Open
Bug 1784164
Opened 10 months ago
Updated 5 months ago
only use js_free for memory allocated in the js::MallocArena
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
ASSIGNED
People
(Reporter: sfink, Assigned: sfink)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: leave-open)
Attachments
(1 file)
As the comment says:
static inline void js_free(void* p) {
// TODO: This should call |moz_arena_free(js::MallocArena, p)| but we
// currently can't enforce that all memory freed here was allocated by
// js_malloc().
free(p);
}
An example of an allocation that would not be in this arena is ArrayBuffer data, which gets allocated into its own js::ArrayBufferContentsArena. Or at least, sometimes it does.
|
Assignee | |
Updated•10 months ago
|
Keywords: leave-open
|
|
Assignee | |
Updated•10 months ago
|
Assignee: nobody → sphink
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•10 months ago
|
||
Pushed by sfink@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a1a954a12f34 update comment on current state r=jonco
|
||
Comment 3•10 months ago
|
||
| bugherder | ||
|
||
Updated•10 months ago
|
Severity: -- → N/A
Priority: -- → P1
|
||
Updated•10 months ago
|
Blocks: sm-runtime
|
||
Updated•10 months ago
|
Severity: N/A → S3
Type: task → defect
Priority: P1 → P3
|
||
Comment 4•5 months ago
|
||
Other than an assertion there's currently no reason to free memory in its own arena.
https://searchfox.org/mozilla-central/source/memory/build/mozjemalloc.cpp#3634
jemalloc will always find the correct arena based on the memory's location and then use that, the only time aArena is used is for the above assertion. But if we ever switch to a more pedantic allocator this could be relevant.
You need to log in
before you can comment on or make changes to this bug.
Description
•