Subj : Re: Crash during compilation
To   : netscape.public.mozilla.jseng
From : Oscar
Date : Fri Aug 20 2004 05:20 pm

Hi Brendan



Thanks for your response...



> Atoms are malloc'd, you must mean a JSAtomListElement allocated om

> cx->tempPool.



Yes sorry about that.



> That is strange -- arena-pool allocation is LIFO, so there ouldn't

> be

> any way for an older allocation, below the mark stored in cg2mark rly

> in the TOK_FUNCTION case of js_EmitTree, to be freed by a newer lease.



Well... I have a therory... (Not that my theories are worth much, but here
goes)...

Is it not possible that the following two lines in JS_ArenaFreeAllocation

puts us at risk of coming to this precise situation?



if (pool->current == a)

  pool->current = &pool->first;



Seems rather dangerous to reset the current pointer if we

have LILO deallocation. As I understand it, if we manage to get to a

point in which we emit a new function body after running

JS_ArenaFreeAllocation without having had to allocate too much on the

tempPool we could very well risk

purging basically our entire tempPool when cleaning up after the

function.



I'm sure this is not the problem but perhaps your response can help me

be able to investigate my annoying crash further (it does disappear when

instead repositioning the current pointer to the last arena in the pool)



> Anyway, no a global variable is set, so something's missing from e

> testcase -- right?





You are absolutely right; the script is really not in human readable

form, it wasn't the original script but in my efforts of making an as small

script as possible and still be able to reproduce the crash this was what

ended up with :)



(I wanted to make sure that nothing that I have defined in my global

object was causing the crash)



Have a nice weekend



Regards

Oscar

.