{ "id": "162465", "key": "TIMOB-23745", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "16980", "description": "New V8", "name": "Release 6.0.0", "archived": false, "released": true, "releaseDate": "2016-11-15" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2016-08-10T13:09:04.000+0000", "created": "2016-08-08T18:21:43.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [], "versions": [ { "id": "16980", "description": "New V8", "name": "Release 6.0.0", "archived": false, "released": true, "releaseDate": "2016-11-15" } ], "issuelinks": [ { "id": "52336", "type": { "id": "10001", "name": "Cloners", "inward": "is cloned into", "outward": "is cloned from" }, "outwardIssue": { "id": "162464", "key": "TIMOB-23744", "fields": { "summary": "Android: Crash using Ti.Android.R values", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } }, { "id": "52365", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "162509", "key": "TIMOB-23753", "fields": { "summary": "Android: Crash when adding Ti.Network event listener", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } }, { "id": "52367", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "159984", "key": "TIMOB-23310", "fields": { "summary": "Android: Upgrade v8 and rebuild it with NDK 11", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "7", "description": "gh.issue.story.desc", "name": "Story", "subtask": false } } } } ], "assignee": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "updated": "2016-08-23T22:25:07.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "trying to execute Math.random() in JS code will crash the app:\r\n{code:javascript}\r\nconsole.log(Math.random());\r\n{code}\r\n\r\n{code}\r\n08-06 17:15:14.558: A/DEBUG(197): #01 pc 0072d450 /data/app/akylas.alpi.maps-1/lib/arm/libkroll-v8.so (v8::internal::JSArrayBuffer::SetupAllocatingData(v8::internal::Handle, v8::internal::Isolate*, unsigned int, bool, v8::internal::SharedFlag)+64)\r\n08-06 17:15:14.559: A/DEBUG(197): #02 pc 008362b4 /data/app/akylas.alpi.maps-1/lib/arm/libkroll-v8.so (v8::internal::Runtime_GenerateRandomNumbers(int, v8::internal::Object**, v8::internal::Isolate*)+996)\r\n08-06 17:15:14.559: A/DEBUG(197): #03 pc 00000098 \r\n{code}", "attachment": [], "flagged": false, "summary": "Android: Crash using Math.random", "creator": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "subtasks": [], "reporter": { "name": "farfromrefuge", "key": "farfromrefuge", "displayName": "Martin Guillon", "active": false, "timeZone": "Europe/Berlin" }, "environment": null, "closedSprints": [ { "id": 685, "state": "closed", "name": "2016 Sprint 16 SDK", "startDate": "2016-07-30T00:40:02.939Z", "endDate": "2016-08-13T00:40:00.000Z", "completeDate": "2016-08-15T08:00:33.056Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "392648", "author": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "body": "[~farfromrefuge]Do you have a sample to reproduce this? Is it just simply calling Math.random()?", "updateAuthor": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "created": "2016-08-08T18:22:35.000+0000", "updated": "2016-08-08T18:22:35.000+0000" }, { "id": "392654", "author": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "body": "Just calling Math.random().toString() I get:\r\n{code}\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: Build fingerprint: 'Android/sdk_google_phone_x86_64/generic_x86_64:6.0/MASTER/2872745:userdebug/test-keys'\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: Revision: '0'\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: ABI: 'x86'\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: pid: 2715, tid: 2715, name: dsg.sdfg >>> dsg.sdfg <<<\r\n08-08 14:55:40.178 1189-1189/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4ac\r\n08-08 14:55:40.182 1189-1189/? A/DEBUG: eax ff869fa0 ebx e3b3ad60 ecx ff869650 edx 12ce3000\r\n08-08 14:55:40.182 1189-1189/? A/DEBUG: esi 00000200 edi eb3b5000\r\n08-08 14:55:40.182 1189-1189/? A/DEBUG: xcs 00000023 xds 0000002b xes 0000002b xfs 00000007 xss 0000002b\r\n08-08 14:55:40.182 1189-1189/? A/DEBUG: eip 000004ac ebp ff8696e0 esp ff86958c flags 00210202\r\n08-08 14:55:40.192 1189-1189/? A/DEBUG: backtrace:\r\n08-08 14:55:40.192 1189-1189/? A/DEBUG: #00 pc 000004ac \r\n08-08 14:55:40.192 1189-1189/? A/DEBUG: #01 pc 0006c2d0 \r\n08-08 14:55:40.192 1189-1189/? A/DEBUG: #02 pc 0006ac8c \r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #03 pc 0001533d \r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #04 pc 000112a2 \r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #05 pc 007ab4dc /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #06 