node v0.12.4 segfault using arrow functions

[greghutch]

Repro case (on ubuntu, using 64 bit node):

ubuntu-~/vanilla-node/node-v0.12.4-linux-x64$ ./bin/node --version
v0.12.4
ubuntu-~/vanilla-node/node-v0.12.4-linux-x64$ ./bin/node --harmony_arrow_functions -e 'var bar = () => /aoeu/; bar()'
Segmentation fault (core dumped)
ubuntu-~/vanilla-node/node-v0.12.4-linux-x64$ 

The backtrace looks like this:

gdb) bt
#0  0x0000000000b3489f in v8::internal::Parser::ParseLazy(v8::internal::Utf16CharacterStream*) ()
#1  0x0000000000b34aff in v8::internal::Parser::ParseLazy() ()
#2  0x0000000000b35c58 in v8::internal::Parser::Parse() ()
#3  0x00000000008cba82 in v8::internal::Parser::Parse(v8::internal::CompilationInfo*, bool) ()
#4  0x00000000008ce347 in v8::internal::GetUnoptimizedCodeCommon(v8::internal::CompilationInfo*) ()
#5  0x00000000008cf8e9 in v8::internal::Compiler::GetUnoptimizedCode(v8::internal::Handle<v8::internal::JSFunction>) ()
#6  0x0000000000b7a386 in v8::internal::Runtime_CompileUnoptimized(int, v8::internal::Object**, v8::internal::Isolate*) ()
#7  0x00001bd059d060a2 in ?? ()
#8  0x00001bd059d06001 in ?? ()
#9  0x00007fff33e53480 in ?? ()
#10 0x00007fff33e534c8 in ?? ()
#11 0x00001bd059d1f18d in ?? ()
#12 0x000006eaa7093bd1 in ?? ()
#13 0x000006eaa7093bd1 in ?? ()
#14 0x00001bd059d1f101 in ?? ()
#15 0x0000000800000000 in ?? ()
#16 0x000005412506eab9 in ?? ()
#17 0x00007fff33e53500 in ?? ()
#18 0x00001bd059d9d3ef in ?? ()
#19 0x0000054125004121 in ?? ()
#20 0x000006eaa7093bd1 in ?? ()
#21 0x0000054125004121 in ?? ()
#22 0x0000246b08b1aa49 in ?? ()
#23 0x000005412506eab9 in ?? ()
#24 0x00007fff33e53538 in ?? ()
#25 0x00001bd059d1ef40 in ?? ()
#26 0x00000541250107f9 in ?? ()
#27 0x0000246b08b1aa49 in ?? ()
#28 0x00001bd059d1ee81 in ?? ()
#29 0x0000000800000000 in ?? ()
#30 0x0000000000000000 in ?? ()
(gdb) 

[trevnorris]

This is from V8 3.14, where it's an experimental feature. This feature is still experimental as of 4.3. Don't think there's much that can be done to remedy this issue.

[greghutch]

Thanks. Was just surprised to see my buggy code crash node 😄

[trevnorris]

Honestly I'm also surprised to see even an experimental feature blow up like that.

[ChALkeR]

Just for the reference: this is still broken in v8 4.2 and is fixed in v8 4.3 (io.js next branch atm, should go into 3.0).
But there are other segfaults with arrow functions, and you should not use them in your production code until they are enabled by default: nodejs/node#1655.

[jasnell]

Going to close this here since there's really nothing we can do in this repo. @greghutch ... I'd recommend that you test this against io.js moving forward (then eventually the converged repo)