check failed on EscapableHandleScope::Escape on v8 12.3.219

[dong tommy]

Hi Experts,

 

I added a v8::EscapableHandleScope case and tested the below Hello World code(https://raw.githubusercontent.com/v8/v8/12.3.219/samples/hello-world.cc) for the V8 engine(https://github.com/v8/v8) and found that it works well with v8 11.x.x version. However, it crashed or aborted with v8 12.3.x version in GetObjectTemplate. Does anyone have any idea about that issue? or any mistake I made? Thanks!

https://stackoverflow.com/questions/78420822/check-failed-on-escapablehandlescopeescape

void Test(v8::Local<v8::Name> name,
             const v8::PropertyCallbackInfo<v8::Value>& info) {
}

v8::Local<v8::ObjectTemplate> GetObjectTemplate(v8::Isolate* isolate)
{
  v8::EscapableHandleScope handle_scope(isolate);
  v8::Local<v8::ObjectTemplate> result = v8::ObjectTemplate::New(isolate);
  result->SetInternalFieldCount(1);
  result->SetHandler(v8::NamedPropertyHandlerConfiguration(Test));
  return handle_scope.Escape(result);
}

int main(int argc, char* argv[]) {
  // Initialize V8.
  v8::V8::InitializeICUDefaultLocation(argv[0]);
  v8::V8::InitializeExternalStartupData(argv[0]);
  std::unique_ptr<v8::Platform> platform = v8::platform::NewDefaultPlatform();
  v8::V8::InitializePlatform(platform.get());
  v8::V8::Initialize();

  // Create a new Isolate and make it the current one.
  v8::Isolate::CreateParams create_params;
  create_params.array_buffer_allocator =
      v8::ArrayBuffer::Allocator::NewDefaultAllocator();
  v8::Isolate* isolate = v8::Isolate::New(create_params);
  {
    v8::Isolate::Scope isolate_scope(isolate);

     // Create a stack-allocated handle scope.
    v8::HandleScope handle_scope(isolate);

    v8::Local<v8::ObjectTemplate> global = GetObjectTemplate(isolate); // aborted here

[dong tommy]

The args are:

'is_debug = true',
'enable_iterator_debugging = true',
'symbol_level = 1',
'target_cpu = "x64"',
'is_component_build = false',
'is_chrome_branded = false',
'treat_warnings_as_errors = false',
'is_clang = true',
'use_glib = false',
'use_custom_libcxx = false',
'use_custom_libcxx_for_host = false',
'optimize_for_size = false',
'v8_monolithic = true',
'v8_static_library = true',
'v8_use_external_startup_data = false',
'v8_enable_i18n_support = false',
'v8_enable_webassembly = false',
'v8_enable_lite_mode = true',
'v8_enable_snapshot_compression = true',
'exclude_unwind_tables = true',
'v8_enable_verify_heap = false'

[dong tommy]

Even without any change for Hello World, I still get the below crash when exiting with v8 12.3.x:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
  * frame #0: 0x00000001003b2ad0 hello-world`v8::internal::Isolate::Exit(this=0x0000000100000001) at isolate.cc:5060:3 [opt]
    frame #1: 0x0000000100004e08 hello-world`v8::Isolate::Scope::~Scope() + 24
    frame #2: 0x0000000100004c25 hello-world`v8::Isolate::Scope::~Scope() + 21
    frame #3: 0x0000000100004907 hello-world`main + 1607
    frame #4: 0x00007ff804d2941f dyld`start + 1903

[Igor Sheludko]

Hello,

I tried to build both the original HelloWorld and the one with your modifications on Linux and on MacOS. No crashes.

Something must be wrong with your build environment.

Maybe try to clean the build dir and start from scratch using a more standard set of gn args: `tools/dev/gm.py x64.optdebug.check` (it'll build v8 and run tests).

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/f011e3ee-ef58-46d1-a1eb-3d7dee6ad4aen%40googlegroups.com.

--

Igor Sheludko

Software Engineer

ish...@google.com

Google Germany GmbH

Erika-Mann-Straße 33

80636 München

Geschäftsführer: Paul Manicle, Liana Sebastian

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.

