Before bug 1553363, I had the old "goop" at the top of each mozglue/baseprofiler//.cpp files, so that allocations and deallocations would always be done through the same memory manager.
At that time TestBaseProfiler was working fine -- or maybe I just didn't experience the issue then.
Since bug 1553363 landed, there is no more need for the "goop", and all is well when using the Base Profiler in Firefox.
However TestBaseProfiler doesn't work anymore in "opt" builds.
E.g., see https://treeherder.mozilla.org/#/jobs?repo=try&revision=79ac8c7ad7233bc4c2621d119f1f5bffa74400c1 , notice the failures in 'cpp' tests in some Windows opt builds, but never in debug.
I can reproduce this locally:
--enable-optimize="-O1" work fine, but
Note that Base Profiler must be manually enabled on Windows, by uncommenting
# define MOZ_BASE_PROFILER near the top of mozglue/baseprofiler/public/BaseProfiler.h
Trying to debug: (Sorry if I give too much or too little info, I'm not sure what's happening; hopefully an expert can work with this...)
Thanks to WinDbg with TTD (Time Travel Debugging) I was finally able to isolate the issue to platform.cpp:AppendSharedLibraries(). The assembly looks like this:
6278be0b e84023ffff call mozglue!mozilla::JSONWriter::EscapedString::EscapedString (00007ffe6277e150)
Internally this calls
6277e1c2 e865840300 call mozglue!operator new (00007ffe627b662c)
which calls ucrtbase!_malloc_base -> ntdll!RtlAllocateHeap... This looks like standard Windows mallocs.
The AppendSharedLibraries() function writes an escaped string in there, which is then copied elsewhere. Then it frees the escaped string:
6278be41 e80a4dfeff call mozglue!je_free (00007ffe62770b50)
But now this goes to mozglue!Allocator<MozJemallocBase>::free, which (of course) fails an assertion for magic arena numbers in mozjemalloc.cpp:arena_dalloc().
Note that the allocation happens under JSONWriter::EscapedString::EscapedString, which is in mfbt/JSONWriter.h.
And the deallocation happens under mozilla::baseprofiler::AppendSharedLibraries, which is in mozglue/baseprofiler/core/platform.cpp -- though that bit of code was inlined from JSONWriter.h as well!
In -O1, I see that JSONWriter::EscapedString::EscapedString() calls
operator new (as above), but then AppendSharedLibraries calls
operator delete, so all is well there. But why is that latter one different when super-optimized?
Any help appreciated.
Did bug 1553363 miss something?