node
node copied to clipboard
nodejs
deps: update V8 to 13.7
Review requested:
- [ ] @nodejs/actions
- [ ] @nodejs/gyp
- [ ] @nodejs/performance
- [ ] @nodejs/security-wg
- [ ] @nodejs/tsc
- [ ] @nodejs/v8-update
Debug build fails on my mac:
FAILED: gen/node_snapshot.cc
cd ../../; export BUILT_FRAMEWORKS_DIR=/Users/mzasso/git/nodejs/v8-next-update/out/Debug; export BUILT_PRODUCTS_DIR=/Users/mzasso/git/nodejs/v8-next-update/out/Debug; export CONFIGURATION=Debug; export EXECUTABLE_NAME=node; export EXECUTABLE_PATH=node; export FULL_PRODUCT_NAME=node; export PRODUCT_NAME=node; export PRODUCT_TYPE=com.apple.product-type.tool; export SDKROOT=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk; export SRCROOT=/Users/mzasso/git/nodejs/v8-next-update/out/Debug/../../; export SOURCE_ROOT="${SRCROOT}"; export TARGET_BUILD_DIR=/Users/mzasso/git/nodejs/v8-next-update/out/Debug; export TEMP_DIR="${TMPDIR}"; export XCODE_VERSION_ACTUAL=1630;/Users/mzasso/git/nodejs/v8-next-update/out/Debug/node_mksnapshot /Users/mzasso/git/nodejs/v8-next-update/out/Debug/gen/node_snapshot.cc
#
# Fatal error in ../../deps/v8/src/snapshot/serializer.cc, line 1194
# Debug check failed: InstanceTypeChecker::IsEmbedderDataArray(instance_type) || InstanceTypeChecker::IsJSTypedArray(instance_type) || InstanceTypeChecker::IsJSArrayBuffer(instance_type) || InstanceTypeChecker::IsExternalString(instance_type) || InstanceTypeChecker::IsNativeContext(instance_type) || InstanceTypeChecker::IsJSSynchronizationPrimitive(instance_type) || (InstanceTypeChecker::IsJSObject(instance_type) && Cast<JSObject>(host)->GetEmbedderFieldCount() > 0).
#
#
#
#FailureMessage Object: 0x16db877f8
----- Native stack trace -----
1: 0x10299e534 node::DumpNativeBacktrace(__sFILE*) [/Users/mzasso/git/nodejs/v8-next-update/out/Debug/node_mksnapshot]
2: 0x102c0fed0 node::NodePlatform::GetStackTracePrinter()::$_0::operator()() const [/Users/mzasso/git/nodejs/v8-next-update/out/Debug/node_mksnapshot]
These two JSPI CLs might need to be included if not already part of this change, for ppc64 and s390x: https://chromium-review.googlesource.com/c/v8/v8/+/6488239 https://chromium-review.googlesource.com/c/v8/v8/+/6488233
@anonrig any idea why macOS fails to build on GitHub actions (simdutf-related error)? I didn't get this error locally.
@miladfarca thanks for the heads up. I believe both commits are included already.
@anonrig any idea why macOS fails to build on GitHub actions (simdutf-related error)? I didn't get this error locally.
I'm not sure. @lemire any suggestions to why simdutf is failing on macOS? https://github.com/nodejs/node/actions/runs/14713137908/job/41290246774?pr=58064
any idea why macOS fails to build on GitHub actions (simdutf-related error)? I didn't get this error locally.
I believe that macos builds are going to be dependent on Xcode >=16.3, as V8 now depends on simdutf features that are contingent on std::atomic_ref, which is not available in llvm <19.
This might necessitate changing the build image to macos-15.
I see, thanks @Renegade334. I think the easiest for now is to revert https://chromium-review.googlesource.com/c/v8/v8/+/6449193, since it touches a feature that's in development and behind a flag.
It looks like something is broken on the release builds too. Locally, I get this stack trace:
Process 239 launched: '/Users/mzasso/git/nodejs/v8-next-update/out/Release/node' (arm64)
Process 239 stopped
* thread #1, name = 'MainThread', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1f4e6ed34b21)
frame #0: 0x00000001020ec9b0 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::OperationBuffer::Allocate(this=0x0000000136828e18, slot_count=4) at graph.h:99:25 [opt]
96 operation_sizes_[OpIndex(idx.offset() + static_cast<uint32_t>(slot_count) *
97 sizeof(OperationStorageSlot))
98 .id() -
-> 99 1] = slot_count;
100 return result;
101 }
102
Target 0: (node) stopped.
warning: node was compiled with optimization - stepping may behave oddly; variables may not be available.
(lldb) bt
* thread #1, name = 'MainThread', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1f4e6ed34b21)
* frame #0: 0x00000001020ec9b0 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::OperationBuffer::Allocate(this=0x0000000136828e18, slot_count=4) at graph.h:99:25 [opt]
frame #1: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::Graph::Allocate(this=0x0000000136828e18, slot_count=4) at graph.h:707:24 [opt]
frame #2: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::AllocateOpStorage(graph=0x0000000136828e18, slot_count=4) at graph.h:1228:17 [opt]
frame #3: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp& v8::internal::compiler::turboshaft::OperationT<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp>::New<v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(graph=0x0000000136828e18, input_count=2, args=<unavailable>, args=ShadowyOpIndex @ x21, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=FeedbackSource @ 0x00006000031e7f20) at operations.h:1146:9 [opt]
frame #4: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp& v8::internal::compiler::turboshaft::FixedArityOperationT<2ul, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp>::New<v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(graph=0x0000000136828e18, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>) at operations.h:1287:9 [opt]
frame #5: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource) [inlined] v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp& v8::internal::compiler::turboshaft::Graph::Add<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(this=0x0000000136828e18, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>) at graph.h:725:14 [opt]
frame #6: 0x00000001020ec974 node`v8::internal::compiler::turboshaft::OpIndex v8::internal::compiler::turboshaft::TSReducerBase<v8::internal::compiler::turboshaft::StackBottom<v8::base::tmp::list1<v8::internal::compiler::turboshaft::GraphVisitor, v8::internal::compiler::turboshaft::LoopStackCheckElisionReducer, v8::internal::compiler::turboshaft::StoreStoreEliminationReducer, v8::internal::compiler::turboshaft::LateLoadEliminationReducer, v8::internal::compiler::turboshaft::MachineOptimizationReducer, v8::internal::compiler::turboshaft::BranchEliminationReducer, v8::internal::compiler::turboshaft::ValueNumberingReducer, v8::internal::compiler::turboshaft::TSReducerBase>>>::Emit<v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ShadowyOpIndex, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind, v8::internal::compiler::turboshaft::ConvertJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind, v8::internal::compiler::CheckForMinusZeroMode, v8::internal::compiler::FeedbackSource>(this=0x000000016fdfdfc8, args=ShadowyOpIndex @ x25, args=ShadowyOpIndex @ x21, args=kAdditiveSafeInteger, args=kAdditiveSafeInteger | 0x88, args=kDontCheckForMinusZero | 0x4, args=<unavailable>) at assembler.h:986:44 [opt]
frame #7: 0x0000000100774d28 node`v8::internal::(anonymous namespace)::GetPropertyWithInterceptorInternal(it=0x000000016fdfdd98, interceptor=DirectHandle<v8::internal::InterceptorInfo> @ x21, done=0x000000016fdfdd30) at js-objects.cc:1211:19 [opt]
frame #8: 0x00000001007fda84 node`v8::internal::Object::GetProperty(it=0x000000016fdfdd98, is_global_reference=<unavailable>) at objects.cc:1285:9 [opt]
frame #9: 0x0000000100585264 node`v8::internal::LoadIC::Load(this=0x000000016fdfde68, object=<unavailable>, name=Handle<v8::internal::Name> @ x19, update_feedback=<unavailable>, receiver=<unavailable>) at ic.cc:453:5 [opt]
frame #10: 0x000000010058c948 node`v8::internal::Runtime_LoadNoFeedbackIC_Miss(int, unsigned long*, v8::internal::Isolate*) [inlined] v8::internal::__RT_impl_Runtime_LoadNoFeedbackIC_Miss(args=v8::internal::RuntimeArguments @ 0x00006000031f21a0, isolate=0x0000000128008000) at ic.cc:2783:3 [opt]
