New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 652955 link

Starred by 1 user
Status: Fixed
Owner:
mlippautz@chromium.org
Closed: Oct 2016
Cc:
l...@chromium.org
hpayer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

Repeated renderer crashes on v8::internal::ObjectStatsCollector when using --track_gc_object_stats/--noincremental-marking

Project Member Reported by primiano@chromium.org, Oct 5 2016 
Chrome Version       : 55.0.2880.4
OS Version: OS X 10.11.6
URLs (if applicable) : https://store.google.com/product/asus_chromebook_flip

Crash report: crash/0061581d00000000

Repro:
1. Start canary on mac passing --js-flags="--track_gc_object_stats --noincremental-marking"
2. Visit the URL above
3. scroll a bit up and down

After few seconds chrome crashes with the stack trace in crash/0061581d00000000

Doesn't seem to repro without the js-flags cmdline.

Comment 1 by mlippautz@chromium.org, Oct 5 2016

Cc: -mlippautz@chromium.org
Owner: mlippautz@chromium.org
Status: Assigned (was: Unconfirmed)
For object stats we walk the object graph explicitly. Since we don't have an IDL for our objects this is error prone. We also lack tests for this feature since we don't really have a stable output to test against (yet).

Will have a look what edge broke exactly. From the trace it looks like recording code objects broke.

Comment 2 by mlippautz@chromium.org, Oct 5 2016

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4eaccc7a45662538c713001aa23f932228afefc8

commit 4eaccc7a45662538c713001aa23f932228afefc8
Author: mlippautz <mlippautz@chromium.org>
Date: Wed Oct 05 10:23:51 2016

[heap] ObjectStats: Handle empty deoptimization input data

BUG= chromium:652955 

Review-Url: https://codereview.chromium.org/2393153002
Cr-Commit-Position: refs/heads/master@{#39984}

[modify] https://crrev.com/4eaccc7a45662538c713001aa23f932228afefc8/src/heap/object-stats.cc

Comment 4 by mlippautz@chromium.org, Oct 28 2016

Status: Fixed (was: Started)
Should be fixed. If you find other issues, please let me know.

Comment 5 by mlippautz@chromium.org, Oct 28 2016

Components: -Blink>JavaScript>Runtime Blink>JavaScript>GC

Sign in to add a comment