[v8-dev] Issue 804 in v8: v8:TerminateExecution crash

[codesite-noreply]

Status: New
Owner: ----

New issue 804 by ruanshudong: v8:TerminateExecution crash
http://code.google.com/p/v8/issues/detail?id=804
Program terminated with signal 11, Segmentation fault.
#0  0x00007f615fff7c01 in WTF::HashTable<v8::Value*, std::pair<v8::Value*,  
WebCore::GlobalHandleInfo*>, WTF::PairFirstExtractor<std::pair<v8::Value*,  
WebCore::GlobalHandleInfo*> >, WTF::PtrHash<v8::Value*>,  
WTF::PairHashTraits<WTF::HashTraits<v8::Value*>,  
WTF::HashTraits<WebCore::GlobalHandleInfo*> >, WTF::HashTraits<v8::Value*>  
::checkKey<v8::Value*, WTF::IdentityHashTranslator<v8::Value*,  
std::pair<v8::Value*, WebCore::GlobalHandleInfo*>, WTF::PtrHash<v8::Value*>  
> (this=<value optimized out>, k...@0x7fff2ead0fa8) at  
third_party/WebKit/JavaScriptCore/wtf/HashTable.h:465
465     third_party/WebKit/JavaScriptCore/wtf/HashTable.h: No such file or  
directory.
        in third_party/WebKit/JavaScriptCore/wtf/HashTable.h
(gdb) bt
#0  0x00007f615fff7c01 in WTF::HashTable<v8::Value*, std::pair<v8::Value*,  
WebCore::GlobalHandleInfo*>, WTF::PairFirstExtractor<std::pair<v8::Value*,  
WebCore::GlobalHandleInfo*> >, WTF::PtrHash<v8::Value*>,  
WTF::PairHashTraits<WTF::HashTraits<v8::Value*>,  
WTF::HashTraits<WebCore::GlobalHandleInfo*> >, WTF::HashTraits<v8::Value*>  
::checkKey<v8::Value*, WTF::IdentityHashTranslator<v8::Value*,  
std::pair<v8::Value*, WebCore::GlobalHandleInfo*>, WTF::PtrHash<v8::Value*>  
> (this=<value optimized out>, k...@0x7fff2ead0fa8) at  
third_party/WebKit/JavaScriptCore/wtf/HashTable.h:465
#1  0x00007f615fff67ca in lookup<v8::Value*,  
WTF::IdentityHashTranslator<v8::Value*, std::pair<v8::Value*,  
WebCore::GlobalHandleInfo*>, WTF::PtrHash<v8::Value*> > > (key=<value  
optimized out>, this=<value optimized out>) at  
third_party/WebKit/JavaScriptCore/wtf/HashTable.h:479
#2  contains<v8::Value*, WTF::IdentityHashTranslator<v8::Value*,  
std::pair<v8::Value*, WebCore::GlobalHandleInfo*>, WTF::PtrHash<v8::Value*>  
> (
    key=<value optimized out>, this=<value optimized out>) at  
third_party/WebKit/JavaScriptCore/wtf/HashTable.h:804
#3  contains (key=<value optimized out>, this=<value optimized out>) at  
third_party/WebKit/JavaScriptCore/wtf/HashTable.h:327
#4  contains (key=<value optimized out>, this=<value optimized out>) at  
third_party/WebKit/JavaScriptCore/wtf/HashMap.h:206
#5  WebCore::V8GCController::registerGlobalHandle (key=<value optimized  
out>, this=<value optimized out>)
    at third_party/WebKit/WebCore/bindings/v8/V8GCController.cpp:100
#6  0x00007f615fff0d03 in  
WebCore::V8DOMWindowShell::updateDocumentWrapperCache (this=0x7f612154f5b0)
    at third_party/WebKit/WebCore/bindings/v8/V8DOMWindowShell.cpp:432
#7  0x00007f615fff24d2 in WebCore::V8DOMWindowShell::updateDocument  
(this=0x7f612154f5b0)
    at third_party/WebKit/WebCore/bindings/v8/V8DOMWindowShell.cpp:506
#8  0x00007f615fff2040 in WebCore::V8DOMWindowShell::initContextIfNeeded  
(this=0x7f612154f5b0)
    at third_party/WebKit/WebCore/bindings/v8/V8DOMWindowShell.cpp:300
#9  0x00007f61600041bd in WebCore::V8Proxy::mainWorldContext  
(this=0x7f6120172540) at  
third_party/WebKit/WebCore/bindings/v8/V8Proxy.cpp:776
#10 0x00007f61600041fb in WebCore::V8Proxy::mainWorldContext (frame=<value  
optimized out>) at third_party/WebKit/WebCore/bindings/v8/V8Proxy.cpp:786
#11 0x00007f615ffd9fa7 in WebCore::ScriptController::evaluate  
(this=0x7f611faca538, sourceCode=..., shouldAllowXSS=<value optimized out>)
    at third_party/WebKit/WebCore/bindings/v8/ScriptController.cpp:230
#12 0x00007f615ff910df in WebCore::ScriptController::executeScript  
(this=0x7f611faca538, sourceCode=..., shouldAllowXSS=DoNotAllowXSS)
    at third_party/WebKit/WebCore/bindings/ScriptControllerBase.cpp:60
#13 0x00007f616034ce54 in  
WebCore::LegacyHTMLDocumentParser::scriptExecution (this=0x7f61231d2800,  
sourceCode=..., state=<value optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:557
#14 0x00007f616034d936 in WebCore::LegacyHTMLDocumentParser::scriptHandler  
(this=0x7f61231d2800, state=<value optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:504
#15 0x00007f616034e1e7 in  
WebCore::LegacyHTMLDocumentParser::parseNonHTMLText (this=0x7f61231d2800,  
src=..., state=<value optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:347
#16 0x00007f616034c01c in WebCore::LegacyHTMLDocumentParser::parseTag  
(this=0x7f61231d2800, src=..., state=<value optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:1511
#17 0x00007f616034c76a in advance (state=<value optimized out>, this=<value  
optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:1678
#18 WebCore::LegacyHTMLDocumentParser::write (state=<value optimized out>,  
this=<value optimized out>)
    at third_party/WebKit/WebCore/html/LegacyHTMLDocumentParser.cpp:1779
#19 0x00007f61600fb691 in WebCore::DecodedDataDocumentParser::appendBytes  
(this=0x7f61231d2800, writer=0x7f611faca220,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
length=<value optimized out>, shouldFlush=false)
    at third_party/WebKit/WebCore/dom/DecodedDataDocumentParser.cpp:55
#20 0x000000000050221a in WebKit::WebFrameImpl::commitDocumentData  
(this=0x7f6124b3c000,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
dataLen=2547)
    at third_party/WebKit/WebKit/chromium/src/WebFrameImpl.cpp:1022
#21 0x000000000053ed83 in WebKit::FrameLoaderClientImpl::committedLoad  
(this=0x7f6124b3c010, loader=0x7f6122a63800,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"..., length=2547)
    at third_party/WebKit/WebKit/chromium/src/FrameLoaderClientImpl.cpp:1042
#22 0x00007f61603f492e in WebCore::DocumentLoader::commitLoad  
(this=0x7f6122a63800,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"..., length=2547)
    at third_party/WebKit/WebCore/loader/DocumentLoader.cpp:280
#23 0x00007f616043df25 in WebCore::ResourceLoader::didReceiveData  
(this=0x7f6151dbf800,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
length=2547, lengthReceived=2547, allAtOnce=112)
    at third_party/WebKit/WebCore/loader/ResourceLoader.cpp:260
#24 0x00007f6160427bea in WebCore::MainResourceLoader::didReceiveData  
(this=0x7f6151dbf800,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
length=2547, lengthReceived=2547,
    allAtOnce=<value optimized out>) at  
third_party/WebKit/WebCore/loader/MainResourceLoader.cpp:405
#25 0x00007f616043d495 in WebCore::ResourceLoader::didReceiveData  
(this=0x7f6151dbf800,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
length=2547, lengthReceived=783091056)
    at third_party/WebKit/WebCore/loader/ResourceLoader.cpp:431
#26 0x00000000004edad5 in WebCore::ResourceHandleInternal::didReceiveData  
(this=0x7f612124f600,
---Type <return> to continue, or q <return> to quit---
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"...,  
dataLength=2547)
    at third_party/WebKit/WebKit/chromium/src/ResourceHandle.cpp:173
#27 0x00007f6165832373 in  
webkit_glue::WebURLLoaderImpl::Context::OnReceivedData (this=0x7f6124755f00,
    data=0x7f61228bf000 "<script></script><!DOCTYPE html PUBLIC  
\"-//W3C//DTD XHTML 1.0 Transitional//EN\"  
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html  
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<!-- 172.203.20"..., len=2547)  
at webkit/glue/weburlloader_impl.cc:538
#28 0x00000000004a40da in RequestProxy::NotifyReceivedData  
(this=0x7f6121ca3870, bytes_read=2547) at my_resource_loader_bridge.cpp:202
#29 0x000000000049ff55 in DispatchToMethod<RequestProxy, void  
(RequestProxy::*)(int), int> (obj=0x7f6121ca3870, method=
    (void (RequestProxy::*)(RequestProxy *, int)) 0x4a3f44  
<RequestProxy::NotifyReceivedData(int)>, arg=...)
    at /usr/local/app/chromium/src/base/tuple.h:422
#30 0x000000000049ff92 in RunnableMethod<RequestProxy, void  
(RequestProxy::*)(int), Tuple1<int> >::Run (this=0x7f6123f52d80)
    at /usr/local/app/chromium/src/base/task.h:323
#31 0x00007f61661e598c in MessageLoop::RunTask (this=0x7f6166abc600,  
task=0x7f6123f52d80) at base/message_loop.cc:366
#32 0x00007f61661e5a5e in MessageLoop::DeferOrRunPendingTask  
(this=0x7f6166abc600, pending_task=...) at base/message_loop.cc:375
#33 0x00007f61661e5ca1 in MessageLoop::DoWork (this=0x7f6166abc600) at  
base/message_loop.cc:482
#34 0x000000000049a0e3 in MyMessageLoopForUI::DoWork (this=0x7f6166abc600)  
at my_message_loop_for_ui.cpp:39
#35 0x00007f61662517b3 in base::MessagePumpForUI::RunWithDispatcher  
(this=0x7f6152ab9480, delegate=0x7f6166abc600, dispatcher=0x0)
    at base/message_pump_glib.cc:199
#36 0x00007f6166252147 in base::MessagePumpForUI::Run (this=0x7f6152ab9480,  
delegate=0x7f6166abc600) at ./base/message_pump_glib.h:59
#37 0x00007f61661e6483 in MessageLoop::RunInternal (this=0x7f6166abc600) at  
base/message_loop.cc:214
#38 0x00007f61661e64a3 in MessageLoop::RunHandler (this=0x7f6166abc600) at  
base/message_loop.cc:186
#39 0x00007f61661e6548 in MessageLoop::Run (this=0x7f6166abc600) at  
base/message_loop.cc:164
#40 0x0000000000482daf in main (argc=2, argv=0x7fff2ead2948) at  
ChromeServer.cpp:185

after gc(gc cost about 10 seconds), i call v8::TerminateExecution from  
other thread, and v8 sometimes will be crash


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev