Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyV8 + lxml segfault issue on V8 garbage collection #105

Open
GoogleCodeExporter opened this issue Dec 2, 2015 · 2 comments
Open

PyV8 + lxml segfault issue on V8 garbage collection #105

GoogleCodeExporter opened this issue Dec 2, 2015 · 2 comments
Labels
auto-migrated OpSys-All Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

What steps will reproduce the problem?



The following code uses the lxml library + PyV8.

import lxml
import lxml.html

import PyV8

class Obj(PyV8.JSClass):
    """    
    """
    def __init__(self, node):
        self.node = node

class Global(PyV8.JSClass):

    def __init__(self):
        self.wraped = Obj(lxml.html.fromstring("<html></html>").xpath("//html")[0])

for i in range(0, 100):
    with PyV8.JSContext(Global()) as ctx:

        print "Test #%s" % i

        ctx.eval("""

            // Fill Memory To Force Garbage Collection
            var x = new Array();

            for(var i =0; i < 100000; i++) {
                x[i] = i;
            }

            var x = wraped;
        """)





What is the expected output? What do you see instead?

I am seeing a segfault after V8 garbage collection runs. During the call to 
m_object.reset(); in the ObjectTracer destructor.  


A gdb backtrace starting from V8 garbage collection is shown below:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b5057 in PyErr_Fetch ()
(gdb) bt
#0  0x00000000004b5057 in PyErr_Fetch ()
#1  0x00007ffff66cc1ac in ?? () from 
/usr/lib/python2.6/dist-packages/lxml/etree.so
#2  0x000000000046d2d8 in ?? ()
#3  0x000000000044fc53 in ?? ()
#4  0x000000000046d327 in ?? ()
#5  0x000000000044fc53 in ?? ()
#6  0x000000000046d327 in ?? ()
#7  0x00007ffff4b8f7fb in ~object_base (this=0x938580, __in_chrg=<value 
optimized out>) at /usr/include/boost/python/object_core.hpp:509
#8  ~object (this=0x938580, __in_chrg=<value optimized out>) at 
/usr/include/boost/python/object_core.hpp:311
#9  std::auto_ptr<boost::python::api::object>::reset (this=0x938580, 
__in_chrg=<value optimized out>)
    at /usr/include/c++/4.4/backward/auto_ptr.h:242
#10 ~ObjectTracer (this=0x938580, __in_chrg=<value optimized out>) at 
src/Wrapper.cpp:1993
#11 0x00007ffff4b8f961 in ~auto_ptr (value=<value optimized out>, 
parameter=0x938580) at /usr/include/c++/4.4/backward/auto_ptr.h:168
#12 ObjectTracer::WeakCallback (value=<value optimized out>, 
parameter=0x938580) at src/Wrapper.cpp:2058
#13 0x00007ffff4c3a152 in 
v8::internal::GlobalHandles::Node::PostGarbageCollectionProcessing 
(this=0xbee1c8, isolate=0xbd54c0, 
    global_handles=0xb7da30) at src/global-handles.cc:201
#14 0x00007ffff4c38c3f in 
v8::internal::GlobalHandles::PostGarbageCollectionProcessing (this=0xb7da30) at 
src/global-handles.cc:428
#15 0x00007ffff4c56306 in v8::internal::Heap::PerformGarbageCollection 
(this=0xbd5558, collector=v8::internal::MARK_COMPACTOR, 
    tracer=0x7fffffffd070) at src/heap.cc:778
#16 0x00007ffff4c557f3 in v8::internal::Heap::CollectGarbage (this=0xbd5558, 
space=v8::internal::NEW_SPACE, 
    collector=v8::internal::MARK_COMPACTOR) at src/heap.cc:510
#17 0x00007ffff4c05e53 in v8::internal::Heap::CollectGarbage (this=0xbd5558, 
space=v8::internal::NEW_SPACE) at src/heap-inl.h:427






What version of the product are you using? On what operating system?


Linux x64.  PyV8 around r356.




Please provide any additional information below.

I'm not sure if this is an lxml issue or not.  It appears to be caused by some 
kind of double delete/dereference.

Original issue reported on code.google.com by [email protected] on 8 Sep 2011 at 8:45
@GoogleCodeExporter
Copy link
Author

Original comment by [email protected] on 14 Sep 2011 at 8:57

  • Changed state: Accepted

@GoogleCodeExporter
Copy link
Author 

The crash is very strange, if you add a collect call after the eval, it will 
run very well.

    with PyV8.JSContext(Global()) as ctx:

       print "Test #%s" % i

       ctx.eval(...)

       PyV8.JSEngine.collect()

When I'm debugging the code, it crashed in the etree module, even the Obj 
object is correct.

    python26.dll!1e0df375()     
    [Frames below may be incorrect and/or missing, no symbols loaded for python26.dll]  
    etree.pyd!020ce019()    
    python26.dll!1e0a83a6()     
    python26.dll!1e086879()     
    python26.dll!1e0a8353()     
>   _PyV8.pyd!ObjectTracer::~ObjectTracer()  Line 1370 + 0x36 bytes C++
    d422e900()

Original comment by [email protected] on 14 Sep 2011 at 9:55

  • Added labels: OpSys-All

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated OpSys-All Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter