[v8-dev] Issue 1202 in v8: crash CHECK(begin_pos - pos_ == RelocInfo::kRelocCommentSize) failed

[codesite-noreply]

Status: New
Owner: ----

New issue 1202 by jam...@chromium.org: crash CHECK(begin_pos - pos_ ==  
RelocInfo::kRelocCommentSize) failed
http://code.google.com/p/v8/issues/detail?id=1202
This page has recently started crashing in debug builds:
http://trac.webkit.org/export/79602/trunk/LayoutTests/fast/js/function-call-aliased.html

The full output from a linux debug build running inside the DumpRenderTree  
harness is:

#
# Fatal error in v8/src/assembler.cc, line 255
# CHECK(begin_pos - pos_ == RelocInfo::kRelocCommentSize) failed
#


==== Stack trace ============================================

Security context: 0x43da1081 <String[7]: file://>
    2: /* anonymous */ [0x43d9204d <undefined>:1] (this=0x43d88b71 <JS  
Global Object>#0#)
    3: arguments adaptor frame: 1->0
    4: shouldBe  
[file:///mnt/data/b/build/slave/Webkit_Linux__dbg__1_/build/src/third_party/WebKit/LayoutTests/fast/js/resources/js-test-pre.js:104]  
(this=0x43d88b71 <JS Global Object>#0#,_a=0x482f14c9 <String[40]:  
myFunction.aliasedCall(myObject, 'arg1')>,_b=0x482eb7f5 <String[32]:  
[myObject, "myFunction", "arg1"]>)
    5: /* anonymous */  
[file:///mnt/data/b/build/slave/Webkit_Linux__dbg__1_/build/src/third_party/WebKit/LayoutTests/fast/js/script-tests/function-call-aliased.js:17]  
(this=0x43d88b71 <JS Global Object>#0#)

==== Details ================================================

[2]: /* anonymous */ [0x43d9204d <undefined>:1] (this=0x43d88b71 <JS Global  
Object>#0#) {
  // stack-allocated locals
  var .result = 0x43d9204d <undefined>
  // expression stack (top to bottom)
  [02] : 0x482eb629 <String[4]: arg1>
  [01] : 0x42fbf295 <an Object>>#1#
--------- s o u r c e   c o d e ---------
myFunction.aliasedCall(myObject, 'arg1')
-----------------------------------------
}

[3]: arguments adaptor frame: 1->0 {
  // actual arguments
  [00] : 0x482f14c9 <String[40]: myFunction.aliasedCall(myObject, 'arg1')>   
// not passed to callee
}

[4]: shouldBe  
[file:///mnt/data/b/build/slave/Webkit_Linux__dbg__1_/build/src/third_party/WebKit/LayoutTests/fast/js/resources/js-test-pre.js:104]  
(this=0x43d88b71 <JS Global Object>#0#,_a=0x482f14c9 <String[40]:  
myFunction.aliasedCall(myObject, 'arg1')>,_b=0x482eb7f5 <String[32]:  
[myObject, "myFunction", "arg1"]>) {
  // stack-allocated locals
  var .catch-var = 0x43d9204d <undefined>
  // heap-allocated locals
  var .arguments = 0x42fc1d05 <an Arguments>>#2#
  var _av = 0x43d9204d <undefined>
  var exception = 0x43d9204d <undefined>
  var arguments = 0x42fc1d05 <an Arguments>>#2#
  var _bv = 0x43d9204d <undefined>
  // expression stack (top to bottom)
  [05] : 0x42fc1d4d <JS Function>#3#
--------- s o u r c e   c o d e ---------
function shouldBe(_a, _b)?{?  if (typeof _a != "string" || typeof  
_b != "string")?    debug("WARN: shouldBe() expects string arguments");?   
var exception;?  var _av;?  try {?     _av = eval(_a);?  } catch (e) {?      
exception = e;?  }?  var _bv = eval(_b);??  if (exception)?     
testFailed(_a + " should be " + _bv + ...

-----------------------------------------
}

[5]: /* anonymous */  
[file:///mnt/data/b/build/slave/Webkit_Linux__dbg__1_/build/src/third_party/WebKit/LayoutTests/fast/js/script-tests/function-call-aliased.js:17]  
(this=0x43d88b71 <JS Global Object>#0#) {
  // stack-allocated locals
  var .result = 0x43d9204d <undefined>
--------- s o u r c e   c o d e ---------
description(?"This tests that we can correctly call  
Function.prototype.call"?);??var myObject = { call: function() { return  
[myObject, "myObject.call"] } };?var myFunction = function (arg1) { return  
[this, "myFunction", arg1] };?var myFunctionWithCall = function (arg1) {  
return [this, "myFunctionWit...