    

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.

[dong tommy]

Thanks ish..., the release build for me is good, the crash only occurred for the debug build with 12.3.219.

Anyway, let's try your method. Thanks again!

[dong tommy]

Hi ish..., may I know which version of v8 you are using?

在2024年5月3日星期五 UTC+8 23:14:05<ish...@google.com> 写道：

[Igor Sheludko]

I tried exactly the V8 version you mentioned (12.3.219) and I tried it with your GN args too. All good.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/d6698ead-7662-43e8-ab0b-928f211519e5n%40googlegroups.com.

[dong tommy]

Thanks Igor!

I followed your suggestion to test `tools/dev/gm.py x64.optdebug.check` on macOS 13. However, I got some warnings, such as:

In file included from ../../src/compiler/turboshaft/wasm-optimize-phase.cc:8:
../../src/compiler/turboshaft/branch-elimination-reducer.h:348:28: error: variable 'cond' set but not used [-Werror,-Wunused-but-set-variable]
  348 |           if (const PhiOp* cond = __ input_graph()
      |                            ^

So I have to add treat_warnings_as_errors=false to continue, finally, I still see some tests failed:

[2971/2971] LINK ./cctest
# "/Users/xxx/.pyenv/versions/3.9.14/bin/python3" tools/run-tests.py --outdir=out/x64.optdebug unittests intl debugger mjsunit message cctest
Build found: /Users/xxx/Downloads/v8env/v8/v8/out/x64.optdebug
>>> Autodetected:
DEBUG_defined, arch="x64", atomic_object_field_writes, clang, code_comments, component_build, concurrent_marking, current_cpu="x64", debug_code, debugging_features, disassembler, gdbjit, has_maglev, has_turbofan, has_webassembly, i18n, js_shared_memory, pointer_compression, pointer_compression_shared_cage, runtime_call_stats, sandbox, shared_ro_heap, target_cpu="x64", v8_current_cpu="x64", v8_target_cpu="x64", verify_heap
>>> Running tests for x64.debug
>>> Running with test processors
=== intl/general/case-mapping ===
/Users/xxx/Downloads/v8env/v8/v8/test/intl/assert.js:105: Error: Failure: expected <ΑΟΫΩ>, found <ΑΟΫΩ>.
  throw new Error(message);
  ^
Error: Failure: expected <ΑΟΫΩ>, found <ΑΟΫΩ>.
    at fail (/Users/xxx/Downloads/v8env/v8/v8/test/intl/assert.js:105:9)
    at assertEquals (/Users/xxx/Downloads/v8env/v8/v8/test/intl/assert.js:114:5)
    at /Users/xxx/Downloads/v8env/v8/v8/test/intl/general/case-mapping.js:149:1
Command: out/x64.optdebug/d8 --test test/intl/assert.js test/intl/utils.js test/intl/general/case-mapping.js --random-seed=257871742 --nohard-abort --verify-heap --testing-d8-test-runner --allow-natives-syntax
--- FAILED ---
[582:16|%  96|+ 18733|-   1]: Done
>>> 19349 base tests produced 18734 (96%) non-filtered tests
>>> 18734 tests ran
Error! - V8 compilation finished with errors

Actually, I want to build a debug version of libv8_monolith.a with 12.3.219 version, since the release version of libv8_monolith.a has no issue with the Hello World sample.

So what I did: 

1. sync the 12.3.219 code and cd v8.

2. ./tools/dev/v8gen.py x64.debug  -- 'enable_iterator_debugging=false v8_monolithic=true v8_enable_i18n_support=false is_debug=true v8_use_external_startup_data=false use_custom_libcxx=false is_component_build=false treat_warnings_as_errors=false v8_symbol_level=0  v8_enable_pointer_compression=false'

3. ninja -C ./out.gn/x64.debug v8_monolith -j 32
4. g++ samples/hello-world.cc -o hello-world \

-I. -I./include \
-L./out/x64.optdebug/obj -lv8_monolith -lv8_libbase -lv8_libplatform -ldl \
-std=c++17 -pthread -std=c++17 -DV8_COMPRESS_POINTERS -DV8_ENABLE_SANDBOX -fno-rtti -g

5. ./hello-world

Then the same crash occurs when v8::Isolate::Scope::~Scope(). Could you please help to check my steps and any mistakes? thanks in advance.

