<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/126000>126000</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[BOLT] instrumented binary crashes when V8 calls JS from C++
</td>
</tr>
<tr>
<th>Labels</th>
<td>
BOLT
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
ambyjkl
</td>
</tr>
</table>
<pre>
I've been trying to optimize chromium with BOLT. After disappointing results with `perf record` (and that perf is even trickier on aarch64 due to lack of LBR), I tried using instrumentation instead, only to have the chrome renderer process crash with a segfault, which gdb revealed to be happening here when V8 tries to call JS from C++: https://source.chromium.org/chromium/chromium/src/+/main:v8/src/execution/execution.cc;drc=2176b043b513af28108c91e30d38d0ed1f0dd777;l=377
This only happens when in the bolt instrumented binary, the bolt optimized binary does not crash when V8 calls into JS.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJxsU11v6ygQ_TX4ZXQtDI4_HvyQ3CjSvaq00rbadwzjQIvBApxu9tevcJJuW61kyeA583GOz4gYzdkhDmR3ILtjIdakfRjEPF5f32wxenUdfhHWXhBGRAcpXI07Q_Lgl2Rm8w-C1MHPZp3h3SQNhz-eXkrYTwkDKBPFsnjjUs4JGFeb4g1GGrpgmCCg9EGRhgJhnXAKkhYJtpCJgJetpZFvBgN4B0IEqZsa1Ip5BivkG_gJng5_EtYT9hN-ZTgqWGNuaVxMYZ3RJZGMd9sdhcpA7-w1l9DigpD0nQZCQKcwYIAleIkxggwi6tvQAiKeJ7HalCu8ayM1nNUIAS8oLKpcb0TQYlnQ5f4aA8K7Rgd_ddtgMUOksBZ-P8MU_Aw_CTvkh-9Bp7REwveEnQg7Rb8GieVD3dKHM2Gnx_XrMQa5JR0IO83COML3l-7jO_6Ncs38P59LKQk_qCAJP7KqbUZa83FXcTGxrqKd7CvkVPFOUVTVRJVq25bwgyX8yNuW0D2h-xdt4k3IG-V442rcJujobfr0B1DBaJwI16zdR_zhokcQlMcIzqeH7nfxsmYRjEsefj-XhRq46nkvChyqlndd1TSUF3pAycZeCBx33dSqqmE1w2rX9rJusKlVX5iBUbajjDa05k3Ny0b2E58mKeqKT3SipKY4C2NLay-b6IWJccWhYg2ltLBiRBu3bWEse50wlvcmDBn_Y1zPkdTUmpjifxWSSXbbsC1hd_w_VW58MX5j_M0mxRrs8NUnZ5P0OpbSZyPklvfXjyX4V5SJsNPGIBJ2upO4DOzfAAAA__93WVEE">