Closed Bug 622157 Opened 14 years ago Closed 14 years ago

Valgrind warnings for nsXPConnect::ReleaseJSContext

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 606752

People

(Reporter: billm, Unassigned)

Details

I'm not sure if this is the right place to file this bug. I was browsing a little under Valgrind yesterday while using the Ghostery extension, which relies on DOM workers. I got this message in Valgrind:

==19804== Thread 3:
==19804== Invalid read of size 4
==19804==    at 0x6712D62: nsXPConnect::GetOutstandingRequests(JSContext*) (nsXPConnect.cpp:805)
==19804==    by 0x671BC94: JSContextParticipant::Traverse(void*, nsCycleCollectionTraversalCallback&) (nsXPConnect.cpp:845)
==19804==    by 0x7021F16: GCGraphBuilder::Traverse(PtrInfo*) (nsCycleCollector.cpp:1525)
==19804==    by 0x702284E: nsCycleCollector::MarkRoots(GCGraphBuilder&) (nsCycleCollector.cpp:1766)
==19804==    by 0x7023534: nsCycleCollector::BeginCollection(int, nsICycleCollectorListener*) (nsCycleCollector.cpp:2644)
==19804==    by 0x7025630: nsCycleCollectorRunner::Run() (nsCycleCollector.cpp:3323)
==19804==    by 0x7008200: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:626)
==19804==    by 0x6F8AC1B: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:250)
==19804==    by 0x700708C: nsThread::ThreadFunc(void*) (nsThread.cpp:278)
==19804==    by 0x90F957A: _pt_root (ptthread.c:187)
==19804==    by 0x4E339C9: start_thread (pthread_create.c:300)
==19804==    by 0xC99670C: clone (clone.S:112)
==19804==  Address 0x1ccddf28 is 440 bytes inside a block of size 648 free'd
==19804==    at 0x4C270BD: free (vg_replace_malloc.c:366)
==19804==    by 0x7255501: js_free (jsutil.h:221)
==19804==    by 0x7258F17: FreeContext(JSContext*) (jscntxt.cpp:1173)
==19804==    by 0x7258E12: js_DestroyContext(JSContext*, JSDestroyContextMode) (jscntxt.cpp:1139)
==19804==    by 0x721A49C: JS_DestroyContextNoGC (jsapi.cpp:993)
==19804==    by 0x6717653: nsXPConnect::ReleaseJSContext(JSContext*, int) (nsXPConnect.cpp:2099)
==19804==    by 0x625461A: nsDOMThreadService::OnThreadShuttingDown() (nsDOMThreadService.cpp:1361)
==19804==    by 0x700CEFA: nsThreadPool::Run() (nsThreadPool.cpp:226)
==19804==    by 0x7008200: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:626)
==19804==    by 0x6F8AC1B: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:250)
==19804==    by 0x700708C: nsThread::ThreadFunc(void*) (nsThread.cpp:278)
==19804==    by 0x90F957A: _pt_root (ptthread.c:187)

It looks like a JSContext gets released when the worker exits, but the context is still reachable somehow. Valgrind catches the problem when the cycle collector tries to access it.

The line numbers are relative to http://hg.mozilla.org/tracemonkey/rev/c83c130ce23f.
Yeah, looks like it.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.