New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 662674 link

Starred by 1 user
Status: Fixed
Owner:
jgruber@chromium.org
Closed: Nov 2016
Cc:
yangguo@chromium.org
littledan@chromium.org
rbasuvula@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug

Blocked on:
issue 662935


Sign in to add a comment

render crashes on infinite loop - _only_ if pause-on-exceptions and dev tools are open

Reported by tlewow...@gmail.com, Nov 5 2016 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36

Steps to reproduce the problem:
1. Open Chrome browser
2. Open Dev Tools, select "Pause on uncaught exceptions"
3. Open attached HTML file

What is the expected behavior?
stack overflow error in console or some other way of notifying what went wrong

What went wrong?
the renderer crashed and DevTools were disconnected

Did this work before? N/A 

Chrome version: 54.0.2840.87  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 23.0 r0

Seems to be similar to  Issue 615485  (renderer crash when dev-tools are open), but happens only if pause-on-exceptions option is turned on
repro.html
309 bytes View Download

Comment 1 by rbasuvula@chromium.org, Nov 8 2016

Cc: rbasuvula@chromium.org
Labels: hasbisect-per-revision M-56 OS-Linux OS-Mac
Owner: jgruber@chromium.org
Status: Assigned (was: Unconfirmed)
Tested in chrome stable #54.0.2840.87 and canary #56.0.2913.0 on Win 10.0 and was able to reproduce the issue.
Below are the Bisect Details:

Bisect Info:
=============
Good Build: 54.0.2799.0 (Revision :405947)
Bad Build: 54.0.2800.0 (Revision :406166)

Bisect URL:
=========== 
You are probably looking for a change made after 406047 (known good), but no later than 406048 (first known bad).
CHANGELOG URL:
https://chromium.googlesource.com/chromium/src/+log/fb264fe06532efcbe743f2cd593e3410d4f6046a..82349bd3b40c8725dbe47d59a67ac4668068b3a7

From the CL above, assigning the issue to the concern owner

@ jgruber : 
------------------
Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.

Review-Url:  https://codereview.chromium.org/2147193002

Note : Able to reproduce the issue in Ubuntu 14.04 & Mac 10.11.6.

Comment 2 by jgruber@chromium.org, Nov 8 2016

Cc: littledan@chromium.org yangguo@chromium.org
Looks like a dupe of 662935 at first sight. Will verify if this is also caused by promise-related code tomorrow once I'm back at my desk.

Comment 3 by jgruber@chromium.org, Nov 9 2016 

This is actually not caused by PromiseHasUserDefinedRejectHandler, but by MakeExceptionEvent later on in Debug::OnException.

    out/Debug/./libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x1e) [0x7fffe0f5665e]
    out/Debug/./libv8_libbase.so(V8_Fatal+0x1c4) [0x7fffe0f4e774]
    out/Debug/./libv8.so(+0xcb1644) [0x7fffec714644]
    out/Debug/./libv8.so(v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)+0x118) [0x7fffec7141e8]
    out/Debug/./libv8.so(v8::internal::Execution::TryCall(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::MaybeHandle<v8::internal::Object>*)+0xd9) [0x7fffec714bd9]
    out/Debug/./libv8.so(v8::internal::Debug::CallFunction(char const*, int, v8::internal::Handle<v8::internal::Object>*)+0x171) [0x7fffec6866f1]
    out/Debug/./libv8.so(v8::internal::Debug::MakeExceptionEvent(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Handle<v8::internal::Object>)+0xb0) [0x7fffec68a2c0]
    out/Debug/./libv8.so(v8::internal::Debug::OnException(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)+0x36c) [0x7fffec68a8fc]
    out/Debug/./libv8.so(v8::internal::Debug::OnThrow(v8::internal::Handle<v8::internal::Object>)+0xf6) [0x7fffec68a546]
    out/Debug/./libv8.so(v8::internal::Isolate::Throw(v8::internal::Object*, v8::internal::MessageLocation*)+0x3a4) [0x7fffec8b21c4]
    out/Debug/./libv8.so(v8::internal::Isolate::StackOverflow()+0x253) [0x7fffec8b1d63]
    out/Debug/./libv8.so(+0x10ac852) [0x7fffecb0f852]
    out/Debug/./libv8.so(v8::internal::Runtime_StackGuard(int, v8::internal::Object**, v8::internal::Isolate*)+0x110) [0x7fffecb0f610]

We will be moving MakeExceptionEvent to C++ in the near- to midterm (along with other debugging code), but until then we need to ensure we don't call into JS from OnException.
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8f22fcec24abdece924190f413005387b8ced6fc

commit 8f22fcec24abdece924190f413005387b8ced6fc
Author: jgruber <jgruber@chromium.org>
Date: Wed Nov 09 12:30:06 2016

[debug] Disable debug events if JS execution is disallowed

We cannot generate debug events if JS execution is disallowed since
vital debugging logic is still implemented in JS. Return early from
Debug::OnException if that is the case.

