My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 141021: emscripten demo crashes chrome tab
6 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Closed:  Sep 2012

  • Only users with Commit permission may comment.

Sign in to add a comment
Reported by, Aug 6, 2012
Chrome Version       : 21.0.1180.60
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 5:
Firefox 4.x:
IE 7/8/9:

What steps will reproduce the problem?
1. Launch url
2. Tab crashes.
3. If it doesn't crash refresh

The attached url crashes the tab for me 9 times out of 10.

What is the expected result?

What happens instead?

Please provide any additional information below. Attach a screenshot if

UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.60 Safari/537.1

Aug 13, 2012
I can reproduce this on Ubuntu 12.04, Chrome 22.0.1229.2 dev. I usually need to refresh the page a few times.

I have also seen tab crashes in other emscripten-compiled projects recently, for example BananaBread (if I play the demo for a while, the tab tends to crash).

Aug 21, 2012
I can reproduce what seems like it could be the exact same problem on

Running the tab the first time is ok. But when I refresh it always crashes the tab.

Aug 27, 2012
Bullet demo reliably crashes on me on the Mac Canary (23.0.1245.0). Stack indicates V8 problem. HAdd seems to have a NULL pointer somewhere inside:

0x01359531	 [Google Chrome Framework]	 -]	v8::internal::LChunkBuilder::DoArithmeticT
0x0135e509	 [Google Chrome Framework]	 -]	v8::internal::LChunkBuilder::DoAdd
0x0118d6d7	 [Google Chrome Framework]	 -]	v8::internal::HAdd::CompileToLithium
0x013586f4	 [Google Chrome Framework]	 -]	v8::internal::LChunkBuilder::VisitInstruction
0x01358256	 [Google Chrome Framework]	 -]	v8::internal::LChunkBuilder::DoBasicBlock
0x0135808a	 [Google Chrome Framework]	 -]	v8::internal::LChunkBuilder::Build
0x012004de	 [Google Chrome Framework]	 -]	v8::internal::LChunk::NewChunk
0x0112705d	 [Google Chrome Framework]	 -]	v8::internal::OptimizingCompiler::OptimizeGraph
0x011298ab	 [Google Chrome Framework]	 -]	v8::internal::GenerateCode
0x01128549	 [Google Chrome Framework]	 -]	v8::internal::Compiler::CompileLazy
0x0123af14	 [Google Chrome Framework]	 -]	v8::internal::JSFunction::CompileOptimized
0x0129eed1	 [Google Chrome Framework]	 -]	v8::internal::Runtime_LazyRecompile

I have a feeling that most probably it is related to the stack check elimination. It builds HAdd with NULL context and representation coming from another addition (see BuildOffsetAdd and CoverCheck). In debug mode there is an assertion that checks that index is represented as Integer32 however HBoundsCheck does allow index to be tagged (see HBoundsCheck::RequiredInputRepresentation) so I am not sure how it holds. Debugging is required however to confirm this hypothesis.

Status: Assigned
Labels: -Area-Undefined Area-WebKit
Aug 27, 2012
No crash with --noarray_bounds_checks_elimination which seems to confirm my hypothesis. Probably it should be disabled on trunk.
Aug 27, 2012
With a debug build one gets the following on

# Fatal error in v8/src/, line 3530
# CHECK(new_check->index()->representation().IsInteger32()) failed

Labels: -OS-Windows
Aug 28, 2012
(No comment was entered for this change.)
Sep 6, 2012
Any progress with this one? Massi, at the very least, we should disable ABC if you haven't already until this issue is fixed.
Sep 12, 2012
Fix committed in r12493.
Status: Fixed
Sep 12, 2012
(I meant committed in the V8 tree as r12493...)
Oct 13, 2012
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels: Restrict-AddIssueComment-Commit
Mar 10, 2013
(No comment was entered for this change.)
Labels: -Area-WebKit Cr-Content
Apr 5, 2013
(No comment was entered for this change.)
Labels: -Cr-Content Cr-Blink
Sign in to add a comment

Powered by Google Project Hosting