ccxvii / mujs

An embeddable Javascript interpreter in C.
http://mujs.com/
ISC License
812 stars 98 forks source link

About GC #163

Closed hdcscy closed 2 years ago

hdcscy commented 2 years ago

Hello, My project needs to rely on mujs. A lot of data is generated when init, but after running, some global variables are cleared for no reason, I can confirm that they are used in the beginning, when I try to make the JS_GCFACTOR macro in the jsi.h file bigger, the problem is improved . Is this normally? My guess is that global variables (including global functions) don't make sense if they only have assignments, they will be cleared unless they are used elsewhere before GC.

ccxvii commented 2 years ago

I'm afraid I don't quite understand what you mean.

Can you clarify what you mean by "cleared for no reason"? What is the "problem" that is improved? The standard runtime functions that are created at init are needed, why do you say they would be cleared unless they are used?

You can trigger a manual garbage collection cycle by calling js_gc(). Pass "1" to the report argument to get a report of how much garbage was actually collected.

If you create a MuJS context and immediately run a GC pass when it has started up, there should be NO garbage to collect. The "mujs" shell has some initialization code that generates a few temporary functions that will be garbage collected.

hdcscy commented 2 years ago

I'm afraid I don't quite understand what you mean.

Can you clarify what you mean by "cleared for no reason"? What is the "problem" that is improved? The standard runtime functions that are created at init are needed, why do you say they would be cleared unless they are used?

You can trigger a manual garbage collection cycle by calling js_gc(). Pass "1" to the report argument to get a report of how much garbage was actually collected.

If you create a MuJS context and immediately run a GC pass when it has started up, there should be NO garbage to collect. The "mujs" shell has some initialization code that generates a few temporary functions that will be garbage collected.

Thanks for your reply.

I'm describing it incorrectly, I will elaborate more on the problem I have encountered:

  1. The "init" mentioned above means that I execute all the prepared JS files first through the "js_dofile" function. In these JS files, there are global functions and global variables that need to be used later.
  2. The second step, when I use these global variables and global functions in JS code that actually contains business logic, some of them are cleared by GC.
  3. So I have the above guess: because there is a time interval between initialization and business logic execution, and I don't use these global functions and variables right away, but at this time GC is triggered, and some are cleard. I try to make the JS_GCFACTOR macro in the jsi.h file bigger, modify 5.0 to 50.0, the problem is improved.
  4. I have only one "js_newstate" create environment context from start to finish.

So is this solution that "JS_GCFACTOR" correct? If my mean is still incomplete(because of I am not good at English), please be more tolerant :)

avih commented 2 years ago

I think it's still not clear what "some of them (global vars/functions) are cleared by GC" means, because it definitely should NOT happen.

It would probably be best if you could provide some minimal example of c/js files where the issue happens.

hdcscy commented 2 years ago

I think it's still not clear what "some of them (global vars/functions) are cleared by GC" means, because it definitely should NOT happen.

It would probably be best if you could provide some minimal example of c/js files where the issue happens.

Thanks for your reply. In fact, to put it simply, the global variables or functions I define in one JS file will not be available in another JS file within a random period of time. Although these JS files are read sequentially in C single thread. I tried to write a DEMO, which may not be reproduced because the environment is not as complicated as the actual project. Finally, thanks. I will try to find the reason. At present, the problem can be solved by increasing the value of JS_GCFACTOR.

ccxvii commented 2 years ago

If you can reproduce it reliably by calling js_gc() then you might be able to find out why the GC is removing your variables. The GC should not be able to delete global variables. Have you tried running with valgrind or address-sanitizer to rule out memory corruption issues?

hdcscy commented 2 years ago

If you can reproduce it reliably by calling js_gc() then you might be able to find out why the GC is removing your variables. The GC should not be able to delete global variables. Have you tried running with valgrind or address-sanitizer to rule out memory corruption issues?

okay, thanks, I tried running with address-sanitizer.

==14832==ERROR: AddressSanitizer: heap-use-after-free on address 0x2a78a270 at pc 0x00ca53f8 bp 0x41e0f4d4 sp 0x41e0f4c8

READ of size 4 at 0x2a78a270 thread T64

==14832==WARNING: Failed to use and restart external symbolizer!

