Status: New
Owner: ----
New issue 3359 by [email protected]: Fatal error in
LCodeGenBase::CheckEnvironmentUsage
http://code.google.com/p/v8/issues/detail?id=3359
The test below was loaded with the latest debug asan chromium build
(asan-linux-debug-273333) and it produced a crash in the v8 library:
#
# Fatal error in ../../v8/src/lithium-codegen.cc, line 116
# CanDeoptimize is wrong for Sar (sar-t)
#
The test case:
1 >> Boolean.constructor + 1;
while (true);
Backtrace:
#
# Fatal error in ../../v8/src/lithium-codegen.cc, line 116
# CanDeoptimize is wrong for Sar (sar-t)
#
==== C stack trace ===============================
1: ??
2: ??
3: ??
4: ??
5: ??
6: ??
7: ??
8: ??
Program received signal SIGILL, Illegal instruction.
0x00007ffff78bf363 in v8::internal::OS::Abort() () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
(gdb) bt
#0 0x00007ffff78bf363 in v8::internal::OS::Abort() () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#1 0x00007ffff6b3314e in V8_Fatal () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#2 0x00007ffff7103f72 in
v8::internal::LCodeGenBase::CheckEnvironmentUsage() () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#3 0x00007ffff71134b5 in v8::internal::LChunk::Codegen() () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#4 0x00007ffff6b82f59 in v8::internal::OptimizedCompileJob::GenerateCode()
() from /home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#5 0x00007ffff6b8722c in
v8::internal::Compiler::GetOptimizedCode(v8::internal::Handle<v8::internal::JSFunction>,
v8::internal::Handle<v8::internal::Code>,
v8::internal::Compiler::ConcurrencyMode, v8::internal::BailoutId) () from
/home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#6 0x00007ffff748367f in
v8::internal::Runtime_CompileForOnStackReplacement(int,
v8::internal::Object**, v8::internal::Isolate*) ()
from /home/reni/data/REPOS/ASAN/asan-linux-debug-273333/lib/libv8.so
#7 0x00007fffce306d4e in ?? ()
#8 0x0000000100000000 in ?? ()
#9 0x00007fffce306ca1 in ?? ()
#10 0x00007fffffffcda0 in ?? ()
#11 0x00007fffffffcde8 in ?? ()
#12 0x00007fffce3565d3 in ?? ()
#13 0x00007ffff109acd9 in ?? ()
#14 0x00007fffce356541 in ?? ()
#15 0x0000000800000000 in ?? ()
#16 0x00007ffff106c911 in ?? ()
#17 0x00007fffffffce10 in ?? ()
#18 0x00007fffce35d004 in ?? ()
#19 0x0000000100000000 in ?? ()
#20 0x00007ffff109acd9 in ?? ()
#21 0x00007ffff106c911 in ?? ()
#22 0x00007fffffffce48 in ?? ()
#23 0x00007fffce353320 in ?? ()
#24 0x00007ffff1099029 in ?? ()
#25 0x00007ffff109acd9 in ?? ()
#26 0x00007fffce353261 in ?? ()
#27 0x0000000800000000 in ?? ()
#28 0x0000000000000000 in ?? ()
Attachments:
v8.js 43 bytes
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
