Closed Bug 560078 Opened 15 years ago Closed 15 years ago

JM: Leak [@ js::methodjit::Compiler::Compile]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gkw, Unassigned)

References

Details

(4 keywords)

z = [{ test: function () { f() = "" } }] for (let i = 0; i < z.length; i++) { a = z[i] if (a.test()) h } leaks js debug shell on JM tip with -m and -j at malloc. This does not seem to occur without -m. === $ cat w386-reduced.js | valgrind --leak-check=full ./js-dbg-64-jm-linux -m -j -i ==6201== Memcheck, a memory error detector ==6201== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==6201== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==6201== Command: ./js-dbg-64-jm-linux -m -j -i ==6201== js> z = [{ test: function () { f() = "" } }] [{test:(function () {f() = "";})}] js> for (let i = 0; i < z.length; i++) { a = z[i] if (a.test()) h } [pic] moving 2 infos to script [pic] entry 0: hpb=0x4164393 crl=0x4164615 [pic] entry 1: hpb=0x41644c7 crl=0x4164670 [pic] GETPROP 0x4164670 typein:6 [pic] array length [pic] generate array length stub [pic] new stub start=0x4164740 [pic] CALLPROP 0x4164615 typein:8 [pic] PIC 0x6002ae8 hit=0 patched=0 gen'd = 0 typein:3: ReferenceError: f is not defined js> ==6201== ==6201== HEAP SUMMARY: ==6201== in use at exit: 205 bytes in 11 blocks ==6201== total heap usage: 1,131 allocs, 1,120 frees, 2,594,378 bytes allocated ==6201== ==6201== 16 bytes in 1 blocks are definitely lost in loss record 1 of 3 ==6201== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==6201== by 0x40FD7E: js_malloc (jsutil.h:188) ==6201== by 0x427E1D: JSRuntime::malloc(unsigned long) (jscntxt.h:1542) ==6201== by 0x4280D0: JSContext::malloc(unsigned long) (jscntxt.h:1983) ==6201== by 0x5AFFE2: js::methodjit::Compiler::Compile() (Compiler.cpp:177) ==6201== by 0x5C65E5: js::methodjit::Compile(JSContext*, JSScript*) (MethodJIT.cpp:622) ==6201== by 0x5D453F: InlineCall(js::VMFrame&, unsigned int, void**, unsigned int) (Stubs.cpp:3078) ==6201== by 0x5D4764: js::jsl_Call(js::VMFrame&, unsigned int) (Stubs.cpp:3116) ==6201== by 0x41643E6: ??? ==6201== by 0x5C6527: js::methodjit::JaegerShot(JSContext*) (MethodJIT.cpp:605) ==6201== by 0x484D8F: js_RunScript (jsinterp.cpp:440) ==6201== by 0x486152: js_Execute (jsinterp.cpp:890) ==6201== ==6201== 60 bytes in 1 blocks are definitely lost in loss record 2 of 3 ==6201== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==6201== by 0x5B0162: js::methodjit::Compiler::Compile() (Compiler.cpp:200) ==6201== by 0x5C65E5: js::methodjit::Compile(JSContext*, JSScript*) (MethodJIT.cpp:622) ==6201== by 0x5D453F: InlineCall(js::VMFrame&, unsigned int, void**, unsigned int) (Stubs.cpp:3078) ==6201== by 0x5D4764: js::jsl_Call(js::VMFrame&, unsigned int) (Stubs.cpp:3116) ==6201== by 0x41643E6: ??? ==6201== by 0x5C6527: js::methodjit::JaegerShot(JSContext*) (MethodJIT.cpp:605) ==6201== by 0x484D8F: js_RunScript (jsinterp.cpp:440) ==6201== by 0x486152: js_Execute (jsinterp.cpp:890) ==6201== by 0x42558F: JS_ExecuteScript (jsapi.cpp:4823) ==6201== by 0x404008: Process(JSContext*, JSObject*, char*, int) (js.cpp:544) ==6201== by 0x404A79: ProcessArgs(JSContext*, JSObject*, char**, int) (js.cpp:871) ==6201== ==6201== LEAK SUMMARY: ==6201== definitely lost: 76 bytes in 2 blocks ==6201== indirectly lost: 0 bytes in 0 blocks ==6201== possibly lost: 0 bytes in 0 blocks ==6201== still reachable: 129 bytes in 9 blocks ==6201== suppressed: 0 bytes in 0 blocks ==6201== Reachable blocks (those to which a pointer was found) are not shown. ==6201== To see them, rerun with: --leak-check=full --show-reachable=yes ==6201== ==6201== For counts of detected and suppressed errors, rerun with: -v ==6201== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
Summary: JM: Leak [@ malloc] → JM: Leak [@ js::methodjit::Compiler::Compile]
WFM on JM changeset 5ff0c0a8d4d8 on 32-bit and 64-bit shells. (Tested only on Mac) $ cat 560078.js | ~/Bin/vTrunk --leak-check=full ./js-dbg-64-jm-darwin -m -j -i ==1148== Memcheck, a memory error detector ==1148== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==1148== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for copyright info ==1148== Command: ./js-dbg-64-jm-darwin -m -j -i ==1148== js> z = [{ test: function () { f() = "" } }] [{test:(function () {f() = "";})}] js> for (let i = 0; i < z.length; i++) { a = z[i] if (a.test()) h } typein:3: ReferenceError: f is not defined js> js> js> ==1148== ==1148== HEAP SUMMARY: ==1148== in use at exit: 707,383 bytes in 1,691 blocks ==1148== total heap usage: 3,408 allocs, 1,717 frees, 1,803,084 bytes allocated ==1148== ==1148== LEAK SUMMARY: ==1148== definitely lost: 0 bytes in 0 blocks ==1148== indirectly lost: 0 bytes in 0 blocks ==1148== possibly lost: 0 bytes in 0 blocks ==1148== still reachable: 707,383 bytes in 1,691 blocks ==1148== suppressed: 0 bytes in 0 blocks ==1148== Reachable blocks (those to which a pointer was found) are not shown. ==1148== To see them, rerun with: --leak-check=full --show-reachable=yes ==1148== ==1148== For counts of detected and suppressed errors, rerun with: -v ==1148== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.