New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 631969 link

Starred by 2 users
Status: Fixed
Owner:
u...@chromium.org
Closed: Aug 2016
Cc:
mlippautz@chromium.org
jkummerow@chromium.org
hpayer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Invalid slot recorded in remembered set

Project Member Reported by u...@chromium.org, Jul 27 2016 
Steps to reproduce:

compile flags:
enable_nacl = false
gdb_index = true
is_component_build = true
is_debug = true
symbol_level = 2
use_goma = true
v8_enable_backtrace = true
v8_enable_disassembler = true
v8_enable_verify_heap = true
v8_object_print = true
v8_optimized_debug = false

command line:
gdb -ex run -args out/debug/chrome --no-sandbox --disable-hang-monitor --disable-extensions --renderer-cmd-prefix="konsole -e gdb -ex run -ex quit -args" --js-flags="--debug-code --code-comments --verify-heap"

url: http://www.wfsb.com/

Comment 1 by jkummerow@chromium.org, Jul 27 2016 

additional findings:

- the object is an ExternalOneByteString
- offset is sometimes 24, sometimes 32
- PointerDirection is 0 (=OLD_TO_OLD)
- the object itself is marked black, slots inside it are not

Comment 2 by jkummerow@chromium.org, Jul 27 2016 

also reproduces on:
- https://docs.google.com/document/d/1qeOSjI69kZK5Vc99FD242xmrivT4kQpCaFcaguGT0Jw/edit (this particular document requires google.com login)
- hangouts.google.com

Comment 3 by jkummerow@chromium.org, Jul 28 2016 

This is not a recent regression. I can repro with current stable (Chromium 52.0.2743.82, V8 5.2.361.43).

Comment 4 by mlippautz@chromium.org, Aug 16 2016

Cc: mlippautz@chromium.org
Labels: OS-All

Comment 5 by mlippautz@chromium.org, Aug 16 2016

Status: Fixed (was: Assigned)
This should be fixed with f6875cee3ab6cb69311bef765c0496877a5d3e8e. (bugdroid doesn't like me)

Sign in to add a comment