716873 - Don't assume that all libraries opened with ctypes can be unloaded safely

Status: NEW

(Core :: js-ctypes, defect)

Description

[Chris Coulson]

Some libraries are dangerous to unload, and some are even more dangerous to map back in to memory after previously being unloaded. Some examples of this on Linux are:
- Any library based on GObject
- Any library using atexit()

In the GObject case, the library registers types with GObject's dynamic type system, and these types remain registered after unloading a library (which might result in a crash at some point in the future). However, if it is loaded back in to memory again, it won't be able to register its types (because they're already registered), and this is basically a guaranteed crash once you've done this.

At the moment, if the Library handle returned by ctypes.open and all of the CData objects created from it go out of scope, then they might garbage collected and the library ends up being unloaded automatically (in js::ctypes::Library::Finalize).

This is manageable until you consider that restartless addons rely on being able to unload JS modules so that they can be reloaded on upgrade.

This came up in a review comment for an addon I submitted to addons.mozilla.org ("You need to unload all modules that you load at shutdown"). Having fixed my addon to unload all JS modules on shutdown, it now causes a crash when the addon is updated. Despite my best efforts to keep the libraries I'm loading from being unloaded, they get unloaded during the upgrade because the addon manager drops all references to my addons bootstrap scope (and I lazy initialize my addon so that it doesn't hit startup time).

This is making it difficult to have a restartless addon which uses ctypes.