V8 Causes SIGINT on 6.5 Killing PHP When Initializing Successful Generated Snapshot

[virgofx]

Using snapshots on 6.5 results in an interesting SIGINT causing PHP to die resulting in 502 gateway errors. This happens when using the following blob concatenation:

pseudo-bundle:

// prop-types.min.js
// react.production.min.js
// react-dom-server.browser.production.min.js
// react-transition-group.min.js

Actual bundle file here: https://gist.github.com/virgofx/6188a241fb9453c4144cf08eed73022b

PHP code

<?php 
//...
// Generate the snapshot -- SUCCESSFUL
$snapshot = \V8Js::createSnapshot(file_get_contents('./blob.js'));

// Create V8JS instance using the successful snapshot - SEGFAULTS on 6.5, not on 6.0,6.1,6.2,6.3,6.4
$v8js = new \V8Js('PHP', [], [], true, $snapshot);

Relevant Debugging Information

• V8JS: 2.1.0
• PHP: 7.1
• V8: 6.5.116 (Installed via Pinepaine's PPA)

Note: Running the same setup executing as a script (no-snapshot) works on 6.5. Note: Running the same setup on Pinepain's V8 library 6.1, 6.2, 6.3, 6.4 with V8JS 2.1.0 - works, no errors. Note: Changing the react version from 16.2 production to the development version - works, no errors

/cc @stesie @pinepain

[pinepain]

@virgofx Thanks for reporting, as to libv8, I'll give snapshots a look with php-v8 extension to figure out whether it's a libv8 specific issue or a v8js specific (don't be confused with php-v8, it's a different ext from v8js). Recently I made some changes to how libv8 is build to use system g++ and not clang from third_party folder. Also, please note, that libv8 is unofficial Google's V8 build so at some point you can follow V8's building instructions to build "vanilla" libv8 to help locating the issue and try v8js with it .

[virgofx]

@pinepain I updated the original thread to note it works on versions up to and including 6.4 from your PPA. I generally try to avoid compiling V8 because it takes so long the official way. Since without any code change it works in 6.4, I'm guessing the problem lies more with V8; however, since the snapshot was generated maybe there is some also some code work that could be done in V8Js-land to prevent a future SEGFAULT in PHP-land. I know that's more in the realm for @stesie but included you as maybe you could see about cutting a new 6.5 update in the PPA to see if the current 6.5.116 build is the issue?

[pinepain]

@virgofx Launchpad was stopped for few days and while i386 and amd64 builders are back there is some time to get queue burned down. The libv8 fresh 6.5.144 builds (with a security fix) are on it's way somewhere in that queue. Meanwhile, you can try this issue with v8js using pinepain/libv8 docker image and see whether it's still persists.

guessing the problem lies more with V8 Just FTR, V8 is known to break BC in it API and ABI, and while it seems to be less likely with more recent v8 versions, I wouldn't be much surprised if something was changed.

BTW, did you use fresh libv8 or you rebuild v8js against newer libv8?

[virgofx]

Initial testing was a fresh VM that installed libv8-6.5, libv8-6.5-dev, and then V8JS 2.1.0. Subsequent tests were then done by installing the 6.x counterpart and then running the same V8JS 2.1.0 install linked to the specific version. The subsequent tests (<= 6.4) all work from rebuild or a fresh VM as I've tested that. Definitely something's up with 6.5.116 ... still would be nice to have some protection in PHP-land if stesie or anyone is able to backtrace the segfault.