If i modify Push
void Push(Register src1, Register src2) {
Sd(src1, MemOperand(sp, -1 * kSystemPointerSize));
Sd(src2, MemOperand(sp, -2 * kSystemPointerSize));
Sub64(sp, sp, Operand(2 * kSystemPointerSize));
}
This error will not appear again.
But the new Push does not conform to the assembly manual.
在2021年8月25日星期三 UTC+8 下午6:58:32<Yahan Lu> 写道:
> Hi all~
> Cpu profiler could excute GetStackSample and run stack StackFrameIterator.
> But in riscv64/mips archs, Push operation is not atomic and consists of
> several instructions. For example:
>
> void Push(Register src1, Register src2) {
> Sub64(sp, sp, Operand(2 * kSystemPointerSize));
> Sd(src1, MemOperand(sp, 1 * kSystemPointerSize));
> Sd(src2, MemOperand(sp, 0 * kSystemPointerSize));
> }
>
> If cpu profiler run GetStackSample after Sub64 but before Sd src1, then
> the value between sp and fp is undefined. So it causes a error:
>
> #
> # Fatal error in ../../src/execution/frames.h, line 184
> # Debug check failed: static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES
> (70049115717448 vs. 23).
> #
> #
> #
> #FailureMessage Object: 0x7ffcf54a26c0
>
> The concrete example occurs in BaselineCompiler::Prologue()
> <https://source.chromium.org/chromium/chromium/src/+/main:v8/src/baseline/riscv64/baseline-compiler-riscv64-inl.h;l=16?q=BaselineCompiler::Prologue()&ss=chromium%2Fchromium%2Fsrc:v8%2F>
> :
>
> After run EnterFrame(StackFrame::BASELINE);
> Builtin kBaselineOutOfLinePrologue will
> Push(callee_context, callee_js_function)
> <https://source.chromium.org/chromium/chromium/src/+/main:v8/src/builtins/riscv64/builtins-riscv64.cc;l=1135>
> ;
>
> If cpu profiler run GetStackSample in
> Push(callee_context, callee_js_function)
> <https://source.chromium.org/chromium/chromium/src/+/main:v8/src/builtins/riscv64/builtins-riscv64.cc;l=1135>
> but
> before Sd(callee_context, sp + 8), will cause Debug check failed:
> static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES.
>
> Details:
>
> sp: 0x7f177f207e08
> fp:0x7f177f207e18 size: 16
> pc:0x7f178b874040
> lr:0x7f177708309c
>
> DD: 0x7f177f207e28 : 0x68c7101119
> DD: 0x7f177f207e20 : 0x7f17770844f8
> DD: 0x7f177f207e18 : 0x7f177f207e90
> DD: 0x7f177f207e10 : 0x7f177f207e90
> DD: 0x7f177f207e08 : 0x1c
> DD: 0x7f177f207e00 : 0x68c7101de9
> DD: 0x7f177f207df8 : 0x68c7101139
> DD: 0x7f177f207df0 : 0xb02
> DD: 0x7f177f207de8 : 0x68c711fc91
>
>
>
>
>
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/f35c5dfd-5aa8-4293-aef8-ac863c6c62dbn%40googlegroups.com.
