Hang in V8 regexp compilation using sharefile.com |
|||
Issue descriptionChrome Version: 69.0.3497.42 beta OS: Mac OS X 10.12.6 (16G1314) What steps will reproduce the problem? (1) Log on to sharefile.com (would presumably need an account on that site – let me know if this is needed) (2) Attempt to browse folders What is the expected result? Expect to be able to see files. What happens instead? Renderer process goes into an infinite loop. It looks like V8 hangs while compiling a regular expression. Symbolized output of "sample" of the hung renderer process is attached. Excerpt follows. Marking P1 though I have seen this before on earlier releases and seem to have failed to file it. Still we should make every attempt to diagnose and fix this because this site is broken in Chrome. ----- Call graph: 6824 Thread_7044047 DispatchQueue_1: com.apple.main-thread (serial) + 6795 start (in libdyld.dylib) + 1 [0x7fffa0bc2235] + ! 6795 main (in Google Chrome Helper) + 497 [chrome_exe_main_mac.cc:105] + ! 6795 ChromeMain (in Google Chrome Framework) + 179 [chrome_main.cc:0] + ! 6795 content::ContentMain(content::ContentMainParams const&) (in Google Chrome Framework) load address 0x10716e000 + 0x1f0baf4 [content_main.cc:19] + ! 6795 service_manager::Main(service_manager::MainParams const&) (in Google Chrome Framework) load address 0x10716e000 + 0x385635d [main.cc:472] + ! 6795 content::ContentMainRunnerImpl::Run(bool) (in Google Chrome Framework) load address 0x10716e000 + 0x1f0c8c9 [content_main_runner_impl.cc:0] + ! 6795 content::RendererMain(content::MainFunctionParams const&) (in Google Chrome Framework) load address 0x10716e000 + 0x66967b6 [renderer_main.cc:200] + ! 6795 <name omitted> (in Google Chrome Framework) load address 0x10716e000 + 0x235daa5 [run_loop.cc:108] + ! 6795 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) (in Google Chrome Framework) load address 0x10716e000 + 0x233af6e [message_pump_mac.mm:306] + ! 6795 base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) (in Google Chrome Framework) load address 0x10716e000 + 0x233c18d [message_pump_mac.mm:727] + ! 6795 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] (in Foundation) + 277 [0x7fff8ca25252] + ! 6795 CFRunLoopRunSpecific (in CoreFoundation) + 420 [0x7fff8aff4544] + ! 6795 __CFRunLoopRun (in CoreFoundation) + 934 [0x7fff8aff4b46] + ! 6795 __CFRunLoopDoSources0 (in CoreFoundation) + 556 [0x7fff8aff565c] + ! 6795 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (in CoreFoundation) + 17 [0x7fff8b0143e1] + ! 6795 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) (in Google Chrome Framework) load address 0x10716e000 + 0x233b44f [message_pump_mac.mm:434] + ! 6795 base::mac::CallWithEHFrame(void () block_pointer) (in Google Chrome Framework) load address 0x10716e000 + 0x232c06a [] + ! 6795 base::MessagePumpCFRunLoopBase::RunWork() (in Google Chrome Framework) load address 0x10716e000 + 0x233bb2a [message_pump_mac.mm:0] + ! 6795 base::MessageLoop::DoWork() (in Google Chrome Framework) load address 0x10716e000 + 0x2339968 [message_loop.cc:480] + ! 6795 base::MessageLoop::RunTask(base::PendingTask*) (in Google Chrome Framework) load address 0x10716e000 + 0x233949f [vector:656] + ! 6795 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) (in Google Chrome Framework) load address 0x10716e000 + 0x2319fb2 [callback.h:99] + ! 6795 base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) (in Google Chrome Framework) load address 0x10716e000 + 0x2382e22 [atomic:925] + ! 6795 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) (in Google Chrome Framework) load address 0x10716e000 + 0x2319fb2 [callback.h:99] + ! 6795 blink::ScriptRunner::ExecuteTask() (in Google Chrome Framework) load address 0x10716e000 + 0x5d2c9e9 [script_runner.cc:253] + ! 6795 blink::ScriptRunner::ExecuteAsyncTask() (in Google Chrome Framework) load address 0x10716e000 + 0x5d2d372 [member.h:90] + ! 6795 blink::PendingScript::ExecuteScriptBlock(blink::KURL const&) (in Google Chrome Framework) load address 0x10716e000 + 0x5d28978 [pending_script.cc:178] + ! 6795 blink::PendingScript::ExecuteScriptBlockInternal(blink::Script*, bool, blink::ScriptElementBase*, bool, bool, bool, base::TimeTicks, bool) (in Google Chrome Framework) load address 0x10716e000 + 0x5d28ad1 [pending_script.cc:273] + ! 6795 blink::ScriptController::ExecuteScriptInMainWorld(blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus) (in Google Chrome Framework) load address 0x10716e000 + 0x4f1ccaa [script_controller.cc:301] + ! 6795 blink::ScriptController::EvaluateScriptInMainWorld(blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus, blink::ScriptController::ExecuteScriptPolicy) (in Google Chrome Framework) load address 0x10716e000 + 0x4f1cafe [v8.h:320] + ! 