Issue 915 in v8: liveedit iterates incorrectly over the pointers in the stack
codesite...@google.com
Owner: peter.rybin
Labels: Type-Bug Priority-Medium
New issue 915 by erik.corry: liveedit iterates incorrectly over the
pointers in the stack
http://code.google.com/p/v8/issues/detail?id=915
In VisitPointers in liveedit.cc we iterate over the heap and collect
pointers to the code objects. These are later fixed in the Replace method
lower down.
This way of doing things doesn't work. The pointers you get in
VisitPointers are not necessarily valid after you return from
VisitPointers. See for example StackFrame::IteratePc in frames.cc. Here
the pointer passed to the visitor is a local variable on the stack. By the
time the Replace method runs this is a stray pointer pointing into some
random place on or below the stack. There are other places, particularly
on 64 bit where there is no straight pointer on the heap. In these cases
we also have to do something similar to StackFrame::IteratePc where a
temporary on the stack is passed to the visitor.
This bug was found with the help of valgrind. There are no known crashes
yet.
codesite...@google.com
Comment #1 on issue 915 by peter.rybin: liveedit iterates incorrectly over
http://code.google.com/p/v8/issues/detail?id=915
Oh yeah, that's bad. Thanks a lot for catching this.
Unfortunately I've forgot why I first collected all references and then
changed them all in once.
Do you think it would be safe to update references right when iterating?
Peter
codesite...@google.com
Status: Fixed
Comment #2 on issue 915 by peter.ry...@gmail.com: liveedit iterates
Fixed in http://codereview.chromium.org/10332101/