sorry, no idea. On Mon, Sep 26, 2016 at 9:01 AM PhistucK <phist...@gmail.com> wrote:
> Yes, but I could not provide a reproduction case. :( > At least not without approvals from managers, I guess. > > Do you happen to know when the next stable patch release is planned (that > includes the change)? I had to instruct the test teams to use > --js-flags="--no-crankshaft" for now, which is not ideal... > > > ☆*PhistucK* > > On Mon, Sep 26, 2016 at 9:42 AM, Jochen Eisinger <joc...@chromium.org> > wrote: > > Thanks for tracking this down. In general, if you're willing / able to > provide a repro case, we're happy to investigate suchs bugs ourselves, so > you don't have to go through the trouble of bisecting this.. > > On Sun, Sep 25, 2016 at 6:06 PM PhistucK <phist...@gmail.com> wrote: > > After bisecting, the bug started at - > https://chromium.googlesource.com/v8/v8/+log/c93d868f..d83c3f0e > The bug stopped at - > https://chromium.googlesource.com/v8/v8/+log/f9a47d47..a255aa83 > > This leaves me with > https://chromium.googlesource.com/v8/v8/+/4dab7b5a1d6722002d47d0be2481cb65602a2451, > which resolves a for-in optimization (Turbofan) bug > <https://bugs.chromium.org/p/chromium/issues/detail?id=647887> and > already merged to the 5.3 branch (but is not released to stable yet :(). > > Though, I wonder, why did it not always occur? jQuery.isPlainObject is a > very hot function (at least in the code with which I am dealing here). Is > it possible that it is not always optimized? > (Also, that weird foo.hasOwnProperty(bar) === true versus > Object.keys(foo).indexOf(bar) > === -1 contradiction...) > > Hopefully, another stable patch will be released soon, as it may affect > many jQuery versions, since that was the way to check whether an object is > a plain object until some time ago. > > I apologize to everyone, as I experienced the bug when it started but > dismissed it as a temporary canary issue that would resolve itself. Stupid > me. I hope I learned my lesson (probably not, though :( - I would have > reported it if it did not require days of investigations). > > > ☆*PhistucK* > > On Sat, Sep 24, 2016 at 1:45 PM, PhistucK <phist...@gmail.com> wrote: > > Thank you! Unfortunately, for everyone, it is getting clearer and clearer > that this is an optimization issue. The issue does not reproduce with the > --no-crankshaft flag. > > The code is calling something like - > jQuery.extend(/* deepCopy */ true, {string: 'something'}, {string, > 'something', instance: someConstructedInstance}) > (Where someConstructedInstance is a an instance of an object based on an > enhanced Backbone View Model, so it is not a plain object) > And sometimes (it used to occasionally appear, it now appears most often > than not), jQuery.isPlainObject returns true for the value of instance. > That jQuery function finishes with the following statements > <https://github.com/jquery/jquery/blob/d71f6a53927ad02d728503385d15539b73d21ac8/src/core.js#L472-L475> > - > var key; > for ( key in obj ) {} > > return key === undefined || core_hasOwn.call( obj, key ); > From my debugging, it sometimes fails the key === undefined > <https://github.com/jquery/jquery/blob/d71f6a53927ad02d728503385d15539b73d21ac8/src/core.js#L475> > check (if I add more logging code, it returns true - that does not make > sense) and it sometimes fails the core_hasOwn.call( obj, key ) > <https://github.com/jquery/jquery/blob/d71f6a53927ad02d728503385d15539b73d21ac8/src/core.js#L475> > check (which returns true for a key that is not an own property). When > this happen, Object.keys(obj).indexOf(key) returns -1. I verified that > the key is indeed not an own property. > (I am using jQuery 1.9.1 and cannot update it, but the code has basically > gone through simplification, not real bug fixes) > > I think it may have started since Chrome 52, I am not sure. It evidently > possibly became much, much worse in Chrome 53 (Windows 7, Intel Core i5, 32 > bit). > > I should report it, but I cannot disclose the code (it is a > several-megabyte package that includes - and uses in that stack - several > libraries like Knockout, Backbone, Underscore and more). Can someone > suggest how I can diagnose and debug this further (without a native code > debugger) in order to help you understand the exact issue (without showing > code :()? > > > ☆*PhistucK* > On Tuesday, September 20, 2016 at 3:54:19 PM UTC+3, Michael Hablich wrote: > > --no-crankshaft should do the trick. The name is misleading, it will also > disable TurboFan. > > > On Tuesday, September 20, 2016 at 1:51:51 PM UTC+2, PhistucK wrote: > > I have an issue where the code suddenly (since Chrome 53) gets caught up > in a cyclic recursion until it exceeds the stack size limit. > > Since the code is the same, I want to try and rule out engine optimization > issues. Is there a V8 flag for disabling all of the optimizations? > > > ☆*PhistucK* > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > > You received this message because you are subscribed to a topic in the > Google Groups "v8-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/v8-users/V3J9CwEv468/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > v8-users+unsubscr...@googlegroups.com. > > > For more options, visit https://groups.google.com/d/optout. > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to a topic in the > Google Groups "v8-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/v8-users/V3J9CwEv468/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