6795 blink::ScriptController::ExecuteScriptAndReturnValue(v8::Local<v8::Context>, blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus) (in Google Chrome Framework) load address 0x10716e000 + 0x4f1c0c9 [script_controller.cc:130] + ! 6795 blink::V8ScriptRunner::RunCompiledScript(v8::Isolate*, v8::Local<v8::Script>, blink::ExecutionContext*) (in Google Chrome Framework) load address 0x10716e000 + 0x4f39311 [v8_script_runner.cc:286] + ! 6795 v8::internal::Isolate::RunMicrotasks() (in Google Chrome Framework) load address 0x10716e000 + 0x18f83b2 [isolate.cc:3962] + ! 6795 v8::internal::Execution::RunMicrotasks(v8::internal::Isolate*, v8::internal::Execution::MessageHandling, v8::internal::MaybeHandle<v8::internal::Object>*) (in Google Chrome Framework) load address 0x10716e000 + 0x17e8124 [execution.cc:272] + ! 6795 v8::internal::Execution::TryCall(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Execution::MessageHandling, v8::internal::MaybeHandle<v8::internal::Object>*, v8::internal::Execution::Target) (in Google Chrome Framework) load address 0x10716e000 + 0x17e8002 [execution.cc:191] + ! 6795 v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) (in Google Chrome Framework) load address 0x10716e000 + 0x17e7d8a [simulator.h:113] + ! 6795 ??? (in <unknown binary>) [0x2206906ac1] + ! 6794 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c7212b [] + ! : 6792 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cacc2e [] + ! : | 6792 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | 6580 ??? (in <unknown binary>) [0x22069bf834] + ! : | + 6580 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + 6577 ??? (in <unknown binary>) [0x2206954993] + ! : | + ! 6573 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : 6567 ??? (in <unknown binary>) [0x22069cffd5] + ! : | + ! : | 6565 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + 6540 ??? (in <unknown binary>) [0x22069d0d58] + ! : | + ! : | + ! 6495 ??? (in <unknown binary>) [0x2206c33d8a] + ! : | + ! : | + ! : 6132 ??? (in <unknown binary>) [0x2206941a9f] + ! : | + ! : | + ! : | 3936 ??? (in <unknown binary>) [0x2206931e73] + ! : | + ! : | + ! : | + 2524 ??? (in <unknown binary>) [0x2206be5cbd] + ! : | + ! : | + ! : | + ! 783 ??? (in <unknown binary>) [0x2206c30ea6] + ! : | + ! : | + ! : | + ! : 774 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c7f1d1 [] + ! : | + ! : | + ! : | + ! : | 774 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + ! : | + ! : | 590 ??? (in <unknown binary>) [0x220695633c] + ! : | + ! : | + ! : | + ! : | + 565 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + ! : | + ! : | + ! 55 ??? (in <unknown binary>) [0x2206c14410] + ! : | + ! : | + ! : | + ! : | + ! : 55 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + ! : | + ! : | + ! : 25 ??? (in <unknown binary>) [0x220693792a] + ! : | + ! : | + ! : | + ! : | + ! : | 25 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + ! : | + ! : | + ! : | 4 ??? (in <unknown binary>) [0x2206943b91] + ! : | + ! : | + ! : | + ! : | + ! : | + 4 ??? (in <unknown binary>) [0x220693a238] + ! : | + ! : | + ! : | + ! : | + ! : | + 3 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1ccd5e2 [] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cf31ef [] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 2 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefbee [] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 2 v8::internal::Runtime_GetProperty(int, v8::internal::Object**, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x1a87abc [roots-inl.h:27] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 2 v8::internal::Runtime::GetObjectProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, bool*) (in Google Chrome Framework) load address 0x10716e000 + 0x1a836f0 [runtime-object.cc:37] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 2 v8::internal::LookupIterator::PropertyOrElement(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, bool*, v8::internal::LookupIterator::Configuration) (in Google Chrome Framework) load address 0x10716e000 + 0x191c235 [lookup.cc:78] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 1 v8::internal::LookupIterator::LookupIterator(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Name>, v8::internal::LookupIterator::Configuration) (in Google Chrome Framework) load address 0x10716e000 + 0x1526534 [atomicops_internals_portable.h:168] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 1 void v8::internal::LookupIterator::NextInternal<false>(v8::internal::Map*, v8::internal::JSReceiver*) (in Google Chrome Framework) load address 0x10716e000 + 0x191bce8 [handles-inl.h:180] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 ??? (in <unknown binary>) [0x7fc85906ff08] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cf302b [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1ccd6e3 [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefbee [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::Runtime_StringSplit(int, v8::internal::Object**, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x1a9cffb [conversions-inl.h:76] + ! : | + ! : | + ! : | + ! : | + ! : | 4 ??? (in <unknown binary>) [0x2206943d32] + ! : | + ! : | + ! : | + ! : | + ! : | + 4 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c5f5e6 [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x22069502f3] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 ??? (in <unknown binary>) [0x4f8e05b2c9] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c644ee [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x2206950354] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 ??? (in <unknown binary>) [0x22069629cf] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 ??? (in Google Chrome Helper) load address 0x107002000 + 0xfffffffef8ffe018 [0x18] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c8ef40 [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x220695037b] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 ??? (in <unknown binary>) [0x220695185b] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x2206950443] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x7fff58bfa690] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefc03 [] + ! : | + ! : | + ! : | + ! : | + ! : | 3 ??? (in <unknown binary>) [0x22069445e6] + ! : | + ! : | + ! : | + ! : | + ! : | + 3 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1ccd6e3 [] + ! : | + ! : | + ! : | + ! : | + ! : | + 3 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefbee [] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::Runtime_StringSplit(int, v8::internal::Object**, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x1a9d68e [runtime-regexp.cc:892] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8::internal::RegExpResultsCache::Enter(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::FixedArray>, v8::internal::Handle<v8::internal::FixedArray>, v8::internal::RegExpResultsCache::ResultsCacheType) (in Google Chrome Framework) load address 0x10716e000 + 0x1a255c1 [handles.h:55] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 1 v8::internal::StringTable::LookupString(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>) (in Google Chrome Framework) load address 0x10716e000 + 0x197112e [objects.cc:17279] + ! : | + ! : | + ! : | + ! : | + ! : | + ! : 1 v8::internal::StringTable::LookupKey(v8::internal::Isolate*, v8::internal::StringTableKey*) (in Google Chrome Framework) load address 0x10716e000 + 0x197139c [hash-table-inl.h:85] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8::internal::RegExpResultsCache::Enter(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::FixedArray>, v8::internal::Handle<v8::internal::FixedArray>, v8::internal::RegExpResultsCache::ResultsCacheType) (in Google Chrome Framework) load address 0x10716e000 + 0x1a2538a [incremental-marking-inl.h:20] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::Runtime_StringSplit(int, v8::internal::Object**, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x1a9cfa3 [objects-inl.h:263] + ! : | + ! : | + ! : | + ! : | + ! : | 3 ??? (in <unknown binary>) [0x22069449f5] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x220693a966] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c8ed72 [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x220693a8d4] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x220693a920] + ! : | + ! : | + ! : | + ! : | + ! : | 2 ??? (in <unknown binary>) [0x2206944640] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefcee [] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::Builtin_Impl_ArrayConcat(v8::internal::BuiltinArguments, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x152aae3 [handles.h:208] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::(anonymous namespace)::Fast_ArrayConcat(v8::internal::Isolate*, v8::internal::BuiltinArguments*) (in Google Chrome Framework) load address 0x10716e000 + 0x152d47d [builtins-array.cc:1230] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::ElementsAccessor::Concat(v8::internal::Isolate*, v8::internal::Arguments*, unsigned int, unsigned int) (in Google Chrome Framework) load address 0x10716e000 + 0x17adbee [elements-kind.h:257] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8::internal::IsMoreGeneralElementsKindTransition(v8::internal::ElementsKind, v8::internal::ElementsKind) (in Google Chrome Framework) load