Inquiry Regarding V8' Object Literal Construction during Parsing Process

[AKM Iqtidar Newaz]

Dear All,

Good morning. Hope you are doing well. I am Iqtidar Newaz, an aspiring researcher who is studying the Chromium V8 directories for one of my research works. I got stuck in one of my implementations where I want to instrument any object creation/construction process that is done during the parsing if and only if the parse info flag's script id > 16 as well as I want to save that in a global variable in the global scope which is the outermost scope. The goal is to figure out if any of the user script's objects are later modified by any other script's object or not.

For instance, let obj = {a: 1, b: 2} and return obj;

Now, my goal is to instrument the above 2 statements like the following: 

1. var some_id0 = { a: 1, b: 2};

2. let obj = some_id0;

3. var some_id1 = obj;

4. return some_id1.

I have tried the following two approaches to perform the above instrumentation but every time I am getting the different error which is crashing the Chromium during the launch:   
                                                           

Approach 1: I have created this PublicDeclareDynamicGlobal(...) function in scopes.h:

Variable* PublicDeclareDynamicGlobal(const AstRawString* name,

VariableKind kind,

Scope* cache) {

DCHECK(is_script_scope());

bool was_added;

return cache->variables_.Declare(

zone(), this, name, VariableMode::kVar, kind,

kCreatedInitialized, kNotAssigned, IsStaticFlag::kNotStatic, &was_added);

// TODO(neis): Mark variable as maybe-assigned?

}

Now, I am calling this function from ParseObjectLiteral(...) function in parser-base.h:

template <typename Impl>

typename ParserBase<Impl>::ExpressionT ParserBase<Impl>::ParseObjectLiteral(ParseInfo* info) {

// ObjectLiteral ::

// '{' (PropertyDefinition (',' PropertyDefinition)* ','? )? '}'

.... Existing Implementation

auto raw_obj = factory()->NewObjectLiteral(properties,

number_of_boilerplate_properties,

pos, has_rest_property, home_object);

if constexpr (std::is_same_v<Impl, Parser>) {

// ====================== REAL PARSER ONLY ======================

if (info != nullptr && info->flags().script_id() >= 17) {

Scope* closure_scope = scope();

DCHECK(closure_scope != nullptr);

while (closure_scope->outer_scope()) {

closure_scope = closure_scope->outer_scope();

}

DCHECK(closure_scope != nullptr);

int id;

{

std::lock_guard<std::mutex> lock(gmutex);

id = ++assign_id;

}

std::string temp_name = "OT__temp__" + std::to_string(id);

std::string final_name = "OT__final__" + std::to_string(id);

[[maybe_unused]] const AstRawString* temp_str = ast_value_factory()->GetOneByteString(temp_name.c_str());

[[maybe_unused]] const AstRawString* final_str = ast_value_factory()->GetOneByteString(final_name.c_str());

Variable* temp_var = closure_scope->PublicDeclareDynamicGlobal(temp_str, NORMAL_VARIABLE, closure_scope);

Variable* final_var = closure_scope->PublicDeclareDynamicGlobal(final_str, NORMAL_VARIABLE, closure_scope);

// Create unresolved proxies

[[maybe_unused]] VariableProxy* temp_proxy = factory()->NewVariableProxy(temp_str, NORMAL_VARIABLE, position());

[[maybe_unused]] VariableProxy* final_proxy = factory()->NewVariableProxy(final_str, NORMAL_VARIABLE, position());

temp_proxy->BindTo(temp_var);

final_proxy->BindTo(final_var);

// Now safe to use in AST

ObjectLiteral* obj = impl()->InitializeObjectLiteral(raw_obj);

// ExpressionT a1 = factory()->NewAssignment(Token::kAssign, temp_proxy, obj, position());

ExpressionT a2 = factory()->NewAssignment(Token::kAssign, final_proxy,

factory()->NewAssignment(Token::kAssign, temp_proxy, obj, position()),

position());

return a2;

} else {

// Normal case in real parser

return impl()->InitializeObjectLiteral(raw_obj);

