|

»

Mozilla - JavaScript Engine

array.forEach, strange bug

View: New views

6 Messages — Rating Filter: Alert me

	array.forEach, strange bug by Anthony Catel-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Im trying to iterate over an array that I built like the following : C : cobj = JS_NewArrayObject(cx, 0, NULL); // iterate over things jval = OBJECT_TO_JSVAL(item); if (JS_GetArrayLength(cx, cobj, &rval)) { JS_SetElement(cx, cobj, rval, &jval); } // end JS : x.forEach(function(el) { // nothing }); Result : Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 js_Interpret (cx=0x100102b30) at jsops.cpp:1613 1613 if (JS_LIKELY(aobj->map->ops->getProperty == js_GetProperty)) { Backtrace : #0 js_Interpret (cx=0x100102b30) at jsops.cpp:1613 #1 0x000000010029750d in js_Invoke (cx=0x100102b30, argc=2, vp=0x10088a038, flags=0) at jsinterp.cpp:1384 #2 0x000000010029807a in js_InternalInvoke (cx=0x100102b30, obj=0x1000ef000, fval=4295948608, flags=0, argc=2, argv=0x7fff5fbfed00, rval=0x7fff5fbfed28) at jsinterp.cpp:1439 #3 0x00000001002082c4 in JS_CallFunctionValue (cx=0x100102b30, obj=<value temporarily unavailable, due to optimizations>, fval=<value temporarily unavailable, due to optimizations>, argc=<value temporarily unavailable, due to optimizations>, argv=<value temporarily unavailable, due to optimizations>, rval=<value temporarily unavailable, due to optimizations>) at jsapi.cpp:5096 (I use the last revision of tracemonkey). I can interate over the array using a simple for() statement. The way im pushing item into the array may not be the usual way ? (GetArrayLength => SetElement) Thanks ;) Anthony Catel _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine
	Re: array.forEach, strange bug by itroot :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Oct 21, 1:09 am, Anthony Catel <a.ca...@...> wrote: > Hi, > > Im trying to iterate over an array that I built like the following : > > C : > > cobj = JS_NewArrayObject(cx, 0, NULL); > > // iterate over things > jval = OBJECT_TO_JSVAL(item); > if (JS_GetArrayLength(cx, cobj, &rval)) { > JS_SetElement(cx, cobj, rval, &jval); > } > // end > > JS : > > x.forEach(function(el) { > // nothing > }); > > Result : > > Program received signal EXC_BAD_ACCESS, Could not access memory. > Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 > js_Interpret (cx=0x100102b30) at jsops.cpp:1613 > 1613 if (JS_LIKELY(aobj->map->ops->getProperty == js_GetProperty)) { > > Backtrace : > > #0 js_Interpret (cx=0x100102b30) at jsops.cpp:1613 > #1 0x000000010029750d in js_Invoke (cx=0x100102b30, argc=2, > vp=0x10088a038, flags=0) at jsinterp.cpp:1384 > #2 0x000000010029807a in js_InternalInvoke (cx=0x100102b30, > obj=0x1000ef000, fval=4295948608, flags=0, argc=2, argv=0x7fff5fbfed00, > rval=0x7fff5fbfed28) at jsinterp.cpp:1439 > #3 0x00000001002082c4 in JS_CallFunctionValue (cx=0x100102b30, > obj=<value temporarily unavailable, due to optimizations>, fval=<value > temporarily unavailable, due to optimizations>, argc=<value temporarily > unavailable, due to optimizations>, argv=<value temporarily unavailable, > due to optimizations>, rval=<value temporarily unavailable, due to > optimizations>) at jsapi.cpp:5096 > > (I use the last revision of tracemonkey). > > I can interate over the array using a simple for() statement. > > The way im pushing item into the array may not be the usual way ? > (GetArrayLength => SetElement) > > Thanks ;) > > Anthony Catel This kind of strange bug reminds me about garbage collection. Do you put in root your array? Quote ( https://developer.mozilla.org/en/SpiderMonkey/JSAPI_Reference/JS_NewArrayObject ) "It is often better to call JS_NewArrayObject(cx, 0, NULL), store the returned object in a GC root using JS_AddRoot, and then populate its elements with JS_SetElement or JS_DefineElement, to then drop the root object using JS_RemoveRoot. This avoids unrooted jsvals in vector from being subject to garbage collection until the new object has been populated." _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine
	Re: array.forEach, strange bug by Anthony Catel-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message itroot a écrit : > On Oct 21, 1:09 am, Anthony Catel <a.ca...@...> wrote: > >> Hi, >> >> Im trying to iterate over an array that I built like the following : >> >> C : >> >> cobj = JS_NewArrayObject(cx, 0, NULL); >> >> // iterate over things >> jval = OBJECT_TO_JSVAL(item); >> if (JS_GetArrayLength(cx, cobj, &rval)) { >> JS_SetElement(cx, cobj, rval, &jval); >> } >> // end >> >> JS : >> >> x.forEach(function(el) { >> // nothing >> }); >> >> Result : >> >> Program received signal EXC_BAD_ACCESS, Could not access memory. >> Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 >> js_Interpret (cx=0x100102b30) at jsops.cpp:1613 >> 1613 if (JS_LIKELY(aobj->map->ops->getProperty == js_GetProperty)) { >> >> Backtrace : >> >> #0 js_Interpret (cx=0x100102b30) at jsops.cpp:1613 >> #1 0x000000010029750d in js_Invoke (cx=0x100102b30, argc=2, >> vp=0x10088a038, flags=0) at jsinterp.cpp:1384 >> #2 0x000000010029807a in js_InternalInvoke (cx=0x100102b30, >> obj=0x1000ef000, fval=4295948608, flags=0, argc=2, argv=0x7fff5fbfed00, >> rval=0x7fff5fbfed28) at jsinterp.cpp:1439 >> #3 0x00000001002082c4 in JS_CallFunctionValue (cx=0x100102b30, >> obj=<value temporarily unavailable, due to optimizations>, fval=<value >> temporarily unavailable, due to optimizations>, argc=<value temporarily >> unavailable, due to optimizations>, argv=<value temporarily unavailable, >> due to optimizations>, rval=<value temporarily unavailable, due to >> optimizations>) at jsapi.cpp:5096 >> >> (I use the last revision of tracemonkey). >> >> I can interate over the array using a simple for() statement. >> >> The way im pushing item into the array may not be the usual way ? >> (GetArrayLength => SetElement) >> >> Thanks ;) >> >> Anthony Catel >> > > This kind of strange bug reminds me about garbage collection. > Do you put in root your array? > > Quote ( https://developer.mozilla.org/en/SpiderMonkey/JSAPI_Reference/JS_NewArrayObject > ) > "It is often better to call JS_NewArrayObject(cx, 0, NULL), store the > returned object in a GC root using JS_AddRoot, and then populate its > elements with JS_SetElement or JS_DefineElement, to then drop the root > object using JS_RemoveRoot. This avoids unrooted jsvals in vector from > being subject to garbage collection until the new object has been > populated." > My Array is part of an object that is gc rooted. I don't have any bug with the array if a don't call any native method. Even with a JS_SetGCZeals(cx, 2);, So I guess that is not a GC issue. Anthony > _______________________________________________ > dev-tech-js-engine mailing list > dev-tech-js-engine@... > https://lists.mozilla.org/listinfo/dev-tech-js-engine > _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine
	Re: array.forEach, strange bug by Anthony Catel-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Anthony Catel a écrit : > itroot a écrit : >> On Oct 21, 1:09 am, Anthony Catel <a.ca...@...> wrote: >> >>> Hi, >>> >>> Im trying to iterate over an array that I built like the following : >>> >>> C : >>> >>> cobj = JS_NewArrayObject(cx, 0, NULL); >>> >>> // iterate over things >>> jval = OBJECT_TO_JSVAL(item); >>> if (JS_GetArrayLength(cx, cobj, &rval)) { >>> JS_SetElement(cx, cobj, rval, &jval); >>> } >>> // end >>> >>> JS : >>> >>> x.forEach(function(el) { >>> // nothing >>> }); >>> >>> Result : >>> >>> Program received signal EXC_BAD_ACCESS, Could not access memory. >>> Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 >>> js_Interpret (cx=0x100102b30) at jsops.cpp:1613 >>> 1613 if (JS_LIKELY(aobj->map->ops->getProperty == >>> js_GetProperty)) { >>> >>> Backtrace : >>> >>> #0 js_Interpret (cx=0x100102b30) at jsops.cpp:1613 >>> #1 0x000000010029750d in js_Invoke (cx=0x100102b30, argc=2, >>> vp=0x10088a038, flags=0) at jsinterp.cpp:1384 >>> #2 0x000000010029807a in js_InternalInvoke (cx=0x100102b30, >>> obj=0x1000ef000, fval=4295948608, flags=0, argc=2, argv=0x7fff5fbfed00, >>> rval=0x7fff5fbfed28) at jsinterp.cpp:1439 >>> #3 0x00000001002082c4 in JS_CallFunctionValue (cx=0x100102b30, >>> obj=<value temporarily unavailable, due to optimizations>, fval=<value >>> temporarily unavailable, due