orsonteodoro
commented
8 years ago I did a git bisect of the bugs and found 10 breakages to this 2+ year problem. So far I patched v8, the JavaScript engine behind Chromium, up to 5.3.332.40 from 3.27.9999, which was equivalent to the last commit from fenghaitao git repository. After I patch v8 to 5.3.332, I will work on Chromium 54.0.2840.59, the current stable on the Gentoo portage tree. We should see Chromium on x32 ABI soon.
The commits that cause the breakage are.... commit 1 cc3337c1c2d0cff54fd18afc495ed1e102e6da34 revert commit 2a 801f1b6de81bc1629e6bf35642cfb5fafb15833e commit 2b 81e131ce4889205570e870cf50c55c7ad61aa376 commit 3 ed2be747ad13746797b655fa4f5c23dc6b0ef3e3 revert commit 4 5a0df034d14674e789c447161fec96d3cfa836a5 commit 5 bc8f9a78f05c7a9dce0a112835d797d8082749eb commit 6 473280f82a260f5e07f7ae2649e74732d686389f commit 7 fa570e55b623c74245945e3bdda042df1bf6a196 commit 8 04c8c11ee569a41d4b07839154eb0c718ff6e381 commit 9 02c8b6f7f0f8801f0cdc33bef576e3b0c3db394e commit 10 eff24bef5c0f071008bdd4bcee3a86384e90c90b commit 11 25af5d3d325f3a9aced80fee02df29155b4c695e commit 12 c8ac0d8693f559795eeb3f3aaf386dde166fb2ab commit 13 2ef6862e5d89807fc1f12a1a86ba7ebf0b7112b2 commit 14 ? can't remember. will fill in after reviewing megapatch commit 15-1 f0a430e5dcfaaa27ab7cef19c935cd255d0c42d1 commit 15-2 02c3414d6283a5c98f0ba0bec484b216ee2a0c8f unify builtins commit 16 7ae653f79b20fd3341d7d6e9ba843b69fa39c4a1 turbofan storeic_{miss,slow} commit 17 5abc73a1e8ec1b96fcc01dc045dc3dbfa4d36515 builtin sort by use commit 18 406146ff5ca274265ee704d73a00c8a8127f75c6 tonumber commit 19a e6822a8338c70ab476e545da95d958c23ac366f9 commit 19b b659a0ac2306303f0b7799fc884d57ca0c4dbf92
The above backtraces and provided patches previously provided in this repository are irrelevant to fixing this bug.
sjnewbury
Bootstrapper::CompileBuiltin for prologue fails. here is the gdb output
mksnapshot will segfault at CALL_GENERATED_CODE
////Contents of v8/src/execution.cc line 99 : typedef Object* (*JSEntryFunction)(Object* new_target, Object* target, Object* receiver, int argc, Object*** args); Handlecode = is_construct ? isolate->factory()->js_construct_entry_code() : isolate->factory()->js_entry_code(); { // Save and restore context around invocation and block the // allocation of handles without explicit handle scopes. SaveContext save(isolate); SealHandleScope shs(isolate); JSEntryFunction stub_entry = FUNCTION_CAST(code->entry());
// Call the function through the right JS entry stub.
Object* orig_func = *new_target;
Object* func = *target;
Object* recv = *receiver;
Object*** argv = reinterpret_cast(args);
if (FLAG_profile_deserialization && target->IsJSFunction()) {
PrintDeserializedCodeInfo(Handle::cast(target));
}
RuntimeCallTimerScope timer(isolate, &RuntimeCallStats::JS_Execution);
value = CALL_GENERATED_CODE(isolate, stub_entry, orig_func, func, recv, // <--- segfaults here when step into
argc, argv); //
}
#ifdef VERIFY_HEAP
///code sample done
///Contents of v8/src/api.cc StartupData V8::CreateSnapshotDataBlob(const char* embedded_source) { // Create a new isolate and a new context from scratch, optionally run // a script to embed, and serialize to create a snapshot blob. StartupData result = {NULL, 0}; base::ElapsedTimer timer; timer.Start(); ArrayBufferAllocator allocator; i::Isolate* internal_isolate = new i::Isolate(true); internal_isolate->set_array_buffer_allocator(&allocator); Isolate* isolate = reinterpret_cast(internal_isolate);
{
Isolate::Scope isolate_scope(isolate);
internal_isolate->Init(NULL);
Persistent context;
{
HandleScope handle_scope(isolate);
Local new_context = Context::New(isolate); // <----- debugger enters hear
context.Reset(isolate, new_context); // <---- never goes here
if (embedded_source != NULL &&
!RunExtraCode(isolate, new_context, embedded_source, "")) {
context.Reset();
}
}
//
///Contents of v8/src/bootstrapper.cc bool Genesis::InstallNatives(GlobalContextType context_type) { HandleScope scope(isolate()); // Set up the utils object as shared container between native scripts. Handle utils = factory()->NewJSObject(isolate()->object_function());
JSObject::NormalizeProperties(utils, CLEAR_INOBJECT_PROPERTIES, 16,
"utils container for native scripts");
native_context()->set_natives_utils_object(*utils);
// Set up the extras utils object as a shared container between native
// scripts and extras. (Extras consume things added there by native scripts.)
Handle extras_utils =
factory()->NewJSObject(isolate()->object_function());
native_context()->set_extras_utils_object(*extras_utils);
InstallInternalArray(extras_utils, "InternalPackedArray", FAST_ELEMENTS);
int builtin_index = Natives::GetDebuggerCount();
// Only run prologue.js and runtime.js at this point.
DCHECK_EQ(builtin_index, Natives::GetIndex("prologue"));
if (!Bootstrapper::CompileBuiltin(isolate(), builtin_index++)) //enters here
return false; //never goes here
DCHECK_EQ(builtin_index, Natives::GetIndex("runtime")); //never goes here
if (!Bootstrapper::CompileBuiltin(isolate(), builtin_index++))
return false;
///// backtrace before crash
(gdb) bt #0 v8::internal::(anonymous namespace)::Invoke (isolate=isolate@entry=0x14f2010, is_construct=is_construct@entry=false, target=target@entry=..., receiver=..., receiver@entry=..., argc=argc@entry=0, args=0x0, new_target=...) at ../../v8/src/execution.cc:99 #1 0x0069710a in v8::internal::Execution::Call (isolate=isolate@entry=0x14f2010, callable=..., receiver=..., receiver@entry=..., argc=argc@entry=0, argv=argv@entry=0x0) at ../../v8/src/execution.cc:155 #2 0x0046d9c4 in v8::internal::Bootstrapper::CompileNative (isolate=isolate@entry=0x14f2010, name=..., name@entry=..., source=..., source@entry=..., argc=argc@entry=3, argv=argv@entry=0xffffcf00, natives_flag=natives_flag@entry=v8::internal::NATIVES_CODE) at ../../v8/src/bootstrapper.cc:2079 #3 0x0046db33 in v8::internal::Bootstrapper::CompileBuiltin (isolate=, index=index@entry=3) at ../../v8/src/bootstrapper.cc:2000
#4 0x00475ff1 in v8::internal::Genesis::InstallNatives (this=this@entry=0xffffd0a0, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:2762
#5 0x0047be0d in v8::internal::Genesis::Genesis (this=, isolate=, maybe_global_proxy=..., global_proxy_template=..., extensions=,
context_type=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:3714
#6 0x0047c36b in v8::internal::Bootstrapper::CreateEnvironment (this=, maybe_global_proxy=..., global_proxy_template=..., global_proxy_template@entry=...,
extensions=extensions@entry=0xffffd120, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:331
#7 0x0043fe98 in v8::CreateEnvironment (maybe_global_proxy=..., global_template=..., extensions=0xffffd120, isolate=0x14f2010) at ../../v8/src/api.cc:5586
#8 v8::Context::New (external_isolate=external_isolate@entry=0x14f2010, extensions=0xffffd120, extensions@entry=0x0, global_template=..., global_template@entry=..., global_object=...,
global_object@entry=...) at ../../v8/src/api.cc:5613
#9 0x004599c6 in v8::V8::CreateSnapshotDataBlob (embedded_source=embedded_source@entry=0x0) at ../../v8/src/api.cc:454
#10 0x00420afb in main (argc=2, argv=) at ../../v8/src/snapshot/mksnapshot.cc:164
(gdb)