thank you for the bug report, will submit a patch soon. see https://source.chromium.org/chromium/chromium/src/+/master:v8/src/builtins/mips64/builtins-mips64.cc;l=2512 the frame will be: low kWasmCompileLazyFuncIndexRegister wasm_instance // a0 TYPED_FRAME_PUSHED_VALUE_OFFSET(14) f2 f4 ... f14 a0 // TYPED_FRAME_PUSHED_VALUE_OFFSET(6) ... a6 a7 frame type fp ra high
so the kWasmInstanceOffset is TYPED_FRAME_PUSHED_VALUE_OFFSET(6) or TYPED_FRAME_PUSHED_VALUE_OFFSET(14) . NOT TYPED_FRAME_PUSHED_VALUE_OFFSET(7) https://source.chromium.org/chromium/chromium/src/+/master:v8/src/execution/mips64/frame-constants-mips64.h;l=29 x64 is TYPED_FRAME_PUSHED_VALUE_OFFSET(0), because wasm_instance == rsi arm64 is TYPED_FRAME_PUSHED_VALUE_OFFSET(1) because these is a padding push: https://source.chromium.org/chromium/chromium/src/+/master:v8/src/codegen/arm64/macro-assembler-arm64.cc;l=2340 在2020年8月25日星期二 UTC+8 上午11:02:02<[email protected]> 写道: > Sorry for late reply, I reproduced this bug, but may need some time to > figure out the reason. > Error log: > > # > # Fatal error in ../../src/objects/heap-object.h, line 220 > # Check failed: !v8::internal::FLAG_enable_slow_asserts || > (IsHeapObject()). > # > # > # > #FailureMessage Object: 0xfffbd19940 > ==== C stack trace =============================== > > > /home/loongson/workspace/v8/out/mips64el.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x44) > > [0xfff2a2eebc] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8_libplatform.so(+0x6ff70) > [0xfff2953f70] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8_libbase.so(V8_Fatal(char > const*, int, char const*, ...)+0x14c) [0xfff2a0437c] > ./out/mips64el.debug/d8(v8::internal::HeapObject::HeapObject(unsigned > long)+0xe8) [0xaaab1f4308] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::JSReceiver::JSReceiver(unsigned > > long)+0x4c) [0xfff4d59d74] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::TorqueGeneratedJSObject<v8::internal::JSObject, > > v8::internal::JSReceiver>::TorqueGeneratedJSObject(unsigned long)+0x4c) > [0xfff4d4d5bc] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::JSObject::JSObject(unsigned > > long)+0x40) [0xfff4d4d550] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmInstanceObject::WasmInstanceObject(unsigned > > long)+0x4c) [0xfff526a7c4] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmInstanceObject::cast(v8::internal::Object)+0x58) > > [0xfff535ee68] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmCompileLazyFrame::wasm_instance() > > const+0x74) [0xfff53e31f4] > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(+0x39992b8) > [0xfff63f52b8] > > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::Runtime_WasmCompileLazy(int, > > unsigned long*, v8::internal::Isolate*)+0x1ec) [0xfff63f4b94] > /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(+0x1ce9844) > [0xfff4745844] > Received signal 6 > [1] 24375 abort ./out/mips64el.debug/d8 --test > test/mjsunit/mjsunit.js --nohard-abort > > On Thursday, August 20, 2020 at 1:35:32 AM UTC+8 Zhi An Ng wrote: > >> +赵家众 for mips help >> >> On Wed, Aug 19, 2020 at 12:16 AM [email protected] <[email protected]> wrote: >> >>> v8 version:8.6.0.0 >>> I run the test: >>> ``` >>> out/mips64el.debug/d8 --test test/mjsunit/mjsunit.js >>> test/mjsunit/asm/poppler/poppler.js --random-seed=-1351191255 >>> --nohard-abort --enable-slow-asserts --verify-heap --testing-d8-test-runner >>> ``` >>> >>> error log: >>> ==== C stack trace =============================== >>> >>> [0x7faa32680451] >>> [0x7faa326803a3] >>> [0x7faa321ea3c0] >>> [0x55eb927883ec] >>> [0x55eb9278834d] >>> [0x55eb927882fd] >>> [0x55eb9278826a] >>> [0x55eb9278818d] >>> [0x7faa347e8c8d] >>> [0x7faa347e8c63] >>> [0x7faa347e8bd8] >>> [0x7faa347e8b30] >>> [0x7faa347e8aa7] >>> [0x7faa347ec050] >>> [0x7faa347e93f7] >>> [0x7faa347e93c0] >>> [0x7faa347e9364] >>> [0x7faa3522646e] >>> [0x7faa3592de77] >>> [0x7faa35935ff6] >>> [0x7faa3593df62] >>> [0x7faa35929ade] >>> [0x7faa35941de9] >>> [0x7faa3594218a] >>> [0x7faa35942b8e] >>> [0x7faa34bc4f9c] >>> [0x7faa34bc4de1] >>> [0x7faa34bc48e1] >>> [0x7faa34bc21c3] >>> [0x7faa34bc1381] >>> [0x7faa347fded8] >>> [0x55eb9276984c] >>> [0x55eb92777a78] >>> [0x55eb9277ab93] >>> [0x55eb9277c20d] >>> [0x55eb9277c6f2] >>> [0x7faa31ebb0b3] >>> [0x55eb9274fb3a] >>> [end of stack trace] >>> Segmentation fault (core dumped) >>> >>> -- >>> -- >>> v8-dev mailing list >>> [email protected] >>> http://groups.google.com/group/v8-dev >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "v8-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/v8-dev/a3850d24-2d79-470b-95b2-df4b694b71b5n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/v8-dev/a3850d24-2d79-470b-95b2-df4b694b71b5n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Best, >> Zhi An >> > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/77bb48bf-c881-4608-a698-40f189730691n%40googlegroups.com.
