VS 2015 LTCG code-gen bug |
||||||
Issue descriptionThis is the Chrome side bug for tracking the VS 2015 code-gen bug described here: https://connect.microsoft.com/VisualStudio/feedback/details/3102400 A crash dump from Chrome Canary 32-bit is attached. To see the problem you just have to load this crash dump, add Chrome's symbol server to the list of symbol sources, open the disassembly window, type "ProcessPowerCollector::HandleUpdateTimeout" into the address bar, and you will see this code which includes the mismatched movsd xmm0 and fstp st(0). 10C0F2F7 call ProcessPowerCollector::RecordCpuUsageByOrigin (10C0F4C9h) 10C0F2FC movsd xmm0,mmword ptr [esp+10h] 10C0F302 pop edi 10C0F303 pop esi 10C0F304 mov esp,ebp 10C0F306 pop ebp 10C0F307 ret 10C0F308 call ProcessPowerCollector::UpdatePowerConsumption (10C0F2B7h)+0 10C0F30D fstp st(0) 10C0F30F ret
,
Sep 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5c246eb9899a1d95594254b0db36a47e8f9763ae commit 5c246eb9899a1d95594254b0db36a47e8f9763ae Author: Bruce Dawson <brucedawson@chromium.org> Date: Wed Sep 14 21:05:34 2016 Speculative workaround for VS 2015 code-gen bug On PGO builds (but no others) a pair of functions in process_power_collector.cc get compiled such that the callee returns a floating-point value in xmm0 and the caller looks for it in st(0). The details are in the bug, but if floating-point exceptions are enabled (perhaps happening due to third-party injected software changing the FPU state) then this can lead to crashes. Even without the crashes it is clearly wrong. Since the bug only reproes in PGO it is difficult to test a fix but disabling optimizations around the two functions *should* do the trick. BUG= 640588 Review-Url: https://codereview.chromium.org/2329693002 Cr-Commit-Position: refs/heads/master@{#417994} (cherry picked from commit 764c7362bc01b0f1765f2f9043ca89b71a8d0c76) Review URL: https://codereview.chromium.org/2339303002 . Cr-Commit-Position: refs/branch-heads/2840@{#367} Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607} [modify] https://crrev.com/5c246eb9899a1d95594254b0db36a47e8f9763ae/chrome/browser/power/process_power_collector.cc
,
Sep 14 2016
It turns out this isn't actually a PGO bug, it's just a full LTCG bug and it can be triggered with these GN settings: is_component_build = false is_debug = false is_official_build = true target_cpu="x86" full_wpo_on_official = true The bug is now worked around on trunk and M54. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by brucedaw...@chromium.org
, Sep 14 2016