[v8-dev] Issue 2078 in v8: Devtools crash when taking a heap snapshot ( v8::internal::V8HeapExplorer::ExtractClosureReferences )

Fri, 13 Apr 2012 04:49:29 -0700 

Status: New
Owner: ----
New issue 2078 by [email protected]: Devtools crash when taking a heap snapshot ( v8::internal::V8HeapExplorer::ExtractClosureReferences ) 
http://code.google.com/p/v8/issues/detail?id=2078
Version tested with: Chromium trunk build, chromium r132157, v8 r11253, WebKit r114016. 
OS: Ubuntu

Reproduction steps:
1. Visit a web page with the following contents:

<a id="clickme">Label</a><br>
<a id="listen" onclick="dolisten()">Click here to listen to events</a><br>
<script src="http://closure-library.googlecode.com/svn/trunk/closure/goog/base.js";> 
</script>
<script>
goog.require('goog.events');
</script>
<script>
function dolisten() {
console.log("installing listener");
goog.events.listen(document.getElementById("clickme"), goog.events.EventType.CLICK, foo); 
}

function foo() {
console.log("clicked");
}
</script>

2. Click "Click here to listen to events"
3. Ctrl + shift + i to bring up developer tools, Profiles -> Take Heap Snapshot -> Start. 

The renderer crashes with the following printout:
#
# Fatal error in ../../v8/src/objects-inl.h, line 1661
# CHECK(index >= 0 && index < this->length()) failed
#

Backtrace:
#0 0x00007f0157454a75 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 
#1  0x00007f01574585c0 in *__GI_abort () at abort.c:92
#2 0x00007f0162c5051a in v8::internal::OS::Abort () at ../../v8/src/platform-linux.cc:373 #3 0x00007f01628f6a9b in V8_Fatal (file=0x7f0164b0c193 "../../v8/src/objects-inl.h", line=1661, 
    format=0x7f0164b0b998 "CHECK(%s) failed") at ../../v8/src/checks.cc:58
#4 0x00007f01628ca552 in v8::internal::FixedArray::get (this=0xc8cbb1e3831, index=4) 
    at ../../v8/src/objects-inl.h:1661
#5 0x00007f0162aaa2d9 in v8::internal::V8HeapExplorer::ExtractClosureReferences (this=0x7fff36daac58, js_obj=0xc8cbb1ab249, entry=0x1) at ../../v8/src/profile-generator.cc:2106 #6 0x00007f0162aa936e in v8::internal::V8HeapExplorer::ExtractReferences (this=0x7fff36daac58, obj=0xc8cbb1ab249) 
    at ../../v8/src/profile-generator.cc:1915
#7 0x00007f0162aaac6b in v8::internal::V8HeapExplorer::IterateAndExtractReferences (this=0x7fff36daac58, 
    filler=0x7fff36daaba0) at ../../v8/src/profile-generator.cc:2343
#8 0x00007f0162aad50d in v8::internal::HeapSnapshotGenerator::CountEntriesAndReferences (this=0x7fff36daac40) 
    at ../../v8/src/profile-generator.cc:3176
#9 0x00007f0162aad21b in v8::internal::HeapSnapshotGenerator::GenerateSnapshot (this=0x7fff36daac40) 
    at ../../v8/src/profile-generator.cc:3117
#10 0x00007f016298d3d2 in v8::internal::HeapProfiler::TakeSnapshotImpl (this=0x7f015ea00c00, name=0x7f0150739f60 "org.webkit.profiles.user-initiated.1", type=0, control=0x7fff36daaea0) 
    at ../../v8/src/heap-profiler.cc:118
#11 0x00007f016298d4a5 in v8::internal::HeapProfiler::TakeSnapshotImpl (this=0x7f015ea00c00, name=0x2f95fef04101, 
    type=0, control=0x7fff36daaea0) at ../../v8/src/heap-profiler.cc:136
#12 0x00007f016298d1ca in v8::internal::HeapProfiler::TakeSnapshot (name=0x2f95fef04101, type=0, 
    control=0x7fff36daaea0) at ../../v8/src/heap-profiler.cc:85
#13 0x00007f01628c534d in v8::HeapProfiler::TakeSnapshot (title=..., type=v8::HeapSnapshot::kFull, 
    control=0x7fff36daaea0) at ../../v8/src/api.cc:6236


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to