info.This().GetAlignedPointerFromInternalField() crashes in property callbacks when applied to global object?

[ken...@cloudflare.com]

Hi,

I'm trying to understand what I'm doing wrong here.

I have created an ObjectTemplate for the global object which contains a method, a property, and an internal field. After creating the context, I use Global()->SetAlignedPointerInInternalField() to set a pointer on the object, then I call the function and read the property.

In the function callback, I'm able to read the pointer from the internal field as expected.

However, in the property callback, GetAlignedPointerInInternalField() crashes!

InternalFieldCount(), though, still returns the actual number of internal fields I allocated. So it seems like it's *supposed* to be the right object.

OTOH, GetIdentityHash() returns something that doesn't match context.Global()->GetIdentityHash(), whereas in the function callback these do match.

I'm using v8 at commit 49d32849b3e67b1fa05f5f7aeea57dd83634adb9 (April 14).

Sample code and output below.

Surely people have created properties on the global object before, so I must be doing it wrong. What's the right way to do it?

Thanks,

-Kenton

==================================

CODE

==================================

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <libplatform/libplatform.h>

#include <v8.h>

void funcCallback(const v8::FunctionCallbackInfo<v8::Value>& info) {

  printf("in func()\n");

  printf("  this identity = %x\n", info.This()->GetIdentityHash());

  printf("  holder identity = %x\n", info.Holder()->GetIdentityHash());

  printf("  InternalFieldCount = %d\n", info.This()->InternalFieldCount());

  // This works fine.

  printf("  GetAlignedPointerFromInternalField(0) = %s\n",

      (const char*)info.This()->GetAlignedPointerFromInternalField(0));

}

void propCallback(v8::Local<v8::Name>, const v8::PropertyCallbackInfo<v8::Value>& info) {

  printf("getting prop\n");

  printf("  this identity = %x\n", info.This()->GetIdentityHash());

  printf("  holder identity = %x\n", info.Holder()->GetIdentityHash());

  printf("  InternalFieldCount = %d\n", info.This()->InternalFieldCount());

  // THIS CRASHES

  printf("  GetAlignedPointerFromInternalField(0) = %s\n",

      (const char*)info.This()->GetAlignedPointerFromInternalField(0));

}

int main(int argc, char* argv[]) {

  // Initialize V8.

  v8::V8::SetFlagsFromCommandLine(&argc, argv, true);

  v8::V8::InitializeICUDefaultLocation(argv[0]);

  v8::V8::InitializeExternalStartupData(argv[0]);

  v8::Platform* platform = v8::platform::CreateDefaultPlatform();

  v8::V8::InitializePlatform(platform);

  v8::V8::Initialize();

  v8::Isolate::CreateParams create_params;

  create_params.array_buffer_allocator =

      v8::ArrayBuffer::Allocator::NewDefaultAllocator();

  v8::Isolate* isolate = v8::Isolate::New(create_params);

  {

    v8::Isolate::Scope isolate_scope(isolate);

    v8::HandleScope handle_scope(isolate);

    // Create global ObjectTemplate.

    auto globalInstanceTmpl = v8::ObjectTemplate::New(isolate);

    globalInstanceTmpl->SetInternalFieldCount(123);

    globalInstanceTmpl->Set(isolate, "func", v8::FunctionTemplate::New(isolate, &funcCallback));

    globalInstanceTmpl->SetAccessor(

        v8::String::NewFromUtf8(isolate, "prop", v8::NewStringType::kInternalized).ToLocalChecked(),

        &propCallback);

    v8::Local<v8::Context> context = v8::Context::New(isolate, nullptr, globalInstanceTmpl);

    // Set internal field pointer on global.

    alignas(long long) const char TEXT[] = "internal-field-value";

    context->Global()->SetAlignedPointerInInternalField(0, (void*)TEXT);

    printf("global identity = %x\n", context->Global()->GetIdentityHash());

    // Call func() then read prop.

    v8::Context::Scope context_scope(context);

    v8::Local<v8::String> source =

        v8::String::NewFromUtf8(isolate, "func(); prop;",

                                v8::NewStringType::kNormal).ToLocalChecked();

    v8::Local<v8::Script> script = v8::Script::Compile(context, source).ToLocalChecked();

    (void)script->Run(context);

  }

  isolate->Dispose();

  v8::V8::Dispose();

  v8::V8::ShutdownPlatform();

  delete platform;

  delete create_params.array_buffer_allocator;

  return 0;