frame #11: 0x000000010058c8a4 node`v8::internal::Runtime_LoadNoFeedbackIC_Miss(args_length=<unavailable>, args_object=0x000000016fdfdfd0, isolate=0x0000000128008000) at ic.cc:2768:1 [opt]
frame #12: 0x0000000100efbfb4 node`Builtins_CEntry_Return1_ArgvOnStack_NoBuiltinExit + 84
frame #13: 0x0000000100fe3374 node`Builtins_GetNamedPropertyHandler + 4692
frame #14: 0x0000000100e5d12c node`Builtins_InterpreterEntryTrampoline + 268
frame #15: 0x0000000100e5d12c node`Builtins_InterpreterEntryTrampoline + 268
frame #16: 0x0000000100e5d12c node`Builtins_InterpreterEntryTrampoline + 268
frame #17: 0x0000000100e5d12c node`Builtins_InterpreterEntryTrampoline + 268
frame #18: 0x0000000100e5a8cc node`Builtins_JSEntryTrampoline + 172
frame #19: 0x0000000100e5a570 node`Builtins_JSEntry + 176
frame #20: 0x000000010040dda8 node`v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [inlined] v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**>::Call(this=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>) at simulator.h:212:12 [opt]
frame #21: 0x000000010040dda4 node`v8::internal::(anonymous namespace)::Invoke(isolate=0x0000000128008000, params=0x000000016fdfe528) at execution.cc:440:22 [opt]
frame #22: 0x000000010040d738 node`v8::internal::Execution::Call(isolate=<unavailable>, callable=<unavailable>, receiver=<unavailable>, args=<unavailable>) at execution.cc:530:10 [opt]
frame #23: 0x0000000100291cec node`v8::Function::Call(this=0x000000013682cc48, isolate=0x0000000128008000, context=<unavailable>, recv=Local<v8::Value> @ 0x000000016fdfe580, argc=4, argv=0x000000016fdfe638) at api.cc:5433:7 [opt]
frame #24: 0x00000001000d6fc4 node`node::builtins::BuiltinLoader::CompileAndCall(v8::Local<v8::Context>, char const*, node::Realm*) [inlined] node::builtins::BuiltinLoader::CompileAndCall(this=<unavailable>, context=<unavailable>, id=<unavailable>, argc=<unavailable>, argv=<unavailable>, optional_realm=<unavailable>) at node_builtins.cc:500:14 [opt]
frame #25: 0x00000001000d6f88 node`node::builtins::BuiltinLoader::CompileAndCall(this=0x000000013684ccc0, context=Local<v8::Context> @ x19, id="internal/main/repl", realm=<unavailable>) at node_builtins.cc:0 [opt]
frame #26: 0x000000010016d440 node`node::Realm::ExecuteBootstrapper(this=0x00000001266044c0, id=<unavailable>) at node_realm.cc:161:32 [opt]
frame #27: 0x00000001000bbc0c node`node::StartExecution(env=0x000000013684c200, main_script_id="internal/main/repl") at node.cc:254:35 [opt]
frame #28: 0x00000001000bbbb0 node`node::StartExecution(env=0x000000013684c200, cb=<unavailable>) at node.cc:0 [opt]
frame #29: 0x000000010002a870 node`node::LoadEnvironment(env=0x000000013684c200, cb=<unavailable>, preload=<unavailable>) at environment.cc:539:10 [opt]
frame #30: 0x0000000100129f2c node`node::NodeMainInstance::Run() [inlined] node::NodeMainInstance::Run(this=<unavailable>, exit_code=<unavailable>, env=0x000000013684c200) at node_main_instance.cc:106:7 [opt]
frame #31: 0x0000000100129efc node`node::NodeMainInstance::Run(this=<unavailable>) at node_main_instance.cc:99:3 [opt]
frame #32: 0x00000001000bf594 node`node::Start(int, char**) [inlined] node::StartInternal(argc=<unavailable>, argv=<unavailable>) at node.cc:1538:24 [opt]
frame #33: 0x00000001000bf4ac node`node::Start(argc=<unavailable>, argv=<unavailable>) at node.cc:1545:27 [opt]
frame #34: 0x000000018d6a2b4c dyld`start + 6000
Some tests with a log in BuiltinLoader::CompileAndCall:
$ out/Release/node
Compiling and calling internal/main/repl
[1] 15840 segmentation fault out/Release/node
$ out/Release/node -p process.version
Compiling and calling internal/main/eval_string
[1] 15895 illegal hardware instruction out/Release/node -p process.version
$ out/Release/node test/parallel/test-util-parse-env.js
Compiling and calling internal/main/run_main_module
[1] 15999 segmentation fault out/Release/node test/parallel/test-util-parse-env.js
I started a discussion on the Chromium Slack about the build issues.
The DCHECK in the snapshot serializer happens with a value of type InterceptorInfo. This corresponds to the error from the release build (which happens in GetPropertyWithInterceptorInternal).
(lldb) frame variable instance_type
(v8::internal::InstanceType) instance_type = INTERCEPTOR_INFO_TYPE
(lldb) frame variable slot
(v8::internal::ExternalPointerSlot) slot = <could not evaluate DW_OP_entry_value: no call edge for retn-pc = 0x101a06db4 in parent frame void v8::internal::InterceptorInfo::BodyDescriptor::IterateBody<v8::internal::ObjectVisitorForwarder>(v8::internal::Tagged<v8::internal::Map>, v8::internal::Tagged<v8::internal::HeapObject>, int, v8::internal::ObjectVisitorForwarder*)>
(lldb) job host
warning: `this' is not accessible (substituting 0). Couldn't load 'this' because its value couldn't be evaluated
warning: `this' is not accessible (substituting 0). Couldn't load 'this' because its value couldn't be evaluated
0x26058739d3c1: [InterceptorInfo] in OldSpace
- map: 0x1fd3c5ec1761 <Map[80](INTERCEPTOR_INFO_TYPE)>
- data: 0x1fd3c5ec0011 <undefined>
- flags: 13
- optional_padding: 0
- getter: 0x100866c28
- setter: 0x100866e40
- query: 0x1008672f8
- descriptor: 0x1008679b4
- deleter: 0x10086751c
- enumerator: 0x100867604
- definer: 0x1008676dc
--- flags:
- can_intercept_symbols
- is_named
- has_no_side_effect
I don't know which interceptor this is about.
diff --git a/deps/v8/src/snapshot/serializer.cc b/deps/v8/src/snapshot/serializer.cc
index f4cc04b6f4..ae2bd8f256 100644
--- a/deps/v8/src/snapshot/serializer.cc
+++ b/deps/v8/src/snapshot/serializer.cc
@@ -1150,10 +1150,13 @@ void Serializer::ObjectSerializer::VisitExternalPointer(
Tagged<HeapObject> host, ExternalPointerSlot slot) {
PtrComprCageBase cage_base(isolate());
InstanceType instance_type = object_->map(cage_base)->instance_type();
+ InstanceType host_instance_type = host->map(cage_base)->instance_type();
+
if (InstanceTypeChecker::IsForeign(instance_type) ||
InstanceTypeChecker::IsJSExternalObject(instance_type) ||
InstanceTypeChecker::IsAccessorInfo(instance_type) ||
- InstanceTypeChecker::IsFunctionTemplateInfo(instance_type)) {
+ InstanceTypeChecker::IsFunctionTemplateInfo(instance_type) ||
+ InstanceTypeChecker::IsInterceptorInfo(host_instance_type)) {
// Output raw data payload, if any.
OutputRawData(slot.address());
Address value = slot.load(isolate());
This seems enough to make the crash go away. I will trying upstreaming it.
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=benchmark-ubuntu2204-intel-64,v8test=v8test/6536/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-s390x,v8test=v8test/6536/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-ppc64le,v8test=v8test/6536/
Failed to start CI
⚠ No approving reviews found ✘ Refusing to run CI on potentially unsafe PRhttps://github.com/nodejs/node/actions/runs/15070471089
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=benchmark-ubuntu2204-intel-64,v8test=v8test/6561/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-s390x,v8test=v8test/6561/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-ppc64le,v8test=v8test/6561/
@joyeecheung thanks for the V8 patch! @nodejs/tsc @nodejs/v8-update This is ready for reviews.
Landed in ccf227eac8b0de0a0c8c3e39a5f35bab046e79dd...a8217a9eb838eb3b7eae620c8b99cacc04928b24