Best Regards,

Tommy

[dong tommy]

Update some steps:

• Before step 2, I did "ninja -C out.gn/x64.debug -t clean".
• Correct the copy issue step 4:

4. g++ samples/hello-world.cc -o hello-world \
-I. -I./include \

-L./out.gn/x64.debug/obj -lv8_monolith -lv8_libbase -lv8_libplatform -ldl \

-std=c++17 -pthread -std=c++17 -DV8_COMPRESS_POINTERS -DV8_ENABLE_SANDBOX -fno-rtti -g

[dong tommy]

Corrected the step 4:

g++ samples/hello-world.cc -o hello-world \
-I. -I./include \

-L./out.gn/x64.debug/obj -lv8_monolith -ldl \
-std=c++17 -pthread -std=c++17 -fno-rtti -g

The same crash occurs:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)

  * frame #0: 0x00000001007db338 hello-world`v8::internal::Isolate::Exit() + 136
    frame #1: 0x000000010011cf3b hello-world`v8::Isolate::Exit() + 43
    frame #2: 0x0000000100001788 hello-world`v8::Isolate::Scope::~Scope(this=0x00007ff7bfeff318) at v8-isolate.h:315:29
    frame #3: 0x00000001000015d5 hello-world`v8::Isolate::Scope::~Scope(this=0x00007ff7bfeff318) at v8-isolate.h:315:14
    frame #4: 0x00000001000012e1 hello-world`main(argc=1, argv=0x00007ff7bfeff818) at hello-world.cc:96:3
    frame #5: 0x00007ff806fce41f dyld`start + 1903

[dong tommy]

I also noticed that the v8_monolithic is only in the release configuration. Does that mean the debug build of v8_monolithic is not supported well?

...
'arm64.release.sample': 'release_arm64_sample',
'x64.release.sample': 'release_x64_sample',
...
'release_arm64_sample': [
      'release', 'arm64', 'sample'],
'release_x64_sample': [
      'release', 'x64', 'sample'],
...
'arm64': {
      'gn_args': 'target_cpu="arm64"',
},
'x64': {
      'gn_args': 'target_cpu="x64"',
},
'release': {
      'gn_args': 'is_debug=false dcheck_always_on=false',
},
'sample': {
      'gn_args': 'v8_monolithic=true is_component_build=false '
                 'v8_use_external_startup_data=false use_custom_libcxx=false',
},

[dong tommy]

Hi Igor and all,

Does anyone get a chance to try the Hello World with the debug version of libv8_monolith.a from 12.3.x or 12.4.x?

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/4d1d0ad6-7a8c-49d5-851a-7e7e4bc28c84n%40googlegroups.com.

[Igor Sheludko]

Hello,

Compilation errors are totally not expected and `treat_warnings_as_errors=false` shouldn't be necessary. Did you run `gclient sync`?

> I also noticed that the v8_monolithic is only in the release configuration. Does that mean the debug build of v8_monolithic is not supported well?

The file you are referring to is a config for our bots. We don't seem to build all combinations of supported build modes for monolithic mode but I believe that it's expected to work.

I reproduced the issue you are seeing on my MacOS but I didn't manage to figure out what's going on there exactly.

I believe that the root cause is in the different compilers and compilation flags you used for building hello-world binary. If you run `autoninja -C out.gn/x64.debug/ v8_hello_world` then the binary `out.gn/x64.debug/v8_hello_world` works as expected.

I'd suggest adding --verbose flag to the autoninja command and checking the command lines used for building v8_hello_world.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/CAEWQ_MSeRb%3D9y8N4RS9HcUOzCmBSNzNPt3U35ogLTjKsd6ZSAA%40mail.gmail.com.