}

} else {

// ====================== PREPARSER ONLY ======================

// Do absolutely nothing fancy — just forward

// PreParser has no real nodes, no globals, no proxies

return impl()->InitializeObjectLiteral(raw_obj);

}

}

Now, for the above code, Chromium is crashing showing the following error:
#
# Fatal error in ../../v8/src/interpreter/bytecode-generator.cc, line 5763
# Debug check failed: lhs_data.expr()->IsVariableProxy().
#
#FailureMessage Object: 0x7b75871ed0f0#0 0x7b761c08ba59 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1052:7]
#1 0x7b761c037d1a base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:279:20]
#2 0x7b761c037c85 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:274:28]
#3 0x7b75eb31eb0d gin::(anonymous namespace)::PrintStackTrace() [../../gin/v8_platform.cc:41:27]
#4 0x7b7596796314 V8_Fatal() [../../v8/src/base/logging.cc:212:38]
#5 0x7b7596795cd5 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#6 0x7b75d5041f86 v8::internal::interpreter::BytecodeGenerator::BuildAssignment() [../../v8/src/interpreter/bytecode-generator.cc:5763:9]
#7 0x7b75d504f069 v8::internal::interpreter::BytecodeGenerator::VisitAssignment() [../../v8/src/interpreter/bytecode-generator.cc:5847:3]
#8 0x7b75d503d242 v8::internal::interpreter::BytecodeGenerator::VisitExpressionStatement() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#9 0x7b75d5039c3b v8::internal::interpreter::BytecodeGenerator::VisitStatements() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#10 0x7b75d5039849 v8::internal::interpreter::BytecodeGenerator::VisitBlockDeclarationsAndStatements() [../../v8/src/interpreter/bytecode-generator.cc:2119:5]
#11 0x7b75d5039fcd v8::internal::interpreter::BytecodeGenerator::VisitBlock() [../../v8/src/interpreter/bytecode-generator.cc:2089:5]
#12 0x7b75d5039c3b v8::internal::interpreter::BytecodeGenerator::VisitStatements() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#13 0x7b75d50377d2 v8::internal::interpreter::BytecodeGenerator::GenerateBodyStatements() [../../v8/src/interpreter/bytecode-generator.cc:2011:3]
#14 0x7b75d503515d v8::internal::interpreter::BytecodeGenerator::GenerateBytecode() [../../v8/src/interpreter/bytecode-generator.cc:1728:5]
#15 0x7b75d5080fb0 heap::base::Stack::SetMarkerForBackgroundThreadAndCallbackImpl<>() [../../v8/src/interpreter/interpreter.cc:206:31]
#16 0x7b75d62a28cb PushAllRegistersAndIterateStack
#17 0x7b75d507f0f2 v8::internal::interpreter::InterpreterCompilationJob::ExecuteJobImpl() [../../v8/src/heap/base/stack.h:90:5]
#18 0x7b75d491e20d v8::internal::UnoptimizedCompilationJob::ExecuteJob() [../../v8/src/codegen/compiler.cc:376:22]
#19 0x7b75d4947763 v8::internal::(anonymous namespace)::ExecuteSingleUnoptimizedCompilationJob() [../../v8/src/codegen/compiler.cc:833:12]
#20 0x7b75d4922fb1 v8::internal::BackgroundCompileTask::Run() [../../v8/src/codegen/compiler.cc:866:9]
#21 0x7b75d49220bf v8::internal::BackgroundCompileTask::Run() [../../v8/src/codegen/compiler.cc:1882:3]
#22 0x7b75e20c970f blink::ResourceScriptStreamer::RunScriptStreamingTask() [../../third_party/blink/renderer/bindings/core/v8/script_streamer.cc:549:9]
#23 0x7b75e20e830d base::internal::DecayedFunctorTraits<>::Invoke<>() [../../base/functional/bind_internal.h:663:12]
#24 0x7b75e20e82b1 base::internal::InvokeHelper<>::MakeItSo<>() [../../base/functional/bind_internal.h:922:12]
#25 0x7b75e20e822d base::internal::Invoker<>::RunImpl<>() [../../base/functional/bind_internal.h:1059:14]
#26 0x7b75e20e81b9 base::internal::Invoker<>::RunOnce() [../../base/functional/bind_internal.h:972:12]
#27 0x7b761bcc5dbc base::OnceCallback<>::Run() [../../base/functional/callback.h:155:12]
#28 0x7b761beb9c2e base::TaskAnnotator::RunTaskImpl() [../../base/task/common/task_annotator.cc:229:34]
#29 0x7b761bf6fa68 base::TaskAnnotator::RunTask<>() [../../base/task/common/task_annotator.h:113:5]
#30 0x7b761bf6f931 base::internal::TaskTracker::RunTaskImpl() [../../base/task/thread_pool/task_tracker.cc:686:19]
#31 0x7b761bf6f98d base::internal::TaskTracker::RunSkipOnShutdown() [../../base/task/thread_pool/task_tracker.cc:671:3]
#32 0x7b761bf6f0ee base::internal::TaskTracker::RunTaskWithShutdownBehavior() [../../base/task/thread_pool/task_tracker.cc:701:7]
#33 0x7b761bf6ed1c base::internal::TaskTracker::RunTask() [../../base/task/thread_pool/task_tracker.cc:501:5]
#34 0x7b761bf6e446 base::internal::TaskTracker::RunAndPopNextTask() [../../base/task/thread_pool/task_tracker.cc:391:5]
#35 0x7b761bf8e954 base::internal::WorkerThread::RunWorker() [../../base/task/thread_pool/worker_thread.cc:473:36]
#36 0x7b761bf8e545 base::internal::WorkerThread::RunPooledWorker() [../../base/task/thread_pool/worker_thread.cc:359:3]
#37 0x7b761bf8e40c base::internal::WorkerThread::ThreadMain() [../../base/task/thread_pool/worker_thread.cc:339:7]
#38 0x7b761c010049 base::(anonymous namespace)::ThreadFunc() [../../base/threading/platform_thread_posix.cc:102:13]
#39 0x7b75ad094ac3 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
#40 0x7b75ad125a74 clone

