segfault on some dll loads from interactive shell but not scripts

[GoogleCodeExporter]

Weird: on some of the DLLs i get a segfault if i open SOME of them from an
interactive shell, but not when run from scripts.

stephan@jareth:~/cvs/v8-juice/trunk$ ldd ~/bin/v8-juice-shell 
    linux-gate.so.1 =>  (0xb80e3000)
    libv8_g.so => /home/stephan/lib/libv8_g.so (0xb7dc7000)
    libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d96000)
    libv8-juice.so => /home/stephan/lib/libv8-juice.so (0xb7d6f000)
    libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7d6b000)
    libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7c7d000)
    libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7c57000)
    libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7c48000)
    libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7aea000)
    /lib/ld-linux.so.2 (0xb80c9000)
stephan@jareth:~/cvs/v8-juice/trunk$ ~/bin/v8-juice-shell 
V8 version 1.0.3.4
> load_plugin('v8-juice-whio');
Segmentation fault
stephan@jareth:~/cvs/v8-juice/trunk$ gdb --args ~/bin/v8-juice-shell 
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(gdb) load_plugin('v8-juice-whio');
Undefined command: "load_plugin".  Try "help".
(gdb) r
Starting program: /home/stephan/bin/v8-juice-shell 
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
V8 version 1.0.3.4
> load_plugin('v8-juice-whio');
[New Thread 0xb79dc6c0 (LWP 31910)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79dc6c0 (LWP 31910)]
0xb7daf3ae in v8::internal::HeapObject::map_word (this=0xbaddead) at
src/objects-inl.h:902
902   return MapWord(reinterpret_cast<uintptr_t>(READ_FIELD(this,
kMapOffset)));
Current language:  auto; currently c++
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/stephan/bin/v8-juice-shell 
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
V8 version 1.0.3.4
> load_plugin('ni');
(shell):1: LoadPlugin("ni") DLL error message: dll=[]:
v8::juice::plugin::open(ni): No DLL found.
load_plugin('ni');
^
> load_plugin('v8-juice-sqlite3');
[New Thread 0xb79526c0 (LWP 31918)]
function () { [native code] }
> load_plugin('v8-juice-ncurses');

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79526c0 (LWP 31918)]
0xb7d253ae in v8::internal::HeapObject::map_word (this=0xbaddead) at
src/objects-inl.h:902
902   return MapWord(reinterpret_cast<uintptr_t>(READ_FIELD(this,
kMapOffset)));
(gdb) load_plugin('v8-juice-stringstuff')
Undefined command: "load_plugin".  Try "help".
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/stephan/bin/v8-juice-shell 
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
V8 version 1.0.3.4
> load_plugin('v8-juice-stringstuff')
[New Thread 0xb794f6c0 (LWP 31922)]
[object global]
> print(sprintf("hi %d",24));
hi 24

It seems that the ones which are crashing are those which add Objects to
the global scope:

stephan@jareth:~/cvs/v8-juice/trunk/src/client/shell$ ./v8-juice-shell 
V8 version 1.0.3.4
> load_plugin('v8-juice-whio');
Segmentation fault
stephan@jareth:~/cvs/v8-juice/trunk/src/client/shell$ ./v8-juice-shell 
V8 version 1.0.3.4
>  load_plugin('v8-juice-sqlite3');
function () { [native code] }
> load_plugin('v8-juice-ncurses');
Segmentation fault
stephan@jareth:~/cvs/v8-juice/trunk/src/client/shell$ ./v8-juice-shell 
V8 version 1.0.3.4
>  load_plugin('v8-juice-stringstuff');
[object global]

which implies that this is a lifetime issue, or possibly just a bug which
needs to be fixed in the shell.

The crash is in:
stephan@jareth:~/cvs/v8-juice/trunk/src/client/shell$ gdb --args
./v8-juice-shell 
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) r
Starting program:
/home/stephan/cvs/v8-juice/trunk/src/client/shell/v8-juice-shell 
[Thread debugging using libthread_db enabled]
V8 version 1.0.3.4
> load_plugin('v8-juice-ncurses');
[New Thread 0xb79a06c0 (LWP 31956)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79a06c0 (LWP 31956)]
0xb7d733ae in v8::internal::HeapObject::map_word (this=0xbaddead) at
src/objects-inl.h:902
902   return MapWord(reinterpret_cast<uintptr_t>(READ_FIELD(this,
kMapOffset)));

Original issue reported on code.google.com by sgbeal@googlemail.com on 7 Mar 2009 at 8:32

[GoogleCodeExporter]

As far as i can determine, this is happening only in the plugins which are 
using the
older (External-based) argument passing and don't have proper GC handling. This 
can
lead to crashes post-main() in external libs or via our dangling half-wrapper 
objects.

The TODO here is to port those plugins to use ClassBinder instead of External 
for
their wrapping needs.

Original comment by sgbeal@googlemail.com on 13 Mar 2009 at 10:14

[GoogleCodeExporter]

This is fixed for the sqlite3 plugin. The ncurses-oo plugin now hangs when 
loaded via
an interactive shell, until Ctrl-D or Ctrl-C are pressed:

{{{
stephan@jareth:~/cvs/v8-juice/extra-plugins/src/ncurses-oo$ v8-juice-shell 
V8 version 1.1.1.4
>  load_plugin('v8-juice-ncurses-oo.so');

[object Object]
> > > 
}}}

but this is somehow caused by use briefly entering curses mode during the
initialization (which we have to do to get the ACS_xxx macros, which aren't 
valid
until initscr() is called). i've disabled the ACS bits for now (r515), as that 
solves
this problem.

Original comment by sgbeal@googlemail.com on 24 Mar 2009 at 11:06

• Changed state: Fixed