> My understanding is that the serialized code and SFI and whatnot is part of the context snapshot
To clarify, the code cache is separate from the isolate/context snapshot; and neither contain serialized Code (Bytecode is possible though). It does sound like snapshots are getting confused somewhere, resulting in broken object graphs. Not sure what exactly is going wrong though. Have you tried recreating the code cache as well in step 3? On Mon, Feb 21, 2022 at 8:48 PM jo...@igalia.com <jo...@igalia.com> wrote: > I'd like to add that so far we've found two scripts that can trigger this > with the Node.js user land snapshot prototype (the prototype works > otherwise fine with applications as complicated as the TypeScript > compiler), which are placed in > https://github.com/joyeecheung/node/tree/snapshot-mem-bug as > test/fixtures/snapshot/mem-bug.js and test/fixtures/snapshot/mem-bug2.js. > They both seem pretty random to me. I'll paste them below for the record: > > ``` > 'use strict'; > > var re = /./; > re.exec = function () { > var result = []; > result.groups = { a: '7' }; > return result; > }; > ''.replace(re, '$<a>') !== '7'; > ``` > > ``` > 'use strict'; > > var chars = ('a'+'#').split(''); > var entity = {}; > for (var c of chars) { > entity[c] = true; > } > ``` > > > On Tuesday, February 22, 2022 at 3:39:48 AM UTC+8 jo...@igalia.com wrote: > >> Hi, >> >> I am running into a bug and I am not sure if it's caused by inappropriate >> usage of the SnapshotCreator API or a bug in V8. This was an issue >> discovered when working on the user land snapshot prototype in Node.js ( >> https://github.com/nodejs/node/pull/38905), the upstream issue is >> https://github.com/nodejs/node/issues/40832. This prototype does a few >> things: >> >> 1. It generates code cache for a list of scripts. >> 2. It then run a subset of scripts mentioned in 1 to initialize a context >> and uses the code cache generated in 1 to compile them during the process. >> Then it snapshots the context with the v8::SnapshotCreator (this is the >> bootstrap snapshot that Node.js releases currently ship with). >> 3. A Node.js binary is built with the code cache and the initial snapshot >> mentioned in 1 & 2. It uses the snapshot built in step 2 to bootstrap >> itself, then executes a script specified by the user, and generates another >> context snapshot, then serializes it into another blob. >> 4. It initializes the context again with the snapshot blob generated in >> step 3 (which replaces the snapshot blob generated in 2), but when it needs >> to load any scripts not executed in 2 or 3, it still uses the code cache >> generated in step 1. >> >> My understanding is that the serialized code and SFI and whatnot is part >> of the context snapshot, and as long as the sanity check passes, the code >> cache generated before the snapshot should be the same as the one in the >> snapshot if FunctionCodeHandling::kKeep is used. However the prototype runs >> into several memory bugs during deserialization of the user land snapshot - >> in release mode a script not included in the snapshot but compiled with the >> old code cache (that is, it is not executed after the final snapshot is >> loaded) throws an NonCallable error with a value strangely turning into >> undefined. In debug mode a relaxed load from a map crashes with >> EXC_BAD_ACCESS during compilation. So I suspect that this bug has something >> to do with GC or the concurrent compiler, but it is difficult to reproduce >> with only V8 - perhaps it needs a particular graph to trigger this bug and >> the prototype happens to generate such graphs more reliably. >> >> Steps to reproduce: >> >> 1. Check out https://github.com/joyeecheung/node/tree/snapshot-mem-bug, >> build it with the instructions in >> https://github.com/nodejs/node/blob/rundefined/BUILDING.md (I do `cd >> /path/to/node && ./configure --ninja && ninja -C out/Release`). This is a >> prototype that allows user to specify a user script to snapshot with >> --snapshot-main, and generates a context snapshot containing a Node.js >> application using v8::SnapshotCreator. It can load the snapshot with >> another flag --snapshot-blob. >> 2. Run `out/Release/node --snapshot-main >> test/fixtures/snapshot/mem-bug.js && out/Release/node --snapshot-blob >> snapshot.blob test/fixtures/empty.js`, which throws the following error >> (some logging shows that the PromiseResolve function turned into undefined): >> >> ``` >> node:internal/modules/esm/module_job:32 >> const resolvedPromise = PromiseResolve(); >> ^ >> >> TypeError: PromiseResolve is not a function >> at node:internal/modules/esm/module_job:32:25 >> at NativeModule.compileForInternalLoader >> (node:internal/bootstrap/loaders:312:7) >> at nativeModuleRequire (node:internal/bootstrap/loaders:341:14) >> at node:internal/modules/esm/module_map:3:19 >> at NativeModule.compileForInternalLoader >> (node:internal/bootstrap/loaders:312:7) >> at nativeModuleRequire (node:internal/bootstrap/loaders:341:14) >> at node:internal/modules/esm/loader:36:19 >> at NativeModule.compileForInternalLoader >> (node:internal/bootstrap/loaders:312:7) >> at nativeModuleRequire (node:internal/bootstrap/loaders:341:14) >> at node:internal/process/esm_loader:10:23 >> ``` >> >> Some observations: >> >> 1. If the prototype is built in debug mode (with ./configure --ninja >> --v8-non-optimized-debug --debug and the out dir is changed to out/Debug), >> it crashes instead with this stack trace, I guess this indicates either the >> memory is corrupted, or some data race happened: >> ``` >> * thread #1, queue = 'com.apple.main-thread', stop reason = >> EXC_BAD_ACCESS (code=1, address=0x746c6975622f637d) >> * frame #0: 0x0000000100746318 node`short >> std::__1::__cxx_atomic_load<short>(__a=0x746c6975622f637d, >> __order=memory_order_relaxed) at atomic:997:12 >> frame #1: 0x00000001007462c8 node`std::__1::__atomic_base<short, >> false>::load(this=0x746c6975622f637d, __m=memory_order_relaxed) const >> volatile at atomic:1603:17 >> frame #2: 0x0000000100746284 node`short >> std::__1::atomic_load_explicit<short>(__o=0x746c6975622f637d, >> __m=memory_order_relaxed) at atomic:1959:17 >> frame #3: 0x0000000100746254 >> node`v8::base::Relaxed_Load(ptr=0x746c6975622f637d) at atomicops.h:225:10 >> frame #4: 0x0000000100745ea4 >> node`v8::internal::Map::instance_type(this=0x000000016fdf65a8) const at >> map-inl.h:344:7 >> frame #5: 0x000000010074d504 >> node`v8::internal::HeapObject::IsString(this=0x000000016fdf6718, >> cage_base=PtrComprCageBase @ 0x000000016fdf65bf) const at >> instance-type-inl.h:125:1 >> frame #6: 0x00000001007c2b3c >> node`v8::internal::HeapObject::IsThinString(this=0x000000016fdf6718, >> cage_base=PtrComprCageBase @ 0x000000016fdf661e) const at >> objects-inl.h:229:8 >> frame #7: 0x00000001019a4794 >> node`v8::internal::Serializer::SerializeObject(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdf6728) at >> serializer.cc:131:12 >> frame #8: 0x00000001019a9a94 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdf78a0, >> host=HeapObject @ 0x000000016fdf68d8, start=v8::internal::MaybeObjectSlot @ >> 0x000000016fdf68d0, end=v8::internal::MaybeObjectSlot @ 0x000000016fdf68c8) >> at serializer.cc:894:20 >> frame #9: 0x00000001019a95d0 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdf78a0, >> host=HeapObject @ 0x000000016fdf6948, start=v8::internal::ObjectSlot @ >> 0x000000016fdf6940, end=v8::internal::ObjectSlot @ 0x000000016fdf6938) at >> serializer.cc:829:3 >> frame #10: 0x0000000100f23a74 node`void >> v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ObjectVisitor>(obj=HeapObject >> @ 0x000000016fdf69a8, start_offset=8, end_offset=200, v=0x000000016fdf78a0) >> at objects-body-descriptors-inl.h:120:6 >> frame #11: 0x0000000101586344 node`void >> v8::internal::SuffixRangeBodyDescriptor<8>::IterateBody<v8::internal::ObjectVisitor>(map=Map >> @ 0x000000016fdf69e8, obj=HeapObject @ 0x000000016fdf69e0, object_size=200, >> v=0x000000016fdf78a0) at objects-body-descriptors.h:135:5 >> frame #12: 0x00000001015858f0 node`void >> v8::internal::CallIterateBody::apply<v8::internal::ScopeInfo::BodyDescriptor, >> v8::internal::ObjectVisitor>(map=Map @ 0x000000016fdf6a28, obj=HeapObject @ >> 0x000000016fdf6a20, object_size=200, v=0x000000016fdf78a0) at >> objects-body-descriptors-inl.h:1277:5 >> frame #13: 0x0000000101581ebc node`auto >> v8::internal::BodyDescriptorApply<v8::internal::CallIterateBody, >> v8::internal::Map&, v8::internal::HeapObject&, int&, >> v8::internal::ObjectVisitor*&>(type=SCOPE_INFO_TYPE, >> args=0x000000016fdf7518, args=0x000000016fdf7598, args=0x000000016fdf750c, >> args=0x000000016fdf7500) at objects-body-descriptors-inl.h:1243:7 >> frame #14: 0x0000000101558530 node`void >> v8::internal::HeapObject::IterateBodyFast<v8::internal::ObjectVisitor>(this=0x000000016fdf7598, >> map=Map @ 0x000000016fdf7518, object_size=200, v=0x000000016fdf78a0) at >> objects-body-descriptors-inl.h:1283:3 >> frame #15: 0x000000010155939c >> node`v8::internal::HeapObject::IterateBody(this=0x000000016fdf7598, map=Map >> @ 0x000000016fdf7558, object_size=200, v=0x000000016fdf78a0) at >> objects.cc:2170:3 >> frame #16: 0x00000001019a8cd4 >> node`v8::internal::Serializer::ObjectSerializer::SerializeContent(this=0x000000016fdf78a0, >> map=Map @ 0x000000016fdf75e8, size=200) at serializer.cc:820:14 >> frame #17: 0x00000001019a78f8 >> node`v8::internal::Serializer::ObjectSerializer::SerializeObject(this=0x000000016fdf78a0) >> at serializer.cc:791:3 >> frame #18: 0x00000001019a887c >> node`v8::internal::Serializer::ObjectSerializer::Serialize(this=0x000000016fdf78a0) >> at serializer.cc:723:3 >> frame #19: 0x0000000101948a40 >> node`v8::internal::CodeSerializer::SerializeGeneric(this=0x000000016fdfc4e0, >> heap_object=Handle<v8::internal::HeapObject> @ 0x000000016fdf78d8) at >> code-serializer.cc:251:14 >> frame #20: 0x0000000101948938 >> node`v8::internal::CodeSerializer::SerializeObjectImpl(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdf7c98) at >> code-serializer.cc:245:3 >> frame #21: 0x00000001019a492c >> node`v8::internal::Serializer::SerializeObject(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdf7db8) at >> serializer.cc:142:3 >> frame #22: 0x00000001019a9a94 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdf8f30, >> host=HeapObject @ 0x000000016fdf7f68, start=v8::internal::MaybeObjectSlot @ >> 0x000000016fdf7f60, end=v8::internal::MaybeObjectSlot @ 0x000000016fdf7f58) >> at serializer.cc:894:20 >> frame #23: 0x00000001019a95d0 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdf8f30, >> host=HeapObject @ 0x000000016fdf7fd8, start=v8::internal::ObjectSlot @ >> 0x000000016fdf7fd0, end=v8::internal::ObjectSlot @ 0x000000016fdf7fc8) at >> serializer.cc:829:3 >> frame #24: 0x0000000100f23a74 node`void >> v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ObjectVisitor>(obj=HeapObject >> @ 0x000000016fdf8038, start_offset=8, end_offset=152, v=0x000000016fdf8f30) >> at objects-body-descriptors-inl.h:120:6 >> frame #25: 0x0000000101586344 node`void >> v8::internal::SuffixRangeBodyDescriptor<8>::IterateBody<v8::internal::ObjectVisitor>(map=Map >> @ 0x000000016fdf8078, obj=HeapObject @ 0x000000016fdf8070, object_size=152, >> v=0x000000016fdf8f30) at objects-body-descriptors.h:135:5 >> frame #26: 0x0000000101584ab0 node`void >> v8::internal::CallIterateBody::apply<v8::internal::FixedArray::BodyDescriptor, >> v8::internal::ObjectVisitor>(map=Map @ 0x000000016fdf80b8, obj=HeapObject @ >> 0x000000016fdf80b0, object_size=152, v=0x000000016fdf8f30) at >> objects-body-descriptors-inl.h:1277:5 >> frame #27: 0x0000000101581dcc node`auto >> v8::internal::BodyDescriptorApply<v8::internal::CallIterateBody, >> v8::internal::Map&, v8::internal::HeapObject&, int&, >> v8::internal::ObjectVisitor*&>(type=FIRST_FIXED_ARRAY_BASE_TYPE, >> args=0x000000016fdf8ba8, args=0x000000016fdf8c28, args=0x000000016fdf8b9c, >> args=0x000000016fdf8b90) at objects-body-descriptors-inl.h:1243:7 >> frame #28: 0x0000000101558530 node`void >> v8::internal::HeapObject::IterateBodyFast<v8::internal::ObjectVisitor>(this=0x000000016fdf8c28, >> map=Map @ 0x000000016fdf8ba8, object_size=152, v=0x000000016fdf8f30) at >> objects-body-descriptors-inl.h:1283:3 >> frame #29: 0x000000010155939c >> node`v8::internal::HeapObject::IterateBody(this=0x000000016fdf8c28, map=Map >> @ 0x000000016fdf8be8, object_size=152, v=0x000000016fdf8f30) at >> objects.cc:2170:3 >> frame #30: 0x00000001019a8cd4 >> node`v8::internal::Serializer::ObjectSerializer::SerializeContent(this=0x000000016fdf8f30, >> map=Map @ 0x000000016fdf8c78, size=152) at serializer.cc:820:14 >> frame #31: 0x00000001019a78f8 >> node`v8::internal::Serializer::ObjectSerializer::SerializeObject(this=0x000000016fdf8f30) >> at serializer.cc:791:3 >> frame #32: 0x00000001019a887c >> node`v8::internal::Serializer::ObjectSerializer::Serialize(this=0x000000016fdf8f30) >> at serializer.cc:723:3 >> frame #33: 0x0000000101948a40 >> node`v8::internal::CodeSerializer::SerializeGeneric(this=0x000000016fdfc4e0, >> heap_object=Handle<v8::internal::HeapObject> @ 0x000000016fdf8f68) at >> code-serializer.cc:251:14 >> frame #34: 0x0000000101948938 >> node`v8::internal::CodeSerializer::SerializeObjectImpl(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdf9328) at >> code-serializer.cc:245:3 >> frame #35: 0x00000001019a492c >> node`v8::internal::Serializer::SerializeObject(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdf9448) at >> serializer.cc:142:3 >> frame #36: 0x00000001019a9a94 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdfa620, >> host=HeapObject @ 0x000000016fdf95f8, start=v8::internal::MaybeObjectSlot @ >> 0x000000016fdf95f0, end=v8::internal::MaybeObjectSlot @ 0x000000016fdf95e8) >> at serializer.cc:894:20 >> frame #37: 0x00000001019a95d0 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdfa620, >> host=HeapObject @ 0x000000016fdf9668, start=v8::internal::ObjectSlot @ >> 0x000000016fdf9660, end=v8::internal::ObjectSlot @ 0x000000016fdf9658) at >> serializer.cc:829:3 >> frame #38: 0x0000000100d52854 >> node`v8::internal::ObjectVisitor::VisitPointer(this=0x000000016fdfa620, >> host=HeapObject @ 0x000000016fdf96b8, p=v8::internal::ObjectSlot @ >> 0x000000016fdf96b0) at visitors.h:139:5 >> frame #39: 0x0000000101586ba0 node`void >> v8::internal::BodyDescriptorBase::IteratePointer<v8::internal::ObjectVisitor>(obj=HeapObject >> @ 0x000000016fdf9718, offset=16, v=0x000000016fdfa620) at >> objects-body-descriptors-inl.h:127:6 >> frame #40: 0x00000001015872fc node`void >> v8::internal::BytecodeArray::BodyDescriptor::IterateBody<v8::internal::ObjectVisitor>(map=Map >> @ 0x000000016fdf9768, obj=HeapObject @ 0x000000016fdf9760, object_size=192, >> v=0x000000016fdfa620) at objects-body-descriptors-inl.h:517:5 >> frame #41: 0x0000000101585398 node`void >> v8::internal::CallIterateBody::apply<v8::internal::BytecodeArray::BodyDescriptor, >> v8::internal::ObjectVisitor>(map=Map @ 0x000000016fdf97a8, obj=HeapObject @ >> 0x000000016fdf97a0, object_size=192, v=0x000000016fdfa620) at >> objects-body-descriptors-inl.h:1277:5 >> frame #42: 0x0000000101580c4c node`auto >> v8::internal::BodyDescriptorApply<v8::internal::CallIterateBody, >> v8::internal::Map&, v8::internal::HeapObject&, int&, >> v8::internal::ObjectVisitor*&>(type=BYTECODE_ARRAY_TYPE, >> args=0x000000016fdfa298, args=0x000000016fdfa318, args=0x000000016fdfa28c, >> args=0x000000016fdfa280) at objects-body-descriptors-inl.h:1201:14 >> frame #43: 0x0000000101558530 node`void >> v8::internal::HeapObject::IterateBodyFast<v8::internal::ObjectVisitor>(this=0x000000016fdfa318, >> map=Map @ 0x000000016fdfa298, object_size=192, v=0x000000016fdfa620) at >> objects-body-descriptors-inl.h:1283:3 >> frame #44: 0x000000010155939c >> node`v8::internal::HeapObject::IterateBody(this=0x000000016fdfa318, map=Map >> @ 0x000000016fdfa2d8, object_size=192, v=0x000000016fdfa620) at >> objects.cc:2170:3 >> frame #45: 0x00000001019a8cd4 >> node`v8::internal::Serializer::ObjectSerializer::SerializeContent(this=0x000000016fdfa620, >> map=Map @ 0x000000016fdfa368, size=192) at serializer.cc:820:14 >> frame #46: 0x00000001019a78f8 >> node`v8::internal::Serializer::ObjectSerializer::SerializeObject(this=0x000000016fdfa620) >> at serializer.cc:791:3 >> frame #47: 0x00000001019a887c >> node`v8::internal::Serializer::ObjectSerializer::Serialize(this=0x000000016fdfa620) >> at serializer.cc:723:3 >> frame #48: 0x0000000101948a40 >> node`v8::internal::CodeSerializer::SerializeGeneric(this=0x000000016fdfc4e0, >> heap_object=Handle<v8::internal::HeapObject> @ 0x000000016fdfa658) at >> code-serializer.cc:251:14 >> frame #49: 0x0000000101948938 >> node`v8::internal::CodeSerializer::SerializeObjectImpl(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdfaa18) at >> code-serializer.cc:245:3 >> frame #50: 0x00000001019a492c >> node`v8::internal::Serializer::SerializeObject(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdfab38) at >> serializer.cc:142:3 >> frame #51: 0x00000001019a9a94 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdfbd30, >> host=HeapObject @ 0x000000016fdface8, start=v8::internal::MaybeObjectSlot @ >> 0x000000016fdface0, end=v8::internal::MaybeObjectSlot @ 0x000000016fdfacd8) >> at serializer.cc:894:20 >> frame #52: 0x00000001019a95d0 >> node`v8::internal::Serializer::ObjectSerializer::VisitPointers(this=0x000000016fdfbd30, >> host=HeapObject @ 0x000000016fdfad58, start=v8::internal::ObjectSlot @ >> 0x000000016fdfad50, end=v8::internal::ObjectSlot @ 0x000000016fdfad48) at >> serializer.cc:829:3 >> frame #53: 0x0000000100d527e4 >> node`v8::internal::ObjectVisitor::VisitCustomWeakPointers(this=0x000000016fdfbd30, >> host=HeapObject @ 0x000000016fdfada8, start=v8::internal::ObjectSlot @ >> 0x000000016fdfada0, end=v8::internal::ObjectSlot @ 0x000000016fdfad98) at >> visitors.h:134:5 >> frame #54: 0x0000000100d523c4 >> node`v8::internal::ObjectVisitor::VisitCustomWeakPointer(this=0x000000016fdfbd30, >> host=HeapObject @ 0x000000016fdfadf8, p=v8::internal::ObjectSlot @ >> 0x000000016fdfadf0) at visitors.h:145:5 >> frame #55: 0x0000000101586f24 node`void >> v8::internal::BodyDescriptorBase::IterateCustomWeakPointer<v8::internal::ObjectVisitor>(obj=HeapObject >> @ 0x000000016fdfae38, offset=8, v=0x000000016fdfbd30) at >> objects-body-descriptors-inl.h:164:6 >> frame #56: 0x0000000101587ae4 node`void >> v8::internal::SharedFunctionInfo::BodyDescriptor::IterateBody<v8::internal::ObjectVisitor>(map=Map >> @ 0x000000016fdfae78, obj=HeapObject @ 0x000000016fdfae70, object_size=64, >> v=0x000000016fdfbd30) at objects-body-descriptors-inl.inc:87:5 >> frame #57: 0x0000000101585ab8 node`void >> v8::internal::CallIterateBody::apply<v8::internal::SharedFunctionInfo::BodyDescriptor, >> v8::internal::ObjectVisitor>(map=Map @ 0x000000016fdfaeb8, obj=HeapObject @ >> 0x000000016fdfaeb0, object_size=64, v=0x000000016fdfbd30) at >> objects-body-descriptors-inl.h:1277:5 >> frame #58: 0x000000010158209c node`auto >> v8::internal::BodyDescriptorApply<v8::internal::CallIterateBody, >> v8::internal::Map&, v8::internal::HeapObject&, int&, >> v8::internal::ObjectVisitor*&>(type=SHARED_FUNCTION_INFO_TYPE, >> args=0x000000016fdfb9a8, args=0x000000016fdfba28, args=0x000000016fdfb99c, >> args=0x000000016fdfb990) at objects-body-descriptors-inl.h:1243:7 >> frame #59: 0x0000000101558530 node`void >> v8::internal::HeapObject::IterateBodyFast<v8::internal::ObjectVisitor>(this=0x000000016fdfba28, >> map=Map @ 0x000000016fdfb9a8, object_size=64, v=0x000000016fdfbd30) at >> objects-body-descriptors-inl.h:1283:3 >> frame #60: 0x000000010155939c >> node`v8::internal::HeapObject::IterateBody(this=0x000000016fdfba28, map=Map >> @ 0x000000016fdfb9e8, object_size=64, v=0x000000016fdfbd30) at >> objects.cc:2170:3 >> frame #61: 0x00000001019a8cd4 >> node`v8::internal::Serializer::ObjectSerializer::SerializeContent(this=0x000000016fdfbd30, >> map=Map @ 0x000000016fdfba78, size=64) at serializer.cc:820:14 >> frame #62: 0x00000001019a78f8 >> node`v8::internal::Serializer::ObjectSerializer::SerializeObject(this=0x000000016fdfbd30) >> at serializer.cc:791:3 >> frame #63: 0x00000001019a887c >> node`v8::internal::Serializer::ObjectSerializer::Serialize(this=0x000000016fdfbd30) >> at serializer.cc:723:3 >> frame #64: 0x0000000101948a40 >> node`v8::internal::CodeSerializer::SerializeGeneric(this=0x000000016fdfc4e0, >> heap_object=Handle<v8::internal::HeapObject> @ 0x000000016fdfbd68) at >> code-serializer.cc:251:14 >> frame #65: 0x000000010194842c >> node`v8::internal::CodeSerializer::SerializeObjectImpl(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdfc128) at >> code-serializer.cc:192:5 >> frame #66: 0x00000001019a492c >> node`v8::internal::Serializer::SerializeObject(this=0x000000016fdfc4e0, >> obj=Handle<v8::internal::HeapObject> @ 0x000000016fdfc248) at >> serializer.cc:142:3 >> frame #67: 0x00000001019a4a4c >> node`v8::internal::Serializer::SerializeRootObject(this=0x000000016fdfc4e0, >> slot=FullObjectSlot @ 0x000000016fdfc2a8) at serializer.cc:159:5 >> frame #68: 0x00000001019a49b0 >> node`v8::internal::Serializer::VisitRootPointers(this=0x000000016fdfc4e0, >> root=kHandleScope, description=0x0000000000000000, start=FullObjectSlot @ >> 0x000000016fdfc2f8, end=FullObjectSlot @ 0x000000016fdfc2f0) at >> serializer.cc:150:5 >> frame #69: 0x0000000100ca3bc8 >> node`v8::internal::RootVisitor::VisitRootPointer(this=0x000000016fdfc4e0, >> root=kHandleScope, description=0x0000000000000000, p=FullObjectSlot @ >> 0x000000016fdfc358) at visitors.h:75:5 >> frame #70: 0x00000001019478a4 >> node`v8::internal::CodeSerializer::SerializeSharedFunctionInfo(this=0x000000016fdfc4e0, >> info=Handle<v8::internal::SharedFunctionInfo> @ 0x000000016fdfc3e8) at >> code-serializer.cc:102:3 >> frame #71: 0x00000001019474d4 >> node`v8::internal::CodeSerializer::Serialize(info=Handle<v8::internal::SharedFunctionInfo> >> @ 0x000000016fdfc870) at code-serializer.cc:81:39 >> frame #72: 0x000000010076ef94 >> node`v8::ScriptCompiler::CreateCodeCacheForFunction(function=(val_ = >> 0x0000000110064cc0)) at api.cc:2894:10 >> frame #73: 0x0000000100324eec >> node`node::native_module::NativeModuleLoader::LookupAndCompile(this=0x0000000105ad0fd0, >> context=(val_ = 0x000000011081c280), >> id="internal/modules/esm/initialize_import_meta", >> parameters=0x000000016fdfcc80 size=6, result=0x000000016fdfcd64) at >> node_native_module.cc:309:7 >> frame #74: 0x0000000100324aa8 >> node`node::native_module::NativeModuleLoader::CompileAsModule(this=0x0000000105ad0fd0, >> context=(val_ = 0x000000011081c280), >> id="internal/modules/esm/initialize_import_meta", >> result=0x000000016fdfcd64) at node_native_module.cc:187:10 >> frame #75: 0x0000000100330818 >> node`node::native_module::NativeModuleEnv::CompileFunction(args=0x000000016fdfd210) >> at node_native_module_env.cc:161:42 >> frame #76: 0x00000001008dcfec >> node`v8::internal::FunctionCallbackArguments::Call(this=0x000000016fdfd390, >> handler=CallHandlerInfo @ 0x000000016fdfd2b0) at api-arguments-inl.h:152:3 >> frame #77: 0x00000001008da114 >> node`v8::internal::MaybeHandle<v8::internal::Object> >> v8::internal::(anonymous >> namespace)::HandleApiCallHelper<false>(isolate=0x00000001180b8000, >> function=Handle<v8::internal::HeapObject> @ 0x000000016fdfd520, >> new_target=Handle<v8::internal::HeapObject> @ 0x000000016fdfd518, >> fun_data=Handle<v8::internal::FunctionTemplateInfo> @ 0x000000016fdfd510, >> receiver=Handle<v8::internal::Object> @ 0x000000016fdfd508, >> args=BuiltinArguments @ 0x000000016fdfd4f8) at builtins-api.cc:112:36 >> frame #78: 0x00000001008d8e68 >> node`v8::internal::Builtin_Impl_HandleApiCall(args=BuiltinArguments @ >> 0x000000016fdfd6d8, isolate=0x00000001180b8000) at builtins-api.cc:142:5 >> frame #79: 0x00000001008d8b4c >> node`v8::internal::Builtin_HandleApiCall(args_length=6, >> args_object=0x000000016fdfd7e8, isolate=0x00000001180b8000) at >> builtins-api.cc:130:1 >> frame #80: 0x000000010232864c >> node`Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 108 >> frame #81: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #82: 0x00000001280482ec >> frame #83: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #84: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #85: 0x00000001280482ec >> frame #86: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #87: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #88: 0x00000001280482ec >> frame #89: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #90: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #91: 0x00000001280482ec >> frame #92: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #93: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #94: 