Fatal V8 Compiler Error #12308

tristanhoy · 2017-04-10T16:36:42Z

Version: 6.10.2
Platform: 64-bit Windows (also tested on Linux, not sure which arch)
Subsystem: V8 Compiler

The third line in the following script causes an error in the v8 compiler:

const sphincs = require('sphincs') // npm install sphincs@1.0.2
console.log('blah')
const keyPair = sphincs.keyPair()

blah


#
# Fatal error in ..\..\src\compiler.cc, line 786
# Check failed: !info->shared_info()->feedback_vector()->metadata()->SpecDiffersFrom( info->literal()->feedback_vector_spec()).
#

Node 7.8.0 (V8 5.5.372) is not affected.

This module is an emscripten transpile, and the issue specifically affects the optimised emcc -O3 build. The compiled, minified source is 107KB so I've made no attempts to debug any further.

An option suggested to the module author is to create a legacy build with less optimisations - so there's certainly workarounds in this case, but could this be a symptom of a deeper issue?

Are there any plans to upgrade V8 for 6.x?

The text was updated successfully, but these errors were encountered:

mscdex · 2017-04-10T17:22:00Z

/cc @nodejs/v8

hashseed · 2017-04-10T17:28:15Z

@ripsawridge @bmeurer

bmeurer · 2017-04-10T17:41:02Z

Looks like one of those bugs that @ripsawridge fixed, where the feedback vector layout differed between parsing and preparsing.

buu700 · 2017-04-10T17:52:18Z

I just had a chance to investigate this (I'm the module author), and it turns out that this actually has nothing to do with the emscripten compiler options.

The problem is triggered by a workaround I'd used to make this module work in both Node and webpack with no additional required configuration: specifically, replacing all instances of require( with eval("require")(. I feel like there must be a more elegant way to accomplish this, but that solution worked well enough and did what I needed at the time.

Also, here's my stack trace from Node 6.10.2 on Debian Jessie x86-64 if it's helpful (error message is the same as @tristanhoy's):

==== C stack trace ===============================

 1: V8_Fatal
 2: 0xb4548b
 3: v8::internal::Compiler::EnsureDeoptimizationSupport(v8::internal::CompilationInfo*)
 4: 0xb4d3a5
 5: 0xb4e9dd
 6: v8::internal::Compiler::CompileOptimized(v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Compiler::ConcurrencyMode)
 7: v8::internal::Runtime_CompileOptimized_Concurrent(int, v8::internal::Object**, v8::internal::Isolate*)
 8: 0x2f37853092a7
Illegal instruction

bnoordhuis · 2017-04-12T23:52:19Z

I can confirm the issue but I suspect this will be hard to fix due to the size of the changes between v6.x and v7.x.

It looks like @bmeurer was spot on, the info->shared_info()->feedback_vector() type feedback vector has an extra KEYED_LOAD_IC and a LOAD_IC that should have been a KEYED_LOAD_IC.

bmeurer · 2017-04-13T04:04:54Z

I'm pretty sure @ripsawridge fixed that. He might be able to point you to the proper fix. He'll be back in the office next week. I'll point him to this issue.

ripsawridge · 2017-04-13T10:18:12Z

Hi y'all. Yeah, if you look at my git log in the dates in question, I'll usually mention "vector" and "parser" in the fix. But indeed, I'll have a look next week, now I'm on slow-net on a mountainside :p. --Michael

…

On Thu, Apr 13, 2017 at 6:05 AM, Benedikt Meurer ***@***.***> wrote: I'm pretty sure @ripsawridge <https://github.com/ripsawridge> fixed that. He might be able to point you to the proper fix. He'll be back in the office next week. I'll point him to this issue. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12308 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AF1Fo0ApLh7bciCywh7wPs7cQTkofTlGks5rvZ8FgaJpZM4M5BpH> .

ripsawridge · 2017-04-20T10:26:34Z

I found a few candidates:

https://bugs.chromium.org/p/chromium/issues/detail?id=620119
Fixed in June 2016, Merged to 5.2.361.33

https://bugs.chromium.org/p/chromium/issues/detail?id=608279
Fixed in May 2016, Not merged anywhere.

https://bugs.chromium.org/p/chromium/issues/detail?id=600995
Fixed in April 2016, Merged to 5.1.281.10

ripsawridge · 2017-04-20T12:29:20Z

Okay, the issue is https://bugs.chromium.org/p/chromium/issues/detail?id=608279.
The fix is an easy merge and the repro disappears.
(here is the CL to port: https://codereview.chromium.org/1950803002/)

hashseed · 2017-04-20T12:34:33Z

I'll prepare a PR.

Original commit message: Don't treat catch scopes as possibly-shadowing for sloppy eval Scope analysis is over-conservative when treating variable resolutions as possibly-shadowed by a sloppy eval. In the attached bug, this comes into play since catch scopes have different behavior with respect to the "calls eval" in eager vs lazy compilation (in the latter, they are never marked as "calls eval" because CatchContexts don't have an associated ScopeInfo). This patch changes the scope-type check to also eliminate a few other cases where shadowing isn't possible, such as non-declaration block scopes. BUG=chromium:608279 LOG=n Committed: https://crrev.com/75f2d65f003ebb22815489e9970913ba37234f1b Cr-Commit-Position: refs/heads/master@{nodejs#36046} Fixes: nodejs#12308

Original commit message: Don't treat catch scopes as possibly-shadowing for sloppy eval Scope analysis is over-conservative when treating variable resolutions as possibly-shadowed by a sloppy eval. In the attached bug, this comes into play since catch scopes have different behavior with respect to the "calls eval" in eager vs lazy compilation (in the latter, they are never marked as "calls eval" because CatchContexts don't have an associated ScopeInfo). This patch changes the scope-type check to also eliminate a few other cases where shadowing isn't possible, such as non-declaration block scopes. BUG=chromium:608279 LOG=n Committed: https://crrev.com/75f2d65f003ebb22815489e9970913ba37234f1b Cr-Commit-Position: refs/heads/master@{#36046} Fixes: #12308 PR-URL: #12535 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Myles Borins <myles.borins@gmail.com>

targos · 2017-05-12T14:51:28Z

This was fixed in cd78a2bd07 and released with v6.10.3.

tristanhoy mentioned this issue Apr 10, 2017

Fatal v8 error in Node LTS 6.9.2 / 6.10.2 cyph/sphincs.js#1

Closed

addaleax added v6.x v8 engine Issues and PRs related to the V8 dependency. labels Apr 10, 2017

bnoordhuis added the confirmed-bug Issues with confirmed bugs. label Apr 12, 2017

hashseed mentioned this issue Apr 20, 2017

deps: backport 75f2d65f00 from upstream V8 #12535

Closed

3 tasks

targos closed this as completed May 12, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fatal V8 Compiler Error #12308

Fatal V8 Compiler Error #12308

tristanhoy commented Apr 10, 2017

mscdex commented Apr 10, 2017

hashseed commented Apr 10, 2017

bmeurer commented Apr 10, 2017

buu700 commented Apr 10, 2017

bnoordhuis commented Apr 12, 2017

bmeurer commented Apr 13, 2017

ripsawridge commented Apr 13, 2017 via email

ripsawridge commented Apr 20, 2017

ripsawridge commented Apr 20, 2017

hashseed commented Apr 20, 2017

targos commented May 12, 2017

Fatal V8 Compiler Error #12308

Fatal V8 Compiler Error #12308

Comments

tristanhoy commented Apr 10, 2017

mscdex commented Apr 10, 2017

hashseed commented Apr 10, 2017

bmeurer commented Apr 10, 2017

buu700 commented Apr 10, 2017

bnoordhuis commented Apr 12, 2017

bmeurer commented Apr 13, 2017

ripsawridge commented Apr 13, 2017 via email

ripsawridge commented Apr 20, 2017

ripsawridge commented Apr 20, 2017

hashseed commented Apr 20, 2017

targos commented May 12, 2017