Baseline JIT crash on arm64

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Baseline JIT crash on arm64

孙科
Hi, all
    Since we modify the code, and successful compiled baseline JIT on
arm64. We got 'illeagal instruction' crash when executing scripts.
    Use gdb to debugging this problem, try 'j *$pc' command, the code can
run normally several times. Like this problem, what may be relevant?
     Here is the log:
           (gdb) r

js> for(var i=0; i<10000000; i++);
Thread 1 "js" received signal SIGILL, Illegal instruction.
0x0000007fb7fd13d0 in ?? ()
(gdb) info f
Stack level 0, frame at 0x0:
 pc = 0x7fb7fd13d0; saved pc = 0x7fb7bc6b50
 Outermost frame: not enough registers or memory available to unwind further
 Arglist at unknown address.
 Locals at unknown address, Previous frame's sp is 0x0
(gdb) j *$pc
Continuing at 0x7fb7fd13d0.
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);
js> for(var i=0; i<10000000; i++);

Thread 1 "js" received signal SIGILL, Illegal instruction.
0x0000007fb7bce148 in ?? ()
(gdb)

Thanks,
sk
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Baseline JIT crash on arm64

Nicolas B. Pierron
On 05/13/2016 03:08 PM, 孙科 wrote:

> Hi, all
>      Since we modify the code, and successful compiled baseline JIT on
> arm64. We got 'illeagal instruction' crash when executing scripts.
>      Use gdb to debugging this problem, try 'j *$pc' command, the code can
> run normally several times. Like this problem, what may be relevant?
>       Here is the log:
>             (gdb) r
>
> js> for(var i=0; i<10000000; i++);
> Thread 1 "js" received signal SIGILL, Illegal instruction.
> 0x0000007fb7fd13d0 in ?? ()
> (gdb) info f
> Stack level 0, frame at 0x0:
>   pc = 0x7fb7fd13d0; saved pc = 0x7fb7bc6b50
>   Outermost frame: not enough registers or memory available to unwind further
>   Arglist at unknown address.
>   Locals at unknown address, Previous frame's sp is 0x0
> (gdb) j *$pc
> Continuing at 0x7fb7fd13d0.

This is weird, if this were an illegal instruction, this should not work,
unless there is a bug in gdb, and the pc is already incremented.

Can you paste the content of the surrounding instructions, with the disas
command?

Can you start the engine with --no-ion, and if you cannot reproduce it, with
--ion-eager.

--
Nicolas B. Pierron
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Baseline JIT crash on arm64

孙科
Ion arm64 is not implemented. So, this problem may cause by baseline.

Thread 1 "js" received signal SIGILL, Illegal instruction.
0x0000007fb7fd1290 in ?? ()
(gdb) info f
Stack level 0, frame at 0x0:
 pc = 0x7fb7fd1290; saved pc = 0x7fb7bc6b50
 Outermost frame: not enough registers or memory available to unwind further
 Arglist at unknown address.
 Locals at unknown address, Previous frame's sp is 0x0
(gdb) x/32i $pc - 8
   0x7fb7fd1288: bfi x16, x9, #23, #17
   0x7fb7fd128c: .inst 0x0000007f ; undefined
=> 0x7fb7fd1290: sub sp, x28, #0x8
   0x7fb7fd1294: str x2, [x28,#-8]!
   0x7fb7fd1298: sub sp, x28, #0x8
   0x7fb7fd129c: str x19, [x28,#-8]!
   0x7fb7fd12a0: sub sp, x28, #0x8
   0x7fb7fd12a4: str x19, [x28,#-8]!
   0x7fb7fd12a8: sub sp, x28, #0x8
   0x7fb7fd12ac: str x2, [x28,#-8]!
   0x7fb7fd12b0: sub sp, x28, #0x8
   0x7fb7fd12b4: str x9, [x28,#-8]!
   0x7fb7fd12b8: mov x2, x23
   0x7fb7fd12bc: sub x2, x2, #0x30
   0x7fb7fd12c0: sub sp, x28, #0x8
   0x7fb7fd12c4: str x2, [x28,#-8]!
   0x7fb7fd12c8: sub x0, x23, x28
   0x7fb7fd12cc: add w0, w0, #0x8
   0x7fb7fd12d0: sub w16, w0, #0x20
   0x7fb7fd12d4: stur w16, [x23,#-32]
   0x7fb7fd12d8: lsl x0, x0, #8
   0x7fb7fd12dc: mov x16, #0x21                   // #33
   0x7fb7fd12e0: orr x0, x0, x16
   0x7fb7fd12e4: sub sp, x28, #0x8
   0x7fb7fd12e8: str x0, [x28,#-8]!
   0x7fb7fd12ec: mov sp, x28
   0x7fb7fd12f0: b 0x7fb7fc7850
   0x7fb7fd12f4: brk #0xdead
   0x7fb7fd12f8: brk #0xdead
   0x7fb7fd12fc: brk #0xdead
   0x7fb7fd1300: ldr x16, 0x7fb7fd1308
   0x7fb7fd1304: br x16
(gdb) x/32i $lr - 8
   0x7fb7bc6b48: ldr x0, [x9]
   0x7fb7bc6b4c: blr x0
   0x7fb7bc6b50: tst w2, w2
   0x7fb7bc6b54: b.ne 0x7fb7bc6854
   0x7fb7bc6b58: mov x2, #0xfff9000000000000     // #-1970324836974592
   0x7fb7bc6b5c: ldur w16, [x23,#-4]
   0x7fb7bc6b60: tst w16, #0x1
   0x7fb7bc6b64: b.eq 0x7fb7bc6b6c
   0x7fb7bc6b68: ldur x2, [x23,#-40]
   0x7fb7bc6b6c: b.al 0x7fb7bc6d08
   0x7fb7bc6b70: sub sp, x28, #0x8
   0x7fb7bc6b74: str x0, [x28,#-8]!
   0x7fb7bc6b78: mov x0, #0xa1e0                 // #41440
   0x7fb7bc6b7c: movk x0, #0xb792, lsl #16
   0x7fb7bc6b80: movk x0, #0x7f, lsl #32
   0x7fb7bc6b84: sub sp, x28, #0x20
   0x7fb7bc6b88: stp x12, x13, [x28,#-32]!
   0x7fb7bc6b8c: stp x14, x15, [x28,#16]
   0x7fb7bc6b90: sub sp, x28, #0x20
   0x7fb7bc6b94: stp x8, x9, [x28,#-32]!
   0x7fb7bc6b98: stp x10, x11, [x28,#16]
   0x7fb7bc6b9c: sub sp, x28, #0x20
   0x7fb7bc6ba0: stp x4, x5, [x28,#-32]!
   0x7fb7bc6ba4: stp x6, x7, [x28,#16]
   0x7fb7bc6ba8: sub sp, x28, #0x20
   0x7fb7bc6bac: stp x0, x1, [x28,#-32]!
   0x7fb7bc6bb0: stp x2, x3, [x28,#16]
   0x7fb7bc6bb4: sub sp, x28, #0x20
   0x7fb7bc6bb8: stp d4, d5, [x28,#-32]!
   0x7fb7bc6bbc: stp d6, d7, [x28,#16]
   0x7fb7bc6bc0: sub sp, x28, #0x20
   0x7fb7bc6bc4: stp d0, d1, [x28,#-32]!

2016-05-14 0:02 GMT+08:00 Nicolas B. Pierron <[hidden email]>
:

> On 05/13/2016 03:08 PM, 孙科 wrote:
>
>> Hi, all
>>      Since we modify the code, and successful compiled baseline JIT on
>> arm64. We got 'illeagal instruction' crash when executing scripts.
>>      Use gdb to debugging this problem, try 'j *$pc' command, the code can
>> run normally several times. Like this problem, what may be relevant?
>>       Here is the log:
>>             (gdb) r
>>
>> js> for(var i=0; i<10000000; i++);
>> Thread 1 "js" received signal SIGILL, Illegal instruction.
>> 0x0000007fb7fd13d0 in ?? ()
>> (gdb) info f
>> Stack level 0, frame at 0x0:
>>   pc = 0x7fb7fd13d0; saved pc = 0x7fb7bc6b50
>>   Outermost frame: not enough registers or memory available to unwind
>> further
>>   Arglist at unknown address.
>>   Locals at unknown address, Previous frame's sp is 0x0
>> (gdb) j *$pc
>> Continuing at 0x7fb7fd13d0.
>>
>
> This is weird, if this were an illegal instruction, this should not work,
> unless there is a bug in gdb, and the pc is already incremented.
>
> Can you paste the content of the surrounding instructions, with the disas
> command?
>
> Can you start the engine with --no-ion, and if you cannot reproduce it,
> with --ion-eager.
>
> --
> Nicolas B. Pierron
> _______________________________________________
> dev-tech-js-engine mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-js-engine
>
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Loading...