From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-bk0-x22f.google.com (mail-bk0-x22f.google.com [IPv6:2a00:1450:4008:c01::22f]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 53D5377891 for ; Fri, 24 Jan 2014 02:59:49 -0800 (PST) Received: by mail-bk0-f47.google.com with SMTP id d7so1051397bkh.6 for ; Fri, 24 Jan 2014 02:59:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=ppets8isa4MZGM3LKqCwmgDLxTI/om3Lj9sHu9n/d/o=; b=roaljL7YJjp21tuQ8gYav/zngzIwKcIIbraOdMaQDu0iLLn3zjmZt/5q8iKw8RhwP/ ofc3Owos0ABBsIxb2cRYXZxmj6NQ8GmI8mcboDaYD5D3ah6cRE4jyodBfGytynKOe3Ei SbaPTv65T6OsOJbjdvzSvjkmbgOJ/GZccZfoOApKvpY9W5gvjdwF5YoaxtGklA4hWGRo Oo6UANEESuFLQtYmdQGznSwWW50vpDAdClETghnvRfmpFukDk/YAO5E0OPUg9VA9GZSK /Q25QptoZOEw7AkvzATamUYsThN7W+B7+6YcXjxeLscE1/qJTOCH0drHdcydjamNKWA0 fT7w== X-Received: by 10.204.235.74 with SMTP id kf10mr5631074bkb.51.1390561173577; Fri, 24 Jan 2014 02:59:33 -0800 (PST) Received: from toaster.adamthompson.me.uk (toaster.adamthompson.me.uk. [2001:8b0:1142:9042::2]) by mx.google.com with ESMTPSA id kk3sm2366424bkb.12.2014.01.24.02.59.32 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 24 Jan 2014 02:59:32 -0800 (PST) Date: Fri, 24 Jan 2014 10:59:29 +0000 From: Adam Thompson To: Chris Brannon Message-ID: <20140124105929.GC12450@toaster.adamthompson.me.uk> References: <87lhy6qw9t.fsf@mushroom.PK5001Z> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87lhy6qw9t.fsf@mushroom.PK5001Z> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: edbrowse-dev@lists.the-brannons.com Subject: Re: [Edbrowse-dev] garbage collection1 X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.17 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jan 2014 10:59:49 -0000 On Thu, Jan 23, 2014 at 12:27:10PM -0800, Chris Brannon wrote: > I'm more and more convinced that the JavaScript crashes are related to > GC and rooting, as Adam suspected. The crashes I'm seeing are occurring > in jsdom.c, and they seem to involve corruption of the JS heap, not the > heap used for edbrowse strings and other data. > Example: this one at line 1185 of jsdom.c from master: > v = JS_NewObject(jcx, cp, NULL, owner); > One of the pointers passed in is apparently pointing to something that > was freed long ago. I don't think it's jcx or cp, so it must be owner. If I remember correctly this is in domLink, which I had to fix to get edbrowse passed linking the body tag. I've *hopefully* fixed the uo rooting (thanks for noticing that, I'd removed the rooting when I ran into the NULL pointer problem but never put it back). > So let's switch gears. I've been working with Adam's code, and it still > has GC / rooting issues. From what I can tell, JS_DefineProperty can > trigger a GC. We should not be passing unrooted jsval as the fourth > argument to JS_DefineProperty as this can also lead to a crash. Yeah, I'm not sure how to work around this. If you could test the latest code that'd be useful (corrected jwin and uo rooting). I'm not sure it fixes the event handler bug, but it's hopefully a step closer to stability. Cheers, Adam.