[TIMOB-23744] Android: Crash using Ti.Android.R values

GitHub Issue	n/a
Type	Bug
Priority	Critical
Status	Closed
Resolution	Fixed
Resolution Date	2016-08-10T13:09:14.000+0000
Affected Version/s	Release 6.0.0
Fix Version/s	Release 6.0.0
Components	Android
Labels	n/a
Reporter	Martin Guillon
Assignee	Christopher Williams
Created	2016-08-08T18:14:28.000+0000
Updated	2016-09-15T23:59:53.000+0000

Description

When accessing Ti.Android.R values in your app, it causes a crash. Something as simple as:

console.log(Ti.Android.R.anim);

[INFO] :  art: art/runtime/runtime.cc:289]   native: #11 pc 002b913a  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (_JNIEnv::CallObjectMethod(_jobject*, _jmethodID*, ...)+42)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #12 pc 0030c0a7  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (titanium::RProxy::interceptor(v8::Local<v8::String>, v8::PropertyCallbackInfo<v8::Value> const&)+215)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #13 pc 00853563  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::PropertyCallbackArguments::Call(void (*)(v8::Local<v8::Name>, v8::PropertyCallbackInfo<v8::Value> const&), v8::internal::Handle<v8::internal::Name>)+179)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #14 pc 008d3669  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSObject::GetPropertyAttributesWithInterceptor(v8::internal::LookupIterator*)+1353)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #15 pc 008f3cf3  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::GetPropertyAttributes(v8::internal::LookupIterator*)+67)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #16 pc 008f4cef  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::GetOwnPropertyDescriptor(v8::internal::LookupIterator*, v8::internal::PropertyDescriptor*)+127)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #17 pc 008fdbf6  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::OrdinaryDefineOwnProperty(v8::internal::LookupIterator*, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+86)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #18 pc 008fdd61  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::OrdinaryDefineOwnProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSObject>, v8::internal::Handle<v8::internal::Object>, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+209)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #19 pc 008feab0  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::DefineOwnProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::Object>, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+80)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #20 pc 004d0c12  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::Object::DefineOwnProperty(v8::Local<v8::Context>, v8::Local<v8::Name>, v8::Local<v8::Value>, v8::PropertyAttribute)+402)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #21 pc 002c05d1  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (titanium::Proxy::proxyConstructor(v8::FunctionCallbackInfo<v8::Value> const&)+289)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #22 pc 004e1034  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&))+148)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #23 pc 00540994  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (???)
[INFO] :  art: art/runtime/runtime.cc:289]   native: #24 pc 00540eac  /data/app/com.appcelerator.sample.ti520-1/lib/x86/libkroll-v8.so (???)

Comments

Christopher Williams 2016-08-08

From comments on the Github PR: https://github.com/appcelerator/titanium_mobile/pull/8041#issuecomment-238030109 Looks like this is a generic problem with "interceptors" with the latest V8. From that stack trace it appears that during the proxy constructor we're defining properties, and that somehow triggers the interceptor in the middle of it. The interceptor callback method tries to unwrap the proxy from he JS object and crashes doing so? I see this locally:

