Segfault when running mksnapshot with Electron >=29 on vercel/hyper's snapshot-libs.js

[corneliusroemer]

I've been trying to get vercel/hyper to work wwith more recent electron versions. I've managed to get to v28, but v29 and above fail during the mksnapshot step.

Hacking some logging into mksnapshot, I found that mksnapshot errors with a segfault. The same issue appears not only on macOS arm64 (my dev machine) but apparently also on Ubuntu (at least in CI the error is the same as I get locally).

I tried both Electron 29 and 31, and in both cases there seems to be the same segfault.

It should be possible to reproduce as follows (apologies for not providing something more minimal - one can probably bisect the snapshot-lib.js file to get a minimal trigger).

gh repo clone corneliusroemer/hyper
cd hyper
git checkout try-31
yarn

To get the segfault, run:

$ lldb node_modules/electron-mksnapshot/bin/mksnapshot -- /Users/corneliusromer/code/hyper/cache/snapshot-libs.js --target_os=mac --target_arch=arm64 --embedded_src gen/v8/embedded.S --embedded_variant Default --startup_blob snapshot_blob.bin --no-native-code-counters
(lldb) target create "/Users/corneliusromer/code/hyper/node_modules/electron-mksnapshot/bin/mksnapshot"
Current executable set to '/Users/corneliusromer/code/hyper/node_modules/electron-mksnapshot/bin/mksnapshot' (arm64).
(lldb) settings set -- target.run-args  "/Users/corneliusromer/code/hyper/cache/snapshot-libs.js" "--target_os=mac" "--target_arch=arm64" "--embedded_src" "gen/v8/embedded.S" "--embedded_variant" "Default" "--startup_blob" "snapshot_blob.bin" "--no-native-code-counters"
(lldb) run
Process 22914 launched: '/Users/corneliusromer/code/hyper/node_modules/electron-mksnapshot/bin/mksnapshot' (arm64)
Loading script for embedding: /Users/corneliusromer/code/hyper/cache/snapshot-libs.js
Process 22914 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x5000000000000)
    frame #0: 0x0000000000000000
error: memory read failed for 0x0
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x5000000000000)
  * frame #0: 0x0000000000000000
    frame #1: 0x000000017096806c
    frame #2: 0x0000391473a4dd98
    frame #3: 0x0000391473a4dd98
    frame #4: 0x0000391473afa010
    frame #5: 0x0000391473a4dd98
    frame #6: 0x0000391473a4dd98
    frame #7: 0x0000391473a4dd98
    frame #8: 0x0000391473a4dd98
    frame #9: 0x00000001709640d4
    frame #10: 0x0000391473a4dd98
    frame #11: 0x0000391473a4b7e8
    frame #12: 0x0000391473a4b434
    frame #13: 0x000000010011905c mksnapshot`v8::internal::ThreadIsolation::CanLookupStartOfJitAllocationAt(unsigned long) + 286572
    frame #14: 0x0000000100119c4c mksnapshot`v8::internal::ThreadIsolation::CanLookupStartOfJitAllocationAt(unsigned long) + 289628
    frame #15: 0x000000010001f5a0 mksnapshot`v8::Script::Run(v8::Local<v8::Context>) + 644
    frame #16: 0x000000010062198c mksnapshot`v8::internal::TickSample::GetStackSample(v8::internal::Isolate*, v8::RegisterState*, v8::internal::TickSample::RecordCEntryFrame, void**, unsigned long, v8::SampleInfo*, v8::StateTag*, bool) + 630944
    frame #17: 0x0000000100621850 mksnapshot`v8::internal::TickSample::GetStackSample(v8::internal::Isolate*, v8::RegisterState*, v8::internal::TickSample::RecordCEntryFrame, void**, unsigned long, v8::SampleInfo*, v8::StateTag*, bool) + 630628
    frame #18: 0x0000000100017a68 mksnapshot`_mh_execute_header + 96872
    frame #19: 0x000000019c56f154 dyld`start + 2476

Should I report this to chromium, similar to e.g. https://issues.chromium.org/issues/353552530 chromiumembedded/cef#3734

Update: I've added a comment https://issues.chromium.org/issues/345280736#comment10

[corneliusroemer]

The segfault doesn't happen with electron 28.3.3 which comes with v8 12.0.267.19

It does happen with electron 29.0.0, with Chromium 122.0.6261.39