#0 0xca53f7 in js_hasvar C:\Users\demo\mujs\jsrun.c:939

#1 0xca10d9 in jsR_run C:\Users\demo\mujs\jsrun.c:1479

#2 0xca5e47 in jsR_calllwfunction C:\Users\demo\mujs\jsrun.c:1020

#3 0xc98bc4 in js_call C:\Users\demo\mujs\jsrun.c:1143

#4 0xc97f53 in js_pcall C:\Users\demo\mujs\jsrun.c:1249

#5 0xd51517 in scrm_timer_runEvery+0x77 (C:\Users\xxx\Desktop\demo\build\qt\debug\ui.exe+0x521517)

#6 0x3837681 in register_onexit_function+0x1f1 (C:\windows\SYSTEM32\ucrtbased.dll+0x100a7681)

#7 0xf148fa0 in _lsan_register_root_region+0x4627c (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\HostX86\x86\clang_rt.asan_dbg_dynamic-i386.dll+0x10048fa0)

#8 0xf14978e in _lsan_register_root_region+0x46a6a (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\HostX86\x86\clang_rt.asan_dbg_dynamic-i386.dll+0x1004978e)

#9 0x768e0418 in BaseThreadInitThunk+0x18 (C:\windows\System32\KERNEL32.DLL+0x6b820418)

#10 0x76ed72fc in RtlGetAppContainerNamedObjectPath+0xec (C:\windows\SYSTEM32\ntdll.dll+0x4b2e72fc)

#11 0x76ed72cc in RtlGetAppContainerNamedObjectPath+0xbc (C:\windows\SYSTEM32\ntdll.dll+0x4b2e72cc)

0x2a78a270 is located 0 bytes inside of 16-byte region [0x2a78a270,0x2a78a280)

freed by thread T0 here:

#0 0xf13c5f3 in _lsan_register_root_region+0x398cf (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\HostX86\x86\clang_rt.asan_dbg_dynamic-i386.dll+0x1003c5f3)

#1 0xca8572 in js_defaultalloc C:\Users\demo\mujs\jsstate.c:28

#2 0xc9f2e6 in js_free C:\Users\demo\mujs\jsrun.c:66

#3 0xc77eff in jsG_freeenvironment C:\Users\demo\mujs\jsgc.c:10

#4 0xc779c6 in js_gc C:\Users\demo\mujs\jsgc.c:190

#5 0xca0712 in jsR_run C:\Users\demo\mujs\jsrun.c:1391

#6 0xca5e47 in jsR_calllwfunction C:\Users\demo\mujs\jsrun.c:1020

#7 0xc98bc4 in js_call C:\Users\demo\mujs\jsrun.c:1143

#8 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#9 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#10 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#11 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#12 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#13 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#14 0xc97f53 in js_pcall C:\Users\demo\mujs\jsrun.c:1249

#15 0xc32b52 in __call_jsFn C:\Users\demo\HttpRequest.cpp:23

#16 0xc407c8 in <lambda_daa70678c37670073dc4fd2a60f5e55c>::operator() C:\Users\demo\HttpRequest.cpp:64

#17 0xc419c2 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,QtPrivate::List<QNetworkReply *>,void,<lambda_daa70678c37670073dc4fd2a60f5e55c> >::call D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:146

#18 0xc39a6f in QtPrivate::Functor<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1>::call<QtPrivate::List<QNetworkReply *>,void> D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:256

#19 0xc41ea1 in QtPrivate::QFunctorSlotObject<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1,QtPrivate::List<QNetworkReply *>,void>::impl D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:443

#20 0x66c303f4 in QDataStream::operator<<+0x34f798 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673703f4)

#21 0x66c774a7 in QDataStream::operator<<+0x39684b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673b74a7)

#22 0x66c685ca in QDataStream::operator<<+0x38796e (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673a85ca)

#23 0x6320bab3 in QNetworkInterface::hardwareAddress+0x1d2c3 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402bab3)

#24 0x6320ca7f in QNetworkInterface::hardwareAddress+0x1e28f (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402ca7f)

#25 0x632167cf in QNetworkInterface::hardwareAddress+0x27fdf (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x640367cf)

#26 0x63218a3b in QNetworkInterface::hardwareAddress+0x2a24b (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x64038a3b)

#27 0x6321139f in QNetworkInterface::hardwareAddress+0x22baf (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6403139f)

previously allocated by thread T0 here:

#0 0xf13c863 in _lsan_register_root_region+0x39b3f (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\HostX86\x86\clang_rt.asan_dbg_dynamic-i386.dll+0x1003c863)

#1 0xca8587 in js_defaultalloc C:\Users\demo\mujs\jsstate.c:31

#2 0xc9f267 in js_malloc C:\Users\demo\mujs\jsrun.c:42

#3 0xca0290 in jsR_newenvironment C:\Users\demo\mujs\jsrun.c:908

#4 0xca5ffd in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1033

#5 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#6 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#7 0xca5e47 in jsR_calllwfunction C:\Users\demo\mujs\jsrun.c:1020

#8 0xc98bc4 in js_call C:\Users\demo\mujs\jsrun.c:1143

#9 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#10 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#11 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#12 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#13 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#14 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#15 0xc97f53 in js_pcall C:\Users\demo\mujs\jsrun.c:1249

#16 0xc32b52 in __call_jsFn C:\Users\demo\HttpRequest.cpp:23

#17 0xc407c8 in <lambda_daa70678c37670073dc4fd2a60f5e55c>::operator() C:\Users\demo\HttpRequest.cpp:64

#18 0xc419c2 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,QtPrivate::List<QNetworkReply *>,void,<lambda_daa70678c37670073dc4fd2a60f5e55c> >::call D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:146

#19 0xc39a6f in QtPrivate::Functor<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1>::call<QtPrivate::List<QNetworkReply *>,void> D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:256

#20 0xc41ea1 in QtPrivate::QFunctorSlotObject<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1,QtPrivate::List<QNetworkReply *>,void>::impl D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:443

#21 0x66c303f4 in QDataStream::operator<<+0x34f798 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673703f4)

#22 0x66c774a7 in QDataStream::operator<<+0x39684b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673b74a7)

#23 0x66c685ca in QDataStream::operator<<+0x38796e (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673a85ca)

#24 0x6320bab3 in QNetworkInterface::hardwareAddress+0x1d2c3 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402bab3)

#25 0x6320ca7f in QNetworkInterface::hardwareAddress+0x1e28f (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402ca7f)

#26 0x632167cf in QNetworkInterface::hardwareAddress+0x27fdf (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x640367cf)

#27 0x63218a3b in QNetworkInterface::hardwareAddress+0x2a24b (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x64038a3b)

Thread T64 created by T0 here:

#0 0xf1498d2 in _lsan_register_root_region+0x46bae (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\HostX86\x86\clang_rt.asan_dbg_dynamic-i386.dll+0x100498d2)

#1 0x3837b65 in beginthreadex+0xe5 (C:\windows\SYSTEM32\ucrtbased.dll+0x100a7b65)

#2 0xd609bd in acl_pthread_create+0x152 (C:\Users\xxx\Desktop\demo\build\qt\debug\ui.exe+0x5309bd)

#3 0xd51971 in scrm_timer_runEvery+0x4d1 (C:\Users\xxx\Desktop\demo\build\qt\debug\ui.exe+0x521971)

#4 0xc98d9a in js_call C:\Users\demo\mujs\jsrun.c:1153

#5 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#6 0xca5e47 in jsR_calllwfunction C:\Users\demo\mujs\jsrun.c:1020

#7 0xc98bc4 in js_call C:\Users\demo\mujs\jsrun.c:1143

#8 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#9 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#10 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#11 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#12 0xca5e47 in jsR_calllwfunction C:\Users\demo\mujs\jsrun.c:1020

#13 0xc98bc4 in js_call C:\Users\demo\mujs\jsrun.c:1143

#14 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#15 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#16 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#17 0xca18c0 in jsR_run C:\Users\demo\mujs\jsrun.c:1612

