-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v6 has buffer issues on Fedora 24 #6272
Comments
/cc @trevnorris |
FWIW, I run x86_64 FC24 as well and |
16 GB
BTW I don't need to compile it myself. It also fails with the latest RC. |
That's not too different from my setup. What do the stack traces in gdb look like? What happens with a debug build? ( |
It doesn't crash with a debug build. |
Is the stack trace always the same? Maybe you can add some printf statements to Just to be sure, it dies with a SIGSEGV, not e.g. a SIGILL? Did you check the disassembly and the registers at the crash site? |
Does that mean |
Yes |
void IncrementalMarking::ActivateIncrementalWriteBarrier() {
PrintF("ActivateIncrementalWriteBarrier\n");
ActivateIncrementalWriteBarrier(heap_->old_space());
ActivateIncrementalWriteBarrier(heap_->map_space());
ActivateIncrementalWriteBarrier(heap_->code_space());
ActivateIncrementalWriteBarrier(heap_->new_space());
LargePage* lop = heap_->lo_space()->first_page();
while (lop->is_valid()) {
PrintF(lop->is_valid() ? "valid\n" : "not valid\n");
PrintF(lop == nullptr ? "null\n" : "not null\n");
SetOldSpacePageFlags(lop, true, is_compacting_);
lop = lop->next_page();
}
}
|
I think you're hitting undefined behavior in V8. The The reason you're seeing crashes and I don't is presumably because I haven't upgraded my copy of g++ yet. For the record, here is what I'm currently building with:
|
Yeah I was also thinking about a difference of compilers. This is my version:
So is this a bug on V8's side ? With the following patch, all our tests pass again: diff --git a/deps/v8/src/heap/incremental-marking.cc b/deps/v8/src/heap/incremental-marking.cc
index ce6f6ee..ab61576 100644
--- a/deps/v8/src/heap/incremental-marking.cc
+++ b/deps/v8/src/heap/incremental-marking.cc
@@ -404,7 +404,7 @@ void IncrementalMarking::DeactivateIncrementalWriteBarrier() {
DeactivateIncrementalWriteBarrierForSpace(heap_->new_space());
LargePage* lop = heap_->lo_space()->first_page();
- while (lop->is_valid()) {
+ while (lop != nullptr) {
SetOldSpacePageFlags(lop, false, false);
lop = lop->next_page();
}
@@ -436,7 +436,7 @@ void IncrementalMarking::ActivateIncrementalWriteBarrier() {
ActivateIncrementalWriteBarrier(heap_->new_space());
LargePage* lop = heap_->lo_space()->first_page();
- while (lop->is_valid()) {
+ while (lop != nullptr) {
SetOldSpacePageFlags(lop, true, is_compacting_);
lop = lop->next_page();
} |
I think that explains it. I'd report it to V8. |
https://gcc.gnu.org/gcc-6/changes.html Value range propagation now assumes that the |
Found the related V8 issue: https://bugs.chromium.org/p/v8/issues/detail?id=3782 |
Enabling |
V8 erroneously does null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Enable -fno-delete-null-pointer-checks to circumvent this issue. Ref: nodejs#6272
this was fixed in https://codereview.chromium.org/1900423002 (as part of a bigger change). You could backport the pieces (lop->is_valid() -> LargePage::IsValid(lop)) We should not call methods on this == nullptr as this is undefined behavior, so I'd rather not disable this optimization but fix the places that incorrectly use this == nullptr. |
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: #6272 PR-URL: #6669 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: #6272 PR-URL: #6669 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs/node#6272 PR-URL: nodejs/node#6669 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
V8 erroneously did null pointer checks on `this`. It can lead to a SIGSEGV crash if node is compiled with GCC 6. Backport relevant changes from [1] that fix this issue. [1]: https://codereview.chromium.org/1900423002 Fixes: nodejs#6272 PR-URL: nodejs#6544 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
make test
output:test/parallel/test-buffer-slow.js
segfaults atSlowBuffer(buffer.kMaxLength)
test/parallel/test-fs-read-buffer-tostring-fail.js
atfs.read(fd, kStringMaxLength + 1, ...
test/parallel/test-fs-readfile-tostring-fail.js
similarly atfs.readFile(file, ...)
Is there anything I can do to investigate this issue ?
The text was updated successfully, but these errors were encountered: