Hi,
I ran into a crash at deserialization time when trying to load a large
snapshot. I managed to trim down the reproducer to the following embed
script:
```
const z = new Uint8Array(1);
class A {
static x() {
}
}
class B extends A {}
B.foo = '';
class C extends B {}
class D extends C {}
class E extends B {}
function F() {}
Object.setPrototypeOf(F, D);
```
Note that very subtle changes to the embed script may result in things
working. For example, by removing the last two lines, things work as
expected.
What seems to be happening is that the Uint8Array is_on_heap() at
serialization time, but it is !is_on_heap() at deserialization time.
However, when things do work as expected, is_on_heap() is true in both
cases.
Anyone familiar with the snapshot serialization/deserialization code who
might have a clue what's going on?
FWIW I've also opened an issue
here: https://bugs.chromium.org/p/v8/issues/detail?id=13149
Cheers,
Ole André
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/7a34f377-a8ac-4305-a7a2-7571914e3450n%40googlegroups.com.
