[Bug middle-end/69234] New: recent GCC trunk compilers miscompile the V8 JavaScript interpreter/JITC

Mon, 11 Jan 2016 15:08:19 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69234

            Bug ID: 69234
           Summary: recent GCC trunk compilers miscompile the V8
                    JavaScript interpreter/JITC
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: abe_skolnik at yahoo dot com
  Target Milestone: ---

Recent GCC trunk compilers miscompile the V8 JavaScript interpreter/JITC such
that the compiled V8 [sans Chrome/Chromium] crashes when running the
included-with-V8 benchmarks.  Compiling the exact same V8 source code using GCC
5.2.0 or 5.3.0 results in correct execution.  We have tested execution on both
AMD64 [AKA "x86_64"] and AArch64 [AKA "ARM64"].  For the AMD64-targeting
compilers, the compiler was bootstrapped.  The AArch64-targeting compilers were
cross-compilers.

With lots of help from my teammate Kevin Hu, we have isolated that the first
commit that breaks V8 seems to be trunk Subversion r226861; GCC from trunk
r226860 compiles V8 such that it runs its own benchmarks OK.  [Please note that
the fork known as "Octane" of the V8 benchmarks was not used.]

We have determined that the location of the crash --
"IncrementalMarking::ActivateIncrementalWriteBarrier(NewSpace*)" -- is not
compiled any differently by the two different revisions of the compiler [at
least when targeting AMD64].  However, we _have_ been able to determine that
replacing only the object file containing that method --
"incremental-marking.o" -- and using that file while manually relinking the V8
build that was otherwise compiled with the earlier-revision compiler _does_
produce a crashing V8 "shell" program.  Therefor, logically, at least one
subroutine in this ".o" file was miscompiled.

The same crash has been found on AMD64 in r232207 from today [January 11 2016].

We are still working on reducing the test case further; we will post a smaller
test case later.



Steps to reproduce
------------------
* build GCC trunk r226860 for either AMD64 or AArch64

* build GCC trunk r226861 for either AMD64 or AArch64

* check out V8 version 4.9.274 from
<https://chromium.googlesource.com/v8/v8.git/+/refs/heads/4.9.274>

* build V8 with GCC trunk r226860 using either "make x64.release" or "make
arm64.release",
  "cd" into "benchmarks", execute "../out/<build_type>/shell run.js"

* build V8 with GCC trunk r226861 using either "make x64.release" or "make
arm64.release",
  "cd" into "benchmarks", execute "../out/<build_type>/shell run.js"

Reply via email to