more problems with snapshot=on

[Ryan Dahl]

I'm experiencing an error trying to build bleeding_edge with
snapshot=on on Linux.
It doesn't give a very informative error message, just "Error -11".
Any ideas?

$ uname -a
Linux li62-72 2.6.18.8-linode16 #1 SMP Mon Jan 12 09:50:18 EST 2009
i686 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux

$ scons snapshot=on
scons: Reading SConscript files ...
scons: done reading SConscript files.
scons: Building targets ...
[...]
obj/release/mksnapshot obj/release/snapshot.cc --logfile
"/home/ryan/src/v8_bleeding/obj/release/snapshot.log"
scons: *** [obj/release/snapshot.cc] Error -11
scons: building terminated because of errors.

[Erik Corry]

2009/6/2 Ryan Dahl <coldre...@gmail.com>:

>
> I'm experiencing an error trying to build bleeding_edge with
> snapshot=on on Linux.
> It doesn't give a very informative error message, just "Error -11".

Sounds like a segmentation fault.

Try building in debug mode and running the snapshot generating command
in the debugger:

gdb --args obj/debug/mksnapshot obj/release/snapshot.cc
run

> Any ideas?
>
> $ uname -a
> Linux li62-72 2.6.18.8-linode16 #1 SMP Mon Jan 12 09:50:18 EST 2009
> i686 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux
>
> $ scons snapshot=on
> scons: Reading SConscript files ...
> scons: done reading SConscript files.
> scons: Building targets ...
> [...]
> obj/release/mksnapshot obj/release/snapshot.cc --logfile
> "/home/ryan/src/v8_bleeding/obj/release/snapshot.log"
> scons: *** [obj/release/snapshot.cc] Error -11
> scons: building terminated because of errors.
>
> >
>

--
Erik Corry, Software Engineer
Google Denmark ApS. CVR nr. 28 86 69 84
c/o Philip & Partners, 7 Vognmagergade, P.O. Box 2227, DK-1018
Copenhagen K, Denmark.

[Ryan Dahl]

> Try building in debug mode and running the snapshot generating command
> in the debugger

In debug mode (scons mode=debug snapshot=on) it compiles correctly.
In release mode, here is the gdb output:

(gdb) r obj/release/snapshot.cc --logfile
"/home/ryan/src/v8_bleeding/obj/release/snapshot.log"
Starting program: /home/ryan/src/v8_bleeding/obj/release/mksnapshot
obj/release/snapshot.cc --logfile
"/home/ryan/src/v8_bleeding/obj/release/snapshot.log"
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[New Thread 0xb7cf2960 (LWP 21040)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7cf2960 (LWP 21040)]
0x080898cc in v8::internal::Invoke ()
(gdb) bt
#0 0x080898cc in v8::internal::Invoke ()
#1 0xbfe91dd0 in ?? ()
#2 0xb7800000 in ?? ()
#3 0x08204808 in ?? ()
#4 0x00000000 in ?? ()
(gdb)

Also here is obj/release/snapshot.log:

