Issue 621450 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	mvstan...@chromium.org
Closed:	Apr 2017
Cc:	yangguo@chromium.org █ kozyatinskiy@chromium.org
Components:	Platform>DevTools>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	3
Type:	Bug

DevTools: live edit crashes when executing edited code

Project Member Reported by pfeldman@chromium.org, Jun 20 2016

Issue description

I can repro locally on editing devtools code:

* thread #1: tid = 0x362ee, 0x00000001111428a8 Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::MemoryChunk::heap(this=0x0000000a00000000) const at spaces.h:628, name = 'CrRendererMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xa00000038)
  * frame #0: 0x00000001111428a8 Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::MemoryChunk::heap(this=0x0000000a00000000) const at spaces.h:628
    frame #1: 0x00000001111428a8 Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::HeapObject::GetHeap() const + 9 at objects-inl.h:1322
    frame #2: 0x000000011114289f Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::HeapObject::GetIsolate() const at objects-inl.h:1329
    frame #3: 0x000000011114289f Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::Handle<v8::internal::Code>::Handle(object=0x0000000a00000000) at handles.h:97
    frame #4: 0x000000011114289f Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(v8::internal::List<v8::internal::Handle<v8::internal::Code>, v8::internal::FreeStoreAllocationPolicy>*, int) const [inlined] v8::internal::Handle<v8::internal::Code> v8::internal::handle<v8::internal::Code>(object=0x0000000a00000000) at handles.h:169
    frame #5: 0x000000011114289f Chromium Framework`v8::internal::FeedbackNexus::FindHandlers(this=<unavailable>, code_list=0x00007fff50ee1370, length=1) const + 255 at type-feedback-vector.cc:821
    frame #6: 0x0000000110ec3e6a Chromium Framework`v8::internal::IC::UpdatePolymorphicIC(this=<unavailable>, name=<unavailable>, code=<unavailable>) + 746 at ic.cc:730
    frame #7: 0x0000000110ec3742 Chromium Framework`v8::internal::IC::PatchCache(this=0x00007fff50ee1600, name=<unavailable>, code=<unavailable>) + 82 at ic.cc:798
    frame #8: 0x0000000110ec3af4 Chromium Framework`v8::internal::LoadIC::UpdateCaches(this=0x00007fff50ee1600, lookup=0x00007fff50ee14a0) + 548 at ic.cc:936
    frame #9: 0x0000000110ec34e5 Chromium Framework`v8::internal::LoadIC::Load(this=0x00007fff50ee1600, object=<unavailable>, name=<unavailable>) + 1125 at ic.cc:662
    frame #10: 0x0000000110ec5bf4 Chromium Framework`v8::internal::KeyedLoadIC::Load(this=0x00007fff50ee1600, object=<unavailable>, key=<unavailable>) + 308 at ic.cc:1375
    frame #11: 0x0000000110ec9a37 Chromium Framework`v8::internal::Runtime_LoadIC_Miss(int, v8::internal::Object**, v8::internal::Isolate*) + 917 at ic.cc:2282
    frame #12: 0x0000000110ec96a2 Chromium Framework`v8::internal::Runtime_LoadIC_Miss(args_length=<unavailable>, args_object=0x00007fff50ee1748, isolate=0x00007fb90a830a00) + 66 at ic.cc:2257
    frame #13: 0x00003d7b7d4075e7
    frame #14: 0x00003d7b7e0338c4
    frame #15: 0x00003d7b7e030052
    frame #16: 0x00003d7b7d4077f5
    frame #17: 0x00003d7b7d440143
    frame #18: 0x00003d7b7d42832f
    frame #19: 0x0000000110e2216b Chromium Framework`v8::internal::(anonymous namespace)::Invoke(isolate=0x0000039d491b8181, is_construct=<unavailable>, target=<unavailable>, receiver=<unavailable>, argc=1, args=0x0000000110ec9660, new_target=<unavailable>) + 459 at execution.cc:98
    frame #20: 0x0000000110e21f6b Chromium Framework`v8::internal::Execution::Call(isolate=0x00007fb90a830a00, callable=<unavailable>, receiver=<unavailable>, argc=1, argv=<unavailable>) + 331 at execution.cc:154
    frame #21: 0x0000000110b2c1cd Chromium Framework`v8::Function::Call(this=<unavailable>, context=<unavailable>, recv=<unavailable>, argc=<unavailable>, argv=<unavailable>) + 541 at api.cc:4454
    frame #22: 0x0000000111f45206 Chromium Framework`blink::V8ScriptRunner::callFunction(function=<unavailable>, context=<unavailable>, receiver=(val_ = 0x00007fb90a830a60), argc=1, args=0x00007fff50ee1c98, isolate=0x00007fb90a830a00) + 550 at V8ScriptRunner.cpp:510

Comment 1 by yangguo@chromium.org, Jun 20 2016

Cc: yangguo@chromium.org
Owner: mvstan...@chromium.org

Looks like the feedback vector has not been updated correctly for liveedit? Michael, is this something you would be familiar with?

Comment 2 by mvstan...@chromium.org, Apr 7 2017

Status: WontFix (was: Assigned)

Quite a few changes were made in the last months to the feedback vector (new slots for reporting code coverage, also a merging of the feedback vector with the literals array). Does the issue still repro? Please reopen if so, thanks.

►

Issue 621450 link

Issue metadata

DevTools: live edit crashes when executing edited code

Issue description

Comment 1 by yangguo@chromium.org, Jun 20 2016

Comment 1 Deleted

Comment 2 by mvstan...@chromium.org, Apr 7 2017

Comment 2 Deleted

Sign in to add a comment