New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 16276 link

Starred by 4 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Jul 2009
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug
M-3

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

Crash - v8::internal::JSObject::LocalLookup(v8::internal::String *,v8::internal::LookupResult *)

Project Member Reported by lafo...@chromium.org, Jul 9 2009

Issue description

This crash was detected in 3.0.192.1 and appears to be a regression from 3.0.191.3.
It is currently ranked #1 (based on the relative number of reports in the release).  There have been 14 reports from 9 clients.
Search query: http://crash/search?query=Chrome+3.0.192.1+v8%3A%3Ainternal%3A%3AJSObject%3A%3ALocalLookup%28v8%3A%3Ainternal%3A%3AString+*%2Cv8%3A%3Ainternal%3A%3ALookupResult+*%29
----------------------------
*       Summary Data       *
----------------------------
Report Link: http://crash/reportdetail?reportid=32656f105df7144b
Mini Dump Link: http://crash/file?reportid=32656f105df7144b&name=upload_file_minidump

Uptime: 11 sec
User Comments: null
OS: Windows Vista or Windows Server 2008 Service Pack 1
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 15 stepping 13
rept: null
ptype: renderer
plat: Win32
crash type:(EXCEPTION_ACCESS_VIOLATION@0xffffffffffffffff)

----------------------------
*        Crash Trace       *
----------------------------
           [objects.cc:2623] - v8::internal::JSObject::LocalLookup(v8::internal::String *,v8::internal::LookupResult *)
           [objects.cc:2637] - v8::internal::JSObject::Lookup(v8::internal::String *,v8::internal::LookupResult *)
            [objects.cc:143] - v8::internal::Object::Lookup(v8::internal::String *,v8::internal::LookupResult *)
                 [ic.cc:276] - v8::internal::LookupForRead
                 [ic.cc:348] - v8::internal::CallIC::LoadFunction(v8::internal::InlineCacheState,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::String>)
                [ic.cc:1194] - v8::internal::CallIC_Miss(v8::internal::Arguments)
           [execution.cc:95] - v8::internal::Invoke
          [execution.cc:121] - v8::internal::Execution::Call(v8::internal::Handle<v8::internal::JSFunction>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Object * * *,bool *)
               [api.cc:2232] - v8::Function::Call(v8::Handle<v8::Object>,int,v8::Handle<v8::Value> * const)
          [v8proxy.cpp:1159] - WebCore::V8Proxy::callFunction(v8::Handle<v8::Function>,v8::Handle<v8::Object>,int,v8::Handle<v8::Value> * const)
   [scheduledaction.cpp:119] - WebCore::ScheduledAction::execute(WebCore::V8Proxy *)
    [scheduledaction.cpp:95] - WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext *)
          [domtimer.cpp:115] - WebCore::DOMTimer::fired()
      [threadtimers.cpp:111] - WebCore::ThreadTimers::fireTimers(double,WTF::Vector<WebCore::TimerBase *,0> const &)
      [threadtimers.cpp:141] - WebCore::ThreadTimers::sharedTimerFiredInternal()
               [timer.h:160] - base::BaseTimer<ImportantFileWriter,0>::TimerTask::Run()
       [message_loop.cc:313] - MessageLoop::RunTask(Task *)
       [message_loop.cc:321] - MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
       [message_loop.cc:427] - MessageLoop::DoWork()
[message_pump_default.cc:50] - base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
       [message_loop.cc:198] - MessageLoop::RunInternal()
       [message_loop.cc:181] - MessageLoop::RunHandler()
       [message_loop.cc:155] - MessageLoop::Run()
             [thread.cc:156] - base::Thread::ThreadMain()
 [platform_thread_win.cc:26] - `anonymous namespace'::ThreadFunc(void *)
   [kernel32.dll+0x00044910] - BaseThreadInitThunk
      [ntdll.dll+0x0003e4b5] - __RtlUserThreadStart
      [ntdll.dll+0x0003e488] - _RtlUserThreadStart

