rusty_v8 icon indicating copy to clipboard operation
rusty_v8 copied to clipboard

Published 20 hours ago verified publisher icon denoland

`v8::String::new_from_onebyte_const` crash on Android aarch64

Open secext2022 opened this issue 1 year ago • 5 comments

Reproduce code (rusty_v8 v0.91.1):

use v8;

const DENO: v8::OneByteConst =
  v8::String::create_external_onebyte_const("Deno".as_bytes());

fn main() {
  println!("main()");

  // init v8
  let platform = v8::new_default_platform(0, false).make_shared();
  v8::V8::initialize_platform(platform);
  v8::V8::initialize();

  // create isolate and scope
  let isolate = &mut v8::Isolate::new(v8::CreateParams::default());
  let handle_scope = &mut v8::HandleScope::new(isolate);
  let context = v8::Context::new(handle_scope);
  let scope = &mut v8::ContextScope::new(handle_scope, context);

  println!("before v8::String::new_from_onebyte_const()");
  let a = v8::String::new_from_onebyte_const(scope, &DENO);

  println!("{:?}", a);
  println!("end of main");
}

compile and run on Android phone (adb shell):

violet:/data/local/tmp/v8 $ ./core_test                                                  
main()
before v8::String::new_from_onebyte_const()
Segmentation fault 
139|violet:/data/local/tmp/v8 $

crash log from adb logcat:

05-12 20:06:28.405 13889 13889 F libc    : Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x60e09bc050 in tid 13889 (core_test), pid 13889 (core_test)
05-12 20:06:28.330  3444  3444 I chatty  : uid=1000(system) /system/vendor/bin/cnss_diag identical 11 lines
05-12 20:06:28.333  3444  3444 I CNSS    : Failed to send nl message
05-12 20:06:28.438 13899 13899 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
05-12 20:06:28.440  1113  1113 I /system/bin/tombstoned: received crash request for pid 13889
05-12 20:06:28.441 13899 13899 I crash_dump64: performing dump of process 13889 (target tid = 13889)
05-12 20:06:28.443 13899 13899 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-12 20:06:28.444 13899 13899 F DEBUG   : Build fingerprint: 'xiaomi/violet/violet:10/QKQ1.190915.002/V12.5.4.0.QFHCNXM:user/release-keys'
05-12 20:06:28.444 13899 13899 F DEBUG   : Revision: '0'
05-12 20:06:28.444 13899 13899 F DEBUG   : ABI: 'arm64'
05-12 20:06:28.445 13899 13899 F DEBUG   : Timestamp: 2024-05-12 20:06:28+0800
05-12 20:06:28.445 13899 13899 F DEBUG   : pid: 13889, tid: 13889, name: core_test  >>> ./core_test <<<
05-12 20:06:28.445 13899 13899 F DEBUG   : uid: 2000
05-12 20:06:28.445 13899 13899 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x60e09bc050
05-12 20:06:28.446 13899 13899 F DEBUG   :     x0  00000060e09bc030  x1  00000060e09bc030  x2  0000000000000000  x3  0000000000000020
05-12 20:06:28.446 13899 13899 F DEBUG   :     x4  00000060df3fd182  x5  000000786080a000  x6  ffffffffffffffff  x7  ffffffffffffffff
05-12 20:06:28.446 13899 13899 F DEBUG   :     x8  00000060e09bc050  x9  0000000000000060  x10 0000000000000002  x11 000000000000000a
05-12 20:06:28.446 13899 13899 F DEBUG   :     x12 ffffffffffffffff  x13 00000060df3fd181  x14 000000000000000a  x15 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x16 00000060e09f0290  x17 0000007860e23380  x18 0000007861b1e000  x19 0000007860868000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x20 00000060e09bc030  x21 000000786082f620  x22 00000060df3fcb20  x23 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x24 0000000000000000  x25 0000000000000000  x26 0000000000000000  x27 0000000000000000
05-12 20:06:28.446 13899 13899 F DEBUG   :     x28 0000000000000000  x29 0000007ff26f3170
05-12 20:06:28.446 13899 13899 F DEBUG   :     sp  0000007ff26f3170  lr  00000060df8ce1a0  pc  00000060e09bc050
05-12 20:06:28.460 13899 13899 F DEBUG   : 
05-12 20:06:28.460 13899 13899 F DEBUG   : backtrace:
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: Function names and BuildId information is missing for some frames due
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
05-12 20:06:28.460 13899 13899 F DEBUG   :     NOTE: found under the lib/ directory are readable.
05-12 20:06:28.460 13899 13899 F DEBUG   :       #00 pc 000000000112a050  /data/local/tmp/v8/core_test (offset 0x51d000)
05-12 20:06:28.484 13899 13899 E crash_dump64: cannot open libmiuindbg.so: No such file or directory

deno_core crash on Android aarch64, so I write this code for the BUG.