address 0x10716e000 + 0x17a4744 [elements-kind.cc:0] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::ElementsAccessor::Concat(v8::internal::Isolate*, v8::internal::Arguments*, unsigned int, unsigned int) (in Google Chrome Framework) load address 0x10716e000 + 0x17add4a [elements.cc:4650] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::(anonymous namespace)::ElementsAccessorBase<v8::internal::(anonymous namespace)::FastPackedObjectElementsAccessor, v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)2> >::CopyElements(v8::internal::JSObject*, unsigned int, v8::internal::ElementsKind, v8::internal::Handle<v8::internal::FixedArrayBase>, unsigned int, int) (in Google Chrome Framework) load address 0x10716e000 + 0x17b86f1 [elements.cc:1000] + ! : | + ! : | + ! : | + ! : | + ! : | 2 ??? (in <unknown binary>) [0x220694481f] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefcee [] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::Builtin_Impl_ArrayConcat(v8::internal::BuiltinArguments, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x152aae3 [handles.h:208] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::(anonymous namespace)::Fast_ArrayConcat(v8::internal::Isolate*, v8::internal::BuiltinArguments*) (in Google Chrome Framework) load address 0x10716e000 + 0x152d47d [builtins-array.cc:1230] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::ElementsAccessor::Concat(v8::internal::Isolate*, v8::internal::Arguments*, unsigned int, unsigned int) (in Google Chrome Framework) load address 0x10716e000 + 0x17adbee [elements-kind.h:257] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8::internal::IsMoreGeneralElementsKindTransition(v8::internal::ElementsKind, v8::internal::ElementsKind) (in Google Chrome Framework) load address 0x10716e000 + 0x17a4739 [elements-kind.cc:0] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::ElementsAccessor::Concat(v8::internal::Isolate*, v8::internal::Arguments*, unsigned int, unsigned int) (in Google Chrome Framework) load address 0x10716e000 + 0x17adc7b [elements.cc:4634] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::Factory::NewJSArray(v8::internal::ElementsKind, int, int, v8::internal::ArrayStorageAllocationMode, v8::internal::PretenureFlag) (in Google Chrome Framework) load address 0x10716e000 + 0x181b449 [factory.cc:2937] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8::internal::Factory::NewJSArrayStorage(v8::internal::Handle<v8::internal::JSArray>, int, int, v8::internal::ArrayStorageAllocationMode) (in Google Chrome Framework) load address 0x10716e000 + 0x181b638 [handles.h:0] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 <name omitted> (in Google Chrome Framework) load address 0x10716e000 + 0x180c12a [handles.h:55] + ! : | + ! : | + ! : | + ! : | + ! : | 2 ??? (in <unknown binary>) [0x2206944a38] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x4fedad3141] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c686bc [] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c68a66 [] + ! : | + ! : | + ! : | + ! : | + ! : | 1 ??? (in <unknown binary>) [0x2206944687] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x7fff58bfa770] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c64853 [] + ! : | + ! : | + ! : | + ! : | + ! : | 1 ??? (in <unknown binary>) [0x2206944cb4] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 ??? (in <unknown binary>) [0x220693a966] + ! : | + ! : | + ! : | + ! : | + ! : | + 1 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1c8ed85 [] + ! : | + ! : | + ! : | + ! : | + ! : | 1 ??? (in <unknown binary>) [0x2206939f84] + ! : | + ! : | + ! : | + ! : | + ! : | 1 ??? (in <unknown binary>) [0x2206944899] + ! : | + ! : | + ! : | + ! : | + ! : | 1 ??? (in <unknown binary>) [0x2206944b11] + ! : | + ! : | + ! : | + ! : | + ! : 15 ??? (in <unknown binary>) [0x2206939364] + ! : | + ! : | + ! : | + ! : | + ! : | 15 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1ccd60b [] + ! : | + ! : | + ! : | + ! : | + ! : | 15 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cb9597 [] + ! : | + ! : | + ! : | + ! : | + ! : | 15 v8_Default_embedded_blob_ (in Google Chrome Framework) load address 0x10716e000 + 0x1cefbee [] + ! : | + ! : | + ! : | + ! : | + ! : | 4 v8::internal::Runtime_RegExpSplit(int, v8::internal::Object**, v8::internal::Isolate*) (in Google Chrome Framework) load address 0x10716e000 + 0x1aa3a74 [handles.h:208] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::RegExpUtils::RegExpExec(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>) (in Google Chrome Framework) load address 0x10716e000 + 0x1a32cb5 [allocation.h:40] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 operator new[](unsigned