Weird Crash Occur When Using Snapshot With CodeCache

[王梓童]

I try to use both snapshot and codecache to reduce page load time. All going well when I use snapshot or codecache alone. However, when I create codecache for index.js with an engine without snapshot first, then create snapshot for startup.js, then create an engine loading index.js with both snapshot and codecache, crash occurs. Here is stacktrace:

com.facebook.react.JavaScript (61)#0 0x000000010c7f9a16 in bool v8::internal::IsInRange<v8::internal::InstanceType, v8::internal::InstanceType>(v8::internal::InstanceType, v8::internal::InstanceType, v8::internal::InstanceType) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/utils/utils.h:69

#1 0x000000010c7f9a16 in v8::internal::InstanceTypeChecker::IsString(v8::internal::InstanceType) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/objects/instance-type-inl.h:33

#2 0x000000010c7f9a16 in v8::internal::HeapObject::IsString(v8::internal::Isolate*) const [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/objects/instance-type-inl.h:64

#3 0x000000010c7f9a12 in v8::internal::HeapObject::IsThinString(v8::internal::Isolate*) const [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/objects/objects-inl.h:205

#4 0x000000010c7f9a12 in v8::internal::HeapObject::IsThinString() const [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/objects/objects-inl.h:204

#5 0x000000010c7f9a12 in v8::internal::Deserializer::GetBackReferencedObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:364

#6 0x000000010c7f89b8 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)8, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:813

#7 0x000000010c7f899a in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:579

#8 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#9 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#10 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#11 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#12 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#13 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#14 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#15 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#16 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#17 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#18 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#19 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#20 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#21 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#22 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#23 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#24 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#25 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#26 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#27 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#28 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#29 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#30 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#31 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#32 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#33 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#34 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#35 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#36 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#37 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#38 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#39 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#40 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#41 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#42 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#43 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#44 0x000000010c7faa8d in v8::internal::Deserializer::ReadObject(v8::internal::SnapshotSpace) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:394

#45 0x000000010c7f89d4 in v8::internal::FullMaybeObjectSlot v8::internal::Deserializer::ReadDataCase<v8::internal::FullMaybeObjectSlot, (v8::internal::SerializerDeserializer::Bytecode)0, (v8::internal::SnapshotSpace)6>(v8::internal::Isolate*, v8::internal::FullMaybeObjectSlot, unsigned long, unsigned char, bool) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:810

#46 0x000000010c7f89ba in bool v8::internal::Deserializer::ReadData<v8::internal::FullMaybeObjectSlot>(v8::internal::FullMaybeObjectSlot, v8::internal::FullMaybeObjectSlot, v8::internal::SnapshotSpace, unsigned long) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/deserializer.cc:576

#47 0x000000010c7fc244 in v8::internal::RootVisitor::VisitRootPointer(v8::internal::Root, char const*, v8::internal::FullObjectSlot) [inlined] at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/objects/visitors.h:73

#48 0x000000010c7fc22c in v8::internal::ObjectDeserializer::Deserialize(v8::internal::Isolate*) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/object-deserializer.cc:45

#49 0x000000010c7fc070 in v8::internal::ObjectDeserializer::DeserializeSharedFunctionInfo(v8::internal::Isolate*, v8::internal::SerializedCodeData const*, v8::internal::Handle<v8::internal::String>) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/object-deserializer.cc:29

#50 0x000000010c7f6e70 in v8::internal::CodeSerializer::Deserialize(v8::internal::Isolate*, v8::internal::ScriptData*, v8::internal::Handle<v8::internal::String>, v8::ScriptOriginOptions) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/snapshot/code-serializer.cc:289

#51 0x000000010c42971a in v8::internal::Compiler::GetSharedFunctionInfoForScript(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>, v8::internal::Compiler::ScriptDetails const&, v8::ScriptOriginOptions, v8::Extension*, v8::internal::ScriptData*, v8::ScriptCompiler::CompileOptions, v8::ScriptCompiler::NoCacheReason, v8::internal::NativesFlag) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/codegen/compiler.cc:2024

#52 0x000000010c398b1a in v8::ScriptCompiler::CompileUnboundInternal(v8::Isolate*, v8::ScriptCompiler::Source*, v8::ScriptCompiler::CompileOptions, v8::ScriptCompiler::NoCacheReason) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/api/api.cc:2435

#53 0x000000010c39909f in v8::ScriptCompiler::Compile(v8::Local<v8::Context>, v8::ScriptCompiler::Source*, v8::ScriptCompiler::CompileOptions, v8::ScriptCompiler::NoCacheReason) at /Volumes/EXTREME SSD/Documents/depot_tools/v8/v8/src/api/api.cc:2466

