Check failed: size <= Page::kMaxRegularHeapObjectSize.
Reported by
kamil.fi...@luna-lang.org,
Oct 13 2016
|
|||||||||||||||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36
Steps to reproduce the problem:
1. Open large ghcjs-based webapp
2. Chrome tab crashes ("Aw, snap!")
What is the expected behavior?
Webapp starts
What went wrong?
Chrome tab crashed ("Aw, snap"), revelant crash message in terminal
#
# Fatal error in ../../v8/src/runtime/runtime-internal.cc, line 333
# Check failed: size <= Page::kMaxRegularHeapObjectSize.
#
==== C stack trace ===============================
0 Google Chrome Framework 0x0000000110d91df3 ChromeMain + 15501795
1 Google Chrome Framework 0x0000000110d9077d ChromeMain + 15496045
2 Google Chrome Framework 0x0000000110beeaf6 ChromeMain + 13784806
3 ??? 0x000001d4738063a7 0x0 + 2011982488487
4 ??? 0x000001d473817150 0x0 + 2011982557520
Did this work before? Yes Chrome 53 (Stable)
Chrome version: 54.0.2840.59 Channel: stable
OS Version: OS X 10.11.6
Flash Version: Shockwave Flash 23.0 r0
We're making a web based application in Haskell (compiled to JS with GHCJS). It generates quite large JavaScript code (30-40 MB; not minified).
,
Oct 13 2016
I also get the same error on Fedora 24 with Chrome 54 Beta
#
# Fatal error in ../../v8/src/runtime/runtime-internal.cc, line 333
# Check failed: size <= Page::kMaxRegularHeapObjectSize.
#
==== C stack trace ===============================
/opt/google/chrome-beta/chrome --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,OverrideYouTubeFlashEmbed<Override YouTube Fl(+0x187b15e) [0x556ec249f15e]
--2016-10-13 17:03:45-- https://clients2.google.com/cr/report
Translacja clients2.google.com (clients2.google.com)... 2a00:1450:4001:818::200e, 172.217.22.110
Łączenie się z clients2.google.com (clients2.google.com)|2a00:1450:4001:818::200e|:443... połączono.
Żądanie HTTP wysłano, oczekiwanie na odpowiedź... 200 OK
Długość: nieznana [text/html]
Zapis do: `/dev/fd/3'
0KCrash dump id: 7dd3c15b00000000
4,06M=0s
,
Oct 13 2016
I can repro. V8 folks, could take a look?
,
Oct 17 2016
Able to reproduce the issue on MAC 10.11.6 for chrome stable version 54.0.2840.59 and Canary 56.0.2891.0. Issue is a regression broken in M54, below are the bisect details for the same: Bisect info: ============ Good Build: 53.0.2785.157 (Last M53 Build) Bad build: 54.0.2786.0 (First M54 Build) Tried a manual bisect and got the following change log: https://chromium.googlesource.com/chromium/src/+log/6ff44f5b8e053f33ba5dd730fac7ddfc0f5b566a..b997073eee258ac2f56f291cec99bdef648f8cf4 @ horo: request you to please take a look into it. Please help us to reassign if not with respect to your change. Change URL: https://chromium.googlesource.com/chromium/src/+/b997073eee258ac2f56f291cec99bdef648f8cf4 Review-Url: https://codereview.chromium.org/2116743002 Issue is also observed on Windows and Ubuntu OS as well. Adding RS Label, please undo if not the case.
,
Oct 17 2016
This crash started spiking from M53 onwards, majority of the reports are from Linux, below is the historical data. 54.0.2840.59 6.35% 438 54.0.2840.50 2.00% 138 53.0.2785.143 18.42% 1271 53.0.2785.116 36.59% 2525 52.0.2743.116 0.09% 6 Link to the builds which introduced the crash. ============================================== https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%3Cname%20omitted%3E%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000 M54 is already in Stable, so please have the fix before M55 hits Stable.
