Status: New
Owner: ----
New issue 813 by [email protected]: ASSERT on ARM in Debug:
CHECK(known_smi_map < (1u << count)) failed
http://code.google.com/p/v8/issues/detail?id=813
This happens in the embedded v8 inside of o3d on ARM.
Here's the log dump:
#
# Fatal error in v8/src/arm/virtual-frame-arm.h, line 504
# CHECK(known_smi_map < (1u << count)) failed
#
==== Stack trace ============================================
Security context: 0x44ae2b99 <JS Object>#0#
1: /* anonymous */ [0x44a4004d <undefined>:13] (this=0x430098b5 <JS
Object>#1#,initializer=0x430098d9 <Very long
string[109940]>#2#,args=0x43024659 <JS Object>#3#)
==== Details ================================================
[1]: /* anonymous */ [0x44a4004d <undefined>:13] (this=0x430098b5 <JS
Object>#1#,initializer=0x430098d9 <Very long
string[109940]>#2#,args=0x43024659 <JS Object>#3#) {
// heap-allocated locals
var .arguments = 0x43024715 <an Arguments>>#4#
var o3djsBrowser = 0x43024739 <JS Object>#5#
var arguments = 0x43024715 <an Arguments>>#4#
// expression stack (top to bottom)
[06] : 0x430098b5 <JS Object>#1#
[05] : 0x430249cd <Very long string[109942]>#6#
[04] : 0x44a3c7d1 <JS Function eval>#7#
[03] : 0x430249cd <Very long string[109942]>#6#
[02] : 0x44a4004d <undefined>
[01] : 0x44a3c7d1 <JS Function eval>#7#
[00] : 0x43024715 <an Arguments>>#4#
--------- s o u r c e c o d e ---------
function (initializer, args) {? // Set up the o3djs namespace.? var
o3djsBrowser = o3djs;? o3djs = {};? o3djs.browser = o3djsBrowser;?
o3djs.global = (function() { return this; })();?? o3djs.require =
function(rule) {}? o3djs.provide = function(rule) {}?? // Evaluate
the initializer s...
-----------------------------------------
}
==== Key ============================================
#0# 0x44ae2b99: 0x44ae2b99 <JS Object>
#1# 0x430098b5: 0x430098b5 <JS Object>
#2# 0x430098d9: 0x430098d9 <Very long string[109940]>
#3# 0x43024659: 0x43024659 <JS Object>
#4# 0x43024715: 0x43024715 <an Arguments>>
callee: 0x44ae30ed <JS Function>#8#
length: 2
#5# 0x43024739: 0x43024739 <JS Object>
#6# 0x430249cd: 0x430249cd <Very long string[109942]>
#7# 0x44a3c7d1: 0x44a3c7d1 <JS Function eval>
#8# 0x44ae30ed: 0x44ae30ed <JS Function>
: 0x430097a5 <an Object>>#9#
#9# 0x430097a5: 0x430097a5 <an Object>>
internal_property_: 0x43009785 <Proxy>#10#
#10# 0x43009785: 0x43009785 <Proxy>
=====================
Here's the stack trace:
#0 V8_Fatal (file=0xbebdd4e8 "\230X\202\002", line=-494927864,
format=0xaf <Address 0xaf out of bounds>) at v8/src/checks.cc:40
#1 0x4244bd68 in CheckHelper (
file=0x4278d60c "v8/src/arm/virtual-frame-arm.h", line=504,
source=0x4278d62c "known_smi_map < (1u << count)", condition=false)
at v8/src/checks.h:62
#2 0x4244c2bc in v8::internal::VirtualFrame::RaiseHeight (this=0x44c37a40,
count=40, known_smi_map=0) at v8/src/arm/virtual-frame-arm.h:504
#3 0x4244bdd8 in v8::internal::VirtualFrame::Adjust (this=0x44c37a40,
count=40) at v8/src/virtual-frame-light.cc:39
#4 0x424da020 in v8::internal::VirtualFrame::AllocateStackSlots (
this=0x44c37a40) at v8/src/arm/virtual-frame-arm.cc:226
#5 0x4245f0f4 in v8::internal::CodeGenerator::Generate (this=0xbebdf934,
info=0xbebdf9c8) at v8/src/arm/codegen-arm.cc:226
#6 0x424f6b74 in v8::internal::CodeGenerator::MakeCode (info=0xbebdf9c8)
at v8/src/codegen.cc:215
#7 0x42285d5c in v8::internal::Compiler::BuildFunctionInfo (
literal=0x44b734f4, script=..., caller=0xbebe2344)
at v8/src/compiler.cc:559
#8 0x4246aea0 in v8::internal::CodeGenerator::VisitFunctionLiteral (
this=0xbebe2344, node=0x44b734f4) at v8/src/arm/codegen-arm.cc:2885
#9 0x424e7e9c in v8::internal::FunctionLiteral::Accept (this=0x44b734f4,
v=0xbebe2344) at v8/src/ast.cc:54
#10 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b734f4) at v8/src/ast.h:2055
#11 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe2344,
x=0x44b734f4, true_target=0xbebdfb60, false_target=0xbebdfb48,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#12 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe2344,
expr=0x44b734f4) at v8/src/arm/codegen-arm.cc:540
#13 0x4246e59c in v8::internal::CodeGenerator::EmitNamedPropertyAssignment (
this=0xbebe2344, node=0x44b7353c) at v8/src/arm/codegen-arm.cc:3603
#14 0x4246f0c4 in v8::internal::CodeGenerator::VisitAssignment (
this=0xbebe2344, node=0x44b7353c) at v8/src/arm/codegen-arm.cc:3779
#15 0x424e80cc in v8::internal::Assignment::Accept (this=0x44b7353c,
v=0xbebe2344) at v8/src/ast.cc:54
#16 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b7353c) at v8/src/ast.h:2055
#17 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe2344,
x=0x44b7353c, true_target=0xbebdfd10, false_target=0xbebdfcf8,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#18 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe2344,
expr=0x44b7353c) at v8/src/arm/codegen-arm.cc:540
#19 0x42465ec0 in v8::internal::CodeGenerator::VisitExpressionStatement (
this=0xbebe2344, node=0x44b73560) at v8/src/arm/codegen-arm.cc:1782
#20 0x424e7b1c in v8::internal::ExpressionStatement::Accept
(this=0x44b73560,
v=0xbebe2344) at v8/src/ast.cc:54
#21 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b73560) at v8/src/ast.h:2055
#22 0x424654e8 in v8::internal::CodeGenerator::VisitStatements (
this=0xbebe2344, statements=0x27429b4) at v8/src/arm/codegen-arm.cc:1673
#23 0x4245f898 in v8::internal::CodeGenerator::Generate (this=0xbebe2344,
info=0xbebe23d8) at v8/src/arm/codegen-arm.cc:347
#24 0x424f6b74 in v8::internal::CodeGenerator::MakeCode (info=0xbebe23d8)
at v8/src/codegen.cc:215
bt
#0 V8_Fatal (file=0xbebdd4e8 "\230X\202\002", line=-494927864,
format=0xaf <Address 0xaf out of bounds>) at v8/src/checks.cc:40
#1 0x4244bd68 in CheckHelper (
file=0x4278d60c "v8/src/arm/virtual-frame-arm.h", line=504,
source=0x4278d62c "known_smi_map < (1u << count)", condition=false)
at v8/src/checks.h:62
#2 0x4244c2bc in v8::internal::VirtualFrame::RaiseHeight (this=0x44c37a40,
count=40, known_smi_map=0) at v8/src/arm/virtual-frame-arm.h:504
#3 0x4244bdd8 in v8::internal::VirtualFrame::Adjust (this=0x44c37a40,
count=40) at v8/src/virtual-frame-light.cc:39
#4 0x424da020 in v8::internal::VirtualFrame::AllocateStackSlots (
this=0x44c37a40) at v8/src/arm/virtual-frame-arm.cc:226
#5 0x4245f0f4 in v8::internal::CodeGenerator::Generate (this=0xbebdf934,
info=0xbebdf9c8) at v8/src/arm/codegen-arm.cc:226
#6 0x424f6b74 in v8::internal::CodeGenerator::MakeCode (info=0xbebdf9c8)
at v8/src/codegen.cc:215
#7 0x42285d5c in v8::internal::Compiler::BuildFunctionInfo (
literal=0x44b734f4, script=..., caller=0xbebe2344)
at v8/src/compiler.cc:559
#8 0x4246aea0 in v8::internal::CodeGenerator::VisitFunctionLiteral (
this=0xbebe2344, node=0x44b734f4) at v8/src/arm/codegen-arm.cc:2885
#9 0x424e7e9c in v8::internal::FunctionLiteral::Accept (this=0x44b734f4,
v=0xbebe2344) at v8/src/ast.cc:54
#10 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b734f4) at v8/src/ast.h:2055
#11 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe2344,
x=0x44b734f4, true_target=0xbebdfb60, false_target=0xbebdfb48,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#12 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe2344,
expr=0x44b734f4) at v8/src/arm/codegen-arm.cc:540
#13 0x4246e59c in v8::internal::CodeGenerator::EmitNamedPropertyAssignment (
this=0xbebe2344, node=0x44b7353c) at v8/src/arm/codegen-arm.cc:3603
#14 0x4246f0c4 in v8::internal::CodeGenerator::VisitAssignment (
this=0xbebe2344, node=0x44b7353c) at v8/src/arm/codegen-arm.cc:3779
#15 0x424e80cc in v8::internal::Assignment::Accept (this=0x44b7353c,
v=0xbebe2344) at v8/src/ast.cc:54
#16 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b7353c) at v8/src/ast.h:2055
#17 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe2344,
x=0x44b7353c, true_target=0xbebdfd10, false_target=0xbebdfcf8,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#18 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe2344,
expr=0x44b7353c) at v8/src/arm/codegen-arm.cc:540
#19 0x42465ec0 in v8::internal::CodeGenerator::VisitExpressionStatement (
this=0xbebe2344, node=0x44b73560) at v8/src/arm/codegen-arm.cc:1782
#20 0x424e7b1c in v8::internal::ExpressionStatement::Accept
(this=0x44b73560,
v=0xbebe2344) at v8/src/ast.cc:54
#21 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe2344,
node=0x44b73560) at v8/src/ast.h:2055
#22 0x424654e8 in v8::internal::CodeGenerator::VisitStatements (
this=0xbebe2344, statements=0x27429b4) at v8/src/arm/codegen-arm.cc:1673
#23 0x4245f898 in v8::internal::CodeGenerator::Generate (this=0xbebe2344,
info=0xbebe23d8) at v8/src/arm/codegen-arm.cc:347
#24 0x424f6b74 in v8::internal::CodeGenerator::MakeCode (info=0xbebe23d8)
at v8/src/codegen.cc:215
#25 0x42285d5c in v8::internal::Compiler::BuildFunctionInfo (
literal=0x44c11598, script=..., caller=0xbebe4d24)
at v8/src/compiler.cc:559
#26 0x4246aea0 in v8::internal::CodeGenerator::VisitFunctionLiteral (
this=0xbebe4d24, node=0x44c11598) at v8/src/arm/codegen-arm.cc:2885
#27 0x424e7e9c in v8::internal::FunctionLiteral::Accept (this=0x44c11598,
v=0xbebe4d24) at v8/src/ast.cc:54
#28 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe4d24,
node=0x44c11598) at v8/src/ast.h:2055
#29 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe4d24,
x=0x44c11598, true_target=0xbebe2570, false_target=0xbebe2558,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#30 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe4d24,
expr=0x44c11598) at v8/src/arm/codegen-arm.cc:540
#31 0x4246dee0 in v8::internal::CodeGenerator::EmitSlotAssignment (
this=0xbebe4d24, node=0x44c11680) at v8/src/arm/codegen-arm.cc:3502
#32 0x4246f048 in v8::internal::CodeGenerator::VisitAssignment (
this=0xbebe4d24, node=0x44c11680) at v8/src/arm/codegen-arm.cc:3772
#33 0x424e80cc in v8::internal::Assignment::Accept (this=0x44c11680,
v=0xbebe4d24) at v8/src/ast.cc:54
#34 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe4d24,
node=0x44c11680) at v8/src/ast.h:2055
#35 0x42460260 in v8::internal::CodeGenerator::LoadCondition
(this=0xbebe4d24,
x=0x44c11680, true_target=0xbebe26f0, false_target=0xbebe26d8,
force_cc=false) at v8/src/arm/codegen-arm.cc:505
#36 0x42460504 in v8::internal::CodeGenerator::Load (this=0xbebe4d24,
expr=0x44c11680) at v8/src/arm/codegen-arm.cc:540
#37 0x42465ec0 in v8::internal::CodeGenerator::VisitExpressionStatement (
this=0xbebe4d24, node=0x44c115e0) at v8/src/arm/codegen-arm.cc:1782
#38 0x424e7b1c in v8::internal::ExpressionStatement::Accept
(this=0x44c115e0,
v=0xbebe4d24) at v8/src/ast.cc:54
#39 0x42293994 in v8::internal::AstVisitor::Visit (this=0xbebe4d24,
node=0x44c115e0) at v8/src/ast.h:2055
#40 0x424654e8 in v8::internal::CodeGenerator::VisitStatements (
this=0xbebe4d24, statements=0x2742774) at v8/src/arm/codegen-arm.cc:1673
#41 0x4245f898 in v8::internal::CodeGenerator::Generate (this=0xbebe4d24,
info=0xbebe4ef4) at v8/src/arm/codegen-arm.cc:347
#42 0x424f6b74 in v8::internal::CodeGenerator::MakeCode (info=0xbebe4ef4)
at v8/src/codegen.cc:215
#43 0x42284824 in MakeCode (context=..., info=0xbebe4ef4)
at v8/src/compiler.cc:153
#44 0x42284cb4 in MakeFunctionInfo (is_global=false, is_eval=true,
validate=v8::internal::Compiler::DONT_VALIDATE_JSON, script=...,
context=..., extension=0x0, pre_data=0x0) at v8/src/compiler.cc:233
#45 0x422854d0 in v8::internal::Compiler::CompileEval (source=...,
context=..., is_global=false,
validate=v8::internal::Compiler::DONT_VALIDATE_JSON)
at v8/src/compiler.cc:386
#46 0x423b1dc4 in CompileGlobalEval (source=..., receiver=...)
at v8/src/runtime.cc:7475
#47 0x423b2670 in Runtime_ResolvePossiblyDirectEvalNoLookup (args=...)
at v8/src/runtime.cc:7570
It sounds like it's trying to grow the stack by 40 elements, but the assert
becomes invalid after 32 (1u<<count becomes 0).
Compiling in Release, nothing bad seems to be happening.
I dumped the source code found in frame 46 and attached it. It's a dump of
all the o3djs namespace.
Attachments:
v8-bug.js 107 KB
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
