Status: New
Owner: ----
New issue 2366 by [email protected]: Intermittent crash inside v8
http://code.google.com/p/v8/issues/detail?id=2366
Hello, I'm new to the Google v8 project, so please tell me if I need to
send you more information.
I've built a small test application to test out an embedded v8 engine
inside a threaded application. I'm using isolates etc. as documented, and
usually it does work. However, in some rare cases I get a crash within the
v8 engine (maybe one time in 20 tries). Basically the application executes
64 threads, and inside each thread I execute the same script. The source
for the test application is available if needed.
My build environment is Visual Studio 2010 (project files generated from
GYP), and right now I'm running it in 64-bit debug mode on a Windows 7
machine. I'm using git HEAD, and right now it's on commit
79e842d59ab02a9fea737cb8bb0ca0631276ecc1. I'm not really sure if this is
supposed to be "stable" though, or if this is the bleeding edge code?
The crash seems to occur more frequently when I run it outside the
debugger, so it seems to me there might be some kind of race condition.
The stack trace reported in the console window is this;
==== Stack trace ============================================
Security context: 00000000F6106F21 <JS Object>#0#
1: /* anonymous */ [native runtime.js:44] (this=00000000F6107FC9 <JS
Object>#1#)
==== Details ================================================
[1]: /* anonymous */ [native runtime.js:44] (this=00000000F6107FC9 <JS
Object>#1#) {
// stack-allocated locals
var .result = 00000000F6104121 <undefined>
// expression stack (top to bottom)
[03] : 00000000F6106AD1 <JS Function Object>#2#
[02] : 000000002340A2E9 <Number: -0>
[01] : 000000002340A2C9 <String[7]: $Object>
--------- s o u r c e c o d e ---------
???????????????????????????????????????????var $Object=global.Object;?var
$Array=global.Array;?var $String=glo
bal.String;?var $Number=global.Number;?var $Function=global.Function;?var
$Boolean=global.Boolean;?var $NaN=%G
etRootNaN();?var builtins=this;???function
EQUALS(a){?if((typeof(this)==='string...
-----------------------------------------
}
==== Key ============================================
#0# 00000000F6106F21: 00000000F6106F21 <JS Object>
#1# 00000000F6107FC9: 00000000F6107FC9 <JS Object>
#2# 00000000F6106AD1: 00000000F6106AD1 <JS Function Object>
=====================
The call stack inside VS2010 debugger is this;
v8_test.exe!v8::internal::OS::DebugBreak() Line 974 C++
v8_test.exe!v8::internal::OS::Abort() Line 965 C++
v8_test.exe!V8_Fatal(const char * file, int line, const char *
format, ...) Line 59 C++
v8_test.exe!v8::internal::String::cast(v8::internal::Object * object)
Line 2304 + 0x39 bytes C++
v8_test.exe!v8::internal::Isolate::DoThrow(v8::internal::Object *
exception, v8::internal::MessageLocation * location) Line 1166 + 0x3d
bytes C++
v8_test.exe!v8::internal::Isolate::Throw(v8::internal::Object *
exception, v8::internal::MessageLocation * location) Line 947 C++
v8_test.exe!v8::internal::Isolate::ThrowIllegalOperation() Line 968
C++
v8_test.exe!v8::internal::Runtime_InitializeVarGlobal(v8::internal::Arguments
args, v8::internal::Isolate * isolate) Line 1561 + 0x2e bytes C++
000000000a00636c()
000000000346e790()
00000000036d8150()
0000000000000002()
000000000346e7c0()
0000000000000003()
000000000346e7d0()
000000000a0062c1()
000000000346e770()
000000000346e7f0()
000000000a0144f9()
00000000f6106ad1()
0000000088e0a2e9()
0000000088e0a2c9()
00000000f6104121()
00000000f610a981()
00000000d6f1cbc9()
000000000346e828()
000000000a00d80d()
00000000f6107fc9()
00000000f610a981()
000000000a00d741()
0000000600000000()
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
