Closed Bug 512580 Opened 15 years ago Closed 13 years ago

TM: memory leaks even in very simple scripts

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jseward, Assigned: gal)

Details

TM, 31822:ac8e4290f01c (Mon Aug 24). Release build of jsshell, when running this function foo ( ) { var s = 0; var i; for (i = 0; i < 1000; i++) { s += i; s *= (i-10); s <<= 1; s >>= 1; } return s; } produces the leaks below. This makes it difficult to spot new leaks. Note, either use valgrind-3.5.0 or for earlier versions you need --leak-check=full --leak-resolution=high. malloc/free: in use at exit: 2,608 bytes in 39 blocks. malloc/free: 827 allocs, 788 frees, 859,197 bytes allocated. For counts of detected errors, rerun with: -v searching for pointers to 39 not-freed blocks. checked 127,148 bytes. 24 bytes in 1 blocks are definitely lost in loss record 1 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x80A99D4: js_TraceObject (jsutil.h:198) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x808ECA5: fun_trace(JSTracer*, JSObject*) (jsfun.cpp:1738) by 0x80A984E: js_TraceObject (jsobj.cpp:5738) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x81207A1: JSTraceMonitor::mark(JSTracer*) (jstracer.cpp:2142) 32 bytes in 2 blocks are definitely lost in loss record 2 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x808F848: js_FreezeLocalNames (jsutil.h:198) by 0x80F7101: js_NewScriptFromCG (jsscript.cpp:1547) by 0x8088E8B: js_EmitFunctionScript (jsemit.cpp:3499) by 0x8084513: js_EmitTree (jsemit.cpp:4293) by 0x80D3956: JSCompiler::compileScript(JSContext*, JSObject... (jsparse.cpp:906) by 0x8051D69: JS_CompileFileHandleForPrincipals (jsapi.cpp:4744) by 0x8051DE9: JS_CompileFileHandle (jsapi.cpp:4730) by 0x804D514: Process(JSContext*, JSObject*, char*, int) (js.cpp:431) by 0x804DE66: main (js.cpp:843) 32 bytes in 1 blocks are definitely lost in loss record 3 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x80A50B0: js_GrowSlots (jsutil.h:198) by 0x80A51C8: js_AllocSlot (jsobj.cpp:3409) by 0x80F4A95: JSScope::add(JSContext*, int, int (*)(JSCont... (jsscope.cpp:1288) by 0x80A871D: js_DefineNativeProperty (jsobj.cpp:3728) by 0x805355F: DefineProperty(JSContext*, JSObject*,... (jsapi.cpp:2972) by 0x8053683: JS_DefineProperties (jsapi.cpp:3072) by 0x804D7CC: main (js.cpp:4725) 44 bytes in 1 blocks are definitely lost in loss record 4 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80F3C22: js_GetMutableScope (jsscope.cpp:102) by 0x80A79B3: js_SetPropertyHelper (jsobj.cpp:4533) by 0x815B96C: js_Interpret (jsops.cpp:1811) by 0x8099B80: js_Execute (jsinterp.cpp:1599) by 0x8051F59: JS_ExecuteScript (jsapi.cpp:4980) by 0x804D61A: Process(JSContext*, JSObject*, char*, int) (js.cpp:435) by 0x804DE66: main (js.cpp:843) 44 bytes in 1 blocks are definitely lost in loss record 6 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80F3C22: js_GetMutableScope (jsscope.cpp:102) by 0x80A8216: js_DefineNativeProperty (jsobj.cpp:3718) by 0x80A8889: js_DefineProperty (jsobj.cpp:3603) by 0x80A182E: js_SetClassPrototype (jsobj.h:180) by 0x808F285: fun_resolve(JSContext*, JSObject*, int,... (jsfun.cpp:1454) by 0x80A5B1D: js_LookupPropertyWithFlags (jsobj.cpp:3837) by 0x80A69E9: js_GetPropertyHelper (jsobj.cpp:4234) by 0x815BA9B: js_Interpret (jsops.cpp:1475) by 0x8099B80: js_Execute (jsinterp.cpp:1599) by 0x8051F59: JS_ExecuteScript (jsapi.cpp:4980) 44 bytes in 1 blocks are definitely lost in loss record 8 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x80536D5: JS_DefineObject (jsapi.cpp:3030) by 0x804D861: main (js.cpp:4765) 44 bytes in 1 blocks are definitely lost in loss record 9 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80F3C22: js_GetMutableScope (jsscope.cpp:102) by 0x80A8216: js_DefineNativeProperty (jsobj.cpp:3718) by 0x80A8889: js_DefineProperty (jsobj.cpp:3603) by 0x80A182E: js_SetClassPrototype (jsobj.h:180) by 0x80A8DB4: js_InitClass (jsobj.cpp:2943) by 0x80A903D: js_InitObjectClass (jsobj.cpp:2837) by 0x80546A6: js_InitFunctionAndObjectClasses (jsapi.cpp:1308) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) 44 bytes in 1 blocks are definitely lost in loss record 11 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x8090D48: js_DefineFunction (jsfun.cpp:2361) by 0x80A8D09: js_InitClass (jsobj.cpp:2915) by 0x8090EBD: js_InitFunctionClass (jsfun.cpp:2330) by 0x8054686: js_InitFunctionAndObjectClasses (jsapi.cpp:1286) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) 300 (44 direct, 256 indirect) bytes in 1 blocks are definitely lost in loss record 12 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x805282D: JS_NewObject (jsapi.cpp:2864) by 0x804D75B: main (js.cpp:4710) 152 (44 direct, 108 indirect) bytes in 1 blocks are definitely lost in loss record 13 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x80A8CAA: js_InitClass (jsobj.cpp:2881) by 0x8090EBD: js_InitFunctionClass (jsfun.cpp:2330) by 0x8054686: js_InitFunctionAndObjectClasses (jsapi.cpp:1286) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) by 0x8090D48: js_DefineFunction (jsfun.cpp:2361) 54 bytes in 1 blocks are definitely lost in loss record 14 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F5ABF: js_NewScript (jsutil.h:186) by 0x8090F4D: js_InitFunctionClass (jsfun.cpp:2336) by 0x8054686: js_InitFunctionAndObjectClasses (jsapi.cpp:1286) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) by 0x8090D48: js_DefineFunction (jsfun.cpp:2361) by 0x8052C76: JS_DefineFunctions (jsapi.cpp:4542) by 0x804D786: main (js.cpp:4719) 216 (44 direct, 172 indirect) bytes in 1 blocks are definitely lost in loss record 16 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x80A8CAA: js_InitClass (jsobj.cpp:2881) by 0x80A903D: js_InitObjectClass (jsobj.cpp:2837) by 0x80546A6: js_InitFunctionAndObjectClasses (jsapi.cpp:1308) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) by 0x8090D48: js_DefineFunction (jsfun.cpp:2361) 108 (44 direct, 64 indirect) bytes in 1 blocks are definitely lost in loss record 17 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80A89F2: js_NewObjectWithGivenProto (jsobj.cpp:2033) by 0x80A8B89: js_NewObject (jsobj.cpp:2171) by 0x80536D5: JS_DefineObject (jsapi.cpp:3030) by 0x804D7AE: main (js.cpp:4722) 172 (44 direct, 128 indirect) bytes in 1 blocks are definitely lost in loss record 20 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80F3C22: