Hi Denis,
Some non-official suggestions:
1. Enable `-DLUA_USE_APICHECK -DLUA_USE_ASSERT` in the LuaJIT build.
2. Allocate multiple LuaJIT VM instances in the same process space and
keep swapping, so that they may end up with more dramatically
different varying starting points in the virtual memory address space.
The VM uses raw addresses for many things so a different starting
point along with ASLR can change the VM behaviors.
3. Try seeding the PRNG used inside the JIT compiler with a true
random number. The seed is hard-coded to zero IIRC. Try using random
bytes from `/dev/random` or `/dev/urandom` to initialize J->prngstate
upon state initialization.
4. Use clang ASAN tool to re-build LuaJIT, but be careful about false positives.
1) and 2) are proved to be very effective according to our own LuaJIT
bug hunting experiences. We are gonna try 3) and 4) ourselves in our
next hunting endeavor as well.
More importantly, instead of trying to make the issue reproducible, we
could also tackle the issue from another angle. That is, we could
*record* down one bad run if we could reproduce it for at least *once*
using tools like Mozilla rr, and then replay it forward or backward.
We recently successfully used Mozilla rr to help Mike Pall track down
a obscure JIT stack overflow bug a couple of months ago (though it's
not related to GC64, but still pretty hard to reproduce even with our
real world OpenResty application code base, which is 2MB+ of Lua
source). The ability to use data breakpoint and continue backward from
the crashing site was incredibly helpful and made the bug hunting
process not just easy but also fun :) Of course, we still needed
Mike's remote guide through this process, but it became much much
easier than those old days without rr.
Well, just my 2 cents.
Best regards,
Yichun
On Thu, Aug 24, 2017 at 12:56 PM, Denis Golovan <denis.golovan@xxxxxxxxx> wrote:
Hi all
I am still trying to narrow the last GC64 bugs left.
But it's not that easy. They become much less frequent, but still happening.
I am wondering - are there any VM params to stress JIT compiler
possibly increasing the chance of getting bugs?
BR,
Denis
