Subj : Re: automatic variable that holds JSAtom* in JS_DefineFunction() To : itaj sherman From : Brendan Eich Date : Wed Mar 12 2003 10:53 am Brendan Eich wrote: >> i'm not sure. >> the atom was read by js_Interpret() is case JSOP_DEFFUN from the >> compiled bytecode of the JSScript, expected to hold the function >> object that is going to be used there, but it points to garbage - this >> is where it crashes most of the times. there are a some other places >> sometimes, i can send stack dumps tomorrow. >> and it is the executing JSScript as you can see i did protect it with >> a ScriptObject. so isn't that JSScript supposed to protect that atom? > > > Yes, but if it isn't, then you should be able to prove that the script > object is not referred to by a root, or something else is going > wrong. I did notice that you are not checking for JS_AddNamedRoot > failure, and that you always call JS_RemoveRoot, even if for some > reason JS_AddNamedRoot was not called. You should add the root for aRootObject unconditionally (optimistically), as you do for aFuncVal in the JS_CompileFunction case. This is not likely to be a cause of the bug, but it's better practice. Why do you have inner block-scope aGuardX2 CJSGCRequestBeginEnd thingies as well as outer aGCLock ones in both the JS_CompileScript and JS_CompileFunction callers? The outer ones should be enough; if they aren't, perhaps that will lead us to the problem. /be .