code-allocate,0xb74f2100,0xbfe92214
code-creation,Stub,0xb74f2100,487,"CEntryStub"
code-allocate,0xb74f2320,0xbfe92214
code-creation,Stub,0xb74f2320,691,"CEntryDebugBreakStub"
code-allocate,0xb74f2640,0xbfe92214
code-creation,Stub,0xb74f2640,180,"JSEntryStub"
code-allocate,0xb74f2720,0xbfe92214
code-creation,Stub,0xb74f2720,180,"JSConstructEntryStub"
code-allocate,0xb74f2800,0xbfe923d4
code-creation,Builtin,0xb74f2800,49,"Illegal"
code-allocate,0xb74f2840,0xbfe923d4
code-creation,Builtin,0xb74f2840,49,"EmptyFunction"
code-allocate,0xb74f2880,0xbfe923d4
code-creation,Builtin,0xb74f2880,49,"ArrayCode"
code-allocate,0xb74f28c0,0xbfe923d4
code-creation,Builtin,0xb74f28c0,49,"ArrayPush"
code-allocate,0xb74f2900,0xbfe923d4
code-creation,Builtin,0xb74f2900,49,"ArrayPop"
code-allocate,0xb74f2940,0xbfe923d4
code-creation,Builtin,0xb74f2940,49,"HandleApiCall"
code-allocate,0xb74f2980,0xbfe923d4
code-creation,Builtin,0xb74f2980,49,"HandleApiCallAsFunction"
code-allocate,0xb74f29c0,0xbfe923d4
code-creation,Builtin,0xb74f29c0,49,"HandleApiCallAsConstructor"
code-allocate,0xb74f2a00,0xbfe923d4
code-creation,Builtin,0xb74f2a00,140,"ArgumentsAdaptorTrampoline"
code-allocate,0xb74f2aa0,0xbfe90f64
code-creation,Stub,0xb74f2aa0,47,"RuntimeStub_NewObject"
code-allocate,0xb74f2ae0,0xbfe923d4
code-creation,Builtin,0xb74f2ae0,423,"JSConstructCall"
code-allocate,0xb74f2ca0,0xbfe923d4
code-creation,Builtin,0xb74f2ca0,125,"JSEntryTrampoline"
code-allocate,0xb74f2d40,0xbfe923d4
code-creation,Builtin,0xb74f2d40,95,"JSConstructEntryTrampoline"
code-allocate,0xb74f2dc0,0xbfe923d4
code-creation,Builtin,0xb74f2dc0,55,"LoadIC_Miss"
code-allocate,0xb74f2e00,0xbfe923d4
code-creation,Builtin,0xb74f2e00,59,"KeyedLoadIC_Miss"
code-allocate,0xb74f2e40,0xbfe923d4
code-creation,Builtin,0xb74f2e40,54,"StoreIC_Miss"
code-allocate,0xb74f2e80,0xbfe923d4
code-creation,Builtin,0xb74f2e80,58,"KeyedStoreIC_Miss"
code-allocate,0xb74f2ec0,0xbfe923d4
code-creation,Builtin,0xb74f2ec0,54,"StoreIC_ExtendStorage"
code-allocate,0xb74f2f00,0xbfe923d4
code-creation,Builtin,0xb74f2f00,55,"KeyedStoreIC_ExtendStorage"
code-allocate,0xb74f2f40,0xbfe923d4
code-creation,Builtin,0xb74f2f40,55,"LoadIC_Initialize"
code-allocate,0xb74f2f80,0xbfe923d4
code-creation,Builtin,0xb74f2f80,55,"LoadIC_PreMonomorphic"
code-allocate,0xb74f2fc0,0xbfe923d4
code-creation,Builtin,0xb74f2fc0,329,"LoadIC_Normal"
code-allocate,0xb74f3120,0xbfe923d4
code-creation,Builtin,0xb74f3120,66,"LoadIC_ArrayLength"
code-allocate,0xb74f3180,0xbfe923d4
code-creation,Builtin,0xb74f3180,120,"LoadIC_StringLength"
code-allocate,0xb74f3200,0xbfe923d4
code-creation,Builtin,0xb74f3200,117,"LoadIC_FunctionPrototype"
code-allocate,0xb74f3280,0xbfe923d4
code-creation,Builtin,0xb74f3280,211,"LoadIC_Megamorphic"
code-allocate,0xb74f3380,0xbfe923d4
code-creation,Builtin,0xb74f3380,59,"KeyedLoadIC_Initialize"
code-allocate,0xb74f33c0,0xbfe923d4
code-creation,Builtin,0xb74f33c0,59,"KeyedLoadIC_PreMonomorphic"
code-allocate,0xb74f3400,0xbfe923d4
code-creation,Builtin,0xb74f3400,379,"KeyedLoadIC_Generic"
code-allocate,0xb74f35a0,0xbfe923d4
code-creation,Builtin,0xb74f35a0,54,"StoreIC_Initialize"
code-allocate,0xb74f35e0,0xbfe923d4
code-creation,Builtin,0xb74f35e0,211,"StoreIC_Megamorphic"
code-allocate,0xb74f36e0,0xbfe923d4
code-creation,Builtin,0xb74f36e0,58,"KeyedStoreIC_Initialize"
code-allocate,0xb74f3720,0xbfe91084
code-creation,Stub,0xb74f3720,82,"RecordWrite"
code-allocate,0xb74f3780,0xbfe923d4
code-creation,Builtin,0xb74f3780,246,"KeyedStoreIC_Generic"
code-allocate,0xb74f3880,0xbfe923d4
code-creation,Builtin,0xb74f3880,278,"FunctionCall"
code-allocate,0xb74f39a0,0xbfe910d4
code-creation,Stub,0xb74f39a0,47,"RuntimeStub_StackGuard"
code-allocate,0xb74f39e0,0xbfe923d4
code-creation,Builtin,0xb74f39e0,314,"FunctionApply"
code-allocate,0xb74f3b40,0xbfe923d4
code-creation,Builtin,0xb74f3b40,135,"Return_DebugBreak"
code-allocate,0xb74f3c00,0xbfe923d4
code-creation,Builtin,0xb74f3c00,43,"Return_DebugBreakEntry"
code-allocate,0xb74f3c40,0xbfe923d4
code-creation,Builtin,0xb74f3c40,122,"ConstructCall_DebugBreak"
code-allocate,0xb74f3ce0