#54 0x000000010c36ed77 in facebook::V8Runtime::ExecuteScript(v8::Isolate*, v8::Local<v8::String> const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) at /Users/wangzitong/Documents/v8executor/src/v8runtime/V8Runtime.mm:317

#55 0x000000010c371131 in facebook::V8Runtime::evaluateJavaScript(std::__1::shared_ptr<facebook::jsi::Buffer const> const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) at /Users/wangzitong/Documents/v8executor/src/v8runtime/V8Runtime.mm:746

#56 0x000000010a762f72 in facebook::react::JSIExecutor::loadApplicationScript(std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >) at /Users/wangzitong/Documents/imeituan/Pods/React-jsiexecutor/src/jsireact/JSIExecutor.cpp:126

#57 0x000000010a73a3f9 in facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0::operator()(facebook::react::JSExecutor*) at /Users/wangzitong/Documents/imeituan/Pods/React-cxxreact/src/NativeToJsBridge.cpp:119

#58 0x000000010a73a2a2 in decltype(std::__1::forward<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0&>(fp)(std::__1::forward<facebook::react::JSExecutor*>(fp0))) std::__1::__invoke<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0&, facebook::react::JSExecutor*>(facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0&, facebook::react::JSExecutor*&&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/type_traits:3545

#59 0x000000010a73a242 in void std::__1::__invoke_void_return_wrapper<void>::__call<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0&, facebook::react::JSExecutor*>(facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0&, facebook::react::JSExecutor*&&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/__functional_base:348

#60 0x000000010a73a1f2 in std::__1::__function::__alloc_func<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0, std::__1::allocator<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0>, void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*&&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1546

#61 0x000000010a738cb3 in std::__1::__function::__func<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0, std::__1::allocator<facebook::react::NativeToJsBridge::loadApplication(std::__1::unique_ptr<facebook::react::RAMBundleRegistry, std::__1::default_delete<facebook::react::RAMBundleRegistry> >, std::__1::unique_ptr<facebook::react::JSBigString const, std::__1::default_delete<facebook::react::JSBigString const> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >)::$_0>, void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*&&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1720

#62 0x000000010a74601d in std::__1::__function::__value_func<void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*&&) const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1873

#63 0x000000010a745fa0 in std::__1::function<void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*) const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:2548

#64 0x000000010a745f68 in facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7::operator()() const at /Users/wangzitong/Documents/imeituan/Pods/React-cxxreact/src/NativeToJsBridge.cpp:269

#65 0x000000010a745edd in decltype(std::__1::forward<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7&>(fp)()) std::__1::__invoke<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7&>(facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/type_traits:3545

#66 0x000000010a745e8d in void std::__1::__invoke_void_return_wrapper<void>::__call<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7&>(facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/__functional_base:348

#67 0x000000010a745e5d in std::__1::__function::__alloc_func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7>, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1546

#68 0x000000010a7449be in std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_7>, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1720

#69 0x000000010a5c6755 in std::__1::__function::__value_func<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1873

#70 0x000000010a5c5e15 in std::__1::function<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:2548

#71 0x000000010a5c5b88 in facebook::react::tryAndReturnError(std::__1::function<void ()> const&) at /Users/wangzitong/Documents/imeituan/Pods/React/React/CxxModule/RCTCxxUtils.mm:72

#72 0x000000010a61ccd1 in facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) at /Users/wangzitong/Documents/imeituan/Pods/React/React/CxxBridge/RCTMessageThread.mm:59

#73 0x000000010a621d43 in facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1::operator()() const at /Users/wangzitong/Documents/imeituan/Pods/React/React/CxxBridge/RCTMessageThread.mm:72

#74 0x000000010a621ccd in decltype(std::__1::forward<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1&>(fp)()) std::__1::__invoke<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1&>(facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/type_traits:3545

#75 0x000000010a621c7d in void std::__1::__invoke_void_return_wrapper<void>::__call<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1&>(facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1&) at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/__functional_base:348

#76 0x000000010a621c4d in std::__1::__function::__alloc_func<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1, std::__1::allocator<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1>, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1546

#77 0x000000010a6207ae in std::__1::__function::__func<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1, std::__1::allocator<facebook::react::RCTMessageThread::runOnQueue(std::__1::function<void ()>&&)::$_1>, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1720

#78 0x000000010a5c6755 in std::__1::__function::__value_func<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1873

#79 0x000000010a5c5e15 in std::__1::function<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:2548

#80 0x000000010a61c92c in invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) at /Users/wangzitong/Documents/imeituan/Pods/React/React/CxxBridge/RCTMessageThread.mm:39

