I'm more and more convinced that the JavaScript crashes are related to
GC and rooting, as Adam suspected. The crashes I'm seeing are occurring
in jsdom.c, and they seem to involve corruption of the JS heap, not the
heap used for edbrowse strings and other data.
Example: this one at line 1185 of jsdom.c from master:
v = JS_NewObject(jcx, cp, NULL, owner);
One of the pointers passed in is apparently pointing to something that
was freed long ago. I don't think it's jcx or cp, so it must be owner.
So let's switch gears. I've been working with Adam's code, and it still
has GC / rooting issues. From what I can tell, JS_DefineProperty can
trigger a GC. We should not be passing unrooted jsval as the fourth
argument to JS_DefineProperty as this can also lead to a crash.
Also there seems to be a problem in jsloc.cpp, caused by uo, which is a
statically allocated pointer to a JS object that is never rooted.
-- Chris
_______________________________________________
Edbrowse-dev mailing list
[email protected]
http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
