Issue metadata
Sign in to add a comment
|
Tab crashes every time for unknown reason (or could be a regression: 666046)
Reported by
vitaly.k...@sencha.com,
Jun 14 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Steps to reproduce the problem: 1. Go to this fiddle: https://fiddle.sencha.com/#fiddle/21a9&view/editor 2. Click rapidly on any given legend item, e.g. "Chrome" to crash the tab (only takes a few seconds) Happens every time in Chrome 59.0.3071.86 running on macOS 10.12.5. What is the expected behavior? No crash. What went wrong? I don't really know. Looks like this is a regression. Please see https://bugs.chromium.org/p/chromium/issues/detail?id=666046 which was a very similar issue. Crashed report ID: 4e826155-ec77-49a0-ab41-ad376b089842 How much crashed? Just one tab Is it a problem with a plugin? No Did this work before? Yes 58 Chrome version: 59.0.3071.86 Channel: stable OS Version: OS X 10.12.5 Flash Version:
,
Jun 14 2017
Was able to repro this pretty easily. Looks like a crash in v8::internal::compiler::EscapeStatusAnalysis. Internal link: https://crash.corp.google.com/browse?q=reportid=%277e3c91aa58000000%27
,
Jun 15 2017
,
Jun 16 2017
Should be fixed on dev and as of today the fix is back-merged to stable and beta, rolling out soon.
,
Jun 16 2017
The bug still reproduces on top-of-tree. It is almost identical with https://bugs.chromium.org/p/chromium/issues/detail?id=726638, but the fix did not cover this case.
,
Jun 16 2017
Issue 726638 has been merged into this issue.
,
Jun 16 2017
Users experienced this crash on the following builds: Android Beta 60.0.3112.20 - 0.30 CPM, 25 reports, 6 clients (signature v8::internal::compiler::EscapeStatusAnalysis::CheckUsesForEscape) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/a969ab67f8e1e7475d9b26468225c3a772890c64 commit a969ab67f8e1e7475d9b26468225c3a772890c64 Author: Tobias Tebbi <tebbi@chromium.org> Date: Fri Jun 16 11:00:40 2017 [turbofan] teach escape analysis about oddly occurring NumberLessThan node Bug: chromium:733181 Change-Id: If5b0bc8592ba71962237814ad521499afda22edf Reviewed-on: https://chromium-review.googlesource.com/538653 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#45977} [modify] https://crrev.com/a969ab67f8e1e7475d9b26468225c3a772890c64/src/compiler/escape-analysis.cc [modify] https://crrev.com/a969ab67f8e1e7475d9b26468225c3a772890c64/test/mjsunit/compiler/escape-analysis-17.js
,
Jun 16 2017
The patch is safe to back-merge to beta and stable. It only relaxes an overly restrictive assertion check and does not change behavior apart from that.
,
Jun 16 2017
Issue 734026 has been merged into this issue.
,
Jun 16 2017
Approved for M59 and M60. Please merge today.
