Severity: | High |
Reproducible: | It is not easy to reproduce. It happens while building large Tables (e.g. in system browser), or while processing click of native button. |
Symptom: | App crash most o fthe times ahile executing an javascript function that was already garbage collected (so the crash is reported as accessing invalid address from a property of the function). |
Notes: | It happens when using UI elements built as applications resources (in storyboard). It has NOT been observed the bug when the UI is built using Mobile Framework. |
Debugger Log | -todo- |
See at end of this bug report |
JSValueRef* valueArray = new JSValueRef[8]; It's not valid to put a JSValueRef in the heap without first calling JSValueProtect. The garbage collector will automatically scan JSValueRefs on the stack, but once you put the JSValueRef into the heap like this, you need to use explicit reference counting through JSValueProtect and JSValueUnprotect. |
ToDo:Check uses of JSValueProtect; also check if the code in this git help. See reports of jscocoa issues |
If you're thinking of build JSCore from WebKit, it's easiest to just checkout the package from svn: svn co https://svn.webkit.org/repository/webkit/trunk -and build all of webkit (takes a long time) ./Tools/Scripts/build-webkit --debug |
Note that the build do not end with a library, as we need to be used in building coco8 |