#18 0xca6295 in jsR_callfunction C:\Users\demo\mujs\jsrun.c:1063

#19 0xc98bfb in js_call C:\Users\demo\mujs\jsrun.c:1145

#20 0xc97f53 in js_pcall C:\Users\demo\mujs\jsrun.c:1249

#21 0xc32b52 in __call_jsFn C:\Users\demo\HttpRequest.cpp:23

#22 0xc407c8 in <lambda_daa70678c37670073dc4fd2a60f5e55c>::operator() C:\Users\demo\HttpRequest.cpp:64

#23 0xc419c2 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,QtPrivate::List<QNetworkReply *>,void,<lambda_daa70678c37670073dc4fd2a60f5e55c> >::call D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:146

#24 0xc39a6f in QtPrivate::Functor<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1>::call<QtPrivate::List<QNetworkReply *>,void> D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:256

#25 0xc41ea1 in QtPrivate::QFunctorSlotObject<<lambda_daa70678c37670073dc4fd2a60f5e55c>,1,QtPrivate::List<QNetworkReply *>,void>::impl D:\Qt\5.15.2\msvc2019\include\QtCore\qobjectdefs_impl.h:443

#26 0x66c303f4 in QDataStream::operator<<+0x34f798 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673703f4)

#27 0x66c774a7 in QDataStream::operator<<+0x39684b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673b74a7)

#28 0x66c685ca in QDataStream::operator<<+0x38796e (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673a85ca)

#29 0x6320bab3 in QNetworkInterface::hardwareAddress+0x1d2c3 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402bab3)

#30 0x6320ca7f in QNetworkInterface::hardwareAddress+0x1e28f (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6402ca7f)

#31 0x632167cf in QNetworkInterface::hardwareAddress+0x27fdf (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x640367cf)

#32 0x63218a3b in QNetworkInterface::hardwareAddress+0x2a24b (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x64038a3b)

#33 0x6321139f in QNetworkInterface::hardwareAddress+0x22baf (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6403139f)

#34 0x6321a5b1 in QNetworkInterface::hardwareAddress+0x2bdc1 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6403a5b1)

#35 0x66c303f4 in QDataStream::operator<<+0x34f798 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673703f4)

#36 0x66c774a7 in QDataStream::operator<<+0x39684b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673b74a7)

#37 0x66c685ca in QDataStream::operator<<+0x38796e (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673a85ca)

#38 0x633d7b49 in QNetworkInterface::hardwareAddress+0x1e9359 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x641f7b49)

#39 0x632ede8d in QNetworkInterface::hardwareAddress+0xff69d (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6410de8d)

#40 0x632f730e in QNetworkInterface::hardwareAddress+0x108b1e (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x6411730e)

#41 0x633dc3b3 in QNetworkInterface::hardwareAddress+0x1edbc3 (D:\Qt\5.15.2\msvc2019\bin\Qt5Networkd.dll+0x641fc3b3)

#42 0x66c70be8 in QDataStream::operator<<+0x38ff8c (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673b0be8)

#43 0x66c69937 in QDataStream::operator<<+0x388cdb (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673a9937)

#44 0x22440a9 in QShortcut::key+0x40397 (D:\Qt\5.15.2\msvc2019\bin\Qt5Widgetsd.dll+0x650640a9)

#45 0x223f634 in QShortcut::key+0x3b922 (D:\Qt\5.15.2\msvc2019\bin\Qt5Widgetsd.dll+0x6505f634)

#46 0x66c1b214 in QDataStream::operator<<+0x33a5b8 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x6735b214)

#47 0x66c19848 in QDataStream::operator<<+0x338bec (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x67359848)

#48 0x66c1cad0 in QDataStream::operator<<+0x33be74 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x6735cad0)

#49 0x66cc7ef2 in QDataStream::operator<<+0x3e7296 (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x67407ef2)

#50 0x12ec5ecf in qt_plugin_instance+0xbeec1 (D:\Qt\5.15.2\msvc2019\plugins\platforms\qwindowsd.dll+0x100c5ecf)