-----------------------------------------
}

==== Key         ============================================

 #0# 0x43d88b71: 0x43d88b71 <JS Global Object>
 #1# 0x42fbf295: 0x42fbf295 <an Object>>
              call: 0x44498d11 <JS Function>#4#
 #2# 0x42fc1d05: 0x42fc1d05 <an Arguments>>
            callee: 0x444975e1 <JS Function shouldBe>#5#
            length: 2
 #3# 0x42fc1d4d: 0x42fc1d4d <JS Function>
 #4# 0x44498d11: 0x44498d11 <JS Function>
 #5# 0x444975e1: 0x444975e1 <JS Function shouldBe>
=====================

[6915:6915:3095275193476:ERROR:process_util_posix.cc(107)] Received signal 6
        base::debug::StackTrace::StackTrace() [0x84aa4f8]
        base::(anonymous namespace)::StackDumpSignalHandler() [0x8479342]
        0x4001c420
        0x40c88a01
        v8::internal::OS::Abort() [0x88361ab]
        V8_Fatal [0x858fbf6]
        CheckHelper() [0x883aea0]
        v8::internal::RelocInfoWriter::Write() [0x883b780]
        v8::internal::Assembler::RecordRelocInfo() [0x876068f]
        v8::internal::Assembler::RecordComment() [0x876103d]
        v8::internal::LCodeGen::GenerateRelocPadding() [0x87f134c]
        v8::internal::LCodeGen::GenerateCode() [0x87f8867]
        v8::internal::HGraph::Compile() [0x85fe824]
        v8::internal::MakeCrankshaftCode() [0x8593770]
        v8::internal::MakeCode() [0x8593bf8]
        v8::internal::Compiler::CompileLazy() [0x8593e16]
        v8::internal::CompileLazyHelper() [0x85cd5e6]
        v8::internal::CompileOptimized() [0x85cd667]
        v8::internal::Runtime_LazyRecompile() [0x870580a]
        0x43db22ae
        0x43dc11bc
        0x442160f0
        0x43db3c9f
        0x443a956a
        0x44214765
        0x43dc1119
        0x43db5f22
        v8::internal::Invoke() [0x85af6b4]
        v8::internal::Execution::Call() [0x85afcaf]
        v8::Script::Run() [0x856f682]
        WebCore::V8Proxy::runScript() [0x8a135d3]
        WebCore::V8Proxy::evaluate() [0x8a13980]
        WebCore::ScriptController::evaluate() [0x89ebf4e]
        WebCore::ScriptElement::executeScript() [0x8b4e410]
	WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent()  
[0x824753e]
        WebCore::HTMLScriptRunner::executeParsingBlockingScript() [0x8247921]
        WebCore::HTMLScriptRunner::executeParsingBlockingScripts() [0x8247965]
        WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad() [0x8247c06]
        WebCore::HTMLDocumentParser::notifyFinished() [0x8241e5b]
        WebCore::CachedScript::checkNotify() [0x8c6d13b]
        WebCore::CachedScript::data() [0x8c6d268]
        WebCore::CachedResourceRequest::didFinishLoading() [0x8c6c22f]
        WebCore::SubresourceLoader::didFinishLoading() [0x8ca42dd]
        WebCore::ResourceLoader::didFinishLoading() [0x8c9aea3]
        WebCore::ResourceHandleInternal::didFinishLoading() [0x9166f2a]
        webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x910ffd9]
        (anonymous namespace)::RequestProxy::NotifyCompletedRequest() 
[0x9153c89]
        DispatchToMethod<>() [0x9154123]
        RunnableMethod<>::Run() [0x915415e]
        MessageLoop::RunTask() [0x8459a41]
        MessageLoop::DeferOrRunPendingTask() [0x8459bc9]
        MessageLoop::DoWork() [0x845a433]
        base::MessagePumpForUI::RunWithDispatcher() [0x84a1d56]
        base::MessagePumpForUI::Run() [0x84a1713]
        MessageLoop::RunInternal() [0x845a770]
        MessageLoop::RunHandler() [0x845a78b]
        MessageLoop::Run() [0x845a82f]
        webkit_support::RunMessageLoop() [0x81a7af7]
        TestShell::waitTestFinished() [0x80900ff]
        TestShell::runFileTest() [0x808c208]
        runTest() [0x80680d8]
        main [0x80688f4]

The failure appears intermittent, but the crash appears to be new and the  
most recent V8 update on this configuration was from r6812 to r6926.

--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev