-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v8: backport 22116dd6c884c026225e56dd8e442a660193e729 #21992
Conversation
I believe the |
/cc @nodejs/v8-update |
Thanks, I went ahead and updated the PR. |
@laverdet Could you please retarget this PR to the master branch (and change the embedder string accordingly)? We are still at V8 6.8 there and that version is going to be backported to v10.x. Also, the first line of the commit message is a bit too long and should start with "deps". |
@targos alright, I've made those changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
Refs: v8/v8@22116dd Original commit message: [snapshot] fix resetting function code. Unconditionally setting the JSFunction code to that of the SFI may skip initializing the feedback vector. R=leszeks@chromium.org Bug: v8:7857 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809 Reviewed-on: https://chromium-review.googlesource.com/1107618 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{nodejs#53881}
2f2755e
to
e23ea6f
Compare
I rebased the PR on top of master. |
The V8 test fails at compile time: Edit: sorry, wrong PR. |
Fixed V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/1654/ |
Landed in 0d3da39 |
Refs: v8/v8@22116dd Original commit message: [snapshot] fix resetting function code. Unconditionally setting the JSFunction code to that of the SFI may skip initializing the feedback vector. R=leszeks@chromium.org Bug: v8:7857 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809 Reviewed-on: https://chromium-review.googlesource.com/1107618 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#53881} PR-URL: #21992 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Gus Caplan <me@gus.host>
Refs: v8/v8@22116dd Original commit message: [snapshot] fix resetting function code. Unconditionally setting the JSFunction code to that of the SFI may skip initializing the feedback vector. R=leszeks@chromium.org Bug: v8:7857 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809 Reviewed-on: https://chromium-review.googlesource.com/1107618 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#53881} PR-URL: #21992 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Gus Caplan <me@gus.host>
Refs: v8/v8@22116dd Original commit message: [snapshot] fix resetting function code. Unconditionally setting the JSFunction code to that of the SFI may skip initializing the feedback vector. R=leszeks@chromium.org Bug: v8:7857 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809 Reviewed-on: https://chromium-review.googlesource.com/1107618 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#53881} PR-URL: #21992 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Gus Caplan <me@gus.host>
This is a backport for v8 commit 22116dd6 which fixes v8 issue #7857. The issue does not affect core nodejs but does affect my native npm module isolated-vm. Essentially v8 will segfault if you try to create a startup snapshot of an isolate that contains a closure.
The snapshot crash as it pertains to isolated-vm was originally reported on superfly/fly#101.
The bug was introduced in v8 commit 6bd1d3c2, landed in v8 version 6.7.247, which made its way onto nodejs v10.2.0.
The fix landed in v8 version 6.9.186 will probably never see the light of day on the v10x branch of nodejs, which leads me to this PR :)
The patch applied cleanly with no conflicts.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes