Dartium: Aw, Snap! with bad super constructor call

[justinfagnani]

I was trying to reproduce an "aw, snap" with a larger program and couldn't create a minimal example for it, but stumbled on this crash:

A bad super constructor call, in some odd set of circumstances, crashes Dartium. Attached are the files in a state that crashes consistently, but I can't reduce the case much further before it become inconsistent. I'm not sure if isolates are required or not.

Not that Snap does not extend Aw like I intended when writing the code, so the super(a, b) call is wrong and should throw an error.

This is with build 13795 on OS X

---

Attachments:
aw_snap.dart (497 Bytes)
aw_snap.html (292 Bytes)

[DartBot]

This comment was originally written by [email protected]

---

Set owner to [email protected].
Added this to the M2 milestone.

[DartBot]

This comment was originally written by [email protected]

---

This looks like DartVM issue. Running in DumpRenderTree (./out/Debug/DumpRenderTree --no-timeout $(realpath aw_snap.html), in aw_snap.html change dart.js script to <script>navigator.webkitStartDart()</script>), leads to assert with the following stack trace:

(gdb) bt
#­0 0x00007ffff0f5fa75 in *__GI_raise (sig=<optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#­1 0x00007ffff0f635c0 in *__GI_abort () at abort.c:92
#­2 0x0000000002cb9f84 in dart::DynamicAssertionHelper::Fail (this=0x7fffffff9760,
    format=0x51bae88 "expected: %s") at ../../dart/runtime/platform/assert.cc:40
#­3 0x0000000002cd7bc5 in dart::RawContextScope::WriteTo (this=0x7fffe3a33231,
    writer=0x7fffffffab10, object_id=144, kind=dart::Snapshot::kScript)
    at ../../dart/runtime/vm/raw_object_snapshot.cc:1244
#­4 0x0000000002ca4899 in dart::SnapshotWriter::WriteObjectRef (this=0x7fffffffab10,
    raw=0x7fffe3a33231) at ../../dart/runtime/vm/snapshot.cc:879
#­5 0x0000000002ca76ac in dart::SnapshotWriterVisitor::VisitPointers (this=0x7fffffff9b30,
    first=0x7fffe3a33208, last=0x7fffe3a33220) at ../../dart/runtime/vm/snapshot.cc:1171
#­6 0x0000000002cd4f10 in dart::RawClosureData::WriteTo (this=0x7fffe3a33201,
    writer=0x7fffffffab10, object_id=143, kind=dart::Snapshot::kScript)
    at ../../dart/runtime/vm/raw_object_snapshot.cc:510
#­7 0x0000000002ca446a in dart::SnapshotWriter::WriteObjectRef (this=0x7fffffffab10,
    raw=0x7fffe3a33201) at ../../dart/runtime/vm/snapshot.cc:879
#­8 0x0000000002ca76ac in dart::SnapshotWriterVisitor::VisitPointers (this=0x7fffffff9f20,
    first=0x7fffe3a33198, last=0x7fffe3a331d0) at ../../dart/runtime/vm/snapshot.cc:1171
#­9 0x0000000002cd56fc in dart::RawFunction::WriteTo (this=0x7fffe3a33191,
    writer=0x7fffffffab10, object_id=137, kind=dart::Snapshot::kScript)
    at ../../dart/runtime/vm/raw_object_snapshot.cc:624
#­10 0x0000000002ca442b in dart::SnapshotWriter::WriteObjectRef (this=0x7fffffffab10,
    raw=0x7fffe3a33191) at ../../dart/runtime/vm/snapshot.cc:879
#­11 0x0000000002ca76ac in dart::SnapshotWriterVisitor::VisitPointers (this=0x7fffffffa310,
    first=0x7fffe3a33288, last=0x7fffe3a332f8) at ../../dart/runtime/vm/snapshot.cc:1171
#­12 0x0000000002cd38da in dart::RawClass::WriteTo (this=0x7fffe3a33281,
    writer=0x7fffffffab10, object_id=109, kind=dart::Snapshot::kScript)
    at ../../dart/runtime/vm/raw_object_snapshot.cc:108
#­13 0x0000000002ca42cf in dart::SnapshotWriter::WriteObjectRef (this=0x7fffffffab10,
    raw=0x7fffe3a33281) at ../../dart/runtime/vm/snapshot.cc:879
#­14 0x0000000002ca7597 in dart::SnapshotWriter::ArrayWriteTo (this=0x7fffffffab10,
    object_id=106, array_kind=52, tags=3410432, length=
    0x22 <WebCore::SVGStyledLocatableElement::~SVGStyledLocatableElement()+18>,
    type_arguments=0x7fffeae40031, data=0x7fffe3a31ec8)
    at ../../dart/runtime/vm/snapshot.cc:1151
#­15 0x0000000002cd9d35 in dart::RawArray::WriteTo (this=0x7fffe3a31eb1,
    writer=0x7fffffffab10, object_id=106, kind=dart::Snapshot::kScript)
    at ../../dart/runtime/vm/raw_object_snapshot.cc:1969
#­16 0x0000000002ca6b5d in dart::SnapshotWriter::WriteInlinedObject (this=0x7fffffffab10,
    raw=0x7fffe3a31eb1) at ../../dart/runtime/vm/snapshot.cc:1076
#­17 0x0000000002ca72dd in dart::SnapshotWriter::WriteForwardedObjects (this=0x7fffffffab10)
    at ../../dart/runtime/vm/snapshot.cc:1094
#­18 0x0000000002ca3e23 in dart::SnapshotWriter::WriteObject (this=0x7fffffffab10,
    rawobj=0x7fffe3a31e01) at ../../dart/runtime/vm/snapshot.cc:750
#­19 0x0000000002ca7635 in dart::ScriptSnapshotWriter::WriteScriptSnapshot (
    this=0x7fffffffab10, lib=...) at ../../dart/runtime/vm/snapshot.cc:1161
#­20 0x00000000020d41fb in dart::Dart_CreateScriptSnapshot (buffer=0x7fffffffacc0,
    size=0x7fffffffacb8) at ../../dart/runtime/vm/dart_api_impl.cc:920
#­21 0x0000000000af2230 in WebCore::DartController::createPureIsolateCallback (
    scriptURL=0x7fffeab361e0 "file:///usr/local/google/home/antonm/1/dartium/src/aw_snap.dart", entryPoint=0x7fffeb4ff1b0 "snap", data=0x7fffeab19180, errorMsg=0x7fffffffb648)
    at ../../third_party/WebKit/Source/WebCore/bindings/dart/DartController.cpp:251
#­22 0x0000000002d6d838 in dart::CreateIsolate (state=0x7fffeb5bb270, error=0x7fffffffb648)
    at ../../dart/runtime/lib/isolate.cc:298
#­23 0x0000000002d6dda2 in dart::Spawn (arguments=0x7fffffffc020, state=0x7fffeb5bb270)
    at ../../dart/runtime/lib/isolate.cc:374
#­24 0x0000000002d6e36e in dart::DN_Helperisolate_spawnFunction (isolate=0x7fffeab93000,
    arguments=0x7fffffffc020) at ../../dart/runtime/lib/isolate.cc:425
#­25 0x0000000002d6e0ba in dart::BootstrapNatives::DN_isolate_spawnFunction (

Siva, may you have a look please?

---

cc @iposva-google.
Set owner to @a-siva.
Removed Area-Dartium label.
Added Area-VM label.

[a-siva]

Added Duplicate label.
Marked as being merged into #6358.