+Toon Verwaest <[email protected]> for crrev.com/c/3247031
On Thu, Nov 18, 2021 at 4:16 AM Sam Cao <[email protected]> wrote:
> Hi There,
>
> I recently synced up to V8 v9.6.180.12, but met a core dump issue
> in v8::Module::InstantiateModule.
>
> *Symptom*
>
> 1. Register a custom module resolver.
> 2. Prepare an invalid module referencing a non-existing module. E.g. import
> { a } from 'a.js'.
> 3. Call v8::ScriptCompiler::CompileModule() to compile that invalid
> module.
> 4. In the custom module resolver, just return an empty module.
> 5. v8::ScriptCompiler::CompileModule() returns a MaybeLocal module.
> 6. Call InstantiateModule() to initialize that module.
> 7. A core dump occurs. The stack trace is as follows.
>
> #
>> # Fatal error in , line 0
>> # Check failed: has_pending_exception().
>> #
>> #
>> #
>> #FailureMessage Object: 000000A0B96FB020
>> ==== C stack trace ===============================
>> v8::base::debug::StackTrace::StackTrace [0x00007FF87FEA624B+27]
>> v8::platform::DefaultPlatform::GetStackTracePrinter
>> [0x00007FF87FE01B07+55]
>> V8_Fatal [0x00007FF87FEAE389+217]
>> v8::internal::Isolate::PropagatePendingExceptionToExternalTryCatch
>> [0x00007FF87FE64311+273]
>> v8::internal::Isolate::OptionalRescheduleException [0x00007FF87FE648D6+38]
>> v8::Module::InstantiateModule [0x00007FF87FE081DD+317]
>
>
> *Analysis*
>
> In V8 9.5 (and below), the behavior is InstantiateModule() returns
> without a core dump. So I reviewed the recent commits and found the
> following commit is suspicious.
>
>> 62a557e
>> <https://chromium.googlesource.com/v8/v8.git/+/62a557e5172f220461b4dd593975ffc5f85f76b7>
>> Merged: [runtime] Check if we have a pending exception before returning
>> it
>> <https://chromium.googlesource.com/v8/v8.git/+/62a557e5172f220461b4dd593975ffc5f85f76b7>
>> by Toon Verwaest
>
>
> Then, I rolled back to v9.6.180.8 and the core dump issue was gone. I
> suspect the one line change CHECK(has_pending_exception()); somehow
> doesn't satisfy v8::Module::InstantiateModule(). Could you please check
> this out?
>
>> Object Isolate::pending_exception() {
>> - DCHECK(has_pending_exception());
>> + CHECK(has_pending_exception());
>> DCHECK(!thread_local_top()->pending_exception_.IsException(this));
>> return thread_local_top()->pending_exception_;
>> }
>
>
> Thank you,
> Sam Cao
>
> --
> --
> v8-dev mailing list
> [email protected]
> http://groups.google.com/group/v8-dev
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/v8-dev/CADa8QzE3qgPfY5a8KGNrV%2BE_a%2BrZ43O5zERSbX8Q0McWD7TbQw%40mail.gmail.com
> <https://groups.google.com/d/msgid/v8-dev/CADa8QzE3qgPfY5a8KGNrV%2BE_a%2BrZ43O5zERSbX8Q0McWD7TbQw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/CAH3p7oPOV-o8WpKKx%2BpqzTjSCV-1QmWijUK0tEK%2B%3DEYa_29znA%40mail.gmail.com.
