Status: New
Owner: ----
New issue 884 by emit.sorrels: shell sample Infinite loop in
JSObject::LookupCallbackSetterInPrototypes
http://code.google.com/p/v8/issues/detail?id=884
x64 Linux release mode, but not in debug mode.
I'm not sure if this is a gcc bug or v8 bug because this only happens when
I compile under release mode, g++ 4.5.1 (arch linux box).
Works fine both release&debug w/ g++ 4.4.5 (debian box).
Both machines use x64 kernels/libs.
fresh checkout as of now:
svn co http://v8.googlecode.com/svn/trunk v8
scons sample=shell arch=x64 mode=release
./shell
(infinite loop)
gdb shell
^C
(gdb) bt
<snip>
#7 0x000000000049c533 in
v8::internal::JSObject::LookupCallbackSetterInPrototypes(v8::internal::String*,
v8::internal::LookupResult*) ()
#8 0x00000000004a39af in
v8::internal::JSObject::SetProperty(v8::internal::LookupResult*,
v8::internal::String*, v8::internal::Object*, PropertyAttributes) ()
#9 0x00000000004a3d09 in
v8::internal::JSObject::SetProperty(v8::internal::String*,
v8::internal::Object*, PropertyAttributes) ()
#10 0x000000000044f9de in
v8::internal::SetProperty(v8::internal::Handle<v8::internal::JSObject>,
v8::internal::Handle<v8::internal::String>,
v8::internal::Handle<v8::internal::Object>, PropertyAttributes) ()
#11 0x0000000000442446 in
v8::internal::Factory::NewFunctionWithPrototype(v8::internal::Handle<v8::internal::String>,
v8::internal::InstanceType, int,
v8::internal::Handle<v8::internal::JSObject>,
v8::internal::Handle<v8::internal::Code>, bool) ()
#12 0x000000000041670c in
v8::internal::InstallFunction(v8::internal::Handle<v8::internal::JSObject>,
char const*, v8::internal::InstanceType, int,
v8::internal::Handle<v8::internal::JSObject>, v8::internal::Builtins::Name,
bool) ()
#13 0x00000000004182ef in
v8::internal::Genesis::InitializeGlobal(v8::internal::Handle<v8::internal::GlobalObject>,
v8::internal::Handle<v8::internal::JSFunction>) ()
#14 0x000000000041de5d in
v8::internal::Genesis::Genesis(v8::internal::Handle<v8::internal::Object>,
v8::Handle<v8::ObjectTemplate>, v8::ExtensionConfiguration*) ()
#15 0x000000000041dfeb in
v8::internal::Bootstrapper::CreateEnvironment(v8::internal::Handle<v8::internal::Object>,
v8::Handle<v8::ObjectTemplate>, v8::ExtensionConfiguration*) ()
#16 0x0000000000411372 in v8::Context::New(v8::ExtensionConfiguration*,
v8::Handle<v8::ObjectTemplate>, v8::Handle<v8::Value>) ()
#17 0x0000000000403692 in RunMain(int, char**) ()
#18 0x0000000000403896 in main ()
-----
the pt != Heap::null_value() condition in the for loop is never satisfied
so it goes on forever.
checking the value of pt->GetPrototype(), it is the same as pt...
doing some additional traces, the correctly working shell (i.e. "shell_g")
goes through this method with name parameters
("constructor", "constructor", "Object", "constructor", "Function", "constructor", "Array", "Number",
etc) before presenting the repl.
the nonfunctional shell goes into the infinite loop on "constructor",
between "Object", "constructor" and "Function" (never gets to "Function").
If anyone has suggestions on how to track down the bug, please let me know
and I will investigate further... it may just be my "bleeding edge" libs
uninitializing and/or corrupting memory, but in any case there seems to be
a bug of some sort somewhere.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
