Closed
Bug 594899
Opened 14 years ago
Closed 10 years ago
Memory leak repeatedly adding and deleting object properties
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jorendorff, Assigned: brendan)
Details
(copied from bug 592556 comment 34) If an object doesn't have a PropertyTable yet, and deletes happen, slots leak. var obj = {a: 0, b: 1, c: 2}; for (var i = 0; i < 20; i++) { delete obj.b; obj.b = 3; delete obj.c; obj.c = 4; } dumpObject(obj); // shows many unused slots This can go on indefinitely. Creating a table doesn't recover the leaked slots. (If we care enough to fix this, it would be nice to add an assertion somewhere that would trip if we waste this many slots, then add this code to js/src/tests.)
Assignee | ||
Updated•14 years ago
|
Assignee: general → brendan
Assignee | ||
Comment 1•14 years ago
|
||
Have a patch in progress here, it's easy. I also smell trouble if we don't fix this, but can't prove it. /be
Priority: -- → P2
Target Milestone: --- → mozilla2.0b6
Reporter | ||
Comment 2•14 years ago
|
||
Chatted with brendan. Currently slotSpan is documented like this: uint32 slotSpan; /* one more than maximum live slot number */ That is incorrect; what it means is uint32 slotSpan; /* some number > the maximum live slot number */ If we fix all leaks (such as this bug), then we would have a much nicer, tighter invariant: /* * Number of slots in use. All slots from 0 to slotSpan - 1 are * either reserved by the class, allocated to properties, or * on this object's freelist (see js::PropertyTable::freelist). */ uint32 slotSpan; This is easier to reason about, so I'm in favor of fixing all the leaks.
Assignee | ||
Comment 3•14 years ago
|
||
I intend to fix this bug. :-) Question is how soon. Sayrer, can I have a betaN+? /be
Status: NEW → ASSIGNED
Updated•14 years ago
|
blocking2.0: --- → betaN+
Reporter | ||
Comment 4•14 years ago
|
||
There are error paths in JSObject::getChildProperty that return NULL after having successfully called allocSlot(). The slot is leaked in those cases.
Assignee | ||
Comment 5•14 years ago
|
||
(In reply to comment #4) > There are error paths in JSObject::getChildProperty that return NULL after > having successfully called allocSlot(). The slot is leaked in those cases. I would like to fix this one in the patch for bug 593129. Doing it here makes a mess in getChildProperty that goes away in that bug. /be
Assignee | ||
Updated•14 years ago
|
Target Milestone: mozilla2.0b7 → mozilla2.0b8
Updated•14 years ago
|
Assignee | ||
Updated•14 years ago
|
Target Milestone: mozilla2.0b8 → ---
Comment 6•10 years ago
|
||
The testcase from comment 0 doesn't create any empty slots anymore, so I'm assuming this is fixed.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•