Open Bug 1784164 Opened 1 year ago Updated 5 months ago

only use js_free for memory allocated in the js::MallocArena

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
ASSIGNED

People

(Reporter: sfink, Assigned: sfink, NeedInfo)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: leave-open)

Attachments

(1 file)

Bug 1784164 - update comment on current state
48 bytes, text/x-phabricator-request
Details | Review

As the comment says:

static inline void js_free(void* p) {
  // TODO: This should call |moz_arena_free(js::MallocArena, p)| but we
  // currently can't enforce that all memory freed here was allocated by
  // js_malloc().
  free(p);
}

An example of an allocation that would not be in this arena is ArrayBuffer data, which gets allocated into its own js::ArrayBufferContentsArena. Or at least, sometimes it does.

Depends on: 1784165
Keywords: leave-open
Assignee: nobody → sphink
Status: NEW → ASSIGNED
Pushed by sfink@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a1a954a12f34
update comment on current state r=jonco
Severity: -- → N/A
Priority: -- → P1
Severity: N/A → S3
Type: task → defect
Priority: P1 → P3

Other than an assertion there's currently no reason to free memory in its own arena.

https://searchfox.org/mozilla-central/source/memory/build/mozjemalloc.cpp#3634

jemalloc will always find the correct arena based on the memory's location and then use that, the only time aArena is used is for the above assertion. But if we ever switch to a more pedantic allocator this could be relevant.

The leave-open keyword is there and there is no activity for 6 months.
:sfink, maybe it's time to close this bug?
For more information, please visit BugBot documentation.

Flags: needinfo?(sphink)
You need to log in before you can comment on or make changes to this bug.