From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (unknown [IPv6:2602:4b:a4ef:2500:12bf:48ff:fe7c:5584]) by hurricane.the-brannons.com (Postfix) with ESMTPSA id 5527777892 for ; Thu, 23 Jan 2014 12:27:25 -0800 (PST) From: Chris Brannon To: edbrowse-dev@lists.the-brannons.com Date: Thu, 23 Jan 2014 12:27:10 -0800 Message-ID: <87lhy6qw9t.fsf@mushroom.PK5001Z> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Subject: [Edbrowse-dev] garbage collection X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.17 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jan 2014 20:27:25 -0000 I'm more and more convinced that the JavaScript crashes are related to GC and rooting, as Adam suspected. The crashes I'm seeing are occurring in jsdom.c, and they seem to involve corruption of the JS heap, not the heap used for edbrowse strings and other data. Example: this one at line 1185 of jsdom.c from master: v = JS_NewObject(jcx, cp, NULL, owner); One of the pointers passed in is apparently pointing to something that was freed long ago. I don't think it's jcx or cp, so it must be owner. So let's switch gears. I've been working with Adam's code, and it still has GC / rooting issues. From what I can tell, JS_DefineProperty can trigger a GC. We should not be passing unrooted jsval as the fourth argument to JS_DefineProperty as this can also lead to a crash. Also there seems to be a problem in jsloc.cpp, caused by uo, which is a statically allocated pointer to a JS object that is never rooted. -- Chris