BUG= chromium:662674 

Review-Url: https://codereview.chromium.org/2491443002
Cr-Commit-Position: refs/heads/master@{#40858}

[modify] https://crrev.com/8f22fcec24abdece924190f413005387b8ced6fc/src/debug/debug.cc
[add] https://crrev.com/8f22fcec24abdece924190f413005387b8ced6fc/test/debugger/debug/regress/regress-662674.js

Comment 5 by jgruber@chromium.org, Nov 10 2016

Labels: Merge-Request-54 Merge-Request-55

Comment 6 by dimu@chromium.org, Nov 10 2016

Labels: -Merge-Request-54 Merge-Review-54 Hotlist-Merge-Review
[Automated comment] Request affecting a post-stable build (M54), manual review required.

Comment 7 by dimu@chromium.org, Nov 10 2016

Labels: -Merge-Request-55 Merge-Approved-55 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M55 (branch: 2883)

Comment 8 by dimu@chromium.org, Nov 10 2016

Labels: -Merge-Request-54 Merge-Review-54 Hotlist-Merge-Review
[Automated comment] Request affecting a post-stable build (M54), manual review required.
Project Member

Comment 9 by bugdroid1@chromium.org, Nov 11 2016

Labels: merge-merged-5.4
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1ff807a3fab9a4d82d77343725b288fa68dfb728

commit 1ff807a3fab9a4d82d77343725b288fa68dfb728
Author: jgruber <jgruber@chromium.org>
Date: Fri Nov 11 06:43:12 2016

Merged: [debug] Disable debug events if JS execution is disallowed

Revision: 8f22fcec24abdece924190f413005387b8ced6fc

BUG= chromium:662674 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/2490023004 .

Cr-Commit-Position: refs/branch-heads/5.4@{#81}
Cr-Branched-From: 5ce282769772d94937eb2cb88eb419a6890c8b2d-refs/heads/5.4.500@{#2}
Cr-Branched-From: ad07b49d7b47b40a2d6f74d04d1b76ceae2a0253-refs/heads/master@{#38841}

[modify] https://crrev.com/1ff807a3fab9a4d82d77343725b288fa68dfb728/src/debug/debug.cc
[add] https://crrev.com/1ff807a3fab9a4d82d77343725b288fa68dfb728/test/debugger/debug/regress/regress-662674.js
Project Member

Comment 10 by bugdroid1@chromium.org, Nov 11 2016

Labels: merge-merged-5.5
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/be4f2bb0101205aeb37f911bf2c71614839e6f39

commit be4f2bb0101205aeb37f911bf2c71614839e6f39
Author: jgruber <jgruber@chromium.org>
Date: Fri Nov 11 06:47:22 2016

Merged: [debug] Disable debug events if JS execution is disallowed

Revision: 8f22fcec24abdece924190f413005387b8ced6fc

BUG= chromium:662674 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/2498533002 .

Cr-Commit-Position: refs/branch-heads/5.5@{#38}
Cr-Branched-From: 3cbd5838bd8376103daa45d69dade929ee4e0092-refs/heads/5.5.372@{#1}
Cr-Branched-From: b3c8b0ce2c9af0528837d8309625118d4096553b-refs/heads/master@{#40015}

[modify] https://crrev.com/be4f2bb0101205aeb37f911bf2c71614839e6f39/src/debug/debug.cc
[add] https://crrev.com/be4f2bb0101205aeb37f911bf2c71614839e6f39/test/debugger/debug/regress/regress-662674.js

Comment 11 by jgruber@chromium.org, Nov 11 2016

Status: Fixed (was: Assigned)

Comment 12 by gov...@chromium.org, Nov 11 2016

Labels: -merge-merged-5.5
Removing "Merge-Approved-55" label as it is already merged at #10.

Comment 13 by gov...@chromium.org, Nov 11 2016

Labels: -Merge-Approved-55 merge-merged-5.5

Comment 14 by hablich@chromium.org, Nov 22 2016

Labels: -Merge-Review-54
This was already merged to 5.4

Comment 15 by hablich@chromium.org, Nov 22 2016

Blockedon: 662935

Sign in to add a comment