After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 729545 - object_instance_finalize crash
object_instance_finalize crash
Status: RESOLVED FIXED
Product: gjs
Classification: Bindings
Component: general
1.40.x
Other Linux
: Normal normal
: ---
Assigned To: gjs-maint
gjs-maint
Depends on: 729662
Blocks:
 
 
Reported: 2014-05-04 23:36 UTC by darkxst
Modified: 2014-07-03 08:46 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
function: respect ownership transfer of instance parameters (4.43 KB, patch)
2014-05-06 17:07 UTC, Giovanni Campagna 		committed Details | Review

Description darkxst 2014-05-04 23:36:21 UTC 
This is the #1 gjs crasher on Ubuntu, was hoping it would be fixed by the GC refactoring, however still seeing in 1.40.1

Stacktrace

+ Trace 233558

  • #0 g_logv
    at /build/buildd/glib2.0-2.40.0/./glib/gmessages.c line 1038
  • #1 g_log
    at /build/buildd/glib2.0-2.40.0/./glib/gmessages.c line 1071
  • #2 object_instance_finalize
    at gi/object.cpp line 1364
  • #3 finalize
    at /build/buildd/mozjs24-24.2.0/js/src/jsobjinlines.h line 213
  • #4 finalize<JSObject>
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 331
  • #5 FinalizeTypedArenas<JSObject>
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 395
  • #6 FinalizeArenas
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 432
  • #7 finalizeNow
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 1306
  • #8 js::gc::ArenaLists::queueObjectsForSweep
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 1402
  • #9 BeginSweepingZoneGroup
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 3677
  • #10 BeginSweepPhase
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 3761
  • #11 IncrementalCollectSlice
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4289
  • #12 GCCycle
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4422
  • #13 Collect
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4558
  • #14 Collect
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4581
  • #15 js::GC
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4580
  • #16 JS_GC
    at /build/buildd/mozjs24-24.2.0/js/src/jsapi.cpp line 2709
  • #17 gjs_context_dispose
    at gjs/context.cpp line 346
  • #18 g_object_unref
    at /build/buildd/glib2.0-2.40.0/./gobject/gobject.c line 3075
  • #19 main
    at gjs/console.cpp line 154
  • #0 g_logv
    at /build/buildd/glib2.0-2.40.0/./glib/gmessages.c line 1038
  • #1 g_log
    at /build/buildd/glib2.0-2.40.0/./glib/gmessages.c line 1071
  • #2 object_instance_finalize
    at gi/object.cpp line 1364
  • #3 finalize
    at /build/buildd/mozjs24-24.2.0/js/src/jsobjinlines.h line 213
  • #4 finalize<JSObject>
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 331
  • #5 FinalizeTypedArenas<JSObject>
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 395
  • #6 FinalizeArenas
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 432
  • #7 finalizeNow
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 1306
  • #8 js::gc::ArenaLists::queueObjectsForSweep
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 1402
  • #9 BeginSweepingZoneGroup
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 3677
  • #10 BeginSweepPhase
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 3761
  • #11 IncrementalCollectSlice
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4289
  • #12 GCCycle
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4422
  • #13 Collect
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4558
  • #14 Collect
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4581
  • #15 js::GC
    at /build/buildd/mozjs24-24.2.0/js/src/jsgc.cpp line 4580
  • #16 JS_GC
    at /build/buildd/mozjs24-24.2.0/js/src/jsapi.cpp line 2709
  • #17 gjs_context_dispose
    at gjs/context.cpp line 346
  • #18 g_object_unref
    at /build/buildd/glib2.0-2.40.0/./gobject/gobject.c line 3075
  • #19 main
    at gjs/console.cpp line 154 






Comment 1


Giovanni Campagna





          2014-05-06 17:07:50 UTC
        



Created attachment 276007 [details] [review]
function: respect ownership transfer of instance parameters

When calling a method that is (transfer full) on the instance
parameter we need to make an extra ref/copy.

I don't know why this bug was uncovered only now, it has
existed since we started using GDBus, which was 3.2.
Probably we started doing more GCs now.

Depends on glib bug 729662.






Comment 2


Giovanni Campagna





          2014-07-03 08:45:55 UTC
        



Attachment 276007 [details] pushed as a432e83 - function: respect ownership transfer of instance parameters