Approach 2: Instead of directly creating global variables, I have tried to use NewUnresolved(...)

Inside parser-base.h:

template <typename Impl>

typename ParserBase<Impl>::ExpressionT ParserBase<Impl>::ParseObjectLiteral(ParseInfo* info) {

// ObjectLiteral ::

// '{' (PropertyDefinition (',' PropertyDefinition)* ','? )? '}'

..... Existing Implementation

auto raw_obj = factory()->NewObjectLiteral(properties,

number_of_boilerplate_properties,

pos, has_rest_property, home_object);

if constexpr (std::is_same_v<Impl, Parser>) {

// ====================== REAL PARSER ONLY ======================

if (info != nullptr && info->flags().script_id() >= 17) {

Scope* closure_scope = scope();

DCHECK(closure_scope != nullptr);

while (closure_scope->outer_scope()) {

closure_scope = closure_scope->outer_scope();

}

DCHECK(closure_scope != nullptr);

int id;

{

std::lock_guard<std::mutex> lock(gmutex);

id = ++assign_id;

}

std::string temp_name = "OT__temp__" + std::to_string(id);

std::string final_name = "OT__final__" + std::to_string(id);

// Declare real global vars

[[maybe_unused]] const AstRawString* temp_str = ast_value_factory()->GetOneByteString(temp_name.c_str());

[[maybe_unused]] const AstRawString* final_str = ast_value_factory()->GetOneByteString(final_name.c_str());

VariableProxy* vp0 = closure_scope->NewUnresolved(factory(), temp_str, position());

VariableProxy* vp1 = closure_scope->NewUnresolved(factory(), final_str, position());

ObjectLiteral* obj = impl()->InitializeObjectLiteral(raw_obj);

Assignment* a1 = factory()->NewAssignment(Token::kAssign, vp0, obj, position());

Assignment* a2 = factory()->NewAssignment(Token::kAssign, vp1, vp0, position());

Expression* comma = factory()->NewBinaryOperation(Token::kComma,

factory()->NewBinaryOperation(Token::kComma, a1, a2, position()),

vp1, position());

return comma;

} else {

// Normal case in real parser

return impl()->InitializeObjectLiteral(raw_obj);

}

} else {

// ====================== PREPARSER ONLY ======================

// Do absolutely nothing fancy — just forward

// PreParser has no real nodes, no globals, no proxies

return impl()->InitializeObjectLiteral(raw_obj);

}

}

Now, for the above code, Chromium is crashing showing the following error:

90735:7:1124/151413.720471:ERROR:gpu/ipc/client/command_buffer_proxy_impl.cc:123] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.
[90735:7:1124/151413.720755:ERROR:services/viz/public/cpp/gpu/context_provider_command_buffer.cc:264] GpuChannelHost failed to create command buffer.


