Crash in BoxedInstance when struct could not be allocated directly
System information
What is your operating system and version? org.gnome.Sdk//master flatpak runtime
What is your version of GJS? 1.57.1
Bug information
Minimal script
new imports.gi.Gio.DBusInterfaceVTable({});
Current behaviour
(gjs:24): Gjs-WARNING **: 16:29:15.772: JS ERROR: Error: Unable to construct struct type DBusInterfaceVTable since it has no default constructor and cannot be allocated directly
@subtree.js:33:1
Script subtree.js threw an exception
**
Gjs:ERROR:gi/boxed.cpp:405:BoxedInstance::~BoxedInstance(): code should not be reached
Aborted (core dumped)
Stack trace: (shows that it crashes during the final garbage collection)
#0 0x00007ffff783424f in raise () from /usr/lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff781e545 in abort () from /usr/lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff7b7db33 in g_assertion_message (domain=<optimized out>,
file=<optimized out>, line=<optimized out>,
func=0x7ffff7f64b40 "BoxedInstance::~BoxedInstance()",
message=<optimized out>) at ../glib/gtestutils.c:2856
#3 0x00007ffff7bd9fee in g_assertion_message_expr (
domain=domain@entry=0x7ffff7f63064 "Gjs",
file=file@entry=0x7ffff7f64584 "gi/boxed.cpp", line=line@entry=405,
func=func@entry=0x7ffff7f64b40 "BoxedInstance::~BoxedInstance()",
expr=expr@entry=0x0) at ../glib/gtestutils.c:2882
#4 0x00007ffff7eff83a in BoxedInstance::~BoxedInstance (this=0x555555857700,
__in_chrg=<optimized out>) at gi/boxed.cpp:405
#5 0x00007ffff7f032bb in GIWrapperInstance<BoxedBase, BoxedPrototype, BoxedInstance, void>::finalize_impl (fop=<optimized out>, obj=0x7fffef584340,
this=0x555555857700) at ./gi/wrapperutils.h:970
#6 GIWrapperBase<BoxedBase, BoxedPrototype, BoxedInstance>::finalize (
fop=<optimized out>, obj=0x7fffef584340) at ./gi/wrapperutils.h:445
#7 0x00007ffff5f604c4 in js::Class::doFinalize (this=<optimized out>,
obj=0x7fffef584340, fop=0x7fffffffdb80)
at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/js/Class.h:872
#8 JSObject::finalize (fop=0x7fffffffdb80, this=0x7fffef584340)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/vm/JSObject-inl.h:108
#9 js::gc::Arena::finalize<JSObject> (thingSize=64,
thingKind=js::gc::AllocKind::OBJECT4, fop=0x7fffffffdb80,
this=0x7fffef584000)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:590
#10 FinalizeTypedArenas<JSObject> (fop=0x7fffffffdb80, src=0x5555555e44f8,
dest=..., thingKind=js::gc::AllocKind::OBJECT4, budget=...,
keepArenas=js::gc::ArenaLists::KEEP_ARENAS)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:648
#11 0x00007ffff5f60f4d in FinalizeArenas (fop=0x7fffffffdb80,
src=0x5555555e44f8, dest=..., thingKind=<optimized out>, budget=...,
keepArenas=js::gc::ArenaLists::KEEP_ARENAS)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:682
#12 0x00007ffff5f6351c in js::gc::ArenaLists::foregroundFinalize (
this=0x5555555e4190, fop=<optimized out>,
thingKind=js::gc::AllocKind::OBJECT4, sliceBudget=..., sweepList=...)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/ArenaList.h:255
#13 0x00007ffff5f636e2 in js::gc::GCRuntime::finalizeAllocKind (
this=0x5555555b04f8, fop=<optimized out>, budget=...,
zone=<optimized out>, kind=<optimized out>)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:6112
#14 0x00007ffff5f65021 in sweepaction::SweepActionCall<js::FreeOp*, js::SliceBudget&, JS::Zone*, js::gc::AllocKind>::run (args#3=<optimized out>,
args#2=0x5555555e4130, args#1=..., args#0=0x7fffffffdb80,
gc=0x5555555b04f8, this=<optimized out>)
at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:6247
