Issue 14454 in v8: d8: Fatal error in ../../v8/src/execution/isolate.cc
20 views
Skip to first unread message
ahaji… via monorail
Nov 14, 2023, 11:29:04 PM11/14/23
to v8-re...@googlegroups.com
Status: Untriaged
Owner: ----
Type: Bug
New issue 14454 by ahaji...@gmail.com: d8: Fatal error in ../../v8/src/execution/isolate.cc
https://bugs.chromium.org/p/v8/issues/detail?id=14454
Version: V8 version 12.1.24
OS: Ubuntu 22.04.3 LTS
Architecture: x64
What steps will reproduce the problem?
1. ./d8 poc.js
What is the expected output?
Exit normally
What do you see instead?
#
# Fatal error in ../../v8/src/execution/isolate.cc, line 1824
# Debug check failed: !has_pending_exception().
#
#
#
#FailureMessage Object: 0x7ffd2c43cee0
==== C stack trace ===============================
Chrome/d8(___interceptor_backtrace+0x5e) [0x55952dcecfce]
Chrome/d8(+0x4b29d49) [0x55953134fd49]
Chrome/d8(+0x4b263a1) [0x55953134c3a1]
Chrome/d8(+0x4b02d8d) [0x559531328d8d]
Chrome/d8(+0x4b02765) [0x559531328765]
Chrome/d8(+0x1adf3b8) [0x55952e3053b8]
Chrome/d8(+0x2770301) [0x55952ef96301]
Chrome/d8(+0x276fe1b) [0x55952ef95e1b]
Chrome/d8(+0x4810ff6) [0x559531036ff6]
Trace/breakpoint trap (core dumped)
########poc.js#########
(v0) = 900000000;
let v1 = new Set();
for(let v2 = 0;(v2) < (v0);++v2){
v1.add(v2);
}
Attachments:
poc.js 94 bytes
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Type: Bug
New issue 14454 by ahaji...@gmail.com: d8: Fatal error in ../../v8/src/execution/isolate.cc
https://bugs.chromium.org/p/v8/issues/detail?id=14454
Version: V8 version 12.1.24
OS: Ubuntu 22.04.3 LTS
Architecture: x64
What steps will reproduce the problem?
1. ./d8 poc.js
What is the expected output?
Exit normally
What do you see instead?
#
# Fatal error in ../../v8/src/execution/isolate.cc, line 1824
# Debug check failed: !has_pending_exception().
#
#
#
#FailureMessage Object: 0x7ffd2c43cee0
==== C stack trace ===============================
Chrome/d8(___interceptor_backtrace+0x5e) [0x55952dcecfce]
Chrome/d8(+0x4b29d49) [0x55953134fd49]
Chrome/d8(+0x4b263a1) [0x55953134c3a1]
Chrome/d8(+0x4b02d8d) [0x559531328d8d]
Chrome/d8(+0x4b02765) [0x559531328765]
Chrome/d8(+0x1adf3b8) [0x55952e3053b8]
Chrome/d8(+0x2770301) [0x55952ef96301]
Chrome/d8(+0x276fe1b) [0x55952ef95e1b]
Chrome/d8(+0x4810ff6) [0x559531036ff6]
Trace/breakpoint trap (core dumped)
########poc.js#########
(v0) = 900000000;
let v1 = new Set();
for(let v2 = 0;(v2) < (v0);++v2){
v1.add(v2);
}
Attachments:
poc.js 94 bytes
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
ecmzi… via monorail
Nov 15, 2023, 8:59:24 AM11/15/23
to v8-re...@googlegroups.com
Updates:
Labels: Needs-Feedback Priority-2
Comment #1 on issue 14454 by ecmzi...@chromium.org: d8: Fatal error in ../../v8/src/execution/isolate.cc
https://bugs.chromium.org/p/v8/issues/detail?id=14454#c1
I tried this locally, but receive the following:
/tmp/poc.js:4: RangeError: Set maximum size exceeded
v1.add(v2);
^
RangeError: Set maximum size exceeded
at Set.add (<anonymous>)
at /tmp/poc.js:4:12
This seems to be expected behavior given the size of the map. I guess in your case, this exception does not get reported properly. It looks like it's evaluated in an asynchronous task and the exception in there is not properly evaluated before exiting. Do you run this in some kind of test harness or wrapper? Can you reproduce it locally purely with the file and command line that you provided?
Labels: Needs-Feedback Priority-2
Comment #1 on issue 14454 by ecmzi...@chromium.org: d8: Fatal error in ../../v8/src/execution/isolate.cc
https://bugs.chromium.org/p/v8/issues/detail?id=14454#c1
I tried this locally, but receive the following:
/tmp/poc.js:4: RangeError: Set maximum size exceeded
v1.add(v2);
^
RangeError: Set maximum size exceeded
at Set.add (<anonymous>)
at /tmp/poc.js:4:12
This seems to be expected behavior given the size of the map. I guess in your case, this exception does not get reported properly. It looks like it's evaluated in an asynchronous task and the exception in there is not properly evaluated before exiting. Do you run this in some kind of test harness or wrapper? Can you reproduce it locally purely with the file and command line that you provided?
ahaji… via monorail
Nov 20, 2023, 6:11:04 AM11/20/23
to v8-re...@googlegroups.com
Comment #2 on issue 14454 by ahaji...@gmail.com: d8: Fatal error in ../../v8/src/execution/isolate.cc
https://bugs.chromium.org/p/v8/issues/detail?id=14454#c2
Yes. It can be reproduced using ./d8 poc.js in Ubuntu16.04, Ubuntu18.04, Ubuntu22.04 and centos7.2.
centos7.9 can exits normally
Reply all
Reply to author
Forward
0 new messages