JS_NewContext中的JSAPI段错误
JSAPI segfault in JS_NewContext
我正在写一个简单的c++程序,嵌入SpiderMonkey。不幸的是,它在JS_NewContext()中出现了分段故障。
程序(保存为jsapi_use.cpp):
#define __STDC_LIMIT_MACROS
#include <js/Initialization.h>
#include <jsapi.h>
#include <stdint.h>
static JSClass global_class = {
#if 0
.name = "global",
.flags = JSCLASS_GLOBAL_FLAGS,
.addProperty = nullptr,
.delProperty = nullptr,
.getProperty = nullptr,
.setProperty = nullptr,
.enumerate = nullptr,
.resolve = nullptr,
.mayResolve = nullptr,
.finalize = nullptr,
.call = nullptr,
.hasInstance = nullptr,
.construct = nullptr,
.trace = JS_GlobalObjectTraceHook,
#else
"global", JSCLASS_GLOBAL_FLAGS,
nullptr, nullptr,
nullptr, nullptr,
nullptr, nullptr,
nullptr, nullptr,
nullptr, nullptr,
nullptr, JS_GlobalObjectTraceHook,
{0},
#endif
};
int main() {
if (!JS_Init())
return 1;
JSRuntime *rt =
JS_NewRuntime(8L * 1024 * 1024 /*, JS::DefaultHeapMaxBytes, nullptr*/);
if (nullptr == rt)
return 1;
JSContext *cx = JS_NewContext(rt, 8192);
if (!cx) {
return 1;
}
{
JSAutoRequest ar(cx);
JS::RootedObject global(cx, JS_NewGlobalObject(cx, &global_class, nullptr,
JS::FireOnNewGlobalHook));
if (!global)
return 1;
JS::RootedValue rval(cx);
{
JSAutoCompartment ac(cx, global);
JS_InitStandardClasses(cx, global);
const char *script = "'hello'+'world, it is '+new Date();";
const char *filename = "noname";
auto lineno = 1U;
JS::CompileOptions opts(cx);
opts.setFileAndLine(filename, lineno);
bool ok = JS::Evaluate(cx, opts, script, strlen(script), &rval);
if (!ok)
return 1;
}
if (rval.isString()) {
JSString *string = rval.toString();
puts(JS_EncodeString(cx, string));
}
}
JS_DestroyContext(cx);
JS_DestroyRuntime(rt);
JS_ShutDown();
return 0;
}
在JS_NewContext时崩溃
我的Makefile。MAKEFLAGS:= -r -r
CXX := g++
CXXFLAGS += -g3 -std=gnu++14
TARGET = $(subst ',''',$@)#')
SOURCE = $(subst ',''',$<)#')
PKG_CFLAGS=$(shell pkg-config --cflags mozjs-45)
PKG_LDFLAGS=$(shell pkg-config --libs mozjs-45)
%.o: %.cpp Makefile
$(CXX) $(CPPFLAGS) -c -o $(TARGET) $(CXXFLAGS) $(PKG_CFLAGS) $(SOURCE)
%: %.o
$(CXX) -o $(TARGET) $(SOURCE) $(PKG_LDFLAGS) -lz -lpthread -ldl
%.iii: %.cpp Makefile
cpp $(CPPFLAGS) -dD -CC -o $(TARGET) $(PKG_CFLAGS) $(SOURCE)
clang-format -i -- $(TARGET)
运行make jsapi_use; ./jsapi_use导致Segmentation fault (core dumped). gdb '显示程序在SpiderMonkey内部深处由于解引用NULL指针而出现分段故障。
我在Fedora 24 Linux上使用mozjs45的SpiderMonkey。
GDB回溯
Thread 1 "jsapi_use" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff7a6adb5 in js::ScriptBytecodeHasher::hash (l=<synthetic pointer>, l=<synthetic pointer>) at /usr/src/debug/firefox-45.4.0esr/js/src/jsscript.h:2412
#2 js::detail::HashTable<js::SharedScriptData* const, js::HashSet<js::SharedScriptData*, js::ScriptBytecodeHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::prepareHash (l=<synthetic pointer>) at ../../dist/include/js/HashTable.h:1126
#3 js::detail::HashTable<js::SharedScriptData* const, js::HashSet<js::SharedScriptData*, js::ScriptBytecodeHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::lookupForAdd (l=<synthetic pointer>, this=<optimized out>) at ../../dist/include/js/HashTable.h:1638
#4 js::HashSet<js::SharedScriptData*, js::ScriptBytecodeHasher, js::SystemAllocPolicy>::lookupForAdd (l=<synthetic pointer>, this=<optimized out>) at ../../dist/include/js/HashTable.h:386
#5 SaveSharedScriptData (cx=cx@entry=0x639ed0, script=..., ssd=<optimized out>, nsrcnotes=1) at /usr/src/debug/firefox-45.4.0esr/js/src/jsscript.cpp:2502
#6 0x00007ffff7a6b2f7 in JSScript::fullyInitTrivial (cx=cx@entry=0x639ed0, script=..., script@entry=...) at /usr/src/debug/firefox-45.4.0esr/js/src/jsscript.cpp:2886
