New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 770345 link

Starred by 3 users

Issue metadata

Status: Duplicate
Merged: issue 771428
Owner:
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression


Participants' hotlists:
Hotlist-AsmJsParser


Sign in to add a comment

compressed javascript causes chrome helper to hang with 100% cpu

Reported by xzh...@yesvideo.com, Sep 29 2017

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Steps to reproduce the problem:
1.  Load the sample html and compressed java script
2. Notice google chrome helper (OSX El Capitan 10.11.6), Google chrome helper consumes 100% cpu. page hangs forever

What is the expected behavior?
load page as normal, or give error saying fail to load javascript. Not hang forever

What went wrong?
Javascript compressed/minified via ruby uglifier gem (public_print.js in the upload sample) seems to cause chrome helper to spin around in some thread call.  However when loading the javascript uncompressed, chrome have no problems. 

Firefox , safari doesn't have this problem. 

Additionally latest chrome beta (62.xxx) seems to have fixed this problem.  Don't want any future chrome to have this problem. 

Sampling process 5245 for 3 seconds with 1 millisecond of run time between samples
Sampling completed, processing symbols...
Analysis of sampling Google Chrome Helper (pid 5245) every 1 millisecond
Process:         Google Chrome Helper [5245]
Path:            /Applications/Google Chrome.app/Contents/Versions/61.0.3163.100/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
Load Address:    0x10aa39000
Identifier:      Google Chrome Helper
Version:         ???
Code Type:       X86-64
Parent Process:  Google Chrome [2408]

Date/Time:       2017-09-29 11:53:24.209 -0700
Launch Time:     2017-09-29 11:52:43.152 -0700
OS Version:      Mac OS X 10.11.6 (15G1611)
Report Version:  7
Analysis Tool:   /usr/bin/sample
----

Call graph:
    2716 Thread_9862181   DispatchQueue_1: com.apple.main-thread  (serial)
    + 2716 start  (in libdyld.dylib) + 1  [0x7fff8a4fd5ad]
    +   2716 main  (in Google Chrome Helper) + 1571  [0x10aa3b293]
    +     2716 ChromeMain  (in Google Chrome Framework) + 168  [0x10acb8cb8]
    +       2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1666bb4  [0x10c31bbb4]
    +         2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x2f8abe4  [0x10dc3fbe4]
    +           2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x16675d0  [0x10c31c5d0]
    +             2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x5aadc61  [0x110762c61]
    +               2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ae6b53  [0x10c79bb53]
    +                 2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac3cac  [0x10c778cac]
    +                   2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac50fe  [0x10c77a0fe]
    +                     2716 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]  (in Foundation) + 270  [0x7fff9e9b4cf9]
    +                       2716 CFRunLoopRunSpecific  (in CoreFoundation) + 296  [0x7fff8e0eee28]
    +                         2716 __CFRunLoopRun  (in CoreFoundation) + 927  [0x7fff8e0ef42f]
    +                           2716 __CFRunLoopDoSources0  (in CoreFoundation) + 556  [0x7fff8e0eff0c]
    +                             2716 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__  (in CoreFoundation) + 17  [0x7fff8e1107e1]
    +                               2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac439f  [0x10c77939f]
    +                                 2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ab4c2a  [0x10c769c2a]
    +                                   2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac4a7a  [0x10c779a7a]
    +                                     2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac15f9  [0x10c7765f9]
    +                                       2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac1325  [0x10c776325]
    +                                         2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1ac0f3b  [0x10c775f3b]
    +                                           2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1a9aba2  [0x10c74fba2]
    +                                             2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4920892  [0x10f5d5892]
    +                                               2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4922798  [0x10f5d7798]
    +                                                 2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x1a9aba2  [0x10c74fba2]
    +                                                   2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x47c7582  [0x10f47c582]
    +                                                     2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x47c7681  [0x10f47c681]
    +                                                       2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4ec0dea  [0x10fb75dea]
    +                                                         2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4ece943  [0x10fb83943]
    +                                                           2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4ece8df  [0x10fb838df]
    +                                                             2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4ecd737  [0x10fb82737]
    +                                                               2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4ecd7f4  [0x10fb827f4]
    +                                                                 2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4c04afe  [0x10f8b9afe]
    +                                                                   2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4c04d56  [0x10f8b9d56]
    +                                                                     2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x455b88e  [0x10f21088e]
    +                                                                       2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x455b75e  [0x10f21075e]
    +                                                                         2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x455ae7e  [0x10f20fe7e]
    +                                                                           2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x4577a8e  [0x10f22ca8e]
    +                                                                             2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0xdc886c  [0x10ba7d86c]
    +                                                                               2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x10c208c  [0x10bd7708c]
    +                                                                                 2716 ???  (in Google Chrome Framework)  load address 0x10acb5000 + 0x10c2357  [0x10bd77357]
    +                                                                                   2716 ???  (in <unknown binary>)  [0x3b38cb78410d]
    +                                                                                     2716 ???  (in <unknown binary>)  [0x3b38cb83e439]

