Open Bug 1784164 Opened 6 months ago Updated 24 days ago

only use js_free for memory allocated in the js::MallocArena

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

ASSIGNED

People

(Reporter: sfink, Assigned: sfink)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: leave-open)

Attachments

(1 file)

As the comment says:

static inline void js_free(void* p) {
  // TODO: This should call |moz_arena_free(js::MallocArena, p)| but we
  // currently can't enforce that all memory freed here was allocated by
  // js_malloc().
  free(p);
}

An example of an allocation that would not be in this arena is ArrayBuffer data, which gets allocated into its own js::ArrayBufferContentsArena. Or at least, sometimes it does.

Depends on: 1784165
Keywords: leave-open
Assignee: nobody → sphink
Status: NEW → ASSIGNED
Pushed by sfink@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a1a954a12f34
update comment on current state r=jonco
Severity: -- → N/A
Priority: -- → P1
Severity: N/A → S3
Type: task → defect
Priority: P1 → P3

Other than an assertion there's currently no reason to free memory in its own arena.

https://searchfox.org/mozilla-central/source/memory/build/mozjemalloc.cpp#3634

jemalloc will always find the correct arena based on the memory's location and then use that, the only time aArena is used is for the above assertion. But if we ever switch to a more pedantic allocator this could be relevant.

You need to log in before you can comment on or make changes to this bug.