}

==================================

OUTPUT

==================================

global identity = 31be67ae

in func()

  this identity = 31be67ae

  holder identity = 31be67ae

  InternalFieldCount = 123

  GetAlignedPointerFromInternalField(0) = internal-field-value

getting prop

  this identity = 56231851

  holder identity = 56231851

  InternalFieldCount = 123

#

# Fatal error in v8::Object::GetAlignedPointerFromInternalField()

# Not a Smi

#

Received signal 4 ILL_ILLOPN 7fac7e6bdde1

==== C stack trace ===============================

 [0x7fac7e6bfe5e]

 [0x7fac7e6bfdb5]

 [0x7fac7baea0c0]

 [0x7fac7e6bdde1]

 [0x7fac7d10f38c]

 [0x7fac7d14f12f]

 [0x7fac7d11269e]

 [0x7fac7d133a8d]

 [0x000000401f23]

 [0x7fac7d9a2304]

 [0x7fac7da7095e]

 [0x7fac7da6f7c9]

 [0x7fac7d989d72]

 [0x7fac7d98ac53]

 [0x7fac7d995c91]

 [0x7fac7d995930]

 [0x35f10fd84264]

[end of stack trace]

Illegal instruction

[Toon Verwaest]

The problem is that since you're accessing the global property via 'contextual access', we're passing out the global object rather than the global proxy (see https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Split_object for background). If you replace

v8::Local<v8::String> source =

        v8::String::NewFromUtf8(isolate, "func(); prop;",

                                v8::NewStringType::kNormal).

with

v8::Local<v8::String> source =

        v8::String::NewFromUtf8(isolate, "func(); this.prop;",

                                v8::NewStringType::kNormal).

it works. Changing it so it works as expected:

https://chromium-review.googlesource.com/c/483199/ 

cheers,

Toon

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Toon Verwaest |

Software Engineer, V8 |

Google Germany GmbH |

Erika-Mann Str. 33, 80636 München

Registergericht und -nummer: Hamburg, HRB 86891 | Sitz der Gesellschaft: Hamburg | Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

[Kenton Varda]

Thanks, but what if I don't control the scripts and can't force them to prefix global property access with "this."?

-Kenton

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Toon Verwaest |

Software Engineer, V8 |

Google Germany GmbH |

Erika-Mann Str. 33, 80636 München

Registergericht und -nummer: Hamburg, HRB 86891 | Sitz der Gesellschaft: Hamburg | Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

--

--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---

You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/RET5b3KOa5E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to v8-users+unsubscribe@googlegroups.com.

[Toon Verwaest]

That's exactly why I'm fixing the problem :-) The fix was temporarily reverted since there are tests in Blink for which the expectations change, and that takes a while to sync; but you can try with the CL I linked above.

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Toon Verwaest |

Software Engineer, V8 |

Google Germany GmbH |

Erika-Mann Str. 33, 80636 München

Registergericht und -nummer: Hamburg, HRB 86891 | Sitz der Gesellschaft: Hamburg | Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---

You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/RET5b3KOa5E/unsubscribe.

To unsubscribe from this group and all its topics, send an email to v8-users+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Kenton Varda]

Oh I see, somehow I missed your CL link.

Thanks! :)

-Kenton

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Toon Verwaest |

Software Engineer, V8 |

Google Germany GmbH |

Erika-Mann Str. 33, 80636 München

Registergericht und -nummer: Hamburg, HRB 86891 | Sitz der Gesellschaft: Hamburg | Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---

You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/RET5b3KOa5E/unsubscribe.

To unsubscribe from this group and all its topics, send an email to v8-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Toon Verwaest |

Software Engineer, V8 |

Google Germany GmbH |

Erika-Mann Str. 33, 80636 München

Registergericht und -nummer: Hamburg, HRB 86891 | Sitz der Gesellschaft: Hamburg | Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/RET5b3KOa5E/unsubscribe.

To unsubscribe from this group and all its topics, send an email to v8-users+unsubscribe@googlegroups.com.

[Kenton Varda]

Hi Toon,

Now I have a new problem: When I attach an ArgumentSignature to my property, it fails when accessing the property on the global object (both with and without "this."). Signatures on methods seem to work fine, though, even when calling on the global object. Is there a special-case that needs to be copied over?

-Kenton

[Kenton Varda]

Err, s/ArgumentSignature/AccessorSignature/