V8: ASAN produces several segfaults with GYP builds, none with GN |
|||||
Issue description
Repro:
In v8 checkout:
gclient sync
# With gyp:
GYP_CHROMIUM_NO_ACTION=0 GYP_DEFINES="component=static_library use_goma=1 target_arch=x64 clang=1 asan=1 sanitizer_coverage=bb coverage=1 lsan=1 fastbuild=1 test_isolation_mode=prepare" gclient runhooks
ninja -C out/Release -j1000
out/Release/d8 --test --random-seed=1420662758 --wasm_guard_pages --wasm_trap_handler --invoke-weak-callbacks --nohard-abort --nodead-code-elimination --nofold-constants --expose-wasm test/mjsunit/mjsunit.js test/mjsunit/wasm/import-memory.js --invoke-weak-callbacks --omit-quit
# Output:
machenbach@malumi:~/v8/v8 shorten $ out/Release/d8 --test --random-seed=1420662758 --wasm_guard_pages --wasm_trap_handler --invoke-weak-callbacks --nohard-abort --nodead-code-elimination --nofold-constants --expose-wasm test/mjsunit/mjsunit.js test/mjsunit/wasm/import-memory.js --invoke-weak-callbacks --omit-quit
TestOne
TestIdentity
TestImportExport
ValidateBoundsCheck
ASAN:DEADLYSIGNAL
=================================================================
==14442==ERROR: AddressSanitizer: SEGV on unknown address 0x7fb700d8c000 (pc 0x7fbf01905a57 bp 0x7ffea88c8f68 sp 0x7ffea88c8f48 T0)
==14442==The signal is caused by a READ memory access.
#0 0x7fbf01905a56 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==14442==ABORTING
# With GN:
gn args out.gn/asan1
# With args:
is_asan = true
is_component_build = false
is_debug = false
is_lsan = false
target_cpu = "x64"
use_goma = true
ninja -j1000 -C out.gn/asan1
out.gn/asan1/d8 --test --random-seed=1420662758 --wasm_guard_pages --wasm_trap_handler --invoke-weak-callbacks --nohard-abort --nodead-code-elimination --nofold-constants --expose-wasm test/mjsunit/mjsunit.js test/mjsunit/wasm/import-memory.js --invoke-weak-callbacks --omit-quit
-> no error
,
Apr 11 2017
+glider, any idea? Is this hitting a real issue or is there some lack of support now with GYP?
,
Apr 11 2017
Can you attach gdb to the process and capture the stack trace? This looks like a real SEGV in the JITted code without frame pointers.
,
Apr 11 2017
Bt has no symbols. Trying with a debug build...
,
Apr 11 2017
Debug doesn't look better :(
,
Apr 11 2017
Ok, where does RIP belong? Looks like it's not pointing into a .text section of d8 or any of the libraries. Does it belong to the page where generated code resides?
,
Apr 11 2017
There are actually some failures that look more promising. Lets take those first. Like: https://build.chromium.org/p/tryserver.v8/builders/v8_linux64_sanitizer_coverage_rel/builds/12958/steps/Test262/logs/call-proto-not-ctor Will try to get a local repro.
,
Apr 11 2017
Re 7: This might be a red herring. We don't use variants for test262 on the GN bot and this fails with stress-opt only. Though, I get a difference between the gyp and gn build. GYP build delivers nice trace, while GN build results in a segv with no symbols.
,
Apr 11 2017
Re 7: This might be a red herring. We don't use variants for test262 on the GN bot and this fails with stress-opt only. Though, I get a difference between the gyp and gn build. GYP build delivers nice trace, while GN build results in a segv with no symbols.
,
Apr 11 2017
As far as I can see, all problems except the one in comment 7 are from wasm_traps testing variant. The stack I got in my session in comment 5 looks a lot like: https://bugs.chromium.org/p/v8/issues/detail?id=6132#c8
,
Apr 11 2017
,
Apr 11 2017
Fix CL for the common problem: https://chromium-review.googlesource.com/c/474147/ Turns out that asan in gyp didn't allow user signal handler for segv. The CL above adds that to make the bot silent.
,
Apr 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/88732c88341fdb61251ad3ee8603159a8dda012b commit 88732c88341fdb61251ad3ee8603159a8dda012b Author: Michael Achenbach <machenbach@chromium.org> Date: Tue Apr 11 14:22:37 2017 [test] Fix asan default options for gyp builds Allowing a user handler for segv is default in GN, but not in GYP. We pass it now explicitly to make the last gyp bot temporarily happy. TBR=vogelheim@chromium.org Bug: chromium:710409 Change-Id: Ib997245f348481158bd8d64192ac653b60237452 Reviewed-on: https://chromium-review.googlesource.com/474147 Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44578} [modify] https://crrev.com/88732c88341fdb61251ad3ee8603159a8dda012b/tools/run-tests.py
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/17c286848a6aed6f9ea98a8164d01a4cdc912502 commit 17c286848a6aed6f9ea98a8164d01a4cdc912502 Author: Michael Achenbach <machenbach@chromium.org> Date: Wed Apr 12 09:45:48 2017 [test] Fix sanitizer-coverage default options for gyp builds This was missing in: TBR=vogelheim@chromium.org Bug: chromium:710409 TBR=vogelheim@chromium.org NOTRY=true Bug: chromium:710409 Change-Id: Ic4b59550e358860cd10adf3d5137342ff7e862a3 Reviewed-on: https://chromium-review.googlesource.com/475831 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44601} [modify] https://crrev.com/17c286848a6aed6f9ea98a8164d01a4cdc912502/tools/run-tests.py
,
Apr 13 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by machenb...@chromium.org
, Apr 11 2017