#
# Fatal error in ../../v8/src/ast/ast.h, line 1665
# Debug check failed: is_resolved().
#
#
#FailureMessage Object: 0x7002ee9ef380

#
# Fatal error in ../../v8/src/ast/ast.h, line 1665
# Debug check failed: is_resolved().
#
#
#FailureMessage Object: 0x7002638e6380#0 0x70038288ba59 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1052:7]
#1 0x700382837d1a base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:279:20]
#2 0x700382837c85 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:274:28]
#3 0x7003519e8b0d gin::(anonymous namespace)::PrintStackTrace() [../../gin/v8_platform.cc:41:27]
#4 0x7002fce5c314 V8_Fatal() [../../v8/src/base/logging.cc:212:38]
#5 0x7002fce5bcd5 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#6 0x70033b641fd2 v8::internal::interpreter::BytecodeGenerator::BuildAssignment() [../../v8/src/ast/ast.h:1665:5]
#7 0x70033b64f069 v8::internal::interpreter::BytecodeGenerator::VisitAssignment()#0 0x70038288ba59 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1052:7]
#1 0x700382837d1a  [../../v8/src/interpreter/bytecode-generator.cc:5847:3]
#8 0x70033b657a28 v8::internal::interpreter::BytecodeGenerator::VisitBinaryOperation()base::debug::StackTrace::StackTrace() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#9 0x70033b657a28  [../../base/debug/stack_trace.cc:279:20]
#2 0x700382837c85 v8::internal::interpreter::BytecodeGenerator::VisitBinaryOperation()base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:274:28]
#3 0x7003519e8b0d gin::(anonymous namespace)::PrintStackTrace() [../../gin/v8_platform.cc:41:27]
#4 0x7002fce5c314 V8_Fatal() [../../v8/src/base/logging.cc:212:38]
#5 0x7002fce5bcd5 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#6 0x70033b641fd2 v8::internal::interpreter::BytecodeGenerator::BuildAssignment() [../../v8/src/ast/ast.h:1665:5]
#7 0x70033b64f069  [../../v8/src/interpreter/bytecode-generator.h:226:3]
#10 0x70033b64efc7 v8::internal::interpreter::BytecodeGenerator::VisitAssignment()v8::internal::interpreter::BytecodeGenerator::VisitAssignment() [../../v8/src/interpreter/bytecode-generator.cc:5847:3]
#8 0x70033b657a28 v8::internal::interpreter::BytecodeGenerator::VisitBinaryOperation() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#11 0x70033b63dd57 v8::internal::interpreter::BytecodeGenerator::VisitForAccumulatorValue() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#12 0x70033b657ce2  [../../v8/src/interpreter/bytecode-generator.h:226:3]
#9 0x70033b657a28 v8::internal::interpreter::BytecodeGenerator::VisitLogicalOrExpression()v8::internal::interpreter::BytecodeGenerator::VisitBinaryOperation() [../../v8/src/interpreter/bytecode-generator.cc:8837:10]
#13 0x70033b652fbb  [../../v8/src/interpreter/bytecode-generator.h:226:3]
#10 0x70033b64efc7 v8::internal::interpreter::BytecodeGenerator::VisitAndPushIntoRegisterList()v8::internal::interpreter::BytecodeGenerator::VisitAssignment() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#14 0x70033b653ab9  [../../v8/src/interpreter/bytecode-generator.h:226:3]
#11 0x70033b63dd57 v8::internal::interpreter::BytecodeGenerator::VisitCall()v8::internal::interpreter::BytecodeGenerator::VisitForAccumulatorValue() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#12 0x70033b657ce2 v8::internal::interpreter::BytecodeGenerator::VisitLogicalOrExpression() [../../v8/src/interpreter/bytecode-generator.cc:6707:5]
