I have pretty much narrowed it down and will send a repro once I remove all the noise from my project
On Thursday, September 12, 2019 at 5:45:19 PM UTC+3, Jakob Kummerow wrote: > > CC author of that commit. > > Darin, do you have a full repro you can share? That would be useful for > debugging. > > > On Thu, Sep 12, 2019 at 4:36 PM Darin Dimitrov <darin....@gmail.com > <javascript:>> wrote: > >> I am embedding v8 in my iOS application and calling some js function: >> >> Local<v8::Function> callback = ... >> >> std::vector<Local<Value>> v8Args = ... >> >> Local<Value> result; >> >> TryCatch tc(isolate); >> >> callback->Call(context, thiz, (*int*)v8Args.size(), v8Args.data()). >> ToLocal(&result)); >> >> >> This code works pretty fine but starting from this commit >> https://chromium.googlesource.com/v8/v8.git/+/738d870db64a97db243e0d5856f92cc45e1c69fd >> my code started failing consistently with the following error: >> >> >> * thread #1, queue = 'com.apple.main-thread', stop reason = >> EXC_BAD_ACCESS (code=EXC_I386_GPFLT) >> >> * frame #0: 0x00000001031f1fe0 >> MyProj`v8::internal::PropertyCallbackArguments::CallNamedSetter(this=0x00007ffeedc03aa0, >> >> interceptor=<unavailable>, name=<unavailable>, >> value=Handle<v8::internal::Object> @ 0x00007ffeedc039e8) at >> api-arguments-inl.h:231:3 [opt] >> >> frame #1: 0x000000010315e11d >> MyProj`v8::internal::__RT_impl_Runtime_StorePropertyWithInterceptor(args=Arguments >> >> @ 0x00007ffeedc03af0, isolate=0x000000011faf8000) at ic.cc:2760:37 [opt] >> >> frame #2: 0x0000000103cd6f00 >> MyProj`Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit + 64 >> >> frame #3: 0x0000000103ef0ccf MyProj`Builtins_StaNamedPropertyHandler >> + 1679 >> >> frame #4: 0x0000000103a0be52 >> MyProj`Builtins_InterpreterEntryTrampoline + 946 >> >> frame #5: 0x00000001039fe57a MyProj`Builtins_JSEntryTrampoline + 90 >> >> frame #6: 0x00000001039fe57a MyProj`Builtins_JSEntryTrampoline + 90 >> >> frame #7: 0x00000001039fe358 MyProj`Builtins_JSEntry + 120 >> >> frame #8: 0x0000000103064512 MyProj`v8::internal::(anonymous >> namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous >> namespace)::InvokeParams const&) [inlined] >> v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, >> unsigned long, unsigned long, long, unsigned >> long**>::Call(this=<unavailable>, args=<unavailable>, args=<unavailable>, >> args=<unavailable>, args=<unavailable>, args=<unavailable>, >> args=<unavailable>) at simulator.h:138:12 [opt] >> >> frame #9: 0x0000000103064509 MyProj`v8::internal::(anonymous >> namespace)::Invoke(isolate=0x000000011faf8000, >> params=<unavailable>)::InvokeParams const&) at execution.cc:266 [opt] >> >> frame #10: 0x0000000103063e27 >> MyProj`v8::internal::Execution::Call(isolate=0x000000011faf8000, >> callable=<unavailable>, receiver=<unavailable>, argc=1, >> argv=0x0000600001a8cee0) at execution.cc:358:10 [opt] >> >> frame #11: 0x0000000102d3a80d >> MyProj`v8::Function::Call(this=0x00007fdeee81b840, context=<unavailable>, >> recv=<unavailable>, argc=1, argv=0x0000600001a8cee0) at api.cc:4840:7 [opt] >> >> >> >> And this is the crashing code: >> https://chromium.googlesource.com/v8/v8.git/+/738d870db64a97db243e0d5856f92cc45e1c69fd/src/api/api-arguments-inl.h#231 >> >> >> The crash is observed after multiple calls to this method and after some >> GC iterations. >> >> -- >> > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/8fd38a54-37de-4850-8ca1-bf9544e1b345%40googlegroups.com.
