area example segfault on Ubuntu

[mischnic]

Ubuntu 18.10
Node 11

$ node example/area.js
Segmentation fault (core dumped)

This happens with area.js and area-adv.js, but not area-scrolling.js
Do you know how to get more details? (This is already with node-gyp configure -d)

(gdb) r
#0  0x000000000101cd40 in v8::internal::(anonymous namespace)::UpdateDescriptorForValue(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Map>, int, v8::internal::PropertyConstness, v8::internal::Handle<v8::internal::Object>) ()
#1  0x000000000102165a in v8::internal::Map::PrepareForDataProperty(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Map>, int, v8::internal::PropertyConstness, v8::internal::Handle<v8::internal::Object>) ()
#2  0x000000000100b3a7 in v8::internal::LookupIterator::PrepareForDataProperty(v8::internal::Handle<v8::internal::Object>) ()
#3  0x000000000104c05c in v8::internal::Object::SetDataProperty(v8::internal::LookupIterator*, v8::internal::Handle<v8::internal::Object>) ()
#4  0x0000000001061bbb in v8::internal::Object::SetPropertyInternal(v8::internal::LookupIterator*, v8::internal::Handle<v8::internal::Object>, v8::internal::LanguageMode, v8::internal::Object::StoreFromKeyed, bool*) ()
#5  0x0000000001061c3d in v8::internal::Object::SetProperty(v8::internal::LookupIterator*, v8::internal::Handle<v8::internal::Object>, v8::internal::LanguageMode, v8::internal::Object::StoreFromKeyed) ()
#6  0x0000000000f8efc5 in v8::internal::StoreIC::Store(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Name>, v8::internal::Handle<v8::internal::Object>, v8::internal::Object::StoreFromKeyed) ()
#7  0x0000000000f91760 in v8::internal::Runtime_StoreIC_Miss(int, v8::internal::Object**, v8::internal::Isolate*) ()
#8  0x0000377e7474fb5d in  ()
#9  0x000006716b56e451 in  ()
#10 0x0000377e7474fac1 in  ()
#11 0x00007fffffffc710 in  ()
#12 0x0000000000000006 in  ()
#13 0x00007fffffffc788 in  ()
#14 0x0000377e747869af in  ()
#15 0x0000033b2a287541 in  ()
#16 0x00002d9631739609 in  ()
#17 0x000011638dec7569 in  ()
#18 0x0000000700000000 in  ()
#19 0x1baddead0baddeaf in  ()
#20 0x000000000000004b in  ()
#21 0x00007fffffffc7c0 in  ()
#22 0x00000000025d5790 in  ()
#23 0x0000000000000018 in  ()
#24 0x00007fffffffc7c0 in  ()
#25 0x0000377e7470e458 in  ()
#26 0x00002d9631739609 in  ()
#27 0x0000004b00000000 in  ()
#28 0x000011638dec74f9 in  ()
#29 0x00002d9631739591 in  ()
#30 0x0000317168989621 in  ()
#31 0x00007fffffffc800 in  ()
#32 0x0000377e747076a6 in  ()
#33 0x00002d9631739461 in  ()
#34 0x000012d4e69825b1 in  ()
#35 0x0000000000000000 in  ()

[parro-it]

There should be some problem withthe area file... on Windows 10, I can't compile the project using node 11. I get this error:

  test_main_stub.c
  win_delay_load_hook.cc
     Creating library c:\Users\parroit\repos\libui-napi\build\Release\ui.lib and object c:\Users\par
  roit\repos\libui-napi\build\Release\ui.exp
  Generating code
  83 of 386 functions (21.5%) were compiled, the rest were copied from previous compilation.
    0 functions were new in current compilation
    61 functions had inline decision re-evaluated but remain unchanged
  Finished generating code
area.obj : fatal error LNK1103: debugging information corrupt; recompile module [c:\Users\parroit\re
pos\libui-napi\build\ui.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\MSBuild.exe` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onExit (C:\Users\parroit\AppData\Roaming\nvm\v11.0.0\node_modules\npm\node_modules\node-gyp\lib\build.js:262:23)
gyp ERR! stack     at ChildProcess.emit (events.js:182:13)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:240:12)
gyp ERR! System Windows_NT 10.0.17134
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\parroit\\AppData\\Roaming\\nvm\\v11.0.0\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure" "build"

I'm investigating further... do you have any idea?

[mischnic]

Have you tried deleting the whole build folder and doing an complete rebuild?

(Segfaults also on macOS)

[mischnic]

This is causing the segfault:

libui-napi/example/area.js

Line 43 in 1051828

console.log(brushLinear.stops.map(v => ({pos: v.pos, c: v.color})));

Specifically, the v.color part:

---

const x = new libui.BrushGradientStop(0, new libui.Color(1, 0, 0, 1))
console.log(x.color); // here

So in AreaBrush.stop_getColor, but the call to make_color itself seems to fail, make_color doesn't actually run before the crash.

