Status: New
Owner: ----
New issue 3332 by [email protected]: Array out-of-bounds fails on second run
(deoptimizer)
http://code.google.com/p/v8/issues/detail?id=3332
To reproduce:
1. Build v8 trunk (I was working off git commit
64c43805a83091683d9c7e474367f5723f29d56c) in x86, Debug mode (though I have
also seen it reproduce in x64 and Release) using Visual Studio 2012 Update
4.
2. Replace the contents of samples/shell.cc with the attached file (30
lines, boiled down from a more complicated example).
3. Run shell.exe in the debugger.
4. You get an Unhandled exception at 0x74DACB49 in shell.exe: 0xC0000005:
Access violation executing location 0x00000000, with the stack trace
(below).
It occurs the second time a compiled script is run. Is there something
wrong with running a compiled script twice?
00000000()
[Frames below may be incorrect and/or missing]
v8.dll!v8::internal::OS::Abort() Line 848
v8.dll!V8_Fatal(const char * file=0x0ff48988, int line=1561, const char *
format=0x0ff48974, ...) Line 89
v8.dll!v8::internal::Deoptimizer::DoComputeCompiledStubFrame(v8::internal::TranslationIterator
* iterator=0x0033fb50, int frame_index=0) Line 1561
v8.dll!v8::internal::Deoptimizer::DoComputeOutputFrames() Line 817
v8.dll!v8::internal::Deoptimizer::ComputeOutputFrames(v8::internal::Deoptimizer
* deoptimizer=0x007c5500) Line 500
0500a391()
007c5500()
3cc42875()
3cc2202a()
v8.dll!v8::internal::Invoke(bool is_construct=false,
v8::internal::Handle<v8::internal::JSFunction> function={...},
v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0,
v8::internal::Handle<v8::internal::Object> * args=0x00000000) Line 94
v8.dll!v8::internal::Execution::Call(v8::internal::Isolate *
isolate=0x00792198, v8::internal::Handle<v8::internal::Object>
callable={...}, v8::internal::Handle<v8::internal::Object> receiver={...},
int argc=0, v8::internal::Handle<v8::internal::Object> * argv=0x00000000,
bool convert_receiver=false) Line 149
v8.dll!v8::Script::Run() Line 1634
shell.exe!main(int argc=1, char * * argv=0x00792108) Line 25
shell.exe!__tmainCRTStartup() Line 536
shell.exe!mainCRTStartup() Line 377
kernel32.dll!@BaseThreadInitThunk@12()
ntdll.dll!___RtlUserThreadStart@8()
ntdll.dll!__RtlUserThreadStart@8()
Attachments:
crash.cc 817 bytes
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
