The entry function calls of the crash stack are all JSObjectCallAsFunction, but the subsequent crash location is different on each system. We have suspected a memory problem, but the device still has a lot of available memory. In addition, this method will be called frequently and debugging will take a long time. It only happens once in a while that I don’t have any troubleshooting ideas.
This is the crash stack on ios17, Could it be related to the release of certain variables? Or is there some hard-to-find problem with javascriptcore?
JavaScriptCore JSC::JSFinalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 1 JavaScriptCore JSC::SlotVisitor::drain(WTF::MonotonicTime) 2 JavaScriptCore JSC::SlotVisitor::drain(WTF::MonotonicTime) 3 JavaScriptCore JSC::Heap::runFixpointPhase(JSC::GCConductor) 4 JavaScriptCore JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) 5 JavaScriptCore WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_23>::implFunction(void*, JSC::CurrentThreadState&) 6 JavaScriptCore JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) 7 JavaScriptCore JSC::Heap::collectInMutatorThread() 8 JavaScriptCore JSC::Heap::stopIfNecessary() 9 JavaScriptCore JSC::LocalAllocator::allocateSlowCase(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) 10 JavaScriptCore _llint_slow_path_new_func_exp 11 JavaScriptCore _llint_function_for_construct_arity_checkTagGateAfter 12 JavaScriptCore _llint_function_for_construct_arity_checkTagGateAfter 13 JavaScriptCore _vmEntryToJavaScriptTrampoline 14 JavaScriptCore JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 15 JavaScriptCore _JSObjectCallAsFunction 16 **APPNAME** script::jsc_backend::toJscValues<script::Local<script::Value>, script::Local<script::Function>::callImpl(script::Local<script::Value> const&, unsigned long, script::Local<script::Value> const*) const::$_0>(OpaqueJSContext*, unsigned long, script::Local<script::Value> const*, script::Local<script::Function>::callImpl(script::Local<script::Value> const&, unsigned long, script::Local<script::Value> **APPNAME**const*) const::$_0)::{lambda(OpaqueJSValue const**)#1}::operator()(OpaqueJSValue const**) const JscHelper.hpp:36 17 **APPNAME** script::Local<script::Function>::callImpl(script::Local<script::Value> const&, unsigned long, script::Local<script::Value> const*) const JscLocalReference.cc:498 An occasional issue that occurs when calling JSObject CallAsFunction frequently, with many instances on IOS13, IOS14, and IOS17.4.1, without any solution