#15 0x70033b63d242 v8::internal::interpreter::BytecodeGenerator::VisitExpressionStatement() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#16 0x70033b639c3b  [../../v8/src/interpreter/bytecode-generator.cc:8837:10]
#13 0x70033b652fbb v8::internal::interpreter::BytecodeGenerator::VisitStatements()v8::internal::interpreter::BytecodeGenerator::VisitAndPushIntoRegisterList() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#17 0x70033b6377d2 v8::internal::interpreter::BytecodeGenerator::GenerateBodyStatements() [../../v8/src/interpreter/bytecode-generator.cc:2011:3]
#18 0x70033b63515d  [../../v8/src/interpreter/bytecode-generator.h:226:3]
#14 0x70033b653ab9 v8::internal::interpreter::BytecodeGenerator::GenerateBytecode()v8::internal::interpreter::BytecodeGenerator::VisitCall() [../../v8/src/interpreter/bytecode-generator.cc:1728:5]
#19 0x70033b680fb0 heap::base::Stack::SetMarkerForBackgroundThreadAndCallbackImpl<>() [../../v8/src/interpreter/interpreter.cc:206:31]
#20 0x70033c8a27fb  [../../v8/src/interpreter/bytecode-generator.cc:6707:5]
#15 0x70033b63d242 v8::internal::interpreter::BytecodeGenerator::VisitExpressionStatement()PushAllRegistersAndIterateStack
#21 0x70033b67f0f2 v8::internal::interpreter::InterpreterCompilationJob::ExecuteJobImpl() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#16  [../../v8/src/heap/base/stack.h:90:50x70033b639c3b]
 #22 0x70033af1e20d v8::internal::UnoptimizedCompilationJob::ExecuteJob()v8::internal::interpreter::BytecodeGenerator::VisitStatements() [../../v8/src/codegen/compiler.cc:376:22]
#23 0x70033af47763 v8::internal::(anonymous namespace)::ExecuteSingleUnoptimizedCompilationJob() [../../v8/src/interpreter/bytecode-generator.h:226:3]
#17 0x70033b6377d2 v8::internal::interpreter::BytecodeGenerator::GenerateBodyStatements() [../../v8/src/interpreter/bytecode-generator.cc:2011:3]
#18 0x70033b63515d v8::internal::interpreter::BytecodeGenerator::GenerateBytecode() [../../v8/src/interpreter/bytecode-generator.cc:1728:5]
#19 0x70033b680fb0  [../../v8/src/codegen/compiler.cc:833:12]
#24 0x70033af22fb1 heap::base::Stack::SetMarkerForBackgroundThreadAndCallbackImpl<>() [../../v8/src/interpreter/interpreter.cc:206:31]
#20 0x70033c8a27fb PushAllRegistersAndIterateStack
#21 0x70033b67f0f2 v8::internal::BackgroundCompileTask::Run()v8::internal::interpreter::InterpreterCompilationJob::ExecuteJobImpl() [../../v8/src/codegen/compiler.cc:866:9]
#25 0x70033af220bf  [../../v8/src/heap/base/stack.h:90:5]
#22 0x70033af1e20d v8::internal::UnoptimizedCompilationJob::ExecuteJob() [../../v8/src/codegen/compiler.cc:376:22]
#23 0x70033af47763 v8::internal::(anonymous namespace)::ExecuteSingleUnoptimizedCompilationJob()v8::internal::BackgroundCompileTask::Run() [../../v8/src/codegen/compiler.cc:1882:3]
#26 0x7003486c970f  [../../v8/src/codegen/compiler.cc:833:12]
#24 0x70033af22fb1 v8::internal::BackgroundCompileTask::Run() [../../v8/src/codegen/compiler.cc:866:9]
#25 0x70033af220bf v8::internal::BackgroundCompileTask::Run() [../../v8/src/codegen/compiler.cc:1882:3]
#26 0x7003486c970f blink::ResourceScriptStreamer::RunScriptStreamingTask() [../../third_party/blink/renderer/bindings/core/v8/script_streamer.cc:549:9]
