Issue 14089 in v8: v8_monolith target fails to compile

[msol… via monorail]

Status: Untriaged
Owner: ----
Type: Bug

New issue 14089 by msol...@akamai.com: v8_monolith target fails to compile
https://bugs.chromium.org/p/v8/issues/detail?id=14089

Version: 3625de48d1fa66ab800ec28bc6f42dd0b38f0ea4
OS: Ubuntu 18.04
Architecture: x64

What steps will reproduce the problem?
1. Set these flags in `args.gn`:

```
is_debug = false
target_cpu = "x64"
is_component_build=false
v8_static_library=true
use_custom_libcxx=false
v8_monolithic=true
v8_use_external_startup_data=false
use_sysroot=false
v8_promise_internal_field_count=1
icu_use_data_file=false
v8_enable_pointer_compression_shared_cage = false
```

2. Try to compile v8_monolith target: `ninja -C out/x64.release v8_monolith`

What is the expected output?
Successful compilation

What do you see instead?

```
[1/9] ACTION //:run_mksnapshot_default(//build/toolchain/linux:clang_x64)
FAILED: gen/embedded.S gen/snapshot.cc
python3 ../../tools/run.py ./mksnapshot --turbo_instruction_scheduling --target_os=linux --target_arch=x64 --embedded_src gen/embedded.S --embedded_variant Default --random-seed 314159265 --startup_src gen/snapshot.cc --no-native-code-c
ounters
Return code is -11
ninja: build stopped: subcommand failed.
```

Running that mksnapshot binary with same args under strace shows that it segfaults (although strace says it returns exit code 139, not -11).
Not sure where exactly it segfaults, my rough search resulted in the flow going like this: `main -> CreateSnapshotDataBlob -> CreateSnapshotDataBlobInternal -> v8::SnapshotCreator constructor -> Tagged_t::location`.

I did that in a clean new Ubuntu docker container and followed the official setup & build steps.
I also tried latest main (ff96ab562385299dc9c9fd4e322280ead2d75dad) and got the same error.
Commit 4f94782e87a227072295dde051c50634af3eda05 compiles file, after a few tries with git bisect the breaking point turned out to be 739c33aacdac127a48fa32b750df048e5388c03e, from https://chromium-review.googlesource.com/c/v8/v8/+/4414450.

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[ecmzi… via monorail]

Updates:
Components: Snapshot
Labels: Priority-2

Comment #1 on issue 14089 by ecmzi...@chromium.org: v8_monolith target fails to compile
https://bugs.chromium.org/p/v8/issues/detail?id=14089#c1

(No comment was entered for this change.)

[jgru… via monorail]

Updates:
Owner: jgr...@chromium.org
Status: Assigned

Comment #2 on issue 14089 by jgr...@chromium.org: v8_monolith target fails to compile
https://bugs.chromium.org/p/v8/issues/detail?id=14089#c2

Thread 1 "mksnapshot" received signal SIGSEGV, Segmentation fault.
v8::internal::InstructionStream::relocation_info (this=<optimized out>) at ../../src/objects/instruction-stream-inl.h:70
70 TaggedField<ByteArray, kRelocationInfoOffset>::load(cage_base, *this);
(gdb) bt
#0 v8::internal::InstructionStream::relocation_info (this=<optimized out>) at ../../src/objects/instruction-stream-inl.h:70
#1 v8::internal::RelocIterator::RelocIterator (this=0x7ffed0585c70, code=..., mode_mask=2430) at ../../src/codegen/reloc-info.cc:182
#2 0x000055d02f1b8748 in v8::internal::Code::RelocateFromDesc (this=0x7ffed0585ce0, heap=0x55d031d16068, desc=...) at ../../src/objects/code.cc:106
#3 0x000055d02eeac962 in v8::internal::Factory::CodeBuilder::BuildInternal (this=0x7ffed0585fb0, retry_allocation_or_fail=<optimized out>) at ../../src/heap/factory.cc:238
#4 0x000055d02eead7ee in v8::internal::Factory::CodeBuilder::Build (this=0x7ffed0585c70) at ../../src/heap/factory.cc:347
#5 0x000055d030a96c4c in v8::internal::(anonymous namespace)::BuildPlaceholder (isolate=0x55d031d08a60, builtin=v8::internal::Builtin::kDeoptimizationEntry_Eager) at ../../src/builtins/setup-builtins-internal.cc:98
#6 v8::internal::SetupIsolateDelegate::PopulateWithPlaceholders (isolate=isolate@entry=0x55d031d08a60) at ../../src/builtins/setup-builtins-internal.cc:224
#7 0x000055d030a977e0 in v8::internal::SetupIsolateDelegate::SetupBuiltinsInternal (isolate=0x55d031d08a60) at ../../src/builtins/setup-builtins-internal.cc:294
#8 0x000055d02ff17f35 in v8::internal::SetupIsolateDelegate::SetupBuiltins (this=<optimized out>, isolate=0x55d031d08a60, compile_builtins=false) at ../../src/init/setup-isolate-full.cc:29
#9 0x000055d02ee188e1 in v8::internal::Isolate::Init (this=0x55d031d08a60, startup_snapshot_data=startup_snapshot_data@entry=0x0, read_only_snapshot_data=read_only_snapshot_data@entry=0x0,
shared_heap_snapshot_data=shared_heap_snapshot_data@entry=0x0, can_rehash=<optimized out>) at ../../src/execution/isolate.cc:4477
#10 0x000055d02ee17232 in v8::internal::Isolate::InitWithoutSnapshot (this=0x7ffed0585c70) at ../../src/execution/isolate.cc:4045
#11 0x000055d02e9f16e9 in v8::SnapshotCreator::SnapshotCreator (this=0x7ffed05a6a68, v8_isolate=0x55d031d08a60, external_references=0x0, existing_snapshot=<optimized out>, owns_isolate=false) at ../../src/api/api.cc:582
#12 0x000055d02f84d62f in v8::internal::CreateSnapshotDataBlobInternal (function_code_handling=function_code_handling@entry=v8::SnapshotCreator::FunctionCodeHandling::kClear, embedded_source=embedded_source@entry=0x0,
isolate=isolate@entry=0x55d031d08a60) at ../../src/snapshot/snapshot.cc:776
#13 0x000055d02e9df878 in (anonymous namespace)::CreateSnapshotDataBlob (isolate=0x55d031d08a60, embedded_source=0x0) at ../../src/snapshot/mksnapshot.cc:162
#14 main (argc=1, argv=0x7ffed05c0d68) at ../../src/snapshot/mksnapshot.cc:287

[jgru… via monorail]

Comment #3 on issue 14089 by jgr...@chromium.org: v8_monolith target fails to compile
https://bugs.chromium.org/p/v8/issues/detail?id=14089#c3

The InstructionStream ptr could be invalid

(gdb) p/x (*reloc_info).ptr()
$10 = 0x9a800100f61
(gdb) p/x istream.ptr()
$3 = 0xc0004031