New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 5668
Starred by 1 user
Status: Fixed
Owner:
jochen@chromium.org
Closed: Feb 2017
Cc:
mvstan...@chromium.org
hablich@chromium.org
bmeu...@chromium.org
jarin@chromium.org
Components:
HW: ----
NextAction: ----
OS: ----
Priority: 2
Type: Bug



Sign in to add a comment
 Zone::New incorrectly aligns memory on 32bit architectures
Reported by chriscco...@gmail.com, Nov 23 2016 Back to list 
In Ubuntu, we compile arm builds natively (not cross-compiled) on hosts that have an arm64 kernel. Since https://chromium.googlesource.com/v8/v8.git/+/0c168a90ffc34e3e4defee0c1cc39fe522dae2c0, v8 fails to compile because mksnapshot crashes during the build with the following stack trace:

Thread 1 "mksnapshot" received signal SIGBUS, Bus error.
std::__fill_a<v8::internal::compiler::InstructionOperand*, v8::internal::compiler::InstructionOperand> () at /usr/include/c++/6/bits/stl_algobase.h:685
685 *__first = __value;
(gdb) bt
#0 std::__fill_a<v8::internal::compiler::InstructionOperand*, v8::internal::compiler::InstructionOperand> () at /usr/include/c++/6/bits/stl_algobase.h:685
#1 std::fill<v8::internal::compiler::InstructionOperand*, v8::internal::compiler::InstructionOperand> () at /usr/include/c++/6/bits/stl_algobase.h:731
#2 v8::internal::compiler::InstructionSelector::EmitTableSwitch () at ../../v8/src/compiler/instruction-selector.cc:1511
#3 0xab054c98 in v8::internal::compiler::InstructionSelector::VisitSwitch () at ../../v8/src/compiler/arm/instruction-selector-arm.cc:2042
#4 0xaac234e4 in v8::internal::compiler::InstructionSelector::VisitControl () at ../../v8/src/compiler/instruction-selector.cc:917
#5 0xaac235d0 in v8::internal::compiler::InstructionSelector::VisitBlock () at ../../v8/src/compiler/instruction-selector.cc:822
#6 0xaac237d6 in v8::internal::compiler::InstructionSelector::SelectInstructions () at ../../v8/src/compiler/instruction-selector.cc:69
#7 0xaac771b0 in v8::internal::compiler::InstructionSelectionPhase::Run () at ../../v8/src/compiler/pipeline.cc:1253
#8 v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::InstructionSelectionPhase, v8::internal::compiler::Linkage*> () at ../../v8/src/compiler/pipeline.cc:706
#9 0xaac7942c in v8::internal::compiler::PipelineImpl::ScheduleAndSelectInstructions () at ../../v8/src/compiler/pipeline.cc:1804
#10 0xaac7a3da in v8::internal::compiler::PipelineImpl::ScheduleAndGenerateCode () at ../../v8/src/compiler/pipeline.cc:1905
#11 v8::internal::compiler::Pipeline::GenerateCodeForCodeStub () at ../../v8/src/compiler/pipeline.cc:1692
#12 0xaabf7620 in v8::internal::compiler::CodeAssembler::GenerateCode () at ../../v8/src/compiler/code-assembler.cc:76
#13 0xaaba1bc6 in BuildWithCodeStubAssemblerCS () at ../../v8/src/builtins/builtins.cc:110
#14 0xaaba51a0 in v8::internal::Builtins::SetUp () at ../../v8/src/builtins/builtins.cc:153
#15 0xaae2086e in v8::internal::Isolate::Init () at ../../v8/src/isolate.cc:2533
#16 0xaaafd2bc in v8::SnapshotCreator::SnapshotCreator () at ../../v8/src/api.cc:484
#17 0xaab05be2 in v8::V8::CreateSnapshotDataBlob () at ../../v8/src/api.cc:593
#18 0xaaaf4c84 in main () at ../../v8/src/snapshot/mksnapshot.cc:164

The issue appears to be that despite this code here - https://chromium.googlesource.com/v8/v8.git/+/d094fa76f3dd0bb5fc3f4c669762aa97d88e0f76/src/zone/zone.cc#70, there are some cases where Zone::NewArray can return a pointer that is not 8-byte aligned even if the requested size is divisible by 8. Specifically, if the call requires a new segment to be allocated, then the returned pointer may not by 8-byte aligned.
Comment 1 by chriscco...@gmail.com, Nov 23 2016 
I can resolve the issue with the attached change, although I don't know if that's actually correct
patch
922 bytes View Download
Comment 2 by hablich@chromium.org, Nov 24 2016
Cc: mvstan...@chromium.org
Components: Compiler
Owner: tebbi@chromium.org
Status: Assigned
Could you upload the patch to codereview please?
Comment 3 by chriscco...@gmail.com, Jan 6 2017 
Done: https://codereview.chromium.org/2615533007/