js_GetMutableScope (jsscope.cpp:102) by 0x80A8216: js_DefineNativeProperty (jsobj.cpp:3718) by 0x80A8889: js_DefineProperty (jsobj.cpp:3603) by 0x80A182E: js_SetClassPrototype (jsobj.h:180) by 0x80A8DB4: js_InitClass (jsobj.cpp:2943) by 0x805C3BA: js_InitArrayClass (jsarray.cpp:3469) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) 172 (44 direct, 128 indirect) bytes in 1 blocks are definitely lost in loss record 21 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x805AB4C: js_MakeArraySlow (jsarray.cpp:1295) by 0x806325F: array_defineProperty(JSContext*, JSObject*, int,... (jsarray.cpp:992) by 0x80A187D: js_SetClassPrototype (jsobj.h:180) by 0x80A8DB4: js_InitClass (jsobj.cpp:2943) by 0x805C3BA: js_InitArrayClass (jsarray.cpp:3469) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) by 0x80A8BCE: js_NewObject (jsobj.cpp:2162) by 0x805C1A0: js_NewArrayObject (jsarray.cpp:3483) 48 bytes in 1 blocks are definitely lost in loss record 22 of 33 at 0x4026132: calloc (vg_replace_malloc.c:397) by 0x80F18AB: InsertPropertyTreeChild(JSRuntime*, JSScopeProperty*,... (jsutil.h:192) by 0x80F24A6: GetPropertyTreeChild(JSContext*, JSScopeProperty*,.. (jsscope.cpp:957) by 0x80F43D3: JSScope::add(JSContext*, int, int (*)(JSContext*,.. (jsscope.cpp:1319) by 0x80A871D: js_DefineNativeProperty (jsobj.cpp:3728) by 0x80A8889: js_DefineProperty (jsobj.cpp:3603) by 0x8090DEA: js_DefineFunction (jsobj.h:180) by 0x8052C16: JS_DefineFunctions (jsapi.cpp:4527) by 0x80A8E12: js_InitClass (jsobj.cpp:2954) by 0x805C3BA: js_InitArrayClass (jsarray.cpp:3469) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) 48 bytes in 1 blocks are definitely lost in loss record 23 of 33 at 0x4026132: calloc (vg_replace_malloc.c:397) by 0x80F18AB: InsertPropertyTreeChild(JSRuntime*, JSScopeProperty*, (jsutil.h:192) by 0x80F24A6: GetPropertyTreeChild(JSContext*, JSScopeProperty*, (jsscope.cpp:957) by 0x80F43D3: JSScope::add(JSContext*, int, int (*)(JSContext*, (jsscope.cpp:1319) by 0x80A871D: js_DefineNativeProperty (jsobj.cpp:3728) by 0x805355F: DefineProperty(JSContext*, JSObject*, char const* (jsapi.cpp:2972) by 0x8053683: JS_DefineProperties (jsapi.cpp:3072) by 0x80A8DED: js_InitClass (jsobj.cpp:2954) by 0x805C3BA: js_InitArrayClass (jsarray.cpp:3469) by 0x80A34A5: js_GetClassObject (jsobj.cpp:3216) by 0x80A6573: js_FindClassObject (jsobj.cpp:3280) by 0x80A6679: js_GetClassPrototype (jsobj.cpp:5326) 87 bytes in 1 blocks are definitely lost in loss record 24 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F5ABF: js_NewScript (jsutil.h:186) by 0x80F6DFB: js_NewScriptFromCG (jsscript.cpp:1483) by 0x8088E8B: js_EmitFunctionScript (jsemit.cpp:3499) by 0x8084513: js_EmitTree (jsemit.cpp:4293) by 0x8088726: js_EmitTree (jsemit.cpp:5724) by 0x8088459: js_EmitTree (jsemit.cpp:5516) by 0x80D3956: JSCompiler::compileScript(JSContext*, JSObject*, (jsparse.cpp:906) by 0x8051D69: JS_CompileFileHandleForPrincipals (jsapi.cpp:4744) by 0x8051DE9: JS_CompileFileHandle (jsapi.cpp:4730) by 0x804D514: Process(JSContext*, JSObject*, char*, int) (js.cpp:431) by 0x804DE66: main (js.cpp:843) 88 (44 direct, 44 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F2F52: JSScope::create(JSContext*, JSObjectOps*, JSClass*, JSObject*) (jsutil.h:186) by 0x80F3C22: js_GetMutableScope (jsscope.cpp:102) by 0x80A8216: js_DefineNativeProperty (jsobj.cpp:3718) by 0x80A8889: js_DefineProperty (jsobj.cpp:3603) by 0x80A187D: js_SetClassPrototype (jsobj.h:180) by 0x808F285: fun_resolve(JSContext*, JSObject*, int, unsigned (jsfun.cpp:1454) by 0x80A5B1D: js_LookupPropertyWithFlags (jsobj.cpp:3837) by 0x80A69E9: js_GetPropertyHelper (jsobj.cpp:4234) by 0x815BA9B: js_Interpret (jsops.cpp:1475) by 0x8099B80: js_Execute (jsinterp.cpp:1599) by 0x8051F59: JS_ExecuteScript (jsapi.cpp:4980) 48 bytes in 1 blocks are definitely lost in loss record 26 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x80A99D4: js_TraceObject (jsutil.h:198) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x808ECA5: fun_trace(JSTracer*, JSObject*) (jsfun.cpp:1738) by 0x80A984E: js_TraceObject (jsobj.cpp:5738) 48 bytes in 1 blocks are definitely lost in loss record 27 of 33 at 0x4026132: calloc (vg_replace_malloc.c:397) by 0x80F18AB: InsertPropertyTreeChild(JSRuntime*, JSScopePropert (jsutil.h:192) by 0x80F24A6: GetPropertyTreeChild(JSContext*, JSScopeProperty* (jsscope.cpp:957) by 0x80F43D3: JSScope::add(JSContext*, int, int (*)(JSContext*, (jsscope.cpp:1319) by 0x80A7A0D: js_SetPropertyHelper (jsobj.cpp:4541) by 0x815B96C: js_Interpret (jsops.cpp:1811) by 0x8099B80: js_Execute (jsinterp.cpp:1599) by 0x8051F59: JS_ExecuteScript (jsapi.cpp:4980) by 0x804D61A: Process(JSContext*, JSObject*, char*, int) (js.cpp:435) by 0x804DE66: main (js.cpp:843) 96 bytes in 1 blocks are definitely lost in loss record 28 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x80A99D4: js_TraceObject (jsutil.h:198) by 0x805AA17: slowarray_trace(JSTracer*, JSObject*) (jsarray.cpp:831) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) 251 bytes in 2 blocks are definitely lost in loss record 31 of 33 at 0x402807E: malloc (vg_replace_malloc.c:207) by 0x80F5ABF: js_NewScript (jsutil.h:186) by 0x80F6DFB: js_NewScriptFromCG (jsscript.cpp:1483) by 0x8088E8B: js_EmitFunctionScript (jsemit.cpp:3499) by 0x8084513: js_EmitTree (jsemit.cpp:4293) by 0x80D3956: JSCompiler::compileScript(JSContext*, JSObject*, (jsparse.cpp:906) by 0x8051D69: JS_CompileFileHandleForPrincipals (jsapi.cpp:4744) by 0x8051DE9: JS_CompileFileHandle (jsapi.cpp:4730) by 0x804D514: Process(JSContext*, JSObject*, char*, int) (js.cpp:431) by 0x804DE66: main (js.cpp:843) 412 bytes in 5 blocks are definitely lost in loss record 33 of 33 at 0x402819C: realloc (vg_replace_malloc.c:429) by 0x80A99D4: js_TraceObject (jsutil.h:198) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) by 0x8094829: JS_CallTracer (jsgc.cpp:2697) by 0x80A97C8: js_TraceObject (jsobj.cpp:5760) by 0x809436E: JS_TraceChildren (jsgc.cpp:2421) LEAK SUMMARY: definitely lost: 1,708 bytes in 30 blocks. indirectly lost: 900 bytes in 9 blocks. possibly lost: 0 bytes in 0 blocks. still reachable: 0 bytes in 0 blocks. suppressed: 0 bytes in 0 blocks.
Julian, any chance you could test this again with JM+TI in a current JS shell?
I get no leaks now.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.