Hi, I've looked into this and the issue here is that the purpose of `d8 --enable-inspector` is really only for internal testing. The way d8 sets up the inspector internally is convenient for testing but doesn't work for "reportProgress: true". What's happening here is that the heap snapshot generator iterates objects in the V8 heap and reports the status/progress during this potentially time-consuming operation (the progress bar you see in DevTools). In d8 sending a message (here the progress update) to the inspector involves allocating a V8 heap object AND invoking a JS function. And all of this is supposed to happen in the exact same V8 heap which the heap snapshot generator currently iterates object-by-object to generate the heap snapshot. For DevTools this is not an issue because the message is kept in native memory and the message is then processed by the inspector client in a different process/isolate/V8 heap.
I guess the best fix depends on what you are trying to achieve. If all you want to get is a snapshot, you can remove "reportProgress: true". Or alternatively you can use e.g. %TakeHeapSnapshot, which may be easier. If you want to implement full debugging support though, you likely don't want to reuse the code from d8. Hope that helps, Dominik On Monday, January 8, 2024 at 11:49:37 AM UTC+1 Clemens Backes wrote: > I uploaded this to Clusterfuzz, which resulted in > https://crbug.com/1515833. > > On Wed, Dec 13, 2023 at 2:24 PM 苏世睿 <[email protected]> wrote: > >> Hi! Is there any progress on this? >> Or am I currently performing a non-standard operation? >> >> 苏世睿 <[email protected]> 于2023年12月4日周一 12:49写道: >> >>> I just found a simply way to reproduce this: >>> Firstly, build d8 with the following args.gn: >>> >>> is_debug = true >>> >>> symbol_level=2 >>> >>> target_cpu = "x64" >>> >>> v8_target_cpu = "x64" >>> >>> >>> Then, Create a file named inspector-demo.js: >>> >>> // inspector-demo.js >>> >>> // Receiver function called by d8. >>> >>> function receive(message) { >>> >>> print(message) >>> >>> } >>> >>> >>> const msg = JSON.stringify({ >>> >>> id: 0, >>> >>> method: 'HeapProfiler.takeHeapSnapshot', >>> >>> params: { >>> >>> reportProgress: true, >>> >>> captureNumericValue: false, >>> >>> exposeInternals: false} >>> >>> }); >>> >>> >>> // Call the function provided by d8. >>> >>> send(msg); >>> >>> >>> finally,Run this file by executing 'd8 --enable-inspector >>> inspector-demo.js'. >>> 在2023年12月1日星期五 UTC+8 16:46:30<[email protected]> 写道: >>> >>>> Hi! >>>> >>>> Please file a bug for this with information on how to reproduce this on >>>> tip-of-tree. Thanks! >>>> >>>> On Wednesday, November 29, 2023 at 9:25:36 AM UTC+1 [email protected] >>>> wrote: >>>> >>>>> Hi all, >>>>> I have compiled a debug version of the V8 dynamic library for an >>>>> Android project. However, a crash has occurred while performing a Heap >>>>> Snapshot. The details of the issue, including the crash stack, are as >>>>> follows: >>>>> >>>>> >>>>> # Fatal error in ../src/heap/heap-inl.h, >>>>> line >>>>> 251 >>>>> >>>>> >>>>> # Debug check failed: >>>>> AllowHeapAllocation::IsAllowed(). >>>>> >>>>> >>>>> #FailureMessage Object: 0x6fd5268d80 >>>>> >>>>> V8_Fatal(char const*, int, char const*, ...) logging.cc:203 >>>>> v8::base::(anonymous namespace)::DefaultDcheckHandler(char const*, >>>>> int, char const*) logging.cc:64 >>>>> v8::internal::AllocationResult >>>>> v8::internal::HeapAllocator::AllocateRaw<(v8::internal::AllocationType)0>(int, >>>>> >>>>> v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) >>>>> heap-allocator-inl.h:66 >>>>> v8::internal::HeapObject >>>>> v8::internal::HeapAllocator::AllocateRawWith<(v8::internal::HeapAllocator::AllocationRetryMode)1>(int, >>>>> >>>>> v8::internal::AllocationType, v8::internal::AllocationOrigin, >>>>> v8::internal::AllocationAlignment) heap-allocator-inl.h:221 >>>>> v8::internal::Factory::AllocateRaw(int, v8::internal::AllocationType, >>>>> v8::internal::AllocationAlignment) factory.cc:344 >>>>> v8::internal::FactoryBase<v8::internal::Factory>::AllocateRaw(int, >>>>> v8::internal::AllocationType, v8::internal::AllocationAlignment) >>>>> factory-base.cc:1140 >>>>> v8::internal::FactoryBase<v8::internal::Factory>::AllocateRawWithImmortalMap(int, >>>>> >>>>> v8::internal::AllocationType, v8::internal::Map, >>>>> v8::internal::AllocationAlignment) factory-base.cc:1131 >>>>> v8::internal::MaybeHandle<v8::internal::SeqOneByteString> >>>>> v8::internal::FactoryBase<v8::internal::Factory>::NewRawStringWithMap<v8::internal::SeqOneByteString>(int, >>>>> >>>>> v8::internal::Map, v8::internal::AllocationType) factory-base.cc:675 >>>>> v8::internal::FactoryBase<v8::internal::Factory>::NewRawOneByteString(int, >>>>> >>>>> v8::internal::AllocationType) factory-base.cc:687 >>>>> v8::internal::Factory::NewStringFromTwoByte(unsigned short const*, >>>>> int, v8::internal::AllocationType) factory.cc:931 >>>>> v8::(anonymous namespace)::NewString(v8::internal::Factory*, >>>>> v8::NewStringType, v8::base::Vector<unsigned short const>) api.cc:7147 >>>>> v8::String::NewFromTwoByte(v8::Isolate*, unsigned short const*, >>>>> v8::NewStringType, int) api.cc:7204 >>>>> convertToString(v8::Global<v8::Context> const&, v8::Isolate*, >>>>> v8_inspector::StringView) v8inspector_channel.cpp:32 >>>>> V8InspectorChannelImpl::sendNotification(std::__ndk1::unique_ptr<v8_inspector::StringBuffer, >>>>> >>>>> std::__ndk1::default_delete<v8_inspector::StringBuffer>>) >>>>> v8inspector_channel.cpp:54 >>>>> v8_inspector::V8InspectorSessionImpl::SendProtocolNotification(std::__ndk1::unique_ptr<v8_crdtp::Serializable, >>>>> >>>>> std::__ndk1::default_delete<v8_crdtp::Serializable>>) >>>>> v8-inspector-session-impl.cc:221 >>>>> non-virtual thunk to >>>>> v8_inspector::V8InspectorSessionImpl::SendProtocolNotification(std::__ndk1::unique_ptr<v8_crdtp::Serializable, >>>>> >>>>> std::__ndk1::default_delete<v8_crdtp::Serializable>>) 0x0000005593df4290 >>>>> v8_inspector::protocol::HeapProfiler::Frontend::reportHeapSnapshotProgress(int, >>>>> >>>>> int, v8_crdtp::detail::ValueMaybe<bool>) 0x0000005593d987f4 >>>>> >>>>> v8_inspector::(anonymous >>>>> namespace)::HeapSnapshotProgress::ReportProgressValue(unsigned int, >>>>> unsigned int) v8-heap-profiler-agent-impl.cc:40 >>>>> v8::internal::HeapSnapshotGenerator::ProgressReport(bool) >>>>> heap-snapshot-generator.cc:2765 >>>>> >>>>> v8::internal::V8HeapExplorer::IterateAndExtractReferences(v8::internal::HeapSnapshotGenerator*) >>>>> >>>>> heap-snapshot-generator.cc:2115 >>>>> >>>>> v8::internal::HeapSnapshotGenerator::FillReferences() >>>>> heap-snapshot-generator.cc:2778 >>>>> v8::internal::HeapSnapshotGenerator::GenerateSnapshot() >>>>> heap-snapshot-generator.cc:2737 >>>>> v8::internal::HeapProfiler::TakeSnapshot(v8::HeapProfiler::HeapSnapshotOptions) >>>>> >>>>> heap-profiler.cc:96 >>>>> v8::HeapProfiler::TakeHeapSnapshot(v8::HeapProfiler::HeapSnapshotOptions >>>>> const&) api.cc:10670 >>>>> v8_inspector::V8HeapProfilerAgentImpl::takeHeapSnapshot(v8_crdtp::detail::ValueMaybe<bool>, >>>>> >>>>> v8_crdtp::detail::ValueMaybe<bool>, v8_crdtp::detail::ValueMaybe<bool>, >>>>> v8_crdtp::detail::ValueMaybe<bool>) v8-heap-profiler-agent-impl.cc:298 >>>>> v8_inspector::protocol::HeapProfiler::DomainDispatcherImpl::takeHeapSnapshot(v8_crdtp::Dispatchable >>>>> >>>>> const&) 0x0000005593d9a184 >>>>> >>>> -- >>> -- >>> v8-dev mailing list >>> [email protected] >>> http://groups.google.com/group/v8-dev >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "v8-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/v8-dev/409a9bd7-303e-4022-89d7-96a8c7e5bfabn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/v8-dev/409a9bd7-303e-4022-89d7-96a8c7e5bfabn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> -- >> v8-dev mailing list >> [email protected] >> http://groups.google.com/group/v8-dev >> --- >> You received this message because you are subscribed to the Google Groups >> "v8-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/v8-dev/CABNx07W8eP_g4vVTwHh89SRU7DnnCAAYSTf%3D4L34UkD%3DiDD%2BUg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/v8-dev/CABNx07W8eP_g4vVTwHh89SRU7DnnCAAYSTf%3D4L34UkD%3DiDD%2BUg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > > Clemens Backes > > Software Engineer > > [email protected] > > Google Germany GmbH > > Erika-Mann-Straße 33 > > 80636 München > > Geschäftsführer: Paul Manicle, Liana Sebastian > > Registergericht und -nummer: Hamburg, HRB 86891 > > Sitz der Gesellschaft: Hamburg > > Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten > haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, > löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, > dass die E-Mail an die falsche Person gesendet wurde. > > > This e-mail is confidential. If you received this communication by > mistake, please don't forward it to anyone else, please erase all copies > and attachments, and please let me know that it has gone to the wrong > person. > > > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/1717c3c7-b2c8-4390-a366-5ef8c2e45013n%40googlegroups.com.