----------------------------
*      Loaded Modules      *
----------------------------
    avcodec-52.dll
    avformat-52.dll
    avutil-50.dll
    chrome.dll
    icudt38.dll
    pthreadGC2.dll
    chrome.exe
    Wldap32.dll
    advapi32.dll
    gdi32.dll
    imm32.dll
    kernel32.dll
    lpk.dll
    msctf.dll
    msvcrt.dll
    netapi32.dll
    nsi.dll
    ntdll.dll
    ntmarta.dll
    ole32.dll
    oleacc.dll
    oleaut32.dll
    psapi.dll
    rpcrt4.dll
    samlib.dll
    secur32.dll
    shell32.dll
    shlwapi.dll
    t2embed.dll
    user32.dll
    userenv.dll
    usp10.dll
    uxtheme.dll
    version.dll
    winmm.dll
    ws2_32.dll
    wsock32.dll
    comctl32.dll

 
Labels: Mstone-3
Status: Assigned

Comment 2 by ager@chromium.org, Jul 9 2009

Kasper, does this look like the crash that you fixed yesterday?
I'm pretty sure this has been fixed in V8:

   http://code.google.com/p/v8/source/detail?r=2390

I'm planning on pushing the fix to Chromium later today.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=20249 

------------------------------------------------------------------------
r20249 | kasperl@google.com | 2009-07-08 23:39:21 -0700 (Wed, 08 Jul 2009) | 5 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=20249&r2=20248

Update V8 in Chromium to version 1.2.13.

BUG= 16276 
TEST=none
Review URL: http://codereview.chromium.org/149382
------------------------------------------------------------------------

Add label: Fixed.
Status: Fixed
 Issue 16351  has been merged into this issue.

Comment 8 by huanr@chromium.org, Jul 10 2009

Status: Available
I still see this crash happens on chromebot, although infrequently, after v8 update. Do 
all code paths get fixed? 

Possible URL to repro:
http://96889.com/
http://www.etonline.com/
http://wol.swirve.com/magic.cgi
Status: Started
Ugh. Yeah, this still looks pretty bad. This is definitely something that needs more 
work. 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=20485 

------------------------------------------------------------------------
r20485 | kasperl@google.com | 2009-07-13 08:13:06 -0700 (Mon, 13 Jul 2009) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=20485&r2=20484

Update V8 in Chromium to version 1.2.14 and start pulling it
from branches/1.2. This update adds a possible work-around to 
a few high priority crashers.

BUG= 16276 , 16414 
TEST=none
Review URL: http://codereview.chromium.org/155422
------------------------------------------------------------------------

 Issue 16532  has been merged into this issue.
From  issue 16532 , it is easily reproducible - middle click on few items on google 
docs. Also notice, memory is eaten a lot, while opening items in google docs.

Comment 13 by darin@chromium.org, Jul 13 2009

Labels: Fixit

Comment 14 by ager@chromium.org, Jul 13 2009

The reproduction of comment 12 is really useful.  I have been able to make chromium 
before revision 20485 crash using that.  I have not been able to with revisions after 
20485, so it seems that Kasper's latest round of changes fixed it.
Labels: -Fixit
 Issue 16414  has been merged into this issue.
Status: Fixed
Fixed in V8 bleeding_edge@2435, which got included in Chromium in r20485 as part of 
updating to V8 version 1.2.14. Regression test case added in V8 bleeding_edge@2454.
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=20615 

------------------------------------------------------------------------
r20615 | kasperl@google.com | 2009-07-14 03:57:57 -0700 (Tue, 14 Jul 2009) | 5 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/reliability/known_crashes.txt?r1=20615&r2=20614

Remove fixed  issue 16276  from known crashes list.

BUG= 16276 
TEST=none
Review URL: http://codereview.chromium.org/155492
------------------------------------------------------------------------

Project Member

Comment 19 by bugdroid1@chromium.org, Oct 12 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 20 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Area-WebKit -Mstone-3 Cr-Content M-3
Project Member

Comment 21 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member

Comment 22 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content Cr-Blink

Sign in to add a comment