[Erik Corry]

2009/6/2 Ryan Dahl <coldre...@gmail.com>:

>
>> Try building in debug mode and running the snapshot generating command
>> in the debugger
>
> In debug mode (scons mode=debug snapshot=on) it compiles correctly.

Are you using a very new version of gcc? There are some problems with
the gcc in Ubuntu "Jaunty Jackalope".

[Søren Gjesse]

If you are using gcc 4.4 take a look at http://groups.google.com/group/chromium-reviews/browse_thread/thread/165f92bf52ad49e5/7277ce6fd3c284de?q=Tune+some+compiler+flags+to+make#7277ce6fd3c284de.

Regards,

Søren

[Ryan Dahl]

> Are you using a very new version

No. gcc version 4.1.2 (Gentoo 4.1.2 p1.3)

I'm noticing more problems now. It seems anything compiled with
mode=release is segfaulting (in a similar way to mksnapshot). So
perhaps is not related to snapshot=on.

For example, if I compile scons mode=release sample=shell:

li62-72 0 ~/src/v8_bleeding > ./shell
zsh: segmentation fault ./shell
li62-72 139 ~/src/v8_bleeding > gdb ./shell
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(no debugging symbols found)
(gdb) r
Starting program: /home/ryan/src/v8_bleeding/shell

(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)

[New Thread 0xb7d3d960 (LWP 22038)]

Program received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0xb7d3d960 (LWP 22038)]
0x0805936f in v8::NeanderArray::add ()
(gdb) bt
#0 0x0805936f in v8::NeanderArray::add ()
#1 0xb7800000 in ?? ()
#2 0x0104a4b0 in ?? ()
#3 0x00000000 in ?? ()
(gdb)

[Ryan Dahl]

I ran

tools/test.py > v8_test.txt

If I'm reading it correctly, not all tests are failing:
http://s3.amazonaws.com/four.livejournal/20090602/v8_test.txt

[Søren Gjesse]

As far as I can see the only tests which are not failing are the ones which does not initialize V8, but tests various utility components standalone, so it looks as if it is the VM startup which is broken.

Regards,

Søren

[ryan dahl]

> As far as I can see the only tests which are not failing are the ones which
> does not initialize V8, but tests various utility components standalone, so
> it looks as if it is the VM startup which is broken.

Is there anything I can do to debug this further?

[ryan dahl]

All tests pass with ./tools/test.py --mode=debug

[Erik Corry]

2009/6/3 ryan dahl <coldre...@gmail.com>:

It seems your gcc is miscompiling something when optimizing. Strange,
since version-wise it looks like a perfectly normal gcc.

You could start by doing a release build with -O0 instead of -O2 (edit
the SConstruct file). If that works then you could start copying .o
files back and forth using binary chop to find out which one is being
miscompiled.

[ryan dahl]

I've opened an issue for this at
http://code.google.com/p/v8/issues/detail?id=369