[v8-dev] Core Dump in v8::Module::InstantiateModule() (V8 v9.6.180.12)

Wed, 17 Nov 2021 19:16:20 -0800 

Hi There,

I recently synced up to V8 v9.6.180.12, but met a core dump issue
in v8::Module::InstantiateModule.

*Symptom*

   1. Register a custom module resolver.
   2. Prepare an invalid module referencing a non-existing module. E.g. import
   { a } from 'a.js'.
   3. Call v8::ScriptCompiler::CompileModule() to compile that invalid
   module.
   4. In the custom module resolver, just return an empty module.
   5. v8::ScriptCompiler::CompileModule()  returns a MaybeLocal module.
   6. Call InstantiateModule() to initialize that module.
   7. A core dump occurs. The stack trace is as follows.

#
> # Fatal error in , line 0
> # Check failed: has_pending_exception().
> #
> #
> #
> #FailureMessage Object: 000000A0B96FB020
> ==== C stack trace ===============================
> v8::base::debug::StackTrace::StackTrace [0x00007FF87FEA624B+27]
> v8::platform::DefaultPlatform::GetStackTracePrinter [0x00007FF87FE01B07+55]
> V8_Fatal [0x00007FF87FEAE389+217]
> v8::internal::Isolate::PropagatePendingExceptionToExternalTryCatch
> [0x00007FF87FE64311+273]
> v8::internal::Isolate::OptionalRescheduleException [0x00007FF87FE648D6+38]
> v8::Module::InstantiateModule [0x00007FF87FE081DD+317]


*Analysis*

In V8 9.5 (and below), the behavior is InstantiateModule() returns without
a core dump. So I reviewed the recent commits and found the following
commit is suspicious.

> 62a557e
> <https://chromium.googlesource.com/v8/v8.git/+/62a557e5172f220461b4dd593975ffc5f85f76b7>
>  Merged: [runtime] Check if we have a pending exception before returning
> it
> <https://chromium.googlesource.com/v8/v8.git/+/62a557e5172f220461b4dd593975ffc5f85f76b7>
>  by Toon Verwaest


Then, I rolled back to v9.6.180.8 and the core dump issue was gone. I
suspect the one line change CHECK(has_pending_exception()); somehow doesn't
satisfy v8::Module::InstantiateModule(). Could you please check this out?

>  Object Isolate::pending_exception() {
> -  DCHECK(has_pending_exception());
> +  CHECK(has_pending_exception());
>    DCHECK(!thread_local_top()->pending_exception_.IsException(this));
>    return thread_local_top()->pending_exception_;
>  }


Thank you,
Sam Cao

-- 
-- 
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups 
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/v8-dev/CADa8QzE3qgPfY5a8KGNrV%2BE_a%2BrZ43O5zERSbX8Q0McWD7TbQw%40mail.gmail.com.

Reply via email to