原因是一个js里,用createelement('script')方式加载了一段字符串,字符串里有%取模操作。
最后发现,是v8::internal::compiler::OperationTyper::NumberModulus这里执行这个取模操作的,
里面用到了std::abs。
miniblink里实现的abs有点问题,没实现double类型,所以导致计算出错。
下面是堆栈:
v8::internal::compiler::RangeType::Limits::Limitsv8::internal::compiler::Type::Overlapv8::internal::compiler::Type::Maybev8::internal::compiler::OperationTyper::NumberModulusv8::internal::compiler::Typer::Visitor::JSModulusTyperv8::internal::compiler::Typer::Visitor::TypeBinaryOpv8::internal::compiler::Typer::Visitor::Reducev8::internal::compiler::GraphReducer::Reducev8::internal::compiler::GraphReducer::ReduceTopv8::internal::compiler::GraphReducer::ReduceNodev8::internal::compiler::GraphReducer::ReduceGraphv8::internal::compiler::Typer::Runv8::internal::compiler::TyperPhase::Runv8::internal::compiler::PipelineImpl::Run<v8::internal::compilerv8::internal::compiler::PipelineImpl::CreateGraphv8::internal::compiler::PipelineCompilationJob::PrepareJobImplv8::internal::CompilationJob::PrepareJobv8::internal::`anonymous namespace'::GetOptimizedCodeLaterv8::internal::`anonymous namespace'::GetOptimizedCodev8::internal::Compiler::CompileOptimizedv8::internal::__RT_impl_Runtime_CompileOptimized_Concurrent