Have full sample trace if needed. 

Did this work before? Yes 61.xxx

Chrome version: 61.0.3163.100  Channel: stable
OS Version: OS X 10.11.6
Flash Version: 

This isn't just my computer, multiple users have seen this problem.
 
hang.tar.gz
475 KB Download

Comment 1 by xzh...@yesvideo.com, Sep 29 2017

Did this work before?  yes, version 60.  not 61. 

Comment 2 by woxxom@gmail.com, Sep 29 2017

Bisect info: 483384 (good) - 483406 (bad)
https://chromium.googlesource.com/chromium/src/+log/0fbc79aa..bd74fad1?pretty=fuller
Suspecting r483386 "Adding field trial for asm.js -> Wasm"
Landed in 61.0.3145.0

Confirmed by:
* disabling chrome://flags/#enable-asm-webassembly fixes the problem in Chrome 61 and newer
* enabling chrome://flags/#enable-asm-webassembly causes the problem in Chrome 60 and older

Of course, the real reason behind the bug is something else, which only V8 developers can tell.

Comment 3 Deleted

Comment 4 by woxxom@gmail.com, Sep 30 2017

Correction, Chrome 60 is the first version with asm->wasm validator.
With chrome://flags/#enable-asm-webassembly enabled, the bug is observed since v8-roll r469339,
specifically d8cdfbd594b9e28bc553321354fb0bf7596f9aed "[asm.js] Enable dedicated asm.js parser and validator"

Comment 5 by rtoy@chromium.org, Oct 2 2017

Components: -Blink Blink>JavaScript

Comment 6 by woxxom@gmail.com, Oct 4 2017

Probably a duplicate of  issue 769607  or  issue 771428 .
Cc: mstarzinger@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Labels: -Pri-2 Pri-1
Status: Available (was: Unconfirmed)
Cc: sc00335...@techmahindra.com
Labels: Needs-Triage-M61 Triaged-ET M-63 OS-Linux OS-Windows
Able to reproduce this issue on Ubuntu 14.04 and Windows 10 using latest dev 63.0.3232.0
Thanks for the report! I have verified that this is indeed the same as  issue 771428  and that the fix we have in flight for said issue does indeed fix the hang (i.e. infinite loop). The underlying asm.js code however does not validate and I still would like to double-check whether that is OK or our validator is off. Keeping this issue separate until then.
Cc: -mstarzinger@chromium.org
Owner: mstarzinger@chromium.org
Status: Assigned (was: Available)
Mergedinto: 771428
Status: Duplicate (was: Assigned)
Hmm, Firefox Nightly also rejects the underlying asm.js code. I don't intend to dig further and find out why. Hence considering this a pure dupe of  issue 771428 .

Sign in to add a comment