Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v8::String::new_from_onebyte_const crash on Android aarch64 #1475

Closed
secext2022 opened this issue May 12, 2024 · 9 comments · Fixed by #1581
Closed

v8::String::new_from_onebyte_const crash on Android aarch64 #1475

secext2022 opened this issue May 12, 2024 · 9 comments · Fixed by #1581
Labels
bug Something isn't working

Comments

@secext2022
Copy link

Reproduce code (rusty_v8 v0.91.1):

use v8;

const DENO: v8::OneByteConst =
  v8::String::create_external_onebyte_const("Deno".as_bytes());

fn main() {
  println!("main()");

  // init v8
  let platform = v8::new_default_platform(0, false).make_shared();
  v8::V8::initialize_platform(platform);
  v8::V8::initialize();

  // create isolate and scope
  let isolate = &mut v8::Isolate::new(v8::CreateParams::default());
  let handle_scope = &mut v8::HandleScope::new(isolate);
  let context = v8::Context::new(handle_scope);
  let scope = &mut v8::ContextScope::new(handle_scope, context);

  println!("before v8::String::new_from_onebyte_const()");
  let a = v8::String::new_from_onebyte_const(scope, &DENO);

  println!("{:?}", a);
  println!("end of main");
}

compile and run on Android phone (adb shell):

violet:/data/local/tmp/v8 $ ./core_test                                                  
main()
before v8::String::new_from_onebyte_const()
Segmentation fault 
139|violet:/data/local/tmp/v8 $ 

crash log from adb logcat:

05-12 20:06:28.405 13889 13889 F libc    : Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x60e09bc050 in tid 13889 (core_test), pid 13889 (core_test)
05-12 20:06:28.330  3444  3444 I chatty  : uid=1000(system) /system/vendor/bin/cnss_diag identical 11 lines
05-12 20:06:28.333  3444  3444 I CNSS    : Failed to send nl message
05-12 20:06:28.438 13899 13899 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
05-12 20:06:28.440  1113  1113 I /system/bin/tombstoned: received crash request for pid 13889
05-12 20:06:28.441 13899 13899 I crash_dump64: performing dump of process 13889 (target tid = 13889)
05-12 20:06:28.443 13899 13899 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-12 20:06:28.444 13899 13899 F DEBUG   : Build fingerprint: 'xiaomi/violet/violet:10/QKQ1.190915.002/V12.5.4.0.QFHCNXM:user/release-keys'
05-12 20:06:28.444 13899 13899 F DEBUG   : Revision: '0'
05-12 20:06:28.444 13899 13899 F DEBUG   : ABI: 'arm64'
05-12 20:06:28.445 13899 13899 F DEBUG   : Timestamp: 2024-05-12 20:06:28+0800
05-12 20:06:28.445 13899 13899 F DEBUG   : pid: 13889, tid: 13889, name: core_test  >>> ./core_test <<<
05-12 20:06:28.445 13899 13899 F DEBUG   : uid: 2000
05-12 20:06:28.445 13899 13899 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x60e09bc050
05-12 20:06:28.446 13899 13899 F DEBUG   :     x0  00000060e09bc030  x1  00000060e09bc030  x2  0000000000000000  x3  0000000000000020
05-12 20:06:28.446 13899 13899 F DEBUG   :     x4  00000060df3fd182  x5  000000786080a000  x6  ffffffffffffffff  x7  ffffffffffffffff
05-12 20:06:28.446 13899 13899 F DEBUG   :     x8  00000060e09bc050  x9  0000000000000060  x10 0000000000000002  x11 000000000000000a
05-12 20:06:28.446 13899 13899 F DEBUG   :     x12 ffffffffffffffff  x13 00000060df3fd181  x14 000000000000000a  x15 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x16 00000060e09f0290  x17 0000007860e23380  x18 0000007861b1e000  x19 0000007860868000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x20 00000060e09bc030  x21 000000786082f620  x22 00000060df3fcb20  x23 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x24 0000000000000000  x25 0000000000000000  x26 0000000000000000  x27 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x28 0000000000000000  x29 0000007ff26f3170
05-12 20:06:28.446 13899 13899 F DEBUG   :     sp  0000007ff26f3170  lr  00000060df8ce1a0  pc  00000060e09bc050
05-12 20:06:28.460 13899 13899 F DEBUG   : 
05-12 20:06:28.460 13899 13899 F DEBUG   : backtrace:
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: Function names and BuildId information is missing for some frames due
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: found under the lib/ directory are readable.
05-12 20:06:28.460 13899 13899 F DEBUG   :       #00 pc 000000000112a050  /data/local/tmp/v8/core_test (offset 0x51d000)
05-12 20:06:28.484 13899 13899 E crash_dump64: cannot open libmiuindbg.so: No such file or directory

