Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-Medium
New issue 3029 by [email protected]: Assertion failure in
OptimizedFrame::Summarize
http://code.google.com/p/v8/issues/detail?id=3029
While trying to write a repro for another issue, I found that V8 crashes
with this
function c(x) {
undefined.apply(undefined, 0);
}
function f() {
return new c();
}
function g() {
f();
}
try { g(); } catch (e) {};
try { g(); } catch (e) {};
%OptimizeFunctionOnNextCall(g);
try { g(); } catch (e) {};
Stack trace is this:
0 v8::internal::OS::DebugBreak () at ../src/platform-posix.cc:285
#1 0x08851000 in v8::internal::OS::Abort () at ../src/platform-posix.cc:263
#2 0x0842e5a0 in V8_Fatal (file=0x8a1c6f2 "../src/frames.cc", line=987,
format=0x8a1bb98 "CHECK(%s) failed") at ../src/checks.cc:85
#3 0x084bf306 in v8::internal::OptimizedFrame::Summarize (this=0xffffc374,
frames=0xffffc410) at ../src/frames.cc:986
#4 0x085a5aca in v8::internal::Isolate::CaptureSimpleStackTrace
(this=0x9718018, error_object=..., caller=..., limit=10)
at ../src/isolate.cc:471
#5 0x086d4ff8 in v8::internal::__RT_impl_Runtime_CollectStackTrace
(args=..., isolate=0x9718018) at ../src/runtime.cc:14291
#6 0x086d4ea6 in v8::internal::Runtime_CollectStackTrace (args_length=3,
args_object=0xffffc538, isolate=0x9718018) at ../src/runtime.cc:14281
#7 0x5580b256 in ?? ()
#8 0x5582e6e2 in ?? ()
#9 0x5582ee57 in ?? ()
#10 0x558408cc in ?? ()
#11 0x5582e2da in ?? ()
#12 0x55849c95 in ?? ()
#13 0x55840b79 in ?? ()
#14 0x5582076a in ?? ()
#15 0x084907b8 in v8::internal::Invoke (is_construct=false, function=...,
receiver=..., argc=2, args=0xffffc75c, has_pending_exception=0xffffc78f)
at ../src/execution.cc:119
#16 0x08490c16 in v8::internal::Execution::TryCall (func=..., receiver=...,
argc=2, args=0xffffc75c, caught_exception=0xffffc78f)
at ../src/execution.cc:214
#17 0x084aa4be in v8::internal::Factory::NewError (this=0x9718018,
maker=0x8a1547b "MakeTypeError",
message=0x8a493f3 "non_object_property_call", args=...)
at ../src/factory.cc:940
#18 0x084a9f80 in v8::internal::Factory::NewError (this=0x9718018,
maker=0x8a1547b "MakeTypeError",
message=0x8a493f3 "non_object_property_call", args=...)
at ../src/factory.cc:863
#19 0x084a9ce7 in v8::internal::Factory::NewTypeError (this=0x9718018,
message=0x8a493f3 "non_object_property_call", args=...)
at ../src/factory.cc:811
#20 0x085905e7 in v8::internal::IC::TypeError (this=0xffffc928,
type=0x8a493f3 "non_object_property_call", object=..., key=...)
at ../src/ic.cc:418
#21 0x0859114b in v8::internal::CallICBase::LoadFunction (this=0xffffc928,
object=..., name=...) at ../src/ic.cc:620
#22 0x08598268 in v8::internal::__RT_impl_CallIC_Miss (args=...,
isolate=0x9718018) at ../src/ic.cc:2061
#23 0x08598132 in v8::internal::CallIC_Miss (args_length=2,
args_object=0xffffc9ec, isolate=0x9718018) at ../src/ic.cc:2054
#24 0x5580b256 in ?? ()
#25 0x55828c40 in ?? ()
#26 0x5584c516 in ?? ()
#27 0x558499aa in ?? ()
#28 0x55840b79 in ?? ()
#29 0x5582076a in ?? ()
#30 0x084907b8 in v8::internal::Invoke (is_construct=false, function=...,
receiver=..., argc=0, args=0x0, has_pending_exception=0xffffcc1e)
at ../src/execution.cc:119
#31 0x08490b04 in v8::internal::Execution::Call (isolate=0x9718018,
callable=..., receiver=..., argc=0, argv=0x0, pending_exception=0xffffcc1e,
convert_receiver=false) at ../src/execution.cc:183
#32 0x083dffbf in v8::Script::Run (this=0x97455d0) at ../src/api.cc:1900
#33 0x083bcd4c in v8::Shell::ExecuteString (isolate=0x9718018, source=...,
name=..., print_result=false, report_exceptions=true) at ../src/d8.cc:218
#34 0x083c177f in v8::SourceGroup::Execute (this=0x971e614,
isolate=0x9718018) at ../src/d8.cc:1293
#35 0x083c21b7 in v8::Shell::RunMain (isolate=0x9718018, argc=4,
argv=0xffffcf54) at ../src/d8.cc:1530
#36 0x083c609d in v8::Shell::Main (argc=4, argv=0xffffcf54)
at ../src/d8.cc:1724
#37 0x083c6196 in main (argc=4, argv=0xffffcf54) at ../src/d8.cc:1762
#
# Fatal error in ../src/frames.cc, line 987
# CHECK(opcode == Translation::STACK_SLOT || opcode ==
Translation::LITERAL) failed
#
but opcode is
(gdb) p opcode
$2 = v8::internal::Translation::DUPLICATED_OBJECT
Michael, I assigned you on this randomly. If you have a better person to
assign this to, go ahead :)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