,
Oct 17 2016
ranjitkan@ How did you bisect? Is there any repro steps available? ligimole@ Is this url correct? The query is "custom_data.ChromeCrashProto.ptype='renderer' AND custom_data.ChromeCrashProto.magic_signature_1.name='<name omitted>'". I don't this is correct.
,
Oct 18 2016
horo@: In comment 1 there is sample URL provided by the reporter which when loaded crashes. Took this url to bisect. URL: http://54.183.141.195:32770/ Thanks.!
,
Oct 18 2016
ranjitkan@ Could you please bisect again? And please upload the log. b997073eee258ac2f56f291cec99bdef648f8cf4 changed only the test code. So it must not cause this regression.
,
Oct 18 2016
,
Oct 18 2016
Retried the Bisect and here are the details below: Installed chrome versions and navigated to following URL: http://54.183.141.195:32770/ P.S: On Good builds, sometimes it takes time to load and a pop up appears whether to kill the browser, please click on Wait so that the web page appears. On Bad builds loading the URL immediately crashes the web page. Bisect details: =============== 54.0.2812.0 - Good Build 54.0.2819.0 - Bad Build Change URL: =========== https://chromium.googlesource.com/chromium/src/+log/c2e6e3149e3abd4de5b9969c2ece3caa019c3540..4986457108be0a622ba1e17d34ce2c2108ece830 From the Change Log, observed that there is an V8 version update and below is the V8 change log: V8 ChangeLog: https://chromium.googlesource.com/v8/v8/+log/967e2cbd..646f0264 From the log suspecting the below change could be the possible culprit: Change URL: https://chromium.googlesource.com/v8/v8/+/ea45a210a62d24cdb6b17d6374ed7648691fa6c3 Review-Url: https://codereview.chromium.org/2189643004 @ ulan: Request you to please take a look into it. Please help us to find a right owner if not with respect to your change. Details from Crash Server: ========================== Crash ID: 3786243b00000000 Stack Trace: ============ CRASHED [EXC_BAD_INSTRUCTION / EXC_I386_INVOP @ 0x000000010c252ca2 ] MAGIC SIGNATURE THREAD 0x000000010c252ca2 (Google Chrome Framework -platform-posix.cc:230 ) v8::base::OS::Abort() 0x000000010c0a8a98 (Google Chrome Framework -runtime-internal.cc:333 ) v8::internal::Runtime_AllocateInNewSpace(int, v8::internal::Object**, v8::internal::Isolate*) 0x00003fda1a0063a6 0x00003fda1a01714f 0x00003fda1a3060db 0x00003fda1a274a76 0x00003fda1a007e54 0x00003fda1a273fd7 0x00003fda1a273c53 0x00003fda1a27388b 0x00003fda1a007e54 0x00003fda1a27354e 0x00003fda1a007e54 0x00003fda1a049e62 0x00003fda1a02a120 0x000000010be44903 (Google Chrome Framework -execution.cc:141 ) v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>) 0x000000010be445b8 (Google Chrome Framework -execution.cc:178 ) <name omitted> 0x000000010bb065e8 (Google Chrome Framework -api.cc:4521 ) v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) 0x000000010f2f033f (Google Chrome Framework -V8ScriptRunner.cpp:516 ) blink::V8ScriptRunner::callFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) 0x000000010f2df5bf (Google Chrome Framework -V8EventListener.cpp:96 ) blink::V8EventListener::callListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) 0x000000010f2d874b (Google Chrome Framework -V8AbstractEventListener.cpp:130 ) blink::V8AbstractEventListener::invokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) 0x000000010f2d861e (Google Chrome Framework -V8AbstractEventListener.cpp:95 ) blink::V8AbstractEventListener::handleEvent(blink::ScriptState*, blink::Event*) 0x000000010f2d853d (Google Chrome Framework -V8AbstractEventListener.cpp:84 ) blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) 0x000000010f6a1ac3 (Google Chrome Framework -EventTarget.cpp:648 ) blink::EventTarget::fireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1ul>&) 0x000000010f6a129a (Google Chrome Framework -EventTarget.cpp:541 ) blink::EventTarget::fireEventListeners(blink::Event*) 0x000000010f69939f (Google Chrome Framework -EventDispatcher.cpp:173 ) blink::EventDispatcher::dispatch() 0x000000010f698cea (Google Chrome Framework -EventDispatcher.cpp:53 ) blink::EventDispatcher::dispatchEvent(blink::Node&, blink::EventDispatchMediator*) 0x000000010f5ebd1b (Google Chrome Framework -Document.cpp:4795 ) blink::Document::finishedParsing() 0x000000010f79ce78 (Google Chrome Framework -HTMLDocumentParser.cpp:869 ) blink::HTMLDocumentParser::prepareToStopParsing() 0x000000010f79edb9 (Google Chrome