WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
29797
[V8] Runaway JS recursion crashes Chromium workers on OS X
https://bugs.webkit.org/show_bug.cgi?id=29797
Summary
[V8] Runaway JS recursion crashes Chromium workers on OS X
Dominic Cooney
Reported
2009-09-28 00:24:51 PDT
Created
attachment 40218
[details]
Sets a stack limit. Do not land before proposed fix lands in V8--see description. Repro: Open LayoutTests/fast/workers/use-machine-stack.html. Expected behavior: it prints PASS (RangeError: Maximum call stack size exceeded.) Actual behavior: Safari 4.0.3 (6531.9): OK. Google Chrome 4.0.212.1 (Official Build 26852) WebKit 532.1 V8 1.3.11.1: Worker process crashes. This is related to <
http://crbug.com/21653
>. I've attached a patch. The patch depends on a proposed fix to V8 bug 442, see <
http://codereview.chromium.org/242014
>.
Attachments
Sets a stack limit. Do not land before proposed fix lands in V8--see description.
(3.36 KB, patch)
2009-09-28 00:24 PDT
,
Dominic Cooney
dglazkov
: review-
Details
Formatted Diff
Diff
Proposed fix. Uses the fixed V8 resource constraints API to set a stack limit for Chromium JavaScript workers.
(3.32 KB, patch)
2009-10-10 22:54 PDT
,
Dominic Cooney
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1
2009-09-28 07:27:31 PDT
We typically don't modify tests to fix them. Can you explain why we have to change the test? Is it failing for JSC?
Dominic Cooney
Comment 2
2009-09-28 10:22:32 PDT
It isn't necessary to change the test. I added a stack overflow in a setTimeout callback to exercise stack overflow on another code path. I could revert the test change... either way. The current test and the updated test pass with WebKit.
Dimitri Glazkov (Google)
Comment 3
2009-09-28 11:19:45 PDT
Comment on
attachment 40218
[details]
Sets a stack limit. Do not land before proposed fix lands in V8--see description.
> + Reviewed by NOBODY (OOPS!). > + > + Sets a stack limit for V8 workers.
Need a better description of this test change and a bug URL.
> > +function h() { > + try { > + g(); > + } catch (ex) { > + postMessage(ex); > + } > +} > + > try { > f(); > } catch (ex) { > try { > g(); > } catch (ex) { > - postMessage(ex); > + setTimeout(h, 0); > }
perhaps this could be a new test?
> + Sets a stack limit for V8 workers.
Bug url is needed here. Also, make sure to prefix V8-related bug titles with [V8].
Dominic Cooney
Comment 4
2009-10-10 22:51:30 PDT
Runaway recursion in JavaScript workers crashes the Chromium worker process on OS X. This is because V8's default stack limit is 512K on ia32 or 1M on x64, but the worker process runs workers on a thread with the OS X default stack size--512K. Because there are already some C++ frames on the stack when V8 establishes its 512K default stack limit, and V8 doesn't precisely enforce the stack limit, runaway recursion in V8 workers overflows the OS stack and segfaults, killing the worker process. This is described in Chromium
bug 21653
<
http://crbug.com/21653
>.
Dominic Cooney
Comment 5
2009-10-10 22:54:49 PDT
Created
attachment 40999
[details]
Proposed fix. Uses the fixed V8 resource constraints API to set a stack limit for Chromium JavaScript workers.
Adam Barth
Comment 6
2009-10-11 00:12:52 PDT
Comment on
attachment 40999
[details]
Proposed fix. Uses the fixed V8 resource constraints API to set a stack limit for Chromium JavaScript workers. Thanks! If you'd like the commit-queue to land this patch, you can nominate it by setting commit-queue=?
WebKit Commit Bot
Comment 7
2009-10-11 15:17:24 PDT
Comment on
attachment 40999
[details]
Proposed fix. Uses the fixed V8 resource constraints API to set a stack limit for Chromium JavaScript workers. Clearing flags on attachment: 40999 Committed
r49427
: <
http://trac.webkit.org/changeset/49427
>
WebKit Commit Bot
Comment 8
2009-10-11 15:17:28 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug