[vm/ffi] structs test on android arm32: gc relocation bug #37511
Comments
dcharkes
added
area-vm
|
I have trouble reproducing this locally. Build command on bot: Build command locally: I have the same flags, and I do not see a separate Test command on bot: Click to expand.Test command locally (with an Android 64bit device): Click to expand.This also passes the same flags ( /cc @sjindel-google Is there something I missed w.r.t. the ffi-product bot? Otherwise it might be due to the specific hardware (my phone), and I can try to debug it on the bot. Looking in to the code without being able to reproduce it locallyThere aren't any obvious calls to |
|
This crash got fixed by enabling the constant update.
|
|
What was the original problem? |
|
I'm hoping to be able to find that out with the two different behaviors now, but I'm not able to reproduce it locally. If you have any suggestions on how to reproduce it locally, I'm open for suggestions. I suspect it's something with constants being treated differently in product mode before the constant update. But it might also be a spurious correlation. |
|
One possibility is that we are incorrectly allocating an instance of |
RawObject* Object::Allocate(intptr_t cls_id, intptr_t size, Heap::Space space) {
// ...
ASSERT(cls_id != Integer::kClassId);The above does not get triggered on the bot, so it does not look like we actually allocate an Commit 629f38c made product-mode hit unreachable again. So it looks like a spurious correlation. Moreover, the debug-mode now segfaults. I'll see if the debug-mode crash reproduces locally. (edit: No, it doesn't.) Otherwise, I'll continue on the build bot. Edit: Copying over my locally-built sdk to the bot does not trigger the crash. Neither does using the bot-built sdk on my machine. Only the combination of the bot-built sdk and the phone connected to the bot trigger this crash. |
dcharkes
changed the title
|
Another thing you can try is adding an assert to DART_FORCE_INLINE void Object::SetRaw(RawObject* value) {
NoSafepointScope no_safepoint_scope;
raw_ = value;
if ((reinterpret_cast<uword>(value) & kSmiTagMask) == kSmiTag) {
set_vtable(Smi::handle_vtable_);
return;
}
intptr_t cid = value->GetClassId();
// Free-list elements cannot be wrapped in a handle.
ASSERT(cid != kFreeListElement);
ASSERT(cid != kForwardingCorpse);
if (cid >= kNumPredefinedCids) {
cid = kInstanceCid;
}
set_vtable(builtin_vtables_[cid]);
#if defined(DEBUG)
if (FLAG_verify_handles) {
Isolate* isolate = Isolate::Current();
Heap* isolate_heap = isolate->heap();
Heap* vm_isolate_heap = Dart::vm_isolate()->heap();
uword addr = RawObject::ToAddr(raw_);
if (!isolate_heap->Contains(addr) && !vm_isolate_heap->Contains(addr)) {
ASSERT(FLAG_write_protect_code);
addr = RawObject::ToAddr(HeapPage::ToWritable(raw_));
ASSERT(isolate_heap->Contains(addr) || vm_isolate_heap->Contains(addr));
}
}
#endif
} |
dcharkes
changed the title
|
The last debug build that crashed reproduced locally. The test can be boiled down to this: // VMOptions=--deterministic
import 'dart:ffi';
const highAddress32bit = 0xFFFFFFF0;
const highAddress64bit = 0xFFFFFFFFFFFFFFF0;
final int highAddress =
sizeOf<IntPtr>() == 4 ? highAddress32bit : highAddress64bit;
final Pointer<Int64> c1 = Pointer.fromAddress(highAddress);
final double ten = 10.0;
void main() {
for (int i = 0; i < 300000; i++) {
if (i % 1000 == 0) print(i);
Pointer<Double> field = c1.cast();
}
}The bug happened when first a Pointer is allocated, and subsequently a Mint. The above regression test relies on many allocations to trigger the garbage collection bug. We should improve this test by triggering a garbage collection on the n-th allocation. I'll land the fix today, and make a proper regression test when I get back. edit: link to specific commit for regression test testing: 83d2aaa |
Issue: #37511 Change-Id: Ibabe6a49b6fe38032da544a6520bdc398d496ba0 Cq-Include-Trybots: luci.dart.try:vm-ffi-android-debug-arm-try, app-kernel-linux-debug-x64-try, vm-kernel-linux-debug-simdbc64-try,vm-kernel-linux-debug-ia32-try,vm-dartkb-linux-debug-simarm64-try,vm-kernel-win-debug-x64-try,vm-kernel-win-debug-ia32-try,vm-dartkb-linux-debug-x64-try,vm-kernel-precomp-linux-debug-x64-try,vm-ffi-android-product-arm-try,vm-ffi-android-release-arm-try Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/108805 Auto-Submit: Daco Harkes <dacoharkes@google.com> Reviewed-by: Samir Jindel <sjindel@google.com> Commit-Queue: Samir Jindel <sjindel@google.com>
After landing support for structs in 32 bit (#36334) one of the tests now enabled for 32 bit arm fails. However, it only fails in product mode (log).
Unreachable code that is hit:
The text was updated successfully, but these errors were encountered: