search

chakra-core / ChakraCore

ChakraCore is an open source Javascript engine with a C API.
MIT License
9.11k stars 1.2k forks source link

FatalInternalError in ReparseAsmJsModule #6472

Open Changochen opened 4 years ago

Changochen commented 4 years ago

POC:

function Module() {
    'use asm';

    function f() {
    }

    return f;
}

function recur() {
    try {
        recur();
    } catch (e) {
        Module(1);
    }
}

recur();

ch version: ch version 1.12.0.0-beta, git hash 33db8efd9f02cd528a7305391d7d10765a2e85f3

Stack dump:

#0  DBG_DebugBreak () at /home/yongheng/ChakraCore/pal/src/arch/i386/debugbreak.S:18
#1  0x00007ffff26f1c31 in DebugBreak () at /home/yongheng/ChakraCore/pal/src/debug/debug.cpp:408
#2  0x00007ffff2d5f279 in ReportFatalException (context=0x0, exceptionCode=0x80004005,
    reasonCode=Fatal_Internal_Error, scenario=0x2)
    at /home/yongheng/ChakraCore/lib/Common/Exceptions/ReportError.cpp:20
#3  0x00007ffff2d5f84d in Js::Throw::FatalInternalError (hr=0x80004005)
    at /home/yongheng/ChakraCore/lib/Common/Exceptions/Throw.cpp:72
#4  0x00007ffff37893e8 in Js::JavascriptFunction::ReparseAsmJsModule (functionRef=0x7fffff814020)
    at /home/yongheng/ChakraCore/lib/Runtime/Library/JavascriptFunction.cpp:1716
#5  0x00007ffff336bfb0 in Js::InterpreterStackFrame::ProcessLinkFailedAsmJsModule (this=0x7fffff8146c0)
    at /home/yongheng/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:2926
#6  0x00007ffff336ab41 in Js::InterpreterStackFrame::ProcessAsmJsModule (this=0x7fffff8146c0)
    at /home/yongheng/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:2672
#7  0x00007ffff3347aae in Js::InterpreterStackFrame::Process (this=0x7fffff8146c0)
    at /home/yongheng/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:3463
#8  0x00007ffff334678b in Js::InterpreterStackFrame::InterpreterHelper (function=0x7ffff7ef6730, args=...,
    returnAddress=0x7ffff7e50f92, addressOfReturnAddress=0x7fffff814bf8, asmJsReturn=0x0)
    at /home/yongheng/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:2165
#9  0x00007ffff3345858 in Js::InterpreterStackFrame::InterpreterThunk (layout=0x7fffff814c10)
    at /home/yongheng/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:1845
#10 0x00007ffff7e50f92 in ?? ()
#11 0x00007fffff814c30 in ?? ()
#12 0x00007ffff3a9851e in amd64_CallFunction ()
    at /home/yongheng/ChakraCore/lib/Runtime/Library/amd64/JavascriptFunctionA.S:100
rhuanjl commented 4 years ago

Hmm - the issue here is:

  1. the recursion is running out of stack space
  2. the call into the ASM-JS module then has no memory available - and fails, hence the FatalInternalError

I'm not really sure how this can be "fixed".

Changochen commented 4 years ago

Maybe throwing a normal out-of-memory exception instead of a FatalInternalError?

rhuanjl commented 4 years ago

Maybe throwing a normal out-of-memory exception instead of a FatalInternalError?

That may be possible - though ChakraCore's default behaviour for out of memory is also an abort (though it is one that can be flagged off).