ben.

You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/ayfxQOSwmVY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to v8-users+u...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages