Status: New
Owner: ----
New issue 1044 by [email protected]: Crash in V8 bleeding_edge@3784 on
Android Gingerbread
http://code.google.com/p/v8/issues/detail?id=1044
The Android 'monkey' tool was able to trigger a crash in V8 in Gingerbread.
I do not have exact repro steps but the stack trace looks like:
pid: 1215, tid: 1228 >>> com.android.browser <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 44de2980
r0 44de2978 r1 472120a9 r2 83cb4298 r3 83cb4298
r4 83cb3848 r5 0041ae4c r6 0041ae48 r7 0041ae50
r8 00000000 r9 00000000 10 44de2979 fp 83abe935
ip fffff674 sp 4499f950 lr fffff674 pc 83b08764
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> v8::internal::AccessorInfo::set_setter
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/objects-inl.h:2268
00308764 v8::Value>, v8::AccessControl, v8::PropertyAttribute)+96
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/objects-inl.h:2268
v------> v8::ObjectTemplate::SetAccessor
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/api.cc:964
003088f2 v8::Value>, v8::AccessControl, v8::PropertyAttribute)+94
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/api.cc:964
v------> WebCore::configureAttribute
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Proxy.h:94
001c264e v8::ObjectTemplate>, WebCore::BatchedAttribute const&)+66
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Proxy.h:94
v------> WebCore::batchConfigureAttributes
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Proxy.cpp:94
001c2670 v8::ObjectTemplate>, WebCore::BatchedAttribute const*, unsigned
int)+24
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Proxy.cpp:94
v------> WebCore::configureTemplate
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Binding.cpp:456
001bd8d4 v8::FunctionTemplate>, int, WebCore::BatchedAttribute const*,
unsigned int, WebCore::BatchedCallback const*, unsigned int)+72
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Binding.cpp:456
v------> WebCore::ConfigureV8ScreenTemplate
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8Screen.cpp:173
00298846 v8::FunctionTemplate>)+34
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8Screen.cpp:173
00299986 WebCore::V8Screen::GetTemplate()+30
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8Screen.cpp:187
001c00fe
WebCore::V8ClassIndex::getTemplate(WebCore::V8ClassIndex::V8WrapperType)+1270
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8Index.cpp:480
v------> WebCore::V8DOMWrapper::getConstructor
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8DOMWrapper.cpp:181
001becf2 v8::Value>)+6
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8DOMWrapper.cpp:181
001be74a
WebCore::V8DOMWindowShell::createWrapperFromCacheSlowCase(WebCore::V8ClassIndex::V8WrapperType)+34
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8DOMWindowShell.cpp:557
v------> WebCore::V8DOMWindowShell::createWrapperFromCache
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8DOMWindowShell.h:85
001bec38 WebCore::V8DOMWrapper::instantiateV8Object(WebCore::V8Proxy*,
WebCore::V8ClassIndex::V8WrapperType, void*)+80
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/V8DOMWindowShell.h:85
00296ce2 WebCore::V8Screen::wrap(WebCore::Screen*)+26
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8Screen.cpp:206
002c836a WebCore::toV8(WebCore::Screen*)+30
/usr/local/google/buildbot/repo_clients/goog/external/webkit/WebCore/bindings/v8/custom/V8ScreenCustom.cpp:45
v------> WebCore::DOMWindowInternal::screenAttrGetter
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8DOMWindow.cpp:66
002b30ea v8::String>, v8::AccessorInfo const&)+14
/buildbot/out_dirs/git_gingerbread-release/target/product/passion/obj/STATIC_LIBRARIES/libwebcore_intermediates/WebCore/bindings/V8DOMWindow.cpp:66
0032f246
v8::internal::Object::GetPropertyWithCallback(v8::internal::Object*,
v8::internal::Object*, v8::internal::String*, v8::internal::Object*)+198
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/objects.cc:173
003342fc v8::internal::Object::GetProperty(v8::internal::Object*,
v8::internal::LookupResult*, v8::internal::String*,
PropertyAttributes*)+256
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/objects.cc:501
v------> v8::internal::LoadIC::Load
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/ic.cc:696
0038b8d0 v8::internal::String>)+852
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/ic.cc:696
0038b928 v8::internal::LoadIC_Miss(v8::internal::Arguments)+44
/usr/local/google/buildbot/repo_clients/goog/external/v8/src/ic.cc:1313
Is this a known issue and what are the chances of this being fixed in newer
versions of V8?
Thanks,
Andrei
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