0x00000001022a2cd8 >> node`Builtins_InterpreterEntryTrampoline + 248 >> frame #95: 0x00000001022a04b0 node`Builtins_JSEntryTrampoline + >> 176 >> frame #96: 0x00000001022a0144 node`Builtins_JSEntry + 164 >> frame #97: 0x0000000100c2937c >> node`v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned >> long, unsigned long, unsigned long, long, unsigned >> long**>::Call(this=0x000000016fdfe3b0, args=4698374400 <(469)%20837-4400>, >> args=14066118301089, args=48012300152665, args=14066118301089, args=6, >> args=0x000000011100a990) at simulator.h:156:12 >> frame #98: 0x0000000100c254ac node`v8::internal::(anonymous >> namespace)::Invoke(isolate=0x00000001180b8000, >> params=0x000000016fdfe630)::InvokeParams const&) at execution.cc:419:33 >> frame #99: 0x0000000100c249d8 >> node`v8::internal::Execution::Call(isolate=0x00000001180b8000, >> callable=Handle<v8::internal::Object> @ 0x000000016fdfe6c0, >> receiver=Handle<v8::internal::Object> @ 0x000000016fdfe6b8, argc=5, >> argv=0x000000011100a990) at execution.cc:517:10 >> frame #100: 0x0000000100785f60 >> node`v8::Function::Call(this=0x0000000110064c40, context=(val_ = >> 0x000000011081c280), recv=(val_ = 0x00000001180b8170), argc=5, >> argv=0x000000011100a990) at api.cc:5304:7 >> frame #101: 0x00000001001b9b4c >> node`node::ExecuteBootstrapper(env=0x0000000110808200, >> id="internal/main/run_main_module", parameters=0x000000016fdfea38 size=5, >> arguments=0x000000016fdfea10 size=5) at node.cc:185:34 >> frame #102: 0x00000001001bb900 >> node`node::StartExecution(env=0x0000000110808200, >> main_script_id="internal/main/run_main_module") at node.cc:461:7 >> frame #103: 0x00000001001bb590 >> node`node::StartExecution(env=0x0000000110808200, >> cb=node::StartExecutionCallback @ 0x000000016fdfecd8)>) at node.cc:521:12 >> frame #104: 0x0000000100084e78 >> node`node::LoadEnvironment(env=0x0000000110808200, >> cb=node::StartExecutionCallback @ 0x000000016fdfed68)>) at >> environment.cc:409:10 >> frame #105: 0x00000001002f3ac8 >> node`node::NodeMainInstance::Run(this=0x000000016fdfeed8, >> exit_code=0x000000016fdfedec, env=0x0000000110808200) at >> node_main_instance.cc:144:5 >> frame #106: 0x00000001002f348c >> node`node::NodeMainInstance::Run(this=0x000000016fdfeed8, >> env_info=0x000000016fdff028) at node_main_instance.cc:138:3 >> frame #107: 0x00000001001be3fc node`node::Start(argc=4, >> argv=0x000000016fdff358) at node.cc:1221:38 >> frame #108: 0x000000010279b288 node`main(argc=4, >> argv=0x000000016fdff358) at node_main.cc:127:10 >> frame #109: 0x000000018b3dd430 libdyld.dylib`start + 4 >> ``` >> 2. If I add any V8 flag during the snapshot building process to >> invalidate the code cache sanity check (e.g. `out/Release/node >> --snapshot-main test/fixtures/snapshot/mem-bug.js && out/Release/node >> --trace_gc --snapshot-blob snapshot.blob test/fixtures/empty.js`), thus >> preventing the code cache from being deserialized, the prototype works as >> expected, so I think the bug has something to do with the code >> (de)serializer, and therefore I had the question in the title as I am not >> sure if it is even safe to reuse the old code cache this way. >> >> Would appreciate any help investigating the bug :). >> > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/v8-users/0967828b-5bf5-4d91-8d6d-aefbda398420n%40googlegroups.com > <https://groups.google.com/d/msgid/v8-users/0967828b-5bf5-4d91-8d6d-aefbda398420n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/CAH3p7oPfRjSCh%3DyYG9By0ctBc7ji2B5ixsA-_X8TR_WmLrsrgg%40mail.gmail.com.