https://github.com/denoland/deno_core/issues/738

secext2022 avatar May 12 '24 12:05 secext2022

It might be related to the vtable layout for one-byte consts.

mmastrac avatar May 12 '24 13:05 mmastrac

I shall say: Ouch. Mea culpa.

aapoalas avatar May 12 '24 14:05 aapoalas

I think we may just need to special case vtable layout for Android as well -- the question would be what that layout is. Perhaps the relative vtable ABI?

mmastrac avatar May 12 '24 15:05 mmastrac

Yeah; it might be as easy as applying the Windows vtable layout (only one destructor) for Android but of course the issue is testing the change.

I'm thinking of a way to, at test time, verify the vtable layout so as to ensure any issues on different platforms become build time issues instead of runtime ones.

aapoalas avatar May 13 '24 20:05 aapoalas

There is test, but just skip for Android:

https://github.com/denoland/rusty_v8/blob/4dd87b2dc1c4b5f5b33c142788021d87d3fe5bbb/tests/test_api.rs#L9109

  // one-byte "const" test
  #[cfg(not(target_os = "android"))]

secext2022 avatar May 14 '24 12:05 secext2022

根据上面几位大佬的讨论,似乎这个问题是和 vtable 有关,但是如何应该获得安卓的 vtable 呢? 这对于我来说有点超纲了,大佬们似乎也没有时间修复

AuTsing avatar Aug 18 '24 18:08 AuTsing

Can someone test if this PR fixes the crash?

littledivy avatar Aug 20 '24 13:08 littledivy

Can someone test if this PR fixes the crash?

@littledivy I'm very thank you for finding the problem.

I have tried to fix the crash following to your PR. It works.

The test is based on rusty_v8 v0.91.1(Because the new version could not be compiled, I will try it later). I build rusty_v8 at this repo with a patch according to your PR.

And the test code is same as above.

use v8;

const DENO: v8::OneByteConst =
  v8::String::create_external_onebyte_const("Deno".as_bytes());

fn main() {
  println!("main()");

  // init v8
  let platform = v8::new_default_platform(0, false).make_shared();
  v8::V8::initialize_platform(platform);
  v8::V8::initialize();

  // create isolate and scope
  let isolate = &mut v8::Isolate::new(v8::CreateParams::default());
  let handle_scope = &mut v8::HandleScope::new(isolate);
  let context = v8::Context::new(handle_scope);
  let scope = &mut v8::ContextScope::new(handle_scope, context);

  println!("before v8::String::new_from_onebyte_const()");
  let a = v8::String::new_from_onebyte_const(scope, &DENO);

  println!("{:?}", a);
  println!("end of main");
}

Before apply patch:

./target/aarch64-linux-android/debug/test_rusty_v8: 1 file pushed, 0 skipped. 92.6 MB/s (52148056 bytes in 0.537s)
main()
before v8::String::new_from_onebyte_const()

After apply patch:

./target/aarch64-linux-android/debug/test_rusty_v8: 1 file pushed, 0 skipped. 105.5 MB/s (52593560 bytes in 0.476s)
main()
before v8::String::new_from_onebyte_const()
Some(Local(0xb4000072c3873228, PhantomData<&()>))
end of main

It would not crash in this case. Maybe it would probably add the CI to verify its feasibility. I would try it next.

But I encountered some problems when compiling the new version rusty_v8, I want to solve it first.

AuTsing avatar Aug 25 '24 17:08 AuTsing

Thank you for verifying @AuTsing. The build failures seem unrelated to the fix. Maybe we can open another issue for that?

littledivy avatar Aug 26 '24 04:08 littledivy