Closed Bug 560078 Opened 12 years ago Closed 12 years ago

JM: Leak [@ js::methodjit::Compiler::Compile]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gkw, Unassigned)

References

Details

(4 keywords) 

z = [{
    test: function () {
        f() = ""
    }
}]
for (let i = 0; i < z.length; i++) {
    a = z[i]
    if (a.test()) h
}

leaks js debug shell on JM tip with -m and -j at malloc. This does not seem to occur without -m.

===


$ cat w386-reduced.js | valgrind --leak-check=full ./js-dbg-64-jm-linux -m -j -i
==6201== Memcheck, a memory error detector
==6201== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==6201== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==6201== Command: ./js-dbg-64-jm-linux -m -j -i
==6201== 
js> z = [{
    test: function () {
        f() = ""
    }
}]
[{test:(function () {f() = "";})}]
js> for (let i = 0; i < z.length; i++) {
    a = z[i]
    if (a.test()) h
}
[pic] moving 2 infos to script
[pic]     entry  0: hpb=0x4164393 crl=0x4164615
[pic]     entry  1: hpb=0x41644c7 crl=0x4164670
[pic] GETPROP 0x4164670 typein:6
[pic]     array length
[pic]     generate array length stub
[pic]     new stub start=0x4164740
[pic] CALLPROP 0x4164615 typein:8
[pic]     PIC 0x6002ae8 hit=0 patched=0 gen'd = 0
typein:3: ReferenceError: f is not defined
js> 
==6201== 
==6201== HEAP SUMMARY:
==6201==     in use at exit: 205 bytes in 11 blocks
==6201==   total heap usage: 1,131 allocs, 1,120 frees, 2,594,378 bytes allocated
==6201== 
==6201== 16 bytes in 1 blocks are definitely lost in loss record 1 of 3
==6201==    at 0x4C274A8: malloc (vg_replace_malloc.c:236)
==6201==    by 0x40FD7E: js_malloc (jsutil.h:188)
==6201==    by 0x427E1D: JSRuntime::malloc(unsigned long) (jscntxt.h:1542)
==6201==    by 0x4280D0: JSContext::malloc(unsigned long) (jscntxt.h:1983)
==6201==    by 0x5AFFE2: js::methodjit::Compiler::Compile() (Compiler.cpp:177)
==6201==    by 0x5C65E5: js::methodjit::Compile(JSContext*, JSScript*) (MethodJIT.cpp:622)
==6201==    by 0x5D453F: InlineCall(js::VMFrame&, unsigned int, void**, unsigned int) (Stubs.cpp:3078)
==6201==    by 0x5D4764: js::jsl_Call(js::VMFrame&, unsigned int) (Stubs.cpp:3116)
==6201==    by 0x41643E6: ???
==6201==    by 0x5C6527: js::methodjit::JaegerShot(JSContext*) (MethodJIT.cpp:605)
==6201==    by 0x484D8F: js_RunScript (jsinterp.cpp:440)
==6201==    by 0x486152: js_Execute (jsinterp.cpp:890)
==6201== 
==6201== 60 bytes in 1 blocks are definitely lost in loss record 2 of 3
==6201==    at 0x4C274A8: malloc (vg_replace_malloc.c:236)
==6201==    by 0x5B0162: js::methodjit::Compiler::Compile() (Compiler.cpp:200)
==6201==    by 0x5C65E5: js::methodjit::Compile(JSContext*, JSScript*) (MethodJIT.cpp:622)
==6201==    by 0x5D453F: InlineCall(js::VMFrame&, unsigned int, void**, unsigned int) (Stubs.cpp:3078)
==6201==    by 0x5D4764: js::jsl_Call(js::VMFrame&, unsigned int) (Stubs.cpp:3116)
==6201==    by 0x41643E6: ???
==6201==    by 0x5C6527: js::methodjit::JaegerShot(JSContext*) (MethodJIT.cpp:605)
==6201==    by 0x484D8F: js_RunScript (jsinterp.cpp:440)
==6201==    by 0x486152: js_Execute (jsinterp.cpp:890)
==6201==    by 0x42558F: JS_ExecuteScript (jsapi.cpp:4823)
==6201==    by 0x404008: Process(JSContext*, JSObject*, char*, int) (js.cpp:544)
==6201==    by 0x404A79: ProcessArgs(JSContext*, JSObject*, char**, int) (js.cpp:871)
==6201== 
==6201== LEAK SUMMARY:
==6201==    definitely lost: 76 bytes in 2 blocks
==6201==    indirectly lost: 0 bytes in 0 blocks
==6201==      possibly lost: 0 bytes in 0 blocks
==6201==    still reachable: 129 bytes in 9 blocks
==6201==         suppressed: 0 bytes in 0 blocks
==6201== Reachable blocks (those to which a pointer was found) are not shown.
==6201== To see them, rerun with: --leak-check=full --show-reachable=yes
==6201== 
==6201== For counts of detected and suppressed errors, rerun with: -v
==6201== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
Summary: JM: Leak [@ malloc] → JM: Leak [@ js::methodjit::Compiler::Compile]
WFM on JM changeset 5ff0c0a8d4d8 on 32-bit and 64-bit shells. (Tested only on Mac)

$ cat 560078.js | ~/Bin/vTrunk --leak-check=full ./js-dbg-64-jm-darwin -m -j -i
==1148== Memcheck, a memory error detector
==1148== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1148== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for copyright info
==1148== Command: ./js-dbg-64-jm-darwin -m -j -i
==1148== 
js> z = [{
    test: function () {
        f() = ""
    }
}]
[{test:(function () {f() = "";})}]
js> for (let i = 0; i < z.length; i++) {
    a = z[i]
    if (a.test()) h
}
typein:3: ReferenceError: f is not defined
js> 
js> 
js> 
==1148== 
==1148== HEAP SUMMARY:
==1148==     in use at exit: 707,383 bytes in 1,691 blocks
==1148==   total heap usage: 3,408 allocs, 1,717 frees, 1,803,084 bytes allocated
==1148== 
==1148== LEAK SUMMARY:
==1148==    definitely lost: 0 bytes in 0 blocks
==1148==    indirectly lost: 0 bytes in 0 blocks
==1148==      possibly lost: 0 bytes in 0 blocks
==1148==    still reachable: 707,383 bytes in 1,691 blocks
==1148==         suppressed: 0 bytes in 0 blocks
==1148== Reachable blocks (those to which a pointer was found) are not shown.
==1148== To see them, rerun with: --leak-check=full --show-reachable=yes
==1148== 
==1148== For counts of detected and suppressed errors, rerun with: -v
==1148== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.