[v8-dev] Issue 3850 in v8: Crash on OptimizingCompilerThread

[codesite-noreply via v8-dev]

Status: New
Owner: ----

New issue 3850 by cwhan.t...@gmail.com: Crash on OptimizingCompilerThread
https://code.google.com/p/v8/issues/detail?id=3850
-----------------
var b = 1;
for(var i = 0; i < 200; i++) {
 Date == b;
}
-----------------

It sometimes crashes, and crash point is changed.
(In my case, only crashes on shell, not d8. It is hard to trigger...)

I think it is race condition.

It try to access freed area.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff4dbd700 (LWP 35884)]
ConvertOperands (zone=<optimized out>, this=0x2225008)  
at ../src/lithium-allocator.cc:459
(gdb) bt
#0  ConvertOperands (zone=<optimized out>, this=0x2225008)  
at ../src/lithium-allocator.cc:459
#1  set_assigned_register (zone=<optimized out>, reg=<optimized out>,  
this=0x2225008) at ../src/lithium-allocator.cc:118
#2  SetLiveRangeAssignedRegister (reg=<optimized out>, range=0x2225008,  
this=0x2224638) at .././src/lithium-allocator-inl.h:51
#3  v8::internal::LAllocator::TryAllocateFreeReg  
(this=this@entry=0x7ffff4dbcc30, current=current@entry=0x7ffff0000ca0)
    at ../src/lithium-allocator.cc:1838
#4  0x000000000085ddcb in v8::internal::LAllocator::AllocateRegisters  
(this=this@entry=0x7ffff4dbcc30)
    at ../src/lithium-allocator.cc:1576
#5  0x000000000085eac1 in AllocateGeneralRegisters (this=0x7ffff4dbcc30)  
at ../src/lithium-allocator.cc:1471
#6  v8::internal::LAllocator::Allocate (this=0x7ffff4dbcc30,  
chunk=<optimized out>) at ../src/lithium-allocator.cc:1082
#7  0x000000000086401b in v8::internal::LChunk::NewChunk (graph=<optimized  
out>) at ../src/lithium.cc:449
#8  0x00000000004c1086 in v8::internal::OptimizedCompileJob::OptimizeGraph  
(this=0x22229a8) at ../src/compiler.cc:484
#9  0x000000000094e200 in CompileNext (job=0x22229a8, this=0x2200290)  
at ../src/optimizing-compiler-thread.cc:192
#10 v8::internal::OptimizingCompilerThread::Run (this=0x2200290)  
at ../src/optimizing-compiler-thread.cc:159
#11 0x0000000000e37f17 in NotifyStartedAndRun (this=0x2200290)  
at .././src/base/platform/platform.h:461
#12 v8::base::ThreadEntry (arg=0x2200290)  
at ../src/base/platform/platform-posix.cc:507
#13 0x00007ffff7190182 in start_thread (arg=0x7ffff4dbd700) at  
pthread_create.c:312
#14 0x00007ffff6ebd00d in clone ()  
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

or

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff4dbd700 (LWP 28543)]
SkipUninteresting (this=<synthetic pointer>) at .././src/lithium-inl.h:82
warning: Source file is more recent than executable.
82        while (current_ < limit_) {
(gdb) bt
#0  SkipUninteresting (this=<synthetic pointer>)  
at .././src/lithium-inl.h:82
#1  InputIterator (instr=0x2224b60, this=<synthetic pointer>)  
at .././src/lithium-inl.h:59
#2  UseIterator (instr=0x2224b60, this=<synthetic pointer>)  
at .././src/lithium-inl.h:89
#3  v8::internal::LAllocator::MeetConstraintsBetween (this=0x7ffff4dbcc30,  
first=<optimized out>, second=0x2224b60, gap_index=13)
    at ../src/lithium-allocator.cc:819
#4  0x000000000085e97b in MeetRegisterConstraints (block=<optimized out>,  
this=<optimized out>) at ../src/lithium-allocator.cc:762
#5  MeetRegisterConstraints (this=0x7ffff4dbcc30)  
at ../src/lithium-allocator.cc:1098
#6  v8::internal::LAllocator::Allocate (this=0x7ffff4dbcc30,  
chunk=<optimized out>) at ../src/lithium-allocator.cc:1078
#7  0x000000000086401b in v8::internal::LChunk::NewChunk (graph=<optimized  
out>) at ../src/lithium.cc:449
#8  0x00000000004c1086 in v8::internal::OptimizedCompileJob::OptimizeGraph  
(this=0x22229a8) at ../src/compiler.cc:484
#9  0x000000000094e200 in CompileNext (job=0x22229a8, this=0x2200290)  
at ../src/optimizing-compiler-thread.cc:192
#10 v8::internal::OptimizingCompilerThread::Run (this=0x2200290)  
at ../src/optimizing-compiler-thread.cc:159
#11 0x0000000000e37f17 in NotifyStartedAndRun (this=0x2200290)  
at .././src/base/platform/platform.h:461
#12 v8::base::ThreadEntry (arg=0x2200290)  
at ../src/base/platform/platform-posix.cc:507
#13 0x00007ffff7190182 in start_thread (arg=0x7ffff4dbd700) at  
pthread_create.c:312
#14 0x00007ffff6ebd00d in clone ()  
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) x/i $pc
=> 0x84ed88  
<v8::internal::LAllocator::MeetConstraintsBetween(v8::internal::LInstruction*,  
v8::internal::LInstruction*, int)+1920>:mov    (%rax),%esi
(gdb) i r rax
rax            0x34     52



--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.