Framework -HTMLDocumentParser.cpp:524 ) blink::HTMLDocumentParser::processTokenizedChunkFromBackgroundParser(std::__1::unique_ptr<blink::HTMLDocumentParser::TokenizedChunk, std::__1::default_delete<blink::HTMLDocumentParser::TokenizedChunk> >) 0x000000010f79d4aa (Google Chrome Framework -HTMLDocumentParser.cpp:573 ) blink::HTMLDocumentParser::pumpPendingSpeculations() 0x000000010f0eb94b (Google Chrome Framework -bind_internal.h:164 ) base::internal::Invoker<base::internal::BindState<void (*)(std::__1::unique_ptr<blink::WebTaskRunner::Task, std::__1::default_delete<blink::WebTaskRunner::Task> >), base::internal::PassedWrapper<std::__1::unique_ptr<blink::WebTaskRunner::Task, std::__1::default_delete<blink::WebTaskRunner::Task> > > >, void ()>::Run(base::internal::BindStateBase*) 0x000000010cc2adaa (Google Chrome Framework -callback.h:388 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) 0x000000010f0e3a42 (Google Chrome Framework -task_queue_manager.cc:315 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, blink::scheduler::internal::TaskQueueImpl::Task*) 0x000000010f0e28cd (Google Chrome Framework -task_queue_manager.cc:218 ) blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool) 0x000000010cc2adaa (Google Chrome Framework -callback.h:388 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) 0x000000010cc4cb9b (Google Chrome Framework -message_loop.cc:488 ) base::MessageLoop::RunTask(base::PendingTask const&) 0x000000010cc4cedb (Google Chrome Framework -message_loop.cc:497 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x000000010cc4d282 (Google Chrome Framework -message_loop.cc:621 ) base::MessageLoop::DoWork() 0x000000010cc4f40c (Google Chrome Framework -message_pump_mac.mm:330 ) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010cc42fd9 (Google Chrome Framework + 0x018c6fd9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010cc4ee13 (Google Chrome Framework -message_pump_mac.mm:306 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff9f8a5880 (CoreFoundation + 0x000aa880 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff9f884fbb (CoreFoundation + 0x00089fbb ) __CFRunLoopDoSources0 0x00007fff9f8844de (CoreFoundation + 0x000894de ) __CFRunLoopRun 0x00007fff9f883ed7 (CoreFoundation + 0x00088ed7 ) CFRunLoopRunSpecific 0x00007fff952ceed8 (Foundation + 0x00024ed8 ) -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 0x000000010cc4fa8d (Google Chrome Framework -message_pump_mac.mm:608 ) base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 0x000000010cc4f263 (Google Chrome Framework -message_pump_mac.mm:238 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010cc69bb0 (Google Chrome Framework -run_loop.cc:35 ) base::RunLoop::Run() 0x000000011039e979 (Google Chrome Framework -renderer_main.cc:198 ) content::RendererMain(content::MainFunctionParams const&) 0x000000010c7c98b9 (Google Chrome Framework -content_main_runner.cc:786 ) content::ContentMainRunnerImpl::Run() 0x000000010c7c8ae5 (Google Chrome Framework -content_main.cc:20 ) content::ContentMain(content::ContentMainParams const&) 0x000000010b37f149 (Google Chrome Framework -chrome_main.cc:85 ) ChromeMain 0x000000010b145d59 (Google Chrome Helper -chrome_exe_main_mac.c:85 ) main 0x000000010b145b43 (Google Chrome Helper + 0x00000b43 ) start Below link gives in detail for the total number of instances this crash has reported on MAC OS for Signature:"v8::internal::Runtime_AllocateInNewSpace" https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Mac%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27v8%3A%3Ainternal%3A%3ARuntime_AllocateInNewSpace%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D On Windows: =========== https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27v8%3A%3Ainternal%3A%3ARuntime_AllocateInNewSpace%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D On Linux: ========= https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Linux%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27v8%3A%3Ainternal%3A%3ARuntime_AllocateInNewSpace%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000 Using code search for file "runtime-internal.cc", also suspecting the below change which may result this crash: https://chromium.googlesource.com/v8/v8.git/+/08b7bc9d65a185632bd586f0c822810041f8fb4d @mstarzinger: Also cc'ing you, request you to please take a look into it.
