Check fails in blink::SQLTransactionStateMachine (clang on Android code generation?) |
||||||||||
Issue descriptionChrome Version: master OS: Android What steps will reproduce the problem? (1) gn gen --args='target_os="android" is_debug=true' out/Default (2) ninja -C out/Default chrome_public_apk (3) out/Default/bin/chrome_modern_public_apk run http://ebay.com What is the expected result? What happens instead? Abort message: '[FATAL:sql_transaction_state_machine.h(90)] Check failed: state_function. ' Reproduces in debug builds, but not with android_full_debug=true. It does not fail after the following change in SQLTransactionStateMachine<T>::RunStateMachine(): - StateFunction state_function = StateFunctionFor(next_state_); + StateFunction state_function = static_cast<T*>(this)->StateFunctionFor(next_state_); But calling a virtual method without downcasting the this pointer should produce the same result, which makes it look like a possible compiler bug.
,
Nov 30
,
Dec 3
Appears to be a clang generating bad code. Will someone at Google look at this or should it be reported to the llvm project?
The following standalone program reproduces the crash using the ndk r18b toolchain compiler using the arm target and "-Oz":
#include <stdio.h>
struct C;
typedef int (C::*func)();
struct A {
virtual ~A() {}
};
struct B {
virtual func c_get_func(int ix) = 0;
func b_get_func(int ix) {
return c_get_func(ix);
}
};
struct C : A, B {
int the_func() { return 0; }
func c_get_func(int ix) override {
static const func funcs[] = { &C::the_func, &C::the_func, };
printf("ix=%d\n", ix);
return funcs[ix];
}
};
int main() {
C c;
func f = c.b_get_func(0);
return (c.*f)();
}
,
Dec 4
,
Dec 4
ollel: Thanks for the reduced test case! Could you paste the full command you're using to invoke the compiler, and also the output from adding "-v" to that command line?
,
Dec 4
,
Dec 4
To build the standalone program I used the android ndk. Reproduces both with r18b and r19 beta1. Used the following command line to compile: android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi21-clang++ -fPIC -Oz main.cc Android (5058415 based on r339409) clang version 8.0.2 (https://android.googlesource.com/toolchain/clang 40173bab62ec746213857d083c0e8b0abb568790) (https://android.googlesource.com/toolchain/llvm 7a6618d69e7e8111e1d49dc9e7813767c5ca756a) (based on LLVM 8.0.2svn) Target: armv7a-unknown-linux-android21 Thread model: posix InstalledDir: /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin Found candidate GCC installation: /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x Selected GCC installation: /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x Candidate multilib: thumb;@mthumb Candidate multilib: armv7-a;@march=armv7-a Candidate multilib: armv7-a/thumb;@march=armv7-a@mthumb Candidate multilib: .; Selected multilib: armv7-a;@march=armv7-a "/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/clang++" -cc1 -triple armv7-unknown-linux-android21 -emit-obj -disable-free -disable-llvm-verifier -discard-value-names -main-file-name main.cc -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -fuse-init-array -target-cpu generic -target-feature +soft-float-abi -target-abi aapcs-linux -mfloat-abi soft -fallow-half-arguments-and-returns -dwarf-column-info -debugger-tuning=gdb -v -resource-dir /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.2 -internal-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/c++/v1 -internal-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/local/include -internal-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.2/include -internal-externc-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/arm-linux-androideabi -internal-externc-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/include -internal-externc-isystem /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include -Oz -fdeprecated-macro -fdebug-compilation-dir /home/ollel/tmp/clang-bug -ferror-limit 19 -fmessage-length 185 -fno-signed-char -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -vectorize-slp -o /tmp/main-8e15fb.o -x c++ main.cc -faddrsig clang -cc1 version 8.0.2 based upon LLVM 8.0.2svn default target x86_64-unknown-linux-gnu ignoring nonexistent directory "/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/include" #include "..." search starts here: #include <...> search starts here: /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/c++/v1 /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/local/include /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.2/include /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/arm-linux-androideabi /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include End of search list. "/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld" -pie -X --no-add-needed --enable-new-dtags --eh-frame-hdr -m armelf_linux_eabi -dynamic-linker /system/bin/linker -o a.out /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/arm-linux-androideabi/21/crtbegin_dynamic.o -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.2/lib/linux/arm -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/armv7-a -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/lib/../lib/armv7-a -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/arm-linux-androideabi/21 -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/arm-linux-androideabi -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/../lib -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/arm-linux-androideabi/../../lib -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/lib/armv7-a -L/home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib /tmp/main-8e15fb.o -lc++ -lm -lgcc -lgcc -ldl -lc -lgcc -lgcc -ldl /home/ollel/work/android/ndk/android-ndk-r19-beta1/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/lib/arm-linux-androideabi/21/crtend_android.o
,
Dec 5
I just noticed the test program crashes also on my desktop running fedora linux. This when compiled with "clang++ -Oz -m32 main.cc" using clang for x86 from the fedora package clang-7.0.0-2.fc29.x86_64. Thus 32-bit and -Oz seem to be required, but not arm as I first thought. In gdb it looks like something goes bad in "non-virtual thunk to C::c_get_func(int) ()" when returning from C::c_get_func().
,
Dec 6
> I just noticed the test program crashes also on my desktop running fedora linux.
Thanks! This makes it much easier to work with. It fails for me locally too.
Yes, it looks like the return value from C::c_get_func() gets lost in the thunk. The IR looks like this:
define linkonce_odr dso_local void @_ZThn4_N1C10c_get_funcEi({ i32, i32 }* noalias sret %agg.result, %struct.C* %this, i32 %ix) unnamed_addr #3 comdat align 2 {
entry:
%tmp = alloca { i32, i32 }, align 4
%0 = getelementptr inbounds %struct.C, %struct.C* %this, i32 -1, i32 1
%1 = bitcast %struct.B* %0 to %struct.C*
tail call void @_ZN1C10c_get_funcEi({ i32, i32 }* nonnull sret %tmp, %struct.C* nonnull %1, i32 %ix) #9
ret void
}
On just a first glance, that looks odd to me...
,
Dec 6
Either Clang is emitting incorrect IR for the thunk, or LLVM is optimizing it incorrectly, or there's something subtly wrong with the source code that I can't see. Attaching IR for the thunk before optimization. Running that through "opt -O3" shows the return values getting dropped.
,
Dec 6
I know nothing about IR, but why "void" in "define linkonce_odr dso_local void @_ZThn4_N1C10c_get_funcEi"?
When compiling with -m64 I get "{ i64, i64 }" instead of "void":
"define linkonce_odr dso_local { i64, i64 } @_ZThn8_N1C10c_get_funcEi"
If "void" is the result type, it must be wrong already before optimization.
,
Dec 6
> If "void" is the result type, it must be wrong already before optimization. It's because the return value, the member pointer, is a 2 x 32-bit aggregate value, so it's returned via a pointer to the caller's stack, that's the %agg.result variable, rather than through a register.
,
Dec 6
Aha! I think it's because the call to @_ZN1C10c_get_funcEi is marked "tail". From https://llvm.org/docs/LangRef.html#id313: "Both markers [tail and musttail] imply that the callee does not access allocas from the caller." That clearly doesn't hold here. I suppose Clang is a little too eager to put "tail" on the call when generating thunks..
,
Dec 6
Filed upstream: https://bugs.llvm.org/show_bug.cgi?id=39901
,
Dec 21
This should be better now. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ol...@opera.com
, Nov 30