<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">The GC often nulls out the first word of an object after running its destructor.<div class=""><br class=""></div><div class="">The most likely cause of your bug is an object lifetime issue.</div><div class=""><br class=""></div><div class="">Geoff</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jan 16, 2017, at 7:04 PM, Dan Zimmerman <<a href="mailto:daniel.zimmerman@me.com" class="">daniel.zimmerman@me.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hey,<div class=""><br class=""></div><div class="">I apologize in advanced if this mailing list is inappropriate for this content.</div><div class=""><br class=""></div><div class="">I've ran into the bug that appears to be the root issue for both <a href="https://bugs.webkit.org/show_bug.cgi?id=160027" class="">https://bugs.webkit.org/show_bug.cgi?id=160027</a> and <a href="https://bugs.webkit.org/show_bug.cgi?id=149957" class="">https://bugs.webkit.org/show_bug.cgi?id=149957</a>. I'd like to try and figure out if I'm misusing the C API/if there's anything I can do to prevent the crash (as it seems like there are plenty of clients of JSC that don't run into this issue, it makes me believe either I'm doing something wrong or there's something that I can change). Unfortunately the codebase is under an NDA so I cannot share snippets here. It appears that the JSCell that are referenced in certain code blocks are being nulled out, as the JSCell at crash looks like this:</div><div class=""><div class=""><br class=""></div><div class="">m_structureID: 0</div><div class="">m_indexingType: 0</div><div class="">m_type: UnspecifiedType (0)</div><div class="">m_flags: 0</div><div class="">m_cellState: AnthraciteOrBlack (0)</div></div><div class=""><br class=""></div><div class="">If I set the environment variable JSC_useZombieMode=1 then the crash doesn't occur (and no unexpected behavior occurs - the application actually works as desired). It feels wrong to ship anything with useZombieMode enabled so I was wondering if there's any guidance to figuring out the source of the issue.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><br class=""></div><div class="">Dan</div></div>_______________________________________________<br class="">jsc-dev mailing list<br class=""><a href="mailto:jsc-dev@lists.webkit.org" class="">jsc-dev@lists.webkit.org</a><br class="">https://lists.webkit.org/mailman/listinfo/jsc-dev<br class=""></div></blockquote></div><br class=""></div></body></html>