Hi, we (Microsoft VS Code team) are tracking down a very weird native crash in our use of node.js (5.10.0, V8 46) that only ever shows up since we updated from node.js 4.x (V8 45). It seems that changes (around the Garbace Collector?) in V8 46 have an impact to the crash.
Specifically, we are using the node-weak module ( https://github.com/TooTallNate/node-weak) to be able to get weak references onto JavaScript objects. This used to work relatively good in node.js 4.x, but with node.js 5.x we suddenly get the entire node.js program to terminate with a fatal crash. Today we were finally able to track the location of where the crash originates and it seems to happen when our application simply calls into a property of the object that is weakly referenced. This call at one point reaches the following assertion: void Object::VerifyApiCallResultType() { #if DEBUG if (!(IsSmi() || IsString() || IsSymbol() || IsSpecObject() || IsHeapNumber() || IsSimd128Value() || IsUndefined() || IsTrue() || IsFalse() || IsNull())) { *FATAL*("API call returned invalid object"); } #endif // DEBUG } The process terminates from the FATAL call, as none of the previous checks in this method hold. Now, the interesting question is: How would it be possible to have a JS object where calling properties on it would fail in such a fatal way? It seems to us that the object we are calling a property on is a pointer to a location in memory where no V8 object exists anymore. It almost seems that the object was garbage collected (or moved to another address?) without the JS side (or more specifically the node-weak side) getting to know. Since this only reproduces with using node-weak, it seems very likely that there is an issue with either node-weak or NAN. In fact, node-weak is calling into SetWeak() (https://github.com/TooTallNate/node-weak/blob/master/src/weakref.cc#L174) and relies on the fact that the callback passed in is triggered and maybe this callback is not triggered anymore in a sync fashion but rather async? I would appreciate some pointers if there is something that could have probably changed in V8 46 that could have an impact on this. Thanks! Ben -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
