Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-High HW-x64 NewGC
New issue 1817 by [email protected]: Crashes in Mozilla test case
js1_5/Regress/regress-360969-05
http://code.google.com/p/v8/issues/detail?id=1817
Since one my recent splay-improvements on x64 (i.e. r9922) one of the
Mozilla regressions tests which stresses the GC crashes. It is slightly
flaky but with three to four runs I can reproduce it.
(gdb) bt
#0 0x00007ffff70c2a75 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff70c65c0 in abort () at abort.c:92
#2 0x0000000000768b4d in v8::internal::OS::Abort ()
at ../src/platform-linux.cc:391
#3 0x0000000000458694 in V8_Fatal (file=0x7a8947 "../src/heap-inl.h",
line=274, format=0x7a85a8 "CHECK(%s) failed")
at ../src/checks.cc:58
#4 0x00000000004038ba in CheckHelper (file=0x7a8947 "../src/heap-inl.h",
line=274,
source=0x7a8910 "!result || gc_state_ != NOT_IN_GC ||
InToSpace(object)", condition=false) at ../src/checks.h:60
#5 0x0000000000409b81 in v8::internal::Heap::InNewSpace (this=0xbeb248,
object=0xad1f2fdb611) at ../src/heap-inl.h:272
#6 0x0000000000681fa6 in
v8::internal::StoreBuffer::FindPointersToNewSpaceInRegion (this=0xbebc00,
start=0x282763004100 "\021D\260\070a\032",
end=0x2827630ffff0 "\211B\260\070a\032",
slot_callback=0x681d04
<v8::internal::DummyScavengePointer(v8::internal::HeapObject**,
v8::internal::HeapObject*)>)
at ../src/store-buffer.cc:416
#7 0x000000000068243e in
v8::internal::StoreBuffer::FindPointersToNewSpaceOnPage (this=0xbebc00,
space=0xc0efa0,
page=0x282763000000, region_callback=
(void (v8::internal::StoreBuffer::*)(v8::internal::StoreBuffer *,
v8::internal::Address, v8::internal::Address,
v8::internal::ObjectSlotCallback)) 0x681f60
<v8::internal::StoreBuffer::FindPointersToNewSpaceInRegion(v8::internal::Address,
v8::internal::Address, v8::internal::ObjectSlotCallback)>,
slot_callback=0x681d04
<v8::internal::DummyScavengePointer(v8::internal::HeapObject**,
v8::internal::HeapObject*)>)
at ../src/store-buffer.cc:519
#8 0x0000000000681d86 in v8::internal::StoreBuffer::VerifyPointers
(this=0xbebc00, space=0xc0efa0, region_callback=
(void (v8::internal::StoreBuffer::*)(v8::internal::StoreBuffer *,
v8::internal::Address, v8::internal::Address,
v8::internal::ObjectSlotCallback)) 0x681f60
<v8::internal::StoreBuffer::FindPointersToNewSpaceInRegion(v8::internal::Address,
v8::internal::Address, v8::internal::ObjectSlotCallback)>)
at ../src/store-buffer.cc:365
#9 0x0000000000681ed0 in v8::internal::StoreBuffer::Verify (this=0xbebc00)
at ../src/store-buffer.cc:394
#10 0x0000000000681f5d in v8::internal::StoreBuffer::GCEpilogue
(this=0xbebc00) at ../src/store-buffer.cc:405
#11 0x00000000004b75bf in v8::internal::Heap::GarbageCollectionEpilogue
(this=0xbeb248) at ../src/heap.cc:395
#12 0x00000000004b7a73 in v8::internal::Heap::CollectGarbage
(this=0xbeb248, space=v8::internal::NEW_SPACE,
collector=v8::internal::SCAVENGER) at ../src/heap.cc:512
#13 0x0000000000492de3 in v8::internal::Heap::CollectGarbage
(this=0xbeb248, space=v8::internal::NEW_SPACE)
at ../src/heap-inl.h:416
#14 0x000000000077f3da in v8::internal::CompilationCacheEval::TablePut
(this=0xbf7708, source=..., context=...,
function_info=...) at ../src/compilation-cache.cc:296
#15 0x000000000077f624 in v8::internal::CompilationCacheEval::Put
(this=0xbf7708, source=..., context=...,
function_info=...) at ../src/compilation-cache.cc:306
#16 0x000000000077fe79 in v8::internal::CompilationCache::PutEval
(this=0xbf76c0, source=..., context=...,
is_global=false, function_info=...) at ../src/compilation-cache.cc:439
#17 0x000000000045aebf in v8::internal::Compiler::CompileEval (source=...,
context=..., is_global=false,
strict_mode=v8::internal::kNonStrictMode) at ../src/compiler.cc:570
#18 0x0000000000610592 in v8::internal::CompileGlobalEval
(isolate=0xbeb1a0, source=..., receiver=...,
strict_mode=v8::internal::kNonStrictMode) at ../src/runtime.cc:9509
#19 0x00000000006108a8 in v8::internal::Runtime_ResolvePossiblyDirectEval
(args=..., isolate=0xbeb1a0)
at ../src/runtime.cc:9538
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