   08-08 14:10:14.178 1201-1201/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
   08-08 14:10:14.178 1201-1201/? A/DEBUG: Build fingerprint: 'Android/sdk_google_phone_x86_64/generic_x86_64:6.0/MASTER/2872745:userdebug/test-keys'
   08-08 14:10:14.178 1201-1201/? A/DEBUG: Revision: '0'
   08-08 14:10:14.178 1201-1201/? A/DEBUG: ABI: 'x86'
   08-08 14:10:14.178 1201-1201/? A/DEBUG: pid: 2852, tid: 2852, name: dsg.sdfg  >>> dsg.sdfg <<<
   08-08 14:10:14.185 1201-1201/? A/DEBUG: signal 4 (SIGILL), code 2 (ILL_ILLOPN), fault addr 0xe36920e9
   08-08 14:10:14.193 1201-1201/? A/DEBUG:     eax 00000054  ebx e397ad60  ecx 00000b24  edx 00000000
   08-08 14:10:14.193 1201-1201/? A/DEBUG:     esi eb9e8000  edi 00000003
   08-08 14:10:14.193 1201-1201/? A/DEBUG:     xcs 00000023  xds 0000002b  xes 0000002b  xfs 00000007  xss 0000002b
   08-08 14:10:14.194 1201-1201/? A/DEBUG:     eip e36920e9  ebp 2e730c3d  esp fff5b8f0  flags 00210202
   08-08 14:10:14.255 1201-1201/? A/DEBUG: backtrace:
   08-08 14:10:14.255 1201-1201/? A/DEBUG:     #00 pc 00bc80e9  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::base::OS::Abort()+25)
   08-08 14:10:14.261 1201-1201/? A/DEBUG:     #01 pc 002b62a2  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.261 1201-1201/? A/DEBUG:     #02 pc 004b7af8  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Utils::ReportApiFailure(char const*, char const*)+88)
   08-08 14:10:14.261 1201-1201/? A/DEBUG:     #03 pc 004c69ad  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Object::SlowGetAlignedPointerFromInternalField(int)+205)
   08-08 14:10:14.261 1201-1201/? A/DEBUG:     #04 pc 0030d387  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::RProxy::interceptor(v8::Local<v8::String>, v8::PropertyCallbackInfo<v8::Value> const&)+727)
   08-08 14:10:14.261 1201-1201/? A/DEBUG:     #05 pc 0085c4c3  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::PropertyCallbackArguments::Call(void (*)(v8::Local<v8::Name>, v8::PropertyCallbackInfo<v8::Value> const&), v8::internal::Handle<v8::internal::Name>)+179)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #06 pc 008dc5c9  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSObject::GetPropertyAttributesWithInterceptor(v8::internal::LookupIterator*)+1353)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #07 pc 008fcc53  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::GetPropertyAttributes(v8::internal::LookupIterator*)+67)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #08 pc 008fdc4f  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::GetOwnPropertyDescriptor(v8::internal::LookupIterator*, v8::internal::PropertyDescriptor*)+127)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #09 pc 00906b56  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::OrdinaryDefineOwnProperty(v8::internal::LookupIterator*, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+86)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #10 pc 00906cc1  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::OrdinaryDefineOwnProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSObject>, v8::internal::Handle<v8::internal::Object>, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+209)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #11 pc 00907a10  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::JSReceiver::DefineOwnProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::Object>, v8::internal::PropertyDescriptor*, v8::internal::Object::ShouldThrow)+80)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #12 pc 004d9b72  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Object::DefineOwnProperty(v8::Local<v8::Context>, v8::Local<v8::Name>, v8::Local<v8::Value>, v8::PropertyAttribute)+402)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #13 pc 002c1675  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::Proxy::proxyConstructor(v8::FunctionCallbackInfo<v8::Value> const&)+229)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #14 pc 004e9f94  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&))+148)
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #15 pc 005498f4  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.262 1201-1201/? A/DEBUG:     #16 pc 00549e0c  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.263 1201-1201/? A/DEBUG:     #17 pc 0000007d  <unknown>
   08-08 14:10:14.263 1201-1201/? A/DEBUG:     #18 pc 00015288  <unknown>
   08-08 14:10:14.263 1201-1201/? A/DEBUG:     #19 pc 000153fd  <unknown>
   08-08 14:10:14.263 1201-1201/? A/DEBUG:     #20 pc 00011382  <unknown>
   08-08 14:10:14.263 1201-1201/? A/DEBUG:     #21 pc 007ab4dc  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.264 1201-1201/? A/DEBUG:     #22 pc 007ab9e7  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Execution::New(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)+71)
   08-08 14:10:14.264 1201-1201/? A/DEBUG:     #23 pc 004deefc  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Function::NewInstance(v8::Local<v8::Context>, int, v8::Local<v8::Value>*) const+316)
   08-08 14:10:14.264 1201-1201/? A/DEBUG:     #24 pc 004df265  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Function::NewInstance(int, v8::Local<v8::Value>*) const+85)
   08-08 14:10:14.264 1201-1201/? A/DEBUG:     #25 pc 002c2d85  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::ProxyFactory::createV8Proxy(v8::Isolate*, _jclass*, _jobject*)+325)
   08-08 14:10:14.264 1201-1201/? A/DEBUG:     #26 pc 002c672b  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::TypeConverter::javaObjectToJsValue(v8::Isolate*, _JNIEnv*, _jobject*)+1115)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #27 pc 00335f80  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::AndroidModule::getter_R(v8::Local<v8::Name>, v8::PropertyCallbackInfo<v8::Value> const&)+272)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #28 pc 0085c4c3  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::PropertyCallbackArguments::Call(void (*)(v8::Local<v8::Name>, v8::PropertyCallbackInfo<v8::Value> const&), v8::internal::Handle<v8::internal::Name>)+179)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #29 pc 008bc5aa  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Object::GetPropertyWithAccessor(v8::internal::LookupIterator*)+458)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #30 pc 008fe4f3  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Object::GetProperty(v8::internal::LookupIterator*)+371)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #31 pc 0085f931  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::LoadIC::Load(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Name>)+177)
   08-08 14:10:14.267 1201-1201/? A/DEBUG:     #32 pc 0086b125  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Runtime_LoadIC_Miss(int, v8::internal::Object**, v8::internal::Isolate*)+1893)
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #33 pc 0000007d  <unknown>
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #34 pc 0006ad09  <unknown>
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #35 pc 0001533d  <unknown>
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #36 pc 000112a2  <unknown>
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #37 pc 007ab4dc  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #38 pc 007ab7e8  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)+120)
   08-08 14:10:14.268 1201-1201/? A/DEBUG:     #39 pc 004e19ae  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Script::Run(v8::Local<v8::Context>)+382)
   08-08 14:10:14.269 1201-1201/? A/DEBUG:     #40 pc 004e1cb9  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Script::Run()+73)
   08-08 14:10:14.269 1201-1201/? A/DEBUG:     #41 pc 002d0af6  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (void titanium::WrappedScript::EvalMachine<(titanium::WrappedScript::EvalInputFlags)0, (titanium::WrappedScript::EvalContextFlags)0, (titanium::WrappedScript::EvalOutputFlags)0>(v8::FunctionCallbackInfo<v8::Value> const&)+262)
   08-08 14:10:14.269 1201-1201/? A/DEBUG:     #42 pc 002d0c6b  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (titanium::WrappedScript::CompileRunInThisContext(v8::FunctionCallbackInfo<v8::Value> const&)+27)
   08-08 14:10:14.269 1201-1201/? A/DEBUG:     #43 pc 004e9f94  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&))+148)
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #44 pc 00548dbb  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #45 pc 005495cc  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #46 pc 0000007d  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #47 pc 0006a51e  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #48 pc 000681d2  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #49 pc 000666d6  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #50 pc 0001533d  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #51 pc 000112a2  <unknown>
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #52 pc 007ab4dc  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so
   08-08 14:10:14.270 1201-1201/? A/DEBUG:     #53 pc 007ab7e8  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)+120)
   08-08 14:10:14.271 1201-1201/? A/DEBUG:     #54 pc 004dfd43  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*)+323)
   08-08 14:10:14.271 1201-1201/? A/DEBUG:     #55 pc 002cab95  /data/app/dsg.sdfg-1/lib/x86/libkroll-v8.so (Java_org_appcelerator_kroll_runtime_v8_V8Runtime_nativeRunModule+389)
   08-08 14:10:14.271 1201-1201/? A/DEBUG:     #56 pc 007e5ca0  /data/app/dsg.sdfg-1/oat/x86/base.odex (offset 0x4f6000)

Christopher Williams 2016-08-08

Looks to be an issue when we're constructing objects with order of when things happen. Basically we need to ensure we've wrapped the JS object in a C++ Proxy object and then that we create a Java object to pair with the JS object - before we ever try to call any methods on this proxy. I can move the Proxy wrapping up over the DefineOwnProperty call, to fix the Proxy::unwrap() call failing, but then the JNI invocation on the interceptor fails because the Java object is null. So I can: eliminate the call to DefineOwnPrperty to define the internal _properties object in every proxy instance. Then I guess I'd have to modify any code that used that to assume it may not exist and to initialize it first. Or I can make the interceptor code know to check for a null Java object and return early.
Christopher Williams 2016-08-08

https://github.com/appcelerator/titanium_mobile/pull/8195
Christopher Williams 2016-08-08

Once the PR is confirmed/merged, it needs to be cherry-picked to master branch.
Lokesh Choudhary 2016-09-15

Verified the fix. Ti.Android.R values do not cause crash. Closing. Environment: Appc Studio : 4.8.0.201609061702 Ti SDK : 6.0.0.v20160915125929 Ti CLI : 5.0.9 Alloy : 1.9.1 MAC El Capitan : 10.11.6 Appc NPM : 4.2.8-6 Appc CLI : 6.0.0-44 Node: 4.4.4 Nexus 6 - Android 6.0.1

JSON Source