#15 sweepaction::SweepActionForEach<ContainerIter<mozilla::EnumSet<js::gc::AllocKind> >, mozilla::EnumSet<js::gc::AllocKind>, js::gc::GCRuntime*, js::FreeOp*, j--Type <RET> for more, q to quit, c to continue without paging--c
s::SliceBudget&, JS::Zone*>::run (this=0x5555555c10d0, args#0=0x5555555b04f8, args#1=0x7fffffffdb80, args#2=..., args#3=0x5555555e4130) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:6307
#16 0x00007ffff5f43847 in sweepaction::SweepActionSequence<js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&, JS::Zone*>::run (this=0x5555555c1140, args#0=0x5555555b04f8, args#1=0x7fffffffdb80, args#2=..., args#3=0x5555555e4130) at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/mozilla/UniquePtr.h:326
#17 0x00007ffff5f43713 in sweepaction::SweepActionForEach<js::gc::SweepGroupZonesIter, JSRuntime*, js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&>::run (this=0x5555555ad9f0, args#0=0x5555555b04f8, args#1=0x7fffffffdb80, args#2=...) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/PrivateIterators-inl.h:113
#18 0x00007ffff5f43624 in sweepaction::SweepActionSequence<js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&>::run (this=0x5555555c1250, args#0=0x5555555b04f8, args#1=0x7fffffffdb80, args#2=...) at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/mozilla/UniquePtr.h:326
#19 0x00007ffff5f4ef42 in sweepaction::SweepActionRepeatFor<js::gc::SweepGroupsIter, JSRuntime*, js::gc::GCRuntime*, js::FreeOp*, js::SliceBudget&>::run (this=0x5555555c12d0, args#0=0x5555555b04f8, args#1=0x7fffffffdb80, args#2=...) at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/mozilla/UniquePtr.h:326
#20 0x00007ffff5f4fe42 in js::gc::GCRuntime::performSweepActions (this=this@entry=0x5555555b04f8, budget=...) at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/mozilla/UniquePtr.h:326
#21 0x00007ffff5f728fb in js::gc::GCRuntime::incrementalCollectSlice (this=this@entry=0x5555555b04f8, budget=..., reason=reason@entry=JS::gcreason::API, session=...) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:7072
#22 0x00007ffff5f73ae9 in js::gc::GCRuntime::gcCycle (this=this@entry=0x5555555b04f8, nonincrementalByAPI=nonincrementalByAPI@entry=true, budget=..., reason=reason@entry=JS::gcreason::API) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:7401
#23 0x00007ffff5f7408e in js::gc::GCRuntime::collect (this=0x5555555b04f8, nonincrementalByAPI=<optimized out>, budget=..., reason=JS::gcreason::API) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/gc/GC.cpp:7544
#24 0x00007ffff5f7430c in js::gc::GCRuntime::gc (this=0x5555555b04f8, gckind=gckind@entry=GC_NORMAL, reason=reason@entry=JS::gcreason::API) at /usr/lib/debug/source/sdk/mozjs60.bst/_build/dist/include/js/SliceBudget.h:61
#25 0x00007ffff5c39545 in JS_GC (cx=<optimized out>) at /usr/lib/debug/source/sdk/mozjs60.bst/js/src/vm/JSContext.h:305
#26 0x00007ffff7f2fa6a in GjsContextPrivate::dispose (this=0x5555555ae0b0) at gjs/context.cpp:364
#27 GjsContextPrivate::dispose (this=0x5555555ae0b0) at gjs/context.cpp:349
#28 0x00007ffff7c9dea3 in g_object_unref (_object=<optimized out>) at ../gobject/gobject.c:3307
#29 g_object_unref (_object=0x5555555ae2c0) at ../gobject/gobject.c:3237
#30 0x0000555555556cc8 in main (argc=<optimized out>, argv=<optimized out>) at gjs/console.cpp:377
Expected behaviour
The exception may still be thrown (I'm not sure if it's because the padding members are not marked "private", or because we don't support function pointer members) but the crash should not happen.
Edited by Philip Chimento