Weird memory corruption (?) bug

[bnoordhuis]

When I patch qjs to run multiple files (importantly, each in its own runtime/context):

bnoordhuis@zoidberg:~/src/quickjs$ d @
diff --git a/qjs.c b/qjs.c
index 5631543..fb321ef 100644
--- a/qjs.c
+++ b/qjs.c
@@ -481,6 +481,7 @@ int main(int argc, char **argv)
         }
     }
 
+nextfile:
     if (trace_memory) {
         js_trace_malloc_init(&trace_data);
         rt = JS_NewRuntime2(&trace_mf, &trace_data);
@@ -566,6 +567,9 @@ int main(int argc, char **argv)
     JS_FreeContext(ctx);
     JS_FreeRuntime(rt);
 
+    if (++optind < argc)
+        goto nextfile;
+
     if (empty_run && dump_memory) {
         clock_t t[5];
         double best[5] = {0};

I get this weird error:

$ build/debug/qjs tests/test_builtin.js tests/test_std.js
TypeError: not a function
    at test_file1 (tests/test_std.js:46:5)
    at <anonymous> (tests/test_std.js:307:1)

The offending lines in test_std.js are these:

f = std.tmpfile();
str = "hello world\n";
f.puts(str);  // <- not a function

When I print(Object.getOwnPropertyNames(f.__proto__)), I get this:

postMessage,onmessage,constructor

You guessed it, f.__proto__.constructor.name is "Worker"!

Not sure what's going on yet but it's definitely something fishy.

[bnoordhuis]

I think I figured it out. js_std_init() and js_os_init() call JS_NewClassID() and that function only does something if the in/out param is zero. It is the first time, but not the second time!

[bnoordhuis]

Making js_std_file_class_id and js_worker_class_id members of JSThreadState doesn't work because js_std_file_finalizer and js_worker_finalizer run from JS_FreeRuntime, after js_std_free_handlers which frees JSThreadState.

I suppose the solution is to switch to thread-local storage. Having js_std_file_class_id and js_worker_class_id as static globals is not thread-safe; I can tell by adding js_init_module_os calls to run-test262 and enabling TSan.