I've actually posted stacktraces of other threads on the user list (https://groups.google.com/g/v8-users/c/iaD_4IGqIyI) which hints this is a race condition. Seems that the code on head hasn't changed around this, so it still might be a bug now, but confirmed, the issue goes away by switching off maglev.
On Wednesday, 25 June 2025 at 13:55:06 UTC+1 [email protected] wrote: > On Wed, Jun 25, 2025 at 2:11 PM Audrius Butkevicius > <[email protected]> wrote: > > > > Hi > > > > I'm running my application in debug mode, and I noticed it sometimes it > fails with his assert: > > > > C:\Program Files\Microsoft Visual > Studio\2022\Community\VC\Tools\MSVC\14.43.34808\include\vector(280) : > Assertion failed: can't dereference out of range vector iterator > > > > ... > > > > 3 # `DllMain'::`5'::<lambda_1>::operator() at dllmain.cpp:598 > (app+0x371a7cd) > > 4 # `DllMain'::`5'::<lambda_1>::<lambda_invoker_cdecl> at > dllmain.cpp:614 (app+0x371a668) > > 5 # _VCrtDbgReportA at dbgrptt.cpp:391 (app+0x361df8f) > > 6 # _CrtDbgReport at dbgrpt.cpp:263 (app+0x35ee779) > > 7 # > std::_Vector_iterator<std::_Vector_val<std::_Simple_types<std::pair<int,v8::internal::Tagged<v8::internal::HeapObject> > > > > > >::operator-> in app+0x92054c > > 8 # v8::MemorySpan<v8::internal::Handle<v8::internal::Map> > >::to_address<std::_Vector_iterator<std::_Vector_val<std::_Simple_types<v8::internal::Handle<v8::internal::Map> > > > > > >,void> in app+0x10e5643 > > 9 # v8::MemorySpan<v8::internal::Handle<v8::internal::Map> > >::MemorySpan<v8::internal::Handle<v8::internal::Map> > ><std::_Vector_iterator<std::_Vector_val<std::_Simple_types<v8::internal::Handle<v8::internal::Map> > > > > > >,1> in app+0x10e50c4 > > 10 # > v8::internal::compiler::JSHeapBroker::ProcessFeedbackMapsForElementAccess > in app+0x251e77a > > 11 # v8::internal::compiler::JSHeapBroker::ReadFeedbackForPropertyAccess > in app+0x2520011 > > 12 # v8::internal::compiler::JSHeapBroker::GetFeedbackForPropertyAccess > in app+0x251af78 > > 13 # v8::internal::maglev::MaglevGraphBuilder::VisitStaInArrayLiteral in > app+0x2862834 > > 14 # v8::internal::maglev::MaglevGraphBuilder::VisitSingleBytecode in > app+0x2343e8f > > 15 # v8::internal::maglev::MaglevGraphBuilder::BuildBody in app+0x230b567 > > 16 # v8::internal::maglev::MaglevGraphBuilder::Build in app+0x230b385 > > 17 # v8::internal::maglev::MaglevCompiler::Compile in app+0x230bd91 > > 18 # v8::internal::maglev::MaglevCompilationJob::ExecuteJobImpl in > app+0xfe89b8 > > 19 # v8::internal::OptimizedCompilationJob::ExecuteJob in app+0xb0583b > > 20 # v8::internal::maglev::MaglevConcurrentDispatcher::JobTask::Run in > app+0xfe9c23 > > 21 # v8::platform::DefaultJobWorker::Run in app+0xd2a949 > > 22 # v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run in > app+0xd2b1c2 > > 23 # v8::base::Thread::NotifyStartedAndRun in app+0x681104 > > 24 # v8::base::OS::StrNCpy in app+0x681e4d > > 25 # thread_start<unsigned int (__cdecl*)(void *),1> at thread.cpp:97 > (app+0x3622e45) > > 26 # BaseThreadInitThunk in KERNEL32+0x17374 > > 27 # RtlUserThreadStart in ntdll+0x4cc91 > > > > It's possible that I'm doing something wrong, but it's not very clear > what. > > > > Sadly, this is version 12.9.202, as I still need a static build that > uses MSVC. > > > > Any suggestions would be welcome, as to what I'm doing wrong. > > > > Thanks. > > Maybe try building with v8_enable_maglev=false. In node, we had maglev > disabled until at least 12.8 because of various crashes. > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/v8-dev/d083072f-149e-465a-aa78-c7c9c6dc4226n%40googlegroups.com.
