iamhwani / v8-juice

Automatically exported from code.google.com/p/v8-juice
Other
0 stars 0 forks source link

crash involving(?) getStackTrace() from eval()d code #26

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
JS code:

function test2() {
    var s = v8juice.getStackTrace();
    print(JSON.stringify(s,undefined,'\t'));
}
function test1() {
    eval('new test2()');
}
test1();

Results in:

#
# Fatal error in src/handles-inl.h, line 48
# CHECK(location_ != __null) failed
#

==== Stack trace ============================================

Security context: 0x7f5449774861 <JS Object>#0#
    1: new constructor(aka test2) [stacktrace.js:3] (this=0x7f544404b749 <a test2>>#1#)
    3: /* anonymous */ [0x7f5449734079 <undefined>:1] (this=0x7f5449774959 <JS Global Object>#2#)
    4: arguments adaptor frame: 1->0
    5: test1 [stacktrace.js:7] (this=0x7f5449774959 <JS Global Object>#2#)
    6: /* anonymous */ [stacktrace.js:9] (this=0x7f5449774959 <JS Global Object>#2#)

==== Details ================================================

[1]: new constructor(aka test2) [stacktrace.js:3] (this=0x7f544404b749 <a 
test2>>#1#) {
  // stack-allocated locals
  var s = 0x7f5449734079 <undefined>
  // expression stack (top to bottom)
  [02] : 0x7f5449793549 <JS Function>#3#
  [01] : 0x7f5449774959 <JS Global Object>#2#
--------- s o u r c e   c o d e ---------
function test2() {?    var s = v8juice.getStackTrace();?    
print(JSON.stringify(s,undefined,'\t'));?}
-----------------------------------------
}

[3]: /* anonymous */ [0x7f5449734079 <undefined>:1] (this=0x7f5449774959 <JS 
Global Object>#2#) {
  // stack-allocated locals
  var .result = 0x7f5449734079 <undefined>
  // expression stack (top to bottom)
  [01] : 0x7f5449795e11 <JS Function test2>#4#
--------- s o u r c e   c o d e ---------
new test2()
-----------------------------------------
}

[4]: arguments adaptor frame: 1->0 {
  // actual arguments
  [00] : 0x7f5449746d59 <String[11]: new test2()>  // not passed to callee
}

[5]: test1 [stacktrace.js:7] (this=0x7f5449774959 <JS Global Object>#2#) {
  // heap-allocated locals
  var .arguments = 0x7f544404a5a1 <an Arguments>>#5#
  var arguments = 0x7f544404a5a1 <an Arguments>>#5#
  // expression stack (top to bottom)
  [00] : 0x7f544404b659 <JS Function>#6#
--------- s o u r c e   c o d e ---------
function test1() {?    eval('new test2()');?}
-----------------------------------------
}

[6]: /* anonymous */ [stacktrace.js:9] (this=0x7f5449774959 <JS Global 
Object>#2#) {
  // stack-allocated locals
  var .result = 0x7f5449734079 <undefined>
--------- s o u r c e   c o d e ---------
?function test2() {?    var s = v8juice.getStackTrace();?    
print(JSON.stringify(s,undefined,'\t'));?}?function test1() {?    eval('new 
test2()');?}?test1();??
-----------------------------------------
}

==== Key         ============================================

 #0# 0x7f5449774861: 0x7f5449774861 <JS Object>
 #1# 0x7f544404b749: 0x7f544404b749 <a test2>>
 #2# 0x7f5449774959: 0x7f5449774959 <JS Global Object>
 #3# 0x7f5449793549: 0x7f5449793549 <JS Function>
 #4# 0x7f5449795e11: 0x7f5449795e11 <JS Function test2>
 #5# 0x7f544404a5a1: 0x7f544404a5a1 <an Arguments>>
            callee: 0x7f5449795e51 <JS Function test1>#7#
            length: 0
 #6# 0x7f544404b659: 0x7f544404b659 <JS Function>
 #7# 0x7f5449795e51: 0x7f5449795e51 <JS Function test1>
=====================

However, if i replace ('new test2()') with (new test2()) (without quotes) it 
works as expected. The same code without the call to v8juice.getStackTrace() 
works as expected, so it appears to be a mis-interaction with getStackTrace() 
in the face of eval.

Original issue reported on code.google.com by sgbeal@googlemail.com on 6 Jan 2011 at 1:42

GoogleCodeExporter commented 9 years ago

Original comment by sgbeal@googlemail.com on 6 Jan 2011 at 1:43