New issue
Advanced search Search tips

Issue 846438 link

Starred by 2 users
Status: Duplicate
Merged: issue v8:3770
Owner: ----
Closed: Jun 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

UBSan errors in mksnapshot

Project Member Reported by bunge...@chromium.org, May 24 2018 
Chrome Version: 5d75e679c34cec2bf59c7d67539b848209c7b2b0
OS: linux

What steps will reproduce the problem?
(1) set args.gn to
enable_nacl = false
ffmpeg_branding = "ChromeOS"
is_debug = true
is_ubsan_security = true
optimize_for_fuzzing = true
pdf_enable_xfa = true
proprietary_codecs = true
use_libfuzzer = true
sanitizer_keep_symbols = true

(2) ninja v8
(3) on //v8:run_mksnapshot_default ubsan reports several "runtime error: member call on address <addr> which does not point to an object of type <type>"


What is the expected result?
mksnapshot should run without ubsan complaining

What happens instead?
ubsan complains

Comment 1 by bunge...@chromium.org, May 24 2018 

Note that when attempting to reproduce that the build step does finish, so it may be necessary to 'rm out/ubsan/v8*' between builds to see the messages again (or run the command manually).

Also, it may be helpful to run ninja like 'PATH=$HOME/src/chromium/src/third_party/llvm-build/Release+Asserts/bin/:$PATH ninja -C out/ubsan/ v8' to put llvm-symbolizer on the PATH to get readable traces.

Comment 2 by bunge...@chromium.org, May 24 2018 

Not that it matters all that much, but if trying to reproduce f85585b37189469ba6c9b53dfea57d88f1a9fe0f is probably a better revision since perfetto recently fixed some issues when building with the fuzzer.

Comment 3 by jkummerow@chromium.org, Jun 5 2018

Mergedinto: v8:3770
Status: Duplicate (was: Untriaged)
Yes, this is known; a fix is planned but it's very difficult, because fundamental design decisions have to be changed.

Sorry for the inconvenience.

Sign in to add a comment