Closed boiledPeanuts123 closed 2 months ago
Can you paste the backtrace? I suspect it as to do with the object being global so it will be collected in the final stage when the context is being destroyed...
Can you paste the backtrace? I suspect it as to do with the object being global so it will be collected in the final stage when the context is being destroyed...
ok!
backtrace:
1 find_own_property quickjs.c 5167 0x55e10f6ef04f 2 JS_GetGlobalVar quickjs.c 9627 0x55e10f6ef04f 3 JS_CallInternal quickjs.c 15229 0x55e10f7008bf 4 JS_Call quickjs.c 17073 0x55e10f709907 5 reset_weak_ref quickjs.c 52145 0x55e10f77357c 6 free_object quickjs.c 5401 0x55e10f6e08c1 7 free_gc_object quickjs.c 5426 0x55e10f6e09e9 8 gc_free_cycles quickjs.c 5759 0x55e10f6e15ef 9 JS_RunGC quickjs.c 5789 0x55e10f6e1713 10 JS_FreeRuntime quickjs.c 1926 0x55e10f6d72ae 11 main qjs.c 484 0x55e10f6c729b
Alright, I dug a bit and I see the problem:
The reference cycle is not broken and thus the objects live after JS_FreeContext
has been called. Arguably that is wrong. Then, when JS_FreeRuntime
runs a GC pass is made and when freeing the objects we have pointers to invalid memory, as the context was freed.
I tried to run GC towards the end of the JS_FreeContext
phase, to no avail, gotta think about it some more.
Thanks for the report!
Hum, not quite. Thanks to some "autoinit" logic the call to JS_FreeContext
in qjs.c doesn't do anything other than decrement the refcount. It's actually destroyed as part of JS_RunGC
inside JS_FreeRuntime
.
I suppose that my original assesment still stands though: eventually the context is going to be freed and when it's the turn to free the global object we cannot call the function because the context is gone.
Scratch that. The problem was that the held object was freed before the finrec, because it was part of a cycle. Fixed in https://github.com/quickjs-ng/quickjs/pull/371
Scratch that. The problem was that the held object was freed before the finrec, because it was part of a cycle. Fixed in #371
There's another GC issue, also present in the mentioned link below:https://github.com/bellard/quickjs/issues/218#issue-2080600884, which is not fixed in the quickjs-ng version
I'll take a look at porting the patch, thanks!
Running the above code will crash。