[vm/ffi] SimDBC64 garbage collector crashes #37069

dcharkes · 2019-05-23T16:45:44Z

In SimDBC64, repeatedly calling one of the following functions in a benchmark causes GC crashes.

extern "C" uint16_t Function1Uint16(uint16_t x) { return x + 42; }
extern "C" uint32_t Function1Uint32(uint32_t x) { return x + 42; }
extern "C" uint64_t Function1Uint64(uint64_t x) { return x + 42; }

Crashes:

../../runtime/vm/raw_object.h: 235: error: expected: IsWellFormed()
version=2.3.2-edge.df95340f0c80795fc5d71302fb4e6ad00c38b96d (Thu May 23 10:05:36 2019 +0000) on "linux_dbc"
thread=107402, isolate=main(0x55d0d8eb5600)
  pc 0x000055d0d6c9642c fp 0x00007fd095eb5660 dart::Profiler::DumpStackTrace(void*)
  pc 0x000055d0d911c4d8 fp 0x00007fd095eb6328 Unknown symbol
  pc 0x000055d0d995f400 fp 0x00007fd095eb6488 Unknown symbol
-- End of DumpStackTrace

===== CRASH =====
si_signo=Segmentation fault(11), si_code=1, si_addr=0x10
version=2.3.2-edge.df95340f0c80795fc5d71302fb4e6ad00c38b96d (Thu May 23 10:05:36 2019 +0000) on "linux_dbc"
thread=108675, isolate=main(0x55e4b59eb600)
  pc 0x000055e4b3afe6f7 fp 0x00007ff56febd9c0 ../../dart-sdk/sdk/out/DebugSIMDBC64/dart+0x1c546f7
-- End of DumpStackTrace

I can't reproduce it with doubles, so this crash is probably related to adding unboxed integers to DBC.

Related commits: 1e30bb9, a23def4, a8b93d9

Our GC test didn't catch this.

The text was updated successfully, but these errors were encountered:

dcharkes · 2019-05-24T08:37:23Z

A try job caught it as well (trace) in our GC test. So the GC test can catch it.

dcharkes · 2019-05-24T09:29:33Z

@sjindel-google landing https://dart-review.googlesource.com/c/sdk/+/103129 made the GC crash consistently in SimDBC64 on MacOS reload. This might very well be the same root cause. Did you change anything that might make this crash much more likely?

(I'll approve the test failure for now.)

sjindel-google · 2019-05-27T09:02:05Z

I can't think of anything that might affected it directly, besides the refactoring in FGB.

dcharkes · 2019-05-27T13:54:14Z

The crash on Linux SimDBC64 involves the background compiler compiling a function while the main thread is in an FFI call trying to transition back from Native to Generated.

On the stack the Scavenger finds the address to the function that was called through the ffi and unboxed integer arguments.
In StackFrame::VisitObjectPointers the stack frame does not have a StackMap.

It looks like it's the first frame before the exit frame - so it's the frame that contains all the unboxed arguments to the ffi call.

Main Dart thread:

pthread_cond_wait@@GLIBC_2.3.2 (Unknown Source:0)
dart::Monitor::WaitMicros(dart::Monitor * this, int64_t micros) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/os_thread_linux.cc:443)
...
dart::Thread::ExitSafepoint(dart::Thread * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread.h:765)
dart::TransitionGeneratedToNative::~TransitionGeneratedToNative(dart::TransitionGeneratedToNative * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/safepoint.h:201)
dart::Simulator::Call(dart::Simulator * this, const dart::Code & code, const dart::Array & arguments_descriptor, const dart::Array & arguments, dart::Thread * thread) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/simulator_dbc.cc:1889)
dart::DartEntry::InvokeFunction(const dart::Function & function, const dart::Array & arguments, const dart::Array & arguments_descriptor, dart::uword current_sp) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/dart_entry.cc:188)
dart::DartEntry::InvokeFunction(const dart::Function & function, const dart::Array & arguments) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/dart_entry.cc:35)
dart::DartLibraryCalls::HandleMessage(const dart::Closure & handler, const dart::Instance & message) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/dart_entry.cc:691)
dart::IsolateMessageHandler::HandleMessage(dart::IsolateMessageHandler * this, std::__2::unique_ptr<dart::Message, std::__2::default_delete<dart::Message> > message) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/isolate.cc:634)
dart::MessageHandler::HandleMessages(dart::IsolateMessageHandler * this, dart::MonitorLocker * ml, bool allow_normal_messages, bool allow_multiple_normal_messages) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/message_handler.cc:218)
dart::MessageHandler::TaskCallback(dart::IsolateMessageHandler * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/message_handler.cc:417)
dart::MessageHandlerTask::Run(dart::MessageHandlerTask * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/message_handler.cc:27)
dart::ThreadPool::Worker::Loop(dart::ThreadPool::Worker * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread_pool.cc:381)
dart::ThreadPool::Worker::Main(dart::uword args) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread_pool.cc:436)
dart::ThreadStart(void * data_ptr) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/os_thread_linux.cc:134)
start_thread (Unknown Source:0)

Background compiler:

raise (Unknown Source:0)
abort (Unknown Source:0)
dart::Assert::Fail(dart::Assert * this, const char * format) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/platform/assert.cc:44)
dart::RawObject::IsSmiOrOldObject(const dart::RawObject * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/raw_object.h:235)
dart::ScavengerVisitor::ScavengePointer(dart::ScavengerVisitor * this, dart::RawObject ** p) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/scavenger.cc:185)
dart::ScavengerVisitor::VisitPointers(dart::ScavengerVisitor * this, dart::RawObject ** first, dart::RawObject ** last) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/scavenger.cc:149)
dart::StackFrame::VisitObjectPointers(dart::StackFrame * this, dart::ScavengerVisitor * visitor) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/stack_frame.cc:412)
dart::Thread::VisitObjectPointers(dart::Thread * this, dart::ScavengerVisitor * visitor, dart::ValidationPolicy validation_policy) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread.cc:708)
dart::ThreadRegistry::VisitObjectPointers(dart::ThreadRegistry * this, dart::ScavengerVisitor * visitor, dart::ValidationPolicy validate_frames) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread_registry.cc:69)
dart::Isolate::VisitStackPointers(dart::Isolate * this, dart::ScavengerVisitor * visitor, dart::ValidationPolicy validate_frames) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/isolate.cc:1987)
dart::Isolate::VisitObjectPointers(dart::Isolate * this, dart::ScavengerVisitor * visitor, dart::ValidationPolicy validate_frames) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/isolate.cc:1981)
dart::Scavenger::IterateRoots(dart::Scavenger * this, dart::Isolate * isolate, dart::ScavengerVisitor * visitor) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/scavenger.cc:668)
dart::Scavenger::Scavenge(dart::Scavenger * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/scavenger.cc:1056)
dart::Heap::CollectNewSpaceGarbage(dart::Heap * this, dart::Thread * thread, dart::Heap::GCReason reason) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/heap.cc:460)
dart::Heap::CollectGarbage(dart::Heap * this, dart::Heap::Space space) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/heap.cc:521)
dart::Heap::AllocateNew(dart::Heap * this, intptr_t size) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/heap.cc:112)
dart::Heap::Allocate(dart::Heap * this, intptr_t size, dart::Heap::Space space) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/heap/heap.h:83)
dart::Object::Allocate(intptr_t cls_id, intptr_t size, dart::Heap::Space space) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/object.cc:2157)
...
dart::BackgroundCompiler::Run(dart::BackgroundCompiler * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/compiler/jit/compiler.cc:1430)
dart::BackgroundCompilerTask::Run(dart::BackgroundCompilerTask * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/compiler/jit/compiler.cc:1512)
dart::ThreadPool::Worker::Loop(dart::ThreadPool::Worker * this) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread_pool.cc:381)
dart::ThreadPool::Worker::Main(dart::uword args) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/thread_pool.cc:436)
dart::ThreadStart(void * data_ptr) (/usr/local/google/home/dacoharkes/dart-sdk/sdk/runtime/vm/os_thread_linux.cc:134)
start_thread (Unknown Source:0)
clone (Unknown Source:0)

dcharkes · 2019-05-28T11:58:27Z

Blamelist:
50b0d85 Tue May 28 10:19 [vm/ffi] Observatory support for FFI
db599d4 Tue May 28 10:10 [vm/ffi] Fix GC crash in SimDBC
ffi/function_test/1 | Crash -> Pass ✔
on configuration dartk-reload-mac-release-simdbc64

https://dart-ci.appspot.com/changes/

@sjindel-google FYI the fix made this test consistently pass on MacOS SimDBC reload again.

