Do you have a repro you can share?
On Fri, Dec 6, 2019 at 1:40 PM <[email protected]> wrote:
> Currently it can happen so that two blocks with handle scope data in
> HandleScopeImplementer::blocks_ can be allocated so the end of the first
> one is with the same address as the start of the second.
>
> If this happens in a situation when the thus aligned blocks are the last
> used block and the one before it, the following situation can happen:
> - You close a HandleScope that is the only one kept in the last block and
> starts at the beginning of the last block
> - CloseScope calls DeleteExtensions
> - DeleteExtensions checks whether the last open scope after the current
> closed one is in the last block, or the last block should be freed
> - If the end of the remaining open scope is at the end of the next to last
> block, DeleteExtensions decides that the handle scope is in the beginning
> of the last block as well and doesn't free it
> Which results at least in an error in the invariant of
> HandleScope::Extend, which causes DCHECK_LT(limit - current->next,
> kHandleBlockSize)) to fail in debug and causes a crash in release.
>
> I was able to fix this by changing the check inside DeleteExtensions from
> if (reinterpret_cast<Address>(block_start) <=
> reinterpret_cast<Address>(prev_limit)
> && reinterpret_cast<Address>(prev_limit) <=
> reinterpret_cast<Address>(block_limit))
> {
>
> to
> if (reinterpret_cast<Address>(block_start) <
> reinterpret_cast<Address>(prev_limit)
> && reinterpret_cast<Address>(prev_limit) <=
> reinterpret_cast<Address>(block_limit))
> {
>
> here - https://github.com/v8/v8/blob/master/src/api/api.h#L532
>
>
> However, is it expected two blocks to be able to be aligned this way?
> If yes, then this error should be fixed. If not - then maybe the
> allocation of blocks for handle scope data should be reiterated and
> modified.
>
> I caught this on Linux, x64 arch.
>
> --
> --
> v8-dev mailing list
> [email protected]
> http://groups.google.com/group/v8-dev
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/v8-dev/9c911e70-2c1f-46fb-a3fa-807c51750e86%40googlegroups.com
> <https://groups.google.com/d/msgid/v8-dev/9c911e70-2c1f-46fb-a3fa-807c51750e86%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/CAKSzg3T5FytG9jDp_hweOmrEtHUcjvUHee021h34WJ-ixkNbMw%40mail.gmail.com.
