Re: [v8-users] Double Proxy resolve/reject causes segfault

[Bogdan Padalko]

Thanks! The issue is fixed.



On Friday, February 23, 2018 at 1:09:11 AM UTC+2, Sathya Gunasekaran wrote:
>
> Thanks for the report. Fix out for review: 
> https://chromium-review.googlesource.com/c/v8/v8/+/932968
>
> On Thu, Feb 22, 2018 at 12:17 PM, Bogdan Padalko  > wrote:
>
>> Hi! 
>>
>> While working on upgrading php-v8 extension from 6.5.144 to 6.6.275 I 
>> find a strange issue: when promise in non-pending stage get 
>> resolved/rejected, application fails with segfault. While it's an edge 
>> case, it still possible in userland and luckily it was covered by php-v8 
>> unit tests.
>> As v8 API says that calling resolve/reject on a promise in non-pending 
>> state should have no effect, I find this segfault a bit strange. Could it 
>> be some regression or so?
>>
>> Here's minimal example to reproduce the issue: hello_world.cpp
>>
>> #include 
>> #include 
>>
>> #include 
>> #include 
>>
>> using namespace v8;
>>
>> int main(int argc, char* argv[]) {
>>   // Initialize V8.
>>   //v8::V8::InitializeICU();
>>
>>   std::unique_ptr platform = v8::platform::
>> NewDefaultPlatform();
>>   v8::V8::InitializePlatform(platform.get());
>>
>>   V8::Initialize();
>>
>>   v8::Isolate::CreateParams create_params;
>>   create_params.array_buffer_allocator = v8::ArrayBuffer::Allocator::
>> NewDefaultAllocator();
>>
>>   // Create a new Isolate and make it the current one.
>>   Isolate* isolate = v8::Isolate::New(create_params);
>>
>>   v8::Persistent test;
>>
>>   {
>> Isolate::Scope isolate_scope(isolate);
>>
>> // Create a stack-allocated handle scope.
>> HandleScope handle_scope(isolate);
>>
>> // Create a new context.
>> Local context = Context::New(isolate);
>>
>> // Enter the context for compiling and running the hello world 
>> script.
>> Context::Scope context_scope(context);
>>
>> Local local_value = String::NewFromUtf8(isolate, "test");
>>
>> v8::MaybeLocal maybe_local_resolver = v8::
>> Promise::Resolver::New(context);
>> v8::Local local_resolver = 
>> maybe_local_resolver.ToLocalChecked();
>>
>> local_resolver->Resolve(context, local_value);
>> local_resolver->Resolve(context, local_value);
>>   }
>>
>>   // Dispose the isolate and tear down V8.
>>   isolate->Dispose();
>>   V8::Dispose();
>>   V8::ShutdownPlatform();
>>
>>   return 0;
>> }
>>
>> Build on macOS with
>>
>> ROOT=/usr/local/opt/v8@6.6
>> LIB_DIR=$ROOT/lib/
>>
>> SRC_DIR=$ROOT
>> INCLUDE_DIR=$ROOT/include
>>
>> g++ hello_world.cpp -o hello_world \
>>  -Wno-unused-result \
>>  -g \
>>  -O2 \
>>  -std=c++14 \
>>  -I$SRC_DIR \
>>  -I$INCLUDE_DIR \
>>  -L$LIB_DIR \
>>  -lv8_libbase \
>>  -lv8_libplatform \
>>  -lv8 \
>>  -lpthread
>>
>> install_name_tool -add_rpath $LIB_DIR hello_world
>>
>> And fails with
>> $ ./hello_world 
>> Received signal 11 SEGV_MAPERR 000a
>>
>>  C stack trace ===
>>
>>  [0x000106d8ff14]
>>  [0x7fff6ca6bf5a]
>>  [0x0001072d0984]
>>  [0x000106de95e8]
>>  [0x000106d79bb2]
>>  [0x7fff6c7ea115]
>>  [0x0001]
>> [end of stack trace]
>> Segmentation fault: 11
>>
>> Same issue on linux - 
>> https://travis-ci.org/pinepain/php-v8/jobs/344550482 (scroll to the 
>> bottom).
>>
>> I would really appreciate any help here as I'm not quite sure whether 
>> it's an issue on my side or some regression/bug in v8.
>>
>> Regards,
>> Bogdan
>>
>> -- 
>> -- 
>> v8-users mailing list
>> v8-u...@googlegroups.com 
>> http://groups.google.com/group/v8-users
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "v8-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to v8-users+u...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[v8-users] v8 garbage collection and threading

[A.M.]

