Segfaults and crashes during debugging

[awwright]

• Version: 10.0.0 (and not present in Node.js v9.5.0) (homebrew version and .pkg version from nodejs.org)
• Platform: MacOS 10.13.4: Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT 2018; root:xnu-4570.51.2~1/RELEASE_X86_64 x86_64
• Subsystem: V8 debugger

process.features:

{ debug: false,
  uv: true,
  ipv6: true,
  tls_alpn: true,
  tls_sni: true,
  tls_ocsp: true,
  tls: true }

I'm running into an issue where Node.js crashes and/or segfaults while debugging code using --inspect-brk, when stepping out of a function as it's returning, or stepping over that function as it is returning its value, while debugging sufficiently complex files (>100 lines and >4 functions, it seems). Sometimes that function is defined in the same file, sometimes it's a function exported from a different file. The application is pure ECMAScript with no compiled modules.

Sometimes I get no message printed. Sometimes I do:

In some cases it's a segfault:

Segmentation fault: 11

In other cases it's a V8 crash:

Stacktrace:
   ptr1=0x28d7fc9f3cc1
    ptr2=0x0
    ptr3=0x0
    ptr4=0x0
    failure_message_object=0x7ffeefbf5580

==== JS stack trace =========================================

With another hundred lines of a stack trace.

Given a specific file, the issue always happens with the same functions in the same places. It appears the crash can be bypassed if it is skipped over using "Continue to here", or if I'm skipping over the entire function which contains the faulty call+return.

When I remove lines of code, it the crash still tends to happen to the same function. However, removing many lines of code seems to fix the issue, even lines of code that shouldn't impact the site of the crash. For example, I've gotten to where removing just one of a dozen if() statements (each of which tests and defines otherwise unused variables) will cause the debugger to work again. Therefore, I have not been able to establish a minimal test case.

I don't have any reason to believe this impacts production applications, it's just really annoying.

[advanceddeveloper]

Can you provide any test case?

[awwright]

@advanceddeveloper I'll see what I can do.

[awwright]

I got a different kind of error now. A function returning an object throws an Exception:

TypeError: Cannot convert undefined or null to object

The code runs normally when not being debugged.

[advanceddeveloper]

Well, without looking at the code, I am pretty sure nobody can guess what is going on in your scripts. I still don't understand what is the hindrance for providing a MVCE that reproduces the issue...

[awwright]

@advanceddeveloper As I described, it doesn't seem possible to craft an MVCE. When I start removing code, the problem goes away.

I suspect there's some sort of corruption going on in the optimizer. But that's wild mass guessing, and I don't know why enabling the debugger would cause it.

I'm trying to craft some sort of program that I can share, though.

[addaleax]

@awwright Btw, it might also be a good idea to build a debug build of Node.js itself (download tarball/clone repo + ./configure --debug && make -j4). Takes a bit to compile, but I’d guess that this is the kind of problem that shows up earlier with a debug build.

[hashseed]

Can you check whether this V8 patch fixes your issue?

[jscissr]

I have the same issue, here is the repro: https://gist.github.com/jscissr/4899775c76ec060d96a91253a54ee5f3
I tried building from master like @addaleax suggested, and there it doesn't crash, so it is quite possible that V8 patch linked above fixed the bug.

[advanceddeveloper]

I'm able to reproduce the issue on Windows 10 using @jscissr's script. Here is the crash log: log.txt

[ryzokuken]

@jscissr if it's fixed in master, it must've either landed in a patch release or will land in the next one 🎉

Closing this issue because it's fixed on master, so there's probably nothing to be done anyway. If you still feel this deserves attention, feel free to reopen this.