,
Oct 18 2016
Assigning to V8 memory sheriffs
,
Oct 18 2016
FYI: We probably flushed out an issue where we try to allocate a large object from within compiled code. If we fail to do so in the linear allocation area we will call Runtime_AllocateInNewSpace and check that this is not about a large object. Background: Compiled code is not allowed to allocated large objects. We need to identify this location and: - CS: Probably ignore, but still keep on the radar. - Old stubs: Probably ignore, but still keep on the radar. - TF/CSA: Fix!
,
Oct 18 2016
,
Oct 18 2016
mlippautz explanation is correct. The crash is caused by Make FastNewFunctionContextStub take slots parameter 5bc243978396ab902f115e49aff2cf4bcb5d8a4c FastNewFunctionContextStub is a TurboFan stub which calls directly into assembler->Allocate(size). In this case, we are trying to allocate a very large context (670168 bytes), which is above the kMaxRegularHeapObjectSize limit. CSA::Allocate should probably include a check for kMaxRegularHeapObjectSize. Assigning to bmeurer.
,
Oct 18 2016
,
Oct 20 2016
,
Oct 24 2016
rmcilroy@ - Gentle Ping! Since this issue marked as Release block stable can we get any latest update on this issue?
,
Oct 24 2016
Just back from vacation, looking into this now.
,
Oct 24 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/381b5437b2bf48885f870c7276e2f5cb4e9f8a02 commit 381b5437b2bf48885f870c7276e2f5cb4e9f8a02 Author: rmcilroy <rmcilroy@chromium.org> Date: Mon Oct 24 17:22:41 2016 Don't call FastNewFunctionContextStub if context is bigger than kMaxRegularHeapObjectSize. CL https://codereview.chromium.org/2177273002 changed FastNewFunctionContextStub to take a number of slots parameter and in-doing so removed the maximum slot count for FastNewFunctionContextStub. This made it possible to create a closure which is larger than kMaxRegularHeapObjectSize and so can't be allocated by FastNewFunctionContextStub. Reintroduce FastNewFunctionContextStub::kMaxSlots (but make the limit much larger) to ensure we call the runtime for contexts which need to be allocated in the LO space. BUG= chromium:655573 Review-Url: https://codereview.chromium.org/2445703002 Cr-Commit-Position: refs/heads/master@{#40541} [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/code-stubs.h [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/compiler/js-generic-lowering.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/arm/lithium-codegen-arm.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/arm64/lithium-codegen-arm64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/ia32/lithium-codegen-ia32.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/mips/lithium-codegen-mips.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/mips64/lithium-codegen-mips64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/ppc/lithium-codegen-ppc.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/s390/lithium-codegen-s390.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/x64/lithium-codegen-x64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/crankshaft/x87/lithium-codegen-x87.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/arm/full-codegen-arm.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/arm64/full-codegen-arm64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/ia32/full-codegen-ia32.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/mips/full-codegen-mips.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/mips64/full-codegen-mips64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/ppc/full-codegen-ppc.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/s390/full-codegen-s390.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/x64/full-codegen-x64.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/full-codegen/x87/full-codegen-x87.cc [modify] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/src/interpreter/bytecode-generator.cc [add] https://crrev.com/381b5437b2bf48885f870c7276e2f5cb4e9f8a02/test/mjsunit/regress/regress-655573.js
,
Oct 25 2016
Fix is in ToT; marked for M-56. Also, which versions will be targeted for Regression backfixing?
,
Oct 25 2016
I think we want to merge this into m55. Also possibly merge into m54 if there are going to be any more stable respins? What do you think hablich@?
,
Oct 25 2016
No Canary coverage yet. Please wait for some coverage to merge it. As this is reliably crashing please also merge to M54 and let it piggyback on another push.
,
Oct 26 2016
Correct the typos for the merge approvals.
,
Oct 26 2016
FYI: We may have a stable re-spin soon.
,
Oct 27 2016
We have a stable RC-54.0.2840.81 in progress now.Can someone confirm whether this is a critical fix for Stable or can it wait until M55 hits stable?
,
Oct 27 2016
I'm still waiting for canary coverage and will merge tomorrow. This isn't a critical fix, we can wait until m55 stable (or another respin of m54) hits.
,
Oct 27 2016
Sounds good. thanks for the update.
,
Oct 28 2016
We are planning an M54-Stable respin tomorrow,please merge if the data looks good in canary.
,
Oct 28 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064 commit dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064 Author: Ross McIlroy <rmcilroy@chromium.org> Date: Fri Oct 28 10:08:34 2016 Merged: Don't call FastNewFunctionContextStub if context is bigger than kMaxRegularHeapObjectSize. Revision: 381b5437b2bf48885f870c7276e2f5cb4e9f8a02 BUG= chromium:655573 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=hablich@chromium.org Review URL: https://codereview.chromium.org/2460723005 . Cr-Commit-Position: refs/branch-heads/5.4@{#77} Cr-Branched-From: 5ce282769772d94937eb2cb88eb419a6890c8b2d-refs/heads/5.4.500@{#2} Cr-Branched-From: ad07b49d7b47b40a2d6f74d04d1b76ceae2a0253-refs/heads/master@{#38841} [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/code-stubs.h [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/compiler/js-generic-lowering.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/arm/lithium-codegen-arm.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/arm64/lithium-codegen-arm64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/ia32/lithium-codegen-ia32.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/mips/lithium-codegen-mips.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/mips64/lithium-codegen-mips64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/ppc/lithium-codegen-ppc.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/s390/lithium-codegen-s390.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/x64/lithium-codegen-x64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/crankshaft/x87/lithium-codegen-x87.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/arm/full-codegen-arm.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/arm64/full-codegen-arm64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/ia32/full-codegen-ia32.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/mips/full-codegen-mips.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/mips64/full-codegen-mips64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/ppc/full-codegen-ppc.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/s390/full-codegen-s390.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/x64/full-codegen-x64.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/full-codegen/x87/full-codegen-x87.cc [modify] https://crrev.com/dacdfeeaa703f5474ce3a4b6c5eb0d4c1aa33064/src/interpreter/bytecode-generator.cc
,
Oct 28 2016
Not sure why BugDroid didn't add a comment, but this is also merged into m55 in https://codereview.chromium.org/2457783004/
,
Oct 28 2016
Removing "Merge-Approved-55" label per comment #30.
,
Oct 28 2016
This was already merged.
,
Nov 1 2016
Verified the issue on Windows-10, Ubuntu 14.04 and Mac OS 10.12 using chrome latest M55-55.0.2883.34. By opening the link http://54.183.141.195:32770/ observed no crashes as seen before. Hence adding TE-Verified label for M55.
,
Nov 2 2016
I just received update for Chrome 54 (google-chrome-stable-54.0.2840.90-1.x86_64.rpm) and it still does not work. When it will be merged also to Chrome 54?
,
Nov 4 2016
The fix should be in 54.0.2840.90. I just installed that version on Ubuntu and run the website at http://54.183.141.195:32770/ and saw no crash.
,
Dec 8 2016
|
|||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||
Comment 1 by kamil.fi...@luna-lang.org
, Oct 13 2016