to optimizations>, argc=<value temporarily >>> unavailable, due to optimizations>, argv=<value temporarily >>> unavailable, >>> due to optimizations>, rval=<value temporarily unavailable, due to >>> optimizations>) at jsapi.cpp:5096 >>> >>> (I use the last revision of tracemonkey). >>> >>> I can interate over the array using a simple for() statement. >>> >>> The way im pushing item into the array may not be the usual way ? >>> (GetArrayLength => SetElement) >>> >>> Thanks ;) >>> >>> Anthony Catel >>> >> >> This kind of strange bug reminds me about garbage collection. >> Do you put in root your array? >> >> Quote ( >> https://developer.mozilla.org/en/SpiderMonkey/JSAPI_Reference/JS_NewArrayObject >> >> ) >> "It is often better to call JS_NewArrayObject(cx, 0, NULL), store the >> returned object in a GC root using JS_AddRoot, and then populate its >> elements with JS_SetElement or JS_DefineElement, to then drop the root >> object using JS_RemoveRoot. This avoids unrooted jsvals in vector from >> being subject to garbage collection until the new object has been >> populated." >> > > My Array is part of an object that is gc rooted. > I don't have any bug with the array if a don't call any native method. > Even with a JS_SetGCZeals(cx, 2);, So I guess that is not a GC issue. > > Anthony >> _______________________________________________ >> dev-tech-js-engine mailing list >> dev-tech-js-engine@... >> https://lists.mozilla.org/listinfo/dev-tech-js-engine >> > > _______________________________________________ > dev-tech-js-engine mailing list > dev-tech-js-engine@... > https://lists.mozilla.org/listinfo/dev-tech-js-engine Ok, I found the problem : The context where the array was created didn't have a "JS_InitStandardClasses" ( while the context where the JS function was called has standard classes initilized). I think that an assertion should be raised instead of an unexpected crash. Anthony _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine
	Re: array.forEach, strange bug by Jason Orendorff-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 10/21/2009 09:03 AM, Anthony Catel wrote: > Ok, I found the problem : > > The context where the array was created didn't have a > "JS_InitStandardClasses" ( while the context where the JS function was > called has standard classes initilized). > > I think that an assertion should be raised instead of an unexpected crash. Would you please file a bug at http://bugzilla.mozilla.org/ and write a jsapi-test that reveals this problem? If you do, I'll be happy to add an assertion. jsapi-tests are easy to write. A test for this would probably be only a dozen lines of code. See js/src/jsapi-tests/README for details. Here are a few highlights: --- Building and running the tests If you built JS, you already built the tests. If you did `make check` in your JS objdir, you already ran them. [...] --- Creating new tests 1. You can either add to an existing test*.cpp file or make a new one. Copy an existing test and replace the body with your test code. The test harness provides `cx`, `rt`, and `global` for your use. 2. If you made a new .cpp file, add it to the CPPSRCS list in Makefile.in. -j _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine
	Re: array.forEach, strange bug by Anthony Catel-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jason Orendorff a écrit : > On 10/21/2009 09:03 AM, Anthony Catel wrote: >> Ok, I found the problem : >> >> The context where the array was created didn't have a >> "JS_InitStandardClasses" ( while the context where the JS function was >> called has standard classes initilized). >> >> I think that an assertion should be raised instead of an unexpected >> crash. > > Would you please file a bug at http://bugzilla.mozilla.org/ and write > a jsapi-test that reveals this problem? If you do, I'll be happy to > add an assertion. Done ;) https://bugzilla.mozilla.org/show_bug.cgi?id=523670 The attached jsapi-test file reproduce the bug. Anthony Catel _______________________________________________ dev-tech-js-engine mailing list dev-tech-js-engine@... https://lists.mozilla.org/listinfo/dev-tech-js-engine