Comment #5 on issue 23043 by [email protected]: Reliability crash in v8::internal::Invoke() [...] Webcore::DateExtension::setAllowSleep() http://code.google.com/p/chromium/issues/detail?id=23043
from an email exchange with Mads: The main issue is that we store all of the functions in a list as weak pointers to the actual functions. However, there are no other pointers to these functions in JavaScript or in the bindings and therefore the functions get deleted the first time a full JS GC occurs. This means that we can get into a bad situation where we enable sleep detection for all of the pointers. Then there is a full GC during the unload handler which clears all the sleep detection functions and therefore we never disable sleep detection for any of the other frames (thereby breaking webpages). The second problem is with the code that performs the call. When dealing with weak persistent handles you have to be really careful. When you extract the pointer, you have to wrap it in a local handle in order to make sure that it stays alive until you are done with it (preventing weak callbacks while you are using the object). This is done by v8::Local<v8::Function> f = v8::Local<v8::Function>::New(persistent containing function); f->Call(...); What happens when you do call v.remove(i) on the vector of global handles. What do you get out afterwards when you do v[i]? Do you need to guard against that? -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