[parro-it]

Have you tried deleting the whole build folder and doing an complete rebuild?

(Segfaults also on macOS)

Yes. I cleared all built artifacts and try building from scratch, but no luck.
I can build and reproduce the segfault in linux anyway...

[parro-it]

Got it! Within make_color function, the handle_scope is not really necessary, because you are calling that function with a JS scope already present in your call stack.

If you remove the scope creation code, the segfault go away.

Anyway, I don't know why the crash happens... maybe node 11 changed something in the way it hadle nested scopes....

[parro-it]

Will publish a fix this evening...

[mischnic]

Anyway, I don't know why the crash happens... maybe node 11 changed something in the way it handles nested scopes....

Node 10.12.0 crashes as well, but 8.12.0 doesn't.

[mischnic]

Now, pressing any key on macOS with an area in focus causes a segfault...

  * frame #0: 0x000000010017ab02 node`v8::Value::ToBoolean(v8::Local<v8::Context>) const + 12
    frame #1: 0x0000000100045928 node`napi_coerce_to_bool + 144
    frame #2: 0x0000000103e0bd84 ui.node`event_key_cb(h=<unavailable>, a=<unavailable>, e=0x00007ffeefbfe698) at area.c:169 [opt]
    frame #3: 0x0000000103e4b2c6 libui.A.dylib`-[areaView sendKeyEvent:] + 86
    frame #4: 0x0000000103e4b376 libui.A.dylib`-[areaView doKeyDownUp:up:] + 166
    frame #5: 0x0000000103e4b3d0 libui.A.dylib`-[areaView doKeyDown:] + 64
    frame #6: 0x0000000103e4b8ca libui.A.dylib`uiprivSendAreaEvents + 314
    frame #7: 0x0000000103e6804d libui.A.dylib`-[uiprivApplicationClass sendEvent:] + 29
    frame #8: 0x0000000103e6892c libui.A.dylib`uiprivMainStep + 252
    frame #9: 0x0000000103e68826 libui.A.dylib`uiMainStep + 118
    frame #10: 0x0000000103e13422 ui.node`main_thread(handle=<unavailable>) at event_loop.c:129 [opt]
    frame #11: 0x0000000100759318 node`uv__run_timers + 51
    frame #12: 0x000000010075c380 node`uv_run + 149
    frame #13: 0x0000000100040db7 node`node::Start(v8::Isolate*, node::IsolateData*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) + 1127
    frame #14: 0x000000010003fe76 node`node::Start(uv_loop_s*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) + 333
    frame #15: 0x000000010003faef node`node::Start(int, char**) + 241
    frame #16: 0x00007fff69902015 libdyld.dylib`start + 1

[parro-it]

Should be fixed on Node 11 on master by b51baa7.
I also fixed a similar problem on font-attribute b51baa7#diff-5441eb82f3119132336b51aa23263b3e
I didn't try the fix yet with other Node versions.
I will try it with Windows 10 to see if this fixes also the compilation problem I had.

[mischnic]

Now, pressing any key on macOS with an area in focus causes a segfault...

Just to clarify: this is different (new) crash (but only with Node 11).

Should be fixed on Node 11 on master
I didn't try the fix yet with other Node versions.

The original crash is fixed on Node 10 as well.

[parro-it]

The original crash is fixed on Node 10 as well.

Good!

Just to clarify: this is different (new) crash (but only with Node 11).

I'll test this tomorrow.

[parro-it]

Now, pressing any key on macOS with an area in focus causes a segfault...

It seems the cause it's the same: fire_event_args open itself a handle scope, and in function event_key_cb we are calling it with another handle scope already open, so we have a nesting of scopes that causes the segfault.

[mischnic]

It seems like this behavior was introduced in Node 10.12.0 (10.11.0 works), but the changelog doesn't list even a single napi change. Is this a bug in Node?

[parro-it]

From node.js docs: "N-API only supports a single nested hierarchy of scopes" and we are effectively using just that: a single level nesting... so yes, it seems to be a Node bug.
Anyway, I extracted a fire_event_args_unscoped function that does not create an handle scope itself, and I changed the area cb to use that.

I add an event to area-adv.js that log arguements for any key pressed. It works fine on Windows 10, could you check master branch on macOS and see if this solve the problem?

[mischnic]

Yes, it works!
But there could still be functions where nested scopes could be created?

[parro-it]

well, it works on Ubuntu too.

But there could still be functions where nested scopes could be created?

Ah yes, good catch... I'll change these other functions too

[parro-it]

I fixed also the mouse & draw callbacks. Strangely, they does'nt cause any segfault. Maybe we are missing or misunderstanding something here?