And regression test for dartbug.com/37069 Fixes: #37176 Follow up of: https://dart-review.googlesource.com/c/sdk/+/103814 Bug: #37069 Change-Id: I2c791271f936580d66a48485a60ab6cddb1ba4f8 Cq-Include-Trybots: luci.dart.try:vm-ffi-android-debug-arm-try, app-kernel-linux-debug-x64-try, vm-kernel-linux-debug-simdbc64-try,vm-kernel-mac-debug-simdbc64-try,vm-kernel-reload-mac-debug-simdbc64-try,vm-kernel-linux-debug-ia32-try,vm-dartkb-linux-debug-simarm64-try,vm-kernel-win-debug-x64-try Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/104824 Commit-Queue: Daco Harkes <dacoharkes@google.com> Reviewed-by: Samir Jindel <sjindel@google.com>

This reverts commit f1038ee. Reason for revert: breaks function_gc_test on ARM64 Original change's description: > [vm/ffi] SimDBC64 align stack frame > > And regression test for dartbug.com/37069 > > Fixes: #37176 > Follow up of: https://dart-review.googlesource.com/c/sdk/+/103814 > Bug: #37069 > Change-Id: I2c791271f936580d66a48485a60ab6cddb1ba4f8 > Cq-Include-Trybots: luci.dart.try:vm-ffi-android-debug-arm-try, app-kernel-linux-debug-x64-try, vm-kernel-linux-debug-simdbc64-try,vm-kernel-mac-debug-simdbc64-try,vm-kernel-reload-mac-debug-simdbc64-try,vm-kernel-linux-debug-ia32-try,vm-dartkb-linux-debug-simarm64-try,vm-kernel-win-debug-x64-try > Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/104824 > Commit-Queue: Daco Harkes <dacoharkes@google.com> > Reviewed-by: Samir Jindel <sjindel@google.com> TBR=sjindel@google.com,dacoharkes@google.com Change-Id: Ibefa2e854f4a58b41384aca73a3bbbe86d75bf80 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: #37069 Cq-Include-Trybots: luci.dart.try:vm-ffi-android-debug-arm-try, app-kernel-linux-debug-x64-try, vm-kernel-linux-debug-simdbc64-try, vm-kernel-mac-debug-simdbc64-try, vm-kernel-reload-mac-debug-simdbc64-try, vm-kernel-linux-debug-ia32-try, vm-dartkb-linux-debug-simarm64-try, vm-kernel-win-debug-x64-try Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105840 Reviewed-by: Samir Jindel <sjindel@google.com> Commit-Queue: Samir Jindel <sjindel@google.com>

sjindel-google · 2019-06-12T22:33:28Z

Reverted the fix due to broken tests.

And regression test for dartbug.com/37069 Fixes: #37176 Follow up of: https://dart-review.googlesource.com/c/sdk/+/103814 Bug: #37069 Change-Id: I066561b487c691952496e2ca6878ac82cee0e02e Cq-Include-Trybots: luci.dart.try:vm-ffi-android-debug-arm-try, app-kernel-linux-debug-x64-try, vm-kernel-linux-debug-simdbc64-try,vm-kernel-mac-debug-simdbc64-try,vm-kernel-reload-mac-debug-simdbc64-try,vm-kernel-linux-debug-ia32-try,vm-dartkb-linux-debug-simarm64-try,vm-kernel-win-debug-x64-try Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105941 Commit-Queue: Daco Harkes <dacoharkes@google.com> Reviewed-by: Samir Jindel <sjindel@google.com>

dcharkes · 2019-06-14T16:56:40Z

Regression test landed.

dcharkes added area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. library-ffi labels May 23, 2019

dcharkes self-assigned this May 23, 2019

dcharkes added this to 1.0 in Dart VM FFI via automation May 23, 2019

dart-bot closed this as completed in db599d4 May 28, 2019

Dart VM FFI automation moved this from 1.0 to Done May 28, 2019

dcharkes mentioned this issue Jun 6, 2019

[vm/ffi] SimDBC64 stack alignment #37176

Closed

sjindel-google reopened this Jun 12, 2019

Dart VM FFI automation moved this from Done to Flutter MVP Jun 12, 2019

dcharkes closed this as completed Jun 14, 2019

Dart VM FFI automation moved this from Flutter MVP to Done Jun 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[vm/ffi] SimDBC64 garbage collector crashes #37069

[vm/ffi] SimDBC64 garbage collector crashes #37069

dcharkes commented May 23, 2019

dcharkes commented May 24, 2019

dcharkes commented May 24, 2019 •

edited

sjindel-google commented May 27, 2019

dcharkes commented May 27, 2019 •

edited

dcharkes commented May 28, 2019

sjindel-google commented Jun 12, 2019

dcharkes commented Jun 14, 2019

[vm/ffi] SimDBC64 garbage collector crashes #37069

[vm/ffi] SimDBC64 garbage collector crashes #37069

Comments

dcharkes commented May 23, 2019

dcharkes commented May 24, 2019

dcharkes commented May 24, 2019 • edited

sjindel-google commented May 27, 2019

dcharkes commented May 27, 2019 • edited

dcharkes commented May 28, 2019

sjindel-google commented Jun 12, 2019

dcharkes commented Jun 14, 2019

dcharkes commented May 24, 2019 •

edited

dcharkes commented May 27, 2019 •

edited