#51 0x66cc6797 in QDataStream::operator<<+0x3e5b3b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x67406797)

#52 0x12ec5ea7 in qt_plugin_instance+0xbee99 (D:\Qt\5.15.2\msvc2019\plugins\platforms\qwindowsd.dll+0x100c5ea7)

#53 0x66c168b7 in QDataStream::operator<<+0x335c5b (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x673568b7)

#54 0x66c16ac8 in QDataStream::operator<<+0x335e6c (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x67356ac8)

#55 0x66c1964a in QDataStream::operator<<+0x3389ee (D:\Qt\5.15.2\msvc2019\bin\Qt5Cored.dll+0x6735964a)

#56 0x2ba8ee7 in QOpenGLFunctions_3_2_Compatibility::glCompressedTexSubImage1D+0x9c897 (D:\Qt\5.15.2\msvc2019\bin\Qt5Guid.dll+0x100d8ee7)

#57 0x223f218 in QShortcut::key+0x3b506 (D:\Qt\5.15.2\msvc2019\bin\Qt5Widgetsd.dll+0x6505f218)

#58 0xcb21e4 in main C:\Users\demo\main.cpp:95

#59 0xdcbec3 in WinMain C:\Users\qt\work\qt\qtbase\src\winmain\qtmain_win.cpp:97

#60 0xdc7cec in invoke_main D:\a01\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:102

#61 0xdc7bf6 in __scrt_common_main_seh D:\a01\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288

#62 0xdc7a9c in __scrt_common_main D:\a01\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330

#63 0xdc7d57 in WinMainCRTStartup D:\a01\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_winmain.cpp:16

#64 0x768e0418 in BaseThreadInitThunk+0x18 (C:\windows\System32\KERNEL32.DLL+0x6b820418)

#65 0x76ed72fc in RtlGetAppContainerNamedObjectPath+0xec (C:\windows\SYSTEM32\ntdll.dll+0x4b2e72fc)

#66 0x76ed72cc in RtlGetAppContainerNamedObjectPath+0xbc (C:\windows\SYSTEM32\ntdll.dll+0x4b2e72cc)

SUMMARY: AddressSanitizer: heap-use-after-free C:\Users\demo\mujs\jsrun.c:939 in js_hasvar

Shadow bytes around the buggy address:

0x354f13f0: fa fa 00 fa fa fa 00 04 fa fa 00 fa fa fa fa fa

0x354f1400: fa fa fa fa fa fa fa fa fa fa 00 fa fa fa 00 fa

0x354f1410: fa fa 00 fa fa fa fa fa fa fa fa fa fa fa fa fa

0x354f1420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 fa

0x354f1430: fa fa 00 00 fa fa 00 fa fa fa 00 fa fa fa 00 fa

=>0x354f1440: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa[fa]fa

0x354f1450: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa fa fa

0x354f1460: fa fa 00 04 fa fa 00 00 fa fa 00 04 fa fa 00 fa

0x354f1470: fa fa 00 fa fa fa 00 fa fa fa 00 00 fa fa 00 04

0x354f1480: fa fa 00 04 fa fa 00 fa fa fa 00 fa fa fa 00 fa

0x354f1490: fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa 00 fa

Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00

Partially addressable: 01 02 03 04 05 06 07

Heap left redzone: fa

Freed heap region: fd

Stack left redzone: f1

Stack mid redzone: f2

Stack right redzone: f3

Stack after return: f5

Stack use after scope: f8

Global redzone: f9

Global init order: f6

Poisoned by user: f7

Container overflow: fc

Array cookie: ac

Intra object redzone: bb

ASan internal: fe

Left alloca redzone: ca

Right alloca redzone: cb

Shadow gap: cc

ccxvii commented 2 years ago

Wait up! Are you using the same js_State context from multiple threads? That's NOT safe.

hdcscy commented 2 years ago

Wait up! Are you using the same js_State context from multiple threads? That's NOT safe.

I confirmed yesterday that it was a multi-threaded synchronization problem. Sorry for wasting your time, thank you again :)