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/496641f16ae3df8f451209950273c9351abb136e commit 496641f16ae3df8f451209950273c9351abb136e Author: Adam Klein <adamk@chromium.org> Date: Fri Jun 16 20:24:57 2017 Merged: [turbofan] teach escape analysis about oddly occurring NumberLessThan node Revision: a969ab67f8e1e7475d9b26468225c3a772890c64 BUG= chromium:733181 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=tebbi@chromium.org Change-Id: Ia53d3fa1af19ade3faa978b800cb8c5e6848ccfb Reviewed-on: https://chromium-review.googlesource.com/538994 Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/5.9@{#77} Cr-Branched-From: fe9bb7e6e251159852770160cfb21dad3cf03523-refs/heads/5.9.211@{#1} Cr-Branched-From: 70ad23791a21c0dd7ecef8d4d8dd30ff6fc291f6-refs/heads/master@{#44591} [modify] https://crrev.com/496641f16ae3df8f451209950273c9351abb136e/src/compiler/escape-analysis.cc [modify] https://crrev.com/496641f16ae3df8f451209950273c9351abb136e/test/mjsunit/compiler/escape-analysis-17.js
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/09af7afb52cb5c3c27083b8e0aed333c69158d7d commit 09af7afb52cb5c3c27083b8e0aed333c69158d7d Author: Adam Klein <adamk@chromium.org> Date: Fri Jun 16 20:26:16 2017 Merged: [turbofan] teach escape analysis about oddly occurring NumberLessThan node Revision: a969ab67f8e1e7475d9b26468225c3a772890c64 BUG= chromium:733181 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=tebbi@chromium.org Change-Id: I63cd690ef949f8b7f36e35b88b65dacdd105ebc3 Reviewed-on: https://chromium-review.googlesource.com/538962 Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/6.0@{#33} Cr-Branched-From: 97dbf624a5eeffb3a8df36d24cdb2a883137385f-refs/heads/6.0.286@{#1} Cr-Branched-From: 12e6f1cb5cd9616da7b9d4a7655c088778a6d415-refs/heads/master@{#45439} [modify] https://crrev.com/09af7afb52cb5c3c27083b8e0aed333c69158d7d/src/compiler/escape-analysis.cc [modify] https://crrev.com/09af7afb52cb5c3c27083b8e0aed333c69158d7d/test/mjsunit/compiler/escape-analysis-17.js
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/09af7afb52cb5c3c27083b8e0aed333c69158d7d commit 09af7afb52cb5c3c27083b8e0aed333c69158d7d Author: Adam Klein <adamk@chromium.org> Date: Fri Jun 16 20:26:16 2017 Merged: [turbofan] teach escape analysis about oddly occurring NumberLessThan node Revision: a969ab67f8e1e7475d9b26468225c3a772890c64 BUG= chromium:733181 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=tebbi@chromium.org Change-Id: I63cd690ef949f8b7f36e35b88b65dacdd105ebc3 Reviewed-on: https://chromium-review.googlesource.com/538962 Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/6.0@{#33} Cr-Branched-From: 97dbf624a5eeffb3a8df36d24cdb2a883137385f-refs/heads/6.0.286@{#1} Cr-Branched-From: 12e6f1cb5cd9616da7b9d4a7655c088778a6d415-refs/heads/master@{#45439} [modify] https://crrev.com/09af7afb52cb5c3c27083b8e0aed333c69158d7d/src/compiler/escape-analysis.cc [modify] https://crrev.com/09af7afb52cb5c3c27083b8e0aed333c69158d7d/test/mjsunit/compiler/escape-analysis-17.js
,
Jun 16 2017
,
Jun 27 2017
Reopening, this crash still exist in latest canary- 61.0.3142.0, M60 and in M59-59.0.3071.104 More Info ========= https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27v8%3A%3Ainternal%3A%3Acompiler%3A%3AEscapeStatusAnalysis%3A%3ACheckUsesForEscape%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#-property-selector,samplereports:5,productversion:1000 It would be great to have a fix soon.
,
Jun 28 2017
After looking at some recent minidump, the new crashes seem to be due to StringToLowerCaseIntl, added as TF builtin by Jaro in https://chromium-review.googlesource.com/547057.
,
Jun 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/e14c4c95922f9b54d107cba55d39ac7562f114a3 commit e14c4c95922f9b54d107cba55d39ac7562f114a3 Author: jarin <jarin@chromium.org> Date: Wed Jun 28 11:12:24 2017 [turbofan] Add toLowerCase, toUpperCase operators to the infamous escape analysis list. BUG= chromium:733181 Review-Url: https://codereview.chromium.org/2962853002 Cr-Commit-Position: refs/heads/master@{#46279} [modify] https://crrev.com/e14c4c95922f9b54d107cba55d39ac7562f114a3/src/compiler/escape-analysis.cc [add] https://crrev.com/e14c4c95922f9b54d107cba55d39ac7562f114a3/test/mjsunit/compiler/regress-733181.js
,
Jun 28 2017
Thanks for the quick turnaround. We will verify in tonights canary and update the thread.
,
Jul 17 2017
,
Aug 2 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ajha@chromium.org
, Jun 14 2017