[v8-dev] About cpu profiler DCHECK failed.

Wed, 25 Aug 2021 03:58:38 -0700 

Hi all~
Cpu profiler could excute GetStackSample  and run stack StackFrameIterator.
But in riscv64/mips archs, Push operation is not atomic and consists of 
several instructions. For example:

  void Push(Register src1, Register src2) {
    Sub64(sp, sp, Operand(2 * kSystemPointerSize));
    Sd(src1, MemOperand(sp, 1 * kSystemPointerSize));
    Sd(src2, MemOperand(sp, 0 * kSystemPointerSize));
  }

If cpu profiler run GetStackSample after Sub64 but before Sd src1, then the 
value between sp and fp is undefined. So it causes a error:
 
#
# Fatal error in ../../src/execution/frames.h, line 184
# Debug check failed: static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES 
(70049115717448 vs. 23).
#
#
#
#FailureMessage Object: 0x7ffcf54a26c0

The concrete example occurs in BaselineCompiler::Prologue() 
<https://source.chromium.org/chromium/chromium/src/+/main:v8/src/baseline/riscv64/baseline-compiler-riscv64-inl.h;l=16?q=BaselineCompiler::Prologue()&ss=chromium%2Fchromium%2Fsrc:v8%2F>
:

After run EnterFrame(StackFrame::BASELINE);
Builtin kBaselineOutOfLinePrologue will 
Push(callee_context, callee_js_function) 
<https://source.chromium.org/chromium/chromium/src/+/main:v8/src/builtins/riscv64/builtins-riscv64.cc;l=1135>
; 

If cpu profiler run GetStackSample in 
Push(callee_context, callee_js_function) 
<https://source.chromium.org/chromium/chromium/src/+/main:v8/src/builtins/riscv64/builtins-riscv64.cc;l=1135>
 but 
before Sd(callee_context, sp + 8), will cause Debug check failed: 
static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES.

Details:

sp: 0x7f177f207e08
fp:0x7f177f207e18 size: 16 
pc:0x7f178b874040
lr:0x7f177708309c

DD: 0x7f177f207e28 : 0x68c7101119
DD: 0x7f177f207e20 : 0x7f17770844f8
DD: 0x7f177f207e18 : 0x7f177f207e90
DD: 0x7f177f207e10 : 0x7f177f207e90
DD: 0x7f177f207e08 : 0x1c
DD: 0x7f177f207e00 : 0x68c7101de9
DD: 0x7f177f207df8 : 0x68c7101139
DD: 0x7f177f207df0 : 0xb02
DD: 0x7f177f207de8 : 0x68c711fc91




-- 
-- 
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups 
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/v8-dev/999d5008-6480-4cd3-905e-b91387e804e1n%40googlegroups.com.

Reply via email to