pc 007ab7e8 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*)+120)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #07 pc 004e19ae /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::Script::Run(v8::Local)+382)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #08 pc 004e1cb9 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::Script::Run()+73)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #09 pc 002d0af6 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (void titanium::WrappedScript::EvalMachine<(titanium::WrappedScript::EvalInputFlags)0, (titanium::WrappedScript::EvalContextFlags)0, (titanium::WrappedScript::EvalOutputFlags)0>(v8::FunctionCallbackInfo const&)+262)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #10 pc 002d0c6b /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (titanium::WrappedScript::CompileRunInThisContext(v8::FunctionCallbackInfo const&)+27)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #11 pc 004e9f94 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo const&))+148)\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #12 pc 00548dbb /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so\r\n08-08 14:55:40.193 1189-1189/? A/DEBUG: #13 pc 005495cc /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so\r\n08-08 14:55:40.197 1189-1189/? A/DEBUG: #14 pc 0000007d \r\n08-08 14:55:40.198 1189-1189/? A/DEBUG: #15 pc 0006a51e \r\n08-08 14:55:40.198 1189-1189/? A/DEBUG: #16 pc 000681d2 \r\n08-08 14:55:40.198 1189-1189/? A/DEBUG: #17 pc 000666d6 \r\n08-08 14:55:40.198 1189-1189/? A/DEBUG: #18 pc 0001533d \r\n08-08 14:55:40.198 1189-1189/? A/DEBUG: #19 pc 000112a2 \r\n08-08 14:55:40.199 1189-1189/? A/DEBUG: #20 pc 007ab4dc /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so\r\n08-08 14:55:40.199 1189-1189/? A/DEBUG: #21 pc 007ab7e8 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*)+120)\r\n08-08 14:55:40.199 1189-1189/? A/DEBUG: #22 pc 004dfd43 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (v8::Function::Call(v8::Local, v8::Local, int, v8::Local*)+323)\r\n08-08 14:55:40.199 1189-1189/? A/DEBUG: #23 pc 002cab95 /data/app/dsg.sdfg-2/lib/x86/libkroll-v8.so (Java_org_appcelerator_kroll_runtime_v8_V8Runtime_nativeRunModule+389)\r\n08-08 14:55:40.199 1189-1189/? A/DEBUG: #24 pc 007e5ca0 /data/app/dsg.sdfg-2/oat/x86/base.odex (offset 0x4f6000)\r\n{code}", "updateAuthor": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "created": "2016-08-08T19:00:00.000+0000", "updated": "2016-08-08T19:00:00.000+0000" }, { "id": "392658", "author": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "body": "After using debug libraries, the ultimate crash is coming inside v8 itself when it calls JSArrayBuffer::SetupAllocatingData as Martin showed above. That method pretty much just deals with the array buffer allocator, which is something we create and set on the Isolate in V8Runtime. Looks like my copy-paste coding of that small impl must not behave properly on Android? My guess is that it's crashing on the Allocate(length) call, presumably when either realloc or memset is called. I'm going to try and just have Allocate always use calloc().", "updateAuthor": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "created": "2016-08-08T20:12:17.000+0000", "updated": "2016-08-08T20:12:17.000+0000" }, { "id": "392663", "author": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "body": "https://github.com/appcelerator/titanium_mobile/pull/8196", "updateAuthor": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "created": "2016-08-08T20:47:10.000+0000", "updated": "2016-08-08T20:47:10.000+0000" }, { "id": "392665", "author": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "body": "Once the PR is confirmed/merged, it needs to be cherry-picked to master branch.", "updateAuthor": { "name": "cwilliams", "key": "cwilliams", "displayName": "Christopher Williams", "active": true, "timeZone": "America/New_York" }, "created": "2016-08-08T20:47:52.000+0000", "updated": "2016-08-08T20:47:52.000+0000" }, { "id": "393992", "author": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the fix.\r\n\r\n{{Math.random()}} does not cause the crash.\r\nClosing.\r\n\r\nEnvironment:\r\nAppc Studio : 4.7.1.201608190732\r\nTi SDK : 6.0.0.v20160822133504\r\nTi CLI : 5.0.9\r\nAlloy : 1.9.1\r\nMAC El Capitan : 10.11.6\r\nAppc NPM : 4.2.7\r\nAppc CLI : 6.0.0-26\r\nNode: 4.4.4\r\nNexus 6 - Android 6.0.1", "updateAuthor": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-08-23T22:24:25.000+0000", "updated": "2016-08-23T22:24:57.000+0000" } ], "maxResults": 6, "total": 6, "startAt": 0 } } }