#7 0x00007ffff7a2a451 in CreateFunctionPrototype(JSContext *, enum JSProtoKey) (cx=0x639ed0, key=<optimized out>) at /usr/src/debug/firefox-45.4.0esr/js/src/jsfun.cpp:785
#8 0x00007ffff7ae37b3 in js::GlobalObject::resolveConstructor (cx=0x639ed0, global=..., key=<optimized out>) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.cpp:158
#9 0x00007ffff7ae3da7 in js::GlobalObject::ensureConstructor (cx=cx@entry=0x639ed0, global=..., global@entry=..., key=key@entry=JSProto_Function) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.cpp:98
#10 0x00007ffff79677ed in CreateObjectConstructor(JSContext *, enum JSProtoKey) (cx=0x639ed0, key=<optimized out>) at /usr/src/debug/firefox-45.4.0esr/js/src/builtin/Object.cpp:1035
#11 0x00007ffff7ae382f in js::GlobalObject::resolveConstructor (cx=0x639ed0, global=..., key=<optimized out>) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.cpp:166
#12 0x00007ffff772dda6 in CreateArrayPrototype(JSContext *, enum JSProtoKey) (cx=0x639ed0, key=<optimized out>) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.h:342
#13 0x00007ffff7ae18ce in InitBareBuiltinCtor(JSContext *, JS::Handle<js::GlobalObject*>, enum JSProtoKey) (cx=cx@entry=0x639ed0, global=..., global@entry=..., protoKey=protoKey@entry=JSProto_Array) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.cpp:368
#14 0x00007ffff7ae1b08 in js::GlobalObject::initSelfHostingBuiltins (cx=cx@entry=0x639ed0, global=global@entry=..., builtins=builtins@entry=0x7ffff7dbefa0 <intrinsic_functions>) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/GlobalObject.cpp:413
#15 0x00007ffff7b5041f in JSRuntime::createSelfHostingGlobal (cx=cx@entry=0x639ed0) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/SelfHosting.cpp:1730
#16 0x00007ffff7b5056f in JSRuntime::initSelfHosting (this=0x617850, cx=0x639ed0) at /usr/src/debug/firefox-45.4.0esr/js/src/vm/SelfHosting.cpp:1754
#17 0x00007ffff79e2103 in js::NewContext (rt=rt@entry=0x617850, stackChunkSize=stackChunkSize@entry=8192) at /usr/src/debug/firefox-45.4.0esr/js/src/jscntxt.cpp:122
#18 0x00007ffff79e21ba in JS_NewContext (rt=rt@entry=0x617850, stackChunkSize=stackChunkSize@entry=8192) at /usr/src/debug/firefox-45.4.0esr/js/src/jsapi.cpp:566
#19 0x0000000000400e4f in main () at jsapi_use.cpp:41
问题是由Spidermonkey库中未定义的符号引起的。即HashBytes()函数在libmozjs-45.so中没有定义。这个函数是由js::ScriptBytecodeHasher::hash()函数调用的。
如果您列出库符号,您将看到HashBytes只是"弱定义"。
$nm -gC libmozjs-45.so | grep HashBytes
w mozilla::HashBytes(void const*, unsigned long)
"w"该符号是一个弱符号,没有被特别标记为弱对象符号。
要解决这个问题你需要链接mfbt库到libmozjs-45.so。您可以通过更改js/src/moz.build文件并重新构建Spidermonkey来实现。
替换moz.build中的
if not CONFIG['JS_STANDALONE']:
if CONFIG['JS_STANDALONE']:
DEFINES['IMPL_MFBT'] = True
USE_LIBS += [
'mfbt',
]
else:
你会得到:
if CONFIG['JS_STANDALONE']:
DEFINES['IMPL_MFBT'] = True
USE_LIBS += [
'mfbt',
]
else:
CONFIGURE_SUBST_FILES += [
'../../config/autoconf-js.mk',
'../../config/emptyvars-js.mk',
]
重建后,你将有:
$nm -gC libmozjs-45.so | grep HashBytes
0000000000b66e07 T mozilla::HashBytes(void const*, unsigned long)
相关文章:
- 为什么PyImport_ImportModule python 3.7.2 中出现段错误?
- 为什么在访问 vtkRenderWindow 的"交互器"变量时会发生段错误?
- 全局向量导致 C++ 程序结束时出现段错误
- 为什么重载运算符<<打印特征类成员会导致段错误?
- 更改条件段错误
- 使用 TTF_RenderText() 加载字体时获取段错误 TTF_OpenFontRW()
- 注册对对象工厂的调用会导致段错误
- pthread_create在构造函数段错误中
- Nanoflann发现邻居提出段错误
- C++ 中的构造函数、继承、堆栈、堆、this-pointer 和段错误
- 具有unique_ptr的 CRTP 会导致段错误
- 增强纤维work_stealing屏障会导致段错误
- 当我返回指向结构的指针向量时出现段错误
- C++为什么我的代码没有爆炸/段错误?
- Pthread段错误,使用指向main中变量的指针
- C++ 模板中的段错误
- 相当于Windows/MSVC上的段错误?
- 为什么我的 LLVM JIT 实现出现段错误?
- 为什么访问我的引用捕获变量会导致我的 lambda 函数出现段错误?
- 为什么自删除的全局 Vulkan 实例仅在添加层时才导致段错误?