deno_core crash on Android aarch64, so I write this code for the BUG.

denoland/deno_core#738

@mmastrac
Copy link
Contributor

It might be related to the vtable layout for one-byte consts.

@aapoalas
Copy link
Contributor

I shall say: Ouch. Mea culpa.

@ry ry added the bug Something isn't working label May 12, 2024
@mmastrac
Copy link
Contributor

I think we may just need to special case vtable layout for Android as well -- the question would be what that layout is. Perhaps the relative vtable ABI?

@aapoalas
Copy link
Contributor

Yeah; it might be as easy as applying the Windows vtable layout (only one destructor) for Android but of course the issue is testing the change.

I'm thinking of a way to, at test time, verify the vtable layout so as to ensure any issues on different platforms become build time issues instead of runtime ones.

@secext2022
Copy link
Author

There is test, but just skip for Android:

// one-byte "const" test

  // one-byte "const" test
  #[cfg(not(target_os = "android"))]

@AuTsing
Copy link

AuTsing commented Aug 18, 2024

根据上面几位大佬的讨论,似乎这个问题是和 vtable 有关,但是如何应该获得安卓的 vtable 呢?
这对于我来说有点超纲了,大佬们似乎也没有时间修复

@littledivy
Copy link
Member

Can someone test if this PR fixes the crash?

@AuTsing
Copy link

AuTsing commented Aug 25, 2024

Can someone test if this PR fixes the crash?

@littledivy I'm very thank you for finding the problem.

I have tried to fix the crash following to your PR.
It works.

The test is based on rusty_v8 v0.91.1(Because the new version could not be compiled, I will try it later).
I build rusty_v8 at this repo with a patch according to your PR.

And the test code is same as above.

use v8;

const DENO: v8::OneByteConst =
  v8::String::create_external_onebyte_const("Deno".as_bytes());

fn main() {
  println!("main()");

  // init v8
  let platform = v8::new_default_platform(0, false).make_shared();
  v8::V8::initialize_platform(platform);
  v8::V8::initialize();

  // create isolate and scope
  let isolate = &mut v8::Isolate::new(v8::CreateParams::default());
  let handle_scope = &mut v8::HandleScope::new(isolate);
  let context = v8::Context::new(handle_scope);
  let scope = &mut v8::ContextScope::new(handle_scope, context);

  println!("before v8::String::new_from_onebyte_const()");
  let a = v8::String::new_from_onebyte_const(scope, &DENO);

  println!("{:?}", a);
  println!("end of main");
}

Before apply patch:

./target/aarch64-linux-android/debug/test_rusty_v8: 1 file pushed, 0 skipped. 92.6 MB/s (52148056 bytes in 0.537s)
main()
before v8::String::new_from_onebyte_const()

After apply patch:

./target/aarch64-linux-android/debug/test_rusty_v8: 1 file pushed, 0 skipped. 105.5 MB/s (52593560 bytes in 0.476s)
main()
before v8::String::new_from_onebyte_const()
Some(Local(0xb4000072c3873228, PhantomData<&()>))
end of main

It would not crash in this case.
Maybe it would probably add the CI to verify its feasibility.
I would try it next.

But I encountered some problems when compiling the new version rusty_v8,
I want to solve it first.

@littledivy
Copy link
Member

Thank you for verifying @AuTsing. The build failures seem unrelated to the fix. Maybe we can open another issue for that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants