Hi All, A new feature request was just created at https://issues.chromium.org/issues/345822325.
Have a wonderful weekend, Sam On Friday, June 7, 2024 at 7:01:23 PM UTC+8 Sam Cao wrote: > Hi Michael, > > Yes, it was on Windows 10 x86_64. I have been maintaining an open-source > project Javet <https://github.com/caoccao/Javet> that embeds Node.js and > V8 in JVM. The crash was reported by a Javet user and reproduced by me. > Also, Marek had the same issue. I believe it also applies to Linux and > MacOS. > > Thank you, > Sam > > On Fri, Jun 7, 2024 at 6:49 PM Michael Lippautz <mlip...@chromium.org> > wrote: > >> Filed https://issues.chromium.org/u/1/issues/345640547 so this gets >> picked up by propert rotations. >> >> When you say >> "Start thread 2 and call v8Isolate->GetHeapStatistics() periodically.", >> what's your environment? This is not running in Chrome, right? >> >> On Fri, Jun 7, 2024 at 6:22 AM Sam Cao <sjtuc...@gmail.com> wrote: >> >>> Hi V8 Dev, >>> >>> I'd like to report a potential bug in ConcurrentMarking::RunMajor(). >>> >>> *Fatal Error* >>> # >>> # Fatal error in , line 0 >>> # Check failed: !IsFreeSpaceOrFillerMap(map). >>> # >>> # >>> # >>> #FailureMessage Object: 00000083D21FF440 >>> ==== C stack trace =============================== >>> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA557BB+ >>> 1514667] >>> (No symbol) [0x00007FFF4A77D497] >>> (No symbol) [0x00007FFF4A820BBA] >>> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AB234A1+ >>> 2357649] >>> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AB3AB62+ >>> 2453586] >>> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA570A6+ >>> 1521046] >>> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA5A466+ >>> 1534294] >>> >>> *Reproduce* >>> >>> 1. Set max heap size to 8096 >>> 2. Start thread 1 and execute the following JS code. >>> var a = []; >>> for (let i = 0; i < 100000000; i++) { >>> a.push({test:'test'}); >>> } >>> 3. Start thread 2 and call v8Isolate->GetHeapStatistics() >>> periodically. >>> >>> There is a high chance that V8 will crash with the fatal error posted >>> above. >>> >>> *Analysis* >>> I reviewed the source code of 12.5.227.6 and found there is only one >>> call to IsFreeSpaceOrFillerMap() inside ConcurrentMarking::RunMajor() as >>> follows. >>> [image: 01.png] >>> >>> It seems this check is not always valid when that V8 isolate is busy >>> allocating memory. It used to be working well before this check was added. >>> >>> Please check this issue out. >>> >>> Thank you, >>> Sam >>> >>> -- >>> -- >>> v8-dev mailing list >>> v8-...@googlegroups.com >>> http://groups.google.com/group/v8-dev >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "v8-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to v8-dev+un...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/v8-dev/73909b1a-6ab5-4014-bdf2-9b2be2a253bdn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/v8-dev/73909b1a-6ab5-4014-bdf2-9b2be2a253bdn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> -- >> v8-dev mailing list >> v8-...@googlegroups.com >> http://groups.google.com/group/v8-dev >> --- >> > You received this message because you are subscribed to a topic in the >> Google Groups "v8-dev" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/v8-dev/TCGnZKjYFEI/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> v8-dev+un...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/v8-dev/CAH%2BmL5Caw_Qv8a08e9opsjQiT3efdMdOeuLnu4sqDS2OjimD-Q%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/v8-dev/CAH%2BmL5Caw_Qv8a08e9opsjQiT3efdMdOeuLnu4sqDS2OjimD-Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > -- caocao > -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/df42a027-5499-4d85-a3d0-beb61ed133f8n%40googlegroups.com.
