[jsc-dev] JavaScriptCore crash with locking

artcodex . avi.brenner at gmail.com
Thu Dec 29 14:36:14 PST 2016 

Thanks Saam,

I'll try and give as much information as I can. So basically I built a C++
API on top of the JSC C API surface that mimics the Objective-C API
available with JavaScriptCore. So where objective-c has functionality to
say [JSValue valueWithValueRef:valueRef] my API has similar C++
functionality
to say JSValue::valueWithJSValueRef(valueRef). You can imagine the most of
the objective-C API then having C++ parallel in my API.

In using this API I have a JSContextRef manager that posts all access to
context to a background thread.

Where the trouble is happening is on a lamda that is running on this
background thread above I am basically making the C++ equivalent call to
[jsValue invokeMethod:"method" withArguments:"arguments"] (Before doing
this I've evaluated a javascript snippet on the context that has placed the
required methods and functions in scope, I've also placed a setTimeout
method in scope for the JavaScript code).
The JavaScript method that is called takes in a set of C++ callback
functions. These functions are called back at different intervals during
the JavaScript processing and are always called back on the same thread as
the script was invoked on (With the exception of setTimeout which posts the
timeout callback to a different thread).

In fact the script calls callback method A, then method B, and only when it
attempts to call method A again does it hit the issue. In order to allow
for JS to call my functions back I have a custom class type that sets a
custom function call handler to call my callback functions (it wraps my
callback functions in a JSObjectRef and stores the original callback
function data in the Object references private data). The issue is that my
function callback handler basically wraps the provided JSValueRef arguments
in my C++ API JSValue (which again is equivalent to the Objective-C API for
JSValue). When it does this wrapping it calls JSValueProtect on the
JSValueRef arguments and eventually this is where the EXC_BAD_ACCESS gets
hit in one of these calls to JSValueProtect which is calling
*JSLockHolder::JSLockHolder(JSC::ExecState*).*

Like I mentioned this happens the second time it tries to call callback
method A, even though it was successful calling this callback first time
and calling callback method B.

All of these calls and functionality are happening on the same thread, none
of the off thread calls had been made yet at this point. Thats as best as I
can think of right now.

If needed I could try and create a simple reproducible sample,
unfortunately it's only now with all the peices and complex setup I have
going that I'm starting to hit this issue, as most of the basic use cases I
was working with before never ran into this.

Thanks
Avi Brenner

On Wed, Dec 28, 2016 at 4:33 PM, Saam barati <sbarati at apple.com> wrote:

>
> On Dec 28, 2016, at 10:13 AM, artcodex . <avi.brenner at gmail.com> wrote:
>
> Hi,
>
> I'm not sure if this is the right forum to ask this question, but I'm
> currently running into following issue
> with using the JavaScriptCore API:
>
>
> This is an OK place for this conversation. IRC also works on #webkit. I’m
> saamyjoon on there.
>
>
> *I'm building an application that uses JavaScriptCore on Android. So I'm
> building my own API which has generally worked well, but now that it's
> running on complex back and forward code that has callbacks between JS code
> and C++ I'm running into an issue where I'm hitting
> a EXC_BAD_ACCESS in JSLockHolder::JSLockHolder(JSC::ExecState*).*
>
> *It seems fairly inconsistent in that when I put breakpoints randomly in
> my code while debugging sometimes I hit this, sometimes I don't. When
> running the app straight though I always seem to hit the issue at the same
> point.*
>
> *For me right now this is hitting during a call to JSValueProtect, but if
> I were to remove that call it would just hit at the next call that
> uses JSLockHolder.*
>
> *I have a test demo that hits this on a Mac build that uses the
> JavaScriptCore.framework as well (so it doesn't appear to be any issues
> with my Android jsc library build).*
>
> Thanks in advance. Let me know if any more info could be provided for
> clarity.
>
> For anybody to be able to help you here, we need *much* more information
> on how you’re using JSC and what the code that’s hitting this problem is
> doing.
>
> - Saam
>
> Avi Brenner
>
>
> _______________________________________________
> jsc-dev mailing list
> jsc-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/jsc-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/jsc-dev/attachments/20161229/cae4465b/attachment.html>

More information about the jsc-dev mailing list