#27 0x7003486e830d base::internal::DecayedFunctorTraits<>::Invoke<>() [../../base/functional/bind_internal.h:663:12]
#28 0x7003486e82b1 base::internal::InvokeHelper<>::MakeItSo<>() [../../base/functional/bind_internal.h:922:12]
#29 0x7003486e822d base::internal::Invoker<>::RunImpl<>() [../../base/functional/bind_internal.h:1059:14]
#30 0x7003486e81b9 base::internal::Invoker<>::RunOnce()blink::ResourceScriptStreamer::RunScriptStreamingTask() [../../third_party/blink/renderer/bindings/core/v8/script_streamer.cc:549:9]
#27 0x7003486e830d base::internal::DecayedFunctorTraits<>::Invoke<>() [../../base/functional/bind_internal.h:972:12]
#31 0x7003824c5dbc base::OnceCallback<>::Run() [../../base/functional/callback.h:155:12]
#32 0x7003826b9c2e base::TaskAnnotator::RunTaskImpl() [../../base/functional/bind_internal.h:663:12]
#28 0x7003486e82b1  [../../base/task/common/task_annotator.cc:229:34]
#33 0x70038276fa68 base::internal::InvokeHelper<>::MakeItSo<>()base::TaskAnnotator::RunTask<>() [../../base/task/common/task_annotator.h:113:5]
#34 0x70038276f931  [../../base/functional/bind_internal.h:922:12]
#29 0x7003486e822d base::internal::TaskTracker::RunTaskImpl()base::internal::Invoker<>::RunImpl<>() [../../base/task/thread_pool/task_tracker.cc:686:19]
#35 0x70038276f98d base::internal::TaskTracker::RunSkipOnShutdown() [../../base/task/thread_pool/task_tracker.cc:671:3]
#36 0x70038276f0ee  [../../base/functional/bind_internal.h:1059:14]
#30 0x7003486e81b9 base::internal::Invoker<>::RunOnce()base::internal::TaskTracker::RunTaskWithShutdownBehavior() [../../base/task/thread_pool/task_tracker.cc:701:7]
#37 0x70038276ed1c base::internal::TaskTracker::RunTask() [../../base/task/thread_pool/task_tracker.cc:501:5]
#38 0x70038276e446 base::internal::TaskTracker::RunAndPopNextTask() [../../base/task/thread_pool/task_tracker.cc:391:5]
#39 0x70038278e954 base::internal::WorkerThread::RunWorker() [../../base/task/thread_pool/worker_thread.cc:473:36]
#40 0x70038278e545 base::internal::WorkerThread::RunPooledWorker() [../../base/task/thread_pool/worker_thread.cc:359:3]
#41 0x70038278e40c base::internal::WorkerThread::ThreadMain() [../../base/functional/bind_internal.h:972:12]
#31 [../../base/task/thread_pool/worker_thread.cc:339:7 0x7003824c5dbc]
#42 0x700382810049 base::OnceCallback<>::Run() [../../base/functional/callback.h:155:12]
#32 0x7003826b9c2e base::(anonymous namespace)::ThreadFunc() [../../base/threading/platform_thread_posix.cc:102:13]
#43 0x700313894ac3 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
#44 0x700313925a74 clone
base::TaskAnnotator::RunTaskImpl() [../../base/task/common/task_annotator.cc:229:34]
#33 0x70038276fa68 base::TaskAnnotator::RunTask<>() [../../base/task/common/task_annotator.h:113:5]
#34 0x70038276f931 base::internal::TaskTracker::RunTaskImpl() [../../base/task/thread_pool/task_tracker.cc:686:19]
#35 0x70038276f98d base::internal::TaskTracker::RunSkipOnShutdown()

#
# Fatal error in ../../v8/src/interpreter/bytecode-generator.cc, line 5763
# Debug check failed: lhs_data.expr()->IsVariableProxy().

Unfortunately I can't figure out why it is crashing everytime. Any suggestion or guidance over how to perform the instrumentation will be highly appreciated.

Thanks.

Regards,

Iqtidar