(I think I did it correctly)
Comment 4 by tebbi@chromium.org, Jan 31 2017
Owner: jochen@chromium.org
Comment 5 by jochen@chromium.org, Feb 5 2017
Summary: Zone::New incorrectly aligns memory on 32bit architectures (was: mksnapshot crashes during a native arm build)
Comment 7 by jochen@chromium.org, Feb 6 2017
Status: Fixed
Comment 8 by i...@bnoordhuis.nl, Feb 9 2017 
Can this be back-ported to the 5.6 and 5.7 branches?  We're floating it as a patch in node.js now, see https://github.com/nodejs/node/pull/11204.
Comment 9 by jochen@chromium.org, Feb 9 2017
Labels: Merge-Request-5.7 Merge-Request-5.6
Comment 10 by jochen@chromium.org, Feb 9 2017
Cc: hablich@chromium.org
Comment 11 by hablich@chromium.org, Feb 10 2017
Labels: -Merge-Request-5.6 -Merge-Request-5.7 Merge-Approved-5.6 Merge-Approved-5.7
Project Member Comment 12 by bugdroid1@chromium.org, Feb 10 2017
Labels: merge-merged-5.7
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/bd1e5e5a042dadcc4b642ac45dd516b31116938c

commit bd1e5e5a042dadcc4b642ac45dd516b31116938c
Author: Jochen Eisinger <jochen@chromium.org>
Date: Fri Feb 10 14:15:09 2017

Merged: Ensure we align zone memory at 8 byte boundaries on all platforms

Revision: b049d1a5986202c2ecf05de00a31ab2be820fc06

BUG= v8:5668 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
TBR=hablich@chromium.org

Review-Url: https://codereview.chromium.org/2685163004 .
Cr-Commit-Position: refs/branch-heads/5.7@{#94}
Cr-Branched-From: 975e9a320b6eaf9f12280c35df98e013beb8f041-refs/heads/5.7.492@{#1}
Cr-Branched-From: 8d76f0e3465a84bbf0bceab114900fbe75844e1f-refs/heads/master@{#42426}

[modify] https://crrev.com/bd1e5e5a042dadcc4b642ac45dd516b31116938c/src/zone/zone.cc
[modify] https://crrev.com/bd1e5e5a042dadcc4b642ac45dd516b31116938c/src/zone/zone.h
[modify] https://crrev.com/bd1e5e5a042dadcc4b642ac45dd516b31116938c/test/unittests/BUILD.gn
[modify] https://crrev.com/bd1e5e5a042dadcc4b642ac45dd516b31116938c/test/unittests/unittests.gyp
[add] https://crrev.com/bd1e5e5a042dadcc4b642ac45dd516b31116938c/test/unittests/zone/zone-unittest.cc
Project Member Comment 13 by bugdroid1@chromium.org, Feb 10 2017
Labels: merge-merged-5.6
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0

commit 8f9aebec2dfc5dbf8511921a657efa580ab8c8f0
Author: Jochen Eisinger <jochen@chromium.org>
Date: Fri Feb 10 14:23:38 2017

Merged: Ensure we align zone memory at 8 byte boundaries on all platforms

Revision: b049d1a5986202c2ecf05de00a31ab2be820fc06

BUG= v8:5668 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=hablich@chromium.org

Review-Url: https://codereview.chromium.org/2692473002 .
Cr-Commit-Position: refs/branch-heads/5.6@{#114}
Cr-Branched-From: bdd3886218dfe76e8560eb8a18401942452ae859-refs/heads/5.6.326@{#1}
Cr-Branched-From: 879f6599eee6e1dfcbe9a24bf688b261c03e9558-refs/heads/master@{#41014}

[modify] https://crrev.com/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0/src/zone/zone.cc
[modify] https://crrev.com/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0/src/zone/zone.h
[modify] https://crrev.com/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0/test/unittests/BUILD.gn
[modify] https://crrev.com/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0/test/unittests/unittests.gyp
[add] https://crrev.com/8f9aebec2dfc5dbf8511921a657efa580ab8c8f0/test/unittests/zone/zone-unittest.cc
Comment 14 by hablich@chromium.org, Feb 17 2017
Labels: -Merge-Approved-5.6 -Merge-Approved-5.7
Comment 15 by hablich@chromium.org, Mar 21 2017
Labels: NodeJS-Backport-Review
Comment 16 by hablich@chromium.org, Mar 23 2017
Labels: Priority-2
Comment 17 by ofrobots@google.com, Oct 10
Labels: -NodeJS-Backport-Review NodeJS-Backport-Done
Sign in to add a comment