regexp crash on ppc64le

[kapouer]

Version

v18.7.0

Platform

Linux plummer 5.10.0-16-powerpc64le #1 SMP Debian 5.10.127-2 (2022-07-23) ppc64le GNU/Linux

Subsystem

v8 regexp

What steps will reproduce the bug?

Run the attached file which contains a very long regexp.

./node-v18.7.0-linux-ppc64le/bin/node crash_irregexp_ppc64el.js

crash_irregexp_ppc64el.js.txt

How often does it reproduce? Is there a required condition?

Always.

What is the expected behavior?

No crash, as on the other architectures.

What do you see instead?

#
# Fatal error in , line 0
# Check failed: scratch != no_reg.
#
#
#
#FailureMessage Object: 0x7fffc512d510
 1: 0x1083dbf4  [./node]
 2: 0x12137b9c V8_Fatal(char const*, ...) [./node]
 3: 0x11542b8c v8::internal::TurboAssembler::StoreU64(v8::internal::Register, v8::internal::MemOperand const&, v8::internal::Register) [./node]
 4: 0x11598650 v8::internal::RegExpMacroAssemblerPPC::WriteStackPointerToRegister(int) [./node]
 5: 0x1118e6bc v8::internal::ActionNode::Emit(v8::internal::RegExpCompiler*, v8::internal::Trace*) [./node]
 6: 0x111847cc v8::internal::RegExpCompiler::Assemble(v8::internal::Isolate*, v8::internal::RegExpMacroAssembler*, v8::internal::RegExpNode*, int, v8::internal::Handle<v8::internal::String>) [./node]
 7: 0x111b0db4 v8::internal::RegExpImpl::Compile(v8::internal::Isolate*, v8::internal::Zone*, v8::internal::RegExpCompileData*, v8::base::Flags<v8::internal::RegExpFlag, int>, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::String>, bool, unsigned int&) [./node]
 8: 0x111b16c4 v8::internal::RegExpImpl::CompileIrregexp(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSRegExp>, v8::internal::Handle<v8::internal::String>, bool) [./node]
 9: 0x111b23ec v8::internal::RegExpImpl::IrregexpPrepare(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSRegExp>, v8::internal::Handle<v8::internal::String>) [./node]
10: 0x111b27a8 v8::internal::RegExpImpl::IrregexpExec(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSRegExp>, v8::internal::Handle<v8::internal::String>, int, v8::internal::Handle<v8::internal::RegExpMatchInfo>, v8::internal::RegExp::ExecQuirks) [./node]
11: 0x111e9658 v8::internal::Runtime_RegExpExec(int, unsigned long*, v8::internal::Isolate*) [./node]
12: 0x1174bec0  [./node]
Trace/breakpoint trap

Additional information

It seems upstream v8 has fixed a similar bug not so long ago (their fix is already in nodejs), maybe they overlooked something:
v8/v8@9227a8d

Architecture: ppc64le
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Model name: POWER8 (architected), altivec supported
Model: 2.1 (pvr 004b 0201)

[richardlau]

Cc @nodejs/platform-ppc

[miladfarca]

Thanks for reporting this issue, this patch should resolve it https://chromium-review.googlesource.com/c/v8/v8/+/3797832,
will back-port it once reviewed/landed upstream.

[kapouer]

I recompiled node 18.6 with the patch and it doesn't crash anymore.

[kapouer]

Also the test-ci-js suite pass.

[miladfarca]

Glad to hear that, thanks for running the tests.