#81 0x00007fff203a85db in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ ()

#82 0x00007fff203a79ef in __CFRunLoopDoBlocks ()

#83 0x00007fff203a2a6d in __CFRunLoopRun ()

#84 0x00007fff203a1b9e in CFRunLoopRunSpecific ()

#85 0x000000010a596071 in +[RCTCxxBridge runRunLoop] at /Users/wangzitong/Documents/imeituan/Pods/React/React/CxxBridge/RCTCxxBridge.mm:272

#86 0x00007fff2086f521 in __NSThread__start__ ()

#87 0x00007fff5dcdc109 in _pthread_start ()

#88 0x00007fff5dcd7b8b in thread_start ()

And I have digged out some facts:

1. If codecache is created with an engine that is already attached with a snapshot, not an empty engine, no crash.

2. If I annotate some code below in startup.js, no crash.

function shouldUseNative() {
    var test3 = {};
    'abcdefghijklmnopqrst'.split('').forEach(function (letter) {
      test3[letter] = letter;
    });
    if (Object.keys(test3).join('') !== 'abcdefghijklmnopqrst') {
      return false;
    }
    return true;
}
shouldUseNative();

V8 version:7.8.279.23

Can someone know what causes the crash? Thanks.

[Leszek Swirski]

Generally, pretty much all of V8 (aside from initialization) assumes that the snapshot is deserialized and the objects in it are available. This includes the code cache serializer/deserializer. Otherwise, things are gonna go wrong -- here, for example, you're probably seeing a null string map (since the string map is in the snapshot).

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CABaRidUYgN-6ovpJgoHraMtGWx_Nf226UgaN5SZ%2B97ohQsTnUw%40mail.gmail.com.

[王梓童]

Thanks for your reply. Could you explain what can cause objects in snapshot but are not available with code cache?

[Leszek Swirski]

The snapshot contains "root" objects that are the same for every V8 instance - the code cache knows these are roots, so it doesn't serialise them because it assumes they'll be available on deserialisation.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/c3f4668d-cf4c-48a7-abb0-eb4809ec1678n%40googlegroups.com.

[Qingyan Li]

Got the same problem And here is what I found:
 
The root cause is that the ReadOnlyHeap section in snapshot do not match between the one creating codecache and the one loading codecache.
CodeSerializer encodes readonly objects as chunk-index/offset of the ReadOnlySpace, so decoding codecache against unmatched snapshot would cause error.
 
And the unmatch is caused by Heap::single_character_string_cache(), the content of this cache vary depending on scripts runned by SnapshotCreator.
When StartupSerializer visits single_character_string_cache, it calls SerializeUsingReadOnlyObjectCache to serialize readonly objects. So the order of
readonly objects varies.
 
Here is a patch I think would mitigate this problem.
 
diff --git a/src/snapshot/read-only-serializer.cc b/src/snapshot/read-only-serializer.cc
index 06c5094782..1e13232150 100644
--- a/src/snapshot/read-only-serializer.cc
+++ b/src/snapshot/read-only-serializer.cc
@@ -66,6 +66,23 @@ void ReadOnlySerializer::SerializeObjectImpl(Handle<HeapObject> obj) {
 #endif
 }
 
+namespace {
+
+void ResetSingleCharacterStringCache(Isolate* isolate) {
+  DisallowGarbageCollection no_gc;
+  FixedArray cache = isolate->heap()->single_character_string_cache();
+  HeapObject undefined = ReadOnlyRoots(isolate).undefined_value();
+
+  for (int i = 0; i < cache.length(); ++i) {
+    HeapObject obj = HeapObject::cast(cache.get(i));
+    if (ReadOnlyHeap::Contains(obj) && obj.IsInternalizedString()) {
+      cache.set(i, undefined);
+    }
+  }
+}
+
+}
+
 void ReadOnlySerializer::SerializeReadOnlyRoots() {
   // No active threads.
   CHECK_NULL(isolate()->thread_manager()->FirstThreadStateInUse());
@@ -73,6 +90,8 @@ void ReadOnlySerializer::SerializeReadOnlyRoots() {
   CHECK_IMPLIES(!allow_active_isolate_for_testing(),
                 isolate()->handle_scope_implementer()->blocks()->empty());
 
+  ResetSingleCharacterStringCache(isolate());
+
   ReadOnlyRoots(isolate()).Iterate(this);

[王梓童]

Thanks a lot! There is no crash after modifying the code. Can I add a friend with you for further discussion about V8？

[Leszek Swirski]

Sure, please feel free to post more questions to this mailing list.

--

--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/8c2f6a42-f341-4a9c-8a49-593890c258f0n%40googlegroups.com.