Closed Bug 1081374 Opened 5 years ago Closed 5 years ago

|BaselineCompiler::compile| can leak |baselineScript|

Categories

(Core :: JavaScript Engine: JIT, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: erahm, Assigned: djvj)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [MemShrink:P3][CID 1244806])

Attachments

(1 file, 1 obsolete file)

Regression from bug 1004831. Maybe we can use mozilla::UniquePtr with a policy that calls BaselineScript::Destroy...
Flags: needinfo?(kvijayan)
Whiteboard: [MemShrink][CID 1244806] → [MemShrink:P3][CID 1244806]
Attached patch bug-1081374.patch (obsolete) — Splinter Review
Test patch.  Passes jit-tests with --ion-eager.

Try run: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=a9918300e631
Flags: needinfo?(kvijayan)
Assignee: nobody → kvijayan
Rebased patch.  Running in try.
Attachment #8509815 - Attachment is obsolete: true
Attachment #8521519 - Flags: review?(jdemooij)
Comment on attachment 8521519 [details] [diff] [review]
bug-1081374.patch

Review of attachment 8521519 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit/BaselineCompiler.cpp
@@ +4,5 @@
>   * License, v. 2.0. If a copy of the MPL was not distributed with this
>   * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
>  
>  #include "jit/BaselineCompiler.h"
> +#include "mozilla/UniquePtr.h"

Nit: add a blank line before this one.

@@ +180,5 @@
>  
>      // Note: There is an extra entry in the bytecode type map for the search hint, see below.
>      size_t bytecodeTypeMapEntries = script->nTypeSets() + 1;
>  
> +    mozilla::UniquePtr<BaselineScript, JS::FreePolicy> baselineScript(

This should be DeletePolicy: BaselineScript has a LifoAlloc for IC stubs and we should run its destructor.
Attachment #8521519 - Flags: review?(jdemooij) → review+
https://hg.mozilla.org/mozilla-central/rev/d146f4b9606d
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.