this test failed because it is loading a wasm instance object in a wrong address.
在2020年8月27日星期四 UTC+8 下午6:07:19<yuyin QQ> 写道: > thank you for the bug report, will submit a patch soon. > > see > https://source.chromium.org/chromium/chromium/src/+/master:v8/src/builtins/mips64/builtins-mips64.cc;l=2512 > the frame will be: > low > kWasmCompileLazyFuncIndexRegister > wasm_instance // a0 TYPED_FRAME_PUSHED_VALUE_OFFSET(14) > f2 > f4 > ... > f14 > a0 // TYPED_FRAME_PUSHED_VALUE_OFFSET(6) > ... > a6 > a7 > frame type > fp > ra > high > > so the kWasmInstanceOffset is TYPED_FRAME_PUSHED_VALUE_OFFSET(6) or > TYPED_FRAME_PUSHED_VALUE_OFFSET(14) . > NOT TYPED_FRAME_PUSHED_VALUE_OFFSET(7) > > https://source.chromium.org/chromium/chromium/src/+/master:v8/src/execution/mips64/frame-constants-mips64.h;l=29 > > x64 is TYPED_FRAME_PUSHED_VALUE_OFFSET(0), because wasm_instance == rsi > arm64 is TYPED_FRAME_PUSHED_VALUE_OFFSET(1) because these is a padding > push: > > https://source.chromium.org/chromium/chromium/src/+/master:v8/src/codegen/arm64/macro-assembler-arm64.cc;l=2340 > > > > 在2020年8月25日星期二 UTC+8 上午11:02:02<[email protected]> 写道: > >> Sorry for late reply, I reproduced this bug, but may need some time to >> figure out the reason. >> Error log: >> >> # >> # Fatal error in ../../src/objects/heap-object.h, line 220 >> # Check failed: !v8::internal::FLAG_enable_slow_asserts || >> (IsHeapObject()). >> # >> # >> # >> #FailureMessage Object: 0xfffbd19940 >> ==== C stack trace =============================== >> >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x44) >> >> [0xfff2a2eebc] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8_libplatform.so(+0x6ff70) >> >> [0xfff2953f70] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8_libbase.so(V8_Fatal(char >> >> const*, int, char const*, ...)+0x14c) [0xfff2a0437c] >> ./out/mips64el.debug/d8(v8::internal::HeapObject::HeapObject(unsigned >> long)+0xe8) [0xaaab1f4308] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::JSReceiver::JSReceiver(unsigned >> >> long)+0x4c) [0xfff4d59d74] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::TorqueGeneratedJSObject<v8::internal::JSObject, >> >> v8::internal::JSReceiver>::TorqueGeneratedJSObject(unsigned long)+0x4c) >> [0xfff4d4d5bc] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::JSObject::JSObject(unsigned >> >> long)+0x40) [0xfff4d4d550] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmInstanceObject::WasmInstanceObject(unsigned >> >> long)+0x4c) [0xfff526a7c4] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmInstanceObject::cast(v8::internal::Object)+0x58) >> >> [0xfff535ee68] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::WasmCompileLazyFrame::wasm_instance() >> >> const+0x74) [0xfff53e31f4] >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(+0x39992b8) >> [0xfff63f52b8] >> >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(v8::internal::Runtime_WasmCompileLazy(int, >> >> unsigned long*, v8::internal::Isolate*)+0x1ec) [0xfff63f4b94] >> /home/loongson/workspace/v8/out/mips64el.debug/libv8.so(+0x1ce9844) >> [0xfff4745844] >> Received signal 6 >> [1] 24375 abort ./out/mips64el.debug/d8 --test >> test/mjsunit/mjsunit.js --nohard-abort >> >> On Thursday, August 20, 2020 at 1:35:32 AM UTC+8 Zhi An Ng wrote: >> >>> +赵家众 for mips help >>> >>> On Wed, Aug 19, 2020 at 12:16 AM [email protected] <[email protected]> wrote: >>> >>>> v8 version:8.6.0.0 >>>> I run the test: >>>> ``` >>>> out/mips64el.debug/d8 --test test/mjsunit/mjsunit.js >>>> test/mjsunit/asm/poppler/poppler.js --random-seed=-1351191255 >>>> --nohard-abort --enable-slow-asserts --verify-heap --testing-d8-test-runner >>>> ``` >>>> >>>> error log: >>>> ==== C stack trace =============================== >>>> >>>> [0x7faa32680451] >>>> [0x7faa326803a3] >>>> [0x7faa321ea3c0] >>>> [0x55eb927883ec] >>>> [0x55eb9278834d] >>>> [0x55eb927882fd] >>>> [0x55eb9278826a] >>>> [0x55eb9278818d] >>>> [0x7faa347e8c8d] >>>> [0x7faa347e8c63] >>>> [0x7faa347e8bd8] >>>> [0x7faa347e8b30] >>>> [0x7faa347e8aa7] >>>> [0x7faa347ec050] >>>> [0x7faa347e93f7] >>>> [0x7faa347e93c0] >>>> [0x7faa347e9364] >>>> [0x7faa3522646e] >>>> [0x7faa3592de77] >>>> [0x7faa35935ff6] >>>> [0x7faa3593df62] >>>> [0x7faa35929ade] >>>> [0x7faa35941de9] >>>> [0x7faa3594218a] >>>> [0x7faa35942b8e] >>>> [0x7faa34bc4f9c] >>>> [0x7faa34bc4de1] >>>> [0x7faa34bc48e1] >>>> [0x7faa34bc21c3] >>>> [0x7faa34bc1381] >>>> [0x7faa347fded8] >>>> [0x55eb9276984c] >>>> [0x55eb92777a78] >>>> [0x55eb9277ab93] >>>> [0x55eb9277c20d] >>>> [0x55eb9277c6f2] >>>> [0x7faa31ebb0b3] >>>> [0x55eb9274fb3a] >>>> [end of stack trace] >>>> Segmentation fault (core dumped) >>>> >>>> -- >>>> -- >>>> v8-dev mailing list >>>> [email protected] >>>> http://groups.google.com/group/v8-dev >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "v8-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/v8-dev/a3850d24-2d79-470b-95b2-df4b694b71b5n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/v8-dev/a3850d24-2d79-470b-95b2-df4b694b71b5n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Best, >>> Zhi An >>> >> -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/2d38bdf4-cd98-4068-bfc0-8a8404d85f44n%40googlegroups.com.
