New issue
Advanced search Search tips

Issue 836124 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
kouhei@chromium.org
neis@chromium.org
adamk@chromium.org
hirosh...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Crash with very deep (~5000) ES modules dependency

Project Member Reported by ksakamoto@chromium.org, Apr 24 2018 
Chrome Version: 66.0.3359.117 (Official Build) (64-bit)
Reproduced on ToT (40e6a844f3)

Steps to reproduce
1. Serve the contents of attached 5000modules.tar.gz on a static http server
2. Open index.html with Chrome

Expected: Page loads successfully
Actual: Crashes with CHECK failure

stderr:
[165986:165986:0424/155143.677446:INFO:CONSOLE(0)] "Uncaught RangeError: Maximum call stack size exceeded", source: http://127.0.0.1:8081/ (0)
#
# Fatal error in ../../v8/src/handles.h, line 204
# Check failed: (location_) != nullptr.
#
#
#
#FailureMessage Object: 0x7ffca3675480#0 0x7f5e1896c2ed base::debug::StackTrace::StackTrace()
#1 0x7f5e1869653c base::debug::StackTrace::StackTrace()
#2 0x7f5e05ab22e7 gin::(anonymous namespace)::PrintStackTrace()
#3 0x7f5df4bf3938 V8_Fatal()
#4 0x7f5e05612ddf v8::internal::Module::RunInitializationCode()
#5 0x7f5e05612f88 v8::internal::Module::MaybeTransitionComponent()
#6 0x7f5e056126fd v8::internal::Module::FinishInstantiate()
#7 0x7f5e056119e2 v8::internal::Module::FinishInstantiate()
#8 0x7f5e056119e2 v8::internal::Module::FinishInstantiate()
#9 0x7f5e056119e2 v8::internal::Module::FinishInstantiate()
#10 0x7f5e056119e2 v8::internal::Module::FinishInstantiate()
#11 0x7f5e056119e2 v8::internal::Module::FinishInstantiate()
5000modules.tar.gz
82.6 KB Download

Comment 1 by neis@chromium.org, Apr 24 2018 

Thanks, I will take a look this week.

Comment 2 by neis@chromium.org, Apr 24 2018

Owner: neis@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by neis@chromium.org, Apr 24 2018 

The CHECK failure is a minor bug in V8 that I'll fix.

However, this does not change the fact that we overflow the stack after visiting around 1300 modules (see the RangeError exception in the output above). That's a consequence of module instantiation being implemented via recursion.

Instantiation could probably be rewritten without recursion, but I don't believe module graphs with such a depth are realistic.

Comment 4 by neis@chromium.org, Apr 24 2018

Cc: hirosh...@chromium.org

Comment 5 by kouhei@chromium.org, Apr 24 2018 

> Instantiation could probably be rewritten without recursion, but I don't believe module graphs with such a depth are realistic.

Sounds reasonable
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 25 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a12413531d879ca4d8eeacc764defa9bbc82c71e

commit a12413531d879ca4d8eeacc764defa9bbc82c71e
Author: Georg Neis <neis@chromium.org>
Date: Wed Apr 25 08:20:10 2018

[modules] Anticipate stack overflow when traversing module graph.

Bug: chromium:836124
Change-Id: I82d29408476c9c5b2c62a6368f32575e33932ef3
Reviewed-on: https://chromium-review.googlesource.com/1025890
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52774}
[modify] https://crrev.com/a12413531d879ca4d8eeacc764defa9bbc82c71e/src/objects/module.cc
[modify] https://crrev.com/a12413531d879ca4d8eeacc764defa9bbc82c71e/src/objects/module.h

Comment 7 by neis@chromium.org, Apr 25 2018

Owner: ----
Status: Available (was: Assigned)

Comment 8 by neis@chromium.org, Apr 25 2018

Cc: adamk@chromium.org

Sign in to add a comment