Closed Bug 1227642 Opened 7 years ago Closed 7 years ago

Memory leak involving AllocScriptData (in asm.js/testBug893519.js)

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
firefox45 --- fixed

People

(Reporter: bbouvier, Assigned: bbouvier)

Details

Attachments

(1 file)

fixleak.patch
2.60 KB, patch
jonco
: review+
Details | Diff | Splinter Review 
/home/ben/code/moz/repo/js/src/jit-test/tests/asm.js/testBug893519.js:10:9 Error: AsmJS modules do not yet support cloning.
Stack:
  @/home/ben/code/moz/repo/js/src/jit-test/tests/asm.js/testBug893519.js:10:9

=================================================================
==15187==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4e1804 in __interceptor_calloc /home/development/llvm/3.7.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:56:3
    #1 0x19b861f in js_calloc(unsigned long) /home/ben/code/moz/builds/asan-d64/js/src/../../dist/include/js/Utility.h:227:12
    #2 0x19f6ff4 in _ZL13js_pod_callocIhEPT_m /home/ben/code/moz/builds/asan-d64/js/src/../../dist/include/js/Utility.h:417:28
    #3 0x1a74d03 in unsigned char* js::MallocProvider<JS::Zone>::maybe_pod_calloc<unsigned char>(unsigned long) /home/ben/code/moz/repo/js/src/vm/MallocProvider.h:63:16
    #4 0x1a20f1a in unsigned char* js::MallocProvider<JS::Zone>::pod_calloc<unsigned char>(unsigned long) /home/ben/code/moz/repo/js/src/vm/MallocProvider.h:133:16
    #5 0x1978ada in AllocScriptData(JS::Zone*, unsigned long) /home/ben/code/moz/repo/js/src/jsscript.cpp:2717:21
    #6 0x1983833 in js::detail::CopyScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Handle<JSScript*>) /home/ben/code/moz/repo/js/src/jsscript.cpp:3398:21
    #7 0x198b247 in js::CloneScriptIntoFunction(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSFunction*>, JS::Handle<JSScript*>) /home/ben/code/moz/repo/js/src/jsscript.cpp:3657:10
    #8 0x17d6149 in js::CloneFunctionAndScript(JSContext*, JS::Handle<JSFunction*>, JS::Handle<JSObject*>, JS::Handle<JSObject*>, js::gc::AllocKind, JS::Handle<JSObject*>) /home/ben/code/moz/repo/js/src/jsfun.cpp:2210:39
    #9 0x1691f23 in CloneFunctionObject(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<js::ScopeObject*>) /home/ben/code/moz/repo/js/src/jsapi.cpp:3537:25
    #10 0x169267d in JS::CloneFunctionObject(JSContext*, JS::Handle<JSObject*>, JS::AutoVectorRooter<JSObject*>&) /home/ben/code/moz/repo/js/src/jsapi.cpp:3567:12
    #11 0x55bbdf in Clone(JSContext*, unsigned int, JS::Value*) /home/ben/code/moz/repo/js/src/shell/js.cpp:2527:23
    #12 0x1d6d35a in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) /home/ben/code/moz/repo/js/src/jscntxtinlines.h:235:15
    #13 0x1cbfc0f in js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/ben/code/moz/repo/js/src/vm/Interpreter.cpp:444:16
    #14 0x1d05a98 in Interpret(JSContext*, js::RunState&) /home/ben/code/moz/repo/js/src/vm/Interpreter.cpp:2766:18
    #15 0x1cdfa25 in js::RunScript(JSContext*, js::RunState&) /home/ben/code/moz/repo/js/src/vm/Interpreter.cpp:391:12
    #16 0x1d280e9 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) /home/ben/code/moz/repo/js/src/vm/Interpreter.cpp:654:15
    #17 0x1d28d06 in js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) /home/ben/code/moz/repo/js/src/vm/Interpreter.cpp:688:12
    #18 0x16a0602 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Value*) /home/ben/code/moz/repo/js/src/jsapi.cpp:4410:12
    #19 0x16a0a17 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /home/ben/code/moz/repo/js/src/jsapi.cpp:4443:12
    #20 0x568432 in RunFile(JSContext*, char const*, _IO_FILE*, bool) /home/ben/code/moz/repo/js/src/shell/js.cpp:515:14
    #21 0x5674d6 in Process(JSContext*, char const*, bool, FileKind) /home/ben/code/moz/repo/js/src/shell/js.cpp:728:13
    #22 0x52b3c0 in ProcessArgs(JSContext*, js::cli::OptionParser*) /home/ben/code/moz/repo/js/src/shell/js.cpp:6167:13
    #23 0x516735 in Shell(JSContext*, js::cli::OptionParser*, char**) /home/ben/code/moz/repo/js/src/shell/js.cpp:6508:18
    #24 0x50ef01 in main /home/ben/code/moz/repo/js/src/shell/js.cpp:6869:14
    #25 0x7f1bc6632ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Attached patch fixleak.patchSplinter Review 
This locally fixes it, when running under ASAN. (note that ASAN builds of the shell on treeherder are useless, because of https://dxr.mozilla.org/mozilla-central/source/mozglue/build/AsanOptions.cpp#24-32 -- maybe we should change that)
Assignee: nobody → benj
Status: NEW → ASSIGNED
Attachment #8691476 - Flags: review?(jcoppeard)
Comment on attachment 8691476 [details] [diff] [review]
fixleak.patch

Review of attachment 8691476 [details] [diff] [review]:
-----------------------------------------------------------------

Nice find!
Attachment #8691476 - Flags: review?(jcoppeard) → review+
https://hg.mozilla.org/mozilla-central/rev/7d2d6e90fc12
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox45: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.