New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 723066 link

Starred by 1 user
Status: Duplicate
Merged: issue 723455
Owner:
ishell@chromium.org
Closed: May 2017
Cc:
jochen@chromium.org
jkummerow@chromium.org
cbruni@chromium.org
dbeam@chromium.org
adamk@chromium.org
ishell@chromium.org
dschuyler@chromium.org
mstarzinger@chromium.org
danno@chromium.org
dpa...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression



Sign in to add a comment

CHECK: !map->is_stable() in v8/src/compiler/access-info.cc

Project Member Reported by michae...@chromium.org, May 16 2017 
Fatal error crashes the tab in a tip of tree Release build on Linux occurred after loading chrome://settings/fonts.

The crash occurs often but not always.

1. Visit chrome://settings/fonts
2. If crash didn't occur, refresh until it does

#
# Fatal error in ../../v8/src/compiler/access-info.cc, line 278
# Check failed: !map->is_stable().
#
#0 0x5602e6d5df97 base::debug::StackTrace::StackTrace()
#1 0x5602e938c1f5 gin::(anonymous namespace)::PrintStackTrace()
#2 0x5602e924565d V8_Fatal
#3 0x5602e5f9a0d2 v8::internal::compiler::AccessInfoFactory::ComputeElementAccessInfos()
#4 0x5602e6049b44 v8::internal::compiler::JSNativeContextSpecialization::ReduceElementAccess()
#5 0x5602e604c5df v8::internal::compiler::JSNativeContextSpecialization::ReduceKeyedAccess<>()
#6 0x5602e60443da v8::internal::compiler::JSNativeContextSpecialization::ReduceJSLoadProperty()
#7 0x5602e5ffa702 v8::internal::compiler::GraphReducer::ReduceTop()
#8 0x5602e5ffa0e8 v8::internal::compiler::GraphReducer::ReduceNode()
#9 0x5602e60a35dc v8::internal::compiler::InliningPhase::Run()
#10 0x5602e609c836 v8::internal::compiler::PipelineImpl::CreateGraph()
#11 0x5602e609c2ba v8::internal::compiler::PipelineCompilationJob::PrepareJobImpl()
#12 0x5602e5f8c87d v8::internal::CompilationJob::PrepareJob()
#13 0x5602e5f905de v8::internal::(anonymous namespace)::GetOptimizedCode()
#14 0x5602e5f8f371 v8::internal::Compiler::CompileOptimized()
#15 0x5602e64e0185 v8::internal::__RT_impl_Runtime_CompileOptimized_Concurrent()
#16 0x3cac57904564 <unknown>

Comment 1 by dbeam@chromium.org, May 16 2017

Cc: adamk@chromium.org danno@chromium.org

Comment 2 by dbeam@chromium.org, May 16 2017

Cc: mstarzinger@chromium.org jkummerow@chromium.org
Owner: ishell@chromium.org

Comment 4 by cbruni@chromium.org, May 17 2017

Owner: ----

Comment 5 by hpayer@chromium.org, May 17 2017

Owner: mvstan...@chromium.org
Status: Available (was: Untriaged)
Michael, can you find a good owner for this bug?

Comment 6 by dbeam@chromium.org, May 17 2017

Cc: ishell@chromium.org jochen@chromium.org cbruni@chromium.org
cbruni@: why did you unassign this issue?  perhaps you can give an explanation next time as well?

it certainly seems like the DCHECK() being tripped was added here by ishell@:

https://chromium-review.googlesource.com/c/483442/6/src/compiler/access-info.cc

Comment 7 by ishell@chromium.org, May 17 2017

Mergedinto: 723455
Owner: ishell@chromium.org
Status: Duplicate (was: Available)
Yes, I'm sure it's a dupe of  issue 723455 . The repro may be different in this particular case but the fix just makes the compilers properly handle such a "bad" case.

Sign in to add a comment