My understanding is that garbage collection can be done either in the idle 
notification call made by the application or when some context is being 
disposed of or in one of the v8 background threads. I'm not concerned about 
phantom handles and the foreground message pump. 

Can somebody confirm that if *(a)* no script is running (i.e. not in 
`v8::Script::Compile` nor in `v8::Script::Run`) and *(b)* no weak  pointers 
are set by the application, then none of the application object callbacks 
will be called?

The context for this question is that I would like to destroy application 
objects set in the internal fields of v8 objects and hope that after 
`v8::Script::Run` returns, I can destroy all application-allocated 
resources without having to reset all v8 internal fields pointing to these 
objects, regardless whether the GC cycle is about to run, or is running in 
another thread or will run in the near future. 

Thanks!

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[v8-users] Inner v8::TryCatch reports outer script resource when including one script in another

[A.M.]

I have a script including another script and if the included script has 
errors, the inner `v8::TryCatch` object reports the outer script in the 
returned `v8::Message` instance. 

I set up the usual v8 callbacks and the outer script looks like this:

var app = new MyApp();

try {
app.include("bad-script");
}
catch (err) {
   log("EXPECTED: bad-script: " + err);
}

The inner script is intentionally broken and in this case calls a 
non-existing function, but I also tried the same with broken syntax and the 
only difference is whether `v8::Script::Compile` reports an error or 
`v8::Script::Run`. 

// this function isn't defined anywhere
bad_call();

The C++ code looks like this (the v8 callback machinery is omitted for 
brevity). This is the code that runs the first script:

v8::Global context;
v8::TryCatch try_catch(isolate);

v8::Local v8script = v8::String::NewFromUtf8(isolate, script.
c_str()).ToLocalChecked();
v8::Local compiled_script;

v8::ScriptOrigin script_origin(v8::String::NewFromUtf8(isolate, "Script A"
));

if (!v8::Script::Compile(context.Get(isolate), v8script, _origin).
ToLocal(_script)) {
...
}

v8::Local result;
if (!compiled_script->Run(scriptContext.Get(isolate)).ToLocal()) {
...
}

This is the callback implementing the `include` method:

void MyApp::include(v8::Isolate *isolate, v8::Local name)
{
v8::TryCatch try_catch(isolate);

v8::Local v8script = v8::String::NewFromUtf8(isolate, 
"bad_call()").ToLocalChecked();

v8::Local compiled_script;
v8::ScriptOrigin script_origin(name);

if (!v8::Script::Compile(isolate->GetCurrentContext(), v8script, &
script_origin).ToLocal(_script)) {
// same as in the Run call below if script contains syntax errors
...
}

v8::Local result;
if (!compiled_script->Run(isolate->GetCurrentContext()).ToLocal(
)) {
v8::Local errinfo = try_catch.Message();

// srcline contains "app.include("bad-script");"
v8::String::Utf8Value srcline(errinfo->GetSourceLine(isolate->
GetCurrentContext()).ToLocalChecked());

// resname contains "Script A" instead of "bad-script"
v8::String::Utf8Value resname(errinfo->GetScriptResourceName());
}
}

I realize that only functions are associated with the specific script 
origin and if I call broken functions from "Script A", I get the proper 
script resource name in the main script processor, but in the case like the 
one above, there appears to be no way to figure out what went wrong and 
where in the included script. Any advice on how to get my hands on the 
source line of a broken included script?

Thanks!


-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.