Strange crash in V8 that comes up from time to time

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Strange crash in V8 that comes up from time to time

Postby Mayhew » Thu May 29, 2014 9:18 pm

Please consider this a "hail mary" of sorts. I know I don't have much to go on but I'm just hoping someone else may have seen something similar and be able to help.

From time to time we integrate with the latest CEF release branch and start to see strange crashes in debug builds of our CEF based app. The crashes don't seem to happen in release builds but we have seen strange behavior in javascript where an object is defined and then our code enters a loop, after several iterations of the loop the object mysteriously becomes undefined. If we revert back to the previous CEF revision, the problem goes away. We were attributing it to a bug in V8 or V8 suddenly being more strict on checking something but we really have no idea. Unfortunately, we have not been able to re-create this with a simple test web page.

We saw this with 3.1547.1357 then things were fine with release branch 3.1650.1544. Most recently we attempted to jump to 3.1916.1707 and the problem has reappeared.

The Visual Studio console shows the following:
#
# Fatal error in c:\cef\workspace\cef3-windows-1916\download\chromium\src\v8\src\objects.cc, line 6449
# CHECK(object->map()->instance_descriptors()-> GetKey(descriptor_number) == *name) failed
#
First-chance exception at 0x00000000 in testcefapp.exe: 0xC0000005: Access violation executing location 0x00000000.
Unhandled exception at 0x7515CB49 in testcefapp.exe: 0xC0000005: Access violation executing location 0x00000000.

Call stack excerpt but frames may be incomplete or incorrect
libcef.dll!v8::internal::OS::Abort() Line 939 C++
libcef.dll!V8_Fatal(const char * file, int line, const char * format, ...) Line 114 C++
libcef.dll!v8::internal::JSObject::DefineFastAccessor(v8::internal::Handle<v8::internal::JSObject> object, v8::internal::Handle<v8::internal::Name> name, v8::internal::AccessorComponent component, v8::internal::Handle<v8::internal::Object> accessor, PropertyAttributes attributes) Line 6449 C++

libcef.dll!v8::internal::JSObject::DefinePropertyAccessor(v8::internal::Handle<v8::internal::JSObject> object, v8::internal::Handle<v8::internal::Name> name, v8::internal::Handle<v8::internal::Object> getter, v8::internal::Handle<v8::internal::Object> setter, PropertyAttributes attributes, v8::AccessControl access_control) Line 6159 C++

libcef.dll!v8::internal::JSObject::DefineAccessor(v8::internal::Handle<v8::internal::JSObject> object, v8::internal::Handle<v8::internal::Name> name, v8::internal::Handle<v8::internal::Object> getter, v8::internal::Handle<v8::internal::Object> setter, PropertyAttributes attributes, v8::AccessControl access_control) Line 6353 C++
libcef.dll!v8::internal::__RT_impl_Runtime_DefineOrRedefineAccessorProperty(v8::internal::Arguments args, v8::internal::Isolate * isolate) Line 5169 C++

CEF log (on Warning level)
[0529/190638:ERROR:renderer_main.cc(227)] Running without renderer sandbox
[0529/190638:ERROR:singleton_hwnd.cc(43)] Cannot create windows on non-UI thread!

If anyone has any thoughts I'd love to hear them.
Thanks,
John
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm

Re: Strange crash in V8 that comes up from time to time

Postby magreenblatt » Thu May 29, 2014 10:20 pm

What content do you have loaded in the test app and what are you doing at the time that it crashes? Does your test app have any JS bindings defined using CEF?
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: Strange crash in V8 that comes up from time to time

Postby Mayhew » Wed Jun 04, 2014 7:19 pm

Unfortunately we aren't 100% sure exactly what is happening at the time the crash happens. The web app loaded has over 300,000 lines of javascript with tons of async stuff (promises,) so narrowing it down is a huge problem. I built CEF so I can get better call stacks in C++ but debugging the V8 objects (JSObject, Handle<Name>, etc) is pretty difficult. Any tips there would be very helpful.

Also, is there a way to see a current javascript call stack when you are at a breakpoint in the V8 code? That would be tremendously helpful.

The crash in JSObject::DefineFastAccessor(...) is actually triggered by a failed assert

ASSERT(object->map()->instance_descriptors()->GetKey(descriptor_number) == *name);

Not sure that is really helpful though.

John
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm

Re: Strange crash in V8 that comes up from time to time

Postby Mayhew » Mon Aug 11, 2014 1:08 pm

Okay, this is now occurring for us in release branches 1750, 1916 and 2062 on all platforms. I created a version of our web app which will run outside of CEF and ran it in a debug Chromium build and the problems do not happen, but it does happen in CefClient and CefSimple. So that leads me to believe it is CEF specific. I'm building a debug chromium build now to verify on another platform to be sure it is not in Chromium as well.

Marshall, If it turns out to be CEF specific I could grant you access to our test web app to debug it. I will let you know what I find in my local chromium build first.
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm

Re: Strange crash in V8 that comes up from time to time

Postby Mayhew » Mon Aug 11, 2014 2:24 pm

I spoke too soon. I can repro in debug chrome 37 it is just a bit more intermittent. So it looks like a general V8 issue. I'm looking into that now.
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm

Re: Strange crash in V8 that comes up from time to time

Postby Mayhew » Tue Aug 12, 2014 8:49 am

Okay, it looks as if there has been a fix for this that is already in Chromium 38. It is a couple line change in objects.cc. What is the procedure and timeframes to get this into an earlier CEF release branch? Ideally 1916. I can build it myself but if process is pretty straightforward we can drive it that way.
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm

Re: Strange crash in V8 that comes up from time to time

Postby magreenblatt » Tue Aug 12, 2014 8:53 am

Add a CEF issue that includes a link to the Chromium issue or patch set with the necessary change. It can potentially be applied to CEF using the patch system (see patch/README.txt in a CEF checkout).
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: Strange crash in V8 that comes up from time to time

Postby Mayhew » Tue Aug 12, 2014 9:56 am

Okay, issue 1352 has been entered. I wish we had a test case we could share publicly. If you need additional info let me know.
Mayhew
Expert
 
Posts: 303
Joined: Mon Apr 18, 2011 8:02 pm


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 33 guests