vscode: VS Code renderer crashes when setting certain breakpoints

no 100% reproduce but very often that when I debug a unit test in vscode repo through the self host test extension, the process crashes.



#
# Fatal error in , line 0
# ignored
#
#
#
#FailureMessage Object: 0x7ffee59af6300   Electron Framework                  0x0000000112872879 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 6161385
1   Electron Framework                  0x0000000115965473 v8::internal::compiler::ZoneStats::GetCurrentAllocatedBytes() const + 12547347
2   Electron Framework                  0x00000001171f1f0d v8::internal::compiler::ZoneStats::GetCurrentAllocatedBytes() const + 38289325
3   Electron Framework                  0x00000001171dfad1 v8::internal::compiler::ZoneStats::GetCurrentAllocatedBytes() const + 38214513
4   Electron Framework                  0x0000000111f59012 v8::internal::RegExpParser::ParseRegExp(v8::internal::Isolate*, v8::internal::Zone*, v8::internal::FlatStringReader*, v8::base::Flags<v8::internal::JSRegExp::Flag, int>, v8::internal::RegExpCompileData*) + 1762
5   Electron Framework                  0x0000000111f53508 v8::internal::RegExpMacroAssembler::LoadCurrentCharacter(int, v8::internal::Label*, bool, int, int) + 1336
6   Electron Framework                  0x0000000111f5bb71 v8::internal::RegExp::Exec(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSRegExp>, v8::internal::Handle<v8::internal::String>, int, v8::internal::Handle<v8::internal::RegExpMatchInfo>) + 4465
7   Electron Framework                  0x0000000111f5aaf8 v8::internal::RegExp::Exec(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSRegExp>, v8::internal::Handle<v8::internal::String>, int, v8::internal::Handle<v8::internal::RegExpMatchInfo>) + 248
8   Electron Framework                  0x0000000111f6e0c1 v8::internal::Runtime::SetObjectProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::StoreOrigin, v8::Maybe<v8::internal::ShouldThrow>) + 19761
9   Electron Framework                  0x00000001123006f8 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 451176
10  Electron Framework                  0x0000000112351c7b v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 784363
Renderer process crashed with: {"reason":"crashed","exitCode":4}
Waiting for the debugger to disconnect...

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 24 (24 by maintainers)

Most upvoted comments

Update on what is known so far:

Crash is triggered by CHECk at https://source.chromium.org/chromium/chromium/src/+/main:v8/src/regexp/regexp-stack.cc;l=19. It was added to avoid re-entrancy in Irregexp, basically no new regex should be executed on the same thread while there is an active Irregexp.
https://github.com/microsoft/vscode/issues/127861#issuecomment-899649104 provided a reliable way to repro the issue.
Stacktrace https://gist.github.com/deepak1556/c1f197550930b33cae7fe4d7997699ee
From 3) one of the CDP commands setBreakpointByUrl issued by vscode-js-debug uses regex. This CDP calls into v8 which eventually calls into native Regexp code https://source.chromium.org/chromium/chromium/src/+/main:v8/src/inspector/v8-regex.cc;l=49-105
During one of the above regex calls an interrupt is issued, which continues to process the breakpoint CDP calls leading to reentrancy in the regexp stack.

With trace_regexp_bytecode v8 flag, I was able to track the regexp calls before the crash. Currently working on creating a minimal repro with the above CDP call.

deepak1556 on Sep 10, 2021

Crbug: https://bugs.chromium.org/p/chromium/issues/detail?id=1250646

deepak1556 on Sep 17, 2021

@rebornix I’d like to reproduce this. Could you please provide detailed steps for

“when I debug a unit test in vscode repo through the self host test extension,”

weinand on Jul 5, 2021