long, std::nothrow_t const&) (in libc++abi.dylib) + 11 [0x7fff9f7d1eab] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 operator new(unsigned long) (in libc++abi.dylib) + 30 [0x7fff9f7d1e0e] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 malloc (in libsystem_malloc.dylib) + 24 [0x7fffa0d43200] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 malloc_zone_malloc (in libsystem_malloc.dylib) + 107 [0x7fffa0d44282] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_1::__invoke(_malloc_zone_t*, unsigned long) (in Google Chrome Framework) load address 0x10716e000 + 0x23d060d [allocator_shim.cc:178] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_1::__invoke(_malloc_zone_t*, unsigned long) (in Google Chrome Framework) load address 0x10716e000 + 0x23d060d [allocator_shim.cc:178] + ! : | + ! : | + ! : | + ! : | + ! : | + ! 2 szone_malloc_should_clear (in libsystem_malloc.dylib) + 2954,75 [0x7fffa0d44e6c,0x7fffa0d4432d] + ! : | + ! : | + ! : | + ! : | + ! : | + 2 v8::internal::RegExpUtils::RegExpExec(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>) (in Google Chrome Framework) load address 0x10716e000 + 0x1a32d02 [handles.h:208]
,
Sep 10
I don't understand the posted trace; is it a linear backtrace at the site of the hang, or a collection of samples collected over time? Am I interpreting it correctly that we appear to re-enter RegExpResultsCache::Enter from LookupKey? v8::internal::RegExpResultsCache::Enter v8::internal::StringTable::LookupString v8::internal::StringTable::LookupKey v8::internal::RegExpResultsCache::Enter I'll see if I can repro locally with a sharefile trial acct.
,
Sep 10
I created a sharefile account, but cannot repro. Browsing personal folders works fine, even after creating a folder and uploading a file. 69.0.3497.81 / Linux x64
,
Sep 10
Are there any experiments in my profile which could affect the behavior here? How can I gather information which would help you reproduce? Are there command-line flags which would dump all of V8's AST? Yes, these are the results of running Apple's built-in sampling profiler against the hung renderer process.
,
Sep 11
I'm not aware of any experiments that may affect behavior.
You can dump regexp parsing information with --trace-regexp-parser and regexp code generation infos with --trace-regexp-assembler.
It should also be possible to instrument RegExp.p.exec itself and output tracing / timing information:
d8> const regexp_exec = RegExp.prototype.exec;
d8> RegExp.prototype.exec = function(string) { console.log("Hello World"); const result = regexp_exec.call(this, string);
console.log("Goodbye World"); return result; }
d8> /./.exec()
Hello World
Goodbye World
["u"]
From the console output we could see if the hang actually occurs in regexp execution.
,
Sep 11
The RegExpResultsCache::Enter reentrance (see #2) is strange by the way. I'm not sure how that can happen.
,
Sep 14
Could you please provide command-line arguments that would work on Chrome Stable which would dump information that would help you debug this? These don't work: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/t2 --enable-logging --v=1 --js-flags="--trace-regexp-parser --trace-regexp-assembler" It reports: Error: unrecognized flag --trace-regexp-parser The remaining arguments were ignored: --trace-regexp-assembler Try --help for options
,
Sep 14
I think these flags are only available in debug mode.
,
Sep 14
Right, just checked and they are debug-only. Instrumentation should work in a release build as well. The steps are: 1. in devtools, set a breakpoint somewhere in a startup script; 2. run the code from #5 in the console; 3. continue execution. Another way would be to break on RegExp.prototype.exec calls. In the devtools console: debug(RegExp.prototype.exec)
,
Dec 11
I dreaded revisiting this bug but had to log back in to this subdomain of sharefile.com. As expected, the hang was still there. The difficulty here is that the hang occurred immediately after browser navigation, so it was basically impossible to pause before the renderer went into an infinite loop. Opening devtools against google.com first, I navigated to the problematic URL and found that it was reporting thousands of instances of this warning: "Throttling history state changes to prevent the browser from hanging." Executing debug(history.pushState) didn't work - probably should have done debug(history.prototype.pushState)? Anyway, it turned out that clearing all cookies and other site data for sharefile.com addressed the problem. It's pretty clearly a bug in the site but Chrome should be better behaved in this situation. Closing as WontFix - no longer reproducible. |
|||
►
Sign in to add a comment |
|||
Comment 1 by kbr@chromium.org
, Sep 7