search

marylinh / pyv8

Automatically exported from code.google.com/p/pyv8
0 stars 0 forks source link

Crash when a JSExtension has no more references #43

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Run this script:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
import PyV8
ext1 = PyV8.JSExtension("ext1/javascript", str("function hello1(){1+1}"))
# XXX: now we remove the reference to the first JSExtension
ext1 = 123
js_context = PyV8.JSContext()
print ext1
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

What is the expected output? What do you see instead?
Expected: "123" is printed
Instead: Python.exe crashes. The call stack is something like:

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
msvcr80d.dll!strlen(unsigned char * buf=0x08466358)  Line 69Asm
_PyV8_d.pyd!v8::internal::StrLength()  + 0xd bytes
_PyV8_d.pyd!v8::internal::CStrVector()  + 0xc bytes
_PyV8_d.pyd!v8::internal::Genesis::InstallExtension()  + 0x104 bytes
_PyV8_d.pyd!v8::internal::Genesis::InstallExtensions()  + 0x5e bytes
_PyV8_d.pyd!v8::internal::Genesis::Genesis()  + 0xec bytes
_PyV8_d.pyd!v8::internal::Bootstrapper::CreateEnvironment()  + 0x1a bytes
_PyV8_d.pyd!v8::Context::New()  + 0x1db bytes
_PyV8_d.pyd!CContext::CContext(boost::python::api::object global={...},
boost::python::list extensions={...})  Line 75 + 0x31 bytes
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

What version of the product are you using? On what operating system?
PyV8 v09 for Python 2.6
Vista 32bits

Original issue reported on code.google.com by mmura...@dieresys.com.ar on 18 Mar 2010 at 9:38

GoogleCodeExporter commented 9 years ago 
A little modification to the script:
+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0
print PyV8.JSExtension.extensions
ext1 = 123
print PyV8.JSExtension.extensions
+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0

We get:
['ext1/javascript', 'v8/gc']
['(]\xad\x01\xe0z8', 'v8/gc']

Original comment by mmura...@dieresys.com.ar on 18 Mar 2010 at 9:49

GoogleCodeExporter commented 9 years ago

Original comment by flier...@gmail.com on 19 Mar 2010 at 2:27

GoogleCodeExporter commented 9 years ago 
The root cause is v8 doesn't support to deregister a extension, if you free a 
extension 
with `ext1 = 123`, v8 engine still hold a pointer with a linked list, and it 
will refer to a 
invalid memory area.

So, I use a global vector to hold every registered extensions, even you free 
the python 
object, pyv8 still help you hold it.

Please verify it with latest SVN code after r244, or use the private build in 
attachment

Original comment by flier...@gmail.com on 19 Mar 2010 at 3:10

Attachments:

GoogleCodeExporter commented 9 years ago 
Verified. Thanks a lot!

Original comment by mmura...@dieresys.com.ar on 19 Mar 2010 at 6:19

GoogleCodeExporter commented 9 years ago 
You are welcome :)

Original comment by flier...@gmail.com on 20 Mar 2010 at 1:47